From patchwork Mon Oct 3 13:00:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Abdellatif El Khlifi X-Patchwork-Id: 13457 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E16CC4332F for ; Mon, 3 Oct 2022 13:01:14 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.64.1664802067834505393 for ; Mon, 03 Oct 2022 06:01:08 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: abdellatif.elkhlifi@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2E23616F8; Mon, 3 Oct 2022 06:01:14 -0700 (PDT) Received: from e121910.arm.com (unknown [10.57.65.67]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 1671F3F73B; Mon, 3 Oct 2022 06:01:05 -0700 (PDT) From: abdellatif.elkhlifi@arm.com To: meta-arm@lists.yoctoproject.org, Ross.Burton@arm.com, Vishnu.Banavath@arm.com Cc: nd@arm.com, Abdellatif El Khlifi Subject: [PATCH 01/12] arm-bsp/u-boot: corstone1000: update initramfs bundle size Date: Mon, 3 Oct 2022 14:00:40 +0100 Message-Id: <20221003130051.28934-2-abdellatif.elkhlifi@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> References: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 03 Oct 2022 13:01:14 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3895 From: Abdellatif El Khlifi increase the size of the initramfs bundle used in the boot command The new trusted services support increases the rootfs size. When decompressed the initramfs bundle size is around 15M. u-boot boot command needs to be updated with this size to be able to load all the initramfs bundle. When compressed the initramfs bundle size is around 5.4M (Image.gz-initramfs--5.15.59) Signed-off-by: Abdellatif El Khlifi --- ...-corstone1000-use-a-compressed-kernel.patch | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-corstone1000-use-a-compressed-kernel.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-corstone1000-use-a-compressed-kernel.patch index 4cc2498b..59000cd5 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-corstone1000-use-a-compressed-kernel.patch +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-corstone1000-use-a-compressed-kernel.patch @@ -1,7 +1,7 @@ -From df70c467c5d100f1522b4521f48da4c51e43688c Mon Sep 17 00:00:00 2001 +From 26c8a8528b794dbaba49bcf3e1bae8a1e15a8448 Mon Sep 17 00:00:00 2001 From: Jon Mason -Date: Thu, 25 Aug 2022 13:48:22 +0000 -Subject: [PATCH 25/25] corstone1000: use a compressed kernel +Date: Thu, 25 Aug 2022 11:21:28 +0100 +Subject: [PATCH] corstone1000: add compressed kernel support The corstone1000 kernel has become too large to fit in the available storage. Swtiching to a compressed kernel avoids the problem, but @@ -9,24 +9,26 @@ requires uncompressing it. Add this decompression to the default boot instructions. Signed-off-by: Jon Mason +Signed-off-by: Abdellatif El Khlifi +Upstream-Status: Pending [Not submitted to upstream yet] --- include/configs/corstone1000.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h -index d9855bf91e..d0cbc40121 100644 +index 815239590e..a8aa105fe6 100644 --- a/include/configs/corstone1000.h +++ b/include/configs/corstone1000.h -@@ -126,7 +126,8 @@ +@@ -120,7 +120,8 @@ #define CONFIG_BOOTCOMMAND \ "run retrieve_kernel_load_addr;" \ "echo Loading kernel from $kernel_addr to memory ... ;" \ - "loadm $kernel_addr $kernel_addr_r 0xc00000;" \ -+ "unzip $kernel_addr 0x90000000;" \ -+ "loadm 0x90000000 $kernel_addr_r 0xd00000;" \ ++ "unzip $kernel_addr 0x90000000;" \ ++ "loadm 0x90000000 $kernel_addr_r 0xf00000;" \ "usb start; usb reset;" \ "run distro_bootcmd;" \ "bootefi $kernel_addr_r $fdtcontroladdr;" -- -2.30.2 +2.17.1 From patchwork Mon Oct 3 13:00:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Abdellatif El Khlifi X-Patchwork-Id: 13463 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A4D0DC43217 for ; Mon, 3 Oct 2022 13:01:14 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web12.63.1664802070522941427 for ; Mon, 03 Oct 2022 06:01:11 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: abdellatif.elkhlifi@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E138416F8; Mon, 3 Oct 2022 06:01:16 -0700 (PDT) Received: from e121910.arm.com (unknown [10.57.65.67]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id D090F3F73B; Mon, 3 Oct 2022 06:01:07 -0700 (PDT) From: abdellatif.elkhlifi@arm.com To: meta-arm@lists.yoctoproject.org, Ross.Burton@arm.com, Vishnu.Banavath@arm.com Cc: nd@arm.com, Abdellatif El Khlifi Subject: [PATCH 02/12] arm-bsp/u-boot: corstone1000: upgrade FF-A support Date: Mon, 3 Oct 2022 14:00:41 +0100 Message-Id: <20221003130051.28934-3-abdellatif.elkhlifi@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> References: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 03 Oct 2022 13:01:14 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3896 From: Abdellatif El Khlifi update the FF-A patchset with the one sent to the u-boot mailing list cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/ Signed-off-by: Abdellatif El Khlifi --- ...d-add-load-command-for-memory-mapped.patch | 19 +- ...add-support-to-corstone1000-platform.patch | 29 +- ...3-usb-common-move-urb-code-to-common.patch | 27 +- .../0004-usb-add-isp1760-family-driver.patch | 33 +- ...ne1000-enable-isp1763-usb-controller.patch | 11 +- ...support-for-SMCCCv1.2-x0-x17-registe.patch | 204 ++ ...ntroducing-Arm-FF-A-low-level-driver.patch | 2610 ----------------- ...ear-the-Xn-registers-after-SMC-calls.patch | 59 + ...troducing-MM-communication-with-FF-A.patch | 383 --- ...oduce-be_uuid_str_to_le_bin-function.patch | 127 + ...-introduce-Arm-FF-A-low-level-driver.patch | 2245 ++++++++++++++ ...troducing-test-module-for-UCLASS_FFA.patch | 132 - ...10-arm_ffa-introduce-armffa-command.patch} | 158 +- ...fa-introduce-the-FF-A-Sandbox-driver.patch | 1185 ++++++++ ...ce-Sandbox-test-cases-for-UCLASS_FFA.patch | 455 +++ ...ntroduce-armffa-command-Sandbox-test.patch | 94 + ...e-sure-shared-buffer-contents-are-no.patch | 52 - ..._ffa-introduce-FF-A-MM-communication.patch | 540 ++++ ...tone1000-enable-FF-A-and-MM-support.patch} | 32 +- ...ne1000-introduce-EFI-capsule-update.patch} | 83 +- ...00-Update-FFA-shared-buffer-address.patch} | 17 +- ...00-fix-unrecognized-filesystem-type.patch} | 9 +- ...-the-cast-when-using-binary-OR-on-FI.patch | 40 - .../0019-Use-correct-buffer-size.patch | 40 - ...one1000-pass-interface-id-and-buffe.patch} | 31 +- ...tone1000-pass-interface-id-and-kern.patch} | 27 +- ...ne1000-remove-guid-check-from-corst.patch} | 13 +- ...te-ESRT-table-if-EFI_ESRT-config-op.patch} | 11 +- ...add-get_image_info-for-corstone1000.patch} | 12 +- ...ootcomplete-message-to-secure-encla.patch} | 88 +- ...ll-pointer-exception-with-get_image.patch} | 9 +- ...26-arm-corstone1000-add-mmc-for-fvp.patch} | 17 +- ...orstone1000-use-a-compressed-kernel.patch} | 0 ...-external-sys-driver-to-device-tree.patch} | 4 +- ...-rpmsg-client-to-u-boot-device-tree.patch} | 4 +- .../recipes-bsp/u-boot/u-boot_%.bbappend | 58 +- 36 files changed, 5246 insertions(+), 3612 deletions(-) create mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-arm64-smccc-add-support-for-SMCCCv1.2-x0-x17-registe.patch delete mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-arm_ffa-introducing-Arm-FF-A-low-level-driver.patch create mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-arm64-smccc-clear-the-Xn-registers-after-SMC-calls.patch delete mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-arm_ffa-introducing-MM-communication-with-FF-A.patch create mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-lib-uuid-introduce-be_uuid_str_to_le_bin-function.patch create mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-arm_ffa-introduce-Arm-FF-A-low-level-driver.patch delete mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-arm_ffa-introducing-test-module-for-UCLASS_FFA.patch rename meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/{0007-arm_ffa-introducing-armffa-command.patch => 0010-arm_ffa-introduce-armffa-command.patch} (72%) create mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-arm_ffa-introduce-the-FF-A-Sandbox-driver.patch create mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-arm_ffa-introduce-Sandbox-test-cases-for-UCLASS_FFA.patch create mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-arm_ffa-introduce-armffa-command-Sandbox-test.patch delete mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-corstone1000-Make-sure-shared-buffer-contents-are-no.patch create mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-arm_ffa-introduce-FF-A-MM-communication.patch rename meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/{0010-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch => 0015-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch} (65%) rename meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/{0011-efi-corstone1000-introduce-EFI-capsule-update.patch => 0016-efi-corstone1000-introduce-EFI-capsule-update.patch} (82%) rename meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/{0012-corstone1000-Update-FFA-shared-buffer-address.patch => 0017-corstone1000-Update-FFA-shared-buffer-address.patch} (72%) rename meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/{0014-arm-corstone1000-fix-unrecognized-filesystem-type.patch => 0018-arm-corstone1000-fix-unrecognized-filesystem-type.patch} (76%) delete mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-arm_ffa-removing-the-cast-when-using-binary-OR-on-FI.patch delete mode 100644 meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-Use-correct-buffer-size.patch rename meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/{0015-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch => 0019-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch} (73%) rename meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/{0016-efi_boottime-corstone1000-pass-interface-id-and-kern.patch => 0020-efi_boottime-corstone1000-pass-interface-id-and-kern.patch} (65%) rename meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/{0017-efi_loader-corstone1000-remove-guid-check-from-corst.patch => 0021-efi_loader-corstone1000-remove-guid-check-from-corst.patch} (79%) rename meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/{0020-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch => 0022-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch} (75%) rename meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/{0021-efi_firmware-add-get_image_info-for-corstone1000.patch => 0023-efi_firmware-add-get_image_info-for-corstone1000.patch} (94%) rename meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/{0022-efi_loader-send-bootcomplete-message-to-secure-encla.patch => 0024-efi_loader-send-bootcomplete-message-to-secure-encla.patch} (69%) rename meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/{0023-efi_loader-fix-null-pointer-exception-with-get_image.patch => 0025-efi_loader-fix-null-pointer-exception-with-get_image.patch} (89%) rename meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/{0024-arm-corstone1000-add-mmc-for-fvp.patch => 0026-arm-corstone1000-add-mmc-for-fvp.patch} (92%) rename meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/{0025-corstone1000-use-a-compressed-kernel.patch => 0027-corstone1000-use-a-compressed-kernel.patch} (100%) rename meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/{0026-Introduce-external-sys-driver-to-device-tree.patch => 0028-Introduce-external-sys-driver-to-device-tree.patch} (94%) rename meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/{0027-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch => 0029-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch} (97%) diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0001-cmd-load-add-load-command-for-memory-mapped.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0001-cmd-load-add-load-command-for-memory-mapped.patch index dc64e3cf..4d7c51fc 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0001-cmd-load-add-load-command-for-memory-mapped.patch +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0001-cmd-load-add-load-command-for-memory-mapped.patch @@ -1,7 +1,7 @@ -From 7a1a84ea74fdd06a7f5f239f4c5f4b727d6cd232 Mon Sep 17 00:00:00 2001 +From 910760408430de32ad08b1e5ddf894cc9f2f3d0c Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva Date: Thu, 24 Jun 2021 09:25:00 +0100 -Subject: [PATCH 01/24] cmd: load: add load command for memory mapped +Subject: [PATCH 01/26] cmd: load: add load command for memory mapped cp.b is used a lot as a way to load binaries to memory and execute them, however we may need to integrate this with the efi subsystem to @@ -16,6 +16,7 @@ with this a kernel with CONFIG_EFI_STUB enabled will be loaded and then subsequently booted with bootefi command. Signed-off-by: Rui Miguel Silva +Upstream-Status: Accepted [2022.10-rc1] --- README | 1 + cmd/Kconfig | 6 ++++ @@ -26,7 +27,7 @@ Signed-off-by: Rui Miguel Silva 6 files changed, 78 insertions(+) diff --git a/README b/README -index b7ab6e50708d..cd76f95e74c1 100644 +index b7ab6e5070..cd76f95e74 100644 --- a/README +++ b/README @@ -2578,6 +2578,7 @@ rarpboot- boot image via network using RARP/TFTP protocol @@ -38,7 +39,7 @@ index b7ab6e50708d..cd76f95e74c1 100644 mm - memory modify (auto-incrementing) nm - memory modify (constant address) diff --git a/cmd/Kconfig b/cmd/Kconfig -index 09193b61b95f..ba2f321ae989 100644 +index 09193b61b9..ba2f321ae9 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -1143,6 +1143,12 @@ config CMD_LOADB @@ -55,7 +56,7 @@ index 09193b61b95f..ba2f321ae989 100644 bool "loads" default y diff --git a/cmd/bootefi.c b/cmd/bootefi.c -index 827fcd97dfd8..37ce659fa123 100644 +index 827fcd97df..37ce659fa1 100644 --- a/cmd/bootefi.c +++ b/cmd/bootefi.c @@ -34,6 +34,18 @@ static struct efi_device_path *bootefi_device_path; @@ -78,7 +79,7 @@ index 827fcd97dfd8..37ce659fa123 100644 * efi_clear_bootdev() - clear boot device */ diff --git a/cmd/load.c b/cmd/load.c -index 7e4a552d90ef..1224a7f85bb3 100644 +index 7e4a552d90..1224a7f85b 100644 --- a/cmd/load.c +++ b/cmd/load.c @@ -1063,6 +1063,44 @@ static ulong load_serial_ymodem(ulong offset, int mode) @@ -141,7 +142,7 @@ index 7e4a552d90ef..1224a7f85bb3 100644 +); +#endif /* CONFIG_CMD_LOADM */ diff --git a/include/efi_loader.h b/include/efi_loader.h -index 11930fbea838..5b41985244e2 100644 +index 11930fbea8..5b41985244 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -591,6 +591,8 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle, @@ -154,7 +155,7 @@ index 11930fbea838..5b41985244e2 100644 void efi_add_handle(efi_handle_t obj); /* Create handle */ diff --git a/lib/efi_loader/efi_device_path.c b/lib/efi_loader/efi_device_path.c -index 171661b89727..2493d7432613 100644 +index 171661b897..2493d74326 100644 --- a/lib/efi_loader/efi_device_path.c +++ b/lib/efi_loader/efi_device_path.c @@ -1158,6 +1158,8 @@ efi_status_t efi_dp_from_name(const char *dev, const char *devnr, @@ -181,5 +182,5 @@ index 171661b89727..2493d7432613 100644 part = blk_get_device_part_str(dev, devnr, &desc, &fs_partition, 1); -- -2.37.1 +2.17.1 diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0002-arm-add-support-to-corstone1000-platform.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0002-arm-add-support-to-corstone1000-platform.patch index 18636290..4c7c9b14 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0002-arm-add-support-to-corstone1000-platform.patch +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0002-arm-add-support-to-corstone1000-platform.patch @@ -1,7 +1,7 @@ -From c9a9a467bb335047812004dd022dcadf9514101f Mon Sep 17 00:00:00 2001 +From 3523b1bac430f10f02a31f7d013ea369e29656be Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva Date: Tue, 15 Feb 2022 09:44:10 +0000 -Subject: [PATCH 02/24] arm: add support to corstone1000 platform +Subject: [PATCH 02/26] arm: add support to corstone1000 platform Corstone1000 is a platform from arm, which includes pre verified Corstone SSE710 sub-system that combines Cortex-A and @@ -18,6 +18,7 @@ FPGA MPS3 board implementation of this platform. [2] Signed-off-by: Abdellatif El Khlifi Signed-off-by: Rui Miguel Silva +Upstream-Status: Accepted [2022.10-rc1] --- arch/arm/Kconfig | 8 ++ arch/arm/dts/Makefile | 3 + @@ -42,7 +43,7 @@ Signed-off-by: Rui Miguel Silva create mode 100644 include/configs/corstone1000.h diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig -index 9898c7d68e1b..2fc2b7d20f12 100644 +index 9898c7d68e..2fc2b7d20f 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -1347,6 +1347,12 @@ config ARCH_VEXPRESS64 @@ -68,7 +69,7 @@ index 9898c7d68e1b..2fc2b7d20f12 100644 source "board/bosch/guardian/Kconfig" source "board/Marvell/octeontx/Kconfig" diff --git a/arch/arm/dts/Makefile b/arch/arm/dts/Makefile -index a7e0d9f6c0e8..8c8f15b6a813 100644 +index a7e0d9f6c0..8c8f15b6a8 100644 --- a/arch/arm/dts/Makefile +++ b/arch/arm/dts/Makefile @@ -1265,6 +1265,9 @@ dtb-$(CONFIG_TARGET_EA_LPC3250DEVKITV2) += lpc3250-ea3250.dtb @@ -83,7 +84,7 @@ index a7e0d9f6c0e8..8c8f15b6a813 100644 targets += $(dtb-y) diff --git a/arch/arm/dts/corstone1000-fvp.dts b/arch/arm/dts/corstone1000-fvp.dts new file mode 100644 -index 000000000000..1fcc137a493c +index 0000000000..1fcc137a49 --- /dev/null +++ b/arch/arm/dts/corstone1000-fvp.dts @@ -0,0 +1,23 @@ @@ -112,7 +113,7 @@ index 000000000000..1fcc137a493c +}; diff --git a/arch/arm/dts/corstone1000-mps3.dts b/arch/arm/dts/corstone1000-mps3.dts new file mode 100644 -index 000000000000..e3146747c2d9 +index 0000000000..e3146747c2 --- /dev/null +++ b/arch/arm/dts/corstone1000-mps3.dts @@ -0,0 +1,32 @@ @@ -150,7 +151,7 @@ index 000000000000..e3146747c2d9 +}; diff --git a/arch/arm/dts/corstone1000.dtsi b/arch/arm/dts/corstone1000.dtsi new file mode 100644 -index 000000000000..d0194aa893f2 +index 0000000000..d0194aa893 --- /dev/null +++ b/arch/arm/dts/corstone1000.dtsi @@ -0,0 +1,169 @@ @@ -325,7 +326,7 @@ index 000000000000..d0194aa893f2 +}; diff --git a/board/armltd/corstone1000/Kconfig b/board/armltd/corstone1000/Kconfig new file mode 100644 -index 000000000000..709674d4cf7d +index 0000000000..709674d4cf --- /dev/null +++ b/board/armltd/corstone1000/Kconfig @@ -0,0 +1,12 @@ @@ -343,7 +344,7 @@ index 000000000000..709674d4cf7d +endif diff --git a/board/armltd/corstone1000/MAINTAINERS b/board/armltd/corstone1000/MAINTAINERS new file mode 100644 -index 000000000000..8c905686de76 +index 0000000000..8c905686de --- /dev/null +++ b/board/armltd/corstone1000/MAINTAINERS @@ -0,0 +1,7 @@ @@ -356,7 +357,7 @@ index 000000000000..8c905686de76 +F: configs/corstone1000_defconfig diff --git a/board/armltd/corstone1000/Makefile b/board/armltd/corstone1000/Makefile new file mode 100644 -index 000000000000..77a82c28929b +index 0000000000..77a82c2892 --- /dev/null +++ b/board/armltd/corstone1000/Makefile @@ -0,0 +1,7 @@ @@ -369,7 +370,7 @@ index 000000000000..77a82c28929b +obj-y := corstone1000.o diff --git a/board/armltd/corstone1000/corstone1000.c b/board/armltd/corstone1000/corstone1000.c new file mode 100644 -index 000000000000..2fa485ff3799 +index 0000000000..2fa485ff37 --- /dev/null +++ b/board/armltd/corstone1000/corstone1000.c @@ -0,0 +1,125 @@ @@ -500,7 +501,7 @@ index 000000000000..2fa485ff3799 +} diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig new file mode 100644 -index 000000000000..02f931b0d469 +index 0000000000..02f931b0d4 --- /dev/null +++ b/configs/corstone1000_defconfig @@ -0,0 +1,80 @@ @@ -586,7 +587,7 @@ index 000000000000..02f931b0d469 +CONFIG_MISC=y diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h new file mode 100644 -index 000000000000..cf166f107efd +index 0000000000..cf166f107e --- /dev/null +++ b/include/configs/corstone1000.h @@ -0,0 +1,86 @@ @@ -677,5 +678,5 @@ index 000000000000..cf166f107efd + "bootefi $kernel_addr_r $fdtcontroladdr;" +#endif -- -2.37.1 +2.17.1 diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0003-usb-common-move-urb-code-to-common.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0003-usb-common-move-urb-code-to-common.patch index 1cebd072..7e726fea 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0003-usb-common-move-urb-code-to-common.patch +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0003-usb-common-move-urb-code-to-common.patch @@ -1,12 +1,13 @@ -From 61c5fe3758a0febdee33429f5be16f69279045cc Mon Sep 17 00:00:00 2001 +From 178da5bee196f44c4c10e9804674fe5ac0bc1176 Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva Date: Mon, 28 Jun 2021 23:20:55 +0100 -Subject: [PATCH 03/24] usb: common: move urb code to common +Subject: [PATCH 03/26] usb: common: move urb code to common Move urb code from musb only use to a more common scope, so other drivers in the future can use the handling of urb in usb. Signed-off-by: Rui Miguel Silva +Upstream-Status: Accepted [2022.10-rc1] --- drivers/usb/common/Makefile | 2 + drivers/usb/common/usb_urb.c | 160 ++++++++++++++++++ @@ -23,7 +24,7 @@ Signed-off-by: Rui Miguel Silva rename drivers/usb/musb-new/usb-compat.h => include/linux/usb/usb_urb_compat.h (60%) diff --git a/drivers/usb/common/Makefile b/drivers/usb/common/Makefile -index 3bedbf213f47..dc05cb0a5077 100644 +index 3bedbf213f..dc05cb0a50 100644 --- a/drivers/usb/common/Makefile +++ b/drivers/usb/common/Makefile @@ -4,5 +4,7 @@ @@ -36,7 +37,7 @@ index 3bedbf213f47..dc05cb0a5077 100644 obj-$(CONFIG_USB_XHCI_FSL) += fsl-dt-fixup.o fsl-errata.o diff --git a/drivers/usb/common/usb_urb.c b/drivers/usb/common/usb_urb.c new file mode 100644 -index 000000000000..be3b6b9f32e8 +index 0000000000..be3b6b9f32 --- /dev/null +++ b/drivers/usb/common/usb_urb.c @@ -0,0 +1,160 @@ @@ -201,7 +202,7 @@ index 000000000000..be3b6b9f32e8 + return usb_urb_submit(hcd, urb); +} diff --git a/drivers/usb/host/r8a66597-hcd.c b/drivers/usb/host/r8a66597-hcd.c -index f1fc93f3d403..3ccbc16da379 100644 +index f1fc93f3d4..3ccbc16da3 100644 --- a/drivers/usb/host/r8a66597-hcd.c +++ b/drivers/usb/host/r8a66597-hcd.c @@ -14,6 +14,7 @@ @@ -249,7 +250,7 @@ index f1fc93f3d403..3ccbc16da379 100644 { struct usb_device *parent = usb_dev_get_parent(dev); diff --git a/drivers/usb/musb-new/musb_core.c b/drivers/usb/musb-new/musb_core.c -index 18d9bc805f8a..fc7af7484e4c 100644 +index 18d9bc805f..fc7af7484e 100644 --- a/drivers/usb/musb-new/musb_core.c +++ b/drivers/usb/musb-new/musb_core.c @@ -89,9 +89,9 @@ @@ -264,7 +265,7 @@ index 18d9bc805f8a..fc7af7484e4c 100644 #include "musb_core.h" diff --git a/drivers/usb/musb-new/musb_host.c b/drivers/usb/musb-new/musb_host.c -index acb2d40f3b5a..e5905d90d66f 100644 +index acb2d40f3b..e5905d90d6 100644 --- a/drivers/usb/musb-new/musb_host.c +++ b/drivers/usb/musb-new/musb_host.c @@ -26,8 +26,8 @@ @@ -278,7 +279,7 @@ index acb2d40f3b5a..e5905d90d66f 100644 #include "musb_core.h" diff --git a/drivers/usb/musb-new/musb_host.h b/drivers/usb/musb-new/musb_host.h -index afc8fa35a738..5a604bdb0cf2 100644 +index afc8fa35a7..5a604bdb0c 100644 --- a/drivers/usb/musb-new/musb_host.h +++ b/drivers/usb/musb-new/musb_host.h @@ -10,7 +10,7 @@ @@ -291,7 +292,7 @@ index afc8fa35a738..5a604bdb0cf2 100644 static inline struct usb_hcd *musb_to_hcd(struct musb *musb) diff --git a/drivers/usb/musb-new/musb_uboot.c b/drivers/usb/musb-new/musb_uboot.c -index 61ff68def2fa..d186facc7e02 100644 +index 61ff68def2..d186facc7e 100644 --- a/drivers/usb/musb-new/musb_uboot.c +++ b/drivers/usb/musb-new/musb_uboot.c @@ -8,10 +8,10 @@ @@ -347,7 +348,7 @@ index 61ff68def2fa..d186facc7e02 100644 -} -#endif diff --git a/drivers/usb/musb-new/musb_uboot.h b/drivers/usb/musb-new/musb_uboot.h -index 18282efccc9d..6b162f03b19e 100644 +index 18282efccc..6b162f03b1 100644 --- a/drivers/usb/musb-new/musb_uboot.h +++ b/drivers/usb/musb-new/musb_uboot.h @@ -8,8 +8,8 @@ @@ -364,7 +365,7 @@ diff --git a/drivers/usb/musb-new/usb-compat.h b/include/linux/usb/usb_urb_compa similarity index 60% rename from drivers/usb/musb-new/usb-compat.h rename to include/linux/usb/usb_urb_compat.h -index df68c9220a7a..5ed96fa64e96 100644 +index df68c9220a..5ed96fa64e 100644 --- a/drivers/usb/musb-new/usb-compat.h +++ b/include/linux/usb/usb_urb_compat.h @@ -1,16 +1,31 @@ @@ -439,7 +440,7 @@ index df68c9220a7a..5ed96fa64e96 100644 + #endif /* __USB_COMPAT_H__ */ diff --git a/include/usb_defs.h b/include/usb_defs.h -index 6dd2c997f9b3..ec00161710a5 100644 +index 6dd2c997f9..ec00161710 100644 --- a/include/usb_defs.h +++ b/include/usb_defs.h @@ -81,6 +81,32 @@ @@ -493,5 +494,5 @@ index 6dd2c997f9b3..ec00161710a5 100644 /* * Hub Status & Hub Change bit masks -- -2.37.1 +2.17.1 diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0004-usb-add-isp1760-family-driver.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0004-usb-add-isp1760-family-driver.patch index 1dd6f259..794389e3 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0004-usb-add-isp1760-family-driver.patch +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0004-usb-add-isp1760-family-driver.patch @@ -1,12 +1,13 @@ -From 8abb9c6a342d750a3a3a66e674c3be6597fc9f66 Mon Sep 17 00:00:00 2001 +From 83ba88292211394ce6b3a21fbc0f702dae543290 Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva Date: Mon, 28 Jun 2021 23:31:25 +0100 -Subject: [PATCH 04/24] usb: add isp1760 family driver +Subject: [PATCH 04/26] usb: add isp1760 family driver ISP1760/61/63 are a family of usb controllers, blah, blah, more info here. Signed-off-by: Rui Miguel Silva +Upstream-Status: Accepted [2022.10-rc1] --- Makefile | 1 + drivers/usb/Kconfig | 2 + @@ -34,7 +35,7 @@ Signed-off-by: Rui Miguel Silva create mode 100644 drivers/usb/isp1760/isp1760-uboot.h diff --git a/Makefile b/Makefile -index 98867fbe06b4..67851020f5c1 100644 +index 98867fbe06..67851020f5 100644 --- a/Makefile +++ b/Makefile @@ -841,6 +841,7 @@ libs-y += drivers/usb/host/ @@ -46,7 +47,7 @@ index 98867fbe06b4..67851020f5c1 100644 libs-y += drivers/usb/ulpi/ ifdef CONFIG_POST diff --git a/drivers/usb/Kconfig b/drivers/usb/Kconfig -index ab1d061bd0d5..bbe07be02cab 100644 +index ab1d061bd0..bbe07be02c 100644 --- a/drivers/usb/Kconfig +++ b/drivers/usb/Kconfig @@ -78,6 +78,8 @@ source "drivers/usb/musb/Kconfig" @@ -59,7 +60,7 @@ index ab1d061bd0d5..bbe07be02cab 100644 source "drivers/usb/phy/Kconfig" diff --git a/drivers/usb/common/Makefile b/drivers/usb/common/Makefile -index dc05cb0a5077..f08b064d2493 100644 +index dc05cb0a50..f08b064d24 100644 --- a/drivers/usb/common/Makefile +++ b/drivers/usb/common/Makefile @@ -4,6 +4,7 @@ @@ -72,7 +73,7 @@ index dc05cb0a5077..f08b064d2493 100644 obj-$(CONFIG_USB_EHCI_FSL) += fsl-dt-fixup.o fsl-errata.o diff --git a/drivers/usb/isp1760/Kconfig b/drivers/usb/isp1760/Kconfig new file mode 100644 -index 000000000000..993d71e74cd2 +index 0000000000..993d71e74c --- /dev/null +++ b/drivers/usb/isp1760/Kconfig @@ -0,0 +1,12 @@ @@ -90,7 +91,7 @@ index 000000000000..993d71e74cd2 + capable bus. diff --git a/drivers/usb/isp1760/Makefile b/drivers/usb/isp1760/Makefile new file mode 100644 -index 000000000000..2c809c01b118 +index 0000000000..2c809c01b1 --- /dev/null +++ b/drivers/usb/isp1760/Makefile @@ -0,0 +1,6 @@ @@ -102,7 +103,7 @@ index 000000000000..2c809c01b118 +obj-$(CONFIG_USB_ISP1760) += isp1760.o diff --git a/drivers/usb/isp1760/isp1760-core.c b/drivers/usb/isp1760/isp1760-core.c new file mode 100644 -index 000000000000..3080595549c5 +index 0000000000..3080595549 --- /dev/null +++ b/drivers/usb/isp1760/isp1760-core.c @@ -0,0 +1,378 @@ @@ -486,7 +487,7 @@ index 000000000000..3080595549c5 +} diff --git a/drivers/usb/isp1760/isp1760-core.h b/drivers/usb/isp1760/isp1760-core.h new file mode 100644 -index 000000000000..0a60e30b5fe7 +index 0000000000..0a60e30b5f --- /dev/null +++ b/drivers/usb/isp1760/isp1760-core.h @@ -0,0 +1,96 @@ @@ -588,7 +589,7 @@ index 000000000000..0a60e30b5fe7 +#endif diff --git a/drivers/usb/isp1760/isp1760-hcd.c b/drivers/usb/isp1760/isp1760-hcd.c new file mode 100644 -index 000000000000..b1d86dd69b94 +index 0000000000..b1d86dd69b --- /dev/null +++ b/drivers/usb/isp1760/isp1760-hcd.c @@ -0,0 +1,2574 @@ @@ -3168,7 +3169,7 @@ index 000000000000..b1d86dd69b94 +} diff --git a/drivers/usb/isp1760/isp1760-hcd.h b/drivers/usb/isp1760/isp1760-hcd.h new file mode 100644 -index 000000000000..00f5ca8c1f75 +index 0000000000..00f5ca8c1f --- /dev/null +++ b/drivers/usb/isp1760/isp1760-hcd.h @@ -0,0 +1,82 @@ @@ -3256,7 +3257,7 @@ index 000000000000..00f5ca8c1f75 +#endif /* _ISP1760_HCD_H_ */ diff --git a/drivers/usb/isp1760/isp1760-if.c b/drivers/usb/isp1760/isp1760-if.c new file mode 100644 -index 000000000000..c610da6b23fb +index 0000000000..c610da6b23 --- /dev/null +++ b/drivers/usb/isp1760/isp1760-if.c @@ -0,0 +1,127 @@ @@ -3389,7 +3390,7 @@ index 000000000000..c610da6b23fb +}; diff --git a/drivers/usb/isp1760/isp1760-regs.h b/drivers/usb/isp1760/isp1760-regs.h new file mode 100644 -index 000000000000..94ea60c20b2a +index 0000000000..94ea60c20b --- /dev/null +++ b/drivers/usb/isp1760/isp1760-regs.h @@ -0,0 +1,292 @@ @@ -3687,7 +3688,7 @@ index 000000000000..94ea60c20b2a +#endif diff --git a/drivers/usb/isp1760/isp1760-uboot.c b/drivers/usb/isp1760/isp1760-uboot.c new file mode 100644 -index 000000000000..7635210fe2b4 +index 0000000000..7635210fe2 --- /dev/null +++ b/drivers/usb/isp1760/isp1760-uboot.c @@ -0,0 +1,76 @@ @@ -3769,7 +3770,7 @@ index 000000000000..7635210fe2b4 +}; diff --git a/drivers/usb/isp1760/isp1760-uboot.h b/drivers/usb/isp1760/isp1760-uboot.h new file mode 100644 -index 000000000000..2486de6f9e27 +index 0000000000..2486de6f9e --- /dev/null +++ b/drivers/usb/isp1760/isp1760-uboot.h @@ -0,0 +1,27 @@ @@ -3801,5 +3802,5 @@ index 000000000000..2486de6f9e27 + +#endif -- -2.37.1 +2.17.1 diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0005-corstone1000-enable-isp1763-usb-controller.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0005-corstone1000-enable-isp1763-usb-controller.patch index c4654557..6ebba568 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0005-corstone1000-enable-isp1763-usb-controller.patch +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0005-corstone1000-enable-isp1763-usb-controller.patch @@ -1,20 +1,21 @@ -From 5031fea320bb4ccc1ce7470193d8f4402ae819c9 Mon Sep 17 00:00:00 2001 +From 8717357eff3f4172c74f0b10078c31cdff9bcc41 Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva Date: Thu, 3 Mar 2022 16:52:02 +0000 -Subject: [PATCH 05/24] corstone1000: enable isp1763 usb controller +Subject: [PATCH 05/26] corstone1000: enable isp1763 usb controller MPS3 board have a ISP1763 usb controller, add the correspondent mmio area and enable it to be used for mass storage access for example. Signed-off-by: Rui Miguel Silva +Upstream-Status: Accepted [2022.10-rc1] --- configs/corstone1000_defconfig | 1 + include/configs/corstone1000.h | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig -index 02f931b0d469..e573fe6fe6a2 100644 +index 02f931b0d4..e573fe6fe6 100644 --- a/configs/corstone1000_defconfig +++ b/configs/corstone1000_defconfig @@ -42,6 +42,7 @@ CONFIG_REGMAP=y @@ -26,7 +27,7 @@ index 02f931b0d469..e573fe6fe6a2 100644 CONFIG_EFI_MM_COMM_TEE=y # CONFIG_OPTEE is not set diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h -index cf166f107efd..8ba0effb0ab2 100644 +index cf166f107e..8ba0effb0a 100644 --- a/include/configs/corstone1000.h +++ b/include/configs/corstone1000.h @@ -55,7 +55,13 @@ @@ -44,5 +45,5 @@ index cf166f107efd..8ba0effb0ab2 100644 "boot_bank_flag=0x08002000\0" \ "kernel_addr_bank_0=0x083EE000\0" \ -- -2.37.1 +2.17.1 diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-arm64-smccc-add-support-for-SMCCCv1.2-x0-x17-registe.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-arm64-smccc-add-support-for-SMCCCv1.2-x0-x17-registe.patch new file mode 100644 index 00000000..01cd5615 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-arm64-smccc-add-support-for-SMCCCv1.2-x0-x17-registe.patch @@ -0,0 +1,204 @@ +From 7afe2370bc24b9003be8184fbd3169ebca03165a Mon Sep 17 00:00:00 2001 +From: Abdellatif El Khlifi +Date: Fri, 29 Jul 2022 13:06:19 +0100 +Subject: [PATCH 06/26] arm64: smccc: add support for SMCCCv1.2 x0-x17 + registers + +add support for x0-x17 registers used by the SMC calls + +In SMCCC v1.2 [1] arguments are passed in registers x1-x17. +Results are returned in x0-x17. + +This work is inspired from the following kernel commit: + +arm64: smccc: Add support for SMCCCv1.2 extended input/output registers + +[1]: https://documentation-service.arm.com/static/5f8edaeff86e16515cdbe4c6?token= + +Signed-off-by: Abdellatif El Khlifi +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/] + +--- + +Changelog: +=============== + +v4: + +* rename the commit title and improve description + new commit title: the current + +v3: + +* port x0-x17 registers support from linux kernel as defined by SMCCCv1.2 + commit title: + arm64: smccc: add Xn registers support used by SMC calls + + arch/arm/cpu/armv8/smccc-call.S | 53 +++++++++++++++++++++++++++++++++ + arch/arm/lib/asm-offsets.c | 13 ++++++++ + include/linux/arm-smccc.h | 43 ++++++++++++++++++++++++++ + 3 files changed, 109 insertions(+) + +diff --git a/arch/arm/cpu/armv8/smccc-call.S b/arch/arm/cpu/armv8/smccc-call.S +index dc92b28777..ec6f299bc9 100644 +--- a/arch/arm/cpu/armv8/smccc-call.S ++++ b/arch/arm/cpu/armv8/smccc-call.S +@@ -1,6 +1,8 @@ + /* SPDX-License-Identifier: GPL-2.0 */ + /* + * Copyright (c) 2015, Linaro Limited ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi + */ + #include + #include +@@ -45,3 +47,54 @@ ENDPROC(__arm_smccc_smc) + ENTRY(__arm_smccc_hvc) + SMCCC hvc + ENDPROC(__arm_smccc_hvc) ++ ++#ifdef CONFIG_ARM64 ++ ++ .macro SMCCC_1_2 instr ++ /* Save `res` and free a GPR that won't be clobbered */ ++ stp x1, x19, [sp, #-16]! ++ ++ /* Ensure `args` won't be clobbered while loading regs in next step */ ++ mov x19, x0 ++ ++ /* Load the registers x0 - x17 from the struct arm_smccc_1_2_regs */ ++ ldp x0, x1, [x19, #ARM_SMCCC_1_2_REGS_X0_OFFS] ++ ldp x2, x3, [x19, #ARM_SMCCC_1_2_REGS_X2_OFFS] ++ ldp x4, x5, [x19, #ARM_SMCCC_1_2_REGS_X4_OFFS] ++ ldp x6, x7, [x19, #ARM_SMCCC_1_2_REGS_X6_OFFS] ++ ldp x8, x9, [x19, #ARM_SMCCC_1_2_REGS_X8_OFFS] ++ ldp x10, x11, [x19, #ARM_SMCCC_1_2_REGS_X10_OFFS] ++ ldp x12, x13, [x19, #ARM_SMCCC_1_2_REGS_X12_OFFS] ++ ldp x14, x15, [x19, #ARM_SMCCC_1_2_REGS_X14_OFFS] ++ ldp x16, x17, [x19, #ARM_SMCCC_1_2_REGS_X16_OFFS] ++ ++ \instr #0 ++ ++ /* Load the `res` from the stack */ ++ ldr x19, [sp] ++ ++ /* Store the registers x0 - x17 into the result structure */ ++ stp x0, x1, [x19, #ARM_SMCCC_1_2_REGS_X0_OFFS] ++ stp x2, x3, [x19, #ARM_SMCCC_1_2_REGS_X2_OFFS] ++ stp x4, x5, [x19, #ARM_SMCCC_1_2_REGS_X4_OFFS] ++ stp x6, x7, [x19, #ARM_SMCCC_1_2_REGS_X6_OFFS] ++ stp x8, x9, [x19, #ARM_SMCCC_1_2_REGS_X8_OFFS] ++ stp x10, x11, [x19, #ARM_SMCCC_1_2_REGS_X10_OFFS] ++ stp x12, x13, [x19, #ARM_SMCCC_1_2_REGS_X12_OFFS] ++ stp x14, x15, [x19, #ARM_SMCCC_1_2_REGS_X14_OFFS] ++ stp x16, x17, [x19, #ARM_SMCCC_1_2_REGS_X16_OFFS] ++ ++ /* Restore original x19 */ ++ ldp xzr, x19, [sp], #16 ++ ret ++ .endm ++ ++/* ++ * void arm_smccc_1_2_smc(const struct arm_smccc_1_2_regs *args, ++ * struct arm_smccc_1_2_regs *res); ++ */ ++ENTRY(arm_smccc_1_2_smc) ++ SMCCC_1_2 smc ++ENDPROC(arm_smccc_1_2_smc) ++ ++#endif +diff --git a/arch/arm/lib/asm-offsets.c b/arch/arm/lib/asm-offsets.c +index 22fd541f9a..b6bd1b32b0 100644 +--- a/arch/arm/lib/asm-offsets.c ++++ b/arch/arm/lib/asm-offsets.c +@@ -9,6 +9,8 @@ + * generate asm statements containing #defines, + * compile this file to assembler, and then extract the + * #defines from the assembly-language output. ++ * ++ * (C) Copyright 2022 ARM Limited + */ + + #include +@@ -117,6 +119,17 @@ int main(void) + DEFINE(ARM_SMCCC_RES_X2_OFFS, offsetof(struct arm_smccc_res, a2)); + DEFINE(ARM_SMCCC_QUIRK_ID_OFFS, offsetof(struct arm_smccc_quirk, id)); + DEFINE(ARM_SMCCC_QUIRK_STATE_OFFS, offsetof(struct arm_smccc_quirk, state)); ++ #ifdef CONFIG_ARM64 ++ DEFINE(ARM_SMCCC_1_2_REGS_X0_OFFS, offsetof(struct arm_smccc_1_2_regs, a0)); ++ DEFINE(ARM_SMCCC_1_2_REGS_X2_OFFS, offsetof(struct arm_smccc_1_2_regs, a2)); ++ DEFINE(ARM_SMCCC_1_2_REGS_X4_OFFS, offsetof(struct arm_smccc_1_2_regs, a4)); ++ DEFINE(ARM_SMCCC_1_2_REGS_X6_OFFS, offsetof(struct arm_smccc_1_2_regs, a6)); ++ DEFINE(ARM_SMCCC_1_2_REGS_X8_OFFS, offsetof(struct arm_smccc_1_2_regs, a8)); ++ DEFINE(ARM_SMCCC_1_2_REGS_X10_OFFS, offsetof(struct arm_smccc_1_2_regs, a10)); ++ DEFINE(ARM_SMCCC_1_2_REGS_X12_OFFS, offsetof(struct arm_smccc_1_2_regs, a12)); ++ DEFINE(ARM_SMCCC_1_2_REGS_X14_OFFS, offsetof(struct arm_smccc_1_2_regs, a14)); ++ DEFINE(ARM_SMCCC_1_2_REGS_X16_OFFS, offsetof(struct arm_smccc_1_2_regs, a16)); ++ #endif + #endif + + return 0; +diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h +index 7f2be23394..dae58d3476 100644 +--- a/include/linux/arm-smccc.h ++++ b/include/linux/arm-smccc.h +@@ -1,6 +1,8 @@ + /* SPDX-License-Identifier: GPL-2.0 */ + /* + * Copyright (c) 2015, Linaro Limited ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi + */ + #ifndef __LINUX_ARM_SMCCC_H + #define __LINUX_ARM_SMCCC_H +@@ -66,6 +68,47 @@ struct arm_smccc_res { + unsigned long a3; + }; + ++#ifdef CONFIG_ARM64 ++/** ++ * struct arm_smccc_1_2_regs - Arguments for or Results from SMC call ++ * @a0-a17 argument values from registers 0 to 17 ++ */ ++struct arm_smccc_1_2_regs { ++ unsigned long a0; ++ unsigned long a1; ++ unsigned long a2; ++ unsigned long a3; ++ unsigned long a4; ++ unsigned long a5; ++ unsigned long a6; ++ unsigned long a7; ++ unsigned long a8; ++ unsigned long a9; ++ unsigned long a10; ++ unsigned long a11; ++ unsigned long a12; ++ unsigned long a13; ++ unsigned long a14; ++ unsigned long a15; ++ unsigned long a16; ++ unsigned long a17; ++}; ++ ++/** ++ * arm_smccc_1_2_smc() - make SMC calls ++ * @args: arguments passed via struct arm_smccc_1_2_regs ++ * @res: result values via struct arm_smccc_1_2_regs ++ * ++ * This function is used to make SMC calls following SMC Calling Convention ++ * v1.2 or above. The content of the supplied param are copied from the ++ * structure to registers prior to the SMC instruction. The return values ++ * are updated with the content from registers on return from the SMC ++ * instruction. ++ */ ++asmlinkage void arm_smccc_1_2_smc(const struct arm_smccc_1_2_regs *args, ++ struct arm_smccc_1_2_regs *res); ++#endif ++ + /** + * struct arm_smccc_quirk - Contains quirk information + * @id: quirk identification +-- +2.17.1 + diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-arm_ffa-introducing-Arm-FF-A-low-level-driver.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-arm_ffa-introducing-Arm-FF-A-low-level-driver.patch deleted file mode 100644 index 617aaf77..00000000 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-arm_ffa-introducing-Arm-FF-A-low-level-driver.patch +++ /dev/null @@ -1,2610 +0,0 @@ -From 968c86e8a6ed3e9e6621f0ae44977b5b13d90bfd Mon Sep 17 00:00:00 2001 -From: Abdellatif El Khlifi -Date: Tue, 16 Nov 2021 12:34:52 +0000 -Subject: [PATCH 06/24] arm_ffa: introducing Arm FF-A low-level driver - -This driver implements Arm Firmware Framework for Armv8-A on u-boot - -The Firmware Framework for Arm A-profile processors (FF-A) -describes interfaces (ABIs) that standardize communication -between the Secure World and Normal World leveraging TrustZone -technology. - -This driver is based on FF-A specification v1.0 and uses SMC32 -calling convention. - -FF-A specification: - -https://developer.arm.com/documentation/den0077/a/?lang=en - -The driver provides helper FF-A interfaces for user layers. -These helper functions allow clients to pass data and select the -FF-A function to use for the communication with secure world. - -Signed-off-by: Abdellatif El Khlifi -Signed-off-by: Rui Miguel Silva ---- - MAINTAINERS | 8 + - arch/arm/cpu/armv8/smccc-call.S | 27 + - arch/arm/lib/asm-offsets.c | 6 + - common/board_r.c | 6 + - drivers/Kconfig | 2 + - drivers/Makefile | 1 + - drivers/arm-ffa/Kconfig | 26 + - drivers/arm-ffa/Makefile | 3 + - drivers/arm-ffa/arm-ffa-uclass.c | 67 ++ - drivers/arm-ffa/arm_ffa_prv.h | 199 ++++ - drivers/arm-ffa/core.c | 1484 ++++++++++++++++++++++++++++++ - include/arm_ffa.h | 191 ++++ - include/arm_ffa_helper.h | 45 + - include/dm/uclass-id.h | 1 + - include/linux/arm-smccc.h | 28 +- - lib/Kconfig | 1 + - lib/Makefile | 1 + - lib/arm-ffa/Kconfig | 6 + - lib/arm-ffa/Makefile | 8 + - lib/arm-ffa/arm_ffa_helper.c | 188 ++++ - lib/efi_loader/efi_boottime.c | 17 + - 21 files changed, 2314 insertions(+), 1 deletion(-) - create mode 100644 drivers/arm-ffa/Kconfig - create mode 100644 drivers/arm-ffa/Makefile - create mode 100644 drivers/arm-ffa/arm-ffa-uclass.c - create mode 100644 drivers/arm-ffa/arm_ffa_prv.h - create mode 100644 drivers/arm-ffa/core.c - create mode 100644 include/arm_ffa.h - create mode 100644 include/arm_ffa_helper.h - create mode 100644 lib/arm-ffa/Kconfig - create mode 100644 lib/arm-ffa/Makefile - create mode 100644 lib/arm-ffa/arm_ffa_helper.c - -diff --git a/MAINTAINERS b/MAINTAINERS -index 7f27ff4c20fc..d29d7e040764 100644 ---- a/MAINTAINERS -+++ b/MAINTAINERS -@@ -244,6 +244,14 @@ F: board/CZ.NIC/ - F: configs/turris_*_defconfig - F: include/configs/turris_*.h - -+ARM FF-A -+M: Abdellatif El Khlifi -+S: Maintained -+F: drivers/arm-ffa/ -+F: include/arm_ffa.h -+F: include/arm_ffa_helper.h -+F: lib/arm-ffa/ -+ - ARM FREESCALE IMX - M: Stefano Babic - M: Fabio Estevam -diff --git a/arch/arm/cpu/armv8/smccc-call.S b/arch/arm/cpu/armv8/smccc-call.S -index dc92b28777c3..ffc39c9fefa2 100644 ---- a/arch/arm/cpu/armv8/smccc-call.S -+++ b/arch/arm/cpu/armv8/smccc-call.S -@@ -1,6 +1,8 @@ - /* SPDX-License-Identifier: GPL-2.0 */ - /* - * Copyright (c) 2015, Linaro Limited -+ * (C) Copyright 2021 ARM Limited -+ * Abdellatif El Khlifi - */ - #include - #include -@@ -45,3 +47,28 @@ ENDPROC(__arm_smccc_smc) - ENTRY(__arm_smccc_hvc) - SMCCC hvc - ENDPROC(__arm_smccc_hvc) -+ -+#if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) -+ -+ .macro FFASMCCC instr -+ .cfi_startproc -+ \instr #0 -+ ldr x9, [sp] -+ stp x0, x1, [x9, #ARM_SMCCC_RES_X0_OFFS] -+ stp x2, x3, [x9, #ARM_SMCCC_RES_X2_OFFS] -+ stp x4, x5, [x9, #ARM_SMCCC_RES_X4_OFFS] -+ stp x6, x7, [x9, #ARM_SMCCC_RES_X6_OFFS] -+ ret -+ .cfi_endproc -+ .endm -+ -+/* -+ * void arm_ffa_smccc_smc(unsigned long a0, unsigned long a1, unsigned long a2, -+ * unsigned long a3, unsigned long a4, unsigned long a5, -+ * unsigned long a6, unsigned long a7, struct arm_smccc_res *res) -+ */ -+ENTRY(__arm_ffa_smccc_smc) -+ FFASMCCC smc -+ENDPROC(__arm_ffa_smccc_smc) -+ -+#endif -diff --git a/arch/arm/lib/asm-offsets.c b/arch/arm/lib/asm-offsets.c -index 22fd541f9a28..45eca83a473c 100644 ---- a/arch/arm/lib/asm-offsets.c -+++ b/arch/arm/lib/asm-offsets.c -@@ -9,6 +9,8 @@ - * generate asm statements containing #defines, - * compile this file to assembler, and then extract the - * #defines from the assembly-language output. -+ * -+ * (C) Copyright 2021 ARM Limited - */ - - #include -@@ -115,6 +117,10 @@ int main(void) - #ifdef CONFIG_ARM_SMCCC - DEFINE(ARM_SMCCC_RES_X0_OFFS, offsetof(struct arm_smccc_res, a0)); - DEFINE(ARM_SMCCC_RES_X2_OFFS, offsetof(struct arm_smccc_res, a2)); -+#if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) -+ DEFINE(ARM_SMCCC_RES_X4_OFFS, offsetof(struct arm_smccc_res, a4)); -+ DEFINE(ARM_SMCCC_RES_X6_OFFS, offsetof(struct arm_smccc_res, a6)); -+#endif - DEFINE(ARM_SMCCC_QUIRK_ID_OFFS, offsetof(struct arm_smccc_quirk, id)); - DEFINE(ARM_SMCCC_QUIRK_STATE_OFFS, offsetof(struct arm_smccc_quirk, state)); - #endif -diff --git a/common/board_r.c b/common/board_r.c -index 6f4aca2077d6..412a0ea9fac3 100644 ---- a/common/board_r.c -+++ b/common/board_r.c -@@ -62,6 +62,9 @@ - #include - #include - #include -+#ifdef CONFIG_ARM_FFA_TRANSPORT -+#include -+#endif - - DECLARE_GLOBAL_DATA_PTR; - -@@ -779,6 +782,9 @@ static init_fnc_t init_sequence_r[] = { - INIT_FUNC_WATCHDOG_RESET - initr_net, - #endif -+#ifdef CONFIG_ARM_FFA_TRANSPORT -+ ffa_helper_init_device, -+#endif - #ifdef CONFIG_POST - initr_post, - #endif -diff --git a/drivers/Kconfig b/drivers/Kconfig -index b26ca8cf70c9..e83c23789d1b 100644 ---- a/drivers/Kconfig -+++ b/drivers/Kconfig -@@ -6,6 +6,8 @@ source "drivers/core/Kconfig" - - source "drivers/adc/Kconfig" - -+source "drivers/arm-ffa/Kconfig" -+ - source "drivers/ata/Kconfig" - - source "drivers/axi/Kconfig" -diff --git a/drivers/Makefile b/drivers/Makefile -index 67c8af74424e..1be687b55d13 100644 ---- a/drivers/Makefile -+++ b/drivers/Makefile -@@ -109,6 +109,7 @@ obj-y += iommu/ - obj-y += smem/ - obj-y += thermal/ - obj-$(CONFIG_TEE) += tee/ -+obj-$(CONFIG_ARM_FFA_TRANSPORT) += arm-ffa/ - obj-y += axi/ - obj-y += ufs/ - obj-$(CONFIG_W1) += w1/ -diff --git a/drivers/arm-ffa/Kconfig b/drivers/arm-ffa/Kconfig -new file mode 100644 -index 000000000000..d71444c1fa90 ---- /dev/null -+++ b/drivers/arm-ffa/Kconfig -@@ -0,0 +1,26 @@ -+# SPDX-License-Identifier: GPL-2.0 -+ -+config ARM_FFA_TRANSPORT -+ bool "Enable Arm Firmware Framework for Armv8-A driver" -+ depends on DM && ARM64 -+ select ARM_SMCCC -+ select LIB_UUID -+ select ARM_FFA_TRANSPORT_HELPERS -+ select CMD_ARMFFA -+ help -+ The Firmware Framework for Arm A-profile processors (FF-A) -+ describes interfaces (ABIs) that standardize communication -+ between the Secure World and Normal World leveraging TrustZone -+ technology. -+ -+ This driver is based on FF-A specification v1.0 and uses SMC32 -+ calling convention. -+ -+ FF-A specification: -+ -+ https://developer.arm.com/documentation/den0077/a/?lang=en -+ -+ In u-boot FF-A design, the Secure World is considered as one -+ entity to communicate with. FF-A communication is handled by -+ one device and one instance. This device takes care of -+ all the interactions between Normal world and Secure World. -diff --git a/drivers/arm-ffa/Makefile b/drivers/arm-ffa/Makefile -new file mode 100644 -index 000000000000..9fb5bea52299 ---- /dev/null -+++ b/drivers/arm-ffa/Makefile -@@ -0,0 +1,3 @@ -+# SPDX-License-Identifier: GPL-2.0+ -+ -+obj-y += arm-ffa-uclass.o core.o -diff --git a/drivers/arm-ffa/arm-ffa-uclass.c b/drivers/arm-ffa/arm-ffa-uclass.c -new file mode 100644 -index 000000000000..43f6066281fe ---- /dev/null -+++ b/drivers/arm-ffa/arm-ffa-uclass.c -@@ -0,0 +1,67 @@ -+// SPDX-License-Identifier: GPL-2.0+ -+/* -+ * (C) Copyright 2021 ARM Limited -+ * Abdellatif El Khlifi -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+ -+DECLARE_GLOBAL_DATA_PTR; -+ -+UCLASS_DRIVER(ffa) = { -+ .name = "ffa", -+ .id = UCLASS_FFA, -+}; -+ -+/** -+ * ffa_get_invoke_func - performs a call to the FF-A driver dispatcher -+ * @func_id: The FF-A function to be used -+ * @func_data: Pointer to the FF-A function arguments -+ * container structure. This also includes -+ * pointers to the returned data needed by -+ * clients. -+ * -+ * This runtime function passes the FF-A function ID and its arguments to -+ * the FF-A driver dispatcher. -+ * This function is called by the FF-A helper functions. -+ * -+ * Return: -+ * -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+int __ffa_runtime ffa_get_invoke_func(u32 func_id, struct ffa_interface_data *func_data) -+{ -+ if (!ffa_device_get_ops()->invoke_func) -+ return -EINVAL; -+ -+ return ffa_device_get_ops()->invoke_func(func_id, func_data); -+} -+ -+/** -+ * ffa_init_device - probes the arm_ffa device -+ * -+ * This boot time function makes sure the arm_ffa device is probed -+ * and ready for use. -+ * This function is called automatically at initcalls -+ * level (after u-boot relocation). -+ * -+ * Arm FF-A transport is implemented through a single u-boot -+ * device (arm_ffa). So, there is only one device belonging to UCLASS_FFA. -+ * All FF-A clients should use the arm_ffa device to use the FF-A -+ * transport. -+ * -+ * Return: -+ * -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+int ffa_init_device(void) -+{ -+ ffa_dbg("[%s]", __func__); -+ -+ return ffa_get_device(); -+} -diff --git a/drivers/arm-ffa/arm_ffa_prv.h b/drivers/arm-ffa/arm_ffa_prv.h -new file mode 100644 -index 000000000000..38ea4ba83efc ---- /dev/null -+++ b/drivers/arm-ffa/arm_ffa_prv.h -@@ -0,0 +1,199 @@ -+/* SPDX-License-Identifier: GPL-2.0+ */ -+/* -+ * (C) Copyright 2021 ARM Limited -+ * Abdellatif El Khlifi -+ */ -+ -+#ifndef __ARM_FFA_PRV_H -+#define __ARM_FFA_PRV_H -+ -+#include -+#include -+#include -+ -+/* -+ * This header is private. It is exclusively used by the FF-A driver -+ */ -+ -+/* FF-A driver version definitions */ -+ -+#define MAJOR_VERSION_MASK GENMASK(30, 16) -+#define MINOR_VERSION_MASK GENMASK(15, 0) -+#define GET_FFA_MAJOR_VERSION(x) \ -+ ((u16)(FIELD_GET(MAJOR_VERSION_MASK, (x)))) -+#define GET_FFA_MINOR_VERSION(x) \ -+ ((u16)(FIELD_GET(MINOR_VERSION_MASK, (x)))) -+#define PACK_VERSION_INFO(major, minor) \ -+ (FIELD_PREP(MAJOR_VERSION_MASK, (major)) | \ -+ FIELD_PREP(MINOR_VERSION_MASK, (minor))) -+ -+#define FFA_MAJOR_VERSION (1) -+#define FFA_MINOR_VERSION (0) -+#define FFA_VERSION_1_0 \ -+ PACK_VERSION_INFO(FFA_MAJOR_VERSION, FFA_MINOR_VERSION) -+ -+/* Endpoint ID mask (u-boot endpoint ID) */ -+ -+#define GET_SELF_ENDPOINT_ID_MASK GENMASK(15, 0) -+#define GET_SELF_ENDPOINT_ID(x) \ -+ ((u16)(FIELD_GET(GET_SELF_ENDPOINT_ID_MASK, (x)))) -+ -+#define PREP_SELF_ENDPOINT_ID_MASK GENMASK(31, 16) -+#define PREP_SELF_ENDPOINT_ID(x) \ -+ ((u16)(FIELD_PREP(PREP_SELF_ENDPOINT_ID_MASK, (x)))) -+ -+/* Partition endpoint ID mask (partition with which u-boot communicates with) */ -+ -+#define PREP_PART_ENDPOINT_ID_MASK GENMASK(15, 0) -+#define PREP_PART_ENDPOINT_ID(x) \ -+ ((u16)(FIELD_PREP(PREP_PART_ENDPOINT_ID_MASK, (x)))) -+ -+/* The FF-A SMC function prototype definition */ -+ -+typedef void (*invoke_ffa_fn_t)(unsigned long a0, unsigned long a1, -+ unsigned long a2, unsigned long a3, unsigned long a4, -+ unsigned long a5, unsigned long a6, unsigned long a7, -+ struct arm_smccc_res *res); -+ -+/** -+ * enum ffa_conduit - Arm FF-A conduits supported by the Arm FF-A driver -+ * Currently only SMC32 is supported. -+ */ -+enum ffa_conduit { -+ FFA_CONDUIT_SMC = 0, -+}; -+ -+/** -+ * FFA_DECLARE_ARGS - FF-A functions local variables -+ * @a0-a7: local variables used to set registers x0-x7 -+ * @res: the structure hosting the FF-A function return data -+ * -+ * A helper macro for declaring local variables for the FF-A functions arguments. -+ * The x0-x7 registers are used to exchange data with the secure world. -+ * But, only the bottom 32-bit of thes registers contains the data. -+ */ -+#define FFA_DECLARE_ARGS \ -+ unsigned long a0 = 0; \ -+ unsigned long a1 = 0; \ -+ unsigned long a2 = 0; \ -+ unsigned long a3 = 0; \ -+ unsigned long a4 = 0; \ -+ unsigned long a5 = 0; \ -+ unsigned long a6 = 0; \ -+ unsigned long a7 = 0; \ -+ struct arm_smccc_res res = {0} -+ -+/* FF-A error codes */ -+#define FFA_ERR_STAT_NOT_SUPPORTED (-1) -+#define FFA_ERR_STAT_INVALID_PARAMETERS (-2) -+#define FFA_ERR_STAT_NO_MEMORY (-3) -+#define FFA_ERR_STAT_BUSY (-4) -+#define FFA_ERR_STAT_INTERRUPTED (-5) -+#define FFA_ERR_STAT_DENIED (-6) -+#define FFA_ERR_STAT_RETRY (-7) -+#define FFA_ERR_STAT_ABORTED (-8) -+ -+/** -+ * struct ffa_features_desc - FF-A functions features -+ * @func_id: FF-A function -+ * @field1: features read from register w2 -+ * @field2: features read from register w3 -+ * -+ * Data structure describing the features of the FF-A functions queried by -+ * FFA_FEATURES -+ */ -+struct ffa_features_desc { -+ u32 func_id; -+ u32 field1; -+ u32 field2; -+}; -+ -+/** -+ * enum ffa_rxtx_buf_sizes - minimum sizes supported -+ * for the RX/TX buffers -+ */ -+enum ffa_rxtx_buf_sizes { -+ RXTX_4K, -+ RXTX_64K, -+ RXTX_16K -+}; -+ -+/* -+ * Number of the FF-A interfaces features descriptors -+ * currently only FFA_RXTX_MAP descriptor is supported -+ */ -+#define FFA_FEATURE_DESC_CNT (1) -+ -+/** -+ * struct ffa_pdata - platform data for the arm_ffa device -+ * @conduit: The FF-A conduit used -+ * -+ * Platform data structure read from the device tree -+ */ -+struct ffa_pdata { -+ enum ffa_conduit conduit; -+}; -+ -+/** -+ * struct ffa_rxtxpair - structure hosting the RX/TX buffers physical addresses -+ * @rxbuf: physical address of the RX buffer -+ * @txbuf: physical address of the TX buffer -+ * -+ * Data structure hosting the physical addresses of the mapped RX/TX buffers -+ * These physical address are used by the FF-A functions that use the RX/TX buffers -+ */ -+struct ffa_rxtxpair { -+ u64 rxbuf; /* physical address */ -+ u64 txbuf; /* physical address */ -+}; -+ -+/** -+ * struct ffa_partition_desc - the secure partition descriptor -+ * @info: partition information -+ * @UUID: UUID -+ * -+ * Each partition has its descriptor containing the partitions information and the UUID -+ */ -+struct ffa_partition_desc { -+ struct ffa_partition_info info; -+ union ffa_partition_uuid UUID; -+}; -+ -+/** -+ * struct ffa_partitions - descriptors for all secure partitions -+ * @count: The number of partitions descriptors -+ * @descs The partitions descriptors table -+ * -+ * This data structure contains the partitions descriptors table -+ */ -+struct ffa_partitions { -+ u32 count; -+ struct ffa_partition_desc *descs; /* virtual address */ -+}; -+ -+/** -+ * struct ffa_prvdata - the driver private data structure -+ * -+ * @dev: The arm_ffa device under u-boot driver model -+ * @fwk_version: FF-A framework version -+ * @id: u-boot endpoint ID -+ * @partitions: The partitions descriptors structure -+ * @pair: The RX/TX buffers pair -+ * @conduit: The selected conduit -+ * @invoke_ffa_fn: The function executing the FF-A function -+ * @features: Table of the FF-A functions having features -+ * -+ * The driver data structure hosting all resident data. -+ */ -+struct ffa_prvdata { -+ struct udevice *dev; -+ u32 fwk_version; -+ u16 id; -+ struct ffa_partitions partitions; -+ struct ffa_rxtxpair pair; -+ enum ffa_conduit conduit; -+ invoke_ffa_fn_t invoke_ffa_fn; -+ struct ffa_features_desc features[FFA_FEATURE_DESC_CNT]; -+}; -+ -+#endif -diff --git a/drivers/arm-ffa/core.c b/drivers/arm-ffa/core.c -new file mode 100644 -index 000000000000..98e2d2fa1767 ---- /dev/null -+++ b/drivers/arm-ffa/core.c -@@ -0,0 +1,1484 @@ -+// SPDX-License-Identifier: GPL-2.0+ -+/* -+ * (C) Copyright 2021 ARM Limited -+ * Abdellatif El Khlifi -+ */ -+ -+#include "arm_ffa_prv.h" -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+DECLARE_GLOBAL_DATA_PTR; -+ -+/** -+ * The device private data structure containing all the resident -+ * data read from secure world -+ */ -+struct ffa_prvdata __ffa_runtime_data ffa_priv_data = {0}; -+ -+/* -+ * Driver functions -+ */ -+ -+/** -+ * ffa_get_device - probes the arm_ffa device -+ * -+ * This boot time function makes sure the arm_ffa device is probed -+ * and ready for use. This is done using uclass_get_device. -+ * The arm_ffa driver belongs to UCLASS_FFA. -+ * This function should be called before using the driver. -+ * -+ * Arm FF-A transport is implemented through a single u-boot -+ * device (arm_ffa). So, there is only one device belonging to UCLASS_FFA. -+ * All FF-A clients should use the arm_ffa device to use the FF-A -+ * transport. -+ * -+ * Return: -+ * -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+int ffa_get_device(void) -+{ -+ int ret; -+ int devnum = 0; -+ -+ ffa_dbg("[%s]", __func__); -+ -+ if (ffa_priv_data.dev) -+ return FFA_ERR_STAT_SUCCESS; -+ -+ /* -+ * searching and probing the device -+ */ -+ ret = uclass_get_device(UCLASS_FFA, devnum, &ffa_priv_data.dev); -+ if (ret) { -+ ffa_err("can not find the device"); -+ ffa_priv_data.dev = NULL; -+ return -ENODEV; -+ } -+ -+ return FFA_ERR_STAT_SUCCESS; -+} -+ -+/** -+ * ffa_get_version - FFA_VERSION handler function -+ * -+ * This is the boot time function that implements FFA_VERSION FF-A function -+ * to get from the secure world the FF-A framework version -+ * -+ * Return: -+ * -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+static int ffa_get_version(void) -+{ -+ u16 major, minor; -+ -+ FFA_DECLARE_ARGS; -+ -+ ffa_dbg("[%s]", __func__); -+ -+ if (!ffa_priv_data.invoke_ffa_fn) -+ panic("[FFA] no private data found\n"); -+ -+ a0 = FFA_VERSION; -+ a1 = FFA_VERSION_1_0; -+ ffa_priv_data.invoke_ffa_fn(a0, a1, a2, a3, a4, a5, a6, a7, &res); -+ -+ if (res.a0 == FFA_ERR_STAT_NOT_SUPPORTED) { -+ ffa_err("A Firmware Framework implementation does not exist"); -+ return -EOPNOTSUPP; -+ } -+ -+ major = GET_FFA_MAJOR_VERSION(res.a0); -+ minor = GET_FFA_MINOR_VERSION(res.a0); -+ -+ ffa_info("FF-A driver %d.%d\nFF-A framework %d.%d", -+ FFA_MAJOR_VERSION, FFA_MINOR_VERSION, major, minor); -+ -+ if ((major == FFA_MAJOR_VERSION && minor >= FFA_MINOR_VERSION)) { -+ ffa_info("Versions are compatible "); -+ -+ ffa_priv_data.fwk_version = res.a0; -+ -+ return FFA_ERR_STAT_SUCCESS; -+ } -+ -+ ffa_info("Versions are incompatible "); -+ return -EPROTONOSUPPORT; -+} -+ -+/** -+ * ffa_get_endpoint_id - FFA_ID_GET handler function -+ * -+ * This is the boot time function that implements FFA_ID_GET FF-A function -+ * to get from the secure world u-boot endpoint ID -+ * -+ * Return: -+ * -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+static int ffa_get_endpoint_id(void) -+{ -+ FFA_DECLARE_ARGS; -+ -+ ffa_dbg("[%s]", __func__); -+ -+ if (!ffa_priv_data.invoke_ffa_fn) -+ panic("[FFA] no private data found\n"); -+ -+ a0 = FFA_ID_GET; -+ -+ ffa_priv_data.invoke_ffa_fn(a0, a1, a2, a3, a4, a5, a6, a7, &res); -+ -+ switch (res.a0) { -+ case FFA_ERROR: -+ { -+ if (((int)res.a2) == FFA_ERR_STAT_NOT_SUPPORTED) { -+ ffa_err("This function is not implemented at this FF-A instance"); -+ return -EOPNOTSUPP; -+ } -+ -+ ffa_err("Undefined error code (%d)", ((int)res.a2)); -+ return -EINVAL; -+ } -+ case FFA_SUCCESS: -+ { -+ ffa_priv_data.id = GET_SELF_ENDPOINT_ID(res.a2); -+ ffa_info("endpoint ID is %u", ffa_priv_data.id); -+ -+ return FFA_ERR_STAT_SUCCESS; -+ } -+ default: -+ { -+ ffa_err("Undefined response function (0x%lx)", res.a0); -+ return -EINVAL; -+ } -+ } -+} -+ -+/** -+ * ffa_get_features_desc - returns the features descriptor of the specified -+ * FF-A function -+ * @func_id: the FF-A function which the features are to be retrieved -+ * -+ * This is a boot time function that searches the features descriptor of the -+ * specified FF-A function -+ * -+ * Return: -+ * -+ * When found, the address of the features descriptor is returned. Otherwise, NULL. -+ */ -+static struct ffa_features_desc *ffa_get_features_desc(u32 func_id) -+{ -+ u32 desc_idx; -+ -+ /* -+ * search for the descriptor of the selected FF-A interface -+ */ -+ for (desc_idx = 0; desc_idx < FFA_FEATURE_DESC_CNT ; desc_idx++) -+ if (ffa_priv_data.features[desc_idx].func_id == func_id) -+ return &ffa_priv_data.features[desc_idx]; -+ -+ return NULL; -+} -+ -+/** -+ * ffa_get_rxtx_map_features - FFA_FEATURES handler function with FFA_RXTX_MAP -+ * argument -+ * -+ * This is the boot time function that implements FFA_FEATURES FF-A function -+ * to retrieve the FFA_RXTX_MAP features -+ * -+ * Return: -+ * -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+static int ffa_get_rxtx_map_features(void) -+{ -+ FFA_DECLARE_ARGS; -+ -+ ffa_dbg("[%s]", __func__); -+ -+ if (!ffa_priv_data.invoke_ffa_fn) -+ panic("[FFA] no private data found\n"); -+ -+ a0 = FFA_FEATURES; -+ a1 = FFA_RXTX_MAP; -+ -+ ffa_priv_data.invoke_ffa_fn(a0, a1, a2, a3, a4, a5, a6, a7, &res); -+ -+ switch (res.a0) { -+ case FFA_ERROR: -+ { -+ if (((int)res.a2) == FFA_ERR_STAT_NOT_SUPPORTED) { -+ ffa_err("FFA_RXTX_MAP is not implemented at this FF-A instance"); -+ return -EOPNOTSUPP; -+ } -+ -+ ffa_err("Undefined error code (%d)", ((int)res.a2)); -+ return -EINVAL; -+ } -+ case FFA_SUCCESS: -+ { -+ u32 desc_idx; -+ -+ /* -+ * search for an empty descriptor -+ */ -+ for (desc_idx = 0; desc_idx < FFA_FEATURE_DESC_CNT ; desc_idx++) -+ if (!ffa_priv_data.features[desc_idx].func_id) { -+ /* -+ * populate the descriptor with -+ * the interface features data -+ */ -+ ffa_priv_data.features[desc_idx].func_id = -+ FFA_RXTX_MAP; -+ ffa_priv_data.features[desc_idx].field1 = -+ res.a2; -+ -+ ffa_info("FFA_RXTX_MAP features data 0x%lx", -+ res.a2); -+ -+ return FFA_ERR_STAT_SUCCESS; -+ } -+ -+ ffa_err("Cannot save FFA_RXTX_MAP features data. Descriptors table full"); -+ return -ENOBUFS; -+ } -+ default: -+ { -+ ffa_err("Undefined response function (0x%lx)", -+ res.a0); -+ return -EINVAL; -+ } -+ } -+} -+ -+/** -+ * ffa_get_rxtx_buffers_pages_cnt - reads from the features data descriptors -+ * the minimum number of pages in each of the RX/TX -+ * buffers -+ * @buf_4k_pages: Pointer to the minimum number of pages -+ * -+ * This is the boot time function that returns the minimum number of pages -+ * in each of the RX/TX buffers -+ * -+ * Return: -+ * -+ * buf_4k_pages points to the returned number of pages -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+static int ffa_get_rxtx_buffers_pages_cnt(size_t *buf_4k_pages) -+{ -+ struct ffa_features_desc *desc = NULL; -+ -+ ffa_dbg("[%s]", __func__); -+ -+ if (!buf_4k_pages) -+ return -EINVAL; -+ -+ desc = ffa_get_features_desc(FFA_RXTX_MAP); -+ if (!desc) -+ return -EINVAL; -+ -+ ffa_dbg("FFA_RXTX_MAP descriptor found"); -+ -+ switch (desc->field1) { -+ case RXTX_4K: -+ *buf_4k_pages = 1; -+ break; -+ case RXTX_16K: -+ *buf_4k_pages = 4; -+ break; -+ case RXTX_64K: -+ *buf_4k_pages = 16; -+ break; -+ default: -+ ffa_err("RX/TX buffer size not supported"); -+ return -EINVAL; -+ } -+ -+ return FFA_ERR_STAT_SUCCESS; -+} -+ -+/** -+ * ffa_free_rxtx_buffers - frees the RX/TX buffers -+ * @buf_4k_pages: the minimum number of pages in each of the RX/TX -+ * buffers -+ * -+ * This is the boot time function used to free the RX/TX buffers -+ * -+ * Return: -+ * -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+static int ffa_free_rxtx_buffers(size_t buf_4k_pages) -+{ -+ efi_status_t free_rxbuf_ret, free_txbuf_ret; -+ -+ ffa_info("Freeing RX/TX buffers"); -+ -+ free_rxbuf_ret = efi_free_pages(ffa_priv_data.pair.rxbuf, buf_4k_pages); -+ free_txbuf_ret = efi_free_pages(ffa_priv_data.pair.txbuf, buf_4k_pages); -+ -+ if (free_rxbuf_ret != EFI_SUCCESS || free_txbuf_ret != EFI_SUCCESS) { -+ ffa_err("Failed to free RX/TX buffers (rx: %lu , tx: %lu)", -+ free_rxbuf_ret, -+ free_txbuf_ret); -+ return -EINVAL; -+ } -+ -+ return FFA_ERR_STAT_SUCCESS; -+} -+ -+/** -+ * ffa_alloc_rxtx_buffers - allocates the RX/TX buffers -+ * @buf_4k_pages: the minimum number of pages in each of the RX/TX -+ * buffers -+ * -+ * This is the boot time function used by ffa_map_rxtx_buffers to allocate -+ * the RX/TX buffers before mapping them -+ * -+ * Return: -+ * -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+static int ffa_alloc_rxtx_buffers(size_t buf_4k_pages) -+{ -+ ffa_dbg("[%s]", __func__); -+ -+#if CONFIG_IS_ENABLED(EFI_LOADER) -+ -+ efi_status_t efi_ret; -+ void *virt_txbuf; -+ void *virt_rxbuf; -+ -+ ffa_info("Using %lu 4KB page(s) for RX/TX buffers size", -+ buf_4k_pages); -+ -+ efi_ret = efi_allocate_pages(EFI_ALLOCATE_ANY_PAGES, -+ EFI_BOOT_SERVICES_DATA, -+ buf_4k_pages, -+ &ffa_priv_data.pair.rxbuf); -+ -+ if (efi_ret != EFI_SUCCESS) { -+ ffa_priv_data.pair.rxbuf = 0; -+ ffa_err("Failure to allocate RX buffer (EFI error: 0x%lx)", -+ efi_ret); -+ -+ return -ENOBUFS; -+ } -+ -+ ffa_info("RX buffer at phys 0x%llx", -+ ffa_priv_data.pair.rxbuf); -+ -+ /* -+ * convert the RX buffer physical address to virtual address -+ */ -+ virt_rxbuf = (void *)map_sysmem((phys_addr_t)ffa_priv_data.pair.rxbuf, 0); -+ -+ /* -+ * make sure the buffer is clean before use -+ */ -+ memset(virt_rxbuf, 0, buf_4k_pages * SZ_4K); -+ -+ unmap_sysmem(virt_rxbuf); -+ -+ efi_ret = efi_allocate_pages(EFI_ALLOCATE_ANY_PAGES, -+ EFI_RUNTIME_SERVICES_DATA, -+ buf_4k_pages, -+ &ffa_priv_data.pair.txbuf); -+ -+ if (efi_ret != EFI_SUCCESS) { -+ ffa_dbg("FFA_RXTX_MAP: freeing RX buffer"); -+ efi_free_pages(ffa_priv_data.pair.rxbuf, buf_4k_pages); -+ ffa_priv_data.pair.rxbuf = 0; -+ ffa_priv_data.pair.txbuf = 0; -+ ffa_err("Failure to allocate the TX buffer (EFI error: 0x%lx)" -+ , efi_ret); -+ -+ return -ENOBUFS; -+ } -+ -+ ffa_info("TX buffer at phys 0x%llx", -+ ffa_priv_data.pair.txbuf); -+ -+ /* -+ * convert the TX buffer physical address to virtual address -+ */ -+ virt_txbuf = (void *)map_sysmem((phys_addr_t)ffa_priv_data.pair.txbuf, 0); -+ -+ /* -+ * make sure the buffer is clean before use -+ */ -+ memset(virt_txbuf, 0, buf_4k_pages * SZ_4K); -+ -+ unmap_sysmem(virt_txbuf); -+ -+ return FFA_ERR_STAT_SUCCESS; -+ -+#else -+ return -ENOBUFS; -+#endif -+} -+ -+/** -+ * ffa_map_rxtx_buffers - FFA_RXTX_MAP handler function -+ * @buf_4k_pages: the minimum number of pages in each of the RX/TX -+ * buffers -+ * -+ * This is the boot time function that implements FFA_RXTX_MAP FF-A function -+ * to map the RX/TX buffers -+ * -+ * Return: -+ * -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+static int ffa_map_rxtx_buffers(size_t buf_4k_pages) -+{ -+ int ret; -+ -+ FFA_DECLARE_ARGS; -+ -+ ffa_dbg("[%s]", __func__); -+ -+ if (!ffa_priv_data.invoke_ffa_fn) -+ panic("[FFA] no private data found\n"); -+ -+ ret = ffa_alloc_rxtx_buffers(buf_4k_pages); -+ if (ret != FFA_ERR_STAT_SUCCESS) -+ return ret; -+ -+ a0 = FFA_RXTX_MAP; -+ a1 = ffa_priv_data.pair.txbuf; -+ a2 = ffa_priv_data.pair.rxbuf; -+ a3 = buf_4k_pages; -+ -+ ffa_priv_data.invoke_ffa_fn(a0, a1, a2, a3, a4, a5, a6, a7, &res); -+ -+ switch (res.a0) { -+ case FFA_ERROR: -+ { -+ switch (((int)res.a2)) { -+ case FFA_ERR_STAT_INVALID_PARAMETERS: -+ ffa_err("One or more fields in input parameters is incorrectly encoded"); -+ ret = -EPERM; -+ break; -+ case FFA_ERR_STAT_NO_MEMORY: -+ ffa_err("Not enough memory"); -+ ret = -ENOMEM; -+ break; -+ case FFA_ERR_STAT_DENIED: -+ ffa_err("Buffer pair already registered"); -+ ret = -EACCES; -+ break; -+ case FFA_ERR_STAT_NOT_SUPPORTED: -+ ffa_err("This function is not implemented at this FF-A instance"); -+ ret = -EOPNOTSUPP; -+ break; -+ default: -+ ffa_err("Undefined error (%d)", -+ ((int)res.a2)); -+ ret = -EINVAL; -+ } -+ break; -+ } -+ case FFA_SUCCESS: -+ ffa_info("RX/TX buffers mapped"); -+ return FFA_ERR_STAT_SUCCESS; -+ default: -+ ffa_err("Undefined response function (0x%lx)", -+ res.a0); -+ ret = -EINVAL; -+ } -+ -+ ffa_free_rxtx_buffers(buf_4k_pages); -+ -+ return ret; -+} -+ -+/** -+ * ffa_unmap_rxtx_buffers - FFA_RXTX_UNMAP handler function -+ * -+ * This is the boot time function that implements FFA_RXTX_UNMAP FF-A function -+ * to unmap the RX/TX buffers -+ * -+ * Return: -+ * -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+static int ffa_unmap_rxtx_buffers(void) -+{ -+ FFA_DECLARE_ARGS; -+ -+ ffa_dbg("[%s]", __func__); -+ -+ if (!ffa_priv_data.invoke_ffa_fn) -+ panic("[FFA] no private data found\n"); -+ -+ a0 = FFA_RXTX_UNMAP; -+ a1 = PREP_SELF_ENDPOINT_ID(ffa_priv_data.id); -+ -+ ffa_priv_data.invoke_ffa_fn(a0, a1, a2, a3, a4, a5, a6, a7, &res); -+ -+ switch (res.a0) { -+ case FFA_ERROR: -+ { -+ if (((int)res.a2) == FFA_ERR_STAT_NOT_SUPPORTED) -+ panic("[FFA] FFA_RXTX_UNMAP is not implemented at this FF-A instance\n"); -+ else if (((int)res.a2) == FFA_ERR_STAT_INVALID_PARAMETERS) -+ panic("[FFA] There is no buffer pair registered on behalf of the caller\n"); -+ else -+ panic("[FFA] Undefined error (%d)\n", ((int)res.a2)); -+ } -+ case FFA_SUCCESS: -+ { -+ size_t buf_4k_pages = 0; -+ int ret; -+ -+ ret = ffa_get_rxtx_buffers_pages_cnt(&buf_4k_pages); -+ if (ret != FFA_ERR_STAT_SUCCESS) -+ panic("[FFA] RX/TX buffers unmapped but failure in getting pages count\n"); -+ -+ ret = ffa_free_rxtx_buffers(buf_4k_pages); -+ if (ret != FFA_ERR_STAT_SUCCESS) -+ panic("[FFA] RX/TX buffers unmapped but failure in freeing the memory\n"); -+ -+ ffa_info("RX/TX buffers unmapped and memory freed"); -+ -+ return FFA_ERR_STAT_SUCCESS; -+ } -+ default: -+ panic("[FFA] Undefined response function (0x%lx)", res.a0); -+ } -+} -+ -+/** -+ * ffa_release_rx_buffer - FFA_RX_RELEASE handler function -+ * -+ * This is the boot time function that invokes FFA_RX_RELEASE FF-A function -+ * to release the ownership of the RX buffer -+ * -+ * Return: -+ * -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+static int ffa_release_rx_buffer(void) -+{ -+ FFA_DECLARE_ARGS; -+ -+ ffa_dbg("[%s]", __func__); -+ -+ if (!ffa_priv_data.invoke_ffa_fn) -+ panic("[FFA] no private data found\n"); -+ -+ a0 = FFA_RX_RELEASE; -+ -+ ffa_priv_data.invoke_ffa_fn(a0, a1, a2, a3, a4, a5, a6, a7, &res); -+ -+ switch (res.a0) { -+ case FFA_ERROR: -+ { -+ if (((int)res.a2) == FFA_ERR_STAT_NOT_SUPPORTED) -+ panic("[FFA] FFA_RX_RELEASE is not implemented at this FF-A instance\n"); -+ else if (((int)res.a2) == FFA_ERR_STAT_DENIED) -+ panic("[FFA] Caller did not have ownership of the RX buffer\n"); -+ else -+ panic("[FFA] Undefined error (%d)\n", ((int)res.a2)); -+ } -+ case FFA_SUCCESS: -+ ffa_info("RX buffer released"); -+ return FFA_ERR_STAT_SUCCESS; -+ -+ default: -+ panic("[FFA] Undefined response function (0x%lx)\n", res.a0); -+ } -+} -+ -+/** -+ * ffa_uuid_are_identical - checks whether two given UUIDs are identical -+ * @uuid1: first UUID -+ * @uuid2: second UUID -+ * -+ * This is a boot time function used by ffa_read_partitions_info to search -+ * for a UUID in the partitions descriptors table -+ * -+ * Return: -+ * -+ * 1 when UUIDs match. Otherwise, 0 -+ */ -+int ffa_uuid_are_identical(const union ffa_partition_uuid *uuid1, -+ const union ffa_partition_uuid *uuid2) -+{ -+ if (!uuid1 || !uuid2) -+ return 0; -+ -+ return (!memcmp(uuid1, uuid2, sizeof(union ffa_partition_uuid))); -+} -+ -+/** -+ * ffa_read_partitions_info - reads the data queried by FFA_PARTITION_INFO_GET -+ * and saves it in the private structure -+ * @count: The number of partitions queried -+ * @part_uuid: Pointer to the partition(s) UUID -+ * -+ * This is the boot time function that reads the partitions information -+ * returned by the FFA_PARTITION_INFO_GET and saves it in the private -+ * data structure. -+ * -+ * Return: -+ * -+ * The private data structure is updated with the partition(s) information -+ * FFA_ERR_STAT_SUCCESS is returned on success. Otherwise, failure -+ */ -+static int ffa_read_partitions_info(u32 count, union ffa_partition_uuid *part_uuid) -+{ -+ ffa_dbg("[%s]", __func__); -+ -+ if (!count) { -+ ffa_err("No partition detected"); -+ return -ENODATA; -+ } -+ -+ ffa_info("Reading partitions data from the RX buffer"); -+ -+#if CONFIG_IS_ENABLED(EFI_LOADER) -+ -+ if (!part_uuid) { -+ /* -+ * querying information of all partitions -+ */ -+ u64 data_pages; -+ u64 data_bytes; -+ efi_status_t efi_ret; -+ size_t buf_4k_pages = 0; -+ u32 desc_idx; -+ struct ffa_partition_info *parts_info; -+ int ret; -+ -+ data_bytes = count * sizeof(struct ffa_partition_desc); -+ data_pages = efi_size_in_pages(data_bytes); -+ -+ /* -+ * get the RX buffer size in pages -+ */ -+ ret = ffa_get_rxtx_buffers_pages_cnt(&buf_4k_pages); -+ if (ret != FFA_ERR_STAT_SUCCESS) { -+ ffa_err("Can not get the RX buffer size (error %d)", ret); -+ return ret; -+ } -+ -+ if (data_pages > buf_4k_pages) { -+ ffa_err("Partitions data size exceeds the RX buffer size:"); -+ ffa_err(" Sizes in pages: data %llu , RX buffer %lu ", -+ data_pages, -+ buf_4k_pages); -+ -+ return -ENOMEM; -+ } -+ -+ efi_ret = efi_allocate_pages(EFI_ALLOCATE_ANY_PAGES, -+ EFI_RUNTIME_SERVICES_DATA, -+ data_pages, -+ (u64 *)&ffa_priv_data.partitions.descs); -+ -+ if (efi_ret != EFI_SUCCESS) { -+ ffa_priv_data.partitions.descs = NULL; -+ -+ ffa_err("Cannot allocate partitions data buffer (EFI error 0x%lx)", -+ efi_ret); -+ -+ return -ENOBUFS; -+ } -+ -+ /* -+ * convert the descs buffer physical address -+ * to virtual address -+ * This virtual address should not be unmapped -+ * descs is expected to be a virtual address -+ */ -+ ffa_priv_data.partitions.descs = -+ (struct ffa_partition_desc *) -+ map_sysmem((phys_addr_t) -+ ffa_priv_data.partitions.descs, 0); -+ -+ /* -+ * make sure the buffer is clean before use -+ */ -+ memset(ffa_priv_data.partitions.descs, 0, -+ data_pages * SZ_4K); -+ -+ ffa_info("Copying %lld page(s) of partitions data from RX buffer", -+ data_pages); -+ -+ /* -+ * convert the RX buffer physical address to -+ * virtual address -+ */ -+ parts_info = (struct ffa_partition_info *) -+ map_sysmem((phys_addr_t) -+ ffa_priv_data.pair.rxbuf, 0); -+ -+ for (desc_idx = 0 ; desc_idx < count ; desc_idx++) { -+ ffa_priv_data.partitions.descs[desc_idx].info = -+ parts_info[desc_idx]; -+ -+ ffa_info("Partition ID %x : info cached", -+ ffa_priv_data.partitions.descs[desc_idx].info.id); -+ } -+ unmap_sysmem(parts_info); -+ -+ ffa_priv_data.partitions.count = count; -+ -+ ffa_info("%d partition(s) found and cached", count); -+ -+ } else { -+ u32 rx_desc_idx, cached_desc_idx; -+ struct ffa_partition_info *parts_info; -+ u8 desc_found; -+ -+ /* -+ * convert the RX buffer physical address to virtual address -+ */ -+ parts_info = (struct ffa_partition_info *) -+ map_sysmem((phys_addr_t)ffa_priv_data.pair.rxbuf, 0); -+ -+ /* -+ * search for the SP IDs read from the RX buffer -+ * in the already cached SPs. -+ * Update the UUID when ID found. -+ */ -+ for (rx_desc_idx = 0; rx_desc_idx < count ; rx_desc_idx++) { -+ desc_found = 0; -+ -+ /* -+ * search the current ID in the cached partitions -+ */ -+ for (cached_desc_idx = 0; -+ cached_desc_idx < ffa_priv_data.partitions.count; -+ cached_desc_idx++) { -+ /* -+ * save the UUID -+ */ -+ if (ffa_priv_data.partitions.descs[cached_desc_idx].info.id == -+ parts_info[rx_desc_idx].id) { -+ ffa_priv_data.partitions.descs[cached_desc_idx].UUID = -+ *part_uuid; -+ -+ desc_found = 1; -+ break; -+ } -+ } -+ -+ if (!desc_found) { -+ unmap_sysmem(parts_info); -+ return -ENODATA; -+ } -+ } -+ unmap_sysmem(parts_info); -+ } -+#else -+#warning "arm_ffa: reading FFA_PARTITION_INFO_GET data not implemented" -+#endif -+ -+ return FFA_ERR_STAT_SUCCESS; -+} -+ -+/** -+ * ffa_query_partitions_info - invokes FFA_PARTITION_INFO_GET -+ * and saves partitions data -+ * @part_uuid: Pointer to the partition(s) UUID -+ * @pcount: Pointer to the number of partitions variable filled when querying -+ * -+ * This is the boot time function that executes the FFA_PARTITION_INFO_GET -+ * to query the partitions data. Then, it calls ffa_read_partitions_info -+ * to save the data in the private data structure. -+ * -+ * After reading the data the RX buffer is released using ffa_release_rx_buffer -+ * -+ * Return: -+ * -+ * When part_uuid is NULL, all partitions data are retrieved from secure world -+ * When part_uuid is non NULL, data for partitions matching the given UUID are -+ * retrieved and the number of partitions is returned -+ * FFA_ERR_STAT_SUCCESS is returned on success. Otherwise, failure -+ */ -+static int ffa_query_partitions_info(union ffa_partition_uuid *part_uuid, -+ u32 *pcount) -+{ -+ unsigned long a0 = 0; -+ union ffa_partition_uuid query_uuid = {0}; -+ unsigned long a5 = 0; -+ unsigned long a6 = 0; -+ unsigned long a7 = 0; -+ struct arm_smccc_res res = {0}; -+ -+ ffa_dbg("[%s]", __func__); -+ -+ if (!ffa_priv_data.invoke_ffa_fn) -+ panic("[FFA] no private data found\n"); -+ -+ a0 = FFA_PARTITION_INFO_GET; -+ -+ /* -+ * If a UUID is specified. Information for one or more -+ * partitions in the system is queried. Otherwise, information -+ * for all installed partitions is queried -+ */ -+ -+ if (part_uuid) { -+ if (!pcount) -+ return -EINVAL; -+ -+ query_uuid = *part_uuid; -+ } -+ -+ ffa_priv_data.invoke_ffa_fn(a0, query_uuid.words.a1, query_uuid.words.a2, -+ query_uuid.words.a3, query_uuid.words.a4, -+ a5, a6, a7, &res); -+ -+ switch (res.a0) { -+ case FFA_ERROR: -+ { -+ switch (((int)res.a2)) { -+ case FFA_ERR_STAT_INVALID_PARAMETERS: -+ ffa_err("Unrecognized UUID"); -+ return -EPERM; -+ case FFA_ERR_STAT_NO_MEMORY: -+ ffa_err("Results cannot fit in RX buffer of the caller"); -+ return -ENOMEM; -+ case FFA_ERR_STAT_DENIED: -+ ffa_err("Callee is not in a state to handle this request"); -+ return -EACCES; -+ case FFA_ERR_STAT_NOT_SUPPORTED: -+ ffa_err("This function is not implemented at this FF-A instance"); -+ return -EOPNOTSUPP; -+ case FFA_ERR_STAT_BUSY: -+ ffa_err("RX buffer of the caller is not free"); -+ return -EBUSY; -+ default: -+ ffa_err("Undefined error (%d)", ((int)res.a2)); -+ return -EINVAL; -+ } -+ } -+ case FFA_SUCCESS: -+ { -+ int ret; -+ -+ /* -+ * res.a2 contains the count of partition information descriptors -+ * populated in the RX buffer -+ */ -+ if (res.a2) { -+ ret = ffa_read_partitions_info(res.a2, part_uuid); -+ if (ret) -+ ffa_err("Failed to read partition(s) data , error (%d)", ret); -+ } -+ -+ /* -+ * return the SP count -+ */ -+ if (part_uuid) { -+ if (!ret) -+ *pcount = res.a2; -+ else -+ *pcount = 0; -+ } -+ /* -+ * After calling FFA_PARTITION_INFO_GET the buffer ownership -+ * is assigned to the consumer (u-boot). So, we need to give -+ * the ownership back to the secure world -+ */ -+ ret = ffa_release_rx_buffer(); -+ -+ if (!part_uuid && !res.a2) { -+ ffa_err("[FFA] no partition installed in the system"); -+ return -ENODEV; -+ } -+ -+ return ret; -+ } -+ default: -+ ffa_err("Undefined response function (0x%lx)", res.a0); -+ return -EINVAL; -+ } -+} -+ -+/** -+ * ffa_get_partitions_info - FFA_PARTITION_INFO_GET handler function -+ * @func_data: Pointer to the FF-A function arguments container structure. -+ * The passed arguments: -+ * Mode 1: When getting from the driver the number of -+ * secure partitions: -+ * @data0_size: UUID size -+ * @data0: pointer to the UUID (little endian) -+ * @data1_size: size of the number of partitions -+ * variable -+ * @data1: pointer to the number of partitions -+ * variable. The variable will be set -+ * by the driver -+ * Mode 2: When requesting the driver to return the -+ * partitions information: -+ * @data0_size: UUID size -+ * @data0: pointer to the UUID (little endian) -+ * @data1_size: size of the SPs information buffer -+ * @data1: pointer to SPs information buffer -+ * (allocated by the client). -+ * The buffer will be filled by the driver -+ * -+ * This is the boot time function that queries the secure partition data from -+ * the private data structure. If not found, it invokes FFA_PARTITION_INFO_GET -+ * FF-A function to query the partition information from secure world. -+ * -+ * A client of the FF-A driver should know the UUID of the service it wants to -+ * access. It should use the UUID to request the FF-A driver to provide the -+ * partition(s) information of the service. The FF-A driver uses -+ * PARTITION_INFO_GET to obtain this information. This is implemented through -+ * ffa_get_partitions_info function. -+ * A new FFA_PARTITION_INFO_GET call is issued (first one performed through -+ * ffa_cache_partitions_info) allowing to retrieve the partition(s) information. -+ * They are not saved (already done). We only update the UUID in the cached area. -+ * This assumes that partitions data does not change in the secure world. -+ * Otherwise u-boot will have an outdated partition data. The benefit of caching -+ * the information in the FF-A driver is to accommodate discovery after -+ * ExitBootServices(). -+ * -+ * When invoked through a client request, ffa_get_partitions_info should be -+ * called twice. First call is to get from the driver the number of secure -+ * partitions (SPs) associated to a particular UUID. -+ * Then, the caller (client) allocates the buffer to host the SPs data and -+ * issues a 2nd call. Then, the driver fills the SPs data in the pre-allocated -+ * buffer. -+ * -+ * To achieve the mechanism described above, ffa_get_partitions_info uses the -+ * following functions: -+ * ffa_read_partitions_info -+ * ffa_query_partitions_info -+ * -+ * Return: -+ * -+ * @data1: When pointing to the number of partitions variable, the number is -+ * set by the driver. -+ * When pointing to the partitions information buffer, the buffer will be -+ * filled by the driver. -+ * -+ * On success FFA_ERR_STAT_SUCCESS is returned. Otherwise, failure -+ */ -+static int ffa_get_partitions_info(struct ffa_interface_data *func_data) -+{ -+ /* -+ * fill_data: -+ * 0: return the SP count -+ * 1: fill SP data and return it to the caller -+ * -1: undefined mode -+ */ -+ int fill_data = -1; -+ u32 desc_idx, client_desc_idx; -+ union ffa_partition_uuid *part_uuid; -+ u32 client_desc_max_cnt; -+ u32 parts_found = 0; -+ -+ ffa_dbg("[%s]", __func__); -+ -+ if (!func_data) { -+ ffa_err("No function data provided"); -+ return -EINVAL; -+ } -+ -+ if (!ffa_priv_data.partitions.count || !ffa_priv_data.partitions.descs) -+ panic("[FFA] No partition installed\n"); -+ -+ if (func_data->data0_size == sizeof(union ffa_partition_uuid) && -+ func_data->data0 && -+ func_data->data1_size == sizeof(u32) && -+ func_data->data1) { -+ /* -+ * data0 (in): pointer to UUID -+ * data1 (in): pointer to SP count -+ * Out: SP count returned in the count variable pointed by data1 -+ */ -+ -+ fill_data = 0; -+ -+ ffa_info("Preparing for checking partitions count"); -+ -+ } else if ((func_data->data0_size == sizeof(union ffa_partition_uuid)) && -+ func_data->data0 && -+ (func_data->data1_size >= sizeof(struct ffa_partition_info)) && -+ !(func_data->data1_size % sizeof(struct ffa_partition_info)) && -+ func_data->data1) { -+ /* -+ * data0 (in): pointer to UUID -+ * data1 (in): pointer to SPs descriptors buffer -+ * (created by the client) -+ * Out: SPs descriptors returned in the buffer -+ * pointed by data1 -+ */ -+ -+ fill_data = 1; -+ -+ client_desc_idx = 0; -+ -+ /* -+ * number of empty descriptors preallocated by the caller -+ */ -+ client_desc_max_cnt = -+ func_data->data1_size / sizeof(struct ffa_partition_info); -+ -+ ffa_info("Preparing for filling partitions info"); -+ -+ } else { -+ ffa_err("Invalid function arguments provided"); -+ return -EINVAL; -+ } -+ -+ part_uuid = (union ffa_partition_uuid *)func_data->data0; -+ -+ ffa_info("Searching partitions using the provided UUID"); -+ -+#ifdef DEBUG -+ { -+ u32 dbg_uuid_cnt; -+ -+ ffa_dbg("UUID: [LSB]"); -+ -+ for (dbg_uuid_cnt = 0 ; dbg_uuid_cnt < UUID_SIZE ; dbg_uuid_cnt++) -+ ffa_dbg(" %02x", part_uuid->bytes[dbg_uuid_cnt]); -+ } -+#endif -+ -+ /* -+ * search in the cached partitions -+ */ -+ for (desc_idx = 0; -+ desc_idx < ffa_priv_data.partitions.count; -+ desc_idx++) { -+ if (ffa_uuid_are_identical(&ffa_priv_data.partitions.descs[desc_idx].UUID, -+ part_uuid)) { -+ ffa_info("Partition ID %x matches the provided UUID", -+ ffa_priv_data.partitions.descs[desc_idx].info.id); -+ -+ parts_found++; -+ -+ if (fill_data) { -+ /* -+ * trying to fill the partition info in data1 -+ */ -+ -+ if (client_desc_idx < client_desc_max_cnt) { -+ ((struct ffa_partition_info *) -+ func_data->data1)[client_desc_idx++] = -+ ffa_priv_data.partitions.descs[desc_idx].info; -+ continue; -+ } -+ -+ ffa_err("Failed to fill the current descriptor client buffer full"); -+ return -ENOBUFS; -+ } -+ } -+ } -+ -+ if (!parts_found) { -+ int ret; -+ -+ ffa_info("No partition found. Querying framework ..."); -+ -+ ret = ffa_query_partitions_info(part_uuid, &parts_found); -+ -+ if (ret == FFA_ERR_STAT_SUCCESS) { -+ if (!fill_data) { -+ *((u32 *)func_data->data1) = parts_found; -+ -+ ffa_info("Number of partition(s) found matching the UUID: %d", -+ parts_found); -+ } else { -+ /* -+ * we want to read SPs info -+ */ -+ -+ /* -+ * If SPs data filled, retry searching SP info again -+ */ -+ if (parts_found) -+ ret = ffa_get_partitions_info(func_data); -+ else -+ ret = -ENODATA; -+ } -+ } -+ -+ return ret; -+ } -+ -+ /* partition(s) found */ -+ if (!fill_data) -+ *((u32 *)func_data->data1) = parts_found; -+ -+ return FFA_ERR_STAT_SUCCESS; -+} -+ -+/** -+ * ffa_cache_partitions_info - Queries and saves all secure partitions data -+ * -+ * This is a boot time function that invokes FFA_PARTITION_INFO_GET FF-A -+ * function to query from secure world all partitions information. -+ * -+ * The FFA_PARTITION_INFO_GET call is issued with nil UUID as an argument. -+ * All installed partitions information are returned. We cache them in the -+ * resident private data structure and we keep the UUID field empty -+ * (in FF-A 1.0 UUID is not provided by the partition descriptor) -+ * -+ * This function is called at the device probing level. -+ * ffa_cache_partitions_info uses ffa_query_partitions_info to get the data -+ * -+ * Return: -+ * -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+static int ffa_cache_partitions_info(void) -+{ -+ ffa_dbg("[%s]", __func__); -+ return ffa_query_partitions_info(NULL, NULL); -+} -+ -+/** -+ * ffa_msg_send_direct_req - FFA_MSG_SEND_DIRECT_{REQ,RESP} handler function -+ * @func_data: Pointer to the FF-A function arguments container structure. -+ * The passed arguments: -+ * @data0_size: partition ID size -+ * @data0: pointer to the partition ID -+ * @data1_size: exchanged data size -+ * @data1: pointer to the data buffer preallocated by -+ * the client (in/out) -+ * -+ * This is the runtime function that implements FFA_MSG_SEND_DIRECT_{REQ,RESP} -+ * FF-A functions. -+ * -+ * FFA_MSG_SEND_DIRECT_REQ is used to send the data to the secure partition. -+ * The response from the secure partition is handled by reading the -+ * FFA_MSG_SEND_DIRECT_RESP arguments. -+ * -+ * The maximum size of the data that can be exchanged is 20 bytes which is -+ * sizeof(struct ffa_send_direct_data) as defined by the FF-A specification 1.0 -+ * in the section relevant to FFA_MSG_SEND_DIRECT_{REQ,RESP} -+ * -+ * Return: -+ * -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+static int __ffa_runtime ffa_msg_send_direct_req(struct ffa_interface_data -+ *func_data) -+{ -+ u16 dst_part_id; -+ unsigned long a0 = 0; -+ unsigned long a1 = 0; -+ unsigned long a2 = 0; -+ struct ffa_send_direct_data *msg; -+ struct arm_smccc_res res = {0}; -+ -+ ffa_dbg("[%s]", __func__); -+ -+ if (!ffa_priv_data.invoke_ffa_fn) -+ panic("[FFA] no private data found\n"); -+ -+ if (!func_data) -+ return -EINVAL; -+ -+ if (!ffa_priv_data.partitions.count || !ffa_priv_data.partitions.descs) -+ panic("[FFA] no partition installed\n"); -+ -+ if (func_data->data0_size != sizeof(u16) || -+ !func_data->data0 || -+ func_data->data1_size != FFA_MSG_SEND_DIRECT_MAX_SIZE || -+ !func_data->data1) { -+ ffa_err("Undefined interface parameters"); -+ return -EINVAL; -+ } -+ -+ dst_part_id = *((u16 *)func_data->data0); -+ msg = func_data->data1; -+ -+ ffa_dbg("Sending data to partition ID 0x%x", dst_part_id); -+ -+ a0 = FFA_MSG_SEND_DIRECT_REQ; -+ -+ a1 = PREP_SELF_ENDPOINT_ID(ffa_priv_data.id) | -+ PREP_PART_ENDPOINT_ID(dst_part_id); -+ -+ ffa_priv_data.invoke_ffa_fn(a0, a1, a2, -+ msg->a3, -+ msg->a4, -+ msg->a5, -+ msg->a6, -+ msg->a7, -+ &res); -+ -+ while (res.a0 == FFA_INTERRUPT) -+ ffa_priv_data.invoke_ffa_fn(FFA_RUN, res.a1, -+ 0, 0, 0, 0, 0, 0, -+ &res); -+ -+ switch (res.a0) { -+ case FFA_ERROR: -+ { -+ switch (((int)res.a2)) { -+ case FFA_ERR_STAT_INVALID_PARAMETERS: -+ ffa_err("Invalid endpoint ID or non-zero reserved register"); -+ return -EPERM; -+ case FFA_ERR_STAT_ABORTED: -+ panic("[FFA] Message target ran into unexpected error and has aborted\n"); -+ case FFA_ERR_STAT_DENIED: -+ panic("[FFA] Callee is not in a state to handle this request\n"); -+ case FFA_ERR_STAT_NOT_SUPPORTED: -+ panic("[FFA] This function is not implemented at this FF-A instance\n"); -+ case FFA_ERR_STAT_BUSY: -+ panic("[FFA] Message target is busy\n"); -+ default: -+ panic("[FFA] Undefined error (%d)\n", ((int)res.a2)); -+ } -+ } -+ case FFA_SUCCESS: -+ -+ ffa_dbg("Message sent with no response"); -+ return FFA_ERR_STAT_SUCCESS; -+ -+ case FFA_MSG_SEND_DIRECT_RESP: -+ -+ ffa_dbg("Message sent with response"); -+ -+ /* -+ * extract the 32-bit wide return data -+ */ -+ msg->a3 = (u32)res.a3; -+ msg->a4 = (u32)res.a4; -+ msg->a5 = (u32)res.a5; -+ msg->a6 = (u32)res.a6; -+ msg->a7 = (u32)res.a7; -+ -+ return FFA_ERR_STAT_SUCCESS; -+ -+ default: -+ panic("[FFA] Undefined response function (0x%lx)\n", res.a0); -+ } -+} -+ -+/** -+ * invoke_ffa_drv_api - The driver dispatcher function -+ * @func_id: The FF-A function to be used -+ * @func_data: Pointer to the FF-A function arguments container -+ * structure. This also includes pointers to the -+ * returned data needed by clients. -+ * The dispatcher is a runtime function that selects the FF-A function handler -+ * based on the input FF-A function ID. -+ * The input arguments are passed to the handler function. -+ * -+ * Return: -+ * -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+int __ffa_runtime invoke_ffa_drv_api(u32 func_id, -+ struct ffa_interface_data *func_data) -+{ -+ if (!ffa_priv_data.dev) -+ panic("[FFA] no device found\n"); -+ -+ switch (func_id) { -+ case FFA_PARTITION_INFO_GET: -+ return ffa_get_partitions_info(func_data); -+ case FFA_RXTX_UNMAP: -+ return ffa_unmap_rxtx_buffers(); -+ case FFA_MSG_SEND_DIRECT_REQ: -+ return ffa_msg_send_direct_req(func_data); -+ default: -+ -+ ffa_err("Undefined FF-A interface (%d)", func_id); -+ -+ return -EINVAL; -+ } -+} -+ -+/** -+ * ffa_init_private_data - Initialization of the private data -+ * @dev: the arm_ffa device -+ * -+ * This boot time function reads data from the platform data structure -+ * and populates the private data structure -+ * -+ * Return: -+ * -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+static int ffa_init_private_data(struct udevice *dev) -+{ -+ struct ffa_pdata *pdata = dev_get_plat(dev); -+ -+ ffa_priv_data.conduit = pdata->conduit; -+ -+ if (ffa_priv_data.conduit == FFA_CONDUIT_SMC) { -+ ffa_priv_data.invoke_ffa_fn = arm_ffa_smccc_smc; -+ } else { -+ ffa_err("Undefined FF-A conduit (%d)", ffa_priv_data.conduit); -+ return -EINVAL; -+ } -+ -+ ffa_info("Conduit is %s", -+ ((ffa_priv_data.conduit == FFA_CONDUIT_SMC) ? -+ "SMC" : "NOT SUPPORTED")); -+ -+ return FFA_ERR_STAT_SUCCESS; -+} -+ -+/** -+ * ffa_probe - The driver probe function -+ * @dev: the arm_ffa device -+ * -+ * Probing is done at boot time and triggered by the uclass device discovery. -+ * At probe level the following actions are done: -+ * - initialization of the driver private data structure -+ * - querying from secure world the FF-A framework version -+ * - querying from secure world the u-boot endpoint ID -+ * - querying from secure world the supported features of the specified FF-A calls -+ * - mapping the RX/TX buffers -+ * - querying from secure world all the partitions information -+ * -+ * All data queried from secure world is saved in the resident private data structure. -+ * -+ * The probe will fail if either FF-A framework is not detected or the -+ * FF-A requests are not behaving correctly. This ensures that the -+ * driver is not installed and its operations are not exported to the clients. -+ * However, once the driver is successfully probed and an FF-A anomaly is -+ * detected when clients invoke the driver operations, the driver cause -+ * u-boot to panic because the client would not know what to do in such conditions. -+ * -+ * Return: -+ * -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+static int ffa_probe(struct udevice *dev) -+{ -+ int ret; -+ size_t buf_4k_pages = 0; -+ -+ ffa_dbg("[%s]: initializing the FF-A driver", __func__); -+ -+ ret = ffa_init_private_data(dev); -+ -+ if (ret != FFA_ERR_STAT_SUCCESS) -+ return ret; -+ -+ ret = ffa_get_version(); -+ -+ if (ret != FFA_ERR_STAT_SUCCESS) -+ return ret; -+ -+ ret = ffa_get_endpoint_id(); -+ -+ if (ret != FFA_ERR_STAT_SUCCESS) -+ return ret; -+ -+ ret = ffa_get_rxtx_map_features(); -+ -+ if (ret != FFA_ERR_STAT_SUCCESS) -+ return ret; -+ -+ ret = ffa_get_rxtx_buffers_pages_cnt(&buf_4k_pages); -+ -+ if (ret != FFA_ERR_STAT_SUCCESS) -+ return ret; -+ -+ ret = ffa_map_rxtx_buffers(buf_4k_pages); -+ -+ if (ret != FFA_ERR_STAT_SUCCESS) -+ return ret; -+ -+ ret = ffa_cache_partitions_info(); -+ -+ if (ret != FFA_ERR_STAT_SUCCESS) { -+ ffa_free_rxtx_buffers(buf_4k_pages); -+ return ret; -+ } -+ -+ ffa_dbg("[%s]: initialization done", __func__); -+ -+ return FFA_ERR_STAT_SUCCESS; -+} -+ -+/** -+ * ffa_of_to_plat - Reads the device tree node -+ * @dev: the arm_ffa device -+ * -+ * This boot time function reads data from the device tree node and populates -+ * the platform data structure -+ * -+ * Return: -+ * -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+static int ffa_of_to_plat(struct udevice *dev) -+{ -+ struct ffa_pdata *pdata = dev_get_plat(dev); -+ const char *conduit; -+ -+ ffa_dbg("[%s]", __func__); -+ -+ conduit = fdt_getprop(gd->fdt_blob, dev_of_offset(dev), "method", NULL); -+ -+ if (strcmp("smc", conduit)) { -+ ffa_err("Unsupported conduit"); -+ return -EINVAL; -+ } -+ -+ pdata->conduit = FFA_CONDUIT_SMC; -+ -+ return FFA_ERR_STAT_SUCCESS; -+} -+ -+/** -+ * ffa_drv_ops - The driver operations runtime structure -+ * @invoke_func: The driver dispatcher -+ */ -+struct ffa_ops __ffa_runtime_data ffa_drv_ops = { -+ .invoke_func = invoke_ffa_drv_api -+}; -+ -+/** -+ * ffa_device_get_ops - driver operations getter -+ * -+ * Return: -+ * This runtime function returns a pointer to the driver operations structure -+ */ -+const struct ffa_ops * __ffa_runtime ffa_device_get_ops(void) -+{ -+ return &ffa_drv_ops; -+} -+ -+/** -+ * Defining the device tree compatible string -+ */ -+ -+static const struct udevice_id ffa_match_id[] = { -+ {"arm,ffa", 0}, -+ {}, -+}; -+ -+/** -+ * Declaring the arm_ffa driver under UCLASS_FFA -+ */ -+ -+U_BOOT_DRIVER(arm_ffa) = { -+ .name = "arm_ffa", -+ .of_match = ffa_match_id, -+ .id = UCLASS_FFA, -+ .of_to_plat = ffa_of_to_plat, -+ .probe = ffa_probe, -+ .plat_auto = sizeof(struct ffa_pdata), -+}; -diff --git a/include/arm_ffa.h b/include/arm_ffa.h -new file mode 100644 -index 000000000000..313f46f74764 ---- /dev/null -+++ b/include/arm_ffa.h -@@ -0,0 +1,191 @@ -+/* SPDX-License-Identifier: GPL-2.0+ */ -+/* -+ * (C) Copyright 2021 ARM Limited -+ * Abdellatif El Khlifi -+ */ -+ -+#ifndef __ARM_FFA_H -+#define __ARM_FFA_H -+ -+#include -+#include -+ -+/* -+ * This header is public. It can be used by clients to access -+ * data structures and definitions they need -+ */ -+ -+/* -+ * Macros for displaying logs -+ */ -+ -+#define ffa_dbg(fmt, ...) pr_debug("[FFA] " fmt "\n", ##__VA_ARGS__) -+#define ffa_info(fmt, ...) pr_info("[FFA] " fmt "\n", ##__VA_ARGS__) -+#define ffa_err(fmt, ...) pr_err("[FFA] " fmt "\n", ##__VA_ARGS__) -+ -+/* -+ * The driver operations success error code -+ */ -+#define FFA_ERR_STAT_SUCCESS (0) -+ -+#if CONFIG_IS_ENABLED(EFI_LOADER) -+ -+#include -+ -+/* -+ * __ffa_runtime_data and __ffa_runtime - controls whether data/code are -+ * available after calling the EFI ExitBootServices service. -+ * Data/code tagged with these keywords are resident (available at boot time and -+ * at runtime) -+ */ -+ -+#define __ffa_runtime_data __efi_runtime_data -+#define __ffa_runtime __efi_runtime -+ -+#else -+ -+#define __ffa_runtime_data -+#define __ffa_runtime -+ -+#endif -+ -+/* -+ * Definitions of the Arm FF-A interfaces supported by the Arm FF-A driver -+ */ -+ -+#define FFA_SMC(calling_convention, func_num) \ -+ ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, (calling_convention), \ -+ ARM_SMCCC_OWNER_STANDARD, (func_num)) -+ -+#define FFA_SMC_32(func_num) FFA_SMC(ARM_SMCCC_SMC_32, (func_num)) -+ -+#define FFA_VERSION FFA_SMC_32(0x63) -+#define FFA_ID_GET FFA_SMC_32(0x69) -+#define FFA_FEATURES FFA_SMC_32(0x64) -+#define FFA_PARTITION_INFO_GET FFA_SMC_32(0x68) -+#define FFA_RXTX_MAP FFA_SMC_32(0x66) -+#define FFA_RXTX_UNMAP FFA_SMC_32(0x67) -+#define FFA_RX_RELEASE FFA_SMC_32(0x65) -+#define FFA_MSG_SEND_DIRECT_REQ FFA_SMC_32(0x6F) -+#define FFA_MSG_SEND_DIRECT_RESP FFA_SMC_32(0x70) -+#define FFA_RUN FFA_SMC_32(0x6D) -+#define FFA_ERROR FFA_SMC_32(0x60) -+#define FFA_SUCCESS FFA_SMC_32(0x61) -+#define FFA_INTERRUPT FFA_SMC_32(0x62) -+ -+/* -+ * struct ffa_partition_info - Partition information descriptor -+ * @id: Partition ID -+ * @exec_ctxt: Execution context count -+ * @properties: Partition properties -+ * -+ * Data structure containing information about partitions instantiated in the system -+ * This structure is filled with the data queried by FFA_PARTITION_INFO_GET -+ */ -+struct __packed ffa_partition_info { -+ u16 id; -+ u16 exec_ctxt; -+/* partition supports receipt of direct requests */ -+#define FFA_PARTITION_DIRECT_RECV BIT(0) -+/* partition can send direct requests. */ -+#define FFA_PARTITION_DIRECT_SEND BIT(1) -+/* partition can send and receive indirect messages. */ -+#define FFA_PARTITION_INDIRECT_MSG BIT(2) -+ u32 properties; -+}; -+ -+/* -+ * struct ffa_send_direct_data - Data structure hosting the data -+ * used by FFA_MSG_SEND_DIRECT_{REQ,RESP} -+ * @a3-a7: Data read/written from/to w3-w7 registers -+ * -+ * Data structure containing the data to be sent by FFA_MSG_SEND_DIRECT_REQ -+ * or read from FFA_MSG_SEND_DIRECT_RESP -+ */ -+struct __packed ffa_send_direct_data { -+ u32 a3; /* w3 */ -+ u32 a4; /* w4 */ -+ u32 a5; /* w5 */ -+ u32 a6; /* w6 */ -+ u32 a7; /* w7 */ -+}; -+ -+#define FFA_MSG_SEND_DIRECT_MAX_SIZE (sizeof(struct ffa_send_direct_data)) -+ -+/* UUID data size */ -+#define UUID_SIZE (16) -+ -+/* -+ * union ffa_partition_uuid - Data union hosting the UUID -+ * transmitted by FFA_PARTITION_INFO_GET -+ * @words: data structure giving 32-bit words access to the UUID data -+ * @bytes: data structure giving byte access to the UUID data -+ * -+ * The structure holds little-endian UUID data. -+ */ -+union ffa_partition_uuid { -+ struct __packed words { -+ u32 a1; /* w1 */ -+ u32 a2; /* w2 */ -+ u32 a3; /* w3 */ -+ u32 a4; /* w4 */ -+ } words; -+ u8 bytes[UUID_SIZE]; -+}; -+ -+/** -+ * struct ffa_interface_data - generic FF-A interface data structure used to exchange -+ * data between user layers and the driver -+ * @data0_size: size of the first argument -+ * @data0: pointer to the first argument -+ * @data1_size>: size of the second argument -+ * @data1: pointer to the second argument -+ * -+ * Using this structure user layers can pass various types of data with different sizes. -+ * The driver internal functions can detect the nature of this data, verfy compliance -+ * then execute the request when appropriate. -+ */ -+struct ffa_interface_data { -+ u32 data0_size; /* size of the first argument */ -+ void *data0; /* pointer to the first argument */ -+ u32 data1_size; /* size of the second argument */ -+ void *data1; /* pointer to the second argument */ -+}; -+ -+/** -+ * struct ffa_ops - The driver operations structure -+ * @invoke_func: function pointer to the invoke function -+ * -+ * The data structure providing all the operations supported by the driver. -+ * This structure is resident. -+ */ -+struct ffa_ops { -+ /* the driver dispatcher */ -+ int (*invoke_func)(u32 func_id, struct ffa_interface_data *func_data); -+}; -+ -+/** -+ * The device driver and the Uclass driver public functions -+ */ -+ -+/** -+ * ffa_get_invoke_func - performs a call to the FF-A driver dispatcher -+ */ -+int __ffa_runtime ffa_get_invoke_func(u32 func_id, -+ struct ffa_interface_data *func_data); -+ -+/** -+ * ffa_device_get_ops - driver operations getter -+ */ -+const struct ffa_ops * __ffa_runtime ffa_device_get_ops(void); -+ -+/** -+ * ffa_get_device - probes the arm_ffa device -+ */ -+int ffa_get_device(void); -+ -+/** -+ * ffa_init_device - probes the arm_ffa device -+ */ -+int ffa_init_device(void); -+#endif -diff --git a/include/arm_ffa_helper.h b/include/arm_ffa_helper.h -new file mode 100644 -index 000000000000..0e143e54511e ---- /dev/null -+++ b/include/arm_ffa_helper.h -@@ -0,0 +1,45 @@ -+/* SPDX-License-Identifier: GPL-2.0+ */ -+/* -+ * (C) Copyright 2021 ARM Limited -+ * Abdellatif El Khlifi -+ */ -+ -+#ifndef __ARM_FFA_HELPER_H -+#define __ARM_FFA_HELPER_H -+ -+#include -+ -+/* -+ * This header is public. Including this header provides all data structures -+ * and definitions needed by clients to use the FF-A transport driver -+ * -+ * It also provides helper functions allowing to pass data and invoke FF-A functions -+ */ -+ -+/** -+ * ffa_helper_get_partitions_info - Wrapper function for FFA_PARTITION_INFO_GET -+ */ -+int ffa_helper_get_partitions_info(struct ffa_interface_data *func_data); -+ -+/** -+ * ffa_helper_unmap_rxtx_buffers - Wrapper function for FFA_RXTX_UNMAP -+ */ -+int ffa_helper_unmap_rxtx_buffers(void); -+ -+/** -+ * ffa_helper_msg_send_direct_req - Wrapper function for -+ * FFA_MSG_SEND_DIRECT_{REQ,RESP} -+ */ -+int __ffa_runtime ffa_helper_msg_send_direct_req(struct ffa_interface_data -+ *func_data); -+ -+/** -+ * ffa_helper_init_device - Wrapper function for probing the arm_ffa device -+ */ -+int ffa_helper_init_device(void); -+ -+/** -+ * ffa_uuid_str_to_bin - Converts a big endian UUID string to a little endian buffer -+ */ -+int ffa_uuid_str_to_bin(const char *uuid_str, unsigned char *uuid_bin); -+#endif -diff --git a/include/dm/uclass-id.h b/include/dm/uclass-id.h -index 3ba69ad9a084..732441824557 100644 ---- a/include/dm/uclass-id.h -+++ b/include/dm/uclass-id.h -@@ -55,6 +55,7 @@ enum uclass_id { - UCLASS_EFI_MEDIA, /* Devices provided by UEFI firmware */ - UCLASS_ETH, /* Ethernet device */ - UCLASS_ETH_PHY, /* Ethernet PHY device */ -+ UCLASS_FFA, /* Arm Firmware Framework for Armv8-A */ - UCLASS_FIRMWARE, /* Firmware */ - UCLASS_FS_FIRMWARE_LOADER, /* Generic loader */ - UCLASS_GPIO, /* Bank of general-purpose I/O pins */ -diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h -index 7f2be2339475..54980a130fdb 100644 ---- a/include/linux/arm-smccc.h -+++ b/include/linux/arm-smccc.h -@@ -1,6 +1,8 @@ - /* SPDX-License-Identifier: GPL-2.0 */ - /* - * Copyright (c) 2015, Linaro Limited -+ * (C) Copyright 2021 ARM Limited -+ * Abdellatif El Khlifi - */ - #ifndef __LINUX_ARM_SMCCC_H - #define __LINUX_ARM_SMCCC_H -@@ -57,13 +59,17 @@ - #include - /** - * struct arm_smccc_res - Result from SMC/HVC call -- * @a0-a3 result values from registers 0 to 3 -+ * @a0-a7 result values from registers 0 to 7 - */ - struct arm_smccc_res { - unsigned long a0; - unsigned long a1; - unsigned long a2; - unsigned long a3; -+ unsigned long a4; -+ unsigned long a5; -+ unsigned long a6; -+ unsigned long a7; - }; - - /** -@@ -113,6 +119,26 @@ asmlinkage void __arm_smccc_hvc(unsigned long a0, unsigned long a1, - unsigned long a5, unsigned long a6, unsigned long a7, - struct arm_smccc_res *res, struct arm_smccc_quirk *quirk); - -+#if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) -+/** -+ * __arm_ffa_smccc_smc() - make SMC calls used for FF-A transport -+ * @a0-a7: arguments passed in 64-bit registers x0 to x7 -+ * @res: result values from 64-bit registers x0 to x7 -+ * -+ * This function is used to make SMC calls following SMC32 Calling Convention. -+ * The content of the supplied parameters is copied to registers x0 to x7 prior -+ * to the SMC instruction. The SMC call return data is 32-bit data read from -+ * registers x0 tp x7. -+ */ -+asmlinkage void __arm_ffa_smccc_smc(unsigned long a0, unsigned long a1, -+ unsigned long a2, unsigned long a3, unsigned long a4, -+ unsigned long a5, unsigned long a6, unsigned long a7, -+ struct arm_smccc_res *res); -+ -+#define arm_ffa_smccc_smc __arm_ffa_smccc_smc -+ -+#endif -+ - #define arm_smccc_smc(...) __arm_smccc_smc(__VA_ARGS__, NULL) - - #define arm_smccc_smc_quirk(...) __arm_smccc_smc(__VA_ARGS__) -diff --git a/lib/Kconfig b/lib/Kconfig -index acc0ac081a44..65db65c3c4cd 100644 ---- a/lib/Kconfig -+++ b/lib/Kconfig -@@ -902,6 +902,7 @@ config SMBIOS_PARSER - source lib/efi/Kconfig - source lib/efi_loader/Kconfig - source lib/optee/Kconfig -+source lib/arm-ffa/Kconfig - - config TEST_FDTDEC - bool "enable fdtdec test" -diff --git a/lib/Makefile b/lib/Makefile -index d9b1811f7506..4aa3e2ed2a7e 100644 ---- a/lib/Makefile -+++ b/lib/Makefile -@@ -9,6 +9,7 @@ obj-$(CONFIG_EFI) += efi/ - obj-$(CONFIG_EFI_LOADER) += efi_driver/ - obj-$(CONFIG_EFI_LOADER) += efi_loader/ - obj-$(CONFIG_CMD_BOOTEFI_SELFTEST) += efi_selftest/ -+obj-$(CONFIG_ARM_FFA_TRANSPORT_HELPERS) += arm-ffa/ - obj-$(CONFIG_LZMA) += lzma/ - obj-$(CONFIG_BZIP2) += bzip2/ - obj-$(CONFIG_TIZEN) += tizen/ -diff --git a/lib/arm-ffa/Kconfig b/lib/arm-ffa/Kconfig -new file mode 100644 -index 000000000000..79acbc5a8fe3 ---- /dev/null -+++ b/lib/arm-ffa/Kconfig -@@ -0,0 +1,6 @@ -+config ARM_FFA_TRANSPORT_HELPERS -+ bool "Enable interface helpers for Arm Firmware Framework for Armv8-A" -+ depends on ARM_FFA_TRANSPORT -+ help -+ User layers call FF-A interfaces using helper functions which -+ pass the data and the FF-A function ID to the low level driver -diff --git a/lib/arm-ffa/Makefile b/lib/arm-ffa/Makefile -new file mode 100644 -index 000000000000..c30c0f398126 ---- /dev/null -+++ b/lib/arm-ffa/Makefile -@@ -0,0 +1,8 @@ -+# SPDX-License-Identifier: GPL-2.0+ -+# -+# (C) Copyright 2021 Abdellatif El Khlifi -+# -+ -+# This file only gets included when CONFIG_ARM_FFA_TRANSPORT_HELPERS is set -+ -+obj-y += arm_ffa_helper.o -diff --git a/lib/arm-ffa/arm_ffa_helper.c b/lib/arm-ffa/arm_ffa_helper.c -new file mode 100644 -index 000000000000..623899d38044 ---- /dev/null -+++ b/lib/arm-ffa/arm_ffa_helper.c -@@ -0,0 +1,188 @@ -+// SPDX-License-Identifier: GPL-2.0+ -+/* -+ * (C) Copyright 2021 ARM Limited -+ * Abdellatif El Khlifi -+ */ -+ -+#include -+#include -+#include -+ -+/** -+ * ffa_helper_get_partitions_info - Wrapper function for FFA_PARTITION_INFO_GET -+ * -+ * @func_data: Pointer to the FF-A function arguments container -+ * structure. -+ * The passed arguments: -+ * Mode 1: When getting from the driver the number of -+ * secure partitions: -+ * @data0_size: UUID size -+ * @data0: pointer to the UUID (little endian) -+ * @data1_size: size of the number of partitions -+ * variable -+ * @data1: pointer to the number of partitions -+ * variable. The variable will be set -+ * by the driver -+ * Mode 2: When requesting the driver to return the -+ * partitions information: -+ * @data0_size: UUID size -+ * @data0: pointer to the UUID (little endian) -+ * @data1_size: size of the SPs information buffer -+ * @data1: pointer to SPs information buffer -+ * (allocated by the client). -+ * The buffer will be filled by the driver -+ * -+ * This is the boot time function used by clients who wants to get from secure -+ * world the partition(s) information. -+ * -+ * A client of the FF-A driver should know the UUID of the service it wants to -+ * access. It should use the UUID to request the FF-A driver to provide the -+ * partition(s) information of the service. The client should use -+ * ffa_helper_get_partitions_info to pass the UUID information to the driver -+ * which uses PARTITION_INFO_GET to obtain the partition(s) information. -+ * -+ * ffa_helper_get_partitions_info should be called twice. First call is to get -+ * from the driver the number of secure partitions (SPs) associated to a -+ * particular UUID. Then, the caller (client) allocates the buffer to host the -+ * SPs data and issues a 2nd call. Then, the driver fills the SPs data in the -+ * pre-allocated buffer. -+ * -+ * Return: -+ * -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+int ffa_helper_get_partitions_info(struct ffa_interface_data *func_data) -+{ -+ return ffa_get_invoke_func(FFA_PARTITION_INFO_GET, func_data); -+} -+ -+/** -+ * ffa_helper_unmap_rxtx_buffers - Wrapper function for FFA_RXTX_UNMAP -+ * -+ * This is the boot time function that allows clients to unmap the RX/TX -+ * buffers -+ * -+ * Return: -+ * -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+int ffa_helper_unmap_rxtx_buffers(void) -+{ -+ return ffa_get_invoke_func(FFA_RXTX_UNMAP, NULL); -+} -+ -+/** -+ * ffa_helper_msg_send_direct_req - Wrapper function for -+ * FFA_MSG_SEND_DIRECT_{REQ,RESP} -+ * @func_data: Pointer to the FF-A function arguments container structure. -+ * The passed arguments: -+ * @data0_size: partition ID size -+ * @data0: pointer to the partition ID -+ * @data1_size: exchanged data size -+ * @data1: pointer to the data buffer preallocated by the client (in/out) -+ * -+ * This is the runtime function that allows clients to send data to the secure -+ * world partitions. The arm_ffa driver uses FFA_MSG_SEND_DIRECT_REQ to send the -+ * data to the secure partition. The response from the secure partition is -+ * handled internally by the driver using FFA_MSG_SEND_DIRECT_RESP and returned -+ * to ffa_helper_msg_send_direct_req through @func_data -+ * -+ * The maximum size of the data that can be exchanged is 20 bytes which is -+ * sizeof(struct ffa_send_direct_data) as defined by the FF-A specification 1.0 -+ * in the section relevant to FFA_MSG_SEND_DIRECT_{REQ,RESP} -+ * -+ * The client should pre-allocate a buffer pointed by @data1 which the size -+ * is sizeof(struct ffa_send_direct_data) -+ * -+ * Return: -+ * -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+int __ffa_runtime ffa_helper_msg_send_direct_req(struct ffa_interface_data -+ *func_data) -+{ -+ return ffa_get_invoke_func(FFA_MSG_SEND_DIRECT_REQ, func_data); -+} -+ -+/** -+ * ffa_helper_init_device - Wrapper function for probing the arm_ffa device -+ * -+ * This boot time function should be called to probe the arm_ffa device so -+ * it becomes ready for use. -+ * To achieve that, this function is called automatically at initcalls -+ * level (after u-boot relocation). -+ * -+ * Return: -+ * -+ * FFA_ERR_STAT_SUCCESS on success. Otherwise, failure -+ */ -+int ffa_helper_init_device(void) -+{ -+ return ffa_init_device(); -+} -+ -+/** -+ * ffa_uuid_str_to_bin - Converts a big endian UUID string to a little endian buffer -+ * @uuid_str: UUID string in big endian format (36 bytes wide + '/0') -+ * @uuid_bin: preallocated 16 bytes UUID buffer in little endian format -+ * -+ * UUID binary format used by the FF-A framework (16 bytes): -+ * -+ * [LSB] 4B-2B-2B-2B-6B (little endian data fields) -+ * -+ * UUID string is 36 length of characters (36 bytes): -+ * -+ * xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -+ * be be be be be -+ * -+ * where x is a hexadecimal character. Fields are separated by '-'s. -+ * When converting to a binary UUID, these endianness rules apply: -+ * be: means the field in the string is considered a big endian hex number -+ * and should be converted to little endian binary format -+ * -+ * Return: -+ * -+ * uuid_bin filled with little endian UUID data -+ * On success 0 is returned. Otherwise, failure code. -+ */ -+int ffa_uuid_str_to_bin(const char *uuid_str, unsigned char *uuid_bin) -+{ -+ u16 tmp16 = 0; -+ u32 tmp32 = 0; -+ u64 tmp64 = 0; -+ -+ if (!uuid_str_valid(uuid_str) || !uuid_bin) -+ return -EINVAL; -+ -+ /* -+ * reverse bytes from big to little endian -+ */ -+ tmp32 = simple_strtoul(uuid_str, NULL, 16); -+ memcpy(uuid_bin, &tmp32, 4); -+ -+ /* -+ * reverse bytes from big to little endian -+ */ -+ tmp16 = simple_strtoul(uuid_str + 9, NULL, 16); -+ memcpy(uuid_bin + 4, &tmp16, 2); -+ -+ /* -+ * reverse bytes from big to little endian -+ */ -+ tmp16 = simple_strtoul(uuid_str + 14, NULL, 16); -+ memcpy(uuid_bin + 6, &tmp16, 2); -+ -+ /* -+ * reverse bytes from big to little endian -+ */ -+ tmp16 = simple_strtoul(uuid_str + 19, NULL, 16); -+ memcpy(uuid_bin + 8, &tmp16, 2); -+ -+ /* -+ * reverse bytes from big to little endian -+ */ -+ tmp64 = simple_strtoull(uuid_str + 24, NULL, 16); -+ memcpy(uuid_bin + 10, (char *)&tmp64, 6); -+ -+ return 0; -+} -diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c -index 4da64b5d2962..c68d9ed4f0bd 100644 ---- a/lib/efi_loader/efi_boottime.c -+++ b/lib/efi_loader/efi_boottime.c -@@ -23,6 +23,10 @@ - #include - #include - -+#if defined(CONFIG_ARM_FFA_TRANSPORT) -+#include -+#endif -+ - DECLARE_GLOBAL_DATA_PTR; - - /* Task priority level */ -@@ -2113,6 +2117,10 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, - struct efi_event *evt, *next_event; - efi_status_t ret = EFI_SUCCESS; - -+#if defined(CONFIG_ARM_FFA_TRANSPORT) -+ int ffa_ret; -+#endif -+ - EFI_ENTRY("%p, %zx", image_handle, map_key); - - /* Check that the caller has read the current memory map */ -@@ -2173,6 +2181,15 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, - dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL); - } - -+#if defined(CONFIG_ARM_FFA_TRANSPORT) -+ /* unmap FF-A RX/TX buffers */ -+ ffa_ret = ffa_helper_unmap_rxtx_buffers(); -+ if (ffa_ret) -+ debug("[efi_boottime][ERROR]: can not unmap FF-A RX/TX buffers\n"); -+ else -+ debug("[efi_boottime][INFO]: FF-A RX/TX buffers unmapped\n"); -+#endif -+ - /* Patch out unsupported runtime function */ - efi_runtime_detach(); - --- -2.37.1 - diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-arm64-smccc-clear-the-Xn-registers-after-SMC-calls.