feat(cm): test integrity of el1_ctx registers
* This patch adds support to tsp (BL32) Image, to exercise
EL1_context registers at S-EL1.
* Adds a SMC function ID "MODIFY_EL1_CTX" to handle EL1_CTX
registers at S-EL1 and overwrite them.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: Id4f2b3b748f7bc9e6c9d72a2f03d50aefbfb61cb
diff --git a/bl32/tsp/tsp.mk b/bl32/tsp/tsp.mk
index 6d8f74b..696cdb2 100644
--- a/bl32/tsp/tsp.mk
+++ b/bl32/tsp/tsp.mk
@@ -7,7 +7,7 @@
INCLUDES += -Iinclude/bl32/tsp
ifeq (${SPMC_AT_EL3},1)
- BL32_SOURCES += bl32/tsp/tsp_ffa_main.c \
+ BL32_SOURCES += bl32/tsp/tsp_ffa_main.c \
bl32/tsp/ffa_helpers.c
else
BL32_SOURCES += bl32/tsp/tsp_main.c
@@ -19,6 +19,7 @@
bl32/tsp/tsp_interrupt.c \
bl32/tsp/tsp_timer.c \
bl32/tsp/tsp_common.c \
+ bl32/tsp/tsp_context.c \
common/aarch64/early_exceptions.S \
lib/locks/exclusive/aarch64/spinlock.S
diff --git a/bl32/tsp/tsp_context.c b/bl32/tsp/tsp_context.c
new file mode 100644
index 0000000..6307f72
--- /dev/null
+++ b/bl32/tsp/tsp_context.c
@@ -0,0 +1,143 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <arch_features.h>
+#include <arch_helpers.h>
+#include <bl32/tsp/tsp_el1_context.h>
+#include <common/debug.h>
+
+#define DUMMY_CTX_VALUE ULL(0xffffffff)
+#define DUMMY_CTX_TCR_VALUE ULL(0xffff0000)
+#define DUMMY_CTX_TRF_VALUE ULL(0xf)
+#define DUMMY_CTX_GCS_VALUE ULL(0xffff0000)
+#define DEFAULT_CTX_VALUE ULL(0x0)
+
+/**
+ * -------------------------------------------------------
+ * Private Helper functions required to access and modify
+ * EL1 context registers at S-EL1.
+ * -------------------------------------------------------
+ */
+static void modify_el1_common_regs(uint64_t cm_value)
+{
+ /**
+ * NOTE: Few EL1 registers "SCTLR_EL1, SPSR_EL1, ELR_EL1" are
+ * left out consciously as those are important registers for
+ * execution in each world and overwriting them with dummy value
+ * would cause unintended crash while executing the test.
+ */
+ write_tcr_el1(cm_value);
+ write_cpacr_el1(cm_value);
+ write_csselr_el1(cm_value);
+ write_esr_el1(cm_value);
+ write_ttbr0_el1(cm_value);
+ write_ttbr1_el1(cm_value);
+ write_mair_el1(cm_value);
+ write_amair_el1(cm_value);
+ write_actlr_el1(cm_value);
+ write_tpidr_el1(cm_value);
+ write_tpidr_el0(cm_value);
+ write_tpidrro_el0(cm_value);
+ write_par_el1(cm_value);
+ write_far_el1(cm_value);
+ write_afsr0_el1(cm_value);
+ write_afsr1_el1(cm_value);
+ write_contextidr_el1(cm_value);
+ write_vbar_el1(cm_value);
+ write_mdccint_el1(cm_value);
+ write_mdscr_el1(cm_value);
+}
+
+static void modify_el1_mte2_regs(uint64_t mte_value)
+{
+ if (is_feat_mte2_supported()) {
+ write_tfsre0_el1(mte_value);
+ write_tfsr_el1(mte_value);
+ write_rgsr_el1(mte_value);
+ write_gcr_el1(mte_value);
+ }
+}
+
+static void modify_el1_ras_regs(uint64_t ras_value)
+{
+ if (is_feat_ras_supported()) {
+ write_disr_el1(ras_value);
+ }
+}
+
+static void modify_el1_s1pie_regs(uint64_t s1pie_value)
+{
+ if (is_feat_s1pie_supported()) {
+ write_pire0_el1(s1pie_value);
+ write_pir_el1(s1pie_value);
+ }
+}
+
+static void modify_el1_s1poe_regs(uint64_t s1poe_value)
+{
+ if (is_feat_s1poe_supported()) {
+ write_por_el1(s1poe_value);
+ }
+}
+
+static void modify_el1_s2poe_regs(uint64_t s2poe_value)
+{
+ if (is_feat_s2poe_supported()) {
+ write_s2por_el1(s2poe_value);
+ }
+}
+
+static void modify_el1_tcr2_regs(uint64_t tcr_value)
+{
+ if (is_feat_tcr2_supported()) {
+ write_tcr2_el1(tcr_value & DUMMY_CTX_TCR_VALUE);
+ }
+}
+
+static void modify_el1_trf_regs(uint64_t trf_value)
+{
+ if (is_feat_trf_supported()) {
+ write_trfcr_el1(trf_value & DUMMY_CTX_TRF_VALUE);
+ }
+}
+
