Nishanth Menon [Tue, 20 Jun 2023 18:17:09 +0000 (13:17 -0500)]
mailbox: k3-sec-proxy: Fill non-message tx data fields with 0x0
Sec proxy data buffer is 60 bytes with the last of the registers
indicating transmission completion. This however poses a bit of a
challenge.
The backing memory for sec_proxy is regular memory, and all sec proxy
does is to trigger a burst of all 60 bytes of data over to the target
thread backing ring accelerator. It doesn't do a memory scrub when
it moves data out in the burst. When we transmit multiple messages,
remnants of previous message is also transmitted which results in
some random data being set in TISCI fields of messages that have been
expanded forward.
The entire concept of backward compatibility hinges on the fact that
the unused message fields remain 0x0 allowing for 0x0 value to be
specially considered when backward compatibility of message extension
is done.
So, instead of just writing the completion register, we continue
to fill the message buffer up with 0x0 (note: for partial message
involving completion, we already do this).
This allows us to scale and introduce ABI changes back also work with
other boot stages that may have left data in the internal memory.
Simon Glass [Tue, 25 Jul 2023 14:13:22 +0000 (08:13 -0600)]
buildman: Specify the output directory in tests
The default output directory is generally '../' in tests so we end up
trying to create '../.bm-work'. This does not work with azure, so update
these tests to use the temporary directory instead.
Tom Rini [Mon, 24 Jul 2023 22:58:22 +0000 (18:58 -0400)]
Merge branch '2023-07-24-introduce-FF-A-suppport'
To quote the author:
Adding support for Arm FF-A v1.0 (Arm Firmware Framework for Armv8-A) [A].
FF-A specifies interfaces that enable a pair of software execution
environments aka partitions to communicate with each other. A partition
could be a VM in the Normal or Secure world, an application in S-EL0, or
a Trusted OS in S-EL1.
FF-A is a discoverable bus and similar to architecture features.
FF-A bus is discovered using ARM_SMCCC_FEATURES mechanism performed
by the PSCI driver.
=> dm tree
Class Index Probed Driver Name
-----------------------------------------------------------
...
firmware 0 [ + ] psci |-- psci
ffa 0 [ ] arm_ffa | `-- arm_ffa
...
Clients are able to probe then use the FF-A bus by calling the DM class
searching APIs (e.g: uclass_first_device).
This implementation of the specification provides support for Aarch64.
The FF-A driver uses the SMC ABIs defined by the FF-A specification to:
- Discover the presence of secure partitions (SPs) of interest
- Access an SP's service through communication protocols
(e.g: EFI MM communication protocol)
The FF-A support provides the following features:
- Being generic by design and can be used by any Arm 64-bit platform
- FF-A support can be compiled and used without EFI
- Support for SMCCCv1.2 x0-x17 registers
- Support for SMC32 calling convention
- Support for 32-bit and 64-bit FF-A direct messaging
- Support for FF-A MM communication (compatible with EFI boot time)
- Enabling FF-A and MM communication in Corstone1000 platform as a use case
- A Uclass driver providing generic FF-A methods.
- An Arm FF-A device driver providing Arm-specific methods and
reusing the Uclass methods.
- A sandbox emulator for Arm FF-A, emulates the FF-A side of the
Secure World and provides FF-A ABIs inspection methods.
- An FF-A sandbox device driver for FF-A communication with the
emulated Secure World. The driver leverages the FF-A Uclass to
establish FF-A communication.
- Sandbox FF-A test cases.
- A new command called armffa is provided as an example of how to
access the FF-A bus
For more details about the FF-A support please refer to [B] and refer to [C] for
how to use the armffa command.
Please find at [D] an example of the expected boot logs when enabling
FF-A support for a platform. In this example the platform is
Corstone1000. But it can be any Arm 64-bit platform.
[A]: https://developer.arm.com/documentation/den0077/latest/
[B]: doc/arch/arm64.ffa.rst
[C]: doc/usage/cmd/armffa.rst
[D]: example of boot logs when enabling FF-A
This feature allows accessing MM partitions services through
EFI MM communication protocol. MM partitions such as StandAlonneMM
or smm-gateway secure partitions which reside in secure world.
An MM shared buffer and a door bell event are used to exchange
the data.
The data is used by EFI services such as GetVariable()/SetVariable()
and copied from the communication buffer to the MM shared buffer.
The secure partition is notified about availability of data in the
MM shared buffer by an FF-A message (door bell).
On such event, MM SP can read the data and updates the MM shared
buffer with the response data.
The response data is copied back to the communication buffer and
consumed by the EFI subsystem.
MM communication protocol supports FF-A 64-bit direct messaging.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> Tested-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> Reviewed-by: Simon Glass <sjg@chromium.org> Cc: Tom Rini <trini@konsulko.com> Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org> Cc: Jens Wiklander <jens.wiklander@linaro.org>
Emulate Secure World's FF-A ABIs and allow testing U-Boot FF-A support
Features of the sandbox FF-A support:
- Introduce an FF-A emulator
- Introduce an FF-A device driver for FF-A comms with emulated Secure World
- Provides test methods allowing to read the status of the inspected ABIs
The sandbox FF-A emulator supports only 64-bit direct messaging.
