SPM: Introduce Secure Partition Manager
A Secure Partition is a software execution environment instantiated in
S-EL0 that can be used to implement simple management and security
services. Since S-EL0 is an unprivileged exception level, a Secure
Partition relies on privileged firmware e.g. ARM Trusted Firmware to be
granted access to system and processor resources. Essentially, it is a
software sandbox that runs under the control of privileged software in
the Secure World and accesses the following system resources:
- Memory and device regions in the system address map.
- PE system registers.
- A range of asynchronous exceptions e.g. interrupts.
- A range of synchronous exceptions e.g. SMC function identifiers.
A Secure Partition enables privileged firmware to implement only the
absolutely essential secure services in EL3 and instantiate the rest in
a partition. Since the partition executes in S-EL0, its implementation
cannot be overly complex.
The component in ARM Trusted Firmware responsible for managing a Secure
Partition is called the Secure Partition Manager (SPM). The SPM is
responsible for the following:
- Validating and allocating resources requested by a Secure Partition.
- Implementing a well defined interface that is used for initialising a
Secure Partition.
- Implementing a well defined interface that is used by the normal world
and other secure services for accessing the services exported by a
Secure Partition.
- Implementing a well defined interface that is used by a Secure
Partition to fulfil service requests.
- Instantiating the software execution environment required by a Secure
Partition to fulfil a service request.
Change-Id: I6f7862d6bba8732db5b73f54e789d717a35e802f
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Achin Gupta <achin.gupta@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
diff --git a/include/services/secure_partition.h b/include/services/secure_partition.h
new file mode 100644
index 0000000..334f761
--- /dev/null
+++ b/include/services/secure_partition.h
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef __SECURE_PARTITION_H__
+#define __SECURE_PARTITION_H__
+
+#include <bl_common.h>
+#include <types.h>
+#include <utils_def.h>
+
+/* Linker symbols */
+extern uintptr_t __SP_IMAGE_XLAT_TABLES_START__;
+extern uintptr_t __SP_IMAGE_XLAT_TABLES_END__;
+
+/* Definitions */
+#define SP_IMAGE_XLAT_TABLES_START \
+ (uintptr_t)(&__SP_IMAGE_XLAT_TABLES_START__)
+#define SP_IMAGE_XLAT_TABLES_END \
+ (uintptr_t)(&__SP_IMAGE_XLAT_TABLES_END__)
+#define SP_IMAGE_XLAT_TABLES_SIZE \
+ (SP_IMAGE_XLAT_TABLES_END - SP_IMAGE_XLAT_TABLES_START)
+
+/*
+ * Flags used by the secure_partition_mp_info structure to describe the
+ * characteristics of a cpu. Only a single flag is defined at the moment to
+ * indicate the primary cpu.
+ */
+#define MP_INFO_FLAG_PRIMARY_CPU U(0x00000001)
+
+/*
+ * This structure is used to provide information required to initialise a S-EL0
+ * partition.
