1*91f16700Schasinglulu /* 2*91f16700Schasinglulu * Copyright (c) 2020-2023, Arm Limited and Contributors. All rights reserved. 3*91f16700Schasinglulu * 4*91f16700Schasinglulu * SPDX-License-Identifier: BSD-3-Clause 5*91f16700Schasinglulu */ 6*91f16700Schasinglulu 7*91f16700Schasinglulu #include <assert.h> 8*91f16700Schasinglulu #include <errno.h> 9*91f16700Schasinglulu #include <inttypes.h> 10*91f16700Schasinglulu #include <stdint.h> 11*91f16700Schasinglulu #include <string.h> 12*91f16700Schasinglulu 13*91f16700Schasinglulu #include <arch_helpers.h> 14*91f16700Schasinglulu #include <arch/aarch64/arch_features.h> 15*91f16700Schasinglulu #include <bl31/bl31.h> 16*91f16700Schasinglulu #include <bl31/interrupt_mgmt.h> 17*91f16700Schasinglulu #include <common/debug.h> 18*91f16700Schasinglulu #include <common/runtime_svc.h> 19*91f16700Schasinglulu #include <common/tbbr/tbbr_img_def.h> 20*91f16700Schasinglulu #include <lib/el3_runtime/context_mgmt.h> 21*91f16700Schasinglulu #include <lib/fconf/fconf.h> 22*91f16700Schasinglulu #include <lib/fconf/fconf_dyn_cfg_getter.h> 23*91f16700Schasinglulu #include <lib/smccc.h> 24*91f16700Schasinglulu #include <lib/spinlock.h> 25*91f16700Schasinglulu #include <lib/utils.h> 26*91f16700Schasinglulu #include <lib/xlat_tables/xlat_tables_v2.h> 27*91f16700Schasinglulu #include <plat/common/common_def.h> 28*91f16700Schasinglulu #include <plat/common/platform.h> 29*91f16700Schasinglulu #include <platform_def.h> 30*91f16700Schasinglulu #include <services/el3_spmd_logical_sp.h> 31*91f16700Schasinglulu #include <services/ffa_svc.h> 32*91f16700Schasinglulu #include <services/spmc_svc.h> 33*91f16700Schasinglulu #include <services/spmd_svc.h> 34*91f16700Schasinglulu #include <smccc_helpers.h> 35*91f16700Schasinglulu #include "spmd_private.h" 36*91f16700Schasinglulu 37*91f16700Schasinglulu /******************************************************************************* 38*91f16700Schasinglulu * SPM Core context information. 39*91f16700Schasinglulu ******************************************************************************/ 40*91f16700Schasinglulu static spmd_spm_core_context_t spm_core_context[PLATFORM_CORE_COUNT]; 41*91f16700Schasinglulu 42*91f16700Schasinglulu /******************************************************************************* 43*91f16700Schasinglulu * SPM Core attribute information is read from its manifest if the SPMC is not 44*91f16700Schasinglulu * at EL3. Else, it is populated from the SPMC directly. 45*91f16700Schasinglulu ******************************************************************************/ 46*91f16700Schasinglulu static spmc_manifest_attribute_t spmc_attrs; 47*91f16700Schasinglulu 48*91f16700Schasinglulu /******************************************************************************* 49*91f16700Schasinglulu * SPM Core entry point information. Discovered on the primary core and reused 50*91f16700Schasinglulu * on secondary cores. 51*91f16700Schasinglulu ******************************************************************************/ 52*91f16700Schasinglulu static entry_point_info_t *spmc_ep_info; 53*91f16700Schasinglulu 54*91f16700Schasinglulu /******************************************************************************* 55*91f16700Schasinglulu * SPM Core context on CPU based on mpidr. 56*91f16700Schasinglulu ******************************************************************************/ 57*91f16700Schasinglulu spmd_spm_core_context_t *spmd_get_context_by_mpidr(uint64_t mpidr) 58*91f16700Schasinglulu { 59*91f16700Schasinglulu int core_idx = plat_core_pos_by_mpidr(mpidr); 60*91f16700Schasinglulu 61*91f16700Schasinglulu if (core_idx < 0) { 62*91f16700Schasinglulu ERROR("Invalid mpidr: %" PRIx64 ", returned ID: %d\n", mpidr, core_idx); 63*91f16700Schasinglulu panic(); 64*91f16700Schasinglulu } 65*91f16700Schasinglulu 66*91f16700Schasinglulu return &spm_core_context[core_idx]; 67*91f16700Schasinglulu } 68*91f16700Schasinglulu 69*91f16700Schasinglulu /******************************************************************************* 70*91f16700Schasinglulu * SPM Core context on current CPU get helper. 71*91f16700Schasinglulu ******************************************************************************/ 72*91f16700Schasinglulu spmd_spm_core_context_t *spmd_get_context(void) 73*91f16700Schasinglulu { 74*91f16700Schasinglulu return spmd_get_context_by_mpidr(read_mpidr()); 75*91f16700Schasinglulu } 76*91f16700Schasinglulu 77*91f16700Schasinglulu /******************************************************************************* 78*91f16700Schasinglulu * SPM Core ID getter. 79*91f16700Schasinglulu ******************************************************************************/ 80*91f16700Schasinglulu uint16_t spmd_spmc_id_get(void) 81*91f16700Schasinglulu { 82*91f16700Schasinglulu return spmc_attrs.spmc_id; 83*91f16700Schasinglulu } 84*91f16700Schasinglulu 85*91f16700Schasinglulu /******************************************************************************* 86*91f16700Schasinglulu * Static function declaration. 87*91f16700Schasinglulu ******************************************************************************/ 88*91f16700Schasinglulu static int32_t spmd_init(void); 89*91f16700Schasinglulu static int spmd_spmc_init(void *pm_addr); 90*91f16700Schasinglulu 91*91f16700Schasinglulu static uint64_t spmd_smc_forward(uint32_t smc_fid, 92*91f16700Schasinglulu bool secure_origin, 93*91f16700Schasinglulu uint64_t x1, 94*91f16700Schasinglulu uint64_t x2, 95*91f16700Schasinglulu uint64_t x3, 96*91f16700Schasinglulu uint64_t x4, 97*91f16700Schasinglulu void *cookie, 98*91f16700Schasinglulu void *handle, 99*91f16700Schasinglulu uint64_t flags); 100*91f16700Schasinglulu 101*91f16700Schasinglulu /****************************************************************************** 102*91f16700Schasinglulu * Builds an SPMD to SPMC direct message request. 103*91f16700Schasinglulu *****************************************************************************/ 104*91f16700Schasinglulu void spmd_build_spmc_message(gp_regs_t *gpregs, uint8_t target_func, 105*91f16700Schasinglulu unsigned long long message) 106*91f16700Schasinglulu { 107*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X0, FFA_MSG_SEND_DIRECT_REQ_SMC32); 108*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X1, 109*91f16700Schasinglulu (SPMD_DIRECT_MSG_ENDPOINT_ID << FFA_DIRECT_MSG_SOURCE_SHIFT) | 110*91f16700Schasinglulu spmd_spmc_id_get()); 111*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X2, BIT(31) | target_func); 112*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X3, message); 113*91f16700Schasinglulu 114*91f16700Schasinglulu /* Zero out x4-x7 for the direct request emitted towards the SPMC. */ 115*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X4, 0); 116*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X5, 0); 117*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X6, 0); 118*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X7, 0); 119*91f16700Schasinglulu } 120*91f16700Schasinglulu 121*91f16700Schasinglulu 122*91f16700Schasinglulu /******************************************************************************* 123*91f16700Schasinglulu * This function takes an SPMC context pointer and performs a synchronous 124*91f16700Schasinglulu * SPMC entry. 125*91f16700Schasinglulu ******************************************************************************/ 126*91f16700Schasinglulu uint64_t spmd_spm_core_sync_entry(spmd_spm_core_context_t *spmc_ctx) 127*91f16700Schasinglulu { 128*91f16700Schasinglulu uint64_t rc; 129*91f16700Schasinglulu 130*91f16700Schasinglulu assert(spmc_ctx != NULL); 131*91f16700Schasinglulu 132*91f16700Schasinglulu cm_set_context(&(spmc_ctx->cpu_ctx), SECURE); 133*91f16700Schasinglulu 134*91f16700Schasinglulu /* Restore the context assigned above */ 135*91f16700Schasinglulu #if SPMD_SPM_AT_SEL2 136*91f16700Schasinglulu cm_el2_sysregs_context_restore(SECURE); 137*91f16700Schasinglulu #else 138*91f16700Schasinglulu cm_el1_sysregs_context_restore(SECURE); 139*91f16700Schasinglulu #endif 140*91f16700Schasinglulu cm_set_next_eret_context(SECURE); 141*91f16700Schasinglulu 142*91f16700Schasinglulu /* Enter SPMC */ 143*91f16700Schasinglulu rc = spmd_spm_core_enter(&spmc_ctx->c_rt_ctx); 144*91f16700Schasinglulu 145*91f16700Schasinglulu /* Save secure state */ 146*91f16700Schasinglulu #if SPMD_SPM_AT_SEL2 147*91f16700Schasinglulu cm_el2_sysregs_context_save(SECURE); 148*91f16700Schasinglulu #else 149*91f16700Schasinglulu cm_el1_sysregs_context_save(SECURE); 150*91f16700Schasinglulu #endif 151*91f16700Schasinglulu 152*91f16700Schasinglulu return rc; 153*91f16700Schasinglulu } 154*91f16700Schasinglulu 155*91f16700Schasinglulu /******************************************************************************* 156*91f16700Schasinglulu * This function returns to the place where spmd_spm_core_sync_entry() was 157*91f16700Schasinglulu * called originally. 