blob: 9fda3074b67f267146307c85ea59844ae83a747c [file] [log] [blame]
Achin Gupta375f5382014-02-18 18:12:48 +00001/*
2 * Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
6 *
7 * Redistributions of source code must retain the above copyright notice, this
8 * list of conditions and the following disclaimer.
9 *
10 * Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 *
14 * Neither the name of ARM nor the names of its contributors may be used
15 * to endorse or promote products derived from this software without specific
16 * prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28 * POSSIBILITY OF SUCH DAMAGE.
29 */
30
31
32/*******************************************************************************
33 * This is the Secure Payload Dispatcher (SPD). The dispatcher is meant to be a
34 * plug-in component to the Secure Monitor, registered as a runtime service. The
35 * SPD is expected to be a functional extension of the Secure Payload (SP) that
36 * executes in Secure EL1. The Secure Monitor will delegate all SMCs targeting
37 * the Trusted OS/Applications range to the dispatcher. The SPD will either
38 * handle the request locally or delegate it to the Secure Payload. It is also
39 * responsible for initialising and maintaining communication with the SP.
40 ******************************************************************************/
Achin Gupta375f5382014-02-18 18:12:48 +000041#include <arch_helpers.h>
Dan Handley2bd4ef22014-04-09 13:14:54 +010042#include <assert.h>
43#include <bl_common.h>
44#include <bl31.h>
Achin Gupta375f5382014-02-18 18:12:48 +000045#include <context_mgmt.h>
46#include <runtime_svc.h>
Dan Handley2bd4ef22014-04-09 13:14:54 +010047#include <stddef.h>
Achin Gupta375f5382014-02-18 18:12:48 +000048#include <tsp.h>
Jeenu Viswambharandf1ddb52014-02-28 11:23:35 +000049#include <uuid.h>
Dan Handley714a0d22014-04-09 13:13:04 +010050#include "tspd_private.h"
Achin Gupta375f5382014-02-18 18:12:48 +000051
52/*******************************************************************************
53 * Single structure to hold information about the various entry points into the
54 * Secure Payload. It is initialised once on the primary core after a cold boot.
55 ******************************************************************************/
Dan Handleye2712bc2014-04-10 15:37:22 +010056entry_info_t *tsp_entry_info;
Achin Gupta375f5382014-02-18 18:12:48 +000057
58/*******************************************************************************
59 * Array to keep track of per-cpu Secure Payload state
60 ******************************************************************************/
Dan Handleye2712bc2014-04-10 15:37:22 +010061tsp_context_t tspd_sp_context[TSPD_CORE_COUNT];
Achin Gupta375f5382014-02-18 18:12:48 +000062
Jeenu Viswambharan7f366602014-02-20 17:11:00 +000063
Jeenu Viswambharandf1ddb52014-02-28 11:23:35 +000064/* TSP UID */
65DEFINE_SVC_UUID(tsp_uuid,
66 0x5b3056a0, 0x3291, 0x427b, 0x98, 0x11,
67 0x71, 0x68, 0xca, 0x50, 0xf3, 0xfa);
68
Dan Handleye2712bc2014-04-10 15:37:22 +010069int32_t tspd_init(meminfo_t *bl32_meminfo);
Jeenu Viswambharan7f366602014-02-20 17:11:00 +000070
71
Achin Gupta375f5382014-02-18 18:12:48 +000072/*******************************************************************************
73 * Secure Payload Dispatcher setup. The SPD finds out the SP entrypoint and type
74 * (aarch32/aarch64) if not already known and initialises the context for entry
75 * into the SP for its initialisation.