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-arm64-smccc-clear-the-Xn-registers-after-SMC-calls.patch new file mode 100644 index 00000000..cedac061 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-arm64-smccc-clear-the-Xn-registers-after-SMC-calls.patch @@ -0,0 +1,59 @@ +From 83f9da30247c2d021658bc1b595c59ecc35eadf5 Mon Sep 17 00:00:00 2001 +From: Abdellatif El Khlifi +Date: Fri, 29 Jul 2022 13:07:43 +0100 +Subject: [PATCH 07/26] arm64: smccc: clear the Xn registers after SMC calls + +set to zero the x0-x17 registers + +As per the SMCCC v1.2 spec, unused result and scratch registers can leak +information after an SMC call. We can mitigate against this risk by +returning zero in each register. + +Signed-off-by: Abdellatif El Khlifi +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/] +--- + +Changelog: +=============== + +v4: + +* move the clearing code into a new macro: clear_gp_regs + +v3: + +* clear the Xn registers after SMC calls + + arch/arm/cpu/armv8/smccc-call.S | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/arch/arm/cpu/armv8/smccc-call.S b/arch/arm/cpu/armv8/smccc-call.S +index ec6f299bc9..32f3eb8eeb 100644 +--- a/arch/arm/cpu/armv8/smccc-call.S ++++ b/arch/arm/cpu/armv8/smccc-call.S +@@ -50,6 +50,12 @@ ENDPROC(__arm_smccc_hvc) + + #ifdef CONFIG_ARM64 + ++ .macro clear_gp_regs ++ .irp n,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 ++ mov x\n, xzr ++ .endr ++ .endm ++ + .macro SMCCC_1_2 instr + /* Save `res` and free a GPR that won't be clobbered */ + stp x1, x19, [sp, #-16]! +@@ -84,6 +90,9 @@ ENDPROC(__arm_smccc_hvc) + stp x14, x15, [x19, #ARM_SMCCC_1_2_REGS_X14_OFFS] + stp x16, x17, [x19, #ARM_SMCCC_1_2_REGS_X16_OFFS] + ++ /* x0-x17 registers can leak information after an SMC or HVC call. Let's clear them */ ++ clear_gp_regs ++ + /* Restore original x19 */ + ldp xzr, x19, [sp], #16 + ret +-- +2.17.1 + diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-arm_ffa-introducing-MM-communication-with-FF-A.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-arm_ffa-introducing-MM-communication-with-FF-A.patch deleted file mode 100644 index 3b82b416..00000000 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-arm_ffa-introducing-MM-communication-with-FF-A.patch +++ /dev/null @@ -1,383 +0,0 @@ -From ee7c0aee66db53b2372a3b4245a8754dceee804d Mon Sep 17 00:00:00 2001 -From: Abdellatif El Khlifi -Date: Wed, 13 Oct 2021 17:51:44 +0100 -Subject: [PATCH 08/24] arm_ffa: introducing MM communication with FF-A - -This commit allows to perform MM communication using FF-A transport. - -The MM SP (also called partition) can be StandAlonneMM or smm-gateway. -Both partitions run in OP-TEE. - -When using the u-boot FF-A driver, StandAlonneMM and smm-gateway are -supported. - -On EFI services such as GetVariable()/SetVariable(), the data -is copied from the communication buffer to the MM shared buffer. - -Then, notifies the MM SP about data availability in the MM shared buffer. -Communication with the MM SP is performed using FF-A transport. - -On such event, MM SP can read the data and updates the MM shared buffer -with response data. - -The response data is copied back to the communication buffer. - -Signed-off-by: Abdellatif El Khlifi -Signed-off-by: Rui Miguel Silva ---- - lib/efi_loader/Kconfig | 14 +- - lib/efi_loader/efi_variable_tee.c | 265 +++++++++++++++++++++++++++++- - 2 files changed, 273 insertions(+), 6 deletions(-) - -diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig -index e3f2402d0e8e..37131237af3f 100644 ---- a/lib/efi_loader/Kconfig -+++ b/lib/efi_loader/Kconfig -@@ -60,13 +60,23 @@ config EFI_VARIABLE_FILE_STORE - stored as file /ubootefi.var on the EFI system partition. - - config EFI_MM_COMM_TEE -- bool "UEFI variables storage service via OP-TEE" -- depends on OPTEE -+ bool "UEFI variables storage service via the trusted world" -+ depends on OPTEE || ARM_FFA_TRANSPORT - help -+ the MM SP (also called partition) can be StandAlonneMM or smm-gateway. -+ When using the u-boot OP-TEE driver, StandAlonneMM is supported. -+ When using the u-boot FF-A driver, StandAlonneMM and smm-gateway are supported. -+ - If OP-TEE is present and running StandAloneMM, dispatch all UEFI - variable related operations to that. The application will verify, - authenticate and store the variables on an RPMB. - -+ When ARM_FFA_TRANSPORT is used, dispatch all UEFI variable related -+ operations to the MM SP running under Optee in the trusted world. -+ A door bell mechanism is used to notify the SP when there is data in the shared -+ MM buffer. The data is copied by u-boot to thea shared buffer before issuing -+ the door bell event. -+ - config EFI_VARIABLE_NO_STORE - bool "Don't persist non-volatile UEFI variables" - help -diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c -index dfef18435dfa..9cb8cfb9c779 100644 ---- a/lib/efi_loader/efi_variable_tee.c -+++ b/lib/efi_loader/efi_variable_tee.c -@@ -15,6 +15,28 @@ - #include - #include - -+#if (IS_ENABLED(CONFIG_OPTEE)) -+#define OPTEE_PAGE_SIZE BIT(12) -+#endif -+ -+#if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) -+ -+#include -+#include -+ -+/* MM return codes */ -+#define MM_SUCCESS (0) -+ -+#define ARM_SVC_ID_SP_EVENT_COMPLETE_AARCH64 (0xC4000061) -+#define ARM_SVC_ID_SP_EVENT_COMPLETE ARM_SVC_ID_SP_EVENT_COMPLETE_AARCH64 -+ -+/* MM_SP_UUID_DATA defined by the platform */ -+union ffa_partition_uuid mm_sp_svc_uuid = {.bytes = {MM_SP_UUID_DATA}}; -+ -+static u16 __efi_runtime_data mm_sp_id; -+ -+#endif -+ - extern struct efi_var_file __efi_runtime_data *efi_var_buf; - static efi_uintn_t max_buffer_size; /* comm + var + func + data */ - static efi_uintn_t max_payload_size; /* func + data */ -@@ -24,6 +46,7 @@ struct mm_connection { - u32 session; - }; - -+#if (IS_ENABLED(CONFIG_OPTEE)) - /** - * get_connection() - Retrieve OP-TEE session for a specific UUID. - * -@@ -143,16 +166,229 @@ static efi_status_t optee_mm_communicate(void *comm_buf, ulong dsize) - - return ret; - } -+#endif -+ -+#if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) -+ -+/** -+ * ffa_notify_mm_sp() - Announce there is data in the shared buffer -+ * -+ * Notifies the MM partition in the trusted world that -+ * data is available in the shared buffer. -+ * This is a blocking call during which trusted world has exclusive access -+ * to the MM shared buffer. -+ * -+ * Return: -+ * -+ * 0 on success -+ */ -+static int __efi_runtime ffa_notify_mm_sp(void) -+{ -+ struct ffa_interface_data func_data = {0}; -+ struct ffa_send_direct_data msg = {0}; -+ int ret; -+ u32 sp_event_complete; -+ int sp_event_ret; -+ -+ func_data.data0_size = sizeof(mm_sp_id); -+ func_data.data0 = &mm_sp_id; -+ -+ msg.a3 = FFA_SHARED_MM_BUFFER_ADDR; -+ msg.a4 = FFA_SHARED_MM_BUFFER_SIZE; -+ func_data.data1_size = sizeof(msg); -+ func_data.data1 = &msg; -+ -+ ret = ffa_helper_msg_send_direct_req(&func_data); -+ if (ret != FFA_ERR_STAT_SUCCESS) { -+ log_err("EFI: Failure to notify the MM SP , FF-A error (%d)\n", ret); -+ return ret; -+ } -+ -+ sp_event_complete = msg.a3; -+ sp_event_ret = (int)msg.a4; -+ -+ if (sp_event_complete == ARM_SVC_ID_SP_EVENT_COMPLETE && sp_event_ret == MM_SUCCESS) -+ return 0; -+ -+ log_err("EFI: Failure to notify the MM SP (0x%x , %d)\n", -+ sp_event_complete, -+ sp_event_ret); -+ -+ return -EACCES; -+} -+ -+/** -+ * ffa_discover_mm_sp_id() - Query the MM partition ID -+ * -+ * Use the FF-A driver to get the MM partition ID. -+ * If multiple partitions are found, use the first one -+ * -+ * Return: -+ * -+ * 0 on success -+ */ -+static int __efi_runtime ffa_discover_mm_sp_id(void) -+{ -+ struct ffa_interface_data func_data = {0}; -+ u32 count = 0; -+ int ret; -+ struct ffa_partition_info *parts_info; -+ -+ /* -+ * get from the driver the count of the SPs matching the UUID -+ */ -+ func_data.data0_size = sizeof(mm_sp_svc_uuid); -+ func_data.data0 = &mm_sp_svc_uuid; -+ func_data.data1_size = sizeof(count); -+ func_data.data1 = &count; -+ -+ ret = ffa_helper_get_partitions_info(&func_data); -+ if (ret != FFA_ERR_STAT_SUCCESS) { -+ log_err("EFI: Failure in querying partitions count (error code: %d)\n", ret); -+ return ret; -+ } -+ -+ if (!count) { -+ log_info("EFI: No MM partition found\n"); -+ return ret; -+ } -+ -+ /* -+ * pre-allocate a buffer to be filled by the driver -+ * with ffa_partition_info structs -+ */ -+ -+ parts_info = calloc(count, sizeof(struct ffa_partition_info)); -+ if (!parts_info) -+ return -EINVAL; -+ -+ log_info("EFI: Pre-allocating %d partition(s) info structures\n", count); -+ -+ func_data.data1_size = count * -+ sizeof(struct ffa_partition_info); -+ func_data.data1 = parts_info; -+ -+ /* -+ * ask the driver to fill the -+ * buffer with the SPs info -+ */ -+ ret = ffa_helper_get_partitions_info(&func_data); -+ if (ret != FFA_ERR_STAT_SUCCESS) { -+ log_err("EFI: Failure in querying partition(s) info (error code: %d)\n", ret); -+ free(parts_info); -+ return ret; -+ } -+ -+ /* -+ * MM SPs found , use the first one -+ */ -+ -+ mm_sp_id = parts_info[0].id; -+ -+ log_info("EFI: MM partition ID 0x%x\n", mm_sp_id); -+ -+ free(parts_info); -+ -+ return 0; -+} - - /** -- * mm_communicate() - Adjust the cmonnucation buffer to StandAlonneMM and send -+ * ffa_mm_communicate() - Exchange EFI services data with the MM partition using FF-A -+ * @comm_buf: locally allocated communication buffer used for for rx/tx -+ * @dsize: communication buffer size -+ * -+ * Issues a door bell event to notify the MM partition (SP) running in OP-TEE -+ * that there is data to read from the shared buffer. -+ * Communication with the MM SP is performed using FF-A transport. -+ * On the event, MM SP can read the data from the buffer and -+ * update the MM shared buffer with response data. -+ * The response data is copied back to the communication buffer. -+ * -+ * Return: -+ * -+ * EFI status code -+ */ -+static efi_status_t __efi_runtime ffa_mm_communicate(void *comm_buf, ulong comm_buf_size) -+{ -+ ulong tx_data_size; -+ int ffa_ret; -+ struct efi_mm_communicate_header *mm_hdr; -+ void *virt_shared_buf; -+ -+ if (!comm_buf) -+ return EFI_INVALID_PARAMETER; -+ -+ /* Discover MM partition ID */ -+ if (!mm_sp_id && ffa_discover_mm_sp_id() != FFA_ERR_STAT_SUCCESS) { -+ log_err("EFI: Failure to discover MM partition ID\n"); -+ return EFI_UNSUPPORTED; -+ } -+ -+ mm_hdr = (struct efi_mm_communicate_header *)comm_buf; -+ tx_data_size = mm_hdr->message_len + sizeof(efi_guid_t) + sizeof(size_t); -+ -+ if (comm_buf_size != tx_data_size || tx_data_size > FFA_SHARED_MM_BUFFER_SIZE) -+ return EFI_INVALID_PARAMETER; -+ -+ /* Copy the data to the shared buffer */ -+ -+ virt_shared_buf = (void *)map_sysmem((phys_addr_t)FFA_SHARED_MM_BUFFER_ADDR, 0); -+ efi_memcpy_runtime(virt_shared_buf, comm_buf, tx_data_size); -+ -+ /* Announce there is data in the shared buffer */ -+ -+ ffa_ret = ffa_notify_mm_sp(); -+ if (ffa_ret) -+ unmap_sysmem(virt_shared_buf); -+ -+ switch (ffa_ret) { -+ case 0: -+ { -+ ulong rx_data_size; -+ /* Copy the MM SP response from the shared buffer to the communication buffer */ -+ rx_data_size = ((struct efi_mm_communicate_header *)virt_shared_buf)->message_len + -+ sizeof(efi_guid_t) + -+ sizeof(size_t); -+ -+ if (rx_data_size > comm_buf_size) { -+ unmap_sysmem(virt_shared_buf); -+ return EFI_OUT_OF_RESOURCES; -+ } -+ -+ efi_memcpy_runtime(comm_buf, virt_shared_buf, rx_data_size); -+ unmap_sysmem(virt_shared_buf); -+ -+ return EFI_SUCCESS; -+ } -+ case -EINVAL: -+ return EFI_DEVICE_ERROR; -+ case -EPERM: -+ return EFI_INVALID_PARAMETER; -+ case -EACCES: -+ return EFI_ACCESS_DENIED; -+ case -EBUSY: -+ return EFI_OUT_OF_RESOURCES; -+ default: -+ return EFI_ACCESS_DENIED; -+ } -+} -+#endif -+ -+/** -+ * mm_communicate() - Adjust the communication buffer to the MM SP and send - * it to OP-TEE - * -- * @comm_buf: locally allocted communcation buffer -+ * @comm_buf: locally allocted communication buffer - * @dsize: buffer size -+ * -+ * The MM SP (also called partition) can be StandAlonneMM or smm-gateway. -+ * The comm_buf format is the same for both partitions. -+ * When using the u-boot OP-TEE driver, StandAlonneMM is supported. -+ * When using the u-boot FF-A driver, StandAlonneMM and smm-gateway are supported. -+ * - * Return: status code - */ --static efi_status_t mm_communicate(u8 *comm_buf, efi_uintn_t dsize) -+static efi_status_t __efi_runtime mm_communicate(u8 *comm_buf, efi_uintn_t dsize) - { - efi_status_t ret; - struct efi_mm_communicate_header *mm_hdr; -@@ -162,7 +398,11 @@ static efi_status_t mm_communicate(u8 *comm_buf, efi_uintn_t dsize) - mm_hdr = (struct efi_mm_communicate_header *)comm_buf; - var_hdr = (struct smm_variable_communicate_header *)mm_hdr->data; - -+ #if (IS_ENABLED(CONFIG_OPTEE)) - ret = optee_mm_communicate(comm_buf, dsize); -+ #elif (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) -+ ret = ffa_mm_communicate(comm_buf, dsize); -+ #endif - if (ret != EFI_SUCCESS) { - log_err("%s failed!\n", __func__); - return ret; -@@ -258,6 +498,23 @@ efi_status_t EFIAPI get_max_payload(efi_uintn_t *size) - goto out; - } - *size = var_payload->size; -+ -+ #if (IS_ENABLED(CONFIG_OPTEE)) -+ /* -+ * Although the max payload is configurable on StMM, we only share a -+ * single page from OP-TEE for the non-secure buffer used to communicate -+ * with StMM. Since OP-TEE will reject to map anything bigger than that, -+ * make sure we are in bounds. -+ */ -+ if (*size > OPTEE_PAGE_SIZE) -+ *size = OPTEE_PAGE_SIZE - MM_COMMUNICATE_HEADER_SIZE - -+ MM_VARIABLE_COMMUNICATE_SIZE; -+ #elif (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) -+ if (*size > FFA_SHARED_MM_BUFFER_SIZE) -+ *size = FFA_SHARED_MM_BUFFER_SIZE - MM_COMMUNICATE_HEADER_SIZE - -+ MM_VARIABLE_COMMUNICATE_SIZE; -+ #endif -+ - /* - * There seems to be a bug in EDK2 miscalculating the boundaries and - * size checks, so deduct 2 more bytes to fulfill this requirement. Fix -@@ -697,7 +954,7 @@ void efi_variables_boot_exit_notify(void) - ret = EFI_NOT_FOUND; - - if (ret != EFI_SUCCESS) -- log_err("Unable to notify StMM for ExitBootServices\n"); -+ log_err("Unable to notify the MM partition for ExitBootServices\n"); - free(comm_buf); - - /* --- -2.37.1 - diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-lib-uuid-introduce-be_uuid_str_to_le_bin-function.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-lib-uuid-introduce-be_uuid_str_to_le_bin-function.patch new file mode 100644 index 00000000..769209b9 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-lib-uuid-introduce-be_uuid_str_to_le_bin-function.patch @@ -0,0 +1,127 @@ +From af17d357674393565c8be15f21c86cba972963e7 Mon Sep 17 00:00:00 2001 +From: Abdellatif El Khlifi +Date: Thu, 4 Aug 2022 16:46:47 +0100 +Subject: [PATCH 08/26] lib: uuid: introduce be_uuid_str_to_le_bin function + +convert big endian UUID string to little endian buffer + +Signed-off-by: Abdellatif El Khlifi +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/] +--- + +Changelog: +=============== + +v4: + +* rename ffa_uuid_str_to_bin to be_uuid_str_to_le_bin and put in + a standalone commit (the current) + +v3: + +* introduce ffa_uuid_str_to_bin (provided by + arm_ffa: introduce Arm FF-A low-level driver) + + include/uuid.h | 6 +++++ + lib/uuid.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 69 insertions(+) + +diff --git a/include/uuid.h b/include/uuid.h +index 4a4883d3b5..5355230b5e 100644 +--- a/include/uuid.h ++++ b/include/uuid.h +@@ -44,4 +44,10 @@ int uuid_guid_get_bin(const char *guid_str, unsigned char *guid_bin); + const char *uuid_guid_get_str(const unsigned char *guid_bin); + void gen_rand_uuid(unsigned char *uuid_bin); + void gen_rand_uuid_str(char *uuid_str, int str_format); ++ ++/** ++ * be_uuid_str_to_le_bin - Converts a big endian UUID string to a little endian buffer ++ */ ++int be_uuid_str_to_le_bin(const char *uuid_str, unsigned char *uuid_bin); ++ + #endif +diff --git a/lib/uuid.c b/lib/uuid.c +index 284f8113ff..d0fa51d0bf 100644 +--- a/lib/uuid.c ++++ b/lib/uuid.c +@@ -1,6 +1,7 @@ + // SPDX-License-Identifier: GPL-2.0+ + /* + * Copyright 2011 Calxeda, Inc. ++ * Copyright 2022 ARM Limited + */ + + #include +@@ -342,6 +343,68 @@ int uuid_str_to_bin(const char *uuid_str, unsigned char *uuid_bin, + return 0; + } + ++/** ++ * be_uuid_str_to_le_bin - Converts a big endian UUID string to a little endian buffer ++ * @uuid_str: UUID string in big endian format (36 bytes wide + '/0') ++ * @uuid_bin: preallocated 16 bytes UUID buffer in little endian format ++ * ++ * UUID string is 36 characters (36 bytes): ++ * ++ * xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx ++ * be be be be be ++ * ++ * where x is a hexadecimal character. Fields are separated by '-'s. ++ * When converting to a binary UUID, these endianness rules apply: ++ * be: means the field in the string is considered a big endian hex number ++ * and should be converted to little endian binary format ++ * ++ * Return: ++ * ++ * uuid_bin filled with little endian UUID data ++ * On success 0 is returned. Otherwise, failure code. ++ */ ++int be_uuid_str_to_le_bin(const char *uuid_str, unsigned char *uuid_bin) ++{ ++ u16 tmp16 = 0; ++ u32 tmp32 = 0; ++ u64 tmp64 = 0; ++ ++ if (!uuid_str_valid(uuid_str) || !uuid_bin) ++ return -EINVAL; ++ ++ /* ++ * reverse bytes from big to little endian ++ */ ++ tmp32 = simple_strtoul(uuid_str, NULL, 16); ++ memcpy(uuid_bin, &tmp32, 4); ++ ++ /* ++ * reverse bytes from big to little endian ++ */ ++ tmp16 = simple_strtoul(uuid_str + 9, NULL, 16); ++ memcpy(uuid_bin + 4, &tmp16, 2); ++ ++ /* ++ * reverse bytes from big to little endian ++ */ ++ tmp16 = simple_strtoul(uuid_str + 14, NULL, 16); ++ memcpy(uuid_bin + 6, &tmp16, 2); ++ ++ /* ++ * reverse bytes from big to little endian ++ */ ++ tmp16 = simple_strtoul(uuid_str + 19, NULL, 16); ++ memcpy(uuid_bin + 8, &tmp16, 2); ++ ++ /* ++ * reverse bytes from big to little endian ++ */ ++ tmp64 = simple_strtoull(uuid_str + 24, NULL, 16); ++ memcpy(uuid_bin + 10, (char *)&tmp64, 6); ++ ++ return 0; ++} ++ + /* + * uuid_bin_to_str() - convert big endian binary data to string UUID or GUID. + * +-- +2.17.1 + diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-arm_ffa-introduce-Arm-FF-A-low-level-driver.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-arm_ffa-introduce-Arm-FF-A-low-level-driver.patch new file mode 100644 index 00000000..64653b30 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-arm_ffa-introduce-Arm-FF-A-low-level-driver.patch @@ -0,0 +1,2245 @@ +From 4729efd57e260b8c02d8cd1c30a443d29885dbd1 Mon Sep 17 00:00:00 2001 +From: Abdellatif El Khlifi +Date: Mon, 15 Aug 2022 15:00:44 +0100 +Subject: [PATCH 09/26] arm_ffa: introduce Arm FF-A low-level driver + +Add the driver implementing Arm Firmware Framework for Armv8-A v1.0 + +The Firmware Framework for Arm A-profile processors (FF-A) +describes interfaces (ABIs) that standardize communication +between the Secure World and Normal World leveraging TrustZone +technology. + +This driver uses 64-bit registers as per SMCCCv1.2 spec and comes +on top of the SMCCC layer. The driver provides the FF-A ABIs needed for +querying the FF-A framework from the secure world. + +32-bit version of the ABIs is supported and 64-bit version of FFA_RXTX_MAP +and FFA_MSG_SEND_DIRECT_{REQ, RESP}. + +In u-boot FF-A design, FF-A is considered as a discoverable bus. +The Secure World is considered as one entity to communicate with +using the FF-A bus. FF-A communication is handled by one device and +one instance (the bus). This FF-A driver takes care of all the +interactions between Normal world and Secure World. + +The driver exports its operations to be used by upper layers. + +Exported operations: + +- partition_info_get +- sync_send_receive +- rxtx_unmap + +This implementation provides an optional feature to copy the driver data +to EFI runtime area. + +Signed-off-by: Abdellatif El Khlifi +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/] +--- + +Changelog: +=============== + +v4: + +* add doc/README.ffa.drv +* moving the FF-A driver work to drivers/firmware/arm-ffa +* use less #ifdefs in lib/efi_loader/efi_boottime.c and replace + #if defined by #if CONFIG_IS_ENABLED +* improving error handling by mapping the FF-A errors to standard errors + and logs +* replacing panics with an error log and returning an error code +* improving features discovery in FFA_FEATURES by introducing + rxtx_min_pages private data field +* add ffa_remove and ffa_bind functions +* improve how the driver behaves when bus discovery is done more than + once + +v3: + +* align the interfaces of the u-boot FF-A driver with those in the linux + FF-A driver +* remove the FF-A helper layer +* make the u-boot FF-A driver independent from EFI +* provide an optional config that enables copying the driver data to EFI + runtime section at ExitBootServices service +* use 64-bit version of FFA_RXTX_MAP, FFA_MSG_SEND_DIRECT_{REQ, RESP} + +v2: + +* make FF-A bus discoverable using device_{bind, probe} APIs +* remove device tree support + +v1: + +* introduce FF-A bus driver with device tree support + + MAINTAINERS | 7 + + common/board_r.c | 7 + + doc/README.ffa.drv | 160 ++ + drivers/Kconfig | 2 + + drivers/Makefile | 1 + + drivers/firmware/arm-ffa/Kconfig | 39 + + drivers/firmware/arm-ffa/Makefile | 7 + + drivers/firmware/arm-ffa/arm-ffa-uclass.c | 16 + + drivers/firmware/arm-ffa/arm_ffa_prv.h | 196 +++ + drivers/firmware/arm-ffa/core.c | 1344 +++++++++++++++++ + .../arm-ffa/efi_ffa_runtime_data_mgr.c | 94 ++ + include/arm_ffa.h | 127 ++ + include/dm/uclass-id.h | 1 + + lib/efi_loader/efi_boottime.c | 12 + + 14 files changed, 2013 insertions(+) + create mode 100644 doc/README.ffa.drv + create mode 100644 drivers/firmware/arm-ffa/Kconfig + create mode 100644 drivers/firmware/arm-ffa/Makefile + create mode 100644 drivers/firmware/arm-ffa/arm-ffa-uclass.c + create mode 100644 drivers/firmware/arm-ffa/arm_ffa_prv.h + create mode 100644 drivers/firmware/arm-ffa/core.c + create mode 100644 drivers/firmware/arm-ffa/efi_ffa_runtime_data_mgr.c + create mode 100644 include/arm_ffa.h + +diff --git a/MAINTAINERS b/MAINTAINERS +index 7f27ff4c20..e760b4ca3a 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -244,6 +244,13 @@ F: board/CZ.NIC/ + F: configs/turris_*_defconfig + F: include/configs/turris_*.h + ++ARM FF-A ++M: Abdellatif El Khlifi ++S: Maintained ++F: doc/README.ffa.drv ++F: drivers/firmware/arm-ffa/ ++F: include/arm_ffa.h ++ + ARM FREESCALE IMX + M: Stefano Babic + M: Fabio Estevam +diff --git a/common/board_r.c b/common/board_r.c +index 6f4aca2077..c75634286b 100644 +--- a/common/board_r.c ++++ b/common/board_r.c +@@ -63,6 +63,10 @@ + #include + #include + ++#ifdef CONFIG_ARM_FFA_TRANSPORT ++#include ++#endif ++ + DECLARE_GLOBAL_DATA_PTR; + + ulong monitor_flash_len; +@@ -779,6 +783,9 @@ static init_fnc_t init_sequence_r[] = { + INIT_FUNC_WATCHDOG_RESET + initr_net, + #endif ++#ifdef CONFIG_ARM_FFA_TRANSPORT ++ ffa_bus_discover, ++#endif + #ifdef CONFIG_POST + initr_post, + #endif +diff --git a/doc/README.ffa.drv b/doc/README.ffa.drv +new file mode 100644 +index 0000000000..1c0a33deb8 +--- /dev/null ++++ b/doc/README.ffa.drv +@@ -0,0 +1,160 @@ ++Arm FF-A Driver ++==================== ++ ++Introduction ++-------------------- ++ ++FF-A stands for Firmware Framework for Arm A-profile processors. ++ ++FF-A specifies interfaces that enable a pair of software sandboxes to communicate with each other. A sandbox aka partition could ++be a VM in the Normal or Secure world, an application in S-EL0, or a Trusted OS in S-EL1. ++ ++This FF-A driver implements the interfaces to communicate with partitions in the Secure world aka Secure partitions (SPs). ++ ++The driver specifically focuses on communicating with SPs that isolate portions of EFI runtime services that must run in a ++protected environment which is inaccessible by the Host OS or Hypervisor. Examples of such services are set/get variables. ++ ++FF-A driver uses the SMC ABIs defined by the FF-A specification to: ++ ++- Discover the presence of SPs of interest. ++- Access an SP's service through communication protocols e.g. EFI MM communication protocol. ++ ++FF-A and SMC specifications ++------------------------------------------- ++ ++The current implementation of the driver relies on FF-A specification v1.0 and uses SMC32 calling convention. ++ ++The driver has been tested with Optee OS which supports SMC32 for most of the SMC ABIs. ++ ++For more details please refer to: https://developer.arm.com/documentation/den0077/a/?lang=en ++ ++The FF-A driver uses 64-bit registers as per SMCCCv1.2 specification. ++ ++For more details please refer to: https://documentation-service.arm.com/static/5f8edaeff86e16515cdbe4c6?token= ++ ++Supported hardware ++-------------------------------- ++ ++Aarch64 plaforms ++ ++Configuration ++---------------------- ++ ++CONFIG_ARM_FFA_TRANSPORT ++ Enables the FF-A bus driver. Turn this on if you want to use FF-A communication. ++ ++CONFIG_ARM_FFA_EFI_RUNTIME_MODE ++ Optional config that enables EFI runtime support for FF-A data and code. ++ ffa_copy_runtime_data allows to copy the FF-A driver data structures to EFI runtime data section. ++ Turning the config on makes ffa_copy_runtime_data available for use and the driver code placed at EFI runtime code section. ++ Call ffa_copy_runtime_data at the event on which you want the FF-A data to be copied (example: at ExitBootServices). ++ ++CONFIG_SANDBOX_FFA ++ Enables FF-A Sandbox driver. This emulates the FF-A ABIs handling under Sandbox and provides ++ functional tests for FF-A. ++ ++FF-A ABIs under the hood ++--------------------------------------- ++ ++Invoking an FF-A ABI involves providing to the secure world/hypervisor the expected arguments from the ABI. ++ ++The ABI arguments are stored in x0 to x7 registers. Then, an SMC instruction is executed. ++ ++At the secure side level or hypervisor the ABI is handled at a higher exception level and the arguments are read and processed. ++ ++The response is put back through x0 to x7 registers and control is giving back to the u-boot FF-A driver (non secure world). ++ ++The driver reads the response and processes it accordingly. ++ ++This methodology applies to all the FF-A ABIs in the driver. ++ ++FF-A bus discovery in u-boot ++------------------------------------------- ++ ++When CONFIG_ARM_FFA_TRANSPORT is enabled, the FF-A bus is automatically discovered at initcall level (after u-boot relocation). ++ ++The function that triggers the discovery process is ffa_bus_discover. ++ ++ffa_bus_discover creates, binds and probes the arm_ffa device using device_{bind, probe} APIs. ++ ++When the device is probed, ffa_probe is called which tries to communicate with the secure world or hypervisor. ++ ++The FF-A bus is usable when these checks succeed: ++ ++- querying the FF-A framework version ++- querying from secure world the u-boot endpoint ID ++- querying from secure world the supported features of the specified FF-A calls ++- mapping the RX/TX buffers ++- querying from secure world all the partitions information ++ ++Probing fails when any of these operations fail. The FF-A bus discovery succeeds when probing is successful. ++ ++When discovery fails the arm_ffa device is destroyed. ++ ++The bus driver layer ++------------------------------ ++ ++The driver comes on top of the SMCCC layer and is implemented in drivers/firmware/arm-ffa/core.c ++ ++The driver provides the following features: ++ ++- Support for the 32-bit version of the following ABIs: ++ ++FFA_VERSION ++FFA_ID_GET ++FFA_FEATURES ++FFA_PARTITION_INFO_GET ++FFA_RXTX_UNMAP ++FFA_RX_RELEASE ++FFA_RUN ++FFA_ERROR ++FFA_SUCCESS ++FFA_INTERRUPT ++ ++- Support for the 64-bit version of the following ABIs: ++ ++FFA_RXTX_MAP ++FFA_MSG_SEND_DIRECT_REQ ++FFA_MSG_SEND_DIRECT_RESP ++ ++- Processing the received data from the secure world/hypervisor and caching it ++ ++- Hiding from upper layers the FF-A protocol and registers details. Upper layers focus on exchanged data, ++the driver takes care of how to transport that to the secure world/hypervisor using FF-A. ++ ++- The driver provides callbacks to be used by clients to access the FF-A bus: ++ ++partition_info_get ++sync_send_receive ++rxtx_unmap ++ ++- FF-A bus discovery at initcalls level (after u-boot relocation). The bus is up and running if the FF-A framework is responsive and compatible with the driver. ++ ++- When EFI is enabled, unmap the RX/TX buffers at ExitBootServices() level. ++ ++- When CONFIG_ARM_FFA_EFI_RUNTIME_MODE enabled, ffa_copy_runtime_data function is available for use. ++ ++Using armffa command ++----------------------------------- ++ ++armffa is a command showcasing how to use the FF-A driver and how to invoke its operations. ++ ++This provides a guidance to the client developers on how to call the FF-A bus interfaces. ++ ++Usage: ++ ++armffa ++ ++sub-commands: ++ ++ getpart ++ ++ lists the partition(s) info ++ ++ ping ++ ++ sends a data pattern to the specified partition ++ ++ devlist ++ ++ displays the arm_ffa device info +diff --git a/drivers/Kconfig b/drivers/Kconfig +index b26ca8cf70..4a602517bf 100644 +--- a/drivers/Kconfig ++++ b/drivers/Kconfig +@@ -6,6 +6,8 @@ source "drivers/core/Kconfig" + + source "drivers/adc/Kconfig" + ++source "drivers/firmware/arm-ffa/Kconfig" ++ + source "drivers/ata/Kconfig" + + source "drivers/axi/Kconfig" +diff --git a/drivers/Makefile b/drivers/Makefile +index 67c8af7442..77db8736e6 100644 +--- a/drivers/Makefile ++++ b/drivers/Makefile +@@ -109,6 +109,7 @@ obj-y += iommu/ + obj-y += smem/ + obj-y += thermal/ + obj-$(CONFIG_TEE) += tee/ ++obj-$(CONFIG_ARM_FFA_TRANSPORT) += firmware/arm-ffa/ + obj-y += axi/ + obj-y += ufs/ + obj-$(CONFIG_W1) += w1/ +diff --git a/drivers/firmware/arm-ffa/Kconfig b/drivers/firmware/arm-ffa/Kconfig +new file mode 100644 +index 0000000000..aceb61cf49 +--- /dev/null ++++ b/drivers/firmware/arm-ffa/Kconfig +@@ -0,0 +1,39 @@ ++# SPDX-License-Identifier: GPL-2.0 ++ ++config ARM_FFA_TRANSPORT ++ bool "Enable Arm Firmware Framework for Armv8-A driver" ++ depends on DM && ARM64 ++ select ARM_SMCCC ++ select LIB_UUID ++ select DEVRES ++ help ++ The Firmware Framework for Arm A-profile processors (FF-A) ++ describes interfaces (ABIs) that standardize communication ++ between the Secure World and Normal World leveraging TrustZone ++ technology. ++ ++ This driver is based on FF-A specification v1.0 and uses SMC32 ++ calling convention. ++ ++ FF-A specification: ++ ++ https://developer.arm.com/documentation/den0077/a/?lang=en ++ ++ In u-boot FF-A design, FF-A is considered as a discoverable bus. ++ The Secure World is considered as one entity to communicate with ++ using the FF-A bus. ++ FF-A communication is handled by one device and one instance (the bus). ++ This FF-A driver takes care of all the interactions between Normal world ++ and Secure World. ++ ++ For more details about the FF-A driver, please refer to doc/README.ffa.drv ++ ++config ARM_FFA_EFI_RUNTIME_MODE ++ bool "Enable EFI runtime support for FF-A data and code" ++ depends on ARM_FFA_TRANSPORT && EFI_LOADER ++ help ++ Allows FF-A driver data structures and code to be accessible at EFI runtime. ++ FF-A data is copied by ffa_copy_runtime_data function. ++ The driver Code needed at runtime is placed at EFI runtime code section. ++ Turning this on makes ffa_copy_runtime_data available for use and the driver ++ code placed at EFI runtime code section. +diff --git a/drivers/firmware/arm-ffa/Makefile b/drivers/firmware/arm-ffa/Makefile +new file mode 100644 +index 0000000000..0b9b0a61b4 +--- /dev/null ++++ b/drivers/firmware/arm-ffa/Makefile +@@ -0,0 +1,7 @@ ++# SPDX-License-Identifier: GPL-2.0+ ++# ++# (C) Copyright 2022 Abdellatif El Khlifi ++# ++ ++obj-y += arm-ffa-uclass.o core.o ++obj-$(CONFIG_ARM_FFA_EFI_RUNTIME_MODE) += efi_ffa_runtime_data_mgr.o +diff --git a/drivers/firmware/arm-ffa/arm-ffa-uclass.c b/drivers/firmware/arm-ffa/arm-ffa-uclass.c +new file mode 100644 +index 0000000000..7d9695d289 +--- /dev/null ++++ b/drivers/firmware/arm-ffa/arm-ffa-uclass.c +@@ -0,0 +1,16 @@ ++// SPDX-License-Identifier: GPL-2.0+ ++/* ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi ++ */ ++ ++#include ++#include ++#include ++ ++DECLARE_GLOBAL_DATA_PTR; ++ ++UCLASS_DRIVER(ffa) = { ++ .name = "ffa", ++ .id = UCLASS_FFA, ++}; +diff --git a/drivers/firmware/arm-ffa/arm_ffa_prv.h b/drivers/firmware/arm-ffa/arm_ffa_prv.h +new file mode 100644 +index 0000000000..7bc90f7f66 +--- /dev/null ++++ b/drivers/firmware/arm-ffa/arm_ffa_prv.h +@@ -0,0 +1,196 @@ ++/* SPDX-License-Identifier: GPL-2.0+ */ ++/* ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi ++ */ ++ ++#ifndef __ARM_FFA_PRV_H ++#define __ARM_FFA_PRV_H ++ ++#include ++#include ++#include ++#include ++ ++/* ++ * This header is private. It is exclusively used by the FF-A driver ++ */ ++ ++/* FF-A core driver name */ ++#define FFA_DRV_NAME "arm_ffa" ++ ++/* FF-A driver version definitions */ ++ ++#define MAJOR_VERSION_MASK GENMASK(30, 16) ++#define MINOR_VERSION_MASK GENMASK(15, 0) ++#define GET_FFA_MAJOR_VERSION(x) \ ++ ((u16)(FIELD_GET(MAJOR_VERSION_MASK, (x)))) ++#define GET_FFA_MINOR_VERSION(x) \ ++ ((u16)(FIELD_GET(MINOR_VERSION_MASK, (x)))) ++#define PACK_VERSION_INFO(major, minor) \ ++ (FIELD_PREP(MAJOR_VERSION_MASK, (major)) | \ ++ FIELD_PREP(MINOR_VERSION_MASK, (minor))) ++ ++#define FFA_MAJOR_VERSION (1) ++#define FFA_MINOR_VERSION (0) ++#define FFA_VERSION_1_0 \ ++ PACK_VERSION_INFO(FFA_MAJOR_VERSION, FFA_MINOR_VERSION) ++ ++/* Endpoint ID mask (u-boot endpoint ID) */ ++ ++#define GET_SELF_ENDPOINT_ID_MASK GENMASK(15, 0) ++#define GET_SELF_ENDPOINT_ID(x) \ ++ ((u16)(FIELD_GET(GET_SELF_ENDPOINT_ID_MASK, (x)))) ++ ++#define PREP_SELF_ENDPOINT_ID_MASK GENMASK(31, 16) ++#define PREP_SELF_ENDPOINT_ID(x) \ ++ (FIELD_PREP(PREP_SELF_ENDPOINT_ID_MASK, (x))) ++ ++/* Partition endpoint ID mask (partition with which u-boot communicates with) */ ++ ++#define PREP_PART_ENDPOINT_ID_MASK GENMASK(15, 0) ++#define PREP_PART_ENDPOINT_ID(x) \ ++ (FIELD_PREP(PREP_PART_ENDPOINT_ID_MASK, (x))) ++ ++/* ++ * Definitions of the Arm FF-A interfaces supported by the Arm FF-A driver ++ */ ++ ++#define FFA_SMC(calling_convention, func_num) \ ++ ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, (calling_convention), \ ++ ARM_SMCCC_OWNER_STANDARD, (func_num)) ++ ++#define FFA_SMC_32(func_num) FFA_SMC(ARM_SMCCC_SMC_32, (func_num)) ++#define FFA_SMC_64(func_num) FFA_SMC(ARM_SMCCC_SMC_64, (func_num)) ++ ++enum ffa_abis { ++ FFA_ERROR = 0x60, ++ FFA_SUCCESS = 0x61, ++ FFA_INTERRUPT = 0x62, ++ FFA_VERSION = 0x63, ++ FFA_FEATURES = 0x64, ++ FFA_RX_RELEASE = 0x65, ++ FFA_RXTX_MAP = 0x66, ++ FFA_RXTX_UNMAP = 0x67, ++ FFA_PARTITION_INFO_GET = 0x68, ++ FFA_ID_GET = 0x69, ++ FFA_RUN = 0x6D, ++ FFA_MSG_SEND_DIRECT_REQ = 0x6F, ++ FFA_MSG_SEND_DIRECT_RESP = 0x70, ++ ++ /* to be updated when adding new FFA IDs */ ++ FFA_FIRST_ID = FFA_ERROR, /* lowest number ID*/ ++ FFA_LAST_ID = FFA_MSG_SEND_DIRECT_RESP, /* highest number ID*/ ++}; ++ ++/* number of the errors supported by the FF-A specification */ ++#define MAX_NUMBER_FFA_ERR 9 ++ ++/* container structure and helper macros to map between an FF-A error and relevant error log */ ++struct ffa_abi_errmap { ++ char *err_str[MAX_NUMBER_FFA_ERR]; ++}; ++ ++#define FFA_ERRMAP_COUNT (FFA_LAST_ID - FFA_FIRST_ID + 1) ++#define FFA_ID_TO_ERRMAP_ID(ffa_id) ((ffa_id) - FFA_FIRST_ID) ++ ++/* The FF-A SMC function definitions */ ++ ++typedef struct arm_smccc_1_2_regs ffa_value_t; ++typedef void (*invoke_ffa_fn_t)(ffa_value_t args, ffa_value_t *res); ++ ++/* ++ * struct ffa_partition_uuid - 16 bytes UUID transmitted by FFA_PARTITION_INFO_GET ++ * @a1-4: 32-bit words access to the UUID data ++ * ++ */ ++struct ffa_partition_uuid { ++ u32 a1; /* w1 */ ++ u32 a2; /* w2 */ ++ u32 a3; /* w3 */ ++ u32 a4; /* w4 */ ++}; ++ ++/** ++ * enum ffa_rxtx_buf_sizes - minimum sizes supported ++ * for the RX/TX buffers ++ */ ++enum ffa_rxtx_buf_sizes { ++ RXTX_4K, ++ RXTX_64K, ++ RXTX_16K ++}; ++ ++/** ++ * struct ffa_rxtxpair - structure hosting the RX/TX buffers virtual addresses ++ * @rxbuf: virtual address of the RX buffer ++ * @txbuf: virtual address of the TX buffer ++ * @rxtx_min_pages: RX/TX buffers minimum size in pages ++ * ++ * Data structure hosting the virtual addresses of the mapped RX/TX buffers ++ * These addresses are used by the FF-A functions that use the RX/TX buffers ++ */ ++struct ffa_rxtxpair { ++ u64 rxbuf; /* virtual address */ ++ u64 txbuf; /* virtual address */ ++ size_t rxtx_min_pages; /* minimum number of pages in each of the RX/TX buffers */ ++}; ++ ++/** ++ * struct ffa_partition_desc - the secure partition descriptor ++ * @info: partition information ++ * @sp_uuid: the secure partition UUID ++ * ++ * Each partition has its descriptor containing the partitions information and the UUID ++ */ ++struct ffa_partition_desc { ++ struct ffa_partition_info info; ++ struct ffa_partition_uuid sp_uuid; ++}; ++ ++/** ++ * struct ffa_partitions - descriptors for all secure partitions ++ * @count: The number of partitions descriptors ++ * @descs The partitions descriptors table ++ * ++ * This data structure contains the partitions descriptors table ++ */ ++struct ffa_partitions { ++ u32 count; ++ struct ffa_partition_desc *descs; /* virtual address */ ++}; ++ ++/** ++ * struct ffa_prvdata - the driver private data structure ++ * ++ * @dev: The arm_ffa device under u-boot driver model ++ * @ffa_ops: The driver operations structure ++ * @fwk_version: FF-A framework version ++ * @id: u-boot endpoint ID ++ * @partitions: The partitions descriptors structure ++ * @pair: The RX/TX buffers pair ++ * @invoke_ffa_fn: The function executing the FF-A function ++ * ++ * The driver data structure hosting all resident data. ++ */ ++struct ffa_prvdata { ++ struct udevice *dev; ++ struct ffa_bus_ops ffa_ops; ++ u32 fwk_version; ++ u16 id; ++ struct ffa_partitions partitions; ++ struct ffa_rxtxpair pair; ++ invoke_ffa_fn_t invoke_ffa_fn; ++}; ++ ++/** ++ * ffa_device_get - create, bind and probe the arm_ffa device ++ */ ++int ffa_device_get(void); ++ ++/** ++ * ffa_bus_prvdata_get - bus driver private data getter ++ */ ++struct ffa_prvdata **ffa_bus_prvdata_get(void); ++ ++#endif +diff --git a/drivers/firmware/arm-ffa/core.c b/drivers/firmware/arm-ffa/core.c +new file mode 100644 +index 0000000000..41c7b96e68 +--- /dev/null ++++ b/drivers/firmware/arm-ffa/core.c +@@ -0,0 +1,1344 @@ ++// SPDX-License-Identifier: GPL-2.0+ ++/* ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi ++ */ ++ ++#include "arm_ffa_prv.h" ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++DECLARE_GLOBAL_DATA_PTR; ++ ++/** ++ * The device private data structure containing all the resident ++ * data read from secure world ++ */ ++__ffa_runtime_data struct ffa_prvdata *ffa_priv_data; ++ ++/* Error mapping declarations */ ++ ++__ffa_runtime_data int ffa_to_std_errmap[MAX_NUMBER_FFA_ERR] = { ++ 0, ++ -EOPNOTSUPP, /* NOT_SUPPORTED */ ++ -EINVAL, /* INVALID_PARAMETERS */ ++ -ENOMEM, /* NO_MEMORY */ ++ -EBUSY, /* BUSY */ ++ -EINTR, /* INTERRUPTED */ ++ -EACCES, /* DENIED */ ++ -EAGAIN, /* RETRY */ ++ -ECANCELED, /* ABORTED */ ++}; ++ ++struct ffa_abi_errmap err_msg_map[FFA_ERRMAP_COUNT] = { ++ [FFA_ID_TO_ERRMAP_ID(FFA_VERSION)] = { ++ { ++ "", ++ "NOT_SUPPORTED: A Firmware Framework implementation does not exist", ++ "", /* INVALID_PARAMETERS */ ++ "", /* NO_MEMORY */ ++ "", /* BUSY */ ++ "", /* INTERRUPTED */ ++ "", /* DENIED */ ++ "", /* RETRY */ ++ "", /* ABORTED */ ++ }, ++ }, ++ [FFA_ID_TO_ERRMAP_ID(FFA_ID_GET)] = { ++ { ++ "", ++ "NOT_SUPPORTED: This function is not implemented at this FF-A instance", ++ "", /* INVALID_PARAMETERS */ ++ "", /* NO_MEMORY */ ++ "", /* BUSY */ ++ "", /* INTERRUPTED */ ++ "", /* DENIED */ ++ "", /* RETRY */ ++ "", /* ABORTED */ ++ }, ++ }, ++ [FFA_ID_TO_ERRMAP_ID(FFA_FEATURES)] = { ++ { ++ "", ++ "NOT_SUPPORTED: FFA_RXTX_MAP is not implemented at this FF-A instance", ++ "", /* INVALID_PARAMETERS */ ++ "", /* NO_MEMORY */ ++ "", /* BUSY */ ++ "", /* INTERRUPTED */ ++ "", /* DENIED */ ++ "", /* RETRY */ ++ "", /* ABORTED */ ++ }, ++ }, ++ [FFA_ID_TO_ERRMAP_ID(FFA_PARTITION_INFO_GET)] = { ++ { ++ "", ++ "NOT_SUPPORTED: This function is not implemented at this FF-A instance", ++ "INVALID_PARAMETERS: Unrecognized UUID", ++ "NO_MEMORY: Results cannot fit in RX buffer of the caller", ++ "BUSY: RX buffer of the caller is not free", ++ "", /* INTERRUPTED */ ++ "DENIED: Callee is not in a state to handle this request", ++ "", /* RETRY */ ++ "", /* ABORTED */ ++ }, ++ }, ++ [FFA_ID_TO_ERRMAP_ID(FFA_RXTX_UNMAP)] = { ++ { ++ "", ++ "NOT_SUPPORTED: FFA_RXTX_UNMAP is not implemented at this FF-A instance", ++ "INVALID_PARAMETERS: No buffer pair registered on behalf of the caller", ++ "", /* NO_MEMORY */ ++ "", /* BUSY */ ++ "", /* INTERRUPTED */ ++ "", /* DENIED */ ++ "", /* RETRY */ ++ "", /* ABORTED */ ++ }, ++ }, ++ [FFA_ID_TO_ERRMAP_ID(FFA_RX_RELEASE)] = { ++ { ++ "", ++ "NOT_SUPPORTED: FFA_RX_RELEASE is not implemented at this FF-A instance", ++ "", /* INVALID_PARAMETERS */ ++ "", /* NO_MEMORY */ ++ "", /* BUSY */ ++ "", /* INTERRUPTED */ ++ "DENIED: Caller did not have ownership of the RX buffer", ++ "", /* RETRY */ ++ "", /* ABORTED */ ++ }, ++ }, ++ [FFA_ID_TO_ERRMAP_ID(FFA_RXTX_MAP)] = { ++ { ++ "", ++ "NOT_SUPPORTED: This function is not implemented at this FF-A instance", ++ "INVALID_PARAMETERS: Field(s) in input parameters incorrectly encoded", ++ "NO_MEMORY: Not enough memory", ++ "", /* BUSY */ ++ "", /* INTERRUPTED */ ++ "DENIED: Buffer pair already registered", ++ "", /* RETRY */ ++ "", /* ABORTED */ ++ }, ++ }, ++}; ++ ++/** ++ * ffa_to_std_errno - convert FF-A error code to standard error code ++ * @ffa_errno: Error code returned by the FF-A ABI ++ * ++ * This runtime function maps the given FF-A error code as specified ++ * by the spec to a u-boot standard error code. ++ * ++ * Return: ++ * ++ * The standard error code on success. . Otherwise, failure ++ */ ++__ffa_runtime int ffa_to_std_errno(int ffa_errno) ++{ ++ int err_idx = -ffa_errno; ++ ++ /* map the FF-A error code to the standard u-boot error code */ ++ if (err_idx > 0 && err_idx < MAX_NUMBER_FFA_ERR) ++ return ffa_to_std_errmap[err_idx]; ++ return -EINVAL; ++} ++ ++/** ++ * ffa_print_error_log - print the error log corresponding to the selected FF-A ABI ++ * @ffa_id: FF-A ABI ID ++ * @ffa_errno: Error code returned by the FF-A ABI ++ * ++ * This boot time function maps the FF-A error code to the error log relevant to the ++ * selected FF-A ABI. Then the error log is printed. ++ * ++ * Return: ++ * ++ * 0 on success. . Otherwise, failure ++ */ ++int ffa_print_error_log(u32 ffa_id, int ffa_errno) ++{ ++ int err_idx = -ffa_errno, abi_idx = 0; ++ ++ /* map the FF-A error code to the corresponding error log */ ++ ++ if (err_idx <= 0 || err_idx >= MAX_NUMBER_FFA_ERR) ++ return -EINVAL; ++ ++ if (ffa_id < FFA_FIRST_ID || ffa_id > FFA_LAST_ID) ++ return -EINVAL; ++ ++ abi_idx = FFA_ID_TO_ERRMAP_ID(ffa_id); ++ if (abi_idx < 0 || abi_idx >= FFA_ERRMAP_COUNT) ++ return -EINVAL; ++ ++ if (!err_msg_map[abi_idx].err_str || !err_msg_map[abi_idx].err_str[err_idx]) ++ return -EINVAL; ++ ++ ffa_err("%s", err_msg_map[abi_idx].err_str[err_idx]); ++ ++ return 0; ++} ++ ++/* ++ * Driver core functions ++ */ ++ ++/** ++ * ffa_remove_device - removes the arm_ffa device ++ * @dev: the device to be removed ++ * ++ * This boot time function makes sure the arm_ffa device is removed ++ * No need to free the kmalloced data when the device is destroyed. ++ * It's automatically done by devm management by ++ * device_remove() -> device_free() -> devres_release_probe(). ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++int ffa_remove_device(struct udevice *dev) ++{ ++ int ret; ++ ++ if (!dev) { ++ ffa_err("no udevice found"); ++ return -ENODEV; ++ } ++ ++ ret = device_remove(dev, DM_REMOVE_NORMAL); ++ if (ret) { ++ ffa_err("unable to remove. err:%d\n", ret); ++ return ret; ++ } ++ ++ ffa_info("device removed and freed"); ++ ++ ret = device_unbind(dev); ++ if (ret) { ++ ffa_err("unable to unbind. err:%d\n", ret); ++ return ret; ++ } ++ ++ ffa_info("device unbound"); ++ ++ return 0; ++} ++ ++/** ++ * ffa_device_get - create, bind and probe the arm_ffa device ++ * ++ * This boot time function makes sure the arm_ffa device is ++ * created, bound to this driver, probed and ready to use. ++ * Arm FF-A transport is implemented through a single u-boot ++ * device managing the FF-A bus (arm_ffa). ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++int ffa_device_get(void) ++{ ++ int ret; ++ struct udevice *dev = NULL; ++ ++ ret = device_bind(dm_root(), ++ DM_DRIVER_GET(arm_ffa), ++ FFA_DRV_NAME, ++ NULL, ++ ofnode_null(), ++ &dev); ++ if (ret) ++ return ret; ++ ++ /* The FF-A bus discovery succeeds when probing is successful */ ++ ret = device_probe(dev); ++ if (ret) { ++ ffa_err("arm_ffa device probing failed"); ++ ffa_remove_device(dev); ++ return ret; ++ } ++ ++ return 0; ++} ++ ++/** ++ * ffa_get_version - FFA_VERSION handler function ++ * ++ * This is the boot time function that implements FFA_VERSION FF-A function ++ * to get from the secure world the FF-A framework version ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_get_version(void) ++{ ++ u16 major, minor; ++ ffa_value_t res = {0}; ++ int ffa_errno; ++ ++ ffa_priv_data->invoke_ffa_fn((ffa_value_t){ ++ .a0 = FFA_SMC_32(FFA_VERSION), ++ .a1 = FFA_VERSION_1_0, .a2 = 0, .a3 = 0, .a4 = 0, .a5 = 0, .a6 = 0, .a7 = 0, ++ }, &res); ++ ++ ffa_errno = (int)res.a0; ++ if (ffa_errno < 0) { ++ ffa_print_error_log(FFA_VERSION, ffa_errno); ++ return ffa_to_std_errno(ffa_errno); ++ } ++ ++ major = GET_FFA_MAJOR_VERSION((u32)res.a0); ++ minor = GET_FFA_MINOR_VERSION((u32)res.a0); ++ ++ ffa_info("FF-A driver %d.%d\nFF-A framework %d.%d", ++ FFA_MAJOR_VERSION, FFA_MINOR_VERSION, major, minor); ++ ++ if ((major == FFA_MAJOR_VERSION && minor >= FFA_MINOR_VERSION)) { ++ ffa_info("Versions are compatible "); ++ ++ ffa_priv_data->fwk_version = (u32)res.a0; ++ ++ return 0; ++ } ++ ++ ffa_err("versions are incompatible\nExpected: %d.%d , Found: %d.%d\n", ++ FFA_MAJOR_VERSION, FFA_MINOR_VERSION, major, minor); ++ ++ return -EPROTONOSUPPORT; ++} ++ ++/** ++ * ffa_get_endpoint_id - FFA_ID_GET handler function ++ * ++ * This is the boot time function that implements FFA_ID_GET FF-A function ++ * to get from the secure world u-boot endpoint ID ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_get_endpoint_id(void) ++{ ++ ffa_value_t res = {0}; ++ int ffa_errno; ++ ++ ffa_priv_data->invoke_ffa_fn((ffa_value_t){ ++ .a0 = FFA_SMC_32(FFA_ID_GET), ++ .a1 = 0, .a2 = 0, .a3 = 0, .a4 = 0, .a5 = 0, .a6 = 0, .a7 = 0, ++ }, &res); ++ ++ if (res.a0 == FFA_SMC_32(FFA_SUCCESS)) { ++ ffa_priv_data->id = GET_SELF_ENDPOINT_ID((u32)res.a2); ++ ffa_info("endpoint ID is %u", ffa_priv_data->id); ++ ++ return 0; ++ } ++ ++ ffa_errno = (int)res.a2; ++ ++ ffa_print_error_log(FFA_ID_GET, ffa_errno); ++ ++ return ffa_to_std_errno(ffa_errno); ++} ++ ++/** ++ * ffa_set_rxtx_buffers_pages_cnt - sets the minimum number of pages in each of the RX/TX buffers ++ * @prop_field: properties field obtained from FFA_FEATURES ABI ++ * ++ * This boot time function sets the minimum number of pages ++ * in each of the RX/TX buffers in the private data structure ++ * ++ * Return: ++ * ++ * buf_4k_pages points to the returned number of pages ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_set_rxtx_buffers_pages_cnt(u32 prop_field) ++{ ++ if (!ffa_priv_data) ++ return -EINVAL; ++ ++ switch (prop_field) { ++ case RXTX_4K: ++ ffa_priv_data->pair.rxtx_min_pages = 1; ++ break; ++ case RXTX_16K: ++ ffa_priv_data->pair.rxtx_min_pages = 4; ++ break; ++ case RXTX_64K: ++ ffa_priv_data->pair.rxtx_min_pages = 16; ++ break; ++ default: ++ ffa_err("RX/TX buffer size not supported"); ++ return -EINVAL; ++ } ++ ++ return 0; ++} ++ ++/** ++ * ffa_get_rxtx_map_features - FFA_FEATURES handler function with FFA_RXTX_MAP argument ++ * ++ * This is the boot time function that implements FFA_FEATURES FF-A function ++ * to retrieve the FFA_RXTX_MAP features ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_get_rxtx_map_features(void) ++{ ++ ffa_value_t res = {0}; ++ int ffa_errno; ++ ++ ffa_priv_data->invoke_ffa_fn((ffa_value_t){ ++ .a0 = FFA_SMC_32(FFA_FEATURES), ++ .a1 = FFA_SMC_64(FFA_RXTX_MAP), ++ .a2 = 0, .a3 = 0, .a4 = 0, .a5 = 0, .a6 = 0, .a7 = 0, ++ }, &res); ++ ++ if (res.a0 == FFA_SMC_32(FFA_SUCCESS)) ++ return ffa_set_rxtx_buffers_pages_cnt((u32)res.a2); ++ ++ ffa_errno = (int)res.a2; ++ ffa_print_error_log(FFA_FEATURES, ffa_errno); ++ ++ return ffa_to_std_errno(ffa_errno); ++} ++ ++/** ++ * ffa_free_rxtx_buffers - frees the RX/TX buffers ++ * ++ * This is the boot time function used to free the RX/TX buffers ++ * ++ */ ++static void ffa_free_rxtx_buffers(void) ++{ ++ ffa_info("Freeing RX/TX buffers"); ++ ++ if (ffa_priv_data->pair.rxbuf) { ++ free((void *)ffa_priv_data->pair.rxbuf); ++ ffa_priv_data->pair.rxbuf = 0; ++ } ++ ++ if (ffa_priv_data->pair.txbuf) { ++ free((void *)ffa_priv_data->pair.txbuf); ++ ffa_priv_data->pair.txbuf = 0; ++ } ++} ++ ++/** ++ * ffa_alloc_rxtx_buffers - allocates the RX/TX buffers ++ * ++ * This is the boot time function used by ffa_map_rxtx_buffers to allocate ++ * the RX/TX buffers before mapping them. The allocated memory is physically ++ * contiguous since memalign ends up calling malloc which allocates ++ * contiguous memory in u-boot. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_alloc_rxtx_buffers(void) ++{ ++ u64 bytes; ++ ++ ffa_info("Using %lu 4KB page(s) for RX/TX buffers size", ++ ffa_priv_data->pair.rxtx_min_pages); ++ ++ bytes = ffa_priv_data->pair.rxtx_min_pages * SZ_4K; ++ ++ /* RX/TX buffers addresses should be PAGE_SIZE aligned */ ++ ++ ffa_priv_data->pair.rxbuf = (u64)memalign(PAGE_SIZE, bytes); ++ if (!ffa_priv_data->pair.rxbuf) { ++ ffa_err("failure to allocate RX buffer"); ++ return -ENOBUFS; ++ } ++ ++ ffa_info("RX buffer at virtual address 0x%llx", ffa_priv_data->pair.rxbuf); ++ ++ ffa_priv_data->pair.txbuf = (u64)memalign(PAGE_SIZE, bytes); ++ if (!ffa_priv_data->pair.txbuf) { ++ free((void *)ffa_priv_data->pair.rxbuf); ++ ffa_priv_data->pair.rxbuf = 0; ++ ffa_err("failure to allocate the TX buffer"); ++ return -ENOBUFS; ++ } ++ ++ ffa_info("TX buffer at virtual address 0x%llx", ffa_priv_data->pair.txbuf); ++ ++ /* ++ * make sure the buffers are cleared before use ++ */ ++ memset((void *)ffa_priv_data->pair.rxbuf, 0, bytes); ++ memset((void *)ffa_priv_data->pair.txbuf, 0, bytes); ++ ++ return 0; ++} ++ ++/** ++ * ffa_map_rxtx_buffers - FFA_RXTX_MAP handler function ++ * ++ * This is the boot time function that implements FFA_RXTX_MAP FF-A function ++ * to map the RX/TX buffers ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_map_rxtx_buffers(void) ++{ ++ int ret; ++ ffa_value_t res = {0}; ++ int ffa_errno; ++ ++ ret = ffa_alloc_rxtx_buffers(); ++ if (ret) ++ return ret; ++ ++ /* ++ * we need to pass the physical addresses of the RX/TX buffers ++ * in u-boot physical/virtual mapping is 1:1 ++ *no need to convert from virtual to physical ++ */ ++ ++ ffa_priv_data->invoke_ffa_fn((ffa_value_t){ ++ .a0 = FFA_SMC_64(FFA_RXTX_MAP), ++ .a1 = ffa_priv_data->pair.txbuf, ++ .a2 = ffa_priv_data->pair.rxbuf, ++ .a3 = ffa_priv_data->pair.rxtx_min_pages, ++ .a4 = 0, .a5 = 0, .a6 = 0, .a7 = 0, ++ }, &res); ++ ++ if (res.a0 == FFA_SMC_32(FFA_SUCCESS)) { ++ ffa_info("RX/TX buffers mapped"); ++ return 0; ++ } ++ ++ ffa_errno = (int)res.a2; ++ ffa_print_error_log(FFA_RXTX_MAP, ffa_errno); ++ ++ ffa_free_rxtx_buffers(); ++ ++ return ffa_to_std_errno(ffa_errno); ++} ++ ++/** ++ * ffa_unmap_rxtx_buffers - FFA_RXTX_UNMAP handler function ++ * ++ * This is the boot time function that implements FFA_RXTX_UNMAP FF-A function ++ * to unmap the RX/TX buffers ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_unmap_rxtx_buffers(void) ++{ ++ ffa_value_t res = {0}; ++ int ffa_errno; ++ ++ ffa_priv_data->invoke_ffa_fn((ffa_value_t){ ++ .a0 = FFA_SMC_32(FFA_RXTX_UNMAP), ++ .a1 = PREP_SELF_ENDPOINT_ID(ffa_priv_data->id), ++ .a2 = 0, .a3 = 0, .a4 = 0, .a5 = 0, .a6 = 0, .a7 = 0, ++ }, &res); ++ ++ if (res.a0 == FFA_SMC_32(FFA_SUCCESS)) { ++ ffa_free_rxtx_buffers(); ++ return 0; ++ } ++ ++ ffa_errno = (int)res.a2; ++ ffa_print_error_log(FFA_RXTX_UNMAP, ffa_errno); ++ ++ return ffa_to_std_errno(ffa_errno); ++} ++ ++/** ++ * ffa_release_rx_buffer - FFA_RX_RELEASE handler function ++ * ++ * This is the boot time function that invokes FFA_RX_RELEASE FF-A function ++ * to release the ownership of the RX buffer ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_release_rx_buffer(void) ++{ ++ ffa_value_t res = {0}; ++ int ffa_errno; ++ ++ ffa_priv_data->invoke_ffa_fn((ffa_value_t){ ++ .a0 = FFA_SMC_32(FFA_RX_RELEASE), ++ .a1 = 0, .a2 = 0, .a3 = 0, .a4 = 0, .a5 = 0, .a6 = 0, .a7 = 0, ++ }, &res); ++ ++ if (res.a0 == FFA_SMC_32(FFA_SUCCESS)) ++ return 0; ++ ++ ffa_errno = (int)res.a2; ++ ffa_print_error_log(FFA_RX_RELEASE, ffa_errno); ++ ++ return ffa_to_std_errno(ffa_errno); ++} ++ ++/** ++ * ffa_uuid_are_identical - checks whether two given UUIDs are identical ++ * @uuid1: first UUID ++ * @uuid2: second UUID ++ * ++ * This is a boot time function used by ffa_read_partitions_info to search ++ * for a UUID in the partitions descriptors table ++ * ++ * Return: ++ * ++ * 1 when UUIDs match. Otherwise, 0 ++ */ ++int ffa_uuid_are_identical(const struct ffa_partition_uuid *uuid1, ++ const struct ffa_partition_uuid *uuid2) ++{ ++ if (!uuid1 || !uuid2) ++ return 0; ++ ++ return (!memcmp(uuid1, uuid2, sizeof(struct ffa_partition_uuid))); ++} ++ ++/** ++ * ffa_read_partitions_info - reads the data queried by FFA_PARTITION_INFO_GET ++ * and saves it in the private structure ++ * @count: The number of partitions queried ++ * @part_uuid: Pointer to the partition(s) UUID ++ * ++ * This is the boot time function that reads the partitions information ++ * returned by the FFA_PARTITION_INFO_GET and saves it in the private ++ * data structure. ++ * ++ * Return: ++ * ++ * The private data structure is updated with the partition(s) information ++ * 0 is returned on success. Otherwise, failure ++ */ ++static int ffa_read_partitions_info(u32 count, struct ffa_partition_uuid *part_uuid) ++{ ++ if (!count) { ++ ffa_err("no partition detected"); ++ return -ENODATA; ++ } ++ ++ ffa_info("Reading partitions data from the RX buffer"); ++ ++ if (!part_uuid) { ++ /* ++ * querying information of all partitions ++ */ ++ u64 buf_bytes; ++ u64 data_bytes; ++ u32 desc_idx; ++ struct ffa_partition_info *parts_info; ++ ++ data_bytes = count * sizeof(struct ffa_partition_desc); ++ ++ buf_bytes = ffa_priv_data->pair.rxtx_min_pages * SZ_4K; ++ ++ if (data_bytes > buf_bytes) { ++ ffa_err("partitions data size exceeds the RX buffer size:"); ++ ffa_err(" sizes in bytes: data %llu , RX buffer %llu ", ++ data_bytes, ++ buf_bytes); ++ ++ return -ENOMEM; ++ } ++ ++ ffa_priv_data->partitions.descs = (struct ffa_partition_desc *) ++ devm_kmalloc(ffa_priv_data->dev, data_bytes, __GFP_ZERO); ++ if (!ffa_priv_data->partitions.descs) { ++ ffa_err("cannot allocate partitions data buffer"); ++ return -ENOMEM; ++ } ++ ++ parts_info = (struct ffa_partition_info *)ffa_priv_data->pair.rxbuf; ++ ++ for (desc_idx = 0 ; desc_idx < count ; desc_idx++) { ++ ffa_priv_data->partitions.descs[desc_idx].info = ++ parts_info[desc_idx]; ++ ++ ffa_info("Partition ID %x : info cached", ++ ffa_priv_data->partitions.descs[desc_idx].info.id); ++ } ++ ++ ffa_priv_data->partitions.count = count; ++ ++ ffa_info("%d partition(s) found and cached", count); ++ ++ } else { ++ u32 rx_desc_idx, cached_desc_idx; ++ struct ffa_partition_info *parts_info; ++ u8 desc_found; ++ ++ parts_info = (struct ffa_partition_info *)ffa_priv_data->pair.rxbuf; ++ ++ /* ++ * search for the SP IDs read from the RX buffer ++ * in the already cached SPs. ++ * Update the UUID when ID found. ++ */ ++ for (rx_desc_idx = 0; rx_desc_idx < count ; rx_desc_idx++) { ++ desc_found = 0; ++ ++ /* ++ * search the current ID in the cached partitions ++ */ ++ for (cached_desc_idx = 0; ++ cached_desc_idx < ffa_priv_data->partitions.count; ++ cached_desc_idx++) { ++ /* ++ * save the UUID ++ */ ++ if (ffa_priv_data->partitions.descs[cached_desc_idx].info.id == ++ parts_info[rx_desc_idx].id) { ++ ffa_priv_data->partitions.descs[cached_desc_idx].sp_uuid = ++ *part_uuid; ++ ++ desc_found = 1; ++ break; ++ } ++ } ++ ++ if (!desc_found) ++ return -ENODATA; ++ } ++ } ++ ++ return 0; ++} ++ ++/** ++ * ffa_query_partitions_info - invokes FFA_PARTITION_INFO_GET and saves partitions data ++ * ++ * @part_uuid: Pointer to the partition(s) UUID ++ * @pcount: Pointer to the number of partitions variable filled when querying ++ * ++ * This is the boot time function that executes the FFA_PARTITION_INFO_GET ++ * to query the partitions data. Then, it calls ffa_read_partitions_info ++ * to save the data in the private data structure. ++ * ++ * After reading the data the RX buffer is released using ffa_release_rx_buffer ++ * ++ * Return: ++ * ++ * When part_uuid is NULL, all partitions data are retrieved from secure world ++ * When part_uuid is non NULL, data for partitions matching the given UUID are ++ * retrieved and the number of partitions is returned ++ * 0 is returned on success. Otherwise, failure ++ */ ++static int ffa_query_partitions_info(struct ffa_partition_uuid *part_uuid, ++ u32 *pcount) ++{ ++ struct ffa_partition_uuid query_uuid = {0}; ++ ffa_value_t res = {0}; ++ int ffa_errno; ++ ++ /* ++ * If a UUID is specified. Information for one or more ++ * partitions in the system is queried. Otherwise, information ++ * for all installed partitions is queried ++ */ ++ ++ if (part_uuid) { ++ if (!pcount) ++ return -EINVAL; ++ ++ query_uuid = *part_uuid; ++ } else if (pcount) { ++ return -EINVAL; ++ } ++ ++ ffa_priv_data->invoke_ffa_fn((ffa_value_t){ ++ .a0 = FFA_SMC_32(FFA_PARTITION_INFO_GET), ++ .a1 = query_uuid.a1, ++ .a2 = query_uuid.a2, ++ .a3 = query_uuid.a3, ++ .a4 = query_uuid.a4, ++ .a5 = 0, ++ .a6 = 0, ++ .a7 = 0, ++ }, &res); ++ ++ if (res.a0 == FFA_SMC_32(FFA_SUCCESS)) { ++ int ret; ++ ++ /* ++ * res.a2 contains the count of partition information descriptors ++ * populated in the RX buffer ++ */ ++ if (res.a2) { ++ ret = ffa_read_partitions_info((u32)res.a2, part_uuid); ++ if (ret) { ++ ffa_err("failed to read partition(s) data , error (%d)", ret); ++ ffa_release_rx_buffer(); ++ return -EINVAL; ++ } ++ } ++ ++ /* ++ * return the SP count (when querying using a UUID) ++ */ ++ if (pcount) ++ *pcount = (u32)res.a2; ++ ++ /* ++ * After calling FFA_PARTITION_INFO_GET the buffer ownership ++ * is assigned to the consumer (u-boot). So, we need to give ++ * the ownership back to the SPM or hypervisor ++ */ ++ ret = ffa_release_rx_buffer(); ++ ++ return ret; ++ } ++ ++ ffa_errno = (int)res.a2; ++ ffa_print_error_log(FFA_PARTITION_INFO_GET, ffa_errno); ++ ++ return ffa_to_std_errno(ffa_errno); ++} ++ ++/** ++ * ffa_get_partitions_info - FFA_PARTITION_INFO_GET handler function ++ * ++ * The passed arguments: ++ * Mode 1: When getting from the driver the number of ++ * secure partitions: ++ * @uuid_str: pointer to the UUID string ++ * @parts_size: pointer to the variable that contains the number of partitions ++ * The variable will be set by the driver ++ * @buffer: NULL ++ * ++ * Mode 2: When requesting the driver to return the ++ * partitions information: ++ * @uuid_str: pointer to the UUID string ++ * @parts_size: pointer to the size of the SPs information buffer in bytes ++ * @buffer: pointer to SPs information buffer ++ * (allocated by the client). ++ * The buffer will be filled by the driver ++ * ++ * This is the boot time function that queries the secure partition data from ++ * the private data structure. If not found, it invokes FFA_PARTITION_INFO_GET ++ * FF-A function to query the partition information from secure world. ++ * ++ * A client of the FF-A driver should know the UUID of the service it wants to ++ * access. It should use the UUID to request the FF-A driver to provide the ++ * partition(s) information of the service. The FF-A driver uses ++ * PARTITION_INFO_GET to obtain this information. This is implemented through ++ * ffa_get_partitions_info function. ++ * A new FFA_PARTITION_INFO_GET call is issued (first one performed through ++ * ffa_cache_partitions_info) allowing to retrieve the partition(s) information. ++ * They are not saved (already done). We only update the UUID in the cached area. ++ * This assumes that partitions data does not change in the secure world. ++ * Otherwise u-boot will have an outdated partition data. The benefit of caching ++ * the information in the FF-A driver is to accommodate discovery after ++ * ExitBootServices(). ++ * ++ * When invoked through a client request, ffa_get_partitions_info should be ++ * called twice. First call is to get from the driver the number of secure ++ * partitions (SPs) associated to a particular UUID. ++ * Then, the caller (client) allocates the buffer to host the SPs data and ++ * issues a 2nd call. Then, the driver fills the SPs data in the pre-allocated ++ * buffer. ++ * ++ * To achieve the mechanism described above, ffa_get_partitions_info uses the ++ * following functions: ++ * ffa_read_partitions_info ++ * ffa_query_partitions_info ++ * ++ * Return: ++ * ++ * @parts_size: When pointing to the number of partitions variable, the number is ++ * set by the driver. ++ * When pointing to the partitions information buffer size, the buffer will be ++ * filled by the driver. ++ * ++ * On success 0 is returned. Otherwise, failure ++ */ ++static int ffa_get_partitions_info(const char *uuid_str, ++ u32 *parts_size, struct ffa_partition_info *buffer) ++{ ++ /* ++ * fill_data: ++ * 0: return the SP count ++ * 1: fill SP data and return it to the caller ++ * -1: undefined mode ++ */ ++ int fill_data = -1; ++ u32 desc_idx, client_desc_idx; ++ struct ffa_partition_uuid part_uuid = {0}; ++ u32 client_desc_max_cnt; ++ u32 parts_found = 0; ++ ++ if (!ffa_priv_data->partitions.count || !ffa_priv_data->partitions.descs) { ++ ffa_err("no partition installed"); ++ return -EINVAL; ++ } ++ ++ if (!uuid_str) { ++ ffa_err("no UUID provided"); ++ return -EINVAL; ++ } ++ ++ if (!parts_size) { ++ ffa_err("no size/count provided"); ++ return -EINVAL; ++ } ++ ++ if (be_uuid_str_to_le_bin(uuid_str, (unsigned char *)&part_uuid)) { ++ ffa_err("invalid UUID"); ++ return -EINVAL; ++ } ++ ++ if (!buffer) { ++ /* Mode 1: getting the number of secure partitions */ ++ ++ fill_data = 0; ++ ++ ffa_info("Preparing for checking partitions count"); ++ ++ } else if ((*parts_size >= sizeof(struct ffa_partition_info)) && ++ !(*parts_size % sizeof(struct ffa_partition_info))) { ++ /* Mode 2: retrieving the partitions information */ ++ ++ fill_data = 1; ++ ++ client_desc_idx = 0; ++ ++ /* ++ * number of empty descriptors preallocated by the caller ++ */ ++ client_desc_max_cnt = *parts_size / sizeof(struct ffa_partition_info); ++ ++ ffa_info("Preparing for filling partitions info"); ++ ++ } else { ++ ffa_err("invalid function arguments provided"); ++ return -EINVAL; ++ } ++ ++ ffa_info("Searching partitions using the provided UUID"); ++ ++ /* ++ * search in the cached partitions ++ */ ++ for (desc_idx = 0; ++ desc_idx < ffa_priv_data->partitions.count; ++ desc_idx++) { ++ if (ffa_uuid_are_identical(&ffa_priv_data->partitions.descs[desc_idx].sp_uuid, ++ &part_uuid)) { ++ ffa_info("Partition ID %x matches the provided UUID", ++ ffa_priv_data->partitions.descs[desc_idx].info.id); ++ ++ parts_found++; ++ ++ if (fill_data) { ++ /* ++ * trying to fill the partition info in the input buffer ++ */ ++ ++ if (client_desc_idx < client_desc_max_cnt) { ++ buffer[client_desc_idx++] = ++ ffa_priv_data->partitions.descs[desc_idx].info; ++ continue; ++ } ++ ++ ffa_err("failed to fill the current descriptor client buffer full"); ++ return -ENOBUFS; ++ } ++ } ++ } ++ ++ if (!parts_found) { ++ int ret; ++ ++ ffa_info("No partition found. Querying framework ..."); ++ ++ ret = ffa_query_partitions_info(&part_uuid, &parts_found); ++ ++ if (ret == 0) { ++ if (!fill_data) { ++ *parts_size = parts_found; ++ ++ ffa_info("Number of partition(s) found matching the UUID: %d", ++ parts_found); ++ } else { ++ /* ++ * If SPs data detected, they are already in the private data ++ * structure, retry searching SP data again to return them ++ * to the caller ++ */ ++ if (parts_found) ++ ret = ffa_get_partitions_info(uuid_str, parts_size, buffer); ++ else ++ ret = -ENODATA; ++ } ++ } ++ ++ return ret; ++ } ++ ++ /* partition(s) found */ ++ if (!fill_data) ++ *parts_size = parts_found; ++ ++ return 0; ++} ++ ++/** ++ * ffa_cache_partitions_info - Queries and saves all secure partitions data ++ * ++ * This is a boot time function that invokes FFA_PARTITION_INFO_GET FF-A ++ * function to query from secure world all partitions information. ++ * ++ * The FFA_PARTITION_INFO_GET call is issued with nil UUID as an argument. ++ * All installed partitions information are returned. We cache them in the ++ * resident private data structure and we keep the UUID field empty ++ * (in FF-A 1.0 UUID is not provided by the partition descriptor) ++ * ++ * This function is called at the device probing level. ++ * ffa_cache_partitions_info uses ffa_query_partitions_info to get the data ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_cache_partitions_info(void) ++{ ++ return ffa_query_partitions_info(NULL, NULL); ++} ++ ++/** ++ * ffa_msg_send_direct_req - FFA_MSG_SEND_DIRECT_{REQ,RESP} handler function ++ * @dst_part_id: destination partition ID ++ * @msg: pointer to the message data preallocated by the client (in/out) ++ * ++ * This is the runtime function that implements FFA_MSG_SEND_DIRECT_{REQ,RESP} ++ * FF-A functions. ++ * ++ * FFA_MSG_SEND_DIRECT_REQ is used to send the data to the secure partition. ++ * The response from the secure partition is handled by reading the ++ * FFA_MSG_SEND_DIRECT_RESP arguments. ++ * ++ * The maximum size of the data that can be exchanged is 40 bytes which is ++ * sizeof(struct ffa_send_direct_data) as defined by the FF-A specification 1.0 ++ * in the section relevant to FFA_MSG_SEND_DIRECT_{REQ,RESP} ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int __ffa_runtime ffa_msg_send_direct_req(u16 dst_part_id, struct ffa_send_direct_data *msg) ++{ ++ ffa_value_t res = {0}; ++ int ffa_errno; ++ ++ if (!ffa_priv_data || !ffa_priv_data->invoke_ffa_fn) ++ return -EINVAL; ++ ++ /* No partition installed */ ++ if (!ffa_priv_data->partitions.count || !ffa_priv_data->partitions.descs) ++ return -ENODEV; ++ ++ ffa_priv_data->invoke_ffa_fn((ffa_value_t){ ++ .a0 = FFA_SMC_64(FFA_MSG_SEND_DIRECT_REQ), ++ .a1 = PREP_SELF_ENDPOINT_ID(ffa_priv_data->id) | ++ PREP_PART_ENDPOINT_ID(dst_part_id), ++ .a2 = 0, ++ .a3 = msg->data0, ++ .a4 = msg->data1, ++ .a5 = msg->data2, ++ .a6 = msg->data3, ++ .a7 = msg->data4, ++ }, &res); ++ ++ while (res.a0 == FFA_SMC_32(FFA_INTERRUPT)) ++ ffa_priv_data->invoke_ffa_fn((ffa_value_t){ ++ .a0 = FFA_SMC_32(FFA_RUN), ++ .a1 = res.a1, .a2 = 0, .a3 = 0, .a4 = 0, .a5 = 0, .a6 = 0, .a7 = 0, ++ }, &res); ++ ++ if (res.a0 == FFA_SMC_32(FFA_SUCCESS)) { ++ /* Message sent with no response */ ++ return 0; ++ } ++ ++ if (res.a0 == FFA_SMC_64(FFA_MSG_SEND_DIRECT_RESP)) { ++ /* ++ * Message sent with response ++ * extract the return data ++ */ ++ msg->data0 = res.a3; ++ msg->data1 = res.a4; ++ msg->data2 = res.a5; ++ msg->data3 = res.a6; ++ msg->data4 = res.a7; ++ ++ return 0; ++ } ++ ++ ffa_errno = (int)res.a2; ++ return ffa_to_std_errno(ffa_errno); ++} ++ ++/** ++ * __arm_ffa_fn_smc - SMC wrapper ++ * @args: FF-A ABI arguments to be copied to Xn registers ++ * @res: FF-A ABI return data to be copied from Xn registers ++ * ++ * Calls low level SMC assembly function ++ * ++ * Return: void ++ */ ++void __ffa_runtime __arm_ffa_fn_smc(ffa_value_t args, ffa_value_t *res) ++{ ++ arm_smccc_1_2_smc(&args, res); ++} ++ ++/** ++ * ffa_set_smc_conduit - Set the SMC conduit ++ * ++ * This boot time function selects the SMC conduit by setting the driver invoke function ++ * to SMC assembly function ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_set_smc_conduit(void) ++{ ++ ffa_priv_data->invoke_ffa_fn = __arm_ffa_fn_smc; ++ ++ if (!ffa_priv_data->invoke_ffa_fn) { ++ ffa_err("failure to set the invoke function"); ++ return -EINVAL; ++ } ++ ++ ffa_info("Conduit is SMC"); ++ ++ return 0; ++} ++ ++/** ++ * ffa_set_bus_ops - Set the bus driver operations ++ * ++ * Setting the driver callbacks. ++ * ++ */ ++static void ffa_set_bus_ops(void) ++{ ++ ffa_priv_data->ffa_ops.partition_info_get = ffa_get_partitions_info; ++ ffa_priv_data->ffa_ops.sync_send_receive = ffa_msg_send_direct_req; ++ ffa_priv_data->ffa_ops.rxtx_unmap = ffa_unmap_rxtx_buffers; ++} ++ ++/** ++ * ffa_alloc_prvdata - allocate the driver main data structure and sets the device ++ * @dev: the arm_ffa device ++ * ++ * This boot time function creates the main data structure embedding all the driver data. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_alloc_prvdata(struct udevice *dev) ++{ ++ if (!dev) { ++ ffa_err("no udevice found"); ++ return -ENODEV; ++ } ++ ++ /* The device is registered with the DM. Let's create the driver main data structure*/ ++ ++ ffa_priv_data = devm_kmalloc(dev, sizeof(struct ffa_prvdata), __GFP_ZERO); ++ if (!ffa_priv_data) { ++ ffa_err("can not allocate the driver main data structure"); ++ return -ENOMEM; ++ } ++ ++ ffa_priv_data->dev = dev; ++ ++ return 0; ++} ++ ++/** ++ * ffa_probe - The driver probe function ++ * @dev: the arm_ffa device ++ * ++ * Probing is done at boot time and triggered by the uclass device discovery. ++ * At probe level the following actions are done: ++ * - setting the conduit ++ * - querying the FF-A framework version ++ * - querying from secure world the u-boot endpoint ID ++ * - querying from secure world the supported features of FFA_RXTX_MAP ++ * - mapping the RX/TX buffers ++ * - querying from secure world all the partitions information ++ * ++ * All data queried from secure world is saved in the resident private data structure. ++ * ++ * The probe will fail if either FF-A framework is not detected or the ++ * FF-A requests are not behaving correctly. This ensures that the ++ * driver is not installed and its operations are not exported to the clients. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_probe(struct udevice *dev) ++{ ++ int ret; ++ ++ ret = ffa_alloc_prvdata(dev); ++ if (ret != 0) ++ return ret; ++ ++ ffa_set_bus_ops(); ++ ++ ret = ffa_set_smc_conduit(); ++ if (ret != 0) ++ return ret; ++ ++ ret = ffa_get_version(); ++ if (ret != 0) ++ return ret; ++ ++ ret = ffa_get_endpoint_id(); ++ if (ret != 0) ++ return ret; ++ ++ ret = ffa_get_rxtx_map_features(); ++ if (ret != 0) ++ return ret; ++ ++ ret = ffa_map_rxtx_buffers(); ++ if (ret != 0) ++ return ret; ++ ++ ret = ffa_cache_partitions_info(); ++ if (ret != 0) { ++ ffa_free_rxtx_buffers(); ++ return ret; ++ } ++ ++ return 0; ++} ++ ++/** ++ * ffa_remove - The driver remove function ++ * @dev: the arm_ffa device ++ * When the device is about to be removed , unmap the RX/TX buffers and free the memory ++ * Return: ++ * ++ * 0 on success. ++ */ ++static int ffa_remove(struct udevice *dev) ++{ ++ ffa_info("removing the device"); ++ ++ ffa_unmap_rxtx_buffers(); ++ ++ if (ffa_priv_data->pair.rxbuf || ffa_priv_data->pair.txbuf) ++ ffa_free_rxtx_buffers(); ++ ++ return 0; ++} ++ ++/** ++ * ffa_unbind - The driver unbind function ++ * @dev: the arm_ffa device ++ * After the device is removed and memory freed the device is unbound ++ * Return: ++ * ++ * 0 on success. ++ */ ++static int ffa_unbind(struct udevice *dev) ++{ ++ ffa_info("unbinding the device , private data already released"); ++ ++ ffa_priv_data = NULL; ++ ++ return 0; ++} ++ ++/** ++ * ffa_bus_ops_get - bus driver operations getter ++ * ++ * Return: ++ * This runtime function returns a pointer to the driver operations structure ++ */ ++const struct ffa_bus_ops * __ffa_runtime ffa_bus_ops_get(void) ++{ ++ return &ffa_priv_data->ffa_ops; ++} ++ ++/** ++ * ffa_bus_prvdata_get - bus driver private data getter ++ * ++ * Return: ++ * This boot time function returns a pointer to the main private data structure ++ */ ++struct ffa_prvdata **ffa_bus_prvdata_get(void) ++{ ++ return &ffa_priv_data; ++} ++ ++/** ++ * ffa_bus_discover - discover FF-A bus and probe the arm_ffa device ++ * ++ * This boot time function makes sure the FF-A bus is discoverable. ++ * Then, the arm_ffa device is probed and ready to use. ++ * This function is called automatically at initcalls ++ * level (after u-boot relocation). ++ * ++ * When the bus was already discovered successfully the discovery will not run again. ++ * ++ * Arm FF-A transport is implemented through arm_ffa u-boot device managing the FF-A ++ * communication. ++ * All FF-A clients should use the arm_ffa device to use the FF-A transport. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++int ffa_bus_discover(void) ++{ ++ int ret = 0; ++ ++ if (!ffa_priv_data) ++ ret = ffa_device_get(); ++ ++ return ret; ++} ++ ++/** ++ * Declaring the arm_ffa driver under UCLASS_FFA ++ */ ++ ++U_BOOT_DRIVER(arm_ffa) = { ++ .name = FFA_DRV_NAME, ++ .id = UCLASS_FFA, ++ .probe = ffa_probe, ++ .remove = ffa_remove, ++ .unbind = ffa_unbind, ++}; +diff --git a/drivers/firmware/arm-ffa/efi_ffa_runtime_data_mgr.c b/drivers/firmware/arm-ffa/efi_ffa_runtime_data_mgr.c +new file mode 100644 +index 0000000000..c76cf2147b +--- /dev/null ++++ b/drivers/firmware/arm-ffa/efi_ffa_runtime_data_mgr.c +@@ -0,0 +1,94 @@ ++// SPDX-License-Identifier: GPL-2.0+ ++/* ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi ++ */ ++ ++#include "arm_ffa_prv.h" ++ ++/** ++ * ffa_copy_runtime_data - copy the private data structure to the runtime area ++ * ++ * This boot time function copies the arm_ffa driver data structures including ++ * partitions data to the EFI runtime data section. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++efi_status_t ffa_copy_runtime_data(void) ++{ ++ efi_status_t efi_ret; ++ efi_uintn_t prvdata_pages; ++ efi_uintn_t descs_pages; ++ struct ffa_prvdata **prvdata = NULL; /* Pointer to the current structure */ ++ struct ffa_prvdata *runtime_prvdata = NULL; /* Pointer to the structure runtime copy */ ++ u64 runtime_descs = 0; ++ ++ prvdata = ffa_bus_prvdata_get(); ++ ++ printf("INFO: EFI: FFA: prv data area at 0x%llx\n", (u64)prvdata); ++ ++ /* allocate private data runtime area */ ++ ++ prvdata_pages = efi_size_in_pages(sizeof(struct ffa_prvdata)); ++ efi_ret = efi_allocate_pages(EFI_ALLOCATE_ANY_PAGES, ++ EFI_RUNTIME_SERVICES_DATA, ++ prvdata_pages, ++ (u64 *)&runtime_prvdata); ++ ++ if (efi_ret != EFI_SUCCESS) { ++ printf("ERROR: EFI: FFA: allocating runtime data (err: 0x%lx, addr 0x%llx)\n", ++ efi_ret, (u64)runtime_prvdata); ++ ++ return efi_ret; ++ } ++ ++ printf("INFO: EFI: FFA: runtime data area at 0x%llx\n", (u64)runtime_prvdata); ++ ++ if (!runtime_prvdata) ++ return EFI_INVALID_PARAMETER; ++ ++ /* allocate the partition data runtime area */ ++ ++ descs_pages = efi_size_in_pages((*prvdata)->partitions.count * ++ sizeof(struct ffa_partition_desc)); ++ efi_ret = efi_allocate_pages(EFI_ALLOCATE_ANY_PAGES, ++ EFI_RUNTIME_SERVICES_DATA, ++ descs_pages, ++ &runtime_descs); ++ ++ if (efi_ret != EFI_SUCCESS) { ++ printf("ERROR: EFI: FFA: allocating runtime SPs data (err: 0x%lx, addr 0x%llx)\n", ++ efi_ret, runtime_descs); ++ ++ efi_free_pages((u64)runtime_prvdata, prvdata_pages); ++ ++ return efi_ret; ++ } ++ ++ printf("INFO: EFI: FFA: SPs runtime area at 0x%llx\n", (u64)runtime_descs); ++ ++ if (!runtime_descs) ++ return EFI_INVALID_PARAMETER; ++ ++ *runtime_prvdata = **prvdata; ++ ++ runtime_prvdata->dev = NULL; ++ runtime_prvdata->ffa_ops.partition_info_get = NULL; ++ runtime_prvdata->ffa_ops.rxtx_unmap = NULL; ++ runtime_prvdata->partitions.descs = (struct ffa_partition_desc *)runtime_descs; ++ runtime_prvdata->pair.rxbuf = 0; ++ runtime_prvdata->pair.txbuf = 0; ++ ++ /* ++ * Update the private data structure pointer in the driver ++ * no need to free the old structure. devm takes care of that ++ */ ++ *prvdata = runtime_prvdata; ++ ++ printf("INFO: EFI: FFA: runtime prv data now at 0x%llx , SPs count %d\n", ++ (u64)*prvdata, (*prvdata)->partitions.count); ++ ++ return 0; ++} +diff --git a/include/arm_ffa.h b/include/arm_ffa.h +new file mode 100644 +index 0000000000..f17b100497 +--- /dev/null ++++ b/include/arm_ffa.h +@@ -0,0 +1,127 @@ ++/* SPDX-License-Identifier: GPL-2.0+ */ ++/* ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi ++ */ ++ ++#ifndef __ARM_FFA_H ++#define __ARM_FFA_H ++ ++#include ++ ++/* ++ * This header is public. It can be used by clients to access ++ * data structures and definitions they need ++ */ ++ ++/* ++ * Macros for displaying logs ++ */ ++ ++#define ffa_info(fmt, ...) pr_info("[FFA] " fmt "\n", ##__VA_ARGS__) ++#define ffa_err(fmt, ...) pr_err("[FFA] " fmt "\n", ##__VA_ARGS__) ++ ++/* ++ * struct ffa_partition_info - Partition information descriptor ++ * @id: Partition ID ++ * @exec_ctxt: Execution context count ++ * @properties: Partition properties ++ * ++ * Data structure containing information about partitions instantiated in the system ++ * This structure is filled with the data queried by FFA_PARTITION_INFO_GET ++ */ ++struct __packed ffa_partition_info { ++ u16 id; ++ u16 exec_ctxt; ++/* partition supports receipt of direct requests */ ++#define FFA_PARTITION_DIRECT_RECV BIT(0) ++/* partition can send direct requests. */ ++#define FFA_PARTITION_DIRECT_SEND BIT(1) ++/* partition can send and receive indirect messages. */ ++#define FFA_PARTITION_INDIRECT_MSG BIT(2) ++ u32 properties; ++}; ++ ++/* ++ * struct ffa_send_direct_data - Data structure hosting the data ++ * used by FFA_MSG_SEND_DIRECT_{REQ,RESP} ++ * @data0-4: Data read/written from/to x3-x7 registers ++ * ++ * Data structure containing the data to be sent by FFA_MSG_SEND_DIRECT_REQ ++ * or read from FFA_MSG_SEND_DIRECT_RESP ++ */ ++ ++/* For use with FFA_MSG_SEND_DIRECT_{REQ,RESP} which pass data via registers */ ++struct __packed ffa_send_direct_data { ++ unsigned long data0; /* w3/x3 */ ++ unsigned long data1; /* w4/x4 */ ++ unsigned long data2; /* w5/x5 */ ++ unsigned long data3; /* w6/x6 */ ++ unsigned long data4; /* w7/x7 */ ++}; ++ ++#if CONFIG_IS_ENABLED(ARM_FFA_EFI_RUNTIME_MODE) ++ ++#include ++ ++/* ++ * __ffa_runtime - controls whether functions are ++ * available after calling the EFI ExitBootServices service. ++ * Functions tagged with these keywords are resident (available at boot time and ++ * at runtime) ++ */ ++ ++#define __ffa_runtime_data __efi_runtime_data ++#define __ffa_runtime __efi_runtime ++ ++#else ++ ++/* ++ * The FF-A driver is independent from EFI ++ */ ++ ++#define __ffa_runtime_data ++#define __ffa_runtime ++ ++#endif ++ ++/** ++ * struct ffa_bus_ops - The driver operations structure ++ * @partition_info_get: callback for the FFA_PARTITION_INFO_GET ++ * @sync_send_receive: callback for the FFA_MSG_SEND_DIRECT_REQ ++ * @rxtx_unmap: callback for the FFA_RXTX_UNMAP ++ * ++ * The data structure providing all the operations supported by the driver. ++ * This structure is EFI runtime resident. ++ */ ++struct ffa_bus_ops { ++ int (*partition_info_get)(const char *uuid_str, ++ u32 *parts_size, struct ffa_partition_info *buffer); ++ int (*sync_send_receive)(u16 dst_part_id, struct ffa_send_direct_data *msg); ++ int (*rxtx_unmap)(void); ++}; ++ ++/** ++ * The device driver and the Uclass driver public functions ++ */ ++ ++/** ++ * ffa_bus_ops_get - driver operations getter ++ */ ++const struct ffa_bus_ops * __ffa_runtime ffa_bus_ops_get(void); ++ ++/** ++ * ffa_bus_discover - discover FF-A bus and probes the arm_ffa device ++ */ ++int ffa_bus_discover(void); ++ ++#if CONFIG_IS_ENABLED(ARM_FFA_EFI_RUNTIME_MODE) ++ ++/** ++ * ffa_copy_runtime_data - copy the private data structure and the SPs data to the runtime area ++ */ ++efi_status_t ffa_copy_runtime_data(void); ++ ++#endif ++ ++#endif +diff --git a/include/dm/uclass-id.h b/include/dm/uclass-id.h +index 3ba69ad9a0..7324418245 100644 +--- a/include/dm/uclass-id.h ++++ b/include/dm/uclass-id.h +@@ -55,6 +55,7 @@ enum uclass_id { + UCLASS_EFI_MEDIA, /* Devices provided by UEFI firmware */ + UCLASS_ETH, /* Ethernet device */ + UCLASS_ETH_PHY, /* Ethernet PHY device */ ++ UCLASS_FFA, /* Arm Firmware Framework for Armv8-A */ + UCLASS_FIRMWARE, /* Firmware */ + UCLASS_FS_FIRMWARE_LOADER, /* Generic loader */ + UCLASS_GPIO, /* Bank of general-purpose I/O pins */ +diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c +index 4da64b5d29..0ec002ac8b 100644 +--- a/lib/efi_loader/efi_boottime.c ++++ b/lib/efi_loader/efi_boottime.c +@@ -23,6 +23,10 @@ + #include + #include + ++#if CONFIG_IS_ENABLED(ARM_FFA_TRANSPORT) ++#include ++#endif ++ + DECLARE_GLOBAL_DATA_PTR; + + /* Task priority level */ +@@ -2173,6 +2177,14 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, + dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL); + } + ++#if CONFIG_IS_ENABLED(ARM_FFA_TRANSPORT) ++ /* unmap FF-A RX/TX buffers */ ++ if (ffa_bus_ops_get()->rxtx_unmap()) ++ debug("[efi_boottime][ERROR]: can not unmap FF-A RX/TX buffers\n"); ++ else ++ debug("[efi_boottime][INFO]: FF-A RX/TX buffers unmapped\n"); ++#endif ++ + /* Patch out unsupported runtime function */ + efi_runtime_detach(); + +-- +2.17.1 + diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-arm_ffa-introducing-test-module-for-UCLASS_FFA.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-arm_ffa-introducing-test-module-for-UCLASS_FFA.patch deleted file mode 100644 index ae4bb02f..00000000 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-arm_ffa-introducing-test-module-for-UCLASS_FFA.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 6f998a5e94e2562b5876b88864876c8b03b88f5a Mon Sep 17 00:00:00 2001 -From: Abdellatif El Khlifi -Date: Tue, 16 Nov 2021 12:38:48 +0000 -Subject: [PATCH 09/24] arm_ffa: introducing test module for UCLASS_FFA - -This is the test module for the UCLASS_FFA class. - -Signed-off-by: Abdellatif El Khlifi -Signed-off-by: Rui Miguel Silva ---- - MAINTAINERS | 1 + - test/dm/Makefile | 1 + - test/dm/ffa.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++ - test/dm/ffa.h | 19 ++++++++++++++++ - 4 files changed, 77 insertions(+) - create mode 100644 test/dm/ffa.c - create mode 100644 test/dm/ffa.h - -diff --git a/MAINTAINERS b/MAINTAINERS -index 32fc267fcf13..8209dc9319f1 100644 ---- a/MAINTAINERS -+++ b/MAINTAINERS -@@ -252,6 +252,7 @@ F: drivers/arm-ffa/ - F: include/arm_ffa.h - F: include/arm_ffa_helper.h - F: lib/arm-ffa/ -+F: test/dm/ffa.c - - ARM FREESCALE IMX - M: Stefano Babic -diff --git a/test/dm/Makefile b/test/dm/Makefile -index f0a7c97e3d17..09a3403d2f53 100644 ---- a/test/dm/Makefile -+++ b/test/dm/Makefile -@@ -79,6 +79,7 @@ obj-$(CONFIG_POWER_DOMAIN) += power-domain.o - obj-$(CONFIG_ACPI_PMC) += pmc.o - obj-$(CONFIG_DM_PMIC) += pmic.o - obj-$(CONFIG_DM_PWM) += pwm.o -+obj-$(CONFIG_ARM_FFA_TRANSPORT) += ffa.o - obj-$(CONFIG_QFW) += qfw.o - obj-$(CONFIG_RAM) += ram.o - obj-y += regmap.o -diff --git a/test/dm/ffa.c b/test/dm/ffa.c -new file mode 100644 -index 000000000000..b937cea57b80 ---- /dev/null -+++ b/test/dm/ffa.c -@@ -0,0 +1,56 @@ -+// SPDX-License-Identifier: GPL-2.0+ -+/* -+ * Test for UCLASS_FFA class -+ * -+ * (C) Copyright 2021 ARM Limited -+ * Abdellatif El Khlifi -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include "ffa.h" -+ -+/* Basic test of 'armffa' command */ -+static int dm_test_armffa_cmd(struct unit_test_state *uts) -+{ -+ ut_assertok(ffa_helper_init_device()); -+ -+ ut_assertok(console_record_reset_enable()); -+ -+ /* armffa getpart */ -+ ut_assertok(run_command("armffa getpart " SE_PROXY_PARTITION_UUID, 0)); -+ ut_assert_console_end(); -+ -+ /* armffa ping */ -+ ut_assertok(run_command("armffa ping " SE_PROXY_PARTITION_ID, 0)); -+ ut_assert_console_end(); -+ -+ /* armffa devlist */ -+ ut_assertok(run_command("armffa devlist", 0)); -+ ut_assert_console_end(); -+ -+ return 0; -+} -+ -+DM_TEST(dm_test_armffa_cmd, UT_TESTF_SCAN_PDATA | UT_TESTF_SCAN_FDT | UT_TESTF_CONSOLE_REC); -+ -+static int test_ffa_msg_send_direct_req(void) -+{ -+ char *const argv[1] = {SE_PROXY_PARTITION_ID}; /* Corstone1000 SE Proxy ID */ -+ -+ return do_ffa_msg_send_direct_req(NULL, 0, 1, argv); -+} -+ -+/* Basic test of the FFA uclass */ -+static int dm_test_ffa_uclass(struct unit_test_state *uts) -+{ -+ ut_assertok(ffa_init_device()); -+ ut_assertok(test_ffa_msg_send_direct_req()); -+ return 0; -+} -+ -+DM_TEST(dm_test_ffa_uclass, UT_TESTF_SCAN_PDATA | UT_TESTF_SCAN_FDT); -diff --git a/test/dm/ffa.h b/test/dm/ffa.h -new file mode 100644 -index 000000000000..a0802bd6928a ---- /dev/null -+++ b/test/dm/ffa.h -@@ -0,0 +1,19 @@ -+/* SPDX-License-Identifier: GPL-2.0+ */ -+/* -+ * (C) Copyright 2021 ARM Limited -+ * Abdellatif El Khlifi -+ */ -+ -+#ifndef __TEST_DM_FFA_H -+#define __TEST_DM_FFA_H -+ -+#define SE_PROXY_PARTITION_ID "0x8002" -+#define SE_PROXY_PARTITION_UUID "46bb39d1-b4d9-45b5-88ff-040027dab249" -+ -+/** -+ * do_ffa_msg_send_direct_req - implementation of the ping subcommand -+ */ -+int do_ffa_msg_send_direct_req(struct cmd_tbl *cmdtp, int flag, int argc, -+ char *const argv[]); -+ -+#endif /*__TEST_DM_FFA_H */ --- -2.37.1 - diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-arm_ffa-introducing-armffa-command.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0010-arm_ffa-introduce-armffa-command.patch similarity index 72% rename from meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-arm_ffa-introducing-armffa-command.patch rename to meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0010-arm_ffa-introduce-armffa-command.patch index 582bc3e5..f52f88dd 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-arm_ffa-introducing-armffa-command.patch +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0010-arm_ffa-introduce-armffa-command.patch @@ -1,26 +1,48 @@ -From 58358f79d9f8abbdc8bcfc7d08bd0c7c4c90ec84 Mon Sep 17 00:00:00 2001 +From a09ed2542f4d991fef61bd51f87d373f44ad1ff3 Mon Sep 17 00:00:00 2001 From: Abdellatif El Khlifi -Date: Tue, 16 Nov 2021 12:36:27 +0000 -Subject: [PATCH 07/24] arm_ffa: introducing armffa command +Date: Mon, 6 Jun 2022 12:46:38 +0100 +Subject: [PATCH 10/26] arm_ffa: introduce armffa command -A new armffa command is provided as an example of how to use -the FF-A helper functions to communicate with secure world. +Provide armffa command showcasing the use of the FF-A driver The armffa command allows to query secure partitions data from the secure world and exchanging messages with the partitions. Signed-off-by: Abdellatif El Khlifi -Signed-off-by: Rui Miguel Silva +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/] --- - MAINTAINERS | 1 + - cmd/Kconfig | 10 ++ - cmd/Makefile | 2 + - cmd/armffa.c | 266 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 4 files changed, 279 insertions(+) + +Changelog: +=============== + +v4: + +* remove pattern data in do_ffa_msg_send_direct_req + +v3: + +* use the new driver interfaces (partition_info_get, sync_send_receive) + in armffa command + +v2: + +* replace use of ffa_helper_init_device function by + ffa_helper_bus_discover + +v1: + +* introduce armffa command + + MAINTAINERS | 1 + + cmd/Kconfig | 10 ++ + cmd/Makefile | 2 + + cmd/armffa.c | 242 +++++++++++++++++++++++++++++++ + drivers/firmware/arm-ffa/Kconfig | 1 + + 5 files changed, 256 insertions(+) create mode 100644 cmd/armffa.c diff --git a/MAINTAINERS b/MAINTAINERS -index d29d7e040764..32fc267fcf13 100644 +index e760b4ca3a..9f0a1b7387 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -247,6 +247,7 @@ F: include/configs/turris_*.h @@ -28,11 +50,11 @@ index d29d7e040764..32fc267fcf13 100644 M: Abdellatif El Khlifi S: Maintained +F: cmd/armffa.c - F: drivers/arm-ffa/ + F: doc/README.ffa.drv + F: drivers/firmware/arm-ffa/ F: include/arm_ffa.h - F: include/arm_ffa_helper.h diff --git a/cmd/Kconfig b/cmd/Kconfig -index ba2f321ae989..090e668125d5 100644 +index ba2f321ae9..090e668125 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -873,6 +873,16 @@ endmenu @@ -53,7 +75,7 @@ index ba2f321ae989..090e668125d5 100644 #depends on FLASH_CFI_DRIVER bool "armflash" diff --git a/cmd/Makefile b/cmd/Makefile -index 5e43a1e022e8..e40f52f1e416 100644 +index 5e43a1e022..e40f52f1e4 100644 --- a/cmd/Makefile +++ b/cmd/Makefile @@ -12,6 +12,8 @@ obj-y += panic.o @@ -67,17 +89,17 @@ index 5e43a1e022e8..e40f52f1e416 100644 obj-$(CONFIG_CMD_AES) += aes.o diff --git a/cmd/armffa.c b/cmd/armffa.c new file mode 100644 -index 000000000000..71a6ebb656d1 +index 0000000000..9b56e8a830 --- /dev/null +++ b/cmd/armffa.c -@@ -0,0 +1,266 @@ +@@ -0,0 +1,242 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* -+ * (C) Copyright 2021 ARM Limited ++ * (C) Copyright 2022 ARM Limited + * Abdellatif El Khlifi + */ + -+#include ++#include +#include +#include +#include @@ -93,7 +115,7 @@ index 000000000000..71a6ebb656d1 + * @argv: arguments + * + * This function queries the secure partition information which the UUID is provided -+ * as an argument. The function uses the arm_ffa driver helper function ++ * as an argument. The function uses the arm_ffa driver partition_info_get operation + * to retrieve the data. + * The input UUID string is expected to be in big endian format. + * @@ -104,31 +126,17 @@ index 000000000000..71a6ebb656d1 +static int do_ffa_get_singular_partition_info(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ -+ struct ffa_interface_data func_data = {0}; -+ u32 count = 0; ++ u32 count = 0, size = 0; + int ret; -+ union ffa_partition_uuid service_uuid = {0}; + struct ffa_partition_info *parts_info; + u32 info_idx; + + if (argc != 1) + return -EINVAL; + -+ if (ffa_uuid_str_to_bin(argv[0], (unsigned char *)&service_uuid)) { -+ ffa_err("Invalid UUID"); -+ return -EINVAL; -+ } -+ -+ /* -+ * get from the driver the count of the SPs matching the UUID -+ */ -+ func_data.data0_size = sizeof(service_uuid); -+ func_data.data0 = &service_uuid; -+ func_data.data1_size = sizeof(count); -+ func_data.data1 = &count; -+ -+ ret = ffa_helper_get_partitions_info(&func_data); -+ if (ret != FFA_ERR_STAT_SUCCESS) { ++ /* Mode 1: getting the number of secure partitions */ ++ ret = ffa_bus_ops_get()->partition_info_get(argv[0], &count, NULL); ++ if (ret != 0) { + ffa_err("Failure in querying partitions count (error code: %d)", ret); + return ret; + } @@ -140,23 +148,23 @@ index 000000000000..71a6ebb656d1 + + /* + * pre-allocate a buffer to be filled by the driver -+ * with ffa_partition_info structs ++ * with ffa_partition_info structs + */ + ++ ffa_info("Pre-allocating %d partition(s) info structures", count); ++ + parts_info = calloc(count, sizeof(struct ffa_partition_info)); + if (!parts_info) + return -EINVAL; + -+ ffa_info("Pre-allocating %d partition(s) info structures", count); -+ -+ func_data.data1_size = count * sizeof(struct ffa_partition_info); -+ func_data.data1 = parts_info; ++ size = count * sizeof(struct ffa_partition_info); + + /* + * ask the driver to fill the buffer with the SPs info + */ -+ ret = ffa_helper_get_partitions_info(&func_data); -+ if (ret != FFA_ERR_STAT_SUCCESS) { ++ ++ ret = ffa_bus_ops_get()->partition_info_get(argv[0], &size, parts_info); ++ if (ret != 0) { + ffa_err("Failure in querying partition(s) info (error code: %d)", ret); + free(parts_info); + return ret; @@ -185,7 +193,7 @@ index 000000000000..71a6ebb656d1 + * @argv: arguments + * + * This function sends data to the secure partition which the ID is provided -+ * as an argument. The function uses the arm_ffa driver helper function ++ * as an argument. The function uses the arm_ffa driver sync_send_receive operation + * to send data. + * + * Return: @@ -195,9 +203,13 @@ index 000000000000..71a6ebb656d1 +int do_ffa_msg_send_direct_req(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ -+ struct ffa_interface_data func_data = {0}; -+ struct ffa_send_direct_data msg = {0}; -+ u32 pattern = 0xaabbccd0; ++ struct ffa_send_direct_data msg = { ++ .data0 = 0xaaaaaaaa, ++ .data1 = 0xbbbbbbbb, ++ .data2 = 0xcccccccc, ++ .data3 = 0xdddddddd, ++ .data4 = 0xeeeeeeee, ++ }; + u16 part_id; + int ret; + @@ -212,32 +224,15 @@ index 000000000000..71a6ebb656d1 + return -EINVAL; + } + -+ /* -+ * telling the driver which partition to use -+ */ -+ func_data.data0_size = sizeof(part_id); -+ func_data.data0 = &part_id; -+ -+ /* -+ * filling the message data -+ */ -+ msg.a3 = ++pattern; -+ msg.a4 = ++pattern; -+ msg.a5 = ++pattern; -+ msg.a6 = ++pattern; -+ msg.a7 = ++pattern; -+ func_data.data1_size = sizeof(msg); -+ func_data.data1 = &msg; -+ -+ ret = ffa_helper_msg_send_direct_req(&func_data); -+ if (ret == FFA_ERR_STAT_SUCCESS) { ++ ret = ffa_bus_ops_get()->sync_send_receive(part_id, &msg); ++ if (ret == 0) { + u8 cnt; + + ffa_info("SP response:\n[LSB]"); + for (cnt = 0; -+ cnt < sizeof(struct ffa_send_direct_data) / sizeof(u32); ++ cnt < sizeof(struct ffa_send_direct_data) / sizeof(u64); + cnt++) -+ ffa_info("0x%x", ((u32 *)&msg)[cnt]); ++ ffa_info("0x%llx", ((u64 *)&msg)[cnt]); + } else { + ffa_err("Sending direct request error (%d)", ret); + } @@ -320,10 +315,13 @@ index 000000000000..71a6ebb656d1 + if (!armffa_cmd || argc > armffa_cmd->maxargs) + return CMD_RET_USAGE; + -+ ret = ffa_helper_init_device(); -+ if (ret != FFA_ERR_STAT_SUCCESS) ++ ret = ffa_bus_discover(); ++ if (ret != 0) + return cmd_process_error(cmdtp, ret); + ++ if (!ffa_bus_ops_get()) ++ return -EINVAL; ++ + ret = armffa_cmd->cmd(armffa_cmd, flag, argc, argv); + + return cmd_process_error(armffa_cmd, ret); @@ -337,6 +335,18 @@ index 000000000000..71a6ebb656d1 + " - sends a data pattern to the specified partition\n" + "devlist\n" + " - displays the arm_ffa device info\n"); +diff --git a/drivers/firmware/arm-ffa/Kconfig b/drivers/firmware/arm-ffa/Kconfig +index aceb61cf49..40b467b0a5 100644 +--- a/drivers/firmware/arm-ffa/Kconfig ++++ b/drivers/firmware/arm-ffa/Kconfig +@@ -4,6 +4,7 @@ config ARM_FFA_TRANSPORT + bool "Enable Arm Firmware Framework for Armv8-A driver" + depends on DM && ARM64 + select ARM_SMCCC ++ select CMD_ARMFFA + select LIB_UUID + select DEVRES + help -- -2.37.1 +2.17.1 diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-arm_ffa-introduce-the-FF-A-Sandbox-driver.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-arm_ffa-introduce-the-FF-A-Sandbox-driver.patch new file mode 100644 index 00000000..739f7810 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-arm_ffa-introduce-the-FF-A-Sandbox-driver.patch @@ -0,0 +1,1185 @@ +From 553b57e39808ef04bc6aa54e0324f92b0175e476 Mon Sep 17 00:00:00 2001 +From: Abdellatif El Khlifi +Date: Mon, 6 Jun 2022 12:55:08 +0100 +Subject: [PATCH 11/26] arm_ffa: introduce the FF-A Sandbox driver + +Provide a Sandbox driver to emulate the FF-A ABIs + +The emulated ABIs are those supported by the FF-A core driver +and according to FF-A specification v1.0. + +The Sandbox driver provides operations allowing the test +application to read the status of all the inspected ABIs +and perform functional tests based on that. + +Signed-off-by: Abdellatif El Khlifi +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/] +--- + +Changelog: +=============== + +v4: align sandbox driver with the new FF-A driver interfaces + and new way of error handling + +v1: introduce the sandbox driver + + MAINTAINERS | 1 + + common/board_r.c | 2 +- + configs/sandbox64_defconfig | 2 + + configs/sandbox_defconfig | 2 + + doc/arch/sandbox.rst | 1 + + drivers/firmware/arm-ffa/Kconfig | 10 +- + drivers/firmware/arm-ffa/Makefile | 1 + + drivers/firmware/arm-ffa/arm_ffa_prv.h | 15 +- + drivers/firmware/arm-ffa/core.c | 24 +- + drivers/firmware/arm-ffa/sandbox.c | 659 ++++++++++++++++++ + .../firmware/arm-ffa/sandbox_arm_ffa_prv.h | 144 ++++ + include/arm_ffa.h | 2 +- + include/sandbox_arm_ffa.h | 91 +++ + lib/efi_loader/efi_boottime.c | 2 +- + 14 files changed, 941 insertions(+), 15 deletions(-) + create mode 100644 drivers/firmware/arm-ffa/sandbox.c + create mode 100644 drivers/firmware/arm-ffa/sandbox_arm_ffa_prv.h + create mode 100644 include/sandbox_arm_ffa.h + +diff --git a/MAINTAINERS b/MAINTAINERS +index 9f0a1b7387..96157db6b6 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -251,6 +251,7 @@ F: cmd/armffa.c + F: doc/README.ffa.drv + F: drivers/firmware/arm-ffa/ + F: include/arm_ffa.h ++F: include/sandbox_arm_ffa.h + + ARM FREESCALE IMX + M: Stefano Babic +diff --git a/common/board_r.c b/common/board_r.c +index c75634286b..f838cd5958 100644 +--- a/common/board_r.c ++++ b/common/board_r.c +@@ -783,7 +783,7 @@ static init_fnc_t init_sequence_r[] = { + INIT_FUNC_WATCHDOG_RESET + initr_net, + #endif +-#ifdef CONFIG_ARM_FFA_TRANSPORT ++#if defined(CONFIG_ARM_FFA_TRANSPORT) && !defined(CONFIG_SANDBOX_FFA) + ffa_bus_discover, + #endif + #ifdef CONFIG_POST +diff --git a/configs/sandbox64_defconfig b/configs/sandbox64_defconfig +index d7f22b39ae..78bc5aaa96 100644 +--- a/configs/sandbox64_defconfig ++++ b/configs/sandbox64_defconfig +@@ -250,3 +250,5 @@ CONFIG_TEST_FDTDEC=y + CONFIG_UNIT_TEST=y + CONFIG_UT_TIME=y + CONFIG_UT_DM=y ++CONFIG_ARM_FFA_TRANSPORT=y ++CONFIG_SANDBOX_FFA=y +\ No newline at end of file +diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig +index c509a924e6..8942aa7157 100644 +--- a/configs/sandbox_defconfig ++++ b/configs/sandbox_defconfig +@@ -327,3 +327,5 @@ CONFIG_TEST_FDTDEC=y + CONFIG_UNIT_TEST=y + CONFIG_UT_TIME=y + CONFIG_UT_DM=y ++CONFIG_ARM_FFA_TRANSPORT=y ++CONFIG_SANDBOX_FFA=y +\ No newline at end of file +diff --git a/doc/arch/sandbox.rst b/doc/arch/sandbox.rst +index 068d4a3be4..5d7e1b2c48 100644 +--- a/doc/arch/sandbox.rst ++++ b/doc/arch/sandbox.rst +@@ -203,6 +203,7 @@ Supported Drivers + + U-Boot sandbox supports these emulations: + ++- Arm FF-A + - Block devices + - Chrome OS EC + - GPIO +diff --git a/drivers/firmware/arm-ffa/Kconfig b/drivers/firmware/arm-ffa/Kconfig +index 40b467b0a5..263481de96 100644 +--- a/drivers/firmware/arm-ffa/Kconfig ++++ b/drivers/firmware/arm-ffa/Kconfig +@@ -2,8 +2,8 @@ + + config ARM_FFA_TRANSPORT + bool "Enable Arm Firmware Framework for Armv8-A driver" +- depends on DM && ARM64 +- select ARM_SMCCC ++ depends on DM && (ARM64 || SANDBOX) ++ select ARM_SMCCC if !SANDBOX + select CMD_ARMFFA + select LIB_UUID + select DEVRES +@@ -38,3 +38,9 @@ config ARM_FFA_EFI_RUNTIME_MODE + The driver Code needed at runtime is placed at EFI runtime code section. + Turning this on makes ffa_copy_runtime_data available for use and the driver + code placed at EFI runtime code section. ++ ++config SANDBOX_FFA ++ bool "FF-A Sandbox driver" ++ depends on ARM_FFA_TRANSPORT && SANDBOX ++ help ++ This emulates the FF-A handling under Sandbox and allows to test the FF-A driver +diff --git a/drivers/firmware/arm-ffa/Makefile b/drivers/firmware/arm-ffa/Makefile +index 0b9b0a61b4..d50060b836 100644 +--- a/drivers/firmware/arm-ffa/Makefile ++++ b/drivers/firmware/arm-ffa/Makefile +@@ -5,3 +5,4 @@ + + obj-y += arm-ffa-uclass.o core.o + obj-$(CONFIG_ARM_FFA_EFI_RUNTIME_MODE) += efi_ffa_runtime_data_mgr.o ++obj-$(CONFIG_SANDBOX_FFA) += sandbox.o +diff --git a/drivers/firmware/arm-ffa/arm_ffa_prv.h b/drivers/firmware/arm-ffa/arm_ffa_prv.h +index 7bc90f7f66..3e0d4c112c 100644 +--- a/drivers/firmware/arm-ffa/arm_ffa_prv.h ++++ b/drivers/firmware/arm-ffa/arm_ffa_prv.h +@@ -19,6 +19,16 @@ + /* FF-A core driver name */ + #define FFA_DRV_NAME "arm_ffa" + ++/* The FF-A SMC function definitions */ ++ ++#if CONFIG_IS_ENABLED(SANDBOX_FFA) ++#include "sandbox_arm_ffa.h" ++#else ++typedef struct arm_smccc_1_2_regs ffa_value_t; ++#endif ++ ++typedef void (*invoke_ffa_fn_t)(ffa_value_t args, ffa_value_t *res); ++ + /* FF-A driver version definitions */ + + #define MAJOR_VERSION_MASK GENMASK(30, 16) +@@ -94,11 +104,6 @@ struct ffa_abi_errmap { + #define FFA_ERRMAP_COUNT (FFA_LAST_ID - FFA_FIRST_ID + 1) + #define FFA_ID_TO_ERRMAP_ID(ffa_id) ((ffa_id) - FFA_FIRST_ID) + +-/* The FF-A SMC function definitions */ +- +-typedef struct arm_smccc_1_2_regs ffa_value_t; +-typedef void (*invoke_ffa_fn_t)(ffa_value_t args, ffa_value_t *res); +- + /* + * struct ffa_partition_uuid - 16 bytes UUID transmitted by FFA_PARTITION_INFO_GET + * @a1-4: 32-bit words access to the UUID data +diff --git a/drivers/firmware/arm-ffa/core.c b/drivers/firmware/arm-ffa/core.c +index 41c7b96e68..caba10caae 100644 +--- a/drivers/firmware/arm-ffa/core.c ++++ b/drivers/firmware/arm-ffa/core.c +@@ -1101,6 +1101,7 @@ static int __ffa_runtime ffa_msg_send_direct_req(u16 dst_part_id, struct ffa_sen + return ffa_to_std_errno(ffa_errno); + } + ++#if !CONFIG_IS_ENABLED(SANDBOX_FFA) + /** + * __arm_ffa_fn_smc - SMC wrapper + * @args: FF-A ABI arguments to be copied to Xn registers +@@ -1114,6 +1115,7 @@ void __ffa_runtime __arm_ffa_fn_smc(ffa_value_t args, ffa_value_t *res) + { + arm_smccc_1_2_smc(&args, res); + } ++#endif + + /** + * ffa_set_smc_conduit - Set the SMC conduit +@@ -1127,7 +1129,12 @@ void __ffa_runtime __arm_ffa_fn_smc(ffa_value_t args, ffa_value_t *res) + */ + static int ffa_set_smc_conduit(void) + { +- ffa_priv_data->invoke_ffa_fn = __arm_ffa_fn_smc; ++#if CONFIG_IS_ENABLED(SANDBOX_FFA) ++ ffa_priv_data->invoke_ffa_fn = sandbox_arm_ffa_smccc_smc; ++ ffa_info("Using SMC emulation"); ++#else ++ ffa_priv_data->invoke_ffa_fn = __arm_ffa_fn_smc; ++#endif + + if (!ffa_priv_data->invoke_ffa_fn) { + ffa_err("failure to set the invoke function"); +@@ -1304,17 +1311,18 @@ struct ffa_prvdata **ffa_bus_prvdata_get(void) + } + + /** +- * ffa_bus_discover - discover FF-A bus and probe the arm_ffa device ++ * ffa_bus_discover - discover FF-A bus and probe arm_ffa and sandbox_arm_ffa devices + * + * This boot time function makes sure the FF-A bus is discoverable. +- * Then, the arm_ffa device is probed and ready to use. ++ * Then, the arm_ffa and sandbox_arm_ffa devices are ready to use. ++ * + * This function is called automatically at initcalls + * level (after u-boot relocation). + * + * When the bus was already discovered successfully the discovery will not run again. + * + * Arm FF-A transport is implemented through arm_ffa u-boot device managing the FF-A +- * communication. ++ * communication. In Sandbox mode sandbox_arm_ffa is used to test arm_ffa driver. + * All FF-A clients should use the arm_ffa device to use the FF-A transport. + * + * Return: +@@ -1325,9 +1333,15 @@ int ffa_bus_discover(void) + { + int ret = 0; + +- if (!ffa_priv_data) ++ if (!ffa_priv_data) { + ret = ffa_device_get(); + ++#if CONFIG_IS_ENABLED(SANDBOX_FFA) ++ if (ret == 0) ++ ret = sandbox_ffa_device_get(); ++#endif ++ } ++ + return ret; + } + +diff --git a/drivers/firmware/arm-ffa/sandbox.c b/drivers/firmware/arm-ffa/sandbox.c +new file mode 100644 +index 0000000000..16e1fdc809 +--- /dev/null ++++ b/drivers/firmware/arm-ffa/sandbox.c +@@ -0,0 +1,659 @@ ++// SPDX-License-Identifier: GPL-2.0+ ++/* ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi ++ */ ++ ++#include "sandbox_arm_ffa_prv.h" ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++DECLARE_GLOBAL_DATA_PTR; ++ ++/** ++ * The device private data structure containing all the emulated secure world data ++ */ ++static struct sandbox_ffa_prvdata sandbox_ffa_priv_data = {0}; ++ ++/* The partitions (SPs) table */ ++static struct ffa_partition_desc sandbox_partitions[SANDBOX_PARTITIONS_CNT] = { ++ { ++ .info = { .id = SANDBOX_SP1_ID, .exec_ctxt = 0x5687, .properties = 0x89325621 }, ++ .sp_uuid = { ++ .a1 = SANDBOX_SERVICE1_UUID_A1, ++ .a2 = SANDBOX_SERVICE1_UUID_A2, ++ .a3 = SANDBOX_SERVICE1_UUID_A3, ++ .a4 = SANDBOX_SERVICE1_UUID_A4, ++ } ++ }, ++ { ++ .info = { .id = SANDBOX_SP2_ID, .exec_ctxt = 0x9587, .properties = 0x45325621 }, ++ .sp_uuid = { ++ .a1 = SANDBOX_SERVICE2_UUID_A1, ++ .a2 = SANDBOX_SERVICE2_UUID_A2, ++ .a3 = SANDBOX_SERVICE2_UUID_A3, ++ .a4 = SANDBOX_SERVICE2_UUID_A4, ++ } ++ }, ++ { ++ .info = { .id = SANDBOX_SP3_ID, .exec_ctxt = 0x7687, .properties = 0x23325621 }, ++ .sp_uuid = { ++ .a1 = SANDBOX_SERVICE1_UUID_A1, ++ .a2 = SANDBOX_SERVICE1_UUID_A2, ++ .a3 = SANDBOX_SERVICE1_UUID_A3, ++ .a4 = SANDBOX_SERVICE1_UUID_A4, ++ } ++ }, ++ { ++ .info = { .id = SANDBOX_SP4_ID, .exec_ctxt = 0x1487, .properties = 0x70325621 }, ++ .sp_uuid = { ++ .a1 = SANDBOX_SERVICE2_UUID_A1, ++ .a2 = SANDBOX_SERVICE2_UUID_A2, ++ .a3 = SANDBOX_SERVICE2_UUID_A3, ++ .a4 = SANDBOX_SERVICE2_UUID_A4, ++ } ++ } ++ ++}; ++ ++/* ++ * Driver functions ++ */ ++ ++/** ++ * sandbox_ffa_get_device - probes the sandbox_arm_ffa device ++ * ++ * This function makes sure the sandbox_arm_ffa device is probed ++ * This function makes sure the sandbox_arm_ffa device is ++ * created, bound to this driver, probed and ready to use. ++ * ++ * sandbox_arm_ffa depends on arm_ffa device. This dependency is ++ * handled by ffa_bus_discover function. arm_ffa is probed first then ++ * sandbox_arm_ffa. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++int sandbox_ffa_device_get(void) ++{ ++ int ret; ++ ++ if (sandbox_ffa_priv_data.dev) ++ return 0; ++ ++ ret = device_bind(dm_root(), ++ DM_DRIVER_GET(sandbox_arm_ffa), ++ FFA_SANDBOX_DRV_NAME, ++ NULL, ++ ofnode_null(), ++ &sandbox_ffa_priv_data.dev); ++ if (ret) { ++ sandbox_ffa_priv_data.dev = NULL; ++ return ret; ++ } ++ ++ ret = device_probe(sandbox_ffa_priv_data.dev); ++ if (ret) { ++ ffa_err("[Sandbox] can not probe the device"); ++ device_unbind(sandbox_ffa_priv_data.dev); ++ sandbox_ffa_priv_data.dev = NULL; ++ return ret; ++ } ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_version - Emulated FFA_VERSION handler function ++ * @{a0-a7} , res: The SMC call arguments and return structure. ++ * ++ * This is the function that emulates FFA_VERSION FF-A function. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++SANDBOX_SMC_FFA_ABI(ffa_version) ++{ ++ sandbox_ffa_priv_data.fwk_version = FFA_VERSION_1_0; ++ res->a0 = sandbox_ffa_priv_data.fwk_version; ++ ++ /* x1-x7 MBZ */ ++ memset(FFA_X1X7_MBZ_REG_START, 0, FFA_X1X7_MBZ_CNT * sizeof(unsigned long)); ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_id_get - Emulated FFA_ID_GET handler function ++ * @{a0-a7} , res: The SMC call arguments and return structure. ++ * ++ * This is the function that emulates FFA_ID_GET FF-A function. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++SANDBOX_SMC_FFA_ABI(ffa_id_get) ++{ ++ res->a0 = FFA_SMC_32(FFA_SUCCESS); ++ res->a1 = 0; ++ ++ sandbox_ffa_priv_data.id = NS_PHYS_ENDPOINT_ID; ++ res->a2 = sandbox_ffa_priv_data.id; ++ ++ /* x3-x7 MBZ */ ++ memset(FFA_X3_MBZ_REG_START, 0, FFA_X3X7_MBZ_CNT * sizeof(unsigned long)); ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_features - Emulated FFA_FEATURES handler function ++ * @{a0-a7} , res: The SMC call arguments and return structure. ++ * ++ * This is the function that emulates FFA_FEATURES FF-A function. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++SANDBOX_SMC_FFA_ABI(ffa_features) ++{ ++ if (pargs->a1 == FFA_SMC_64(FFA_RXTX_MAP)) { ++ res->a0 = FFA_SMC_32(FFA_SUCCESS); ++ res->a2 = RXTX_BUFFERS_MIN_SIZE; ++ res->a3 = 0; ++ /* x4-x7 MBZ */ ++ memset(FFA_X4X7_MBZ_REG_START, ++ 0, FFA_X4X7_MBZ_CNT * sizeof(unsigned long)); ++ } else { ++ res->a0 = FFA_SMC_32(FFA_ERROR); ++ res->a2 = FFA_ERR_STAT_NOT_SUPPORTED; ++ /* x3-x7 MBZ */ ++ memset(FFA_X3_MBZ_REG_START, ++ 0, FFA_X3X7_MBZ_CNT * sizeof(unsigned long)); ++ ffa_err("[Sandbox] FF-A interface 0x%lx not implemented", pargs->a1); ++ } ++ ++ res->a1 = 0; ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_partition_info_get - Emulated FFA_PARTITION_INFO_GET handler function ++ * @{a0-a7} , res: The SMC call arguments and return structure. ++ * ++ * This is the function that emulates FFA_PARTITION_INFO_GET FF-A function. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++SANDBOX_SMC_FFA_ABI(ffa_partition_info_get) ++{ ++ struct ffa_partition_info *rxbuf_desc_info = NULL; ++ u32 descs_cnt; ++ u32 descs_size_bytes; ++ ++ res->a0 = FFA_SMC_32(FFA_ERROR); ++ ++ if (!sandbox_ffa_priv_data.pair.rxbuf) { ++ res->a2 = FFA_ERR_STAT_DENIED; ++ goto cleanup; ++ } ++ ++ if (sandbox_ffa_priv_data.pair_info.rxbuf_owned) { ++ res->a2 = FFA_ERR_STAT_BUSY; ++ goto cleanup; ++ } ++ ++ if (!sandbox_ffa_priv_data.partitions.descs) { ++ sandbox_ffa_priv_data.partitions.descs = sandbox_partitions; ++ sandbox_ffa_priv_data.partitions.count = SANDBOX_PARTITIONS_CNT; ++ } ++ ++ descs_size_bytes = SANDBOX_PARTITIONS_CNT * sizeof(struct ffa_partition_desc); ++ ++ /* Abort if the RX buffer size is smaller than the descriptors buffer size */ ++ if ((sandbox_ffa_priv_data.pair_info.rxtx_buf_size * SZ_4K) < descs_size_bytes) { ++ res->a2 = FFA_ERR_STAT_NO_MEMORY; ++ goto cleanup; ++ } ++ ++ rxbuf_desc_info = (struct ffa_partition_info *)sandbox_ffa_priv_data.pair.rxbuf; ++ ++ /* No UUID specified. Return the information of all partitions */ ++ if (!pargs->a1 && !pargs->a2 && !pargs->a3 && !pargs->a4) { ++ for (descs_cnt = 0 ; descs_cnt < SANDBOX_PARTITIONS_CNT ; descs_cnt++) ++ *(rxbuf_desc_info++) = ++ sandbox_ffa_priv_data.partitions.descs[descs_cnt].info; ++ ++ res->a0 = FFA_SMC_32(FFA_SUCCESS); ++ res->a2 = SANDBOX_PARTITIONS_CNT; ++ /* transfer ownership to the consumer: the non secure world */ ++ sandbox_ffa_priv_data.pair_info.rxbuf_owned = 1; ++ ++ goto cleanup; ++ } ++ ++ /* ++ * A UUID is specified. Return the information of all partitions matching ++ * the UUID ++ */ ++ ++ for (descs_cnt = 0 ; descs_cnt < SANDBOX_PARTITIONS_CNT ; descs_cnt++) ++ if (pargs->a1 == sandbox_ffa_priv_data.partitions.descs[descs_cnt].sp_uuid.a1 && ++ pargs->a2 == sandbox_ffa_priv_data.partitions.descs[descs_cnt].sp_uuid.a2 && ++ pargs->a3 == sandbox_ffa_priv_data.partitions.descs[descs_cnt].sp_uuid.a3 && ++ pargs->a4 == sandbox_ffa_priv_data.partitions.descs[descs_cnt].sp_uuid.a4) { ++ *(rxbuf_desc_info++) = ++ sandbox_ffa_priv_data.partitions.descs[descs_cnt].info; ++ } ++ ++ if (rxbuf_desc_info != ((struct ffa_partition_info *)sandbox_ffa_priv_data.pair.rxbuf)) { ++ res->a0 = FFA_SMC_32(FFA_SUCCESS); ++ /* store the partitions count */ ++ res->a2 = (unsigned long) ++ (rxbuf_desc_info - (struct ffa_partition_info *) ++ sandbox_ffa_priv_data.pair.rxbuf); ++ ++ /* transfer ownership to the consumer: the non secure world */ ++ sandbox_ffa_priv_data.pair_info.rxbuf_owned = 1; ++ } else { ++ /* Unrecognized UUID */ ++ res->a2 = FFA_ERR_STAT_INVALID_PARAMETERS; ++ } ++ ++cleanup: ++ ++ ffa_err("[Sandbox] FFA_PARTITION_INFO_GET (%ld)", res->a2); ++ ++ res->a1 = 0; ++ ++ /* x3-x7 MBZ */ ++ memset(FFA_X3_MBZ_REG_START, 0, FFA_X3X7_MBZ_CNT * sizeof(unsigned long)); ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_rxtx_map - Emulated FFA_RXTX_MAP handler function ++ * @{a0-a7} , res: The SMC call arguments and return structure. ++ * ++ * This is the function that emulates FFA_RXTX_MAP FF-A function. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++SANDBOX_SMC_FFA_ABI(ffa_rxtx_map) ++{ ++ res->a0 = FFA_SMC_32(FFA_ERROR); ++ ++ if (sandbox_ffa_priv_data.pair.txbuf && sandbox_ffa_priv_data.pair.rxbuf) { ++ res->a2 = FFA_ERR_STAT_DENIED; ++ goto feedback; ++ } ++ ++ if (pargs->a3 >= RXTX_BUFFERS_MIN_PAGES && pargs->a1 && pargs->a2) { ++ sandbox_ffa_priv_data.pair.txbuf = pargs->a1; ++ sandbox_ffa_priv_data.pair.rxbuf = pargs->a2; ++ sandbox_ffa_priv_data.pair_info.rxtx_buf_size = pargs->a3; ++ sandbox_ffa_priv_data.pair_info.rxbuf_mapped = 1; ++ res->a0 = FFA_SMC_32(FFA_SUCCESS); ++ res->a2 = 0; ++ goto feedback; ++ } ++ ++ if (!pargs->a1 || !pargs->a2) ++ res->a2 = FFA_ERR_STAT_INVALID_PARAMETERS; ++ else ++ res->a2 = FFA_ERR_STAT_NO_MEMORY; ++ ++ ffa_err("[Sandbox] error in FFA_RXTX_MAP arguments (%d)", (int)res->a2); ++ ++feedback: ++ ++ res->a1 = 0; ++ ++ /* x3-x7 MBZ */ ++ memset(FFA_X3_MBZ_REG_START, ++ 0, FFA_X3X7_MBZ_CNT * sizeof(unsigned long)); ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_rxtx_unmap - Emulated FFA_RXTX_UNMAP handler function ++ * @{a0-a7} , res: The SMC call arguments and return structure. ++ * ++ * This is the function that emulates FFA_RXTX_UNMAP FF-A function. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++SANDBOX_SMC_FFA_ABI(ffa_rxtx_unmap) ++{ ++ res->a0 = FFA_SMC_32(FFA_ERROR); ++ res->a2 = FFA_ERR_STAT_INVALID_PARAMETERS; ++ ++ if (GET_NS_PHYS_ENDPOINT_ID(pargs->a1) != sandbox_ffa_priv_data.id) ++ goto feedback; ++ ++ if (sandbox_ffa_priv_data.pair.txbuf && sandbox_ffa_priv_data.pair.rxbuf) { ++ sandbox_ffa_priv_data.pair.txbuf = 0; ++ sandbox_ffa_priv_data.pair.rxbuf = 0; ++ sandbox_ffa_priv_data.pair_info.rxtx_buf_size = 0; ++ sandbox_ffa_priv_data.pair_info.rxbuf_mapped = 0; ++ res->a0 = FFA_SMC_32(FFA_SUCCESS); ++ res->a2 = 0; ++ goto feedback; ++ } ++ ++ ffa_err("[Sandbox] No buffer pair registered on behalf of the caller"); ++ ++feedback: ++ ++ res->a1 = 0; ++ ++ /* x3-x7 MBZ */ ++ memset(FFA_X3_MBZ_REG_START, ++ 0, FFA_X3X7_MBZ_CNT * sizeof(unsigned long)); ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_rx_release - Emulated FFA_RX_RELEASE handler function ++ * @{a0-a7} , res: The SMC call arguments and return structure. ++ * ++ * This is the function that emulates FFA_RX_RELEASE FF-A function. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++SANDBOX_SMC_FFA_ABI(ffa_rx_release) ++{ ++ if (!sandbox_ffa_priv_data.pair_info.rxbuf_owned) { ++ res->a0 = FFA_SMC_32(FFA_ERROR); ++ res->a2 = FFA_ERR_STAT_DENIED; ++ } else { ++ sandbox_ffa_priv_data.pair_info.rxbuf_owned = 0; ++ res->a0 = FFA_SMC_32(FFA_SUCCESS); ++ res->a2 = 0; ++ } ++ ++ res->a1 = 0; ++ ++ /* x3-x7 MBZ */ ++ memset(FFA_X3_MBZ_REG_START, ++ 0, FFA_X3X7_MBZ_CNT * sizeof(unsigned long)); ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_sp_valid - Checks SP validity ++ * @part_id: partition ID to check ++ * ++ * This is the function searches the input ID in the descriptors table. ++ * ++ * Return: ++ * ++ * 1 on success (Partition found). Otherwise, failure ++ */ ++static int sandbox_ffa_sp_valid(u16 part_id) ++{ ++ u32 descs_cnt; ++ ++ for (descs_cnt = 0 ; descs_cnt < SANDBOX_PARTITIONS_CNT ; descs_cnt++) ++ if (sandbox_ffa_priv_data.partitions.descs[descs_cnt].info.id == part_id) ++ return 1; ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_msg_send_direct_req - Emulated FFA_MSG_SEND_DIRECT_{REQ,RESP} handler function ++ * @{a0-a7} , res: The SMC call arguments and return structure. ++ * ++ * This is the function that emulates FFA_MSG_SEND_DIRECT_{REQ,RESP} ++ * FF-A functions. ++ * ++ * Emulating interrupts is not supported. So, FFA_RUN and FFA_INTERRUPT are not supported. ++ * In case of success FFA_MSG_SEND_DIRECT_RESP is returned with default pattern data (0xff). ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++SANDBOX_SMC_FFA_ABI(ffa_msg_send_direct_req) ++{ ++ u16 part_id; ++ ++ part_id = GET_DST_SP_ID(pargs->a1); ++ ++ if ((GET_NS_PHYS_ENDPOINT_ID(pargs->a1) != sandbox_ffa_priv_data.id) || ++ !sandbox_ffa_sp_valid(part_id) || ++ pargs->a2) { ++ res->a0 = FFA_SMC_32(FFA_ERROR); ++ res->a1 = 0; ++ res->a2 = FFA_ERR_STAT_INVALID_PARAMETERS; ++ ++ /* x3-x7 MBZ */ ++ memset(FFA_X3_MBZ_REG_START, ++ 0, FFA_X3X7_MBZ_CNT * sizeof(unsigned long)); ++ ++ return 0; ++ } ++ ++ res->a0 = FFA_SMC_64(FFA_MSG_SEND_DIRECT_RESP); ++ ++ res->a1 = PREP_SRC_SP_ID(part_id) | ++ PREP_NS_PHYS_ENDPOINT_ID(sandbox_ffa_priv_data.id); ++ ++ res->a2 = 0; ++ ++ /* ++ * return 0xff bytes as a response ++ */ ++ res->a3 = 0xffffffffffffffff; ++ res->a4 = 0xffffffffffffffff; ++ res->a5 = 0xffffffffffffffff; ++ res->a6 = 0xffffffffffffffff; ++ res->a7 = 0xffffffffffffffff; ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_get_prv_data - Returns the pointer to FF-A core pivate data ++ * @func_data: Pointer to the FF-A function arguments container structure ++ * ++ * This is the handler that returns the address of the FF-A core pivate data. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int sandbox_ffa_get_prv_data(struct ffa_sandbox_data *func_data) ++{ ++ if (!func_data) ++ return -EINVAL; ++ ++ if (!func_data->data0 || func_data->data0_size != sizeof(struct ffa_prvdata **)) ++ return -EINVAL; ++ ++ if (!func_data->data1 || func_data->data1_size != sizeof(struct sandbox_ffa_prvdata **)) ++ return -EINVAL; ++ ++ *((struct ffa_prvdata **)func_data->data0) = *(ffa_bus_prvdata_get()); ++ *((struct sandbox_ffa_prvdata **)func_data->data1) = &sandbox_ffa_priv_data; ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_get_rxbuf_flags - Reading the mapping/ownership flags ++ * @queried_func_id: The FF-A function to be queried ++ * @func_data: Pointer to the FF-A function arguments container structure ++ * ++ * This is the handler that queries the status flags of the following emulated ABIs: ++ * FFA_RXTX_MAP, FFA_RXTX_UNMAP, FFA_RX_RELEASE ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int sandbox_ffa_get_rxbuf_flags(u32 queried_func_id, struct ffa_sandbox_data *func_data) ++{ ++ if (!func_data) ++ return -EINVAL; ++ ++ if (!func_data->data0 || func_data->data0_size != sizeof(u8)) ++ return -EINVAL; ++ ++ switch (queried_func_id) { ++ case FFA_RXTX_MAP: ++ case FFA_RXTX_UNMAP: ++ *((u8 *)func_data->data0) = sandbox_ffa_priv_data.pair_info.rxbuf_mapped; ++ return 0; ++ case FFA_RX_RELEASE: ++ *((u8 *)func_data->data0) = sandbox_ffa_priv_data.pair_info.rxbuf_owned; ++ return 0; ++ default: ++ ffa_err("[Sandbox] The querried FF-A interface flag (%d) undefined", ++ queried_func_id); ++ return -EINVAL; ++ } ++} ++ ++/** ++ * sandbox_ffa_query_core_state - The driver dispatcher function ++ * @queried_func_id: The FF-A function to be queried ++ * @func_data: Pointer to the FF-A function arguments container structure ++ * ++ * Queries the status of FF-A ABI specified in the input argument. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++int sandbox_ffa_query_core_state(u32 queried_func_id, struct ffa_sandbox_data *func_data) ++{ ++ switch (queried_func_id) { ++ case FFA_VERSION: ++ case FFA_ID_GET: ++ case FFA_FEATURES: ++ return sandbox_ffa_get_prv_data(func_data); ++ case FFA_RXTX_MAP: ++ case FFA_RXTX_UNMAP: ++ case FFA_RX_RELEASE: ++ return sandbox_ffa_get_rxbuf_flags(queried_func_id, func_data); ++ default: ++ ffa_err("[Sandbox] The querried FF-A interface (%d) undefined", queried_func_id); ++ return -EINVAL; ++ } ++} ++ ++/** ++ * sandbox_arm_ffa_smccc_smc - FF-A SMC call emulation ++ * @args: the SMC call arguments ++ * @res: the SMC call returned data ++ * ++ * Sandbox driver emulates the FF-A ABIs SMC call using this function. ++ * The emulated FF-A ABI is identified and invoked. ++ * FF-A emulation is based on the FF-A specification 1.0 ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure. ++ * FF-A protocol error codes are returned using the registers arguments as described ++ * by the specification ++ */ ++void sandbox_arm_ffa_smccc_smc(ffa_value_t args, ffa_value_t *res) ++{ ++ int ret = 0; ++ ++ switch (args.a0) { ++ case FFA_SMC_32(FFA_VERSION): ++ ret = sandbox_ffa_version(&args, res); ++ break; ++ case FFA_SMC_32(FFA_PARTITION_INFO_GET): ++ ret = sandbox_ffa_partition_info_get(&args, res); ++ break; ++ case FFA_SMC_32(FFA_RXTX_UNMAP): ++ ret = sandbox_ffa_rxtx_unmap(&args, res); ++ break; ++ case FFA_SMC_64(FFA_MSG_SEND_DIRECT_REQ): ++ ret = sandbox_ffa_msg_send_direct_req(&args, res); ++ break; ++ case FFA_SMC_32(FFA_ID_GET): ++ ret = sandbox_ffa_id_get(&args, res); ++ break; ++ case FFA_SMC_32(FFA_FEATURES): ++ ret = sandbox_ffa_features(&args, res); ++ break; ++ case FFA_SMC_64(FFA_RXTX_MAP): ++ ret = sandbox_ffa_rxtx_map(&args, res); ++ break; ++ case FFA_SMC_32(FFA_RX_RELEASE): ++ ret = sandbox_ffa_rx_release(&args, res); ++ break; ++ default: ++ ffa_err("[Sandbox] Undefined FF-A interface (0x%lx)", args.a0); ++ } ++ ++ if (ret != 0) ++ ffa_err("[Sandbox] FF-A ABI internal failure (%d)", ret); ++} ++ ++/** ++ * sandbox_ffa_probe - The driver probe function ++ * @dev: the sandbox_arm_ffa device ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int sandbox_ffa_probe(struct udevice *dev) ++{ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_remove - The driver remove function ++ * @dev: the sandbox_arm_ffa device ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int sandbox_ffa_remove(struct udevice *dev) ++{ ++ ffa_info("[Sandbox] removing the device"); ++ memset(&sandbox_ffa_priv_data, 0, sizeof(sandbox_ffa_priv_data)); ++ return 0; ++} ++ ++/** ++ * Declaring the sandbox_arm_ffa driver under UCLASS_FFA ++ */ ++U_BOOT_DRIVER(sandbox_arm_ffa) = { ++ .name = FFA_SANDBOX_DRV_NAME, ++ .id = UCLASS_FFA, ++ .probe = sandbox_ffa_probe, ++ .remove = sandbox_ffa_remove, ++}; +diff --git a/drivers/firmware/arm-ffa/sandbox_arm_ffa_prv.h b/drivers/firmware/arm-ffa/sandbox_arm_ffa_prv.h +new file mode 100644 +index 0000000000..4db57f5092 +--- /dev/null ++++ b/drivers/firmware/arm-ffa/sandbox_arm_ffa_prv.h +@@ -0,0 +1,144 @@ ++/* SPDX-License-Identifier: GPL-2.0+ */ ++/* ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi ++ */ ++ ++#ifndef __SANDBOX_ARM_FFA_PRV_H ++#define __SANDBOX_ARM_FFA_PRV_H ++ ++#include "arm_ffa_prv.h" ++#include ++ ++/* ++ * This header is private. It is exclusively used by the Sandbox FF-A driver ++ */ ++ ++/* FF-A core driver name */ ++#define FFA_SANDBOX_DRV_NAME "sandbox_arm_ffa" ++ ++/* FF-A ABIs internal error codes (as defined by the spec) */ ++ ++#define FFA_ERR_STAT_NOT_SUPPORTED -1 ++#define FFA_ERR_STAT_INVALID_PARAMETERS -2 ++#define FFA_ERR_STAT_NO_MEMORY -3 ++#define FFA_ERR_STAT_BUSY -4 ++#define FFA_ERR_STAT_DENIED -6 ++ ++/* Providing Arm SMCCC declarations to sandbox */ ++ ++#define ARM_SMCCC_FAST_CALL 1UL ++#define ARM_SMCCC_OWNER_STANDARD 4 ++#define ARM_SMCCC_SMC_32 0 ++#define ARM_SMCCC_SMC_64 1 ++#define ARM_SMCCC_TYPE_SHIFT 31 ++#define ARM_SMCCC_CALL_CONV_SHIFT 30 ++#define ARM_SMCCC_OWNER_MASK 0x3F ++#define ARM_SMCCC_OWNER_SHIFT 24 ++#define ARM_SMCCC_FUNC_MASK 0xFFFF ++ ++#define ARM_SMCCC_CALL_VAL(type, calling_convention, owner, func_num) \ ++ (((type) << ARM_SMCCC_TYPE_SHIFT) | \ ++ ((calling_convention) << ARM_SMCCC_CALL_CONV_SHIFT) | \ ++ (((owner) & ARM_SMCCC_OWNER_MASK) << ARM_SMCCC_OWNER_SHIFT) | \ ++ ((func_num) & ARM_SMCCC_FUNC_MASK)) ++ ++/* Non-secure physical FF-A instance */ ++#define NS_PHYS_ENDPOINT_ID (0) ++ ++#define GET_NS_PHYS_ENDPOINT_ID_MASK GENMASK(31, 16) ++#define GET_NS_PHYS_ENDPOINT_ID(x) \ ++ ((u16)(FIELD_GET(GET_NS_PHYS_ENDPOINT_ID_MASK, (x)))) ++ ++/* Helper macro for reading the destination partition ID */ ++#define GET_DST_SP_ID_MASK GENMASK(15, 0) ++#define GET_DST_SP_ID(x) \ ++ ((u16)(FIELD_GET(GET_DST_SP_ID_MASK, (x)))) ++ ++/* Helper macro for setting the source partition ID */ ++#define PREP_SRC_SP_ID_MASK GENMASK(31, 16) ++#define PREP_SRC_SP_ID(x) \ ++ (FIELD_PREP(PREP_SRC_SP_ID_MASK, (x))) ++ ++/* Helper macro for setting the destination endpoint ID */ ++#define PREP_NS_PHYS_ENDPOINT_ID_MASK GENMASK(15, 0) ++#define PREP_NS_PHYS_ENDPOINT_ID(x) \ ++ (FIELD_PREP(PREP_NS_PHYS_ENDPOINT_ID_MASK, (x))) ++ ++/* RX/TX buffers minimum size */ ++#define RXTX_BUFFERS_MIN_SIZE (RXTX_4K) ++#define RXTX_BUFFERS_MIN_PAGES (1) ++ ++/* MBZ registers info */ ++ ++/* x1-x7 MBZ */ ++#define FFA_X1X7_MBZ_CNT (7) ++#define FFA_X1X7_MBZ_REG_START (&res->a1) ++ ++/* x4-x7 MBZ */ ++#define FFA_X4X7_MBZ_CNT (4) ++#define FFA_X4X7_MBZ_REG_START (&res->a4) ++ ++/* x3-x7 MBZ */ ++#define FFA_X3X7_MBZ_CNT (5) ++#define FFA_X3_MBZ_REG_START (&res->a3) ++ ++/* secure partitions count */ ++#define SANDBOX_PARTITIONS_CNT (4) ++ ++/* service 1 UUID binary data (little-endian format) */ ++#define SANDBOX_SERVICE1_UUID_A1 0xed32d533 ++#define SANDBOX_SERVICE1_UUID_A2 0x99e64209 ++#define SANDBOX_SERVICE1_UUID_A3 0x9cc02d72 ++#define SANDBOX_SERVICE1_UUID_A4 0xcdd998a7 ++ ++/* service 2 UUID binary data (little-endian format) */ ++#define SANDBOX_SERVICE2_UUID_A1 0xed32d544 ++#define SANDBOX_SERVICE2_UUID_A2 0x99e64209 ++#define SANDBOX_SERVICE2_UUID_A3 0x9cc02d72 ++#define SANDBOX_SERVICE2_UUID_A4 0xcdd998a7 ++ ++/** ++ * struct ffa_rxtxpair_info - structure hosting the RX/TX buffers flags ++ * @rxbuf_owned: RX buffer ownership flag (the owner is non secure world: the consumer) ++ * @rxbuf_mapped: RX buffer mapping flag ++ * @txbuf_owned TX buffer ownership flag ++ * @txbuf_mapped: TX buffer mapping flag ++ * @rxtx_buf_size: RX/TX buffers size as set by the FF-A core driver ++ * ++ * Data structure hosting the ownership/mapping flags of the RX/TX buffers ++ * When a buffer is owned/mapped its corresponding flag is set to 1 otherwise 0. ++ */ ++struct ffa_rxtxpair_info { ++ u8 rxbuf_owned; ++ u8 rxbuf_mapped; ++ u8 txbuf_owned; ++ u8 txbuf_mapped; ++ u32 rxtx_buf_size; ++}; ++ ++/** ++ * struct sandbox_ffa_prvdata - the driver private data structure ++ * ++ * @dev: The arm_ffa device under u-boot driver model ++ * @fwk_version: FF-A framework version ++ * @id: u-boot endpoint ID ++ * @partitions: The partitions descriptors structure ++ * @pair: The RX/TX buffers pair ++ * @pair_info: The RX/TX buffers pair flags and size ++ * @conduit: The selected conduit ++ * ++ * The driver data structure hosting all the emulated secure world data. ++ */ ++struct sandbox_ffa_prvdata { ++ struct udevice *dev; ++ u32 fwk_version; ++ u16 id; ++ struct ffa_partitions partitions; ++ struct ffa_rxtxpair pair; ++ struct ffa_rxtxpair_info pair_info; ++}; ++ ++#define SANDBOX_SMC_FFA_ABI(ffabi) static int sandbox_##ffabi(ffa_value_t *pargs, ffa_value_t *res) ++ ++#endif +diff --git a/include/arm_ffa.h b/include/arm_ffa.h +index f17b100497..665413a0c5 100644 +--- a/include/arm_ffa.h ++++ b/include/arm_ffa.h +@@ -111,7 +111,7 @@ struct ffa_bus_ops { + const struct ffa_bus_ops * __ffa_runtime ffa_bus_ops_get(void); + + /** +- * ffa_bus_discover - discover FF-A bus and probes the arm_ffa device ++ * ffa_bus_discover - discover FF-A bus and probes the arm_ffa and sandbox_arm_ffa devices + */ + int ffa_bus_discover(void); + +diff --git a/include/sandbox_arm_ffa.h b/include/sandbox_arm_ffa.h +new file mode 100644 +index 0000000000..d5df16f282 +--- /dev/null ++++ b/include/sandbox_arm_ffa.h +@@ -0,0 +1,91 @@ ++/* SPDX-License-Identifier: GPL-2.0+ */ ++/* ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi ++ */ ++ ++#ifndef __SANDBOX_ARM_FFA_H ++#define __SANDBOX_ARM_FFA_H ++ ++#include ++ ++/** ++ * struct sandbox_smccc_1_2_regs - Arguments for or Results from emulated SMC call ++ * @a0-a17 argument values from registers 0 to 17 ++ */ ++struct sandbox_smccc_1_2_regs { ++ unsigned long a0; ++ unsigned long a1; ++ unsigned long a2; ++ unsigned long a3; ++ unsigned long a4; ++ unsigned long a5; ++ unsigned long a6; ++ unsigned long a7; ++ unsigned long a8; ++ unsigned long a9; ++ unsigned long a10; ++ unsigned long a11; ++ unsigned long a12; ++ unsigned long a13; ++ unsigned long a14; ++ unsigned long a15; ++ unsigned long a16; ++ unsigned long a17; ++}; ++ ++typedef struct sandbox_smccc_1_2_regs ffa_value_t; ++ ++/* UUIDs of services supported by the sandbox driver */ ++#define SANDBOX_SERVICE1_UUID "ed32d533-4209-99e6-2d72-cdd998a79cc0" ++#define SANDBOX_SERVICE2_UUID "ed32d544-4209-99e6-2d72-cdd998a79cc0" ++#define SANDBOX_SP1_ID 0x1245 ++#define SANDBOX_SP2_ID 0x9836 ++#define SANDBOX_SP3_ID 0x6452 ++#define SANDBOX_SP4_ID 0x7814 ++ ++/* invalid service UUID (no matching SP) */ ++#define SANDBOX_SERVICE3_UUID "55d532ed-0942-e699-722d-c09ca798d9cd" ++ ++/* invalid service UUID (invalid UUID string format) */ ++#define SANDBOX_SERVICE4_UUID "32ed-0942-e699-722d-c09ca798d9cd" ++ ++#define SANDBOX_SP_COUNT_PER_VALID_SERVICE 2 ++ ++/** ++ * struct ffa_sandbox_data - generic data structure used to exchange ++ * data between test cases and the sandbox driver ++ * @data0_size: size of the first argument ++ * @data0: pointer to the first argument ++ * @data1_size>: size of the second argument ++ * @data1: pointer to the second argument ++ * ++ * Using this structure sandbox test cases can pass various types of data with different sizes. ++ */ ++struct ffa_sandbox_data { ++ u32 data0_size; /* size of the first argument */ ++ void *data0; /* pointer to the first argument */ ++ u32 data1_size; /* size of the second argument */ ++ void *data1; /* pointer to the second argument */ ++}; ++ ++/** ++ * The sandbox driver public functions ++ */ ++ ++/** ++ * sandbox_ffa_query_core_state - Queries the status of FF-A ABIs ++ */ ++int sandbox_ffa_query_core_state(u32 queried_func_id, struct ffa_sandbox_data *func_data); ++ ++/** ++ * sandbox_ffa_get_device - create, bind and probe the sandbox_arm_ffa device ++ */ ++int sandbox_ffa_device_get(void); ++ ++/** ++ * sandbox_arm_ffa_smccc_smc - FF-A SMC call emulation ++ */ ++void sandbox_arm_ffa_smccc_smc(ffa_value_t args, ffa_value_t *res); ++ ++#endif +diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c +index 0ec002ac8b..8fa9a58d76 100644 +--- a/lib/efi_loader/efi_boottime.c ++++ b/lib/efi_loader/efi_boottime.c +@@ -2177,7 +2177,7 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, + dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL); + } + +-#if CONFIG_IS_ENABLED(ARM_FFA_TRANSPORT) ++#if CONFIG_IS_ENABLED(ARM_FFA_TRANSPORT) && !CONFIG_IS_ENABLED(SANDBOX_FFA) + /* unmap FF-A RX/TX buffers */ + if (ffa_bus_ops_get()->rxtx_unmap()) + debug("[efi_boottime][ERROR]: can not unmap FF-A RX/TX buffers\n"); +-- +2.17.1 + diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-arm_ffa-introduce-Sandbox-test-cases-for-UCLASS_FFA.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-arm_ffa-introduce-Sandbox-test-cases-for-UCLASS_FFA.patch new file mode 100644 index 00000000..edc5ed60 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-arm_ffa-introduce-Sandbox-test-cases-for-UCLASS_FFA.patch @@ -0,0 +1,455 @@ +From dbc51066367481b5a45ce24f91571f83a022576e Mon Sep 17 00:00:00 2001 +From: Abdellatif El Khlifi +Date: Mon, 6 Jun 2022 17:26:06 +0100 +Subject: [PATCH 12/26] arm_ffa: introduce Sandbox test cases for UCLASS_FFA + +Add functional test cases for the FF-A core driver + +These tests rely on the FF-A Sandbox driver which helps in + inspecting the FF-A core driver. + +Signed-off-by: Abdellatif El Khlifi +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/] +--- + +Changelog: +=============== + +v4: align sandbox tests with the new FF-A driver interfaces + and new way of error handling + +v1: introduce sandbox tests + + MAINTAINERS | 1 + + test/dm/Makefile | 1 + + test/dm/ffa.c | 394 +++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 396 insertions(+) + create mode 100644 test/dm/ffa.c + +diff --git a/MAINTAINERS b/MAINTAINERS +index 96157db6b6..e5b71b0ade 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -252,6 +252,7 @@ F: doc/README.ffa.drv + F: drivers/firmware/arm-ffa/ + F: include/arm_ffa.h + F: include/sandbox_arm_ffa.h ++F: test/dm/ffa.c + + ARM FREESCALE IMX + M: Stefano Babic +diff --git a/test/dm/Makefile b/test/dm/Makefile +index f0a7c97e3d..f96f848046 100644 +--- a/test/dm/Makefile ++++ b/test/dm/Makefile +@@ -79,6 +79,7 @@ obj-$(CONFIG_POWER_DOMAIN) += power-domain.o + obj-$(CONFIG_ACPI_PMC) += pmc.o + obj-$(CONFIG_DM_PMIC) += pmic.o + obj-$(CONFIG_DM_PWM) += pwm.o ++obj-$(CONFIG_SANDBOX_FFA) += ffa.o + obj-$(CONFIG_QFW) += qfw.o + obj-$(CONFIG_RAM) += ram.o + obj-y += regmap.o +diff --git a/test/dm/ffa.c b/test/dm/ffa.c +new file mode 100644 +index 0000000000..052d5fc3f4 +--- /dev/null ++++ b/test/dm/ffa.c +@@ -0,0 +1,394 @@ ++// SPDX-License-Identifier: GPL-2.0+ ++/* ++ * Functional tests for UCLASS_FFA class ++ * ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi ++ */ ++ ++#include ++#include ++#include ++#include ++#include "../../drivers/firmware/arm-ffa/sandbox_arm_ffa_prv.h" ++#include ++#include ++#include ++ ++/* Macros */ ++ ++#define LOG_MSG_SZ (100) ++#define LOG_CMD_SZ (LOG_MSG_SZ * 2) ++ ++/* Functional tests for the UCLASS_FFA */ ++ ++static int dm_test_ffa_log(struct unit_test_state *uts, char *msg) ++{ ++ char cmd[LOG_CMD_SZ] = {0}; ++ ++ console_record_reset(); ++ ++ snprintf(cmd, LOG_CMD_SZ, "echo \"%s\"", msg); ++ run_command(cmd, 0); ++ ++ ut_assert_console_end(); ++ ++ return CMD_RET_SUCCESS; ++} ++ ++static int check_fwk_version(struct ffa_prvdata *prvdata, struct sandbox_ffa_prvdata *sdx_prvdata, ++ struct unit_test_state *uts) ++{ ++ if (prvdata->fwk_version != sdx_prvdata->fwk_version) { ++ char msg[LOG_MSG_SZ] = {0}; ++ ++ snprintf(msg, LOG_MSG_SZ, ++ "[%s]: Error: framework version: core = 0x%x , sandbox = 0x%x", __func__, ++ prvdata->fwk_version, ++ sdx_prvdata->fwk_version); ++ ++ dm_test_ffa_log(uts, msg); ++ return CMD_RET_FAILURE; ++ } ++ return CMD_RET_SUCCESS; ++} ++ ++static int check_endpoint_id(struct ffa_prvdata *prvdata, struct unit_test_state *uts) ++{ ++ if (prvdata->id) { ++ char msg[LOG_MSG_SZ] = {0}; ++ ++ snprintf(msg, LOG_MSG_SZ, ++ "[%s]: Error: endpoint id: core = 0x%x", __func__, prvdata->id); ++ dm_test_ffa_log(uts, msg); ++ return CMD_RET_FAILURE; ++ } ++ return CMD_RET_SUCCESS; ++} ++ ++static int check_core_dev(struct ffa_prvdata *prvdata, struct unit_test_state *uts) ++{ ++ if (!prvdata->dev) { ++ char msg[LOG_MSG_SZ] = {0}; ++ ++ snprintf(msg, LOG_MSG_SZ, "[%s]: Error: core device NULL", __func__); ++ dm_test_ffa_log(uts, msg); ++ return CMD_RET_FAILURE; ++ } ++ return CMD_RET_SUCCESS; ++} ++ ++static int check_sandbox_dev(struct sandbox_ffa_prvdata *sdx_prvdata, struct unit_test_state *uts) ++{ ++ if (!sdx_prvdata->dev) { ++ char msg[LOG_MSG_SZ] = {0}; ++ ++ snprintf(msg, LOG_MSG_SZ, "[%s]: Error: sandbox device NULL", __func__); ++ dm_test_ffa_log(uts, msg); ++ return CMD_RET_FAILURE; ++ } ++ return CMD_RET_SUCCESS; ++} ++ ++static int check_rxtxbuf(struct ffa_prvdata *prvdata, struct unit_test_state *uts) ++{ ++ if (!prvdata->pair.rxbuf && prvdata->pair.txbuf) { ++ char msg[LOG_MSG_SZ] = {0}; ++ ++ snprintf(msg, LOG_MSG_SZ, "[%s]: Error: rxbuf = 0x%llx txbuf = 0x%llx", __func__, ++ prvdata->pair.rxbuf, ++ prvdata->pair.txbuf); ++ dm_test_ffa_log(uts, msg); ++ return CMD_RET_FAILURE; ++ } ++ return CMD_RET_SUCCESS; ++} ++ ++static int check_features(struct ffa_prvdata *prvdata, struct unit_test_state *uts) ++{ ++ char msg[LOG_MSG_SZ] = {0}; ++ ++ if (prvdata->pair.rxtx_min_pages != RXTX_4K && ++ prvdata->pair.rxtx_min_pages != RXTX_16K && ++ prvdata->pair.rxtx_min_pages != RXTX_64K) { ++ snprintf(msg, ++ LOG_MSG_SZ, ++ "[%s]: Error: FFA_RXTX_MAP features = 0x%lx", ++ __func__, ++ prvdata->pair.rxtx_min_pages); ++ dm_test_ffa_log(uts, msg); ++ return CMD_RET_FAILURE; ++ } ++ ++ return CMD_RET_SUCCESS; ++} ++ ++static int check_rxbuf_mapped_flag(u32 queried_func_id, ++ u8 rxbuf_mapped, ++ struct unit_test_state *uts) ++{ ++ char msg[LOG_MSG_SZ] = {0}; ++ ++ switch (queried_func_id) { ++ case FFA_RXTX_MAP: ++ { ++ if (rxbuf_mapped) ++ return CMD_RET_SUCCESS; ++ break; ++ } ++ case FFA_RXTX_UNMAP: ++ { ++ if (!rxbuf_mapped) ++ return CMD_RET_SUCCESS; ++ break; ++ } ++ default: ++ return CMD_RET_FAILURE; ++ } ++ ++ snprintf(msg, LOG_MSG_SZ, "[%s]: Error: %s mapping issue", __func__, ++ (queried_func_id == FFA_RXTX_MAP ? "FFA_RXTX_MAP" : "FFA_RXTX_UNMAP")); ++ dm_test_ffa_log(uts, msg); ++ ++ return CMD_RET_FAILURE; ++} ++ ++static int check_rxbuf_release_flag(u8 rxbuf_owned, struct unit_test_state *uts) ++{ ++ if (rxbuf_owned) { ++ char msg[LOG_MSG_SZ] = {0}; ++ ++ snprintf(msg, LOG_MSG_SZ, "[%s]: Error: RX buffer not released", __func__); ++ dm_test_ffa_log(uts, msg); ++ return CMD_RET_FAILURE; ++ } ++ return CMD_RET_SUCCESS; ++} ++ ++static int test_ffa_msg_send_direct_req(u16 part_id, struct unit_test_state *uts) ++{ ++ struct ffa_send_direct_data msg = {0}; ++ u8 cnt; ++ ++ ut_assertok(ffa_bus_ops_get()->sync_send_receive(part_id, &msg)); ++ ++ for (cnt = 0; cnt < sizeof(struct ffa_send_direct_data) / sizeof(u64); cnt++) ++ ut_assertok(((u64 *)&msg)[cnt] != 0xffffffffffffffff); ++ ++ return CMD_RET_SUCCESS; ++} ++ ++static int test_partitions_and_comms(const char *service_uuid, ++ struct sandbox_ffa_prvdata *sdx_prvdata, ++ struct unit_test_state *uts) ++{ ++ u32 count = 0, size = 0; ++ struct ffa_partition_info *parts_info; ++ u32 info_idx, exp_info_idx; ++ int ret; ++ ++ /* ++ * get from the driver the count of the SPs matching the UUID ++ */ ++ ret = ffa_bus_ops_get()->partition_info_get(service_uuid, &count, NULL); ++ /* make sure partitions are detected */ ++ ut_assertok(ret != 0); ++ ut_assertok(count != SANDBOX_SP_COUNT_PER_VALID_SERVICE); ++ ++ /* ++ * pre-allocate a buffer to be filled by the driver ++ * with ffa_partition_info structs ++ */ ++ ++ parts_info = calloc(count, sizeof(struct ffa_partition_info)); ++ ut_assertok(!parts_info); ++ ++ size = count * sizeof(struct ffa_partition_info); ++ ++ /* ++ * ask the driver to fill the buffer with the SPs info ++ */ ++ ret = ffa_bus_ops_get()->partition_info_get(service_uuid, &size, parts_info); ++ if (ret != 0) { ++ free(parts_info); ++ ut_assertok(ret != 0); ++ } ++ ++ /* ++ * SPs found , verify the partitions information ++ */ ++ ++ ret = CMD_RET_FAILURE; ++ ++ for (info_idx = 0; info_idx < count ; info_idx++) { ++ for (exp_info_idx = 0; ++ exp_info_idx < sdx_prvdata->partitions.count; ++ exp_info_idx++) { ++ if (parts_info[info_idx].id == ++ sdx_prvdata->partitions.descs[exp_info_idx].info.id) { ++ ret = memcmp(&parts_info[info_idx], ++ &sdx_prvdata->partitions.descs[exp_info_idx] ++ .info, ++ sizeof(struct ffa_partition_info)); ++ if (ret) ++ free(parts_info); ++ ut_assertok(ret != 0); ++ /* send and receive data from the current partition */ ++ test_ffa_msg_send_direct_req(parts_info[info_idx].id, uts); ++ } ++ ret = CMD_RET_SUCCESS; ++ } ++ } ++ ++ free(parts_info); ++ ++ /* Verify expected partitions found in the emulated secure world*/ ++ ut_assertok(ret != CMD_RET_SUCCESS); ++ ++ return CMD_RET_SUCCESS; ++} ++ ++static int dm_test_ffa_ack(struct unit_test_state *uts) ++{ ++ struct ffa_prvdata *prvdata = NULL; ++ struct sandbox_ffa_prvdata *sdx_prvdata = NULL; ++ struct ffa_sandbox_data func_data = {0}; ++ u8 rxbuf_flag = 0; ++ const char *svc1_uuid = SANDBOX_SERVICE1_UUID; ++ const char *svc2_uuid = SANDBOX_SERVICE2_UUID; ++ int ret; ++ ++ /* test probing FF-A devices */ ++ ut_assertok(ffa_bus_discover()); ++ ++ /* get a pointer to the FF-A core and sandbox drivers private data */ ++ func_data.data0 = &prvdata; ++ func_data.data0_size = sizeof(prvdata); ++ func_data.data1 = &sdx_prvdata; ++ func_data.data1_size = sizeof(sdx_prvdata); ++ ++ ut_assertok(sandbox_ffa_query_core_state(FFA_VERSION, &func_data)); ++ ++ /* make sure private data pointers are retrieved */ ++ ut_assertok(prvdata == 0); ++ ut_assertok(sdx_prvdata == 0); ++ ++ /* make sure dev devices created */ ++ ut_assertok(check_core_dev(prvdata, uts)); ++ ut_assertok(check_sandbox_dev(sdx_prvdata, uts)); ++ ++ /* test FFA_VERSION */ ++ ut_assertok(check_fwk_version(prvdata, sdx_prvdata, uts)); ++ ++ /* test FFA_ID_GET */ ++ ut_assertok(check_endpoint_id(prvdata, uts)); ++ ++ /* test FFA_FEATURES */ ++ ut_assertok(check_features(prvdata, uts)); ++ ++ /* test core RX/TX buffers */ ++ ut_assertok(check_rxtxbuf(prvdata, uts)); ++ ++ /* test FFA_RXTX_MAP */ ++ func_data.data0 = &rxbuf_flag; ++ func_data.data0_size = sizeof(rxbuf_flag); ++ ++ rxbuf_flag = 0; ++ ut_assertok(sandbox_ffa_query_core_state(FFA_RXTX_MAP, &func_data)); ++ ut_assertok(check_rxbuf_mapped_flag(FFA_RXTX_MAP, rxbuf_flag, uts)); ++ ++ /* FFA_PARTITION_INFO_GET / FFA_MSG_SEND_DIRECT_REQ */ ++ ret = test_partitions_and_comms(svc1_uuid, sdx_prvdata, uts); ++ ut_assertok(ret != CMD_RET_SUCCESS); ++ ++ /* test FFA_RX_RELEASE */ ++ rxbuf_flag = 1; ++ ut_assertok(sandbox_ffa_query_core_state(FFA_RX_RELEASE, &func_data)); ++ ut_assertok(check_rxbuf_release_flag(rxbuf_flag, uts)); ++ ++ /* FFA_PARTITION_INFO_GET / FFA_MSG_SEND_DIRECT_REQ */ ++ ret = test_partitions_and_comms(svc2_uuid, sdx_prvdata, uts); ++ ut_assertok(ret != CMD_RET_SUCCESS); ++ ++ /* test FFA_RX_RELEASE */ ++ rxbuf_flag = 1; ++ ut_assertok(sandbox_ffa_query_core_state(FFA_RX_RELEASE, &func_data)); ++ ut_assertok(check_rxbuf_release_flag(rxbuf_flag, uts)); ++ ++ /* test FFA_RXTX_UNMAP */ ++ ut_assertok(ffa_bus_ops_get()->rxtx_unmap()); ++ ++ rxbuf_flag = 1; ++ ut_assertok(sandbox_ffa_query_core_state(FFA_RXTX_UNMAP, &func_data)); ++ ut_assertok(check_rxbuf_mapped_flag(FFA_RXTX_UNMAP, rxbuf_flag, uts)); ++ ++ return CMD_RET_SUCCESS; ++} ++ ++DM_TEST(dm_test_ffa_ack, UT_TESTF_SCAN_FDT | UT_TESTF_CONSOLE_REC); ++ ++static int dm_test_ffa_nack(struct unit_test_state *uts) ++{ ++ struct ffa_prvdata *prvdata = NULL; ++ struct sandbox_ffa_prvdata *sdx_prvdata = NULL; ++ struct ffa_sandbox_data func_data = {0}; ++ const char *valid_svc_uuid = SANDBOX_SERVICE1_UUID; ++ const char *unvalid_svc_uuid = SANDBOX_SERVICE3_UUID; ++ const char *unvalid_svc_uuid_str = SANDBOX_SERVICE4_UUID; ++ struct ffa_send_direct_data msg = {0}; ++ int ret; ++ u32 count = 0; ++ u16 part_id = 0; ++ ++ /* test probing FF-A devices */ ++ ut_assertok(ffa_bus_discover()); ++ ++ /* get a pointer to the FF-A core and sandbox drivers private data */ ++ func_data.data0 = &prvdata; ++ func_data.data0_size = sizeof(prvdata); ++ func_data.data1 = &sdx_prvdata; ++ func_data.data1_size = sizeof(sdx_prvdata); ++ ++ ut_assertok(sandbox_ffa_query_core_state(FFA_VERSION, &func_data)); ++ ++ /* make sure private data pointers are retrieved */ ++ ut_assertok(prvdata == 0); ++ ut_assertok(sdx_prvdata == 0); ++ ++ /* make sure dev devices created */ ++ ut_assertok(check_core_dev(prvdata, uts)); ++ ut_assertok(check_sandbox_dev(sdx_prvdata, uts)); ++ ++ /* query partitions count using invalid arguments */ ++ ret = ffa_bus_ops_get()->partition_info_get(unvalid_svc_uuid, NULL, NULL); ++ ut_assertok(ret != -EINVAL); ++ ++ /* query partitions count using an invalid UUID string */ ++ ret = ffa_bus_ops_get()->partition_info_get(unvalid_svc_uuid_str, &count, NULL); ++ ut_assertok(ret != -EINVAL); ++ ++ /* query partitions count using an invalid UUID (no matching SP) */ ++ count = 0; ++ ret = ffa_bus_ops_get()->partition_info_get(unvalid_svc_uuid, &count, NULL); ++ ut_assertok(count != 0); ++ ++ /* query partitions count using a valid UUID */ ++ count = 0; ++ ret = ffa_bus_ops_get()->partition_info_get(valid_svc_uuid, &count, NULL); ++ /* make sure partitions are detected */ ++ ut_assertok(ret != 0); ++ ut_assertok(count != SANDBOX_SP_COUNT_PER_VALID_SERVICE); ++ ++ /* send data to an invalid partition */ ++ ret = ffa_bus_ops_get()->sync_send_receive(part_id, &msg); ++ ut_assertok(ret != -EINVAL); ++ ++ /* send data to a valid partition */ ++ part_id = prvdata->partitions.descs[0].info.id; ++ ret = ffa_bus_ops_get()->sync_send_receive(part_id, &msg); ++ ut_assertok(ret != 0); ++ ++ return CMD_RET_SUCCESS; ++} ++ ++DM_TEST(dm_test_ffa_nack, UT_TESTF_SCAN_FDT | UT_TESTF_CONSOLE_REC); +-- +2.17.1 + diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-arm_ffa-introduce-armffa-command-Sandbox-test.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-arm_ffa-introduce-armffa-command-Sandbox-test.patch new file mode 100644 index 00000000..9722677c --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-arm_ffa-introduce-armffa-command-Sandbox-test.patch @@ -0,0 +1,94 @@ +From 5be8c1d52045cbdc1adf79299792a6a49fef66c3 Mon Sep 17 00:00:00 2001 +From: Abdellatif El Khlifi +Date: Mon, 6 Jun 2022 17:30:44 +0100 +Subject: [PATCH 13/26] arm_ffa: introduce armffa command Sandbox test + +Add Sandbox test for the armffa command + +Signed-off-by: Abdellatif El Khlifi +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/] +--- + +Changelog: +=============== + +v4: drop use of helper APIs + +v1: introduce armffa command sandbox test + + MAINTAINERS | 1 + + test/cmd/Makefile | 1 + + test/cmd/armffa.c | 40 ++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 42 insertions(+) + create mode 100644 test/cmd/armffa.c + +diff --git a/MAINTAINERS b/MAINTAINERS +index e5b71b0ade..505fffff14 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -252,6 +252,7 @@ F: doc/README.ffa.drv + F: drivers/firmware/arm-ffa/ + F: include/arm_ffa.h + F: include/sandbox_arm_ffa.h ++F: test/cmd/armffa.c + F: test/dm/ffa.c + + ARM FREESCALE IMX +diff --git a/test/cmd/Makefile b/test/cmd/Makefile +index a59adb1e6d..d9dc0809d6 100644 +--- a/test/cmd/Makefile ++++ b/test/cmd/Makefile +@@ -11,3 +11,4 @@ obj-$(CONFIG_CMD_MEM_SEARCH) += mem_search.o + obj-$(CONFIG_CMD_PINMUX) += pinmux.o + obj-$(CONFIG_CMD_PWM) += pwm.o + obj-$(CONFIG_CMD_SETEXPR) += setexpr.o ++obj-$(CONFIG_SANDBOX_FFA) += armffa.o +diff --git a/test/cmd/armffa.c b/test/cmd/armffa.c +new file mode 100644 +index 0000000000..531f82066e +--- /dev/null ++++ b/test/cmd/armffa.c +@@ -0,0 +1,40 @@ ++// SPDX-License-Identifier: GPL-2.0+ ++/* ++ * Test for armffa command ++ * ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#define PING_CMD_SIZE 19 ++ ++/* Basic test of 'armffa' command */ ++static int dm_test_armffa_cmd(struct unit_test_state *uts) ++{ ++ char ping_cmd[PING_CMD_SIZE] = {0}; ++ ++ ut_assertok(ffa_bus_discover()); ++ ++ /* armffa getpart */ ++ ut_assertok(run_command("armffa getpart " SANDBOX_SERVICE1_UUID, 0)); ++ ++ snprintf(ping_cmd, PING_CMD_SIZE, "armffa ping 0x%x", SANDBOX_SP1_ID); ++ ++ /* armffa ping */ ++ ut_assertok(run_command(ping_cmd, 0)); ++ ++ /* armffa devlist */ ++ ut_assertok(run_command("armffa devlist", 0)); ++ ++ return CMD_RET_SUCCESS; ++} ++ ++DM_TEST(dm_test_armffa_cmd, UT_TESTF_SCAN_FDT | UT_TESTF_CONSOLE_REC); +-- +2.17.1 + diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-corstone1000-Make-sure-shared-buffer-contents-are-no.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-corstone1000-Make-sure-shared-buffer-contents-are-no.patch deleted file mode 100644 index 2caeb58b..00000000 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-corstone1000-Make-sure-shared-buffer-contents-are-no.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 370422921b2a3f4f7b73ce5b08820c24e82bba19 Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar -Date: Thu, 18 Nov 2021 16:42:59 +0000 -Subject: [PATCH 13/24] corstone1000: Make sure shared buffer contents are not - cached - -After updating the shared buffer, it is required to flush the cache -to ensure that the secure world sees expected the shared buffer -contents. - -The MM communication shared buffer is configured in device region of optee -which has cache disabled. So we need to invalidate the cache every time we -update the buffer on uboot otherwise the secure world does not see the -accurate values. - -Signed-off-by: Gowtham Suresh Kumar -%% original patch: 0027-Make-sure-shared-buffer-contents-are-not-cached.patch - -%% original patch: 0027-Make-sure-shared-buffer-contents-are-not-cached.patch - -Signed-off-by: Rui Miguel Silva ---- - lib/efi_loader/efi_variable_tee.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c -index 9cb8cfb9c779..b6be2b54a030 100644 ---- a/lib/efi_loader/efi_variable_tee.c -+++ b/lib/efi_loader/efi_variable_tee.c -@@ -22,6 +22,7 @@ - #if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) - - #include -+#include - #include - - /* MM return codes */ -@@ -335,6 +336,11 @@ static efi_status_t __efi_runtime ffa_mm_communicate(void *comm_buf, ulong comm_ - virt_shared_buf = (void *)map_sysmem((phys_addr_t)FFA_SHARED_MM_BUFFER_ADDR, 0); - efi_memcpy_runtime(virt_shared_buf, comm_buf, tx_data_size); - -+ /* The secure world has cache disabled for device region which we use for shared buffer -+ So, the secure world reads the data from DDR. Let's flush the cache so the DDR is -+ updated with the latest data */ -+ invalidate_dcache_all(); -+ - /* Announce there is data in the shared buffer */ - - ffa_ret = ffa_notify_mm_sp(); --- -2.37.1 - diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-arm_ffa-introduce-FF-A-MM-communication.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-arm_ffa-introduce-FF-A-MM-communication.patch new file mode 100644 index 00000000..04e55576 --- /dev/null +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-arm_ffa-introduce-FF-A-MM-communication.patch @@ -0,0 +1,540 @@ +From b3c7d84dcde6ee1cbc13e10664d24ffa220f5fb3 Mon Sep 17 00:00:00 2001 +From: Abdellatif El Khlifi +Date: Mon, 15 Aug 2022 15:12:49 +0100 +Subject: [PATCH 14/26] arm_ffa: introduce FF-A MM communication + +Add MM communication support using FF-A transport + +Access an SP's service through EFI MM communication protocol. + +This feature allows accessing MM partitions services through +EFI MM communication protocol. MM partitions such as StandAlonneMM +or smm-gateway secure partitions which reside in secure world. + +An MM shared buffer and a door bell event are used to exchange +the data. + +The data is used by EFI services such as GetVariable()/SetVariable() +and copied from the communication buffer to the MM shared buffer. + +The secure partition is notified about availability of data in the +MM shared buffer by an FF-A message (door bell). + +On such event, MM SP can read the data and updates the MM shared +buffer with the response data. + +The response data is copied back to the communication buffer and +consumed by the EFI subsystem. + +FF-A driver private data is copied to EFI runtime section at +ExitBootServices(). This garantees secure world partitions data are +available at EFI runtime level. + +Signed-off-by: Abdellatif El Khlifi +Signed-off-by: Gowtham Suresh Kumar +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/] +--- + +Changelog: +=============== + +v4: + +* use the new FF-A driver interfaces +* discover MM partitions at runtime +* copy FF-A driver private data to EFI runtime section at + ExitBootServices() +* drop use of FFA_ERR_STAT_SUCCESS error code +* replace EFI_BUFFER_TOO_SMALL by EFI_OUT_OF_RESOURCES + in ffa_mm_communicate(). No need for efi_memcpy_runtime() anymore +* revert the error log in mm_communicate() in case of failure +* remove packed attribute from efi_mm_communicate_header and + smm_variable_communicate_header + +v2: + +* set default values to 0 for FFA_SHARED_MM_BUFFER_SIZE, FFA_SHARED_MM_BUFFER_ADDR and MM_SP_UUID_DATA and add warnings + +v1: + +* introduce FF-A MM communication + + arch/arm/cpu/armv8/cache.S | 16 ++ + arch/arm/cpu/armv8/cache_v8.c | 3 +- + include/mm_communication.h | 7 +- + lib/efi_loader/Kconfig | 14 +- + lib/efi_loader/efi_boottime.c | 7 + + lib/efi_loader/efi_variable_tee.c | 261 +++++++++++++++++++++++++++++- + 6 files changed, 299 insertions(+), 9 deletions(-) + +diff --git a/arch/arm/cpu/armv8/cache.S b/arch/arm/cpu/armv8/cache.S +index d1cee23437..f69ef64ed6 100644 +--- a/arch/arm/cpu/armv8/cache.S ++++ b/arch/arm/cpu/armv8/cache.S +@@ -21,7 +21,11 @@ + * x1: 0 clean & invalidate, 1 invalidate only + * x2~x9: clobbered + */ ++#ifdef CONFIG_EFI_LOADER ++.pushsection .text.efi_runtime, "ax" ++#else + .pushsection .text.__asm_dcache_level, "ax" ++#endif + ENTRY(__asm_dcache_level) + lsl x12, x0, #1 + msr csselr_el1, x12 /* select cache level */ +@@ -65,7 +69,11 @@ ENDPROC(__asm_dcache_level) + * + * flush or invalidate all data cache by SET/WAY. + */ ++#ifdef CONFIG_EFI_LOADER ++.pushsection .text.efi_runtime, "ax" ++#else + .pushsection .text.__asm_dcache_all, "ax" ++#endif + ENTRY(__asm_dcache_all) + mov x1, x0 + dsb sy +@@ -109,7 +117,11 @@ ENTRY(__asm_flush_dcache_all) + ENDPROC(__asm_flush_dcache_all) + .popsection + ++#ifdef CONFIG_EFI_LOADER ++.pushsection .text.efi_runtime, "ax" ++#else + .pushsection .text.__asm_invalidate_dcache_all, "ax" ++#endif + ENTRY(__asm_invalidate_dcache_all) + mov x0, #0x1 + b __asm_dcache_all +@@ -182,7 +194,11 @@ ENTRY(__asm_invalidate_icache_all) + ENDPROC(__asm_invalidate_icache_all) + .popsection + ++#ifdef CONFIG_EFI_LOADER ++.pushsection .text.efi_runtime, "ax" ++#else + .pushsection .text.__asm_invalidate_l3_dcache, "ax" ++#endif + WEAK(__asm_invalidate_l3_dcache) + mov x0, #0 /* return status as success */ + ret +diff --git a/arch/arm/cpu/armv8/cache_v8.c b/arch/arm/cpu/armv8/cache_v8.c +index e4736e5643..afbc487fa1 100644 +--- a/arch/arm/cpu/armv8/cache_v8.c ++++ b/arch/arm/cpu/armv8/cache_v8.c +@@ -9,6 +9,7 @@ + + #include + #include ++#include + #include + #include + #include +@@ -445,7 +446,7 @@ __weak void mmu_setup(void) + /* + * Performs a invalidation of the entire data cache at all levels + */ +-void invalidate_dcache_all(void) ++void __efi_runtime invalidate_dcache_all(void) + { + __asm_invalidate_dcache_all(); + __asm_invalidate_l3_dcache(); +diff --git a/include/mm_communication.h b/include/mm_communication.h +index e65fbde60d..32dc5dbac8 100644 +--- a/include/mm_communication.h ++++ b/include/mm_communication.h +@@ -13,6 +13,9 @@ + + #include + ++/* MM service UUID string (big-endian format). This UUID is common across all MM SPs */ ++#define MM_SP_UUID "33d532ed-e699-0942-c09c-a798d9cd722d" ++ + /* + * Interface to the pseudo Trusted Application (TA), which provides a + * communication channel with the Standalone MM (Management Mode) +@@ -43,7 +46,7 @@ + * To avoid confusion in interpreting frames, the communication buffer should + * always begin with efi_mm_communicate_header. + */ +-struct __packed efi_mm_communicate_header { ++struct efi_mm_communicate_header { + efi_guid_t header_guid; + size_t message_len; + u8 data[]; +@@ -145,7 +148,7 @@ struct smm_variable_communicate_header { + * Defined in EDK2 as SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE. + * + */ +-struct smm_variable_access { ++struct __packed smm_variable_access { + efi_guid_t guid; + efi_uintn_t data_size; + efi_uintn_t name_size; +diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig +index e3f2402d0e..2a6d70f862 100644 +--- a/lib/efi_loader/Kconfig ++++ b/lib/efi_loader/Kconfig +@@ -60,13 +60,23 @@ config EFI_VARIABLE_FILE_STORE + stored as file /ubootefi.var on the EFI system partition. + + config EFI_MM_COMM_TEE +- bool "UEFI variables storage service via OP-TEE" +- depends on OPTEE ++ bool "UEFI variables storage service via the trusted world" ++ depends on OPTEE || ARM_FFA_TRANSPORT + help ++ Allowing access to the MM SP services (SPs such as StandAlonneMM, smm-gateway). ++ When using the u-boot OP-TEE driver, StandAlonneMM is supported. ++ When using the u-boot FF-A driver any MM SP is supported. ++ + If OP-TEE is present and running StandAloneMM, dispatch all UEFI + variable related operations to that. The application will verify, + authenticate and store the variables on an RPMB. + ++ When ARM_FFA_TRANSPORT is used, dispatch all UEFI variable related ++ operations to the MM SP running in the secure world. ++ A door bell mechanism is used to notify the SP when there is data in the shared ++ MM buffer. The data is copied by u-boot to the shared buffer before issuing ++ the door bell event. ++ + config EFI_VARIABLE_NO_STORE + bool "Don't persist non-volatile UEFI variables" + help +diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c +index 8fa9a58d76..cede7826bd 100644 +--- a/lib/efi_loader/efi_boottime.c ++++ b/lib/efi_loader/efi_boottime.c +@@ -2185,6 +2185,13 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, + debug("[efi_boottime][INFO]: FF-A RX/TX buffers unmapped\n"); + #endif + ++#if CONFIG_IS_ENABLED(ARM_FFA_EFI_RUNTIME_MODE) && !CONFIG_IS_ENABLED(SANDBOX_FFA) ++ if (ffa_copy_runtime_data()) ++ printf("ERROR: EFI: FFA: copying runtime data\n"); ++ else ++ printf("INFO: EFI: FFA: runtime data copied\n"); ++#endif ++ + /* Patch out unsupported runtime function */ + efi_runtime_detach(); + +diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c +index dfef18435d..7d9d577281 100644 +--- a/lib/efi_loader/efi_variable_tee.c ++++ b/lib/efi_loader/efi_variable_tee.c +@@ -15,6 +15,36 @@ + #include + #include + ++#if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) ++ ++#include ++#include ++#include ++ ++#ifndef FFA_SHARED_MM_BUFFER_SIZE ++#warning "FFA_SHARED_MM_BUFFER_SIZE must be defined in include/configs/.h" ++#define FFA_SHARED_MM_BUFFER_SIZE 0 ++#endif ++ ++#ifndef FFA_SHARED_MM_BUFFER_OFFSET ++#warning "FFA_SHARED_MM_BUFFER_OFFSET must be defined in include/configs/.h" ++#define FFA_SHARED_MM_BUFFER_OFFSET 0 ++#endif ++ ++#ifndef FFA_SHARED_MM_BUFFER_ADDR ++#warning "FFA_SHARED_MM_BUFFER_ADDR must be defined in include/configs/.h" ++#define FFA_SHARED_MM_BUFFER_ADDR 0 ++#endif ++ ++/* MM return codes */ ++#define MM_SUCCESS (0) ++ ++const char *mm_sp_svc_uuid = MM_SP_UUID; ++ ++static __efi_runtime_data u16 mm_sp_id; ++ ++#endif ++ + extern struct efi_var_file __efi_runtime_data *efi_var_buf; + static efi_uintn_t max_buffer_size; /* comm + var + func + data */ + static efi_uintn_t max_payload_size; /* func + data */ +@@ -24,6 +54,7 @@ struct mm_connection { + u32 session; + }; + ++#if (IS_ENABLED(CONFIG_OPTEE)) + /** + * get_connection() - Retrieve OP-TEE session for a specific UUID. + * +@@ -143,16 +174,227 @@ static efi_status_t optee_mm_communicate(void *comm_buf, ulong dsize) + + return ret; + } ++#endif ++ ++#if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) + + /** +- * mm_communicate() - Adjust the cmonnucation buffer to StandAlonneMM and send ++ * ffa_notify_mm_sp() - Announce there is data in the shared buffer ++ * ++ * Notifies the MM partition in the trusted world that ++ * data is available in the shared buffer. ++ * This is a blocking call during which trusted world has exclusive access ++ * to the MM shared buffer. ++ * ++ * Return: ++ * ++ * 0 on success ++ */ ++static int __efi_runtime ffa_notify_mm_sp(void) ++{ ++ struct ffa_send_direct_data msg = {0}; ++ int ret; ++ int sp_event_ret = -1; ++ ++ if (!ffa_bus_ops_get()) ++ return -EINVAL; ++ ++ msg.data0 = FFA_SHARED_MM_BUFFER_OFFSET; /* x3 */ ++ ++ ret = ffa_bus_ops_get()->sync_send_receive(mm_sp_id, &msg); ++ if (ret != 0) ++ return ret; ++ ++ sp_event_ret = msg.data0; /* x3 */ ++ ++ if (sp_event_ret == MM_SUCCESS) ++ return 0; ++ ++ /* ++ * Failure to notify the MM SP ++ */ ++ ++ return -EACCES; ++} ++ ++/** ++ * ffa_discover_mm_sp_id() - Query the MM partition ID ++ * ++ * Use the FF-A driver to get the MM partition ID. ++ * If multiple partitions are found, use the first one. ++ * This is a boot time function. ++ * ++ * Return: ++ * ++ * 0 on success ++ */ ++static int ffa_discover_mm_sp_id(void) ++{ ++ u32 count = 0, size = 0; ++ int ret; ++ struct ffa_partition_info *parts_info; ++ ++ if (!ffa_bus_ops_get()) ++ return -EINVAL; ++ ++ /* ++ * get from the driver the count of the SPs matching the UUID ++ */ ++ ret = ffa_bus_ops_get()->partition_info_get(mm_sp_svc_uuid, &count, NULL); ++ if (ret != 0) { ++ log_err("EFI: Failure in querying partitions count (error code: %d)\n", ret); ++ return ret; ++ } ++ ++ if (!count) { ++ log_info("EFI: No MM partition found\n"); ++ return ret; ++ } ++ ++ /* ++ * pre-allocate a buffer to be filled by the driver ++ * with ffa_partition_info structs ++ */ ++ ++ log_info("EFI: Pre-allocating %d partition(s) info structures\n", count); ++ ++ parts_info = calloc(count, sizeof(struct ffa_partition_info)); ++ if (!parts_info) ++ return -EINVAL; ++ ++ size = count * sizeof(struct ffa_partition_info); ++ ++ /* ++ * ask the driver to fill the ++ * buffer with the SPs info ++ */ ++ ret = ffa_bus_ops_get()->partition_info_get(mm_sp_svc_uuid, &size, parts_info); ++ if (ret != 0) { ++ log_err("EFI: Failure in querying partition(s) info (error code: %d)\n", ret); ++ free(parts_info); ++ return ret; ++ } ++ ++ /* ++ * MM SPs found , use the first one ++ */ ++ ++ mm_sp_id = parts_info[0].id; ++ ++ log_info("EFI: MM partition ID 0x%x\n", mm_sp_id); ++ ++ free(parts_info); ++ ++ return 0; ++} ++ ++/** ++ * ffa_mm_communicate() - Exchange EFI services data with the MM partition using FF-A ++ * @comm_buf: locally allocated communication buffer used for rx/tx ++ * @dsize: communication buffer size ++ * ++ * Issues a door bell event to notify the MM partition (SP) running in OP-TEE ++ * that there is data to read from the shared buffer. ++ * Communication with the MM SP is performed using FF-A transport. ++ * On the event, MM SP can read the data from the buffer and ++ * update the MM shared buffer with response data. ++ * The response data is copied back to the communication buffer. ++ * ++ * Return: ++ * ++ * EFI status code ++ */ ++static efi_status_t __efi_runtime ffa_mm_communicate(void *comm_buf, ulong comm_buf_size) ++{ ++ ulong tx_data_size; ++ int ffa_ret; ++ struct efi_mm_communicate_header *mm_hdr; ++ void *virt_shared_buf; ++ ++ if (!comm_buf) ++ return EFI_INVALID_PARAMETER; ++ ++ /* Discover MM partition ID at boot time */ ++ if (!mm_sp_id && ffa_discover_mm_sp_id() != 0) { ++ log_err("EFI: Failure to discover MM partition ID at boot time\n"); ++ return EFI_UNSUPPORTED; ++ } ++ ++ mm_hdr = (struct efi_mm_communicate_header *)comm_buf; ++ tx_data_size = mm_hdr->message_len + sizeof(efi_guid_t) + sizeof(size_t); ++ ++ if (comm_buf_size != tx_data_size || tx_data_size > FFA_SHARED_MM_BUFFER_SIZE) ++ return EFI_INVALID_PARAMETER; ++ ++ /* Copy the data to the shared buffer */ ++ ++ virt_shared_buf = (void *)map_sysmem((phys_addr_t)FFA_SHARED_MM_BUFFER_ADDR, 0); ++ efi_memcpy_runtime(virt_shared_buf, comm_buf, tx_data_size); ++ ++ /* ++ * The secure world might have cache disabled for ++ * the device region used for shared buffer (which is the case for Optee). ++ * In this case, the secure world reads the data from DRAM. ++ * Let's flush the cache so the DRAM is updated with the latest data. ++ */ ++ #ifdef CONFIG_ARM64 ++ invalidate_dcache_all(); ++ #endif ++ ++ /* Announce there is data in the shared buffer */ ++ ++ ffa_ret = ffa_notify_mm_sp(); ++ if (ffa_ret) ++ unmap_sysmem(virt_shared_buf); ++ ++ switch (ffa_ret) { ++ case 0: ++ { ++ ulong rx_data_size; ++ /* Copy the MM SP response from the shared buffer to the communication buffer */ ++ rx_data_size = ((struct efi_mm_communicate_header *)virt_shared_buf)->message_len + ++ sizeof(efi_guid_t) + ++ sizeof(size_t); ++ ++ if (rx_data_size > comm_buf_size) { ++ unmap_sysmem(virt_shared_buf); ++ return EFI_OUT_OF_RESOURCES; ++ } ++ ++ efi_memcpy_runtime(comm_buf, virt_shared_buf, rx_data_size); ++ unmap_sysmem(virt_shared_buf); ++ ++ return EFI_SUCCESS; ++ } ++ case -EINVAL: ++ return EFI_DEVICE_ERROR; ++ case -EPERM: ++ return EFI_INVALID_PARAMETER; ++ case -EACCES: ++ return EFI_ACCESS_DENIED; ++ case -EBUSY: ++ return EFI_OUT_OF_RESOURCES; ++ default: ++ return EFI_ACCESS_DENIED; ++ } ++} ++#endif ++ ++/** ++ * mm_communicate() - Adjust the communication buffer to the MM SP and send + * it to OP-TEE + * +- * @comm_buf: locally allocted communcation buffer ++ * @comm_buf: locally allocated communication buffer + * @dsize: buffer size ++ * ++ * The MM SP (also called partition) can be StandAlonneMM or smm-gateway. ++ * The comm_buf format is the same for both partitions. ++ * When using the u-boot OP-TEE driver, StandAlonneMM is supported. ++ * When using the u-boot FF-A driver, StandAlonneMM and smm-gateway are supported. ++ * + * Return: status code + */ +-static efi_status_t mm_communicate(u8 *comm_buf, efi_uintn_t dsize) ++static efi_status_t __efi_runtime mm_communicate(u8 *comm_buf, efi_uintn_t dsize) + { + efi_status_t ret; + struct efi_mm_communicate_header *mm_hdr; +@@ -162,7 +404,11 @@ static efi_status_t mm_communicate(u8 *comm_buf, efi_uintn_t dsize) + mm_hdr = (struct efi_mm_communicate_header *)comm_buf; + var_hdr = (struct smm_variable_communicate_header *)mm_hdr->data; + ++ #if (IS_ENABLED(CONFIG_OPTEE)) + ret = optee_mm_communicate(comm_buf, dsize); ++ #elif (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) ++ ret = ffa_mm_communicate(comm_buf, dsize); ++ #endif + if (ret != EFI_SUCCESS) { + log_err("%s failed!\n", __func__); + return ret; +@@ -258,6 +504,13 @@ efi_status_t EFIAPI get_max_payload(efi_uintn_t *size) + goto out; + } + *size = var_payload->size; ++ ++ #if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) ++ if (*size > FFA_SHARED_MM_BUFFER_SIZE) ++ *size = FFA_SHARED_MM_BUFFER_SIZE - MM_COMMUNICATE_HEADER_SIZE - ++ MM_VARIABLE_COMMUNICATE_SIZE; ++ #endif ++ + /* + * There seems to be a bug in EDK2 miscalculating the boundaries and + * size checks, so deduct 2 more bytes to fulfill this requirement. Fix +@@ -697,7 +950,7 @@ void efi_variables_boot_exit_notify(void) + ret = EFI_NOT_FOUND; + + if (ret != EFI_SUCCESS) +- log_err("Unable to notify StMM for ExitBootServices\n"); ++ log_err("Unable to notify the MM partition for ExitBootServices\n"); + free(comm_buf); + + /* +-- +2.17.1 + diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0010-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch similarity index 65% rename from meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0010-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch rename to meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch index 8cab40c2..dcc3ea7a 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0010-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch @@ -1,7 +1,7 @@ -From c0b01dff84d74f1b5aaff0d9b594e0aaec16c744 Mon Sep 17 00:00:00 2001 +From 01d1487cebc37834e2a5d259e0417a610539a0f5 Mon Sep 17 00:00:00 2001 From: Abdellatif El Khlifi -Date: Tue, 2 Nov 2021 16:44:39 +0000 -Subject: [PATCH 10/24] arm_ffa: corstone1000: enable FF-A and MM support +Date: Thu, 9 Jun 2022 12:47:35 +0100 +Subject: [PATCH 15/26] arm_ffa: corstone1000: enable FF-A and MM support This commit allows corstone1000 platform to perform MM communication between u-boot and the secure world @@ -9,38 +9,33 @@ using FF-A transport. Signed-off-by: Abdellatif El Khlifi Signed-off-by: Rui Miguel Silva +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/] --- - configs/corstone1000_defconfig | 1 + - include/configs/corstone1000.h | 15 +++++++++++++++ - 2 files changed, 16 insertions(+) + configs/corstone1000_defconfig | 2 ++ + include/configs/corstone1000.h | 9 +++++++++ + 2 files changed, 11 insertions(+) diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig -index e573fe6fe6a2..b042d4e49419 100644 +index e573fe6fe6..c299dda49f 100644 --- a/configs/corstone1000_defconfig +++ b/configs/corstone1000_defconfig -@@ -44,6 +44,7 @@ CONFIG_USB=y +@@ -44,6 +44,8 @@ CONFIG_USB=y CONFIG_DM_USB=y CONFIG_USB_ISP1760=y CONFIG_USB_STORAGE=y +CONFIG_ARM_FFA_TRANSPORT=y ++CONFIG_ARM_FFA_EFI_RUNTIME_MODE=y CONFIG_EFI_MM_COMM_TEE=y # CONFIG_OPTEE is not set # CONFIG_GENERATE_SMBIOS_TABLE is not set diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h -index 8ba0effb0ab2..afc9ccfc192b 100644 +index 8ba0effb0a..5960c6b4be 100644 --- a/include/configs/corstone1000.h +++ b/include/configs/corstone1000.h -@@ -14,6 +14,21 @@ +@@ -14,6 +14,15 @@ #include -+/* MM SP UUID binary data (little-endian format) */ -+#define MM_SP_UUID_DATA \ -+ 0xed, 0x32, 0xd5, 0x33, \ -+ 0x99, 0xe6, 0x42, 0x09, \ -+ 0x9c, 0xc0, 0x2d, 0x72, \ -+ 0xcd, 0xd9, 0x98, 0xa7 -+ +#define FFA_SHARED_MM_BUFFER_SIZE SZ_4K /* 4 KB */ + +/* @@ -48,10 +43,11 @@ index 8ba0effb0ab2..afc9ccfc192b 100644 + * u-boot and the MM SP + */ +#define FFA_SHARED_MM_BUFFER_ADDR (0x023F8000) ++#define FFA_SHARED_MM_BUFFER_OFFSET (0) + #define CONFIG_SYS_INIT_SP_ADDR (CONFIG_SYS_SDRAM_BASE + 0x03f00000) #define CONFIG_SKIP_LOWLEVEL_INIT -- -2.37.1 +2.17.1 diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-efi-corstone1000-introduce-EFI-capsule-update.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-efi-corstone1000-introduce-EFI-capsule-update.patch similarity index 82% rename from meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-efi-corstone1000-introduce-EFI-capsule-update.patch rename to meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-efi-corstone1000-introduce-EFI-capsule-update.patch index 0a829c41..291d15d3 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-efi-corstone1000-introduce-EFI-capsule-update.patch +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-efi-corstone1000-introduce-EFI-capsule-update.patch @@ -1,7 +1,7 @@ -From 652259af2f795a5d69c628ae7b1e79d33c234abd Mon Sep 17 00:00:00 2001 +From 10e155a677192731481ebe7f302e2d9ad790346a Mon Sep 17 00:00:00 2001 From: Abdellatif El Khlifi -Date: Thu, 11 Nov 2021 16:27:59 +0000 -Subject: [PATCH 11/24] efi: corstone1000: introduce EFI capsule update +Date: Thu, 28 Jul 2022 15:01:55 +0100 +Subject: [PATCH 16/26] efi: corstone1000: introduce EFI capsule update This commit provides capsule update feature for Corstone1000. @@ -20,16 +20,17 @@ SE Proxy FW update service. This event is generated on each boot. Signed-off-by: Abdellatif El Khlifi Signed-off-by: Rui Miguel Silva +Upstream-Status: Pending [Not submitted to upstream yet] --- include/configs/corstone1000.h | 18 +++++ include/efi_loader.h | 4 +- - lib/efi_loader/efi_boottime.c | 47 ++++++++++++ - lib/efi_loader/efi_capsule.c | 135 ++++++++++++++++++++++++++++++++- + lib/efi_loader/efi_boottime.c | 36 ++++++++++ + lib/efi_loader/efi_capsule.c | 124 ++++++++++++++++++++++++++++++++- lib/efi_loader/efi_setup.c | 15 ++++ - 5 files changed, 215 insertions(+), 4 deletions(-) + 5 files changed, 193 insertions(+), 4 deletions(-) diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h -index afc9ccfc192b..a400cdef69d0 100644 +index 5960c6b4be..fe5ec0adcd 100644 --- a/include/configs/corstone1000.h +++ b/include/configs/corstone1000.h @@ -14,6 +14,24 @@ @@ -54,11 +55,11 @@ index afc9ccfc192b..a400cdef69d0 100644 + EFI_GUID(0x3a770ddc, 0x409b, 0x48b2, 0x81, 0x41, \ + 0x93, 0xb7, 0xc6, 0x0b, 0x20, 0x9e) + - /* MM SP UUID binary data (little-endian format) */ - #define MM_SP_UUID_DATA \ - 0xed, 0x32, 0xd5, 0x33, \ + #define FFA_SHARED_MM_BUFFER_SIZE SZ_4K /* 4 KB */ + + /* diff --git a/include/efi_loader.h b/include/efi_loader.h -index 5b41985244e2..796419b69b40 100644 +index 5b41985244..796419b69b 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -984,11 +984,11 @@ extern const struct efi_firmware_management_protocol efi_fmp_fit; @@ -76,10 +77,10 @@ index 5b41985244e2..796419b69b40 100644 efi_uintn_t capsule_count, u64 *maximum_capsule_size, diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c -index c68d9ed4f0bd..f2b5c7834c01 100644 +index cede7826bd..9bf2596597 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c -@@ -2095,6 +2095,44 @@ static void efi_exit_caches(void) +@@ -2095,6 +2095,33 @@ static void efi_exit_caches(void) #endif } @@ -95,28 +96,17 @@ index c68d9ed4f0bd..f2b5c7834c01 100644 + */ +static int efi_corstone1000_kernel_started_event(void) +{ -+ struct ffa_interface_data func_data = {0}; + struct ffa_send_direct_data msg = {0}; -+ u16 part_id = CORSTONE1000_SEPROXY_PART_ID; + + log_debug("[%s]\n", __func__); + + /* -+ * telling the driver which partition to use -+ */ -+ func_data.data0_size = sizeof(part_id); -+ func_data.data0 = &part_id; -+ -+ /* + * setting the kernel started event arguments + */ -+ msg.a3 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID; -+ msg.a5 = CORSTONE1000_KERNEL_STARTED_EVT; ++ msg.data0 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID; /* x3 */ ++ msg.data2 = CORSTONE1000_KERNEL_STARTED_EVT; /* x5 */ + -+ func_data.data1_size = sizeof(msg); -+ func_data.data1 = &msg; -+ -+ return ffa_helper_msg_send_direct_req(&func_data); ++ return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg); +} + +#endif @@ -124,7 +114,7 @@ index c68d9ed4f0bd..f2b5c7834c01 100644 /** * efi_exit_boot_services() - stop all boot services * @image_handle: handle of the loaded image -@@ -2208,6 +2246,15 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, +@@ -2210,6 +2237,15 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, /* Recalculate CRC32 */ efi_update_table_header_crc32(&systab.hdr); @@ -141,7 +131,7 @@ index c68d9ed4f0bd..f2b5c7834c01 100644 efi_set_watchdog(0); WATCHDOG_RESET(); diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c -index a6b98f066a0b..a0689ba912fc 100644 +index a6b98f066a..c0f3427a60 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -25,6 +25,14 @@ @@ -149,7 +139,7 @@ index a6b98f066a0b..a0689ba912fc 100644 #include +#ifdef CONFIG_TARGET_CORSTONE1000 -+#include ++#include +#include + +void *__efi_runtime_data corstone1000_capsule_buf; /* capsule shared buffer virtual address */ @@ -159,7 +149,7 @@ index a6b98f066a0b..a0689ba912fc 100644 DECLARE_GLOBAL_DATA_PTR; const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID; -@@ -512,6 +520,89 @@ static efi_status_t efi_capsule_update_firmware( +@@ -512,6 +520,78 @@ static efi_status_t efi_capsule_update_firmware( } #endif /* CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT */ @@ -220,36 +210,25 @@ index a6b98f066a0b..a0689ba912fc 100644 + */ +static int __efi_runtime efi_corstone1000_buffer_ready_event(u32 capsule_image_size) +{ -+ struct ffa_interface_data func_data = {0}; + struct ffa_send_direct_data msg = {0}; -+ u16 part_id = CORSTONE1000_SEPROXY_PART_ID; + + log_debug("[%s]\n", __func__); + + /* -+ * telling the driver which partition to use -+ */ -+ func_data.data0_size = sizeof(part_id); -+ func_data.data0 = &part_id; -+ -+ /* + * setting the buffer ready event arguments + */ -+ msg.a3 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID; -+ msg.a4 = capsule_image_size; -+ msg.a5 = CORSTONE1000_BUFFER_READY_EVT; -+ -+ func_data.data1_size = sizeof(msg); -+ func_data.data1 = &msg; ++ msg.data0 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID; /* x3 */ ++ msg.data1 = capsule_image_size; /* x4 */ ++ msg.data2 = CORSTONE1000_BUFFER_READY_EVT; /* x5 */ + -+ return ffa_helper_msg_send_direct_req(&func_data); ++ return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg); +} +#endif + /** * efi_update_capsule() - process information from operating system * @capsule_header_array: Array of virtual address pointers -@@ -525,7 +616,7 @@ static efi_status_t efi_capsule_update_firmware( +@@ -525,7 +605,7 @@ static efi_status_t efi_capsule_update_firmware( * * Return: status code */ @@ -258,7 +237,7 @@ index a6b98f066a0b..a0689ba912fc 100644 struct efi_capsule_header **capsule_header_array, efi_uintn_t capsule_count, u64 scatter_gather_list) -@@ -542,6 +633,13 @@ efi_status_t EFIAPI efi_update_capsule( +@@ -542,6 +622,13 @@ efi_status_t EFIAPI efi_update_capsule( goto out; } @@ -272,7 +251,7 @@ index a6b98f066a0b..a0689ba912fc 100644 ret = EFI_SUCCESS; for (i = 0, capsule = *capsule_header_array; i < capsule_count; i++, capsule = *(++capsule_header_array)) { -@@ -554,6 +652,39 @@ efi_status_t EFIAPI efi_update_capsule( +@@ -554,6 +641,39 @@ efi_status_t EFIAPI efi_update_capsule( log_debug("Capsule[%d] (guid:%pUs)\n", i, &capsule->capsule_guid); @@ -312,7 +291,7 @@ index a6b98f066a0b..a0689ba912fc 100644 if (!guidcmp(&capsule->capsule_guid, &efi_guid_firmware_management_capsule_id)) { ret = efi_capsule_update_firmware(capsule); -@@ -592,7 +723,7 @@ out: +@@ -592,7 +712,7 @@ out: * * Return: status code */ @@ -322,7 +301,7 @@ index a6b98f066a0b..a0689ba912fc 100644 efi_uintn_t capsule_count, u64 *maximum_capsule_size, diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c -index 492ecf4cb15c..bfd4687e10b5 100644 +index 492ecf4cb1..bfd4687e10 100644 --- a/lib/efi_loader/efi_setup.c +++ b/lib/efi_loader/efi_setup.c @@ -16,6 +16,13 @@ @@ -355,5 +334,5 @@ index 492ecf4cb15c..bfd4687e10b5 100644 ret = efi_set_variable_int(u"CapsuleMax", &efi_guid_capsule_report, -- -2.37.1 +2.17.1 diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-corstone1000-Update-FFA-shared-buffer-address.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-corstone1000-Update-FFA-shared-buffer-address.patch similarity index 72% rename from meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-corstone1000-Update-FFA-shared-buffer-address.patch rename to meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-corstone1000-Update-FFA-shared-buffer-address.patch index d1e13f68..7f5464c8 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-corstone1000-Update-FFA-shared-buffer-address.patch +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-corstone1000-Update-FFA-shared-buffer-address.patch @@ -1,7 +1,7 @@ -From 1ff229c8e02bdd3c859d581787636cfdf674eec1 Mon Sep 17 00:00:00 2001 +From a84f6be14f1bb31edea987fc02efd5a079a28db1 Mon Sep 17 00:00:00 2001 From: Gowtham Suresh Kumar Date: Wed, 17 Nov 2021 15:28:06 +0000 -Subject: [PATCH 12/24] corstone1000: Update FFA shared buffer address +Subject: [PATCH 17/26] corstone1000: Update FFA shared buffer address FFA shared buffer address changed to 0x02000000. @@ -10,28 +10,25 @@ Optee so the virtual address returned to the SMM gateway is 0x0000. So the buffer is moved to 0x02000000. Signed-off-by: Gowtham Suresh Kumar -%% original patch: 0025-Update-FFA-shared-buffer-address.patch - -%% original patch: 0025-Update-FFA-shared-buffer-address.patch - Signed-off-by: Rui Miguel Silva +Upstream-Status: Pending [Not submitted to upstream yet] --- include/configs/corstone1000.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h -index a400cdef69d0..db0f91335cef 100644 +index fe5ec0adcd..2d89a8966e 100644 --- a/include/configs/corstone1000.h +++ b/include/configs/corstone1000.h -@@ -45,7 +45,7 @@ +@@ -38,7 +38,7 @@ * shared buffer physical address used for communication between * u-boot and the MM SP */ -#define FFA_SHARED_MM_BUFFER_ADDR (0x023F8000) +#define FFA_SHARED_MM_BUFFER_ADDR (0x02000000) + #define FFA_SHARED_MM_BUFFER_OFFSET (0) #define CONFIG_SYS_INIT_SP_ADDR (CONFIG_SYS_SDRAM_BASE + 0x03f00000) - #define CONFIG_SKIP_LOWLEVEL_INIT -- -2.37.1 +2.17.1 diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-arm-corstone1000-fix-unrecognized-filesystem-type.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-arm-corstone1000-fix-unrecognized-filesystem-type.patch similarity index 76% rename from meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-arm-corstone1000-fix-unrecognized-filesystem-type.patch rename to meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-arm-corstone1000-fix-unrecognized-filesystem-type.patch index 31517410..1a28d6ca 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-arm-corstone1000-fix-unrecognized-filesystem-type.patch +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-arm-corstone1000-fix-unrecognized-filesystem-type.patch @@ -1,18 +1,19 @@ -From 340ba3fbb0ea388578e30aede92695886f221eaf Mon Sep 17 00:00:00 2001 +From 3f8d35ccbb0d59d4820b81f7f939ada95b3cd92c Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva Date: Fri, 4 Mar 2022 15:56:09 +0000 -Subject: [PATCH 14/24] arm: corstone1000: fix unrecognized filesystem type +Subject: [PATCH 18/26] arm: corstone1000: fix unrecognized filesystem type Some usb sticks are not recognized by usb, just add a delay before checking status. Signed-off-by: Rui Miguel Silva +Upstream-Status: Pending [Not submitted to upstream yet] --- common/usb_storage.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/common/usb_storage.c b/common/usb_storage.c -index eaa31374ef73..79cf4297d4f4 100644 +index eaa31374ef..79cf4297d4 100644 --- a/common/usb_storage.c +++ b/common/usb_storage.c @@ -784,6 +784,9 @@ static int usb_stor_BBB_transport(struct scsi_cmd *srb, struct us_data *us) @@ -26,5 +27,5 @@ index eaa31374ef73..79cf4297d4f4 100644 result = usb_bulk_msg(us->pusb_dev, pipein, csw, UMASS_BBB_CSW_SIZE, &actlen, USB_CNTL_TIMEOUT*5); -- -2.37.1 +2.17.1 diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-arm_ffa-removing-the-cast-when-using-binary-OR-on-FI.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-arm_ffa-removing-the-cast-when-using-binary-OR-on-FI.patch deleted file mode 100644 index f858a26e..00000000 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-arm_ffa-removing-the-cast-when-using-binary-OR-on-FI.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 460406b46b51b6c585788001147a8961c95cc73c Mon Sep 17 00:00:00 2001 -From: Abdellatif El Khlifi -Date: Sat, 11 Dec 2021 21:05:10 +0000 -Subject: [PATCH 18/24] arm_ffa: removing the cast when using binary OR on - FIELD_PREP macros - -When the GENMASK used is above 16-bits wide a u16 cast will cause -loss of data. - -This commit fixes that. - -Signed-off-by: Abdellatif El Khlifi -Signed-off-by: Rui Miguel Silva ---- - drivers/arm-ffa/arm_ffa_prv.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/drivers/arm-ffa/arm_ffa_prv.h b/drivers/arm-ffa/arm_ffa_prv.h -index 38ea4ba83efc..d0db3ef508a1 100644 ---- a/drivers/arm-ffa/arm_ffa_prv.h -+++ b/drivers/arm-ffa/arm_ffa_prv.h -@@ -40,13 +40,13 @@ - - #define PREP_SELF_ENDPOINT_ID_MASK GENMASK(31, 16) - #define PREP_SELF_ENDPOINT_ID(x) \ -- ((u16)(FIELD_PREP(PREP_SELF_ENDPOINT_ID_MASK, (x)))) -+ (FIELD_PREP(PREP_SELF_ENDPOINT_ID_MASK, (x))) - - /* Partition endpoint ID mask (partition with which u-boot communicates with) */ - - #define PREP_PART_ENDPOINT_ID_MASK GENMASK(15, 0) - #define PREP_PART_ENDPOINT_ID(x) \ -- ((u16)(FIELD_PREP(PREP_PART_ENDPOINT_ID_MASK, (x)))) -+ (FIELD_PREP(PREP_PART_ENDPOINT_ID_MASK, (x))) - - /* The FF-A SMC function prototype definition */ - --- -2.37.1 - diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-Use-correct-buffer-size.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-Use-correct-buffer-size.patch deleted file mode 100644 index af857f41..00000000 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-Use-correct-buffer-size.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 936c857add300f41bc58c300793a0e10b48ff69f Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar -Date: Mon, 13 Dec 2021 15:25:23 +0000 -Subject: [PATCH 19/24] Use correct buffer size - -The comm buffer created has additional 4 bytes length which -needs to be trimmed. This change will reduce the size of the -comm buffer to what is expected. - -Signed-off-by: Gowtham Suresh Kumar -Signed-off-by: Rui Miguel Silva ---- - include/mm_communication.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/include/mm_communication.h b/include/mm_communication.h -index e65fbde60d0a..bb9919095649 100644 ---- a/include/mm_communication.h -+++ b/include/mm_communication.h -@@ -123,7 +123,7 @@ struct __packed efi_mm_communicate_header { - * - * Defined in EDK2 as SMM_VARIABLE_COMMUNICATE_HEADER. - */ --struct smm_variable_communicate_header { -+struct __packed smm_variable_communicate_header { - efi_uintn_t function; - efi_status_t ret_status; - u8 data[]; -@@ -145,7 +145,7 @@ struct smm_variable_communicate_header { - * Defined in EDK2 as SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE. - * - */ --struct smm_variable_access { -+struct __packed smm_variable_access { - efi_guid_t guid; - efi_uintn_t data_size; - efi_uintn_t name_size; --- -2.37.1 - diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch similarity index 73% rename from meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch rename to meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch index 4e3f237f..3d8a6216 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch @@ -1,7 +1,7 @@ -From 4c249de0915750b328e456c34f18546f92850afd Mon Sep 17 00:00:00 2001 +From 3bb5826af8e3891617d41a30419de0ce089f9fc3 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath Date: Fri, 10 Dec 2021 20:03:35 +0000 -Subject: [PATCH 15/24] efi_capsule: corstone1000: pass interface id and buffer +Subject: [PATCH 19/26] efi_capsule: corstone1000: pass interface id and buffer event id using register w4 Initially the interface/event IDs are passed to the SP using register @@ -16,13 +16,14 @@ firmware update. Signed-off-by: Vishnu Banavath Signed-off-by: Abdellatif El Khlifi Signed-off-by: Rui Miguel Silva +Upstream-Status: Pending [Not submitted to upstream yet] --- include/configs/corstone1000.h | 6 ++++++ lib/efi_loader/efi_capsule.c | 11 +++++++---- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h -index db0f91335cef..a7445e61348b 100644 +index 2d89a8966e..4637dd5d5d 100644 --- a/include/configs/corstone1000.h +++ b/include/configs/corstone1000.h @@ -24,6 +24,12 @@ @@ -39,20 +40,20 @@ index db0f91335cef..a7445e61348b 100644 #define CORSTONE1000_CAPSULE_BUFFER_SIZE (8192) /* 32 MB */ diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c -index a0689ba912fc..e08e97cf3fb7 100644 +index c0f3427a60..bf8bd68256 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -28,6 +28,8 @@ #ifdef CONFIG_TARGET_CORSTONE1000 - #include + #include #include +#include +#include void *__efi_runtime_data corstone1000_capsule_buf; /* capsule shared buffer virtual address */ efi_guid_t corstone1000_capsule_guid = EFI_CORSTONE1000_CAPSULE_ID_GUID; -@@ -590,11 +592,12 @@ static int __efi_runtime efi_corstone1000_buffer_ready_event(u32 capsule_image_s - func_data.data0 = &part_id; +@@ -582,11 +584,12 @@ static int __efi_runtime efi_corstone1000_buffer_ready_event(u32 capsule_image_s + log_debug("[%s]\n", __func__); /* - * setting the buffer ready event arguments @@ -60,14 +61,14 @@ index a0689ba912fc..e08e97cf3fb7 100644 + * - capsule update interface ID (31:16) + * - the buffer ready event ID (15:0) */ -- msg.a3 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID; -- msg.a4 = capsule_image_size; -- msg.a5 = CORSTONE1000_BUFFER_READY_EVT; -+ msg.a4 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) | -+ PREP_SEPROXY_EVT(CORSTONE1000_BUFFER_READY_EVT); +- msg.data0 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID; /* x3 */ +- msg.data1 = capsule_image_size; /* x4 */ +- msg.data2 = CORSTONE1000_BUFFER_READY_EVT; /* x5 */ ++ msg.data1 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) | ++ PREP_SEPROXY_EVT(CORSTONE1000_BUFFER_READY_EVT); /* w4 */ - func_data.data1_size = sizeof(msg); - func_data.data1 = &msg; + return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg); + } -- -2.37.1 +2.17.1 diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-efi_boottime-corstone1000-pass-interface-id-and-kern.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-efi_boottime-corstone1000-pass-interface-id-and-kern.patch similarity index 65% rename from meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-efi_boottime-corstone1000-pass-interface-id-and-kern.patch rename to meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-efi_boottime-corstone1000-pass-interface-id-and-kern.patch index e134f23a..db2ff32c 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-efi_boottime-corstone1000-pass-interface-id-and-kern.patch +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-efi_boottime-corstone1000-pass-interface-id-and-kern.patch @@ -1,7 +1,7 @@ -From e5e1cf36cb7b77a5bb526f1744c0c77164374ca3 Mon Sep 17 00:00:00 2001 +From 668fe40ccb0db5542ef333cd4655511dbb8572f9 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath Date: Fri, 10 Dec 2021 20:10:41 +0000 -Subject: [PATCH 16/24] efi_boottime: corstone1000: pass interface id and +Subject: [PATCH 20/26] efi_boottime: corstone1000: pass interface id and kernel event id using register w4 Initially the interface/event IDs are passed to the SP using register @@ -16,16 +16,17 @@ secure enclave just before ExitbootService(). Signed-off-by: Vishnu Banavath Signed-off-by: Abdellatif El Khlifi Signed-off-by: Rui Miguel Silva +Upstream-Status: Pending [Not submitted to upstream yet] --- lib/efi_loader/efi_boottime.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c -index f2b5c7834c01..140d0f4f71da 100644 +index 9bf2596597..de815484d2 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c @@ -27,6 +27,11 @@ - #include + #include #endif +#if IS_ENABLED(CONFIG_TARGET_CORSTONE1000) @@ -36,8 +37,8 @@ index f2b5c7834c01..140d0f4f71da 100644 DECLARE_GLOBAL_DATA_PTR; /* Task priority level */ -@@ -2120,10 +2125,12 @@ static int efi_corstone1000_kernel_started_event(void) - func_data.data0 = &part_id; +@@ -2112,10 +2117,12 @@ static int efi_corstone1000_kernel_started_event(void) + log_debug("[%s]\n", __func__); /* - * setting the kernel started event arguments @@ -45,13 +46,13 @@ index f2b5c7834c01..140d0f4f71da 100644 + * setting capsule update interface ID(31:16) + * the kernel started event ID(15:0) */ -- msg.a3 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID; -- msg.a5 = CORSTONE1000_KERNEL_STARTED_EVT; -+ msg.a4 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) | -+ PREP_SEPROXY_EVT(CORSTONE1000_KERNEL_STARTED_EVT); +- msg.data0 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID; /* x3 */ +- msg.data2 = CORSTONE1000_KERNEL_STARTED_EVT; /* x5 */ ++ msg.data1 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) | ++ PREP_SEPROXY_EVT(CORSTONE1000_KERNEL_STARTED_EVT); /* w4 */ - func_data.data1_size = sizeof(msg); - func_data.data1 = &msg; + return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg); + } -- -2.37.1 +2.17.1 diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-efi_loader-corstone1000-remove-guid-check-from-corst.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-efi_loader-corstone1000-remove-guid-check-from-corst.patch similarity index 79% rename from meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-efi_loader-corstone1000-remove-guid-check-from-corst.patch rename to meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-efi_loader-corstone1000-remove-guid-check-from-corst.patch index b5a17156..38ef1c08 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-efi_loader-corstone1000-remove-guid-check-from-corst.patch +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-efi_loader-corstone1000-remove-guid-check-from-corst.patch @@ -1,7 +1,7 @@ -From 596cf4d04580b191d2f4f6082000534bdab13791 Mon Sep 17 00:00:00 2001 +From 4d7fd850347dbea10a73cd5cf6eb518607118414 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath Date: Sat, 11 Dec 2021 13:23:55 +0000 -Subject: [PATCH 17/24] efi_loader: corstone1000: remove guid check from +Subject: [PATCH 21/26] efi_loader: corstone1000: remove guid check from corstone1000 config option Use generic fmp guid and no separte check is required for @@ -9,15 +9,16 @@ CORSTONE1000 target. Signed-off-by: Vishnu Banavath Signed-off-by: Rui Miguel Silva +Upstream-Status: Pending [Not submitted to upstream yet] --- lib/efi_loader/efi_capsule.c | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c -index e08e97cf3fb7..891143c33909 100644 +index bf8bd68256..5db9d30d53 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c -@@ -657,12 +657,6 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule( +@@ -646,12 +646,6 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule( i, &capsule->capsule_guid); #if CONFIG_IS_ENABLED(TARGET_CORSTONE1000) @@ -30,7 +31,7 @@ index e08e97cf3fb7..891143c33909 100644 if (efi_size_in_pages(capsule->capsule_image_size) > CORSTONE1000_CAPSULE_BUFFER_SIZE) { log_err("Corstone1000: Capsule data size exceeds the shared buffer size\n"); -@@ -688,15 +682,7 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule( +@@ -677,15 +671,7 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule( goto out; #endif @@ -48,5 +49,5 @@ index e08e97cf3fb7..891143c33909 100644 goto out; } -- -2.37.1 +2.17.1 diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch similarity index 75% rename from meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch rename to meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch index 1204f2a4..3cedaa7a 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch @@ -1,7 +1,7 @@ -From 5c57ef351882afebde479de430acf2c4f8fdefc8 Mon Sep 17 00:00:00 2001 +From 720e5ada733b0f7b019baaec57d74603a9dff67e Mon Sep 17 00:00:00 2001 From: Vishnu Banavath Date: Fri, 17 Dec 2021 19:49:02 +0000 -Subject: [PATCH 20/24] efi_loader: populate ESRT table if EFI_ESRT config +Subject: [PATCH 22/26] efi_loader: populate ESRT table if EFI_ESRT config option is set This change is to call efi_esrt_populate function if CONFIG_EFI_ESRT @@ -9,15 +9,16 @@ is set. This will populte esrt table with firmware image info Signed-off-by: Vishnu Banavath Signed-off-by: Rui Miguel Silva +Upstream-Status: Pending [Not submitted to upstream yet] --- lib/efi_loader/efi_capsule.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c -index 891143c33909..7db78f1f7648 100644 +index 5db9d30d53..65e2fc8296 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c -@@ -679,6 +679,13 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule( +@@ -668,6 +668,13 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule( ret = EFI_SUCCESS; } @@ -32,5 +33,5 @@ index 891143c33909..7db78f1f7648 100644 #endif -- -2.37.1 +2.17.1 diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-efi_firmware-add-get_image_info-for-corstone1000.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-efi_firmware-add-get_image_info-for-corstone1000.patch similarity index 94% rename from meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-efi_firmware-add-get_image_info-for-corstone1000.patch rename to meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-efi_firmware-add-get_image_info-for-corstone1000.patch index 8f86b653..f6aafa35 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-efi_firmware-add-get_image_info-for-corstone1000.patch +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-efi_firmware-add-get_image_info-for-corstone1000.patch @@ -1,22 +1,20 @@ -From fcd1dc670d83bd7e7528370d0d6f168bfb44054d Mon Sep 17 00:00:00 2001 +From 2cad562823976134f201d6e2ef187bf103e17d1e Mon Sep 17 00:00:00 2001 From: Vishnu Banavath Date: Fri, 17 Dec 2021 19:50:25 +0000 -Subject: [PATCH 21/24] efi_firmware: add get_image_info for corstone1000 +Subject: [PATCH 23/26] efi_firmware: add get_image_info for corstone1000 This change is to populate get_image_info which eventually will be populated in ESRT table Signed-off-by: Vishnu Banavath - -%% original patch: 0047-efi_firmware-add-get_image_info-for-corstone1000.patch - Signed-off-by: Rui Miguel Silva +Upstream-Status: Pending [Not submitted to upstream yet] --- lib/efi_loader/efi_firmware.c | 71 ++++++++++++++++++++++++++++++++++- 1 file changed, 70 insertions(+), 1 deletion(-) diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c -index 30cafd15caac..af43d4502f92 100644 +index 30cafd15ca..af43d4502f 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -17,11 +17,69 @@ @@ -120,5 +118,5 @@ index 30cafd15caac..af43d4502f92 100644 NULL, NULL)) return EFI_EXIT(EFI_DEVICE_ERROR); -- -2.37.1 +2.17.1 diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-efi_loader-send-bootcomplete-message-to-secure-encla.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-efi_loader-send-bootcomplete-message-to-secure-encla.patch similarity index 69% rename from meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-efi_loader-send-bootcomplete-message-to-secure-encla.patch rename to meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-efi_loader-send-bootcomplete-message-to-secure-encla.patch index 1dc04553..35f5cb23 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-efi_loader-send-bootcomplete-message-to-secure-encla.patch +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-efi_loader-send-bootcomplete-message-to-secure-encla.patch @@ -1,7 +1,7 @@ -From 902d5c499b6627a505986d298986a4ac430592b8 Mon Sep 17 00:00:00 2001 +From 709e5d8ff07474f840f1d34d3077135f77795452 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath -Date: Wed, 5 Jan 2022 17:56:09 +0000 -Subject: [PATCH 22/24] efi_loader: send bootcomplete message to secure enclave +Date: Mon, 15 Aug 2022 15:46:18 +0100 +Subject: [PATCH 24/26] efi_loader: send bootcomplete message to secure enclave On corstone1000 platform, Secure Enclave will be expecting an event from uboot when it performs capsule update. Previously, @@ -11,15 +11,17 @@ to send an uboot efi initialized event at efi sub-system initialization stage. Signed-off-by: Rui Miguel Silva +Signed-off-by: Abdellatif El Khlifi +Upstream-Status: Pending [Not submitted to upstream yet] --- include/configs/corstone1000.h | 2 +- - lib/efi_loader/efi_boottime.c | 49 ---------------------------------- + lib/efi_loader/efi_boottime.c | 43 ---------------------------------- lib/efi_loader/efi_firmware.c | 2 +- - lib/efi_loader/efi_setup.c | 48 +++++++++++++++++++++++++++++++++ - 4 files changed, 50 insertions(+), 51 deletions(-) + lib/efi_loader/efi_setup.c | 39 ++++++++++++++++++++++++++++++ + 4 files changed, 41 insertions(+), 45 deletions(-) diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h -index a7445e61348b..06b605e43bdf 100644 +index 4637dd5d5d..333b1d93b6 100644 --- a/include/configs/corstone1000.h +++ b/include/configs/corstone1000.h @@ -22,7 +22,7 @@ @@ -32,10 +34,22 @@ index a7445e61348b..06b605e43bdf 100644 #define PREP_SEPROXY_SVC_ID_MASK GENMASK(31, 16) #define PREP_SEPROXY_SVC_ID(x) (FIELD_PREP(PREP_SEPROXY_SVC_ID_MASK, (x))) diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c -index 140d0f4f71da..6b9f5cf272b8 100644 +index de815484d2..cede7826bd 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c -@@ -2100,46 +2100,6 @@ static void efi_exit_caches(void) +@@ -27,11 +27,6 @@ + #include + #endif + +-#if IS_ENABLED(CONFIG_TARGET_CORSTONE1000) +-#include +-#include +-#endif +- + DECLARE_GLOBAL_DATA_PTR; + + /* Task priority level */ +@@ -2100,35 +2095,6 @@ static void efi_exit_caches(void) #endif } @@ -51,30 +65,19 @@ index 140d0f4f71da..6b9f5cf272b8 100644 - */ -static int efi_corstone1000_kernel_started_event(void) -{ -- struct ffa_interface_data func_data = {0}; - struct ffa_send_direct_data msg = {0}; -- u16 part_id = CORSTONE1000_SEPROXY_PART_ID; - - log_debug("[%s]\n", __func__); - - /* -- * telling the driver which partition to use -- */ -- func_data.data0_size = sizeof(part_id); -- func_data.data0 = &part_id; -- -- /* - * setting the kernel started event arguments: - * setting capsule update interface ID(31:16) - * the kernel started event ID(15:0) - */ -- msg.a4 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) | -- PREP_SEPROXY_EVT(CORSTONE1000_KERNEL_STARTED_EVT); -- -- func_data.data1_size = sizeof(msg); -- func_data.data1 = &msg; +- msg.data1 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) | +- PREP_SEPROXY_EVT(CORSTONE1000_KERNEL_STARTED_EVT); /* w4 */ - -- return ffa_helper_msg_send_direct_req(&func_data); +- return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg); -} - -#endif @@ -82,7 +85,7 @@ index 140d0f4f71da..6b9f5cf272b8 100644 /** * efi_exit_boot_services() - stop all boot services * @image_handle: handle of the loaded image -@@ -2253,15 +2213,6 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, +@@ -2244,15 +2210,6 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, /* Recalculate CRC32 */ efi_update_table_header_crc32(&systab.hdr); @@ -99,7 +102,7 @@ index 140d0f4f71da..6b9f5cf272b8 100644 efi_set_watchdog(0); WATCHDOG_RESET(); diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c -index af43d4502f92..25f427b93669 100644 +index af43d4502f..25f427b936 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -47,7 +47,7 @@ static efi_status_t efi_corstone1000_img_info_get ( @@ -112,7 +115,7 @@ index af43d4502f92..25f427b93669 100644 } diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c -index bfd4687e10b5..a20128e9b582 100644 +index bfd4687e10..6c9e14c37e 100644 --- a/lib/efi_loader/efi_setup.c +++ b/lib/efi_loader/efi_setup.c @@ -17,6 +17,9 @@ @@ -121,11 +124,11 @@ index bfd4687e10b5..a20128e9b582 100644 #if IS_ENABLED(CONFIG_TARGET_CORSTONE1000) +#include +#include -+#include ++#include /** * efi_corstone1000_alloc_capsule_shared_buf - allocate capsule shared buffer */ -@@ -126,6 +129,44 @@ static efi_status_t efi_init_secure_boot(void) +@@ -126,6 +129,34 @@ static efi_status_t efi_init_secure_boot(void) } #endif /* CONFIG_EFI_SECURE_BOOT */ @@ -141,42 +144,31 @@ index bfd4687e10b5..a20128e9b582 100644 + * */ +static int efi_corstone1000_uboot_efi_started_event(void) +{ -+ struct ffa_interface_data func_data = {0}; + struct ffa_send_direct_data msg = {0}; -+ u16 part_id = CORSTONE1000_SEPROXY_PART_ID; + + log_debug("[%s]\n", __func__); + + /* -+ * telling the driver which partition to use -+ */ -+ func_data.data0_size = sizeof(part_id); -+ func_data.data0 = &part_id; -+ /* -+ * setting the uboot efi subsystem started event arguments: ++ * setting the kernel started event arguments: + * setting capsule update interface ID(31:16) -+ * the uboot efi subsystem started event ID(15:0) ++ * the kernel started event ID(15:0) + */ -+ msg.a4 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) | -+ PREP_SEPROXY_EVT(CORSTONE1000_UBOOT_EFI_STARTED_EVT); ++ msg.data1 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) | ++ PREP_SEPROXY_EVT(CORSTONE1000_UBOOT_EFI_STARTED_EVT); /* w4 */ + -+ func_data.data1_size = sizeof(msg); -+ func_data.data1 = &msg; -+ -+ return ffa_helper_msg_send_direct_req(&func_data); ++ return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg); +} +#endif + /** * efi_init_capsule - initialize capsule update state * -@@ -134,8 +175,15 @@ static efi_status_t efi_init_secure_boot(void) - static efi_status_t efi_init_capsule(void) - { +@@ -136,6 +167,14 @@ static efi_status_t efi_init_capsule(void) efi_status_t ret = EFI_SUCCESS; -+ int ffa_ret; #if IS_ENABLED(CONFIG_TARGET_CORSTONE1000) ++ int ffa_ret; ++ + ffa_ret = efi_corstone1000_uboot_efi_started_event(); + if (ffa_ret) + debug("[efi_boottime][ERROR]: Failure to notify SE Proxy FW update service\n"); @@ -187,5 +179,5 @@ index bfd4687e10b5..a20128e9b582 100644 if (ret != EFI_SUCCESS) { printf("EFI: Corstone-1000: cannot allocate caspsule shared buffer\n"); -- -2.37.1 +2.17.1 diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-efi_loader-fix-null-pointer-exception-with-get_image.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-efi_loader-fix-null-pointer-exception-with-get_image.patch similarity index 89% rename from meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-efi_loader-fix-null-pointer-exception-with-get_image.patch rename to meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-efi_loader-fix-null-pointer-exception-with-get_image.patch index 165fac5f..dc9063ac 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-efi_loader-fix-null-pointer-exception-with-get_image.patch +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-efi_loader-fix-null-pointer-exception-with-get_image.patch @@ -1,7 +1,7 @@ -From 383078dde2fbf509dc3d24505f6b328316aee030 Mon Sep 17 00:00:00 2001 +From 456e616401b02a579e9ea5ec3e5ab1d1c884b389 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath Date: Fri, 14 Jan 2022 15:24:18 +0000 -Subject: [PATCH 23/24] efi_loader: fix null pointer exception with +Subject: [PATCH 25/26] efi_loader: fix null pointer exception with get_image_info get_img_info API implemented for corstone1000 target does not @@ -11,12 +11,13 @@ exception. Signed-off-by: Vishnu Banavath Signed-off-by: Rui Miguel Silva +Upstream-Status: Pending [Not submitted to upstream yet] --- lib/efi_loader/efi_firmware.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c -index 25f427b93669..28d9a19edb90 100644 +index 25f427b936..28d9a19edb 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -38,26 +38,29 @@ static efi_status_t efi_corstone1000_img_info_get ( @@ -58,5 +59,5 @@ index 25f427b93669..28d9a19edb90 100644 IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED; image_info[i].attributes_setting = IMAGE_ATTRIBUTE_IMAGE_UPDATABLE; -- -2.37.1 +2.17.1 diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-arm-corstone1000-add-mmc-for-fvp.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0026-arm-corstone1000-add-mmc-for-fvp.patch similarity index 92% rename from meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-arm-corstone1000-add-mmc-for-fvp.patch rename to meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0026-arm-corstone1000-add-mmc-for-fvp.patch index 2b9ca780..d4bf6520 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-arm-corstone1000-add-mmc-for-fvp.patch +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0026-arm-corstone1000-add-mmc-for-fvp.patch @@ -1,12 +1,13 @@ -From cc3356c2a30b7aa85a25e9bc7b69a03537df3f27 Mon Sep 17 00:00:00 2001 +From 5e4c819c7ab0841429016c098106615b33486c8b Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva Date: Tue, 5 Apr 2022 10:24:38 +0100 -Subject: [PATCH 24/24] arm:corstone1000: add mmc for fvp +Subject: [PATCH 26/26] arm:corstone1000: add mmc for fvp Enable support mmc/sdcard for the corstone1000 FVP. Signed-off-by: Vishnu Banavath Signed-off-by: Rui Miguel Silva +Upstream-Status: Pending [Not submitted to upstream yet] --- arch/arm/dts/corstone1000-fvp.dts | 28 +++++++++++++++ board/armltd/corstone1000/corstone1000.c | 46 ++++++++++++++++-------- @@ -15,7 +16,7 @@ Signed-off-by: Rui Miguel Silva 4 files changed, 69 insertions(+), 17 deletions(-) diff --git a/arch/arm/dts/corstone1000-fvp.dts b/arch/arm/dts/corstone1000-fvp.dts -index 1fcc137a493c..26b0f1b3cea6 100644 +index 1fcc137a49..26b0f1b3ce 100644 --- a/arch/arm/dts/corstone1000-fvp.dts +++ b/arch/arm/dts/corstone1000-fvp.dts @@ -20,4 +20,32 @@ @@ -52,7 +53,7 @@ index 1fcc137a493c..26b0f1b3cea6 100644 + }; }; diff --git a/board/armltd/corstone1000/corstone1000.c b/board/armltd/corstone1000/corstone1000.c -index 2fa485ff3799..3d537d7a9052 100644 +index 2fa485ff37..3d537d7a90 100644 --- a/board/armltd/corstone1000/corstone1000.c +++ b/board/armltd/corstone1000/corstone1000.c @@ -46,22 +46,38 @@ static struct mm_region corstone1000_mem_map[] = { @@ -110,7 +111,7 @@ index 2fa485ff3799..3d537d7a9052 100644 /* OCVM */ .virt = 0x80000000UL, diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig -index b042d4e49419..147c14c94865 100644 +index c299dda49f..76e07fc20c 100644 --- a/configs/corstone1000_defconfig +++ b/configs/corstone1000_defconfig @@ -38,7 +38,13 @@ CONFIG_CMD_EFIDEBUG=y @@ -129,10 +130,10 @@ index b042d4e49419..147c14c94865 100644 CONFIG_USB=y CONFIG_DM_USB=y diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h -index 06b605e43bdf..d9855bf91ebf 100644 +index 333b1d93b6..815239590e 100644 --- a/include/configs/corstone1000.h +++ b/include/configs/corstone1000.h -@@ -95,7 +95,9 @@ +@@ -89,7 +89,9 @@ #define CONFIG_SYS_MAXARGS 64 /* max command args */ #define BOOT_TARGET_DEVICES(func) \ @@ -144,5 +145,5 @@ index 06b605e43bdf..d9855bf91ebf 100644 #include -- -2.37.1 +2.17.1 diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-corstone1000-use-a-compressed-kernel.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0027-corstone1000-use-a-compressed-kernel.patch similarity index 100% rename from meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-corstone1000-use-a-compressed-kernel.patch rename to meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0027-corstone1000-use-a-compressed-kernel.patch diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0026-Introduce-external-sys-driver-to-device-tree.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0028-Introduce-external-sys-driver-to-device-tree.patch similarity index 94% rename from meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0026-Introduce-external-sys-driver-to-device-tree.patch rename to meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0028-Introduce-external-sys-driver-to-device-tree.patch index cc4ab0a3..bd9a6cf6 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0026-Introduce-external-sys-driver-to-device-tree.patch +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0028-Introduce-external-sys-driver-to-device-tree.patch @@ -1,6 +1,3 @@ -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras - From 83f16fe96a86b00f7a4b7c4c4f7416119b80eddd Mon Sep 17 00:00:00 2001 From: Emekcan Date: Fri, 19 Aug 2022 16:04:48 +0100 @@ -10,6 +7,7 @@ It adds external sys driver binding to u-boot device tree. Signed-off-by: Emekcan Aras +Upstream-Status: Pending [Not submitted to upstream yet] --- arch/arm/dts/corstone1000.dtsi | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0027-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0029-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch similarity index 97% rename from meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0027-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch rename to meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0029-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch index cd01732d..57bdef45 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0027-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0029-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch @@ -1,6 +1,3 @@ -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras - From a1b8b91a43cfa9dbaa2d907a6d9629da6f93fa3e Mon Sep 17 00:00:00 2001 From: Emekcan Date: Mon, 12 Sep 2022 15:47:06 +0100 @@ -11,6 +8,7 @@ device tree. This enables communication between host and the external system. Signed-off-by: Emekcan Aras +Upstream-Status: Pending [Not submitted to upstream yet] --- arch/arm/dts/corstone1000.dtsi | 50 ++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend b/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend index 30d6b11a..420cee65 100644 --- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend +++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend @@ -18,34 +18,36 @@ EXTRA_OEMAKE:append:corstone1000 = ' DEVICE_TREE=${CORSTONE1000_DEVICE_TREE}' SYSROOT_DIRS:append:corstone1000 = " /boot" SRC_URI:append:corstone1000 = " \ - file://0001-cmd-load-add-load-command-for-memory-mapped.patch \ - file://0002-arm-add-support-to-corstone1000-platform.patch \ - file://0003-usb-common-move-urb-code-to-common.patch \ - file://0004-usb-add-isp1760-family-driver.patch \ - file://0005-corstone1000-enable-isp1763-usb-controller.patch \ - file://0006-arm_ffa-introducing-Arm-FF-A-low-level-driver.patch \ - file://0007-arm_ffa-introducing-armffa-command.patch \ - file://0008-arm_ffa-introducing-MM-communication-with-FF-A.patch \ - file://0009-arm_ffa-introducing-test-module-for-UCLASS_FFA.patch \ - file://0010-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch \ - file://0011-efi-corstone1000-introduce-EFI-capsule-update.patch \ - file://0012-corstone1000-Update-FFA-shared-buffer-address.patch \ - file://0013-corstone1000-Make-sure-shared-buffer-contents-are-no.patch \ - file://0014-arm-corstone1000-fix-unrecognized-filesystem-type.patch \ - file://0015-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch \ - file://0016-efi_boottime-corstone1000-pass-interface-id-and-kern.patch \ - file://0017-efi_loader-corstone1000-remove-guid-check-from-corst.patch \ - file://0018-arm_ffa-removing-the-cast-when-using-binary-OR-on-FI.patch \ - file://0019-Use-correct-buffer-size.patch \ - file://0020-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch \ - file://0021-efi_firmware-add-get_image_info-for-corstone1000.patch \ - file://0022-efi_loader-send-bootcomplete-message-to-secure-encla.patch \ - file://0023-efi_loader-fix-null-pointer-exception-with-get_image.patch \ - file://0024-arm-corstone1000-add-mmc-for-fvp.patch \ - file://0025-corstone1000-use-a-compressed-kernel.patch \ - file://0026-Introduce-external-sys-driver-to-device-tree.patch \ - file://0027-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch \ - " + file://0001-cmd-load-add-load-command-for-memory-mapped.patch \ + file://0002-arm-add-support-to-corstone1000-platform.patch \ + file://0003-usb-common-move-urb-code-to-common.patch \ + file://0004-usb-add-isp1760-family-driver.patch \ + file://0005-corstone1000-enable-isp1763-usb-controller.patch \ + file://0006-arm64-smccc-add-support-for-SMCCCv1.2-x0-x17-registe.patch \ + file://0007-arm64-smccc-clear-the-Xn-registers-after-SMC-calls.patch \ + file://0008-lib-uuid-introduce-be_uuid_str_to_le_bin-function.patch \ + file://0009-arm_ffa-introduce-Arm-FF-A-low-level-driver.patch \ + file://0010-arm_ffa-introduce-armffa-command.patch \ + file://0011-arm_ffa-introduce-the-FF-A-Sandbox-driver.patch \ + file://0012-arm_ffa-introduce-Sandbox-test-cases-for-UCLASS_FFA.patch \ + file://0013-arm_ffa-introduce-armffa-command-Sandbox-test.patch \ + file://0014-arm_ffa-introduce-FF-A-MM-communication.patch \ + file://0015-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch \ + file://0016-efi-corstone1000-introduce-EFI-capsule-update.patch \ + file://0017-corstone1000-Update-FFA-shared-buffer-address.patch \ + file://0018-arm-corstone1000-fix-unrecognized-filesystem-type.patch \ + file://0019-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch \ + file://0020-efi_boottime-corstone1000-pass-interface-id-and-kern.patch \ + file://0021-efi_loader-corstone1000-remove-guid-check-from-corst.patch \ + file://0022-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch \ + file://0023-efi_firmware-add-get_image_info-for-corstone1000.patch \ + file://0024-efi_loader-send-bootcomplete-message-to-secure-encla.patch \ + file://0025-efi_loader-fix-null-pointer-exception-with-get_image.patch \ + file://0026-arm-corstone1000-add-mmc-for-fvp.patch \ + file://0027-corstone1000-use-a-compressed-kernel.patch \ + file://0028-Introduce-external-sys-driver-to-device-tree.patch \ + file://0029-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch \ + " # # FVP BASE From patchwork Mon Oct 3 13:00:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Abdellatif El Khlifi X-Patchwork-Id: 13456 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 973A2C433F5 for ; Mon, 3 Oct 2022 13:01:14 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.65.1664802072353732457 for ; Mon, 03 Oct 2022 06:01:12 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: abdellatif.elkhlifi@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id B2502176A; Mon, 3 Oct 2022 06:01:18 -0700 (PDT) Received: from e121910.arm.com (unknown [10.57.65.67]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 955B63F73B; Mon, 3 Oct 2022 06:01:10 -0700 (PDT) From: abdellatif.elkhlifi@arm.com To: meta-arm@lists.yoctoproject.org, Ross.Burton@arm.com, Vishnu.Banavath@arm.com Cc: nd@arm.com, Abdellatif El Khlifi , Vishnu Banavath Subject: [PATCH 03/12] arm-bsp/optee-os: corstone1000: upgrade to v3.18 Date: Mon, 3 Oct 2022 14:00:42 +0100 Message-Id: <20221003130051.28934-4-abdellatif.elkhlifi@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> References: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 03 Oct 2022 13:01:14 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3897 From: Abdellatif El Khlifi Upgrading optee-os uses the new Trusted Services support Signed-off-by: Vishnu Banavath Signed-off-by: Abdellatif El Khlifi --- .../conf/machine/include/corstone1000.inc | 9 +- ...rstone1000-add-corstone1000-platform.patch | 209 ------------------ ...000-reserve-3MB-CVM-memory-for-optee.patch | 31 --- ...0-add-a-rule-in-Makefile-to-SP_MAKEF.patch | 39 ---- ...ne1000-increase-OPTEE-core-heap-size.patch | 30 --- ...d-missing-error-check-during-SP-init.patch | 41 ---- ...ow-setting-sysroot-for-libgcc-lookup.patch | 35 --- ...0007-allow-setting-sysroot-for-clang.patch | 30 --- .../0008-no-warn-rwx-segments.patch | 65 ------ .../corstone1000/sp_manifest_combined_se.dts | 62 ------ .../optee/optee-os-corstone1000-common.inc | 24 +- .../optee/optee-os-corstone1000.inc | 20 -- .../optee/optee-os_3.10.0.bbappend | 6 - .../optee/optee-os_3.18.0.bbappend | 1 + 14 files changed, 9 insertions(+), 593 deletions(-) delete mode 100644 meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-plat-corstone1000-add-corstone1000-platform.patch delete mode 100644 meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch delete mode 100644 meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0003-plat-corstone1000-add-a-rule-in-Makefile-to-SP_MAKEF.patch delete mode 100644 meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0004-plat-corstone1000-increase-OPTEE-core-heap-size.patch delete mode 100644 meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0005-Fix-add-missing-error-check-during-SP-init.patch delete mode 100644 meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0006-allow-setting-sysroot-for-libgcc-lookup.patch delete mode 100644 meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0007-allow-setting-sysroot-for-clang.patch delete mode 100644 meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0008-no-warn-rwx-segments.patch delete mode 100644 meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/sp_manifest_combined_se.dts delete mode 100644 meta-arm-bsp/recipes-security/optee/optee-os-corstone1000.inc delete mode 100644 meta-arm-bsp/recipes-security/optee/optee-os_3.10.0.bbappend diff --git a/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm-bsp/conf/machine/include/corstone1000.inc index 5d22b464..44a9a56c 100644 --- a/meta-arm-bsp/conf/machine/include/corstone1000.inc +++ b/meta-arm-bsp/conf/machine/include/corstone1000.inc @@ -33,16 +33,13 @@ UBOOT_BOOTARGS = "earlycon=pl011,0x1a510000 console=ttyAMA0 loglevel=9" UBOOT_ARCH = "arm" UBOOT_EXTLINUX = "0" -# optee -PREFERRED_VERSION_optee-os ?= "3.10.%" -PREFERRED_VERSION_optee-client ?= "3.14.%" +#optee +PREFERRED_VERSION_optee-os ?= "3.18.%" +PREFERRED_VERSION_optee-client ?= "3.18.%" EXTRA_IMAGEDEPENDS += "optee-os" OPTEE_ARCH = "arm64" OPTEE_BINARY = "tee-pager_v2.bin" -# Trusted Services(TS) -EXTRA_IMAGEDEPENDS += "secure-partitions" - # External System(Cortex-M3) EXTRA_IMAGEDEPENDS += "external-system" diff --git a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-plat-corstone1000-add-corstone1000-platform.patch b/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-plat-corstone1000-add-corstone1000-platform.patch deleted file mode 100644 index b2d9f03c..00000000 --- a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-plat-corstone1000-add-corstone1000-platform.patch +++ /dev/null @@ -1,209 +0,0 @@ -From 617e3a116178559fb6e148553b1cd56fb13ed7aa Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath -Date: Tue, 22 Jun 2021 22:09:28 +0100 -Subject: [PATCH] plat-corstone1000: add corstone1000 platform - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Arpita S.K - -These changes are to add corstone1000 platform to optee core - -Signed-off-by: Vishnu Banavath - ---- - core/arch/arm/plat-corstone1000/conf.mk | 37 +++++++++ - core/arch/arm/plat-corstone1000/main.c | 77 +++++++++++++++++++ - .../arm/plat-corstone1000/platform_config.h | 46 +++++++++++ - core/arch/arm/plat-corstone1000/sub.mk | 2 + - 4 files changed, 162 insertions(+) - create mode 100644 core/arch/arm/plat-corstone1000/conf.mk - create mode 100644 core/arch/arm/plat-corstone1000/main.c - create mode 100644 core/arch/arm/plat-corstone1000/platform_config.h - create mode 100644 core/arch/arm/plat-corstone1000/sub.mk - -diff --git a/core/arch/arm/plat-corstone1000/conf.mk b/core/arch/arm/plat-corstone1000/conf.mk -new file mode 100644 -index 00000000..b14dd442 ---- /dev/null -+++ b/core/arch/arm/plat-corstone1000/conf.mk -@@ -0,0 +1,37 @@ -+PLATFORM_FLAVOR ?= mps3 -+ -+$(call force,CFG_HWSUPP_MEM_PERM_WXN,y) -+$(call force,CFG_HWSUPP_MEM_PERM_PXN,y) -+$(call force,CFG_ENABLE_SCTLR_RR,n) -+$(call force,CFG_ENABLE_SCTLR_Z,n) -+ -+arm64-platform-cpuarch := cortex-a35 -+arm64-platform-cflags += -mcpu=$(arm64-platform-cpuarch) -+arm64-platform-aflags += -mcpu=$(arm64-platform-cpuarch) -+platform-flavor-armv8 := 1 -+ -+$(call force,CFG_GIC,y) -+$(call force,CFG_PL011,y) -+$(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,y) -+ -+$(call force,CFG_ARM64_core,y) -+ -+CFG_WITH_STATS ?= y -+ -+CFG_WITH_ARM_TRUSTED_FW ?= y -+CFG_WITH_LPAE ?=y -+ -+CFG_TEE_CORE_NB_CORE = 1 -+CFG_TZDRAM_START ?= 0x02002000 -+CFG_TZDRAM_SIZE ?= 0x000FE000 -+CFG_TEE_RAM_VA_SIZE ?= 0x00AF000 -+CFG_SHMEM_START ?= 0x86000000 -+CFG_SHMEM_SIZE ?= 0x00200000 -+ -+CFG_DDR_SIZE ?= 0x80000000 -+CFG_DT_ADDR ?= 0x82100000 -+CFG_DTB_MAX_SIZE ?= 0x100000 -+ -+$(call force,CFG_PSCI_ARM64,y) -+$(call force,CFG_DT,y) -+$(call force,CFG_EXTERNAL_DTB_OVERLAY,y) -diff --git a/core/arch/arm/plat-corstone1000/main.c b/core/arch/arm/plat-corstone1000/main.c -new file mode 100644 -index 00000000..35d89535 ---- /dev/null -+++ b/core/arch/arm/plat-corstone1000/main.c -@@ -0,0 +1,77 @@ -+// SPDX-License-Identifier: BSD-2-Clause -+/* -+ * Copyright (c) 2020, Linaro Limited -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+static struct gic_data gic_data __nex_bss; -+static struct pl011_data console_data __nex_bss; -+ -+register_phys_mem_pgdir(MEM_AREA_IO_SEC, CONSOLE_UART_BASE, PL011_REG_SIZE); -+#ifdef DRAM0_BASE -+register_ddr(DRAM0_BASE, DRAM0_SIZE); -+#endif -+ -+#ifdef GIC_BASE -+register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICD_BASE, GIC_DIST_REG_SIZE); -+register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICC_BASE, GIC_DIST_REG_SIZE); -+ -+void main_init_gic(void) -+{ -+ vaddr_t gicc_base; -+ vaddr_t gicd_base; -+ -+ gicc_base = core_mmu_get_va(GICC_BASE, MEM_AREA_IO_SEC); -+ gicd_base = core_mmu_get_va(GICD_BASE, MEM_AREA_IO_SEC); -+ -+ if (!gicc_base || !gicd_base) -+ panic(); -+ -+ /* Initialize GIC */ -+ gic_init(&gic_data, gicc_base, gicd_base); -+ itr_init(&gic_data.chip); -+ -+} -+ -+void main_secondary_init_gic(void) -+{ -+ gic_cpu_init(&gic_data); -+} -+ -+void itr_core_handler(void) -+{ -+ gic_it_handle(&gic_data); -+} -+#endif -+ -+void console_init(void) -+{ -+ pl011_init(&console_data, CONSOLE_UART_BASE, CONSOLE_UART_CLK_IN_HZ, -+ CONSOLE_BAUDRATE); -+ register_serial_console(&console_data.chip); -+} -+ -+void ffa_secondary_cpu_boot_req(vaddr_t secondary_ep, uint64_t cookie) -+{ -+ DMSG("This is single core platform\n"); -+} -+ -diff --git a/core/arch/arm/plat-corstone1000/platform_config.h b/core/arch/arm/plat-corstone1000/platform_config.h -new file mode 100644 -index 00000000..cfee6fa4 ---- /dev/null -+++ b/core/arch/arm/plat-corstone1000/platform_config.h -@@ -0,0 +1,46 @@ -+/* SPDX-License-Identifier: BSD-2-Clause */ -+/* -+ * Copyright (c) 2020, Linaro Limited -+ */ -+ -+#ifndef PLATFORM_CONFIG_H -+#define PLATFORM_CONFIG_H -+ -+#include -+#include -+ -+/* Make stacks aligned to data cache line length */ -+#define STACK_ALIGNMENT 64 -+ -+ -+#define GIC_BASE 0x1c000000 -+#define UART0_BASE 0x1a510000 -+#define UART1_BASE 0x1a520000 -+ -+#define CONSOLE_UART_BASE UART1_BASE -+ -+#define DRAM0_BASE 0x80000000 -+#define DRAM0_SIZE 0x7f000000 -+ -+#define GICD_OFFSET 0x10000 -+#define GICC_OFFSET 0x2f000 -+ -+#ifdef GIC_BASE -+#define GICD_BASE (GIC_BASE + GICD_OFFSET) -+#define GICC_BASE (GIC_BASE + GICC_OFFSET) -+#endif -+ -+#ifndef UART_BAUDRATE -+#define UART_BAUDRATE 115200 -+#endif -+#ifndef CONSOLE_BAUDRATE -+#define CONSOLE_BAUDRATE UART_BAUDRATE -+#endif -+ -+#ifndef SYS_COUNTER_FREQ_IN_TICKS -+#define SYS_COUNTER_FREQ_IN_TICKS UL(50000000) /* 32MHz */ -+#endif -+ -+#define CONSOLE_UART_CLK_IN_HZ UL(50000000) /* 32MHz*/ -+ -+#endif /*PLATFORM_CONFIG_H*/ -diff --git a/core/arch/arm/plat-corstone1000/sub.mk b/core/arch/arm/plat-corstone1000/sub.mk -new file mode 100644 -index 00000000..8ddc2fd4 ---- /dev/null -+++ b/core/arch/arm/plat-corstone1000/sub.mk -@@ -0,0 +1,2 @@ -+global-incdirs-y += . -+srcs-y += main.c diff --git a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch b/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch deleted file mode 100644 index 69cd1913..00000000 --- a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 63469ad63866d07012fc98214ce2bfb84093f9bb Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath -Date: Wed, 1 Sep 2021 16:46:42 +0100 -Subject: [PATCH] plat-corstone1000: reserve 3MB CVM memory for optee - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Arpita S.K - -optee requires 3MB CVM memory to include SecurePartition's into -it's image - -Signed-off-by: Vishnu Banavath - ---- - core/arch/arm/plat-corstone1000/conf.mk | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/core/arch/arm/plat-corstone1000/conf.mk b/core/arch/arm/plat-corstone1000/conf.mk -index b14dd442..7a4aa13c 100644 ---- a/core/arch/arm/plat-corstone1000/conf.mk -+++ b/core/arch/arm/plat-corstone1000/conf.mk -@@ -23,8 +23,7 @@ CFG_WITH_LPAE ?=y - - CFG_TEE_CORE_NB_CORE = 1 - CFG_TZDRAM_START ?= 0x02002000 --CFG_TZDRAM_SIZE ?= 0x000FE000 --CFG_TEE_RAM_VA_SIZE ?= 0x00AF000 -+CFG_TZDRAM_SIZE ?= 0x300000 # OPTEE CODE + DATA +TA_RAM = 3MB - CFG_SHMEM_START ?= 0x86000000 - CFG_SHMEM_SIZE ?= 0x00200000 - diff --git a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0003-plat-corstone1000-add-a-rule-in-Makefile-to-SP_MAKEF.patch b/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0003-plat-corstone1000-add-a-rule-in-Makefile-to-SP_MAKEF.patch deleted file mode 100644 index 296cad30..00000000 --- a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0003-plat-corstone1000-add-a-rule-in-Makefile-to-SP_MAKEF.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 66df8edb433ad11face32e4f6aab90e64222d38c Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath -Date: Thu, 25 Nov 2021 06:20:48 +0000 -Subject: [PATCH] plat-corstone1000: add a rule in Makefile to SP_MAKEFILE_PATH - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath - -This change is to provide an option to user to include -secure manifest into optee-os Makefile so that the secure -partition is part of optee-os image - -Signed-off-by: Vishnu Banavath - ---- - Makefile | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/Makefile b/Makefile -index f6fcea8b..21722939 100644 ---- a/Makefile -+++ b/Makefile -@@ -18,6 +18,16 @@ unexport MAKEFILE_LIST - # nonzero status). Useful since a few recipes use shell redirection. - .DELETE_ON_ERROR: - -+# include secure partition make file and manifest file -+ifdef CFG_SP_MKFILE_PATH -+ifdef CFG_EMBED_DTB_SOURCE_FILE -+include $(CFG_SP_MKFILE_PATH) -+$(info Loading secure partitions manifest ${CFG_EMBED_DTB_SOURCE_FILE}) -+CFG_EMBED_DTB_SOURCE_FILE :=${CFG_EMBED_DTB_SOURCE_FILE} -+OPTEE_OS_COMMON_EXTRA_FLAGS+=${CFG_EMBED_DTB_SOURCE_FILE} -+endif -+endif -+ - include mk/checkconf.mk - - .PHONY: all diff --git a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0004-plat-corstone1000-increase-OPTEE-core-heap-size.patch b/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0004-plat-corstone1000-increase-OPTEE-core-heap-size.patch deleted file mode 100644 index 8c4178e2..00000000 --- a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0004-plat-corstone1000-increase-OPTEE-core-heap-size.patch +++ /dev/null @@ -1,30 +0,0 @@ -From a9b5146200935c53f3bb1f4d03ef6a674b194b92 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath -Date: Thu, 2 Dec 2021 12:51:11 +0000 -Subject: [PATCH] plat-corstone1000: increase OPTEE core heap size - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath - -This change is to increase optee core heap size to 131072 -from its default value to fit openAMP and smm-gateway -in SEL0 - -Signed-off-by: Vishnu Banavath - ---- - core/arch/arm/plat-corstone1000/conf.mk | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/core/arch/arm/plat-corstone1000/conf.mk b/core/arch/arm/plat-corstone1000/conf.mk -index 7a4aa13c..65d652a4 100644 ---- a/core/arch/arm/plat-corstone1000/conf.mk -+++ b/core/arch/arm/plat-corstone1000/conf.mk -@@ -31,6 +31,7 @@ CFG_DDR_SIZE ?= 0x80000000 - CFG_DT_ADDR ?= 0x82100000 - CFG_DTB_MAX_SIZE ?= 0x100000 - -+CFG_CORE_HEAP_SIZE ?= 131072 - $(call force,CFG_PSCI_ARM64,y) - $(call force,CFG_DT,y) - $(call force,CFG_EXTERNAL_DTB_OVERLAY,y) diff --git a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0005-Fix-add-missing-error-check-during-SP-init.patch b/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0005-Fix-add-missing-error-check-during-SP-init.patch deleted file mode 100644 index dfdf56f8..00000000 --- a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0005-Fix-add-missing-error-check-during-SP-init.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 9ec42a39ba4b14bc99f66b3fb9fc227e4e25d0ed Mon Sep 17 00:00:00 2001 -From: Jelle Sels -Date: Mon, 10 May 2021 11:37:23 +0200 -Subject: [PATCH] Fix: add missing error check during SP init - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath - -Error checking during SP initialization (sp_init_uuid()) was lacking. -As a result an out of CORE HEAP situation resulted in a panic. This was -due to lack of memory in the inflate() function of zlib. - -Signed-off-by: Jelle Sels -Change-Id: I287e2e2dd507feb45991b32ed264b3b6ad6fcd39 - ---- - core/arch/arm/kernel/sp.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/core/arch/arm/kernel/sp.c b/core/arch/arm/kernel/sp.c -index 4acbc2e2..23532a01 100644 ---- a/core/arch/arm/kernel/sp.c -+++ b/core/arch/arm/kernel/sp.c -@@ -383,10 +383,14 @@ static TEE_Result __attribute__((unused)) sp_init_uuid(const TEE_UUID *uuid) - cancel_req_to, - ¶m); - -- args.a0 = sp_get_session(sess->id)->sp_regs.x[0]; -- sp_thread(sess->id, FFA_NW_ID, &args); -+ if (res == TEE_SUCCESS) { -+ args.a0 = sp_get_session(sess->id)->sp_regs.x[0]; -+ sp_thread(sess->id, FFA_NW_ID, &args); - -- thread_spmc_msg_recv(&args, sess->id); -+ thread_spmc_msg_recv(&args, sess->id); -+ } else { -+ EMSG("SP initialization failed, try increasing CFG_CORE_HEAP_SIZE"); -+ } - - return res; - } diff --git a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0006-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0006-allow-setting-sysroot-for-libgcc-lookup.patch deleted file mode 100644 index b838335e..00000000 --- a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0006-allow-setting-sysroot-for-libgcc-lookup.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 4b2c1a31efe0c5514ae27e696e75659b55e41259 Mon Sep 17 00:00:00 2001 -From: Ross Burton -Date: Tue, 26 May 2020 14:38:02 -0500 -Subject: [PATCH] allow setting sysroot for libgcc lookup - -Explicitly pass the new variable LIBGCC_LOCATE_CFLAGS variable when searching -for the compiler libraries as there's no easy way to reliably pass --sysroot -otherwise. - -Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188] -Signed-off-by: Ross Burton - ---- - mk/gcc.mk | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/mk/gcc.mk b/mk/gcc.mk -index adc77a24..81bfa78a 100644 ---- a/mk/gcc.mk -+++ b/mk/gcc.mk -@@ -13,11 +13,11 @@ nostdinc$(sm) := -nostdinc -isystem $(shell $(CC$(sm)) \ - -print-file-name=include 2> /dev/null) - - # Get location of libgcc from gcc --libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \ -+libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \ - -print-libgcc-file-name 2> /dev/null) --libstdc++$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ -+libstdc++$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ - -print-file-name=libstdc++.a 2> /dev/null) --libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ -+libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ - -print-file-name=libgcc_eh.a 2> /dev/null) - - # Define these to something to discover accidental use diff --git a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0007-allow-setting-sysroot-for-clang.patch b/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0007-allow-setting-sysroot-for-clang.patch deleted file mode 100644 index d5e36948..00000000 --- a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0007-allow-setting-sysroot-for-clang.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 992bed8a62c75aab034fe53d6329fa7c15cf06ee Mon Sep 17 00:00:00 2001 -From: Brett Warren -Date: Wed, 23 Sep 2020 09:27:34 +0100 -Subject: [PATCH] optee: enable clang support - -When compiling with clang, the LIBGCC_LOCATE_CFLAG variable used -to provide a sysroot wasn't included, which results in not locating -compiler-rt. This is mitigated by including the variable as ammended. - -Upstream-Status: Pending -ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701 -Signed-off-by: Brett Warren - ---- - mk/clang.mk | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/mk/clang.mk b/mk/clang.mk -index 0f48c836..47465523 100644 ---- a/mk/clang.mk -+++ b/mk/clang.mk -@@ -27,7 +27,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \ - - # Note, use the compiler runtime library (libclang_rt.builtins.*.a) instead of - # libgcc for clang --libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \ -+libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \ - -rtlib=compiler-rt -print-libgcc-file-name 2> /dev/null) - - # Core ASLR relies on the executable being ready to run from its preferred load diff --git a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0008-no-warn-rwx-segments.patch b/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0008-no-warn-rwx-segments.patch deleted file mode 100644 index 40482282..00000000 --- a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0008-no-warn-rwx-segments.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 3126adccaf9c9dc669bb7e1f96326c03da4b570d Mon Sep 17 00:00:00 2001 -From: Jerome Forissier -Date: Fri, 5 Aug 2022 09:48:03 +0200 -Subject: [PATCH] core: link: add --no-warn-rwx-segments - -Signed-off-by: Anton Antonov -Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474] - -binutils ld.bfd generates one RWX LOAD segment by merging several sections -with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it -also warns by default when that happens [1], which breaks the build due to ---fatal-warnings. The RWX segment is not a problem for the TEE core, since -that information is not used to set memory permissions. Therefore, silence -the warning. - -Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 -Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448 -Reported-by: Dominique Martinet -Signed-off-by: Jerome Forissier -Acked-by: Jens Wiklander - ---- - core/arch/arm/kernel/link.mk | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk -index 69375ad6..bea239cf 100644 ---- a/core/arch/arm/kernel/link.mk -+++ b/core/arch/arm/kernel/link.mk -@@ -17,6 +17,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map - link-ldflags += --sort-section=alignment - link-ldflags += --fatal-warnings - link-ldflags += --gc-sections -+link-ldflags += $(call ld-option,--no-warn-rwx-segments) - - link-ldadd = $(LDADD) - link-ldadd += $(libdeps) -@@ -37,6 +38,7 @@ link-script-cppflags := \ - $(cppflagscore)) - - ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \ -+ $(call ld-option,--no-warn-rwx-segments) \ - $(link-objs) $(link-ldadd) $(libgcccore) - cleanfiles += $(link-out-dir)/all_objs.o - $(link-out-dir)/all_objs.o: $(objs) $(libdeps) $(MAKEFILE_LIST) -@@ -49,7 +51,8 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o - $(q)$(NMcore) $< | \ - $(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@ - --unpaged-ldargs = -T $(link-script-dummy) --no-check-sections --gc-sections -+unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ -+ $(call ld-option,--no-warn-rwx-segments) - unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore) - cleanfiles += $(link-out-dir)/unpaged.o - $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt -@@ -77,7 +80,8 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o - $(q)$(NMcore) $< | \ - $(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@ - --init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections -+init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ -+ $(call ld-option,--no-warn-rwx-segments) - init-ldadd := $(link-objs-init) $(link-out-dir)/version.o $(link-ldadd) \ - $(libgcccore) - cleanfiles += $(link-out-dir)/init.o diff --git a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/sp_manifest_combined_se.dts b/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/sp_manifest_combined_se.dts deleted file mode 100644 index b09018ee..00000000 --- a/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/sp_manifest_combined_se.dts +++ /dev/null @@ -1,62 +0,0 @@ -/* -* Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -* -* SPDX-License-Identifier: BSD-3-Clause -*/ - -/dts-v1/; - -/ { - se-proxy{ - compatible = "arm,ffa-manifest-1.0"; - ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */ - uuid = <0x46bb39d1 0xb4d945b5 0x88ff0400 0x27dab249>; - description = "SE Proxy"; - execution-ctx-count = <1>; - exception-level = <1>; /* S-EL0 */ - execution-state = <0>; /* AArch64 */ - xlat-granule = <0>; /* 4KiB */ - messaging-method = <0>; /* Direct messaging only */ - device-regions { - compatible = "arm,ffa-manifest-device-regions"; - mhu-sender { - /* Armv8 A Foundation Platform values */ - base-address = <0x00000000 0x1b820000>; - pages-count = <16>; - attributes = <0x3>; /* read-write */ - }; - mhu-receiver { - /* Armv8 A Foundation Platform values */ - base-address = <0x00000000 0x1b830000>; - pages-count = <16>; - attributes = <0x3>; /* read-write */ - }; - openamp-virtio { - /* Armv8 A Foundation Platform values */ - base-address = <0x00000000 0x88000000>; - pages-count = <256>; - attributes = <0x3>; /* read-write */ - }; - }; - }; - smm-gateway{ - compatible = "arm,ffa-manifest-1.0"; - ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */ - uuid = <0xed32d533 0x99e64209 0x9cc02d72 0xcdd998a7>; - description = "SMM Gateway"; - execution-ctx-count = <1>; - exception-level = <1>; /* S-EL0 */ - execution-state = <0>; /* AArch64 */ - xlat-granule = <0>; /* 4KiB */ - messaging-method = <0>; /* Direct messaging only */ - device-regions { - compatible = "arm,ffa-manifest-device-regions"; - mm-comm-buffer { - /* Armv8 A Foundation Platform values */ - base-address = <0x00000000 0x02000000>; - pages-count = <1>; - attributes = <0x3>; /* read-write */ - }; - }; - }; -}; diff --git a/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc b/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc index 9f372413..1aca3a91 100644 --- a/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc +++ b/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc @@ -1,18 +1,9 @@ -SRC_URI = "git://git.trustedfirmware.org/OP-TEE/optee_os.git;protocol=https;branch=psa-development" -SRCREV = "f9de2c9520ed97b89760cc4c99424aae440b63f4" -PV = "3.10.0+git${SRCPV}" +SRCREV = "42f6617108fa43712652ef52f9d5b4ec5b2665f8" +PV = "3.18.0+git${SRCPV}" -DEPENDS += "python3-pycryptodomex-native dtc-native" - -FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/corstone1000:" - -SRC_URI:append = " \ - file://0001-plat-corstone1000-add-corstone1000-platform.patch \ - file://0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch \ - file://0003-plat-corstone1000-add-a-rule-in-Makefile-to-SP_MAKEF.patch \ - file://0004-plat-corstone1000-increase-OPTEE-core-heap-size.patch \ - file://0005-Fix-add-missing-error-check-during-SP-init.patch \ - " +SRC_URI:remove = " \ + file://0008-no-warn-rwx-segments.patch \ + " COMPATIBLE_MACHINE = "corstone1000" @@ -24,8 +15,3 @@ EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4" EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n" EXTRA_OEMAKE += " CFG_CORE_SEL1_SPMC=y CFG_CORE_FFA=y" - -EXTRA_OEMAKE += " CFG_WITH_SP=y" - -EXTRA_OEMAKE += " HOST_PREFIX=${HOST_PREFIX}" -EXTRA_OEMAKE += " CROSS_COMPILE64=${HOST_PREFIX}" diff --git a/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000.inc b/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000.inc deleted file mode 100644 index 8ddf47e3..00000000 --- a/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000.inc +++ /dev/null @@ -1,20 +0,0 @@ -require optee-os-corstone1000-common.inc - -DEPENDS += " secure-partitions" -EXTRA_OEMAKE +="'SP_PACKAGING_METHOD=embedded'" - -TS_INSTALL_PREFIX_PATH="${RECIPE_SYSROOT}/firmware/sp/opteesp" -EXTRA_OEMAKE += "'TS_INSTALL_PREFIX=${TS_INSTALL_PREFIX_PATH}'" - -# se-proxy secure partition -SP_MKFILE_PATH="${TS_INSTALL_PREFIX}/lib/make/se-proxy.mk" - -# smm-gateway secure partition -SP_MKFILE_PATH += "${TS_INSTALL_PREFIX}/lib/make/smm-gateway.mk" - -EXTRA_OEMAKE += "'CFG_SP_MKFILE_PATH=${SP_MKFILE_PATH}'" - -EXTRA_OEMAKE += "CFG_EMBED_DTB_SOURCE_FILE=${EMBED_DTB_SOURCE_FILE}" - -SRC_URI:append = " file://sp_manifest_combined_se.dts;" -EMBED_DTB_SOURCE_FILE = "${WORKDIR}/sp_manifest_combined_se.dts" diff --git a/meta-arm-bsp/recipes-security/optee/optee-os_3.10.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os_3.10.0.bbappend deleted file mode 100644 index db1fc18b..00000000 --- a/meta-arm-bsp/recipes-security/optee/optee-os_3.10.0.bbappend +++ /dev/null @@ -1,6 +0,0 @@ -# Machine specific configurations - -MACHINE_OPTEE_OS_REQUIRE ?= "" -MACHINE_OPTEE_OS_REQUIRE:corstone1000 = "optee-os-corstone1000.inc" - -require ${MACHINE_OPTEE_OS_REQUIRE} diff --git a/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend index bc933dd5..4b03985a 100644 --- a/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend +++ b/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend @@ -3,5 +3,6 @@ MACHINE_OPTEE_OS_REQUIRE ?= "" MACHINE_OPTEE_OS_REQUIRE:n1sdp = "optee-os-n1sdp.inc" MACHINE_OPTEE_OS_REQUIRE:tc = "optee-os-tc.inc" +MACHINE_OPTEE_OS_REQUIRE:corstone1000 = "optee-os-corstone1000-common.inc" require ${MACHINE_OPTEE_OS_REQUIRE} From patchwork Mon Oct 3 13:00:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Abdellatif El Khlifi X-Patchwork-Id: 13459 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 620D1C433FE for ; Mon, 3 Oct 2022 13:01:24 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web08.62.1664802074312533045 for ; Mon, 03 Oct 2022 06:01:14 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: abdellatif.elkhlifi@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5B1D916F8; Mon, 3 Oct 2022 06:01:20 -0700 (PDT) Received: from e121910.arm.com (unknown [10.57.65.67]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 3D2F23F73B; Mon, 3 Oct 2022 06:01:12 -0700 (PDT) From: abdellatif.elkhlifi@arm.com To: meta-arm@lists.yoctoproject.org, Ross.Burton@arm.com, Vishnu.Banavath@arm.com Cc: nd@arm.com, Abdellatif El Khlifi , Vishnu Banavath Subject: [PATCH 04/12] arm-bsp/optee-spdevkit: corstone1000: drop the support Date: Mon, 3 Oct 2022 14:00:43 +0100 Message-Id: <20221003130051.28934-5-abdellatif.elkhlifi@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> References: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 03 Oct 2022 13:01:24 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3898 From: Abdellatif El Khlifi optee-spdevkit no longer used. It has been replaced with newlib Signed-off-by: Vishnu Banavath Signed-off-by: Abdellatif El Khlifi --- .../recipes-security/optee/optee-spdevkit-corstone1000.inc | 1 - .../recipes-security/optee/optee-spdevkit_3.10.0.bbappend | 1 - 2 files changed, 2 deletions(-) delete mode 100644 meta-arm-bsp/recipes-security/optee/optee-spdevkit-corstone1000.inc diff --git a/meta-arm-bsp/recipes-security/optee/optee-spdevkit-corstone1000.inc b/meta-arm-bsp/recipes-security/optee/optee-spdevkit-corstone1000.inc deleted file mode 100644 index db85ed8e..00000000 --- a/meta-arm-bsp/recipes-security/optee/optee-spdevkit-corstone1000.inc +++ /dev/null @@ -1 +0,0 @@ -require optee-os-corstone1000-common.inc diff --git a/meta-arm-bsp/recipes-security/optee/optee-spdevkit_3.10.0.bbappend b/meta-arm-bsp/recipes-security/optee/optee-spdevkit_3.10.0.bbappend index 5f74ae45..cfc3023f 100644 --- a/meta-arm-bsp/recipes-security/optee/optee-spdevkit_3.10.0.bbappend +++ b/meta-arm-bsp/recipes-security/optee/optee-spdevkit_3.10.0.bbappend @@ -1,6 +1,5 @@ # Machine specific configurations MACHINE_OPTEE_SPDEVKIT_REQUIRE ?= "" -MACHINE_OPTEE_SPDEVKIT_REQUIRE:corstone1000 = "optee-spdevkit-corstone1000.inc" require ${MACHINE_OPTEE_SPDEVKIT_REQUIRE} From patchwork Mon Oct 3 13:00:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Abdellatif El Khlifi X-Patchwork-Id: 13461 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7A55CC43219 for ; Mon, 3 Oct 2022 13:01:24 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web12.64.1664802075609820520 for ; Mon, 03 Oct 2022 06:01:15 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: abdellatif.elkhlifi@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0092016F8; Mon, 3 Oct 2022 06:01:22 -0700 (PDT) Received: from e121910.arm.com (unknown [10.57.65.67]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id F1CA63F73B; Mon, 3 Oct 2022 06:01:13 -0700 (PDT) From: abdellatif.elkhlifi@arm.com To: meta-arm@lists.yoctoproject.org, Ross.Burton@arm.com, Vishnu.Banavath@arm.com Cc: nd@arm.com, Abdellatif El Khlifi , Vishnu Banavath Subject: [PATCH 05/12] arm-bsp/corstone1000-initramfs-image: remove obsolete packages Date: Mon, 3 Oct 2022 14:00:44 +0100 Message-Id: <20221003130051.28934-6-abdellatif.elkhlifi@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> References: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 03 Oct 2022 13:01:24 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3899 From: Abdellatif El Khlifi removing the following packages: ffa-debugfs-mod secure-partitions-psa-api-tests Signed-off-by: Vishnu Banavath Signed-off-by: Abdellatif El Khlifi --- .../recipes-bsp/images/corstone1000-initramfs-image.bb | 6 ------ 1 file changed, 6 deletions(-) diff --git a/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb b/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb index 77e30ab1..1acf1bf4 100644 --- a/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb +++ b/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb @@ -23,11 +23,5 @@ IMAGE_FEATURES:remove = "package-management" # all optee packages IMAGE_INSTALL += "optee-client" -# FF-A Debugfs driver -IMAGE_INSTALL += "ffa-debugfs-mod" - -# psa-arch-tests linux userspace application -IMAGE_INSTALL += "secure-partitions-psa-api-tests" - # external system linux userspace test application IMAGE_INSTALL += "corstone1000-external-sys-tests" From patchwork Mon Oct 3 13:00:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Abdellatif El Khlifi X-Patchwork-Id: 13476 Return-Path: Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A04A9C4167B for ; Mon, 3 Oct 2022 13:01:24 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web12.65.1664802078277677046 for ; Mon, 03 Oct 2022 06:01:18 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: abdellatif.elkhlifi@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A030A16F8; Mon, 3 Oct 2022 06:01:24 -0700 (PDT) Received: from e121910.arm.com (unknown [10.57.65.67]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 9969C3F73B; Mon, 3 Oct 2022 06:01:15 -0700 (PDT) From: abdellatif.elkhlifi@arm.com To: meta-arm@lists.yoctoproject.org, Ross.Burton@arm.com, Vishnu.Banavath@arm.com Cc: nd@arm.com, Abdellatif El Khlifi , Vishnu Banavath Subject: [PATCH 06/12] arm-bsp/trusted-services: corstone1000: add secure partitions support Date: Mon, 3 Oct 2022 14:00:45 +0100 Message-Id: <20221003130051.28934-7-abdellatif.elkhlifi@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> References: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 03 Oct 2022 13:01:24 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3900 From: Abdellatif El Khlifi support for ts-smm-gateway and ts-se-proxy secure partitions Signed-off-by: Vishnu Banavath Signed-off-by: Abdellatif El Khlifi --- .../conf/machine/include/corstone1000.inc | 4 + ...corstone1000-platform-to-drivers-arm.patch | 36 + ...on-applying-lowercase-project-conven.patch | 33 - ...0002-fix-EARLY_TA_PATHS-env-variable.patch | 32 - ...0003-corstone1000-port-crypto-config.patch | 234 -- ...proxy-dts-add-se-proxy-as-child-node.patch | 46 - ...te-mm-comm-buffer-region-in-dts-file.patch | 59 - .../0005-Configure-NV-storage-macro.patch | 26 - .../corstone1000/0006-Use-device-region.patch | 53 - ...7-Add-openamp-to-SE-proxy-deployment.patch | 259 -- ...iver-and-the-OpenAmp-conversion-laye.patch | 1093 ------- .../0009-Add-openamp-rpc-caller.patch | 1197 -------- ...-add-psa-client-definitions-for-ff-m.patch | 299 -- ...mon-service-component-to-ipc-support.patch | 295 -- .../0012-Add-secure-storage-ipc-backend.patch | 523 ---- ...storage-ipc-and-openamp-for-se_proxy.patch | 63 - ...d-uefi-variable-append-write-support.patch | 1162 -------- ...riable-support-for-QueryVariableInfo.patch | 830 ------ .../0016-Add-uefi-test-deployment.patch | 248 -- ...-parameter-setting-in-sp-ffarpc_call.patch | 33 - ...-call-requests-with-no-shared-buffer.patch | 109 - .../corstone1000/0019-Run-psa-arch-test.patch | 86 - ...0020-Use-address-instead-of-pointers.patch | 169 -- ...-Add-psa-ipc-attestation-to-se-proxy.patch | 267 -- ...d-as-openamp-rpc-using-secure-storag.patch | 164 -- .../0023-add-psa-ipc-crypto-backend.patch | 2586 ----------------- ...MM-gateway-UEFI-variable-macro-value.patch | 34 - ...ub-capsule-update-service-components.patch | 436 --- ...-logs-to-functions-in-SMM-gateway-SP.patch | 248 -- .../0027-Configure-storage-size.patch | 41 - ...d-uefi-variable-append-write-support.patch | 1219 -------- ...-Change-UID-of-variable-index-in-SMM.patch | 31 - ...-Add-missing-features-to-setVariable.patch | 73 - ...rameter-check-in-getNextVariableName.patch | 55 - ...teway-add-checks-for-null-attributes.patch | 81 - .../0033-Enhance-mbedtls-fetch-process.patch | 258 -- ...x-format-specifier-in-logging_caller.patch | 41 - ...for-mbedtls-and-psa-arch-tests-for-v.patch | 64 - ...n-verify-message-and-hash-operations.patch | 1080 ------- ...nst-uninitialised-multi-part-transac.patch | 123 - ...038-Integrate-AEAD-operation-support.patch | 521 ---- ...eration-to-one-shot-cipher-operation.patch | 96 - ...-Fix-multi-part-termination-on-error.patch | 241 -- ...tion-if-client-provided-buffer-is-to.patch | 49 - ...g-to-updated-t_cose-version-fc3a4b2c.patch | 94 - .../0043-pass-sysroot_yocto.patch | 110 - ...face-structure-aligned-with-tf-m-cha.patch | 29 - ...egrate-remaining-psa-ipc-client-APIs.patch | 494 ---- ...et_key_usage_flags-definition-to-the.patch | 40 - ...-in-AEAD-for-psa-arch-test-54-and-58.patch | 120 - ...-UEFI-get_variable-with-small-buffer.patch | 407 --- ...mic-outline-to-fix-build-for-opemamp.patch | 44 - .../trusted-services/ts-corstone1000.inc | 130 +- .../ts-sp-se-proxy_%.bbappend | 4 + .../ts-sp-smm-gateway_%.bbappend | 4 + 55 files changed, 54 insertions(+), 16019 deletions(-) create mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-plat-add-corstone1000-platform-to-drivers-arm.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0001-tools-cmake-common-applying-lowercase-project-conven.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0002-fix-EARLY_TA_PATHS-env-variable.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0003-corstone1000-port-crypto-config.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0003-se-proxy-dts-add-se-proxy-as-child-node.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0004-Update-mm-comm-buffer-region-in-dts-file.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0005-Configure-NV-storage-macro.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0006-Use-device-region.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0007-Add-openamp-to-SE-proxy-deployment.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0008-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0009-Add-openamp-rpc-caller.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0010-add-psa-client-definitions-for-ff-m.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0011-Add-common-service-component-to-ipc-support.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0012-Add-secure-storage-ipc-backend.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0013-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0014-Add-uefi-variable-append-write-support.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0015-Add-UEFI-variable-support-for-QueryVariableInfo.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0016-Add-uefi-test-deployment.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0017-Fix-interface-ID-parameter-setting-in-sp-ffarpc_call.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0018-Support-FFARPC-call-requests-with-no-shared-buffer.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0019-Run-psa-arch-test.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0020-Use-address-instead-of-pointers.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0021-Add-psa-ipc-attestation-to-se-proxy.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0022-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0023-add-psa-ipc-crypto-backend.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0024-Increase-SMM-gateway-UEFI-variable-macro-value.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0025-Add-stub-capsule-update-service-components.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0026-Add-logs-to-functions-in-SMM-gateway-SP.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0027-Configure-storage-size.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0028-Revert-Add-uefi-variable-append-write-support.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0029-Change-UID-of-variable-index-in-SMM.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0030-Add-missing-features-to-setVariable.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0031-Add-invalid-parameter-check-in-getNextVariableName.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0032-smm_gateway-add-checks-for-null-attributes.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0033-Enhance-mbedtls-fetch-process.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0034-Fix-format-specifier-in-logging_caller.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0035-Update-refspecs-for-mbedtls-and-psa-arch-tests-for-v.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0036-Separate-sign-verify-message-and-hash-operations.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0037-Add-defence-against-uninitialised-multi-part-transac.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0038-Integrate-AEAD-operation-support.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0039-Add-IV-generation-to-one-shot-cipher-operation.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0040-Fix-multi-part-termination-on-error.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0041-Abort-AEAD-operation-if-client-provided-buffer-is-to.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0042-Peg-to-updated-t_cose-version-fc3a4b2c.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0043-pass-sysroot_yocto.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0044-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0045-Integrate-remaining-psa-ipc-client-APIs.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0046-Fix-update-psa_set_key_usage_flags-definition-to-the.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0047-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0048-Fix-UEFI-get_variable-with-small-buffer.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0049-Add-atomic-outline-to-fix-build-for-opemamp.patch create mode 100644 meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend create mode 100644 meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend diff --git a/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm-bsp/conf/machine/include/corstone1000.inc index 44a9a56c..fd659a4c 100644 --- a/meta-arm-bsp/conf/machine/include/corstone1000.inc +++ b/meta-arm-bsp/conf/machine/include/corstone1000.inc @@ -40,6 +40,10 @@ EXTRA_IMAGEDEPENDS += "optee-os" OPTEE_ARCH = "arm64" OPTEE_BINARY = "tee-pager_v2.bin" +# Include smm-gateway and se-proxy SPs into optee-os binary +MACHINE_FEATURES += "ts-smm-gateway ts-se-proxy" +TS_PLATFORM = "arm/corstone1000" + # External System(Cortex-M3) EXTRA_IMAGEDEPENDS += "external-system" diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-plat-add-corstone1000-platform-to-drivers-arm.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-plat-add-corstone1000-platform-to-drivers-arm.patch new file mode 100644 index 00000000..3b15c721 --- /dev/null +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-plat-add-corstone1000-platform-to-drivers-arm.patch @@ -0,0 +1,36 @@ +From d262ab277a87c1cda4f71137f6bb963066ba6997 Mon Sep 17 00:00:00 2001 +From: Vishnu Banavath +Date: Tue, 13 Sep 2022 16:46:14 +0100 +Subject: [PATCH 26/27] plat: add corstone1000 platform to drivers/arm + +This change is to add corstone1000 platform cmake. Smm gateway +uses SE proxy to route the calls for any NV storage. + +Signed-off-by: Vishnu Banavath +Upstream-Status: Pending [Not submitted to upstream yet] +--- + platform/providers/arm/corstone1000/platform.cmake | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + create mode 100644 platform/providers/arm/corstone1000/platform.cmake + +diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake +new file mode 100644 +index 00000000..14a9f6b0 +--- /dev/null ++++ b/platform/providers/arm/corstone1000/platform.cmake +@@ -0,0 +1,12 @@ ++#------------------------------------------------------------------------------- ++# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. ++# ++# SPDX-License-Identifier: BSD-3-Clause ++# ++# Platform definition for the corstone1000 platform. ++#------------------------------------------------------------------------------- ++ ++target_compile_definitions(${TGT} PRIVATE ++ SMM_GATEWAY_NV_STORE_SN="sn:ffa:46bb39d1-b4d9-45b5-88ff-040027dab249:1" ++) ++ +-- +2.17.1 + diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0001-tools-cmake-common-applying-lowercase-project-conven.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0001-tools-cmake-common-applying-lowercase-project-conven.patch deleted file mode 100644 index 83c7b545..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0001-tools-cmake-common-applying-lowercase-project-conven.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 73c27b917e15eb04f39eedac9b79e5011e8a754f Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath -Date: Sat, 13 Nov 2021 07:47:44 +0000 -Subject: [PATCH] tools/cmake/common: applying lowercase project convention - -Lowercase convention should only apply on the paths inside TS -source-code. -Host build paths should not be lowercased. Otherwise, builds -with uppercase paths will break. - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Abdellatif El Khlifi - - ---- - tools/cmake/common/AddPlatform.cmake | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/tools/cmake/common/AddPlatform.cmake b/tools/cmake/common/AddPlatform.cmake -index ae34c6e4..31bcd8ca 100644 ---- a/tools/cmake/common/AddPlatform.cmake -+++ b/tools/cmake/common/AddPlatform.cmake -@@ -37,8 +37,8 @@ function(add_platform) - set(TGT ${MY_PARAMS_TARGET} CACHE STRING "") - - # Ensure file path conforms to lowercase project convention -- string(TOLOWER "${TS_PLATFORM_ROOT}/${TS_PLATFORM}/platform.cmake" _platdef) -- include(${_platdef}) -+ string(TOLOWER "${TS_PLATFORM}/platform.cmake" _platdef) -+ include(${TS_PLATFORM_ROOT}/${_platdef}) - set(CMAKE_CONFIGURE_DEPENDS ${_platdef}) - - unset(TGT CACHE) diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0002-fix-EARLY_TA_PATHS-env-variable.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0002-fix-EARLY_TA_PATHS-env-variable.patch deleted file mode 100644 index f56b4553..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0002-fix-EARLY_TA_PATHS-env-variable.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 146f4dfa73aa316d611188f63e3530cffe9200af Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath -Date: Sat, 13 Nov 2021 07:51:53 +0000 -Subject: [PATCH] fix EARLY_TA_PATHS env variable - -Yocto cleans up environment varaibles at build time. -EARLY_TA_PATHS should be set a separate rule for securepartitions -to be included into optee-os image - -Signed-off-by: Vishnu Banavath -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Abdellatif El Khlifi - - ---- - environments/opteesp/sp.mk.in | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/environments/opteesp/sp.mk.in b/environments/opteesp/sp.mk.in -index c44ad59e..d67e2dca 100644 ---- a/environments/opteesp/sp.mk.in -+++ b/environments/opteesp/sp.mk.in -@@ -14,7 +14,8 @@ ifeq (,${@EXPORT_SP_UUID@-included}) - endif - - ifeq (embedded,${SP_PACKAGING_METHOD}) --OPTEE_OS_COMMON_EXTRA_FLAGS+=EARLY_TA_PATHS+=${TS_INSTALL_PREFIX}/opteesp/bin/@EXPORT_SP_UUID@.stripped.elf -+EARLY_TA_PATHS+=${TS_INSTALL_PREFIX}/bin/@EXPORT_SP_UUID@.stripped.elf -+OPTEE_OS_COMMON_EXTRA_FLAGS+=${EARLY_TA_PATHS} - TS_SP_DTSI_LIST+="\\n\#include \"${TS_INSTALL_PREFIX}/opteesp/manifest/@EXPORT_SP_UUID@.dtsi\"" - else ifeq (fip,${SP_PACKAGING_METHOD}) - TS_SP_JSON_LIST+=${TS_INSTALL_PREFIX}/opteesp/json/@EXPORT_SP_NAME@.json diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0003-corstone1000-port-crypto-config.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0003-corstone1000-port-crypto-config.patch deleted file mode 100644 index 3b26b77a..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0003-corstone1000-port-crypto-config.patch +++ /dev/null @@ -1,234 +0,0 @@ -From f86f5b42d853d2a65f6753362361bbb95aac1800 Mon Sep 17 00:00:00 2001 -From: Satish Kumar -Date: Sat, 11 Dec 2021 11:06:57 +0000 -Subject: [PATCH] corstone1000: port crypto config - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras - -Signed-off-by: Satish Kumar - -%% original patch: 0003-corstone1000-port-crypto-config.patch ---- - .../nspe/pal_crypto_config.h | 83 +++++++++++++++---- - 1 file changed, 66 insertions(+), 17 deletions(-) - -diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h -index 844cd2e..c936bdd 100755 ---- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h -+++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h -@@ -1,5 +1,5 @@ - /** @file -- * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved. -+ * Copyright (c) 2019-2020, Arm Limited or its affiliates. All rights reserved. - * SPDX-License-Identifier : Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); -@@ -34,10 +34,14 @@ - * - * Comment macros to disable the types - */ -+#ifndef TF_M_PROFILE_SMALL -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_RSA - #define ARCH_TEST_RSA_1024 - #define ARCH_TEST_RSA_2048 - #define ARCH_TEST_RSA_3072 -+#endif -+#endif - - /** - * \def ARCH_TEST_ECC -@@ -50,11 +54,17 @@ - * Requires: ARCH_TEST_ECC - * Comment macros to disable the curve - */ -+#ifndef TF_M_PROFILE_SMALL - #define ARCH_TEST_ECC - #define ARCH_TEST_ECC_CURVE_SECP192R1 -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_ECC_CURVE_SECP224R1 -+#endif - #define ARCH_TEST_ECC_CURVE_SECP256R1 -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_ECC_CURVE_SECP384R1 -+#endif -+#endif - - /** - * \def ARCH_TEST_AES -@@ -78,10 +88,10 @@ - * - * Comment macros to disable the types - */ --#define ARCH_TEST_DES --#define ARCH_TEST_DES_1KEY --#define ARCH_TEST_DES_2KEY --#define ARCH_TEST_DES_3KEY -+//#define ARCH_TEST_DES -+//#define ARCH_TEST_DES_1KEY -+//#define ARCH_TEST_DES_2KEY -+//#define ARCH_TEST_DES_3KEY - - /** - * \def ARCH_TEST_RAW -@@ -104,7 +114,7 @@ - * - * Enable the ARC4 key type. - */ --#define ARCH_TEST_ARC4 -+//#define ARCH_TEST_ARC4 - - /** - * \def ARCH_TEST_CIPHER_MODE_CTR -@@ -113,7 +123,11 @@ - * - * Requires: ARCH_TEST_CIPHER - */ -+#ifndef TF_M_PROFILE_SMALL -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_CIPHER_MODE_CTR -+#endif -+#endif - - /** - * \def ARCH_TEST_CIPHER_MODE_CFB -@@ -138,7 +152,11 @@ - * - * Requires: ARCH_TEST_CIPHER, ARCH_TEST_AES, ARCH_TEST_CIPHER_MODE_CTR - */ -+#ifndef TF_M_PROFILE_SMALL -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_CTR_AES -+#endif -+#endif - - /** - * \def ARCH_TEST_CBC_AES -@@ -157,7 +175,11 @@ - * - * Comment macros to disable the types - */ -+#ifndef TF_M_PROFILE_SMALL -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_CBC_NO_PADDING -+#endif -+#endif - - /** - * \def ARCH_TEST_CFB_AES -@@ -177,11 +199,15 @@ - * - * Comment macros to disable the types - */ -+#ifndef TF_M_PROFILE_SMALL -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_PKCS1V15 - #define ARCH_TEST_RSA_PKCS1V15_SIGN - #define ARCH_TEST_RSA_PKCS1V15_SIGN_RAW - #define ARCH_TEST_RSA_PKCS1V15_CRYPT - #define ARCH_TEST_RSA_OAEP -+#endif -+#endif - - /** - * \def ARCH_TEST_CBC_PKCS7 -@@ -190,7 +216,11 @@ - * - * Comment macros to disable the types - */ -+#ifndef TF_M_PROFILE_SMALL -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_CBC_PKCS7 -+#endif -+#endif - - /** - * \def ARCH_TEST_ASYMMETRIC_ENCRYPTION -@@ -227,21 +257,27 @@ - * - * Comment macros to disable the types - */ --// #define ARCH_TEST_MD2 --// #define ARCH_TEST_MD4 --#define ARCH_TEST_MD5 --#define ARCH_TEST_RIPEMD160 --#define ARCH_TEST_SHA1 -+//#define ARCH_TEST_MD2 -+//#define ARCH_TEST_MD4 -+//#define ARCH_TEST_MD5 -+//#define ARCH_TEST_RIPEMD160 -+//#define ARCH_TEST_SHA1 -+#ifndef TF_M_PROFILE_SMALL - #define ARCH_TEST_SHA224 -+#endif - #define ARCH_TEST_SHA256 -+#ifndef TF_M_PROFILE_SMALL -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_SHA384 - #define ARCH_TEST_SHA512 --// #define ARCH_TEST_SHA512_224 --// #define ARCH_TEST_SHA512_256 --// #define ARCH_TEST_SHA3_224 --// #define ARCH_TEST_SHA3_256 --// #define ARCH_TEST_SHA3_384 --// #define ARCH_TEST_SHA3_512 -+#endif -+#endif -+//#define ARCH_TEST_SHA512_224 -+//#define ARCH_TEST_SHA512_256 -+//#define ARCH_TEST_SHA3_224 -+//#define ARCH_TEST_SHA3_256 -+//#define ARCH_TEST_SHA3_384 -+//#define ARCH_TEST_SHA3_512 - - /** - * \def ARCH_TEST_HKDF -@@ -261,7 +297,12 @@ - * - * Comment macros to disable the types - */ -+#ifndef TF_M_PROFILE_SMALL -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_CMAC -+#endif -+#endif -+//#define ARCH_TEST_GMAC - #define ARCH_TEST_HMAC - - /** -@@ -281,7 +322,11 @@ - * Requires: ARCH_TEST_AES - * - */ -+#ifndef TF_M_PROFILE_SMALL -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_GCM -+#endif -+#endif - - /** - * \def ARCH_TEST_TRUNCATED_MAC -@@ -300,7 +345,9 @@ - * - * Requires: ARCH_TEST_ECC - */ -+#ifndef TF_M_PROFILE_SMALL - #define ARCH_TEST_ECDH -+#endif - - /** - * \def ARCH_TEST_ECDSA -@@ -308,7 +355,9 @@ - * Enable the elliptic curve DSA library. - * Requires: ARCH_TEST_ECC - */ -+#ifndef TF_M_PROFILE_SMALL - #define ARCH_TEST_ECDSA -+#endif - - /** - * \def ARCH_TEST_DETERMINISTIC_ECDSA --- -2.25.1 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0003-se-proxy-dts-add-se-proxy-as-child-node.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0003-se-proxy-dts-add-se-proxy-as-child-node.patch deleted file mode 100644 index bb4fc82e..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0003-se-proxy-dts-add-se-proxy-as-child-node.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 0ec1b3d20d612325b9c55baa2539d080eb6a72a8 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath -Date: Sat, 13 Nov 2021 08:34:42 +0000 -Subject: [PATCH] se-proxy:dts: add se-proxy as child node - -se-proxy sp string should be added for se-proxy node to be -read properly. - -Signed-off-by: Vishnu Banavath -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Abdellatif El Khlifi - - ---- - .../se-proxy/opteesp/default_se-proxy.dts.in | 20 ++++++++++--------- - 1 file changed, 11 insertions(+), 9 deletions(-) - -diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in -index 961071ad..9f5cf712 100644 ---- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in -+++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in -@@ -7,13 +7,15 @@ - @DTS_TAG@ - - @DTS_NODE@ { -- compatible = "arm,ffa-manifest-1.0"; -- ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */ -- uuid = <@EXPORT_SP_UUID_DT@>; -- description = "SE Proxy"; -- execution-ctx-count = <1>; -- exception-level = <1>; /* S-EL0 */ -- execution-state = <0>; /* AArch64 */ -- xlat-granule = <0>; /* 4KiB */ -- messaging-method = <0>; /* Direct messaging only */ -+ se-proxy { -+ compatible = "arm,ffa-manifest-1.0"; -+ ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */ -+ uuid = <@EXPORT_SP_UUID_DT@>; -+ description = "SE Proxy"; -+ execution-ctx-count = <1>; -+ exception-level = <1>; /* S-EL0 */ -+ execution-state = <0>; /* AArch64 */ -+ xlat-granule = <0>; /* 4KiB */ -+ messaging-method = <0>; /* Direct messaging only */ -+ }; - }; diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0004-Update-mm-comm-buffer-region-in-dts-file.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0004-Update-mm-comm-buffer-region-in-dts-file.patch deleted file mode 100644 index 9ceb176c..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0004-Update-mm-comm-buffer-region-in-dts-file.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 97b4f3cd0216c30c39f6ece4f68d8faf3901fded Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar -Date: Wed, 17 Nov 2021 15:31:09 +0000 -Subject: [PATCH] Update mm-comm-buffer region in dts file - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Gowtham Suresh Kumar - - ---- - .../opteesp/default_smm-gateway.dts.in | 35 ++++++++++--------- - 1 file changed, 18 insertions(+), 17 deletions(-) - -diff --git a/deployments/smm-gateway/opteesp/default_smm-gateway.dts.in b/deployments/smm-gateway/opteesp/default_smm-gateway.dts.in -index 0ad7878b..183c38a7 100644 ---- a/deployments/smm-gateway/opteesp/default_smm-gateway.dts.in -+++ b/deployments/smm-gateway/opteesp/default_smm-gateway.dts.in -@@ -7,23 +7,24 @@ - @DTS_TAG@ - - @DTS_NODE@ { -- compatible = "arm,ffa-manifest-1.0"; -- ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */ -- uuid = <@EXPORT_SP_UUID_DT@>; -- description = "SMM Gateway"; -- execution-ctx-count = <1>; -- exception-level = <1>; /* S-EL0 */ -- execution-state = <0>; /* AArch64 */ -- xlat-granule = <0>; /* 4KiB */ -- messaging-method = <0>; /* Direct messaging only */ -- -- memory-regions { -- compatible = "arm,ffa-manifest-memory-regions"; -- -- mm-comm-buffer { -- base-address = <@MM_COMM_BUFFER_ADDRESS@>; -- pages-count = <@MM_COMM_BUFFER_PAGE_COUNT@>; -- attributes = <0xb>; /* ns access-read-write */ -+ smm-gateway{ -+ compatible = "arm,ffa-manifest-1.0"; -+ ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */ -+ uuid = <@EXPORT_SP_UUID_DT@>; -+ description = "SMM Gateway"; -+ execution-ctx-count = <1>; -+ exception-level = <1>; /* S-EL0 */ -+ execution-state = <0>; /* AArch64 */ -+ xlat-granule = <0>; /* 4KiB */ -+ messaging-method = <0>; /* Direct messaging only */ -+ device-regions { -+ compatible = "arm,ffa-manifest-device-regions"; -+ mm-comm-buffer { -+ /* Armv8 A Foundation Platform values */ -+ base-address = <0x00000000 0x02000000>; -+ pages-count = <1>; -+ attributes = <0x3>; /* read-write */ -+ }; - }; - }; - }; diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0005-Configure-NV-storage-macro.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0005-Configure-NV-storage-macro.patch deleted file mode 100644 index 8d2d62bf..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0005-Configure-NV-storage-macro.patch +++ /dev/null @@ -1,26 +0,0 @@ -From a11b23dd5f0c4124a5c6c2fcab0ea623bc76f4ba Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar -Date: Wed, 17 Nov 2021 15:32:04 +0000 -Subject: [PATCH] Configure NV storage macro - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Gowtham Suresh Kumar - - ---- - deployments/smm-gateway/smm_gateway.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/deployments/smm-gateway/smm_gateway.c b/deployments/smm-gateway/smm_gateway.c -index 4884a040..7828b3af 100644 ---- a/deployments/smm-gateway/smm_gateway.c -+++ b/deployments/smm-gateway/smm_gateway.c -@@ -13,6 +13,8 @@ - - /* Build-time default configuration */ - -+#define SMM_GATEWAY_NV_STORE_SN "sn:ffa:46bb39d1-b4d9-45b5-88ff-040027dab249:1" -+ - /* Default to using the Protected Storage SP */ - #ifndef SMM_GATEWAY_NV_STORE_SN - #define SMM_GATEWAY_NV_STORE_SN "sn:ffa:751bf801-3dde-4768-a514-0f10aeed1790:0" diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0006-Use-device-region.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0006-Use-device-region.patch deleted file mode 100644 index eba1338e..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0006-Use-device-region.patch +++ /dev/null @@ -1,53 +0,0 @@ -From ae22f5077d35e6acf3feb8a84a8ef7f599261b00 Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar -Date: Wed, 17 Nov 2021 15:32:46 +0000 -Subject: [PATCH] Use device region - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Gowtham Suresh Kumar - - ---- - deployments/smm-gateway/opteesp/smm_gateway_sp.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/deployments/smm-gateway/opteesp/smm_gateway_sp.c b/deployments/smm-gateway/opteesp/smm_gateway_sp.c -index 6f138850..0bc09023 100644 ---- a/deployments/smm-gateway/opteesp/smm_gateway_sp.c -+++ b/deployments/smm-gateway/opteesp/smm_gateway_sp.c -@@ -10,7 +10,7 @@ - #include - #include "components/rpc/mm_communicate/endpoint/sp/mm_communicate_call_ep.h" - #include "components/service/smm_variable/frontend/mm_communicate/smm_variable_mm_service.h" --#include "platform/interface/memory_region.h" -+#include "platform/interface/device_region.h" - #include - #include - #include -@@ -25,7 +25,7 @@ static int sp_init(uint16_t *own_sp_id); - - void __noreturn sp_main(struct ffa_init_info *init_info) - { -- struct memory_region mm_comm_buffer_region = { 0 }; -+ struct device_region mm_comm_buffer_region = { 0 }; - struct rpc_interface *gateway_iface = NULL; - struct smm_variable_mm_service smm_var_service = { 0 }; - struct mm_service_interface *smm_var_service_interface = NULL; -@@ -42,7 +42,7 @@ void __noreturn sp_main(struct ffa_init_info *init_info) - config_ramstore_init(); - sp_config_load(init_info); - -- if (!config_store_query(CONFIG_CLASSIFIER_MEMORY_REGION, CONFIG_NAME_MM_COMM_BUFFER_REGION, -+ if (!config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, CONFIG_NAME_MM_COMM_BUFFER_REGION, - 0, &mm_comm_buffer_region, sizeof(mm_comm_buffer_region))) { - EMSG(CONFIG_NAME_MM_COMM_BUFFER_REGION " is not set in SP configuration"); - goto fatal_error; -@@ -57,7 +57,7 @@ void __noreturn sp_main(struct ffa_init_info *init_info) - /* Initialize MM communication layer */ - if (!mm_communicate_call_ep_init(&mm_communicate_call_ep, - (void *)mm_comm_buffer_region.base_addr, -- mm_comm_buffer_region.region_size)) -+ mm_comm_buffer_region.io_region_size)) - goto fatal_error; - - /* Attach SMM variable service to MM communication layer */ diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0007-Add-openamp-to-SE-proxy-deployment.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0007-Add-openamp-to-SE-proxy-deployment.patch deleted file mode 100644 index eb51ef71..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0007-Add-openamp-to-SE-proxy-deployment.patch +++ /dev/null @@ -1,259 +0,0 @@ -From 90712f624c7b676e5b9a2d95cbe97d2b63fddcc9 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath -Date: Fri, 3 Dec 2021 16:36:51 +0000 -Subject: [PATCH] Add openamp to SE proxy deployment - -Openamp is required to communicate between secure partitions(running on -Cortex-A) and trusted-firmware-m(running on Cortex-M). -These changes are to fetch libmetal and openamp from github repo's -and build it. - -Signed-off-by: Rui Miguel Silva -Signed-off-by: Vishnu Banavath - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath - - ---- - deployments/se-proxy/opteesp/CMakeLists.txt | 14 ++++ - deployments/se-proxy/opteesp/lse.S | 19 +++++ - external/openamp/libmetal.cmake | 81 ++++++++++++++++++++ - external/openamp/openamp.cmake | 82 +++++++++++++++++++++ - 4 files changed, 196 insertions(+) - create mode 100644 deployments/se-proxy/opteesp/lse.S - create mode 100644 external/openamp/libmetal.cmake - create mode 100644 external/openamp/openamp.cmake - -diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt -index 4e2069a5..248bd7e3 100644 ---- a/deployments/se-proxy/opteesp/CMakeLists.txt -+++ b/deployments/se-proxy/opteesp/CMakeLists.txt -@@ -89,6 +89,7 @@ add_components(TARGET "se-proxy" - target_sources(se-proxy PRIVATE - se_proxy_sp.c - service_proxy_factory.c -+ lse.S - ) - - #------------------------------------------------------------------------------- -@@ -108,6 +109,19 @@ include(../../../external/nanopb/nanopb.cmake) - target_link_libraries(se-proxy PRIVATE nanopb::protobuf-nanopb-static) - protobuf_generate_all(TGT "se-proxy" NAMESPACE "protobuf" BASE_DIR "${TS_ROOT}/protocols") - -+# libmetal -+list(APPEND LIBMETAL_EXTERNAL_INCLUDE_PATHS ${SP_DEV_KIT_INCLUDE_DIR}) -+set(LIBMETAL_EXTRA_INCLUDE_PATHS ${LIBMETAL_EXTRA_INCLUDE_PATHS} -+ CACHE STRING "" FORCE) -+include(../../../external/openamp/libmetal.cmake) -+ -+# OpenAMP -+list(APPEND OPENAMP_EXTERNAL_INCLUDE_PATHS ${SP_DEV_KIT_INCLUDE_DIR}) -+set(OPENAMP_EXTRA_INCLUDE_PATHS ${OPENAMP_EXTRA_INCLUDE_PATHS} -+ CACHE STRING "" FORCE) -+include(../../../external/openamp/openamp.cmake) -+target_link_libraries(se-proxy PRIVATE openamp libmetal) -+ - ################################################################# - - target_compile_definitions(se-proxy PRIVATE -diff --git a/deployments/se-proxy/opteesp/lse.S b/deployments/se-proxy/opteesp/lse.S -new file mode 100644 -index 00000000..840683a6 ---- /dev/null -+++ b/deployments/se-proxy/opteesp/lse.S -@@ -0,0 +1,19 @@ -+// SPDX-License-Identifier: BSD-3-Clause -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ */ -+ -+.text -+.globl __aarch64_cas4_acq_rel -+ -+__aarch64_cas4_acq_rel: -+ mov w16, w0 -+ ldaxr w0, [x2] -+ cmp w0, w16 -+0: bne 1f -+ -+ stlxr w17, w1, [x2] -+ cbnz w17, 0b -+1: ret -+ -+ -diff --git a/external/openamp/libmetal.cmake b/external/openamp/libmetal.cmake -new file mode 100644 -index 00000000..3a647e69 ---- /dev/null -+++ b/external/openamp/libmetal.cmake -@@ -0,0 +1,81 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021 Linaro Limited -+# Copyright (c) 2021, Arm Limited. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+ -+set (LIBMETAL_URL "https://github.com/OpenAMP/libmetal.git" CACHE STRING "libmetal repository URL") -+set (LIBMETAL_INSTALL_PATH "${CMAKE_CURRENT_BINARY_DIR}/libmetal_install" CACHE PATH "libmetal installation directory") -+set (LIBMETAL_PACKAGE_PATH "${LIBMETAL_INSTALL_PATH}/libmetal/cmake" CACHE PATH "libmetal CMake package directory") -+set (LIBMETAL_TARGET_NAME "libmetal") -+set (LIBMETAL_VERSION "f252f0e007fbfb8b3a52b1d5901250ddac96baad" CACHE STRING "The version of libmetal to use") -+ -+if(NOT LIBMETAL_DEBUG) -+ set(LIBMETAL_BUILD_TYPE "Release") -+else() -+ set(LIBMETAL_BUILD_TYPE "Debug") -+endif() -+ -+include(FetchContent) -+ -+# Checking git -+find_program(GIT_COMMAND "git") -+if (NOT GIT_COMMAND) -+ message(FATAL_ERROR "Please install git") -+endif() -+ -+FetchContent_Declare( -+ libmetal -+ GIT_REPOSITORY ${LIBMETAL_URL} -+ GIT_TAG ${LIBMETAL_VERSION} -+) -+ -+# FetchContent_GetProperties exports libmetal_SOURCE_DIR and libmetal_BINARY_DIR variables -+FetchContent_GetProperties(libmetal) -+if(NOT libmetal_POPULATED) -+ message(STATUS "Fetching libmetal") -+ FetchContent_Populate(libmetal) -+endif() -+ -+# Ensure list of include paths is separated correctly -+string(REPLACE ";" "\\;" LIBMETAL_EXTERNAL_INCLUDE_PATHS "${LIBMETAL_EXTERNAL_INCLUDE_PATHS}") -+ -+#Configure the library -+execute_process(COMMAND -+ ${CMAKE_COMMAND} -+ -DCMAKE_BUILD_TYPE=${LIBMETAL_BUILD_TYPE} -+ -DCMAKE_C_COMPILER=${CMAKE_C_COMPILER} -+ -DCMAKE_C_COMPILER_ID=${CMAKE_C_COMPILER_ID} -+ -DCMAKE_TOOLCHAIN_FILE=${TS_EXTERNAL_LIB_TOOLCHAIN_FILE} -+ -DCMAKE_INSTALL_PREFIX=${LIBMETAL_INSTALL_PATH} -+ -DCMAKE_C_FLAGS_DEBUG=${CMAKE_C_FLAGS_DEBUG} -+ -DCMAKE_C_FLAGS=${CMAKE_C_FLAGS} -+ -DCMAKE_C_OUTPUT_EXTENSION=.o -+ -DCMAKE_C_COMPILER_WORKS=true -+ -DCMAKE_SYSTEM_PROCESSOR=arm -+ -DWITH_DOC=off -+ -DWITH_TESTS=off -+ -DWITH_EXAMPLES=off -+ -DWITH_DEFAULT_LOGGER=off -+ -DEXTERNAL_INCLUDE_PATHS=${LIBMETAL_EXTERNAL_INCLUDE_PATHS} -+ -DMACHINE=template -+ ${libmetal_SOURCE_DIR} -+ WORKING_DIRECTORY -+ ${libmetal_BINARY_DIR} -+) -+ -+# Build the library -+execute_process(COMMAND -+ ${CMAKE_COMMAND} --build ${libmetal_BINARY_DIR} -- install -+ RESULT_VARIABLE _exec_error -+ ) -+if (_exec_error) -+ message(FATAL_ERROR "Build step of libmetal failed with ${_exec_error}.") -+endif() -+ -+#Create an imported target to have clean abstraction in the build-system. -+add_library(libmetal STATIC IMPORTED) -+set_property(TARGET libmetal PROPERTY IMPORTED_LOCATION "${LIBMETAL_INSTALL_PATH}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}metal${CMAKE_STATIC_LIBRARY_SUFFIX}") -+set_property(TARGET libmetal PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${LIBMETAL_INSTALL_PATH}/include") -diff --git a/external/openamp/openamp.cmake b/external/openamp/openamp.cmake -new file mode 100644 -index 00000000..aae13bad ---- /dev/null -+++ b/external/openamp/openamp.cmake -@@ -0,0 +1,82 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021 Linaro Limited -+# Copyright (c) 2021, Arm Limited. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+ -+set (OPENAMP_URL "https://github.com/OpenAMP/open-amp.git" CACHE STRING "OpenAMP repository URL") -+set (OPENAMP_INSTALL_PATH "${CMAKE_CURRENT_BINARY_DIR}/openamp_install" CACHE PATH "OpenAMP installation directory") -+set (OPENAMP_PACKAGE_PATH "${OPENAMP_INSTALL_PATH}/openamp/cmake" CACHE PATH "OpenAMP CMake package directory") -+set (OPENAMP_TARGET_NAME "openamp") -+set (OPENAMP_VERSION "347397decaa43372fc4d00f965640ebde042966d" CACHE STRING "The version of openamp to use") -+ -+ -+if(NOT OPENAMP_DEBUG) -+ set(OPENAMP_BUILD_TYPE "Release") -+else() -+ set(OPENAMP_BUILD_TYPE "Debug") -+endif() -+ -+include(FetchContent) -+ -+# Checking git -+find_program(GIT_COMMAND "git") -+if (NOT GIT_COMMAND) -+ message(FATAL_ERROR "Please install git") -+endif() -+ -+FetchContent_Declare( -+ openamp -+ GIT_REPOSITORY ${OPENAMP_URL} -+ GIT_TAG ${OPENAMP_VERSION} -+) -+ -+# FetchContent_GetProperties exports openamp_SOURCE_DIR and openamp_BINARY_DIR variables -+FetchContent_GetProperties(openamp) -+if(NOT openamp_POPULATED) -+ message(STATUS "Fetching openamp") -+ FetchContent_Populate(openamp) -+endif() -+ -+# Ensure list of include paths is separated correctly -+get_target_property(_libmetal_inc libmetal INTERFACE_INCLUDE_DIRECTORIES) -+set (_openam_external_include_paths ${_libmetal_inc} ${OPENAMP_EXTERNAL_INCLUDE_PATHS}) -+string(REPLACE ";" "\\;" OPENAMP_EXTERNAL_INCLUDE_PATHS "${_openam_external_include_paths}") -+ -+#Configure the library -+execute_process(COMMAND -+ ${CMAKE_COMMAND} -+ -DCMAKE_BUILD_TYPE=${OPENAMP_BUILD_TYPE} -+ -DCMAKE_C_COMPILER=${CMAKE_C_COMPILER} -+ -DCMAKE_C_COMPILER_ID=${CMAKE_C_COMPILER_ID} -+ -DCMAKE_TOOLCHAIN_FILE=${TS_EXTERNAL_LIB_TOOLCHAIN_FILE} -+ -DCMAKE_INSTALL_PREFIX=${OPENAMP_INSTALL_PATH} -+ -DCMAKE_C_FLAGS_DEBUG=${CMAKE_C_FLAGS_DEBUG} -+ -DLIBMETAL_INCLUDE_DIR=${CMAKE_CURRENT_BINARY_DIR}/libmetal/lib/include -+ -DLIBMETAL_LIB=${CMAKE_CURRENT_BINARY_DIR}/libmetal/lib -+ -DCMAKE_C_OUTPUT_EXTENSION=.o -+ -DCMAKE_C_COMPILER_WORKS=true -+ -DCMAKE_SYSTEM_PROCESSOR=arm -+ -DEXTERNAL_INCLUDE_PATHS=${OPENAMP_EXTERNAL_INCLUDE_PATHS} -+ -DMACHINE=template -+ -DRPMSG_BUFFER_SIZE=512 -+ ${openamp_SOURCE_DIR} -+ WORKING_DIRECTORY -+ ${openamp_BINARY_DIR} -+) -+ -+# Build the library -+execute_process(COMMAND -+ ${CMAKE_COMMAND} --build ${openamp_BINARY_DIR} -- install -+ RESULT_VARIABLE _exec_error -+ ) -+if (_exec_error) -+ message(FATAL_ERROR "Build step of OpenAMP failed with ${_exec_error}.") -+endif() -+ -+#Create an imported target to have clean abstraction in the build-system. -+add_library(openamp STATIC IMPORTED) -+set_property(TARGET openamp PROPERTY IMPORTED_LOCATION "${OPENAMP_INSTALL_PATH}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}open_amp${CMAKE_STATIC_LIBRARY_SUFFIX}") -+set_property(TARGET openamp PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${OPENAMP_INSTALL_PATH}/include") diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0008-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0008-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch deleted file mode 100644 index 47ca59ff..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0008-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch +++ /dev/null @@ -1,1093 +0,0 @@ -From 993a3c3cb08a723f5b5eb07cf38d70e9acf52e7f Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath -Date: Fri, 3 Dec 2021 18:00:46 +0000 -Subject: [PATCH] Implement mhu driver and the OpenAmp conversion layer. - -This commit adds an mhu driver (v2.1 and v2) to the secure -partition se_proxy and a conversion layer to communicate with -the secure enclave using OpenAmp. - -Signed-off-by: Rui Miguel Silva -Signed-off-by: Vishnu Banavath - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath - - ---- - .../se-proxy/opteesp/default_se-proxy.dts.in | 16 + - .../drivers/arm/mhu_driver/component.cmake | 12 + - platform/drivers/arm/mhu_driver/mhu_v2.h | 391 ++++++++++++ - platform/drivers/arm/mhu_driver/mhu_v2_x.c | 602 ++++++++++++++++++ - .../providers/arm/corstone1000/platform.cmake | 10 + - 5 files changed, 1031 insertions(+) - create mode 100644 platform/drivers/arm/mhu_driver/component.cmake - create mode 100644 platform/drivers/arm/mhu_driver/mhu_v2.h - create mode 100644 platform/drivers/arm/mhu_driver/mhu_v2_x.c - create mode 100644 platform/providers/arm/corstone1000/platform.cmake - -diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in -index 9f5cf712..f351a592 100644 ---- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in -+++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in -@@ -17,5 +17,21 @@ - execution-state = <0>; /* AArch64 */ - xlat-granule = <0>; /* 4KiB */ - messaging-method = <0>; /* Direct messaging only */ -+ -+ device-regions { -+ compatible = "arm,ffa-manifest-device-regions"; -+ mhu-sender { -+ /* Armv8 A Foundation Platform values */ -+ base-address = <0x00000000 0x1b820000>; -+ pages-count = <16>; -+ attributes = <0x3>; /* read-write */ -+ }; -+ mhu-receiver { -+ /* Armv8 A Foundation Platform values */ -+ base-address = <0x00000000 0x1b830000>; -+ pages-count = <16>; -+ attributes = <0x3>; /* read-write */ -+ }; -+ }; - }; - }; -diff --git a/platform/drivers/arm/mhu_driver/component.cmake b/platform/drivers/arm/mhu_driver/component.cmake -new file mode 100644 -index 00000000..77a5a50b ---- /dev/null -+++ b/platform/drivers/arm/mhu_driver/component.cmake -@@ -0,0 +1,12 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+ -+# Add source files for using mhu driver -+target_sources(${TGT} -+ PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/mhu_v2_x.c" -+) -diff --git a/platform/drivers/arm/mhu_driver/mhu_v2.h b/platform/drivers/arm/mhu_driver/mhu_v2.h -new file mode 100644 -index 00000000..2e4ba80f ---- /dev/null -+++ b/platform/drivers/arm/mhu_driver/mhu_v2.h -@@ -0,0 +1,391 @@ -+/* -+ * Copyright (c) 2021 Arm Limited -+ * -+ * Licensed under the Apache License, Version 2.0 (the "License"); -+ * you may not use this file except in compliance with the License. -+ * You may obtain a copy of the License at -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * Unless required by applicable law or agreed to in writing, software -+ * distributed under the License is distributed on an "AS IS" BASIS, -+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ * See the License for the specific language governing permissions and -+ * limitations under the License. -+ */ -+ -+/** -+ * \file mhu_v2_x.h -+ * \brief Driver for Arm MHU v2.0 and v2.1 -+ */ -+ -+#ifndef __MHU_V2_X_H__ -+#define __MHU_V2_X_H__ -+ -+#include -+#include -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+#define MHU_2_X_INTR_NR2R_OFF (0x0u) -+#define MHU_2_X_INTR_R2NR_OFF (0x1u) -+#define MHU_2_1_INTR_CHCOMB_OFF (0x2u) -+ -+#define MHU_2_X_INTR_NR2R_MASK (0x1u << MHU_2_X_INTR_NR2R_OFF) -+#define MHU_2_X_INTR_R2NR_MASK (0x1u << MHU_2_X_INTR_R2NR_OFF) -+#define MHU_2_1_INTR_CHCOMB_MASK (0x1u << MHU_2_1_INTR_CHCOMB_OFF) -+ -+enum mhu_v2_x_frame_t { -+ MHU_V2_X_SENDER_FRAME = 0x0u, -+ MHU_V2_X_RECEIVER_FRAME = 0x1u, -+}; -+ -+enum mhu_v2_x_supported_revisions { -+ MHU_REV_READ_FROM_HW = 0, -+ MHU_REV_2_0, -+ MHU_REV_2_1, -+}; -+ -+struct mhu_v2_x_dev_t { -+ uint32_t base; -+ enum mhu_v2_x_frame_t frame; -+ uint32_t subversion; /*!< Hardware subversion: v2.X */ -+ bool is_initialized; /*!< Indicates if the MHU driver -+ * is initialized and enabled -+ */ -+}; -+ -+/** -+ * \brief MHU v2 error enumeration types. -+ */ -+enum mhu_v2_x_error_t { -+ MHU_V_2_X_ERR_NONE = 0, -+ MHU_V_2_X_ERR_NOT_INIT = -1, -+ MHU_V_2_X_ERR_ALREADY_INIT = -2, -+ MHU_V_2_X_ERR_UNSUPPORTED_VERSION = -3, -+ MHU_V_2_X_ERR_INVALID_ARG = -4, -+ MHU_V_2_X_ERR_GENERAL = -5 -+}; -+ -+/** -+ * \brief Initializes the driver -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] rev MHU revision (if can't be identified from HW) -+ * -+ * Reads the MHU hardware version -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note MHU revision only has to be specified when versions can't be read -+ * from HW (ARCH_MAJOR_REV reg reads as 0x0). -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_driver_init(struct mhu_v2_x_dev_t *dev, -+ enum mhu_v2_x_supported_revisions rev); -+ -+/** -+ * \brief Returns the number of channels implemented. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * -+ * Returns the number of channels implemented. -+ * -+ * \return Returns the number of channels implemented. -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+uint32_t mhu_v2_x_get_num_channel_implemented( -+ const struct mhu_v2_x_dev_t *dev); -+ -+/** -+ * \brief Sends the value over a channel. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Channel to send the value over. -+ * \param[in] val Value to send. -+ * -+ * Sends the value over a channel. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_send(const struct mhu_v2_x_dev_t *dev, -+ uint32_t channel, uint32_t val); -+ -+/** -+ * \brief Clears the channel after the value is send over it. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Channel to clear. -+ * -+ * Clears the channel after the value is send over it. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_clear(const struct mhu_v2_x_dev_t *dev, -+ uint32_t channel); -+ -+/** -+ * \brief Receives the value over a channel. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Channel to receive the value from. -+ * \param[out] value Pointer to variable that will store the value. -+ * -+ * Receives the value over a channel. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_receive( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t *value); -+ -+/** -+ * \brief Sets bits in the Channel Mask. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Which channel's mask to set. -+ * \param[in] mask Mask to be set over a receiver frame. -+ * -+ * Sets bits in the Channel Mask. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_set( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask); -+ -+/** -+ * \brief Clears bits in the Channel Mask. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Which channel's mask to clear. -+ * \param[in] mask Mask to be clear over a receiver frame. -+ * -+ * Clears bits in the Channel Mask. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_clear( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask); -+ -+/** -+ * \brief Enables the Channel interrupt. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Which channel's interrupt to enable. -+ * -+ * Enables the Channel clear interrupt. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_enable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel); -+ -+/** -+ * \brief Disables the Channel interrupt. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Which channel's interrupt to disable. -+ * -+ * Disables the Channel interrupt. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_disable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel); -+ -+/** -+ * \brief Cleares the Channel interrupt. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] channel Which channel's interrupt to clear. -+ * -+ * Cleares the Channel interrupt. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ * \note This function doesn't check if channel is implemented. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_clear( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel); -+ -+/** -+ * \brief Initiates a MHU transfer with the handshake signals. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * -+ * Initiates a MHU transfer with the handshake signals in a blocking mode. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_initiate_transfer( -+ const struct mhu_v2_x_dev_t *dev); -+ -+/** -+ * \brief Closes a MHU transfer with the handshake signals. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * -+ * Closes a MHU transfer with the handshake signals in a blocking mode. -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_close_transfer( -+ const struct mhu_v2_x_dev_t *dev); -+ -+/** -+ * \brief Returns the value of access request signal. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[out] val Pointer to variable that will store the value. -+ * -+ * For more information please read the MHU v2 user guide -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_get_access_request( -+ const struct mhu_v2_x_dev_t *dev, uint32_t *val); -+ -+/** -+ * \brief Sets the value of access request signal to high. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * -+ * For more information please read the MHU v2 user guide -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_set_access_request( -+ const struct mhu_v2_x_dev_t *dev); -+ -+/** -+ * \brief Sets the value of access request signal to low. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * -+ * For more information please read the MHU v2 user guide -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_reset_access_request( -+ const struct mhu_v2_x_dev_t *dev); -+ -+/** -+ * \brief Returns the value of access ready signal. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[out] val Pointer to variable that will store the value. -+ * -+ * For more information please read the MHU v2 user guide -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_get_access_ready( -+ const struct mhu_v2_x_dev_t *dev, uint32_t *val); -+ -+/** -+ * \brief Returns the MHU interrupt status. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * -+ * \return Interrupt status register value. Masking is needed for individual -+ * interrupts. -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+uint32_t mhu_v2_x_get_interrupt_status(const struct mhu_v2_x_dev_t *dev); -+ -+/** -+ * \brief Enables MHU interrupts. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] mask Bit mask for enabling/disabling interrupts -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_interrupt_enable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t mask); -+ -+/** -+ * \brief Disables MHU interrupts. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] mask Bit mask for enabling/disabling interrupts -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_interrupt_disable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t mask); -+ -+/** -+ * \brief Clears MHU interrupts. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[in] mask Bit mask for clearing interrupts -+ * -+ * \return Returns mhu_v2_x_error_t error code -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_x_interrupt_clear( -+ const struct mhu_v2_x_dev_t *dev, uint32_t mask); -+ -+/** -+ * \brief Returns the first channel number whose interrupt bit is high. -+ * -+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t -+ * \param[out] channel Pointer to variable that will have the channel value. -+ * -+ * \return Returns the first channel number whose interrupt bit is high. -+ * \return Returns mhu_v2_x_error_t error code. -+ * -+ * \note This function doesn't check if dev is NULL. -+ */ -+enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num( -+ const struct mhu_v2_x_dev_t *dev, uint32_t *channel); -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* __MHU_V2_X_H__ */ -diff --git a/platform/drivers/arm/mhu_driver/mhu_v2_x.c b/platform/drivers/arm/mhu_driver/mhu_v2_x.c -new file mode 100644 -index 00000000..01d8f659 ---- /dev/null -+++ b/platform/drivers/arm/mhu_driver/mhu_v2_x.c -@@ -0,0 +1,602 @@ -+/* -+ * Copyright (c) 2021 Arm Limited -+ * -+ * Licensed under the Apache License, Version 2.0 (the "License"); -+ * you may not use this file except in compliance with the License. -+ * You may obtain a copy of the License at -+ * -+ * http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * Unless required by applicable law or agreed to in writing, software -+ * distributed under the License is distributed on an "AS IS" BASIS, -+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ * See the License for the specific language governing permissions and -+ * limitations under the License. -+ */ -+#include -+#include -+#include "mhu_v2.h" -+ -+#define _MHU_V2_X_MAX_CHANNELS 124 -+#define _MHU_V2_1_MAX_CHCOMB_INT 4 -+#define ENABLE 0x1 -+#define DISABLE 0x0 -+#define CLEAR_INTR 0x1 -+#define CH_PER_CH_COMB 0x20 -+#define SEND_FRAME(p_mhu) ((struct _mhu_v2_x_send_frame_t *)p_mhu) -+#define RECV_FRAME(p_mhu) ((struct _mhu_v2_x_recv_frame_t *)p_mhu) -+ -+#define MHU_MAJOR_REV_V2 0x1u -+#define MHU_MINOR_REV_2_0 0x0u -+#define MHU_MINOR_REV_2_1 0x1u -+ -+struct _mhu_v2_x_send_ch_window_t { -+ /* Offset: 0x00 (R/ ) Channel Status */ -+ volatile uint32_t ch_st; -+ /* Offset: 0x04 (R/ ) Reserved */ -+ volatile uint32_t reserved_0; -+ /* Offset: 0x08 (R/ ) Reserved */ -+ volatile uint32_t reserved_1; -+ /* Offset: 0x0C ( /W) Channel Set */ -+ volatile uint32_t ch_set; -+ /* Offset: 0x10 (R/ ) Channel Interrupt Status (Reserved in 2.0) */ -+ volatile uint32_t ch_int_st; -+ /* Offset: 0x14 ( /W) Channel Interrupt Clear (Reserved in 2.0) */ -+ volatile uint32_t ch_int_clr; -+ /* Offset: 0x18 (R/W) Channel Interrupt Enable (Reserved in 2.0) */ -+ volatile uint32_t ch_int_en; -+ /* Offset: 0x1C (R/ ) Reserved */ -+ volatile uint32_t reserved_2; -+}; -+ -+struct _mhu_v2_x_send_frame_t { -+ /* Offset: 0x000 ( / ) Sender Channel Window 0 -123 */ -+ struct _mhu_v2_x_send_ch_window_t send_ch_window[_MHU_V2_X_MAX_CHANNELS]; -+ /* Offset: 0xF80 (R/ ) Message Handling Unit Configuration */ -+ volatile uint32_t mhu_cfg; -+ /* Offset: 0xF84 (R/W) Response Configuration */ -+ volatile uint32_t resp_cfg; -+ /* Offset: 0xF88 (R/W) Access Request */ -+ volatile uint32_t access_request; -+ /* Offset: 0xF8C (R/ ) Access Ready */ -+ volatile uint32_t access_ready; -+ /* Offset: 0xF90 (R/ ) Interrupt Status */ -+ volatile uint32_t int_st; -+ /* Offset: 0xF94 ( /W) Interrupt Clear */ -+ volatile uint32_t int_clr; -+ /* Offset: 0xF98 (R/W) Interrupt Enable */ -+ volatile uint32_t int_en; -+ /* Offset: 0xF9C (R/ ) Reserved */ -+ volatile uint32_t reserved_0; -+ /* Offset: 0xFA0 (R/W) Channel Combined Interrupt Stat (Reserved in 2.0) */ -+ volatile uint32_t ch_comb_int_st[_MHU_V2_1_MAX_CHCOMB_INT]; -+ /* Offset: ‭0xFC4‬ (R/ ) Reserved */ -+ volatile uint32_t reserved_1[6]; -+ /* Offset: 0xFC8 (R/ ) Implementer Identification Register */ -+ volatile uint32_t iidr; -+ /* Offset: 0xFCC (R/ ) Architecture Identification Register */ -+ volatile uint32_t aidr; -+ /* Offset: 0xFD0 (R/ ) */ -+ volatile uint32_t pid_1[4]; -+ /* Offset: 0xFE0 (R/ ) */ -+ volatile uint32_t pid_0[4]; -+ /* Offset: 0xFF0 (R/ ) */ -+ volatile uint32_t cid[4]; -+}; -+ -+struct _mhu_v2_x_rec_ch_window_t { -+ /* Offset: 0x00 (R/ ) Channel Status */ -+ volatile uint32_t ch_st; -+ /* Offset: 0x04 (R/ ) Channel Status Masked */ -+ volatile uint32_t ch_st_msk; -+ /* Offset: 0x08 ( /W) Channel Clear */ -+ volatile uint32_t ch_clr; -+ /* Offset: 0x0C (R/ ) Reserved */ -+ volatile uint32_t reserved_0; -+ /* Offset: 0x10 (R/ ) Channel Mask Status */ -+ volatile uint32_t ch_msk_st; -+ /* Offset: 0x14 ( /W) Channel Mask Set */ -+ volatile uint32_t ch_msk_set; -+ /* Offset: 0x18 ( /W) Channel Mask Clear */ -+ volatile uint32_t ch_msk_clr; -+ /* Offset: 0x1C (R/ ) Reserved */ -+ volatile uint32_t reserved_1; -+}; -+ -+struct _mhu_v2_x_recv_frame_t { -+ /* Offset: 0x000 ( / ) Receiver Channel Window 0 -123 */ -+ struct _mhu_v2_x_rec_ch_window_t rec_ch_window[_MHU_V2_X_MAX_CHANNELS]; -+ /* Offset: 0xF80 (R/ ) Message Handling Unit Configuration */ -+ volatile uint32_t mhu_cfg; -+ /* Offset: 0xF84 (R/ ) Reserved */ -+ volatile uint32_t reserved_0[3]; -+ /* Offset: 0xF90 (R/ ) Interrupt Status (Reserved in 2.0) */ -+ volatile uint32_t int_st; -+ /* Offset: 0xF94 (R/ ) Interrupt Clear (Reserved in 2.0) */ -+ volatile uint32_t int_clr; -+ /* Offset: 0xF98 (R/W) Interrupt Enable (Reserved in 2.0) */ -+ volatile uint32_t int_en; -+ /* Offset: 0xF9C (R/ ) Reserved */ -+ volatile uint32_t reserved_1; -+ /* Offset: 0xFA0 (R/ ) Channel Combined Interrupt Stat (Reserved in 2.0) */ -+ volatile uint32_t ch_comb_int_st[_MHU_V2_1_MAX_CHCOMB_INT]; -+ /* Offset: 0xFB0 (R/ ) Reserved */ -+ volatile uint32_t reserved_2[6]; -+ /* Offset: 0xFC8 (R/ ) Implementer Identification Register */ -+ volatile uint32_t iidr; -+ /* Offset: 0xFCC (R/ ) Architecture Identification Register */ -+ volatile uint32_t aidr; -+ /* Offset: 0xFD0 (R/ ) */ -+ volatile uint32_t pid_1[4]; -+ /* Offset: 0xFE0 (R/ ) */ -+ volatile uint32_t pid_0[4]; -+ /* Offset: 0xFF0 (R/ ) */ -+ volatile uint32_t cid[4]; -+}; -+ -+union _mhu_v2_x_frame_t { -+ struct _mhu_v2_x_send_frame_t send_frame; -+ struct _mhu_v2_x_recv_frame_t recv_frame; -+}; -+ -+enum mhu_v2_x_error_t mhu_v2_x_driver_init(struct mhu_v2_x_dev_t *dev, -+ enum mhu_v2_x_supported_revisions rev) -+{ -+ uint32_t AIDR = 0; -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if (dev->is_initialized) { -+ return MHU_V_2_X_ERR_ALREADY_INIT; -+ } -+ -+ if (rev == MHU_REV_READ_FROM_HW) { -+ /* Read revision from HW */ -+ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ AIDR = p_mhu->recv_frame.aidr; -+ } else { -+ AIDR = p_mhu->send_frame.aidr; -+ } -+ -+ /* Get bits 7:4 to read major revision */ -+ if ( ((AIDR >> 4) & 0b1111) != MHU_MAJOR_REV_V2) { -+ /* Unsupported MHU version */ -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } /* No need to save major version, driver only supports MHUv2 */ -+ -+ /* Get bits 3:0 to read minor revision */ -+ dev->subversion = AIDR & 0b1111; -+ -+ if (dev->subversion != MHU_MINOR_REV_2_0 && -+ dev->subversion != MHU_MINOR_REV_2_1) { -+ /* Unsupported subversion */ -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ } else { -+ /* Revisions were provided by caller */ -+ if (rev == MHU_REV_2_0) { -+ dev->subversion = MHU_MINOR_REV_2_0; -+ } else if (rev == MHU_REV_2_1) { -+ dev->subversion = MHU_MINOR_REV_2_1; -+ } else { -+ /* Unsupported subversion */ -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ }/* No need to save major version, driver only supports MHUv2 */ -+ } -+ -+ dev->is_initialized = true; -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+uint32_t mhu_v2_x_get_num_channel_implemented(const struct mhu_v2_x_dev_t *dev) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ return (SEND_FRAME(p_mhu))->mhu_cfg; -+ } else { -+ return (RECV_FRAME(p_mhu))->mhu_cfg; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_send(const struct mhu_v2_x_dev_t *dev, -+ uint32_t channel, uint32_t val) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_set = val; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_clear(const struct mhu_v2_x_dev_t *dev, -+ uint32_t channel) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_clr = UINT32_MAX; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_receive( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t *value) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ *value = (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_st; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_set( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_msk_set = mask; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_clear( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_msk_clr = mask; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_enable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->subversion == MHU_MINOR_REV_2_1) { -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_en = ENABLE; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_disable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->subversion == MHU_MINOR_REV_2_1) { -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_en = DISABLE; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_clear( -+ const struct mhu_v2_x_dev_t *dev, uint32_t channel) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->subversion == MHU_MINOR_REV_2_1) { -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_clr = CLEAR_INTR; -+ return MHU_V_2_X_ERR_NONE; -+ } else { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_initiate_transfer( -+ const struct mhu_v2_x_dev_t *dev) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame != MHU_V2_X_SENDER_FRAME) { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ (SEND_FRAME(p_mhu))->access_request = ENABLE; -+ -+ while ( !((SEND_FRAME(p_mhu))->access_ready) ) { -+ /* Wait in a loop for access ready signal to be high */ -+ ; -+ } -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_close_transfer(const struct mhu_v2_x_dev_t *dev) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame != MHU_V2_X_SENDER_FRAME) { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ (SEND_FRAME(p_mhu))->access_request = DISABLE; -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_get_access_request( -+ const struct mhu_v2_x_dev_t *dev, uint32_t *val) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame != MHU_V2_X_SENDER_FRAME) { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ *val = (SEND_FRAME(p_mhu))->access_request; -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_set_access_request( -+ const struct mhu_v2_x_dev_t *dev) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame != MHU_V2_X_SENDER_FRAME) { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ (SEND_FRAME(p_mhu))->access_request = ENABLE; -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_reset_access_request( -+ const struct mhu_v2_x_dev_t *dev) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame != MHU_V2_X_SENDER_FRAME) { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ (SEND_FRAME(p_mhu))->access_request = DISABLE; -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_get_access_ready( -+ const struct mhu_v2_x_dev_t *dev, uint32_t *val) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame != MHU_V2_X_SENDER_FRAME) { -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ *val = (SEND_FRAME(p_mhu))->access_ready; -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+uint32_t mhu_v2_x_get_interrupt_status(const struct mhu_v2_x_dev_t *dev) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ return (SEND_FRAME(p_mhu))->int_st; -+ } else { -+ return (RECV_FRAME(p_mhu))->int_st; -+ } -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_interrupt_enable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t mask) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->subversion == MHU_MINOR_REV_2_0) { -+ if (mask & MHU_2_1_INTR_CHCOMB_MASK) { -+ /* Combined channel IRQ is not present in v2.0 */ -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ /* Only sender frame has these registers */ -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ (SEND_FRAME(p_mhu))->int_en |= mask; -+ } else { -+ (RECV_FRAME(p_mhu))->int_en |= mask; -+ } -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_interrupt_disable( -+ const struct mhu_v2_x_dev_t *dev, uint32_t mask) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->subversion == MHU_MINOR_REV_2_0) { -+ if (mask & MHU_2_1_INTR_CHCOMB_MASK) { -+ /* Combined channel IRQ is not present in v2.0 */ -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ /* Only sender frame has these registers */ -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ (SEND_FRAME(p_mhu))->int_en &= ~mask; -+ } else { -+ (RECV_FRAME(p_mhu))->int_en &= ~mask; -+ } -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_x_interrupt_clear( -+ const struct mhu_v2_x_dev_t *dev, uint32_t mask) -+{ -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->subversion == MHU_MINOR_REV_2_0) { -+ if (mask & MHU_2_1_INTR_CHCOMB_MASK) { -+ /* Combined channel IRQ is not present in v2.0 */ -+ return MHU_V_2_X_ERR_INVALID_ARG; -+ } -+ -+ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) { -+ /* Only sender frame has these registers */ -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ } -+ -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ (SEND_FRAME(p_mhu))->int_clr = mask; -+ } else { -+ (RECV_FRAME(p_mhu))->int_clr = mask; -+ } -+ -+ return MHU_V_2_X_ERR_NONE; -+} -+ -+enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num( -+ const struct mhu_v2_x_dev_t *dev, uint32_t *channel) -+{ -+ uint32_t i, j, status; -+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; -+ -+ if ( !(dev->is_initialized) ) { -+ return MHU_V_2_X_ERR_NOT_INIT; -+ } -+ -+ if (dev->subversion != MHU_MINOR_REV_2_1) { -+ /* Feature is only supported in MHU v2.1 */ -+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; -+ } -+ -+ for(i = 0; i < _MHU_V2_1_MAX_CHCOMB_INT; i++) { -+ if(dev->frame == MHU_V2_X_SENDER_FRAME) { -+ status = (SEND_FRAME(p_mhu))->ch_comb_int_st[i]; -+ } else { -+ status = (RECV_FRAME(p_mhu))->ch_comb_int_st[i]; -+ } -+ -+ for(j = 0; j < CH_PER_CH_COMB; j++) { -+ if ((status >> CH_PER_CH_COMB - j - 1) & (ENABLE)) { -+ *channel = (CH_PER_CH_COMB - j -1 + (i * CH_PER_CH_COMB)); -+ return MHU_V_2_X_ERR_NONE; -+ } -+ } -+ } -+ -+ return MHU_V_2_X_ERR_GENERAL; -+} -diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake -new file mode 100644 -index 00000000..bb778bb9 ---- /dev/null -+++ b/platform/providers/arm/corstone1000/platform.cmake -@@ -0,0 +1,10 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+# Platform definition for the 'fvp_base_revc-2xaem8a' virtual platform. -+#------------------------------------------------------------------------------- -+ -+# include MHU driver -+include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake) diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0009-Add-openamp-rpc-caller.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0009-Add-openamp-rpc-caller.patch deleted file mode 100644 index 0f3f2c64..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0009-Add-openamp-rpc-caller.patch +++ /dev/null @@ -1,1197 +0,0 @@ -From a6721cc391397f5f999db84e4ebec4c20985996a Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath -Date: Fri, 3 Dec 2021 19:00:54 +0000 -Subject: [PATCH] Add openamp rpc caller - -Signed-off-by: Rui Miguel Silva -Signed-off-by: Vishnu Banavath - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath - - ---- - components/rpc/common/caller/rpc_caller.c | 10 + - components/rpc/common/interface/rpc_caller.h | 8 + - .../rpc/openamp/caller/sp/component.cmake | 15 + - .../rpc/openamp/caller/sp/openamp_caller.c | 203 +++++++ - .../rpc/openamp/caller/sp/openamp_caller.h | 43 ++ - .../rpc/openamp/caller/sp/openamp_mhu.c | 191 ++++++ - .../rpc/openamp/caller/sp/openamp_mhu.h | 19 + - .../rpc/openamp/caller/sp/openamp_virtio.c | 554 ++++++++++++++++++ - .../rpc/openamp/caller/sp/openamp_virtio.h | 24 + - deployments/se-proxy/opteesp/CMakeLists.txt | 1 + - .../se-proxy/opteesp/default_se-proxy.dts.in | 6 + - 11 files changed, 1074 insertions(+) - create mode 100644 components/rpc/openamp/caller/sp/component.cmake - create mode 100644 components/rpc/openamp/caller/sp/openamp_caller.c - create mode 100644 components/rpc/openamp/caller/sp/openamp_caller.h - create mode 100644 components/rpc/openamp/caller/sp/openamp_mhu.c - create mode 100644 components/rpc/openamp/caller/sp/openamp_mhu.h - create mode 100644 components/rpc/openamp/caller/sp/openamp_virtio.c - create mode 100644 components/rpc/openamp/caller/sp/openamp_virtio.h - -diff --git a/components/rpc/common/caller/rpc_caller.c b/components/rpc/common/caller/rpc_caller.c -index 2dceabeb..20d889c1 100644 ---- a/components/rpc/common/caller/rpc_caller.c -+++ b/components/rpc/common/caller/rpc_caller.c -@@ -37,3 +37,13 @@ void rpc_caller_end(struct rpc_caller *s, rpc_call_handle handle) - { - s->call_end(s->context, handle); - } -+ -+void *rpc_caller_virt_to_phys(struct rpc_caller *s, void *va) -+{ -+ return s->virt_to_phys(s->context, va); -+} -+ -+void *rpc_caller_phys_to_virt(struct rpc_caller *s, void *pa) -+{ -+ return s->phys_to_virt(s->context, pa); -+} -diff --git a/components/rpc/common/interface/rpc_caller.h b/components/rpc/common/interface/rpc_caller.h -index 387489cd..ef9bb649 100644 ---- a/components/rpc/common/interface/rpc_caller.h -+++ b/components/rpc/common/interface/rpc_caller.h -@@ -45,6 +45,10 @@ struct rpc_caller - rpc_opstatus_t *opstatus, uint8_t **resp_buf, size_t *resp_len); - - void (*call_end)(void *context, rpc_call_handle handle); -+ -+ void *(*virt_to_phys)(void *context, void *va); -+ -+ void *(*phys_to_virt)(void *context, void *pa); - }; - - /* -@@ -87,6 +91,10 @@ RPC_CALLER_EXPORTED rpc_status_t rpc_caller_invoke(struct rpc_caller *s, rpc_cal - */ - RPC_CALLER_EXPORTED void rpc_caller_end(struct rpc_caller *s, rpc_call_handle handle); - -+RPC_CALLER_EXPORTED void *rpc_caller_virt_to_phys(struct rpc_caller *s, void *va); -+ -+RPC_CALLER_EXPORTED void *rpc_caller_phys_to_virt(struct rpc_caller *s, void *pa); -+ - #ifdef __cplusplus - } - #endif -diff --git a/components/rpc/openamp/caller/sp/component.cmake b/components/rpc/openamp/caller/sp/component.cmake -new file mode 100644 -index 00000000..fc919529 ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/component.cmake -@@ -0,0 +1,15 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/openamp_caller.c" -+ "${CMAKE_CURRENT_LIST_DIR}/openamp_virtio.c" -+ "${CMAKE_CURRENT_LIST_DIR}/openamp_mhu.c" -+ ) -diff --git a/components/rpc/openamp/caller/sp/openamp_caller.c b/components/rpc/openamp/caller/sp/openamp_caller.c -new file mode 100644 -index 00000000..6cdfb756 ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_caller.c -@@ -0,0 +1,203 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include -+#include -+#include "openamp_caller.h" -+#include "openamp_mhu.h" -+#include "openamp_virtio.h" -+#include -+ -+#define OPENAMP_TRANSACTION_IDLE 0x0 -+#define OPENAMP_TRANSACTION_INPROGRESS 0x1 -+#define OPENAMP_TRANSACTION_INVOKED 0x2 -+ -+static rpc_call_handle openamp_call_begin(void *context, uint8_t **req_buf, -+ size_t req_len) -+{ -+ struct openamp_caller *openamp = context; -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ rpc_call_handle handle; -+ int ret; -+ -+ if (!req_buf) { -+ EMSG("openamp: call_begin: not req_buf"); -+ return NULL; -+ } -+ -+ if (req_len > UINT32_MAX || req_len == 0) { -+ EMSG("openamp: call_begin: resp_len invalid: %lu", req_len); -+ return NULL; -+ } -+ -+ if (openamp->status != OPENAMP_TRANSACTION_IDLE) { -+ EMSG("openamp: call_begin: transaction not idle"); -+ return NULL; -+ } -+ -+ ret = ops->platform_call_begin(openamp, req_buf, req_len); -+ if (ret < 0) { -+ EMSG("openamp: call_begin: platform begin failed: %d", ret); -+ return NULL; -+ } -+ -+ openamp->status = OPENAMP_TRANSACTION_INPROGRESS; -+ handle = openamp; -+ -+ return handle; -+} -+ -+static rpc_status_t openamp_call_invoke(void *context, rpc_call_handle handle, -+ uint32_t opcode, int *opstatus, -+ uint8_t **resp_buf, size_t *resp_len) -+{ -+ struct openamp_caller *openamp = context; -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ rpc_status_t status; -+ int ret; -+ -+ (void)opcode; -+ -+ if ((handle != openamp) || !opstatus || !resp_buf || !resp_len) { -+ EMSG("openamp: call_invoke: invalid arguments"); -+ return TS_RPC_ERROR_INVALID_PARAMETER; -+ } -+ -+ if (openamp->status != OPENAMP_TRANSACTION_INPROGRESS) { -+ EMSG("openamp: call_invoke: transaction needed to be started"); -+ return TS_RPC_ERROR_NOT_READY; -+ } -+ -+ ret = ops->platform_call_invoke(openamp, opstatus, resp_buf, resp_len); -+ if (ret < 0) -+ return TS_RPC_ERROR_INTERNAL; -+ -+ openamp->status = OPENAMP_TRANSACTION_INVOKED; -+ *opstatus = 0; -+ -+ return TS_RPC_CALL_ACCEPTED; -+} -+ -+static void openamp_call_end(void *context, rpc_call_handle handle) -+{ -+ struct openamp_caller *openamp = context; -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ -+ if (handle != openamp) { -+ EMSG("openamp: call_end: invalid arguments"); -+ return; -+ } -+ -+ if (openamp->status == OPENAMP_TRANSACTION_IDLE) { -+ EMSG("openamp: call_end: transaction idle"); -+ return; -+ } -+ -+ ops->platform_call_end(openamp); -+ -+ openamp->status = OPENAMP_TRANSACTION_IDLE; -+} -+ -+static void *openamp_virt_to_phys(void *context, void *va) -+{ -+ struct openamp_caller *openamp = context; -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ -+ return ops->platform_virt_to_phys(openamp, va); -+} -+ -+static void *openamp_phys_to_virt(void *context, void *pa) -+{ -+ struct openamp_caller *openamp = context; -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ -+ return ops->platform_phys_to_virt(openamp, pa); -+} -+ -+static int openamp_init(struct openamp_caller *openamp) -+{ -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ int ret; -+ -+ ret = ops->transport_init(openamp); -+ if (ret < 0) -+ return ret; -+ -+ ret = ops->platform_init(openamp); -+ if (ret < 0) -+ goto denit_transport; -+ -+ return 0; -+ -+denit_transport: -+ ops->transport_deinit(openamp); -+ -+ return ret; -+} -+ -+static const struct openamp_platform_ops openamp_virtio_ops = { -+ .transport_init = openamp_mhu_init, -+ .transport_deinit = openamp_mhu_deinit, -+ .transport_notify = openamp_mhu_notify_peer, -+ .transport_receive = openamp_mhu_receive, -+ .platform_init = openamp_virtio_init, -+ .platform_call_begin = openamp_virtio_call_begin, -+ .platform_call_invoke = openamp_virtio_call_invoke, -+ .platform_call_end = openamp_virtio_call_end, -+ .platform_virt_to_phys = openamp_virtio_virt_to_phys, -+ .platform_phys_to_virt = openamp_virtio_phys_to_virt, -+}; -+ -+struct rpc_caller *openamp_caller_init(struct openamp_caller *openamp) -+{ -+ struct rpc_caller *rpc = &openamp->rpc_caller; -+ int ret; -+ -+ if (openamp->ref_count) -+ return rpc; -+ -+ rpc_caller_init(rpc, openamp); -+ -+ rpc->call_begin = openamp_call_begin; -+ rpc->call_invoke = openamp_call_invoke; -+ rpc->call_end = openamp_call_end; -+ rpc->virt_to_phys = openamp_virt_to_phys; -+ rpc->phys_to_virt = openamp_phys_to_virt; -+ openamp->platform_ops = &openamp_virtio_ops; -+ -+ ret = openamp_init(openamp); -+ if (ret < 0) { -+ EMSG("openamp_init: failed to start: %d", ret); -+ return rpc; -+ } -+ openamp->ref_count++; -+ -+ return rpc; -+} -+ -+void openamp_caller_deinit(struct openamp_caller *openamp) -+{ -+ struct rpc_caller *rpc = &openamp->rpc_caller; -+ -+ if (--openamp->ref_count) -+ return; -+ -+ rpc->context = NULL; -+ rpc->call_begin = NULL; -+ rpc->call_invoke = NULL; -+ rpc->call_end = NULL; -+} -+ -+int openamp_caller_discover(struct openamp_caller *openamp) -+{ -+ return openamp_init(openamp); -+} -+ -+int openamp_caller_open(struct openamp_caller *openamp) -+{ -+ -+} -diff --git a/components/rpc/openamp/caller/sp/openamp_caller.h b/components/rpc/openamp/caller/sp/openamp_caller.h -new file mode 100644 -index 00000000..3fb67c56 ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_caller.h -@@ -0,0 +1,43 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+#ifndef OPENAMP_CALLER_H -+#define OPENAMP_CALLER_H -+ -+#include -+#include -+ -+struct openamp_caller { -+ struct rpc_caller rpc_caller; -+ const struct openamp_platform_ops *platform_ops; -+ uint32_t ref_count; -+ uint8_t status; -+ -+ void *transport; -+ void *platform; -+}; -+ -+struct openamp_platform_ops { -+ int (*transport_init)(struct openamp_caller *openamp); -+ int (*transport_deinit)(struct openamp_caller *openamp); -+ int (*transport_notify)(struct openamp_caller *openamp); -+ int (*transport_receive)(struct openamp_caller *openamp); -+ int (*platform_init)(struct openamp_caller *openamp); -+ int (*platform_deinit)(struct openamp_caller *openamp); -+ int (*platform_call_begin)(struct openamp_caller *openamp, -+ uint8_t **req_buf, size_t req_len); -+ int (*platform_call_invoke)(struct openamp_caller *openamp, -+ int *opstatus, uint8_t **resp_buf, -+ size_t *resp_len); -+ int (*platform_call_end)(struct openamp_caller *openamp); -+ void *(*platform_virt_to_phys)(struct openamp_caller *openamp, void *va); -+ void *(*platform_phys_to_virt)(struct openamp_caller *openamp, void *pa); -+}; -+ -+struct rpc_caller *openamp_caller_init(struct openamp_caller *openamp); -+void openamp_caller_deinit(struct openamp_caller *openamp); -+ -+#endif -diff --git a/components/rpc/openamp/caller/sp/openamp_mhu.c b/components/rpc/openamp/caller/sp/openamp_mhu.c -new file mode 100644 -index 00000000..ffdadaf8 ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_mhu.c -@@ -0,0 +1,191 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include "openamp_caller.h" -+ -+#define MHU_V_2_NOTIFY_CHANNEL 0 -+#define MHU_V_2_NOTIFY_VALUE 0xff -+ -+struct openamp_mhu { -+ struct device_region rx_region; -+ struct device_region tx_region; -+ struct mhu_v2_x_dev_t rx_dev; -+ struct mhu_v2_x_dev_t tx_dev; -+}; -+ -+static int openamp_mhu_device_get(const char *dev, -+ struct device_region *dev_region) -+{ -+ bool found; -+ -+ found = config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, dev, 0, -+ dev_region, sizeof(*dev_region)); -+ if (!found) -+ return -EINVAL; -+ -+ if (!dev_region->base_addr) -+ return -EINVAL; -+ -+ IMSG("mhu: device region found: %s addr: 0x%x size: %d", dev, -+ dev_region->base_addr, dev_region->io_region_size); -+ -+ return 0; -+} -+ -+int openamp_mhu_receive(struct openamp_caller *openamp) -+{ -+ struct mhu_v2_x_dev_t *rx_dev; -+ enum mhu_v2_x_error_t ret; -+ struct openamp_mhu *mhu; -+ uint32_t channel = 0; -+ uint32_t irq_status; -+ -+ if (!openamp->transport) { -+ EMSG("openamp: mhu: receive transport not initialized"); -+ return -EINVAL; -+ } -+ -+ mhu = openamp->transport; -+ rx_dev = &mhu->rx_dev; -+ -+ irq_status = 0; -+ -+ do { -+ irq_status = mhu_v2_x_get_interrupt_status(rx_dev); -+ } while(!irq_status); -+ -+ ret = mhu_v2_1_get_ch_interrupt_num(rx_dev, &channel); -+ -+ ret = mhu_v2_x_channel_clear(rx_dev, channel); -+ if (ret != MHU_V_2_X_ERR_NONE) { -+ EMSG("openamp: mhu: failed to clear channel: %d", channel); -+ return -EPROTO; -+ } -+ -+ return 0; -+} -+ -+int openamp_mhu_notify_peer(struct openamp_caller *openamp) -+{ -+ struct mhu_v2_x_dev_t *tx_dev; -+ enum mhu_v2_x_error_t ret; -+ struct openamp_mhu *mhu; -+ uint32_t access_ready; -+ -+ if (!openamp->transport) { -+ EMSG("openamp: mhu: notify transport not initialized"); -+ return -EINVAL; -+ } -+ -+ mhu = openamp->transport; -+ tx_dev = &mhu->tx_dev; -+ -+ ret = mhu_v2_x_set_access_request(tx_dev); -+ if (ret != MHU_V_2_X_ERR_NONE) { -+ EMSG("openamp: mhu: set access request failed"); -+ return -EPROTO; -+ } -+ -+ do { -+ ret = mhu_v2_x_get_access_ready(tx_dev, &access_ready); -+ if (ret != MHU_V_2_X_ERR_NONE) { -+ EMSG("openamp: mhu: failed to get access_ready"); -+ return -EPROTO; -+ } -+ } while (!access_ready); -+ -+ ret = mhu_v2_x_channel_send(tx_dev, MHU_V_2_NOTIFY_CHANNEL, -+ MHU_V_2_NOTIFY_VALUE); -+ if (ret != MHU_V_2_X_ERR_NONE) { -+ EMSG("openamp: mhu: failed send over channel"); -+ return -EPROTO; -+ } -+ -+ ret = mhu_v2_x_reset_access_request(tx_dev); -+ if (ret != MHU_V_2_X_ERR_NONE) { -+ EMSG("openamp: mhu: failed reset access request"); -+ return -EPROTO; -+ } -+ -+ return 0; -+} -+ -+int openamp_mhu_init(struct openamp_caller *openamp) -+{ -+ struct mhu_v2_x_dev_t *rx_dev; -+ struct mhu_v2_x_dev_t *tx_dev; -+ struct openamp_mhu *mhu; -+ int ret; -+ -+ /* if we already have initialized skip this */ -+ if (openamp->transport) -+ return 0; -+ -+ mhu = malloc(sizeof(*mhu)); -+ if (!mhu) -+ return -1; -+ -+ ret = openamp_mhu_device_get("mhu-sender", &mhu->tx_region); -+ if (ret < 0) -+ goto free_mhu; -+ -+ ret = openamp_mhu_device_get("mhu-receiver", &mhu->rx_region); -+ if (ret < 0) -+ goto free_mhu; -+ -+ rx_dev = &mhu->rx_dev; -+ tx_dev = &mhu->tx_dev; -+ -+ rx_dev->base = (unsigned int)mhu->rx_region.base_addr; -+ rx_dev->frame = MHU_V2_X_RECEIVER_FRAME; -+ -+ tx_dev->base = (unsigned int)mhu->tx_region.base_addr; -+ tx_dev->frame = MHU_V2_X_SENDER_FRAME; -+ -+ ret = mhu_v2_x_driver_init(rx_dev, MHU_REV_READ_FROM_HW); -+ if (ret < 0) -+ goto free_mhu; -+ -+ ret = mhu_v2_x_driver_init(tx_dev, MHU_REV_READ_FROM_HW); -+ if (ret < 0) -+ goto free_mhu; -+ -+ openamp->transport = (void *)mhu; -+ -+ return 0; -+ -+free_mhu: -+ free(mhu); -+ -+ return ret; -+} -+ -+int openamp_mhu_deinit(struct openamp_caller *openamp) -+{ -+ struct openamp_mhu *mhu; -+ -+ if (!openamp->transport) -+ return 0; -+ -+ mhu = openamp->transport; -+ free(mhu); -+ -+ openamp->transport = NULL; -+ -+ return 0; -+} -diff --git a/components/rpc/openamp/caller/sp/openamp_mhu.h b/components/rpc/openamp/caller/sp/openamp_mhu.h -new file mode 100644 -index 00000000..2ae5cb8e ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_mhu.h -@@ -0,0 +1,19 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+#ifndef OPENAMP_MHU_H -+#define OPENAMP_MHU_H -+ -+#include -+#include "openamp_caller.h" -+ -+int openamp_mhu_init(struct openamp_caller *openamp); -+int openamp_mhu_deinit(struct openamp_caller *openamp); -+ -+int openamp_mhu_notify_peer(struct openamp_caller *openamp); -+int openamp_mhu_receive(struct openamp_caller *openamp); -+ -+#endif -diff --git a/components/rpc/openamp/caller/sp/openamp_virtio.c b/components/rpc/openamp/caller/sp/openamp_virtio.c -new file mode 100644 -index 00000000..06e0735b ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_virtio.c -@@ -0,0 +1,554 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+ -+#include -+#include "openamp_caller.h" -+ -+#define OPENAMP_SHEM_DEVICE_NAME "openamp-virtio" -+#define OPENAMP_RPMSG_ENDPOINT_NAME OPENAMP_SHEM_DEVICE_NAME -+#define OPENAMP_RPMSG_ENDPOINT_ADDR 1024 -+ -+#define OPENAMP_SHEM_PHYS 0x88000000 -+#define OPENAMP_SHEM_PHYS_PAGES 1 -+#define OPENAMP_SHEM_SE_PHYS 0xa8000000 -+ -+#define OPENAMP_SHEM_VDEV_SIZE (4 * 1024) -+#define OPENAMP_SHEM_VRING_SIZE (4 * 1024) -+ -+#define OPENAMP_BUFFER_NO_WAIT 0 -+#define OPENAMP_BUFFER_WAIT 1 -+ -+#define VIRTQUEUE_NR 2 -+#define VQ_TX 0 -+#define VQ_RX 1 -+ -+#define VRING_DESCRIPTORS 16 -+#define VRING_ALIGN 4 -+ -+#define container_of(ptr, type, member) \ -+ ((type *)((char *)(ptr) - (unsigned long)(&((type *)0)->member))) -+ -+struct openamp_virtio_shm { -+ uintptr_t base_addr; -+ size_t size; -+ uintptr_t vdev_status; -+ size_t vdev_status_size; -+ uintptr_t payload_addr; -+ size_t payload_size; -+ uintptr_t vring_tx; -+ size_t vring_tx_size; -+ uintptr_t vring_rx; -+ size_t vring_rx_size; -+ -+ metal_phys_addr_t shm_physmap[OPENAMP_SHEM_PHYS_PAGES]; -+}; -+ -+struct openamp_virtio_metal { -+ struct metal_spinlock lock; -+ struct metal_device shm_dev; -+ struct metal_device *io_dev; -+ -+ struct metal_io_region *io; -+ struct openamp_virtio_shm shm; -+}; -+ -+struct openamp_virtio_device { -+ struct virtio_device virtio_dev; -+ struct virtqueue *vq[VIRTQUEUE_NR]; -+ struct virtio_vring_info rvrings[VIRTQUEUE_NR]; -+}; -+ -+struct openamp_virtio_rpmsg { -+ struct rpmsg_virtio_device rpmsg_vdev; -+ struct rpmsg_endpoint ep; -+ uint8_t *req_buf; -+ uint32_t req_len; -+ uint8_t *resp_buf; -+ size_t resp_len; -+}; -+ -+struct openamp_virtio { -+ struct openamp_caller *openamp; -+ struct openamp_virtio_rpmsg rpmsg; -+ struct openamp_virtio_device vdev; -+ struct openamp_virtio_metal metal; -+}; -+ -+static struct openamp_virtio *openamp_virtio_from_dev(struct virtio_device *vdev) -+{ -+ struct openamp_virtio_device *openamp_vdev; -+ -+ openamp_vdev = container_of(vdev, struct openamp_virtio_device, -+ virtio_dev); -+ -+ return container_of(openamp_vdev, struct openamp_virtio, vdev); -+} -+ -+static struct openamp_virtio_rpmsg *openamp_virtio_rpmsg_from_dev(struct rpmsg_device *rdev) -+{ -+ struct rpmsg_virtio_device *rvdev; -+ -+ rvdev = container_of(rdev, struct rpmsg_virtio_device, rdev); -+ -+ return container_of(rvdev, struct openamp_virtio_rpmsg, rpmsg_vdev); -+ -+} -+ -+static void openamp_virtio_metal_device_setup(struct metal_device *shm_dev, -+ struct openamp_virtio_shm *shm) -+{ -+ struct metal_io_region *shm_region; -+ -+ shm_region = &shm_dev->regions[0]; -+ -+ shm_dev->name = OPENAMP_SHEM_DEVICE_NAME; -+ shm_dev->num_regions = 1; -+ -+ shm_region->virt = (void *)shm->payload_addr; -+ shm_region->size = shm->payload_size; -+ -+ shm_region->physmap = &shm->shm_physmap; -+ shm_region->page_shift = (metal_phys_addr_t)(-1); -+ shm_region->page_mask = (metal_phys_addr_t)(-1); -+} -+ -+static int openamp_virtio_metal_init(struct openamp_virtio_metal *metal) -+{ -+ struct metal_init_params params = METAL_INIT_DEFAULTS; -+ struct metal_device *shm_dev = &metal->shm_dev; -+ int ret; -+ -+ openamp_virtio_metal_device_setup(shm_dev, &metal->shm); -+ -+ metal_spinlock_init(&metal->lock); -+ -+ ret = metal_init(¶ms); -+ if (ret < 0) -+ return ret; -+ -+ ret = metal_register_generic_device(shm_dev); -+ if (ret < 0) -+ goto metal_finish; -+ -+ ret = metal_device_open("generic", OPENAMP_SHEM_DEVICE_NAME, -+ &metal->io_dev); -+ if (ret < 0) -+ goto metal_finish; -+ -+ metal->io = metal_device_io_region(metal->io_dev, 0); -+ if (!metal->io) { -+ EMSG("openamp: virtio: failed to init metal io"); -+ ret = -EPROTO; -+ goto metal_finish; -+ } -+ -+ return 0; -+ -+metal_finish: -+ metal_finish(); -+ return ret; -+} -+ -+static unsigned char openamp_virtio_status_get(struct virtio_device *vdev) -+{ -+ struct openamp_virtio *virtio = openamp_virtio_from_dev(vdev); -+ struct openamp_virtio_shm *shm = &virtio->metal.shm; -+ -+ uint32_t status = *(volatile uint32_t *)shm->vdev_status; -+ -+ return status; -+} -+ -+static void openamp_virtio_status_set(struct virtio_device *vdev, -+ unsigned char status) -+{ -+ struct openamp_virtio *virtio = openamp_virtio_from_dev(vdev); -+ struct openamp_virtio_shm *shm = &virtio->metal.shm; -+ -+ *(volatile uint32_t *)shm->vdev_status = status; -+} -+ -+static int count; -+ -+static uint32_t openamp_virtio_features_get(struct virtio_device *vdev) -+{ -+ return 1 << VIRTIO_RPMSG_F_NS; -+} -+ -+static void openamp_virtio_notify(struct virtqueue *vq) -+{ -+ struct openamp_virtio_device *openamp_vdev; -+ struct openamp_caller *openamp; -+ struct openamp_virtio *virtio; -+ int ret; -+ -+ openamp_vdev = container_of(vq->vq_dev, struct openamp_virtio_device, virtio_dev); -+ virtio = container_of(openamp_vdev, struct openamp_virtio, vdev); -+ openamp = virtio->openamp; -+ -+ ret = openamp->platform_ops->transport_notify(openamp); -+ if (ret < 0) -+ EMSG("openamp: virtio: erro in transport_notify: %d", ret); -+} -+ -+const static struct virtio_dispatch openamp_virtio_dispatch = { -+ .get_status = openamp_virtio_status_get, -+ .set_status = openamp_virtio_status_set, -+ .get_features = openamp_virtio_features_get, -+ .notify = openamp_virtio_notify, -+}; -+ -+static int openamp_virtio_device_setup(struct openamp_virtio *virtio) -+{ -+ struct openamp_virtio_metal *metal = &virtio->metal; -+ struct openamp_virtio_device *openamp_vdev = &virtio->vdev; -+ struct virtio_device *vdev = &openamp_vdev->virtio_dev; -+ struct openamp_virtio_shm *shm = &metal->shm; -+ struct virtio_vring_info *rvring; -+ -+ rvring = &openamp_vdev->rvrings[0]; -+ -+ vdev->role = RPMSG_REMOTE; -+ vdev->vrings_num = VIRTQUEUE_NR; -+ vdev->func = &openamp_virtio_dispatch; -+ -+ openamp_vdev->vq[VQ_TX] = virtqueue_allocate(VRING_DESCRIPTORS); -+ if (!openamp_vdev->vq[VQ_TX]) { -+ EMSG("openamp: virtio: failed to allocate virtqueue 0"); -+ return -ENOMEM; -+ } -+ rvring->io = metal->io; -+ rvring->info.vaddr = (void *)shm->vring_tx; -+ rvring->info.num_descs = VRING_DESCRIPTORS; -+ rvring->info.align = VRING_ALIGN; -+ rvring->vq = openamp_vdev->vq[VQ_TX]; -+ -+ openamp_vdev->vq[VQ_RX] = virtqueue_allocate(VRING_DESCRIPTORS); -+ if (!openamp_vdev->vq[VQ_RX]) { -+ EMSG("openamp: virtio: failed to allocate virtqueue 1"); -+ goto free_vq; -+ } -+ rvring = &openamp_vdev->rvrings[VQ_RX]; -+ rvring->io = metal->io; -+ rvring->info.vaddr = (void *)shm->vring_rx; -+ rvring->info.num_descs = VRING_DESCRIPTORS; -+ rvring->info.align = VRING_ALIGN; -+ rvring->vq = openamp_vdev->vq[VQ_RX]; -+ -+ vdev->vrings_info = &openamp_vdev->rvrings[0]; -+ -+ return 0; -+ -+free_vq: -+ virtqueue_free(openamp_vdev->vq[VQ_TX]); -+ virtqueue_free(openamp_vdev->vq[VQ_RX]); -+ -+ return -ENOMEM; -+} -+ -+static int openamp_virtio_rpmsg_endpoint_callback(struct rpmsg_endpoint *ep, -+ void *data, size_t len, -+ uint32_t src, void *priv) -+{ -+ struct openamp_virtio_rpmsg *vrpmsg; -+ struct rpmsg_device *rdev; -+ struct openamp_virtio *virtio; -+ -+ rdev = ep->rdev; -+ vrpmsg = openamp_virtio_rpmsg_from_dev(rdev); -+ virtio = container_of(vrpmsg, struct openamp_virtio, rpmsg); -+ -+ rpmsg_hold_rx_buffer(ep, data); -+ vrpmsg->resp_buf = data; -+ vrpmsg->resp_len = len; -+ -+ return 0; -+} -+ -+static void openamp_virtio_rpmsg_service_unbind(struct rpmsg_endpoint *ep) -+{ -+ struct openamp_virtio_rpmsg *vrpmsg; -+ struct rpmsg_device *rdev; -+ -+ rdev = container_of(ep, struct rpmsg_device, ns_ept); -+ vrpmsg = openamp_virtio_rpmsg_from_dev(rdev); -+ -+ rpmsg_destroy_ept(&vrpmsg->ep); -+} -+ -+static void openamp_virtio_rpmsg_endpoint_bind(struct rpmsg_device *rdev, -+ const char *name, -+ unsigned int dest) -+{ -+ struct openamp_virtio_rpmsg *vrpmsg; -+ -+ vrpmsg = openamp_virtio_rpmsg_from_dev(rdev); -+ -+ rpmsg_create_ept(&vrpmsg->ep, rdev, name, RPMSG_ADDR_ANY, dest, -+ openamp_virtio_rpmsg_endpoint_callback, -+ openamp_virtio_rpmsg_service_unbind); -+} -+ -+static int openamp_virtio_rpmsg_device_setup(struct openamp_virtio *virtio, -+ struct device_region *virtio_dev) -+{ -+ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg; -+ struct rpmsg_virtio_device *rpmsg_vdev = &vrpmsg->rpmsg_vdev; -+ struct openamp_virtio_device *openamp_vdev = &virtio->vdev; -+ struct virtio_device *vdev = &openamp_vdev->virtio_dev; -+ struct openamp_virtio_metal *metal = &virtio->metal; -+ int ret; -+ -+ /* -+ * we assume here that we are the client side and do not need to -+ * initialize the share memory poll (this is done at server side). -+ */ -+ ret = rpmsg_init_vdev(rpmsg_vdev, vdev, -+ openamp_virtio_rpmsg_endpoint_bind, metal->io, -+ NULL); -+ if (ret < 0) { -+ EMSG("openamp: virtio: init vdev failed: %d", ret); -+ return ret; -+ } -+ -+ -+ ret = rpmsg_create_ept(&vrpmsg->ep, &rpmsg_vdev->rdev, -+ OPENAMP_RPMSG_ENDPOINT_NAME, RPMSG_ADDR_ANY, -+ RPMSG_ADDR_ANY, -+ openamp_virtio_rpmsg_endpoint_callback, -+ openamp_virtio_rpmsg_service_unbind); -+ if (ret < 0) { -+ EMSG("openamp: virtio: failed to create endpoint: %d", ret); -+ return ret; -+ } -+ -+ /* set default remote addr */ -+ vrpmsg->ep.dest_addr = OPENAMP_RPMSG_ENDPOINT_ADDR; -+ -+ return 0; -+} -+ -+static void openamp_virtio_shm_set(struct openamp_virtio *virtio, -+ struct device_region *virtio_region) -+{ -+ struct openamp_virtio_shm *shm = &virtio->metal.shm; -+ -+ shm->base_addr = virtio_region->base_addr; -+ shm->size = virtio_region->io_region_size; -+ -+ shm->vdev_status = shm->base_addr; -+ shm->vdev_status_size = OPENAMP_SHEM_VDEV_SIZE; -+ -+ shm->vring_rx = shm->base_addr + shm->size - -+ (2 * OPENAMP_SHEM_VRING_SIZE); -+ shm->vring_rx_size = OPENAMP_SHEM_VRING_SIZE; -+ -+ shm->vring_tx = shm->vring_rx + shm->vring_rx_size; -+ shm->vring_tx_size = OPENAMP_SHEM_VRING_SIZE; -+ -+ shm->payload_addr = shm->vdev_status + shm->vdev_status_size; -+ shm->payload_size = shm->size - shm->vdev_status_size - -+ shm->vring_rx_size - shm->vring_tx_size; -+ -+ shm->shm_physmap[0] = OPENAMP_SHEM_PHYS + shm->vdev_status_size; -+ -+ IMSG("SHEM: base: 0x%0x size: 0x%0x size: %d", -+ shm->base_addr, shm->size, shm->size); -+ IMSG("VDEV: base: 0x%0x size: 0x%0x size: %d", -+ shm->vdev_status, shm->vdev_status_size, shm->vdev_status_size); -+ IMSG("PAYLOAD: base: 0x%0x size: 0x%0x size: %d", -+ shm->payload_addr, shm->payload_size, shm->payload_size); -+ IMSG("VRING_TX: base: 0x%0x size: 0x%0x size: %d", -+ shm->vring_tx, shm->vring_tx_size, shm->vring_tx_size); -+ IMSG("VRING_RX: base: 0x%0x size: 0x%0x size: %d", -+ shm->vring_rx, shm->vring_rx_size, shm->vring_rx_size); -+ IMSG("PHYMAP: base: 0x%0x", shm->shm_physmap[0]); -+} -+ -+static int openamp_virtio_device_get(const char *dev, -+ struct device_region *dev_region) -+{ -+ bool found; -+ -+ found = config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, dev, 0, -+ dev_region, sizeof(*dev_region)); -+ if (!found) { -+ EMSG("openamp: virtio: device region not found: %s", dev); -+ return -EINVAL; -+ } -+ -+ if (dev_region->base_addr == 0 || dev_region->io_region_size == 0) { -+ EMSG("openamp: virtio: device region not valid"); -+ return -EINVAL; -+ } -+ -+ IMSG("openamp: virtio: device region found: %s addr: 0x%x size: %d", -+ dev, dev_region->base_addr, dev_region->io_region_size); -+ -+ return 0; -+} -+ -+int openamp_virtio_call_begin(struct openamp_caller *openamp, uint8_t **req_buf, -+ size_t req_len) -+{ -+ struct openamp_virtio *virtio = openamp->platform; -+ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg; -+ struct rpmsg_endpoint *ep = &vrpmsg->ep; -+ -+ -+ *req_buf = rpmsg_get_tx_payload_buffer(ep, &vrpmsg->req_len, -+ OPENAMP_BUFFER_WAIT); -+ if (*req_buf == NULL) -+ return -EINVAL; -+ -+ if (vrpmsg->req_len < req_len) -+ return -E2BIG; -+ -+ vrpmsg->req_buf = *req_buf; -+ -+ return 0; -+} -+ -+int openamp_virtio_call_invoke(struct openamp_caller *openamp, int *opstatus, -+ uint8_t **resp_buf, size_t *resp_len) -+{ -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ struct openamp_virtio *virtio = openamp->platform; -+ struct openamp_virtio_device *openamp_vdev = &virtio->vdev; -+ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg; -+ struct rpmsg_endpoint *ep = &vrpmsg->ep; -+ int ret; -+ -+ ret = rpmsg_send_nocopy(ep, vrpmsg->req_buf, vrpmsg->req_len); -+ if (ret < 0) { -+ EMSG("openamp: virtio: send nocopy failed: %d", ret); -+ return -EIO; -+ } -+ -+ if (ret != vrpmsg->req_len) { -+ EMSG("openamp: virtio: send less bytes %d than requested %d", -+ ret, vrpmsg->req_len); -+ return -EIO; -+ } -+ -+ if (!ops->transport_receive) -+ return 0; -+ -+ ret = ops->transport_receive(openamp); -+ if (ret < 0) { -+ EMSG("openamp: virtio: failed transport_receive"); -+ return -EIO; -+ } -+ -+ virtqueue_notification(openamp_vdev->vq[VQ_RX]); -+ -+ *resp_buf = vrpmsg->resp_buf; -+ *resp_len = vrpmsg->resp_len; -+ -+ return 0; -+} -+ -+void openamp_virtio_call_end(struct openamp_caller *openamp) -+{ -+ struct openamp_virtio *virtio = openamp->platform; -+ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg; -+ -+ rpmsg_release_rx_buffer(&vrpmsg->ep, vrpmsg->resp_buf); -+ -+ vrpmsg->req_buf = NULL; -+ vrpmsg->req_len = 0; -+ vrpmsg->resp_buf = NULL; -+ vrpmsg->resp_len = 0; -+} -+ -+void *openamp_virtio_virt_to_phys(struct openamp_caller *openamp, void *va) -+{ -+ struct openamp_virtio *virtio = openamp->platform; -+ struct openamp_virtio_metal *metal = &virtio->metal; -+ -+ return metal_io_virt_to_phys(metal->io, va); -+} -+ -+void *openamp_virtio_phys_to_virt(struct openamp_caller *openamp, void *pa) -+{ -+ struct openamp_virtio *virtio = openamp->platform; -+ struct openamp_virtio_metal *metal = &virtio->metal; -+ -+ return metal_io_phys_to_virt(metal->io, pa); -+} -+ -+int openamp_virtio_init(struct openamp_caller *openamp) -+{ -+ struct device_region virtio_dev; -+ struct openamp_virtio *virtio; -+ int ret; -+ -+ if (openamp->platform) -+ return 0; -+ -+ -+ virtio = malloc(sizeof(*virtio)); -+ if (!virtio) -+ return -ENOMEM; -+ -+ virtio->openamp = openamp; -+ -+ ret = openamp_virtio_device_get(OPENAMP_SHEM_DEVICE_NAME, &virtio_dev); -+ if (ret < 0) -+ goto free_virtio; -+ -+ openamp_virtio_shm_set(virtio, &virtio_dev); -+ -+ ret = openamp_virtio_metal_init(&virtio->metal); -+ if (ret < 0) -+ goto free_virtio; -+ -+ ret = openamp_virtio_device_setup(virtio); -+ if (ret < 0) -+ goto finish_metal; -+ -+ ret = openamp_virtio_rpmsg_device_setup(virtio, &virtio_dev); -+ if (ret < 0) { -+ EMSG("openamp: virtio: rpmsg device setup failed: %d", ret); -+ goto finish_metal; -+ } -+ -+ openamp->platform = virtio; -+ -+ return 0; -+ -+finish_metal: -+ metal_finish(); -+ -+free_virtio: -+ free(virtio); -+ -+ return ret; -+} -+ -+int openamp_virtio_deinit(struct openamp_caller *openamp) -+{ -+ struct openamp_virtio *virtio; -+ -+ if (!openamp->platform) -+ return 0; -+ -+ virtio = openamp->platform; -+ -+ metal_finish(); -+ free(virtio); -+ -+ openamp->platform = NULL; -+ -+ return 0; -+} -diff --git a/components/rpc/openamp/caller/sp/openamp_virtio.h b/components/rpc/openamp/caller/sp/openamp_virtio.h -new file mode 100644 -index 00000000..915128ff ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_virtio.h -@@ -0,0 +1,24 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+#ifndef OPENAMP_VIRTIO_H -+#define OPENAMP_VIRTIO_H -+ -+#include -+#include "openamp_caller.h" -+ -+int openamp_virtio_call_begin(struct openamp_caller *openamp, uint8_t **req_buf, -+ size_t req_len); -+int openamp_virtio_call_invoke(struct openamp_caller *openamp, int *opstatus, -+ uint8_t **resp_buf, size_t *resp_len); -+int openamp_virtio_call_end(struct openamp_caller *openamp); -+void *openamp_virtio_virt_to_phys(struct openamp_caller *openamp, void *va); -+void *openamp_virtio_phys_to_virt(struct openamp_caller *openamp, void *pa); -+ -+int openamp_virtio_init(struct openamp_caller *openamp); -+int openamp_virtio_deinit(struct openamp_caller *openamp); -+ -+#endif -diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt -index 248bd7e3..1511bbad 100644 ---- a/deployments/se-proxy/opteesp/CMakeLists.txt -+++ b/deployments/se-proxy/opteesp/CMakeLists.txt -@@ -75,6 +75,7 @@ add_components(TARGET "se-proxy" - "components/service/attestation/include" - "components/service/attestation/provider" - "components/service/attestation/provider/serializer/packed-c" -+ "components/rpc/openamp/caller/sp" - - # Stub service provider backends - "components/rpc/dummy" -diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in -index f351a592..55d49b31 100644 ---- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in -+++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in -@@ -32,6 +32,12 @@ - pages-count = <16>; - attributes = <0x3>; /* read-write */ - }; -+ openamp-virtio { -+ /* Armv8 A Foundation Platform values */ -+ base-address = <0x00000000 0x88000000>; -+ pages-count = <256>; -+ attributes = <0x3>; /* read-write */ -+ }; - }; - }; - }; diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0010-add-psa-client-definitions-for-ff-m.