feat: add security state attribute definitions
FF-A v1.1 REL0 section 10.10.4.1 "Usage of NS bit" permits the SPMC to
provide the security state of a memory region through the memory
transaction descriptor attributes in a memory retrieve response.
Add the appropriate macro definitions.
Ensure a caller clears the security state attribute (NS-bit in
Table 10.18) in the memory transaction descriptor for a memory retrieve
request, donate, lend and share (section 10.10.4.1 bullet 1).
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I9e93e37757ee4b7d7198d9f09494cbdee840de97
diff --git a/inc/vmapi/hf/ffa.h b/inc/vmapi/hf/ffa.h
index c9b947c..9f89bc6 100644
--- a/inc/vmapi/hf/ffa.h
+++ b/inc/vmapi/hf/ffa.h
@@ -257,6 +257,17 @@
FFA_MEMORY_INNER_SHAREABLE,
};
+/**
+ * FF-A v1.1 REL0 Table 10.18 memory region attributes descriptor NS Bit 6.
+ * Per section 10.10.4.1, NS bit is reserved for FFA_MEM_DONATE/LEND/SHARE
+ * and FFA_MEM_RETRIEVE_REQUEST.
+ */
+enum ffa_memory_security {
+ FFA_MEMORY_SECURITY_UNSPECIFIED = 0,
+ FFA_MEMORY_SECURITY_SECURE = 0,
+ FFA_MEMORY_SECURITY_NON_SECURE,
+};
+
typedef uint8_t ffa_memory_access_permissions_t;
/**
@@ -274,6 +285,9 @@
#define FFA_MEMORY_TYPE_OFFSET (0x4U)
#define FFA_MEMORY_TYPE_MASK ((0x3U) << FFA_MEMORY_TYPE_OFFSET)
+#define FFA_MEMORY_SECURITY_OFFSET (0x6U)
+#define FFA_MEMORY_SECURITY_MASK ((0x1U) << FFA_MEMORY_SECURITY_OFFSET)
+
#define FFA_MEMORY_CACHEABILITY_OFFSET (0x2U)
#define FFA_MEMORY_CACHEABILITY_MASK ((0x3U) << FFA_MEMORY_CACHEABILITY_OFFSET)
@@ -319,6 +333,11 @@
ATTR_FUNCTION_GET(memory_shareability, ffa_memory_attributes_t,
FFA_MEMORY_SHAREABILITY_OFFSET, FFA_MEMORY_SHAREABILITY_MASK)
+ATTR_FUNCTION_SET(memory_security, ffa_memory_attributes_t,
+ FFA_MEMORY_SECURITY_OFFSET, FFA_MEMORY_SECURITY_MASK)
+ATTR_FUNCTION_GET(memory_security, ffa_memory_attributes_t,
+ FFA_MEMORY_SECURITY_OFFSET, FFA_MEMORY_SECURITY_MASK)
+
/**
* A globally-unique ID assigned by the hypervisor for a region of memory being
* sent between VMs.
diff --git a/src/ffa_memory.c b/src/ffa_memory.c
index ee64f54..26733b8 100644
--- a/src/ffa_memory.c
+++ b/src/ffa_memory.c
@@ -1192,6 +1192,7 @@
uint32_t constituents_length;
enum ffa_data_access data_access;
enum ffa_instruction_access instruction_access;
+ enum ffa_memory_security security_state;
struct ffa_value ret;
/* The sender must match the caller. */
@@ -1362,6 +1363,15 @@
}
}
+ /* Memory region attributes NS-Bit MBZ for FFA_MEM_SHARE/LEND/DONATE. */
+ security_state =
+ ffa_get_memory_security_attr(memory_region->attributes);
+ if (security_state != FFA_MEMORY_SECURITY_UNSPECIFIED) {
+ dlog_verbose(
+ "Invalid security state for memory share operation.\n");
+ return ffa_error(FFA_INVALID_PARAMETERS);
+ }
+
/*
* If a memory donate or lend with single borrower, the memory type
* shall not be specified by the sender.
@@ -1914,6 +1924,7 @@
ffa_memory_region_flags_t transaction_type =
retrieve_request->flags &
FFA_MEMORY_REGION_TRANSACTION_TYPE_MASK;
+ enum ffa_memory_security security_state;
assert(retrieve_request != NULL);
assert(memory_region != NULL);
@@ -2003,6 +2014,16 @@
return ffa_error(FFA_DENIED);
}
+ /* Memory region attributes NS-Bit MBZ for FFA_MEM_RETRIEVE_REQ. */
+ security_state =
+ ffa_get_memory_security_attr(retrieve_request->attributes);
+ if (security_state != FFA_MEMORY_SECURITY_UNSPECIFIED) {
+ dlog_verbose(
+ "Invalid security state for memory retrieve request "
+ "operation.\n");
+ return ffa_error(FFA_INVALID_PARAMETERS);
+ }
+
/*
* If memory type is not specified, bypass validation of memory
* attributes in the retrieve request. The retriever is expecting to