TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-A / trusted-firmware-a / f9d250549746f57ff45189653aae9889a1065151 / . / services / spd / tlkd / tlkd_main.c
blob: bea4c489259ab29b6069025b2fef83feb4381895 [file] [log] [blame]
Varun Wadekar22038312015-03-13 14:01:03 +0530[diff] [blame]1/*
2 * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
6 *
7 * Redistributions of source code must retain the above copyright notice, this
8 * list of conditions and the following disclaimer.
9 *
10 * Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 *
14 * Neither the name of ARM nor the names of its contributors may be used
15 * to endorse or promote products derived from this software without specific
16 * prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28 * POSSIBILITY OF SUCH DAMAGE.
29 */
30
31/*******************************************************************************
32 * This is the Secure Payload Dispatcher (SPD). The dispatcher is meant to be a
33 * plug-in component to the Secure Monitor, registered as a runtime service. The
34 * SPD is expected to be a functional extension of the Secure Payload (SP) that
35 * executes in Secure EL1. The Secure Monitor will delegate all SMCs targeting
36 * the Trusted OS/Applications range to the dispatcher. The SPD will either
37 * handle the request locally or delegate it to the Secure Payload. It is also
38 * responsible for initialising and maintaining communication with the SP.
39 ******************************************************************************/
40#include <arch_helpers.h>
41#include <assert.h>
42#include <bl_common.h>
43#include <bl31.h>
44#include <context_mgmt.h>
45#include <debug.h>
46#include <errno.h>
47#include <platform.h>
48#include <runtime_svc.h>
49#include <stddef.h>
50#include <tlk.h>
51#include <uuid.h>
52#include "tlkd_private.h"
53
54extern const spd_pm_ops_t tlkd_pm_ops;
55
56/*******************************************************************************
57 * Array to keep track of per-cpu Secure Payload state
58 ******************************************************************************/
59static tlk_context_t tlk_ctx;
60
61/* TLK UID: RFC-4122 compliant UUID (version-5, sha-1) */
62DEFINE_SVC_UUID(tlk_uuid,
63 0xbd11e9c9, 0x2bba, 0x52ee, 0xb1, 0x72,
64 0x46, 0x1f, 0xba, 0x97, 0x7f, 0x63);
65
66int32_t tlkd_init(void);
67
68/*
69 * The number of arguments/results to save during a SMC call for TLK.
70 */
71#define TLK_SHDBUF_SIZE 4
72
73/*******************************************************************************
74 * Shared memory buffer for passing SMC args/results to TLK
75 ******************************************************************************/
76typedef struct tlk_args_results {
77 uint64_t args[TLK_SHDBUF_SIZE];
78} tlk_args_results_t;
79
80static tlk_args_results_t *tlk_args_results_buf;
81
82/*
83 * Helper function to store args from TLK and pass results back
84 */
85static inline void store_tlk_args_results(uint64_t x0, uint64_t x1, uint64_t x2,
86 uint64_t x3)
87{
88 /* store arguments sent by TLK */
89 tlk_args_results_buf->args[0] = x0;
90 tlk_args_results_buf->args[1] = x1;
91 tlk_args_results_buf->args[2] = x2;
92 tlk_args_results_buf->args[3] = x3;
93
94 flush_dcache_range((uint64_t)tlk_args_results_buf,
95 sizeof(tlk_args_results_t));
96}
97
98/*******************************************************************************
99 * Secure Payload Dispatcher setup. The SPD finds out the SP entrypoint and type
100 * (aarch32/aarch64) if not already known and initialises the context for entry
101 * into the SP for its initialisation.
102 ******************************************************************************/
103int32_t tlkd_setup(void)
104{
105 entry_point_info_t *tlk_ep_info;
106
107 /*
108 * Get information about the Secure Payload (BL32) image. Its
109 * absence is a critical failure.