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0010-add-psa-client-definitions-for-ff-m.patch deleted file mode 100644 index f41556a3..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0010-add-psa-client-definitions-for-ff-m.patch +++ /dev/null @@ -1,299 +0,0 @@ -From 791a1302d7b779f3aeee7d6f7c9fac00b4244c1b Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath -Date: Fri, 3 Dec 2021 19:05:18 +0000 -Subject: [PATCH] add psa client definitions for ff-m - -Add PSA client definitions in common include to add future -ff-m support. - -Signed-off-by: Rui Miguel Silva -Signed-off-by: Vishnu Banavath - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath - - ---- - .../service/common/include/psa/client.h | 194 ++++++++++++++++++ - components/service/common/include/psa/sid.h | 71 +++++++ - 2 files changed, 265 insertions(+) - create mode 100644 components/service/common/include/psa/client.h - create mode 100644 components/service/common/include/psa/sid.h - -diff --git a/components/service/common/include/psa/client.h b/components/service/common/include/psa/client.h -new file mode 100644 -index 00000000..69ccf14f ---- /dev/null -+++ b/components/service/common/include/psa/client.h -@@ -0,0 +1,194 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef SERVICE_PSA_IPC_H -+#define SERVICE_PSA_IPC_H -+ -+#include -+#include -+ -+#include -+#include -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+#ifndef IOVEC_LEN -+#define IOVEC_LEN(arr) ((uint32_t)(sizeof(arr)/sizeof(arr[0]))) -+#endif -+ -+/*********************** PSA Client Macros and Types *************************/ -+ -+typedef int32_t psa_handle_t; -+ -+/** -+ * The version of the PSA Framework API that is being used to build the calling -+ * firmware. Only part of features of FF-M v1.1 have been implemented. FF-M v1.1 -+ * is compatible with v1.0. -+ */ -+#define PSA_FRAMEWORK_VERSION (0x0101u) -+ -+/** -+ * Return value from psa_version() if the requested RoT Service is not present -+ * in the system. -+ */ -+#define PSA_VERSION_NONE (0u) -+ -+/** -+ * The zero-value null handle can be assigned to variables used in clients and -+ * RoT Services, indicating that there is no current connection or message. -+ */ -+#define PSA_NULL_HANDLE ((psa_handle_t)0) -+ -+/** -+ * Tests whether a handle value returned by psa_connect() is valid. -+ */ -+#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t)(handle) > 0) -+ -+/** -+ * Converts the handle value returned from a failed call psa_connect() into -+ * an error code. -+ */ -+#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t)(handle)) -+ -+/** -+ * Maximum number of input and output vectors for a request to psa_call(). -+ */ -+#define PSA_MAX_IOVEC (4u) -+ -+/** -+ * An IPC message type that indicates a generic client request. -+ */ -+#define PSA_IPC_CALL (0) -+ -+/** -+ * A read-only input memory region provided to an RoT Service. -+ */ -+struct __attribute__ ((__packed__)) psa_invec { -+ uint32_t base; /*!< the start address of the memory buffer */ -+ uint32_t len; /*!< the size in bytes */ -+}; -+ -+/** -+ * A writable output memory region provided to an RoT Service. -+ */ -+struct __attribute__ ((__packed__)) psa_outvec { -+ uint32_t base; /*!< the start address of the memory buffer */ -+ uint32_t len; /*!< the size in bytes */ -+}; -+ -+/*************************** PSA Client API **********************************/ -+ -+/** -+ * \brief Retrieve the version of the PSA Framework API that is implemented. -+ * -+ * \param[in] rpc_caller RPC caller to use -+ * \return version The version of the PSA Framework implementation -+ * that is providing the runtime services to the -+ * caller. The major and minor version are encoded -+ * as follows: -+ * \arg version[15:8] -- major version number. -+ * \arg version[7:0] -- minor version number. -+ */ -+uint32_t psa_framework_version(struct rpc_caller *caller); -+ -+/** -+ * \brief Retrieve the version of an RoT Service or indicate that it is not -+ * present on this system. -+ * -+ * \param[in] rpc_caller RPC caller to use -+ * \param[in] sid ID of the RoT Service to query. -+ * -+ * \retval PSA_VERSION_NONE The RoT Service is not implemented, or the -+ * caller is not permitted to access the service. -+ * \retval > 0 The version of the implemented RoT Service. -+ */ -+uint32_t psa_version(struct rpc_caller *caller, uint32_t sid); -+ -+/** -+ * \brief Connect to an RoT Service by its SID. -+ * -+ * \param[in] rpc_caller RPC caller to use -+ * \param[in] sid ID of the RoT Service to connect to. -+ * \param[in] version Requested version of the RoT Service. -+ * -+ * \retval > 0 A handle for the connection. -+ * \retval PSA_ERROR_CONNECTION_REFUSED The SPM or RoT Service has refused the -+ * connection. -+ * \retval PSA_ERROR_CONNECTION_BUSY The SPM or RoT Service cannot make the -+ * connection at the moment. -+ * \retval "PROGRAMMER ERROR" The call is a PROGRAMMER ERROR if one or more -+ * of the following are true: -+ * \arg The RoT Service ID is not present. -+ * \arg The RoT Service version is not supported. -+ * \arg The caller is not allowed to access the RoT -+ * service. -+ */ -+psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, -+ uint32_t version); -+ -+/** -+ * \brief Call an RoT Service on an established connection. -+ * -+ * \note FF-M 1.0 proposes 6 parameters for psa_call but the secure gateway ABI -+ * support at most 4 parameters. TF-M chooses to encode 'in_len', -+ * 'out_len', and 'type' into a 32-bit integer to improve efficiency. -+ * Compared with struct-based encoding, this method saves extra memory -+ * check and memory copy operation. The disadvantage is that the 'type' -+ * range has to be reduced into a 16-bit integer. So with this encoding, -+ * the valid range for 'type' is 0-32767. -+ * -+ * \param[in] rpc_caller RPC caller to use -+ * \param[in] handle A handle to an established connection. -+ * \param[in] type The request type. -+ * Must be zero( \ref PSA_IPC_CALL) or positive. -+ * \param[in] in_vec Array of input \ref psa_invec structures. -+ * \param[in] in_len Number of input \ref psa_invec structures. -+ * \param[in,out] out_vec Array of output \ref psa_outvec structures. -+ * \param[in] out_len Number of output \ref psa_outvec structures. -+ * -+ * \retval >=0 RoT Service-specific status value. -+ * \retval <0 RoT Service-specific error code. -+ * \retval PSA_ERROR_PROGRAMMER_ERROR The connection has been terminated by the -+ * RoT Service. The call is a PROGRAMMER ERROR if -+ * one or more of the following are true: -+ * \arg An invalid handle was passed. -+ * \arg The connection is already handling a request. -+ * \arg type < 0. -+ * \arg An invalid memory reference was provided. -+ * \arg in_len + out_len > PSA_MAX_IOVEC. -+ * \arg The message is unrecognized by the RoT -+ * Service or incorrectly formatted. -+ */ -+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle, -+ int32_t type, const struct psa_invec *in_vec, -+ size_t in_len, struct psa_outvec *out_vec, size_t out_len); -+ -+/** -+ * \brief Close a connection to an RoT Service. -+ * -+ * \param[in] rpc_caller RPC caller to use -+ * \param[in] handle A handle to an established connection, or the -+ * null handle. -+ * -+ * \retval void Success. -+ * \retval "PROGRAMMER ERROR" The call is a PROGRAMMER ERROR if one or more -+ * of the following are true: -+ * \arg An invalid handle was provided that is not -+ * the null handle. -+ * \arg The connection is currently handling a -+ * request. -+ */ -+void psa_close(struct rpc_caller *caller, psa_handle_t handle); -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* SERVICE_PSA_IPC_H */ -+ -+ -diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -new file mode 100644 -index 00000000..aaa973c6 ---- /dev/null -+++ b/components/service/common/include/psa/sid.h -@@ -0,0 +1,71 @@ -+/* -+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ * -+ */ -+ -+#ifndef __PSA_MANIFEST_SID_H__ -+#define __PSA_MANIFEST_SID_H__ -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/******** TFM_SP_PS ********/ -+#define TFM_PROTECTED_STORAGE_SERVICE_SID (0x00000060U) -+#define TFM_PROTECTED_STORAGE_SERVICE_VERSION (1U) -+#define TFM_PROTECTED_STORAGE_SERVICE_HANDLE (0x40000101U) -+ -+/* Invalid UID */ -+#define TFM_PS_INVALID_UID 0 -+ -+/* PS message types that distinguish PS services. */ -+#define TFM_PS_SET 1001 -+#define TFM_PS_GET 1002 -+#define TFM_PS_GET_INFO 1003 -+#define TFM_PS_REMOVE 1004 -+#define TFM_PS_GET_SUPPORT 1005 -+ -+/******** TFM_SP_ITS ********/ -+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SID (0x00000070U) -+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_VERSION (1U) -+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE (0x40000102U) -+ -+/******** TFM_SP_CRYPTO ********/ -+#define TFM_CRYPTO_SID (0x00000080U) -+#define TFM_CRYPTO_VERSION (1U) -+#define TFM_CRYPTO_HANDLE (0x40000100U) -+ -+/******** TFM_SP_PLATFORM ********/ -+#define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U) -+#define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U) -+#define TFM_SP_PLATFORM_IOCTL_SID (0x00000041U) -+#define TFM_SP_PLATFORM_IOCTL_VERSION (1U) -+#define TFM_SP_PLATFORM_NV_COUNTER_SID (0x00000042U) -+#define TFM_SP_PLATFORM_NV_COUNTER_VERSION (1U) -+ -+/******** TFM_SP_INITIAL_ATTESTATION ********/ -+#define TFM_ATTESTATION_SERVICE_SID (0x00000020U) -+#define TFM_ATTESTATION_SERVICE_VERSION (1U) -+#define TFM_ATTESTATION_SERVICE_HANDLE (0x40000103U) -+ -+/******** TFM_SP_FWU ********/ -+#define TFM_FWU_WRITE_SID (0x000000A0U) -+#define TFM_FWU_WRITE_VERSION (1U) -+#define TFM_FWU_INSTALL_SID (0x000000A1U) -+#define TFM_FWU_INSTALL_VERSION (1U) -+#define TFM_FWU_ABORT_SID (0x000000A2U) -+#define TFM_FWU_ABORT_VERSION (1U) -+#define TFM_FWU_QUERY_SID (0x000000A3U) -+#define TFM_FWU_QUERY_VERSION (1U) -+#define TFM_FWU_REQUEST_REBOOT_SID (0x000000A4U) -+#define TFM_FWU_REQUEST_REBOOT_VERSION (1U) -+#define TFM_FWU_ACCEPT_SID (0x000000A5U) -+#define TFM_FWU_ACCEPT_VERSION (1U) -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* __PSA_MANIFEST_SID_H__ */ diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0011-Add-common-service-component-to-ipc-support.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0011-Add-common-service-component-to-ipc-support.patch deleted file mode 100644 index 7ecb60f0..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0011-Add-common-service-component-to-ipc-support.patch +++ /dev/null @@ -1,295 +0,0 @@ -From b7e9e6fc59263f5daf4ae79eb758fa7647058338 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath -Date: Fri, 3 Dec 2021 19:13:03 +0000 -Subject: [PATCH] Add common service component to ipc support - -Add support for inter processor communication for PSA -including, the openamp client side structures lib. - -Signed-off-by: Rui Miguel Silva - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath - - ---- - .../service/common/psa_ipc/component.cmake | 13 ++ - .../service/common/psa_ipc/service_psa_ipc.c | 97 +++++++++++++ - .../psa_ipc/service_psa_ipc_openamp_lib.h | 131 ++++++++++++++++++ - deployments/se-proxy/opteesp/CMakeLists.txt | 1 + - 4 files changed, 242 insertions(+) - create mode 100644 components/service/common/psa_ipc/component.cmake - create mode 100644 components/service/common/psa_ipc/service_psa_ipc.c - create mode 100644 components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h - -diff --git a/components/service/common/psa_ipc/component.cmake b/components/service/common/psa_ipc/component.cmake -new file mode 100644 -index 00000000..5a1c9e62 ---- /dev/null -+++ b/components/service/common/psa_ipc/component.cmake -@@ -0,0 +1,13 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/service_psa_ipc.c" -+ ) -diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c -new file mode 100644 -index 00000000..e8093c20 ---- /dev/null -+++ b/components/service/common/psa_ipc/service_psa_ipc.c -@@ -0,0 +1,97 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include -+#include -+#include -+#include -+ -+#include -+#include -+#include -+ -+#include -+#include "service_psa_ipc_openamp_lib.h" -+ -+psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, -+ uint32_t version) -+{ -+ psa_status_t psa_status = PSA_SUCCESS; -+ struct s_openamp_msg *resp_msg = NULL; -+ struct ns_openamp_msg *req_msg; -+ rpc_call_handle rpc_handle; -+ size_t resp_len; -+ uint8_t *resp; -+ uint8_t *req; -+ int ret; -+ -+ rpc_handle = rpc_caller_begin(caller, &req, -+ sizeof(struct ns_openamp_msg)); -+ if (!rpc_handle) { -+ EMSG("psa_connect: could not get handle"); -+ return PSA_ERROR_GENERIC_ERROR; -+ } -+ -+ req_msg = (struct ns_openamp_msg *)req; -+ -+ req_msg->call_type = OPENAMP_PSA_CONNECT; -+ req_msg->params.psa_connect_params.sid = sid; -+ req_msg->params.psa_connect_params.version = version; -+ -+ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp, -+ &resp_len); -+ if (ret != TS_RPC_CALL_ACCEPTED) { -+ EMSG("psa_connect: invoke failed: %d", ret); -+ return PSA_ERROR_GENERIC_ERROR; -+ } -+ -+ if (psa_status == PSA_SUCCESS) -+ resp_msg = (struct s_openamp_msg *)resp; -+ -+ rpc_caller_end(caller, rpc_handle); -+ -+ return resp_msg ? (psa_handle_t)resp_msg->reply : PSA_NULL_HANDLE; -+} -+ -+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle, -+ int32_t type, const struct psa_invec *in_vec, -+ size_t in_len, struct psa_outvec *out_vec, size_t out_len) -+{ -+ -+} -+ -+void psa_close(struct rpc_caller *caller, psa_handle_t handle) -+{ -+ psa_status_t psa_status = PSA_SUCCESS; -+ struct s_openamp_msg *resp_msg = NULL; -+ struct ns_openamp_msg *req_msg; -+ rpc_call_handle rpc_handle; -+ size_t resp_len; -+ uint8_t *resp; -+ uint8_t *req; -+ int ret; -+ -+ rpc_handle = rpc_caller_begin(caller, &req, -+ sizeof(struct ns_openamp_msg)); -+ if (!rpc_handle) { -+ EMSG("psa_close: could not get handle"); -+ return; -+ } -+ -+ req_msg = (struct ns_openamp_msg *)req; -+ -+ req_msg->call_type = OPENAMP_PSA_CLOSE; -+ req_msg->params.psa_close_params.handle = handle; -+ -+ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp, -+ &resp_len); -+ if (ret != TS_RPC_CALL_ACCEPTED) { -+ EMSG("psa_close: invoke failed: %d", ret); -+ return; -+ } -+ -+ rpc_caller_end(caller, rpc_handle); -+} -diff --git a/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h b/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h -new file mode 100644 -index 00000000..33ea9666 ---- /dev/null -+++ b/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h -@@ -0,0 +1,131 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef SERVICE_PSA_IPC_OPENAMP_LIB_H -+#define SERVICE_PSA_IPC_OPENAMP_LIB_H -+ -+#include -+#include -+ -+#include -+#include -+ -+#include -+#include -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/* PSA client call type value */ -+#define OPENAMP_PSA_FRAMEWORK_VERSION (0x1) -+#define OPENAMP_PSA_VERSION (0x2) -+#define OPENAMP_PSA_CONNECT (0x3) -+#define OPENAMP_PSA_CALL (0x4) -+#define OPENAMP_PSA_CLOSE (0x5) -+ -+/* Return code of openamp APIs */ -+#define OPENAMP_SUCCESS (0) -+#define OPENAMP_MAP_FULL (INT32_MIN + 1) -+#define OPENAMP_MAP_ERROR (INT32_MIN + 2) -+#define OPENAMP_INVAL_PARAMS (INT32_MIN + 3) -+#define OPENAMP_NO_PERMS (INT32_MIN + 4) -+#define OPENAMP_NO_PEND_EVENT (INT32_MIN + 5) -+#define OPENAMP_CHAN_BUSY (INT32_MIN + 6) -+#define OPENAMP_CALLBACK_REG_ERROR (INT32_MIN + 7) -+#define OPENAMP_INIT_ERROR (INT32_MIN + 8) -+ -+#define HOLD_INPUT_BUFFER (1) /* IF true, TF-M Library will hold the openamp -+ * buffer so that openamp shared memory buffer -+ * does not get freed. -+ */ -+ -+/* -+ * This structure holds the parameters used in a PSA client call. -+ */ -+typedef struct __packed psa_client_in_params { -+ union { -+ struct __packed { -+ uint32_t sid; -+ } psa_version_params; -+ -+ struct __packed { -+ uint32_t sid; -+ uint32_t version; -+ } psa_connect_params; -+ -+ struct __packed { -+ psa_handle_t handle; -+ int32_t type; -+ uint32_t in_vec; -+ uint32_t in_len; -+ uint32_t out_vec; -+ uint32_t out_len; -+ } psa_call_params; -+ -+ struct __packed { -+ psa_handle_t handle; -+ } psa_close_params; -+ }; -+} psa_client_in_params_t; -+ -+/* Openamp message passed from NSPE to SPE to deliver a PSA client call */ -+struct __packed ns_openamp_msg { -+ uint32_t call_type; /* PSA client call type */ -+ struct psa_client_in_params params; /* Contain parameters used in PSA -+ * client call -+ */ -+ -+ int32_t client_id; /* Optional client ID of the -+ * non-secure caller. -+ * It is required to identify the -+ * non-secure task when NSPE OS -+ * enforces non-secure task -+ * isolation -+ */ -+ int32_t request_id; /* This is the unique ID for a -+ * request send to TF-M by the -+ * non-secure core. TF-M forward -+ * the ID back to non-secure on the -+ * reply to a given request. Using -+ * this id, the non-secure library -+ * can identify the request for -+ * which the reply has received. -+ */ -+}; -+ -+/* -+ * This structure holds the location of the out data of the PSA client call. -+ */ -+struct __packed psa_client_out_params { -+ uint32_t out_vec; -+ uint32_t out_len; -+}; -+ -+ -+/* Openamp message from SPE to NSPE delivering the reply back for a PSA client -+ * call. -+ */ -+struct __packed s_openamp_msg { -+ int32_t request_id; /* Using this id, the non-secure -+ * library identifies the request. -+ * TF-M forwards the same -+ * request-id received on the -+ * initial request. -+ */ -+ int32_t reply; /* Reply of the PSA client call */ -+ struct psa_client_out_params params; /* Contain out data result of the -+ * PSA client call. -+ */ -+}; -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* SERVICE_PSA_IPC_OPENAMP_LIB_H */ -+ -+ -diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt -index 1511bbad..e0e0e12b 100644 ---- a/deployments/se-proxy/opteesp/CMakeLists.txt -+++ b/deployments/se-proxy/opteesp/CMakeLists.txt -@@ -54,6 +54,7 @@ add_components(TARGET "se-proxy" - "components/service/common/include" - "components/service/common/serializer/protobuf" - "components/service/common/client" -+ "components/service/common/psa_ipc" - "components/service/common/provider" - "components/service/discovery/provider" - "components/service/discovery/provider/serializer/packed-c" diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0012-Add-secure-storage-ipc-backend.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0012-Add-secure-storage-ipc-backend.patch deleted file mode 100644 index 068468b8..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0012-Add-secure-storage-ipc-backend.patch +++ /dev/null @@ -1,523 +0,0 @@ -From 962056a9c8115e9228719d46b09da983678ab024 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath -Date: Fri, 3 Dec 2021 19:19:24 +0000 -Subject: [PATCH] Add secure storage ipc backend - -Add secure storage ipc ff-m implementation which may use -openamp as rpc to communicate with other processor. - -Signed-off-by: Rui Miguel Silva - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath - - ---- - .../service/common/psa_ipc/service_psa_ipc.c | 143 +++++++++++- - .../secure_storage_ipc/component.cmake | 14 ++ - .../secure_storage_ipc/secure_storage_ipc.c | 214 ++++++++++++++++++ - .../secure_storage_ipc/secure_storage_ipc.h | 52 +++++ - deployments/se-proxy/opteesp/CMakeLists.txt | 1 + - 5 files changed, 420 insertions(+), 4 deletions(-) - create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/component.cmake - create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c - create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h - -diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c -index e8093c20..95a07c13 100644 ---- a/components/service/common/psa_ipc/service_psa_ipc.c -+++ b/components/service/common/psa_ipc/service_psa_ipc.c -@@ -16,6 +16,52 @@ - #include - #include "service_psa_ipc_openamp_lib.h" - -+static struct psa_invec *psa_call_in_vec_param(uint8_t *req) -+{ -+ return (struct psa_invec *)(req + sizeof(struct ns_openamp_msg)); -+} -+ -+static struct psa_outvec *psa_call_out_vec_param(uint8_t *req, size_t in_len) -+{ -+ return (struct psa_outvec *)(req + sizeof(struct ns_openamp_msg) + -+ (in_len * sizeof(struct psa_invec))); -+} -+ -+static size_t psa_call_header_len(const struct psa_invec *in_vec, size_t in_len, -+ struct psa_outvec *out_vec, size_t out_len) -+{ -+ return sizeof(struct ns_openamp_msg) + (in_len * sizeof(*in_vec)) + -+ (out_len * sizeof(*out_vec)); -+} -+ -+static size_t psa_call_in_vec_len(const struct psa_invec *in_vec, size_t in_len) -+{ -+ size_t req_len = 0; -+ int i; -+ -+ if (!in_vec || !in_len) -+ return 0; -+ -+ for (i = 0; i < in_len; i++) -+ req_len += in_vec[i].len; -+ -+ return req_len; -+} -+ -+static size_t psa_call_out_vec_len(const struct psa_outvec *out_vec, size_t out_len) -+{ -+ size_t resp_len = 0; -+ int i; -+ -+ if (!out_vec || !out_len) -+ return 0; -+ -+ for (i = 0; i < out_len; i++) -+ resp_len += out_vec[i].len; -+ -+ return resp_len; -+} -+ - psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, - uint32_t version) - { -@@ -31,7 +77,7 @@ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, - rpc_handle = rpc_caller_begin(caller, &req, - sizeof(struct ns_openamp_msg)); - if (!rpc_handle) { -- EMSG("psa_connect: could not get handle"); -+ EMSG("psa_connect: could not get rpc handle"); - return PSA_ERROR_GENERIC_ERROR; - } - -@@ -56,14 +102,100 @@ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, - return resp_msg ? (psa_handle_t)resp_msg->reply : PSA_NULL_HANDLE; - } - --psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle, -+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle, - int32_t type, const struct psa_invec *in_vec, - size_t in_len, struct psa_outvec *out_vec, size_t out_len) - { -+ psa_status_t psa_status = PSA_SUCCESS; -+ struct s_openamp_msg *resp_msg = NULL; -+ struct psa_outvec *out_vec_param; -+ struct psa_invec *in_vec_param; -+ struct ns_openamp_msg *req_msg; -+ rpc_call_handle rpc_handle; -+ size_t out_vec_len; -+ size_t in_vec_len; -+ size_t header_len; -+ uint8_t *payload; -+ size_t resp_len; -+ uint8_t *resp; -+ uint8_t *req; -+ int ret; -+ int i; -+ -+ if ((psa_handle == PSA_NULL_HANDLE) || !caller) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ header_len = psa_call_header_len(in_vec, in_len, out_vec, out_len); -+ in_vec_len = psa_call_in_vec_len(in_vec, in_len); -+ out_vec_len = psa_call_out_vec_len(out_vec, out_len); - -+ rpc_handle = rpc_caller_begin(caller, &req, header_len + in_vec_len); -+ if (!rpc_handle) { -+ EMSG("psa_call: could not get handle"); -+ return PSA_ERROR_GENERIC_ERROR; -+ } -+ -+ payload = req + header_len; -+ -+ out_vec_param = psa_call_out_vec_param(req, in_len); -+ in_vec_param = psa_call_in_vec_param(req); -+ -+ req_msg = (struct ns_openamp_msg *)req; -+ -+ req_msg->call_type = OPENAMP_PSA_CALL; -+ req_msg->request_id = 1234; -+ req_msg->params.psa_call_params.handle = psa_handle; -+ req_msg->params.psa_call_params.type = type; -+ req_msg->params.psa_call_params.in_len = in_len; -+ req_msg->params.psa_call_params.in_vec = rpc_caller_virt_to_phys(caller, in_vec_param); -+ req_msg->params.psa_call_params.out_len = out_len; -+ req_msg->params.psa_call_params.out_vec = rpc_caller_virt_to_phys(caller, out_vec_param); -+ -+ for (i = 0; i < in_len; i++) { -+ in_vec_param[i].base = rpc_caller_virt_to_phys(caller, payload); -+ in_vec_param[i].len = in_vec[i].len; -+ -+ memcpy(payload, in_vec[i].base, in_vec[i].len); -+ payload += in_vec[i].len; -+ } -+ -+ for (i = 0; i < out_len; i++) { -+ out_vec_param[i].base = NULL; -+ out_vec_param[i].len = out_vec[i].len; -+ } -+ -+ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp, -+ &resp_len); -+ if (ret != TS_RPC_CALL_ACCEPTED) { -+ EMSG("psa_call: invoke failed: %d", ret); -+ return PSA_ERROR_GENERIC_ERROR; -+ } -+ -+ if (psa_status != PSA_SUCCESS) { -+ EMSG("psa_call: psa_status invoke failed: %d", psa_status); -+ return PSA_ERROR_GENERIC_ERROR; -+ } -+ -+ resp_msg = (struct s_openamp_msg *)resp; -+ -+ if (!resp_msg || !out_len || resp_msg->reply != PSA_SUCCESS) -+ goto caller_end; -+ -+ out_vec_param = (struct psa_outvec *)rpc_caller_phys_to_virt(caller, -+ resp_msg->params.out_vec); -+ -+ for (i = 0; i < resp_msg->params.out_len; i++) { -+ memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base), -+ out_vec[i].len); -+ } -+ -+caller_end: -+ rpc_caller_end(caller, rpc_handle); -+ -+ return resp_msg ? resp_msg->reply : PSA_ERROR_COMMUNICATION_FAILURE; - } - --void psa_close(struct rpc_caller *caller, psa_handle_t handle) -+void psa_close(struct rpc_caller *caller, psa_handle_t psa_handle) - { - psa_status_t psa_status = PSA_SUCCESS; - struct s_openamp_msg *resp_msg = NULL; -@@ -74,6 +206,9 @@ void psa_close(struct rpc_caller *caller, psa_handle_t handle) - uint8_t *req; - int ret; - -+ if ((psa_handle == PSA_NULL_HANDLE) || !caller) -+ return; -+ - rpc_handle = rpc_caller_begin(caller, &req, - sizeof(struct ns_openamp_msg)); - if (!rpc_handle) { -@@ -84,7 +219,7 @@ void psa_close(struct rpc_caller *caller, psa_handle_t handle) - req_msg = (struct ns_openamp_msg *)req; - - req_msg->call_type = OPENAMP_PSA_CLOSE; -- req_msg->params.psa_close_params.handle = handle; -+ req_msg->params.psa_close_params.handle = psa_handle; - - ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp, - &resp_len); -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/component.cmake b/components/service/secure_storage/backend/secure_storage_ipc/component.cmake -new file mode 100644 -index 00000000..5d8f6714 ---- /dev/null -+++ b/components/service/secure_storage/backend/secure_storage_ipc/component.cmake -@@ -0,0 +1,14 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/secure_storage_ipc.c" -+ ) -+ -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -new file mode 100644 -index 00000000..9b55f77d ---- /dev/null -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -@@ -0,0 +1,214 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include -+#include "secure_storage_ipc.h" -+#include -+#include -+#include -+#include -+#include -+ -+ -+static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id, -+ psa_storage_uid_t uid, size_t data_length, -+ const void *p_data, psa_storage_create_flags_t create_flags) -+{ -+ struct secure_storage_ipc *ipc = context; -+ struct rpc_caller *caller = ipc->client.caller; -+ psa_handle_t psa_handle; -+ psa_status_t psa_status; -+ struct psa_invec in_vec[] = { -+ { .base = &uid, .len = sizeof(uid) }, -+ { .base = p_data, .len = data_length }, -+ { .base = &create_flags, .len = sizeof(create_flags) }, -+ }; -+ -+ (void)client_id; -+ -+ ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED; -+ -+ /* Validating input parameters */ -+ if (p_data == NULL) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -+ TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0); -+ if (psa_status < 0) -+ EMSG("ipc_set: psa_call failed: %d", psa_status); -+ -+ return psa_status; -+} -+ -+static psa_status_t secure_storage_ipc_get(void *context, -+ uint32_t client_id, -+ psa_storage_uid_t uid, -+ size_t data_offset, -+ size_t data_size, -+ void *p_data, -+ size_t *p_data_length) -+{ -+ struct secure_storage_ipc *ipc = context; -+ struct rpc_caller *caller = ipc->client.caller; -+ psa_handle_t psa_handle; -+ psa_status_t psa_status; -+ uint32_t offset = (uint32_t)data_offset; -+ struct psa_invec in_vec[] = { -+ { .base = &uid, .len = sizeof(uid) }, -+ { .base = &offset, .len = sizeof(offset) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = p_data, .len = data_size }, -+ }; -+ -+ if (!p_data_length) { -+ EMSG("ipc_get: p_data_length not defined"); -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -+ TFM_PS_GET, in_vec, IOVEC_LEN(in_vec), -+ out_vec, IOVEC_LEN(out_vec)); -+ if (psa_status == PSA_SUCCESS) -+ *p_data_length = out_vec[0].len; -+ -+ return psa_status; -+} -+ -+static psa_status_t secure_storage_ipc_get_info(void *context, -+ uint32_t client_id, -+ psa_storage_uid_t uid, -+ struct psa_storage_info_t *p_info) -+{ -+ struct secure_storage_ipc *ipc = context; -+ struct rpc_caller *caller = ipc->client.caller; -+ psa_handle_t psa_handle; -+ psa_status_t psa_status; -+ struct psa_invec in_vec[] = { -+ { .base = &uid, .len = sizeof(uid) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = p_info, .len = sizeof(*p_info) }, -+ }; -+ -+ (void)client_id; -+ -+ /* Validating input parameters */ -+ if (!p_info) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -+ TFM_PS_GET_INFO, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ if (psa_status != PSA_SUCCESS) -+ EMSG("ipc_get_info: failed to psa_call: %d", psa_status); -+ -+ return psa_status; -+} -+ -+static psa_status_t secure_storage_ipc_remove(void *context, -+ uint32_t client_id, -+ psa_storage_uid_t uid) -+{ -+ struct secure_storage_ipc *ipc = context; -+ struct rpc_caller *caller = ipc->client.caller; -+ psa_handle_t psa_handle; -+ psa_status_t psa_status; -+ struct psa_invec in_vec[] = { -+ { .base = &uid, .len = sizeof(uid) }, -+ }; -+ -+ (void)client_id; -+ -+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -+ TFM_PS_REMOVE, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ if (psa_status != PSA_SUCCESS) -+ EMSG("ipc_remove: failed to psa_call: %d", psa_status); -+ -+ return psa_status; -+} -+ -+static psa_status_t secure_storage_ipc_create(void *context, -+ uint32_t client_id, -+ uint64_t uid, -+ size_t capacity, -+ uint32_t create_flags) -+{ -+ (void)context; -+ (void)uid; -+ (void)client_id; -+ (void)capacity; -+ (void)create_flags; -+ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static psa_status_t secure_storage_set_extended(void *context, -+ uint32_t client_id, -+ uint64_t uid, -+ size_t data_offset, -+ size_t data_length, -+ const void *p_data) -+{ -+ (void)context; -+ (void)uid; -+ (void)client_id; -+ (void)data_offset; -+ (void)data_length; -+ (void)p_data; -+ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static uint32_t secure_storage_get_support(void *context, uint32_t client_id) -+{ -+ struct secure_storage_ipc *ipc = context; -+ struct rpc_caller *caller = ipc->client.caller; -+ psa_handle_t psa_handle; -+ psa_status_t psa_status; -+ uint32_t support_flags; -+ struct psa_outvec out_vec[] = { -+ { .base = &support_flags, .len = sizeof(support_flags) }, -+ }; -+ -+ (void)client_id; -+ -+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -+ TFM_PS_GET_SUPPORT, NULL, 0, -+ out_vec, IOVEC_LEN(out_vec)); -+ if (psa_status != PSA_SUCCESS) -+ EMSG("ipc_get_support: failed to psa_call: %d", psa_status); -+ -+ return psa_status; -+} -+ -+struct storage_backend *secure_storage_ipc_init(struct secure_storage_ipc *context, -+ struct rpc_caller *caller) -+{ -+ service_client_init(&context->client, caller); -+ -+ static const struct storage_backend_interface interface = -+ { -+ .set = secure_storage_ipc_set, -+ .get = secure_storage_ipc_get, -+ .get_info = secure_storage_ipc_get_info, -+ .remove = secure_storage_ipc_remove, -+ .create = secure_storage_ipc_create, -+ .set_extended = secure_storage_set_extended, -+ .get_support = secure_storage_get_support, -+ }; -+ -+ context->backend.context = context; -+ context->backend.interface = &interface; -+ -+ return &context->backend; -+} -+ -+void secure_storage_ipc_deinit(struct secure_storage_ipc *context) -+{ -+ service_client_deinit(&context->client); -+} -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h -new file mode 100644 -index 00000000..e8c1e8fd ---- /dev/null -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h -@@ -0,0 +1,52 @@ -+/* -+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef SECURE_STORAGE_IPC_H -+#define SECURE_STORAGE_IPC_H -+ -+#include -+#include -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/** -+ * @brief Secure storage ipc instance -+ */ -+struct secure_storage_ipc -+{ -+ struct storage_backend backend; -+ struct service_client client; -+}; -+ -+/** -+ * @brief Initialize a secure storage ipc client -+ * -+ * A secure storage client is a storage backend that makes RPC calls -+ * to a remote secure storage provider. -+ * -+ * @param[in] context Instance data -+ * @param[in] rpc_caller RPC caller instance -+ * -+ * -+ * @return Pointer to inialized storage backend or NULL on failure -+ */ -+struct storage_backend *secure_storage_ipc_init(struct secure_storage_ipc *context, -+ struct rpc_caller *caller); -+ -+/** -+ * @brief Deinitialize a secure storage ipc client -+ * -+ * @param[in] context Instance data -+ */ -+void secure_storage_ipc_deinit(struct secure_storage_ipc *context); -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* SECURE_STORAGE_IPC_H */ -diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt -index e0e0e12b..663177b7 100644 ---- a/deployments/se-proxy/opteesp/CMakeLists.txt -+++ b/deployments/se-proxy/opteesp/CMakeLists.txt -@@ -73,6 +73,7 @@ add_components(TARGET "se-proxy" - "components/service/crypto/factory/full" - "components/service/secure_storage/include" - "components/service/secure_storage/frontend/secure_storage_provider" -+ "components/service/secure_storage/backend/secure_storage_ipc" - "components/service/attestation/include" - "components/service/attestation/provider" - "components/service/attestation/provider/serializer/packed-c" diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0013-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0013-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch deleted file mode 100644 index 56964b5c..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0013-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 12b8b8bb28c96e6f121122939b7d23e6c7055f0f Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath -Date: Fri, 3 Dec 2021 19:25:34 +0000 -Subject: [PATCH] Use secure storage ipc and openamp for se_proxy - -Remove mock up backend for secure storage in se proxy -deployment and use instead the secure storage ipc backend with -openamp as rpc to secure enclave side. - -Signed-off-by: Rui Miguel Silva - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath - - ---- - .../se-proxy/opteesp/service_proxy_factory.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/deployments/se-proxy/opteesp/service_proxy_factory.c b/deployments/se-proxy/opteesp/service_proxy_factory.c -index acfb6e88..57290056 100644 ---- a/deployments/se-proxy/opteesp/service_proxy_factory.c -+++ b/deployments/se-proxy/opteesp/service_proxy_factory.c -@@ -6,15 +6,20 @@ - - #include - #include -+#include - #include - #include - #include - #include -+#include - - /* Stub backends */ - #include -+#include - #include - -+struct openamp_caller openamp; -+ - struct rpc_interface *attest_proxy_create(void) - { - struct rpc_interface *attest_iface; -@@ -47,10 +52,15 @@ struct rpc_interface *crypto_proxy_create(void) - - struct rpc_interface *ps_proxy_create(void) - { -- static struct mock_store ps_backend; - static struct secure_storage_provider ps_provider; -- -- struct storage_backend *backend = mock_store_init(&ps_backend); -+ static struct secure_storage_ipc ps_backend; -+ static struct rpc_caller *storage_caller; -+ struct storage_backend *backend; -+ -+ storage_caller = openamp_caller_init(&openamp); -+ if (!storage_caller) -+ return NULL; -+ backend = secure_storage_ipc_init(&ps_backend, &openamp.rpc_caller); - - return secure_storage_provider_init(&ps_provider, backend); - } diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0014-Add-uefi-variable-append-write-support.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0014-Add-uefi-variable-append-write-support.patch deleted file mode 100644 index cf7357e8..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0014-Add-uefi-variable-append-write-support.patch +++ /dev/null @@ -1,1162 +0,0 @@ -From 254f564c76320478e7b509faf279c0c493470657 Mon Sep 17 00:00:00 2001 -From: Julian Hall -Date: Thu, 2 Dec 2021 10:15:54 +0000 -Subject: [PATCH] Add uefi variable append write support - -Adds support for extending UEFI variable data handled by the -smm_variable service provider using the EFI_VARIABLE_APPEND_WRITE -attribute. - -Signed-off-by: Julian Hall -Change-Id: I7a6562327bc0a5ce5cd0e85276325227b83e9f9e - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath - - ---- - .../backend/test/variable_index_tests.cpp | 90 +++--- - .../backend/test/variable_store_tests.cpp | 40 ++- - .../backend/uefi_variable_store.c | 263 +++++++++++------- - .../smm_variable/backend/variable_index.c | 95 +++---- - .../smm_variable/backend/variable_index.h | 58 ++-- - .../backend/variable_index_iterator.c | 4 +- - .../backend/variable_index_iterator.h | 2 +- - .../service/smm_variable_service_tests.cpp | 48 ++++ - protocols/service/smm_variable/parameters.h | 3 + - 9 files changed, 364 insertions(+), 239 deletions(-) - -diff --git a/components/service/smm_variable/backend/test/variable_index_tests.cpp b/components/service/smm_variable/backend/test/variable_index_tests.cpp -index c8bacf97..8edc0e70 100644 ---- a/components/service/smm_variable/backend/test/variable_index_tests.cpp -+++ b/components/service/smm_variable/backend/test/variable_index_tests.cpp -@@ -69,34 +69,37 @@ TEST_GROUP(UefiVariableIndexTests) - - void create_variables() - { -- const struct variable_info *info = NULL; -+ struct variable_info *info = NULL; - -- info = variable_index_add_variable( -+ info = variable_index_add_entry( - &m_variable_index, - &guid_1, - name_1.size() * sizeof(int16_t), -- name_1.data(), -- EFI_VARIABLE_BOOTSERVICE_ACCESS); -- -+ name_1.data()); - CHECK_TRUE(info); -+ variable_index_set_variable( -+ info, -+ EFI_VARIABLE_BOOTSERVICE_ACCESS); - -- info = variable_index_add_variable( -+ info = variable_index_add_entry( - &m_variable_index, - &guid_2, - name_2.size() * sizeof(int16_t), -- name_2.data(), -- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS); -- -+ name_2.data()); - CHECK_TRUE(info); -+ variable_index_set_variable( -+ info, -+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS); - -- info = variable_index_add_variable( -+ info = variable_index_add_entry( - &m_variable_index, - &guid_1, - name_3.size() * sizeof(int16_t), -- name_3.data(), -- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS); -- -+ name_3.data()); - CHECK_TRUE(info); -+ variable_index_set_variable( -+ info, -+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS); - } - - static const size_t MAX_VARIABLES = 10; -@@ -111,7 +114,7 @@ TEST_GROUP(UefiVariableIndexTests) - - TEST(UefiVariableIndexTests, emptyIndexOperations) - { -- const struct variable_info *info = NULL; -+ struct variable_info *info = NULL; - - /* Expect not to find a variable */ - info = variable_index_find( -@@ -130,36 +133,34 @@ TEST(UefiVariableIndexTests, emptyIndexOperations) - POINTERS_EQUAL(NULL, info); - - /* Remove should silently return */ -- variable_index_remove_variable( -+ variable_index_clear_variable( - &m_variable_index, - info); - } - - TEST(UefiVariableIndexTests, addWithOversizedName) - { -- const struct variable_info *info = NULL; -+ struct variable_info *info = NULL; - std::vector name; - - name = to_variable_name(L"a long variable name that exceeds the length limit"); - -- info = variable_index_add_variable( -+ info = variable_index_add_entry( - &m_variable_index, - &guid_1, - name.size() * sizeof(int16_t), -- name.data(), -- EFI_VARIABLE_BOOTSERVICE_ACCESS); -+ name.data()); - - /* Expect the add to fail because of an oversized name */ - POINTERS_EQUAL(NULL, info); - - name = to_variable_name(L"a long variable name that fits!"); - -- info = variable_index_add_variable( -+ info = variable_index_add_entry( - &m_variable_index, - &guid_1, - name.size() * sizeof(int16_t), -- name.data(), -- EFI_VARIABLE_BOOTSERVICE_ACCESS); -+ name.data()); - - /* Expect the add succeed */ - CHECK_TRUE(info); -@@ -167,18 +168,17 @@ TEST(UefiVariableIndexTests, addWithOversizedName) - - TEST(UefiVariableIndexTests, variableIndexFull) - { -- const struct variable_info *info = NULL; -+ struct variable_info *info = NULL; - EFI_GUID guid = guid_1; - - /* Expect to be able to fill the index */ - for (size_t i = 0; i < MAX_VARIABLES; ++i) { - -- info = variable_index_add_variable( -+ info = variable_index_add_entry( - &m_variable_index, - &guid, - name_1.size() * sizeof(int16_t), -- name_1.data(), -- EFI_VARIABLE_BOOTSERVICE_ACCESS); -+ name_1.data()); - - CHECK_TRUE(info); - -@@ -187,12 +187,11 @@ TEST(UefiVariableIndexTests, variableIndexFull) - } - - /* Variable index should now be full */ -- info = variable_index_add_variable( -+ info = variable_index_add_entry( - &m_variable_index, - &guid, - name_1.size() * sizeof(int16_t), -- name_1.data(), -- EFI_VARIABLE_BOOTSERVICE_ACCESS); -+ name_1.data()); - - POINTERS_EQUAL(NULL, info); - } -@@ -323,7 +322,7 @@ TEST(UefiVariableIndexTests, dumpBufferTooSmall) - TEST(UefiVariableIndexTests, removeVariable) - { - uint8_t buffer[MAX_VARIABLES * sizeof(struct variable_metadata)]; -- const struct variable_info *info = NULL; -+ struct variable_info *info = NULL; - - create_variables(); - -@@ -334,7 +333,7 @@ TEST(UefiVariableIndexTests, removeVariable) - name_2.size() * sizeof(int16_t), - name_2.data()); - -- variable_index_remove_variable( -+ variable_index_clear_variable( - &m_variable_index, - info); - -@@ -352,7 +351,7 @@ TEST(UefiVariableIndexTests, removeVariable) - name_1.size() * sizeof(int16_t), - name_1.data()); - -- variable_index_remove_variable( -+ variable_index_clear_variable( - &m_variable_index, - info); - -@@ -370,7 +369,7 @@ TEST(UefiVariableIndexTests, removeVariable) - name_3.size() * sizeof(int16_t), - name_3.data()); - -- variable_index_remove_variable( -+ variable_index_clear_variable( - &m_variable_index, - info); - -@@ -395,7 +394,7 @@ TEST(UefiVariableIndexTests, removeVariable) - - TEST(UefiVariableIndexTests, checkIterator) - { -- const struct variable_info *info = NULL; -+ struct variable_info *info = NULL; - - create_variables(); - -@@ -419,7 +418,7 @@ TEST(UefiVariableIndexTests, checkIterator) - UNSIGNED_LONGS_EQUAL(name_2.size() * sizeof(int16_t), info->metadata.name_size); - MEMCMP_EQUAL(name_2.data(), info->metadata.name, info->metadata.name_size); - -- const struct variable_info *info_to_remove = info; -+ struct variable_info *info_to_remove = info; - - variable_index_iterator_next(&iter); - CHECK_FALSE(variable_index_iterator_is_done(&iter)); -@@ -435,7 +434,8 @@ TEST(UefiVariableIndexTests, checkIterator) - CHECK_TRUE(variable_index_iterator_is_done(&iter)); - - /* Now remove the middle entry */ -- variable_index_remove_variable(&m_variable_index, info_to_remove); -+ variable_index_clear_variable(&m_variable_index, info_to_remove); -+ variable_index_remove_unused_entry(&m_variable_index, info_to_remove); - - /* Iterate again but this time there should only be two entries */ - variable_index_iterator_first(&iter, &m_variable_index); -@@ -478,7 +478,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsExistingVar) - constraints.max_size = 100; - - /* Set check constraints on one of the variables */ -- const struct variable_info *info = variable_index_find( -+ struct variable_info *info = variable_index_find( - &m_variable_index, - &guid_2, - name_2.size() * sizeof(int16_t), -@@ -488,7 +488,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsExistingVar) - CHECK_TRUE(info->is_variable_set); - CHECK_FALSE(info->is_constraints_set); - -- variable_index_update_constraints(info, &constraints); -+ variable_index_set_constraints(info, &constraints); - - CHECK_TRUE(info->is_constraints_set); - CHECK_TRUE(info->is_variable_set); -@@ -496,7 +496,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsExistingVar) - /* Remove the variable but still expect the variable to be indexed - * because of the set constraints. - */ -- variable_index_remove_variable( -+ variable_index_clear_variable( - &m_variable_index, - info); - -@@ -588,7 +588,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsNonExistingVar) - constraints.max_size = 100; - - /* Initially expect no variable_info */ -- const struct variable_info *info = variable_index_find( -+ struct variable_info *info = variable_index_find( - &m_variable_index, - &guid_2, - name_2.size() * sizeof(int16_t), -@@ -597,19 +597,19 @@ TEST(UefiVariableIndexTests, setCheckConstraintsNonExistingVar) - CHECK_FALSE(info); - - /* Adding the check constraints should result in an entry being added */ -- info = variable_index_add_constraints( -+ info = variable_index_add_entry( - &m_variable_index, - &guid_2, - name_2.size() * sizeof(int16_t), -- name_2.data(), -- &constraints); -- -+ name_2.data()); - CHECK_TRUE(info); -+ -+ variable_index_set_constraints(info, &constraints); - CHECK_FALSE(info->is_variable_set); - CHECK_TRUE(info->is_constraints_set); - - /* Updating the variable should cause the variable to be marked as set */ -- variable_index_update_variable(info, EFI_VARIABLE_RUNTIME_ACCESS); -+ variable_index_set_variable(info, EFI_VARIABLE_RUNTIME_ACCESS); - - CHECK_TRUE(info->is_variable_set); - CHECK_TRUE(info->is_constraints_set); -diff --git a/components/service/smm_variable/backend/test/variable_store_tests.cpp b/components/service/smm_variable/backend/test/variable_store_tests.cpp -index f6aba13a..578f118f 100644 ---- a/components/service/smm_variable/backend/test/variable_store_tests.cpp -+++ b/components/service/smm_variable/backend/test/variable_store_tests.cpp -@@ -250,6 +250,21 @@ TEST(UefiVariableStoreTests, setGetRoundtrip) - /* Expect got variable data to be the same as the set value */ - UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); - LONGS_EQUAL(0, input_data.compare(output_data)); -+ -+ /* Extend the variable using an append write */ -+ std::string input_data2 = " jumps over the lazy dog"; -+ -+ status = set_variable(var_name, input_data2, EFI_VARIABLE_APPEND_WRITE); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -+ -+ status = get_variable(var_name, output_data); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -+ -+ std::string expected_output = input_data + input_data2; -+ -+ /* Expect the append write operation to have extended the variable */ -+ UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size()); -+ LONGS_EQUAL(0, expected_output.compare(output_data)); - } - - TEST(UefiVariableStoreTests, persistentSetGet) -@@ -259,7 +274,8 @@ TEST(UefiVariableStoreTests, persistentSetGet) - std::string input_data = "quick brown fox"; - std::string output_data; - -- status = set_variable(var_name, input_data, EFI_VARIABLE_NON_VOLATILE); -+ status = set_variable(var_name, input_data, -+ EFI_VARIABLE_NON_VOLATILE); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - - status = get_variable(var_name, output_data); -@@ -269,6 +285,22 @@ TEST(UefiVariableStoreTests, persistentSetGet) - UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); - LONGS_EQUAL(0, input_data.compare(output_data)); - -+ /* Extend the variable using an append write */ -+ std::string input_data2 = " jumps over the lazy dog"; -+ -+ status = set_variable(var_name, input_data2, -+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_APPEND_WRITE); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -+ -+ status = get_variable(var_name, output_data); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -+ -+ std::string expected_output = input_data + input_data2; -+ -+ /* Expect the append write operation to have extended the variable */ -+ UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size()); -+ LONGS_EQUAL(0, expected_output.compare(output_data)); -+ - /* Expect the variable to survive a power cycle */ - power_cycle(); - -@@ -277,8 +309,8 @@ TEST(UefiVariableStoreTests, persistentSetGet) - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - - /* Still expect got variable data to be the same as the set value */ -- UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); -- LONGS_EQUAL(0, input_data.compare(output_data)); -+ UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size()); -+ LONGS_EQUAL(0, expected_output.compare(output_data)); - } - - TEST(UefiVariableStoreTests, removeVolatile) -@@ -317,7 +349,7 @@ TEST(UefiVariableStoreTests, removePersistent) - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - - /* Remove by setting with zero data length */ -- status = set_variable(var_name, std::string(), 0); -+ status = set_variable(var_name, std::string(), EFI_VARIABLE_NON_VOLATILE); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - - /* Expect variable to no loger exist */ -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index b7091d75..bcb85995 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -46,6 +46,13 @@ static efi_status_t load_variable_data( - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var, - size_t max_data_len); - -+static psa_status_t append_write( -+ struct storage_backend *storage_backend, -+ uint32_t client_id, -+ uint64_t uid, -+ size_t data_length, -+ const void *data); -+ - static void purge_orphan_index_entries( - struct uefi_variable_store *context); - -@@ -113,40 +120,45 @@ efi_status_t uefi_variable_store_set_variable( - struct uefi_variable_store *context, - const SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var) - { -+ bool should_sync_index = false; -+ -+ /* Validate incoming request */ - efi_status_t status = check_name_terminator(var->Name, var->NameSize); - if (status != EFI_SUCCESS) return status; - - status = check_capabilities(var); -- bool should_sync_index = false; -- - if (status != EFI_SUCCESS) return status; - -- /* Find in index */ -- const struct variable_info *info = variable_index_find( -+ /* Find an existing entry in the variable index or add a new one */ -+ struct variable_info *info = variable_index_find( - &context->variable_index, - &var->Guid, - var->NameSize, - var->Name); - -- if (info) { -+ if (!info) { - -- /* Variable info already exists */ -- status = check_access_permitted_on_set(context, info, var); -+ info = variable_index_add_entry( -+ &context->variable_index, -+ &var->Guid, -+ var->NameSize, -+ var->Name); - -- if (status == EFI_SUCCESS) { -+ if (!info) return EFI_OUT_OF_RESOURCES; -+ } - -- should_sync_index = -- (var->Attributes & EFI_VARIABLE_NON_VOLATILE) || -- (info->is_variable_set && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)); -+ /* Control access */ -+ status = check_access_permitted_on_set(context, info, var); - -- if (var->DataSize) { -+ if (status == EFI_SUCCESS) { - -- /* It's a set rather than a remove operation */ -- variable_index_update_variable( -- info, -- var->Attributes); -- } -- else { -+ /* Access permitted */ -+ if (info->is_variable_set) { -+ -+ /* It's a request to update to an existing variable */ -+ if (!(var->Attributes & -+ (EFI_VARIABLE_APPEND_WRITE | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK)) && -+ !var->DataSize) { - - /* It's a remove operation - for a remove, the variable - * data must be removed from the storage backend before -@@ -155,30 +167,29 @@ efi_status_t uefi_variable_store_set_variable( - * the storage backend without a corresponding index entry. - */ - remove_variable_data(context, info); -- variable_index_remove_variable(&context->variable_index, info); -+ variable_index_clear_variable(&context->variable_index, info); - -- /* Variable info no longer valid */ -- info = NULL; -+ should_sync_index = (var->Attributes & EFI_VARIABLE_NON_VOLATILE); -+ } -+ else { -+ -+ /* It's a set operation where variable data is potentially -+ * being overwritten or extended. -+ */ -+ if ((var->Attributes & ~EFI_VARIABLE_APPEND_WRITE) != info->metadata.attributes) { -+ -+ /* Modifying attributes is forbidden */ -+ return EFI_INVALID_PARAMETER; -+ } - } - } - else { - -- /* Access forbidden */ -- info = NULL; -- } -- } -- else if (var->DataSize) { -+ /* It's a request to create a new variable */ -+ variable_index_set_variable(info, var->Attributes); - -- /* It's a new variable */ -- info = variable_index_add_variable( -- &context->variable_index, -- &var->Guid, -- var->NameSize, -- var->Name, -- var->Attributes); -- -- if (!info) status = EFI_OUT_OF_RESOURCES; -- should_sync_index = info && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE); -+ should_sync_index = (var->Attributes & EFI_VARIABLE_NON_VOLATILE); -+ } - } - - /* The order of these operations is important. For an update -@@ -195,11 +206,13 @@ efi_status_t uefi_variable_store_set_variable( - } - - /* Store any variable data to the storage backend */ -- if (info && (status == EFI_SUCCESS)) { -+ if (info->is_variable_set && (status == EFI_SUCCESS)) { - - status = store_variable_data(context, info, var); - } - -+ variable_index_remove_unused_entry(&context->variable_index, info); -+ - return status; - } - -@@ -293,54 +306,42 @@ efi_status_t uefi_variable_store_set_var_check_property( - efi_status_t status = check_name_terminator(property->Name, property->NameSize); - if (status != EFI_SUCCESS) return status; - -- /* Find in index */ -- const struct variable_info *info = variable_index_find( -+ /* Find in index or create a new entry */ -+ struct variable_info *info = variable_index_find( - &context->variable_index, - &property->Guid, - property->NameSize, - property->Name); - -- if (info) { -+ if (!info) { - -- /* Applying check constraints to an existing variable that may have -- * constraints already set. These could constrain the setting of -- * the constraints. -- */ -- struct variable_constraints constraints = info->check_constraints; -- -- status = variable_checker_set_constraints( -- &constraints, -- info->is_constraints_set, -- &property->VariableProperty); -- -- if (status == EFI_SUCCESS) { -+ info = variable_index_add_entry( -+ &context->variable_index, -+ &property->Guid, -+ property->NameSize, -+ property->Name); - -- variable_index_update_constraints(info, &constraints); -- } -+ if (!info) return EFI_OUT_OF_RESOURCES; - } -- else { -- -- /* Applying check constraints for a new variable */ -- struct variable_constraints constraints; - -- status = variable_checker_set_constraints( -- &constraints, -- false, -- &property->VariableProperty); -+ /* Applying check constraints to an existing variable that may have -+ * constraints already set. These could constrain the setting of -+ * the constraints. -+ */ -+ struct variable_constraints constraints = info->check_constraints; - -- if (status == EFI_SUCCESS) { -+ status = variable_checker_set_constraints( -+ &constraints, -+ info->is_constraints_set, -+ &property->VariableProperty); - -- info = variable_index_add_constraints( -- &context->variable_index, -- &property->Guid, -- property->NameSize, -- property->Name, -- &constraints); -+ if (status == EFI_SUCCESS) { - -- if (!info) status = EFI_OUT_OF_RESOURCES; -- } -+ variable_index_set_constraints(info, &constraints); - } - -+ variable_index_remove_unused_entry(&context->variable_index, info); -+ - return status; - } - -@@ -440,7 +441,8 @@ static efi_status_t check_capabilities( - if (var->Attributes & ~( - EFI_VARIABLE_NON_VOLATILE | - EFI_VARIABLE_BOOTSERVICE_ACCESS | -- EFI_VARIABLE_RUNTIME_ACCESS)) { -+ EFI_VARIABLE_RUNTIME_ACCESS | -+ EFI_VARIABLE_APPEND_WRITE)) { - - /* An unsupported attribute has been requested */ - status = EFI_UNSUPPORTED; -@@ -486,17 +488,6 @@ static efi_status_t check_access_permitted_on_set( - var->DataSize); - } - -- if ((status == EFI_SUCCESS) && var->DataSize) { -- -- /* Restrict which attributes can be modified for an existing variable */ -- if ((var->Attributes & EFI_VARIABLE_NON_VOLATILE) != -- (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) { -- -- /* Don't permit change of storage class */ -- status = EFI_INVALID_PARAMETER; -- } -- } -- - return status; - } - -@@ -518,20 +509,34 @@ static efi_status_t store_variable_data( - - if (storage_backend) { - -- psa_status = storage_backend->interface->set( -- storage_backend->context, -- context->owner_id, -- info->metadata.uid, -- data_len, -- data, -- PSA_STORAGE_FLAG_NONE); -+ if (!(var->Attributes & EFI_VARIABLE_APPEND_WRITE)) { -+ -+ /* Create or overwrite variable data */ -+ psa_status = storage_backend->interface->set( -+ storage_backend->context, -+ context->owner_id, -+ info->metadata.uid, -+ data_len, -+ data, -+ PSA_STORAGE_FLAG_NONE); -+ } -+ else { -+ -+ /* Append new data to existing variable data */ -+ psa_status = append_write( -+ storage_backend, -+ context->owner_id, -+ info->metadata.uid, -+ data_len, -+ data); -+ } - } - - if ((psa_status != PSA_SUCCESS) && is_nv) { - - /* A storage failure has occurred so attempt to fix any -- * mismatch between the variable index and stored NV variables. -- */ -+ * mismatch between the variable index and stored NV variables. -+ */ - purge_orphan_index_entries(context); - } - -@@ -598,6 +603,76 @@ static efi_status_t load_variable_data( - return psa_to_efi_storage_status(psa_status); - } - -+static psa_status_t append_write( -+ struct storage_backend *storage_backend, -+ uint32_t client_id, -+ uint64_t uid, -+ size_t data_length, -+ const void *data) -+{ -+ struct psa_storage_info_t storage_info; -+ -+ if (data_length == 0) return PSA_SUCCESS; -+ -+ psa_status_t psa_status = storage_backend->interface->get_info( -+ storage_backend->context, -+ client_id, -+ uid, -+ &storage_info); -+ -+ if (psa_status != PSA_SUCCESS) return psa_status; -+ -+ /* Determine size of appended variable */ -+ size_t new_size = storage_info.size + data_length; -+ -+ /* Defend against integer overflow */ -+ if (new_size < storage_info.size) return PSA_ERROR_INVALID_ARGUMENT; -+ -+ /* Storage backend doesn't support an append operation so we need -+ * need to read the current variable data, extend it and write it back. -+ */ -+ uint8_t *rw_buf = malloc(new_size); -+ if (!rw_buf) return PSA_ERROR_INSUFFICIENT_MEMORY; -+ -+ size_t old_size = 0; -+ psa_status = storage_backend->interface->get( -+ storage_backend->context, -+ client_id, -+ uid, -+ 0, -+ new_size, -+ rw_buf, -+ &old_size); -+ -+ if (psa_status == PSA_SUCCESS) { -+ -+ if ((old_size + data_length) <= new_size) { -+ -+ /* Extend the variable data */ -+ memcpy(&rw_buf[old_size], data, data_length); -+ -+ psa_status = storage_backend->interface->set( -+ storage_backend->context, -+ client_id, -+ uid, -+ old_size + data_length, -+ rw_buf, -+ storage_info.flags); -+ } -+ else { -+ -+ /* There's a mismatch between the length obtained from -+ * get_info() and the subsequent length returned by get(). -+ */ -+ psa_status = PSA_ERROR_STORAGE_FAILURE; -+ } -+ } -+ -+ free(rw_buf); -+ -+ return psa_status; -+} -+ - static void purge_orphan_index_entries( - struct uefi_variable_store *context) - { -@@ -612,7 +687,7 @@ static void purge_orphan_index_entries( - */ - while (!variable_index_iterator_is_done(&iter)) { - -- const struct variable_info *info = variable_index_iterator_current(&iter); -+ struct variable_info *info = variable_index_iterator_current(&iter); - - if (info->is_variable_set && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) { - -@@ -628,7 +703,7 @@ static void purge_orphan_index_entries( - if (psa_status != PSA_SUCCESS) { - - /* Detected a mismatch between the index and storage */ -- variable_index_remove_variable(&context->variable_index, info); -+ variable_index_clear_variable(&context->variable_index, info); - any_orphans = true; - } - } -diff --git a/components/service/smm_variable/backend/variable_index.c b/components/service/smm_variable/backend/variable_index.c -index 99d7c97a..a8a55753 100644 ---- a/components/service/smm_variable/backend/variable_index.c -+++ b/components/service/smm_variable/backend/variable_index.c -@@ -132,13 +132,13 @@ size_t variable_index_max_dump_size( - return sizeof(struct variable_metadata) * context->max_variables; - } - --const struct variable_info *variable_index_find( -- const struct variable_index *context, -+struct variable_info *variable_index_find( -+ struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, - const int16_t *name) - { -- const struct variable_info *result = NULL; -+ struct variable_info *result = NULL; - int pos = find_variable(context, guid, name_size, name); - - if (pos >= 0) { -@@ -149,13 +149,13 @@ const struct variable_info *variable_index_find( - return result; - } - --const struct variable_info *variable_index_find_next( -+struct variable_info *variable_index_find_next( - const struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, - const int16_t *name) - { -- const struct variable_info *result = NULL; -+ struct variable_info *result = NULL; - - if (name_size >= sizeof(int16_t)) { - -@@ -263,12 +263,11 @@ static struct variable_entry *add_entry( - return entry; - } - --const struct variable_info *variable_index_add_variable( -+struct variable_info *variable_index_add_entry( - struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, -- const int16_t *name, -- uint32_t attributes) -+ const int16_t *name) - { - struct variable_info *info = NULL; - struct variable_entry *entry = add_entry(context, guid, name_size, name); -@@ -276,40 +275,41 @@ const struct variable_info *variable_index_add_variable( - if (entry) { - - info = &entry->info; -- -- info->metadata.attributes = attributes; -- info->is_variable_set = true; -- -- mark_dirty(entry); - } - - return info; - } - --const struct variable_info *variable_index_add_constraints( -+void variable_index_remove_unused_entry( - struct variable_index *context, -- const EFI_GUID *guid, -- size_t name_size, -- const int16_t *name, -- const struct variable_constraints *constraints) -+ struct variable_info *info) - { -- struct variable_info *info = NULL; -- struct variable_entry *entry = add_entry(context, guid, name_size, name); -- -- if (entry) { -+ if (info && -+ !info->is_constraints_set && -+ !info->is_variable_set) { - -- info = &entry->info; -+ struct variable_entry *entry = containing_entry(info); -+ entry->in_use = false; - -- info->check_constraints = *constraints; -- info->is_constraints_set = true; -+ memset(info, 0, sizeof(struct variable_info)); - } -+} - -- return info; -+void variable_index_set_variable( -+ struct variable_info *info, -+ uint32_t attributes) -+{ -+ struct variable_entry *entry = containing_entry(info); -+ -+ info->metadata.attributes = attributes; -+ info->is_variable_set = true; -+ -+ mark_dirty(entry); - } - --void variable_index_remove_variable( -+void variable_index_clear_variable( - struct variable_index *context, -- const struct variable_info *info) -+ struct variable_info *info) - { - if (info) { - -@@ -318,48 +318,17 @@ void variable_index_remove_variable( - - /* Mark variable as no longer set */ - entry->info.is_variable_set = false; -- -- /* Entry may still be needed if check constraints were set */ -- entry->in_use = info->is_constraints_set; -- -- if (!entry->in_use) { -- -- /* Entry not needed so wipe */ -- memset(&entry->info, 0, sizeof(struct variable_info)); -- } - } - } - --void variable_index_update_variable( -- const struct variable_info *info, -- uint32_t attributes) --{ -- if (info) { -- -- struct variable_info *modified_info = (struct variable_info*)info; -- struct variable_entry *entry = containing_entry(modified_info); -- -- if (!modified_info->is_variable_set || -- (attributes != modified_info->metadata.attributes)) { -- -- /* The update changes the variable_info state */ -- modified_info->is_variable_set = true; -- modified_info->metadata.attributes = attributes; -- mark_dirty(entry); -- } -- } --} -- --void variable_index_update_constraints( -- const struct variable_info *info, -+void variable_index_set_constraints( -+ struct variable_info *info, - const struct variable_constraints *constraints) - { - if (info) { - -- struct variable_info *modified_info = (struct variable_info*)info; -- -- modified_info->check_constraints = *constraints; -- modified_info->is_constraints_set = true; -+ info->check_constraints = *constraints; -+ info->is_constraints_set = true; - } - } - -diff --git a/components/service/smm_variable/backend/variable_index.h b/components/service/smm_variable/backend/variable_index.h -index e109d0d1..63f42ab6 100644 ---- a/components/service/smm_variable/backend/variable_index.h -+++ b/components/service/smm_variable/backend/variable_index.h -@@ -119,8 +119,8 @@ size_t variable_index_max_dump_size( - * - * @return Pointer to variable_info or NULL - */ --const struct variable_info *variable_index_find( -- const struct variable_index *context, -+struct variable_info *variable_index_find( -+ struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, - const int16_t *name); -@@ -135,78 +135,76 @@ const struct variable_info *variable_index_find( - * - * @return Pointer to variable_info or NULL - */ --const struct variable_info *variable_index_find_next( -+struct variable_info *variable_index_find_next( - const struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, - const int16_t *name); - - /** -- * @brief Add a new variable to the index -+ * @brief Add a new entry to the index -+ * -+ * An entry is needed either when a new variable is created or -+ * when variable constraints are set for a variable that doesn't -+ * yet exist. - * - * @param[in] context variable_index - * @param[in] guid The variable's guid - * @param[in] name_size The name parameter's size - * @param[in] name The variable's name -- * @param[in] attributes The variable's attributes - * - * @return Pointer to variable_info or NULL - */ --const struct variable_info *variable_index_add_variable( -+struct variable_info *variable_index_add_entry( - struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, -- const int16_t *name, -- uint32_t attributes); -+ const int16_t *name); - - /** -- * @brief Remove a variable from the index -+ * @brief Remove an unused entry from the index - * -- * Removes a variable from the index if it exists. -+ * Removes an entry if it is not in use. - * - * @param[in] context variable_index - * @param[in] info The variable info corresponding to the entry to remove - */ --void variable_index_remove_variable( -+void variable_index_remove_unused_entry( - struct variable_index *context, -- const struct variable_info *info); -+ struct variable_info *info); - - /** -- * @brief Update a variable that's already in the index -+ * @brief Set a variable to the index -+ * -+ * An entry for the variable must already exist. - * - * @param[in] info variable info - * @param[in] attributes The variable's attributes - */ --void variable_index_update_variable( -- const struct variable_info *info, -+void variable_index_set_variable( -+ struct variable_info *info, - uint32_t attributes); - - /** -- * @brief Add a new check constraints object to the index -+ * @brief Clear a variable from the index - * -- * @param[in] context variable_index -- * @param[in] guid The variable's guid -- * @param[in] name_size The name parameter's size -- * @param[in] name The variable's name -- * @param[in] constraints The check constraints -+ * Clears a variable from the index - * -- * @return Pointer to variable_info or NULL -+ * @param[in] context variable_index -+ * @param[in] info The variable info corresponding to the variable to clear - */ --const struct variable_info *variable_index_add_constraints( -+void variable_index_clear_variable( - struct variable_index *context, -- const EFI_GUID *guid, -- size_t name_size, -- const int16_t *name, -- const struct variable_constraints *constraints); -+ struct variable_info *info); - - /** -- * @brief Update variable constraints that are already in the index -+ * @brief Set a check constraints object associated with a variavle - * - * @param[in] info variable info - * @param[in] constraints The check constraints - */ --void variable_index_update_constraints( -- const struct variable_info *info, -+void variable_index_set_constraints( -+ struct variable_info *info, - const struct variable_constraints *constraints); - - /** -diff --git a/components/service/smm_variable/backend/variable_index_iterator.c b/components/service/smm_variable/backend/variable_index_iterator.c -index 7cc6dc7a..8f8fc741 100644 ---- a/components/service/smm_variable/backend/variable_index_iterator.c -+++ b/components/service/smm_variable/backend/variable_index_iterator.c -@@ -31,10 +31,10 @@ bool variable_index_iterator_is_done( - return iter->current_pos >= iter->variable_index->max_variables; - } - --const struct variable_info *variable_index_iterator_current( -+struct variable_info *variable_index_iterator_current( - const struct variable_index_iterator *iter) - { -- const struct variable_info *current = NULL; -+ struct variable_info *current = NULL; - - if (!variable_index_iterator_is_done(iter)) { - -diff --git a/components/service/smm_variable/backend/variable_index_iterator.h b/components/service/smm_variable/backend/variable_index_iterator.h -index f64a2c49..7ff77c50 100644 ---- a/components/service/smm_variable/backend/variable_index_iterator.h -+++ b/components/service/smm_variable/backend/variable_index_iterator.h -@@ -54,7 +54,7 @@ bool variable_index_iterator_is_done( - * - * @return Pointer to variable_info or NULL - */ --const struct variable_info *variable_index_iterator_current( -+struct variable_info *variable_index_iterator_current( - const struct variable_index_iterator *iter); - - /** -diff --git a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -index d76d9cce..088940a8 100644 ---- a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -+++ b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -@@ -249,6 +249,30 @@ TEST(SmmVariableServiceTests, setAndGet) - UNSIGNED_LONGS_EQUAL(set_data.size(), get_data.size()); - LONGS_EQUAL(0, get_data.compare(set_data)); - -+ /* Extend the variable using an append write */ -+ std::string append_data = " values added with append write"; -+ -+ efi_status = m_client->set_variable( -+ m_common_guid, -+ var_name, -+ append_data, -+ EFI_VARIABLE_APPEND_WRITE); -+ -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+ -+ efi_status = m_client->get_variable( -+ m_common_guid, -+ var_name, -+ get_data); -+ -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+ -+ std::string appended_data = set_data + append_data; -+ -+ /* Expect the append write operation to have extended the variable */ -+ UNSIGNED_LONGLONGS_EQUAL(appended_data.size(), get_data.size()); -+ LONGS_EQUAL(0, appended_data.compare(get_data)); -+ - /* Expect remove to be permitted */ - efi_status = m_client->remove_variable(m_common_guid, var_name); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -@@ -279,6 +303,30 @@ TEST(SmmVariableServiceTests, setAndGetNv) - UNSIGNED_LONGS_EQUAL(set_data.size(), get_data.size()); - LONGS_EQUAL(0, get_data.compare(set_data)); - -+ /* Extend the variable using an append write */ -+ std::string append_data = " values added with append write"; -+ -+ efi_status = m_client->set_variable( -+ m_common_guid, -+ var_name, -+ append_data, -+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_APPEND_WRITE); -+ -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+ -+ efi_status = m_client->get_variable( -+ m_common_guid, -+ var_name, -+ get_data); -+ -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+ -+ std::string appended_data = set_data + append_data; -+ -+ /* Expect the append write operation to have extended the variable */ -+ UNSIGNED_LONGLONGS_EQUAL(appended_data.size(), get_data.size()); -+ LONGS_EQUAL(0, appended_data.compare(get_data)); -+ - /* Expect remove to be permitted */ - efi_status = m_client->remove_variable(m_common_guid, var_name); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -diff --git a/protocols/service/smm_variable/parameters.h b/protocols/service/smm_variable/parameters.h -index 1f795a9b..233f301b 100644 ---- a/protocols/service/smm_variable/parameters.h -+++ b/protocols/service/smm_variable/parameters.h -@@ -47,6 +47,9 @@ typedef struct { - EFI_VARIABLE_HARDWARE_ERROR_RECORD | \ - EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \ - EFI_VARIABLE_APPEND_WRITE) -+#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK \ -+ (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \ -+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) - - /** - * Parameter structure for SetVariable and GetVariable. diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0015-Add-UEFI-variable-support-for-QueryVariableInfo.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0015-Add-UEFI-variable-support-for-QueryVariableInfo.patch deleted file mode 100644 index 978600dd..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0015-Add-UEFI-variable-support-for-QueryVariableInfo.patch +++ /dev/null @@ -1,830 +0,0 @@ -From c4eaf83548eed4ed6194ff9e1368d6ae65f4ebf9 Mon Sep 17 00:00:00 2001 -From: Julian Hall -Date: Thu, 2 Dec 2021 17:27:55 +0000 -Subject: [PATCH] Add UEFI variable support for QueryVariableInfo - -Adds support for the UEFI QueryVariableInfo operation. The total -store size currently relies on pre-configured values, set for a -particular deployment. Ideally, this information would be read -from the storage backend. This facility is not however yet -supported by the storage backend interface or by any PSA -storage backend storage providers. - -Signed-off-by: Julian Hall -Change-Id: I971252831f7e478914d736c672d184a371e64502 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath - - ---- - .../backend/test/variable_store_tests.cpp | 89 +++++++- - .../backend/uefi_variable_store.c | 213 ++++++++++++++---- - .../backend/uefi_variable_store.h | 39 +++- - .../client/cpp/smm_variable_client.cpp | 66 ++++++ - .../client/cpp/smm_variable_client.h | 7 + - .../provider/smm_variable_provider.c | 31 ++- - .../service/smm_variable_service_tests.cpp | 55 ++++- - 7 files changed, 445 insertions(+), 55 deletions(-) - -diff --git a/components/service/smm_variable/backend/test/variable_store_tests.cpp b/components/service/smm_variable/backend/test/variable_store_tests.cpp -index 578f118f..e90c1067 100644 ---- a/components/service/smm_variable/backend/test/variable_store_tests.cpp -+++ b/components/service/smm_variable/backend/test/variable_store_tests.cpp -@@ -27,6 +27,18 @@ TEST_GROUP(UefiVariableStoreTests) - - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - -+ uefi_variable_store_set_storage_limits( -+ &m_uefi_variable_store, -+ EFI_VARIABLE_NON_VOLATILE, -+ STORE_CAPACITY, -+ MAX_VARIABLE_SIZE); -+ -+ uefi_variable_store_set_storage_limits( -+ &m_uefi_variable_store, -+ 0, -+ STORE_CAPACITY, -+ MAX_VARIABLE_SIZE); -+ - setup_common_guid(); - } - -@@ -152,6 +164,33 @@ TEST_GROUP(UefiVariableStoreTests) - return status; - } - -+ efi_status_t query_variable_info( -+ uint32_t attributes, -+ size_t *max_variable_storage_size, -+ size_t *remaining_variable_storage_size, -+ size_t *max_variable_size) -+ { -+ SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO query; -+ -+ query.MaximumVariableStorageSize = 0; -+ query.RemainingVariableStorageSize = 0; -+ query.MaximumVariableSize = 0; -+ query.Attributes = attributes; -+ -+ efi_status_t status = uefi_variable_store_query_variable_info( -+ &m_uefi_variable_store, -+ &query); -+ -+ if (status == EFI_SUCCESS) { -+ -+ *max_variable_storage_size = query.MaximumVariableStorageSize; -+ *remaining_variable_storage_size = query.RemainingVariableStorageSize; -+ *max_variable_size = query.MaximumVariableSize; -+ } -+ -+ return status; -+ } -+ - efi_status_t set_check_var_property( - const std::wstring &name, - const VAR_CHECK_VARIABLE_PROPERTY &check_property) -@@ -195,7 +234,8 @@ TEST_GROUP(UefiVariableStoreTests) - - if (info && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) { - -- struct storage_backend *storage_backend = m_uefi_variable_store.persistent_store; -+ struct storage_backend *storage_backend = -+ m_uefi_variable_store.persistent_store.storage_backend; - - storage_backend->interface->remove( - storage_backend->context, -@@ -220,9 +260,24 @@ TEST_GROUP(UefiVariableStoreTests) - m_volatile_backend); - - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -+ -+ uefi_variable_store_set_storage_limits( -+ &m_uefi_variable_store, -+ EFI_VARIABLE_NON_VOLATILE, -+ STORE_CAPACITY, -+ MAX_VARIABLE_SIZE); -+ -+ uefi_variable_store_set_storage_limits( -+ &m_uefi_variable_store, -+ 0, -+ STORE_CAPACITY, -+ MAX_VARIABLE_SIZE); - } - - static const size_t MAX_VARIABLES = 10; -+ static const size_t MAX_VARIABLE_SIZE = 100; -+ static const size_t STORE_CAPACITY = 1000; -+ - static const uint32_t OWNER_ID = 100; - static const size_t VARIABLE_BUFFER_SIZE = 1024; - -@@ -265,6 +320,22 @@ TEST(UefiVariableStoreTests, setGetRoundtrip) - /* Expect the append write operation to have extended the variable */ - UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size()); - LONGS_EQUAL(0, expected_output.compare(output_data)); -+ -+ /* Expect query_variable_info to return consistent values */ -+ size_t max_variable_storage_size = 0; -+ size_t remaining_variable_storage_size = 0; -+ size_t max_variable_size = 0; -+ -+ status = query_variable_info( -+ 0, -+ &max_variable_storage_size, -+ &remaining_variable_storage_size, -+ &max_variable_size); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -+ -+ UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY, max_variable_storage_size); -+ UNSIGNED_LONGLONGS_EQUAL(MAX_VARIABLE_SIZE, max_variable_size); -+ UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY - expected_output.size(), remaining_variable_storage_size); - } - - TEST(UefiVariableStoreTests, persistentSetGet) -@@ -311,6 +382,22 @@ TEST(UefiVariableStoreTests, persistentSetGet) - /* Still expect got variable data to be the same as the set value */ - UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size()); - LONGS_EQUAL(0, expected_output.compare(output_data)); -+ -+ /* Expect query_variable_info to return consistent values */ -+ size_t max_variable_storage_size = 0; -+ size_t remaining_variable_storage_size = 0; -+ size_t max_variable_size = 0; -+ -+ status = query_variable_info( -+ EFI_VARIABLE_NON_VOLATILE, -+ &max_variable_storage_size, -+ &remaining_variable_storage_size, -+ &max_variable_size); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -+ -+ UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY, max_variable_storage_size); -+ UNSIGNED_LONGLONGS_EQUAL(MAX_VARIABLE_SIZE, max_variable_size); -+ UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY - expected_output.size(), remaining_variable_storage_size); - } - - TEST(UefiVariableStoreTests, removeVolatile) -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index bcb85995..ed50eaf9 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -46,8 +46,15 @@ static efi_status_t load_variable_data( - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var, - size_t max_data_len); - --static psa_status_t append_write( -- struct storage_backend *storage_backend, -+static psa_status_t store_overwrite( -+ struct delegate_variable_store *delegate_store, -+ uint32_t client_id, -+ uint64_t uid, -+ size_t data_length, -+ const void *data); -+ -+static psa_status_t store_append_write( -+ struct delegate_variable_store *delegate_store, - uint32_t client_id, - uint64_t uid, - size_t data_length, -@@ -56,6 +63,15 @@ static psa_status_t append_write( - static void purge_orphan_index_entries( - struct uefi_variable_store *context); - -+static struct delegate_variable_store *select_delegate_store( -+ struct uefi_variable_store *context, -+ uint32_t attributes); -+ -+static size_t space_used( -+ struct uefi_variable_store *context, -+ uint32_t attributes, -+ struct storage_backend *storage_backend); -+ - static efi_status_t psa_to_efi_storage_status( - psa_status_t psa_status); - -@@ -66,6 +82,10 @@ static efi_status_t check_name_terminator( - /* Private UID for storing the variable index */ - #define VARIABLE_INDEX_STORAGE_UID (1) - -+/* Default maximum variable size - -+ * may be overridden using uefi_variable_store_set_storage_limits() -+ */ -+#define DEFAULT_MAX_VARIABLE_SIZE (2048) - - efi_status_t uefi_variable_store_init( - struct uefi_variable_store *context, -@@ -76,8 +96,17 @@ efi_status_t uefi_variable_store_init( - { - efi_status_t status = EFI_SUCCESS; - -- context->persistent_store = persistent_store; -- context->volatile_store = volatile_store; -+ /* Initialise persistent store defaults */ -+ context->persistent_store.is_nv = true; -+ context->persistent_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE; -+ context->persistent_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables; -+ context->persistent_store.storage_backend = persistent_store; -+ -+ /* Initialise volatile store defaults */ -+ context->volatile_store.is_nv = false; -+ context->volatile_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE; -+ context->volatile_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables; -+ context->volatile_store.storage_backend = volatile_store; - - context->owner_id = owner_id; - context->is_boot_service = true; -@@ -116,6 +145,20 @@ void uefi_variable_store_deinit( - context->index_sync_buffer = NULL; - } - -+void uefi_variable_store_set_storage_limits( -+ struct uefi_variable_store *context, -+ uint32_t attributes, -+ size_t total_capacity, -+ size_t max_variable_size) -+{ -+ struct delegate_variable_store *delegate_store = select_delegate_store( -+ context, -+ attributes); -+ -+ delegate_store->total_capacity = total_capacity; -+ delegate_store->max_variable_size = max_variable_size; -+} -+ - efi_status_t uefi_variable_store_set_variable( - struct uefi_variable_store *context, - const SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var) -@@ -284,12 +327,24 @@ efi_status_t uefi_variable_store_get_next_variable_name( - - efi_status_t uefi_variable_store_query_variable_info( - struct uefi_variable_store *context, -- SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *cur) -+ SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *var_info) - { -- efi_status_t status = EFI_UNSUPPORTED; -+ struct delegate_variable_store *delegate_store = select_delegate_store( -+ context, -+ var_info->Attributes); - -+ size_t total_used = space_used( -+ context, -+ var_info->Attributes, -+ delegate_store->storage_backend); - -- return status; -+ var_info->MaximumVariableSize = delegate_store->max_variable_size; -+ var_info->MaximumVariableStorageSize = delegate_store->total_capacity; -+ var_info->RemainingVariableStorageSize = (total_used < delegate_store->total_capacity) ? -+ delegate_store->total_capacity - total_used : -+ 0; -+ -+ return EFI_SUCCESS; - } - - efi_status_t uefi_variable_store_exit_boot_service( -@@ -375,7 +430,7 @@ efi_status_t uefi_variable_store_get_var_check_property( - static void load_variable_index( - struct uefi_variable_store *context) - { -- struct storage_backend *persistent_store = context->persistent_store; -+ struct storage_backend *persistent_store = context->persistent_store.storage_backend; - - if (persistent_store) { - -@@ -413,7 +468,7 @@ static efi_status_t sync_variable_index( - - if (is_dirty) { - -- struct storage_backend *persistent_store = context->persistent_store; -+ struct storage_backend *persistent_store = context->persistent_store.storage_backend; - - if (persistent_store) { - -@@ -501,30 +556,27 @@ static efi_status_t store_variable_data( - const uint8_t *data = (const uint8_t*)var + - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(var); - -- bool is_nv = (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE); -- -- struct storage_backend *storage_backend = (is_nv) ? -- context->persistent_store : -- context->volatile_store; -+ struct delegate_variable_store *delegate_store = select_delegate_store( -+ context, -+ info->metadata.attributes); - -- if (storage_backend) { -+ if (delegate_store->storage_backend) { - - if (!(var->Attributes & EFI_VARIABLE_APPEND_WRITE)) { - - /* Create or overwrite variable data */ -- psa_status = storage_backend->interface->set( -- storage_backend->context, -+ psa_status = store_overwrite( -+ delegate_store, - context->owner_id, - info->metadata.uid, - data_len, -- data, -- PSA_STORAGE_FLAG_NONE); -+ data); - } - else { - - /* Append new data to existing variable data */ -- psa_status = append_write( -- storage_backend, -+ psa_status = store_append_write( -+ delegate_store, - context->owner_id, - info->metadata.uid, - data_len, -@@ -532,7 +584,7 @@ static efi_status_t store_variable_data( - } - } - -- if ((psa_status != PSA_SUCCESS) && is_nv) { -+ if ((psa_status != PSA_SUCCESS) && delegate_store->is_nv) { - - /* A storage failure has occurred so attempt to fix any - * mismatch between the variable index and stored NV variables. -@@ -551,16 +603,14 @@ static efi_status_t remove_variable_data( - - if (info->is_variable_set) { - -- bool is_nv = (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE); -+ struct delegate_variable_store *delegate_store = select_delegate_store( -+ context, -+ info->metadata.attributes); - -- struct storage_backend *storage_backend = (is_nv) ? -- context->persistent_store : -- context->volatile_store; -+ if (delegate_store->storage_backend) { - -- if (storage_backend) { -- -- psa_status = storage_backend->interface->remove( -- storage_backend->context, -+ psa_status = delegate_store->storage_backend->interface->remove( -+ delegate_store->storage_backend->context, - context->owner_id, - info->metadata.uid); - } -@@ -580,16 +630,14 @@ static efi_status_t load_variable_data( - uint8_t *data = (uint8_t*)var + - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(var); - -- bool is_nv = (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE); -+ struct delegate_variable_store *delegate_store = select_delegate_store( -+ context, -+ info->metadata.attributes); - -- struct storage_backend *storage_backend = (is_nv) ? -- context->persistent_store : -- context->volatile_store; -+ if (delegate_store->storage_backend) { - -- if (storage_backend) { -- -- psa_status = storage_backend->interface->get( -- storage_backend->context, -+ psa_status = delegate_store->storage_backend->interface->get( -+ delegate_store->storage_backend->context, - context->owner_id, - info->metadata.uid, - 0, -@@ -603,8 +651,29 @@ static efi_status_t load_variable_data( - return psa_to_efi_storage_status(psa_status); - } - --static psa_status_t append_write( -- struct storage_backend *storage_backend, -+static psa_status_t store_overwrite( -+ struct delegate_variable_store *delegate_store, -+ uint32_t client_id, -+ uint64_t uid, -+ size_t data_length, -+ const void *data) -+{ -+ /* Police maximum variable size limit */ -+ if (data_length > delegate_store->max_variable_size) return PSA_ERROR_INVALID_ARGUMENT; -+ -+ psa_status_t psa_status = delegate_store->storage_backend->interface->set( -+ delegate_store->storage_backend->context, -+ client_id, -+ uid, -+ data_length, -+ data, -+ PSA_STORAGE_FLAG_NONE); -+ -+ return psa_status; -+} -+ -+static psa_status_t store_append_write( -+ struct delegate_variable_store *delegate_store, - uint32_t client_id, - uint64_t uid, - size_t data_length, -@@ -614,8 +683,8 @@ static psa_status_t append_write( - - if (data_length == 0) return PSA_SUCCESS; - -- psa_status_t psa_status = storage_backend->interface->get_info( -- storage_backend->context, -+ psa_status_t psa_status = delegate_store->storage_backend->interface->get_info( -+ delegate_store->storage_backend->context, - client_id, - uid, - &storage_info); -@@ -628,6 +697,9 @@ static psa_status_t append_write( - /* Defend against integer overflow */ - if (new_size < storage_info.size) return PSA_ERROR_INVALID_ARGUMENT; - -+ /* Police maximum variable size limit */ -+ if (new_size > delegate_store->max_variable_size) return PSA_ERROR_INVALID_ARGUMENT; -+ - /* Storage backend doesn't support an append operation so we need - * need to read the current variable data, extend it and write it back. - */ -@@ -635,8 +707,8 @@ static psa_status_t append_write( - if (!rw_buf) return PSA_ERROR_INSUFFICIENT_MEMORY; - - size_t old_size = 0; -- psa_status = storage_backend->interface->get( -- storage_backend->context, -+ psa_status = delegate_store->storage_backend->interface->get( -+ delegate_store->storage_backend->context, - client_id, - uid, - 0, -@@ -651,8 +723,8 @@ static psa_status_t append_write( - /* Extend the variable data */ - memcpy(&rw_buf[old_size], data, data_length); - -- psa_status = storage_backend->interface->set( -- storage_backend->context, -+ psa_status = delegate_store->storage_backend->interface->set( -+ delegate_store->storage_backend->context, - client_id, - uid, - old_size + data_length, -@@ -692,7 +764,7 @@ static void purge_orphan_index_entries( - if (info->is_variable_set && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) { - - struct psa_storage_info_t storage_info; -- struct storage_backend *storage_backend = context->persistent_store; -+ struct storage_backend *storage_backend = context->persistent_store.storage_backend; - - psa_status_t psa_status = storage_backend->interface->get_info( - storage_backend->context, -@@ -714,6 +786,53 @@ static void purge_orphan_index_entries( - if (any_orphans) sync_variable_index(context); - } - -+static struct delegate_variable_store *select_delegate_store( -+ struct uefi_variable_store *context, -+ uint32_t attributes) -+{ -+ bool is_nv = (attributes & EFI_VARIABLE_NON_VOLATILE); -+ -+ return (is_nv) ? -+ &context->persistent_store : -+ &context->volatile_store; -+} -+ -+static size_t space_used( -+ struct uefi_variable_store *context, -+ uint32_t attributes, -+ struct storage_backend *storage_backend) -+{ -+ if (!storage_backend) return 0; -+ -+ size_t total_used = 0; -+ struct variable_index_iterator iter; -+ variable_index_iterator_first(&iter, &context->variable_index); -+ -+ while (!variable_index_iterator_is_done(&iter)) { -+ -+ struct variable_info *info = variable_index_iterator_current(&iter); -+ -+ if (info->is_variable_set && -+ ((info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE) == -+ (attributes & EFI_VARIABLE_NON_VOLATILE))) { -+ -+ struct psa_storage_info_t storage_info; -+ -+ psa_status_t psa_status = storage_backend->interface->get_info( -+ storage_backend->context, -+ context->owner_id, -+ info->metadata.uid, -+ &storage_info); -+ -+ if (psa_status == PSA_SUCCESS) total_used += storage_info.size; -+ } -+ -+ variable_index_iterator_next(&iter); -+ } -+ -+ return total_used; -+} -+ - static efi_status_t psa_to_efi_storage_status( - psa_status_t psa_status) - { -diff --git a/components/service/smm_variable/backend/uefi_variable_store.h b/components/service/smm_variable/backend/uefi_variable_store.h -index fe0f24af..cc992067 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.h -+++ b/components/service/smm_variable/backend/uefi_variable_store.h -@@ -20,6 +20,20 @@ - extern "C" { - #endif - -+/** -+ * \brief delegate_variable_store structure definition -+ * -+ * A delegate_variable_store combines an association with a concrete -+ * storage backend and a set of limits parameters. -+ */ -+struct delegate_variable_store -+{ -+ bool is_nv; -+ size_t total_capacity; -+ size_t max_variable_size; -+ struct storage_backend *storage_backend; -+}; -+ - /** - * \brief uefi_variable_store structure definition - * -@@ -35,8 +49,8 @@ struct uefi_variable_store - uint8_t *index_sync_buffer; - size_t index_sync_buffer_size; - struct variable_index variable_index; -- struct storage_backend *persistent_store; -- struct storage_backend *volatile_store; -+ struct delegate_variable_store persistent_store; -+ struct delegate_variable_store volatile_store; - }; - - /** -@@ -69,6 +83,23 @@ efi_status_t uefi_variable_store_init( - void uefi_variable_store_deinit( - struct uefi_variable_store *context); - -+/** -+ * @brief Set storage limits -+ * -+ * Overrides the default limits for the specified storage space. These -+ * values are reflected in the values returned by QueryVariableInfo. -+ * -+ * @param[in] context uefi_variable_store instance -+ * @param[in] attributes EFI_VARIABLE_NON_VOLATILE or 0 -+ * @param[in] total_capacity The total storage capacity in bytes -+ * @param[in] max_variable_size Variable size limit -+ */ -+void uefi_variable_store_set_storage_limits( -+ struct uefi_variable_store *context, -+ uint32_t attributes, -+ size_t total_capacity, -+ size_t max_variable_size); -+ - /** - * @brief Set variable - * -@@ -123,13 +154,13 @@ efi_status_t uefi_variable_store_get_next_variable_name( - * @brief Query for variable info - * - * @param[in] context uefi_variable_store instance -- * @param[out] info Returns info -+ * @param[inout] var_info Returns info - * - * @return EFI_SUCCESS if succesful - */ - efi_status_t uefi_variable_store_query_variable_info( - struct uefi_variable_store *context, -- SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *cur); -+ SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *var_info); - - /** - * @brief Exit boot service -diff --git a/components/service/smm_variable/client/cpp/smm_variable_client.cpp b/components/service/smm_variable/client/cpp/smm_variable_client.cpp -index a68b7ace..8438285b 100644 ---- a/components/service/smm_variable/client/cpp/smm_variable_client.cpp -+++ b/components/service/smm_variable/client/cpp/smm_variable_client.cpp -@@ -219,6 +219,72 @@ efi_status_t smm_variable_client::get_next_variable_name( - 0); - } - -+efi_status_t smm_variable_client::query_variable_info( -+ uint32_t attributes, -+ size_t *max_variable_storage_size, -+ size_t *remaining_variable_storage_size, -+ size_t *max_variable_size) -+{ -+ efi_status_t efi_status = EFI_NOT_READY; -+ -+ size_t req_len = sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO); -+ rpc_call_handle call_handle; -+ uint8_t *req_buf; -+ -+ call_handle = rpc_caller_begin(m_caller, &req_buf, req_len); -+ -+ if (call_handle) { -+ -+ uint8_t *resp_buf; -+ size_t resp_len; -+ rpc_opstatus_t opstatus; -+ -+ SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *query = -+ (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO*)req_buf; -+ -+ query->Attributes = attributes; -+ query->MaximumVariableSize = 0; -+ query->MaximumVariableStorageSize = 0; -+ query->RemainingVariableStorageSize = 0; -+ -+ m_err_rpc_status = rpc_caller_invoke(m_caller, call_handle, -+ SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO, &opstatus, &resp_buf, &resp_len); -+ -+ if (m_err_rpc_status == TS_RPC_CALL_ACCEPTED) { -+ -+ efi_status = opstatus; -+ -+ if (efi_status == EFI_SUCCESS) { -+ -+ if (resp_len >= sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO)) { -+ -+ query = (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO*)resp_buf; -+ -+ *max_variable_storage_size = query->MaximumVariableStorageSize; -+ *remaining_variable_storage_size = query->RemainingVariableStorageSize; -+ *max_variable_size = query->MaximumVariableSize; -+ } -+ else { -+ -+ efi_status = EFI_PROTOCOL_ERROR; -+ } -+ } -+ else { -+ -+ efi_status = EFI_PROTOCOL_ERROR; -+ } -+ } -+ else { -+ -+ efi_status = rpc_to_efi_status(); -+ } -+ -+ rpc_caller_end(m_caller, call_handle); -+ } -+ -+ return efi_status; -+} -+ - efi_status_t smm_variable_client::get_next_variable_name( - EFI_GUID &guid, - std::wstring &name, -diff --git a/components/service/smm_variable/client/cpp/smm_variable_client.h b/components/service/smm_variable/client/cpp/smm_variable_client.h -index 9c36c4eb..c7973916 100644 ---- a/components/service/smm_variable/client/cpp/smm_variable_client.h -+++ b/components/service/smm_variable/client/cpp/smm_variable_client.h -@@ -63,6 +63,13 @@ public: - const EFI_GUID &guid, - const std::wstring &name); - -+ /* Query variable info */ -+ efi_status_t query_variable_info( -+ uint32_t attributes, -+ size_t *max_variable_storage_size, -+ size_t *remaining_variable_storage_size, -+ size_t *max_variable_size); -+ - /* Get the next variable name - for enumerating store contents */ - efi_status_t get_next_variable_name( - EFI_GUID &guid, -diff --git a/components/service/smm_variable/provider/smm_variable_provider.c b/components/service/smm_variable/provider/smm_variable_provider.c -index d239a428..52e68d09 100644 ---- a/components/service/smm_variable/provider/smm_variable_provider.c -+++ b/components/service/smm_variable/provider/smm_variable_provider.c -@@ -252,11 +252,38 @@ static rpc_status_t set_variable_handler(void *context, struct call_req* req) - - static rpc_status_t query_variable_info_handler(void *context, struct call_req* req) - { -+ efi_status_t efi_status = EFI_INVALID_PARAMETER; - struct smm_variable_provider *this_instance = (struct smm_variable_provider*)context; - -- /* todo */ -+ const struct call_param_buf *req_buf = call_req_get_req_buf(req); -+ -+ if (req_buf->data_len >= sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO)) { -+ -+ struct call_param_buf *resp_buf = call_req_get_resp_buf(req); -+ -+ if (resp_buf->size >= req_buf->data_len) { - -- return TS_RPC_ERROR_NOT_READY; -+ memmove(resp_buf->data, req_buf->data, req_buf->data_len); -+ -+ efi_status = uefi_variable_store_query_variable_info( -+ &this_instance->variable_store, -+ (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO*)resp_buf->data); -+ -+ if (efi_status == EFI_SUCCESS) { -+ -+ resp_buf->data_len = sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO); -+ } -+ } -+ else { -+ -+ /* Reponse buffer not big enough */ -+ efi_status = EFI_BAD_BUFFER_SIZE; -+ } -+ } -+ -+ call_req_set_opstatus(req, efi_status); -+ -+ return TS_RPC_CALL_ACCEPTED; - } - - static rpc_status_t exit_boot_service_handler(void *context, struct call_req* req) -diff --git a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -index 088940a8..15556e9d 100644 ---- a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -+++ b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -@@ -335,12 +335,38 @@ TEST(SmmVariableServiceTests, setAndGetNv) - TEST(SmmVariableServiceTests, enumerateStoreContents) - { - efi_status_t efi_status = EFI_SUCCESS; -+ -+ /* Query information about the empty variable store */ -+ size_t nv_max_variable_storage_size = 0; -+ size_t nv_max_variable_size = 0; -+ size_t nv_remaining_variable_storage_size = 0; -+ -+ efi_status = m_client->query_variable_info( -+ EFI_VARIABLE_NON_VOLATILE, -+ &nv_max_variable_storage_size, -+ &nv_remaining_variable_storage_size, -+ &nv_max_variable_size); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+ UNSIGNED_LONGLONGS_EQUAL(nv_max_variable_storage_size, nv_remaining_variable_storage_size); -+ -+ size_t v_max_variable_storage_size = 0; -+ size_t v_max_variable_size = 0; -+ size_t v_remaining_variable_storage_size = 0; -+ -+ efi_status = m_client->query_variable_info( -+ 0, -+ &v_max_variable_storage_size, -+ &v_remaining_variable_storage_size, -+ &v_max_variable_size); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+ UNSIGNED_LONGLONGS_EQUAL(v_max_variable_storage_size, v_remaining_variable_storage_size); -+ -+ /* Add some variables to the store */ - std::wstring var_name_1 = L"varibale_1"; - std::wstring var_name_2 = L"varibale_2"; - std::wstring var_name_3 = L"varibale_3"; - std::string set_data = "Some variable data"; - -- /* Add some variables to the store */ - efi_status = m_client->set_variable( - m_common_guid, - var_name_1, -@@ -365,6 +391,33 @@ TEST(SmmVariableServiceTests, enumerateStoreContents) - - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); - -+ /* Query variable info again and check it's as expected */ -+ size_t max_variable_storage_size = 0; -+ size_t max_variable_size = 0; -+ size_t remaining_variable_storage_size = 0; -+ -+ /* Check non-volatile - two variables have been added */ -+ efi_status = m_client->query_variable_info( -+ EFI_VARIABLE_NON_VOLATILE, -+ &max_variable_storage_size, -+ &remaining_variable_storage_size, -+ &max_variable_size); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+ UNSIGNED_LONGLONGS_EQUAL( -+ (nv_remaining_variable_storage_size - set_data.size() * 2), -+ remaining_variable_storage_size); -+ -+ /* Check volatile - one variables have been added */ -+ efi_status = m_client->query_variable_info( -+ 0, -+ &max_variable_storage_size, -+ &remaining_variable_storage_size, -+ &max_variable_size); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+ UNSIGNED_LONGLONGS_EQUAL( -+ (v_remaining_variable_storage_size - set_data.size() * 1), -+ remaining_variable_storage_size); -+ - /* Enumerate store contents - expect the values we added */ - std::wstring var_name; - EFI_GUID guid = {0}; diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0016-Add-uefi-test-deployment.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0016-Add-uefi-test-deployment.patch deleted file mode 100644 index 66a4499e..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0016-Add-uefi-test-deployment.patch +++ /dev/null @@ -1,248 +0,0 @@ -From 22120b4bd64da232e5a4e04a9a15376f34a933a3 Mon Sep 17 00:00:00 2001 -From: Julian Hall -Date: Mon, 6 Dec 2021 15:20:12 +0000 -Subject: [PATCH] Add uefi-test deployment - -Adds a new deployment for building and running service level tests -for UEFI SMM services. Tests may be run against StMM, smm-gateway -or any other similar secure-world uefi service provider. - -Signed-off-by: Julian Hall -Change-Id: Ic0e16dff51ef76ddd1f4dea37a4a55b029edd696 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath - - ---- - .../ts-service-test/arm-linux/CMakeLists.txt | 3 - - .../uefi-test/arm-linux/CMakeLists.txt | 43 +++++++++++ - deployments/uefi-test/linux-pc/CMakeLists.txt | 76 +++++++++++++++++++ - deployments/uefi-test/uefi-test.cmake | 52 +++++++++++++ - tools/b-test/test_data.yaml | 10 +++ - 5 files changed, 181 insertions(+), 3 deletions(-) - create mode 100644 deployments/uefi-test/arm-linux/CMakeLists.txt - create mode 100644 deployments/uefi-test/linux-pc/CMakeLists.txt - create mode 100644 deployments/uefi-test/uefi-test.cmake - -diff --git a/deployments/ts-service-test/arm-linux/CMakeLists.txt b/deployments/ts-service-test/arm-linux/CMakeLists.txt -index 6a01d38a..e902cd2f 100644 ---- a/deployments/ts-service-test/arm-linux/CMakeLists.txt -+++ b/deployments/ts-service-test/arm-linux/CMakeLists.txt -@@ -23,9 +23,6 @@ add_components( - BASE_DIR ${TS_ROOT} - COMPONENTS - "components/app/test-runner" --# Running smm_variable tests currently requires kernel built with CONFIG_STRICT_DEVMEM=n --# "components/service/smm_variable/client/cpp" --# "components/service/smm_variable/test/service" - ) - - include(${TS_ROOT}/external/CppUTest/CppUTest.cmake) -diff --git a/deployments/uefi-test/arm-linux/CMakeLists.txt b/deployments/uefi-test/arm-linux/CMakeLists.txt -new file mode 100644 -index 00000000..053041ad ---- /dev/null -+++ b/deployments/uefi-test/arm-linux/CMakeLists.txt -@@ -0,0 +1,43 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+cmake_minimum_required(VERSION 3.16) -+include(../../deployment.cmake REQUIRED) -+ -+#------------------------------------------------------------------------------- -+# The CMakeLists.txt for building the uefi-test deployment for arm-linux -+# -+# Used for building and running service level tests from Linux user-space -+# on an Arm platform with real deployments of UEFI SMM services -+#------------------------------------------------------------------------------- -+include(${TS_ROOT}/environments/arm-linux/env.cmake) -+project(trusted-services LANGUAGES CXX C) -+add_executable(uefi-test) -+target_include_directories(uefi-test PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}") -+ -+add_components( -+ TARGET "uefi-test" -+ BASE_DIR ${TS_ROOT} -+ COMPONENTS -+ "components/app/test-runner" -+ ) -+ -+include(${TS_ROOT}/external/CppUTest/CppUTest.cmake) -+target_link_libraries(uefi-test PRIVATE CppUTest) -+ -+#------------------------------------------------------------------------------- -+# Extend with components that are common across all deployments of -+# uefi-test -+# -+#------------------------------------------------------------------------------- -+include(../uefi-test.cmake REQUIRED) -+ -+#------------------------------------------------------------------------------- -+# Define library options and dependencies. -+# -+#------------------------------------------------------------------------------- -+env_set_link_options(TGT uefi-test) -+target_link_libraries(uefi-test PRIVATE stdc++ gcc m) -diff --git a/deployments/uefi-test/linux-pc/CMakeLists.txt b/deployments/uefi-test/linux-pc/CMakeLists.txt -new file mode 100644 -index 00000000..be6e9840 ---- /dev/null -+++ b/deployments/uefi-test/linux-pc/CMakeLists.txt -@@ -0,0 +1,76 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+cmake_minimum_required(VERSION 3.16) -+include(../../deployment.cmake REQUIRED) -+ -+#------------------------------------------------------------------------------- -+# The CMakeLists.txt for building the uefi-test deployment for linux-pc -+# -+# Used for building and running service level tests in a native PC enviroment. -+# Tests can be run by running the built executable called "uefi-test" -+#------------------------------------------------------------------------------- -+include(${TS_ROOT}/environments/linux-pc/env.cmake) -+project(trusted-services LANGUAGES CXX C) -+ -+# Prevents symbols in the uefi-test executable overriding symbols with -+# with same name in libts during dynamic linking performed by the program -+# loader. -+set(CMAKE_C_VISIBILITY_PRESET hidden) -+ -+# Preparing firmware-test-build by including it -+include(${TS_ROOT}/external/firmware_test_builder/FirmwareTestBuilder.cmake) -+ -+include(CTest) -+include(UnitTest) -+ -+set(COVERAGE FALSE CACHE BOOL "Enable code coverage measurement") -+set(UNIT_TEST_PROJECT_PATH ${TS_ROOT} CACHE PATH "Path of the project directory") -+set(CMAKE_CXX_STANDARD 11) -+ -+unit_test_init_cpputest() -+ -+if (COVERAGE) -+ include(Coverage) -+ -+ set(COVERAGE_FILE "coverage.info") -+ set(TS_SERVICE_TEST_COVERAGE_FILE "uefi-test-coverage.info" CACHE PATH "Path of coverage info file") -+ set(TS_SERVICE_TEST_COVERAGE_REPORT_DIR "${CMAKE_CURRENT_BINARY_DIR}/ts-service-coverage-report" CACHE PATH "Directory of coverage report") -+ -+ # Collecting coverage -+ coverage_generate( -+ NAME "ts-service test" -+ SOURCE_DIR ${TS_ROOT} -+ BINARY_DIR ${CMAKE_CURRENT_BINARY_DIR} -+ OUTPUT_FILE ${COVERAGE_FILE} -+ ) -+ -+ # Filtering project file coverage -+ coverage_filter( -+ INPUT_FILE ${COVERAGE_FILE} -+ OUTPUT_FILE ${TS_SERVICE_TEST_COVERAGE_FILE} -+ INCLUDE_DIRECTORY ${UNIT_TEST_PROJECT_PATH}/components -+ ) -+ -+ # Coverage report -+ coverage_generate_report( -+ INPUT_FILE ${TS_SERVICE_TEST_COVERAGE_FILE} -+ OUTPUT_DIRECTORY ${TS_SERVICE_TEST_COVERAGE_REPORT_DIR} -+ ) -+endif() -+ -+unit_test_add_suite( -+ NAME uefi-test -+) -+ -+target_include_directories(uefi-test PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}") -+ -+#------------------------------------------------------------------------------- -+# Extend with components that are common across all deployments of -+# uefi-test -+# -+#------------------------------------------------------------------------------- -+include(../uefi-test.cmake REQUIRED) -diff --git a/deployments/uefi-test/uefi-test.cmake b/deployments/uefi-test/uefi-test.cmake -new file mode 100644 -index 00000000..ea678d0e ---- /dev/null -+++ b/deployments/uefi-test/uefi-test.cmake -@@ -0,0 +1,52 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+ -+#------------------------------------------------------------------------------- -+# The base build file shared between deployments of 'uefi-test' for -+# different environments. Used for running end-to-end service-level tests -+# against SMM service providers that implement UEFI services such as smm -+# variable. -+#------------------------------------------------------------------------------- -+ -+#------------------------------------------------------------------------------- -+# Use libts for locating and accessing services. An appropriate version of -+# libts will be imported for the enviroment in which service tests are -+# deployed. -+#------------------------------------------------------------------------------- -+include(${TS_ROOT}/deployments/libts/libts-import.cmake) -+target_link_libraries(uefi-test PRIVATE libts) -+ -+#------------------------------------------------------------------------------- -+# Components that are common accross all deployments -+# -+#------------------------------------------------------------------------------- -+add_components( -+ TARGET "uefi-test" -+ BASE_DIR ${TS_ROOT} -+ COMPONENTS -+ "components/service/smm_variable/client/cpp" -+ "components/service/smm_variable/test/service" -+) -+ -+#------------------------------------------------------------------------------- -+# Components used from external projects -+# -+#------------------------------------------------------------------------------- -+ -+# Nanopb -+include(${TS_ROOT}/external/nanopb/nanopb.cmake) -+target_link_libraries(uefi-test PRIVATE nanopb::protobuf-nanopb-static) -+protobuf_generate_all(TGT "uefi-test" NAMESPACE "protobuf" BASE_DIR "${TS_ROOT}/protocols") -+ -+#------------------------------------------------------------------------------- -+# Define install content. -+# -+#------------------------------------------------------------------------------- -+if (CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT) -+ set(CMAKE_INSTALL_PREFIX ${CMAKE_BINARY_DIR}/install CACHE PATH "location to install build output to." FORCE) -+endif() -+install(TARGETS uefi-test RUNTIME DESTINATION ${TS_ENV}/bin) -diff --git a/tools/b-test/test_data.yaml b/tools/b-test/test_data.yaml -index 11f8f633..33a85b12 100644 ---- a/tools/b-test/test_data.yaml -+++ b/tools/b-test/test_data.yaml -@@ -163,3 +163,13 @@ data: - os_id : "GNU/Linux" - params: - - "-GUnix Makefiles" -+ - name: "uefi-test-pc-linux" -+ src: "$TS_ROOT/deployments/uefi-test/linux-pc" -+ os_id : "GNU/Linux" -+ params: -+ - "-GUnix Makefiles" -+ - name: "uefi-test-arm-linux" -+ src: "$TS_ROOT/deployments/uefi-test/arm-linux" -+ os_id : "GNU/Linux" -+ params: -+ - "-GUnix Makefiles" diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0017-Fix-interface-ID-parameter-setting-in-sp-ffarpc_call.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0017-Fix-interface-ID-parameter-setting-in-sp-ffarpc_call.patch deleted file mode 100644 index 9ad506b1..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0017-Fix-interface-ID-parameter-setting-in-sp-ffarpc_call.