feat(spmc): enable building of the SPMC at EL3
Introduce build flag for enabling the secure partition
manager core, SPMC_AT_EL3. When enabled, the SPMC module
will be included into the BL31 image. By default the
flag is disabled.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I5ea1b953e5880a07ffc91c4dea876a375850cf2a
diff --git a/Makefile b/Makefile
index f91699c..3136887 100644
--- a/Makefile
+++ b/Makefile
@@ -527,6 +527,9 @@
ifeq ($(CTX_INCLUDE_EL2_REGS),0)
$(error SPMD with SPM at S-EL2 requires CTX_INCLUDE_EL2_REGS option)
endif
+ ifeq ($(SPMC_AT_EL3),1)
+ $(error SPM cannot be enabled in both S-EL2 and EL3.)
+ endif
endif
ifeq ($(findstring optee_sp,$(ARM_SPMC_MANIFEST_DTS)),optee_sp)
@@ -577,6 +580,9 @@
ifneq (${ARCH},aarch64)
$(error ENABLE_RME requires AArch64)
endif
+ifeq ($(SPMC_AT_EL3),1)
+ $(error SPMC_AT_EL3 and ENABLE_RME cannot both be enabled.)
+endif
include services/std_svc/rmmd/rmmd.mk
$(warning "RME is an experimental feature")
endif
@@ -1006,6 +1012,7 @@
SEPARATE_NOBITS_REGION \
SPIN_ON_BL1_EXIT \
SPM_MM \
+ SPMC_AT_EL3 \
SPMD_SPM_AT_SEL2 \
TRUSTED_BOARD_BOOT \
CRYPTO_SUPPORT \
@@ -1138,6 +1145,7 @@
SPD_${SPD} \
SPIN_ON_BL1_EXIT \
SPM_MM \
+ SPMC_AT_EL3 \
SPMD_SPM_AT_SEL2 \
TRUSTED_BOARD_BOOT \
CRYPTO_SUPPORT \
diff --git a/bl31/bl31.mk b/bl31/bl31.mk
index 7d83e3c..214cf2f 100644
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@@ -25,6 +25,14 @@
include lib/extensions/amu/amu.mk
include lib/mpmm/mpmm.mk
+
+ifeq (${SPMC_AT_EL3},1)
+ $(warning "EL3 SPMC is an experimental feature")
+ $(info Including EL3 SPMC makefile)
+ include services/std_svc/spm/common/spm.mk
+ include services/std_svc/spm/el3_spmc/spmc.mk
+endif
+
include lib/psci/psci_lib.mk
BL31_SOURCES += bl31/bl31_main.c \
@@ -42,6 +50,7 @@
${PSCI_LIB_SOURCES} \
${SPMD_SOURCES} \
${SPM_MM_SOURCES} \
+ ${SPMC_SOURCES} \
${SPM_SOURCES}
ifeq (${DISABLE_MTPMU},1)
diff --git a/docs/components/secure-partition-manager.rst b/docs/components/secure-partition-manager.rst
index af298e3..f2b8659 100644
--- a/docs/components/secure-partition-manager.rst
+++ b/docs/components/secure-partition-manager.rst
@@ -127,14 +127,18 @@
This section explains the TF-A build options involved in building with
support for an FF-A based SPM where the SPMD is located at EL3 and the
-SPMC located at S-EL1 or S-EL2:
+SPMC located at S-EL1, S-EL2 or EL3:
- **SPD=spmd**: this option selects the SPMD component to relay the FF-A
protocol from NWd to SWd back and forth. It is not possible to
enable another Secure Payload Dispatcher when this option is chosen.
- **SPMD_SPM_AT_SEL2**: this option adjusts the SPMC exception
- level to being S-EL1 or S-EL2. It defaults to enabled (value 1) when
+ level to being at S-EL2. It defaults to enabled (value 1) when
SPD=spmd is chosen.
+- **SPMC_AT_EL3**: this option adjusts the SPMC exception level to being
+ at EL3.