+static void modify_el1_gcs_regs(uint64_t gcs_value)
+{
+ if (is_feat_gcs_supported()) {
+ write_gcscr_el1(gcs_value & DUMMY_CTX_GCS_VALUE);
+ write_gcscre0_el1(gcs_value & DUMMY_CTX_GCS_VALUE);
+ write_gcspr_el1(gcs_value & DUMMY_CTX_GCS_VALUE);
+ write_gcspr_el0(gcs_value & DUMMY_CTX_GCS_VALUE);
+ }
+}
+
+/**
+ * -----------------------------------------------------
+ * Public API, to modify/restore EL1 ctx registers:
+ * -----------------------------------------------------
+ */
+void modify_el1_ctx_regs(const bool modify_option)
+{
+ uint64_t mask;
+
+ if (modify_option == TSP_CORRUPT_EL1_REGS) {
+ VERBOSE("TSP(S-EL1): Corrupt EL1 Registers with Dummy values\n");
+ mask = DUMMY_CTX_VALUE;
+ } else {
+ VERBOSE("TSP(S-EL1): Restore EL1 Registers with Default values\n");
+ mask = DEFAULT_CTX_VALUE;
+ }
+
+ modify_el1_common_regs(mask);
+ modify_el1_mte2_regs(mask);
+ modify_el1_ras_regs(mask);
+ modify_el1_s1pie_regs(mask);
+ modify_el1_s1poe_regs(mask);
+ modify_el1_s2poe_regs(mask);
+ modify_el1_tcr2_regs(mask);
+ modify_el1_trf_regs(mask);
+ modify_el1_gcs_regs(mask);
+}
diff --git a/bl32/tsp/tsp_main.c b/bl32/tsp/tsp_main.c
index ae38d69..8c6b2ed 100644
--- a/bl32/tsp/tsp_main.c
+++ b/bl32/tsp/tsp_main.c
@@ -11,6 +11,7 @@
#include <arch_features.h>
#include <arch_helpers.h>
#include <bl32/tsp/tsp.h>
+#include <bl32/tsp/tsp_el1_context.h>
#include <common/bl_common.h>
#include <common/build_message.h>
#include <common/debug.h>
@@ -278,6 +279,17 @@
/* Toggle the dit bit */
write_dit(service_arg0 != 0U ? 0 : DIT_BIT);
break;
+ case TSP_MODIFY_EL1_CTX:
+ /*
+ * Write dummy values to EL1 context registers, to simulate
+ * their usage in the secure world.
+ */
+ if (arg1 == TSP_CORRUPT_EL1_REGS) {
+ modify_el1_ctx_regs(TSP_CORRUPT_EL1_REGS);
+ } else {
+ modify_el1_ctx_regs(TSP_RESTORE_EL1_REGS);
+ }
+ break;
default:
break;
}
diff --git a/include/bl32/tsp/tsp.h b/include/bl32/tsp/tsp.h
index 285bfbe..a63abf1 100644
--- a/include/bl32/tsp/tsp.h
+++ b/include/bl32/tsp/tsp.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -36,12 +36,13 @@
* Identifiers for various TSP services. Corresponding function IDs (whether
* fast or yielding) are generated by macros defined below
*/
-#define TSP_ADD 0x2000
-#define TSP_SUB 0x2001
-#define TSP_MUL 0x2002
-#define TSP_DIV 0x2003
+#define TSP_ADD 0x2000
+#define TSP_SUB 0x2001
+#define TSP_MUL 0x2002
+#define TSP_DIV 0x2003
#define TSP_HANDLE_SEL1_INTR_AND_RETURN 0x2004
-#define TSP_CHECK_DIT 0x2005
+#define TSP_CHECK_DIT 0x2005
+#define TSP_MODIFY_EL1_CTX 0x2006
/*
* Identify a TSP service from function ID filtering the last 16 bits from the
diff --git a/include/bl32/tsp/tsp_el1_context.h b/include/bl32/tsp/tsp_el1_context.h
new file mode 100644
index 0000000..64fde63
--- /dev/null
+++ b/include/bl32/tsp/tsp_el1_context.h
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef TSP_EL1_CONTEXT_H
+#define TSP_EL1_CONTEXT_H
+
+#define TSP_CORRUPT_EL1_REGS 1
+#define TSP_RESTORE_EL1_REGS 0
+
+/* Public helper function to handle EL1 ctx registers at S-EL1(TSP) */
+void modify_el1_ctx_regs(const bool modify_option);
+
+#endif /* TSP_EL1_CONTEXT_H */
diff --git a/services/spd/tspd/tspd_main.c b/services/spd/tspd/tspd_main.c
index 6cb4992..8ff71cc 100644
--- a/services/spd/tspd/tspd_main.c
+++ b/services/spd/tspd/tspd_main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -575,6 +575,11 @@
* of the DIT PSTATE bit.
*/
case TSP_YIELD_FID(TSP_CHECK_DIT):
+ /*
+ * Request from non-secure client to modify the EL1
+ * context registers.
+ */
+ case TSP_YIELD_FID(TSP_MODIFY_EL1_CTX):
if (ns) {
/*
* This is a fresh request from the non-secure client.