110 */
111 tlk_ep_info = bl31_plat_get_next_image_ep_info(SECURE);
112 if (!tlk_ep_info) {
113 WARN("No SP provided. Booting device without SP"
114 " initialization. SMC`s destined for SP"
115 " will return SMC_UNK\n");
116 return 1;
117 }
118
119 /*
120 * If there's no valid entry point for SP, we return a non-zero value
121 * signalling failure initializing the service. We bail out without
122 * registering any handlers
123 */
124 if (!tlk_ep_info->pc)
125 return 1;
126
127 /*
128 * Inspect the SP image's SPSR and determine it's execution state
129 * i.e whether AArch32 or AArch64.
130 */
131 tlkd_init_tlk_ep_state(tlk_ep_info,
132 (tlk_ep_info->spsr >> MODE_RW_SHIFT) & MODE_RW_MASK,
133 tlk_ep_info->pc,
134 &tlk_ctx);
135
136 /*
137 * All TLK SPD initialization done. Now register our init function
138 * with BL31 for deferred invocation
139 */
140 bl31_register_bl32_init(&tlkd_init);
141
142 return 0;
143}
144
145/*******************************************************************************
146 * This function passes control to the Secure Payload image (BL32) for the first
147 * time on the primary cpu after a cold boot. It assumes that a valid secure
148 * context has already been created by tlkd_setup() which can be directly
149 * used. This function performs a synchronous entry into the Secure payload.
150 * The SP passes control back to this routine through a SMC.
151 ******************************************************************************/
152int32_t tlkd_init(void)
153{
154 uint64_t mpidr = read_mpidr();
155 entry_point_info_t *tlk_entry_point;
156
157 /*
158 * Get information about the Secure Payload (BL32) image. Its
159 * absence is a critical failure.
160 */
161 tlk_entry_point = bl31_plat_get_next_image_ep_info(SECURE);
162 assert(tlk_entry_point);
163
164 cm_init_context(mpidr, tlk_entry_point);
165
166 /*
167 * Arrange for an entry into the test secure payload.
168 */
169 return tlkd_synchronous_sp_entry(&tlk_ctx);
170}
171
172/*******************************************************************************
173 * This function is responsible for handling all SMCs in the Trusted OS/App
174 * range from the non-secure state as defined in the SMC Calling Convention
175 * Document. It is also responsible for communicating with the Secure payload
176 * to delegate work and return results back to the non-secure state. Lastly it
177 * will also return any information that the secure payload needs to do the
178 * work assigned to it.
179 ******************************************************************************/
180uint64_t tlkd_smc_handler(uint32_t smc_fid,
181 uint64_t x1,
182 uint64_t x2,
183 uint64_t x3,
184 uint64_t x4,
185 void *cookie,
186 void *handle,
187 uint64_t flags)
188{
Varun Wadekar77199df2015-03-13 14:19:11 +0530[diff] [blame]189 cpu_context_t *ns_cpu_context;
Varun Wadekar22038312015-03-13 14:01:03 +0530[diff] [blame]190 uint32_t ns;
Varun Wadekar6e159e72015-03-13 14:59:03 +0530[diff] [blame]191 uint64_t vaddr, type, par;
Varun Wadekar22038312015-03-13 14:01:03 +0530[diff] [blame]192
193 /* Passing a NULL context is a critical programming error */
194 assert(handle);
195
196 /* Determine which security state this SMC originated from */
197 ns = is_caller_non_secure(flags);
198
199 switch (smc_fid) {
200
201 /*
Varun Wadekarf9d25052015-03-13 15:10:54 +0530[diff] [blame^]202 * This function ID is used by SP to indicate that it was
203 * preempted by a non-secure world IRQ.
204 */
205 case TLK_PREEMPTED:
206
207 if (ns)
208 SMC_RET1(handle, SMC_UNK);
209
210 assert(handle == cm_get_context(SECURE));
211 cm_el1_sysregs_context_save(SECURE);
212
213 /* Get a reference to the non-secure context */
214 ns_cpu_context = cm_get_context(NON_SECURE);
215 assert(ns_cpu_context);
216
217 /*
218 * Restore non-secure state. There is no need to save the
219 * secure system register context since the SP was supposed
220 * to preserve it during S-EL1 interrupt handling.