158*91f16700Schasinglulu ******************************************************************************/ 159*91f16700Schasinglulu __dead2 void spmd_spm_core_sync_exit(uint64_t rc) 160*91f16700Schasinglulu { 161*91f16700Schasinglulu spmd_spm_core_context_t *ctx = spmd_get_context(); 162*91f16700Schasinglulu 163*91f16700Schasinglulu /* Get current CPU context from SPMC context */ 164*91f16700Schasinglulu assert(cm_get_context(SECURE) == &(ctx->cpu_ctx)); 165*91f16700Schasinglulu 166*91f16700Schasinglulu /* 167*91f16700Schasinglulu * The SPMD must have initiated the original request through a 168*91f16700Schasinglulu * synchronous entry into SPMC. Jump back to the original C runtime 169*91f16700Schasinglulu * context with the value of rc in x0; 170*91f16700Schasinglulu */ 171*91f16700Schasinglulu spmd_spm_core_exit(ctx->c_rt_ctx, rc); 172*91f16700Schasinglulu 173*91f16700Schasinglulu panic(); 174*91f16700Schasinglulu } 175*91f16700Schasinglulu 176*91f16700Schasinglulu /******************************************************************************* 177*91f16700Schasinglulu * Jump to the SPM Core for the first time. 178*91f16700Schasinglulu ******************************************************************************/ 179*91f16700Schasinglulu static int32_t spmd_init(void) 180*91f16700Schasinglulu { 181*91f16700Schasinglulu spmd_spm_core_context_t *ctx = spmd_get_context(); 182*91f16700Schasinglulu uint64_t rc; 183*91f16700Schasinglulu 184*91f16700Schasinglulu VERBOSE("SPM Core init start.\n"); 185*91f16700Schasinglulu 186*91f16700Schasinglulu /* Primary boot core enters the SPMC for initialization. */ 187*91f16700Schasinglulu ctx->state = SPMC_STATE_ON_PENDING; 188*91f16700Schasinglulu 189*91f16700Schasinglulu rc = spmd_spm_core_sync_entry(ctx); 190*91f16700Schasinglulu if (rc != 0ULL) { 191*91f16700Schasinglulu ERROR("SPMC initialisation failed 0x%" PRIx64 "\n", rc); 192*91f16700Schasinglulu return 0; 193*91f16700Schasinglulu } 194*91f16700Schasinglulu 195*91f16700Schasinglulu ctx->state = SPMC_STATE_ON; 196*91f16700Schasinglulu 197*91f16700Schasinglulu VERBOSE("SPM Core init end.\n"); 198*91f16700Schasinglulu 199*91f16700Schasinglulu spmd_logical_sp_set_spmc_initialized(); 200*91f16700Schasinglulu rc = spmd_logical_sp_init(); 201*91f16700Schasinglulu if (rc != 0) { 202*91f16700Schasinglulu WARN("SPMD Logical partitions failed init.\n"); 203*91f16700Schasinglulu } 204*91f16700Schasinglulu 205*91f16700Schasinglulu return 1; 206*91f16700Schasinglulu } 207*91f16700Schasinglulu 208*91f16700Schasinglulu /******************************************************************************* 209*91f16700Schasinglulu * spmd_secure_interrupt_handler 210*91f16700Schasinglulu * Enter the SPMC for further handling of the secure interrupt by the SPMC 211*91f16700Schasinglulu * itself or a Secure Partition. 212*91f16700Schasinglulu ******************************************************************************/ 213*91f16700Schasinglulu static uint64_t spmd_secure_interrupt_handler(uint32_t id, 214*91f16700Schasinglulu uint32_t flags, 215*91f16700Schasinglulu void *handle, 216*91f16700Schasinglulu void *cookie) 217*91f16700Schasinglulu { 218*91f16700Schasinglulu spmd_spm_core_context_t *ctx = spmd_get_context(); 219*91f16700Schasinglulu gp_regs_t *gpregs = get_gpregs_ctx(&ctx->cpu_ctx); 220*91f16700Schasinglulu unsigned int linear_id = plat_my_core_pos(); 221*91f16700Schasinglulu int64_t rc; 222*91f16700Schasinglulu 223*91f16700Schasinglulu /* Sanity check the security state when the exception was generated */ 224*91f16700Schasinglulu assert(get_interrupt_src_ss(flags) == NON_SECURE); 225*91f16700Schasinglulu 226*91f16700Schasinglulu /* Sanity check the pointer to this cpu's context */ 227*91f16700Schasinglulu assert(handle == cm_get_context(NON_SECURE)); 228*91f16700Schasinglulu 229*91f16700Schasinglulu /* Save the non-secure context before entering SPMC */ 230*91f16700Schasinglulu cm_el1_sysregs_context_save(NON_SECURE); 231*91f16700Schasinglulu #if SPMD_SPM_AT_SEL2 232*91f16700Schasinglulu cm_el2_sysregs_context_save(NON_SECURE); 233*91f16700Schasinglulu #endif 234*91f16700Schasinglulu 235*91f16700Schasinglulu /* Convey the event to the SPMC through the FFA_INTERRUPT interface. */ 236*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X0, FFA_INTERRUPT); 237*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X1, 0); 238*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X2, 0); 239*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X3, 0); 240*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X4, 0); 241*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X5, 0); 242*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X6, 0); 243*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X7, 0); 244*91f16700Schasinglulu 245*91f16700Schasinglulu /* Mark current core as handling a secure interrupt. */ 246*91f16700Schasinglulu ctx->secure_interrupt_ongoing = true; 247*91f16700Schasinglulu 248*91f16700Schasinglulu rc = spmd_spm_core_sync_entry(ctx); 249*91f16700Schasinglulu if (rc != 0ULL) { 250*91f16700Schasinglulu ERROR("%s failed (%" PRId64 ") on CPU%u\n", __func__, rc, linear_id); 251*91f16700Schasinglulu } 252*91f16700Schasinglulu 253*91f16700Schasinglulu ctx->secure_interrupt_ongoing = false; 254*91f16700Schasinglulu 255*91f16700Schasinglulu cm_el1_sysregs_context_restore(NON_SECURE); 256*91f16700Schasinglulu #if SPMD_SPM_AT_SEL2 257*91f16700Schasinglulu cm_el2_sysregs_context_restore(NON_SECURE); 258*91f16700Schasinglulu #endif 259*91f16700Schasinglulu cm_set_next_eret_context(NON_SECURE); 260*91f16700Schasinglulu 261*91f16700Schasinglulu SMC_RET0(&ctx->cpu_ctx); 262*91f16700Schasinglulu } 263*91f16700Schasinglulu 264*91f16700Schasinglulu #if (EL3_EXCEPTION_HANDLING == 0) 265*91f16700Schasinglulu /******************************************************************************* 266*91f16700Schasinglulu * spmd_group0_interrupt_handler_nwd 267*91f16700Schasinglulu * Group0 secure interrupt in the normal world are trapped to EL3. Delegate the 268*91f16700Schasinglulu * handling of the interrupt to the platform handler, and return only upon 269*91f16700Schasinglulu * successfully handling the Group0 interrupt. 270*91f16700Schasinglulu ******************************************************************************/ 271*91f16700Schasinglulu static uint64_t spmd_group0_interrupt_handler_nwd(uint32_t id, 272*91f16700Schasinglulu uint32_t flags, 273*91f16700Schasinglulu void *handle, 274*91f16700Schasinglulu void *cookie) 275*91f16700Schasinglulu { 276*91f16700Schasinglulu uint32_t intid; 277*91f16700Schasinglulu 278*91f16700Schasinglulu /* Sanity check the security state when the exception was generated. */ 279*91f16700Schasinglulu assert(get_interrupt_src_ss(flags) == NON_SECURE); 280*91f16700Schasinglulu 281*91f16700Schasinglulu /* Sanity check the pointer to this cpu's context. */ 282*91f16700Schasinglulu assert(handle == cm_get_context(NON_SECURE)); 283*91f16700Schasinglulu 284*91f16700Schasinglulu assert(id == INTR_ID_UNAVAILABLE); 285*91f16700Schasinglulu 286*91f16700Schasinglulu assert(plat_ic_get_pending_interrupt_type() == INTR_TYPE_EL3); 287*91f16700Schasinglulu 288*91f16700Schasinglulu intid = plat_ic_acknowledge_interrupt(); 289*91f16700Schasinglulu 290*91f16700Schasinglulu if (plat_spmd_handle_group0_interrupt(intid) < 0) { 291*91f16700Schasinglulu ERROR("Group0 interrupt %u not handled\n", intid); 292*91f16700Schasinglulu panic(); 293*91f16700Schasinglulu } 294*91f16700Schasinglulu 295*91f16700Schasinglulu /* Deactivate the corresponding Group0 interrupt. */ 296*91f16700Schasinglulu plat_ic_end_of_interrupt(intid); 297*91f16700Schasinglulu 298*91f16700Schasinglulu return 0U; 299*91f16700Schasinglulu } 300*91f16700Schasinglulu #endif 301*91f16700Schasinglulu 302*91f16700Schasinglulu /******************************************************************************* 303*91f16700Schasinglulu * spmd_handle_group0_intr_swd 304*91f16700Schasinglulu * SPMC delegates handling of Group0 secure interrupt to EL3 firmware using 305*91f16700Schasinglulu * FFA_EL3_INTR_HANDLE SMC call. Further, SPMD delegates the handling of the 306*91f16700Schasinglulu * interrupt to the platform handler, and returns only upon successfully 307*91f16700Schasinglulu * handling the Group0 interrupt. 