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> Reviewed-by: Simon Glass <sjg@chromium.org> Cc: Tom Rini <trini@konsulko.com> Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org> Cc: Jens Wiklander <jens.wiklander@linaro.org> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Provide armffa command showcasing the use of the U-Boot FF-A support
armffa is a command showcasing how to invoke FF-A operations.
This provides a guidance to the client developers on how to
call the FF-A bus interfaces. The command also allows to gather secure
partitions information and ping these partitions. The command is also
helpful in testing the communication with secure partitions.
For more details please refer to the command documentation [1].
[1]: doc/usage/cmd/armffa.rst
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> Reviewed-by: Simon Glass <sjg@chromium.org> Cc: Tom Rini <trini@konsulko.com> Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org> Cc: Jens Wiklander <jens.wiklander@linaro.org> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Add Arm FF-A support implementing Arm Firmware Framework for Armv8-A v1.0
The Firmware Framework for Arm A-profile processors (FF-A v1.0) [1]
describes interfaces (ABIs) that standardize communication
between the Secure World and Normal World leveraging TrustZone
technology.
This driver uses 64-bit registers as per SMCCCv1.2 spec and comes
on top of the SMCCC layer. The driver provides the FF-A ABIs needed for
querying the FF-A framework from the secure world.
The driver uses SMC32 calling convention which means using the first
32-bit data of the Xn registers.
All supported ABIs come with their 32-bit version except FFA_RXTX_MAP
which has 64-bit version supported.
Both 32-bit and 64-bit direct messaging are supported which allows both
32-bit and 64-bit clients to use the FF-A bus.
FF-A is a discoverable bus and similar to architecture features.
FF-A bus is discovered using ARM_SMCCC_FEATURES mechanism performed
by the PSCI driver.
Clients are able to probe then use the FF-A bus by calling the DM class
searching APIs (e.g: uclass_first_device).
The Secure World is considered as one entity to communicate with
using the FF-A bus. FF-A communication is handled by one device and
one instance (the bus). This FF-A driver takes care of all the
interactions between Normal world and Secure World.
The driver exports its operations to be used by upper layers.
Tom Rini [Mon, 24 Jul 2023 17:55:59 +0000 (13:55 -0400)]
Merge branch '2023-07-22-TI-K3-improvements'
- Actually merge the assorted K3 platform improvements that were
supposed to be in commit 247aa5a19115 ("Merge branch
'2023-07-21-assorted-TI-platform-updates'")
Simon Glass [Wed, 19 Jul 2023 23:49:30 +0000 (17:49 -0600)]
buildman: Add an option to check maintainers and targets
In poking around it seems that many boards don't define a CONFIG_TARGET
Kconfig variable. This is not strictly necessary, but add an option to
buildman so these can be viewed.
Simon Glass [Wed, 19 Jul 2023 23:49:16 +0000 (17:49 -0600)]
buildman: Convert config_out to string IO
This is probably a little more efficient and it allows passing the object
to another function to write data. Convert config_out to use a string I/O
device.
Simon Glass [Wed, 19 Jul 2023 23:49:03 +0000 (17:49 -0600)]
buildman: Add a test for --boards
Add a simple functional test for the --boards option. Fix the example in
the docs while we are here. Also improve the docs for Builder.count so it
is clearer what it contains.
Simon Glass [Wed, 19 Jul 2023 23:48:53 +0000 (17:48 -0600)]
buildman: Tweak commits and show_bloat
Move setting of show_bloat to adjust_options() and adjust how the commits
variable is set. Together these remove the pylint warning about too many
statements.
Simon Glass [Wed, 19 Jul 2023 23:48:36 +0000 (17:48 -0600)]
buildman: Drop use of builder in show_actions()
This function only needs the output directory from the builder. This is
passed into the builder, so just pass the same value to show_actions().
The avoids needing a builder to call show_actions().
Simon Glass [Wed, 19 Jul 2023 23:48:28 +0000 (17:48 -0600)]
buildman: Provide an argument to the -R option
Allow writing the file to a selected location, since otherwise this is
controlled by the buildman configuration, so cannot be determined by the
caller.
Signed-off-by: Simon Glass <sjg@chromium.org> Fixes: https://source.denx.de/u-boot/u-boot/-/issues/17
Simon Glass [Wed, 19 Jul 2023 23:48:21 +0000 (17:48 -0600)]
buildman: Detect boards with multiple CONFIG_TARGETs defined
The TARGET_xxx options are special in that they refer to a single target.
Exactly one should be enabled for each target, corresponding to a
defconfig file.
Detect configs which result in two TARGET_xxx options being set. For
example, at present, TARGET_POLEG and TARET_POLEG_EVB are enabled for the
same board.
Note: This warning is not displayed by default. An option will be added
to enable it.