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 289bec4cacac80cb43c19e4ca7b2c50fc932712e Mon Sep 17 00:00:00 2001 -From: Julian Hall -Date: Wed, 8 Dec 2021 11:48:28 +0000 -Subject: [PATCH] Fix interface ID parameter setting in sp/ffarpc_caller - -When making FFA based RPC calls from one SP to another, the -destination interface ID parameter was not being set correctly. -This change fixes this issue. - -Signed-off-by: Julian Hall -Change-Id: Iab520e4c7dc63ee1f5d3bf1bd1de702e4cc6f093 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath - - ---- - components/rpc/ffarpc/caller/sp/ffarpc_caller.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/components/rpc/ffarpc/caller/sp/ffarpc_caller.c b/components/rpc/ffarpc/caller/sp/ffarpc_caller.c -index 250b1781..dabcd90c 100644 ---- a/components/rpc/ffarpc/caller/sp/ffarpc_caller.c -+++ b/components/rpc/ffarpc/caller/sp/ffarpc_caller.c -@@ -81,7 +81,7 @@ static rpc_status_t call_invoke(void *context, rpc_call_handle handle, uint32_t - req.destination_id = this_context->dest_partition_id; - req.source_id = own_id; - req.args[SP_CALL_ARGS_IFACE_ID_OPCODE] = -- FFA_CALL_ARGS_COMBINE_IFACE_ID_OPCODE(this_context->dest_partition_id, opcode); -+ FFA_CALL_ARGS_COMBINE_IFACE_ID_OPCODE(this_context->dest_iface_id, opcode); - //TODO: downcast problem? - req.args[SP_CALL_ARGS_REQ_DATA_LEN] = (uint32_t)this_context->req_len; - req.args[SP_CALL_ARGS_ENCODING] = this_context->rpc_caller.encoding; diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0018-Support-FFARPC-call-requests-with-no-shared-buffer.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0018-Support-FFARPC-call-requests-with-no-shared-buffer.patch deleted file mode 100644 index 6ea473b0..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0018-Support-FFARPC-call-requests-with-no-shared-buffer.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 18b20dea7cf7e8afc26c5d49d5368d3180bd54d7 Mon Sep 17 00:00:00 2001 -From: Julian Hall -Date: Wed, 8 Dec 2021 16:05:22 +0000 -Subject: [PATCH] Support FFARPC call requests with no shared buffer - -To allow simple clients to make RPC calls for service operations -that take no request parameters and return no response parameters, -the ffarpc_call_ep.c has been modified to accept call requests -when no shared buffer exists, as long as there is no request data. - -Signed-off-by: Julian Hall -Change-Id: I83b1bfb719a005922d6394887492d2d272b74907 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath - - ---- - .../rpc/ffarpc/endpoint/ffarpc_call_ep.c | 52 ++++++++++--------- - 1 file changed, 27 insertions(+), 25 deletions(-) - -diff --git a/components/rpc/ffarpc/endpoint/ffarpc_call_ep.c b/components/rpc/ffarpc/endpoint/ffarpc_call_ep.c -index 17f957c2..a08a250c 100644 ---- a/components/rpc/ffarpc/endpoint/ffarpc_call_ep.c -+++ b/components/rpc/ffarpc/endpoint/ffarpc_call_ep.c -@@ -150,29 +150,43 @@ out: - static void handle_service_msg(struct ffa_call_ep *call_ep, uint16_t source_id, - const uint32_t *req_args, uint32_t *resp_args) - { -- rpc_status_t rpc_status = TS_RPC_ERROR_INTERNAL; -+ rpc_status_t rpc_status = TS_RPC_ERROR_INVALID_PARAMETER; - struct call_req call_req; - - uint32_t ifaceid_opcode = req_args[SP_CALL_ARGS_IFACE_ID_OPCODE]; - int idx = find_shm(call_ep, source_id); - -- if (idx < 0) { -- EMSG("handle service msg error"); -- goto out; -- } -- - call_req.caller_id = source_id; - call_req.interface_id = FFA_CALL_ARGS_EXTRACT_IFACE(ifaceid_opcode); - call_req.opcode = FFA_CALL_ARGS_EXTRACT_OPCODE(ifaceid_opcode); - call_req.encoding = req_args[SP_CALL_ARGS_ENCODING]; - -- call_req.req_buf.data = call_ep->shmem_buf[idx]; - call_req.req_buf.data_len = req_args[SP_CALL_ARGS_REQ_DATA_LEN]; -- call_req.req_buf.size = call_ep->shmem_buf_size[idx]; -- -- call_req.resp_buf.data = call_ep->shmem_buf[idx]; - call_req.resp_buf.data_len = 0; -- call_req.resp_buf.size = call_ep->shmem_buf_size[idx]; -+ -+ if (idx >= 0 && call_ep->shmem_buf[idx]) { -+ /* A shared buffer is available for call parameters */ -+ call_req.req_buf.data = call_ep->shmem_buf[idx]; -+ call_req.req_buf.size = call_ep->shmem_buf_size[idx]; -+ -+ call_req.resp_buf.data = call_ep->shmem_buf[idx]; -+ call_req.resp_buf.size = call_ep->shmem_buf_size[idx]; -+ } -+ else if (call_req.req_buf.data_len == 0) { -+ /* No shared buffer so only allow calls with no request data */ -+ call_req.req_buf.data = NULL; -+ call_req.req_buf.size = 0; -+ -+ call_req.resp_buf.data = NULL; -+ call_req.resp_buf.size = 0; -+ } -+ else { -+ /* -+ * Caller has specified non-zero length request data but there is -+ * no shared buffer to carry the request data. -+ */ -+ goto out; -+ } - - rpc_status = rpc_interface_receive(call_ep->iface, &call_req); - -@@ -223,7 +237,6 @@ void ffa_call_ep_receive(struct ffa_call_ep *call_ep, - { - const uint32_t *req_args = req_msg->args; - uint32_t *resp_args = resp_msg->args; -- int idx; - - uint16_t source_id = req_msg->source_id; - uint32_t ifaceid_opcode = req_args[SP_CALL_ARGS_IFACE_ID_OPCODE]; -@@ -232,18 +245,7 @@ void ffa_call_ep_receive(struct ffa_call_ep *call_ep, - /* It's an RPC layer management request */ - handle_mgmt_msg(call_ep, source_id, req_args, resp_args); - } else { -- /* -- * Assume anything else is a service request. Service requests -- * rely on a buffer being shared from the requesting client. -- * If it hasn't been set-up, fail the request. -- */ -- idx = find_shm(call_ep, source_id); -- -- if (idx >= 0 && call_ep->shmem_buf[idx]) { -- handle_service_msg(call_ep, source_id, req_args, resp_args); -- } else { -- EMSG("shared buffer not found or NULL"); -- set_mgmt_resp_args(resp_args, ifaceid_opcode, TS_RPC_ERROR_NOT_READY); -- } -+ /* Assume anything else is a service request */ -+ handle_service_msg(call_ep, source_id, req_args, resp_args); - } - } diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0019-Run-psa-arch-test.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0019-Run-psa-arch-test.patch deleted file mode 100644 index 4f542158..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0019-Run-psa-arch-test.patch +++ /dev/null @@ -1,86 +0,0 @@ -From a496978dcf82494c69e600f65adf061f15e565f4 Mon Sep 17 00:00:00 2001 -From: Satish Kumar -Date: Sun, 12 Dec 2021 10:43:48 +0000 -Subject: [PATCH] Run psa-arch-test - -Fixes needed to run psa-arch-test - -Signed-off-by: Satish Kumar - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Satish Kumar - - ---- - components/service/common/psa_ipc/service_psa_ipc.c | 1 + - .../backend/secure_storage_ipc/secure_storage_ipc.c | 8 -------- - .../service/secure_storage/include/psa/storage_common.h | 4 ++-- - external/openamp/openamp.cmake | 2 +- - 4 files changed, 4 insertions(+), 11 deletions(-) - -diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c -index 95a07c13..5e5815db 100644 ---- a/components/service/common/psa_ipc/service_psa_ipc.c -+++ b/components/service/common/psa_ipc/service_psa_ipc.c -@@ -185,6 +185,7 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle, - resp_msg->params.out_vec); - - for (i = 0; i < resp_msg->params.out_len; i++) { -+ out_vec[i].len = out_vec_param[i].len; - memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base), - out_vec[i].len); - } -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -index 9b55f77d..a1f369db 100644 ---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -@@ -31,10 +31,6 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id, - - ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED; - -- /* Validating input parameters */ -- if (p_data == NULL) -- return PSA_ERROR_INVALID_ARGUMENT; -- - psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, - TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0); - if (psa_status < 0) -@@ -96,10 +92,6 @@ static psa_status_t secure_storage_ipc_get_info(void *context, - - (void)client_id; - -- /* Validating input parameters */ -- if (!p_info) -- return PSA_ERROR_INVALID_ARGUMENT; -- - psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, - TFM_PS_GET_INFO, in_vec, - IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -diff --git a/components/service/secure_storage/include/psa/storage_common.h b/components/service/secure_storage/include/psa/storage_common.h -index 4f6ba2a7..1fd6b40d 100644 ---- a/components/service/secure_storage/include/psa/storage_common.h -+++ b/components/service/secure_storage/include/psa/storage_common.h -@@ -20,8 +20,8 @@ typedef uint64_t psa_storage_uid_t; - typedef uint32_t psa_storage_create_flags_t; - - struct psa_storage_info_t { -- size_t capacity; -- size_t size; -+ uint32_t capacity; -+ uint32_t size; - psa_storage_create_flags_t flags; - }; - -diff --git a/external/openamp/openamp.cmake b/external/openamp/openamp.cmake -index aae13bad..75ab2290 100644 ---- a/external/openamp/openamp.cmake -+++ b/external/openamp/openamp.cmake -@@ -61,7 +61,7 @@ execute_process(COMMAND - -DCMAKE_SYSTEM_PROCESSOR=arm - -DEXTERNAL_INCLUDE_PATHS=${OPENAMP_EXTERNAL_INCLUDE_PATHS} - -DMACHINE=template -- -DRPMSG_BUFFER_SIZE=512 -+ -DRPMSG_BUFFER_SIZE=8192 - ${openamp_SOURCE_DIR} - WORKING_DIRECTORY - ${openamp_BINARY_DIR} diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0020-Use-address-instead-of-pointers.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0020-Use-address-instead-of-pointers.patch deleted file mode 100644 index 844bca3c..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0020-Use-address-instead-of-pointers.patch +++ /dev/null @@ -1,169 +0,0 @@ -From b417c1124af9d4569ba8871dfd1e43e626dddf12 Mon Sep 17 00:00:00 2001 -From: Satish Kumar -Date: Sun, 12 Dec 2021 10:57:17 +0000 -Subject: [PATCH] Use address instead of pointers - -Since secure enclave is 32bit and we 64bit there is an issue -in the protocol communication design that force us to handle -on our side the manipulation of address and pointers to make -this work. - -Signed-off-by: Rui Miguel Silva -Signed-off-by: Satish Kumar - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Satish Kumar - - ---- - .../service/common/include/psa/client.h | 15 ++++++++++++++ - .../service/common/psa_ipc/service_psa_ipc.c | 20 ++++++++++++------- - .../secure_storage_ipc/secure_storage_ipc.c | 20 +++++++++---------- - 3 files changed, 38 insertions(+), 17 deletions(-) - -diff --git a/components/service/common/include/psa/client.h b/components/service/common/include/psa/client.h -index 69ccf14f..12dcd68f 100644 ---- a/components/service/common/include/psa/client.h -+++ b/components/service/common/include/psa/client.h -@@ -81,6 +81,21 @@ struct __attribute__ ((__packed__)) psa_outvec { - uint32_t len; /*!< the size in bytes */ - }; - -+static void *psa_u32_to_ptr(uint32_t addr) -+{ -+ return (void *)(uintptr_t)addr; -+} -+ -+static uint32_t psa_ptr_to_u32(void *ptr) -+{ -+ return (uintptr_t)ptr; -+} -+ -+static uint32_t psa_ptr_const_to_u32(const void *ptr) -+{ -+ return (uintptr_t)ptr; -+} -+ - /*************************** PSA Client API **********************************/ - - /** -diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c -index 5e5815db..435c6c0a 100644 ---- a/components/service/common/psa_ipc/service_psa_ipc.c -+++ b/components/service/common/psa_ipc/service_psa_ipc.c -@@ -62,6 +62,11 @@ static size_t psa_call_out_vec_len(const struct psa_outvec *out_vec, size_t out_ - return resp_len; - } - -+static uint32_t psa_virt_to_phys_u32(struct rpc_caller *caller, void *va) -+{ -+ return (uintptr_t)rpc_caller_virt_to_phys(caller, va); -+} -+ - psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, - uint32_t version) - { -@@ -147,20 +152,20 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle, - req_msg->params.psa_call_params.handle = psa_handle; - req_msg->params.psa_call_params.type = type; - req_msg->params.psa_call_params.in_len = in_len; -- req_msg->params.psa_call_params.in_vec = rpc_caller_virt_to_phys(caller, in_vec_param); -+ req_msg->params.psa_call_params.in_vec = psa_virt_to_phys_u32(caller, in_vec_param); - req_msg->params.psa_call_params.out_len = out_len; -- req_msg->params.psa_call_params.out_vec = rpc_caller_virt_to_phys(caller, out_vec_param); -+ req_msg->params.psa_call_params.out_vec = psa_virt_to_phys_u32(caller, out_vec_param); - - for (i = 0; i < in_len; i++) { -- in_vec_param[i].base = rpc_caller_virt_to_phys(caller, payload); -+ in_vec_param[i].base = psa_virt_to_phys_u32(caller, payload); - in_vec_param[i].len = in_vec[i].len; - -- memcpy(payload, in_vec[i].base, in_vec[i].len); -+ memcpy(payload, psa_u32_to_ptr(in_vec[i].base), in_vec[i].len); - payload += in_vec[i].len; - } - - for (i = 0; i < out_len; i++) { -- out_vec_param[i].base = NULL; -+ out_vec_param[i].base = 0; - out_vec_param[i].len = out_vec[i].len; - } - -@@ -182,11 +187,12 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle, - goto caller_end; - - out_vec_param = (struct psa_outvec *)rpc_caller_phys_to_virt(caller, -- resp_msg->params.out_vec); -+ psa_u32_to_ptr(resp_msg->params.out_vec)); - - for (i = 0; i < resp_msg->params.out_len; i++) { - out_vec[i].len = out_vec_param[i].len; -- memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base), -+ memcpy(psa_u32_to_ptr(out_vec[i].base), -+ rpc_caller_phys_to_virt(caller, psa_u32_to_ptr(out_vec_param[i].base)), - out_vec[i].len); - } - -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -index a1f369db..bda442a6 100644 ---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -@@ -22,9 +22,9 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id, - psa_handle_t psa_handle; - psa_status_t psa_status; - struct psa_invec in_vec[] = { -- { .base = &uid, .len = sizeof(uid) }, -- { .base = p_data, .len = data_length }, -- { .base = &create_flags, .len = sizeof(create_flags) }, -+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, -+ { .base = psa_ptr_const_to_u32(p_data), .len = data_length }, -+ { .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) }, - }; - - (void)client_id; -@@ -53,11 +53,11 @@ static psa_status_t secure_storage_ipc_get(void *context, - psa_status_t psa_status; - uint32_t offset = (uint32_t)data_offset; - struct psa_invec in_vec[] = { -- { .base = &uid, .len = sizeof(uid) }, -- { .base = &offset, .len = sizeof(offset) }, -+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, -+ { .base = psa_ptr_to_u32(&offset), .len = sizeof(offset) }, - }; - struct psa_outvec out_vec[] = { -- { .base = p_data, .len = data_size }, -+ { .base = psa_ptr_to_u32(p_data), .len = data_size }, - }; - - if (!p_data_length) { -@@ -84,10 +84,10 @@ static psa_status_t secure_storage_ipc_get_info(void *context, - psa_handle_t psa_handle; - psa_status_t psa_status; - struct psa_invec in_vec[] = { -- { .base = &uid, .len = sizeof(uid) }, -+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, - }; - struct psa_outvec out_vec[] = { -- { .base = p_info, .len = sizeof(*p_info) }, -+ { .base = psa_ptr_to_u32(p_info), .len = sizeof(*p_info) }, - }; - - (void)client_id; -@@ -110,7 +110,7 @@ static psa_status_t secure_storage_ipc_remove(void *context, - psa_handle_t psa_handle; - psa_status_t psa_status; - struct psa_invec in_vec[] = { -- { .base = &uid, .len = sizeof(uid) }, -+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, - }; - - (void)client_id; -@@ -164,7 +164,7 @@ static uint32_t secure_storage_get_support(void *context, uint32_t client_id) - psa_status_t psa_status; - uint32_t support_flags; - struct psa_outvec out_vec[] = { -- { .base = &support_flags, .len = sizeof(support_flags) }, -+ { .base = psa_ptr_to_u32(&support_flags), .len = sizeof(support_flags) }, - }; - - (void)client_id; diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0021-Add-psa-ipc-attestation-to-se-proxy.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0021-Add-psa-ipc-attestation-to-se-proxy.patch deleted file mode 100644 index 5376bb22..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0021-Add-psa-ipc-attestation-to-se-proxy.patch +++ /dev/null @@ -1,267 +0,0 @@ -From 259300dc81b95ff65cd2e95e0fecd140d76e4b5e Mon Sep 17 00:00:00 2001 -From: Rui Miguel Silva -Date: Tue, 7 Dec 2021 11:50:00 +0000 -Subject: [PATCH] Add psa ipc attestation to se proxy - -Implement attestation client API as psa ipc and include it to -se proxy deployment. - -Signed-off-by: Rui Miguel Silva -Signed-off-by: Satish Kumar - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Rui Miguel Silva - - ---- - .../client/psa_ipc/component.cmake | 13 +++ - .../client/psa_ipc/iat_ipc_client.c | 86 +++++++++++++++++++ - .../reporter/psa_ipc/component.cmake | 13 +++ - .../reporter/psa_ipc/psa_ipc_attest_report.c | 45 ++++++++++ - components/service/common/include/psa/sid.h | 4 + - deployments/se-proxy/opteesp/CMakeLists.txt | 3 +- - .../se-proxy/opteesp/service_proxy_factory.c | 6 ++ - 7 files changed, 169 insertions(+), 1 deletion(-) - create mode 100644 components/service/attestation/client/psa_ipc/component.cmake - create mode 100644 components/service/attestation/client/psa_ipc/iat_ipc_client.c - create mode 100644 components/service/attestation/reporter/psa_ipc/component.cmake - create mode 100644 components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c - -diff --git a/components/service/attestation/client/psa_ipc/component.cmake b/components/service/attestation/client/psa_ipc/component.cmake -new file mode 100644 -index 00000000..a5bc6b4a ---- /dev/null -+++ b/components/service/attestation/client/psa_ipc/component.cmake -@@ -0,0 +1,13 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/iat_ipc_client.c" -+ ) -diff --git a/components/service/attestation/client/psa_ipc/iat_ipc_client.c b/components/service/attestation/client/psa_ipc/iat_ipc_client.c -new file mode 100644 -index 00000000..30bd0a13 ---- /dev/null -+++ b/components/service/attestation/client/psa_ipc/iat_ipc_client.c -@@ -0,0 +1,86 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include -+#include -+ -+#include "../psa/iat_client.h" -+#include -+#include -+#include -+#include -+#include -+ -+/** -+ * @brief The singleton psa_iat_client instance -+ * -+ * The psa attestation C API assumes a single backend service provider. -+ */ -+static struct service_client instance; -+ -+ -+psa_status_t psa_iat_client_init(struct rpc_caller *caller) -+{ -+ return service_client_init(&instance, caller); -+} -+ -+void psa_iat_client_deinit(void) -+{ -+ service_client_deinit(&instance); -+} -+ -+int psa_iat_client_rpc_status(void) -+{ -+ return instance.rpc_status; -+} -+ -+psa_status_t psa_initial_attest_get_token(const uint8_t *auth_challenge, -+ size_t challenge_size, -+ uint8_t *token_buf, -+ size_t token_buf_size, -+ size_t *token_size) -+{ -+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; -+ struct rpc_caller *caller = instance.caller; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_const_to_u32(auth_challenge), .len = challenge_size}, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(token_buf), .len = token_buf_size}, -+ }; -+ -+ if (!token_buf || !token_buf_size) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE, -+ TFM_ATTEST_GET_TOKEN, in_vec, IOVEC_LEN(in_vec), -+ out_vec, IOVEC_LEN(out_vec)); -+ if (status == PSA_SUCCESS) { -+ *token_size = out_vec[0].len; -+ } -+ -+ return status; -+} -+ -+psa_status_t psa_initial_attest_get_token_size(size_t challenge_size, -+ size_t *token_size) -+{ -+ struct rpc_caller *caller = instance.caller; -+ psa_status_t status; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&challenge_size), .len = sizeof(uint32_t)} -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(token_size), .len = sizeof(uint32_t)} -+ }; -+ -+ status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE, -+ TFM_ATTEST_GET_TOKEN_SIZE, -+ in_vec, IOVEC_LEN(in_vec), -+ out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -diff --git a/components/service/attestation/reporter/psa_ipc/component.cmake b/components/service/attestation/reporter/psa_ipc/component.cmake -new file mode 100644 -index 00000000..b37830c6 ---- /dev/null -+++ b/components/service/attestation/reporter/psa_ipc/component.cmake -@@ -0,0 +1,13 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/psa_ipc_attest_report.c" -+ ) -diff --git a/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c -new file mode 100644 -index 00000000..15805e8e ---- /dev/null -+++ b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c -@@ -0,0 +1,45 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+/** -+ * A attestation reporter for psa ipc -+ */ -+ -+#include -+#include -+#include -+#include -+ -+#define TOKEN_BUF_SIZE 1024 -+ -+static uint8_t token_buf[TOKEN_BUF_SIZE]; -+ -+int attest_report_create(int32_t client_id, const uint8_t *auth_challenge_data, -+ size_t auth_challenge_len, const uint8_t **report, -+ size_t *report_len) -+{ -+ *report = token_buf; -+ psa_status_t ret; -+ size_t token_size = 0; -+ -+ ret = psa_initial_attest_get_token(auth_challenge_data, -+ auth_challenge_len, token_buf, -+ TOKEN_BUF_SIZE, &token_size); -+ if (ret != PSA_SUCCESS) { -+ *report = NULL; -+ *report_len = 0; -+ return ret; -+ } -+ -+ *report_len = token_size; -+ -+ return PSA_SUCCESS; -+} -+ -+void attest_report_destroy(const uint8_t *report) -+{ -+ (void)report; -+} -diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -index aaa973c6..833f5039 100644 ---- a/components/service/common/include/psa/sid.h -+++ b/components/service/common/include/psa/sid.h -@@ -50,6 +50,10 @@ extern "C" { - #define TFM_ATTESTATION_SERVICE_VERSION (1U) - #define TFM_ATTESTATION_SERVICE_HANDLE (0x40000103U) - -+/* Initial Attestation message types that distinguish Attest services. */ -+#define TFM_ATTEST_GET_TOKEN 1001 -+#define TFM_ATTEST_GET_TOKEN_SIZE 1002 -+ - /******** TFM_SP_FWU ********/ - #define TFM_FWU_WRITE_SID (0x000000A0U) - #define TFM_FWU_WRITE_VERSION (1U) -diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt -index 663177b7..af2225e7 100644 ---- a/deployments/se-proxy/opteesp/CMakeLists.txt -+++ b/deployments/se-proxy/opteesp/CMakeLists.txt -@@ -77,12 +77,13 @@ add_components(TARGET "se-proxy" - "components/service/attestation/include" - "components/service/attestation/provider" - "components/service/attestation/provider/serializer/packed-c" -+ "components/service/attestation/reporter/psa_ipc" -+ "components/service/attestation/client/psa_ipc" - "components/rpc/openamp/caller/sp" - - # Stub service provider backends - "components/rpc/dummy" - "components/rpc/common/caller" -- "components/service/attestation/reporter/stub" - "components/service/attestation/key_mngr/stub" - "components/service/crypto/backend/stub" - "components/service/crypto/client/psa" -diff --git a/deployments/se-proxy/opteesp/service_proxy_factory.c b/deployments/se-proxy/opteesp/service_proxy_factory.c -index 57290056..4b8ccecc 100644 ---- a/deployments/se-proxy/opteesp/service_proxy_factory.c -+++ b/deployments/se-proxy/opteesp/service_proxy_factory.c -@@ -23,12 +23,18 @@ struct openamp_caller openamp; - struct rpc_interface *attest_proxy_create(void) - { - struct rpc_interface *attest_iface; -+ struct rpc_caller *attest_caller; - - /* Static objects for proxy instance */ - static struct attest_provider attest_provider; - -+ attest_caller = openamp_caller_init(&openamp); -+ if (!attest_caller) -+ return NULL; -+ - /* Initialize the service provider */ - attest_iface = attest_provider_init(&attest_provider); -+ psa_iat_client_init(&openamp.rpc_caller); - - attest_provider_register_serializer(&attest_provider, - TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance()); diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0022-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0022-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch deleted file mode 100644 index aa389d8b..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0022-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch +++ /dev/null @@ -1,164 +0,0 @@ -From 90006cecbbba58afee5f51e6bd72f7027a257b5e Mon Sep 17 00:00:00 2001 -From: Satish Kumar -Date: Thu, 9 Dec 2021 14:11:06 +0000 -Subject: [PATCH] Setup its backend as openamp rpc using secure storage ipc - implementation. - -Signed-off-by: Rui Miguel Silva -Signed-off-by: Satish Kumar - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Satish Kumar - - ---- - components/service/common/include/psa/sid.h | 12 +++++----- - .../secure_storage_ipc/secure_storage_ipc.c | 20 ++++++++--------- - .../secure_storage_ipc/secure_storage_ipc.h | 1 + - .../se-proxy/opteesp/service_proxy_factory.c | 22 +++++++++++++------ - 4 files changed, 32 insertions(+), 23 deletions(-) - -diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -index 833f5039..4a951d4a 100644 ---- a/components/service/common/include/psa/sid.h -+++ b/components/service/common/include/psa/sid.h -@@ -20,12 +20,12 @@ extern "C" { - /* Invalid UID */ - #define TFM_PS_INVALID_UID 0 - --/* PS message types that distinguish PS services. */ --#define TFM_PS_SET 1001 --#define TFM_PS_GET 1002 --#define TFM_PS_GET_INFO 1003 --#define TFM_PS_REMOVE 1004 --#define TFM_PS_GET_SUPPORT 1005 -+/* PS / ITS message types that distinguish PS services. */ -+#define TFM_PS_ITS_SET 1001 -+#define TFM_PS_ITS_GET 1002 -+#define TFM_PS_ITS_GET_INFO 1003 -+#define TFM_PS_ITS_REMOVE 1004 -+#define TFM_PS_ITS_GET_SUPPORT 1005 - - /******** TFM_SP_ITS ********/ - #define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SID (0x00000070U) -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -index bda442a6..0e1b48c0 100644 ---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -@@ -31,8 +31,8 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id, - - ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED; - -- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -- TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0); -+ psa_status = psa_call(caller, ipc->service_handle, TFM_PS_ITS_SET, -+ in_vec, IOVEC_LEN(in_vec), NULL, 0); - if (psa_status < 0) - EMSG("ipc_set: psa_call failed: %d", psa_status); - -@@ -65,8 +65,8 @@ static psa_status_t secure_storage_ipc_get(void *context, - return PSA_ERROR_INVALID_ARGUMENT; - } - -- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -- TFM_PS_GET, in_vec, IOVEC_LEN(in_vec), -+ psa_status = psa_call(caller, ipc->service_handle, -+ TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec), - out_vec, IOVEC_LEN(out_vec)); - if (psa_status == PSA_SUCCESS) - *p_data_length = out_vec[0].len; -@@ -92,8 +92,8 @@ static psa_status_t secure_storage_ipc_get_info(void *context, - - (void)client_id; - -- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -- TFM_PS_GET_INFO, in_vec, -+ psa_status = psa_call(caller, ipc->service_handle, -+ TFM_PS_ITS_GET_INFO, in_vec, - IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); - if (psa_status != PSA_SUCCESS) - EMSG("ipc_get_info: failed to psa_call: %d", psa_status); -@@ -115,8 +115,8 @@ static psa_status_t secure_storage_ipc_remove(void *context, - - (void)client_id; - -- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -- TFM_PS_REMOVE, in_vec, -+ psa_status = psa_call(caller, ipc->service_handle, -+ TFM_PS_ITS_REMOVE, in_vec, - IOVEC_LEN(in_vec), NULL, 0); - if (psa_status != PSA_SUCCESS) - EMSG("ipc_remove: failed to psa_call: %d", psa_status); -@@ -169,8 +169,8 @@ static uint32_t secure_storage_get_support(void *context, uint32_t client_id) - - (void)client_id; - -- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -- TFM_PS_GET_SUPPORT, NULL, 0, -+ psa_status = psa_call(caller, ipc->service_handle, -+ TFM_PS_ITS_GET_SUPPORT, NULL, 0, - out_vec, IOVEC_LEN(out_vec)); - if (psa_status != PSA_SUCCESS) - EMSG("ipc_get_support: failed to psa_call: %d", psa_status); -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h -index e8c1e8fd..d9949f6a 100644 ---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h -@@ -21,6 +21,7 @@ struct secure_storage_ipc - { - struct storage_backend backend; - struct service_client client; -+ int32_t service_handle; - }; - - /** -diff --git a/deployments/se-proxy/opteesp/service_proxy_factory.c b/deployments/se-proxy/opteesp/service_proxy_factory.c -index 4b8ccecc..1110ac46 100644 ---- a/deployments/se-proxy/opteesp/service_proxy_factory.c -+++ b/deployments/se-proxy/opteesp/service_proxy_factory.c -@@ -5,6 +5,7 @@ - */ - - #include -+#include - #include - #include - #include -@@ -60,23 +61,30 @@ struct rpc_interface *ps_proxy_create(void) - { - static struct secure_storage_provider ps_provider; - static struct secure_storage_ipc ps_backend; -- static struct rpc_caller *storage_caller; -+ struct rpc_caller *storage_caller; - struct storage_backend *backend; - - storage_caller = openamp_caller_init(&openamp); - if (!storage_caller) - return NULL; - backend = secure_storage_ipc_init(&ps_backend, &openamp.rpc_caller); -+ ps_backend.service_handle = TFM_PROTECTED_STORAGE_SERVICE_HANDLE; - - return secure_storage_provider_init(&ps_provider, backend); - } - - struct rpc_interface *its_proxy_create(void) - { -- static struct mock_store its_backend; -- static struct secure_storage_provider its_provider; -- -- struct storage_backend *backend = mock_store_init(&its_backend); -- -- return secure_storage_provider_init(&its_provider, backend); -+ static struct secure_storage_provider its_provider; -+ static struct secure_storage_ipc its_backend; -+ struct rpc_caller *storage_caller; -+ struct storage_backend *backend; -+ -+ storage_caller = openamp_caller_init(&openamp); -+ if (!storage_caller) -+ return NULL; -+ backend = secure_storage_ipc_init(&its_backend, &openamp.rpc_caller); -+ its_backend.service_handle = TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE; -+ -+ return secure_storage_provider_init(&its_provider, backend); - } diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0023-add-psa-ipc-crypto-backend.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0023-add-psa-ipc-crypto-backend.patch deleted file mode 100644 index a20a6a48..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0023-add-psa-ipc-crypto-backend.patch +++ /dev/null @@ -1,2586 +0,0 @@ -From 5af98a77887c2aa60bc93dbdddb174e03501b733 Mon Sep 17 00:00:00 2001 -From: Rui Miguel Silva -Date: Thu, 9 Dec 2021 14:17:39 +0000 -Subject: [PATCH] add psa ipc crypto backend - -Add psa ipc crypto backend and attach it to se proxy -deployment. - -Signed-off-by: Rui Miguel Silva -Signed-off-by: Satish Kumar - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Rui Miguel Silva - - ---- - components/service/common/include/psa/sid.h | 73 +++++ - .../crypto/backend/psa_ipc/component.cmake | 21 ++ - .../backend/psa_ipc/crypto_ipc_backend.c | 26 ++ - .../backend/psa_ipc/crypto_ipc_backend.h | 70 ++++ - .../client/caller/psa_ipc/crypto_caller.h | 34 ++ - .../caller/psa_ipc/crypto_caller_aead.h | 252 +++++++++++++++ - .../crypto_caller_asymmetric_decrypt.h | 76 +++++ - .../crypto_caller_asymmetric_encrypt.h | 76 +++++ - .../caller/psa_ipc/crypto_caller_cipher.h | 246 +++++++++++++++ - .../caller/psa_ipc/crypto_caller_copy_key.h | 57 ++++ - .../psa_ipc/crypto_caller_destroy_key.h | 51 +++ - .../caller/psa_ipc/crypto_caller_export_key.h | 59 ++++ - .../psa_ipc/crypto_caller_export_public_key.h | 59 ++++ - .../psa_ipc/crypto_caller_generate_key.h | 55 ++++ - .../psa_ipc/crypto_caller_generate_random.h | 57 ++++ - .../crypto_caller_get_key_attributes.h | 56 ++++ - .../caller/psa_ipc/crypto_caller_hash.h | 220 +++++++++++++ - .../caller/psa_ipc/crypto_caller_import_key.h | 57 ++++ - .../psa_ipc/crypto_caller_key_attributes.h | 51 +++ - .../psa_ipc/crypto_caller_key_derivation.h | 298 ++++++++++++++++++ - .../client/caller/psa_ipc/crypto_caller_mac.h | 207 ++++++++++++ - .../caller/psa_ipc/crypto_caller_purge_key.h | 51 +++ - .../caller/psa_ipc/crypto_caller_sign_hash.h | 64 ++++ - .../psa_ipc/crypto_caller_verify_hash.h | 59 ++++ - .../crypto/include/psa/crypto_client_struct.h | 8 +- - .../service/crypto/include/psa/crypto_sizes.h | 2 +- - deployments/se-proxy/opteesp/CMakeLists.txt | 2 +- - .../se-proxy/opteesp/service_proxy_factory.c | 15 +- - .../providers/arm/corstone1000/platform.cmake | 2 + - 29 files changed, 2293 insertions(+), 11 deletions(-) - create mode 100644 components/service/crypto/backend/psa_ipc/component.cmake - create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c - create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h - -diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -index 4a951d4a..7a29cc25 100644 ---- a/components/service/common/include/psa/sid.h -+++ b/components/service/common/include/psa/sid.h -@@ -37,6 +37,79 @@ extern "C" { - #define TFM_CRYPTO_VERSION (1U) - #define TFM_CRYPTO_HANDLE (0x40000100U) - -+/** -+ * \brief Define a progressive numerical value for each SID which can be used -+ * when dispatching the requests to the service -+ */ -+enum { -+ TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID = (0u), -+ TFM_CRYPTO_RESET_KEY_ATTRIBUTES_SID, -+ TFM_CRYPTO_OPEN_KEY_SID, -+ TFM_CRYPTO_CLOSE_KEY_SID, -+ TFM_CRYPTO_IMPORT_KEY_SID, -+ TFM_CRYPTO_DESTROY_KEY_SID, -+ TFM_CRYPTO_EXPORT_KEY_SID, -+ TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID, -+ TFM_CRYPTO_PURGE_KEY_SID, -+ TFM_CRYPTO_COPY_KEY_SID, -+ TFM_CRYPTO_HASH_COMPUTE_SID, -+ TFM_CRYPTO_HASH_COMPARE_SID, -+ TFM_CRYPTO_HASH_SETUP_SID, -+ TFM_CRYPTO_HASH_UPDATE_SID, -+ TFM_CRYPTO_HASH_FINISH_SID, -+ TFM_CRYPTO_HASH_VERIFY_SID, -+ TFM_CRYPTO_HASH_ABORT_SID, -+ TFM_CRYPTO_HASH_CLONE_SID, -+ TFM_CRYPTO_MAC_COMPUTE_SID, -+ TFM_CRYPTO_MAC_VERIFY_SID, -+ TFM_CRYPTO_MAC_SIGN_SETUP_SID, -+ TFM_CRYPTO_MAC_VERIFY_SETUP_SID, -+ TFM_CRYPTO_MAC_UPDATE_SID, -+ TFM_CRYPTO_MAC_SIGN_FINISH_SID, -+ TFM_CRYPTO_MAC_VERIFY_FINISH_SID, -+ TFM_CRYPTO_MAC_ABORT_SID, -+ TFM_CRYPTO_CIPHER_ENCRYPT_SID, -+ TFM_CRYPTO_CIPHER_DECRYPT_SID, -+ TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID, -+ TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID, -+ TFM_CRYPTO_CIPHER_GENERATE_IV_SID, -+ TFM_CRYPTO_CIPHER_SET_IV_SID, -+ TFM_CRYPTO_CIPHER_UPDATE_SID, -+ TFM_CRYPTO_CIPHER_FINISH_SID, -+ TFM_CRYPTO_CIPHER_ABORT_SID, -+ TFM_CRYPTO_AEAD_ENCRYPT_SID, -+ TFM_CRYPTO_AEAD_DECRYPT_SID, -+ TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID, -+ TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID, -+ TFM_CRYPTO_AEAD_GENERATE_NONCE_SID, -+ TFM_CRYPTO_AEAD_SET_NONCE_SID, -+ TFM_CRYPTO_AEAD_SET_LENGTHS_SID, -+ TFM_CRYPTO_AEAD_UPDATE_AD_SID, -+ TFM_CRYPTO_AEAD_UPDATE_SID, -+ TFM_CRYPTO_AEAD_FINISH_SID, -+ TFM_CRYPTO_AEAD_VERIFY_SID, -+ TFM_CRYPTO_AEAD_ABORT_SID, -+ TFM_CRYPTO_SIGN_MESSAGE_SID, -+ TFM_CRYPTO_VERIFY_MESSAGE_SID, -+ TFM_CRYPTO_SIGN_HASH_SID, -+ TFM_CRYPTO_VERIFY_HASH_SID, -+ TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID, -+ TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID, -+ TFM_CRYPTO_KEY_DERIVATION_SETUP_SID, -+ TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID, -+ TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID, -+ TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID, -+ TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID, -+ TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID, -+ TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID, -+ TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID, -+ TFM_CRYPTO_KEY_DERIVATION_ABORT_SID, -+ TFM_CRYPTO_RAW_KEY_AGREEMENT_SID, -+ TFM_CRYPTO_GENERATE_RANDOM_SID, -+ TFM_CRYPTO_GENERATE_KEY_SID, -+ TFM_CRYPTO_SID_MAX, -+}; -+ - /******** TFM_SP_PLATFORM ********/ - #define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U) - #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U) -diff --git a/components/service/crypto/backend/psa_ipc/component.cmake b/components/service/crypto/backend/psa_ipc/component.cmake -new file mode 100644 -index 00000000..93c297a8 ---- /dev/null -+++ b/components/service/crypto/backend/psa_ipc/component.cmake -@@ -0,0 +1,21 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/crypto_ipc_backend.c" -+ ) -+ -+# The ipc crypto backend uses the psa crypto client to realize the -+# psa crypto API that the crypto provider depends on. This define -+# configures the psa crypto client to be built with the ipc crypto -+# caller. -+target_compile_definitions(${TGT} PRIVATE -+ PSA_CRYPTO_CLIENT_CALLER_SELECTION_H="service/crypto/client/caller/psa_ipc/crypto_caller.h" -+) -diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c -new file mode 100644 -index 00000000..e47cd4ff ---- /dev/null -+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c -@@ -0,0 +1,26 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include -+#include -+#include -+#include -+#include "crypto_ipc_backend.h" -+ -+psa_status_t crypto_ipc_backend_init(struct rpc_caller *caller) -+{ -+ psa_status_t status = psa_crypto_client_init(caller); -+ -+ if (status == PSA_SUCCESS) -+ status = psa_crypto_init(); -+ -+ return status; -+} -+ -+void crypto_ipc_backend_deinit(void) -+{ -+ psa_crypto_client_deinit(); -+} -diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -new file mode 100644 -index 00000000..c13c20e8 ---- /dev/null -+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -@@ -0,0 +1,70 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef CRYPTO_IPC_BACKEND_H -+#define CRYPTO_IPC_BACKEND_H -+ -+#include -+#include -+#include -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/** -+ * \brief This type is used to overcome a limitation in the number of maximum -+ * IOVECs that can be used especially in psa_aead_encrypt and -+ * psa_aead_decrypt. To be removed in case the AEAD APIs number of -+ * parameters passed gets restructured -+ */ -+#define TFM_CRYPTO_MAX_NONCE_LENGTH (16u) -+struct psa_ipc_crypto_aead_pack_input { -+ uint8_t nonce[TFM_CRYPTO_MAX_NONCE_LENGTH]; -+ uint32_t nonce_length; -+}; -+ -+struct psa_ipc_crypto_pack_iovec { -+ uint32_t sfn_id; /*!< Secure function ID used to dispatch the -+ * request -+ */ -+ uint16_t step; /*!< Key derivation step */ -+ psa_key_id_t key_id; /*!< Key id */ -+ psa_algorithm_t alg; /*!< Algorithm */ -+ uint32_t op_handle; /*!< Frontend context handle associated to a -+ * multipart operation -+ */ -+ uint32_t capacity; /*!< Key derivation capacity */ -+ -+ struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for -+ * AEAD until the API is -+ * restructured -+ */ -+}; -+ -+#define iov_size sizeof(struct psa_ipc_crypto_pack_iovec) -+ -+/** -+ * \brief Initialize the psa ipc crypto backend -+ * -+ * Initializes a crypto backend that uses the psa API client with a -+ * psa_ipc_backend caller to realize the PSA crypto API used by the crypto -+ * service proviser. -+ * -+ * \return PSA_SUCCESS if backend initialized successfully -+ */ -+psa_status_t crypto_ipc_backend_init(struct rpc_caller *caller); -+ -+/** -+ * \brief Clean-up to free any resource used by the crypto backend -+ */ -+void crypto_ipc_backend_deinit(void); -+ -+#ifdef __cplusplus -+} /* extern "C" */ -+#endif -+ -+#endif /* CRYPTO_IPC_BACKEND_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller.h -new file mode 100644 -index 00000000..0a972187 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller.h -@@ -0,0 +1,34 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_H -+#define PSA_IPC_CRYPTO_CALLER_H -+ -+/** -+ * Includes all header files that form the psa ipc crypto caller -+ * interface. May be used by a client that needs to call operations -+ * provided by a crypto service instance using the psa ipc interface. -+ */ -+#include "crypto_caller_aead.h" -+#include "crypto_caller_asymmetric_decrypt.h" -+#include "crypto_caller_asymmetric_encrypt.h" -+#include "crypto_caller_cipher.h" -+#include "crypto_caller_copy_key.h" -+#include "crypto_caller_destroy_key.h" -+#include "crypto_caller_export_key.h" -+#include "crypto_caller_export_public_key.h" -+#include "crypto_caller_generate_key.h" -+#include "crypto_caller_generate_random.h" -+#include "crypto_caller_get_key_attributes.h" -+#include "crypto_caller_hash.h" -+#include "crypto_caller_import_key.h" -+#include "crypto_caller_key_derivation.h" -+#include "crypto_caller_mac.h" -+#include "crypto_caller_purge_key.h" -+#include "crypto_caller_sign_hash.h" -+#include "crypto_caller_verify_hash.h" -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -new file mode 100644 -index 00000000..78517fe3 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -@@ -0,0 +1,252 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_AEAD_H -+#define PSA_IPC_CRYPTO_CALLER_AEAD_H -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_aead_encrypt( -+ struct service_client *context, -+ psa_key_id_t key, -+ psa_algorithm_t alg, -+ const uint8_t *nonce, -+ size_t nonce_length, -+ const uint8_t *additional_data, -+ size_t additional_data_length, -+ const uint8_t *plaintext, -+ size_t plaintext_length, -+ uint8_t *aeadtext, -+ size_t aeadtext_size, -+ size_t *aeadtext_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ size_t in_len; -+ int i; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID, -+ .key_id = key, -+ .alg = alg, -+ .aead_in = { .nonce = {0}, .nonce_length = nonce_length }, -+ }; -+ -+ if (!additional_data && additional_data_length) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(plaintext), -+ .len = plaintext_length }, -+ { .base = psa_ptr_const_to_u32(additional_data), -+ .len = additional_data_length}, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(aeadtext), .len = aeadtext_size }, -+ }; -+ -+ if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ if (nonce) { -+ for (i = 0; i < nonce_length; i++) -+ iov.aead_in.nonce[i] = nonce[i]; -+ } -+ -+ in_len = IOVEC_LEN(in_vec); -+ -+ if (!additional_data) -+ in_len--; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ -+ *aeadtext_length = out_vec[0].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_aead_decrypt( -+ struct service_client *context, -+ psa_key_id_t key, -+ psa_algorithm_t alg, -+ const uint8_t *nonce, -+ size_t nonce_length, -+ const uint8_t *additional_data, -+ size_t additional_data_length, -+ const uint8_t *aeadtext, -+ size_t aeadtext_length, -+ uint8_t *plaintext, -+ size_t plaintext_size, -+ size_t *plaintext_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ size_t in_len; -+ int i; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID, -+ .key_id = key, -+ .alg = alg, -+ .aead_in = { .nonce = {0}, .nonce_length = nonce_length }, -+ }; -+ -+ if (!additional_data && additional_data_length) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(aeadtext), -+ .len = aeadtext_length }, -+ { .base = psa_ptr_const_to_u32(additional_data), -+ .len = additional_data_length}, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(plaintext), .len = plaintext_size }, -+ }; -+ -+ if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ if (nonce) { -+ for (i = 0; i < nonce_length; i++) -+ iov.aead_in.nonce[i] = nonce[i]; -+ } -+ -+ in_len = IOVEC_LEN(in_vec); -+ -+ if (!additional_data) -+ in_len--; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ -+ *plaintext_length = out_vec[0].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_aead_encrypt_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_decrypt_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_generate_nonce( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *nonce, -+ size_t nonce_size, -+ size_t *nonce_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_set_nonce( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *nonce, -+ size_t nonce_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_set_lengths( -+ struct service_client *context, -+ uint32_t op_handle, -+ size_t ad_length, -+ size_t plaintext_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_update_ad( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *input, -+ size_t input_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_update( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *input, -+ size_t input_length, -+ uint8_t *output, -+ size_t output_size, -+ size_t *output_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_finish( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *aeadtext, -+ size_t aeadtext_size, -+ size_t *aeadtext_length, -+ uint8_t *tag, -+ size_t tag_size, -+ size_t *tag_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_verify( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *plaintext, -+ size_t plaintext_size, -+ size_t *plaintext_length, -+ const uint8_t *tag, -+ size_t tag_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_abort( -+ struct service_client *context, -+ uint32_t op_handle) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_AEAD_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h -new file mode 100644 -index 00000000..ff01815c ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h -@@ -0,0 +1,76 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H -+#define PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_asymmetric_decrypt( -+ struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *input, size_t input_length, -+ const uint8_t *salt, size_t salt_length, -+ uint8_t *output, size_t output_size, -+ size_t *output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ size_t in_len; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID, -+ .key_id = id, -+ .alg = alg, -+ }; -+ -+ /* Sanitize optional input */ -+ if (!salt && salt_length) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(input), .len = input_length }, -+ { .base = psa_ptr_const_to_u32(salt), .len = salt_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(output), .len = output_size }, -+ }; -+ -+ -+ in_len = IOVEC_LEN(in_vec); -+ if (!salt) -+ in_len--; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h -new file mode 100644 -index 00000000..1daf1689 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h -@@ -0,0 +1,76 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H -+#define PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_asymmetric_encrypt( -+ struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *input, size_t input_length, -+ const uint8_t *salt, size_t salt_length, -+ uint8_t *output, size_t output_size, -+ size_t *output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ size_t in_len; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID, -+ .key_id = id, -+ .alg = alg, -+ }; -+ -+ /* Sanitize optional input */ -+ if (!salt && salt_length) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(input), .len = input_length }, -+ { .base = psa_ptr_const_to_u32(salt), .len = salt_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(output), .len = output_size }, -+ }; -+ -+ -+ in_len = IOVEC_LEN(in_vec); -+ if (!salt) -+ in_len--; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h -new file mode 100644 -index 00000000..fbefb28d ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h -@@ -0,0 +1,246 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_CIPHER_H -+#define PSA_IPC_CRYPTO_CALLER_CIPHER_H -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_cipher_encrypt_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_decrypt_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_generate_iv( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *iv, -+ size_t iv_size, -+ size_t *iv_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ { .base = psa_ptr_to_u32(iv), .len = iv_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *iv_length = out_vec[1].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_set_iv( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *iv, -+ size_t iv_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_SET_IV_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(iv), .len = iv_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_update( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *input, -+ size_t input_length, -+ uint8_t *output, -+ size_t output_size, -+ size_t *output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_UPDATE_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(input), .len = input_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ { .base = psa_ptr_to_u32(output), .len = output_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[1].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_finish( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *output, -+ size_t output_size, -+ size_t *output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_FINISH_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ { .base = psa_ptr_to_u32(output), .len = output_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[1].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_abort( -+ struct service_client *context, -+ uint32_t op_handle) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_ABORT_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline size_t crypto_caller_cipher_max_update_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the cipher_update operation -+ * using the ipc encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = iov_size; -+ -+ /* Allow for output to be a whole number of blocks */ -+ overhead += PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_CIPHER_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h -new file mode 100644 -index 00000000..9a988171 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h -@@ -0,0 +1,57 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_COPY_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_COPY_KEY_H -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_copy_key(struct service_client *context, -+ psa_key_id_t source_key, -+ const psa_key_attributes_t *attributes, -+ psa_key_id_t *target_key) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_COPY_KEY_SID, -+ .key_id = source_key, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ { .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(target_key), .len = sizeof(psa_key_id_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_COPY_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h -new file mode 100644 -index 00000000..d00f4faa ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h -@@ -0,0 +1,51 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_destroy_key(struct service_client *context, -+ psa_key_id_t id) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_DESTROY_KEY_SID, -+ .key_id = id, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h -new file mode 100644 -index 00000000..8ac5477f ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h -@@ -0,0 +1,59 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_export_key(struct service_client *context, -+ psa_key_id_t id, -+ uint8_t *data, -+ size_t data_size, -+ size_t *data_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_EXPORT_KEY_SID, -+ .key_id = id, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(data), .len = data_size } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *data_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h -new file mode 100644 -index 00000000..b24c47f1 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h -@@ -0,0 +1,59 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_export_public_key(struct service_client *context, -+ psa_key_id_t id, -+ uint8_t *data, -+ size_t data_size, -+ size_t *data_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID, -+ .key_id = id, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(data), .len = data_size } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *data_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h -new file mode 100644 -index 00000000..1b66ed40 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h -@@ -0,0 +1,55 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_generate_key(struct service_client *context, -+ const psa_key_attributes_t *attributes, -+ psa_key_id_t *id) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_GENERATE_KEY_SID, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ { .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(id), .len = sizeof(psa_key_id_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h -new file mode 100644 -index 00000000..7c538237 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h -@@ -0,0 +1,57 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H -+#define PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_generate_random(struct service_client *context, -+ uint8_t *output, -+ size_t output_size) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_GENERATE_RANDOM_SID, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(output), .len = output_size } -+ }; -+ -+ if (!output_size) -+ return PSA_SUCCESS; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h -new file mode 100644 -index 00000000..22f1d18f ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h -@@ -0,0 +1,56 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H -+#define PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_get_key_attributes( -+ struct service_client *context, -+ psa_key_id_t key, -+ psa_key_attributes_t *attributes) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID, -+ .key_id = key, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(attributes), .len = sizeof(psa_key_attributes_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h -new file mode 100644 -index 00000000..9f37908a ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h -@@ -0,0 +1,220 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_HASH_H -+#define PSA_IPC_CRYPTO_CALLER_HASH_H -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_hash_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_SETUP_SID, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_update( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *input, -+ size_t input_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_UPDATE_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(input), .len = input_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_finish( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *hash, -+ size_t hash_size, -+ size_t *hash_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_FINISH_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ { .base = psa_ptr_to_u32(hash), .len = hash_size}, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *hash_length = out_vec[1].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_abort( -+ struct service_client *context, -+ uint32_t op_handle) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_ABORT_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_verify( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *hash, -+ size_t hash_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_VERIFY_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(hash), .len = hash_length}, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_clone( -+ struct service_client *context, -+ uint32_t source_op_handle, -+ uint32_t *target_op_handle) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_CLONE_SID, -+ .op_handle = source_op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(target_op_handle), -+ .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_suspend(struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *hash_state, -+ size_t hash_state_size, -+ size_t *hash_state_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_hash_resume(struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *hash_state, -+ size_t hash_state_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline size_t crypto_caller_hash_max_update_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the hash_update operation -+ * using the packed-c encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = iov_size; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_HASH_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h -new file mode 100644 -index 00000000..d4703366 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h -@@ -0,0 +1,57 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_IMPORT_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_IMPORT_KEY_H -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_import_key(struct service_client *context, -+ const psa_key_attributes_t *attributes, -+ const uint8_t *data, size_t data_length, -+ psa_key_id_t *id) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_IMPORT_KEY_SID, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ { .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) }, -+ { .base = psa_ptr_const_to_u32(data), .len = data_length } -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(id), .len = sizeof(psa_key_id_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PACKEDC_CRYPTO_CALLER_IMPORT_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h -new file mode 100644 -index 00000000..2fad2f0a ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h -@@ -0,0 +1,51 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H -+#define PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H -+ -+#include -+#include -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline void packedc_crypto_caller_translate_key_attributes_to_proto( -+ struct ts_crypto_key_attributes *proto_attributes, -+ const psa_key_attributes_t *psa_attributes) -+{ -+ proto_attributes->type = psa_get_key_type(psa_attributes); -+ proto_attributes->key_bits = psa_get_key_bits(psa_attributes); -+ proto_attributes->lifetime = psa_get_key_lifetime(psa_attributes); -+ proto_attributes->id = psa_get_key_id(psa_attributes); -+ -+ proto_attributes->policy.usage = psa_get_key_usage_flags(psa_attributes); -+ proto_attributes->policy.alg = psa_get_key_algorithm(psa_attributes); -+ } -+ -+static inline void packedc_crypto_caller_translate_key_attributes_from_proto( -+ psa_key_attributes_t *psa_attributes, -+ const struct ts_crypto_key_attributes *proto_attributes) -+{ -+ psa_set_key_type(psa_attributes, proto_attributes->type); -+ psa_set_key_bits(psa_attributes, proto_attributes->key_bits); -+ psa_set_key_lifetime(psa_attributes, proto_attributes->lifetime); -+ -+ if (proto_attributes->lifetime == PSA_KEY_LIFETIME_PERSISTENT) { -+ -+ psa_set_key_id(psa_attributes, proto_attributes->id); -+ } -+ -+ psa_set_key_usage_flags(psa_attributes, proto_attributes->policy.usage); -+ psa_set_key_algorithm(psa_attributes, proto_attributes->policy.alg); -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h -new file mode 100644 -index 00000000..5ce4fb6c ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h -@@ -0,0 +1,298 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H -+#define PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_key_derivation_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_get_capacity( -+ struct service_client *context, -+ const uint32_t op_handle, -+ size_t *capacity) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(capacity), .len = sizeof(uint32_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_set_capacity( -+ struct service_client *context, -+ uint32_t op_handle, -+ size_t capacity) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID, -+ .capacity = capacity, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_input_bytes( -+ struct service_client *context, -+ uint32_t op_handle, -+ psa_key_derivation_step_t step, -+ const uint8_t *data, -+ size_t data_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID, -+ .step = step, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(data), .len = data_length }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_input_key( -+ struct service_client *context, -+ uint32_t op_handle, -+ psa_key_derivation_step_t step, -+ psa_key_id_t key) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID, -+ .key_id = key, -+ .step = step, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_output_bytes( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *output, -+ size_t output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(output), .len = output_length }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_output_key( -+ struct service_client *context, -+ const psa_key_attributes_t *attributes, -+ uint32_t op_handle, -+ psa_key_id_t *key) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(attributes), -+ .len = sizeof(psa_key_attributes_t) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(key), .len = sizeof(psa_key_id_t)}, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_abort( -+ struct service_client *context, -+ uint32_t op_handle) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_key_agreement( -+ struct service_client *context, -+ uint32_t op_handle, -+ psa_key_derivation_step_t step, -+ psa_key_id_t private_key, -+ const uint8_t *peer_key, -+ size_t peer_key_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID, -+ .key_id = private_key, -+ .step = step, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(peer_key), -+ .len = peer_key_length}, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_raw_key_agreement( -+ struct service_client *context, -+ psa_algorithm_t alg, -+ psa_key_id_t private_key, -+ const uint8_t *peer_key, -+ size_t peer_key_length, -+ uint8_t *output, -+ size_t output_size, -+ size_t *output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID, -+ .alg = alg, -+ .key_id = private_key, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(peer_key), -+ .len = peer_key_length}, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(output), .len = output_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h -new file mode 100644 -index 00000000..3a820192 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h -@@ -0,0 +1,207 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_MAC_H -+#define PSA_IPC_CRYPTO_CALLER_MAC_H -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_mac_sign_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_mac_verify_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_mac_update( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *input, -+ size_t input_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_UPDATE_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(input), .len = input_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_mac_sign_finish( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *mac, -+ size_t mac_size, -+ size_t *mac_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ { .base = psa_ptr_to_u32(mac), .len = mac_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *mac_length = out_vec[1].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_mac_verify_finish( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *mac, -+ size_t mac_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(mac), .len = mac_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_mac_abort( -+ struct service_client *context, -+ uint32_t op_handle) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_ABORT_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline size_t crypto_caller_mac_max_update_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the mac_update operation -+ * using the packed-c encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = iov_size; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_MAC_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h -new file mode 100644 -index 00000000..a3a796e2 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h -@@ -0,0 +1,51 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PACKEDC_CRYPTO_CALLER_PURGE_KEY_H -+#define PACKEDC_CRYPTO_CALLER_PURGE_KEY_H -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_purge_key(struct service_client *context, -+ psa_key_id_t id) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_PURGE_KEY_SID, -+ .key_id = id, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PACKEDC_CRYPTO_CALLER_PURGE_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -new file mode 100644 -index 00000000..71d88ced ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -@@ -0,0 +1,64 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H -+#define PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_sign_hash(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, -+ size_t hash_length, -+ uint8_t *signature, -+ size_t signature_size, -+ size_t *signature_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_SIGN_HASH_SID, -+ .key_id = id, -+ .alg = alg, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(hash), .len = hash_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(signature), .len = signature_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *signature_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -new file mode 100644 -index 00000000..e16f6e54 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -@@ -0,0 +1,59 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H -+#define PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_verify_hash(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, -+ size_t hash_length, -+ const uint8_t *signature, -+ size_t signature_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_VERIFY_HASH_SID, -+ .key_id = id, -+ .alg = alg, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ { .base = psa_ptr_const_to_u32(hash), .len = hash_length }, -+ { .base = psa_ptr_const_to_u32(signature), .len = signature_length}, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H */ -diff --git a/components/service/crypto/include/psa/crypto_client_struct.h b/components/service/crypto/include/psa/crypto_client_struct.h -index abd420c8..bf95c982 100644 ---- a/components/service/crypto/include/psa/crypto_client_struct.h -+++ b/components/service/crypto/include/psa/crypto_client_struct.h -@@ -31,12 +31,12 @@ extern "C" { - * data structure internally. */ - struct psa_client_key_attributes_s - { -+ uint16_t type; -+ uint16_t bits; - uint32_t lifetime; -- uint32_t id; -- uint32_t alg; -+ psa_key_id_t id; - uint32_t usage; -- size_t bits; -- uint16_t type; -+ uint32_t alg; - }; - - #define PSA_CLIENT_KEY_ATTRIBUTES_INIT {0, 0, 0, 0, 0, 0} -diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h -index 7a0149bb..4d7bf6e9 100644 ---- a/components/service/crypto/include/psa/crypto_sizes.h -+++ b/components/service/crypto/include/psa/crypto_sizes.h -@@ -81,7 +81,7 @@ - #define PSA_HASH_MAX_SIZE 64 - #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128 - #else --#define PSA_HASH_MAX_SIZE 32 -+#define PSA_HASH_MAX_SIZE 64 - #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64 - #endif - -diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt -index af2225e7..21904283 100644 ---- a/deployments/se-proxy/opteesp/CMakeLists.txt -+++ b/deployments/se-proxy/opteesp/CMakeLists.txt -@@ -85,7 +85,7 @@ add_components(TARGET "se-proxy" - "components/rpc/dummy" - "components/rpc/common/caller" - "components/service/attestation/key_mngr/stub" -- "components/service/crypto/backend/stub" -+ "components/service/crypto/backend/psa_ipc" - "components/service/crypto/client/psa" - "components/service/secure_storage/backend/mock_store" - ) -diff --git a/deployments/se-proxy/opteesp/service_proxy_factory.c b/deployments/se-proxy/opteesp/service_proxy_factory.c -index 1110ac46..7edeef8b 100644 ---- a/deployments/se-proxy/opteesp/service_proxy_factory.c -+++ b/deployments/se-proxy/opteesp/service_proxy_factory.c -@@ -15,7 +15,7 @@ - #include - - /* Stub backends */ --#include -+#include - #include - #include - -@@ -47,12 +47,17 @@ struct rpc_interface *crypto_proxy_create(void) - { - struct rpc_interface *crypto_iface = NULL; - struct crypto_provider *crypto_provider; -+ struct rpc_caller *crypto_caller; - -- if (stub_crypto_backend_init() == PSA_SUCCESS) { -+ crypto_caller = openamp_caller_init(&openamp); -+ if (!crypto_caller) -+ return NULL; -+ -+ if (crypto_ipc_backend_init(&openamp.rpc_caller) != PSA_SUCCESS) -+ return NULL; - -- crypto_provider = crypto_provider_factory_create(); -- crypto_iface = service_provider_get_rpc_interface(&crypto_provider->base_provider); -- } -+ crypto_provider = crypto_provider_factory_create(); -+ crypto_iface = service_provider_get_rpc_interface(&crypto_provider->base_provider); - - return crypto_iface; - } -diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake -index bb778bb9..51e5faa3 100644 ---- a/platform/providers/arm/corstone1000/platform.cmake -+++ b/platform/providers/arm/corstone1000/platform.cmake -@@ -8,3 +8,5 @@ - - # include MHU driver - include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake) -+ -+add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED) diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0024-Increase-SMM-gateway-UEFI-variable-macro-value.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0024-Increase-SMM-gateway-UEFI-variable-macro-value.patch deleted file mode 100644 index 91207bdd..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0024-Increase-SMM-gateway-UEFI-variable-macro-value.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 8fca2a8eed6ebc1cbf9f7972c6a9bb137ebafe1a Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar -Date: Sun, 12 Dec 2021 17:07:03 +0000 -Subject: [PATCH] Increase SMM gateway UEFI variable macro value - -The maximum number of UEFI variables that be supported by SMM -gateway is currently 40. When more than 40 variables are written, -or read SMM gateway returns error code. Currently this value is -increased to 100 to support more UEFI variables. - -Signed-off-by: Gowtham Suresh Kumar - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Gowtham Suresh Kumar - - ---- - deployments/smm-gateway/smm_gateway.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/deployments/smm-gateway/smm_gateway.c b/deployments/smm-gateway/smm_gateway.c -index 7828b3af..7e6729ee 100644 ---- a/deployments/smm-gateway/smm_gateway.c -+++ b/deployments/smm-gateway/smm_gateway.c -@@ -20,6 +20,9 @@ - #define SMM_GATEWAY_NV_STORE_SN "sn:ffa:751bf801-3dde-4768-a514-0f10aeed1790:0" - #endif - -+/* Maximum number of UEFI variables set to 100 */ -+#define SMM_GATEWAY_MAX_UEFI_VARIABLES (100) -+ - /* Default maximum number of UEFI variables */ - #ifndef SMM_GATEWAY_MAX_UEFI_VARIABLES - #define SMM_GATEWAY_MAX_UEFI_VARIABLES (40) diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0025-Add-stub-capsule-update-service-components.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0025-Add-stub-capsule-update-service-components.patch deleted file mode 100644 index 943568c8..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0025-Add-stub-capsule-update-service-components.patch +++ /dev/null @@ -1,436 +0,0 @@ -From eb1beb0f4f3a0d97a1ee941b068fb1f3b7ba7d7b Mon Sep 17 00:00:00 2001 -From: Julian Hall -Date: Tue, 12 Oct 2021 15:45:41 +0100 -Subject: [PATCH] Add stub capsule update service components - -To facilitate development of a capsule update service provider, -stub components are added to provide a starting point for an -implementation. The capsule update service provider is integrated -into the se-proxy/opteesp deployment. - -Signed-off-by: Vishnu Banavath -Signed-off-by: Julian Hall -Change-Id: I0d4049bb4de5af7ca80806403301692507085d28 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath - - ---- - .../backend/capsule_update_backend.h | 24 ++++ - .../provider/capsule_update_provider.c | 133 ++++++++++++++++++ - .../provider/capsule_update_provider.h | 51 +++++++ - .../capsule_update/provider/component.cmake | 13 ++ - deployments/se-proxy/opteesp/CMakeLists.txt | 1 + - deployments/se-proxy/opteesp/se_proxy_sp.c | 3 + - .../se-proxy/opteesp/service_proxy_factory.c | 16 +++ - .../se-proxy/opteesp/service_proxy_factory.h | 1 + - deployments/se-proxy/se_proxy_interfaces.h | 9 +- - .../capsule_update/capsule_update_proto.h | 13 ++ - protocols/service/capsule_update/opcodes.h | 17 +++ - protocols/service/capsule_update/parameters.h | 15 ++ - 12 files changed, 292 insertions(+), 4 deletions(-) - create mode 100644 components/service/capsule_update/backend/capsule_update_backend.h - create mode 100644 components/service/capsule_update/provider/capsule_update_provider.c - create mode 100644 components/service/capsule_update/provider/capsule_update_provider.h - create mode 100644 components/service/capsule_update/provider/component.cmake - create mode 100644 protocols/service/capsule_update/capsule_update_proto.h - create mode 100644 protocols/service/capsule_update/opcodes.h - create mode 100644 protocols/service/capsule_update/parameters.h - -diff --git a/components/service/capsule_update/backend/capsule_update_backend.h b/components/service/capsule_update/backend/capsule_update_backend.h -new file mode 100644 -index 00000000..f3144ff1 ---- /dev/null -+++ b/components/service/capsule_update/backend/capsule_update_backend.h -@@ -0,0 +1,24 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef CAPSULE_UPDATE_BACKEND_H -+#define CAPSULE_UPDATE_BACKEND_H -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/** -+ * Defines the common capsule update backend interface. Concrete backends -+ * implement this interface for different types of platform. -+ */ -+ -+ -+#ifdef __cplusplus -+} /* extern "C" */ -+#endif -+ -+#endif /* CAPSULE_UPDATE_BACKEND_H */ -diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c -new file mode 100644 -index 00000000..9bbd7abc ---- /dev/null -+++ b/components/service/capsule_update/provider/capsule_update_provider.c -@@ -0,0 +1,133 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include -+#include -+#include -+ -+#include -+#include -+#include "capsule_update_provider.h" -+ -+ -+#define CAPSULE_UPDATE_REQUEST (0x1) -+#define KERNEL_STARTED_EVENT (0x2) -+ -+enum corstone1000_ioctl_id_t { -+ IOCTL_CORSTONE1000_FWU_FLASH_IMAGES = 0, -+ IOCTL_CORSTONE1000_FWU_HOST_ACK, -+}; -+ -+/* Service request handlers */ -+static rpc_status_t update_capsule_handler(void *context, struct call_req *req); -+static rpc_status_t boot_confirmed_handler(void *context, struct call_req *req); -+ -+/* Handler mapping table for service */ -+static const struct service_handler handler_table[] = { -+ {CAPSULE_UPDATE_OPCODE_UPDATE_CAPSULE, update_capsule_handler}, -+ {CAPSULE_UPDATE_OPCODE_BOOT_CONFIRMED, boot_confirmed_handler} -+}; -+ -+struct rpc_interface *capsule_update_provider_init( -+ struct capsule_update_provider *context) -+{ -+ struct rpc_interface *rpc_interface = NULL; -+ -+ if (context) { -+ -+ service_provider_init( -+ &context->base_provider, -+ context, -+ handler_table, -+ sizeof(handler_table)/sizeof(struct service_handler)); -+ -+ rpc_interface = service_provider_get_rpc_interface(&context->base_provider); -+ } -+ -+ return rpc_interface; -+} -+ -+void capsule_update_provider_deinit(struct capsule_update_provider *context) -+{ -+ (void)context; -+} -+ -+static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller) -+{ -+ uint32_t ioctl_id; -+ psa_handle_t handle; -+ rpc_status_t rpc_status = TS_RPC_CALL_ACCEPTED; -+ -+ struct psa_invec in_vec[] = { -+ { .base = &ioctl_id, .len = sizeof(ioctl_id) } -+ }; -+ -+ if(!caller) { -+ EMSG("event_handler rpc_caller is NULL"); -+ rpc_status = TS_RPC_ERROR_RESOURCE_FAILURE; -+ return rpc_status; -+ } -+ -+ MSG("event handler opcode %x", opcode); -+ switch(opcode) { -+ case CAPSULE_UPDATE_REQUEST: -+ /* Openamp call with IOCTL for firmware update*/ -+ ioctl_id = IOCTL_CORSTONE1000_FWU_FLASH_IMAGES; -+ handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID, -+ TFM_SP_PLATFORM_IOCTL_VERSION); -+ if (handle <= 0) { -+ EMSG("%s Invalid handle", __func__); -+ rpc_status = TS_RPC_ERROR_INVALID_PARAMETER; -+ return rpc_status; -+ } -+ psa_call(caller,handle, PSA_IPC_CALL, -+ in_vec,IOVEC_LEN(in_vec), NULL, 0); -+ break; -+ -+ case KERNEL_STARTED_EVENT: -+ ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK; -+ /*openamp call with IOCTL for kernel start*/ -+ handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID, -+ TFM_SP_PLATFORM_IOCTL_VERSION); -+ if (handle <= 0) { -+ EMSG("%s Invalid handle", __func__); -+ rpc_status = TS_RPC_ERROR_INVALID_PARAMETER; -+ return rpc_status; -+ } -+ psa_call(caller,handle, PSA_IPC_CALL, -+ in_vec,IOVEC_LEN(in_vec), NULL, 0); -+ break; -+ default: -+ EMSG("%s unsupported opcode", __func__); -+ rpc_status = TS_RPC_ERROR_INVALID_PARAMETER; -+ return rpc_status; -+ } -+ return rpc_status; -+ -+} -+ -+static rpc_status_t update_capsule_handler(void *context, struct call_req *req) -+{ -+ struct capsule_update_provider *this_instance = (struct capsule_update_provider*)context; -+ struct rpc_caller *caller = this_instance->client.caller; -+ uint32_t opcode = req->opcode; -+ rpc_status_t rpc_status = TS_RPC_ERROR_NOT_READY; -+ -+ rpc_status = event_handler(opcode, caller); -+ return rpc_status; -+} -+ -+static rpc_status_t boot_confirmed_handler(void *context, struct call_req *req) -+{ -+ struct capsule_update_provider *this_instance = (struct capsule_update_provider*)context; -+ struct rpc_caller *caller = this_instance->client.caller; -+ uint32_t opcode = req->opcode; -+ rpc_status_t rpc_status = TS_RPC_ERROR_NOT_READY; -+ -+ rpc_status = event_handler(opcode, caller); -+ -+ return rpc_status; -+} -diff --git a/components/service/capsule_update/provider/capsule_update_provider.h b/components/service/capsule_update/provider/capsule_update_provider.h -new file mode 100644 -index 00000000..3de49854 ---- /dev/null -+++ b/components/service/capsule_update/provider/capsule_update_provider.h -@@ -0,0 +1,51 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef CAPSULE_UPDATE_PROVIDER_H -+#define CAPSULE_UPDATE_PROVIDER_H -+ -+#include -+#include -+#include -+#include -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/** -+ * The capsule_update_provider is a service provider that accepts update capsule -+ * requests and delegates them to a suitable backend that applies the update. -+ */ -+struct capsule_update_provider -+{ -+ struct service_provider base_provider; -+ struct service_client client; -+}; -+ -+/** -+ * \brief Initialize an instance of the capsule update service provider -+ * -+ * @param[in] context The instance to initialize -+ * -+ * \return An rpc_interface or NULL on failure -+ */ -+struct rpc_interface *capsule_update_provider_init( -+ struct capsule_update_provider *context); -+ -+/** -+ * \brief Cleans up when the instance is no longer needed -+ * -+ * \param[in] context The instance to de-initialize -+ */ -+void capsule_update_provider_deinit( -+ struct capsule_update_provider *context); -+ -+#ifdef __cplusplus -+} /* extern "C" */ -+#endif -+ -+#endif /* CAPSULE_UPDATE_PROVIDER_H */ -diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake -new file mode 100644 -index 00000000..1d412eb2 ---- /dev/null -+++ b/components/service/capsule_update/provider/component.cmake -@@ -0,0 +1,13 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c" -+ ) -diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt -index 21904283..953bb716 100644 ---- a/deployments/se-proxy/opteesp/CMakeLists.txt -+++ b/deployments/se-proxy/opteesp/CMakeLists.txt -@@ -80,6 +80,7 @@ add_components(TARGET "se-proxy" - "components/service/attestation/reporter/psa_ipc" - "components/service/attestation/client/psa_ipc" - "components/rpc/openamp/caller/sp" -+ "components/service/capsule_update/provider" - - # Stub service provider backends - "components/rpc/dummy" -diff --git a/deployments/se-proxy/opteesp/se_proxy_sp.c b/deployments/se-proxy/opteesp/se_proxy_sp.c -index ef90d9ee..11b014b2 100644 ---- a/deployments/se-proxy/opteesp/se_proxy_sp.c -+++ b/deployments/se-proxy/opteesp/se_proxy_sp.c -@@ -48,6 +48,9 @@ void __noreturn sp_main(struct ffa_init_info *init_info) - rpc_iface = attest_proxy_create(); - rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_ATTEST, rpc_iface); - -+ rpc_iface = capsule_update_proxy_create(); -+ rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE, rpc_iface); -+ - /* End of boot phase */ - sp_msg_wait(&req_msg); - -diff --git a/deployments/se-proxy/opteesp/service_proxy_factory.c b/deployments/se-proxy/opteesp/service_proxy_factory.c -index 7edeef8b..591cc9ee 100644 ---- a/deployments/se-proxy/opteesp/service_proxy_factory.c -+++ b/deployments/se-proxy/opteesp/service_proxy_factory.c -@@ -13,6 +13,7 @@ - #include - #include - #include -+#include - - /* Stub backends */ - #include -@@ -93,3 +94,18 @@ struct rpc_interface *its_proxy_create(void) - - return secure_storage_provider_init(&its_provider, backend); - } -+ -+struct rpc_interface *capsule_update_proxy_create(void) -+{ -+ static struct capsule_update_provider capsule_update_provider; -+ static struct rpc_caller *capsule_update_caller; -+ -+ capsule_update_caller = openamp_caller_init(&openamp); -+ -+ if (!capsule_update_caller) -+ return NULL; -+ -+ capsule_update_provider.client.caller = capsule_update_caller; -+ -+ return capsule_update_provider_init(&capsule_update_provider); -+} -diff --git a/deployments/se-proxy/opteesp/service_proxy_factory.h b/deployments/se-proxy/opteesp/service_proxy_factory.h -index 298d407a..02aa7fe2 100644 ---- a/deployments/se-proxy/opteesp/service_proxy_factory.h -+++ b/deployments/se-proxy/opteesp/service_proxy_factory.h -@@ -17,6 +17,7 @@ struct rpc_interface *attest_proxy_create(void); - struct rpc_interface *crypto_proxy_create(void); - struct rpc_interface *ps_proxy_create(void); - struct rpc_interface *its_proxy_create(void); -+struct rpc_interface *capsule_update_proxy_create(void); - - #ifdef __cplusplus - } -diff --git a/deployments/se-proxy/se_proxy_interfaces.h b/deployments/se-proxy/se_proxy_interfaces.h -index 48908f84..3d4a7c20 100644 ---- a/deployments/se-proxy/se_proxy_interfaces.h -+++ b/deployments/se-proxy/se_proxy_interfaces.h -@@ -8,9 +8,10 @@ - #define SE_PROXY_INTERFACES_H - - /* Interface IDs from service endpoints available from an se-proxy deployment */ --#define SE_PROXY_INTERFACE_ID_ITS (0) --#define SE_PROXY_INTERFACE_ID_PS (1) --#define SE_PROXY_INTERFACE_ID_CRYPTO (2) --#define SE_PROXY_INTERFACE_ID_ATTEST (3) -+#define SE_PROXY_INTERFACE_ID_ITS (0) -+#define SE_PROXY_INTERFACE_ID_PS (1) -+#define SE_PROXY_INTERFACE_ID_CRYPTO (2) -+#define SE_PROXY_INTERFACE_ID_ATTEST (3) -+#define SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE (4) - - #endif /* SE_PROXY_INTERFACES_H */ -diff --git a/protocols/service/capsule_update/capsule_update_proto.h b/protocols/service/capsule_update/capsule_update_proto.h -new file mode 100644 -index 00000000..8f326cd3 ---- /dev/null -+++ b/protocols/service/capsule_update/capsule_update_proto.h -@@ -0,0 +1,13 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef CAPSULE_UPDATE_PROTO_H -+#define CAPSULE_UPDATE_PROTO_H -+ -+#include -+#include -+ -+#endif /* CAPSULE_UPDATE_PROTO_H */ -diff --git a/protocols/service/capsule_update/opcodes.h b/protocols/service/capsule_update/opcodes.h -new file mode 100644 -index 00000000..8185a090 ---- /dev/null -+++ b/protocols/service/capsule_update/opcodes.h -@@ -0,0 +1,17 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef CAPSULE_UPDATE_OPCODES_H -+#define CAPSULE_UPDATE_OPCODES_H -+ -+/** -+ * Opcode definitions for the capsule update service -+ */ -+ -+#define CAPSULE_UPDATE_OPCODE_UPDATE_CAPSULE 1 -+#define CAPSULE_UPDATE_OPCODE_BOOT_CONFIRMED 2 -+ -+#endif /* CAPSULE_UPDATE_OPCODES_H */ -diff --git a/protocols/service/capsule_update/parameters.h b/protocols/service/capsule_update/parameters.h -new file mode 100644 -index 00000000..285d9241 ---- /dev/null -+++ b/protocols/service/capsule_update/parameters.h -@@ -0,0 +1,15 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef CAPSULE_UPDATE_PARAMETERS_H -+#define CAPSULE_UPDATE_PARAMETERS_H -+ -+/** -+ * Operation parameter definitions for the capsule update service access protocol. -+ */ -+ -+ -+#endif /* CAPSULE_UPDATE_PARAMETERS_H */ diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0026-Add-logs-to-functions-in-SMM-gateway-SP.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0026-Add-logs-to-functions-in-SMM-gateway-SP.patch deleted file mode 100644 index 38ce2439..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0026-Add-logs-to-functions-in-SMM-gateway-SP.patch +++ /dev/null @@ -1,248 +0,0 @@ -From c9188e59fd27d208a975187da285a9b5938bb00d Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar -Date: Thu, 16 Dec 2021 13:29:58 +0000 -Subject: [PATCH] Add logs to functions in SMM gateway SP - -Signed-off-by: Gowtham Suresh Kumar - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Gowtham Suresh Kumar - - ---- - .../backend/uefi_variable_store.c | 29 +++++++++++++++++-- - .../provider/smm_variable_provider.c | 7 +++-- - 2 files changed, 32 insertions(+), 4 deletions(-) - -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index ed50eaf9..0c371e94 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -11,6 +11,7 @@ - #include "uefi_variable_store.h" - #include "variable_index_iterator.h" - #include "variable_checker.h" -+#include - - /* Private functions */ - static void load_variable_index( -@@ -151,12 +152,15 @@ void uefi_variable_store_set_storage_limits( - size_t total_capacity, - size_t max_variable_size) - { -+ EMSG("In func %s\n", __func__); - struct delegate_variable_store *delegate_store = select_delegate_store( - context, - attributes); - - delegate_store->total_capacity = total_capacity; - delegate_store->max_variable_size = max_variable_size; -+ EMSG("In func %s total_capacity is %d\n", __func__, total_capacity); -+ EMSG("In func %s max_variable_size is %d\n", __func__, max_variable_size); - } - - efi_status_t uefi_variable_store_set_variable( -@@ -265,6 +269,7 @@ efi_status_t uefi_variable_store_get_variable( - size_t max_data_len, - size_t *total_length) - { -+ EMSG("In func %s\n", __func__); - efi_status_t status = check_name_terminator(var->Name, var->NameSize); - if (status != EFI_SUCCESS) return status; - -@@ -299,6 +304,7 @@ efi_status_t uefi_variable_store_get_next_variable_name( - size_t max_name_len, - size_t *total_length) - { -+ EMSG("In func %s\n", __func__); - efi_status_t status = check_name_terminator(cur->Name, cur->NameSize); - if (status != EFI_SUCCESS) return status; - -@@ -329,6 +335,8 @@ efi_status_t uefi_variable_store_query_variable_info( - struct uefi_variable_store *context, - SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *var_info) - { -+ -+ EMSG("In func %s\n", __func__); - struct delegate_variable_store *delegate_store = select_delegate_store( - context, - var_info->Attributes); -@@ -337,13 +345,15 @@ efi_status_t uefi_variable_store_query_variable_info( - context, - var_info->Attributes, - delegate_store->storage_backend); -- -+ EMSG("In func %s total_used is %d\n", __func__, total_used); - var_info->MaximumVariableSize = delegate_store->max_variable_size; - var_info->MaximumVariableStorageSize = delegate_store->total_capacity; - var_info->RemainingVariableStorageSize = (total_used < delegate_store->total_capacity) ? - delegate_store->total_capacity - total_used : - 0; -- -+ EMSG("In func %s var_info->MaximumVariableSize is %d\n", __func__, var_info->MaximumVariableSize); -+ EMSG("In func %s var_info->MaximumVariableStorageSize is %d\n", __func__, var_info->MaximumVariableStorageSize); -+ EMSG("In func %s var_info->RemainingVariableStorageSize is %d\n", __func__, var_info->RemainingVariableStorageSize); - return EFI_SUCCESS; - } - -@@ -358,6 +368,7 @@ efi_status_t uefi_variable_store_set_var_check_property( - struct uefi_variable_store *context, - const SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *property) - { -+ EMSG("In func %s\n", __func__); - efi_status_t status = check_name_terminator(property->Name, property->NameSize); - if (status != EFI_SUCCESS) return status; - -@@ -404,6 +415,7 @@ efi_status_t uefi_variable_store_get_var_check_property( - struct uefi_variable_store *context, - SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *property) - { -+ EMSG("In func %s\n", __func__); - efi_status_t status = check_name_terminator(property->Name, property->NameSize); - if (status != EFI_SUCCESS) return status; - -@@ -430,6 +442,7 @@ efi_status_t uefi_variable_store_get_var_check_property( - static void load_variable_index( - struct uefi_variable_store *context) - { -+ EMSG("In func %s\n", __func__); - struct storage_backend *persistent_store = context->persistent_store.storage_backend; - - if (persistent_store) { -@@ -444,6 +457,7 @@ static void load_variable_index( - context->index_sync_buffer_size, - context->index_sync_buffer, - &data_len); -+ EMSG("In func %s get status is %d\n", __func__, psa_status); - - if (psa_status == PSA_SUCCESS) { - -@@ -455,6 +469,7 @@ static void load_variable_index( - static efi_status_t sync_variable_index( - struct uefi_variable_store *context) - { -+ EMSG("In func %s\n", __func__); - efi_status_t status = EFI_SUCCESS; - - /* Sync the varibale index to storage if anything is dirty */ -@@ -479,6 +494,7 @@ static efi_status_t sync_variable_index( - data_len, - context->index_sync_buffer, - PSA_STORAGE_FLAG_NONE); -+ EMSG("In func %s set status is %d\n", __func__, psa_status); - - status = psa_to_efi_storage_status(psa_status); - } -@@ -490,6 +506,7 @@ static efi_status_t sync_variable_index( - static efi_status_t check_capabilities( - const SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var) - { -+ EMSG("In func %s\n", __func__); - efi_status_t status = EFI_SUCCESS; - - /* Check if any unsupported variable attributes have been requested */ -@@ -551,6 +568,7 @@ static efi_status_t store_variable_data( - const struct variable_info *info, - const SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var) - { -+ EMSG("In func %s\n", __func__); - psa_status_t psa_status = PSA_SUCCESS; - size_t data_len = var->DataSize; - const uint8_t *data = (const uint8_t*)var + -@@ -599,6 +617,7 @@ static efi_status_t remove_variable_data( - struct uefi_variable_store *context, - const struct variable_info *info) - { -+ EMSG("In func %s\n", __func__); - psa_status_t psa_status = PSA_SUCCESS; - - if (info->is_variable_set) { -@@ -613,6 +632,7 @@ static efi_status_t remove_variable_data( - delegate_store->storage_backend->context, - context->owner_id, - info->metadata.uid); -+ EMSG("In func %s status is %d\n", __func__, psa_status); - } - } - -@@ -625,6 +645,7 @@ static efi_status_t load_variable_data( - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var, - size_t max_data_len) - { -+ EMSG("In func %s\n", __func__); - psa_status_t psa_status = PSA_SUCCESS; - size_t data_len = 0; - uint8_t *data = (uint8_t*)var + -@@ -644,6 +665,7 @@ static efi_status_t load_variable_data( - max_data_len, - data, - &data_len); -+ EMSG("In func %s get status is %d\n", __func__, psa_status); - - var->DataSize = data_len; - } -@@ -771,6 +793,7 @@ static void purge_orphan_index_entries( - context->owner_id, - info->metadata.uid, - &storage_info); -+ EMSG("In func %s get status is %d\n", __func__, psa_status); - - if (psa_status != PSA_SUCCESS) { - -@@ -802,6 +825,7 @@ static size_t space_used( - uint32_t attributes, - struct storage_backend *storage_backend) - { -+ EMSG("In func %s\n", __func__); - if (!storage_backend) return 0; - - size_t total_used = 0; -@@ -823,6 +847,7 @@ static size_t space_used( - context->owner_id, - info->metadata.uid, - &storage_info); -+ EMSG("In func %s get status is %d\n", __func__, psa_status); - - if (psa_status == PSA_SUCCESS) total_used += storage_info.size; - } -diff --git a/components/service/smm_variable/provider/smm_variable_provider.c b/components/service/smm_variable/provider/smm_variable_provider.c -index 52e68d09..1f362c17 100644 ---- a/components/service/smm_variable/provider/smm_variable_provider.c -+++ b/components/service/smm_variable/provider/smm_variable_provider.c -@@ -9,6 +9,7 @@ - #include - #include - #include "smm_variable_provider.h" -+#include - - /* Service request handlers */ - static rpc_status_t get_variable_handler(void *context, struct call_req *req); -@@ -252,17 +253,18 @@ static rpc_status_t set_variable_handler(void *context, struct call_req* req) - - static rpc_status_t query_variable_info_handler(void *context, struct call_req* req) - { -+ EMSG("In func %s \n", __func__); - efi_status_t efi_status = EFI_INVALID_PARAMETER; - struct smm_variable_provider *this_instance = (struct smm_variable_provider*)context; - - const struct call_param_buf *req_buf = call_req_get_req_buf(req); -- -+ EMSG("In func %s sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO) is %d\n", __func__, sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO)); - if (req_buf->data_len >= sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO)) { - - struct call_param_buf *resp_buf = call_req_get_resp_buf(req); - - if (resp_buf->size >= req_buf->data_len) { -- -+ - memmove(resp_buf->data, req_buf->data, req_buf->data_len); - - efi_status = uefi_variable_store_query_variable_info( -@@ -272,6 +274,7 @@ static rpc_status_t query_variable_info_handler(void *context, struct call_req* - if (efi_status == EFI_SUCCESS) { - - resp_buf->data_len = sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO); -+ EMSG("In func %s resp_buf->data_len is %d\n", __func__, resp_buf->data_len); - } - } - else { diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0027-Configure-storage-size.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0027-Configure-storage-size.patch deleted file mode 100644 index ddf95034..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0027-Configure-storage-size.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 3e472452bca64ed90071b61416460f1a69382293 Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar -Date: Thu, 16 Dec 2021 21:31:40 +0000 -Subject: [PATCH] Configure storage size - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Gowtham Suresh Kumar - - ---- - .../service/smm_variable/backend/uefi_variable_store.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index 0c371e94..b7cfff40 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -87,6 +87,7 @@ static efi_status_t check_name_terminator( - * may be overridden using uefi_variable_store_set_storage_limits() - */ - #define DEFAULT_MAX_VARIABLE_SIZE (2048) -+#define CONFIGURE_STORAGE_SIZE (50) - - efi_status_t uefi_variable_store_init( - struct uefi_variable_store *context, -@@ -100,13 +101,13 @@ efi_status_t uefi_variable_store_init( - /* Initialise persistent store defaults */ - context->persistent_store.is_nv = true; - context->persistent_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE; -- context->persistent_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables; -+ context->persistent_store.total_capacity = CONFIGURE_STORAGE_SIZE * max_variables; - context->persistent_store.storage_backend = persistent_store; - - /* Initialise volatile store defaults */ - context->volatile_store.is_nv = false; - context->volatile_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE; -- context->volatile_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables; -+ context->volatile_store.total_capacity = CONFIGURE_STORAGE_SIZE * max_variables; - context->volatile_store.storage_backend = volatile_store; - - context->owner_id = owner_id; diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0028-Revert-Add-uefi-variable-append-write-support.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0028-Revert-Add-uefi-variable-append-write-support.patch deleted file mode 100644 index 9bb3f91d..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0028-Revert-Add-uefi-variable-append-write-support.patch +++ /dev/null @@ -1,1219 +0,0 @@ -From da3bd0721f2403562b6ae6d1939f5f331fd141bb Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar -Date: Wed, 15 Dec 2021 17:23:25 +0000 -Subject: [PATCH] Revert "Add uefi variable append write support" - -This reverts commit e8758d9aff0eddae81a74b0191cd027bcdc92c04. - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Gowtham Suresh Kumar - - ---- - .../backend/test/variable_index_tests.cpp | 90 +++--- - .../backend/test/variable_store_tests.cpp | 72 +---- - .../backend/uefi_variable_store.c | 293 ++++++------------ - .../smm_variable/backend/variable_index.c | 95 ++++-- - .../smm_variable/backend/variable_index.h | 58 ++-- - .../backend/variable_index_iterator.c | 4 +- - .../backend/variable_index_iterator.h | 2 +- - .../service/smm_variable_service_tests.cpp | 48 --- - protocols/service/smm_variable/parameters.h | 3 - - 9 files changed, 239 insertions(+), 426 deletions(-) - -diff --git a/components/service/smm_variable/backend/test/variable_index_tests.cpp b/components/service/smm_variable/backend/test/variable_index_tests.cpp -index 8edc0e70..c8bacf97 100644 ---- a/components/service/smm_variable/backend/test/variable_index_tests.cpp -+++ b/components/service/smm_variable/backend/test/variable_index_tests.cpp -@@ -69,37 +69,34 @@ TEST_GROUP(UefiVariableIndexTests) - - void create_variables() - { -- struct variable_info *info = NULL; -+ const struct variable_info *info = NULL; - -- info = variable_index_add_entry( -+ info = variable_index_add_variable( - &m_variable_index, - &guid_1, - name_1.size() * sizeof(int16_t), -- name_1.data()); -- CHECK_TRUE(info); -- variable_index_set_variable( -- info, -+ name_1.data(), - EFI_VARIABLE_BOOTSERVICE_ACCESS); - -- info = variable_index_add_entry( -+ CHECK_TRUE(info); -+ -+ info = variable_index_add_variable( - &m_variable_index, - &guid_2, - name_2.size() * sizeof(int16_t), -- name_2.data()); -- CHECK_TRUE(info); -- variable_index_set_variable( -- info, -+ name_2.data(), - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS); - -- info = variable_index_add_entry( -+ CHECK_TRUE(info); -+ -+ info = variable_index_add_variable( - &m_variable_index, - &guid_1, - name_3.size() * sizeof(int16_t), -- name_3.data()); -- CHECK_TRUE(info); -- variable_index_set_variable( -- info, -+ name_3.data(), - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS); -+ -+ CHECK_TRUE(info); - } - - static const size_t MAX_VARIABLES = 10; -@@ -114,7 +111,7 @@ TEST_GROUP(UefiVariableIndexTests) - - TEST(UefiVariableIndexTests, emptyIndexOperations) - { -- struct variable_info *info = NULL; -+ const struct variable_info *info = NULL; - - /* Expect not to find a variable */ - info = variable_index_find( -@@ -133,34 +130,36 @@ TEST(UefiVariableIndexTests, emptyIndexOperations) - POINTERS_EQUAL(NULL, info); - - /* Remove should silently return */ -- variable_index_clear_variable( -+ variable_index_remove_variable( - &m_variable_index, - info); - } - - TEST(UefiVariableIndexTests, addWithOversizedName) - { -- struct variable_info *info = NULL; -+ const struct variable_info *info = NULL; - std::vector name; - - name = to_variable_name(L"a long variable name that exceeds the length limit"); - -- info = variable_index_add_entry( -+ info = variable_index_add_variable( - &m_variable_index, - &guid_1, - name.size() * sizeof(int16_t), -- name.data()); -+ name.data(), -+ EFI_VARIABLE_BOOTSERVICE_ACCESS); - - /* Expect the add to fail because of an oversized name */ - POINTERS_EQUAL(NULL, info); - - name = to_variable_name(L"a long variable name that fits!"); - -- info = variable_index_add_entry( -+ info = variable_index_add_variable( - &m_variable_index, - &guid_1, - name.size() * sizeof(int16_t), -- name.data()); -+ name.data(), -+ EFI_VARIABLE_BOOTSERVICE_ACCESS); - - /* Expect the add succeed */ - CHECK_TRUE(info); -@@ -168,17 +167,18 @@ TEST(UefiVariableIndexTests, addWithOversizedName) - - TEST(UefiVariableIndexTests, variableIndexFull) - { -- struct variable_info *info = NULL; -+ const struct variable_info *info = NULL; - EFI_GUID guid = guid_1; - - /* Expect to be able to fill the index */ - for (size_t i = 0; i < MAX_VARIABLES; ++i) { - -- info = variable_index_add_entry( -+ info = variable_index_add_variable( - &m_variable_index, - &guid, - name_1.size() * sizeof(int16_t), -- name_1.data()); -+ name_1.data(), -+ EFI_VARIABLE_BOOTSERVICE_ACCESS); - - CHECK_TRUE(info); - -@@ -187,11 +187,12 @@ TEST(UefiVariableIndexTests, variableIndexFull) - } - - /* Variable index should now be full */ -- info = variable_index_add_entry( -+ info = variable_index_add_variable( - &m_variable_index, - &guid, - name_1.size() * sizeof(int16_t), -- name_1.data()); -+ name_1.data(), -+ EFI_VARIABLE_BOOTSERVICE_ACCESS); - - POINTERS_EQUAL(NULL, info); - } -@@ -322,7 +323,7 @@ TEST(UefiVariableIndexTests, dumpBufferTooSmall) - TEST(UefiVariableIndexTests, removeVariable) - { - uint8_t buffer[MAX_VARIABLES * sizeof(struct variable_metadata)]; -- struct variable_info *info = NULL; -+ const struct variable_info *info = NULL; - - create_variables(); - -@@ -333,7 +334,7 @@ TEST(UefiVariableIndexTests, removeVariable) - name_2.size() * sizeof(int16_t), - name_2.data()); - -- variable_index_clear_variable( -+ variable_index_remove_variable( - &m_variable_index, - info); - -@@ -351,7 +352,7 @@ TEST(UefiVariableIndexTests, removeVariable) - name_1.size() * sizeof(int16_t), - name_1.data()); - -- variable_index_clear_variable( -+ variable_index_remove_variable( - &m_variable_index, - info); - -@@ -369,7 +370,7 @@ TEST(UefiVariableIndexTests, removeVariable) - name_3.size() * sizeof(int16_t), - name_3.data()); - -- variable_index_clear_variable( -+ variable_index_remove_variable( - &m_variable_index, - info); - -@@ -394,7 +395,7 @@ TEST(UefiVariableIndexTests, removeVariable) - - TEST(UefiVariableIndexTests, checkIterator) - { -- struct variable_info *info = NULL; -+ const struct variable_info *info = NULL; - - create_variables(); - -@@ -418,7 +419,7 @@ TEST(UefiVariableIndexTests, checkIterator) - UNSIGNED_LONGS_EQUAL(name_2.size() * sizeof(int16_t), info->metadata.name_size); - MEMCMP_EQUAL(name_2.data(), info->metadata.name, info->metadata.name_size); - -- struct variable_info *info_to_remove = info; -+ const struct variable_info *info_to_remove = info; - - variable_index_iterator_next(&iter); - CHECK_FALSE(variable_index_iterator_is_done(&iter)); -@@ -434,8 +435,7 @@ TEST(UefiVariableIndexTests, checkIterator) - CHECK_TRUE(variable_index_iterator_is_done(&iter)); - - /* Now remove the middle entry */ -- variable_index_clear_variable(&m_variable_index, info_to_remove); -- variable_index_remove_unused_entry(&m_variable_index, info_to_remove); -+ variable_index_remove_variable(&m_variable_index, info_to_remove); - - /* Iterate again but this time there should only be two entries */ - variable_index_iterator_first(&iter, &m_variable_index); -@@ -478,7 +478,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsExistingVar) - constraints.max_size = 100; - - /* Set check constraints on one of the variables */ -- struct variable_info *info = variable_index_find( -+ const struct variable_info *info = variable_index_find( - &m_variable_index, - &guid_2, - name_2.size() * sizeof(int16_t), -@@ -488,7 +488,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsExistingVar) - CHECK_TRUE(info->is_variable_set); - CHECK_FALSE(info->is_constraints_set); - -- variable_index_set_constraints(info, &constraints); -+ variable_index_update_constraints(info, &constraints); - - CHECK_TRUE(info->is_constraints_set); - CHECK_TRUE(info->is_variable_set); -@@ -496,7 +496,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsExistingVar) - /* Remove the variable but still expect the variable to be indexed - * because of the set constraints. - */ -- variable_index_clear_variable( -+ variable_index_remove_variable( - &m_variable_index, - info); - -@@ -588,7 +588,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsNonExistingVar) - constraints.max_size = 100; - - /* Initially expect no variable_info */ -- struct variable_info *info = variable_index_find( -+ const struct variable_info *info = variable_index_find( - &m_variable_index, - &guid_2, - name_2.size() * sizeof(int16_t), -@@ -597,19 +597,19 @@ TEST(UefiVariableIndexTests, setCheckConstraintsNonExistingVar) - CHECK_FALSE(info); - - /* Adding the check constraints should result in an entry being added */ -- info = variable_index_add_entry( -+ info = variable_index_add_constraints( - &m_variable_index, - &guid_2, - name_2.size() * sizeof(int16_t), -- name_2.data()); -- CHECK_TRUE(info); -+ name_2.data(), -+ &constraints); - -- variable_index_set_constraints(info, &constraints); -+ CHECK_TRUE(info); - CHECK_FALSE(info->is_variable_set); - CHECK_TRUE(info->is_constraints_set); - - /* Updating the variable should cause the variable to be marked as set */ -- variable_index_set_variable(info, EFI_VARIABLE_RUNTIME_ACCESS); -+ variable_index_update_variable(info, EFI_VARIABLE_RUNTIME_ACCESS); - - CHECK_TRUE(info->is_variable_set); - CHECK_TRUE(info->is_constraints_set); -diff --git a/components/service/smm_variable/backend/test/variable_store_tests.cpp b/components/service/smm_variable/backend/test/variable_store_tests.cpp -index e90c1067..235642e6 100644 ---- a/components/service/smm_variable/backend/test/variable_store_tests.cpp -+++ b/components/service/smm_variable/backend/test/variable_store_tests.cpp -@@ -305,37 +305,6 @@ TEST(UefiVariableStoreTests, setGetRoundtrip) - /* Expect got variable data to be the same as the set value */ - UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); - LONGS_EQUAL(0, input_data.compare(output_data)); -- -- /* Extend the variable using an append write */ -- std::string input_data2 = " jumps over the lazy dog"; -- -- status = set_variable(var_name, input_data2, EFI_VARIABLE_APPEND_WRITE); -- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -- -- status = get_variable(var_name, output_data); -- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -- -- std::string expected_output = input_data + input_data2; -- -- /* Expect the append write operation to have extended the variable */ -- UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size()); -- LONGS_EQUAL(0, expected_output.compare(output_data)); -- -- /* Expect query_variable_info to return consistent values */ -- size_t max_variable_storage_size = 0; -- size_t remaining_variable_storage_size = 0; -- size_t max_variable_size = 0; -- -- status = query_variable_info( -- 0, -- &max_variable_storage_size, -- &remaining_variable_storage_size, -- &max_variable_size); -- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -- -- UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY, max_variable_storage_size); -- UNSIGNED_LONGLONGS_EQUAL(MAX_VARIABLE_SIZE, max_variable_size); -- UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY - expected_output.size(), remaining_variable_storage_size); - } - - TEST(UefiVariableStoreTests, persistentSetGet) -@@ -345,8 +314,7 @@ TEST(UefiVariableStoreTests, persistentSetGet) - std::string input_data = "quick brown fox"; - std::string output_data; - -- status = set_variable(var_name, input_data, -- EFI_VARIABLE_NON_VOLATILE); -+ status = set_variable(var_name, input_data, EFI_VARIABLE_NON_VOLATILE); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - - status = get_variable(var_name, output_data); -@@ -356,22 +324,6 @@ TEST(UefiVariableStoreTests, persistentSetGet) - UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); - LONGS_EQUAL(0, input_data.compare(output_data)); - -- /* Extend the variable using an append write */ -- std::string input_data2 = " jumps over the lazy dog"; -- -- status = set_variable(var_name, input_data2, -- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_APPEND_WRITE); -- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -- -- status = get_variable(var_name, output_data); -- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -- -- std::string expected_output = input_data + input_data2; -- -- /* Expect the append write operation to have extended the variable */ -- UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size()); -- LONGS_EQUAL(0, expected_output.compare(output_data)); -- - /* Expect the variable to survive a power cycle */ - power_cycle(); - -@@ -380,24 +332,8 @@ TEST(UefiVariableStoreTests, persistentSetGet) - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - - /* Still expect got variable data to be the same as the set value */ -- UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size()); -- LONGS_EQUAL(0, expected_output.compare(output_data)); -- -- /* Expect query_variable_info to return consistent values */ -- size_t max_variable_storage_size = 0; -- size_t remaining_variable_storage_size = 0; -- size_t max_variable_size = 0; -- -- status = query_variable_info( -- EFI_VARIABLE_NON_VOLATILE, -- &max_variable_storage_size, -- &remaining_variable_storage_size, -- &max_variable_size); -- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -- -- UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY, max_variable_storage_size); -- UNSIGNED_LONGLONGS_EQUAL(MAX_VARIABLE_SIZE, max_variable_size); -- UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY - expected_output.size(), remaining_variable_storage_size); -+ UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); -+ LONGS_EQUAL(0, input_data.compare(output_data)); - } - - TEST(UefiVariableStoreTests, removeVolatile) -@@ -436,7 +372,7 @@ TEST(UefiVariableStoreTests, removePersistent) - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - - /* Remove by setting with zero data length */ -- status = set_variable(var_name, std::string(), EFI_VARIABLE_NON_VOLATILE); -+ status = set_variable(var_name, std::string(), 0); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - - /* Expect variable to no loger exist */ -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index b7cfff40..6a90f46a 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -47,20 +47,6 @@ static efi_status_t load_variable_data( - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var, - size_t max_data_len); - --static psa_status_t store_overwrite( -- struct delegate_variable_store *delegate_store, -- uint32_t client_id, -- uint64_t uid, -- size_t data_length, -- const void *data); -- --static psa_status_t store_append_write( -- struct delegate_variable_store *delegate_store, -- uint32_t client_id, -- uint64_t uid, -- size_t data_length, -- const void *data); -- - static void purge_orphan_index_entries( - struct uefi_variable_store *context); - -@@ -168,45 +154,40 @@ efi_status_t uefi_variable_store_set_variable( - struct uefi_variable_store *context, - const SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var) - { -- bool should_sync_index = false; -- -- /* Validate incoming request */ - efi_status_t status = check_name_terminator(var->Name, var->NameSize); - if (status != EFI_SUCCESS) return status; - - status = check_capabilities(var); -+ bool should_sync_index = false; -+ - if (status != EFI_SUCCESS) return status; - -- /* Find an existing entry in the variable index or add a new one */ -- struct variable_info *info = variable_index_find( -+ /* Find in index */ -+ const struct variable_info *info = variable_index_find( - &context->variable_index, - &var->Guid, - var->NameSize, - var->Name); - -- if (!info) { -+ if (info) { - -- info = variable_index_add_entry( -- &context->variable_index, -- &var->Guid, -- var->NameSize, -- var->Name); -+ /* Variable info already exists */ -+ status = check_access_permitted_on_set(context, info, var); - -- if (!info) return EFI_OUT_OF_RESOURCES; -- } -+ if (status == EFI_SUCCESS) { - -- /* Control access */ -- status = check_access_permitted_on_set(context, info, var); -+ should_sync_index = -+ (var->Attributes & EFI_VARIABLE_NON_VOLATILE) || -+ (info->is_variable_set && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)); - -- if (status == EFI_SUCCESS) { -+ if (var->DataSize) { - -- /* Access permitted */ -- if (info->is_variable_set) { -- -- /* It's a request to update to an existing variable */ -- if (!