aboutsummaryrefslogtreecommitdiff
path: root/bl31
diff options
context:
space:
mode:
authorAntonio Nino Diaz <antonio.ninodiaz@arm.com>2017-10-24 10:07:35 +0100
committerAntonio Nino Diaz <antonio.ninodiaz@arm.com>2017-11-08 18:05:14 +0000
commit2fccb228045696b98f83b1d865bac3c65d96b980 (patch)
tree4c3a4b67406989e65611a103a7adaf233fed4f2e /bl31
parentad02a7596f73ea9f07ebc9e04970ab7e9961c868 (diff)
downloadtrusted-firmware-a-2fccb228045696b98f83b1d865bac3c65d96b980.tar.gz
SPM: Introduce Secure Partition Manager
A Secure Partition is a software execution environment instantiated in S-EL0 that can be used to implement simple management and security services. Since S-EL0 is an unprivileged exception level, a Secure Partition relies on privileged firmware e.g. ARM Trusted Firmware to be granted access to system and processor resources. Essentially, it is a software sandbox that runs under the control of privileged software in the Secure World and accesses the following system resources: - Memory and device regions in the system address map. - PE system registers. - A range of asynchronous exceptions e.g. interrupts. - A range of synchronous exceptions e.g. SMC function identifiers. A Secure Partition enables privileged firmware to implement only the absolutely essential secure services in EL3 and instantiate the rest in a partition. Since the partition executes in S-EL0, its implementation cannot be overly complex. The component in ARM Trusted Firmware responsible for managing a Secure Partition is called the Secure Partition Manager (SPM). The SPM is responsible for the following: - Validating and allocating resources requested by a Secure Partition. - Implementing a well defined interface that is used for initialising a Secure Partition. - Implementing a well defined interface that is used by the normal world and other secure services for accessing the services exported by a Secure Partition. - Implementing a well defined interface that is used by a Secure Partition to fulfil service requests. - Instantiating the software execution environment required by a Secure Partition to fulfil a service request. Change-Id: I6f7862d6bba8732db5b73f54e789d717a35e802f Co-authored-by: Douglas Raillard <douglas.raillard@arm.com> Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Co-authored-by: Achin Gupta <achin.gupta@arm.com> Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Diffstat (limited to 'bl31')
-rw-r--r--bl31/bl31.ld.S24
-rw-r--r--bl31/bl31.mk13
2 files changed, 36 insertions, 1 deletions
diff --git a/bl31/bl31.ld.S b/bl31/bl31.ld.S
index 9ff774b625..7f442d0080 100644
--- a/bl31/bl31.ld.S
+++ b/bl31/bl31.ld.S
@@ -118,6 +118,23 @@ SECTIONS
ASSERT(__CPU_OPS_END__ > __CPU_OPS_START__,
"cpu_ops not defined for this platform.")
+#if ENABLE_SPM
+ /*
+ * Exception vectors of the SPM shim layer. They must be aligned to a 2K
+ * address, but we need to place them in a separate page so that we can set
+ * individual permissions to them, so the actual alignment needed is 4K.
+ *
+ * There's no need to include this into the RO section of BL31 because it
+ * doesn't need to be accessed by BL31.
+ */
+ spm_shim_exceptions : ALIGN(4096) {
+ __SPM_SHIM_EXCEPTIONS_START__ = .;
+ *(.spm_shim_exceptions)
+ . = NEXT(4096);
+ __SPM_SHIM_EXCEPTIONS_END__ = .;
+ } >RAM
+#endif
+
/*
* Define a linker symbol to mark start of the RW memory area for this
* image.
@@ -202,6 +219,13 @@ SECTIONS
* the .bss section and eliminates the unecessary zero init
*/
xlat_table (NOLOAD) : {
+#if ENABLE_SPM
+ __SP_IMAGE_XLAT_TABLES_START__ = .;
+ *secure_partition*.o(xlat_table)
+ /* Make sure that the rest of the page is empty. */
+ . = NEXT(4096);
+ __SP_IMAGE_XLAT_TABLES_END__ = .;
+#endif
*(xlat_table)
} >RAM
diff --git a/bl31/bl31.mk b/bl31/bl31.mk
index 0c9e39396b..6607dc0262 100644
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@@ -4,6 +4,15 @@
# SPDX-License-Identifier: BSD-3-Clause
#
+################################################################################
+# Include SPM Makefile
+################################################################################
+ifeq (${ENABLE_SPM},1)
+$(info Including SPM makefile)
+include services/std_svc/spm/spm.mk
+endif
+
+
include lib/psci/psci_lib.mk
BL31_SOURCES += bl31/bl31_main.c \
@@ -15,7 +24,9 @@ BL31_SOURCES += bl31/bl31_main.c \
common/runtime_svc.c \
plat/common/aarch64/platform_mp_stack.S \
services/std_svc/std_svc_setup.c \
- ${PSCI_LIB_SOURCES}
+ ${PSCI_LIB_SOURCES} \
+ ${SPM_SOURCES} \
+
ifeq (${ENABLE_PMF}, 1)
BL31_SOURCES += lib/pmf/pmf_main.c