diff options
271 files changed, 9512 insertions, 19385 deletions
diff --git a/meta-arm/.gitlab-ci.yml b/meta-arm/.gitlab-ci.yml index 1fb21f60f4..7474e24718 100644 --- a/meta-arm/.gitlab-ci.yml +++ b/meta-arm/.gitlab-ci.yml @@ -126,12 +126,6 @@ juno: - TOOLCHAINS: [gcc, clang] FIRMWARE: [uboot, edk2] -microbit-v1: - extends: .build - parallel: - matrix: - - TESTING: testimage-zephyr - musca-b1: extends: .build @@ -144,18 +138,6 @@ n1sdp: matrix: - TOOLCHAINS: [gcc, armgcc] -qemu-cortex-a53: - extends: .build - -qemu-cortex-m3: - extends: .build - parallel: - matrix: - - TESTING: testimage-zephyr - -qemu-cortex-r5: - extends: .build - qemu-generic-arm64: extends: .build parallel: diff --git a/meta-arm/ci/base.yml b/meta-arm/ci/base.yml index eff466ed8b..3f644c1e7f 100644 --- a/meta-arm/ci/base.yml +++ b/meta-arm/ci/base.yml @@ -38,14 +38,8 @@ local_conf_header: PACKAGECONFIG:append:pn-perf = " coresight" INHERIT += "rm_work" DISTRO_FEATURES:remove = "ptest" - kvm: | - QEMU_USE_KVM = "" perf: | CORE_IMAGE_EXTRA_INSTALL += "perf" - sshkeys: | - CORE_IMAGE_EXTRA_INSTALL += "ssh-pregen-hostkeys" - universally_failing_tests: | - TEST_SUITES:remove = "opkg" machine: unset diff --git a/meta-arm/ci/microbit-v1.yml b/meta-arm/ci/microbit-v1.yml deleted file mode 100644 index b850148650..0000000000 --- a/meta-arm/ci/microbit-v1.yml +++ /dev/null @@ -1,7 +0,0 @@ -header: - version: 11 - includes: - - ci/base.yml - - ci/meta-zephyr.yml - -machine: microbit-v1 diff --git a/meta-arm/ci/qemu-cortex-a53.yml b/meta-arm/ci/qemu-cortex-a53.yml deleted file mode 100644 index 3eec5801e4..0000000000 --- a/meta-arm/ci/qemu-cortex-a53.yml +++ /dev/null @@ -1,9 +0,0 @@ -header: - version: 11 - includes: - - ci/base.yml - - ci/meta-zephyr.yml - -# FIXME - testimage fails all tests currently, but all the tests build - -machine: qemu-cortex-a53 diff --git a/meta-arm/ci/qemu-cortex-m3.yml b/meta-arm/ci/qemu-cortex-m3.yml deleted file mode 100644 index f45cb9e15c..0000000000 --- a/meta-arm/ci/qemu-cortex-m3.yml +++ /dev/null @@ -1,20 +0,0 @@ -header: - version: 11 - includes: - - ci/base.yml - - ci/meta-zephyr.yml - -repos: - meta-zephyr: - layers: - meta-zephyr-bsp: - -local_conf_header: - tclibc: | - TCLIBC = "newlib" - nonbuilding_tests: | - ZEPHYRTESTS:remove = "common context pending poll sleep" - qemu_opts: | - QB_OPT_APPEND = "-icount shift=3,align=off,sleep=on -rtc clock=vm" - -machine: qemu-cortex-m3 diff --git a/meta-arm/ci/qemu-cortex-r5.yml b/meta-arm/ci/qemu-cortex-r5.yml deleted file mode 100644 index cfcb7b9396..0000000000 --- a/meta-arm/ci/qemu-cortex-r5.yml +++ /dev/null @@ -1,11 +0,0 @@ -header: - version: 11 - includes: - - ci/base.yml - - ci/meta-zephyr.yml - -local_conf_header: - nonbuilding_tests: | - ZEPHYRTESTS:remove = "common poll sleep queue device" - -machine: qemu-cortex-r5 diff --git a/meta-arm/ci/testimage.yml b/meta-arm/ci/testimage.yml index a26dcaf9b2..d7de7d061c 100644 --- a/meta-arm/ci/testimage.yml +++ b/meta-arm/ci/testimage.yml @@ -5,9 +5,15 @@ local_conf_header: testimage: | IMAGE_CLASSES += "testimage" TESTIMAGE_AUTO = "1" + kvm: | + QEMU_USE_KVM = "" slirp: | TEST_RUNQEMUPARAMS = "slirp" TEST_SERVER_IP = "127.0.0.1" QEMU_USE_SLIRP = "1" sshd: | IMAGE_FEATURES:append = " ssh-server-dropbear" + sshkeys: | + CORE_IMAGE_EXTRA_INSTALL += "ssh-pregen-hostkeys" + universally_failing_tests: | + TEST_SUITES:remove = "opkg" diff --git a/meta-arm/documentation/runfvp.md b/meta-arm/documentation/runfvp.md index c792f4e082..01b136934b 100644 --- a/meta-arm/documentation/runfvp.md +++ b/meta-arm/documentation/runfvp.md @@ -116,6 +116,14 @@ Arbitrary extra arguments that are passed directly to the FVP. For example: FVP_EXTRA_ARGS = "--simlimit 60" ``` +### `FVP_ENV_PASSTHROUGH` + +The FVP is launched with an isolated set of environment variables. Add the name of a Bitbake variable to this list to pass it through to the FVP environment. For example: + +``` +FVP_ENV_PASSTHROUGH = "ARMLMD_LICENSE_FILE FM_TRACE_PLUGINS" +``` + [AEM]: https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms/arm-ecosystem-models [FVP]: https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms diff --git a/meta-arm/meta-arm-bsp/conf/layer.conf b/meta-arm/meta-arm-bsp/conf/layer.conf index a1e22c0602..3df56136e1 100644 --- a/meta-arm/meta-arm-bsp/conf/layer.conf +++ b/meta-arm/meta-arm-bsp/conf/layer.conf @@ -9,7 +9,7 @@ BBFILE_COLLECTIONS += "meta-arm-bsp" BBFILE_PATTERN_meta-arm-bsp = "^${LAYERDIR}/" BBFILE_PRIORITY_meta-arm-bsp = "5" -LAYERSERIES_COMPAT_meta-arm-bsp = "kirkstone" +LAYERSERIES_COMPAT_meta-arm-bsp = "langdale" LAYERDEPENDS_meta-arm-bsp = "core meta-arm" # This won't be used by layerindex-fetch, but works everywhere else diff --git a/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf b/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf index e79373ded6..4433f8bd3a 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf @@ -33,6 +33,9 @@ FVP_CONFIG[se.nvm.update_raw_image] ?= "0" # Boot image FVP_DATA ?= "board.flash0=${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.wic.nopt@0x68100000" +# External system (cortex-M3) +FVP_CONFIG[extsys_harness0.extsys_flashloader.fname] ?= "${DEPLOY_DIR_IMAGE}/es_flashfw.bin" + # FVP Terminals FVP_TERMINALS[host.host_terminal_0] ?= "Normal World Console" FVP_TERMINALS[host.host_terminal_1] ?= "Secure World Console" diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-base-arm32.conf b/meta-arm/meta-arm-bsp/conf/machine/fvp-base-arm32.conf index 7343aed6d3..d3452b74ae 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/fvp-base-arm32.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/fvp-base-arm32.conf @@ -4,7 +4,7 @@ #@NAME: Armv7-A Base Platform FVP machine #@DESCRIPTION: Machine configuration for Armv7-A Base Platform FVP model -require conf/machine/fvp-common.inc +require conf/machine/include/fvp-common.inc require conf/machine/include/arm/arch-armv7a.inc # FVP u-boot configuration diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf index 04ec112053..320e22ce89 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf +++ b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf @@ -4,7 +4,7 @@ #@NAME: Armv8-A Base Platform FVP machine #@DESCRIPTION: Machine configuration for Armv8-A Base Platform FVP model -require conf/machine/fvp-common.inc +require conf/machine/include/fvp-common.inc require conf/machine/include/arm/arch-armv8a.inc TUNE_FEATURES = "aarch64" diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc index ec48222956..e4ef06846b 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc +++ b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc @@ -18,7 +18,7 @@ TFA_BL2_RE_SIGN_BIN_SIZE = "0x2d000" TFA_FIP_RE_IMAGE_LOAD_ADDRESS = "0x68130000" TFA_FIP_RE_SIGN_BIN_SIZE = "0x00200000" RE_LAYOUT_WRAPPER_VERSION = "0.0.7" -TFM_SIGN_PRIVATE_KEY = "${S}/bl2/ext/mcuboot/root-RSA-3072_1.pem" +TFM_SIGN_PRIVATE_KEY = "${libdir}/tfm-scripts/root-RSA-3072_1.pem" RE_IMAGE_OFFSET = "0x1000" # u-boot @@ -33,15 +33,19 @@ UBOOT_BOOTARGS = "earlycon=pl011,0x1a510000 console=ttyAMA0 loglevel=9" UBOOT_ARCH = "arm" UBOOT_EXTLINUX = "0" -# optee -PREFERRED_VERSION_optee-os ?= "3.10.%" -PREFERRED_VERSION_optee-client ?= "3.14.%" +#optee +PREFERRED_VERSION_optee-os ?= "3.18.%" +PREFERRED_VERSION_optee-client ?= "3.18.%" EXTRA_IMAGEDEPENDS += "optee-os" OPTEE_ARCH = "arm64" OPTEE_BINARY = "tee-pager_v2.bin" -# Trusted Services(TS) -EXTRA_IMAGEDEPENDS += "secure-partitions" +# Include smm-gateway and se-proxy SPs into optee-os binary +MACHINE_FEATURES += "ts-smm-gateway ts-se-proxy" +TS_PLATFORM = "arm/corstone1000" + +# External System(Cortex-M3) +EXTRA_IMAGEDEPENDS += "external-system" # Linux kernel PREFERRED_PROVIDER_virtual/kernel:forcevariable = "linux-yocto" @@ -53,6 +57,12 @@ INITRAMFS_IMAGE_BUNDLE ?= "1" #telling the build system which image is responsible of the generation of the initramfs rootfs INITRAMFS_IMAGE = "corstone1000-initramfs-image" +# add FF-A support in the kernel +MACHINE_FEATURES += "arm-ffa" + +# prevent the kernel image from being included in the intramfs rootfs +PACKAGE_EXCLUDE = "kernel-image-*" + # enable this feature for kernel debugging # MACHINE_FEATURES += "corstone1000_kernel_debug" diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-common.inc b/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc index c834f24d60..c834f24d60 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/fvp-common.inc +++ b/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/tc.inc b/meta-arm/meta-arm-bsp/conf/machine/include/tc.inc index 88eda556eb..d1fe97d82f 100644 --- a/meta-arm/meta-arm-bsp/conf/machine/include/tc.inc +++ b/meta-arm/meta-arm-bsp/conf/machine/include/tc.inc @@ -26,9 +26,9 @@ PREFERRED_PROVIDER_virtual/kernel ?= "linux-arm64-ack" PREFERRED_VERSION_linux-arm64-ack ?= "5.10" # OP-TEE -PREFERRED_VERSION_optee-os ?= "3.14%" -PREFERRED_VERSION_optee-client ?= "3.14%" -PREFERRED_VERSION_optee-test ?= "3.14%" +PREFERRED_VERSION_optee-os ?= "3.18%" +PREFERRED_VERSION_optee-client ?= "3.18%" +PREFERRED_VERSION_optee-test ?