221 */
222 cm_el1_sysregs_context_restore(NON_SECURE);
223 cm_set_next_eret_context(NON_SECURE);
224
225 SMC_RET1(ns_cpu_context, tlk_args_results_buf->args[0]);
226
227 /*
228 * Request from non secure world to resume the preempted
229 * Standard SMC call.
230 */
231 case TLK_RESUME_FID:
232
233 /* RESUME should be invoked only by normal world */
234 if (!ns)
235 SMC_RET1(handle, SMC_UNK);
236
237 /*
238 * This is a resume request from the non-secure client.
239 * save the non-secure state and send the request to
240 * the secure payload.
241 */
242 assert(handle == cm_get_context(NON_SECURE));
243
244 /* Check if we are already preempted before resume */
245 if (!get_std_smc_active_flag(tlk_ctx.state))
246 SMC_RET1(handle, SMC_UNK);
247
248 cm_el1_sysregs_context_save(NON_SECURE);
249
250 /*
251 * We are done stashing the non-secure context. Ask the
252 * secure payload to do the work now.
253 */
254
255 /* We just need to return to the preempted point in
256 * SP and the execution will resume as normal.
257 */
258 cm_el1_sysregs_context_restore(SECURE);
259 cm_set_next_eret_context(SECURE);
260 SMC_RET0(handle);
261
262 /*
Varun Wadekar77199df2015-03-13 14:19:11 +0530[diff] [blame]263 * This is a request from the non-secure context to:
264 *
265 * a. register shared memory with the SP for storing it's
266 * activity logs.
267 * b. register shared memory with the SP for passing args
268 * required for maintaining sessions with the Trusted
269 * Applications.
270 */
271 case TLK_REGISTER_LOGBUF:
272 case TLK_REGISTER_REQBUF:
273 if (!ns || !tlk_args_results_buf)
274 SMC_RET1(handle, SMC_UNK);
275
276 /*
277 * This is a fresh request from the non-secure client.
278 * The parameters are in x1 and x2. Figure out which
279 * registers need to be preserved, save the non-secure
280 * state and send the request to the secure payload.
281 */
282 assert(handle == cm_get_context(NON_SECURE));
283
284 /* Check if we are already preempted */
285 if (get_std_smc_active_flag(tlk_ctx.state))
286 SMC_RET1(handle, SMC_UNK);
287
288 cm_el1_sysregs_context_save(NON_SECURE);
289
290 /*
291 * Verify if there is a valid context to use.
292 */
293 assert(&tlk_ctx.cpu_ctx == cm_get_context(SECURE));
294
295 /*
296 * Mark the SP state as active.
297 */
298 set_std_smc_active_flag(tlk_ctx.state);
299
300 /* Save args for use by the SP on return */
301 store_tlk_args_results(smc_fid, x1, x2, x3);
302
303 /*
304 * We are done stashing the non-secure context. Ask the
305 * secure payload to do the work now.
306 */
307 cm_el1_sysregs_context_restore(SECURE);
308 cm_set_next_eret_context(SECURE);
309 SMC_RET0(&tlk_ctx.cpu_ctx);
310
311 /*
Varun Wadekar6e159e72015-03-13 14:59:03 +0530[diff] [blame]312 * Translate NS/EL1-S virtual addresses
313 */
314 case TLK_VA_TRANSLATE:
315 if (ns || !tlk_args_results_buf)
316 SMC_RET1(handle, SMC_UNK);
317
318 /* virtual address and type: ns/s */
319 vaddr = tlk_args_results_buf->args[0];
320 type = tlk_args_results_buf->args[1];
321
322 par = tlkd_va_translate(vaddr, type);
323
324 /* Save PA for use by the SP on return */
325 store_tlk_args_results(par, 0, 0, 0);
326
327 SMC_RET0(handle);
328
329 /*
Varun Wadekar77199df2015-03-13 14:19:11 +0530[diff] [blame]330 * This is a request from the SP to mark completion of
331 * a standard function ID.