308*91f16700Schasinglulu ******************************************************************************/ 309*91f16700Schasinglulu static uint64_t spmd_handle_group0_intr_swd(void *handle) 310*91f16700Schasinglulu { 311*91f16700Schasinglulu uint32_t intid; 312*91f16700Schasinglulu 313*91f16700Schasinglulu /* Sanity check the pointer to this cpu's context */ 314*91f16700Schasinglulu assert(handle == cm_get_context(SECURE)); 315*91f16700Schasinglulu 316*91f16700Schasinglulu assert(plat_ic_get_pending_interrupt_type() == INTR_TYPE_EL3); 317*91f16700Schasinglulu 318*91f16700Schasinglulu intid = plat_ic_acknowledge_interrupt(); 319*91f16700Schasinglulu 320*91f16700Schasinglulu /* 321*91f16700Schasinglulu * TODO: Currently due to a limitation in SPMD implementation, the 322*91f16700Schasinglulu * platform handler is expected to not delegate handling to NWd while 323*91f16700Schasinglulu * processing Group0 secure interrupt. 324*91f16700Schasinglulu */ 325*91f16700Schasinglulu if (plat_spmd_handle_group0_interrupt(intid) < 0) { 326*91f16700Schasinglulu /* Group0 interrupt was not handled by the platform. */ 327*91f16700Schasinglulu ERROR("Group0 interrupt %u not handled\n", intid); 328*91f16700Schasinglulu panic(); 329*91f16700Schasinglulu } 330*91f16700Schasinglulu 331*91f16700Schasinglulu /* Deactivate the corresponding Group0 interrupt. */ 332*91f16700Schasinglulu plat_ic_end_of_interrupt(intid); 333*91f16700Schasinglulu 334*91f16700Schasinglulu /* Return success. */ 335*91f16700Schasinglulu SMC_RET8(handle, FFA_SUCCESS_SMC32, FFA_PARAM_MBZ, FFA_PARAM_MBZ, 336*91f16700Schasinglulu FFA_PARAM_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ, 337*91f16700Schasinglulu FFA_PARAM_MBZ); 338*91f16700Schasinglulu } 339*91f16700Schasinglulu 340*91f16700Schasinglulu #if ENABLE_RME && SPMD_SPM_AT_SEL2 && !RESET_TO_BL31 341*91f16700Schasinglulu static int spmd_dynamic_map_mem(uintptr_t base_addr, size_t size, 342*91f16700Schasinglulu unsigned int attr, uintptr_t *align_addr, 343*91f16700Schasinglulu size_t *align_size) 344*91f16700Schasinglulu { 345*91f16700Schasinglulu uintptr_t base_addr_align; 346*91f16700Schasinglulu size_t mapped_size_align; 347*91f16700Schasinglulu int rc; 348*91f16700Schasinglulu 349*91f16700Schasinglulu /* Page aligned address and size if necessary */ 350*91f16700Schasinglulu base_addr_align = page_align(base_addr, DOWN); 351*91f16700Schasinglulu mapped_size_align = page_align(size, UP); 352*91f16700Schasinglulu 353*91f16700Schasinglulu if ((base_addr != base_addr_align) && 354*91f16700Schasinglulu (size == mapped_size_align)) { 355*91f16700Schasinglulu mapped_size_align += PAGE_SIZE; 356*91f16700Schasinglulu } 357*91f16700Schasinglulu 358*91f16700Schasinglulu /* 359*91f16700Schasinglulu * Map dynamically given region with its aligned base address and 360*91f16700Schasinglulu * size 361*91f16700Schasinglulu */ 362*91f16700Schasinglulu rc = mmap_add_dynamic_region((unsigned long long)base_addr_align, 363*91f16700Schasinglulu base_addr_align, 364*91f16700Schasinglulu mapped_size_align, 365*91f16700Schasinglulu attr); 366*91f16700Schasinglulu if (rc == 0) { 367*91f16700Schasinglulu *align_addr = base_addr_align; 368*91f16700Schasinglulu *align_size = mapped_size_align; 369*91f16700Schasinglulu } 370*91f16700Schasinglulu 371*91f16700Schasinglulu return rc; 372*91f16700Schasinglulu } 373*91f16700Schasinglulu 374*91f16700Schasinglulu static void spmd_do_sec_cpy(uintptr_t root_base_addr, uintptr_t sec_base_addr, 375*91f16700Schasinglulu size_t size) 376*91f16700Schasinglulu { 377*91f16700Schasinglulu uintptr_t root_base_addr_align, sec_base_addr_align; 378*91f16700Schasinglulu size_t root_mapped_size_align, sec_mapped_size_align; 379*91f16700Schasinglulu int rc; 380*91f16700Schasinglulu 381*91f16700Schasinglulu assert(root_base_addr != 0UL); 382*91f16700Schasinglulu assert(sec_base_addr != 0UL); 383*91f16700Schasinglulu assert(size != 0UL); 384*91f16700Schasinglulu 385*91f16700Schasinglulu /* Map the memory with required attributes */ 386*91f16700Schasinglulu rc = spmd_dynamic_map_mem(root_base_addr, size, MT_RO_DATA | MT_ROOT, 387*91f16700Schasinglulu &root_base_addr_align, 388*91f16700Schasinglulu &root_mapped_size_align); 389*91f16700Schasinglulu if (rc != 0) { 390*91f16700Schasinglulu ERROR("%s %s %lu (%d)\n", "Error while mapping", "root region", 391*91f16700Schasinglulu root_base_addr, rc); 392*91f16700Schasinglulu panic(); 393*91f16700Schasinglulu } 394*91f16700Schasinglulu 395*91f16700Schasinglulu rc = spmd_dynamic_map_mem(sec_base_addr, size, MT_RW_DATA | MT_SECURE, 396*91f16700Schasinglulu &sec_base_addr_align, &sec_mapped_size_align); 397*91f16700Schasinglulu if (rc != 0) { 398*91f16700Schasinglulu ERROR("%s %s %lu (%d)\n", "Error while mapping", 399*91f16700Schasinglulu "secure region", sec_base_addr, rc); 400*91f16700Schasinglulu panic(); 401*91f16700Schasinglulu } 402*91f16700Schasinglulu 403*91f16700Schasinglulu /* Do copy operation */ 404*91f16700Schasinglulu (void)memcpy((void *)sec_base_addr, (void *)root_base_addr, size); 405*91f16700Schasinglulu 406*91f16700Schasinglulu /* Unmap root memory region */ 407*91f16700Schasinglulu rc = mmap_remove_dynamic_region(root_base_addr_align, 408*91f16700Schasinglulu root_mapped_size_align); 409*91f16700Schasinglulu if (rc != 0) { 410*91f16700Schasinglulu ERROR("%s %s %lu (%d)\n", "Error while unmapping", 411*91f16700Schasinglulu "root region", root_base_addr_align, rc); 412*91f16700Schasinglulu panic(); 413*91f16700Schasinglulu } 414*91f16700Schasinglulu 415*91f16700Schasinglulu /* Unmap secure memory region */ 416*91f16700Schasinglulu rc = mmap_remove_dynamic_region(sec_base_addr_align, 417*91f16700Schasinglulu sec_mapped_size_align); 418*91f16700Schasinglulu if (rc != 0) { 419*91f16700Schasinglulu ERROR("%s %s %lu (%d)\n", "Error while unmapping", 420*91f16700Schasinglulu "secure region", sec_base_addr_align, rc); 421*91f16700Schasinglulu panic(); 422*91f16700Schasinglulu } 423*91f16700Schasinglulu } 424*91f16700Schasinglulu #endif /* ENABLE_RME && SPMD_SPM_AT_SEL2 && !RESET_TO_BL31 */ 425*91f16700Schasinglulu 426*91f16700Schasinglulu /******************************************************************************* 427*91f16700Schasinglulu * Loads SPMC manifest and inits SPMC. 428*91f16700Schasinglulu ******************************************************************************/ 429*91f16700Schasinglulu static int spmd_spmc_init(void *pm_addr) 430*91f16700Schasinglulu { 431*91f16700Schasinglulu cpu_context_t *cpu_ctx; 432*91f16700Schasinglulu unsigned int core_id; 433*91f16700Schasinglulu uint32_t ep_attr, flags; 434*91f16700Schasinglulu int rc; 435*91f16700Schasinglulu const struct dyn_cfg_dtb_info_t *image_info __unused; 436*91f16700Schasinglulu 437*91f16700Schasinglulu /* Load the SPM Core manifest */ 438*91f16700Schasinglulu rc = plat_spm_core_manifest_load(&spmc_attrs, pm_addr); 439*91f16700Schasinglulu if (rc != 0) { 440*91f16700Schasinglulu WARN("No or invalid SPM Core manifest image provided by BL2\n"); 441*91f16700Schasinglulu return rc; 442*91f16700Schasinglulu } 443*91f16700Schasinglulu 444*91f16700Schasinglulu /* 445*91f16700Schasinglulu * Ensure that the SPM Core version is compatible with the SPM 446*91f16700Schasinglulu * Dispatcher version. 447*91f16700Schasinglulu */ 448*91f16700Schasinglulu if ((spmc_attrs.major_version != FFA_VERSION_MAJOR) || 449*91f16700Schasinglulu (spmc_attrs.minor_version > FFA_VERSION_MINOR)) { 450*91f16700Schasinglulu WARN("Unsupported FFA version (%u.%u)\n", 451*91f16700Schasinglulu spmc_attrs.major_version, spmc_attrs.minor_version); 452*91f16700Schasinglulu return -EINVAL; 453*91f16700Schasinglulu } 454*91f16700Schasinglulu 455*91f16700Schasinglulu VERBOSE("FFA version (%u.%u)\n", spmc_attrs.major_version, 456*91f16700Schasinglulu spmc_attrs.minor_version); 457*91f16700Schasinglulu 458*91f16700Schasinglulu VERBOSE("SPM Core run time EL%x.\n", 459*91f16700Schasinglulu SPMD_SPM_AT_SEL2 ? MODE_EL2 : MODE_EL1); 460*91f16700Schasinglulu 461*91f16700Schasinglulu /* Validate the SPMC ID, Ensure high bit is set */ 462*91f16700Schasinglulu if (((spmc_attrs.spmc_id >> SPMC_SECURE_ID_SHIFT) & 463*91f16700Schasinglulu SPMC_SECURE_ID_MASK) == 0U) { 464*91f16700Schasinglulu WARN("Invalid ID (0x%x) for SPMC.\n", spmc_attrs.spmc_id); 465*91f16700Schasinglulu return -EINVAL; 466*91f16700Schasinglulu } 467*91f16700Schasinglulu 468*91f16700Schasinglulu /* Validate the SPM Core execution state */ 469*91f16700Schasinglulu if ((spmc_attrs.exec_state != MODE_RW_64) && 470*91f16700Schasinglulu (spmc_attrs.exec_state != MODE_RW_32)) { 471*91f16700Schasinglulu WARN("Unsupported %s%x.\n", "SPM Core execution state 0x", 472*91f16700Schasinglulu spmc_attrs.exec_state); 473*91f16700Schasinglulu return -EINVAL; 474*91f16700Schasinglulu } 475*91f16700Schasinglulu 476*91f16700Schasinglulu VERBOSE("%s%x.