1*91f16700Schasinglulu======== 2*91f16700SchasingluluDebug FS 3*91f16700Schasinglulu======== 4*91f16700Schasinglulu 5*91f16700Schasinglulu.. contents:: 6*91f16700Schasinglulu 7*91f16700SchasingluluOverview 8*91f16700Schasinglulu-------- 9*91f16700Schasinglulu 10*91f16700SchasingluluThe *DebugFS* feature is primarily aimed at exposing firmware debug data to 11*91f16700Schasingluluhigher SW layers such as a non-secure component. Such component can be the 12*91f16700SchasingluluTFTF test payload or a Linux kernel module. 13*91f16700Schasinglulu 14*91f16700SchasingluluVirtual filesystem 15*91f16700Schasinglulu------------------ 16*91f16700Schasinglulu 17*91f16700SchasingluluThe core functionality lies in a virtual file system based on a 9p file server 18*91f16700Schasingluluinterface (`Notes on the Plan 9 Kernel Source`_ and 19*91f16700Schasinglulu`Linux 9p remote filesystem protocol`_). 20*91f16700SchasingluluThe implementation permits exposing virtual files, firmware drivers, and file blobs. 21*91f16700Schasinglulu 22*91f16700SchasingluluNamespace 23*91f16700Schasinglulu~~~~~~~~~ 24*91f16700Schasinglulu 25*91f16700SchasingluluTwo namespaces are exposed: 26*91f16700Schasinglulu 27*91f16700Schasinglulu - # is used as root for drivers (e.g. #t0 is the first uart) 28*91f16700Schasinglulu - / is used as root for virtual "files" (e.g. /fip, or /dev/uart) 29*91f16700Schasinglulu 30*91f16700Schasinglulu9p interface 31*91f16700Schasinglulu~~~~~~~~~~~~ 32*91f16700Schasinglulu 33*91f16700SchasingluluThe associated primitives are: 34*91f16700Schasinglulu 35*91f16700Schasinglulu- Unix-like: 36*91f16700Schasinglulu 37*91f16700Schasinglulu - open(): create a file descriptor that acts as a handle to the file passed as 38*91f16700Schasinglulu an argument. 39*91f16700Schasinglulu - close(): close the file descriptor created by open(). 40*91f16700Schasinglulu - read(): read from a file to a buffer. 41*91f16700Schasinglulu - write(): write from a buffer to a file. 42*91f16700Schasinglulu - seek(): set the file position indicator of a file descriptor either to a 43*91f16700Schasinglulu relative or an absolute offset. 44*91f16700Schasinglulu - stat(): get information about a file (type, mode, size, ...). 45*91f16700Schasinglulu 46*91f16700Schasinglulu.. code:: c 47*91f16700Schasinglulu 48*91f16700Schasinglulu int open(const char *name, int flags); 49*91f16700Schasinglulu int close(int fd); 50*91f16700Schasinglulu int read(int fd, void *buf, int n); 51*91f16700Schasinglulu int write(int fd, void *buf, int n); 52*91f16700Schasinglulu int seek(int fd, long off, int whence); 53*91f16700Schasinglulu int stat(char *path, dir_t *dir); 54*91f16700Schasinglulu 55*91f16700Schasinglulu- Specific primitives : 56*91f16700Schasinglulu 57*91f16700Schasinglulu - mount(): create a link between a driver and spec. 58*91f16700Schasinglulu - create(): create a file in a specific location. 59*91f16700Schasinglulu - bind(): expose the content of a directory to another directory. 60*91f16700Schasinglulu 61*91f16700Schasinglulu.. code:: c 62*91f16700Schasinglulu 63*91f16700Schasinglulu int mount(char *srv, char *mnt, char *spec); 64*91f16700Schasinglulu int create(const char *name, int flags); 65*91f16700Schasinglulu int bind(char *path, char *where); 66*91f16700Schasinglulu 67*91f16700SchasingluluThis interface is embedded into the BL31 run-time payload when selected by build 68*91f16700Schasingluluoptions. The interface multiplexes drivers or emulated "files": 69*91f16700Schasinglulu 70*91f16700Schasinglulu- Debug data can be partitioned into different virtual files e.g. expose PMF 71*91f16700Schasinglulu measurements through a file, and internal firmware state counters through 72*91f16700Schasinglulu another file. 73*91f16700Schasinglulu- This permits direct access to a firmware driver, mainly for test purposes 74*91f16700Schasinglulu (e.g. a hardware device that may not be accessible to non-privileged/ 75*91f16700Schasinglulu non-secure layers, or for which no support exists in the NS side). 