feat(drtm): add a few DRTM DMA protection APIs
Added DRTM DMA protections APIs, and called them during
the DLME launch and DRTM SMC handling.
Change-Id: I29e7238c04e2ca9f26600276c5c05bff5387789e
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
diff --git a/services/std_svc/drtm/drtm_main.c b/services/std_svc/drtm/drtm_main.c
index 9878887..53aafeb 100644
--- a/services/std_svc/drtm/drtm_main.c
+++ b/services/std_svc/drtm/drtm_main.c
@@ -358,6 +358,7 @@
static uint64_t drtm_dynamic_launch(uint64_t x1, void *handle)
{
enum drtm_retc ret = SUCCESS;
+ enum drtm_retc dma_prot_ret;
struct_drtm_dl_args args;
/* Ensure that only boot PE is powered on */
@@ -380,6 +381,17 @@
SMC_RET1(handle, ret);
}
+ /*
+ * Engage the DMA protections. The launch cannot proceed without the DMA
+ * protections due to potential TOC/TOU vulnerabilities w.r.t. the DLME
+ * region (and to the NWd DCE region).
+ */
+ ret = drtm_dma_prot_engage(&args.dma_prot_args,
+ DL_ARGS_GET_DMA_PROT_TYPE(&args));
+ if (ret != SUCCESS) {
+ SMC_RET1(handle, ret);
+ }
+
SMC_RET1(handle, ret);
}
@@ -497,7 +509,7 @@
case ARM_DRTM_SVC_UNPROTECT_MEM:
INFO("DRTM service handler: unprotect mem\n");
- SMC_RET1(handle, SMC_OK);
+ return drtm_unprotect_mem(handle);
break; /* not reached */
case ARM_DRTM_SVC_DYNAMIC_LAUNCH: