SMC whitelist from the manifest.
This works for a small number of SMCs. `smc_whitelist` is a list of the
SMCs a VM is allowed to make. `smc_whitelist_permissive` can be set to
allow SMCs through even if they are not whitelisted (for development and
debug).
Bug: 132421503
Change-Id: I64b243d551da35f7625368a72a5a3980d63752f9
diff --git a/src/load.c b/src/load.c
index 8df4fe2..5c7fa2a 100644
--- a/src/load.c
+++ b/src/load.c
@@ -92,10 +92,21 @@
}
/**
+ * Performs VM loading activities that are common between the primary and
+ * secondaries.
+ */
+static bool load_common(const struct manifest_vm *manifest_vm, struct vm *vm)
+{
+ vm->smc_whitelist = manifest_vm->smc_whitelist;
+
+ return true;
+}
+
+/**
* Loads the primary VM.
*/
static bool load_primary(struct mm_stage1_locked stage1_locked,
- const struct manifest *manifest,
+ const struct manifest_vm *manifest_vm,
const struct memiter *cpio,
const struct boot_params *params, struct mpool *ppool)
{
@@ -110,8 +121,8 @@
*/
paddr_t primary_end = pa_add(primary_begin, 0x8000000);
- if (!load_kernel(stage1_locked, primary_begin, primary_end,
- &manifest->vm[HF_PRIMARY_VM_INDEX], cpio, ppool)) {
+ if (!load_kernel(stage1_locked, primary_begin, primary_end, manifest_vm,
+ cpio, ppool)) {
dlog("Unable to load primary kernel.");
return false;
}
@@ -126,6 +137,10 @@
return false;
}
+ if (!load_common(manifest_vm, vm)) {
+ return false;
+ }
+
/*
* Map 1TB of address space as device memory to, most likely, make all
* devices available to the primary VM.
@@ -186,6 +201,10 @@
return false;
}
+ if (!load_common(manifest_vm, vm)) {
+ return false;
+ }
+
/* Grant the VM access to the memory. */
if (!mm_vm_identity_map(&vm->ptable, mem_begin, mem_end,
MM_MODE_R | MM_MODE_W | MM_MODE_X,
@@ -292,7 +311,8 @@
struct mem_range mem_ranges_available[MAX_MEM_RANGES];
size_t i;
- if (!load_primary(stage1_locked, manifest, cpio, params, ppool)) {
+ if (!load_primary(stage1_locked, &manifest->vm[HF_PRIMARY_VM_INDEX],
+ cpio, params, ppool)) {
dlog("Unable to load primary VM.\n");
return false;
}