76 ******************************************************************************/
77int32_t tspd_setup(void)
78{
Dan Handleye2712bc2014-04-10 15:37:22 +010079 el_change_info_t *image_info;
Achin Gupta375f5382014-02-18 18:12:48 +000080 int32_t rc;
81 uint64_t mpidr = read_mpidr();
82 uint32_t linear_id;
83
84 linear_id = platform_get_core_pos(mpidr);
85
86 /*
87 * Get information about the Secure Payload (BL32) image. Its
88 * absence is a critical failure. TODO: Add support to
89 * conditionally include the SPD service
90 */
91 image_info = bl31_get_next_image_info(SECURE);
92 assert(image_info);
93
94 /*
Jeenu Viswambharan7f366602014-02-20 17:11:00 +000095 * If there's no valid entry point for SP, we return a non-zero value
96 * signalling failure initializing the service. We bail out without
97 * registering any handlers
98 */
99 if (!image_info->entrypoint)
100 return 1;
101
102 /*
Achin Gupta375f5382014-02-18 18:12:48 +0000103 * We could inspect the SP image and determine it's execution
104 * state i.e whether AArch32 or AArch64. Assuming it's AArch64
105 * for the time being.
106 */
107 rc = tspd_init_secure_context(image_info->entrypoint,
108 TSP_AARCH64,
109 mpidr,
110 &tspd_sp_context[linear_id]);
111 assert(rc == 0);
112
Jeenu Viswambharan7f366602014-02-20 17:11:00 +0000113 /*
114 * All TSPD initialization done. Now register our init function with
115 * BL31 for deferred invocation
116 */
117 bl31_register_bl32_init(&tspd_init);
118
Achin Gupta375f5382014-02-18 18:12:48 +0000119 return rc;
120}
121
122/*******************************************************************************
123 * This function passes control to the Secure Payload image (BL32) for the first
124 * time on the primary cpu after a cold boot. It assumes that a valid secure
125 * context has already been created by tspd_setup() which can be directly used.
126 * It also assumes that a valid non-secure context has been initialised by PSCI
127 * so it does not need to save and restore any non-secure state. This function
128 * performs a synchronous entry into the Secure payload. The SP passes control
129 * back to this routine through a SMC. It also passes the extents of memory made
130 * available to BL32 by BL31.
131 ******************************************************************************/
Dan Handleye2712bc2014-04-10 15:37:22 +0100132int32_t tspd_init(meminfo_t *bl32_meminfo)
Achin Gupta375f5382014-02-18 18:12:48 +0000133{
134 uint64_t mpidr = read_mpidr();
135 uint32_t linear_id = platform_get_core_pos(mpidr);
136 uint64_t rc;
Dan Handleye2712bc2014-04-10 15:37:22 +0100137 tsp_context_t *tsp_ctx = &tspd_sp_context[linear_id];
Achin Gupta375f5382014-02-18 18:12:48 +0000138
139 /*
140 * Arrange for passing a pointer to the meminfo structure
141 * describing the memory extents available to the secure
142 * payload.
143 * TODO: We are passing a pointer to BL31 internal memory
144 * whereas this structure should be copied to a communication
145 * buffer between the SP and SPD.
146 */
147 write_ctx_reg(get_gpregs_ctx(&tsp_ctx->cpu_ctx),
148 CTX_GPREG_X0,
149 (uint64_t) bl32_meminfo);
150
Achin Gupta607084e2014-02-09 18:24:19 +0000151 /*
152 * Arrange for an entry into the test secure payload. We expect an array
153 * of vectors in return
154 */
Achin Gupta375f5382014-02-18 18:12:48 +0000155 rc = tspd_synchronous_sp_entry(tsp_ctx);
156 assert(rc != 0);
Jeenu Viswambharan7f366602014-02-20 17:11:00 +0000157 if (rc) {
Achin Gupta375f5382014-02-18 18:12:48 +0000158 tsp_ctx->state = TSP_STATE_ON;
159
Jeenu Viswambharan7f366602014-02-20 17:11:00 +0000160 /*
161 * TSP has been successfully initialized. Register power
162 * managemnt hooks with PSCI
163 */
164 psci_register_spd_pm_hook(&tspd_pm);
165 }
166
Achin Gupta375f5382014-02-18 18:12:48 +0000167 return rc;
168}
169
Jeenu Viswambharan7f366602014-02-20 17:11:00 +0000170
Achin Gupta375f5382014-02-18 18:12:48 +0000171/*******************************************************************************
172 * This function is responsible for handling all SMCs in the Trusted OS/App
173 * range from the non-secure state as defined in the SMC Calling Convention
174 * Document. It is also responsible for communicating with the Secure payload
175 * to delegate work and return results back to the non-secure state. Lastly it
176 * will also return any information that the secure payload needs to do the
177 * work assigned to it.
