commit b49549ea892ede95b428f91062b501e9a3f9eb6a
author Raghu Krishnamurthy <raghu.ncstate@gmail.com> Fri Jul 02 08:27:38 2021 -0700
committer Olivier Deprez <olivier.deprez@arm.com> Wed Jan 05 16:08:48 2022 +0100
tree c6ab31d9913d40383f492cc7e77998d627a7b543
parent 048d63f30e4b766cc4fee2f14d1f3b2c9c7761db

VHE: Tests: Allow FF-A partitions to be loaded by hafnium in NWd

This patch makes changes so that partitions (EL0 host applications or
VMs) can be marked as an FF-A partition in their manifests and still be
loaded. Today's design assumes that if a partition is an FF-A partition,
it is pre-loaded by some other entity and hafnium does not need to load.
This works well for the FVP where either trusted firmware or FVP command
line options can be used to load FF-A partitions in memory prior to
running code. On qemu, this capability does not exist today.
To provide this ability in qemu, we can modify hftest.py and other test
infrastructure to do the same thing as FVP and pre-load FF-A partitions
into memory, but this patch uses a different approach. Here, we add a
new flag that can be added in the hafnium/spmc manifest that indicates
to hafnium that the partition and its manifest still need to be loaded
from the initrd, like normal.
When a partition is not an FF-A partition (marked by is_ffa_partition in
the manifest), the loading rules of hafnium remain unchanged. When a
partition is marked as an FF-A partition, it can either be
pre-loaded (hyp_loaded not in manifest) or it can be explicitly loaded
from the initrd by specifying hyp_loaded in the manifest for hafnium.
Note that qemu currently only supports normal world, so this new field
(hyp_loaded) is not expected to be used in the secure world.
This patch also uses this new feature for all the normal world EL0
partition tests so that they can be marked as FF-A partitions and still
be loaded by the hypervisor like normal.

With this change, the main use case that is enabled is that an FF-A
partition (EL1 VMs and EL0 host applications) can be loaded on qemu.
Also  the partition manifest can be compliant with FF-A, without having
to extend or pollute hafniums default hypervisor manifest to include
fields such as execution-ctx-count, memory regions etc.

Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>
Change-Id: If98eb9b6cbd14fc30d6d4e78d2d260a6beb97aa9

src/manifest.c

diff --git a/src/manifest.c b/src/manifest.c
index 4699c20..ceb4782 100644
--- a/src/manifest.c
+++ b/src/manifest.c
@@ -12,7 +12,6 @@
 #include "hf/assert.h"
 #include "hf/check.h"
 #include "hf/dlog.h"
-#include "hf/fdt.h"
 #include "hf/static_assert.h"
 #include "hf/std.h"
 
@@ -304,6 +303,8 @@
 
 	TRY(read_bool(node, "is_ffa_partition", &vm->is_ffa_partition));
 
+	TRY(read_bool(node, "hyp_loaded", &vm->is_hyp_loaded));
+
 	TRY(read_string(node, "debug_name", &vm->debug_name));
 
 	TRY(read_optional_uint32list(node, "smc_whitelist", &smcs));
@@ -540,8 +541,8 @@
 	return MANIFEST_SUCCESS;
 }
 
-static enum manifest_return_code parse_ffa_manifest(struct fdt *fdt,
-						    struct manifest_vm *vm)
+enum manifest_return_code parse_ffa_manifest(struct fdt *fdt,
+					     struct manifest_vm *vm)
 {
 	unsigned int i = 0;
 	struct uint32list_iter uuid;
@@ -664,8 +665,7 @@
 	return MANIFEST_SUCCESS;
 }
 
-static enum manifest_return_code sanity_check_ffa_manifest(
-	struct manifest_vm *vm)
+enum manifest_return_code sanity_check_ffa_manifest(struct manifest_vm *vm)
 {
 	uint16_t ffa_version_major;
 	uint16_t ffa_version_minor;
@@ -917,7 +917,11 @@
 
 		TRY(parse_vm_common(&vm_node, &manifest->vm[i], vm_id));
 
-		if (manifest->vm[i].is_ffa_partition) {
+		CHECK(!manifest->vm[i].is_hyp_loaded ||
+		      manifest->vm[i].is_ffa_partition);
+
+		if (manifest->vm[i].is_ffa_partition &&
+		    !manifest->vm[i].is_hyp_loaded) {
 			TRY(parse_ffa_partition_package(stage1_locked, &vm_node,
 							&manifest->vm[i], vm_id,
 							ppool));