= "3.18%" # Cannot use the default zImage on arm64 KERNEL_IMAGETYPE = "Image" diff --git a/meta-arm/meta-arm-bsp/conf/machine/qemu-cortex-r5.conf b/meta-arm/meta-arm-bsp/conf/machine/qemu-cortex-r5.conf deleted file mode 100644 index 5a0ea69b7e..0000000000 --- a/meta-arm/meta-arm-bsp/conf/machine/qemu-cortex-r5.conf +++ /dev/null @@ -1,22 +0,0 @@ -#@TYPE: Machine -#@NAME: qemu_cortex_r5 -#@DESCRIPTION: Machine for Zephyr BOARD qemu_cortex_r5 - -require conf/machine/include/qemu.inc -require conf/machine/include/arm/armv7r/tune-cortexr5.inc - -# GLIBC will not work with Cortex-R. -TCLIBC = "newlib" - -# For runqemu -QB_SYSTEM_NAME = "qemu-system-aarch64" -QB_MACHINE = "-machine xlnx-zcu102" -QB_CPU = "-cpu cortex-r5" -QB_MEM = "-m 64k" -QB_GRAPHICS = "-nographic -vga none" -QB_RNG = "" - -# Zephyr RTOS settings -ZEPHYR_BOARD = "qemu_cortex_r5" -ZEPHYR_INHERIT_CLASSES += "zephyr-qemuboot" -ARCH:qemu-cortex-r5 = "arm" diff --git a/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md b/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md index 6986afd3a7..9127a6ce72 100644 --- a/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md +++ b/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md @@ -27,7 +27,7 @@ The fvp-baser-aemv8r64 Yocto MACHINE supports the following BSP components, where either a standard or Real-Time Linux kernel (PREEMPT\_RT) can be built and run: - - FVP_Base_AEMv8R: v11.18.16 + - FVP_Base_AEMv8R: v11.19.14 - boot-wrapper-aarch64: provides PSCI support - U-Boot: v2022.04 - provides UEFI services - Linux kernel: linux-yocto-5.15 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb new file mode 100644 index 0000000000..5bb8c37c56 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb @@ -0,0 +1,47 @@ +SUMMARY = "External system Cortex-M3 Firmware" +DESCRIPTION = "Firmware to be loaded and run in External System Harness in\ + support to the main application CPU." +HOMEPAGE = "https://git.linaro.org/landing-teams/working/arm/external-system.git" +DEPENDS = "gcc-arm-none-eabi-native" +INHIBIT_DEFAULT_DEPS="1" +LICENSE = "BSD-3-Clause & Apache-2.0" +LIC_FILES_CHKSUM = "file://license.md;md5=e44b2531cd6ffe9dece394dbe988d9a0 \ + file://cmsis/LICENSE.txt;md5=e3fc50a88d0a364313df4b21ef20c29e" + +SRC_URI = "gitsm://git.gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx.git;protocol=https;branch=master" +SRCREV = "8c9dca74b104ff6c9722fb0738ba93dd3719c080" +PV .= "+git${SRCPV}" + +COMPATIBLE_MACHINE = "(corstone1000)" + +# PRODUCT is passed to the Makefile to specify the platform to be used. +PRODUCT = "corstone-1000" + +S = "${WORKDIR}/git" +B = "${WORKDIR}/build" + +LDFLAGS[unexport] = "1" + +do_compile() { + oe_runmake -C ${S} V=y \ + BUILD_PATH=${B} \ + PRODUCT=${PRODUCT} \ + CROSS_COMPILE=arm-none-eabi- \ + all +} + +do_compile[cleandirs] = "${B}" + +do_install() { + install -D -p -m 0644 ${B}/product/${PRODUCT}/firmware/release/bin/firmware.bin ${D}/firmware/es_flashfw.bin +} + +FILES:${PN} = "/firmware" +SYSROOT_DIRS += "/firmware" + +inherit deploy + +do_deploy() { + cp -rf ${D}/firmware/* ${DEPLOYDIR}/ +} +addtask deploy after do_install diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0004-feat-emulate-interrupt-controller-register-access.