diff options
author | Antonio Nino Diaz <antonio.ninodiaz@arm.com> | 2017-10-24 10:07:35 +0100 |
---|---|---|
committer | Antonio Nino Diaz <antonio.ninodiaz@arm.com> | 2017-11-08 18:05:14 +0000 |
commit | 2fccb228045696b98f83b1d865bac3c65d96b980 (patch) | |
tree | 4c3a4b67406989e65611a103a7adaf233fed4f2e /bl31 | |
parent | ad02a7596f73ea9f07ebc9e04970ab7e9961c868 (diff) | |
download | trusted-firmware-a-2fccb228045696b98f83b1d865bac3c65d96b980.tar.gz |
SPM: Introduce Secure Partition Manager
A Secure Partition is a software execution environment instantiated in
S-EL0 that can be used to implement simple management and security
services. Since S-EL0 is an unprivileged exception level, a Secure
Partition relies on privileged firmware e.g. ARM Trusted Firmware to be
granted access to system and processor resources. Essentially, it is a
software sandbox that runs under the control of privileged software in
the Secure World and accesses the following system resources:
- Memory and device regions in the system address map.
- PE system registers.
- A range of asynchronous exceptions e.g. interrupts.
- A range of synchronous exceptions e.g. SMC function identifiers.
A Secure Partition enables privileged firmware to implement only the
absolutely essential secure services in EL3 and instantiate the rest in
a partition. Since the partition executes in S-EL0, its implementation
cannot be overly complex.
The component in ARM Trusted Firmware responsible for managing a Secure
Partition is called the Secure Partition Manager (SPM). The SPM is
responsible for the following:
- Validating and allocating resources requested by a Secure Partition.
- Implementing a well defined interface that is used for initialising a
Secure Partition.
- Implementing a well defined interface that is used by the normal world
and other secure services for accessing the services exported by a
Secure Partition.
- Implementing a well defined interface that is used by a Secure
Partition to fulfil service requests.
- Instantiating the software execution environment required by a Secure
Partition to fulfil a service request.
Change-Id: I6f7862d6bba8732db5b73f54e789d717a35e802f
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Achin Gupta <achin.gupta@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Diffstat (limited to 'bl31')
-rw-r--r-- | bl31/bl31.ld.S | 24 | ||||
-rw-r--r-- | bl31/bl31.mk | 13 |
2 files changed, 36 insertions, 1 deletions
diff --git a/bl31/bl31.ld.S b/bl31/bl31.ld.S index 9ff774b625..7f442d0080 100644 --- a/bl31/bl31.ld.S +++ b/bl31/bl31.ld.S @@ -118,6 +118,23 @@ SECTIONS ASSERT(__CPU_OPS_END__ > __CPU_OPS_START__, "cpu_ops not defined for this platform.") +#if ENABLE_SPM + /* + * Exception vectors of the SPM shim layer. They must be aligned to a 2K + * address, but we need to place them in a separate page so that we can set + * individual permissions to them, so the actual alignment needed is 4K. + * + * There's no need to include this into the RO section of BL31 because it + * doesn't need to be accessed by BL31. + */ + spm_shim_exceptions : ALIGN(4096) { + __SPM_SHIM_EXCEPTIONS_START__ = .; + *(.spm_shim_exceptions) + . = NEXT(4096); + __SPM_SHIM_EXCEPTIONS_END__ = .; + } >RAM +#endif + /* * Define a linker symbol to mark start of the RW memory area for this * image. @@ -202,6 +219,13 @@ SECTIONS * the .bss section and eliminates the unecessary zero init */ xlat_table (NOLOAD) : { +#if ENABLE_SPM + __SP_IMAGE_XLAT_TABLES_START__ = .; + *secure_partition*.o(xlat_table) + /* Make sure that the rest of the page is empty. */ + . = NEXT(4096); + __SP_IMAGE_XLAT_TABLES_END__ = .; +#endif *(xlat_table) } >RAM diff --git a/bl31/bl31.mk b/bl31/bl31.mk index 0c9e39396b..6607dc0262 100644 --- a/bl31/bl31.mk +++ b/bl31/bl31.mk @@ -4,6 +4,15 @@ # SPDX-License-Identifier: BSD-3-Clause # +################################################################################ +# Include SPM Makefile +################################################################################ +ifeq (${ENABLE_SPM},1) +$(info Including SPM makefile) +include services/std_svc/spm/spm.mk +endif + + include lib/psci/psci_lib.mk BL31_SOURCES += bl31/bl31_main.c \ @@ -15,7 +24,9 @@ BL31_SOURCES += bl31/bl31_main.c \ common/runtime_svc.c \ plat/common/aarch64/platform_mp_stack.S \ services/std_svc/std_svc_setup.c \ - ${PSCI_LIB_SOURCES} + ${PSCI_LIB_SOURCES} \ + ${SPM_SOURCES} \ + ifeq (${ENABLE_PMF}, 1) BL31_SOURCES += lib/pmf/pmf_main.c |