\n", "SPM Core execution state 0x", 477*91f16700Schasinglulu spmc_attrs.exec_state); 478*91f16700Schasinglulu 479*91f16700Schasinglulu #if SPMD_SPM_AT_SEL2 480*91f16700Schasinglulu /* Ensure manifest has not requested AArch32 state in S-EL2 */ 481*91f16700Schasinglulu if (spmc_attrs.exec_state == MODE_RW_32) { 482*91f16700Schasinglulu WARN("AArch32 state at S-EL2 is not supported.\n"); 483*91f16700Schasinglulu return -EINVAL; 484*91f16700Schasinglulu } 485*91f16700Schasinglulu 486*91f16700Schasinglulu /* 487*91f16700Schasinglulu * Check if S-EL2 is supported on this system if S-EL2 488*91f16700Schasinglulu * is required for SPM 489*91f16700Schasinglulu */ 490*91f16700Schasinglulu if (!is_feat_sel2_supported()) { 491*91f16700Schasinglulu WARN("SPM Core run time S-EL2 is not supported.\n"); 492*91f16700Schasinglulu return -EINVAL; 493*91f16700Schasinglulu } 494*91f16700Schasinglulu #endif /* SPMD_SPM_AT_SEL2 */ 495*91f16700Schasinglulu 496*91f16700Schasinglulu /* Initialise an entrypoint to set up the CPU context */ 497*91f16700Schasinglulu ep_attr = SECURE | EP_ST_ENABLE; 498*91f16700Schasinglulu if ((read_sctlr_el3() & SCTLR_EE_BIT) != 0ULL) { 499*91f16700Schasinglulu ep_attr |= EP_EE_BIG; 500*91f16700Schasinglulu } 501*91f16700Schasinglulu 502*91f16700Schasinglulu SET_PARAM_HEAD(spmc_ep_info, PARAM_EP, VERSION_1, ep_attr); 503*91f16700Schasinglulu 504*91f16700Schasinglulu /* 505*91f16700Schasinglulu * Populate SPSR for SPM Core based upon validated parameters from the 506*91f16700Schasinglulu * manifest. 507*91f16700Schasinglulu */ 508*91f16700Schasinglulu if (spmc_attrs.exec_state == MODE_RW_32) { 509*91f16700Schasinglulu spmc_ep_info->spsr = SPSR_MODE32(MODE32_svc, SPSR_T_ARM, 510*91f16700Schasinglulu SPSR_E_LITTLE, 511*91f16700Schasinglulu DAIF_FIQ_BIT | 512*91f16700Schasinglulu DAIF_IRQ_BIT | 513*91f16700Schasinglulu DAIF_ABT_BIT); 514*91f16700Schasinglulu } else { 515*91f16700Schasinglulu 516*91f16700Schasinglulu #if SPMD_SPM_AT_SEL2 517*91f16700Schasinglulu static const uint32_t runtime_el = MODE_EL2; 518*91f16700Schasinglulu #else 519*91f16700Schasinglulu static const uint32_t runtime_el = MODE_EL1; 520*91f16700Schasinglulu #endif 521*91f16700Schasinglulu spmc_ep_info->spsr = SPSR_64(runtime_el, 522*91f16700Schasinglulu MODE_SP_ELX, 523*91f16700Schasinglulu DISABLE_ALL_EXCEPTIONS); 524*91f16700Schasinglulu } 525*91f16700Schasinglulu 526*91f16700Schasinglulu #if ENABLE_RME && SPMD_SPM_AT_SEL2 && !RESET_TO_BL31 527*91f16700Schasinglulu image_info = FCONF_GET_PROPERTY(dyn_cfg, dtb, TOS_FW_CONFIG_ID); 528*91f16700Schasinglulu assert(image_info != NULL); 529*91f16700Schasinglulu 530*91f16700Schasinglulu if ((image_info->config_addr == 0UL) || 531*91f16700Schasinglulu (image_info->secondary_config_addr == 0UL) || 532*91f16700Schasinglulu (image_info->config_max_size == 0UL)) { 533*91f16700Schasinglulu return -EINVAL; 534*91f16700Schasinglulu } 535*91f16700Schasinglulu 536*91f16700Schasinglulu /* Copy manifest from root->secure region */ 537*91f16700Schasinglulu spmd_do_sec_cpy(image_info->config_addr, 538*91f16700Schasinglulu image_info->secondary_config_addr, 539*91f16700Schasinglulu image_info->config_max_size); 540*91f16700Schasinglulu 541*91f16700Schasinglulu /* Update ep info of BL32 */ 542*91f16700Schasinglulu assert(spmc_ep_info != NULL); 543*91f16700Schasinglulu spmc_ep_info->args.arg0 = image_info->secondary_config_addr; 544*91f16700Schasinglulu #endif /* ENABLE_RME && SPMD_SPM_AT_SEL2 && !RESET_TO_BL31 */ 545*91f16700Schasinglulu 546*91f16700Schasinglulu /* Set an initial SPMC context state for all cores. */ 547*91f16700Schasinglulu for (core_id = 0U; core_id < PLATFORM_CORE_COUNT; core_id++) { 548*91f16700Schasinglulu spm_core_context[core_id].state = SPMC_STATE_OFF; 549*91f16700Schasinglulu 550*91f16700Schasinglulu /* Setup an initial cpu context for the SPMC. */ 551*91f16700Schasinglulu cpu_ctx = &spm_core_context[core_id].cpu_ctx; 552*91f16700Schasinglulu cm_setup_context(cpu_ctx, spmc_ep_info); 553*91f16700Schasinglulu 554*91f16700Schasinglulu /* 555*91f16700Schasinglulu * Pass the core linear ID to the SPMC through x4. 556*91f16700Schasinglulu * (TF-A implementation defined behavior helping 557*91f16700Schasinglulu * a legacy TOS migration to adopt FF-A). 558*91f16700Schasinglulu */ 559*91f16700Schasinglulu write_ctx_reg(get_gpregs_ctx(cpu_ctx), CTX_GPREG_X4, core_id); 560*91f16700Schasinglulu } 561*91f16700Schasinglulu 562*91f16700Schasinglulu /* Register power management hooks with PSCI */ 563*91f16700Schasinglulu psci_register_spd_pm_hook(&spmd_pm); 564*91f16700Schasinglulu 565*91f16700Schasinglulu /* Register init function for deferred init. */ 566*91f16700Schasinglulu bl31_register_bl32_init(&spmd_init); 567*91f16700Schasinglulu 568*91f16700Schasinglulu INFO("SPM Core setup done.\n"); 569*91f16700Schasinglulu 570*91f16700Schasinglulu /* 571*91f16700Schasinglulu * Register an interrupt handler routing secure interrupts to SPMD 572*91f16700Schasinglulu * while the NWd is running. 573*91f16700Schasinglulu */ 574*91f16700Schasinglulu flags = 0; 575*91f16700Schasinglulu set_interrupt_rm_flag(flags, NON_SECURE); 576*91f16700Schasinglulu rc = register_interrupt_type_handler(INTR_TYPE_S_EL1, 577*91f16700Schasinglulu spmd_secure_interrupt_handler, 578*91f16700Schasinglulu flags); 579*91f16700Schasinglulu if (rc != 0) { 580*91f16700Schasinglulu panic(); 581*91f16700Schasinglulu } 582*91f16700Schasinglulu 583*91f16700Schasinglulu /* 584*91f16700Schasinglulu * Permit configurations where the SPM resides at S-EL1/2 and upon a 585*91f16700Schasinglulu * Group0 interrupt triggering while the normal world runs, the 586*91f16700Schasinglulu * interrupt is routed either through the EHF or directly to the SPMD: 587*91f16700Schasinglulu * 588*91f16700Schasinglulu * EL3_EXCEPTION_HANDLING=0: the Group0 interrupt is routed to the SPMD 589*91f16700Schasinglulu * for handling by spmd_group0_interrupt_handler_nwd. 590*91f16700Schasinglulu * 591*91f16700Schasinglulu * EL3_EXCEPTION_HANDLING=1: the Group0 interrupt is routed to the EHF. 592*91f16700Schasinglulu * 593*91f16700Schasinglulu */ 594*91f16700Schasinglulu #if (EL3_EXCEPTION_HANDLING == 0) 595*91f16700Schasinglulu /* 596*91f16700Schasinglulu * Register an interrupt handler routing Group0 interrupts to SPMD 597*91f16700Schasinglulu * while the NWd is running. 598*91f16700Schasinglulu */ 599*91f16700Schasinglulu rc = register_interrupt_type_handler(INTR_TYPE_EL3, 600*91f16700Schasinglulu spmd_group0_interrupt_handler_nwd, 601*91f16700Schasinglulu flags); 602*91f16700Schasinglulu if (rc != 0) { 603*91f16700Schasinglulu panic(); 604*91f16700Schasinglulu } 605*91f16700Schasinglulu #endif 606*91f16700Schasinglulu 607*91f16700Schasinglulu return 0; 608*91f16700Schasinglulu } 609*91f16700Schasinglulu 610*91f16700Schasinglulu /******************************************************************************* 611*91f16700Schasinglulu * Initialize context of SPM Core. 612*91f16700Schasinglulu ******************************************************************************/ 613*91f16700Schasinglulu int spmd_setup(void) 614*91f16700Schasinglulu { 615*91f16700Schasinglulu int rc; 616*91f16700Schasinglulu void *spmc_manifest; 617*91f16700Schasinglulu 618*91f16700Schasinglulu /* 619*91f16700Schasinglulu * If the SPMC is at EL3, then just initialise it directly. The 620*91f16700Schasinglulu * shenanigans of when it is at a lower EL are not needed. 621*91f16700Schasinglulu */ 622*91f16700Schasinglulu if (is_spmc_at_el3()) { 623*91f16700Schasinglulu /* Allow the SPMC to populate its attributes directly. */ 624*91f16700Schasinglulu spmc_populate_attrs(&spmc_attrs); 625*91f16700Schasinglulu 626*91f16700Schasinglulu rc = spmc_setup(); 627*91f16700Schasinglulu if (rc != 0) { 628*91f16700Schasinglulu WARN("SPMC initialisation failed 0x%x.\n", rc); 629*91f16700Schasinglulu } 630*91f16700Schasinglulu return 0; 631*91f16700Schasinglulu } 632*91f16700Schasinglulu 633*91f16700Schasinglulu spmc_ep_info = bl31_plat_get_next_image_ep_info(SECURE); 634*91f16700Schasinglulu if (spmc_ep_info == NULL) { 635*91f16700Schasinglulu WARN("No SPM Core image provided by BL2 boot loader.\n"); 636*91f16700Schasinglulu return 0; 637*91f16700Schasinglulu } 638*91f16700Schasinglulu 639*91f16700Schasinglulu /* Under no circumstances will this parameter be 0 */ 640*91f16700Schasinglulu assert(spmc_ep_info->pc != 0ULL); 641*91f16700Schasinglulu 642*91f16700Schasinglulu /* 643*91f16700Schasinglulu * Check if BL32 ep_info has a reference to 'tos_fw_config'. This will 644*91f16700Schasinglulu * be used as a manifest for the SPM Core at the next lower EL/mode. 645*91f16700Schasinglulu */ 646*91f16700Schasinglulu spmc_manifest = (void *)spmc_ep_info->args.arg0; 647*91f16700Schasinglulu if (spmc_manifest == NULL) { 648*91f16700Schasinglulu WARN("Invalid or absent SPM Core manifest.