diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2022-08-03 16:55:16 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2022-08-03 17:56:03 +0300 |
commit | bec4ebc22c43c1ff5c3fddb820d44a88bd3aebf0 (patch) | |
tree | cd378e3e0eaff8fe11880bd397f41671e2347a39 /meta-arm/meta-arm-bsp/recipes-security/optee | |
parent | 79161d7a7126cad324ff0c11a93d8e57d80203ed (diff) | |
download | openbmc-bec4ebc22c43c1ff5c3fddb820d44a88bd3aebf0.tar.xz |
Import 80d60e7 from yoctoproject.org meta-arm
To support ARMv8 SoCs.
meta-arm has several patch files. Since they are maintained by the
upstream meta-arm community, add meta-arm to the ignore list in
run-repotest.
Change-Id: Ia87a2e947bbabd347d256eccc47a343e1c885479
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'meta-arm/meta-arm-bsp/recipes-security/optee')
22 files changed, 830 insertions, 0 deletions
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-plat-corstone1000-add-corstone1000-platform.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-plat-corstone1000-add-corstone1000-platform.patch new file mode 100644 index 0000000000..7666486d7e --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-plat-corstone1000-add-corstone1000-platform.patch @@ -0,0 +1,201 @@ +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Arpita S.K <arpita.s.k@arm.com> + +From 439a87df6a9f60f2b29afd988ad58a67e6f0b603 Mon Sep 17 00:00:00 2001 +From: Vishnu Banavath <vishnu.banavath@arm.com> +Date: Tue, 22 Jun 2021 22:09:28 +0100 +Subject: [PATCH] plat-corstone1000: add corstone1000 platform + +These changes are to add corstone1000 platform to optee core + +Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> + +diff --git a/core/arch/arm/plat-corstone1000/conf.mk b/core/arch/arm/plat-corstone1000/conf.mk +new file mode 100644 +index 00000000..b14dd442 +--- /dev/null ++++ b/core/arch/arm/plat-corstone1000/conf.mk +@@ -0,0 +1,37 @@ ++PLATFORM_FLAVOR ?= mps3 ++ ++$(call force,CFG_HWSUPP_MEM_PERM_WXN,y) ++$(call force,CFG_HWSUPP_MEM_PERM_PXN,y) ++$(call force,CFG_ENABLE_SCTLR_RR,n) ++$(call force,CFG_ENABLE_SCTLR_Z,n) ++ ++arm64-platform-cpuarch := cortex-a35 ++arm64-platform-cflags += -mcpu=$(arm64-platform-cpuarch) ++arm64-platform-aflags += -mcpu=$(arm64-platform-cpuarch) ++platform-flavor-armv8 := 1 ++ ++$(call force,CFG_GIC,y) ++$(call force,CFG_PL011,y) ++$(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,y) ++ ++$(call force,CFG_ARM64_core,y) ++ ++CFG_WITH_STATS ?= y ++ ++CFG_WITH_ARM_TRUSTED_FW ?= y ++CFG_WITH_LPAE ?=y ++ ++CFG_TEE_CORE_NB_CORE = 1 ++CFG_TZDRAM_START ?= 0x02002000 ++CFG_TZDRAM_SIZE ?= 0x000FE000 ++CFG_TEE_RAM_VA_SIZE ?= 0x00AF000 ++CFG_SHMEM_START ?= 0x86000000 ++CFG_SHMEM_SIZE ?= 0x00200000 ++ ++CFG_DDR_SIZE ?= 0x80000000 ++CFG_DT_ADDR ?= 0x82100000 ++CFG_DTB_MAX_SIZE ?= 0x100000 ++ ++$(call force,CFG_PSCI_ARM64,y) ++$(call force,CFG_DT,y) ++$(call force,CFG_EXTERNAL_DTB_OVERLAY,y) +diff --git a/core/arch/arm/plat-corstone1000/main.c b/core/arch/arm/plat-corstone1000/main.c +new file mode 100644 +index 00000000..35d89535 +--- /dev/null ++++ b/core/arch/arm/plat-corstone1000/main.c +@@ -0,0 +1,77 @@ ++// SPDX-License-Identifier: BSD-2-Clause ++/* ++ * Copyright (c) 2020, Linaro Limited ++ */ ++ ++#include <arm64.h> ++#include <console.h> ++#include <drivers/gic.h> ++#include <drivers/pl011.h> ++#include <drivers/tzc400.h> ++#include <initcall.h> ++#include <keep.h> ++#include <kernel/boot.h> ++#include <kernel/interrupt.h> ++#include <kernel/misc.h> ++#include <kernel/panic.h> ++#include <kernel/tee_time.h> ++#include <mm/core_memprot.h> ++#include <mm/core_mmu.h> ++#include <platform_config.h> ++#include <sm/psci.h> ++#include <stdint.h> ++#include <string.h> ++#include <trace.h> ++ ++static struct gic_data gic_data __nex_bss; ++static struct pl011_data console_data __nex_bss; ++ ++register_phys_mem_pgdir(MEM_AREA_IO_SEC, CONSOLE_UART_BASE, PL011_REG_SIZE); ++#ifdef DRAM0_BASE ++register_ddr(DRAM0_BASE, DRAM0_SIZE); ++#endif ++ ++#ifdef GIC_BASE ++register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICD_BASE, GIC_DIST_REG_SIZE); ++register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICC_BASE, GIC_DIST_REG_SIZE); ++ ++void main_init_gic(void) ++{ ++ vaddr_t gicc_base; ++ vaddr_t gicd_base; ++ ++ gicc_base = core_mmu_get_va(GICC_BASE, MEM_AREA_IO_SEC); ++ gicd_base = core_mmu_get_va(GICD_BASE, MEM_AREA_IO_SEC); ++ ++ if (!gicc_base || !gicd_base) ++ panic(); ++ ++ /* Initialize GIC */ ++ gic_init(&gic_data, gicc_base, gicd_base); ++ itr_init(&gic_data.chip); ++ ++} ++ ++void main_secondary_init_gic(void) ++{ ++ gic_cpu_init(&gic_data); ++} ++ ++void itr_core_handler(void) ++{ ++ gic_it_handle(&gic_data); ++} ++#endif ++ ++void console_init(void) ++{ ++ pl011_init(&console_data, CONSOLE_UART_BASE, CONSOLE_UART_CLK_IN_HZ, ++ CONSOLE_BAUDRATE); ++ register_serial_console(&console_data.chip); ++} ++ ++void ffa_secondary_cpu_boot_req(vaddr_t secondary_ep, uint64_t cookie) ++{ ++ DMSG("This is single core platform\n"); ++} ++ +diff --git a/core/arch/arm/plat-corstone1000/platform_config.h b/core/arch/arm/plat-corstone1000/platform_config.h +new file mode 100644 +index 00000000..cfee6fa4 +--- /dev/null ++++ b/core/arch/arm/plat-corstone1000/platform_config.h +@@ -0,0 +1,46 @@ ++/* SPDX-License-Identifier: BSD-2-Clause */ ++/* ++ * Copyright (c) 2020, Linaro Limited ++ */ ++ ++#ifndef PLATFORM_CONFIG_H ++#define PLATFORM_CONFIG_H ++ ++#include <mm/generic_ram_layout.h> ++#include <stdint.h> ++ ++/* Make stacks aligned to data cache line length */ ++#define STACK_ALIGNMENT 64 ++ ++ ++#define GIC_BASE 0x1c000000 ++#define UART0_BASE 0x1a510000 ++#define UART1_BASE 0x1a520000 ++ ++#define CONSOLE_UART_BASE UART1_BASE ++ ++#define DRAM0_BASE 0x80000000 ++#define DRAM0_SIZE 0x7f000000 ++ ++#define GICD_OFFSET 0x10000 ++#define GICC_OFFSET 0x2f000 ++ ++#ifdef GIC_BASE ++#define GICD_BASE (GIC_BASE + GICD_OFFSET) ++#define GICC_BASE (GIC_BASE + GICC_OFFSET) ++#endif ++ ++#ifndef UART_BAUDRATE ++#define UART_BAUDRATE 115200 ++#endif ++#ifndef CONSOLE_BAUDRATE ++#define CONSOLE_BAUDRATE UART_BAUDRATE ++#endif ++ ++#ifndef SYS_COUNTER_FREQ_IN_TICKS ++#define SYS_COUNTER_FREQ_IN_TICKS UL(50000000) /* 32MHz */ ++#endif ++ ++#define CONSOLE_UART_CLK_IN_HZ UL(50000000) /* 32MHz*/ ++ ++#endif /*PLATFORM_CONFIG_H*/ +diff --git a/core/arch/arm/plat-corstone1000/sub.mk b/core/arch/arm/plat-corstone1000/sub.mk +new file mode 100644 +index 00000000..8ddc2fd4 +--- /dev/null ++++ b/core/arch/arm/plat-corstone1000/sub.mk +@@ -0,0 +1,2 @@ ++global-incdirs-y += . ++srcs-y += main.c +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch new file mode 100644 index 0000000000..ea60fee297 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch @@ -0,0 +1,30 @@ +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Arpita S.K <arpita.s.k@arm.com> + +From dbaf7a11e686d362eb09e63841eb718ea777dd03 Mon Sep 17 00:00:00 2001 +From: Vishnu Banavath <vishnu.banavath@arm.com> +Date: Wed, 1 Sep 2021 16:46:42 +0100 +Subject: [PATCH] plat-corstone1000: reserve 3MB CVM memory for optee + +optee requires 3MB CVM memory to include SecurePartition's into +it's image + +Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> + +diff --git a/core/arch/arm/plat-corstone1000/conf.mk b/core/arch/arm/plat-corstone1000/conf.mk +index b14dd442..7a4aa13c 100644 +--- a/core/arch/arm/plat-corstone1000/conf.mk ++++ b/core/arch/arm/plat-corstone1000/conf.mk +@@ -23,8 +23,7 @@ CFG_WITH_LPAE ?=y + + CFG_TEE_CORE_NB_CORE = 1 + CFG_TZDRAM_START ?= 0x02002000 +-CFG_TZDRAM_SIZE ?= 0x000FE000 +-CFG_TEE_RAM_VA_SIZE ?= 0x00AF000 ++CFG_TZDRAM_SIZE ?= 0x300000 # OPTEE CODE + DATA +TA_RAM = 3MB + CFG_SHMEM_START ?= 0x86000000 + CFG_SHMEM_SIZE ?= 0x00200000 + +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0003-plat-corstone1000-add-a-rule-in-Makefile-to-SP_MAKEF.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0003-plat-corstone1000-add-a-rule-in-Makefile-to-SP_MAKEF.patch new file mode 100644 index 0000000000..9aec829c67 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0003-plat-corstone1000-add-a-rule-in-Makefile-to-SP_MAKEF.patch @@ -0,0 +1,38 @@ +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> + +From 327290faefe16440c4975c9539b11d43c92bcf48 Mon Sep 17 00:00:00 2001 +From: Vishnu Banavath <vishnu.banavath@arm.com> +Date: Thu, 25 Nov 2021 06:20:48 +0000 +Subject: [PATCH] plat-corstone1000: add a rule in Makefile to SP_MAKEFILE_PATH + +This change is to provide an option to user to include +secure manifest into optee-os Makefile so that the secure +partition is part of optee-os image + +Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> + +diff --git a/Makefile b/Makefile +index f6fcea8b..21722939 100644 +--- a/Makefile ++++ b/Makefile +@@ -18,6 +18,16 @@ unexport MAKEFILE_LIST + # nonzero status). Useful since a few recipes use shell redirection. + .DELETE_ON_ERROR: + ++# include secure partition make file and manifest file ++ifdef CFG_SP_MKFILE_PATH ++ifdef CFG_EMBED_DTB_SOURCE_FILE ++include $(CFG_SP_MKFILE_PATH) ++$(info Loading secure partitions manifest ${CFG_EMBED_DTB_SOURCE_FILE}) ++CFG_EMBED_DTB_SOURCE_FILE :=${CFG_EMBED_DTB_SOURCE_FILE} ++OPTEE_OS_COMMON_EXTRA_FLAGS+=${CFG_EMBED_DTB_SOURCE_FILE} ++endif ++endif ++ + include mk/checkconf.mk + + .PHONY: all +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0004-plat-corstone1000-increase-OPTEE-core-heap-size.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0004-plat-corstone1000-increase-OPTEE-core-heap-size.patch new file mode 100644 index 0000000000..42babb16f5 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0004-plat-corstone1000-increase-OPTEE-core-heap-size.patch @@ -0,0 +1,29 @@ +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> + +From 5fdf7792ead29784718d30d8a8a5383a994e2fef Mon Sep 17 00:00:00 2001 +From: Vishnu Banavath <vishnu.banavath@arm.com> +Date: Thu, 2 Dec 2021 12:51:11 +0000 +Subject: [PATCH] plat-corstone1000: increase OPTEE core heap size + +This change is to increase optee core heap size to 131072 +from its default value to fit openAMP and smm-gateway +in SEL0 + +Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> + +diff --git a/core/arch/arm/plat-corstone1000/conf.mk b/core/arch/arm/plat-corstone1000/conf.mk +index 7a4aa13c..65d652a4 100644 +--- a/core/arch/arm/plat-corstone1000/conf.mk ++++ b/core/arch/arm/plat-corstone1000/conf.mk +@@ -31,6 +31,7 @@ CFG_DDR_SIZE ?= 0x80000000 + CFG_DT_ADDR ?= 0x82100000 + CFG_DTB_MAX_SIZE ?= 0x100000 + ++CFG_CORE_HEAP_SIZE ?= 131072 + $(call force,CFG_PSCI_ARM64,y) + $(call force,CFG_DT,y) + $(call force,CFG_EXTERNAL_DTB_OVERLAY,y) +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0005-Fix-add-missing-error-check-during-SP-init.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0005-Fix-add-missing-error-check-during-SP-init.patch new file mode 100644 index 0000000000..852067bc2f --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0005-Fix-add-missing-error-check-during-SP-init.patch @@ -0,0 +1,40 @@ +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> + +From 4617f85b70c7e4206b244f3eaffdc62ac3744a17 Mon Sep 17 00:00:00 2001 +From: Jelle Sels <jelle.sels@arm.com> +Date: Mon, 10 May 2021 11:37:23 +0200 +Subject: [PATCH] Fix: add missing error check during SP init + +Error checking during SP initialization (sp_init_uuid()) was lacking. +As a result an out of CORE HEAP situation resulted in a panic. This was +due to lack of memory in the inflate() function of zlib. + +Signed-off-by: Jelle Sels <jelle.sels@arm.com> +Change-Id: I287e2e2dd507feb45991b32ed264b3b6ad6fcd39 + +diff --git a/core/arch/arm/kernel/sp.c b/core/arch/arm/kernel/sp.c +index 4acbc2e2..23532a01 100644 +--- a/core/arch/arm/kernel/sp.c ++++ b/core/arch/arm/kernel/sp.c +@@ -383,10 +383,14 @@ static TEE_Result __attribute__((unused)) sp_init_uuid(const TEE_UUID *uuid) + cancel_req_to, + ¶m); + +- args.a0 = sp_get_session(sess->id)->sp_regs.x[0]; +- sp_thread(sess->id, FFA_NW_ID, &args); ++ if (res == TEE_SUCCESS) { ++ args.a0 = sp_get_session(sess->id)->sp_regs.x[0]; ++ sp_thread(sess->id, FFA_NW_ID, &args); + +- thread_spmc_msg_recv(&args, sess->id); ++ thread_spmc_msg_recv(&args, sess->id); ++ } else { ++ EMSG("SP initialization failed, try increasing CFG_CORE_HEAP_SIZE"); ++ } + + return res; + } +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/sp_manifest_combined_se.dts b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/sp_manifest_combined_se.dts new file mode 100644 index 0000000000..b09018eee5 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/sp_manifest_combined_se.dts @@ -0,0 +1,62 @@ +/* +* Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. +* +* SPDX-License-Identifier: BSD-3-Clause +*/ + +/dts-v1/; + +/ { + se-proxy{ + compatible = "arm,ffa-manifest-1.0"; + ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */ + uuid = <0x46bb39d1 0xb4d945b5 0x88ff0400 0x27dab249>; + description = "SE Proxy"; + execution-ctx-count = <1>; + exception-level = <1>; /* S-EL0 */ + execution-state = <0>; /* AArch64 */ + xlat-granule = <0>; /* 4KiB */ + messaging-method = <0>; /* Direct messaging only */ + device-regions { + compatible = "arm,ffa-manifest-device-regions"; + mhu-sender { + /* Armv8 A Foundation Platform values */ + base-address = <0x00000000 0x1b820000>; + pages-count = <16>; + attributes = <0x3>; /* read-write */ + }; + mhu-receiver { + /* Armv8 A Foundation Platform values */ + base-address = <0x00000000 0x1b830000>; + pages-count = <16>; + attributes = <0x3>; /* read-write */ + }; + openamp-virtio { + /* Armv8 A Foundation Platform values */ + base-address = <0x00000000 0x88000000>; + pages-count = <256>; + attributes = <0x3>; /* read-write */ + }; + }; + }; + smm-gateway{ + compatible = "arm,ffa-manifest-1.0"; + ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */ + uuid = <0xed32d533 0x99e64209 0x9cc02d72 0xcdd998a7>; + description = "SMM Gateway"; + execution-ctx-count = <1>; + exception-level = <1>; /* S-EL0 */ + execution-state = <0>; /* AArch64 */ + xlat-granule = <0>; /* 4KiB */ + messaging-method = <0>; /* Direct messaging only */ + device-regions { + compatible = "arm,ffa-manifest-device-regions"; + mm-comm-buffer { + /* Armv8 A Foundation Platform values */ + base-address = <0x00000000 0x02000000>; + pages-count = <1>; + attributes = <0x3>; /* read-write */ + }; + }; + }; +}; diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0001-WIP-Enable-managed-exit.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0001-WIP-Enable-managed-exit.patch new file mode 100644 index 0000000000..3a21b39a38 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0001-WIP-Enable-managed-exit.patch @@ -0,0 +1,124 @@ +From 14b84786e85483bf3c737ef8b392204e307c0ff1 Mon Sep 17 00:00:00 2001 +From: Olivier Deprez <olivier.deprez@arm.com> +Date: Mon, 16 Nov 2020 10:14:02 +0100 +Subject: [PATCH] WIP: Enable managed exit + +This change declares OP-TEE SP as supporting managed exit in response to +a NS interrupt triggering while the SWd runs. + +At init OP-TEE enables (HF_INTERRUPT_ENABLE) the managed exit virtual +interrupt through the Hafnium para-virtualized interface. + +Physical interrupts are trapped to the SPMC which injects a managed exit +interrupt to OP-TEE. The managed exit interrupt is acknowledged by +OP-TEE by HF_INTERUPT_GET hvc call. + +Note: this code change is meant with in mind the SPMC runs at SEL2. It +needs slight refactoring such that it does not break the SEL1 SPMC +configuration. + +Change-Id: I9a95f36cf517c11048ff04680007f40259c4f636 +Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> +Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com> + +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com> +--- + core/arch/arm/kernel/boot.c | 12 ++++++++++++ + core/arch/arm/kernel/thread_a64.S | 11 ++++++++++- + core/arch/arm/kernel/thread_spmc.c | 11 +++++++++++ + .../arm/plat-totalcompute/fdts/optee_sp_manifest.dts | 2 +- + 4 files changed, 34 insertions(+), 2 deletions(-) + +diff --git a/core/arch/arm/kernel/boot.c b/core/arch/arm/kernel/boot.c +index 09c1b811..d130107f 100644 +--- a/core/arch/arm/kernel/boot.c ++++ b/core/arch/arm/kernel/boot.c +@@ -1279,6 +1279,18 @@ static void init_secondary_helper(unsigned long nsec_entry) + init_vfp_sec(); + init_vfp_nsec(); + ++ /* Enable managed exit interrupt for secondary core. */ ++ __asm__ volatile ( ++ "mov x0, %0;" ++ "mov x1, %1;" ++ "mov x2, %2;" ++ "mov x3, %3;" ++ "hvc #0" ++ : : "i" (0xff03), "i" (4), "i" (1), "i" (1)); ++ ++ IMSG("%s core %lu: enabled managed exit interrupt.", ++ __func__, get_core_pos()); ++ + IMSG("Secondary CPU %zu switching to normal world boot", get_core_pos()); + } + +diff --git a/core/arch/arm/kernel/thread_a64.S b/core/arch/arm/kernel/thread_a64.S +index 3e0f5115..63bf396a 100644 +--- a/core/arch/arm/kernel/thread_a64.S ++++ b/core/arch/arm/kernel/thread_a64.S +@@ -904,6 +904,14 @@ END_FUNC el0_sync_abort + bl dcache_op_louis + ic iallu + #endif ++ ++ /* HF_INTERRUPT_GET */ ++ mov x0, #0xff04 ++ hvc #0 ++ /* Expect managed exit interrupt */ ++ cmp x0, #4 ++ bne . ++ + /* + * Mark current thread as suspended + */ +@@ -1021,8 +1029,9 @@ LOCAL_FUNC elx_irq , : + #endif + END_FUNC elx_irq + ++#define HF_MANAGED_EXIT 1 + LOCAL_FUNC elx_fiq , : +-#if defined(CFG_ARM_GICV3) ++#if defined(CFG_ARM_GICV3) || defined (HF_MANAGED_EXIT) + foreign_intr_handler fiq + #else + native_intr_handler fiq +diff --git a/core/arch/arm/kernel/thread_spmc.c b/core/arch/arm/kernel/thread_spmc.c +index bd7930e7..89ff82bc 100644 +--- a/core/arch/arm/kernel/thread_spmc.c ++++ b/core/arch/arm/kernel/thread_spmc.c +@@ -1394,6 +1394,17 @@ static TEE_Result spmc_init(void) + my_endpoint_id = spmc_get_id(); + DMSG("My endpoint ID %#x", my_endpoint_id); + ++ /* Enable managed exit interrupt for boot core. */ ++ __asm__ volatile ( ++ "mov x0, %0;" ++ "mov x1, %1;" ++ "mov x2, %2;" ++ "mov x3, %3;" ++ "hvc #0" ++ : : "i" (0xff03), "i" (4), "i" (1), "i" (1)); ++ ++ IMSG("%s enabled managed exit interrupt.", __func__); ++ + return TEE_SUCCESS; + } + #endif /*CFG_CORE_SEL2_SPMC*/ +diff --git a/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts b/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts +index 4b8b3681..04847c4d 100644 +--- a/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts ++++ b/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts +@@ -23,7 +23,8 @@ + entrypoint-offset = <0x1000>; + xlat-granule = <0>; /* 4KiB */ + boot-order = <0>; +- messaging-method = <0>; /* Direct messaging only */ ++ messaging-method = <3>; /* Direct request/response supported */ ++ managed-exit; /* Managed exit supported */ + + device-regions { + compatible = "arm,ffa-manifest-device-regions"; +-- +2.29.2 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0002-ffa-Update-function-ID-according-to-FFA-v1.1-spec.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0002-ffa-Update-function-ID-according-to-FFA-v1.1-spec.patch new file mode 100644 index 0000000000..44138cbecb --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0002-ffa-Update-function-ID-according-to-FFA-v1.1-spec.patch @@ -0,0 +1,29 @@ +From 3a240f6b6c58d70471fd0752b8854c43c7c4df72 Mon Sep 17 00:00:00 2001 +From: Usama Arif <usama.arif@arm.com> +Date: Wed, 11 Aug 2021 11:00:52 +0100 +Subject: [PATCH 2/2] ffa: Update function ID according to FFA v1.1 spec + +This updates function ID FFA_SECONDARY_EP_REGISTER_64. + +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Usama Arif <usama.arif@arm.com> +--- + core/arch/arm/include/ffa.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/core/arch/arm/include/ffa.h b/core/arch/arm/include/ffa.h +index 20a009ca..b0d68173 100644 +--- a/core/arch/arm/include/ffa.h ++++ b/core/arch/arm/include/ffa.h +@@ -69,7 +69,7 @@ + #define FFA_MEM_RECLAIM U(0x84000077) + #define FFA_MEM_FRAG_RX U(0x8400007A) + #define FFA_MEM_FRAG_TX U(0x8400007B) +-#define FFA_SECONDARY_EP_REGISTER_64 U(0xC4000084) ++#define FFA_SECONDARY_EP_REGISTER_64 U(0xC4000087) + + /* Special value for traffic targeted to the Hypervisor or SPM */ + #define FFA_TARGET_INFO_MBZ U(0x0) +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0003-Fix-optee-UUID.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0003-Fix-optee-UUID.patch new file mode 100644 index 0000000000..5374c02138 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0003-Fix-optee-UUID.patch @@ -0,0 +1,27 @@ +From 37fd6f3c18015bcad2c099bf9269e72140e55557 Mon Sep 17 00:00:00 2001 +From: Davidson K <davidson.kumaresan@arm.com> +Date: Wed, 12 Jan 2022 17:14:03 +0530 +Subject: [PATCH] Fix optee UUID + +Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/commit/a9a8e483b6ff7f6e40c5ed95310a18e0bd1993c3#diff-2a310f8cc43d961b2efc05ac1619521653ba8977ff5e6dc5bb89754fd60fe954] +Signed-off-by: Davidson K <davidson.kumaresan@arm.com> +--- + core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts b/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts +index 04847c4d..3b76fc7d 100644 +--- a/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts ++++ b/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts +@@ -14,7 +14,7 @@ + /* Properties */ + description = "op-tee"; + ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */ +- uuid = <0x486178e0 0xe7f811e3 0xbc5e0002 0xa5d5c51b>; ++ uuid = <0xe0786148 0xe311f8e7 0x02005ebc 0x1bc5d5a5>; + id = <1>; + execution-ctx-count = <8>; + exception-level = <2>; /* S-EL1 */ +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0004-plat-totalcompute-add-support-for-higher-DRAM.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0004-plat-totalcompute-add-support-for-higher-DRAM.patch new file mode 100644 index 0000000000..293ea7d0ce --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0004-plat-totalcompute-add-support-for-higher-DRAM.patch @@ -0,0 +1,60 @@ +From 7fb6d720a285b6135a9247b2adde833ea90e2549 Mon Sep 17 00:00:00 2001 +From: Usama Arif <usama.arif@arm.com> +Date: Mon, 27 Sep 2021 19:58:56 +0100 +Subject: [PATCH] plat-totalcompute: add support for higher DRAM + +The new 6GB DRAM bank starts at 0x8080000000. + +Signed-off-by: Usama Arif <usama.arif@arm.com> +Acked-by: Jens Wiklander <jens.wiklander@linaro.org> + +Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/commit/6d8430f943e091282849b188fbc0847c159e5de4] +Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com> +--- + core/arch/arm/plat-totalcompute/conf.mk | 2 ++ + core/arch/arm/plat-totalcompute/main.c | 1 + + core/arch/arm/plat-totalcompute/platform_config.h | 3 +++ + 3 files changed, 6 insertions(+) + +diff --git a/core/arch/arm/plat-totalcompute/conf.mk b/core/arch/arm/plat-totalcompute/conf.mk +index 558b7889..e894b1e1 100644 +--- a/core/arch/arm/plat-totalcompute/conf.mk ++++ b/core/arch/arm/plat-totalcompute/conf.mk +@@ -24,6 +24,8 @@ platform-cflags-debug-info = -gdwarf-2 + platform-aflags-debug-info = -gdwarf-2 + endif + ++$(call force,CFG_CORE_ARM64_PA_BITS,40) ++ + ifneq (,$(filter ${PLATFORM_FLAVOR},tc0 tc1)) + CFG_TEE_CORE_NB_CORE = 8 + +diff --git a/core/arch/arm/plat-totalcompute/main.c b/core/arch/arm/plat-totalcompute/main.c +index 42acf8dd..eab237bf 100644 +--- a/core/arch/arm/plat-totalcompute/main.c ++++ b/core/arch/arm/plat-totalcompute/main.c +@@ -27,6 +27,7 @@ register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICD_BASE, GIC_DIST_REG_SIZE); + #endif + + register_ddr(DRAM0_BASE, DRAM0_SIZE); ++register_ddr(DRAM1_BASE, DRAM1_SIZE); + + #ifndef CFG_CORE_SEL2_SPMC + void main_init_gic(void) +diff --git a/core/arch/arm/plat-totalcompute/platform_config.h b/core/arch/arm/plat-totalcompute/platform_config.h +index 4255abca..b474a899 100644 +--- a/core/arch/arm/plat-totalcompute/platform_config.h ++++ b/core/arch/arm/plat-totalcompute/platform_config.h +@@ -26,6 +26,9 @@ + #define DRAM0_BASE 0x80000000 + #define DRAM0_SIZE 0x7d000000 + ++#define DRAM1_BASE 0x8080000000ULL ++#define DRAM1_SIZE 0x180000000ULL ++ + #define TZCDRAM_BASE 0xff000000 + #define TZCDRAM_SIZE 0x01000000 + +-- +2.30.2 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/sp_layout.json b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/sp_layout.json new file mode 100644 index 0000000000..d37d90283e --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/sp_layout.json @@ -0,0 +1,6 @@ +{ + "op-tee" : { + "image": "tee-pager_v2.bin", + "pm": "optee_sp_manifest.dts" + } +} diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-test/tc/0001-xtest-Limit-tests-to-a-single-thread.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-test/tc/0001-xtest-Limit-tests-to-a-single-thread.patch new file mode 100644 index 0000000000..370a81c1d5 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-test/tc/0001-xtest-Limit-tests-to-a-single-thread.patch @@ -0,0 +1,55 @@ +From 73bef38c5697cd6bd3ddbe9046681087f4f6454e Mon Sep 17 00:00:00 2001 +From: Ben Horgan <ben.horgan@arm.com> +Date: Thu, 27 Jan 2022 10:33:04 +0000 +Subject: [PATCH] xtest: Limit tests to a single thread + +Signed-off-by: Ben Horgan <ben.horgan@arm.com> +Upstream-Status: Inappropriate [Workaround for intermittent failures] +--- + host/xtest/regression_1000.c | 2 +- + host/xtest/regression_2000.c | 2 +- + host/xtest/regression_6000.c | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/host/xtest/regression_1000.c b/host/xtest/regression_1000.c +index 9ee9d02..82d1def 100644 +--- a/host/xtest/regression_1000.c ++++ b/host/xtest/regression_1000.c +@@ -1080,7 +1080,7 @@ static void *test_1013_thread(void *arg) + return NULL; + } + +-#define NUM_THREADS 3 ++#define NUM_THREADS 1 + + static void xtest_tee_test_1013_single(ADBG_Case_t *c, double *mean_concurrency, + const TEEC_UUID *uuid) +diff --git a/host/xtest/regression_2000.c b/host/xtest/regression_2000.c +index 0591a42..a9f4b95 100644 +--- a/host/xtest/regression_2000.c ++++ b/host/xtest/regression_2000.c +@@ -499,7 +499,7 @@ out: + return NULL; + } + +-#define NUM_THREADS 3 ++#define NUM_THREADS 1 + + static void xtest_tee_test_2002(ADBG_Case_t *c) + { +diff --git a/host/xtest/regression_6000.c b/host/xtest/regression_6000.c +index ca1c254..d67ea7f 100644 +--- a/host/xtest/regression_6000.c ++++ b/host/xtest/regression_6000.c +@@ -1568,7 +1568,7 @@ exit: + } + + +-#define NUM_THREADS 4 ++#define NUM_THREADS 1 + static void xtest_tee_test_6016_loop(ADBG_Case_t *c, uint32_t storage_id) + { + struct test_6016_thread_arg arg[NUM_THREADS] = { }; +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-generic-tc.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-generic-tc.inc new file mode 100644 index 0000000000..eeaa59a056 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-generic-tc.inc @@ -0,0 +1,21 @@ +# Total Compute (tc) specific configuration for optee-os and optee-os-tadevkit + +# Intermediate SHA with 3.14 baseline version +# This has TC0 and TC1 platform support +SRCREV = "e4f34e786135079160697d88212591105a65fbce" +PV = "3.14.0+git${SRCPV}" + +FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/tc:" +SRC_URI:append:tc = " \ + file://sp_layout.json \ + file://0001-WIP-Enable-managed-exit.patch \ + file://0002-ffa-Update-function-ID-according-to-FFA-v1.1-spec.patch \ + file://0003-Fix-optee-UUID.patch \ + file://0004-plat-totalcompute-add-support-for-higher-DRAM.patch \ + " + +COMPATIBLE_MACHINE = "(tc?)" + +OPTEEMACHINE:tc0 = "totalcompute-tc0" +OPTEEMACHINE:tc1 = "totalcompute-tc1" + diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend new file mode 100644 index 0000000000..6a22d47ef1 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend @@ -0,0 +1,6 @@ +# Machine specific configurations + +MACHINE_OPTEE_OS_TADEVKIT_REQUIRE ?= "" +MACHINE_OPTEE_OS_TADEVKIT_REQUIRE:tc = "optee-os-generic-tc.inc" + +require ${MACHINE_OPTEE_OS_TADEVKIT_REQUIRE} diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tc.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tc.inc new file mode 100644 index 0000000000..793665222b --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tc.inc @@ -0,0 +1,23 @@ +# TC0 specific configuration + +require optee-os-generic-tc.inc + +# Enable optee memory layout and boot logs +EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=3" + +# default disable latency benchmarks (over all OP-TEE layers) +EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n" + +# Enable stats +EXTRA_OEMAKE += " CFG_WITH_STATS=y" + +EXTRA_OEMAKE += " CFG_CORE_SEL2_SPMC=y" + +# Copy optee manifest file +do_install:append() { + install -d ${D}${nonarch_base_libdir}/firmware/ + install -m 644 ${WORKDIR}/sp_layout.json ${D}${nonarch_base_libdir}/firmware/ + install -m 644 \ + ${S}/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts \ + ${D}${nonarch_base_libdir}/firmware/ +} diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend new file mode 100644 index 0000000000..7834b64bf9 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend @@ -0,0 +1,7 @@ +# Machine specific configurations + +MACHINE_OPTEE_OS_REQUIRE ?