+ */
+typedef struct secure_partition_mp_info {
+ u_register_t mpidr;
+ unsigned int linear_id;
+ unsigned int flags;
+} secure_partition_mp_info_t;
+
+typedef struct secure_partition_boot_info {
+ param_header_t h;
+ uintptr_t sp_mem_base;
+ uintptr_t sp_mem_limit;
+ uintptr_t sp_image_base;
+ uintptr_t sp_stack_base;
+ uintptr_t sp_heap_base;
+ uintptr_t sp_ns_comm_buf_base;
+ uintptr_t sp_shared_buf_base;
+ size_t sp_image_size;
+ size_t sp_pcpu_stack_size;
+ size_t sp_heap_size;
+ size_t sp_ns_comm_buf_size;
+ size_t sp_shared_buf_size;
+ unsigned int num_sp_mem_regions;
+ unsigned int num_cpus;
+ secure_partition_mp_info_t *mp_info;
+} secure_partition_boot_info_t;
+
+/* Setup function for secure partitions context. */
+
+void secure_partition_setup(void);
+
+#endif /* __SECURE_PARTITION_H__ */
diff --git a/include/services/spm_svc.h b/include/services/spm_svc.h
new file mode 100644
index 0000000..2c8c7cd
--- /dev/null
+++ b/include/services/spm_svc.h
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef __SPM_SVC_H__
+#define __SPM_SVC_H__
+
+#include <utils_def.h>
+
+#define SPM_VERSION_MAJOR U(0)
+#define SPM_VERSION_MINOR U(1)
+#define SPM_VERSION_FORM(major, minor) ((major << 16) | (minor))
+#define SPM_VERSION_COMPILED SPM_VERSION_FORM(SPM_VERSION_MAJOR, SPM_VERSION_MINOR)
+
+#define SP_VERSION_MAJOR U(1)
+#define SP_VERSION_MINOR U(0)
+#define SP_VERSION_FORM(major, minor) ((major << 16) | (minor))
+#define SP_VERSION_COMPILED SP_VERSION_FORM(SP_VERSION_MAJOR, SP_VERSION_MINOR)
+
+/* The macros below are used to identify SPM calls from the SMC function ID */
+#define SPM_FID_MASK U(0xffff)
+#define SPM_FID_MIN_VALUE U(0x40)
+#define SPM_FID_MAX_VALUE U(0x7f)
+#define is_spm_fid(_fid) \
+ ((((_fid) & SPM_FID_MASK) >= SPM_FID_MIN_VALUE) && \
+ (((_fid) & SPM_FID_MASK) <= SPM_FID_MAX_VALUE))
+
+/*
+ * SMC IDs defined for accessing services implemented by the Secure Partition
+ * Manager from the Secure Partition(s). These services enable a partition to
+ * handle delegated events and request privileged operations from the manager.
+ */
+#define SPM_VERSION_AARCH32 U(0x84000060)
+#define SP_EVENT_COMPLETE_AARCH64 U(0xC4000061)
+#define SP_MEM_ATTRIBUTES_GET_AARCH64 U(0xC4000064)
+#define SP_MEM_ATTRIBUTES_SET_AARCH64 U(0xC4000065)
+
+/*
+ * Macros used by SP_MEM_ATTRIBUTES_SET_AARCH64.
+ */
+
+#define SP_MEM_ATTR_ACCESS_NOACCESS U(0)
+#define SP_MEM_ATTR_ACCESS_RW U(1)
+/* Value U(2) is reserved. */
+#define SP_MEM_ATTR_ACCESS_RO U(3)
+#define SP_MEM_ATTR_ACCESS_MASK U(3)
+#define SP_MEM_ATTR_ACCESS_SHIFT 0
+
+#define SP_MEM_ATTR_EXEC (U(0) << 2)
+#define SP_MEM_ATTR_NON_EXEC (U(1) << 2)
+
+/*
+ * SMC IDs defined in [1] for accessing secure partition services from the
+ * Non-secure world. These FIDs occupy the range 0x40 - 0x5f
+ * [1] DEN0060A_ARM_MM_Interface_Specification.pdf
+ */
+#define SP_VERSION_AARCH64 U(0xC4000040)
+#define SP_VERSION_AARCH32 U(0x84000040)
+
+#define SP_COMMUNICATE_AARCH64 U(0xC4000041)
+#define SP_COMMUNICATE_AARCH32 U(0x84000041)
+
+/* SPM error codes. */
+#define SPM_SUCCESS 0
+#define SPM_NOT_SUPPORTED -1
+#define SPM_INVALID_PARAMETER -2
+#define SPM_DENIED -3
+#define SPM_NO_MEMORY -5
+
+#ifndef __ASSEMBLY__
+
+#include <stdint.h>
+
+int32_t spm_setup(void);
+
+uint64_t spm_smc_handler(uint32_t smc_fid,
+ uint64_t x1,
+ uint64_t x2,
+ uint64_t x3,
+ uint64_t x4,
+ void *cookie,
+ void *handle,
+ uint64_t flags);
+
+#endif /* __ASSEMBLY__ */
+
+#endif /* __SPM_SVC_H__ */