\n"); 649*91f16700Schasinglulu return 0; 650*91f16700Schasinglulu } 651*91f16700Schasinglulu 652*91f16700Schasinglulu /* Load manifest, init SPMC */ 653*91f16700Schasinglulu rc = spmd_spmc_init(spmc_manifest); 654*91f16700Schasinglulu if (rc != 0) { 655*91f16700Schasinglulu WARN("Booting device without SPM initialization.\n"); 656*91f16700Schasinglulu } 657*91f16700Schasinglulu 658*91f16700Schasinglulu return 0; 659*91f16700Schasinglulu } 660*91f16700Schasinglulu 661*91f16700Schasinglulu /******************************************************************************* 662*91f16700Schasinglulu * Forward FF-A SMCs to the other security state. 663*91f16700Schasinglulu ******************************************************************************/ 664*91f16700Schasinglulu uint64_t spmd_smc_switch_state(uint32_t smc_fid, 665*91f16700Schasinglulu bool secure_origin, 666*91f16700Schasinglulu uint64_t x1, 667*91f16700Schasinglulu uint64_t x2, 668*91f16700Schasinglulu uint64_t x3, 669*91f16700Schasinglulu uint64_t x4, 670*91f16700Schasinglulu void *handle) 671*91f16700Schasinglulu { 672*91f16700Schasinglulu unsigned int secure_state_in = (secure_origin) ? SECURE : NON_SECURE; 673*91f16700Schasinglulu unsigned int secure_state_out = (!secure_origin) ? SECURE : NON_SECURE; 674*91f16700Schasinglulu 675*91f16700Schasinglulu /* Save incoming security state */ 676*91f16700Schasinglulu #if SPMD_SPM_AT_SEL2 677*91f16700Schasinglulu if (secure_state_in == NON_SECURE) { 678*91f16700Schasinglulu cm_el1_sysregs_context_save(secure_state_in); 679*91f16700Schasinglulu } 680*91f16700Schasinglulu cm_el2_sysregs_context_save(secure_state_in); 681*91f16700Schasinglulu #else 682*91f16700Schasinglulu cm_el1_sysregs_context_save(secure_state_in); 683*91f16700Schasinglulu #endif 684*91f16700Schasinglulu 685*91f16700Schasinglulu /* Restore outgoing security state */ 686*91f16700Schasinglulu #if SPMD_SPM_AT_SEL2 687*91f16700Schasinglulu if (secure_state_out == NON_SECURE) { 688*91f16700Schasinglulu cm_el1_sysregs_context_restore(secure_state_out); 689*91f16700Schasinglulu } 690*91f16700Schasinglulu cm_el2_sysregs_context_restore(secure_state_out); 691*91f16700Schasinglulu #else 692*91f16700Schasinglulu cm_el1_sysregs_context_restore(secure_state_out); 693*91f16700Schasinglulu #endif 694*91f16700Schasinglulu cm_set_next_eret_context(secure_state_out); 695*91f16700Schasinglulu 696*91f16700Schasinglulu #if SPMD_SPM_AT_SEL2 697*91f16700Schasinglulu /* 698*91f16700Schasinglulu * If SPMC is at SEL2, save additional registers x8-x17, which may 699*91f16700Schasinglulu * be used in FF-A calls such as FFA_PARTITION_INFO_GET_REGS. 700*91f16700Schasinglulu * Note that technically, all SPMCs can support this, but this code is 701*91f16700Schasinglulu * under ifdef to minimize breakage in case other SPMCs do not save 702*91f16700Schasinglulu * and restore x8-x17. 703*91f16700Schasinglulu * We also need to pass through these registers since not all FF-A ABIs 704*91f16700Schasinglulu * modify x8-x17, in which case, SMCCC requires that these registers be 705*91f16700Schasinglulu * preserved, so the SPMD passes through these registers and expects the 706*91f16700Schasinglulu * SPMC to save and restore (potentially also modify) them. 707*91f16700Schasinglulu */ 708*91f16700Schasinglulu SMC_RET18(cm_get_context(secure_state_out), smc_fid, x1, x2, x3, x4, 709*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X5), 710*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X6), 711*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X7), 712*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X8), 713*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X9), 714*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X10), 715*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X11), 716*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X12), 717*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X13), 718*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X14), 719*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X15), 720*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X16), 721*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X17) 722*91f16700Schasinglulu ); 723*91f16700Schasinglulu 724*91f16700Schasinglulu #else 725*91f16700Schasinglulu SMC_RET8(cm_get_context(secure_state_out), smc_fid, x1, x2, x3, x4, 726*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X5), 727*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X6), 728*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X7)); 729*91f16700Schasinglulu #endif 730*91f16700Schasinglulu } 731*91f16700Schasinglulu 732*91f16700Schasinglulu /******************************************************************************* 733*91f16700Schasinglulu * Forward SMCs to the other security state. 734*91f16700Schasinglulu ******************************************************************************/ 735*91f16700Schasinglulu static uint64_t spmd_smc_forward(uint32_t smc_fid, 736*91f16700Schasinglulu bool secure_origin, 737*91f16700Schasinglulu uint64_t x1, 738*91f16700Schasinglulu uint64_t x2, 739*91f16700Schasinglulu uint64_t x3, 740*91f16700Schasinglulu uint64_t x4, 741*91f16700Schasinglulu void *cookie, 742*91f16700Schasinglulu void *handle, 743*91f16700Schasinglulu uint64_t flags) 744*91f16700Schasinglulu { 745*91f16700Schasinglulu if (is_spmc_at_el3() && !secure_origin) { 746*91f16700Schasinglulu return spmc_smc_handler(smc_fid, secure_origin, x1, x2, x3, x4, 747*91f16700Schasinglulu cookie, handle, flags); 748*91f16700Schasinglulu } 749*91f16700Schasinglulu return spmd_smc_switch_state(smc_fid, secure_origin, x1, x2, x3, x4, 750*91f16700Schasinglulu handle); 751*91f16700Schasinglulu 752*91f16700Schasinglulu } 753*91f16700Schasinglulu 754*91f16700Schasinglulu /******************************************************************************* 755*91f16700Schasinglulu * Return FFA_ERROR with specified error code 756*91f16700Schasinglulu ******************************************************************************/ 757*91f16700Schasinglulu uint64_t spmd_ffa_error_return(void *handle, int error_code) 758*91f16700Schasinglulu { 759*91f16700Schasinglulu SMC_RET8(handle, (uint32_t) FFA_ERROR, 760*91f16700Schasinglulu FFA_TARGET_INFO_MBZ, (uint32_t)error_code, 761*91f16700Schasinglulu FFA_PARAM_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ, 762*91f16700Schasinglulu FFA_PARAM_MBZ, FFA_PARAM_MBZ); 763*91f16700Schasinglulu } 764*91f16700Schasinglulu 765*91f16700Schasinglulu /******************************************************************************* 766*91f16700Schasinglulu * spmd_check_address_in_binary_image 767*91f16700Schasinglulu ******************************************************************************/ 768*91f16700Schasinglulu bool spmd_check_address_in_binary_image(uint64_t address) 769*91f16700Schasinglulu { 770*91f16700Schasinglulu assert(!check_uptr_overflow(spmc_attrs.load_address, spmc_attrs.binary_size)); 771*91f16700Schasinglulu 772*91f16700Schasinglulu return ((address >= spmc_attrs.load_address) && 773*91f16700Schasinglulu (address < (spmc_attrs.load_address + spmc_attrs.binary_size))); 774*91f16700Schasinglulu } 775*91f16700Schasinglulu 776*91f16700Schasinglulu /****************************************************************************** 777*91f16700Schasinglulu * spmd_is_spmc_message 778*91f16700Schasinglulu *****************************************************************************/ 779*91f16700Schasinglulu static bool spmd_is_spmc_message(unsigned int ep) 780*91f16700Schasinglulu { 781*91f16700Schasinglulu if (is_spmc_at_el3()) { 782*91f16700Schasinglulu return false; 783*91f16700Schasinglulu } 784*91f16700Schasinglulu 785*91f16700Schasinglulu return ((ffa_endpoint_destination(ep) == SPMD_DIRECT_MSG_ENDPOINT_ID) 786*91f16700Schasinglulu && (ffa_endpoint_source(ep) == spmc_attrs.spmc_id)); 787*91f16700Schasinglulu } 788*91f16700Schasinglulu 789*91f16700Schasinglulu /****************************************************************************** 790*91f16700Schasinglulu * spmd_handle_spmc_message 791*91f16700Schasinglulu *****************************************************************************/ 792*91f16700Schasinglulu static int spmd_handle_spmc_message(unsigned long long msg, 793*91f16700Schasinglulu unsigned long long parm1, unsigned long long parm2, 794*91f16700Schasinglulu unsigned long long parm3, unsigned long long parm4) 795*91f16700Schasinglulu { 796*91f16700Schasinglulu VERBOSE("%s %llx %llx %llx %llx %llx\n", __func__, 797*91f16700Schasinglulu msg, parm1, parm2, parm3, parm4); 798*91f16700Schasinglulu 799*91f16700Schasinglulu return -EINVAL; 800*91f16700Schasinglulu } 801*91f16700Schasinglulu 802*91f16700Schasinglulu /******************************************************************************* 803*91f16700Schasinglulu * This function forwards FF-A SMCs to either the main SPMD handler or the 804*91f16700Schasinglulu * SPMC at EL3, depending on the origin security state, if enabled. 