(var->Attributes & -- (EFI_VARIABLE_APPEND_WRITE | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK)) && -- !var->DataSize) { -+ /* It's a set rather than a remove operation */ -+ variable_index_update_variable( -+ info, -+ var->Attributes); -+ } -+ else { - - /* It's a remove operation - for a remove, the variable - * data must be removed from the storage backend before -@@ -215,30 +196,31 @@ efi_status_t uefi_variable_store_set_variable( - * the storage backend without a corresponding index entry. - */ - remove_variable_data(context, info); -- variable_index_clear_variable(&context->variable_index, info); -+ variable_index_remove_variable(&context->variable_index, info); - -- should_sync_index = (var->Attributes & EFI_VARIABLE_NON_VOLATILE); -- } -- else { -- -- /* It's a set operation where variable data is potentially -- * being overwritten or extended. -- */ -- if ((var->Attributes & ~EFI_VARIABLE_APPEND_WRITE) != info->metadata.attributes) { -- -- /* Modifying attributes is forbidden */ -- return EFI_INVALID_PARAMETER; -- } -+ /* Variable info no longer valid */ -+ info = NULL; - } - } - else { - -- /* It's a request to create a new variable */ -- variable_index_set_variable(info, var->Attributes); -- -- should_sync_index = (var->Attributes & EFI_VARIABLE_NON_VOLATILE); -+ /* Access forbidden */ -+ info = NULL; - } - } -+ else if (var->DataSize) { -+ -+ /* It's a new variable */ -+ info = variable_index_add_variable( -+ &context->variable_index, -+ &var->Guid, -+ var->NameSize, -+ var->Name, -+ var->Attributes); -+ -+ if (!info) status = EFI_OUT_OF_RESOURCES; -+ should_sync_index = info && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE); -+ } - - /* The order of these operations is important. For an update - * or create operation, The variable index is always synchronized -@@ -254,13 +236,11 @@ efi_status_t uefi_variable_store_set_variable( - } - - /* Store any variable data to the storage backend */ -- if (info->is_variable_set && (status == EFI_SUCCESS)) { -+ if (info && (status == EFI_SUCCESS)) { - - status = store_variable_data(context, info, var); - } - -- variable_index_remove_unused_entry(&context->variable_index, info); -- - return status; - } - -@@ -373,41 +353,53 @@ efi_status_t uefi_variable_store_set_var_check_property( - efi_status_t status = check_name_terminator(property->Name, property->NameSize); - if (status != EFI_SUCCESS) return status; - -- /* Find in index or create a new entry */ -- struct variable_info *info = variable_index_find( -+ /* Find in index */ -+ const struct variable_info *info = variable_index_find( - &context->variable_index, - &property->Guid, - property->NameSize, - property->Name); - -- if (!info) { -+ if (info) { - -- info = variable_index_add_entry( -- &context->variable_index, -- &property->Guid, -- property->NameSize, -- property->Name); -+ /* Applying check constraints to an existing variable that may have -+ * constraints already set. These could constrain the setting of -+ * the constraints. -+ */ -+ struct variable_constraints constraints = info->check_constraints; -+ -+ status = variable_checker_set_constraints( -+ &constraints, -+ info->is_constraints_set, -+ &property->VariableProperty); -+ -+ if (status == EFI_SUCCESS) { - -- if (!info) return EFI_OUT_OF_RESOURCES; -+ variable_index_update_constraints(info, &constraints); -+ } - } -+ else { - -- /* Applying check constraints to an existing variable that may have -- * constraints already set. These could constrain the setting of -- * the constraints. -- */ -- struct variable_constraints constraints = info->check_constraints; -+ /* Applying check constraints for a new variable */ -+ struct variable_constraints constraints; - -- status = variable_checker_set_constraints( -- &constraints, -- info->is_constraints_set, -- &property->VariableProperty); -+ status = variable_checker_set_constraints( -+ &constraints, -+ false, -+ &property->VariableProperty); - -- if (status == EFI_SUCCESS) { -+ if (status == EFI_SUCCESS) { - -- variable_index_set_constraints(info, &constraints); -- } -+ info = variable_index_add_constraints( -+ &context->variable_index, -+ &property->Guid, -+ property->NameSize, -+ property->Name, -+ &constraints); - -- variable_index_remove_unused_entry(&context->variable_index, info); -+ if (!info) status = EFI_OUT_OF_RESOURCES; -+ } -+ } - - return status; - } -@@ -514,8 +506,7 @@ static efi_status_t check_capabilities( - if (var->Attributes & ~( - EFI_VARIABLE_NON_VOLATILE | - EFI_VARIABLE_BOOTSERVICE_ACCESS | -- EFI_VARIABLE_RUNTIME_ACCESS | -- EFI_VARIABLE_APPEND_WRITE)) { -+ EFI_VARIABLE_RUNTIME_ACCESS)) { - - /* An unsupported attribute has been requested */ - status = EFI_UNSUPPORTED; -@@ -561,6 +552,17 @@ static efi_status_t check_access_permitted_on_set( - var->DataSize); - } - -+ if ((status == EFI_SUCCESS) && var->DataSize) { -+ -+ /* Restrict which attributes can be modified for an existing variable */ -+ if ((var->Attributes & EFI_VARIABLE_NON_VOLATILE) != -+ (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) { -+ -+ /* Don't permit change of storage class */ -+ status = EFI_INVALID_PARAMETER; -+ } -+ } -+ - return status; - } - -@@ -581,33 +583,20 @@ static efi_status_t store_variable_data( - - if (delegate_store->storage_backend) { - -- if (!(var->Attributes & EFI_VARIABLE_APPEND_WRITE)) { -- -- /* Create or overwrite variable data */ -- psa_status = store_overwrite( -- delegate_store, -- context->owner_id, -- info->metadata.uid, -- data_len, -- data); -- } -- else { -- -- /* Append new data to existing variable data */ -- psa_status = store_append_write( -- delegate_store, -- context->owner_id, -- info->metadata.uid, -- data_len, -- data); -- } -+ psa_status = delegate_store->storage_backend->interface->set( -+ delegate_store->storage_backend->context, -+ context->owner_id, -+ info->metadata.uid, -+ data_len, -+ data, -+ PSA_STORAGE_FLAG_NONE); - } - - if ((psa_status != PSA_SUCCESS) && delegate_store->is_nv) { - - /* A storage failure has occurred so attempt to fix any -- * mismatch between the variable index and stored NV variables. -- */ -+ * mismatch between the variable index and stored NV variables. -+ */ - purge_orphan_index_entries(context); - } - -@@ -674,100 +663,6 @@ static efi_status_t load_variable_data( - return psa_to_efi_storage_status(psa_status); - } - --static psa_status_t store_overwrite( -- struct delegate_variable_store *delegate_store, -- uint32_t client_id, -- uint64_t uid, -- size_t data_length, -- const void *data) --{ -- /* Police maximum variable size limit */ -- if (data_length > delegate_store->max_variable_size) return PSA_ERROR_INVALID_ARGUMENT; -- -- psa_status_t psa_status = delegate_store->storage_backend->interface->set( -- delegate_store->storage_backend->context, -- client_id, -- uid, -- data_length, -- data, -- PSA_STORAGE_FLAG_NONE); -- -- return psa_status; --} -- --static psa_status_t store_append_write( -- struct delegate_variable_store *delegate_store, -- uint32_t client_id, -- uint64_t uid, -- size_t data_length, -- const void *data) --{ -- struct psa_storage_info_t storage_info; -- -- if (data_length == 0) return PSA_SUCCESS; -- -- psa_status_t psa_status = delegate_store->storage_backend->interface->get_info( -- delegate_store->storage_backend->context, -- client_id, -- uid, -- &storage_info); -- -- if (psa_status != PSA_SUCCESS) return psa_status; -- -- /* Determine size of appended variable */ -- size_t new_size = storage_info.size + data_length; -- -- /* Defend against integer overflow */ -- if (new_size < storage_info.size) return PSA_ERROR_INVALID_ARGUMENT; -- -- /* Police maximum variable size limit */ -- if (new_size > delegate_store->max_variable_size) return PSA_ERROR_INVALID_ARGUMENT; -- -- /* Storage backend doesn't support an append operation so we need -- * need to read the current variable data, extend it and write it back. -- */ -- uint8_t *rw_buf = malloc(new_size); -- if (!rw_buf) return PSA_ERROR_INSUFFICIENT_MEMORY; -- -- size_t old_size = 0; -- psa_status = delegate_store->storage_backend->interface->get( -- delegate_store->storage_backend->context, -- client_id, -- uid, -- 0, -- new_size, -- rw_buf, -- &old_size); -- -- if (psa_status == PSA_SUCCESS) { -- -- if ((old_size + data_length) <= new_size) { -- -- /* Extend the variable data */ -- memcpy(&rw_buf[old_size], data, data_length); -- -- psa_status = delegate_store->storage_backend->interface->set( -- delegate_store->storage_backend->context, -- client_id, -- uid, -- old_size + data_length, -- rw_buf, -- storage_info.flags); -- } -- else { -- -- /* There's a mismatch between the length obtained from -- * get_info() and the subsequent length returned by get(). -- */ -- psa_status = PSA_ERROR_STORAGE_FAILURE; -- } -- } -- -- free(rw_buf); -- -- return psa_status; --} -- - static void purge_orphan_index_entries( - struct uefi_variable_store *context) - { -@@ -782,7 +677,7 @@ static void purge_orphan_index_entries( - */ - while (!variable_index_iterator_is_done(&iter)) { - -- struct variable_info *info = variable_index_iterator_current(&iter); -+ const struct variable_info *info = variable_index_iterator_current(&iter); - - if (info->is_variable_set && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) { - -@@ -799,7 +694,7 @@ static void purge_orphan_index_entries( - if (psa_status != PSA_SUCCESS) { - - /* Detected a mismatch between the index and storage */ -- variable_index_clear_variable(&context->variable_index, info); -+ variable_index_remove_variable(&context->variable_index, info); - any_orphans = true; - } - } -diff --git a/components/service/smm_variable/backend/variable_index.c b/components/service/smm_variable/backend/variable_index.c -index a8a55753..99d7c97a 100644 ---- a/components/service/smm_variable/backend/variable_index.c -+++ b/components/service/smm_variable/backend/variable_index.c -@@ -132,13 +132,13 @@ size_t variable_index_max_dump_size( - return sizeof(struct variable_metadata) * context->max_variables; - } - --struct variable_info *variable_index_find( -- struct variable_index *context, -+const struct variable_info *variable_index_find( -+ const struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, - const int16_t *name) - { -- struct variable_info *result = NULL; -+ const struct variable_info *result = NULL; - int pos = find_variable(context, guid, name_size, name); - - if (pos >= 0) { -@@ -149,13 +149,13 @@ struct variable_info *variable_index_find( - return result; - } - --struct variable_info *variable_index_find_next( -+const struct variable_info *variable_index_find_next( - const struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, - const int16_t *name) - { -- struct variable_info *result = NULL; -+ const struct variable_info *result = NULL; - - if (name_size >= sizeof(int16_t)) { - -@@ -263,11 +263,12 @@ static struct variable_entry *add_entry( - return entry; - } - --struct variable_info *variable_index_add_entry( -+const struct variable_info *variable_index_add_variable( - struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, -- const int16_t *name) -+ const int16_t *name, -+ uint32_t attributes) - { - struct variable_info *info = NULL; - struct variable_entry *entry = add_entry(context, guid, name_size, name); -@@ -275,41 +276,40 @@ struct variable_info *variable_index_add_entry( - if (entry) { - - info = &entry->info; -+ -+ info->metadata.attributes = attributes; -+ info->is_variable_set = true; -+ -+ mark_dirty(entry); - } - - return info; - } - --void variable_index_remove_unused_entry( -+const struct variable_info *variable_index_add_constraints( - struct variable_index *context, -- struct variable_info *info) -+ const EFI_GUID *guid, -+ size_t name_size, -+ const int16_t *name, -+ const struct variable_constraints *constraints) - { -- if (info && -- !info->is_constraints_set && -- !info->is_variable_set) { -- -- struct variable_entry *entry = containing_entry(info); -- entry->in_use = false; -+ struct variable_info *info = NULL; -+ struct variable_entry *entry = add_entry(context, guid, name_size, name); - -- memset(info, 0, sizeof(struct variable_info)); -- } --} -+ if (entry) { - --void variable_index_set_variable( -- struct variable_info *info, -- uint32_t attributes) --{ -- struct variable_entry *entry = containing_entry(info); -+ info = &entry->info; - -- info->metadata.attributes = attributes; -- info->is_variable_set = true; -+ info->check_constraints = *constraints; -+ info->is_constraints_set = true; -+ } - -- mark_dirty(entry); -+ return info; - } - --void variable_index_clear_variable( -+void variable_index_remove_variable( - struct variable_index *context, -- struct variable_info *info) -+ const struct variable_info *info) - { - if (info) { - -@@ -318,17 +318,48 @@ void variable_index_clear_variable( - - /* Mark variable as no longer set */ - entry->info.is_variable_set = false; -+ -+ /* Entry may still be needed if check constraints were set */ -+ entry->in_use = info->is_constraints_set; -+ -+ if (!entry->in_use) { -+ -+ /* Entry not needed so wipe */ -+ memset(&entry->info, 0, sizeof(struct variable_info)); -+ } - } - } - --void variable_index_set_constraints( -- struct variable_info *info, -+void variable_index_update_variable( -+ const struct variable_info *info, -+ uint32_t attributes) -+{ -+ if (info) { -+ -+ struct variable_info *modified_info = (struct variable_info*)info; -+ struct variable_entry *entry = containing_entry(modified_info); -+ -+ if (!modified_info->is_variable_set || -+ (attributes != modified_info->metadata.attributes)) { -+ -+ /* The update changes the variable_info state */ -+ modified_info->is_variable_set = true; -+ modified_info->metadata.attributes = attributes; -+ mark_dirty(entry); -+ } -+ } -+} -+ -+void variable_index_update_constraints( -+ const struct variable_info *info, - const struct variable_constraints *constraints) - { - if (info) { - -- info->check_constraints = *constraints; -- info->is_constraints_set = true; -+ struct variable_info *modified_info = (struct variable_info*)info; -+ -+ modified_info->check_constraints = *constraints; -+ modified_info->is_constraints_set = true; - } - } - -diff --git a/components/service/smm_variable/backend/variable_index.h b/components/service/smm_variable/backend/variable_index.h -index 63f42ab6..e109d0d1 100644 ---- a/components/service/smm_variable/backend/variable_index.h -+++ b/components/service/smm_variable/backend/variable_index.h -@@ -119,8 +119,8 @@ size_t variable_index_max_dump_size( - * - * @return Pointer to variable_info or NULL - */ --struct variable_info *variable_index_find( -- struct variable_index *context, -+const struct variable_info *variable_index_find( -+ const struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, - const int16_t *name); -@@ -135,76 +135,78 @@ struct variable_info *variable_index_find( - * - * @return Pointer to variable_info or NULL - */ --struct variable_info *variable_index_find_next( -+const struct variable_info *variable_index_find_next( - const struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, - const int16_t *name); - - /** -- * @brief Add a new entry to the index -- * -- * An entry is needed either when a new variable is created or -- * when variable constraints are set for a variable that doesn't -- * yet exist. -+ * @brief Add a new variable to the index - * - * @param[in] context variable_index - * @param[in] guid The variable's guid - * @param[in] name_size The name parameter's size - * @param[in] name The variable's name -+ * @param[in] attributes The variable's attributes - * - * @return Pointer to variable_info or NULL - */ --struct variable_info *variable_index_add_entry( -+const struct variable_info *variable_index_add_variable( - struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, -- const int16_t *name); -+ const int16_t *name, -+ uint32_t attributes); - - /** -- * @brief Remove an unused entry from the index -+ * @brief Remove a variable from the index - * -- * Removes an entry if it is not in use. -+ * Removes a variable from the index if it exists. - * - * @param[in] context variable_index - * @param[in] info The variable info corresponding to the entry to remove - */ --void variable_index_remove_unused_entry( -+void variable_index_remove_variable( - struct variable_index *context, -- struct variable_info *info); -+ const struct variable_info *info); - - /** -- * @brief Set a variable to the index -- * -- * An entry for the variable must already exist. -+ * @brief Update a variable that's already in the index - * - * @param[in] info variable info - * @param[in] attributes The variable's attributes - */ --void variable_index_set_variable( -- struct variable_info *info, -+void variable_index_update_variable( -+ const struct variable_info *info, - uint32_t attributes); - - /** -- * @brief Clear a variable from the index -- * -- * Clears a variable from the index -+ * @brief Add a new check constraints object to the index - * - * @param[in] context variable_index -- * @param[in] info The variable info corresponding to the variable to clear -+ * @param[in] guid The variable's guid -+ * @param[in] name_size The name parameter's size -+ * @param[in] name The variable's name -+ * @param[in] constraints The check constraints -+ * -+ * @return Pointer to variable_info or NULL - */ --void variable_index_clear_variable( -+const struct variable_info *variable_index_add_constraints( - struct variable_index *context, -- struct variable_info *info); -+ const EFI_GUID *guid, -+ size_t name_size, -+ const int16_t *name, -+ const struct variable_constraints *constraints); - - /** -- * @brief Set a check constraints object associated with a variavle -+ * @brief Update variable constraints that are already in the index - * - * @param[in] info variable info - * @param[in] constraints The check constraints - */ --void variable_index_set_constraints( -- struct variable_info *info, -+void variable_index_update_constraints( -+ const struct variable_info *info, - const struct variable_constraints *constraints); - - /** -diff --git a/components/service/smm_variable/backend/variable_index_iterator.c b/components/service/smm_variable/backend/variable_index_iterator.c -index 8f8fc741..7cc6dc7a 100644 ---- a/components/service/smm_variable/backend/variable_index_iterator.c -+++ b/components/service/smm_variable/backend/variable_index_iterator.c -@@ -31,10 +31,10 @@ bool variable_index_iterator_is_done( - return iter->current_pos >= iter->variable_index->max_variables; - } - --struct variable_info *variable_index_iterator_current( -+const struct variable_info *variable_index_iterator_current( - const struct variable_index_iterator *iter) - { -- struct variable_info *current = NULL; -+ const struct variable_info *current = NULL; - - if (!variable_index_iterator_is_done(iter)) { - -diff --git a/components/service/smm_variable/backend/variable_index_iterator.h b/components/service/smm_variable/backend/variable_index_iterator.h -index 7ff77c50..f64a2c49 100644 ---- a/components/service/smm_variable/backend/variable_index_iterator.h -+++ b/components/service/smm_variable/backend/variable_index_iterator.h -@@ -54,7 +54,7 @@ bool variable_index_iterator_is_done( - * - * @return Pointer to variable_info or NULL - */ --struct variable_info *variable_index_iterator_current( -+const struct variable_info *variable_index_iterator_current( - const struct variable_index_iterator *iter); - - /** -diff --git a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -index 15556e9d..38c08ebe 100644 ---- a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -+++ b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -@@ -249,30 +249,6 @@ TEST(SmmVariableServiceTests, setAndGet) - UNSIGNED_LONGS_EQUAL(set_data.size(), get_data.size()); - LONGS_EQUAL(0, get_data.compare(set_data)); - -- /* Extend the variable using an append write */ -- std::string append_data = " values added with append write"; -- -- efi_status = m_client->set_variable( -- m_common_guid, -- var_name, -- append_data, -- EFI_VARIABLE_APPEND_WRITE); -- -- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -- -- efi_status = m_client->get_variable( -- m_common_guid, -- var_name, -- get_data); -- -- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -- -- std::string appended_data = set_data + append_data; -- -- /* Expect the append write operation to have extended the variable */ -- UNSIGNED_LONGLONGS_EQUAL(appended_data.size(), get_data.size()); -- LONGS_EQUAL(0, appended_data.compare(get_data)); -- - /* Expect remove to be permitted */ - efi_status = m_client->remove_variable(m_common_guid, var_name); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -@@ -303,30 +279,6 @@ TEST(SmmVariableServiceTests, setAndGetNv) - UNSIGNED_LONGS_EQUAL(set_data.size(), get_data.size()); - LONGS_EQUAL(0, get_data.compare(set_data)); - -- /* Extend the variable using an append write */ -- std::string append_data = " values added with append write"; -- -- efi_status = m_client->set_variable( -- m_common_guid, -- var_name, -- append_data, -- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_APPEND_WRITE); -- -- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -- -- efi_status = m_client->get_variable( -- m_common_guid, -- var_name, -- get_data); -- -- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -- -- std::string appended_data = set_data + append_data; -- -- /* Expect the append write operation to have extended the variable */ -- UNSIGNED_LONGLONGS_EQUAL(appended_data.size(), get_data.size()); -- LONGS_EQUAL(0, appended_data.compare(get_data)); -- - /* Expect remove to be permitted */ - efi_status = m_client->remove_variable(m_common_guid, var_name); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -diff --git a/protocols/service/smm_variable/parameters.h b/protocols/service/smm_variable/parameters.h -index 233f301b..1f795a9b 100644 ---- a/protocols/service/smm_variable/parameters.h -+++ b/protocols/service/smm_variable/parameters.h -@@ -47,9 +47,6 @@ typedef struct { - EFI_VARIABLE_HARDWARE_ERROR_RECORD | \ - EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \ - EFI_VARIABLE_APPEND_WRITE) --#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK \ -- (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \ -- EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) - - /** - * Parameter structure for SetVariable and GetVariable. diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0029-Change-UID-of-variable-index-in-SMM.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0029-Change-UID-of-variable-index-in-SMM.patch deleted file mode 100644 index caa1d9a9..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0029-Change-UID-of-variable-index-in-SMM.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 12e9b977e4c7515ce90fecc62630be394fd7da62 Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar -Date: Mon, 20 Dec 2021 19:54:39 +0000 -Subject: [PATCH] Change UID of variable index in SMM - -This patch fixes the os_indications setVariable() failure. The variable -index UID in SMM gateway which was 1 is changed in this patch. TFM has a -special usage for variable with UID 1, which makes it write once only. -This is not required for SMM variable index. - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Gowtham Suresh Kumar - - ---- - components/service/smm_variable/backend/uefi_variable_store.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index 6a90f46a..1bb869ae 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -67,7 +67,7 @@ static efi_status_t check_name_terminator( - size_t name_size); - - /* Private UID for storing the variable index */ --#define VARIABLE_INDEX_STORAGE_UID (1) -+#define VARIABLE_INDEX_STORAGE_UID (0x787) - - /* Default maximum variable size - - * may be overridden using uefi_variable_store_set_storage_limits() diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0030-Add-missing-features-to-setVariable.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0030-Add-missing-features-to-setVariable.patch deleted file mode 100644 index 244146a2..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0030-Add-missing-features-to-setVariable.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 55fc3dbfb0ec21b1239808d0dddae14fbb8bb5f3 Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar -Date: Mon, 20 Dec 2021 19:56:30 +0000 -Subject: [PATCH] Add missing features to setVariable() - -This patch resolves the failing tests in SCT related to -setVariable() function. The existing implementation is -missing few cases where error codes are returned when called -with certain paramters. These conditions are implemented in -this patch based on the explanation provided in uefi spec. - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Gowtham Suresh Kumar - - ---- - .../backend/uefi_variable_store.c | 29 ++++++++++++++++--- - 1 file changed, 25 insertions(+), 4 deletions(-) - -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index 1bb869ae..a1671074 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -161,6 +161,17 @@ efi_status_t uefi_variable_store_set_variable( - bool should_sync_index = false; - - if (status != EFI_SUCCESS) return status; -+ -+ /* -+ * Runtime access to a data variable implies boot service access. Attributes that have -+ * EFI_VARIABLE_RUNTIME_ACCESS set must also have EFI_VARIABLE_BOOTSERVICE_ACCESS set. -+ * The caller is responsible for following this rule. -+ */ -+ if((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS)) -+ { -+ if((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) != EFI_VARIABLE_BOOTSERVICE_ACCESS ) -+ return EFI_INVALID_PARAMETER; -+ } - - /* Find in index */ - const struct variable_info *info = variable_index_find( -@@ -221,6 +232,13 @@ efi_status_t uefi_variable_store_set_variable( - if (!info) status = EFI_OUT_OF_RESOURCES; - should_sync_index = info && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE); - } -+ else -+ { -+ /* Return EFI_NOT_FOUND when a remove operation is performed -+ * on variable that is not existing. -+ */ -+ status = EFI_NOT_FOUND; -+ } - - /* The order of these operations is important. For an update - * or create operation, The variable index is always synchronized -@@ -555,10 +573,13 @@ static efi_status_t check_access_permitted_on_set( - if ((status == EFI_SUCCESS) && var->DataSize) { - - /* Restrict which attributes can be modified for an existing variable */ -- if ((var->Attributes & EFI_VARIABLE_NON_VOLATILE) != -- (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) { -- -- /* Don't permit change of storage class */ -+ if (((var->Attributes & EFI_VARIABLE_NON_VOLATILE) != -+ (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) || -+ ((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) != -+ (info->metadata.attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) || -+ ((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) != -+ (info->metadata.attributes & EFI_VARIABLE_RUNTIME_ACCESS))) { -+ /* Don't permit change of attributes */ - status = EFI_INVALID_PARAMETER; - } - } diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0031-Add-invalid-parameter-check-in-getNextVariableName.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0031-Add-invalid-parameter-check-in-getNextVariableName.patch deleted file mode 100644 index 3990d82c..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0031-Add-invalid-parameter-check-in-getNextVariableName.patch +++ /dev/null @@ -1,55 +0,0 @@ -From dc3f134436ad6852f1bad9542232e84166843a7e Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar -Date: Mon, 20 Dec 2021 20:01:10 +0000 -Subject: [PATCH] Add invalid parameter check in getNextVariableName() - -This patch resolves the failing tests in SCT related to -getNextVariableName() function. The existing implementation is -missing few cases where error codes are returned when called -with certain paramters. These conditions are implemented in -this patch based on the explanation provided in uefi spec. - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Gowtham Suresh Kumar - - ---- - .../smm_variable/backend/uefi_variable_store.c | 18 +++++++++++++++++- - 1 file changed, 17 insertions(+), 1 deletion(-) - -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index a1671074..a57b3346 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -161,7 +161,7 @@ efi_status_t uefi_variable_store_set_variable( - bool should_sync_index = false; - - if (status != EFI_SUCCESS) return status; -- -+ - /* - * Runtime access to a data variable implies boot service access. Attributes that have - * EFI_VARIABLE_RUNTIME_ACCESS set must also have EFI_VARIABLE_BOOTSERVICE_ACCESS set. -@@ -310,6 +310,22 @@ efi_status_t uefi_variable_store_get_next_variable_name( - status = EFI_NOT_FOUND; - *total_length = 0; - -+ /* -+ * If input values of VariableName and VendorGuid are not a name and GUID of an -+ * existing variable, EFI_INVALID_PARAMETER is returned. -+ */ -+ if (cur->NameSize >= sizeof(int16_t)) { -+ /* -+ * Name must be at least one character long to accommodate -+ * the mandatory null terminator. -+ */ -+ if (cur->Name[0] != 0) { -+ const struct variable_info *var_info = variable_index_find(&context->variable_index,&cur->Guid,cur->NameSize,cur->Name); -+ if(var_info == NULL) -+ return EFI_INVALID_PARAMETER; -+ } -+ } -+ - const struct variable_info *info = variable_index_find_next( - &context->variable_index, - &cur->Guid, diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0032-smm_gateway-add-checks-for-null-attributes.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0032-smm_gateway-add-checks-for-null-attributes.patch deleted file mode 100644 index da3ddaf6..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0032-smm_gateway-add-checks-for-null-attributes.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 571ddac16048dfba4b25b04fe5cbd706c392b5ba Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath -Date: Fri, 24 Dec 2021 19:17:17 +0000 -Subject: [PATCH] smm_gateway: add checks for null attributes - -As par EDK-2 and EDK-2 test code, when a user issue's -setVariable() with 0 in attributes field, it means a variable -delete request. Currently, smm gatway doesn't handle this scenario. -This change is to add that support - -Signed-off-by: Vishnu Banavath - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath - - ---- - .../backend/uefi_variable_store.c | 28 ++++++++++++------- - 1 file changed, 18 insertions(+), 10 deletions(-) - -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index a57b3346..e8771c21 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -167,7 +167,9 @@ efi_status_t uefi_variable_store_set_variable( - * EFI_VARIABLE_RUNTIME_ACCESS set must also have EFI_VARIABLE_BOOTSERVICE_ACCESS set. - * The caller is responsible for following this rule. - */ -- if((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS)) -+ if (!var->Attributes) -+ EMSG("It might be a delete variable request\n"); -+ else if((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS)) - { - if((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) != EFI_VARIABLE_BOOTSERVICE_ACCESS ) - return EFI_INVALID_PARAMETER; -@@ -191,7 +193,7 @@ efi_status_t uefi_variable_store_set_variable( - (var->Attributes & EFI_VARIABLE_NON_VOLATILE) || - (info->is_variable_set && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)); - -- if (var->DataSize) { -+ if (var->DataSize && var->Attributes) { - - /* It's a set rather than a remove operation */ - variable_index_update_variable( -@@ -206,7 +208,9 @@ efi_status_t uefi_variable_store_set_variable( - * that it's never possible for an object to exist within - * the storage backend without a corresponding index entry. - */ -- remove_variable_data(context, info); -+ EMSG(" deleting variable %s \n",var->Name); -+ if (remove_variable_data(context, info) != PSA_SUCCESS) -+ EMSG(" deleting variable %s FAILED\n",var->Name); - variable_index_remove_variable(&context->variable_index, info); - - /* Variable info no longer valid */ -@@ -587,14 +591,18 @@ static efi_status_t check_access_permitted_on_set( - } - - if ((status == EFI_SUCCESS) && var->DataSize) { -- -+ /* Delete the variable with Attributes is 0 */ -+ if (!var->Attributes) { -+ EMSG("Null attributes, may be a delete variable request\n"); -+ status = EFI_SUCCESS; -+ } - /* Restrict which attributes can be modified for an existing variable */ -- if (((var->Attributes & EFI_VARIABLE_NON_VOLATILE) != -- (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) || -- ((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) != -- (info->metadata.attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) || -- ((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) != -- (info->metadata.attributes & EFI_VARIABLE_RUNTIME_ACCESS))) { -+ else if (((var->Attributes & EFI_VARIABLE_NON_VOLATILE) != -+ (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) || -+ ((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) != -+ (info->metadata.attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) || -+ ((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) != -+ (info->metadata.attributes & EFI_VARIABLE_RUNTIME_ACCESS))) { - /* Don't permit change of attributes */ - status = EFI_INVALID_PARAMETER; - } diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0033-Enhance-mbedtls-fetch-process.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0033-Enhance-mbedtls-fetch-process.patch deleted file mode 100644 index 02130b56..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0033-Enhance-mbedtls-fetch-process.patch +++ /dev/null @@ -1,258 +0,0 @@ -From 47db072e9ec749c6be7c0a27d64d7fbd75748d60 Mon Sep 17 00:00:00 2001 -From: Gyorgy Szing -Date: Wed, 8 Dec 2021 04:20:34 +0100 -Subject: [PATCH] Enhance mbedtls fetch process - -Update management of MbedTLS external component to be optimized -for download speed insted of availability. -The updated process is: - - check if binary is available. If yes configure build to use it - and stop. - - if not, check is source is available. If yes, build it and use - the resulting binary. - - if not, then download the source using git, compile it and use - the resulting binary - -The following variables can be set on the command line to alter the -behavior of the module: - - MBEDTLS_URL git repo URL to fetch from. - - MBEDTLS_REFSPEC revision to fetch - - MBEDTLS_SOURCE_DIR to specify location of source code in - local file syetem. - - MBEDTLS_INSTALL_DIR to specify location of binary. - -I.e. cmake -S <...> -B <...> -DMBEDTLS_INSTALL_DIR=~/mbedtls -will make the resulting binary installed to ~/mbedtls. This can be -used later to speed up a clean build an use the prebuilt binary. - -Change-Id: I8a9ad8b3303e6dfa0a7c9c3d7e4b4787b94d925a -Signed-off-by: Gyorgy Szing - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras - - ---- - external/MbedTLS/MbedTLS.cmake | 192 ++++++++++++++++++++------------- - 1 file changed, 119 insertions(+), 73 deletions(-) - -diff --git a/external/MbedTLS/MbedTLS.cmake b/external/MbedTLS/MbedTLS.cmake -index 3cbaed15..935be765 100644 ---- a/external/MbedTLS/MbedTLS.cmake -+++ b/external/MbedTLS/MbedTLS.cmake -@@ -1,96 +1,142 @@ - #------------------------------------------------------------------------------- --# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+# Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - # - # SPDX-License-Identifier: BSD-3-Clause - # - #------------------------------------------------------------------------------- - --# Determine the number of processes to run while running parallel builds. --# Pass -DPROCESSOR_COUNT= to cmake to override. --if(NOT DEFINED PROCESSOR_COUNT) -- include(ProcessorCount) -- ProcessorCount(PROCESSOR_COUNT) -- set(PROCESSOR_COUNT ${PROCESSOR_COUNT} CACHE STRING "Number of cores to use for parallel builds.") --endif() -+set(MBEDTLS_URL "https://github.com/ARMmbed/mbedtls.git" -+ CACHE STRING "Mbed TLS repository URL") -+set(MBEDTLS_REFSPEC "mbedtls-3.0.0" -+ CACHE STRING "Mbed TLS git refspec") -+set(MBEDTLS_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/mbedtls-src" -+ CACHE PATH "MbedTLS source directory") -+set(MBEDTLS_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbedtls_install" -+ CACHE PATH "Mbed TLS installation directory") - --set(MBEDTLS_URL "https://github.com/ARMmbed/mbedtls.git" CACHE STRING "Mbed TLS repository URL") --set(MBEDTLS_REFSPEC "mbedtls-3.0.0" CACHE STRING "Mbed TLS git refspec") --set(MBEDTLS_INSTALL_PATH "${CMAKE_CURRENT_BINARY_DIR}/mbedtls_install" CACHE PATH "Mbed TLS installation directory") --set(MBEDTLS_PACKAGE_PATH "${MBEDTLS_INSTALL_PATH}/lib/mbedtls/cmake" CACHE PATH "Mbed TLS CMake package directory") -+find_library(MBEDCRYPTO_LIB_FILE -+ NAMES libmbedcrypto.a mbedcrypto.a libmbedcrypto.lib mbedcrypto.lib -+ PATHS ${MBEDTLS_INSTALL_DIR} -+ PATH_SUFFIXES "lib" -+ DOC "Location of mberdrypto library." -+ NO_DEFAULT_PATH -+) - --include(FetchContent) -+set(MBEDCRYPTO_LIB_FILE ${MBEDCRYPTO_LIB_FILE}) -+unset(MBEDCRYPTO_LIB_FILE CACHE) - --# Checking git --find_program(GIT_COMMAND "git") --if (NOT GIT_COMMAND) -- message(FATAL_ERROR "Please install git") --endif() -+set(MBEDTLS_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/mbedtls-build") - --# Fetching Mbed TLS --FetchContent_Declare( -- mbedtls -- GIT_REPOSITORY ${MBEDTLS_URL} -- GIT_TAG ${MBEDTLS_REFSPEC} -- GIT_SHALLOW TRUE --) -+# Binary not found and it needs to be built. -+if (NOT MBEDCRYPTO_LIB_FILE) -+ # Determine the number of processes to run while running parallel builds. -+ # Pass -DPROCESSOR_COUNT= to cmake to override. -+ if(NOT DEFINED PROCESSOR_COUNT) -+ include(ProcessorCount) -+ ProcessorCount(PROCESSOR_COUNT) -+ set(PROCESSOR_COUNT ${PROCESSOR_COUNT} -+ CACHE STRING "Number of cores to use for parallel builds.") -+ endif() - --# FetchContent_GetProperties exports mbedtls_SOURCE_DIR and mbedtls_BINARY_DIR variables --FetchContent_GetProperties(mbedtls) --if(NOT mbedtls_POPULATED) -- message(STATUS "Fetching Mbed TLS") -- FetchContent_Populate(mbedtls) --endif() -+ # See if the source is available locally -+ find_file(MBEDCRYPTO_HEADER_FILE -+ NAMES crypto.h -+ PATHS ${MBEDTLS_SOURCE_DIR} -+ PATH_SUFFIXES "include/psa" -+ NO_DEFAULT_PATH -+ ) -+ set(MBEDCRYPTO_HEADER_FILE ${MBEDCRYPTO_HEADER_FILE}) -+ unset(MBEDCRYPTO_HEADER_FILE CACHE) - --# Convert the include path list to a string. Needed to make parameter passing to --# Mbed TLS build work fine. --string(REPLACE ";" "\\;" MBEDTLS_EXTRA_INCLUDES "${MBEDTLS_EXTRA_INCLUDES}") -+ # Source not found, fetch it. -+ if (NOT MBEDCRYPTO_HEADER_FILE) -+ include(FetchContent) - --find_package(Python3 COMPONENTS Interpreter) --if (NOT Python3_Interpreter_FOUND) -- message(FATAL_ERROR "Python 3 interpreter not found.") --endif() -+ # Checking git -+ find_program(GIT_COMMAND "git") -+ if (NOT GIT_COMMAND) -+ message(FATAL_ERROR "Please install git") -+ endif() - --#Configure Mbed TLS to build only mbedcrypto lib --execute_process(COMMAND ${Python3_EXECUTABLE} scripts/config.py crypto WORKING_DIRECTORY ${mbedtls_SOURCE_DIR}) -- --# Advertise Mbed TLS as the provider of the psa crypto API --set(PSA_CRYPTO_API_INCLUDE "${MBEDTLS_INSTALL_PATH}/include" CACHE STRING "PSA Crypto API include path") -- --#Configure the library --execute_process(COMMAND -- ${CMAKE_COMMAND} -- -DENABLE_PROGRAMS=OFF -- -DENABLE_TESTING=OFF -- -DUNSAFE_BUILD=ON -- -DCMAKE_INSTALL_PREFIX=${MBEDTLS_INSTALL_PATH} -- -DCMAKE_TOOLCHAIN_FILE=${TS_EXTERNAL_LIB_TOOLCHAIN_FILE} -- -DCMAKE_TRY_COMPILE_TARGET_TYPE=STATIC_LIBRARY -- -DEXTERNAL_DEFINITIONS=-DMBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}" -- -DEXTERNAL_INCLUDE_PATHS=${MBEDTLS_EXTRA_INCLUDES} -- -GUnix\ Makefiles -- ${mbedtls_SOURCE_DIR} -- WORKING_DIRECTORY -- ${mbedtls_BINARY_DIR} -- RESULT_VARIABLE _exec_error --) -+ # Fetching Mbed TLS -+ FetchContent_Declare( -+ mbedtls -+ SOURCE_DIR ${MBEDTLS_SOURCE_DIR} -+ BINARY_DIR ${MBEDTLS_BINARY_DIR} -+ GIT_REPOSITORY ${MBEDTLS_URL} -+ GIT_TAG ${MBEDTLS_REFSPEC} -+ GIT_SHALLOW TRUE -+ ) - --if (_exec_error) -- message(FATAL_ERROR "Configuration step of Mbed TLS failed with ${_exec_error}.") --endif() -+ # FetchContent_GetProperties exports mbedtls_SOURCE_DIR and mbedtls_BINARY_DIR variables -+ FetchContent_GetProperties(mbedtls) -+ # FetchContent_Populate will fail if the source directory is removed since it will try to -+ # do an "update" and not a "populate" action. As a workaround, remove the subbuild directory. -+ # Note: this fix assumes, the default subbuild location is used. -+ file(REMOVE_RECURSE "${CMAKE_CURRENT_BINARY_DIR}/_deps/mbedtls-subbuild") -+ -+ # If the source directory has been moved, the binary dir must be regenerated from scratch. -+ file(REMOVE_RECURSE "${MBEDTLS_BINARY_DIR}") - --#TODO: add dependency to generated project on this file! --#TODO: add custom target to rebuild Mbed TLS -+ if (NOT mbedtls_POPULATED) -+ message(STATUS "Fetching Mbed TLS") -+ FetchContent_Populate(mbedtls) -+ endif() -+ set_property(DIRECTORY APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS ${MBEDTLS_SOURCE_DIR}) -+ endif() - --#Build the library --execute_process(COMMAND -- ${CMAKE_COMMAND} --build ${mbedtls_BINARY_DIR} --parallel ${PROCESSOR_COUNT} --target install -+ # Build mbedcrypto library -+ -+ # Convert the include path list to a string. Needed to make parameter passing to -+ # Mbed TLS build work fine. -+ string(REPLACE ";" "\\;" MBEDTLS_EXTRA_INCLUDES "${MBEDTLS_EXTRA_INCLUDES}") -+ -+ find_package(Python3 REQUIRED COMPONENTS Interpreter) -+ -+ #Configure Mbed TLS to build only mbedcrypto lib -+ execute_process(COMMAND ${Python3_EXECUTABLE} scripts/config.py crypto WORKING_DIRECTORY ${MBEDTLS_SOURCE_DIR}) -+ -+ # Advertise Mbed TLS as the provider of the psa crypto API -+ set(PSA_CRYPTO_API_INCLUDE "${MBEDTLS_INSTALL_DIR}/include" CACHE STRING "PSA Crypto API include path") -+ -+ #Configure the library -+ execute_process(COMMAND -+ ${CMAKE_COMMAND} -E env CROSS_COMPILE=${CROSS_COMPILE} -+ ${CMAKE_COMMAND} -+ -DENABLE_PROGRAMS=OFF -+ -DENABLE_TESTING=OFF -+ -DUNSAFE_BUILD=ON -+ -DCMAKE_INSTALL_PREFIX=${MBEDTLS_INSTALL_DIR} -+ -DCMAKE_TOOLCHAIN_FILE=${TS_EXTERNAL_LIB_TOOLCHAIN_FILE} -+ -DCMAKE_TRY_COMPILE_TARGET_TYPE=STATIC_LIBRARY -+ -DEXTERNAL_DEFINITIONS=-DMBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}" -+ -DEXTERNAL_INCLUDE_PATHS=${MBEDTLS_EXTRA_INCLUDES} -+ -GUnix\ Makefiles -+ ${MBEDTLS_SOURCE_DIR} -+ WORKING_DIRECTORY -+ ${MBEDTLS_BINARY_DIR} - RESULT_VARIABLE _exec_error - ) --if (_exec_error) -- message(FATAL_ERROR "Build step of Mbed TLS failed with ${_exec_error}.") -+ -+ if (_exec_error) -+ message(FATAL_ERROR "Configuration step of Mbed TLS failed with ${_exec_error}.") -+ endif() -+ -+ #Build the library -+ execute_process(COMMAND -+ ${CMAKE_COMMAND} --build ${MBEDTLS_BINARY_DIR} --parallel ${PROCESSOR_COUNT} --target install -+ RESULT_VARIABLE _exec_error -+ ) -+ -+ if (_exec_error) -+ message(FATAL_ERROR "Build step of Mbed TLS failed with ${_exec_error}.") -+ endif() -+ -+ set(MBEDCRYPTO_LIB_FILE "${MBEDTLS_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}mbedcrypto${CMAKE_STATIC_LIBRARY_SUFFIX}") - endif() - - #Create an imported target to have clean abstraction in the build-system. - add_library(mbedcrypto STATIC IMPORTED) --set_property(TARGET mbedcrypto PROPERTY IMPORTED_LOCATION "${MBEDTLS_INSTALL_PATH}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}mbedcrypto${CMAKE_STATIC_LIBRARY_SUFFIX}") --set_property(TARGET mbedcrypto PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${MBEDTLS_INSTALL_PATH}/include") -+set_property(DIRECTORY ${CMAKE_SOURCE_DIR} APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS ${MBEDCRYPTO_LIB_FILE}) -+set_property(TARGET mbedcrypto PROPERTY IMPORTED_LOCATION ${MBEDCRYPTO_LIB_FILE}) -+set_property(TARGET mbedcrypto PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${MBEDTLS_INSTALL_DIR}/include") diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0034-Fix-format-specifier-in-logging_caller.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0034-Fix-format-specifier-in-logging_caller.patch deleted file mode 100644 index 75fa7c2a..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0034-Fix-format-specifier-in-logging_caller.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 131bb3c577fff93ff9ba6f5e7d450f727fec0e62 Mon Sep 17 00:00:00 2001 -From: Julian Hall -Date: Fri, 11 Feb 2022 12:30:45 +0000 -Subject: [PATCH] Fix format specifier in logging_caller - -A previous change increased the width of the opstatus value -returned by an rpc endpoint from 32 to 64 bits. This change -corrects the printf format specifier in the rpc logging_caller -that corresponds to logging the opstatus value. - -Signed-off-by: Julian Hall -Change-Id: Ie695a6bf8cf8014317b85196d7b933d344782b2c - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras - - ---- - components/rpc/common/logging/logging_caller.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/components/rpc/common/logging/logging_caller.c b/components/rpc/common/logging/logging_caller.c -index 07c33de5..cac03f2f 100644 ---- a/components/rpc/common/logging/logging_caller.c -+++ b/components/rpc/common/logging/logging_caller.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -87,7 +87,7 @@ static rpc_status_t call_invoke(void *context, rpc_call_handle handle, uint32_t - - if (status == TS_RPC_CALL_ACCEPTED) { - -- fprintf(this_instance->log_file, "op_status: %d\n", *opstatus); -+ fprintf(this_instance->log_file, "op_status: %ld\n", *opstatus); - fprintf(this_instance->log_file, "resp_len: %ld\n", *resp_len); - } - diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0035-Update-refspecs-for-mbedtls-and-psa-arch-tests-for-v.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0035-Update-refspecs-for-mbedtls-and-psa-arch-tests-for-v.patch deleted file mode 100644 index 01b99d3e..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0035-Update-refspecs-for-mbedtls-and-psa-arch-tests-for-v.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 7aa9796020487ce32746c25934ce20829acc462c Mon Sep 17 00:00:00 2001 -From: Julian Hall -Date: Fri, 11 Feb 2022 13:42:59 +0000 -Subject: [PATCH] Update refspecs for mbedtls and psa-arch-tests for v3.1.0 - -Updates external component refspecs to use mbedtls 3.1.0 and -compatible API tests from psa-arch-test. - -Signed-off-by: Julian Hall -Change-Id: I1b5cebd7de3c1885f5f8a8ea21ba5e4c52aefaf4 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras - - ---- - external/MbedTLS/MbedTLS.cmake | 2 +- - external/psa_arch_tests/psa_arch_tests.cmake | 17 ++++++----------- - 2 files changed, 7 insertions(+), 12 deletions(-) - -diff --git a/external/MbedTLS/MbedTLS.cmake b/external/MbedTLS/MbedTLS.cmake -index 935be765..3350d8a0 100644 ---- a/external/MbedTLS/MbedTLS.cmake -+++ b/external/MbedTLS/MbedTLS.cmake -@@ -7,7 +7,7 @@ - - set(MBEDTLS_URL "https://github.com/ARMmbed/mbedtls.git" - CACHE STRING "Mbed TLS repository URL") --set(MBEDTLS_REFSPEC "mbedtls-3.0.0" -+set(MBEDTLS_REFSPEC "mbedtls-3.1.0" - CACHE STRING "Mbed TLS git refspec") - set(MBEDTLS_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/mbedtls-src" - CACHE PATH "MbedTLS source directory") -diff --git a/external/psa_arch_tests/psa_arch_tests.cmake b/external/psa_arch_tests/psa_arch_tests.cmake -index e6ab73f7..f6d2fb9f 100644 ---- a/external/psa_arch_tests/psa_arch_tests.cmake -+++ b/external/psa_arch_tests/psa_arch_tests.cmake -@@ -5,20 +5,15 @@ - # - #------------------------------------------------------------------------------- - --# Determine the number of processes to run while running parallel builds. --# Pass -DPROCESSOR_COUNT= to cmake to override. --if(NOT DEFINED PROCESSOR_COUNT) -- include(ProcessorCount) -- ProcessorCount(PROCESSOR_COUNT) -- set(PROCESSOR_COUNT ${PROCESSOR_COUNT} CACHE STRING "Number of cores to use for parallel builds.") --endif() -+# Temporarily using modified tests used for tf-m verification -+set(PSA_ARCH_TESTS_URL "https://github.com/bensze01/psa-arch-tests.git" CACHE STRING "psa-arch-tests repository URL") -+set(PSA_ARCH_TESTS_REFSPEC "fix-multipart-aead" CACHE STRING "psa-arch-tests git refspec") - --set(PSA_ARCH_TESTS_URL "https://github.com/ARM-software/psa-arch-tests.git" CACHE STRING "psa-arch-tests repository URL") --set(PSA_ARCH_TESTS_REFSPEC "master" CACHE STRING "psa-arch-tests git refspec") -+#set(PSA_ARCH_TESTS_URL "https://github.com/ARM-software/psa-arch-tests.git" CACHE STRING "psa-arch-tests repository URL") -+#set(PSA_ARCH_TESTS_REFSPEC "2a1852252a9b9af655cbe02d5d3c930952d0d798" CACHE STRING "psa-arch-tests v22.01_API1.4_ADAC_BETA") - set(PSA_ARCH_TESTS_INSTALL_PATH "${CMAKE_CURRENT_BINARY_DIR}/psa-arch-tests_install" CACHE PATH "psa-arch-tests installation directory") - set(PSA_ARCH_TESTS_PACKAGE_PATH "${PSA_ARCH_TESTS_INSTALL_PATH}/libpsa-arch-tests/cmake" CACHE PATH "psa-arch-tests CMake package directory") -- --include(FetchContent) -+set(PSA_ARCH_TESTS_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/psa_arch_tests-src" CACHE PATH "psa-arch-tests source.") - - # Checking git - find_program(GIT_COMMAND "git") diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0036-Separate-sign-verify-message-and-hash-operations.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0036-Separate-sign-verify-message-and-hash-operations.patch deleted file mode 100644 index ae78f41a..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0036-Separate-sign-verify-message-and-hash-operations.patch +++ /dev/null @@ -1,1080 +0,0 @@ -From b160f734006f4959d92377dc3aa8eabc3ac7c1da Mon Sep 17 00:00:00 2001 -From: Julian Hall -Date: Fri, 11 Feb 2022 14:08:13 +0000 -Subject: [PATCH] Separate sign/verify message and hash operations - -Previous versions of mbedtls didn't distinguish between -asymmetric sign and verify operations on a hash or message. -They are now treated as separate operations from a usage -control perspective. This change makes the corresponding -hash/message sepration in client and service provider -components. - -Signed-off-by: Julian Hall -Change-Id: Ic0041c694c026522c9b00c974d22261e9e2feadd - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras - - ---- - .../caller/packed-c/crypto_caller_sign_hash.h | 29 +++++++- - .../packed-c/crypto_caller_verify_hash.h | 33 ++++++++- - .../caller/stub/crypto_caller_sign_hash.h | 11 ++- - .../caller/stub/crypto_caller_verify_hash.h | 11 ++- - .../service/crypto/client/cpp/crypto_client.h | 17 ++++- - .../packed-c/packedc_crypto_client.cpp | 22 +++++- - .../protocol/packed-c/packedc_crypto_client.h | 17 ++++- - .../protobuf/protobuf_crypto_client.cpp | 43 ++++++++++- - .../protobuf/protobuf_crypto_client.h | 27 ++++++- - .../crypto/client/psa/psa_sign_message.c | 24 +++--- - .../crypto/client/psa/psa_verify_message.c | 24 +++--- - .../service/crypto/provider/crypto_provider.c | 40 ++++++---- - .../serializer/crypto_provider_serializer.h | 6 +- - .../packedc_crypto_provider_serializer.c | 12 +-- - .../protobuf/pb_crypto_provider_serializer.c | 74 +++++++++---------- - .../check_crypto_opcode_alignment.cpp | 25 ++++--- - .../test/service/crypto_service_scenarios.cpp | 56 +++++++++++++- - .../test/service/crypto_service_scenarios.h | 3 +- - .../packed-c/crypto_service_packedc_tests.cpp | 7 +- - .../crypto_service_protobuf_tests.cpp | 7 +- - protocols/service/crypto/packed-c/opcodes.h | 4 +- - .../service/crypto/protobuf/opcodes.proto | 4 +- - 22 files changed, 366 insertions(+), 130 deletions(-) - -diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/packed-c/crypto_caller_sign_hash.h -index e807773e..4a9ed20d 100644 ---- a/components/service/crypto/client/caller/packed-c/crypto_caller_sign_hash.h -+++ b/components/service/crypto/client/caller/packed-c/crypto_caller_sign_hash.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -20,7 +20,8 @@ - extern "C" { - #endif - --static inline psa_status_t crypto_caller_sign_hash(struct service_client *context, -+static inline psa_status_t crypto_caller_asym_sign_commom(struct service_client *context, -+ uint32_t opcode, - psa_key_id_t id, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, -@@ -60,7 +61,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex - - context->rpc_status = - rpc_caller_invoke(context->caller, call_handle, -- TS_CRYPTO_OPCODE_SIGN_HASH, &opstatus, &resp_buf, &resp_len); -+ opcode, &opstatus, &resp_buf, &resp_len); - - if (context->rpc_status == TS_RPC_CALL_ACCEPTED) { - -@@ -98,6 +99,28 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex - return psa_status; - } - -+static inline psa_status_t crypto_caller_sign_hash(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, size_t hash_length, -+ uint8_t *signature, size_t signature_size, size_t *signature_length) -+{ -+ return crypto_caller_asym_sign_commom(context, TS_CRYPTO_OPCODE_SIGN_HASH, -+ id, alg, hash, hash_length, -+ signature, signature_size, signature_length); -+} -+ -+static inline psa_status_t crypto_caller_sign_message(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, size_t hash_length, -+ uint8_t *signature, size_t signature_size, size_t *signature_length) -+{ -+ return crypto_caller_asym_sign_commom(context, TS_CRYPTO_OPCODE_SIGN_MESSAGE, -+ id, alg, hash, hash_length, -+ signature, signature_size, signature_length); -+} -+ - #ifdef __cplusplus - } - #endif -diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/packed-c/crypto_caller_verify_hash.h -index 47152946..daa11330 100644 ---- a/components/service/crypto/client/caller/packed-c/crypto_caller_verify_hash.h -+++ b/components/service/crypto/client/caller/packed-c/crypto_caller_verify_hash.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -20,7 +20,8 @@ - extern "C" { - #endif - --static inline psa_status_t crypto_caller_verify_hash(struct service_client *context, -+static inline psa_status_t crypto_caller_asym_verify_common(struct service_client *context, -+ uint32_t opcode, - psa_key_id_t id, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, -@@ -65,7 +66,7 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont - - context->rpc_status = - rpc_caller_invoke(context->caller, call_handle, -- TS_CRYPTO_OPCODE_VERIFY_HASH, &opstatus, &resp_buf, &resp_len); -+ opcode, &opstatus, &resp_buf, &resp_len); - - if (context->rpc_status == TS_RPC_CALL_ACCEPTED) psa_status = opstatus; - -@@ -75,6 +76,32 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont - return psa_status; - } - -+static inline psa_status_t crypto_caller_verify_hash(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, size_t hash_length, -+ const uint8_t *signature, size_t signature_length) -+{ -+ return crypto_caller_asym_verify_common(context, -+ TS_CRYPTO_OPCODE_VERIFY_HASH, -+ id, alg, -+ hash, hash_length, -+ signature, signature_length); -+} -+ -+static inline psa_status_t crypto_caller_verify_message(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *input, size_t input_length, -+ const uint8_t *signature, size_t signature_length) -+{ -+ return crypto_caller_asym_verify_common(context, -+ TS_CRYPTO_OPCODE_VERIFY_MESSAGE, -+ id, alg, -+ input, input_length, -+ signature, signature_length); -+} -+ - #ifdef __cplusplus - } - #endif -diff --git a/components/service/crypto/client/caller/stub/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/stub/crypto_caller_sign_hash.h -index d09369a2..09049f5c 100644 ---- a/components/service/crypto/client/caller/stub/crypto_caller_sign_hash.h -+++ b/components/service/crypto/client/caller/stub/crypto_caller_sign_hash.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -23,6 +23,15 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex - return PSA_ERROR_NOT_SUPPORTED; - } - -+static inline psa_status_t crypto_caller_sign_message(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, size_t hash_length, -+ uint8_t *signature, size_t signature_size, size_t *signature_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ - #ifdef __cplusplus - } - #endif -diff --git a/components/service/crypto/client/caller/stub/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/stub/crypto_caller_verify_hash.h -index 20d11dcf..3f3eb878 100644 ---- a/components/service/crypto/client/caller/stub/crypto_caller_verify_hash.h -+++ b/components/service/crypto/client/caller/stub/crypto_caller_verify_hash.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -23,6 +23,15 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont - return PSA_ERROR_NOT_SUPPORTED; - } - -+static inline psa_status_t crypto_caller_verify_message(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *input, size_t input_length, -+ const uint8_t *signature, size_t signature_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ - #ifdef __cplusplus - } - #endif -diff --git a/components/service/crypto/client/cpp/crypto_client.h b/components/service/crypto/client/cpp/crypto_client.h -index 2a5e5b99..ccb0714a 100644 ---- a/components/service/crypto/client/cpp/crypto_client.h -+++ b/components/service/crypto/client/cpp/crypto_client.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -57,7 +57,7 @@ public: - psa_key_id_t id, - uint8_t *data, size_t data_size, size_t *data_length) = 0; - -- /* Sign/verify methods */ -+ /* Sign/verify hash methods */ - virtual psa_status_t sign_hash( - psa_key_id_t id, - psa_algorithm_t alg, -@@ -70,6 +70,19 @@ public: - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length) = 0; - -+ /* Sign/verify message methods */ -+ virtual psa_status_t sign_message( -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *message, size_t message_length, -+ uint8_t *signature, size_t signature_size, size_t *signature_length) = 0; -+ -+ virtual psa_status_t verify_message( -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *message, size_t message_length, -+ const uint8_t *signature, size_t signature_length) = 0; -+ - /* Asymmetric encrypt/decrypt */ - virtual psa_status_t asymmetric_encrypt( - psa_key_id_t id, -diff --git a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp -index 4d9d8f41..4e10f9be 100644 ---- a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp -+++ b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -107,6 +107,26 @@ psa_status_t packedc_crypto_client::verify_hash( - signature, signature_length); - } - -+psa_status_t packedc_crypto_client::sign_message( -+ psa_key_id_t id, psa_algorithm_t alg, -+ const uint8_t *message, size_t message_length, -+ uint8_t *signature, size_t signature_size, size_t *signature_length) -+{ -+ return crypto_caller_sign_message(&m_client, id, alg, -+ message, message_length, -+ signature, signature_size, signature_length); -+} -+ -+psa_status_t packedc_crypto_client::verify_message( -+ psa_key_id_t id, psa_algorithm_t alg, -+ const uint8_t *message, size_t message_length, -+ const uint8_t *signature, size_t signature_length) -+{ -+ return crypto_caller_verify_message(&m_client, id, alg, -+ message, message_length, -+ signature, signature_length); -+} -+ - psa_status_t packedc_crypto_client::asymmetric_encrypt( - psa_key_id_t id, psa_algorithm_t alg, - const uint8_t *input, size_t input_length, -diff --git a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h -index 377b51d1..d74ba609 100644 ---- a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h -+++ b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -54,7 +54,7 @@ public: - psa_key_id_t id, - uint8_t *data, size_t data_size, size_t *data_length); - -- /* Sign/verify methods */ -+ /* Sign/verify hash methods */ - psa_status_t sign_hash( - psa_key_id_t id, - psa_algorithm_t alg, -@@ -67,6 +67,19 @@ public: - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length); - -+ /* Sign/verify message methods */ -+ psa_status_t sign_message( -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *message, size_t message_length, -+ uint8_t *signature, size_t signature_size, size_t *signature_length); -+ -+ psa_status_t verify_message( -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *message, size_t message_length, -+ const uint8_t *signature, size_t signature_length); -+ - /* Asymmetric encrypt/decrypt */ - psa_status_t asymmetric_encrypt( - psa_key_id_t id, -diff --git a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp -index 17780351..28c8f6fb 100644 ---- a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp -+++ b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp -@@ -386,6 +386,25 @@ psa_status_t protobuf_crypto_client::export_public_key(psa_key_id_t id, - psa_status_t protobuf_crypto_client::sign_hash(psa_key_id_t id, psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length) -+{ -+ return asym_sign(ts_crypto_Opcode_SIGN_HASH, id, alg, -+ hash, hash_length, -+ signature, signature_size, signature_length); -+} -+ -+psa_status_t protobuf_crypto_client::sign_message(psa_key_id_t id, psa_algorithm_t alg, -+ const uint8_t *message, size_t message_length, -+ uint8_t *signature, size_t signature_size, size_t *signature_length) -+{ -+ return asym_sign(ts_crypto_Opcode_SIGN_MESSAGE, id, alg, -+ message, message_length, -+ signature, signature_size, signature_length); -+} -+ -+psa_status_t protobuf_crypto_client::asym_sign(uint32_t opcode, -+ psa_key_id_t id, psa_algorithm_t alg, -+ const uint8_t *hash, size_t hash_length, -+ uint8_t *signature, size_t signature_size, size_t *signature_length) - { - size_t req_len; - pb_bytes_array_t *hash_byte_array = -@@ -416,7 +435,7 @@ psa_status_t protobuf_crypto_client::sign_hash(psa_key_id_t id, psa_algorithm_t - pb_encode(&ostream, ts_crypto_SignHashIn_fields, &req_msg); - - m_client.rpc_status = rpc_caller_invoke(m_client.caller, call_handle, -- ts_crypto_Opcode_SIGN_HASH, &opstatus, &resp_buf, &resp_len); -+ opcode, &opstatus, &resp_buf, &resp_len); - - if (m_client.rpc_status == TS_RPC_CALL_ACCEPTED) { - -@@ -462,10 +481,28 @@ psa_status_t protobuf_crypto_client::sign_hash(psa_key_id_t id, psa_algorithm_t - return psa_status; - } - -- - psa_status_t protobuf_crypto_client::verify_hash(psa_key_id_t id, psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length) -+{ -+ return asym_verify(ts_crypto_Opcode_VERIFY_HASH, id, alg, -+ hash, hash_length, -+ signature, signature_length); -+} -+ -+psa_status_t protobuf_crypto_client::verify_message(psa_key_id_t id, psa_algorithm_t alg, -+ const uint8_t *message, size_t message_length, -+ const uint8_t *signature, size_t signature_length) -+{ -+ return asym_verify(ts_crypto_Opcode_VERIFY_MESSAGE, id, alg, -+ message, message_length, -+ signature, signature_length); -+} -+ -+psa_status_t protobuf_crypto_client::asym_verify(uint32_t opcode, -+ psa_key_id_t id, psa_algorithm_t alg, -+ const uint8_t *hash, size_t hash_length, -+ const uint8_t *signature, size_t signature_length) - { - size_t req_len; - pb_bytes_array_t *hash_byte_array = -@@ -497,7 +534,7 @@ psa_status_t protobuf_crypto_client::verify_hash(psa_key_id_t id, psa_algorithm_ - pb_encode(&ostream, ts_crypto_VerifyHashIn_fields, &req_msg); - - m_client.rpc_status = rpc_caller_invoke(m_client.caller, call_handle, -- ts_crypto_Opcode_VERIFY_HASH, &opstatus, &resp_buf, &resp_len); -+ opcode, &opstatus, &resp_buf, &resp_len); - - if (m_client.rpc_status == TS_RPC_CALL_ACCEPTED) psa_status = opstatus; - -diff --git a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h -index 085d9cfa..abe4439e 100644 ---- a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h -+++ b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -54,7 +54,7 @@ public: - psa_key_id_t id, - uint8_t *data, size_t data_size, size_t *data_length); - -- /* Sign/verify methods */ -+ /* Sign/verify hash methods */ - psa_status_t sign_hash( - psa_key_id_t id, - psa_algorithm_t alg, -@@ -67,6 +67,19 @@ public: - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length); - -+ /* Sign/verify message methods */ -+ psa_status_t sign_message( -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *message, size_t message_length, -+ uint8_t *signature, size_t signature_size, size_t *signature_length); -+ -+ psa_status_t verify_message( -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *message, size_t message_length, -+ const uint8_t *signature, size_t signature_length); -+ - /* Asymmetric encrypt/decrypt */ - psa_status_t asymmetric_encrypt( - psa_key_id_t id, -@@ -221,6 +234,16 @@ public: - - private: - -+ psa_status_t asym_sign(uint32_t opcode, -+ psa_key_id_t id, psa_algorithm_t alg, -+ const uint8_t *hash, size_t hash_length, -+ uint8_t *signature, size_t signature_size, size_t *signature_length); -+ -+ psa_status_t asym_verify(uint32_t opcode, -+ psa_key_id_t id, psa_algorithm_t alg, -+ const uint8_t *hash, size_t hash_length, -+ const uint8_t *signature, size_t signature_length); -+ - void translate_key_attributes( - ts_crypto_KeyAttributes &proto_attributes, - const psa_key_attributes_t &psa_attributes); -diff --git a/components/service/crypto/client/psa/psa_sign_message.c b/components/service/crypto/client/psa/psa_sign_message.c -index dc2f7e80..b6446253 100644 ---- a/components/service/crypto/client/psa/psa_sign_message.c -+++ b/components/service/crypto/client/psa/psa_sign_message.c -@@ -1,13 +1,15 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - - #include -+#include "psa_crypto_client.h" -+#include "crypto_caller_selector.h" - - psa_status_t psa_sign_message( -- psa_key_id_t key, -+ psa_key_id_t id, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, -@@ -15,19 +17,11 @@ psa_status_t psa_sign_message( - size_t signature_size, - size_t *signature_length) - { -- size_t hash_len; -- uint8_t hash[PSA_HASH_MAX_SIZE]; -+ if (psa_crypto_client_instance.init_status != PSA_SUCCESS) -+ return psa_crypto_client_instance.init_status; - -- psa_status_t psa_status = psa_hash_compute(PSA_ALG_SIGN_GET_HASH(alg), -+ return crypto_caller_sign_message(&psa_crypto_client_instance.base, -+ id, alg, - input, input_length, -- hash, sizeof(hash), &hash_len); -- -- if (psa_status == PSA_SUCCESS) { -- -- psa_status = psa_sign_hash(key, alg, -- hash, hash_len, -- signature, signature_size, signature_length); -- } -- -- return psa_status; -+ signature, signature_size, signature_length); - } -diff --git a/components/service/crypto/client/psa/psa_verify_message.c b/components/service/crypto/client/psa/psa_verify_message.c -index d0fbc7c8..57c2c5e8 100644 ---- a/components/service/crypto/client/psa/psa_verify_message.c -+++ b/components/service/crypto/client/psa/psa_verify_message.c -@@ -1,32 +1,26 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - - #include -+#include "psa_crypto_client.h" -+#include "crypto_caller_selector.h" - - psa_status_t psa_verify_message( -- psa_key_id_t key, -+ psa_key_id_t id, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t * signature, - size_t signature_length) - { -- size_t hash_len; -- uint8_t hash[PSA_HASH_MAX_SIZE]; -+ if (psa_crypto_client_instance.init_status != PSA_SUCCESS) -+ return psa_crypto_client_instance.init_status; - -- psa_status_t psa_status = psa_hash_compute(PSA_ALG_SIGN_GET_HASH(alg), -+ return crypto_caller_verify_message(&psa_crypto_client_instance.base, -+ id, alg, - input, input_length, -- hash, sizeof(hash), &hash_len); -- -- if (psa_status == PSA_SUCCESS) { -- -- psa_status = psa_verify_hash(key, alg, -- hash, hash_len, -- signature, signature_length); -- } -- -- return psa_status; -+ signature, signature_length); - } -diff --git a/components/service/crypto/provider/crypto_provider.c b/components/service/crypto/provider/crypto_provider.c -index d0fc7cac..67a5b340 100644 ---- a/components/service/crypto/provider/crypto_provider.c -+++ b/components/service/crypto/provider/crypto_provider.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -16,8 +16,8 @@ static rpc_status_t destroy_key_handler(void *context, struct call_req* req); - static rpc_status_t export_key_handler(void *context, struct call_req* req); - static rpc_status_t export_public_key_handler(void *context, struct call_req* req); - static rpc_status_t import_key_handler(void *context, struct call_req* req); --static rpc_status_t sign_hash_handler(void *context, struct call_req* req); --static rpc_status_t verify_hash_handler(void *context, struct call_req* req); -+static rpc_status_t asymmetric_sign_handler(void *context, struct call_req* req); -+static rpc_status_t asymmetric_verify_handler(void *context, struct call_req* req); - static rpc_status_t asymmetric_decrypt_handler(void *context, struct call_req* req); - static rpc_status_t asymmetric_encrypt_handler(void *context, struct call_req* req); - static rpc_status_t generate_random_handler(void *context, struct call_req* req); -@@ -32,14 +32,16 @@ static const struct service_handler handler_table[] = { - {TS_CRYPTO_OPCODE_EXPORT_KEY, export_key_handler}, - {TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, export_public_key_handler}, - {TS_CRYPTO_OPCODE_IMPORT_KEY, import_key_handler}, -- {TS_CRYPTO_OPCODE_SIGN_HASH, sign_hash_handler}, -- {TS_CRYPTO_OPCODE_VERIFY_HASH, verify_hash_handler}, -+ {TS_CRYPTO_OPCODE_SIGN_HASH, asymmetric_sign_handler}, -+ {TS_CRYPTO_OPCODE_VERIFY_HASH, asymmetric_verify_handler}, - {TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, asymmetric_decrypt_handler}, - {TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, asymmetric_encrypt_handler}, - {TS_CRYPTO_OPCODE_GENERATE_RANDOM, generate_random_handler}, - {TS_CRYPTO_OPCODE_COPY_KEY, copy_key_handler}, - {TS_CRYPTO_OPCODE_PURGE_KEY, purge_key_handler}, - {TS_CRYPTO_OPCODE_GET_KEY_ATTRIBUTES, get_key_attributes_handler}, -+ {TS_CRYPTO_OPCODE_SIGN_MESSAGE, asymmetric_sign_handler}, -+ {TS_CRYPTO_OPCODE_VERIFY_MESSAGE, asymmetric_verify_handler}, - }; - - struct rpc_interface *crypto_provider_init(struct crypto_provider *context) -@@ -272,7 +274,7 @@ static rpc_status_t import_key_handler(void *context, struct call_req* req) - return rpc_status; - } - --static rpc_status_t sign_hash_handler(void *context, struct call_req* req) -+static rpc_status_t asymmetric_sign_handler(void *context, struct call_req* req) - { - rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED; - struct call_param_buf *req_buf = call_req_get_req_buf(req); -@@ -284,7 +286,7 @@ static rpc_status_t sign_hash_handler(void *context, struct call_req* req) - uint8_t hash_buffer[PSA_HASH_MAX_SIZE]; - - if (serializer) -- rpc_status = serializer->deserialize_sign_hash_req(req_buf, &id, &alg, hash_buffer, &hash_len); -+ rpc_status = serializer->deserialize_asymmetric_sign_req(req_buf, &id, &alg, hash_buffer, &hash_len); - - if (rpc_status == TS_RPC_CALL_ACCEPTED) { - -@@ -292,14 +294,16 @@ static rpc_status_t sign_hash_handler(void *context, struct call_req* req) - size_t sig_len; - uint8_t sig_buffer[PSA_SIGNATURE_MAX_SIZE]; - -- psa_status = psa_sign_hash(id, alg, -- hash_buffer, hash_len, -- sig_buffer, sizeof(sig_buffer), &sig_len); -+ psa_status = (call_req_get_opcode(req) == TS_CRYPTO_OPCODE_SIGN_HASH) ? -+ psa_sign_hash(id, alg, hash_buffer, hash_len, -+ sig_buffer, sizeof(sig_buffer), &sig_len) : -+ psa_sign_message(id, alg, hash_buffer, hash_len, -+ sig_buffer, sizeof(sig_buffer), &sig_len); - - if (psa_status == PSA_SUCCESS) { - - struct call_param_buf *resp_buf = call_req_get_resp_buf(req); -- rpc_status = serializer->serialize_sign_hash_resp(resp_buf, sig_buffer, sig_len); -+ rpc_status = serializer->serialize_asymmetric_sign_resp(resp_buf, sig_buffer, sig_len); - } - - call_req_set_opstatus(req, psa_status); -@@ -308,7 +312,7 @@ static rpc_status_t sign_hash_handler(void *context, struct call_req* req) - return rpc_status; - } - --static rpc_status_t verify_hash_handler(void *context, struct call_req* req) -+static rpc_status_t asymmetric_verify_handler(void *context, struct call_req* req) - { - rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED; - struct call_param_buf *req_buf = call_req_get_req_buf(req); -@@ -322,7 +326,7 @@ static rpc_status_t verify_hash_handler(void *context, struct call_req* req) - uint8_t sig_buffer[PSA_SIGNATURE_MAX_SIZE]; - - if (serializer) -- rpc_status = serializer->deserialize_verify_hash_req(req_buf, &id, &alg, -+ rpc_status = serializer->deserialize_asymmetric_verify_req(req_buf, &id, &alg, - hash_buffer, &hash_len, - sig_buffer, &sig_len); - -@@ -330,9 +334,13 @@ static rpc_status_t verify_hash_handler(void *context, struct call_req* req) - - psa_status_t psa_status; - -- psa_status = psa_verify_hash(id, alg, -- hash_buffer, hash_len, -- sig_buffer, sig_len); -+ psa_status = (call_req_get_opcode(req) == TS_CRYPTO_OPCODE_VERIFY_HASH) ? -+ psa_verify_hash(id, alg, -+ hash_buffer, hash_len, -+ sig_buffer, sig_len) : -+ psa_verify_message(id, alg, -+ hash_buffer, hash_len, -+ sig_buffer, sig_len); - - call_req_set_opstatus(req, psa_status); - } -diff --git a/components/service/crypto/provider/serializer/crypto_provider_serializer.h b/components/service/crypto/provider/serializer/crypto_provider_serializer.h -index 68940cae..57364f24 100644 ---- a/components/service/crypto/provider/serializer/crypto_provider_serializer.h -+++ b/components/service/crypto/provider/serializer/crypto_provider_serializer.h -@@ -79,15 +79,15 @@ struct crypto_provider_serializer { - const psa_key_attributes_t *attributes); - - /* Operation: sign_hash */ -- rpc_status_t (*deserialize_sign_hash_req)(const struct call_param_buf *req_buf, -+ rpc_status_t (*deserialize_asymmetric_sign_req)(const struct call_param_buf *req_buf, - psa_key_id_t *id, psa_algorithm_t *alg, - uint8_t *hash, size_t *hash_len); - -- rpc_status_t (*serialize_sign_hash_resp)(struct call_param_buf *resp_buf, -+ rpc_status_t (*serialize_asymmetric_sign_resp)(struct call_param_buf *resp_buf, - const uint8_t *sig, size_t sig_len); - - /* Operation: verify_hash */ -- rpc_status_t (*deserialize_verify_hash_req)(const struct call_param_buf *req_buf, -+ rpc_status_t (*deserialize_asymmetric_verify_req)(const struct call_param_buf *req_buf, - psa_key_id_t *id, psa_algorithm_t *alg, - uint8_t *hash, size_t *hash_len, - uint8_t *sig, size_t *sig_len); -diff --git a/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c b/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c -index c70db865..4a7e59f0 100644 ---- a/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c -+++ b/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c -@@ -333,7 +333,7 @@ static rpc_status_t serialize_get_key_attributes_resp(struct call_param_buf *res - } - - /* Operation: sign_hash */ --static rpc_status_t deserialize_sign_hash_req(const struct call_param_buf *req_buf, -+static rpc_status_t deserialize_asymmetric_sign_req(const struct call_param_buf *req_buf, - psa_key_id_t *id, psa_algorithm_t *alg, - uint8_t *hash, size_t *hash_len) - { -@@ -378,7 +378,7 @@ static rpc_status_t deserialize_sign_hash_req(const struct call_param_buf *req_b - return rpc_status; - } - --static rpc_status_t serialize_sign_hash_resp(struct call_param_buf *resp_buf, -+static rpc_status_t serialize_asymmetric_sign_resp(struct call_param_buf *resp_buf, - const uint8_t *sig, size_t sig_len) - { - rpc_status_t rpc_status = TS_RPC_ERROR_INTERNAL; -@@ -401,7 +401,7 @@ static rpc_status_t serialize_sign_hash_resp(struct call_param_buf *resp_buf, - } - - /* Operation: verify_hash */ --static rpc_status_t deserialize_verify_hash_req(const struct call_param_buf *req_buf, -+static rpc_status_t deserialize_asymmetric_verify_req(const struct call_param_buf *req_buf, - psa_key_id_t *id, psa_algorithm_t *alg, - uint8_t *hash, size_t *hash_len, - uint8_t *sig, size_t *sig_len) -@@ -695,9 +695,9 @@ const struct crypto_provider_serializer *packedc_crypto_provider_serializer_inst - deserialize_purge_key_req, - deserialize_get_key_attributes_req, - serialize_get_key_attributes_resp, -- deserialize_sign_hash_req, -- serialize_sign_hash_resp, -- deserialize_verify_hash_req, -+ deserialize_asymmetric_sign_req, -+ serialize_asymmetric_sign_resp, -+ deserialize_asymmetric_verify_req, - deserialize_asymmetric_decrypt_req, - serialize_asymmetric_decrypt_resp, - deserialize_asymmetric_encrypt_req, -diff --git a/components/service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.c b/components/service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.c -index 7767d20a..083a581a 100644 ---- a/components/service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.c -+++ b/components/service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.c -@@ -267,9 +267,9 @@ static rpc_status_t serialize_get_key_attributes_resp(struct call_param_buf *res - } - - /* Operation: sign_hash */ --static rpc_status_t deserialize_sign_hash_req(const struct call_param_buf *req_buf, -- psa_key_id_t *id, psa_algorithm_t *alg, -- uint8_t *hash, size_t *hash_len) -+static rpc_status_t deserialize_asymmetric_sign_req(const struct call_param_buf *req_buf, -+ psa_key_id_t *id, psa_algorithm_t *alg, -+ uint8_t *hash, size_t *hash_len) - { - rpc_status_t rpc_status = TS_RPC_ERROR_INVALID_REQ_BODY; - ts_crypto_SignHashIn recv_msg = ts_crypto_SignHashIn_init_default; -@@ -295,8 +295,8 @@ static rpc_status_t deserialize_sign_hash_req(const struct call_param_buf *req_b - return rpc_status; - } - --static rpc_status_t serialize_sign_hash_resp(struct call_param_buf *resp_buf, -- const uint8_t *sig, size_t sig_len) -+static rpc_status_t serialize_asymmetric_sign_resp(struct call_param_buf *resp_buf, -+ const uint8_t *sig, size_t sig_len) - { - size_t packed_resp_size; - rpc_status_t rpc_status = TS_RPC_ERROR_INTERNAL; -@@ -323,10 +323,10 @@ static rpc_status_t serialize_sign_hash_resp(struct call_param_buf *resp_buf, - } - - /* Operation: verify_hash */ --static rpc_status_t deserialize_verify_hash_req(const struct call_param_buf *req_buf, -- psa_key_id_t *id, psa_algorithm_t *alg, -- uint8_t *hash, size_t *hash_len, -- uint8_t *sig, size_t *sig_len) -+static rpc_status_t deserialize_asymmetric_verify_req(const struct call_param_buf *req_buf, -+ psa_key_id_t *id, psa_algorithm_t *alg, -+ uint8_t *hash, size_t *hash_len, -+ uint8_t *sig, size_t *sig_len) - { - rpc_status_t rpc_status = TS_RPC_ERROR_INVALID_REQ_BODY; - ts_crypto_VerifyHashIn recv_msg = ts_crypto_VerifyHashIn_init_default; -@@ -538,32 +538,32 @@ static rpc_status_t serialize_generate_random_resp(struct call_param_buf *resp_b - /* Singleton method to provide access to the serializer instance */ - const struct crypto_provider_serializer *pb_crypto_provider_serializer_instance(void) - { -- static const struct crypto_provider_serializer instance = { -- max_deserialised_parameter_size, -- deserialize_generate_key_req, -- serialize_generate_key_resp, -- deserialize_destroy_key_req, -- deserialize_export_key_req, -- serialize_export_key_resp, -- deserialize_export_public_key_req, -- serialize_export_public_key_resp, -- deserialize_import_key_req, -- serialize_import_key_resp, -- deserialize_copy_key_req, -- serialize_copy_key_resp, -- deserialize_purge_key_req, -- deserialize_get_key_attributes_req, -- serialize_get_key_attributes_resp, -- deserialize_sign_hash_req, -- serialize_sign_hash_resp, -- deserialize_verify_hash_req, -- deserialize_asymmetric_decrypt_req, -- serialize_asymmetric_decrypt_resp, -- deserialize_asymmetric_encrypt_req, -- serialize_asymmetric_encrypt_resp, -- deserialize_generate_random_req, -- serialize_generate_random_resp -- }; -- -- return &instance; -+ static const struct crypto_provider_serializer instance = { -+ max_deserialised_parameter_size, -+ deserialize_generate_key_req, -+ serialize_generate_key_resp, -+ deserialize_destroy_key_req, -+ deserialize_export_key_req, -+ serialize_export_key_resp, -+ deserialize_export_public_key_req, -+ serialize_export_public_key_resp, -+ deserialize_import_key_req, -+ serialize_import_key_resp, -+ deserialize_copy_key_req, -+ serialize_copy_key_resp, -+ deserialize_purge_key_req, -+ deserialize_get_key_attributes_req, -+ serialize_get_key_attributes_resp, -+ deserialize_asymmetric_sign_req, -+ serialize_asymmetric_sign_resp, -+ deserialize_asymmetric_verify_req, -+ deserialize_asymmetric_decrypt_req, -+ serialize_asymmetric_decrypt_resp, -+ deserialize_asymmetric_encrypt_req, -+ serialize_asymmetric_encrypt_resp, -+ deserialize_generate_random_req, -+ serialize_generate_random_resp -+ }; -+ -+ return &instance; - } -diff --git a/components/service/crypto/test/protocol/check_crypto_opcode_alignment.cpp b/components/service/crypto/test/protocol/check_crypto_opcode_alignment.cpp -index bd6c66ee..da01abf4 100644 ---- a/components/service/crypto/test/protocol/check_crypto_opcode_alignment.cpp -+++ b/components/service/crypto/test/protocol/check_crypto_opcode_alignment.cpp -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -18,15 +18,16 @@ TEST_GROUP(CryptoProtocolOpcodeChecks) - - TEST(CryptoProtocolOpcodeChecks, checkPackedcToProtobuf) - { -- CHECK_EQUAL(TS_CRYPTO_OPCODE_GENERATE_KEY, ts_crypto_Opcode_GENERATE_KEY); -- CHECK_EQUAL(TS_CRYPTO_OPCODE_DESTROY_KEY, ts_crypto_Opcode_DESTROY_KEY); -- CHECK_EQUAL(TS_CRYPTO_OPCODE_EXPORT_KEY, ts_crypto_Opcode_EXPORT_KEY); -- CHECK_EQUAL(TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, ts_crypto_Opcode_EXPORT_PUBLIC_KEY); -- CHECK_EQUAL(TS_CRYPTO_OPCODE_IMPORT_KEY, ts_crypto_Opcode_IMPORT_KEY); -- CHECK_EQUAL(TS_CRYPTO_OPCODE_SIGN_HASH, ts_crypto_Opcode_SIGN_HASH); -- CHECK_EQUAL(TS_CRYPTO_OPCODE_VERIFY_HASH, ts_crypto_Opcode_VERIFY_HASH); -- CHECK_EQUAL(TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, ts_crypto_Opcode_ASYMMETRIC_DECRYPT); -- CHECK_EQUAL(TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, ts_crypto_Opcode_ASYMMETRIC_ENCRYPT); -- CHECK_EQUAL(TS_CRYPTO_OPCODE_GENERATE_RANDOM, ts_crypto_Opcode_GENERATE_RANDOM); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_GENERATE_KEY, ts_crypto_Opcode_GENERATE_KEY); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_DESTROY_KEY, ts_crypto_Opcode_DESTROY_KEY); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_EXPORT_KEY, ts_crypto_Opcode_EXPORT_KEY); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, ts_crypto_Opcode_EXPORT_PUBLIC_KEY); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_IMPORT_KEY, ts_crypto_Opcode_IMPORT_KEY); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_SIGN_HASH, ts_crypto_Opcode_SIGN_HASH); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_VERIFY_HASH, ts_crypto_Opcode_VERIFY_HASH); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, ts_crypto_Opcode_ASYMMETRIC_DECRYPT); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, ts_crypto_Opcode_ASYMMETRIC_ENCRYPT); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_GENERATE_RANDOM, ts_crypto_Opcode_GENERATE_RANDOM); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_SIGN_MESSAGE, ts_crypto_Opcode_SIGN_MESSAGE); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_VERIFY_MESSAGE, ts_crypto_Opcode_VERIFY_MESSAGE); - } -- -diff --git a/components/service/crypto/test/service/crypto_service_scenarios.cpp b/components/service/crypto/test/service/crypto_service_scenarios.cpp -index ec2c6736..b3345551 100644 ---- a/components/service/crypto/test/service/crypto_service_scenarios.cpp -+++ b/components/service/crypto/test/service/crypto_service_scenarios.cpp -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -290,6 +290,56 @@ void crypto_service_scenarios::signAndVerifyHash() - CHECK_EQUAL(PSA_SUCCESS, status); - } - -+void crypto_service_scenarios::signAndVerifyMessage() -+{ -+ psa_status_t status; -+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; -+ psa_key_id_t key_id; -+ -+ psa_set_key_id(&attributes, 14); -+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE); -+ psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)); -+ psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); -+ psa_set_key_bits(&attributes, 256); -+ -+ /* Generate a key */ -+ status = m_crypto_client->generate_key(&attributes, &key_id); -+ CHECK_EQUAL(PSA_SUCCESS, status); -+ -+ psa_reset_key_attributes(&attributes); -+ -+ /* Sign a message */ -+ uint8_t message[21]; -+ uint8_t signature[PSA_SIGNATURE_MAX_SIZE]; -+ size_t signature_length; -+ -+ memset(message, 0x99, sizeof(message)); -+ -+ status = m_crypto_client->sign_message(key_id, -+ PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), message, sizeof(message), -+ signature, sizeof(signature), &signature_length); -+ -+ CHECK_EQUAL(PSA_SUCCESS, status); -+ CHECK(signature_length > 0); -+ -+ /* Verify the signature */ -+ status = m_crypto_client->verify_message(key_id, -+ PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), message, sizeof(message), -+ signature, signature_length); -+ CHECK_EQUAL(PSA_SUCCESS, status); -+ -+ /* Change the message and expect verify to fail */ -+ message[0] = 0x72; -+ status = m_crypto_client->verify_message(key_id, -+ PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), message, sizeof(message), -+ signature, signature_length); -+ CHECK_EQUAL(PSA_ERROR_INVALID_SIGNATURE, status); -+ -+ /* Remove the key */ -+ status = m_crypto_client->destroy_key(key_id); -+ CHECK_EQUAL(PSA_SUCCESS, status); -+} -+ - void crypto_service_scenarios::signAndVerifyEat() - { - /* Sign and verify a hash using EAT key type and algorithm */ -@@ -348,7 +398,7 @@ void crypto_service_scenarios::asymEncryptDecrypt() - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id; - -- psa_set_key_id(&attributes, 14); -+ psa_set_key_id(&attributes, 15); - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); - psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT); - psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR); -@@ -394,7 +444,7 @@ void crypto_service_scenarios::asymEncryptDecryptWithSalt() - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id; - -- psa_set_key_id(&attributes, 15); -+ psa_set_key_id(&attributes, 16); - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); - psa_set_key_algorithm(&attributes, PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR); -diff --git a/components/service/crypto/test/service/crypto_service_scenarios.h b/components/service/crypto/test/service/crypto_service_scenarios.h -index c65eba26..23671644 100644 ---- a/components/service/crypto/test/service/crypto_service_scenarios.h -+++ b/components/service/crypto/test/service/crypto_service_scenarios.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -24,6 +24,7 @@ public: - void asymEncryptDecrypt(); - void asymEncryptDecryptWithSalt(); - void signAndVerifyHash(); -+ void signAndVerifyMessage(); - void signAndVerifyEat(); - void exportAndImportKeyPair(); - void exportPublicKey(); -diff --git a/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp b/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp -index 79eddfbb..ea238432 100644 ---- a/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp -+++ b/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -87,6 +87,11 @@ TEST(CryptoServicePackedcTests, signAndVerifyHash) - m_scenarios->signAndVerifyHash(); - } - -+TEST(CryptoServicePackedcTests, signAndVerifyMessage) -+{ -+ m_scenarios->signAndVerifyMessage(); -+} -+ - TEST(CryptoServicePackedcTests, signAndVerifyEat) - { - m_scenarios->signAndVerifyEat(); -diff --git a/components/service/crypto/test/service/protobuf/crypto_service_protobuf_tests.cpp b/components/service/crypto/test/service/protobuf/crypto_service_protobuf_tests.cpp -index 1230752c..c172ad4a 100644 ---- a/components/service/crypto/test/service/protobuf/crypto_service_protobuf_tests.cpp -+++ b/components/service/crypto/test/service/protobuf/crypto_service_protobuf_tests.cpp -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -77,6 +77,11 @@ TEST(CryptoServiceProtobufTests, signAndVerifyHash) - m_scenarios->signAndVerifyHash(); - } - -+TEST(CryptoServiceProtobufTests, signAndVerifyMessage) -+{ -+ m_scenarios->signAndVerifyMessage(); -+} -+ - TEST(CryptoServiceProtobufTests, asymEncryptDecrypt) - { - m_scenarios->asymEncryptDecrypt(); -diff --git a/protocols/service/crypto/packed-c/opcodes.h b/protocols/service/crypto/packed-c/opcodes.h -index a07bd57e..5aebf2fa 100644 ---- a/protocols/service/crypto/packed-c/opcodes.h -+++ b/protocols/service/crypto/packed-c/opcodes.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -25,6 +25,8 @@ - #define TS_CRYPTO_OPCODE_COPY_KEY (TS_CRYPTO_OPCODE_BASE + 13) - #define TS_CRYPTO_OPCODE_PURGE_KEY (TS_CRYPTO_OPCODE_BASE + 14) - #define TS_CRYPTO_OPCODE_GET_KEY_ATTRIBUTES (TS_CRYPTO_OPCODE_BASE + 15) -+#define TS_CRYPTO_OPCODE_SIGN_MESSAGE (TS_CRYPTO_OPCODE_BASE + 16) -+#define TS_CRYPTO_OPCODE_VERIFY_MESSAGE (TS_CRYPTO_OPCODE_BASE + 17) - - /* Hash operations */ - #define TS_CRYPTO_OPCODE_HASH_BASE (0x0200) -diff --git a/protocols/service/crypto/protobuf/opcodes.proto b/protocols/service/crypto/protobuf/opcodes.proto -index 094d3a02..ef64d044 100644 ---- a/protocols/service/crypto/protobuf/opcodes.proto -+++ b/protocols/service/crypto/protobuf/opcodes.proto -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * SPDX-License-Identifier: BSD-3-Clause - */ - syntax = "proto3"; -@@ -18,4 +18,6 @@ enum Opcode { - ASYMMETRIC_DECRYPT = 0x010a; - ASYMMETRIC_ENCRYPT = 0x010b; - GENERATE_RANDOM = 0x010c; -+ SIGN_MESSAGE = 0x0110; -+ VERIFY_MESSAGE = 0x0111; - } diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0037-Add-defence-against-uninitialised-multi-part-transac.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0037-Add-defence-against-uninitialised-multi-part-transac.patch deleted file mode 100644 index a56e0f88..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0037-Add-defence-against-uninitialised-multi-part-transac.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 9a83c32964ee2b1ecb7b36b4c08466202efd3bf2 Mon Sep 17 00:00:00 2001 -From: Julian Hall -Date: Fri, 11 Feb 2022 14:19:26 +0000 -Subject: [PATCH] Add defence against uninitialised multi-part transaction - -Adds checks for the condition where there is an attempt to -setup a multi-part transaction without first initialising -transaction state. - -Signed-off-by: Julian Hall -Change-Id: I754479260fed0490d8f32b41a077d26028dc9903 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras - - ---- - components/service/crypto/client/psa/psa_cipher.c | 14 +++++++++++++- - components/service/crypto/client/psa/psa_hash.c | 8 +++++++- - components/service/crypto/client/psa/psa_mac.c | 10 ++++++++-- - 3 files changed, 28 insertions(+), 4 deletions(-) - -diff --git a/components/service/crypto/client/psa/psa_cipher.c b/components/service/crypto/client/psa/psa_cipher.c -index 70836ea6..3ab8ea21 100644 ---- a/components/service/crypto/client/psa/psa_cipher.c -+++ b/components/service/crypto/client/psa/psa_cipher.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -13,6 +13,12 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, - psa_key_id_t key, - psa_algorithm_t alg) - { -+ if (psa_crypto_client_instance.init_status != PSA_SUCCESS) -+ return psa_crypto_client_instance.init_status; -+ -+ if (operation->handle) -+ return PSA_ERROR_BAD_STATE; -+ - return crypto_caller_cipher_encrypt_setup(&psa_crypto_client_instance.base, - &operation->handle, - key, alg); -@@ -22,6 +28,12 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, - psa_key_id_t key, - psa_algorithm_t alg) - { -+ if (psa_crypto_client_instance.init_status != PSA_SUCCESS) -+ return psa_crypto_client_instance.init_status; -+ -+ if (operation->handle) -+ return PSA_ERROR_BAD_STATE; -+ - return crypto_caller_cipher_decrypt_setup(&psa_crypto_client_instance.base, - &operation->handle, - key, alg); -diff --git a/components/service/crypto/client/psa/psa_hash.c b/components/service/crypto/client/psa/psa_hash.c -index 7005c390..83278de6 100644 ---- a/components/service/crypto/client/psa/psa_hash.c -+++ b/components/service/crypto/client/psa/psa_hash.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -14,6 +14,9 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation, - if (psa_crypto_client_instance.init_status != PSA_SUCCESS) - return psa_crypto_client_instance.init_status; - -+ if (operation->handle) -+ return PSA_ERROR_BAD_STATE; -+ - return crypto_caller_hash_setup(&psa_crypto_client_instance.base, - &operation->handle, alg); - } -@@ -55,6 +58,9 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation, - psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, - psa_hash_operation_t *target_operation) - { -+ if (target_operation->handle) -+ return PSA_ERROR_BAD_STATE; -+ - return crypto_caller_hash_clone(&psa_crypto_client_instance.base, - source_operation->handle, - &target_operation->handle); -diff --git a/components/service/crypto/client/psa/psa_mac.c b/components/service/crypto/client/psa/psa_mac.c -index 5efa1c4d..5c5eb32a 100644 ---- a/components/service/crypto/client/psa/psa_mac.c -+++ b/components/service/crypto/client/psa/psa_mac.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -16,6 +16,9 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, - if (psa_crypto_client_instance.init_status != PSA_SUCCESS) - return psa_crypto_client_instance.init_status; - -+ if (operation->handle) -+ return PSA_ERROR_BAD_STATE; -+ - return crypto_caller_mac_sign_setup(&psa_crypto_client_instance.base, - &operation->handle, - key, alg); -@@ -28,7 +31,10 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, - if (psa_crypto_client_instance.init_status != PSA_SUCCESS) - return psa_crypto_client_instance.init_status; - -- return crypto_caller_mac_sign_setup(&psa_crypto_client_instance.base, -+ if (operation->handle) -+ return PSA_ERROR_BAD_STATE; -+ -+ return crypto_caller_mac_verify_setup(&psa_crypto_client_instance.base, - &operation->handle, - key, alg); - } diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0038-Integrate-AEAD-operation-support.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0038-Integrate-AEAD-operation-support.patch deleted file mode 100644 index 2ad1efb7..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0038-Integrate-AEAD-operation-support.patch +++ /dev/null @@ -1,521 +0,0 @@ -From 00b4f777b377c69f948f5a9d68cbfc8fa8c38a86 Mon Sep 17 00:00:00 2001 -From: Julian Hall -Date: Fri, 11 Feb 2022 14:24:53 +0000 -Subject: [PATCH] Integrate AEAD operation support - -Resolves issues and integrates AEAD support into the crypto service -provider and clients. - -Signed-off-by: Julian Hall -Change-Id: I5fbe78a2dd825f592e26fd665f60c18b576f9de9 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras - - ---- - .../caller/packed-c/crypto_caller_aead.h | 70 +++--- - .../client/caller/stub/crypto_caller_aead.h | 12 +- - .../service/crypto/client/psa/psa_aead.c | 221 +++++++++++++++--- - .../factory/full/crypto_provider_factory.c | 16 +- - .../component-test/component-test.cmake | 4 +- - deployments/crypto/opteesp/CMakeLists.txt | 4 +- - deployments/libts/linux-pc/CMakeLists.txt | 4 +- - deployments/se-proxy/opteesp/CMakeLists.txt | 4 +- - 8 files changed, 263 insertions(+), 72 deletions(-) - -diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h -index 3d9947d5..c4ffb20c 100644 ---- a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h -+++ b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -20,38 +20,6 @@ - extern "C" { - #endif - --static inline psa_status_t crypto_caller_aead_encrypt(struct service_client *context, -- psa_key_id_t key, -- psa_algorithm_t alg, -- const uint8_t *nonce, -- size_t nonce_length, -- const uint8_t *additional_data, -- size_t additional_data_length, -- const uint8_t *plaintext, -- size_t plaintext_length, -- uint8_t *aeadtext, -- size_t aeadtext_size, -- size_t *aeadtext_length) --{ -- return PSA_ERROR_NOT_SUPPORTED; --} -- --static inline psa_status_t crypto_caller_aead_decrypt(struct service_client *context, -- psa_key_id_t key, -- psa_algorithm_t alg, -- const uint8_t *nonce, -- size_t nonce_length, -- const uint8_t *additional_data, -- size_t additional_data_length, -- const uint8_t *aeadtext, -- size_t aeadtext_length, -- uint8_t *plaintext, -- size_t plaintext_size, -- size_t *plaintext_length) --{ -- return PSA_ERROR_NOT_SUPPORTED; --} -- - static inline psa_status_t common_aead_setup(struct service_client *context, - uint32_t *op_handle, - psa_key_id_t key, -@@ -247,7 +215,7 @@ static inline psa_status_t crypto_caller_aead_set_lengths(struct service_client - { - psa_status_t psa_status = PSA_ERROR_GENERIC_ERROR; - struct ts_crypto_aead_set_lengths_in req_msg; -- size_t req_fixed_len = sizeof(struct ts_crypto_aead_abort_in); -+ size_t req_fixed_len = sizeof(struct ts_crypto_aead_set_lengths_in); - size_t req_len = req_fixed_len; - - req_msg.op_handle = op_handle; -@@ -611,6 +579,40 @@ static inline psa_status_t crypto_caller_aead_abort(struct service_client *conte - return psa_status; - } - -+/** -+ * The maximum data length that may be carried in an update operation will be -+ * constrained by the maximum call payload capacity imposed by the end-to-end -+ * RPC call path. These functions return the maximum update size when serialization -+ * overheads are considered. This allows large paylaods to be processed in -+ * maximum size chunks. -+ */ -+static inline size_t crypto_caller_aead_max_update_ad_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes of additional data that may be -+ * carried as a parameter of the aead_update_ad operation -+ * using the packed-c encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = sizeof(struct ts_crypto_aead_update_ad_in) + TLV_HDR_LEN; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; -+} -+ -+static inline size_t crypto_caller_aead_max_update_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the aead_update operation -+ * using the packed-c encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = sizeof(struct ts_crypto_aead_update_in) + TLV_HDR_LEN; -+ -+ /* Allow for output to be a whole number of blocks */ -+ overhead += PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; -+} -+ - #ifdef __cplusplus - } - #endif -diff --git a/components/service/crypto/client/caller/stub/crypto_caller_aead.h b/components/service/crypto/client/caller/stub/crypto_caller_aead.h -index 18aa8cec..455e7ac1 100644 ---- a/components/service/crypto/client/caller/stub/crypto_caller_aead.h -+++ b/components/service/crypto/client/caller/stub/crypto_caller_aead.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -135,6 +135,16 @@ static inline psa_status_t crypto_caller_aead_abort(struct service_client *conte - return PSA_ERROR_NOT_SUPPORTED; - } - -+static inline size_t crypto_caller_aead_max_update_ad_size(const struct service_client *context) -+{ -+ return 0; -+} -+ -+static inline size_t crypto_caller_aead_max_update_size(const struct service_client *context) -+{ -+ return 0; -+} -+ - #ifdef __cplusplus - } - #endif -diff --git a/components/service/crypto/client/psa/psa_aead.c b/components/service/crypto/client/psa/psa_aead.c -index 22fd3da1..e4579e63 100644 ---- a/components/service/crypto/client/psa/psa_aead.c -+++ b/components/service/crypto/client/psa/psa_aead.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -8,37 +8,6 @@ - #include "psa_crypto_client.h" - #include "crypto_caller_selector.h" - -- --psa_status_t psa_aead_encrypt(psa_key_id_t key, -- psa_algorithm_t alg, -- const uint8_t *nonce, -- size_t nonce_length, -- const uint8_t *additional_data, -- size_t additional_data_length, -- const uint8_t *plaintext, -- size_t plaintext_length, -- uint8_t *aeadtext, -- size_t aeadtext_size, -- size_t *aeadtext_length) --{ -- return PSA_ERROR_NOT_SUPPORTED; --} -- --psa_status_t psa_aead_decrypt(psa_key_id_t key, -- psa_algorithm_t alg, -- const uint8_t *nonce, -- size_t nonce_length, -- const uint8_t *additional_data, -- size_t additional_data_length, -- const uint8_t *aeadtext, -- size_t aeadtext_length, -- uint8_t *plaintext, -- size_t plaintext_size, -- size_t *plaintext_length) --{ -- return PSA_ERROR_NOT_SUPPORTED; --} -- - psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, - psa_key_id_t key, - psa_algorithm_t alg) -@@ -143,3 +112,191 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation) - return crypto_caller_aead_abort(&psa_crypto_client_instance.base, - operation->handle); - } -+ -+static psa_status_t multi_aead_update_ad(psa_aead_operation_t *operation, -+ const uint8_t *input, -+ size_t input_length) -+{ -+ psa_status_t psa_status = PSA_SUCCESS; -+ size_t max_update_size = -+ crypto_caller_aead_max_update_ad_size(&psa_crypto_client_instance.base); -+ size_t bytes_input = 0; -+ -+ if (!max_update_size) { -+ -+ /* Don't know the max update size so assume that the entire -+ * input and output can be handled in a single update. If -+ * this isn't true, the first aead update operation will fail -+ * safely. -+ */ -+ max_update_size = input_length; -+ } -+ -+ while (bytes_input < input_length) { -+ -+ size_t bytes_remaining = input_length - bytes_input; -+ size_t update_len = (bytes_remaining < max_update_size) ? -+ bytes_remaining : -+ max_update_size; -+ -+ psa_status = psa_aead_update_ad(operation, -+ &input[bytes_input], update_len); -+ -+ if (psa_status != PSA_SUCCESS) break; -+ -+ bytes_input += update_len; -+ } -+ -+ return psa_status; -+} -+ -+static psa_status_t multi_aead_update(psa_aead_operation_t *operation, -+ const uint8_t *input, -+ size_t input_length, -+ uint8_t *output, -+ size_t output_size, -+ size_t *output_length) -+{ -+ psa_status_t psa_status = PSA_SUCCESS; -+ size_t max_update_size = -+ crypto_caller_aead_max_update_size(&psa_crypto_client_instance.base); -+ size_t bytes_input = 0; -+ size_t bytes_output = 0; -+ -+ *output_length = 0; -+ -+ if (!max_update_size) { -+ -+ /* Don't know the max update size so assume that the entire -+ * input and output can be handled in a single update. If -+ * this isn't true, the first aead update operation will fail -+ * safely. -+ */ -+ max_update_size = input_length; -+ } -+ -+ while ((bytes_input < input_length) && (bytes_output < output_size)) { -+ -+ size_t update_output_len = 0; -+ size_t bytes_remaining = input_length - bytes_input; -+ size_t update_len = (bytes_remaining < max_update_size) ? -+ bytes_remaining : -+ max_update_size; -+ -+ psa_status = psa_aead_update(operation, -+ &input[bytes_input], update_len, -+ &output[bytes_output], output_size - bytes_output, &update_output_len); -+ -+ if (psa_status != PSA_SUCCESS) break; -+ -+ bytes_input += update_len; -+ bytes_output += update_output_len; -+ } -+ -+ if (psa_status == PSA_SUCCESS) { -+ -+ *output_length = bytes_output; -+ } -+ -+ return psa_status; -+} -+ -+psa_status_t psa_aead_encrypt(psa_key_id_t key, -+ psa_algorithm_t alg, -+ const uint8_t *nonce, -+ size_t nonce_length, -+ const uint8_t *additional_data, -+ size_t additional_data_length, -+ const uint8_t *plaintext, -+ size_t plaintext_length, -+ uint8_t *aeadtext, -+ size_t aeadtext_size, -+ size_t *aeadtext_length) -+{ -+ psa_aead_operation_t operation = psa_aead_operation_init(); -+ size_t bytes_output = 0; -+ *aeadtext_length = 0; -+ -+ psa_status_t psa_status = psa_aead_encrypt_setup(&operation, key, alg); -+ if (psa_status != PSA_SUCCESS) return psa_status; -+ -+ if ((psa_status = psa_aead_set_lengths(&operation, additional_data_length, plaintext_length), -+ psa_status == PSA_SUCCESS) && -+ (psa_status = psa_aead_set_nonce(&operation, nonce, nonce_length), -+ psa_status == PSA_SUCCESS) && -+ (psa_status = multi_aead_update_ad(&operation, additional_data, additional_data_length), -+ psa_status == PSA_SUCCESS) && -+ (psa_status = multi_aead_update(&operation, plaintext, plaintext_length, -+ aeadtext, aeadtext_size, &bytes_output), -+ psa_status == PSA_SUCCESS)) -+ { -+ size_t remaining_aead_len = 0; -+ size_t tag_len = 0; -+ -+ psa_status = psa_aead_finish(&operation, -+ NULL, 0, &remaining_aead_len, -+ &aeadtext[bytes_output], aeadtext_size - bytes_output, &tag_len); -+ -+ if (psa_status == PSA_SUCCESS) { -+ -+ *aeadtext_length = bytes_output + remaining_aead_len + tag_len; -+ } -+ } -+ else { -+ -+ psa_aead_abort(&operation); -+ } -+ -+ return psa_status; -+} -+ -+psa_status_t psa_aead_decrypt(psa_key_id_t key, -+ psa_algorithm_t alg, -+ const uint8_t *nonce, -+ size_t nonce_length, -+ const uint8_t *additional_data, -+ size_t additional_data_length, -+ const uint8_t *aeadtext, -+ size_t aeadtext_length, -+ uint8_t *plaintext, -+ size_t plaintext_size, -+ size_t *plaintext_length) -+{ -+ psa_aead_operation_t operation = psa_aead_operation_init(); -+ size_t bytes_output = 0; -+ *plaintext_length = 0; -+ -+ psa_status_t psa_status = psa_aead_decrypt_setup(&operation, key, alg); -+ if (psa_status != PSA_SUCCESS) return psa_status; -+ -+ size_t tag_len = PSA_ALG_AEAD_GET_TAG_LENGTH(alg); -+ size_t ciphertext_len = (aeadtext_length > tag_len) ? aeadtext_length - tag_len : 0; -+ -+ if ((psa_status = psa_aead_set_lengths(&operation, additional_data_length, ciphertext_len), -+ psa_status == PSA_SUCCESS) && -+ (psa_status = psa_aead_set_nonce(&operation, nonce, nonce_length), -+ psa_status == PSA_SUCCESS) && -+ (psa_status = multi_aead_update_ad(&operation, additional_data, additional_data_length), -+ psa_status == PSA_SUCCESS) && -+ (psa_status = multi_aead_update(&operation, aeadtext, ciphertext_len, -+ plaintext, plaintext_size, &bytes_output), -+ psa_status == PSA_SUCCESS)) -+ { -+ size_t remaining_plaintext_len = 0; -+ -+ psa_status = psa_aead_verify(&operation, -+ NULL, 0, &remaining_plaintext_len, -+ &aeadtext[bytes_output], aeadtext_length - bytes_output); -+ -+ if (psa_status == PSA_SUCCESS) { -+ -+ *plaintext_length = bytes_output + remaining_plaintext_len; -+ } -+ } -+ else { -+ -+ psa_aead_abort(&operation); -+ } -+ -+ return psa_status; -+} -diff --git a/components/service/crypto/factory/full/crypto_provider_factory.c b/components/service/crypto/factory/full/crypto_provider_factory.c -index 2d926eb6..ee2b4473 100644 ---- a/components/service/crypto/factory/full/crypto_provider_factory.c -+++ b/components/service/crypto/factory/full/crypto_provider_factory.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - * -@@ -17,6 +17,8 @@ - #include - #include - #include -+#include -+#include - #include - #include - -@@ -34,6 +36,7 @@ static struct full_crypto_provider - struct cipher_provider cipher_provider; - struct key_derivation_provider key_derivation_provider; - struct mac_provider mac_provider; -+ struct aead_provider aead_provider; - - } instance; - -@@ -98,6 +101,17 @@ struct crypto_provider *crypto_provider_factory_create(void) - crypto_provider_extend(&instance.crypto_provider, - &instance.mac_provider.base_provider); - -+ /** -+ * Extend with aead operations -+ */ -+ aead_provider_init(&instance.aead_provider); -+ -+ aead_provider_register_serializer(&instance.aead_provider, -+ TS_RPC_ENCODING_PACKED_C, packedc_aead_provider_serializer_instance()); -+ -+ crypto_provider_extend(&instance.crypto_provider, -+ &instance.aead_provider.base_provider); -+ - return &instance.crypto_provider; - } - -diff --git a/deployments/component-test/component-test.cmake b/deployments/component-test/component-test.cmake -index a0233c34..c3b015ab 100644 ---- a/deployments/component-test/component-test.cmake -+++ b/deployments/component-test/component-test.cmake -@@ -1,5 +1,5 @@ - #------------------------------------------------------------------------------- --# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+# Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - # - # SPDX-License-Identifier: BSD-3-Clause - # -@@ -85,6 +85,8 @@ add_components( - "components/service/crypto/provider/extension/key_derivation/serializer/packed-c" - "components/service/crypto/provider/extension/mac" - "components/service/crypto/provider/extension/mac/serializer/packed-c" -+ "components/service/crypto/provider/extension/aead" -+ "components/service/crypto/provider/extension/aead/serializer/packed-c" - "components/service/crypto/provider/test" - "components/service/crypto/backend/mbedcrypto" - "components/service/crypto/factory/full" -diff --git a/deployments/crypto/opteesp/CMakeLists.txt b/deployments/crypto/opteesp/CMakeLists.txt -index 8ada74e9..eb5d0847 100644 ---- a/deployments/crypto/opteesp/CMakeLists.txt -+++ b/deployments/crypto/opteesp/CMakeLists.txt -@@ -1,5 +1,5 @@ - #------------------------------------------------------------------------------- --# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+# Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - # - # SPDX-License-Identifier: BSD-3-Clause - # -@@ -62,6 +62,8 @@ add_components(TARGET "crypto-sp" - "components/service/crypto/provider/extension/key_derivation/serializer/packed-c" - "components/service/crypto/provider/extension/mac" - "components/service/crypto/provider/extension/mac/serializer/packed-c" -+ "components/service/crypto/provider/extension/aead" -+ "components/service/crypto/provider/extension/aead/serializer/packed-c" - "components/service/crypto/factory/full" - "components/service/crypto/backend/mbedcrypto" - "components/service/crypto/backend/mbedcrypto/trng_adapter/platform" -diff --git a/deployments/libts/linux-pc/CMakeLists.txt b/deployments/libts/linux-pc/CMakeLists.txt -index fc98407c..97eaaa73 100644 ---- a/deployments/libts/linux-pc/CMakeLists.txt -+++ b/deployments/libts/linux-pc/CMakeLists.txt -@@ -1,5 +1,5 @@ - #------------------------------------------------------------------------------- --# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+# Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - # - # SPDX-License-Identifier: BSD-3-Clause - # -@@ -71,6 +71,8 @@ add_components( - "components/service/crypto/provider/extension/key_derivation/serializer/packed-c" - "components/service/crypto/provider/extension/mac" - "components/service/crypto/provider/extension/mac/serializer/packed-c" -+ "components/service/crypto/provider/extension/aead" -+ "components/service/crypto/provider/extension/aead/serializer/packed-c" - "components/service/crypto/factory/full" - "components/service/crypto/backend/mbedcrypto" - "components/service/crypto/backend/mbedcrypto/trng_adapter/linux" -diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt -index 953bb716..24a8ca65 100644 ---- a/deployments/se-proxy/opteesp/CMakeLists.txt -+++ b/deployments/se-proxy/opteesp/CMakeLists.txt -@@ -1,5 +1,5 @@ - #------------------------------------------------------------------------------- --# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - # - # SPDX-License-Identifier: BSD-3-Clause - # -@@ -70,6 +70,8 @@ add_components(TARGET "se-proxy" - "components/service/crypto/provider/extension/key_derivation/serializer/packed-c" - "components/service/crypto/provider/extension/mac" - "components/service/crypto/provider/extension/mac/serializer/packed-c" -+ "components/service/crypto/provider/extension/aead" -+ "components/service/crypto/provider/extension/aead/serializer/packed-c" - "components/service/crypto/factory/full" - "components/service/secure_storage/include" - "components/service/secure_storage/frontend/secure_storage_provider" diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0039-Add-IV-generation-to-one-shot-cipher-operation.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0039-Add-IV-generation-to-one-shot-cipher-operation.patch deleted file mode 100644 index 0c93a26c..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0039-Add-IV-generation-to-one-shot-cipher-operation.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 43388a8e071980d9146f935f486a859d0a04322b Mon Sep 17 00:00:00 2001 -From: Julian Hall -Date: Tue, 15 Feb 2022 15:46:58 +0000 -Subject: [PATCH] Add IV generation to one-shot cipher operation - -The functions psa_cipher_encrypt and psa_cipher_decrypt are -one-shot operations that can take an arbitrary sized input. -These operations are implemented as client-side functions -that use multi-part cipher operations to allow large inputs -to be handled. The existing implementations were missing the -generation and setting of the IV at the start of the data. -This was leading to PSA Arch test failures (248 & 249). This -commit adds the missing IV handling and resolves the test -failures. - -Signed-off-by: Julian Hall -Change-Id: I4afb555ee7062ebb387e5bb27fb1e082288ad8c7 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras - - ---- - .../service/crypto/client/psa/psa_cipher.c | 40 +++++++++++++++---- - 1 file changed, 33 insertions(+), 7 deletions(-) - -diff --git a/components/service/crypto/client/psa/psa_cipher.c b/components/service/crypto/client/psa/psa_cipher.c -index 3ab8ea21..111af829 100644 ---- a/components/service/crypto/client/psa/psa_cipher.c -+++ b/components/service/crypto/client/psa/psa_cipher.c -@@ -8,7 +8,6 @@ - #include "psa_crypto_client.h" - #include "crypto_caller_selector.h" - -- - psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, - psa_key_id_t key, - psa_algorithm_t alg) -@@ -171,9 +170,16 @@ psa_status_t psa_cipher_encrypt(psa_key_id_t key, - - if (psa_status == PSA_SUCCESS) { - -+ size_t ciphertext_len = 0; -+ size_t iv_len = 0; -+ -+ psa_cipher_generate_iv(&operation, output, output_size, &iv_len); -+ - psa_status = multi_cipher_update(&operation, - input, input_length, -- output, output_size, output_length); -+ &output[iv_len], output_size - iv_len, &ciphertext_len); -+ -+ *output_length = iv_len + ciphertext_len; - } - - return psa_status; -@@ -187,14 +193,34 @@ psa_status_t psa_cipher_decrypt(psa_key_id_t key, - size_t output_size, - size_t *output_length) - { -- psa_cipher_operation_t operation = psa_cipher_operation_init(); -- psa_status_t psa_status = psa_cipher_decrypt_setup(&operation, key, alg); -+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; -+ psa_status_t psa_status = psa_get_key_attributes(key, &attributes); - - if (psa_status == PSA_SUCCESS) { - -- psa_status = multi_cipher_update(&operation, -- input, input_length, -- output, output_size, output_length); -+ psa_cipher_operation_t operation = psa_cipher_operation_init(); -+ psa_status = psa_cipher_decrypt_setup(&operation, key, alg); -+ -+ if (psa_status == PSA_SUCCESS) { -+ -+ size_t iv_len = PSA_CIPHER_IV_LENGTH(psa_get_key_type(&attributes), alg); -+ -+ if (input_length >= iv_len) { -+ -+ psa_cipher_set_iv(&operation, input, iv_len); -+ -+ psa_status = multi_cipher_update(&operation, -+ &input[iv_len], input_length - iv_len, -+ output, output_size, output_length); -+ } -+ else { -+ -+ psa_cipher_abort(&operation); -+ psa_status = PSA_ERROR_INVALID_ARGUMENT; -+ } -+ } -+ -+ psa_reset_key_attributes(&attributes); - } - - return psa_status; diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0040-Fix-multi-part-termination-on-error.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0040-Fix-multi-part-termination-on-error.patch deleted file mode 100644 index bdafcead..