76*91f16700Schasinglulu 77*91f16700SchasingluluSMC interface 78*91f16700Schasinglulu------------- 79*91f16700Schasinglulu 80*91f16700SchasingluluThe communication with the 9p layer in BL31 is made through an SMC conduit 81*91f16700Schasinglulu(`SMC Calling Convention`_), using a specific SiP Function Id. An NS 82*91f16700Schasinglulushared buffer is used to pass path string parameters, or e.g. to exchange 83*91f16700Schasingluludata on a read operation. Refer to :ref:`ARM SiP Services <arm sip services>` 84*91f16700Schasinglulufor a description of the SMC interface. 85*91f16700Schasinglulu 86*91f16700SchasingluluSecurity considerations 87*91f16700Schasinglulu----------------------- 88*91f16700Schasinglulu 89*91f16700Schasinglulu- Due to the nature of the exposed data, the feature is considered experimental 90*91f16700Schasinglulu and importantly **shall only be used in debug builds**. 91*91f16700Schasinglulu- Several primitive imply string manipulations and usage of string formats. 92*91f16700Schasinglulu- Special care is taken with the shared buffer to avoid TOCTOU attacks. 93*91f16700Schasinglulu 94*91f16700SchasingluluLimitations 95*91f16700Schasinglulu----------- 96*91f16700Schasinglulu 97*91f16700Schasinglulu- In order to setup the shared buffer, the component consuming the interface 98*91f16700Schasinglulu needs to allocate a physical page frame and transmit its address. 99*91f16700Schasinglulu- In order to map the shared buffer, BL31 requires enabling the dynamic xlat 100*91f16700Schasinglulu table option. 101*91f16700Schasinglulu- Data exchange is limited by the shared buffer length. A large read operation 102*91f16700Schasinglulu might be split into multiple read operations of smaller chunks. 103*91f16700Schasinglulu- On concurrent access, a spinlock is implemented in the BL31 service to protect 104*91f16700Schasinglulu the internal work buffer, and re-entrancy into the filesystem layers. 105*91f16700Schasinglulu- Notice, a physical device driver if exposed by the firmware may conflict with 106*91f16700Schasinglulu the higher level OS if the latter implements its own driver for the same 107*91f16700Schasinglulu physical device. 108*91f16700Schasinglulu 109*91f16700SchasingluluApplications 110*91f16700Schasinglulu------------ 111*91f16700Schasinglulu 112*91f16700SchasingluluThe SMC interface is accessible from an NS environment, that is: 113*91f16700Schasinglulu 114*91f16700Schasinglulu- a test payload, bootloader or hypervisor running at NS-EL2 115*91f16700Schasinglulu- a Linux kernel driver running at NS-EL1 116*91f16700Schasinglulu- a Linux userspace application through the kernel driver 117*91f16700Schasinglulu 118*91f16700Schasinglulu-------------- 119*91f16700Schasinglulu 120*91f16700Schasinglulu*Copyright (c) 2019-2020, Arm Limited and Contributors. All rights reserved.* 121*91f16700Schasinglulu 122*91f16700Schasinglulu.. _SMC Calling Convention: https://developer.arm.com/docs/den0028/latest 123*91f16700Schasinglulu.. _Notes on the Plan 9 Kernel Source: http://lsub.org/who/nemo/9.pdf 124*91f16700Schasinglulu.. _Linux 9p remote filesystem protocol: https://www.kernel.org/doc/Documentation/filesystems/9p.txt 125*91f16700Schasinglulu.. _ARM SiP Services: arm-sip-service.rst 126