805*91f16700Schasinglulu ******************************************************************************/ 806*91f16700Schasinglulu uint64_t spmd_ffa_smc_handler(uint32_t smc_fid, 807*91f16700Schasinglulu uint64_t x1, 808*91f16700Schasinglulu uint64_t x2, 809*91f16700Schasinglulu uint64_t x3, 810*91f16700Schasinglulu uint64_t x4, 811*91f16700Schasinglulu void *cookie, 812*91f16700Schasinglulu void *handle, 813*91f16700Schasinglulu uint64_t flags) 814*91f16700Schasinglulu { 815*91f16700Schasinglulu if (is_spmc_at_el3()) { 816*91f16700Schasinglulu /* 817*91f16700Schasinglulu * If we have an SPMC at EL3 allow handling of the SMC first. 818*91f16700Schasinglulu * The SPMC will call back through to SPMD handler if required. 819*91f16700Schasinglulu */ 820*91f16700Schasinglulu if (is_caller_secure(flags)) { 821*91f16700Schasinglulu return spmc_smc_handler(smc_fid, 822*91f16700Schasinglulu is_caller_secure(flags), 823*91f16700Schasinglulu x1, x2, x3, x4, cookie, 824*91f16700Schasinglulu handle, flags); 825*91f16700Schasinglulu } 826*91f16700Schasinglulu } 827*91f16700Schasinglulu return spmd_smc_handler(smc_fid, x1, x2, x3, x4, cookie, 828*91f16700Schasinglulu handle, flags); 829*91f16700Schasinglulu } 830*91f16700Schasinglulu 831*91f16700Schasinglulu /******************************************************************************* 832*91f16700Schasinglulu * This function handles all SMCs in the range reserved for FFA. Each call is 833*91f16700Schasinglulu * either forwarded to the other security state or handled by the SPM dispatcher 834*91f16700Schasinglulu ******************************************************************************/ 835*91f16700Schasinglulu uint64_t spmd_smc_handler(uint32_t smc_fid, 836*91f16700Schasinglulu uint64_t x1, 837*91f16700Schasinglulu uint64_t x2, 838*91f16700Schasinglulu uint64_t x3, 839*91f16700Schasinglulu uint64_t x4, 840*91f16700Schasinglulu void *cookie, 841*91f16700Schasinglulu void *handle, 842*91f16700Schasinglulu uint64_t flags) 843*91f16700Schasinglulu { 844*91f16700Schasinglulu unsigned int linear_id = plat_my_core_pos(); 845*91f16700Schasinglulu spmd_spm_core_context_t *ctx = spmd_get_context(); 846*91f16700Schasinglulu bool secure_origin; 847*91f16700Schasinglulu int32_t ret; 848*91f16700Schasinglulu uint32_t input_version; 849*91f16700Schasinglulu 850*91f16700Schasinglulu /* Determine which security state this SMC originated from */ 851*91f16700Schasinglulu secure_origin = is_caller_secure(flags); 852*91f16700Schasinglulu 853*91f16700Schasinglulu VERBOSE("SPM(%u): 0x%x 0x%" PRIx64 " 0x%" PRIx64 " 0x%" PRIx64 " 0x%" PRIx64 854*91f16700Schasinglulu " 0x%" PRIx64 " 0x%" PRIx64 " 0x%" PRIx64 "\n", 855*91f16700Schasinglulu linear_id, smc_fid, x1, x2, x3, x4, 856*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X5), 857*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X6), 858*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X7)); 859*91f16700Schasinglulu 860*91f16700Schasinglulu /* 861*91f16700Schasinglulu * If there is an on-going info regs from EL3 SPMD LP, unconditionally 862*91f16700Schasinglulu * return, we don't expect any other FF-A ABIs to be called between 863*91f16700Schasinglulu * calls to FFA_PARTITION_INFO_GET_REGS. 864*91f16700Schasinglulu */ 865*91f16700Schasinglulu if (is_spmd_logical_sp_info_regs_req_in_progress(ctx)) { 866*91f16700Schasinglulu assert(secure_origin); 867*91f16700Schasinglulu spmd_spm_core_sync_exit(0ULL); 868*91f16700Schasinglulu } 869*91f16700Schasinglulu 870*91f16700Schasinglulu switch (smc_fid) { 871*91f16700Schasinglulu case FFA_ERROR: 872*91f16700Schasinglulu /* 873*91f16700Schasinglulu * Check if this is the first invocation of this interface on 874*91f16700Schasinglulu * this CPU. If so, then indicate that the SPM Core initialised 875*91f16700Schasinglulu * unsuccessfully. 876*91f16700Schasinglulu */ 877*91f16700Schasinglulu if (secure_origin && (ctx->state == SPMC_STATE_ON_PENDING)) { 878*91f16700Schasinglulu spmd_spm_core_sync_exit(x2); 879*91f16700Schasinglulu } 880*91f16700Schasinglulu 881*91f16700Schasinglulu /* 882*91f16700Schasinglulu * If there was an SPMD logical partition direct request on-going, 883*91f16700Schasinglulu * return back to the SPMD logical partition so the error can be 884*91f16700Schasinglulu * consumed. 885*91f16700Schasinglulu */ 886*91f16700Schasinglulu if (is_spmd_logical_sp_dir_req_in_progress(ctx)) { 887*91f16700Schasinglulu assert(secure_origin); 888*91f16700Schasinglulu spmd_spm_core_sync_exit(0ULL); 889*91f16700Schasinglulu } 890*91f16700Schasinglulu 891*91f16700Schasinglulu return spmd_smc_forward(smc_fid, secure_origin, 892*91f16700Schasinglulu x1, x2, x3, x4, cookie, 893*91f16700Schasinglulu handle, flags); 894*91f16700Schasinglulu break; /* not reached */ 895*91f16700Schasinglulu 896*91f16700Schasinglulu case FFA_VERSION: 897*91f16700Schasinglulu input_version = (uint32_t)(0xFFFFFFFF & x1); 898*91f16700Schasinglulu /* 899*91f16700Schasinglulu * If caller is secure and SPMC was initialized, 900*91f16700Schasinglulu * return FFA_VERSION of SPMD. 901*91f16700Schasinglulu * If caller is non secure and SPMC was initialized, 902*91f16700Schasinglulu * forward to the EL3 SPMC if enabled, otherwise return 903*91f16700Schasinglulu * the SPMC version if implemented at a lower EL. 904*91f16700Schasinglulu * Sanity check to "input_version". 905*91f16700Schasinglulu * If the EL3 SPMC is enabled, ignore the SPMC state as 906*91f16700Schasinglulu * this is not used. 907*91f16700Schasinglulu */ 908*91f16700Schasinglulu if ((input_version & FFA_VERSION_BIT31_MASK) || 909*91f16700Schasinglulu (!is_spmc_at_el3() && (ctx->state == SPMC_STATE_RESET))) { 910*91f16700Schasinglulu ret = FFA_ERROR_NOT_SUPPORTED; 911*91f16700Schasinglulu } else if (!secure_origin) { 912*91f16700Schasinglulu if (is_spmc_at_el3()) { 913*91f16700Schasinglulu /* 914*91f16700Schasinglulu * Forward the call directly to the EL3 SPMC, if 915*91f16700Schasinglulu * enabled, as we don't need to wrap the call in 916*91f16700Schasinglulu * a direct request. 917*91f16700Schasinglulu */ 918*91f16700Schasinglulu return spmd_smc_forward(smc_fid, secure_origin, 919*91f16700Schasinglulu x1, x2, x3, x4, cookie, 920*91f16700Schasinglulu handle, flags); 921*91f16700Schasinglulu } 922*91f16700Schasinglulu 923*91f16700Schasinglulu gp_regs_t *gpregs = get_gpregs_ctx(&ctx->cpu_ctx); 924*91f16700Schasinglulu uint64_t rc; 925*91f16700Schasinglulu 926*91f16700Schasinglulu if (spmc_attrs.major_version == 1 && 927*91f16700Schasinglulu spmc_attrs.minor_version == 0) { 928*91f16700Schasinglulu ret = MAKE_FFA_VERSION(spmc_attrs.major_version, 929*91f16700Schasinglulu spmc_attrs.minor_version); 930*91f16700Schasinglulu SMC_RET8(handle, (uint32_t)ret, 931*91f16700Schasinglulu FFA_TARGET_INFO_MBZ, 932*91f16700Schasinglulu FFA_TARGET_INFO_MBZ, 933*91f16700Schasinglulu FFA_PARAM_MBZ, FFA_PARAM_MBZ, 934*91f16700Schasinglulu FFA_PARAM_MBZ, FFA_PARAM_MBZ, 935*91f16700Schasinglulu FFA_PARAM_MBZ); 936*91f16700Schasinglulu break; 937*91f16700Schasinglulu } 938*91f16700Schasinglulu /* Save non-secure system registers context */ 939*91f16700Schasinglulu cm_el1_sysregs_context_save(NON_SECURE); 940*91f16700Schasinglulu #if SPMD_SPM_AT_SEL2 941*91f16700Schasinglulu cm_el2_sysregs_context_save(NON_SECURE); 942*91f16700Schasinglulu #endif 943*91f16700Schasinglulu 944*91f16700Schasinglulu /* 945*91f16700Schasinglulu * The incoming request has FFA_VERSION as X0 smc_fid 946*91f16700Schasinglulu * and requested version in x1. Prepare a direct request 947*91f16700Schasinglulu * from SPMD to SPMC with FFA_VERSION framework function 948*91f16700Schasinglulu * identifier in X2 and requested version in X3. 