332 */
333 case TLK_REQUEST_DONE:
334 if (ns || !tlk_args_results_buf)
335 SMC_RET1(handle, SMC_UNK);
336
337 /*
338 * Mark the SP state as inactive.
339 */
340 clr_std_smc_active_flag(tlk_ctx.state);
341
342 /* Get a reference to the non-secure context */
343 ns_cpu_context = cm_get_context(NON_SECURE);
344 assert(ns_cpu_context);
345
346 /*
347 * This is a request completion SMC and we must switch to
348 * the non-secure world to pass the result.
349 */
350 cm_el1_sysregs_context_save(SECURE);
351
352 /*
353 * We are done stashing the secure context. Switch to the
354 * non-secure context and return the result.
355 */
356 cm_el1_sysregs_context_restore(NON_SECURE);
357 cm_set_next_eret_context(NON_SECURE);
358 SMC_RET1(ns_cpu_context, tlk_args_results_buf->args[0]);
359
360 /*
Varun Wadekar22038312015-03-13 14:01:03 +0530[diff] [blame]361 * This function ID is used only by the SP to indicate it has
362 * finished initialising itself after a cold boot
363 */
364 case TLK_ENTRY_DONE:
Varun Wadekar77199df2015-03-13 14:19:11 +0530[diff] [blame]365 if (ns || !tlk_args_results_buf)
Varun Wadekar22038312015-03-13 14:01:03 +0530[diff] [blame]366 SMC_RET1(handle, SMC_UNK);
367
368 /*
369 * SP has been successfully initialized. Register power
370 * managemnt hooks with PSCI
371 */
372 psci_register_spd_pm_hook(&tlkd_pm_ops);
373
374 /*
375 * TLK reports completion. The SPD must have initiated
376 * the original request through a synchronous entry
377 * into the SP. Jump back to the original C runtime
378 * context.
379 */
380 tlkd_synchronous_sp_exit(&tlk_ctx, tlk_args_results_buf->args[0]);
381
382 /*
383 * This is a request from the secure payload to register
384 * shared memory to pass SMC args/results between EL1, EL3.
385 */
386 case TLK_FID_SHARED_MEMBUF:
387 if (ns || !x1)
388 SMC_RET1(handle, SMC_UNK);
389
390 /*
391 * TODO: Check if the passed memory pointer is valid. Might
392 * require a call into the platform code.
393 */
394
395 tlk_args_results_buf = (tlk_args_results_t *)x1;
396 SMC_RET0(handle);
397
398 /*
399 * Return the number of service function IDs implemented to
400 * provide service to non-secure
401 */
402 case TOS_CALL_COUNT:
403 SMC_RET1(handle, TLK_NUM_FID);
404
405 /*
406 * Return TLK's UID to the caller
407 */
408 case TOS_UID:
409 SMC_UUID_RET(handle, tlk_uuid);
410
411 /*
412 * Return the version of current implementation
413 */
414 case TOS_CALL_VERSION:
415 SMC_RET2(handle, TLK_VERSION_MAJOR, TLK_VERSION_MINOR);
416
417 default:
418 break;
419 }
420
421 SMC_RET1(handle, SMC_UNK);
422}
423
424/* Define a SPD runtime service descriptor for fast SMC calls */
425DECLARE_RT_SVC(
426 tlkd_tos_fast,
427
428 OEN_TOS_START,
429 OEN_TOS_END,
430 SMC_TYPE_FAST,
431 tlkd_setup,
432 tlkd_smc_handler
433);
434
435/* Define a SPD runtime service descriptor for standard SMC calls */
436DECLARE_RT_SVC(
437 tlkd_tos_std,
438
439 OEN_TOS_START,
440 OEN_TOS_END,
441 SMC_TYPE_STD,
442 NULL,
443 tlkd_smc_handler
444);