+- If neither **SPMD_SPM_AT_SEL2** or **SPMC_AT_EL3** are enabled the SPMC
+ exception level is set to S-EL1.
- **CTX_INCLUDE_EL2_REGS**: this option permits saving (resp.
restoring) the EL2 system register context before entering (resp.
after leaving) the SPMC. It is mandatorily enabled when
@@ -146,14 +150,16 @@
is required when ``SPMD_SPM_AT_SEL2`` is enabled hence when multiple
secure partitions are to be loaded on behalf of the SPMC.
-+---------------+----------------------+------------------+
-| | CTX_INCLUDE_EL2_REGS | SPMD_SPM_AT_SEL2 |
-+---------------+----------------------+------------------+
-| SPMC at S-EL1 | 0 | 0 |
-+---------------+----------------------+------------------+
-| SPMC at S-EL2 | 1 | 1 (default when |
-| | | SPD=spmd) |
-+---------------+----------------------+------------------+
++---------------+----------------------+------------------+-------------+
+| | CTX_INCLUDE_EL2_REGS | SPMD_SPM_AT_SEL2 | SPMC_AT_EL3 |
++---------------+----------------------+------------------+-------------+
+| SPMC at S-EL1 | 0 | 0 | 0 |
++---------------+----------------------+------------------+-------------+
+| SPMC at S-EL2 | 1 | 1 (default when | 0 |
+| | | SPD=spmd) | |
++---------------+----------------------+------------------+-------------+
+| SPMC at EL3 | 0 | 0 | 1 |
++---------------+----------------------+------------------+-------------+
Other combinations of such build options either break the build or are not
supported.
@@ -229,6 +235,20 @@
GENERATE_COT=1 \
all fip
+Sample TF-A build command line when SPMC is located at EL3:
+
+.. code:: shell
+
+ make \
+ CROSS_COMPILE=aarch64-none-elf- \
+ SPD=spmd \
+ SPMD_SPM_AT_SEL2=0 \
+ SPMC_AT_EL3=1 \
+ BL32=<path-to-tee-binary> \
+ BL33=<path-to-bl33-binary> \
+ PLAT=fvp \
+ all fip
+
FVP model invocation
====================
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 4dbf5cb..d30e22f 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -780,13 +780,20 @@
firmware images have been loaded in memory, and the MMU and caches are
turned off. Refer to the "Debugging options" section for more details.
+- ``SPMC_AT_EL3`` : This boolean option is used jointly with the SPM
+ Dispatcher option (``SPD=spmd``). When enabled (1) it indicates the SPMC
+ component runs at the EL3 exception level. The default value is ``0`` (
+ disabled). This configuration supports pre-Armv8.4 platforms (aka not
+ implementing the ``FEAT_SEL2`` extension). This is an experimental feature.
+
- ``SPMD_SPM_AT_SEL2`` : This boolean option is used jointly with the SPM
Dispatcher option (``SPD=spmd``). When enabled (1) it indicates the SPMC
- component runs at the S-EL2 execution state provided by the Armv8.4-SecEL2
+ component runs at the S-EL2 exception level provided by the ``FEAT_SEL2``
extension. This is the default when enabling the SPM Dispatcher. When
disabled (0) it indicates the SPMC component runs at the S-EL1 execution
- state. This latter configuration supports pre-Armv8.4 platforms (aka not
- implementing the Armv8.4-SecEL2 extension).
+ state or at EL3 if ``SPMC_AT_EL3`` is enabled. The latter configurations
+ support pre-Armv8.4 platforms (aka not implementing the ``FEAT_SEL2``
+ extension).
- ``SPM_MM`` : Boolean option to enable the Management Mode (MM)-based Secure
Partition Manager (SPM) implementation. The default value is ``0``
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index 99f44a4..7b66569 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -288,6 +288,9 @@
# Enable the Management Mode (MM)-based Secure Partition Manager implementation
SPM_MM := 0
+# Use the FF-A SPMC implementation in EL3.
+SPMC_AT_EL3 := 0
+
# Use SPM at S-EL2 as a default config for SPMD
SPMD_SPM_AT_SEL2 := 1