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0040-Fix-multi-part-termination-on-error.patch +++ /dev/null @@ -1,241 +0,0 @@ -From 07277e2ab4b54e5844c28f0cb33e64a91aa5f492 Mon Sep 17 00:00:00 2001 -From: Julian Hall -Date: Wed, 16 Feb 2022 10:37:04 +0000 -Subject: [PATCH] Fix multi-part termination on error - -For multi-part operations, the PSA Crypto API specifies that if -the final operation does not return PSA_SUCCESS, the abort -operaion must be called by a client to clean-up the operation. -This change modifies behaviour in-line with the API definition. - -Signed-off-by: Julian Hall -Change-Id: Ia3d3ec004164647a7ab5988cac45c39c22e76e9a - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras - - ---- - components/service/crypto/client/psa/psa_aead.c | 8 ++++++++ - components/service/crypto/client/psa/psa_cipher.c | 4 ++++ - components/service/crypto/client/psa/psa_hash.c | 10 ++++++++++ - components/service/crypto/client/psa/psa_mac.c | 10 ++++++++++ - .../crypto/provider/extension/aead/aead_provider.c | 10 +++++----- - .../provider/extension/cipher/cipher_provider.c | 6 +++--- - .../crypto/provider/extension/hash/hash_provider.c | 6 +++--- - .../crypto/provider/extension/mac/mac_provider.c | 11 +++++++---- - 8 files changed, 50 insertions(+), 15 deletions(-) - -diff --git a/components/service/crypto/client/psa/psa_aead.c b/components/service/crypto/client/psa/psa_aead.c -index e4579e63..559eb6a3 100644 ---- a/components/service/crypto/client/psa/psa_aead.c -+++ b/components/service/crypto/client/psa/psa_aead.c -@@ -241,6 +241,10 @@ psa_status_t psa_aead_encrypt(psa_key_id_t key, - - *aeadtext_length = bytes_output + remaining_aead_len + tag_len; - } -+ else { -+ -+ psa_aead_abort(&operation); -+ } - } - else { - -@@ -292,6 +296,10 @@ psa_status_t psa_aead_decrypt(psa_key_id_t key, - - *plaintext_length = bytes_output + remaining_plaintext_len; - } -+ else { -+ -+ psa_aead_abort(&operation); -+ } - } - else { - -diff --git a/components/service/crypto/client/psa/psa_cipher.c b/components/service/crypto/client/psa/psa_cipher.c -index 111af829..4e4264b6 100644 ---- a/components/service/crypto/client/psa/psa_cipher.c -+++ b/components/service/crypto/client/psa/psa_cipher.c -@@ -146,6 +146,10 @@ static psa_status_t multi_cipher_update(psa_cipher_operation_t *operation, - - *output_length = bytes_output + finish_output_len; - } -+ else { -+ -+ psa_cipher_abort(operation); -+ } - } - else { - -diff --git a/components/service/crypto/client/psa/psa_hash.c b/components/service/crypto/client/psa/psa_hash.c -index 83278de6..e5dd0030 100644 ---- a/components/service/crypto/client/psa/psa_hash.c -+++ b/components/service/crypto/client/psa/psa_hash.c -@@ -137,6 +137,11 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg, - if (psa_status == PSA_SUCCESS) { - - psa_status = psa_hash_verify(&operation, hash, hash_length); -+ -+ if (psa_status != PSA_SUCCESS) { -+ -+ psa_hash_abort(&operation); -+ } - } - - return psa_status; -@@ -155,6 +160,11 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg, - if (psa_status == PSA_SUCCESS) { - - psa_status = psa_hash_finish(&operation, hash, hash_size, hash_length); -+ -+ if (psa_status != PSA_SUCCESS) { -+ -+ psa_hash_abort(&operation); -+ } - } - - return psa_status; -diff --git a/components/service/crypto/client/psa/psa_mac.c b/components/service/crypto/client/psa/psa_mac.c -index 5c5eb32a..a3db8644 100644 ---- a/components/service/crypto/client/psa/psa_mac.c -+++ b/components/service/crypto/client/psa/psa_mac.c -@@ -129,6 +129,11 @@ psa_status_t psa_mac_verify(psa_key_id_t key, - if (psa_status == PSA_SUCCESS) { - - psa_status = psa_mac_verify_finish(&operation, mac, mac_length); -+ -+ if (psa_status != PSA_SUCCESS) { -+ -+ psa_mac_abort(&operation); -+ } - } - - return psa_status; -@@ -153,6 +158,11 @@ psa_status_t psa_mac_compute(psa_key_id_t key, - if (psa_status == PSA_SUCCESS) { - - psa_status = psa_mac_sign_finish(&operation, mac, mac_size, mac_length); -+ -+ if (psa_status != PSA_SUCCESS) { -+ -+ psa_mac_abort(&operation); -+ } - } - - return psa_status; -diff --git a/components/service/crypto/provider/extension/aead/aead_provider.c b/components/service/crypto/provider/extension/aead/aead_provider.c -index f4e81a03..14a25436 100644 ---- a/components/service/crypto/provider/extension/aead/aead_provider.c -+++ b/components/service/crypto/provider/extension/aead/aead_provider.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -369,9 +369,9 @@ static rpc_status_t aead_finish_handler(void *context, struct call_req *req) - rpc_status = serializer->serialize_aead_finish_resp(resp_buf, - ciphertext, ciphertext_len, - tag, tag_len); -- } - -- crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ } - } - - call_req_set_opstatus(req, psa_status); -@@ -418,9 +418,9 @@ static rpc_status_t aead_verify_handler(void *context, struct call_req *req) - struct call_param_buf *resp_buf = call_req_get_resp_buf(req); - rpc_status = serializer->serialize_aead_verify_resp(resp_buf, - plaintext, plaintext_len); -- } - -- crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ } - } - - call_req_set_opstatus(req, psa_status); -diff --git a/components/service/crypto/provider/extension/cipher/cipher_provider.c b/components/service/crypto/provider/extension/cipher/cipher_provider.c -index 8e7a86de..a5dd0371 100644 ---- a/components/service/crypto/provider/extension/cipher/cipher_provider.c -+++ b/components/service/crypto/provider/extension/cipher/cipher_provider.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -283,9 +283,9 @@ static rpc_status_t cipher_finish_handler(void *context, struct call_req* req) - - struct call_param_buf *resp_buf = call_req_get_resp_buf(req); - rpc_status = serializer->serialize_cipher_finish_resp(resp_buf, output, output_len); -- } - -- crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ } - } - - call_req_set_opstatus(req, psa_status); -diff --git a/components/service/crypto/provider/extension/hash/hash_provider.c b/components/service/crypto/provider/extension/hash/hash_provider.c -index 2c560513..fd39d440 100644 ---- a/components/service/crypto/provider/extension/hash/hash_provider.c -+++ b/components/service/crypto/provider/extension/hash/hash_provider.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -179,9 +179,9 @@ static rpc_status_t hash_finish_handler(void *context, struct call_req* req) - - struct call_param_buf *resp_buf = call_req_get_resp_buf(req); - rpc_status = serializer->serialize_hash_finish_resp(resp_buf, hash, hash_len); -- } - -- crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ } - } - - call_req_set_opstatus(req, psa_status); -diff --git a/components/service/crypto/provider/extension/mac/mac_provider.c b/components/service/crypto/provider/extension/mac/mac_provider.c -index 96fe4cf3..eef55586 100644 ---- a/components/service/crypto/provider/extension/mac/mac_provider.c -+++ b/components/service/crypto/provider/extension/mac/mac_provider.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -181,9 +181,9 @@ static rpc_status_t mac_sign_finish_handler(void *context, struct call_req* req) - - struct call_param_buf *resp_buf = call_req_get_resp_buf(req); - rpc_status = serializer->serialize_mac_sign_finish_resp(resp_buf, mac, mac_len); -- } - -- crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ } - } - - call_req_set_opstatus(req, psa_status); -@@ -220,7 +220,10 @@ static rpc_status_t mac_verify_finish_handler(void *context, struct call_req* re - - psa_status = psa_mac_verify_finish(&crypto_context->op.mac, mac, mac_len); - -- crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ if (psa_status == PSA_SUCCESS) { -+ -+ crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ } - } - - call_req_set_opstatus(req, psa_status); diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0041-Abort-AEAD-operation-if-client-provided-buffer-is-to.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0041-Abort-AEAD-operation-if-client-provided-buffer-is-to.patch deleted file mode 100644 index 6a11552d..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0041-Abort-AEAD-operation-if-client-provided-buffer-is-to.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 92987ec20beedb44d08d429947958c1c068d815c Mon Sep 17 00:00:00 2001 -From: Julian Hall -Date: Wed, 16 Feb 2022 11:36:09 +0000 -Subject: [PATCH] Abort AEAD operation if client provided buffer is too small - -To enable PSA Arch test c258 to pass, handling is added in the -PSA API client adaptor for AEAD (psa_aead.c) to abort an AEAD -operation if an update operation is performed but the client -provided buffer for the output is too small. - -Signed-off-by: Julian Hall -Change-Id: Ib4b26ebc0a83a8928e1b643fba4becd935f6deb0 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras - - ---- - components/service/crypto/client/psa/psa_aead.c | 14 +++++++++++++- - 1 file changed, 13 insertions(+), 1 deletion(-) - -diff --git a/components/service/crypto/client/psa/psa_aead.c b/components/service/crypto/client/psa/psa_aead.c -index 559eb6a3..c820d222 100644 ---- a/components/service/crypto/client/psa/psa_aead.c -+++ b/components/service/crypto/client/psa/psa_aead.c -@@ -74,10 +74,22 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation, - size_t output_size, - size_t *output_length) - { -- return crypto_caller_aead_update(&psa_crypto_client_instance.base, -+ psa_status_t status = crypto_caller_aead_update(&psa_crypto_client_instance.base, - operation->handle, - input, input_length, - output, output_size, output_length); -+ -+ /* -+ * If too small a buffer has been provided for the output, the operation -+ * state will have been updated but the result can't be put anywhere. This -+ * is an unrecoveral condition so abort the operation. -+ */ -+ if (status == PSA_ERROR_BUFFER_TOO_SMALL) { -+ -+ psa_aead_abort(operation); -+ } -+ -+ return status; - } - - psa_status_t psa_aead_finish(psa_aead_operation_t *operation, diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0042-Peg-to-updated-t_cose-version-fc3a4b2c.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0042-Peg-to-updated-t_cose-version-fc3a4b2c.patch deleted file mode 100644 index fedb79ce..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0042-Peg-to-updated-t_cose-version-fc3a4b2c.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 75c0689513e7da7fb26bf23c1da4e1aa49783d46 Mon Sep 17 00:00:00 2001 -From: Julian Hall -Date: Tue, 11 Jan 2022 09:43:52 +0000 -Subject: [PATCH] Peg to updated t_cose version fc3a4b2c - -The current version of TS fails to build due to a regression introduced -by a new t_cose version in the upstream project. -The issue is caused by the t_cose external component incorrectly using -tip of master as the upstream version id, which makes strict dependency -control impossible. Change the upstream version id to an SHA, to enable -controlling compatibility issues introduced by future upstream updates. - -At the same time update the dependency to the current latest version. -The upstream project is now compatile with mbedtls 3.0.0 API changes -so the previously required compatibility patch has been removed. - -Signed-off-by: Julian Hall -Change-Id: I9491a5210904cc369846da2af45b0f7e5913bed8 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras - - ---- - .../0002-add-tls3_0_0-compatibility.patch | 31 ------------------- - external/t_cose/t_cose.cmake | 5 ++- - 2 files changed, 2 insertions(+), 34 deletions(-) - delete mode 100644 external/t_cose/0002-add-tls3_0_0-compatibility.patch - -diff --git a/external/t_cose/0002-add-tls3_0_0-compatibility.patch b/external/t_cose/0002-add-tls3_0_0-compatibility.patch -deleted file mode 100644 -index 20a7d131..00000000 ---- a/external/t_cose/0002-add-tls3_0_0-compatibility.patch -+++ /dev/null -@@ -1,31 +0,0 @@ --diff --git a/crypto_adapters/t_cose_psa_crypto.c b/crypto_adapters/t_cose_psa_crypto.c --index 49c5b60..3aa7b58 100644 ----- a/crypto_adapters/t_cose_psa_crypto.c --+++ b/crypto_adapters/t_cose_psa_crypto.c --@@ -99,7 +99,7 @@ static enum t_cose_err_t psa_status_to_t_cose_error_signing(psa_status_t err) -- err == PSA_ERROR_INVALID_SIGNATURE ? T_COSE_ERR_SIG_VERIFY : -- err == PSA_ERROR_NOT_SUPPORTED ? T_COSE_ERR_UNSUPPORTED_SIGNING_ALG: -- err == PSA_ERROR_INSUFFICIENT_MEMORY ? T_COSE_ERR_INSUFFICIENT_MEMORY : --- err == PSA_ERROR_TAMPERING_DETECTED ? T_COSE_ERR_TAMPERING_DETECTED : --+ err == PSA_ERROR_CORRUPTION_DETECTED ? T_COSE_ERR_TAMPERING_DETECTED : -- T_COSE_ERR_SIG_FAIL; -- } -- --@@ -152,7 +152,7 @@ t_cose_crypto_pub_key_verify(int32_t cose_algorithm_id, -- * Crypto ceases providing backwards compatibility then this code -- * has to be changed to use psa_verify_hash(). -- */ --- psa_result = psa_asymmetric_verify(verification_key_psa, --+ psa_result = psa_verify_hash(verification_key_psa, -- psa_alg_id, -- hash_to_verify.ptr, -- hash_to_verify.len, --@@ -212,7 +212,7 @@ t_cose_crypto_pub_key_sign(int32_t cose_algorithm_id, -- * providing backwards compatibility then this code has to be -- * changed to use psa_sign_hash(). -- */ --- psa_result = psa_asymmetric_sign(signing_key_psa, --+ psa_result = psa_sign_hash(signing_key_psa, -- psa_alg_id, -- hash_to_sign.ptr, -- hash_to_sign.len, -diff --git a/external/t_cose/t_cose.cmake b/external/t_cose/t_cose.cmake -index 660824bd..9321466f 100644 ---- a/external/t_cose/t_cose.cmake -+++ b/external/t_cose/t_cose.cmake -@@ -1,5 +1,5 @@ - #------------------------------------------------------------------------------- --# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - # - # SPDX-License-Identifier: BSD-3-Clause - # -@@ -16,7 +16,7 @@ endif() - - # External component details - set(T_COSE_URL "https://github.com/laurencelundblade/t_cose.git" CACHE STRING "t_cose repository URL") --set(T_COSE_REFSPEC "master" CACHE STRING "t_cose git refspec") -+set(T_COSE_REFSPEC "fc3a4b2c7196ff582e8242de8bd4a1bc4eec577f" CACHE STRING "t_cose git refspec") - set(T_COSE_INSTALL_PATH "${CMAKE_CURRENT_BINARY_DIR}/t_cose_install" CACHE PATH "t_cose installation directory") - set(T_COSE_PACKAGE_PATH "${T_COSE_INSTALL_PATH}/libt_cose/cmake" CACHE PATH "t_cose CMake package directory") - -@@ -37,7 +37,6 @@ FetchContent_Declare( - - PATCH_COMMAND git stash - COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0001-add-install-definition.patch -- COMMAND git apply ${CMAKE_CURRENT_LIST_DIR}/0002-add-tls3_0_0-compatibility.patch - COMMAND git reset HEAD~1 - - ) diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0043-pass-sysroot_yocto.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0043-pass-sysroot_yocto.patch deleted file mode 100644 index 64ac0940..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0043-pass-sysroot_yocto.patch +++ /dev/null @@ -1,110 +0,0 @@ -From 24436d459ddde697c89ff947c821cec9c5e0906e Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath -Date: Wed, 16 Feb 2022 15:55:55 +0000 -Subject: [PATCH] pass sysroot_yocto - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras - - ---- - deployments/libts/libts-import.cmake | 3 +++ - external/MbedTLS/MbedTLS.cmake | 1 + - external/psa_arch_tests/psa_arch_tests.cmake | 25 +++++++++++++------- - 3 files changed, 20 insertions(+), 9 deletions(-) - -diff --git a/deployments/libts/libts-import.cmake b/deployments/libts/libts-import.cmake -index 792ba86c..b900ce3f 100644 ---- a/deployments/libts/libts-import.cmake -+++ b/deployments/libts/libts-import.cmake -@@ -27,9 +27,12 @@ set(LIBTS_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/libts-build" CACHE PATH - - file(MAKE_DIRECTORY ${LIBTS_BINARY_DIR}) - -+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --sysroot=${SYSROOT_YOCTO}") -+ - #Configure the library - execute_process(COMMAND - ${CMAKE_COMMAND} -+ -DCMAKE_SYSROOT=${SYSROOT_YOCTO} - -DCMAKE_INSTALL_PREFIX=${LIBTS_INSTALL_PATH} - -GUnix\ Makefiles - ${LIBTS_SOURCE_DIR} -diff --git a/external/MbedTLS/MbedTLS.cmake b/external/MbedTLS/MbedTLS.cmake -index 3350d8a0..33467cf0 100644 ---- a/external/MbedTLS/MbedTLS.cmake -+++ b/external/MbedTLS/MbedTLS.cmake -@@ -103,6 +103,7 @@ if (NOT MBEDCRYPTO_LIB_FILE) - execute_process(COMMAND - ${CMAKE_COMMAND} -E env CROSS_COMPILE=${CROSS_COMPILE} - ${CMAKE_COMMAND} -+ -DCMAKE_SYSROOT=${SYSROOT_YOCTO} - -DENABLE_PROGRAMS=OFF - -DENABLE_TESTING=OFF - -DUNSAFE_BUILD=ON -diff --git a/external/psa_arch_tests/psa_arch_tests.cmake b/external/psa_arch_tests/psa_arch_tests.cmake -index f6d2fb9f..42f73a37 100644 ---- a/external/psa_arch_tests/psa_arch_tests.cmake -+++ b/external/psa_arch_tests/psa_arch_tests.cmake -@@ -5,30 +5,33 @@ - # - #------------------------------------------------------------------------------- - --# Temporarily using modified tests used for tf-m verification -+# Determine the number of processes to run while running parallel builds. -+# Pass -DPROCESSOR_COUNT= to cmake to override. -+if(NOT DEFINED PROCESSOR_COUNT) -+ include(ProcessorCount) -+ ProcessorCount(PROCESSOR_COUNT) -+ set(PROCESSOR_COUNT ${PROCESSOR_COUNT} CACHE STRING "Number of cores to use for parallel builds.") -+endif() -+ - set(PSA_ARCH_TESTS_URL "https://github.com/bensze01/psa-arch-tests.git" CACHE STRING "psa-arch-tests repository URL") - set(PSA_ARCH_TESTS_REFSPEC "fix-multipart-aead" CACHE STRING "psa-arch-tests git refspec") -- --#set(PSA_ARCH_TESTS_URL "https://github.com/ARM-software/psa-arch-tests.git" CACHE STRING "psa-arch-tests repository URL") --#set(PSA_ARCH_TESTS_REFSPEC "2a1852252a9b9af655cbe02d5d3c930952d0d798" CACHE STRING "psa-arch-tests v22.01_API1.4_ADAC_BETA") - set(PSA_ARCH_TESTS_INSTALL_PATH "${CMAKE_CURRENT_BINARY_DIR}/psa-arch-tests_install" CACHE PATH "psa-arch-tests installation directory") - set(PSA_ARCH_TESTS_PACKAGE_PATH "${PSA_ARCH_TESTS_INSTALL_PATH}/libpsa-arch-tests/cmake" CACHE PATH "psa-arch-tests CMake package directory") --set(PSA_ARCH_TESTS_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/psa_arch_tests-src" CACHE PATH "psa-arch-tests source.") -+ -+include(FetchContent) - - # Checking git - find_program(GIT_COMMAND "git") - if (NOT GIT_COMMAND) - message(FATAL_ERROR "Please install git") - endif() -- -+if ("${PSA_ARCH_TESTS_PATH}" STREQUAL "DOWNLOAD") - # Fetching psa-arch-tests - FetchContent_Declare( - psa-arch-tests - GIT_REPOSITORY ${PSA_ARCH_TESTS_URL} - GIT_TAG ${PSA_ARCH_TESTS_REFSPEC} - GIT_SHALLOW TRUE -- PATCH_COMMAND git stash -- COMMAND git apply ${CMAKE_CURRENT_LIST_DIR}/modify_attest_config.patch - ) - - # FetchContent_GetProperties exports psa-arch-tests_SOURCE_DIR and psa-arch-tests_BINARY_DIR variables -@@ -37,7 +40,10 @@ if(NOT psa-arch-tests_POPULATED) - message(STATUS "Fetching psa-arch-tests") - FetchContent_Populate(psa-arch-tests) - endif() -- -+else() -+ set(psa-arch-tests_SOURCE_DIR "${TS_ROOT}/../psa-arch-tests") -+ set(psa-arch-tests_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}") -+endif() - # Ensure list of include paths is separated correctly - string(REPLACE ";" "\\;" PSA_ARCH_TESTS_EXTERNAL_INCLUDE_PATHS "${PSA_ARCH_TESTS_EXTERNAL_INCLUDE_PATHS}") - -@@ -47,6 +53,7 @@ string(REPLACE ";" " " PSA_ARCH_TEST_EXTERNAL_DEFS "${PSA_ARCH_TEST_EXTERNAL_DEF - # Configure the psa-arch-test library - execute_process(COMMAND - ${CMAKE_COMMAND} -+ -DCMAKE_SYSROOT=${SYSROOT_YOCTO} - -DTOOLCHAIN=INHERIT - -DCMAKE_TOOLCHAIN_FILE=${TS_EXTERNAL_LIB_TOOLCHAIN_FILE} - -DPSA_INCLUDE_PATHS=${PSA_ARCH_TESTS_EXTERNAL_INCLUDE_PATHS} diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0044-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0044-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch deleted file mode 100644 index 68d0a978..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0044-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 0a0007d594db2fceed413cd73e7f08dd8d8ddd57 Mon Sep 17 00:00:00 2001 -From: Satish Kumar -Date: Sun, 13 Feb 2022 09:01:10 +0000 -Subject: [PATCH] Fix: Crypto interface structure aligned with tf-m change. - -NO NEED TO RAISE PR: The PR for this FIX is raied by Emek. - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras - - ---- - components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -index c13c20e8..ec25eaf8 100644 ---- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -@@ -38,7 +38,8 @@ struct psa_ipc_crypto_pack_iovec { - * multipart operation - */ - uint32_t capacity; /*!< Key derivation capacity */ -- -+ uint32_t ad_length; /*!< Additional Data length for multipart AEAD */ -+ uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */ - struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for - * AEAD until the API is - * restructured diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0045-Integrate-remaining-psa-ipc-client-APIs.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0045-Integrate-remaining-psa-ipc-client-APIs.patch deleted file mode 100644 index a08ab32f..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0045-Integrate-remaining-psa-ipc-client-APIs.patch +++ /dev/null @@ -1,494 +0,0 @@ -From b8060d9e15b1b910cf9b466a3f43088c71d7a38f Mon Sep 17 00:00:00 2001 -From: Satish Kumar -Date: Sun, 13 Feb 2022 09:49:51 +0000 -Subject: [PATCH] Integrate remaining psa-ipc client APIs. - -Signed-off-by: Satish Kumar - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras - - ---- - .../caller/psa_ipc/crypto_caller_aead.h | 297 +++++++++++++++++- - .../caller/psa_ipc/crypto_caller_sign_hash.h | 35 +++ - .../psa_ipc/crypto_caller_verify_hash.h | 33 +- - 3 files changed, 352 insertions(+), 13 deletions(-) - -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -index 78517fe3..f6aadd8b 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -@@ -152,7 +152,27 @@ static inline psa_status_t crypto_caller_aead_encrypt_setup( - psa_key_id_t key, - psa_algorithm_t alg) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = (*op_handle), -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t)} -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; - } - - static inline psa_status_t crypto_caller_aead_decrypt_setup( -@@ -161,7 +181,26 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup( - psa_key_id_t key, - psa_algorithm_t alg) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = (*op_handle), -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t)} -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ return status; - } - - static inline psa_status_t crypto_caller_aead_generate_nonce( -@@ -171,7 +210,27 @@ static inline psa_status_t crypto_caller_aead_generate_nonce( - size_t nonce_size, - size_t *nonce_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID, -+ .op_handle = op_handle, -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, -+ {.base = psa_ptr_to_u32(nonce), .len = nonce_size} -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *nonce_length = out_vec[1].len; -+ return status; - } - - static inline psa_status_t crypto_caller_aead_set_nonce( -@@ -180,7 +239,25 @@ static inline psa_status_t crypto_caller_aead_set_nonce( - const uint8_t *nonce, - size_t nonce_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID, -+ .op_handle = op_handle, -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ {.base = psa_ptr_to_u32(nonce), .len = nonce_length} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)} -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ return status; - } - - static inline psa_status_t crypto_caller_aead_set_lengths( -@@ -189,7 +266,27 @@ static inline psa_status_t crypto_caller_aead_set_lengths( - size_t ad_length, - size_t plaintext_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID, -+ .ad_length = ad_length, -+ .plaintext_length = plaintext_length, -+ .op_handle = op_handle, -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)} -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; - } - - static inline psa_status_t crypto_caller_aead_update_ad( -@@ -198,7 +295,35 @@ static inline psa_status_t crypto_caller_aead_update_ad( - const uint8_t *input, - size_t input_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID, -+ .op_handle = op_handle, -+ }; -+ -+ /* Sanitize the optional input */ -+ if ((input == NULL) && (input_length != 0)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ {.base = psa_ptr_const_to_u32(input), .len = input_length} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)} -+ }; -+ -+ size_t in_len = IOVEC_LEN(in_vec); -+ -+ if (input == NULL) { -+ in_len--; -+ } -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ return status; - } - - static inline psa_status_t crypto_caller_aead_update( -@@ -210,7 +335,38 @@ static inline psa_status_t crypto_caller_aead_update( - size_t output_size, - size_t *output_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID, -+ .op_handle = op_handle, -+ }; -+ -+ /* Sanitize the optional input */ -+ if ((input == NULL) && (input_length != 0)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ {.base = psa_ptr_const_to_u32(input), .len = input_length} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, -+ {.base = psa_ptr_const_to_u32(output), .len = output_size}, -+ }; -+ -+ size_t in_len = IOVEC_LEN(in_vec); -+ -+ if (input == NULL) { -+ in_len--; -+ } -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[1].len; -+ return status; - } - - static inline psa_status_t crypto_caller_aead_finish( -@@ -223,7 +379,48 @@ static inline psa_status_t crypto_caller_aead_finish( - size_t tag_size, - size_t *tag_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID, -+ .op_handle = op_handle, -+ }; -+ -+ /* Sanitize the optional output */ -+ if ((aeadtext == NULL) && (aeadtext_size != 0)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, -+ {.base = psa_ptr_const_to_u32(tag), .len = tag_size}, -+ {.base = psa_ptr_const_to_u32(aeadtext), .len = aeadtext_size} -+ }; -+ -+ size_t out_len = IOVEC_LEN(out_vec); -+ -+ if (aeadtext == NULL || aeadtext_size == 0) { -+ out_len--; -+ } -+ if ((out_len == 3) && (aeadtext_length == NULL)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, out_len); -+ -+ *tag_length = out_vec[1].len; -+ -+ if (out_len == 3) { -+ *aeadtext_length = out_vec[2].len; -+ } else { -+ *aeadtext_length = 0; -+ } -+ return status; - } - - static inline psa_status_t crypto_caller_aead_verify( -@@ -235,14 +432,94 @@ static inline psa_status_t crypto_caller_aead_verify( - const uint8_t *tag, - size_t tag_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID, -+ .op_handle = op_handle, -+ }; -+ -+ /* Sanitize the optional output */ -+ if ((plaintext == NULL) && (plaintext_size != 0)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ {.base = psa_ptr_const_to_u32(tag), .len = tag_length} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, -+ {.base = psa_ptr_const_to_u32(plaintext), .len = plaintext_size}, -+ }; -+ -+ size_t out_len = IOVEC_LEN(out_vec); -+ -+ if (plaintext == NULL || plaintext_size == 0) { -+ out_len--; -+ } -+ if ((out_len == 2) && (plaintext_length == NULL)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, out_len); -+ -+ if (out_len == 2) { -+ *plaintext_length = out_vec[1].len; -+ } else { -+ *plaintext_length = 0; -+ } -+ return status; - } - - static inline psa_status_t crypto_caller_aead_abort( - struct service_client *context, - uint32_t op_handle) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID, -+ .op_handle = op_handle, -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ return status; -+} -+ -+static inline size_t crypto_caller_aead_max_update_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the mac_update operation -+ * using the packed-c encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = iov_size; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; -+} -+ -+static inline size_t crypto_caller_aead_max_update_ad_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the mac_update operation -+ * using the packed-c encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = iov_size; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; - } - - #ifdef __cplusplus -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -index 71d88ced..e4a2b167 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -@@ -57,6 +57,41 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex - return status; - } - -+static inline psa_status_t crypto_caller_sign_message(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, -+ size_t hash_length, -+ uint8_t *signature, -+ size_t signature_size, -+ size_t *signature_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID, -+ .key_id = id, -+ .alg = alg, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(hash), .len = hash_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(signature), .len = signature_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *signature_length = out_vec[0].len; -+ -+ return status; -+} -+ -+ -+ - #ifdef __cplusplus - } - #endif -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -index e16f6e54..cc9279ee 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -@@ -24,19 +24,20 @@ - extern "C" { - #endif - --static inline psa_status_t crypto_caller_verify_hash(struct service_client *context, -+static inline psa_status_t crypto_caller_common(struct service_client *context, - psa_key_id_t id, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - const uint8_t *signature, -- size_t signature_length) -+ size_t signature_length, -+ uint32_t sfn_id) - { - struct service_client *ipc = context; - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_VERIFY_HASH_SID, -+ .sfn_id = sfn_id, - .key_id = id, - .alg = alg, - }; -@@ -52,6 +53,32 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont - return status; - } - -+static inline psa_status_t crypto_caller_verify_hash(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, -+ size_t hash_length, -+ const uint8_t *signature, -+ size_t signature_length) -+{ -+ -+ return crypto_caller_common(context,id,alg,hash,hash_length, -+ signature,signature_length, TFM_CRYPTO_VERIFY_HASH_SID); -+} -+ -+static inline psa_status_t crypto_caller_verify_message(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, -+ size_t hash_length, -+ const uint8_t *signature, -+ size_t signature_length) -+{ -+ -+ return crypto_caller_common(context,id,alg,hash,hash_length, -+ signature,signature_length, TFM_CRYPTO_VERIFY_MESSAGE_SID); -+} -+ - #ifdef __cplusplus - } - #endif diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0046-Fix-update-psa_set_key_usage_flags-definition-to-the.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0046-Fix-update-psa_set_key_usage_flags-definition-to-the.patch deleted file mode 100644 index 4bd846d2..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0046-Fix-update-psa_set_key_usage_flags-definition-to-the.patch +++ /dev/null @@ -1,40 +0,0 @@ -From a037ef21c0334117ad0741776a4b7b6e1a428d19 Mon Sep 17 00:00:00 2001 -From: Satish Kumar -Date: Mon, 14 Feb 2022 17:52:00 +0000 -Subject: [PATCH] Fix : update psa_set_key_usage_flags definition to the latest - from the tf-m - -Signed-off-by: Satish Kumar - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras - - ---- - components/service/crypto/include/psa/crypto_struct.h | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/components/service/crypto/include/psa/crypto_struct.h b/components/service/crypto/include/psa/crypto_struct.h -index 1bc55e37..b4a7ed4b 100644 ---- a/components/service/crypto/include/psa/crypto_struct.h -+++ b/components/service/crypto/include/psa/crypto_struct.h -@@ -155,9 +155,19 @@ static inline psa_key_lifetime_t psa_get_key_lifetime( - return( attributes->lifetime ); - } - -+static inline void psa_extend_key_usage_flags( psa_key_usage_t *usage_flags ) -+{ -+ if( *usage_flags & PSA_KEY_USAGE_SIGN_HASH ) -+ *usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE; -+ -+ if( *usage_flags & PSA_KEY_USAGE_VERIFY_HASH ) -+ *usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE; -+} -+ - static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes, - psa_key_usage_t usage_flags) - { -+ psa_extend_key_usage_flags( &usage_flags ); - attributes->usage = usage_flags; - } - diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0047-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0047-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch deleted file mode 100644 index 4ad4be00..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0047-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch +++ /dev/null @@ -1,120 +0,0 @@ -From 55463b12cca39d2c6a3fd18bbd3d28ae95dff8cf Mon Sep 17 00:00:00 2001 -From: Satish Kumar -Date: Mon, 14 Feb 2022 08:22:25 +0000 -Subject: [PATCH] Fixes in AEAD for psa-arch test 54 and 58. - -Signed-off-by: Satish Kumar - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras - - ---- - .../crypto/client/caller/packed-c/crypto_caller_aead.h | 1 + - components/service/crypto/include/psa/crypto_sizes.h | 2 +- - .../crypto/provider/extension/aead/aead_provider.c | 8 ++++++-- - .../extension/aead/serializer/aead_provider_serializer.h | 1 + - .../packed-c/packedc_aead_provider_serializer.c | 2 ++ - protocols/service/crypto/packed-c/aead.h | 1 + - 6 files changed, 12 insertions(+), 3 deletions(-) - -diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h -index c4ffb20c..a91f66c1 100644 ---- a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h -+++ b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h -@@ -309,6 +309,7 @@ static inline psa_status_t crypto_caller_aead_update(struct service_client *cont - size_t req_len = req_fixed_len; - - *output_length = 0; -+ req_msg.output_size = output_size; - req_msg.op_handle = op_handle; - - /* Mandatory input data parameter */ -diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h -index 4d7bf6e9..e3c4df29 100644 ---- a/components/service/crypto/include/psa/crypto_sizes.h -+++ b/components/service/crypto/include/psa/crypto_sizes.h -@@ -351,7 +351,7 @@ - * just the largest size that may be generated by - * #psa_aead_generate_nonce(). - */ --#define PSA_AEAD_NONCE_MAX_SIZE 12 -+#define PSA_AEAD_NONCE_MAX_SIZE 16 - - /** A sufficient output buffer size for psa_aead_update(). - * -diff --git a/components/service/crypto/provider/extension/aead/aead_provider.c b/components/service/crypto/provider/extension/aead/aead_provider.c -index 14a25436..6b144db8 100644 ---- a/components/service/crypto/provider/extension/aead/aead_provider.c -+++ b/components/service/crypto/provider/extension/aead/aead_provider.c -@@ -283,10 +283,11 @@ static rpc_status_t aead_update_handler(void *context, struct call_req *req) - uint32_t op_handle; - const uint8_t *input; - size_t input_len; -+ uint32_t recv_output_size; - - if (serializer) - rpc_status = serializer->deserialize_aead_update_req(req_buf, &op_handle, -- &input, &input_len); -+ &recv_output_size, &input, &input_len); - - if (rpc_status == TS_RPC_CALL_ACCEPTED) { - -@@ -300,9 +301,12 @@ static rpc_status_t aead_update_handler(void *context, struct call_req *req) - if (crypto_context) { - - size_t output_len = 0; -- size_t output_size = PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_len); -+ size_t output_size = PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(24); - uint8_t *output = malloc(output_size); - -+ if (recv_output_size < output_size) { -+ output_size = recv_output_size; -+ } - if (output) { - - psa_status = psa_aead_update(&crypto_context->op.aead, -diff --git a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h -index bb1a2a97..0156aaba 100644 ---- a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h -+++ b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h -@@ -51,6 +51,7 @@ struct aead_provider_serializer { - /* Operation: aead_update */ - rpc_status_t (*deserialize_aead_update_req)(const struct call_param_buf *req_buf, - uint32_t *op_handle, -+ uint32_t *output_size, - const uint8_t **input, size_t *input_len); - - rpc_status_t (*serialize_aead_update_resp)(struct call_param_buf *resp_buf, -diff --git a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c -index 6f00b3e3..45c739ab 100644 ---- a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c -+++ b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c -@@ -192,6 +192,7 @@ static rpc_status_t deserialize_aead_update_ad_req(const struct call_param_buf * - /* Operation: aead_update */ - static rpc_status_t deserialize_aead_update_req(const struct call_param_buf *req_buf, - uint32_t *op_handle, -+ uint32_t *output_size, - const uint8_t **input, size_t *input_len) - { - rpc_status_t rpc_status = TS_RPC_ERROR_INVALID_REQ_BODY; -@@ -208,6 +209,7 @@ static rpc_status_t deserialize_aead_update_req(const struct call_param_buf *req - memcpy(&recv_msg, req_buf->data, expected_fixed_len); - - *op_handle = recv_msg.op_handle; -+ *output_size = recv_msg.output_size; - - tlv_const_iterator_begin(&req_iter, - (uint8_t*)req_buf->data + expected_fixed_len, -diff --git a/protocols/service/crypto/packed-c/aead.h b/protocols/service/crypto/packed-c/aead.h -index 0be266b5..435fd3b5 100644 ---- a/protocols/service/crypto/packed-c/aead.h -+++ b/protocols/service/crypto/packed-c/aead.h -@@ -98,6 +98,7 @@ enum - struct __attribute__ ((__packed__)) ts_crypto_aead_update_in - { - uint32_t op_handle; -+ uint32_t output_size; - }; - - /* Variable length input parameter tags */ diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0048-Fix-UEFI-get_variable-with-small-buffer.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0048-Fix-UEFI-get_variable-with-small-buffer.patch deleted file mode 100644 index e4573a51..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0048-Fix-UEFI-get_variable-with-small-buffer.patch +++ /dev/null @@ -1,407 +0,0 @@ -Upstream-Status: Pending -Signed-off-by: Gowtham Suresh Kumar - -From 2d975e5ec5df6f81d6c35fe927f72d49181142f8 Mon Sep 17 00:00:00 2001 -From: Julian Hall -Date: Tue, 19 Jul 2022 12:43:30 +0100 -Subject: [PATCH] Fix UEFI get_variable with small buffer - -The handling of the UEFI get_variable operation was incorrect when -a small or zero data length was specified by a requester. A zero -length data length is a legitimate way to discover the size of a -variable without actually retrieving its data. This change adds -test cases that reproduce the problem and a fix. - -Signed-off-by: Julian Hall -Change-Id: Iec087fbf9305746d1438888e871602ec0ce15824 ---- - .../backend/test/variable_store_tests.cpp | 60 ++++++++++++++++-- - .../backend/uefi_variable_store.c | 46 +++++++++++--- - .../client/cpp/smm_variable_client.cpp | 33 +++++----- - .../client/cpp/smm_variable_client.h | 8 ++- - .../provider/smm_variable_provider.c | 2 +- - .../service/smm_variable_service_tests.cpp | 62 +++++++++++++++++++ - 6 files changed, 179 insertions(+), 32 deletions(-) - -diff --git a/components/service/smm_variable/backend/test/variable_store_tests.cpp b/components/service/smm_variable/backend/test/variable_store_tests.cpp -index 235642e6..98faf761 100644 ---- a/components/service/smm_variable/backend/test/variable_store_tests.cpp -+++ b/components/service/smm_variable/backend/test/variable_store_tests.cpp -@@ -128,7 +128,8 @@ TEST_GROUP(UefiVariableStoreTests) - - efi_status_t get_variable( - const std::wstring &name, -- std::string &data) -+ std::string &data, -+ size_t data_len_clamp = VARIABLE_BUFFER_SIZE) - { - std::vector var_name = to_variable_name(name); - size_t name_size = var_name.size() * sizeof(int16_t); -@@ -144,21 +145,40 @@ TEST_GROUP(UefiVariableStoreTests) - access_variable->NameSize = name_size; - memcpy(access_variable->Name, var_name.data(), name_size); - -- access_variable->DataSize = 0; -+ size_t max_data_len = (data_len_clamp == VARIABLE_BUFFER_SIZE) ? -+ VARIABLE_BUFFER_SIZE - -+ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(access_variable) : -+ data_len_clamp; -+ -+ access_variable->DataSize = max_data_len; - - efi_status_t status = uefi_variable_store_get_variable( - &m_uefi_variable_store, - access_variable, -- VARIABLE_BUFFER_SIZE - -- SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(access_variable), -+ max_data_len, - &total_size); - -+ data.clear(); -+ - if (status == EFI_SUCCESS) { - - const char *data_start = (const char*)(msg_buffer + - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(access_variable)); - - data = std::string(data_start, access_variable->DataSize); -+ -+ UNSIGNED_LONGLONGS_EQUAL( -+ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_TOTAL_SIZE(access_variable), -+ total_size); -+ } -+ else if (status == EFI_BUFFER_TOO_SMALL) { -+ -+ /* String length set to reported variable length */ -+ data.insert(0, access_variable->DataSize, '!'); -+ -+ UNSIGNED_LONGLONGS_EQUAL( -+ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(access_variable), -+ total_size); - } - - return status; -@@ -336,6 +356,38 @@ TEST(UefiVariableStoreTests, persistentSetGet) - LONGS_EQUAL(0, input_data.compare(output_data)); - } - -+TEST(UefiVariableStoreTests, getWithSmallBuffer) -+{ -+ efi_status_t status = EFI_SUCCESS; -+ std::wstring var_name = L"test_variable"; -+ std::string input_data = "quick brown fox"; -+ std::string output_data; -+ -+ /* A get with a zero length buffer is a legitimate way to -+ * discover the variable size. This test performs GetVariable -+ * operations with various buffer small buffer sizes. */ -+ status = set_variable(var_name, input_data, 0); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -+ -+ /* First get the variable without a constrained buffer */ -+ status = get_variable(var_name, output_data); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -+ -+ /* Expect got variable data to be the same as the set value */ -+ UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); -+ LONGS_EQUAL(0, input_data.compare(output_data)); -+ -+ /* Now try with a zero length buffer */ -+ status = get_variable(var_name, output_data, 0); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, status); -+ UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); -+ -+ /* Try with a non-zero length but too small buffer */ -+ status = get_variable(var_name, output_data, input_data.size() -1); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, status); -+ UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); -+} -+ - TEST(UefiVariableStoreTests, removeVolatile) - { - efi_status_t status = EFI_SUCCESS; -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index e8771c21..90d648de 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - * -@@ -294,7 +294,10 @@ efi_status_t uefi_variable_store_get_variable( - - status = load_variable_data(context, info, var, max_data_len); - var->Attributes = info->metadata.attributes; -- *total_length = SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_TOTAL_SIZE(var); -+ -+ *total_length = (status == EFI_SUCCESS) ? -+ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_TOTAL_SIZE(var) : -+ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(var); - } - } - -@@ -682,7 +685,6 @@ static efi_status_t load_variable_data( - { - EMSG("In func %s\n", __func__); - psa_status_t psa_status = PSA_SUCCESS; -- size_t data_len = 0; - uint8_t *data = (uint8_t*)var + - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(var); - -@@ -692,17 +694,41 @@ static efi_status_t load_variable_data( - - if (delegate_store->storage_backend) { - -- psa_status = delegate_store->storage_backend->interface->get( -+ struct psa_storage_info_t storage_info; -+ -+ psa_status = delegate_store->storage_backend->interface->get_info( - delegate_store->storage_backend->context, - context->owner_id, - info->metadata.uid, -- 0, -- max_data_len, -- data, -- &data_len); -- EMSG("In func %s get status is %d\n", __func__, psa_status); -+ &storage_info); -+ -+ if (psa_status == PSA_SUCCESS) { - -- var->DataSize = data_len; -+ size_t get_limit = (var->DataSize < max_data_len) ? -+ var->DataSize : -+ max_data_len; -+ -+ if (get_limit >= storage_info.size) { -+ -+ size_t got_len = 0; -+ -+ psa_status = delegate_store->storage_backend->interface->get( -+ delegate_store->storage_backend->context, -+ context->owner_id, -+ info->metadata.uid, -+ 0, -+ max_data_len, -+ data, -+ &got_len); -+ -+ var->DataSize = got_len; -+ } -+ else { -+ -+ var->DataSize = storage_info.size; -+ psa_status = PSA_ERROR_BUFFER_TOO_SMALL; -+ } -+ } - } - - return psa_to_efi_storage_status(psa_status); -diff --git a/components/service/smm_variable/client/cpp/smm_variable_client.cpp b/components/service/smm_variable/client/cpp/smm_variable_client.cpp -index 8438285b..b6b4ed90 100644 ---- a/components/service/smm_variable/client/cpp/smm_variable_client.cpp -+++ b/components/service/smm_variable/client/cpp/smm_variable_client.cpp -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -122,21 +122,22 @@ efi_status_t smm_variable_client::get_variable( - guid, - name, - data, -- 0); -+ 0, -+ MAX_VAR_DATA_SIZE); - } - - efi_status_t smm_variable_client::get_variable( - const EFI_GUID &guid, - const std::wstring &name, - std::string &data, -- size_t override_name_size) -+ size_t override_name_size, -+ size_t max_data_size) - { - efi_status_t efi_status = EFI_NOT_READY; - - std::vector var_name = to_variable_name(name); - size_t name_size = var_name.size() * sizeof(int16_t); -- size_t data_size = 0; -- size_t req_len = SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_SIZE(name_size, data_size); -+ size_t req_len = SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_SIZE(name_size, 0); - - rpc_call_handle call_handle; - uint8_t *req_buf; -@@ -154,7 +155,7 @@ efi_status_t smm_variable_client::get_variable( - - access_var->Guid = guid; - access_var->NameSize = name_size; -- access_var->DataSize = data_size; -+ access_var->DataSize = max_data_size; - - memcpy(access_var->Name, var_name.data(), name_size); - -@@ -168,26 +169,28 @@ efi_status_t smm_variable_client::get_variable( - - efi_status = opstatus; - -- if (efi_status == EFI_SUCCESS) { -- -- efi_status = EFI_PROTOCOL_ERROR; -+ if (resp_len >= SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET) { - -- if (resp_len >= SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET) { -+ access_var = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE*)resp_buf; -+ size_t data_size = access_var->DataSize; - -- access_var = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE*)resp_buf; -+ if (resp_len >= -+ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_TOTAL_SIZE(access_var)) { - -- if (resp_len >= -- SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_TOTAL_SIZE(access_var)) { -+ if (efi_status == EFI_SUCCESS) { - -- data_size = access_var->DataSize; - const char *data_start = (const char*) - &resp_buf[ - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(access_var)]; - - data.assign(data_start, data_size); -- efi_status = EFI_SUCCESS; - } - } -+ else if (efi_status == EFI_BUFFER_TOO_SMALL) { -+ -+ data.clear(); -+ data.insert(0, data_size, '!'); -+ } - } - } - else { -diff --git a/components/service/smm_variable/client/cpp/smm_variable_client.h b/components/service/smm_variable/client/cpp/smm_variable_client.h -index c7973916..3d2371a8 100644 ---- a/components/service/smm_variable/client/cpp/smm_variable_client.h -+++ b/components/service/smm_variable/client/cpp/smm_variable_client.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -56,7 +56,8 @@ public: - const EFI_GUID &guid, - const std::wstring &name, - std::string &data, -- size_t override_name_size); -+ size_t override_name_size, -+ size_t max_data_size = MAX_VAR_DATA_SIZE); - - /* Remove a variable */ - efi_status_t remove_variable( -@@ -113,6 +114,9 @@ public: - - - private: -+ -+ static const size_t MAX_VAR_DATA_SIZE = 65536; -+ - efi_status_t rpc_to_efi_status() const; - - static std::vector to_variable_name(const std::wstring &string); -diff --git a/components/service/smm_variable/provider/smm_variable_provider.c b/components/service/smm_variable/provider/smm_variable_provider.c -index 1f362c17..95c4fdc9 100644 ---- a/components/service/smm_variable/provider/smm_variable_provider.c -+++ b/components/service/smm_variable/provider/smm_variable_provider.c -@@ -165,7 +165,7 @@ static rpc_status_t get_variable_handler(void *context, struct call_req *req) - } - else { - -- /* Reponse buffer not big enough */ -+ /* Response buffer not big enough */ - efi_status = EFI_BAD_BUFFER_SIZE; - } - } -diff --git a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -index 38c08ebe..989a3e63 100644 ---- a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -+++ b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -@@ -284,6 +284,68 @@ TEST(SmmVariableServiceTests, setAndGetNv) - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); - } - -+TEST(SmmVariableServiceTests, getVarSize) -+{ -+ efi_status_t efi_status = EFI_SUCCESS; -+ std::wstring var_name = L"test_variable"; -+ std::string set_data = "UEFI variable data string"; -+ std::string get_data; -+ -+ efi_status = m_client->set_variable( -+ m_common_guid, -+ var_name, -+ set_data, -+ 0); -+ -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+ -+ /* Get with the data size set to zero. This is the standard way -+ * to discover the variable size. */ -+ efi_status = m_client->get_variable( -+ m_common_guid, -+ var_name, -+ get_data, -+ 0, 0); -+ -+ UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, efi_status); -+ UNSIGNED_LONGS_EQUAL(set_data.size(), get_data.size()); -+ -+ /* Expect remove to be permitted */ -+ efi_status = m_client->remove_variable(m_common_guid, var_name); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+} -+ -+TEST(SmmVariableServiceTests, getVarSizeNv) -+{ -+ efi_status_t efi_status = EFI_SUCCESS; -+ std::wstring var_name = L"test_variable"; -+ std::string set_data = "UEFI variable data string"; -+ std::string get_data; -+ -+ efi_status = m_client->set_variable( -+ m_common_guid, -+ var_name, -+ set_data, -+ EFI_VARIABLE_NON_VOLATILE); -+ -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+ -+ /* Get with the data size set to zero. This is the standard way -+ * to discover the variable size. */ -+ efi_status = m_client->get_variable( -+ m_common_guid, -+ var_name, -+ get_data, -+ 0, 0); -+ -+ UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, efi_status); -+ UNSIGNED_LONGS_EQUAL(set_data.size(), get_data.size()); -+ -+ /* Expect remove to be permitted */ -+ efi_status = m_client->remove_variable(m_common_guid, var_name); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+} -+ - TEST(SmmVariableServiceTests, enumerateStoreContents) - { - efi_status_t efi_status = EFI_SUCCESS; --- -2.17.1 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0049-Add-atomic-outline-to-fix-build-for-opemamp.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0049-Add-atomic-outline-to-fix-build-for-opemamp.patch deleted file mode 100644 index 649b9678..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0049-Add-atomic-outline-to-fix-build-for-opemamp.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 0d8394ee5c52e97e82ebe4641cf0d9ebcbe147ff Mon Sep 17 00:00:00 2001 -From: Rui Miguel Silva -Date: Tue, 6 Sep 2022 16:47:06 +0100 -Subject: [PATCH] Add atomic outline to fix build for opemamp - -Add memory model 5 atomic ouline support (_sync) to fix -missing symbol when compiling with recent gcc (12.2). - -Signed-off-by: Rui Miguel Silva - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Rui Miguel Silva ---- - deployments/se-proxy/opteesp/lse.S | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/deployments/se-proxy/opteesp/lse.S b/deployments/se-proxy/opteesp/lse.S -index 840683a6671a..8e466d65fc2b 100644 ---- a/deployments/se-proxy/opteesp/lse.S -+++ b/deployments/se-proxy/opteesp/lse.S -@@ -5,6 +5,7 @@ - - .text - .globl __aarch64_cas4_acq_rel -+.globl __aarch64_cas4_sync - - __aarch64_cas4_acq_rel: - mov w16, w0 -@@ -16,4 +17,12 @@ __aarch64_cas4_acq_rel: - cbnz w17, 0b - 1: ret - -+__aarch64_cas4_sync: -+ mov w16, w0 -+ ldxr w0, [x2] -+ cmp w0, w16 -+0: bne 1f - -+ stlxr w17, w1, [x2] -+ cbnz w17, 0b -+1: ret --- -2.37.3 - diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc b/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc index 9d1c3272..4098ea28 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc +++ b/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc @@ -1,128 +1,10 @@ -FILESEXTRAPATHS:prepend := "${THISDIR}/secure-partitions/corstone1000:" - -COMPATIBLE_MACHINE = "corstone1000" - -LIC_FILES_CHKSUM += "file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \ - file://../nanopb/LICENSE.txt;md5=9db4b73a55a3994384112efcdb37c01f \ - file://../openamp/LICENSE.md;md5=a8d8cf662ef6bf9936a1e1413585ecbf \ - file://../libmetal/LICENSE.md;md5=fe0b8a4beea8f0813b606d15a3df3d3c \ - file://../psa-arch-tests/LICENSE.md;md5=2a944942e1496af1886903d274dedb13 \ - " +FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:" SRC_URI:append = " \ - ${SRC_URI_MBEDTLS} ${SRC_URI_NANOPB} ${SRC_URI_OPENAMP} ${SRC_URI_LIBMETAL} ${SRC_URI_ARCH-TESTS}\ - file://0001-tools-cmake-common-applying-lowercase-project-conven.patch \ - file://0002-fix-EARLY_TA_PATHS-env-variable.patch \ - file://0003-se-proxy-dts-add-se-proxy-as-child-node.patch \ - file://0004-Update-mm-comm-buffer-region-in-dts-file.patch \ - file://0005-Configure-NV-storage-macro.patch \ - file://0006-Use-device-region.patch \ - file://0007-Add-openamp-to-SE-proxy-deployment.patch \ - file://0008-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch \ - file://0009-Add-openamp-rpc-caller.patch \ - file://0010-add-psa-client-definitions-for-ff-m.patch \ - file://0011-Add-common-service-component-to-ipc-support.patch \ - file://0012-Add-secure-storage-ipc-backend.patch \ - file://0013-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch \ - file://0014-Add-uefi-variable-append-write-support.patch \ - file://0015-Add-UEFI-variable-support-for-QueryVariableInfo.patch \ - file://0016-Add-uefi-test-deployment.patch \ - file://0017-Fix-interface-ID-parameter-setting-in-sp-ffarpc_call.patch \ - file://0018-Support-FFARPC-call-requests-with-no-shared-buffer.patch \ - file://0019-Run-psa-arch-test.patch \ - file://0020-Use-address-instead-of-pointers.patch \ - file://0021-Add-psa-ipc-attestation-to-se-proxy.patch \ - file://0022-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch \ - file://0023-add-psa-ipc-crypto-backend.patch \ - file://0024-Increase-SMM-gateway-UEFI-variable-macro-value.patch \ - file://0025-Add-stub-capsule-update-service-components.patch \ - file://0026-Add-logs-to-functions-in-SMM-gateway-SP.patch \ - file://0027-Configure-storage-size.patch \ - file://0028-Revert-Add-uefi-variable-append-write-support.patch \ - file://0029-Change-UID-of-variable-index-in-SMM.patch \ - file://0030-Add-missing-features-to-setVariable.patch \ - file://0031-Add-invalid-parameter-check-in-getNextVariableName.patch \ - file://0032-smm_gateway-add-checks-for-null-attributes.patch \ - file://0033-Enhance-mbedtls-fetch-process.patch \ - file://0034-Fix-format-specifier-in-logging_caller.patch \ - file://0035-Update-refspecs-for-mbedtls-and-psa-arch-tests-for-v.patch \ - file://0036-Separate-sign-verify-message-and-hash-operations.patch \ - file://0037-Add-defence-against-uninitialised-multi-part-transac.patch \ - file://0038-Integrate-AEAD-operation-support.patch \ - file://0039-Add-IV-generation-to-one-shot-cipher-operation.patch \ - file://0040-Fix-multi-part-termination-on-error.patch \ - file://0041-Abort-AEAD-operation-if-client-provided-buffer-is-to.patch \ - file://0042-Peg-to-updated-t_cose-version-fc3a4b2c.patch \ - file://0043-pass-sysroot_yocto.patch \ - file://0044-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch \ - file://0045-Integrate-remaining-psa-ipc-client-APIs.patch \ - file://0046-Fix-update-psa_set_key_usage_flags-definition-to-the.patch \ - file://0047-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch \ - file://0003-corstone1000-port-crypto-config.patch;patchdir=../psa-arch-tests \ - file://0048-Fix-UEFI-get_variable-with-small-buffer.patch \ - file://0049-Add-atomic-outline-to-fix-build-for-opemamp.patch \ - " - -SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=development;name=mbedtls;destsuffix=git/mbedtls" -SRCREV_mbedtls = "d65aeb37349ad1a50e0f6c9b694d4b5290d60e49" - -SRC_URI_NANOPB = "git://github.com/nanopb/nanopb.git;name=nanopb;protocol=https;branch=master;destsuffix=git/nanopb" -SRCREV_nanopb = "df0e92f474f9cca704fe2b31483f0b4d1b1715a4" - -SRC_URI_OPENAMP = "git://github.com/OpenAMP/open-amp.git;name=openamp;protocol=https;branch=main;destsuffix=git/openamp" -SRCREV_openamp = "347397decaa43372fc4d00f965640ebde042966d" - -SRC_URI_LIBMETAL = "git://github.com/OpenAMP/libmetal.git;name=libmetal;protocol=https;branch=main;destsuffix=git/libmetal" -SRCREV_libmetal = "f252f0e007fbfb8b3a52b1d5901250ddac96baad" - -SRC_URI_ARCH-TESTS = "git://github.com/bensze01/psa-arch-tests.git;name=psa-arch-tests;protocol=https;nobranch=1;destsuffix=git/psa-arch-tests" -SRCREV_psa-arch-tests = "5d1a87f9c0a82e1632a3145687b4c8d7cbbeed2d" - -TS_ENVIRONMENT_LINUX = "arm-linux" -TS_PLATFORM = "arm/corstone1000" -TS_ENVIRONMENT = "opteesp" -SP_PACKAGING_METHOD = "embedded" - -# Secure Enclave proxy secure partition -TS_DEPLOYMENTS += "'deployments/se-proxy/${TS_ENVIRONMENT}'" - -# smm-gateway secure partition -TS_DEPLOYMENTS += "'deployments/smm-gateway/${TS_ENVIRONMENT}'" - -PSA_API_TESTS = "deployments/psa-api-test/protected_storage/${TS_ENVIRONMENT_LINUX}" -PSA_API_TESTS += "deployments/psa-api-test/internal_trusted_storage/${TS_ENVIRONMENT_LINUX}" -PSA_API_TESTS += "deployments/psa-api-test/initial_attestation/${TS_ENVIRONMENT_LINUX}" -PSA_API_TESTS += "deployments/psa-api-test/crypto/${TS_ENVIRONMENT_LINUX}" - -# ffa-debugfs-mod provides arm_ffa_user.h needed by psa-arch-tests source-code -DEPENDS += "ffa-debugfs-mod" - -do_configure:append() { - for PSA_API_TEST in ${PSA_API_TESTS}; do - cmake \ - -DSYSROOT_YOCTO=${RECIPE_SYSROOT} \ - -S ${S}/$PSA_API_TEST -B "${B}/$PSA_API_TEST" - done -} - -do_compile:append() { - for PSA_API_TEST in ${PSA_API_TESTS}; do - cmake --build "${B}/$PSA_API_TEST" - done -} + file://0026-plat-add-corstone1000-platform-to-drivers-arm.patch \ + " -do_install:append() { - for PSA_API_TEST in ${PSA_API_TESTS}; do - install -d -m 0755 ${D}${libdir}/${PSA_API_TEST} - install -d -m 0755 ${D}${includedir}/${PSA_API_TEST} - psafile_fullpath=`ls ${B}/${PSA_API_TEST}/psa-*` - psafile_filename="`basename -s .bin ${psafile_fullpath}`" - install -D -p -m 0755 ${psafile_fullpath} ${D}/${bindir}/${psafile_filename} - done - cp -rf ${B}/${PSA_API_TEST}/libts_install/arm-linux/lib/*.so* ${D}/${libdir} -} -FILES:${PN}-dev = "${includedir}/deployments/psa-api-test/" -INSANE_SKIP:${PN}-psa-api-tests += "rpaths dev-so buildpaths" -PACKAGES += "${PN}-psa-api-tests" -FILES:${PN}-psa-api-tests = "${libdir} ${bindir}" +EXTRA_OECMAKE:append = "-DMM_COMM_BUFFER_ADDRESS="0x00000000 0x02000000" \ + -DMM_COMM_BUFFER_PAGE_COUNT="1" \ +" diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend new file mode 100644 index 00000000..8a37a281 --- /dev/null +++ b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend @@ -0,0 +1,4 @@ +MACHINE_TS_REQUIRE ?= "" +MACHINE_TS_REQUIRE:corstone1000 = "ts-corstone1000.inc" + +require ${MACHINE_TS_REQUIRE} diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend new file mode 100644 index 00000000..8a37a281 --- /dev/null +++ b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend @@ -0,0 +1,4 @@ +MACHINE_TS_REQUIRE ?= "" +MACHINE_TS_REQUIRE:corstone1000 = "ts-corstone1000.inc" + +require ${MACHINE_TS_REQUIRE} From patchwork Mon Oct 3 13:00:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Abdellatif El Khlifi X-Patchwork-Id: 13458 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6E1A9C4321E for ; Mon, 3 Oct 2022 13:01:24 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.55.1664802079761788145 for ; Mon, 03 Oct 2022 06:01:19 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: abdellatif.elkhlifi@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 3ED4216F8; Mon, 3 Oct 2022 06:01:26 -0700 (PDT) Received: from e121910.arm.com (unknown [10.57.65.67]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 2EB143F73B; Mon, 3 Oct 2022 06:01:18 -0700 (PDT) From: abdellatif.elkhlifi@arm.com To: meta-arm@lists.yoctoproject.org, Ross.Burton@arm.com, Vishnu.Banavath@arm.com Cc: nd@arm.com, Abdellatif El Khlifi Subject: [PATCH 07/12] arm-bsp/machine: corstone1000: disable pulling the kernel into the initramfs Date: Mon, 3 Oct 2022 14:00:46 +0100 Message-Id: <20221003130051.28934-8-abdellatif.elkhlifi@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> References: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 03 Oct 2022 13:01:24 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3901 From: Abdellatif El Khlifi exclude kernel-image-* packages from the rootfs Signed-off-by: Abdellatif El Khlifi --- meta-arm-bsp/conf/machine/include/corstone1000.inc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm-bsp/conf/machine/include/corstone1000.inc index fd659a4c..46361bba 100644 --- a/meta-arm-bsp/conf/machine/include/corstone1000.inc +++ b/meta-arm-bsp/conf/machine/include/corstone1000.inc @@ -57,6 +57,9 @@ INITRAMFS_IMAGE_BUNDLE ?= "1" #telling the build system which image is responsible of the generation of the initramfs rootfs INITRAMFS_IMAGE = "corstone1000-initramfs-image" +# prevent the kernel image from being included in the intramfs rootfs +PACKAGE_EXCLUDE = "kernel-image-*" + # enable this feature for kernel debugging # MACHINE_FEATURES += "corstone1000_kernel_debug" From patchwork Mon Oct 3 13:00:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Abdellatif El Khlifi X-Patchwork-Id: 13462 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6CACAC4332F for ; Mon, 3 Oct 2022 13:01:24 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web08.65.1664802081526227916 for ; Mon, 03 Oct 2022 06:01:21 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: abdellatif.elkhlifi@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E8358176A; Mon, 3 Oct 2022 06:01:27 -0700 (PDT) Received: from e121910.arm.com (unknown [10.57.65.67]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id BD08E3F73B; Mon, 3 Oct 2022 06:01:19 -0700 (PDT) From: abdellatif.elkhlifi@arm.com To: meta-arm@lists.yoctoproject.org, Ross.Burton@arm.com, Vishnu.Banavath@arm.com Cc: nd@arm.com, Abdellatif El Khlifi , Vishnu Banavath Subject: [PATCH 08/12] arm-bsp/trusted-services: corstone1000: add MHU-driver Date: Mon, 3 Oct 2022 14:00:47 +0100 Message-Id: <20221003130051.28934-9-abdellatif.elkhlifi@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> References: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 03 Oct 2022 13:01:24 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3902 From: Abdellatif El Khlifi Add an out of tree patch enabling MHU-driver Signed-off-by: Vishnu Banavath Signed-off-by: Abdellatif El Khlifi --- .../corstone1000/0027-Add-MHU-driver.patch | 1061 +++++++++++++++++ .../trusted-services/ts-corstone1000.inc | 1 + 2 files changed, 1062 insertions(+) create mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0027-Add-MHU-driver.patch diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0027-Add-MHU-driver.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0027-Add-MHU-driver.patch new file mode 100644 index 00000000..77be7f35 --- /dev/null +++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0027-Add-MHU-driver.patch @@ -0,0 +1,1061 @@ +From 9e6f16c236fbf5d8631ebc53a79c80b85042b736 Mon Sep 17 00:00:00 2001 +From: Vishnu Banavath +Date: Tue, 27 Sep 2022 18:47:36 +0100 +Subject: [PATCH 27/27] Add MHU driver + +This change is to add MHU driver. This is required to communicate +between cortex-A and cortex-M + +Signed-off-by: Vishnu Banavath +Signed-off-by: Abdellatif El Khlifi +Upstream-Status: Pending [Not submitted to upstream yet] +--- + .../drivers/arm/mhu_driver/component.cmake | 12 + + platform/drivers/arm/mhu_driver/mhu_v2.h | 391 ++++++++++++ + platform/drivers/arm/mhu_driver/mhu_v2_x.c | 602 ++++++++++++++++++ + .../providers/arm/corstone1000/platform.cmake | 3 + + 4 files changed, 1008 insertions(+) + create mode 100644 platform/drivers/arm/mhu_driver/component.cmake + create mode 100644 platform/drivers/arm/mhu_driver/mhu_v2.h + create mode 100644 platform/drivers/arm/mhu_driver/mhu_v2_x.c + +diff --git a/platform/drivers/arm/mhu_driver/component.cmake b/platform/drivers/arm/mhu_driver/component.cmake +new file mode 100644 +index 00000000..77a5a50b +--- /dev/null ++++ b/platform/drivers/arm/mhu_driver/component.cmake +@@ -0,0 +1,12 @@ ++#------------------------------------------------------------------------------- ++# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. ++# ++# SPDX-License-Identifier: BSD-3-Clause ++# ++#------------------------------------------------------------------------------- ++ ++# Add source files for using mhu driver ++target_sources(${TGT} ++ PRIVATE ++ "${CMAKE_CURRENT_LIST_DIR}/mhu_v2_x.c" ++) +diff --git a/platform/drivers/arm/mhu_driver/mhu_v2.h b/platform/drivers/arm/mhu_driver/mhu_v2.h +new file mode 100644 +index 00000000..2e4ba80f +--- /dev/null ++++ b/platform/drivers/arm/mhu_driver/mhu_v2.h +@@ -0,0 +1,391 @@ ++/* ++ * Copyright (c) 2021 Arm Limited ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++/** ++ * \file mhu_v2_x.h ++ * \brief Driver for Arm MHU v2.0 and v2.1 ++ */ ++ ++#ifndef __MHU_V2_X_H__ ++#define __MHU_V2_X_H__ ++ ++#include ++#include ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++#define MHU_2_X_INTR_NR2R_OFF (0x0u) ++#define MHU_2_X_INTR_R2NR_OFF (0x1u) ++#define MHU_2_1_INTR_CHCOMB_OFF (0x2u) ++ ++#define MHU_2_X_INTR_NR2R_MASK (0x1u << MHU_2_X_INTR_NR2R_OFF) ++#define MHU_2_X_INTR_R2NR_MASK (0x1u << MHU_2_X_INTR_R2NR_OFF) ++#define MHU_2_1_INTR_CHCOMB_MASK (0x1u << MHU_2_1_INTR_CHCOMB_OFF) ++ ++enum mhu_v2_x_frame_t { ++ MHU_V2_X_SENDER_FRAME = 0x0u, ++ MHU_V2_X_RECEIVER_FRAME = 0x1u, ++}; ++ ++enum mhu_v2_x_supported_revisions { ++ MHU_REV_READ_FROM_HW = 0, ++ MHU_REV_2_0, ++ MHU_REV_2_1, ++}; ++ ++struct mhu_v2_x_dev_t { ++ uint32_t base; ++ enum mhu_v2_x_frame_t frame; ++ uint32_t subversion; /*!< Hardware subversion: v2.X */ ++ bool is_initialized; /*!< Indicates if the MHU driver ++ * is initialized and enabled ++ */ ++}; ++ ++/** ++ * \brief MHU v2 error enumeration types. ++ */ ++enum mhu_v2_x_error_t { ++ MHU_V_2_X_ERR_NONE = 0, ++ MHU_V_2_X_ERR_NOT_INIT = -1, ++ MHU_V_2_X_ERR_ALREADY_INIT = -2, ++ MHU_V_2_X_ERR_UNSUPPORTED_VERSION = -3, ++ MHU_V_2_X_ERR_INVALID_ARG = -4, ++ MHU_V_2_X_ERR_GENERAL = -5 ++}; ++ ++/** ++ * \brief Initializes the driver ++ * ++ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t ++ * \param[in] rev MHU revision (if can't be identified from HW) ++ * ++ * Reads the MHU hardware version ++ * ++ * \return Returns mhu_v2_x_error_t error code ++ * ++ * \note MHU revision only has to be specified when versions can't be read ++ * from HW (ARCH_MAJOR_REV reg reads as 0x0). ++ * ++ * \note This function doesn't check if dev is NULL. ++ */ ++enum mhu_v2_x_error_t mhu_v2_x_driver_init(struct mhu_v2_x_dev_t *dev, ++ enum mhu_v2_x_supported_revisions rev); ++ ++/** ++ * \brief Returns the number of channels implemented. ++ * ++ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t ++ * ++ * Returns the number of channels implemented. ++ * ++ * \return Returns the number of channels implemented. ++ * ++ * \note This function doesn't check if dev is NULL. ++ */ ++uint32_t mhu_v2_x_get_num_channel_implemented( ++ const struct mhu_v2_x_dev_t *dev); ++ ++/** ++ * \brief Sends the value over a channel. ++ * ++ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t ++ * \param[in] channel Channel to send the value over. ++ * \param[in] val Value to send. ++ * ++ * Sends the value over a channel. ++ * ++ * \return Returns mhu_v2_x_error_t error code ++ * ++ * \note This function doesn't check if dev is NULL. ++ * \note This function doesn't check if channel is implemented. ++ */ ++enum mhu_v2_x_error_t mhu_v2_x_channel_send(const struct mhu_v2_x_dev_t *dev, ++ uint32_t channel, uint32_t val); ++ ++/** ++ * \brief Clears the channel after the value is send over it. ++ * ++ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t ++ * \param[in] channel Channel to clear. ++ * ++ * Clears the channel after the value is send over it. ++ * ++ * \return Returns mhu_v2_x_error_t error code ++ * ++ * \note This function doesn't check if dev is NULL. ++ * \note This function doesn't check if channel is implemented. ++ */ ++enum mhu_v2_x_error_t mhu_v2_x_channel_clear(const struct mhu_v2_x_dev_t *dev, ++ uint32_t channel); ++ ++/** ++ * \brief Receives the value over a channel. ++ * ++ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t ++ * \param[in] channel Channel to receive the value from. ++ * \param[out] value Pointer to variable that will store the value. ++ * ++ * Receives the value over a channel. ++ * ++ * \return Returns mhu_v2_x_error_t error code ++ * ++ * \note This function doesn't check if dev is NULL. ++ * \note This function doesn't check if channel is implemented. ++ */ ++enum mhu_v2_x_error_t mhu_v2_x_channel_receive( ++ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t *value); ++ ++/** ++ * \brief Sets bits in the Channel Mask. ++ * ++ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t ++ * \param[in] channel Which channel's mask to set. ++ * \param[in] mask Mask to be set over a receiver frame. ++ * ++ * Sets bits in the Channel Mask. ++ * ++ * \return Returns mhu_v2_x_error_t error code ++ * ++ * \note This function doesn't check if dev is NULL. ++ * \note This function doesn't check if channel is implemented. ++ */ ++enum mhu_v2_x_error_t mhu_v2_x_channel_mask_set( ++ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask); ++ ++/** ++ * \brief Clears bits in the Channel Mask. ++ * ++ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t ++ * \param[in] channel Which channel's mask to clear. ++ * \param[in] mask Mask to be clear over a receiver frame. ++ * ++ * Clears bits in the Channel Mask. ++ * ++ * \return Returns mhu_v2_x_error_t error code ++ * ++ * \note This function doesn't check if dev is NULL. ++ * \note This function doesn't check if channel is implemented. ++ */ ++enum mhu_v2_x_error_t mhu_v2_x_channel_mask_clear( ++ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask); ++ ++/** ++ * \brief Enables the Channel interrupt. ++ * ++ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t ++ * \param[in] channel Which channel's interrupt to enable. ++ * ++ * Enables the Channel clear interrupt. ++ * ++ * \return Returns mhu_v2_x_error_t error code ++ * ++ * \note This function doesn't check if dev is NULL. ++ * \note This function doesn't check if channel is implemented. ++ */ ++enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_enable( ++ const struct mhu_v2_x_dev_t *dev, uint32_t channel); ++ ++/** ++ * \brief Disables the Channel interrupt. ++ * ++ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t ++ * \param[in] channel Which channel's interrupt to disable. ++ * ++ * Disables the Channel interrupt. ++ * ++ * \return Returns mhu_v2_x_error_t error code ++ * ++ * \note This function doesn't check if dev is NULL. ++ * \note This function doesn't check if channel is implemented. ++ */ ++enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_disable( ++ const struct mhu_v2_x_dev_t *dev, uint32_t channel); ++ ++/** ++ * \brief Cleares the Channel interrupt. ++ * ++ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t ++ * \param[in] channel Which channel's interrupt to clear. ++ * ++ * Cleares the Channel interrupt. ++ * ++ * \return Returns mhu_v2_x_error_t error code ++ * ++ * \note This function doesn't check if dev is NULL. ++ * \note This function doesn't check if channel is implemented. ++ */ ++enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_clear( ++ const struct mhu_v2_x_dev_t *dev, uint32_t channel); ++ ++/** ++ * \brief Initiates a MHU transfer with the handshake signals. ++ * ++ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t ++ * ++ * Initiates a MHU transfer with the handshake signals in a blocking mode. ++ * ++ * \return Returns mhu_v2_x_error_t error code ++ * ++ * \note This function doesn't check if dev is NULL. ++ */ ++enum mhu_v2_x_error_t mhu_v2_x_initiate_transfer( ++ const struct mhu_v2_x_dev_t *dev); ++ ++/** ++ * \brief Closes a MHU transfer with the handshake signals. ++ * ++ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t ++ * ++ * Closes a MHU transfer with the handshake signals in a blocking mode. ++ * ++ * \return Returns mhu_v2_x_error_t error code ++ * ++ * \note This function doesn't check if dev is NULL. ++ */ ++enum mhu_v2_x_error_t mhu_v2_x_close_transfer( ++ const struct mhu_v2_x_dev_t *dev); ++ ++/** ++ * \brief Returns the value of access request signal. ++ * ++ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t ++ * \param[out] val Pointer to variable that will store the value. ++ * ++ * For more information please read the MHU v2 user guide ++ * ++ * \return Returns mhu_v2_x_error_t error code ++ * ++ * \note This function doesn't check if dev is NULL. ++ */ ++enum mhu_v2_x_error_t mhu_v2_x_get_access_request( ++ const struct mhu_v2_x_dev_t *dev, uint32_t *val); ++ ++/** ++ * \brief Sets the value of access request signal to high. ++ * ++ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t ++ * ++ * For more information please read the MHU v2 user guide ++ * ++ * \return Returns mhu_v2_x_error_t error code ++ * ++ * \note This function doesn't check if dev is NULL. ++ */ ++enum mhu_v2_x_error_t mhu_v2_x_set_access_request( ++ const struct mhu_v2_x_dev_t *dev); ++ ++/** ++ * \brief Sets the value of access request signal to low. ++ * ++ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t ++ * ++ * For more information please read the MHU v2 user guide ++ * ++ * \return Returns mhu_v2_x_error_t error code ++ * ++ * \note This function doesn't check if dev is NULL. ++ */ ++enum mhu_v2_x_error_t mhu_v2_x_reset_access_request( ++ const struct mhu_v2_x_dev_t *dev); ++ ++/** ++ * \brief Returns the value of access ready signal. ++ * ++ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t ++ * \param[out] val Pointer to variable that will store the value. ++ * ++ * For more information please read the MHU v2 user guide ++ * ++ * \return Returns mhu_v2_x_error_t error code ++ * ++ * \note This function doesn't check if dev is NULL. ++ */ ++enum mhu_v2_x_error_t mhu_v2_x_get_access_ready( ++ const struct mhu_v2_x_dev_t *dev, uint32_t *val); ++ ++/** ++ * \brief Returns the MHU interrupt status. ++ * ++ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t ++ * ++ * \return Interrupt status register value. Masking is needed for individual ++ * interrupts. ++ * ++ * \note This function doesn't check if dev is NULL. ++ */ ++uint32_t mhu_v2_x_get_interrupt_status(const struct mhu_v2_x_dev_t *dev); ++ ++/** ++ * \brief Enables MHU interrupts. ++ * ++ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t ++ * \param[in] mask Bit mask for enabling/disabling interrupts ++ * ++ * \return Returns mhu_v2_x_error_t error code ++ * ++ * \note This function doesn't check if dev is NULL. ++ */ ++enum mhu_v2_x_error_t mhu_v2_x_interrupt_enable( ++ const struct mhu_v2_x_dev_t *dev, uint32_t mask); ++ ++/** ++ * \brief Disables MHU interrupts. ++ * ++ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t ++ * \param[in] mask Bit mask for enabling/disabling interrupts ++ * ++ * \return Returns mhu_v2_x_error_t error code ++ * ++ * \note This function doesn't check if dev is NULL. ++ */ ++enum mhu_v2_x_error_t mhu_v2_x_interrupt_disable( ++ const struct mhu_v2_x_dev_t *dev, uint32_t mask); ++ ++/** ++ * \brief Clears MHU interrupts. ++ * ++ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t ++ * \param[in] mask Bit mask for clearing interrupts ++ * ++ * \return Returns mhu_v2_x_error_t error code ++ * ++ * \note This function doesn't check if dev is NULL. ++ */ ++enum mhu_v2_x_error_t mhu_v2_x_interrupt_clear( ++ const struct mhu_v2_x_dev_t *dev, uint32_t mask); ++ ++/** ++ * \brief Returns the first channel number whose interrupt bit is high. ++ * ++ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t ++ * \param[out] channel Pointer to variable that will have the channel value. ++ * ++ * \return Returns the first channel number whose interrupt bit is high. ++ * \return Returns mhu_v2_x_error_t error code. ++ * ++ * \note This function doesn't check if dev is NULL. ++ */ ++enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num( ++ const struct mhu_v2_x_dev_t *dev, uint32_t *channel); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* __MHU_V2_X_H__ */ +diff --git a/platform/drivers/arm/mhu_driver/mhu_v2_x.c b/platform/drivers/arm/mhu_driver/mhu_v2_x.c +new file mode 100644 +index 00000000..01d8f659 +--- /dev/null ++++ b/platform/drivers/arm/mhu_driver/mhu_v2_x.c +@@ -0,0 +1,602 @@ ++/* ++ * Copyright (c) 2021 Arm Limited ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++#include ++#include ++#include "mhu_v2.h" ++ ++#define _MHU_V2_X_MAX_CHANNELS 124 ++#define _MHU_V2_1_MAX_CHCOMB_INT 4 ++#define ENABLE 0x1 ++#define DISABLE 0x0 ++#define CLEAR_INTR 0x1 ++#define CH_PER_CH_COMB 0x20 ++#define SEND_FRAME(p_mhu) ((struct _mhu_v2_x_send_frame_t *)p_mhu) ++#define RECV_FRAME(p_mhu) ((struct _mhu_v2_x_recv_frame_t *)p_mhu) ++ ++#define MHU_MAJOR_REV_V2 0x1u ++#define MHU_MINOR_REV_2_0 0x0u ++#define MHU_MINOR_REV_2_1 0x1u ++ ++struct _mhu_v2_x_send_ch_window_t { ++ /* Offset: 0x00 (R/ ) Channel Status */ ++ volatile uint32_t ch_st; ++ /* Offset: 0x04 (R/ ) Reserved */ ++ volatile uint32_t reserved_0; ++ /* Offset: 0x08 (R/ ) Reserved */ ++ volatile uint32_t reserved_1; ++ /* Offset: 0x0C ( /W) Channel Set */ ++ volatile uint32_t ch_set; ++ /* Offset: 0x10 (R/ ) Channel Interrupt Status (Reserved in 2.0) */ ++ volatile uint32_t ch_int_st; ++ /* Offset: 0x14 ( /W) Channel Interrupt Clear (Reserved in 2.0) */ ++ volatile uint32_t ch_int_clr; ++ /* Offset: 0x18 (R/W) Channel Interrupt Enable (Reserved in 2.0) */ ++ volatile uint32_t ch_int_en; ++ /* Offset: 0x1C (R/ ) Reserved */ ++ volatile uint32_t reserved_2; ++}; ++ ++struct _mhu_v2_x_send_frame_t { ++ /* Offset: 0x000 ( / ) Sender Channel Window 0 -123 */ ++ struct _mhu_v2_x_send_ch_window_t send_ch_window[_MHU_V2_X_MAX_CHANNELS]; ++ /* Offset: 0xF80 (R/ ) Message Handling Unit Configuration */ ++ volatile uint32_t mhu_cfg; ++ /* Offset: 0xF84 (R/W) Response Configuration */ ++ volatile uint32_t resp_cfg; ++ /* Offset: 0xF88 (R/W) Access Request */ ++ volatile uint32_t access_request; ++ /* Offset: 0xF8C (R/ ) Access Ready */ ++ volatile uint32_t access_ready; ++ /* Offset: 0xF90 (R/ ) Interrupt Status */ ++ volatile uint32_t int_st; ++ /* Offset: 0xF94 ( /W) Interrupt Clear */ ++ volatile uint32_t int_clr; ++ /* Offset: 0xF98 (R/W) Interrupt Enable */ ++ volatile uint32_t int_en; ++ /* Offset: 0xF9C (R/ ) Reserved */ ++ volatile uint32_t reserved_0; ++ /* Offset: 0xFA0 (R/W) Channel Combined Interrupt Stat (Reserved in 2.0) */ ++ volatile uint32_t ch_comb_int_st[_MHU_V2_1_MAX_CHCOMB_INT]; ++ /* Offset: ‭0xFC4‬ (R/ ) Reserved */ ++ volatile uint32_t reserved_1[6]; ++ /* Offset: 0xFC8 (R/ ) Implementer Identification Register */ ++ volatile uint32_t iidr; ++ /* Offset: 0xFCC (R/ ) Architecture Identification Register */ ++ volatile uint32_t aidr; ++ /* Offset: 0xFD0 (R/ ) */ ++ volatile uint32_t pid_1[4]; ++ /* Offset: 0xFE0 (R/ ) */ ++ volatile uint32_t pid_0[4]; ++ /* Offset: 0xFF0 (R/ ) */ ++ volatile uint32_t cid[4]; ++}; ++ ++struct _mhu_v2_x_rec_ch_window_t { ++ /* Offset: 0x00 (R/ ) Channel Status */ ++ volatile uint32_t ch_st; ++ /* Offset: 0x04 (R/ ) Channel Status Masked */ ++ volatile uint32_t ch_st_msk; ++ /* Offset: 0x08 ( /W) Channel Clear */ ++ volatile uint32_t ch_clr; ++ /* Offset: 0x0C (R/ ) Reserved */ ++ volatile uint32_t reserved_0; ++ /* Offset: 0x10 (R/ ) Channel Mask Status */ ++ volatile uint32_t ch_msk_st; ++ /* Offset: 0x14 ( /W) Channel Mask Set */ ++ volatile uint32_t ch_msk_set; ++ /* Offset: 0x18 ( /W) Channel Mask Clear */ ++ volatile uint32_t ch_msk_clr; ++ /* Offset: 0x1C (R/ ) Reserved */ ++ volatile uint32_t reserved_1; ++}; ++ ++struct _mhu_v2_x_recv_frame_t { ++ /* Offset: 0x000 ( / ) Receiver Channel Window 0 -123 */ ++ struct _mhu_v2_x_rec_ch_window_t rec_ch_window[_MHU_V2_X_MAX_CHANNELS]; ++ /* Offset: 0xF80 (R/ ) Message Handling Unit Configuration */ ++ volatile uint32_t mhu_cfg; ++ /* Offset: 0xF84 (R/ ) Reserved */ ++ volatile uint32_t reserved_0[3]; ++ /* Offset: 0xF90 (R/ ) Interrupt Status (Reserved in 2.0) */ ++ volatile uint32_t int_st; ++ /* Offset: 0xF94 (R/ ) Interrupt Clear (Reserved in 2.0) */ ++ volatile uint32_t int_clr; ++ /* Offset: 0xF98 (R/W) Interrupt Enable (Reserved in 2.0) */ ++ volatile uint32_t int_en; ++ /* Offset: 0xF9C (R/ ) Reserved */ ++ volatile uint32_t reserved_1; ++ /* Offset: 0xFA0 (R/ ) Channel Combined Interrupt Stat (Reserved in 2.0) */ ++ volatile uint32_t ch_comb_int_st[_MHU_V2_1_MAX_CHCOMB_INT]; ++ /* Offset: 0xFB0 (R/ ) Reserved */ ++ volatile uint32_t reserved_2[6]; ++ /* Offset: 0xFC8 (R/ ) Implementer Identification Register */ ++ volatile uint32_t iidr; ++ /* Offset: 0xFCC (R/ ) Architecture Identification Register */ ++ volatile uint32_t aidr; ++ /* Offset: 0xFD0 (R/ ) */ ++ volatile uint32_t pid_1[4]; ++ /* Offset: 0xFE0 (R/ ) */ ++ volatile uint32_t pid_0[4]; ++ /* Offset: 0xFF0 (R/ ) */ ++ volatile uint32_t cid[4]; ++}; ++ ++union _mhu_v2_x_frame_t { ++ struct _mhu_v2_x_send_frame_t send_frame; ++ struct _mhu_v2_x_recv_frame_t recv_frame; ++}; ++ ++enum mhu_v2_x_error_t mhu_v2_x_driver_init(struct mhu_v2_x_dev_t *dev, ++ enum mhu_v2_x_supported_revisions rev) ++{ ++ uint32_t AIDR = 0; ++ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; ++ ++ if (dev->is_initialized) { ++ return MHU_V_2_X_ERR_ALREADY_INIT; ++ } ++ ++ if (rev == MHU_REV_READ_FROM_HW) { ++ /* Read revision from HW */ ++ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) { ++ AIDR = p_mhu->recv_frame.aidr; ++ } else { ++ AIDR = p_mhu->send_frame.aidr; ++ } ++ ++ /* Get bits 7:4 to read major revision */ ++ if ( ((AIDR >> 4) & 0b1111) != MHU_MAJOR_REV_V2) { ++ /* Unsupported MHU version */ ++ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; ++ } /* No need to save major version, driver only supports MHUv2 */ ++ ++ /* Get bits 3:0 to read minor revision */ ++ dev->subversion = AIDR & 0b1111; ++ ++ if (dev->subversion != MHU_MINOR_REV_2_0 && ++ dev->subversion != MHU_MINOR_REV_2_1) { ++ /* Unsupported subversion */ ++ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; ++ } ++ } else { ++ /* Revisions were provided by caller */ ++ if (rev == MHU_REV_2_0) { ++ dev->subversion = MHU_MINOR_REV_2_0; ++ } else if (rev == MHU_REV_2_1) { ++ dev->subversion = MHU_MINOR_REV_2_1; ++ } else { ++ /* Unsupported subversion */ ++ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; ++ }/* No need to save major version, driver only supports MHUv2 */ ++ } ++ ++ dev->is_initialized = true; ++ ++ return MHU_V_2_X_ERR_NONE; ++} ++ ++uint32_t mhu_v2_x_get_num_channel_implemented(const struct mhu_v2_x_dev_t *dev) ++{ ++ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; ++ ++ if ( !(dev->is_initialized) ) { ++ return MHU_V_2_X_ERR_NOT_INIT; ++ } ++ ++ if(dev->frame == MHU_V2_X_SENDER_FRAME) { ++ return (SEND_FRAME(p_mhu))->mhu_cfg; ++ } else { ++ return (RECV_FRAME(p_mhu))->mhu_cfg; ++ } ++} ++ ++enum mhu_v2_x_error_t mhu_v2_x_channel_send(const struct mhu_v2_x_dev_t *dev, ++ uint32_t channel, uint32_t val) ++{ ++ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; ++ ++ if ( !(dev->is_initialized) ) { ++ return MHU_V_2_X_ERR_NOT_INIT; ++ } ++ ++ if(dev->frame == MHU_V2_X_SENDER_FRAME) { ++ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_set = val; ++ return MHU_V_2_X_ERR_NONE; ++ } else { ++ return MHU_V_2_X_ERR_INVALID_ARG; ++ } ++} ++ ++enum mhu_v2_x_error_t mhu_v2_x_channel_clear(const struct mhu_v2_x_dev_t *dev, ++ uint32_t channel) ++{ ++ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; ++ ++ if ( !(dev->is_initialized) ) { ++ return MHU_V_2_X_ERR_NOT_INIT; ++ } ++ ++ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) { ++ (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_clr = UINT32_MAX; ++ return MHU_V_2_X_ERR_NONE; ++ } else { ++ return MHU_V_2_X_ERR_INVALID_ARG; ++ } ++} ++ ++enum mhu_v2_x_error_t mhu_v2_x_channel_receive( ++ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t *value) ++{ ++ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; ++ ++ if ( !(dev->is_initialized) ) { ++ return MHU_V_2_X_ERR_NOT_INIT; ++ } ++ ++ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) { ++ *value = (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_st; ++ return MHU_V_2_X_ERR_NONE; ++ } else { ++ return MHU_V_2_X_ERR_INVALID_ARG; ++ } ++} ++ ++enum mhu_v2_x_error_t mhu_v2_x_channel_mask_set( ++ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask) ++{ ++ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; ++ ++ if ( !(dev->is_initialized) ) { ++ return MHU_V_2_X_ERR_NOT_INIT; ++ } ++ ++ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) { ++ (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_msk_set = mask; ++ return MHU_V_2_X_ERR_NONE; ++ } else { ++ return MHU_V_2_X_ERR_INVALID_ARG; ++ } ++} ++ ++enum mhu_v2_x_error_t mhu_v2_x_channel_mask_clear( ++ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask) ++{ ++ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; ++ ++ if ( !(dev->is_initialized) ) { ++ return MHU_V_2_X_ERR_NOT_INIT; ++ } ++ ++ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) { ++ (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_msk_clr = mask; ++ return MHU_V_2_X_ERR_NONE; ++ } else { ++ return MHU_V_2_X_ERR_INVALID_ARG; ++ } ++} ++ ++enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_enable( ++ const struct mhu_v2_x_dev_t *dev, uint32_t channel) ++{ ++ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; ++ ++ if ( !(dev->is_initialized) ) { ++ return MHU_V_2_X_ERR_NOT_INIT; ++ } ++ ++ if (dev->subversion == MHU_MINOR_REV_2_1) { ++ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; ++ } ++ ++ if(dev->frame == MHU_V2_X_SENDER_FRAME) { ++ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_en = ENABLE; ++ return MHU_V_2_X_ERR_NONE; ++ } else { ++ return MHU_V_2_X_ERR_INVALID_ARG; ++ } ++} ++ ++enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_disable( ++ const struct mhu_v2_x_dev_t *dev, uint32_t channel) ++{ ++ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; ++ ++ if ( !(dev->is_initialized) ) { ++ return MHU_V_2_X_ERR_NOT_INIT; ++ } ++ ++ if (dev->subversion == MHU_MINOR_REV_2_1) { ++ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; ++ } ++ ++ if(dev->frame == MHU_V2_X_SENDER_FRAME) { ++ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_en = DISABLE; ++ return MHU_V_2_X_ERR_NONE; ++ } else { ++ return MHU_V_2_X_ERR_INVALID_ARG; ++ } ++} ++ ++enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_clear( ++ const struct mhu_v2_x_dev_t *dev, uint32_t channel) ++{ ++ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; ++ ++ if ( !(dev->is_initialized) ) { ++ return MHU_V_2_X_ERR_NOT_INIT; ++ } ++ ++ if (dev->subversion == MHU_MINOR_REV_2_1) { ++ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; ++ } ++ ++ if(dev->frame == MHU_V2_X_SENDER_FRAME) { ++ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_clr = CLEAR_INTR; ++ return MHU_V_2_X_ERR_NONE; ++ } else { ++ return MHU_V_2_X_ERR_INVALID_ARG; ++ } ++} ++ ++enum mhu_v2_x_error_t mhu_v2_x_initiate_transfer( ++ const struct mhu_v2_x_dev_t *dev) ++{ ++ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; ++ ++ if ( !(dev->is_initialized) ) { ++ return MHU_V_2_X_ERR_NOT_INIT; ++ } ++ ++ if(dev->frame != MHU_V2_X_SENDER_FRAME) { ++ return MHU_V_2_X_ERR_INVALID_ARG; ++ } ++ ++ (SEND_FRAME(p_mhu))->access_request = ENABLE; ++ ++ while ( !((SEND_FRAME(p_mhu))->access_ready) ) { ++ /* Wait in a loop for access ready signal to be high */ ++ ; ++ } ++ ++ return MHU_V_2_X_ERR_NONE; ++} ++ ++enum mhu_v2_x_error_t mhu_v2_x_close_transfer(const struct mhu_v2_x_dev_t *dev) ++{ ++ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; ++ ++ if ( !(dev->is_initialized) ) { ++ return MHU_V_2_X_ERR_NOT_INIT; ++ } ++ ++ if(dev->frame != MHU_V2_X_SENDER_FRAME) { ++ return MHU_V_2_X_ERR_INVALID_ARG; ++ } ++ ++ (SEND_FRAME(p_mhu))->access_request = DISABLE; ++ ++ return MHU_V_2_X_ERR_NONE; ++} ++ ++enum mhu_v2_x_error_t mhu_v2_x_get_access_request( ++ const struct mhu_v2_x_dev_t *dev, uint32_t *val) ++{ ++ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; ++ ++ if ( !(dev->is_initialized) ) { ++ return MHU_V_2_X_ERR_NOT_INIT; ++ } ++ ++ if(dev->frame != MHU_V2_X_SENDER_FRAME) { ++ return MHU_V_2_X_ERR_INVALID_ARG; ++ } ++ ++ *val = (SEND_FRAME(p_mhu))->access_request; ++ ++ return MHU_V_2_X_ERR_NONE; ++} ++ ++enum mhu_v2_x_error_t mhu_v2_x_set_access_request( ++ const struct mhu_v2_x_dev_t *dev) ++{ ++ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; ++ ++ if ( !(dev->is_initialized) ) { ++ return MHU_V_2_X_ERR_NOT_INIT; ++ } ++ ++ if(dev->frame != MHU_V2_X_SENDER_FRAME) { ++ return MHU_V_2_X_ERR_INVALID_ARG; ++ } ++ ++ (SEND_FRAME(p_mhu))->access_request = ENABLE; ++ ++ return MHU_V_2_X_ERR_NONE; ++} ++ ++enum mhu_v2_x_error_t mhu_v2_x_reset_access_request( ++ const struct mhu_v2_x_dev_t *dev) ++{ ++ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; ++ ++ if ( !(dev->is_initialized) ) { ++ return MHU_V_2_X_ERR_NOT_INIT; ++ } ++ ++ if(dev->frame != MHU_V2_X_SENDER_FRAME) { ++ return MHU_V_2_X_ERR_INVALID_ARG; ++ } ++ ++ (SEND_FRAME(p_mhu))->access_request = DISABLE; ++ ++ return MHU_V_2_X_ERR_NONE; ++} ++ ++enum mhu_v2_x_error_t mhu_v2_x_get_access_ready( ++ const struct mhu_v2_x_dev_t *dev, uint32_t *val) ++{ ++ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; ++ ++ if ( !(dev->is_initialized) ) { ++ return MHU_V_2_X_ERR_NOT_INIT; ++ } ++ ++ if(dev->frame != MHU_V2_X_SENDER_FRAME) { ++ return MHU_V_2_X_ERR_INVALID_ARG; ++ } ++ ++ *val = (SEND_FRAME(p_mhu))->access_ready; ++ ++ return MHU_V_2_X_ERR_NONE; ++} ++ ++uint32_t mhu_v2_x_get_interrupt_status(const struct mhu_v2_x_dev_t *dev) ++{ ++ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; ++ ++ if ( !(dev->is_initialized) ) { ++ return MHU_V_2_X_ERR_NOT_INIT; ++ } ++ ++ if(dev->frame == MHU_V2_X_SENDER_FRAME) { ++ return (SEND_FRAME(p_mhu))->int_st; ++ } else { ++ return (RECV_FRAME(p_mhu))->int_st; ++ } ++} ++ ++enum mhu_v2_x_error_t mhu_v2_x_interrupt_enable( ++ const struct mhu_v2_x_dev_t *dev, uint32_t mask) ++{ ++ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; ++ ++ if ( !(dev->is_initialized) ) { ++ return MHU_V_2_X_ERR_NOT_INIT; ++ } ++ ++ if (dev->subversion == MHU_MINOR_REV_2_0) { ++ if (mask & MHU_2_1_INTR_CHCOMB_MASK) { ++ /* Combined channel IRQ is not present in v2.0 */ ++ return MHU_V_2_X_ERR_INVALID_ARG; ++ } ++ ++ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) { ++ /* Only sender frame has these registers */ ++ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; ++ } ++ } ++ ++ if(dev->frame == MHU_V2_X_SENDER_FRAME) { ++ (SEND_FRAME(p_mhu))->int_en |= mask; ++ } else { ++ (RECV_FRAME(p_mhu))->int_en |= mask; ++ } ++ ++ return MHU_V_2_X_ERR_NONE; ++} ++ ++enum mhu_v2_x_error_t mhu_v2_x_interrupt_disable( ++ const struct mhu_v2_x_dev_t *dev, uint32_t mask) ++{ ++ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; ++ ++ if ( !(dev->is_initialized) ) { ++ return MHU_V_2_X_ERR_NOT_INIT; ++ } ++ ++ if (dev->subversion == MHU_MINOR_REV_2_0) { ++ if (mask & MHU_2_1_INTR_CHCOMB_MASK) { ++ /* Combined channel IRQ is not present in v2.0 */ ++ return MHU_V_2_X_ERR_INVALID_ARG; ++ } ++ ++ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) { ++ /* Only sender frame has these registers */ ++ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; ++ } ++ } ++ ++ if(dev->frame == MHU_V2_X_SENDER_FRAME) { ++ (SEND_FRAME(p_mhu))->int_en &= ~mask; ++ } else { ++ (RECV_FRAME(p_mhu))->int_en &= ~mask; ++ } ++ ++ return MHU_V_2_X_ERR_NONE; ++} ++ ++enum mhu_v2_x_error_t mhu_v2_x_interrupt_clear( ++ const struct mhu_v2_x_dev_t *dev, uint32_t mask) ++{ ++ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; ++ ++ if ( !(dev->is_initialized) ) { ++ return MHU_V_2_X_ERR_NOT_INIT; ++ } ++ ++ if (dev->subversion == MHU_MINOR_REV_2_0) { ++ if (mask & MHU_2_1_INTR_CHCOMB_MASK) { ++ /* Combined channel IRQ is not present in v2.0 */ ++ return MHU_V_2_X_ERR_INVALID_ARG; ++ } ++ ++ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) { ++ /* Only sender frame has these registers */ ++ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; ++ } ++ } ++ ++ if(dev->frame == MHU_V2_X_SENDER_FRAME) { ++ (SEND_FRAME(p_mhu))->int_clr = mask; ++ } else { ++ (RECV_FRAME(p_mhu))->int_clr = mask; ++ } ++ ++ return MHU_V_2_X_ERR_NONE; ++} ++ ++enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num( ++ const struct mhu_v2_x_dev_t *dev, uint32_t *channel) ++{ ++ uint32_t i, j, status; ++ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base; ++ ++ if ( !(dev->is_initialized) ) { ++ return MHU_V_2_X_ERR_NOT_INIT; ++ } ++ ++ if (dev->subversion != MHU_MINOR_REV_2_1) { ++ /* Feature is only supported in MHU v2.1 */ ++ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION; ++ } ++ ++ for(i = 0; i < _MHU_V2_1_MAX_CHCOMB_INT; i++) { ++ if(dev->frame == MHU_V2_X_SENDER_FRAME) { ++ status = (SEND_FRAME(p_mhu))->ch_comb_int_st[i]; ++ } else { ++ status = (RECV_FRAME(p_mhu))->ch_comb_int_st[i]; ++ } ++ ++ for(j = 0; j < CH_PER_CH_COMB; j++) { ++ if ((status >> CH_PER_CH_COMB - j - 1) & (ENABLE)) { ++ *channel = (CH_PER_CH_COMB - j -1 + (i * CH_PER_CH_COMB)); ++ return MHU_V_2_X_ERR_NONE; ++ } ++ } ++ } ++ ++ return MHU_V_2_X_ERR_GENERAL; ++} +diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake +index 14a9f6b0..df9cab71 100644 +--- a/platform/providers/arm/corstone1000/platform.cmake ++++ b/platform/providers/arm/corstone1000/platform.cmake +@@ -6,6 +6,9 @@ + # Platform definition for the corstone1000 platform. + #------------------------------------------------------------------------------- + ++# include MHU driver ++include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake) ++ + target_compile_definitions(${TGT} PRIVATE + SMM_GATEWAY_NV_STORE_SN="sn:ffa:46bb39d1-b4d9-45b5-88ff-040027dab249:1" + ) +-- +2.17.1 + diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc b/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc index 4098ea28..12d300a0 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc +++ b/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc @@ -2,6 +2,7 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:" SRC_URI:append = " \ file://0026-plat-add-corstone1000-platform-to-drivers-arm.patch \ + file://0027-Add-MHU-driver.patch \ " From patchwork Mon Oct 3 13:00:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Abdellatif El Khlifi X-Patchwork-Id: 13460 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6BA21C433F5 for ; Mon, 3 Oct 2022 13:01:24 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.68.1664802083125071492 for ; Mon, 03 Oct 2022 06:01:23 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: abdellatif.elkhlifi@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 86B9716F8; Mon, 3 Oct 2022 06:01:29 -0700 (PDT) Received: from e121910.arm.com (unknown [10.57.65.67]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 8A9303F73B; Mon, 3 Oct 2022 06:01:21 -0700 (PDT) From: abdellatif.elkhlifi@arm.com To: meta-arm@lists.yoctoproject.org, Ross.Burton@arm.com, Vishnu.Banavath@arm.com Cc: nd@arm.com, Abdellatif El Khlifi Subject: [PATCH 09/12] arm-bsp/corstone1000-initramfs-image: add TS PSA API tests packages Date: Mon, 3 Oct 2022 14:00:48 +0100 Message-Id: <20221003130051.28934-10-abdellatif.elkhlifi@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> References: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 03 Oct 2022 13:01:24 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3903 From: Abdellatif El Khlifi Trusted Services PSA API tests commands allow testing the following SE Proxy services: crypto, its, ps and iat Signed-off-by: Abdellatif El Khlifi --- .../recipes-bsp/images/corstone1000-initramfs-image.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb b/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb index 1acf1bf4..46427b74 100644 --- a/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb +++ b/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb @@ -25,3 +25,6 @@ IMAGE_INSTALL += "optee-client" # external system linux userspace test application IMAGE_INSTALL += "corstone1000-external-sys-tests" + +# TS PSA API tests commands for crypto, its, ps and iat +IMAGE_INSTALL += "packagegroup-ts-tests-psa" From patchwork Mon Oct 3 13:00:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Abdellatif El Khlifi X-Patchwork-Id: 13466 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6C626C433F5 for ; Mon, 3 Oct 2022 13:01:34 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.56.1664802084733132177 for ; Mon, 03 Oct 2022 06:01:24 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: abdellatif.elkhlifi@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2580D16F8; Mon, 3 Oct 2022 06:01:31 -0700 (PDT) Received: from e121910.arm.com (unknown [10.57.65.67]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 338E43F73B; Mon, 3 Oct 2022 06:01:23 -0700 (PDT) From: abdellatif.elkhlifi@arm.com To: meta-arm@lists.yoctoproject.org, Ross.Burton@arm.com, Vishnu.Banavath@arm.com Cc: nd@arm.com, Abdellatif El Khlifi Subject: [PATCH 10/12] arm-bsp/linux: corstone1000: use arm-ffa machine feature Date: Mon, 3 Oct 2022 14:00:49 +0100 Message-Id: <20221003130051.28934-11-abdellatif.elkhlifi@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> References: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 03 Oct 2022 13:01:34 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3904 From: Abdellatif El Khlifi add arm-ffa machine feature which applies FF-A config fragment and kernel patch Signed-off-by: Abdellatif El Khlifi --- meta-arm-bsp/conf/machine/include/corstone1000.inc | 3 +++ meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig | 1 - meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm-bsp/conf/machine/include/corstone1000.inc index 46361bba..4334a5a8 100644 --- a/meta-arm-bsp/conf/machine/include/corstone1000.inc +++ b/meta-arm-bsp/conf/machine/include/corstone1000.inc @@ -57,6 +57,9 @@ INITRAMFS_IMAGE_BUNDLE ?= "1" #telling the build system which image is responsible of the generation of the initramfs rootfs INITRAMFS_IMAGE = "corstone1000-initramfs-image" +# add FF-A support in the kernel +MACHINE_FEATURES += "arm-ffa" + # prevent the kernel image from being included in the intramfs rootfs PACKAGE_EXCLUDE = "kernel-image-*" diff --git a/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig b/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig index 0cdd3fa4..3fe7a038 100644 --- a/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig +++ b/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig @@ -10,7 +10,6 @@ CONFIG_ARCH_VEXPRESS=y CONFIG_CMDLINE="console=ttyAMA0 loglevel=9" CONFIG_EFI=y # CONFIG_SUSPEND is not set -CONFIG_ARM_FFA_TRANSPORT=y CONFIG_EFI_BOOTLOADER_CONTROL=y CONFIG_EFI_CAPSULE_LOADER=y CONFIG_EFI_TEST=y diff --git a/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc b/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc index 4a6cc438..0d1017ac 100644 --- a/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc +++ b/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc @@ -32,6 +32,7 @@ KCONFIG_MODE:corstone500 = "--alldefconfig" # Corstone1000 KMACHINE # FILESEXTRAPATHS:prepend:corstone1000 := "${ARMBSPFILESPATHS}" +FILESEXTRAPATHS:prepend:corstone1000 := "${ARMFILESPATHS}" COMPATIBLE_MACHINE:corstone1000 = "${MACHINE}" KCONFIG_MODE:corstone1000 = "--alldefconfig" KMACHINE:corstone1000 = "corstone1000" From patchwork Mon Oct 3 13:00:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Abdellatif El Khlifi X-Patchwork-Id: 13464 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 67C5AC4332F for ; Mon, 3 Oct 2022 13:01:34 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web08.66.1664802086460604186 for ; Mon, 03 Oct 2022 06:01:26 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: abdellatif.elkhlifi@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E26F216F8; Mon, 3 Oct 2022 06:01:32 -0700 (PDT) Received: from e121910.arm.com (unknown [10.57.65.67]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id B56723F73B; Mon, 3 Oct 2022 06:01:24 -0700 (PDT) From: abdellatif.elkhlifi@arm.com To: meta-arm@lists.yoctoproject.org, Ross.Burton@arm.com, Vishnu.Banavath@arm.com Cc: nd@arm.com, Abdellatif El Khlifi Subject: [PATCH 11/12] arm/secure-partitions: drop use of the recipe Date: Mon, 3 Oct 2022 14:00:50 +0100 Message-Id: <20221003130051.28934-12-abdellatif.elkhlifi@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> References: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 03 Oct 2022 13:01:34 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3905 From: Abdellatif El Khlifi secure-partitions recipe is replaced with the new design of trusted services recipes. Signed-off-by: Abdellatif El Khlifi --- .../secure-partitions_%.bbappend | 4 - .../trusted-services/secure-partitions.inc | 27 ------- .../trusted-services/secure-partitions_git.bb | 74 ------------------- 3 files changed, 105 deletions(-) delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/secure-partitions_%.bbappend delete mode 100644 meta-arm/recipes-security/trusted-services/secure-partitions.inc delete mode 100644 meta-arm/recipes-security/trusted-services/secure-partitions_git.bb diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions_%.bbappend b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions_%.bbappend deleted file mode 100644 index 8a37a281..00000000 --- a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions_%.bbappend +++ /dev/null @@ -1,4 +0,0 @@ -MACHINE_TS_REQUIRE ?= "" -MACHINE_TS_REQUIRE:corstone1000 = "ts-corstone1000.inc" - -require ${MACHINE_TS_REQUIRE} diff --git a/meta-arm/recipes-security/trusted-services/secure-partitions.inc b/meta-arm/recipes-security/trusted-services/secure-partitions.inc deleted file mode 100644 index 1df7409c..00000000 --- a/meta-arm/recipes-security/trusted-services/secure-partitions.inc +++ /dev/null @@ -1,27 +0,0 @@ -LICENSE = "Apache-2.0 & BSD-3-Clause & Zlib" -LIC_FILES_CHKSUM = "file://license.rst;md5=ea160bac7f690a069c608516b17997f4" - -SRC_URI = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https;branch=integration;name=ts;destsuffix=git/ts" - -SRCREV_ts ?= "a365a04f937b9b76ebb2e0eeade226f208cbc0d2" - -S = "${WORKDIR}/git/ts" -B = "${WORKDIR}/build" - -export CROSS_COMPILE="${TARGET_PREFIX}" - -CFLAGS[unexport] = "1" -CPPFLAGS[unexport] = "1" -AS[unexport] = "1" -LD[unexport] = "1" - -# setting the linker options used to build the secure partitions -SECURITY_LDFLAGS = "" -TARGET_LDFLAGS = "-Wl,--build-id=none -Wl,--hash-style=both" - -do_configure[cleandirs] = "${B}" - -# Currently trusted-services and psa-arch-tests use FetchContent to download -# more sources during do_configure. Until this is resolved we need to allow -# network operations. -do_configure[network] = "1" diff --git a/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb b/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb deleted file mode 100644 index fca6d9d3..00000000 --- a/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb +++ /dev/null @@ -1,74 +0,0 @@ -SUMMARY = "Trusted Services secure partitions" -HOMEPAGE = "https://trusted-services.readthedocs.io/en/latest/index.html" - -COMPATIBLE_MACHINE ?= "invalid" - -PACKAGE_ARCH = "${MACHINE_ARCH}" - -require secure-partitions.inc - -SRCREV_FORMAT = "ts" -PV = "0.0+git${SRCPV}" - -# Which environment to create the secure partions for (opteesp or shim) -TS_ENVIRONMENT ?= "opteesp" - -inherit deploy python3native - -DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native \ - python3-pyelftools-native python3-grpcio-tools-native \ - python3-protobuf-native protobuf-native cmake-native \ - " - -DEPENDS:append = " ${@bb.utils.contains('TS_ENVIRONMENT', 'opteesp', 'optee-spdevkit', '', d)}" - -export CROSS_COMPILE="${TARGET_PREFIX}" - -CFLAGS[unexport] = "1" -CPPFLAGS[unexport] = "1" -AS[unexport] = "1" -LD[unexport] = "1" - -# only used if TS_ENVIRONMENT is opteesp -SP_DEV_KIT_DIR = "${@bb.utils.contains('TS_ENVIRONMENT', 'opteesp', '${STAGING_INCDIR}/optee/export-user_sp', '', d)}" - -# SP images are embedded into optee os image -SP_PACKAGING_METHOD ?= "embedded" - -do_configure() { - for TS_DEPLOYMENT in ${TS_DEPLOYMENTS}; do - cmake \ - -DCMAKE_INSTALL_PREFIX=${D}/firmware/sp \ - -DSP_DEV_KIT_DIR=${SP_DEV_KIT_DIR} \ - -DSP_PACKAGING_METHOD=${SP_PACKAGING_METHOD} \ - -DTS_PLATFORM="${TS_PLATFORM}" \ - -S ${S}/$TS_DEPLOYMENT -B "${B}/$TS_DEPLOYMENT" - done -} - -do_compile() { - for TS_DEPLOYMENT in ${TS_DEPLOYMENTS}; do - cmake --build "${B}/$TS_DEPLOYMENT" - done -} - -do_install () { - if [ "${TS_ENVIRONMENT}" = "opteesp" ]; then - for TS_DEPLOYMENT in ${TS_DEPLOYMENTS}; do - cmake --install "${B}/$TS_DEPLOYMENT" - done - fi -} - -SYSROOT_DIRS = "/firmware" - -do_deploy() { - cp -rf ${D}/firmware/* ${DEPLOYDIR}/ -} -addtask deploy after do_install - -FILES:${PN} = "/firmware/sp/opteesp*" - -# Build paths are currently embedded -INSANE_SKIP:${PN} += "buildpaths" -INSANE_SKIP:${PN}-dbg += "buildpaths" From patchwork Mon Oct 3 13:00:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Abdellatif El Khlifi X-Patchwork-Id: 13465 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 67C2BC433FE for ; Mon, 3 Oct 2022 13:01:34 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web12.67.1664802088239954531 for ; Mon, 03 Oct 2022 06:01:28 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: abdellatif.elkhlifi@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A3D8A16F8; Mon, 3 Oct 2022 06:01:34 -0700 (PDT) Received: from e121910.arm.com (unknown [10.57.65.67]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 8EBE83F73B; Mon, 3 Oct 2022 06:01:26 -0700 (PDT) From: abdellatif.elkhlifi@arm.com To: meta-arm@lists.yoctoproject.org, Ross.Burton@arm.com, Vishnu.Banavath@arm.com Cc: nd@arm.com, Abdellatif El Khlifi Subject: [PATCH 12/12] arm/ffa-debugfs: drop use of the kernel module Date: Mon, 3 Oct 2022 14:00:51 +0100 Message-Id: <20221003130051.28934-13-abdellatif.elkhlifi@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> References: <20221003130051.28934-1-abdellatif.elkhlifi@arm.com> List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 03 Oct 2022 13:01:34 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/meta-arm/message/3906 From: Abdellatif El Khlifi ffa-debugfs kernel module is replaced with arm-ffa-user module Signed-off-by: Abdellatif El Khlifi --- .../ffa-debugfs/ffa-debugfs-mod_2.1.0.bb | 41 ---------- .../files/0001-build-add-Yocto-support.patch | 79 ------------------- ...-loading-the-driver-in-a-generic-way.patch | 46 ----------- 3 files changed, 166 deletions(-) delete mode 100644 meta-arm/recipes-kernel/ffa-debugfs/ffa-debugfs-mod_2.1.0.bb delete mode 100644 meta-arm/recipes-kernel/ffa-debugfs/files/0001-build-add-Yocto-support.patch delete mode 100644 meta-arm/recipes-kernel/ffa-debugfs/files/0002-script-loading-the-driver-in-a-generic-way.patch diff --git a/meta-arm/recipes-kernel/ffa-debugfs/ffa-debugfs-mod_2.1.0.bb b/meta-arm/recipes-kernel/ffa-debugfs/ffa-debugfs-mod_2.1.0.bb deleted file mode 100644 index 2b5dd643..00000000 --- a/meta-arm/recipes-kernel/ffa-debugfs/ffa-debugfs-mod_2.1.0.bb +++ /dev/null @@ -1,41 +0,0 @@ -SUMMARY = "FF-A Debugfs Linux kernel module" -DESCRIPTION = "This out-of-tree kernel module exposes FF-A operations to user space \ -used for development purposes" -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://arm_ffa_user.c;beginline=1;endline=1;md5=fcab174c20ea2e2bc0be64b493708266" - -SRC_URI = "git://git.gitlab.arm.com/linux-arm/linux-trusted-services.git;branch=main;protocol=https" - -# ffa-debugfs v2.1.0 -SRCREV = "45eb7c1484ae9bea2bbd0583b86beb55b627073b" - -S = "${WORKDIR}/git" - -inherit module - -SRC_URI:append = " \ - file://0001-build-add-Yocto-support.patch \ - file://0002-script-loading-the-driver-in-a-generic-way.patch \ - " - -FILES:${PN} += "${bindir}/load_ffa_debugfs.sh" -FILES:${PN}-dev += "${includedir}/arm_ffa_user.h" - -do_install:append() { - install -D -p -m 0755 ${B}/load_ffa_debugfs.sh ${D}/${bindir}/load_ffa_debugfs.sh - install -m 0644 ${S}/arm_ffa_user.h ${D}/${includedir}/arm_ffa_user.h -} - -COMPATIBLE_HOST = "(arm|aarch64).*-linux" - -# Kernel modules currently RDEPEND on the kernel, which is troublesome when you want to put a -# kernel module into a initramfs without pulling the kernel into the initramfs, which would be -# silly. Until this is a recommends the easiest way to handle this is to remove the dependency -# in this recipe. -PACKAGESPLITFUNCS:append = " remove_kernel_dependency" -python remove_kernel_dependency() { - key = "RDEPENDS:kernel-module-arm-ffa-user-" + d.getVar("KERNEL_VERSION") - d.delVar(key) -} -# Conflicts installing arm_ffa_user.h with arm-ffa-user recipe, lets build only one during world builds -EXCLUDE_FROM_WORLD = "1" diff --git a/meta-arm/recipes-kernel/ffa-debugfs/files/0001-build-add-Yocto-support.patch b/meta-arm/recipes-kernel/ffa-debugfs/files/0001-build-add-Yocto-support.patch deleted file mode 100644 index 5d7e9770..00000000 --- a/meta-arm/recipes-kernel/ffa-debugfs/files/0001-build-add-Yocto-support.patch +++ /dev/null @@ -1,79 +0,0 @@ -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Arpita S.K - -From 8a7bea4e7d08395036ffc2fde57c4fb44315e181 Mon Sep 17 00:00:00 2001 -From: Abdellatif El Khlifi -Date: Mon, 25 Oct 2021 13:12:11 +0100 -Subject: [PATCH 1/2] build: add Yocto support - -This commit allows to build the driver under Yocto - -Signed-off-by: Abdellatif El Khlifi ---- - Kbuild | 4 ---- - Makefile | 40 +++++++++++----------------------------- - 2 files changed, 11 insertions(+), 33 deletions(-) - delete mode 100644 Kbuild - -diff --git a/Kbuild b/Kbuild -deleted file mode 100644 -index 330b019..0000000 ---- a/Kbuild -+++ /dev/null -@@ -1,4 +0,0 @@ --# SPDX-License-Identifier: GPL-2.0-only -- --arm-ffa-user-objs := arm_ffa_user.o --obj-m := arm-ffa-user.o -diff --git a/Makefile b/Makefile -index 62dbfb1..90dfaef 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,33 +1,15 @@ --# SPDX-License-Identifier: GPL-2.0-only -+arm-ffa-user-objs := arm_ffa_user.o -+obj-m := arm-ffa-user.o - --ARCH := arm64 --CROSS_COMPILE ?= aarch64-linux-gnu- -+SRC := $(shell pwd) - --ROOT ?= $(CURDIR)/.. --KDIR ?= $(ROOT)/linux --TARGET_DIR ?= $(ROOT)/shared --BUILD_DIR ?= $(CURDIR)/build --BUILD_DIR_MAKEFILE ?= $(BUILD_DIR)/Makefile -+all: -+ $(MAKE) -C $(KERNEL_SRC) M=$(SRC) - --all: module -+modules_install: -+ $(MAKE) -C $(KERNEL_SRC) M=$(SRC) modules_install - --clean: module-clean -- --install: all -- cp $(BUILD_DIR)/arm-ffa-user.ko $(TARGET_DIR)/ -- cp load_module.sh $(TARGET_DIR)/ -- --module: $(BUILD_DIR_MAKEFILE) -- $(MAKE) -C $(KDIR) M=$(BUILD_DIR) src=$(CURDIR) modules \ -- ARCH=$(ARCH) CROSS_COMPILE="$(CROSS_COMPILE)" -- --module-clean: -- $(MAKE) -C $(KDIR) M=$(BUILD_DIR) src=$(CURDIR) clean \ -- ARCH=$(ARCH) CROSS_COMPILE="$(CROSS_COMPILE)" -- rm $(BUILD_DIR_MAKEFILE) -- --$(BUILD_DIR): -- mkdir -p "$@" -- --$(BUILD_DIR_MAKEFILE): $(BUILD_DIR) -- touch "$@" -+clean: -+ rm -f *.o *~ core .depend .*.cmd *.ko *.mod.c -+ rm -f Module.markers Module.symvers modules.order -+ rm -rf .tmp_versions Modules.symvers --- -2.17.1 - diff --git a/meta-arm/recipes-kernel/ffa-debugfs/files/0002-script-loading-the-driver-in-a-generic-way.patch b/meta-arm/recipes-kernel/ffa-debugfs/files/0002-script-loading-the-driver-in-a-generic-way.patch deleted file mode 100644 index e2469d90..00000000 --- a/meta-arm/recipes-kernel/ffa-debugfs/files/0002-script-loading-the-driver-in-a-generic-way.patch +++ /dev/null @@ -1,46 +0,0 @@ -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Arpita S.K - -From e5d9dfa703a5a57e535b5dab4eda47a9707972d3 Mon Sep 17 00:00:00 2001 -From: Abdellatif El Khlifi -Date: Mon, 25 Oct 2021 12:51:37 +0100 -Subject: [PATCH 2/2] script: loading the driver in a generic way - -Use the kernel module from the modules path. - -Signed-off-by: Abdellatif El Khlifi ---- - load_module.sh => load_ffa_debugfs.sh | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - rename load_module.sh => load_ffa_debugfs.sh (50%) - mode change 100755 => 100644 - -diff --git a/load_module.sh b/load_ffa_debugfs.sh -old mode 100755 -new mode 100644 -similarity index 50% -rename from load_module.sh -rename to load_ffa_debugfs.sh -index 2137245..4f31ff3 ---- a/load_module.sh -+++ b/load_ffa_debugfs.sh -@@ -1,10 +1,14 @@ - #!/bin/sh -+# -+# Use: -+# load_ffa_debugfs.sh -+# - --[ ! -f $(dirname "$0")/sp_uuid_list.txt ] && \ -+[ ! -f "$1"/sp_uuid_list.txt ] && \ - { echo "Error: missing SP UUID list"; exit 1; } - - if ! grep -qs 'arm-ffa-user' /proc/modules; then -- insmod $(dirname "$0")/arm-ffa-user.ko uuid_str_list=$(cat $(dirname "$0")/sp_uuid_list.txt) -+ insmod /lib/modules/$(uname -r)/extra/arm-ffa-user.ko uuid_str_list=$(cat "$1"/sp_uuid_list.txt) - fi - - if ! grep -qs 'debugfs' /proc/mounts; then --- -2.17.1 -