178 ******************************************************************************/
179uint64_t tspd_smc_handler(uint32_t smc_fid,
180 uint64_t x1,
181 uint64_t x2,
182 uint64_t x3,
183 uint64_t x4,
184 void *cookie,
185 void *handle,
186 uint64_t flags)
187{
Dan Handleye2712bc2014-04-10 15:37:22 +0100188 cpu_context_t *ns_cpu_context;
189 gp_regs_t *ns_gp_regs;
Achin Gupta375f5382014-02-18 18:12:48 +0000190 unsigned long mpidr = read_mpidr();
191 uint32_t linear_id = platform_get_core_pos(mpidr), ns;
Dan Handleye2712bc2014-04-10 15:37:22 +0100192 tsp_context_t *tsp_ctx = &tspd_sp_context[linear_id];
Achin Gupta375f5382014-02-18 18:12:48 +0000193
194 /* Determine which security state this SMC originated from */
195 ns = is_caller_non_secure(flags);
196
197 switch (smc_fid) {
198
199 /*
200 * This function ID is used only by the SP to indicate it has
201 * finished initialising itself after a cold boot
202 */
203 case TSP_ENTRY_DONE:
204 if (ns)
205 SMC_RET1(handle, SMC_UNK);
206
207 /*
208 * Stash the SP entry points information. This is done
209 * only once on the primary cpu
210 */
211 assert(tsp_entry_info == NULL);
Dan Handleye2712bc2014-04-10 15:37:22 +0100212 tsp_entry_info = (entry_info_t *) x1;
Achin Gupta375f5382014-02-18 18:12:48 +0000213
214 /*
215 * SP reports completion. The SPD must have initiated
216 * the original request through a synchronous entry
217 * into the SP. Jump back to the original C runtime
218 * context.
219 */
Achin Gupta916a2c12014-02-09 23:11:46 +0000220 tspd_synchronous_sp_exit(tsp_ctx, x1);
Achin Gupta375f5382014-02-18 18:12:48 +0000221
222 /* Should never reach here */
223 assert(0);
224
Achin Gupta607084e2014-02-09 18:24:19 +0000225 /*
226 * These function IDs is used only by the SP to indicate it has
227 * finished:
228 * 1. turning itself on in response to an earlier psci
229 * cpu_on request
230 * 2. resuming itself after an earlier psci cpu_suspend
231 * request.
232 */
233 case TSP_ON_DONE:
234 case TSP_RESUME_DONE:
235
236 /*
237 * These function IDs is used only by the SP to indicate it has
238 * finished:
239 * 1. suspending itself after an earlier psci cpu_suspend
240 * request.
241 * 2. turning itself off in response to an earlier psci
242 * cpu_off request.
243 */
244 case TSP_OFF_DONE:
245 case TSP_SUSPEND_DONE:
246 if (ns)
247 SMC_RET1(handle, SMC_UNK);
248
249 /*
250 * SP reports completion. The SPD must have initiated the
251 * original request through a synchronous entry into the SP.
252 * Jump back to the original C runtime context, and pass x1 as
253 * return value to the caller
254 */
Achin Gupta916a2c12014-02-09 23:11:46 +0000255 tspd_synchronous_sp_exit(tsp_ctx, x1);
Achin Gupta607084e2014-02-09 18:24:19 +0000256
257 /* Should never reach here */
258 assert(0);
259
Achin Gupta916a2c12014-02-09 23:11:46 +0000260 /*
261 * Request from non-secure client to perform an
262 * arithmetic operation or response from secure
263 * payload to an earlier request.
264 */
265 case TSP_FID_ADD:
266 case TSP_FID_SUB:
267 case TSP_FID_MUL:
268 case TSP_FID_DIV:
269 if (ns) {
270 /*
271 * This is a fresh request from the non-secure client.
272 * The parameters are in x1 and x2. Figure out which
273 * registers need to be preserved, save the non-secure
274 * state and send the request to the secure payload.