949*91f16700Schasinglulu */ 950*91f16700Schasinglulu spmd_build_spmc_message(gpregs, 951*91f16700Schasinglulu SPMD_FWK_MSG_FFA_VERSION_REQ, 952*91f16700Schasinglulu input_version); 953*91f16700Schasinglulu 954*91f16700Schasinglulu /* 955*91f16700Schasinglulu * Ensure x8-x17 NS GP register values are untouched when returning 956*91f16700Schasinglulu * from the SPMC. 957*91f16700Schasinglulu */ 958*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X8, SMC_GET_GP(handle, CTX_GPREG_X8)); 959*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X9, SMC_GET_GP(handle, CTX_GPREG_X9)); 960*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X10, SMC_GET_GP(handle, CTX_GPREG_X10)); 961*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X11, SMC_GET_GP(handle, CTX_GPREG_X11)); 962*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X12, SMC_GET_GP(handle, CTX_GPREG_X12)); 963*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X13, SMC_GET_GP(handle, CTX_GPREG_X13)); 964*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X14, SMC_GET_GP(handle, CTX_GPREG_X14)); 965*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X15, SMC_GET_GP(handle, CTX_GPREG_X15)); 966*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X16, SMC_GET_GP(handle, CTX_GPREG_X16)); 967*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X17, SMC_GET_GP(handle, CTX_GPREG_X17)); 968*91f16700Schasinglulu 969*91f16700Schasinglulu rc = spmd_spm_core_sync_entry(ctx); 970*91f16700Schasinglulu 971*91f16700Schasinglulu if ((rc != 0ULL) || 972*91f16700Schasinglulu (SMC_GET_GP(gpregs, CTX_GPREG_X0) != 973*91f16700Schasinglulu FFA_MSG_SEND_DIRECT_RESP_SMC32) || 974*91f16700Schasinglulu (SMC_GET_GP(gpregs, CTX_GPREG_X2) != 975*91f16700Schasinglulu (FFA_FWK_MSG_BIT | 976*91f16700Schasinglulu SPMD_FWK_MSG_FFA_VERSION_RESP))) { 977*91f16700Schasinglulu ERROR("Failed to forward FFA_VERSION\n"); 978*91f16700Schasinglulu ret = FFA_ERROR_NOT_SUPPORTED; 979*91f16700Schasinglulu } else { 980*91f16700Schasinglulu ret = SMC_GET_GP(gpregs, CTX_GPREG_X3); 981*91f16700Schasinglulu } 982*91f16700Schasinglulu 983*91f16700Schasinglulu /* 984*91f16700Schasinglulu * x0-x4 are updated by spmd_smc_forward below. 985*91f16700Schasinglulu * Zero out x5-x7 in the FFA_VERSION response. 986*91f16700Schasinglulu */ 987*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X5, 0); 988*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X6, 0); 989*91f16700Schasinglulu write_ctx_reg(gpregs, CTX_GPREG_X7, 0); 990*91f16700Schasinglulu 991*91f16700Schasinglulu /* 992*91f16700Schasinglulu * Return here after SPMC has handled FFA_VERSION. 993*91f16700Schasinglulu * The returned SPMC version is held in X3. 994*91f16700Schasinglulu * Forward this version in X0 to the non-secure caller. 995*91f16700Schasinglulu */ 996*91f16700Schasinglulu return spmd_smc_forward(ret, true, FFA_PARAM_MBZ, 997*91f16700Schasinglulu FFA_PARAM_MBZ, FFA_PARAM_MBZ, 998*91f16700Schasinglulu FFA_PARAM_MBZ, cookie, gpregs, 999*91f16700Schasinglulu flags); 1000*91f16700Schasinglulu } else { 1001*91f16700Schasinglulu ret = MAKE_FFA_VERSION(FFA_VERSION_MAJOR, 1002*91f16700Schasinglulu FFA_VERSION_MINOR); 1003*91f16700Schasinglulu } 1004*91f16700Schasinglulu 1005*91f16700Schasinglulu SMC_RET8(handle, (uint32_t)ret, FFA_TARGET_INFO_MBZ, 1006*91f16700Schasinglulu FFA_TARGET_INFO_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ, 1007*91f16700Schasinglulu FFA_PARAM_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ); 1008*91f16700Schasinglulu break; /* not reached */ 1009*91f16700Schasinglulu 1010*91f16700Schasinglulu case FFA_FEATURES: 1011*91f16700Schasinglulu /* 1012*91f16700Schasinglulu * This is an optional interface. Do the minimal checks and 1013*91f16700Schasinglulu * forward to SPM Core which will handle it if implemented. 1014*91f16700Schasinglulu */ 1015*91f16700Schasinglulu 1016*91f16700Schasinglulu /* Forward SMC from Normal world to the SPM Core */ 1017*91f16700Schasinglulu if (!secure_origin) { 1018*91f16700Schasinglulu return spmd_smc_forward(smc_fid, secure_origin, 1019*91f16700Schasinglulu x1, x2, x3, x4, cookie, 1020*91f16700Schasinglulu handle, flags); 1021*91f16700Schasinglulu } 1022*91f16700Schasinglulu 1023*91f16700Schasinglulu /* 1024*91f16700Schasinglulu * Return success if call was from secure world i.e. all 1025*91f16700Schasinglulu * FFA functions are supported. This is essentially a 1026*91f16700Schasinglulu * nop. 1027*91f16700Schasinglulu */ 1028*91f16700Schasinglulu SMC_RET8(handle, FFA_SUCCESS_SMC32, x1, x2, x3, x4, 1029*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X5), 1030*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X6), 1031*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X7)); 1032*91f16700Schasinglulu 1033*91f16700Schasinglulu break; /* not reached */ 1034*91f16700Schasinglulu 1035*91f16700Schasinglulu case FFA_ID_GET: 1036*91f16700Schasinglulu /* 1037*91f16700Schasinglulu * Returns the ID of the calling FFA component. 1038*91f16700Schasinglulu */ 1039*91f16700Schasinglulu if (!secure_origin) { 1040*91f16700Schasinglulu SMC_RET8(handle, FFA_SUCCESS_SMC32, 1041*91f16700Schasinglulu FFA_TARGET_INFO_MBZ, FFA_NS_ENDPOINT_ID, 1042*91f16700Schasinglulu FFA_PARAM_MBZ, FFA_PARAM_MBZ, 1043*91f16700Schasinglulu FFA_PARAM_MBZ, FFA_PARAM_MBZ, 1044*91f16700Schasinglulu FFA_PARAM_MBZ); 1045*91f16700Schasinglulu } 1046*91f16700Schasinglulu 1047*91f16700Schasinglulu SMC_RET8(handle, FFA_SUCCESS_SMC32, 1048*91f16700Schasinglulu FFA_TARGET_INFO_MBZ, spmc_attrs.spmc_id, 1049*91f16700Schasinglulu FFA_PARAM_MBZ, FFA_PARAM_MBZ, 1050*91f16700Schasinglulu FFA_PARAM_MBZ, FFA_PARAM_MBZ, 1051*91f16700Schasinglulu FFA_PARAM_MBZ); 1052*91f16700Schasinglulu 1053*91f16700Schasinglulu break; /* not reached */ 1054*91f16700Schasinglulu 1055*91f16700Schasinglulu case FFA_SECONDARY_EP_REGISTER_SMC64: 1056*91f16700Schasinglulu if (secure_origin) { 1057*91f16700Schasinglulu ret = spmd_pm_secondary_ep_register(x1); 1058*91f16700Schasinglulu 1059*91f16700Schasinglulu if (ret < 0) { 1060*91f16700Schasinglulu SMC_RET8(handle, FFA_ERROR_SMC64, 1061*91f16700Schasinglulu FFA_TARGET_INFO_MBZ, ret, 1062*91f16700Schasinglulu FFA_PARAM_MBZ, FFA_PARAM_MBZ, 1063*91f16700Schasinglulu FFA_PARAM_MBZ, FFA_PARAM_MBZ, 1064*91f16700Schasinglulu FFA_PARAM_MBZ); 1065*91f16700Schasinglulu } else { 1066*91f16700Schasinglulu SMC_RET8(handle, FFA_SUCCESS_SMC64, 1067*91f16700Schasinglulu FFA_TARGET_INFO_MBZ, FFA_PARAM_MBZ, 1068*91f16700Schasinglulu FFA_PARAM_MBZ, FFA_PARAM_MBZ, 1069*91f16700Schasinglulu FFA_PARAM_MBZ, FFA_PARAM_MBZ, 1070*91f16700Schasinglulu FFA_PARAM_MBZ); 1071*91f16700Schasinglulu } 1072*91f16700Schasinglulu } 1073*91f16700Schasinglulu 1074*91f16700Schasinglulu return spmd_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED); 1075*91f16700Schasinglulu break; /* Not reached */ 1076*91f16700Schasinglulu 1077*91f16700Schasinglulu case FFA_SPM_ID_GET: 1078*91f16700Schasinglulu if (MAKE_FFA_VERSION(1, 1) > FFA_VERSION_COMPILED) { 1079*91f16700Schasinglulu return spmd_ffa_error_return(handle, 1080*91f16700Schasinglulu FFA_ERROR_NOT_SUPPORTED); 1081*91f16700Schasinglulu } 1082*91f16700Schasinglulu /* 1083*91f16700Schasinglulu * Returns the ID of the SPMC or SPMD depending on the FF-A 1084*91f16700Schasinglulu * instance where this function is invoked 1085*91f16700Schasinglulu */ 1086*91f16700Schasinglulu if (!secure_origin) { 1087*91f16700Schasinglulu SMC_RET8(handle, FFA_SUCCESS_SMC32, 1088*91f16700Schasinglulu FFA_TARGET_INFO_MBZ, spmc_attrs.spmc_id, 1089*91f16700Schasinglulu FFA_PARAM_MBZ, FFA_PARAM_MBZ, 1090*91f16700Schasinglulu FFA_PARAM_MBZ, FFA_PARAM_MBZ, 1091*91f16700Schasinglulu FFA_PARAM_MBZ); 1092*91f16700Schasinglulu } 1093*91f16700Schasinglulu SMC_RET8(handle, FFA_SUCCESS_SMC32, 1094*91f16700Schasinglulu FFA_TARGET_INFO_MBZ, SPMD_DIRECT_MSG_ENDPOINT_ID, 1095*91f16700Schasinglulu FFA_PARAM_MBZ, FFA_PARAM_MBZ, 1096*91f16700Schasinglulu FFA_PARAM_MBZ, FFA_PARAM_MBZ, 1097*91f16700Schasinglulu FFA_PARAM_MBZ); 1098*91f16700Schasinglulu 1099*91f16700Schasinglulu break; /* not reached */ 1100*91f16700Schasinglulu 1101*91f16700Schasinglulu case FFA_MSG_SEND_DIRECT_REQ_SMC32: 1102*91f16700Schasinglulu case FFA_MSG_SEND_DIRECT_REQ_SMC64: 1103*91f16700Schasinglulu /* 1104*91f16700Schasinglulu * Regardless of secure_origin, SPMD logical partitions cannot 1105*91f16700Schasinglulu * handle direct messages. They can only initiate direct 1106*91f16700Schasinglulu * messages and consume direct responses or errors. 1107*91f16700Schasinglulu */ 1108*91f16700Schasinglulu if (is_spmd_lp_id(ffa_endpoint_source(x1)) || 1109*91f16700Schasinglulu is_spmd_lp_id(ffa_endpoint_destination(x1))) { 1110*91f16700Schasinglulu return spmd_ffa_error_return(handle, 1111*91f16700Schasinglulu FFA_ERROR_INVALID_PARAMETER 1112*91f16700Schasinglulu ); 1113*91f16700Schasinglulu } 1114*91f16700Schasinglulu 1115*91f16700Schasinglulu /* 1116*91f16700Schasinglulu * When there is an ongoing SPMD logical partition direct 1117*91f16700Schasinglulu * request, there cannot be another direct request. Return 1118*91f16700Schasinglulu * error in this case. Panic'ing is an option but that does 1119*91f16700Schasinglulu * not provide the opportunity for caller to abort based on 1120*91f16700Schasinglulu * error codes. 1121*91f16700Schasinglulu */ 1122*91f16700Schasinglulu if (is_spmd_logical_sp_dir_req_in_progress(ctx)) { 1123*91f16700Schasinglulu assert(secure_origin); 1124*91f16700Schasinglulu return spmd_ffa_error_return(handle, 1125*91f16700Schasinglulu FFA_ERROR_DENIED); 1126*91f16700Schasinglulu } 1127*91f16700Schasinglulu 1128*91f16700Schasinglulu if (!secure_origin) { 1129*91f16700Schasinglulu /* Validate source endpoint is non-secure for non-secure caller. */ 1130*91f16700Schasinglulu if (ffa_is_secure_world_id(ffa_endpoint_source(x1))) { 1131*91f16700Schasinglulu return spmd_ffa_error_return(handle, 1132*91f16700Schasinglulu FFA_ERROR_INVALID_PARAMETER); 1133*91f16700Schasinglulu } 1134*91f16700Schasinglulu } 1135*91f16700Schasinglulu if (secure_origin && spmd_is_spmc_message(x1)) { 1136*91f16700Schasinglulu ret = spmd_handle_spmc_message(x3, x4, 1137*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X5), 1138*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X6), 1139*91f16700Schasinglulu SMC_GET_GP(handle, CTX_GPREG_X7)); 1140*91f16700Schasinglulu 1141*91f16700Schasinglulu SMC_RET8(handle, FFA_SUCCESS_SMC32, 1142*91f16700Schasinglulu FFA_TARGET_INFO_MBZ, ret, 1143*91f16700Schasinglulu FFA_PARAM_MBZ, FFA_PARAM_MBZ, 1144*91f16700Schasinglulu FFA_PARAM_MBZ, FFA_PARAM_MBZ, 1145*91f16700Schasinglulu FFA_PARAM_MBZ); 1146*91f16700Schasinglulu } else { 1147*91f16700Schasinglulu /* Forward direct message to the other world */ 1148*91f16700Schasinglulu return spmd_smc_forward(smc_fid, secure_origin, 1149*91f16700Schasinglulu x1, x2, x3, x4, cookie, 1150*91f16700Schasinglulu handle, flags); 1151*91f16700Schasinglulu } 1152*91f16700Schasinglulu break; /* Not reached */ 1153*91f16700Schasinglulu 1154*91f16700Schasinglulu case FFA_MSG_SEND_DIRECT_RESP_SMC32: 1155*91f16700Schasinglulu case FFA_MSG_SEND_DIRECT_RESP_SMC64: 1156*91f16700Schasinglulu if (secure_origin && (spmd_is_spmc_message(x1) || 1157*91f16700Schasinglulu is_spmd_logical_sp_dir_req_in_progress(ctx))) { 1158*91f16700Schasinglulu spmd_spm_core_sync_exit(0ULL); 1159*91f16700Schasinglulu } else { 1160*91f16700Schasinglulu /* Forward direct message to the other world */ 1161*91f16700Schasinglulu return spmd_smc_forward(smc_fid, secure_origin, 1162*91f16700Schasinglulu x1, x2, x3, x4, cookie, 1163*91f16700Schasinglulu handle, flags); 1164*91f16700Schasinglulu } 1165*91f16700Schasinglulu break; /* Not reached */ 1166*91f16700Schasinglulu 1167*91f16700Schasinglulu case FFA_RX_RELEASE: 1168*91f16700Schasinglulu case FFA_RXTX_MAP_SMC32: 1169*91f16700Schasinglulu case FFA_RXTX_MAP_SMC64: 1170*91f16700Schasinglulu case FFA_RXTX_UNMAP: 1171*91f16700Schasinglulu case FFA_PARTITION_INFO_GET: 1172*91f16700Schasinglulu #if MAKE_FFA_VERSION(1, 1) <= FFA_VERSION_COMPILED 1173*91f16700Schasinglulu case FFA_NOTIFICATION_BITMAP_CREATE: 1174*91f16700Schasinglulu case FFA_NOTIFICATION_BITMAP_DESTROY: 1175*91f16700Schasinglulu case FFA_NOTIFICATION_BIND: 1176*91f16700Schasinglulu case FFA_NOTIFICATION_UNBIND: 1177*91f16700Schasinglulu case FFA_NOTIFICATION_SET: 1178*91f16700Schasinglulu case FFA_NOTIFICATION_GET: 1179*91f16700Schasinglulu case FFA_NOTIFICATION_INFO_GET: 1180*91f16700Schasinglulu case FFA_NOTIFICATION_INFO_GET_SMC64: 1181*91f16700Schasinglulu case FFA_MSG_SEND2: 1182*91f16700Schasinglulu case FFA_RX_ACQUIRE: 1183*91f16700Schasinglulu #endif 1184*91f16700Schasinglulu case FFA_MSG_RUN: 1185*91f16700Schasinglulu /* 1186*91f16700Schasinglulu * Above calls should be invoked only by the Normal world and 1187*91f16700Schasinglulu * must not be forwarded from Secure world to Normal world. 1188*91f16700Schasinglulu */ 1189*91f16700Schasinglulu if (secure_origin) { 1190*91f16700Schasinglulu return spmd_ffa_error_return(handle, 1191*91f16700Schasinglulu FFA_ERROR_NOT_SUPPORTED); 1192*91f16700Schasinglulu } 1193*91f16700Schasinglulu 1194*91f16700Schasinglulu /* Forward the call to the other world */ 1195*91f16700Schasinglulu /* fallthrough */ 1196*91f16700Schasinglulu case FFA_MSG_SEND: 1197*91f16700Schasinglulu case FFA_MEM_DONATE_SMC32: 1198*91f16700Schasinglulu case FFA_MEM_DONATE_SMC64: 1199*91f16700Schasinglulu case FFA_MEM_LEND_SMC32: 1200*91f16700Schasinglulu case FFA_MEM_LEND_SMC64: 1201*91f16700Schasinglulu case FFA_MEM_SHARE_SMC32: 1202*91f16700Schasinglulu case FFA_MEM_SHARE_SMC64: 1203*91f16700Schasinglulu case FFA_MEM_RETRIEVE_REQ_SMC32: 1204*91f16700Schasinglulu case FFA_MEM_RETRIEVE_REQ_SMC64: 1205*91f16700Schasinglulu case FFA_MEM_RETRIEVE_RESP: 1206*91f16700Schasinglulu case FFA_MEM_RELINQUISH: 1207*91f16700Schasinglulu case FFA_MEM_RECLAIM: 1208*91f16700Schasinglulu case FFA_MEM_FRAG_TX: 1209*91f16700Schasinglulu case FFA_MEM_FRAG_RX: 1210*91f16700Schasinglulu case FFA_SUCCESS_SMC32: 1211*91f16700Schasinglulu case FFA_SUCCESS_SMC64: 1212*91f16700Schasinglulu /* 1213*91f16700Schasinglulu * If there is an ongoing direct request from an SPMD logical 1214*91f16700Schasinglulu * partition, return an error. 1215*91f16700Schasinglulu */ 1216*91f16700Schasinglulu if (is_spmd_logical_sp_dir_req_in_progress(ctx)) { 1217*91f16700Schasinglulu assert(secure_origin); 1218*91f16700Schasinglulu return spmd_ffa_error_return(handle, 1219*91f16700Schasinglulu FFA_ERROR_DENIED); 1220*91f16700Schasinglulu } 1221*91f16700Schasinglulu 1222*91f16700Schasinglulu return spmd_smc_forward(smc_fid, secure_origin, 1223*91f16700Schasinglulu x1, x2, x3, x4, cookie, 1224*91f16700Schasinglulu handle, flags); 1225*91f16700Schasinglulu break; /* not reached */ 1226*91f16700Schasinglulu 1227*91f16700Schasinglulu case FFA_MSG_WAIT: 1228*91f16700Schasinglulu /* 1229*91f16700Schasinglulu * Check if this is the first invocation of this interface on 1230*91f16700Schasinglulu * this CPU from the Secure world. If so, then indicate that the 1231*91f16700Schasinglulu * SPM Core initialised successfully. 1232*91f16700Schasinglulu */ 1233*91f16700Schasinglulu if (secure_origin && (ctx->state == SPMC_STATE_ON_PENDING)) { 1234*91f16700Schasinglulu spmd_spm_core_sync_exit(0ULL); 1235*91f16700Schasinglulu } 1236*91f16700Schasinglulu 1237*91f16700Schasinglulu /* Forward the call to the other world */ 1238*91f16700Schasinglulu /* fallthrough */ 1239*91f16700Schasinglulu case FFA_INTERRUPT: 1240*91f16700Schasinglulu case FFA_MSG_YIELD: 1241*91f16700Schasinglulu /* This interface must be invoked only by the Secure world */ 1242*91f16700Schasinglulu if (!secure_origin) { 1243*91f16700Schasinglulu return spmd_ffa_error_return(handle, 1244*91f16700Schasinglulu FFA_ERROR_NOT_SUPPORTED); 1245*91f16700Schasinglulu } 1246*91f16700Schasinglulu 1247*91f16700Schasinglulu if (is_spmd_logical_sp_dir_req_in_progress(ctx)) { 1248*91f16700Schasinglulu assert(secure_origin); 1249*91f16700Schasinglulu return spmd_ffa_error_return(handle, 1250*91f16700Schasinglulu FFA_ERROR_DENIED); 1251*91f16700Schasinglulu } 1252*91f16700Schasinglulu 1253*91f16700Schasinglulu return spmd_smc_forward(smc_fid, secure_origin, 1254*91f16700Schasinglulu x1, x2, x3, x4, cookie, 1255*91f16700Schasinglulu handle, flags); 1256*91f16700Schasinglulu break; /* not reached */ 1257*91f16700Schasinglulu 1258*91f16700Schasinglulu case FFA_NORMAL_WORLD_RESUME: 1259*91f16700Schasinglulu if (secure_origin && ctx->secure_interrupt_ongoing) { 1260*91f16700Schasinglulu spmd_spm_core_sync_exit(0ULL); 1261*91f16700Schasinglulu } else { 1262*91f16700Schasinglulu return spmd_ffa_error_return(handle, FFA_ERROR_DENIED); 1263*91f16700Schasinglulu } 1264*91f16700Schasinglulu break; /* Not reached */ 1265*91f16700Schasinglulu #if MAKE_FFA_VERSION(1, 1) <= FFA_VERSION_COMPILED 1266*91f16700Schasinglulu case FFA_PARTITION_INFO_GET_REGS_SMC64: 1267*91f16700Schasinglulu if (secure_origin) { 1268*91f16700Schasinglulu return spmd_el3_populate_logical_partition_info(handle, x1, 1269*91f16700Schasinglulu x2, x3); 1270*91f16700Schasinglulu } 1271*91f16700Schasinglulu 1272*91f16700Schasinglulu /* Call only supported with SMCCC 1.2+ */ 1273*91f16700Schasinglulu if (MAKE_SMCCC_VERSION(SMCCC_MAJOR_VERSION, SMCCC_MINOR_VERSION) < 0x10002) { 1274*91f16700Schasinglulu return spmd_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED); 1275*91f16700Schasinglulu } 1276*91f16700Schasinglulu 1277*91f16700Schasinglulu return spmd_smc_forward(smc_fid, secure_origin, 1278*91f16700Schasinglulu x1, x2, x3, x4, cookie, 1279*91f16700Schasinglulu handle, flags); 1280*91f16700Schasinglulu break; /* Not reached */ 1281*91f16700Schasinglulu #endif 1282*91f16700Schasinglulu case FFA_EL3_INTR_HANDLE: 1283*91f16700Schasinglulu if (secure_origin) { 1284*91f16700Schasinglulu return spmd_handle_group0_intr_swd(handle); 1285*91f16700Schasinglulu } else { 1286*91f16700Schasinglulu return spmd_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED); 1287*91f16700Schasinglulu } 1288*91f16700Schasinglulu default: 1289*91f16700Schasinglulu WARN("SPM: Unsupported call 0x%08x\n", smc_fid); 1290*91f16700Schasinglulu return spmd_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED); 1291*91f16700Schasinglulu } 1292*91f16700Schasinglulu } 1293