= "" +MACHINE_OPTEE_OS_REQUIRE:corstone1000 = "optee-os_corstone1000.inc" +MACHINE_OPTEE_OS_REQUIRE:tc = "optee-os-tc.inc" + +require ${MACHINE_OPTEE_OS_REQUIRE} diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000.inc new file mode 100644 index 0000000000..eb5f6df0b5 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000.inc @@ -0,0 +1,20 @@ +require optee-os_corstone1000_common.inc + +DEPENDS += " secure-partitions" +EXTRA_OEMAKE +="'SP_PACKAGING_METHOD=embedded'" + +TS_INSTALL_PREFIX_PATH="${RECIPE_SYSROOT}/firmware/sp/opteesp" +EXTRA_OEMAKE += "'TS_INSTALL_PREFIX=${TS_INSTALL_PREFIX_PATH}'" + +# se-proxy secure partition +SP_MKFILE_PATH="${TS_INSTALL_PREFIX}/lib/make/se-proxy.mk" + +# smm-gateway secure partition +SP_MKFILE_PATH += "${TS_INSTALL_PREFIX}/lib/make/smm-gateway.mk" + +EXTRA_OEMAKE += "'CFG_SP_MKFILE_PATH=${SP_MKFILE_PATH}'" + +EXTRA_OEMAKE += "CFG_EMBED_DTB_SOURCE_FILE=${EMBED_DTB_SOURCE_FILE}" + +SRC_URI:append = " file://sp_manifest_combined_se.dts;" +EMBED_DTB_SOURCE_FILE = "${WORKDIR}/sp_manifest_combined_se.dts" diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000_common.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000_common.inc new file mode 100644 index 0000000000..9f372413a3 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000_common.inc @@ -0,0 +1,31 @@ +SRC_URI = "git://git.trustedfirmware.org/OP-TEE/optee_os.git;protocol=https;branch=psa-development" +SRCREV = "f9de2c9520ed97b89760cc4c99424aae440b63f4" +PV = "3.10.0+git${SRCPV}" + +DEPENDS += "python3-pycryptodomex-native dtc-native" + +FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/corstone1000:" + +SRC_URI:append = " \ + file://0001-plat-corstone1000-add-corstone1000-platform.patch \ + file://0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch \ + file://0003-plat-corstone1000-add-a-rule-in-Makefile-to-SP_MAKEF.patch \ + file://0004-plat-corstone1000-increase-OPTEE-core-heap-size.patch \ + file://0005-Fix-add-missing-error-check-during-SP-init.patch \ + " + +COMPATIBLE_MACHINE = "corstone1000" + +OPTEEMACHINE = "corstone1000" +# Enable optee memory layout and boot logs +EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4" + +# default disable latency benchmarks (over all OP-TEE layers) +EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n" + +EXTRA_OEMAKE += " CFG_CORE_SEL1_SPMC=y CFG_CORE_FFA=y" + +EXTRA_OEMAKE += " CFG_WITH_SP=y" + +EXTRA_OEMAKE += " HOST_PREFIX=${HOST_PREFIX}" +EXTRA_OEMAKE += " CROSS_COMPILE64=${HOST_PREFIX}" diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_corstone1000.inc new file mode 100644 index 0000000000..363b0ed1b0 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_corstone1000.inc @@ -0,0 +1 @@ +require optee-os_corstone1000_common.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_git.bbappend new file mode 100644 index 0000000000..13e109cb6a --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_git.bbappend @@ -0,0 +1,6 @@ +# Machine specific configurations + +MACHINE_OPTEE_SPDEVKIT_REQUIRE ?= "" +MACHINE_OPTEE_SPDEVKIT_REQUIRE:corstone1000 = "optee-spdevkit_corstone1000.inc" + +require ${MACHINE_OPTEE_SPDEVKIT_REQUIRE} diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test-tc.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test-tc.inc new file mode 100644 index 0000000000..af73675348 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test-tc.inc @@ -0,0 +1,8 @@ +# TC specific configuration + +FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-test/tc:" +SRC_URI:append:tc = " \ + file://0001-xtest-Limit-tests-to-a-single-thread.patch \ + " + +COMPATIBLE_MACHINE = "(tc?)" diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend new file mode 100644 index 0000000000..490b350049 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend @@ -0,0 +1,6 @@ +# Machine specific configurations + +MACHINE_OPTEE_TEST_REQUIRE ?= "" +MACHINE_OPTEE_TEST_REQUIRE:tc = "optee-test-tc.inc" + +require ${MACHINE_OPTEE_TEST_REQUIRE} |