275 */
276 assert(handle == cm_get_context(mpidr, NON_SECURE));
277 cm_el1_sysregs_context_save(NON_SECURE);
278
279 /* Save x1 and x2 for use by TSP_GET_ARGS call below */
280 SMC_SET_GP(handle, CTX_GPREG_X1, x1);
281 SMC_SET_GP(handle, CTX_GPREG_X2, x2);
282
283 /*
284 * We are done stashing the non-secure context. Ask the
285 * secure payload to do the work now.
286 */
287
288 /*
289 * Verify if there is a valid context to use, copy the
290 * operation type and parameters to the secure context
291 * and jump to the fast smc entry point in the secure
292 * payload. Entry into S-EL1 will take place upon exit
293 * from this function.
294 */
295 assert(&tsp_ctx->cpu_ctx == cm_get_context(mpidr, SECURE));
296 set_aapcs_args7(&tsp_ctx->cpu_ctx, smc_fid, x1, x2, 0, 0,
297 0, 0, 0);
298 cm_set_el3_elr(SECURE, (uint64_t) tsp_entry_info->fast_smc_entry);
299 cm_el1_sysregs_context_restore(SECURE);
300 cm_set_next_eret_context(SECURE);
301
302 return smc_fid;
303 } else {
304 /*
305 * This is the result from the secure client of an
306 * earlier request. The results are in x1-x2. Copy it
307 * into the non-secure context, save the secure state
308 * and return to the non-secure state.
309 */
310 assert(handle == cm_get_context(mpidr, SECURE));
311 cm_el1_sysregs_context_save(SECURE);
312
313 /* Get a reference to the non-secure context */
314 ns_cpu_context = cm_get_context(mpidr, NON_SECURE);
315 assert(ns_cpu_context);
316 ns_gp_regs = get_gpregs_ctx(ns_cpu_context);
317
318 /* Restore non-secure state */
319 cm_el1_sysregs_context_restore(NON_SECURE);
320 cm_set_next_eret_context(NON_SECURE);
321
322 SMC_RET2(ns_gp_regs, x1, x2);
323 }
324
325 break;
326
327 /*
328 * This is a request from the secure payload for more arguments
329 * for an ongoing arithmetic operation requested by the
330 * non-secure world. Simply return the arguments from the non-
331 * secure client in the original call.
332 */
333 case TSP_GET_ARGS:
334 if (ns)
335 SMC_RET1(handle, SMC_UNK);
336
337 /* Get a reference to the non-secure context */
338 ns_cpu_context = cm_get_context(mpidr, NON_SECURE);
339 assert(ns_cpu_context);
340 ns_gp_regs = get_gpregs_ctx(ns_cpu_context);
341
342 SMC_RET2(handle, read_ctx_reg(ns_gp_regs, CTX_GPREG_X1),
343 read_ctx_reg(ns_gp_regs, CTX_GPREG_X2));
344
Jeenu Viswambharandf1ddb52014-02-28 11:23:35 +0000345 case TOS_CALL_COUNT:
346 /*
347 * Return the number of service function IDs implemented to
348 * provide service to non-secure
349 */
350 SMC_RET1(handle, TSP_NUM_FID);
351
352 case TOS_UID:
353 /* Return TSP UID to the caller */
354 SMC_UUID_RET(handle, tsp_uuid);
355
356 case TOS_CALL_VERSION:
357 /* Return the version of current implementation */
358 SMC_RET2(handle, TSP_VERSION_MAJOR, TSP_VERSION_MINOR);
359
Achin Gupta375f5382014-02-18 18:12:48 +0000360 default:
Achin Gupta607084e2014-02-09 18:24:19 +0000361 break;
Achin Gupta375f5382014-02-18 18:12:48 +0000362 }
363
Achin Gupta607084e2014-02-09 18:24:19 +0000364 SMC_RET1(handle, SMC_UNK);
Achin Gupta375f5382014-02-18 18:12:48 +0000365}
366
367/* Define a SPD runtime service descriptor */
368DECLARE_RT_SVC(
369 spd,
370
371 OEN_TOS_START,
372 OEN_TOS_END,
373 SMC_TYPE_FAST,
374 tspd_setup,
375 tspd_smc_handler
376);