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-emulate-interrupt-controller-register-access.patch index 95f1651a84..95f1651a84 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0004-feat-emulate-interrupt-controller-register-access.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-emulate-interrupt-controller-register-access.patch diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-fix-ff-a-Use-FFA_INTERRUPT-to-signal-an-interrupted-.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-fix-ff-a-Use-FFA_INTERRUPT-to-signal-an-interrupted-.patch deleted file mode 100644 index 2b57b23905..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-fix-ff-a-Use-FFA_INTERRUPT-to-signal-an-interrupted-.patch +++ /dev/null @@ -1,152 +0,0 @@ -From e6bcc390749f0560b3bc92507ecbaaabc7145200 Mon Sep 17 00:00:00 2001 -From: Lucian Paul-Trifu <lucian.paul-trifu@arm.com> -Date: Wed, 10 Mar 2021 11:31:02 +0000 -Subject: [PATCH 2/5] fix(ff-a): Use FFA_INTERRUPT to signal an interrupted - FFA_MSG_WAIT - -Rather than FFA_ERROR(INTERRUPTED). - -Change-Id: I6b23a442714852b6183e0e46af6f0504ec0ee8f4 -Signed-off-by: Ben Horgan <ben.horgan@arm.com> -Upstream-Status: Pending [Not submitted to upstream yet] ---- - src/api.c | 2 +- - test/inc/test/vmapi/ffa.h | 7 +++++++ - test/vmapi/arch/aarch64/gicv3/services/common.c | 3 +-- - test/vmapi/arch/aarch64/gicv3/services/timer.c | 2 +- - test/vmapi/el0_partitions/services/interruptible.c | 3 +-- - test/vmapi/el0_partitions/services/interruptible_echo.c | 3 +-- - test/vmapi/el0_partitions/services/receive_block.c | 2 +- - .../primary_with_secondaries/services/interruptible.c | 3 +-- - .../primary_with_secondaries/services/receive_block.c | 2 +- - 9 files changed, 15 insertions(+), 12 deletions(-) - -diff --git a/src/api.c b/src/api.c -index b713b7c..00c4d44 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -1588,7 +1588,7 @@ struct ffa_value api_ffa_msg_recv(bool block, struct vcpu *current, - * received. If a message is received the return value will be set at - * that time to FFA_SUCCESS. - */ -- return_code = ffa_error(FFA_INTERRUPTED); -+ return_code = (struct ffa_value){.func = FFA_INTERRUPT_32}; - if (api_ffa_msg_recv_block_interrupted(current)) { - goto out; - } -diff --git a/test/inc/test/vmapi/ffa.h b/test/inc/test/vmapi/ffa.h -index 8fc1223..f0f3e75 100644 ---- a/test/inc/test/vmapi/ffa.h -+++ b/test/inc/test/vmapi/ffa.h -@@ -24,6 +24,13 @@ - EXPECT_EQ(ffa_error_code(v), (ffa_error)); \ - } while (0) - -+#define EXPECT_FFA_INTERRUPT(value) \ -+ do { \ -+ struct ffa_value v = (value); \ -+ EXPECT_EQ(v.func, FFA_INTERRUPT_32); \ -+ } while (0) -+ -+ - /* - * The bit 15 of the FF-A ID indicates whether the partition is executing - * in the normal world, in case it is a Virtual Machine (VM); or in the -diff --git a/test/vmapi/arch/aarch64/gicv3/services/common.c b/test/vmapi/arch/aarch64/gicv3/services/common.c -index 06df28d..4ada9e2 100644 ---- a/test/vmapi/arch/aarch64/gicv3/services/common.c -+++ b/test/vmapi/arch/aarch64/gicv3/services/common.c -@@ -22,8 +22,7 @@ struct ffa_value mailbox_receive_retry(void) - - do { - received = ffa_msg_wait(); -- } while (received.func == FFA_ERROR_32 && -- received.arg2 == FFA_INTERRUPTED); -+ } while (received.func == FFA_INTERRUPT_32); - - return received; - } -diff --git a/test/vmapi/arch/aarch64/gicv3/services/timer.c b/test/vmapi/arch/aarch64/gicv3/services/timer.c -index 156f160..d5d2816 100644 ---- a/test/vmapi/arch/aarch64/gicv3/services/timer.c -+++ b/test/vmapi/arch/aarch64/gicv3/services/timer.c -@@ -104,7 +104,7 @@ TEST_SERVICE(timer) - } else if (receive) { - struct ffa_value res = ffa_msg_wait(); - -- EXPECT_FFA_ERROR(res, FFA_INTERRUPTED); -+ EXPECT_FFA_INTERRUPT(res); - } else { - /* Busy wait until the timer fires. */ - while (!timer_fired) { -diff --git a/test/vmapi/el0_partitions/services/interruptible.c b/test/vmapi/el0_partitions/services/interruptible.c -index 0d00b16..4c9f099 100644 ---- a/test/vmapi/el0_partitions/services/interruptible.c -+++ b/test/vmapi/el0_partitions/services/interruptible.c -@@ -50,8 +50,7 @@ static struct ffa_value mailbox_receive_retry() - do { - irq(); - received = ffa_msg_wait(); -- } while (received.func == FFA_ERROR_32 && -- ffa_error_code(received) == FFA_INTERRUPTED); -+ } while (received.func == FFA_INTERRUPT_32); - - return received; - } -diff --git a/test/vmapi/el0_partitions/services/interruptible_echo.c b/test/vmapi/el0_partitions/services/interruptible_echo.c -index b618cf2..a857783 100644 ---- a/test/vmapi/el0_partitions/services/interruptible_echo.c -+++ b/test/vmapi/el0_partitions/services/interruptible_echo.c -@@ -39,8 +39,7 @@ static struct ffa_value mailbox_receive_retry() - do { - irq(); - received = ffa_msg_wait(); -- } while (received.func == FFA_ERROR_32 && -- received.arg2 == FFA_INTERRUPTED); -+ } while (received.func == FFA_INTERRUPT_32); - - return received; - } -diff --git a/test/vmapi/el0_partitions/services/receive_block.c b/test/vmapi/el0_partitions/services/receive_block.c -index 05a22f3..60da28b 100644 ---- a/test/vmapi/el0_partitions/services/receive_block.c -+++ b/test/vmapi/el0_partitions/services/receive_block.c -@@ -27,7 +27,7 @@ TEST_SERVICE(receive_block) - - for (i = 0; i < 10; ++i) { - struct ffa_value res = ffa_msg_wait(); -- EXPECT_FFA_ERROR(res, FFA_INTERRUPTED); -+ EXPECT_FFA_INTERRUPT(res); - } - - memcpy_s(SERVICE_SEND_BUFFER(), FFA_MSG_PAYLOAD_MAX, message, -diff --git a/test/vmapi/primary_with_secondaries/services/interruptible.c b/test/vmapi/primary_with_secondaries/services/interruptible.c -index cc1c1f9..005d1ff 100644 ---- a/test/vmapi/primary_with_secondaries/services/interruptible.c -+++ b/test/vmapi/primary_with_secondaries/services/interruptible.c -@@ -46,8 +46,7 @@ struct ffa_value mailbox_receive_retry() - - do { - received = ffa_msg_wait(); -- } while (received.func == FFA_ERROR_32 && -- ffa_error_code(received) == FFA_INTERRUPTED); -+ } while (received.func == FFA_INTERRUPT_32); - - return received; - } -diff --git a/test/vmapi/primary_with_secondaries/services/receive_block.c b/test/vmapi/primary_with_secondaries/services/receive_block.c -index edb4e3c..a6805ae 100644 ---- a/test/vmapi/primary_with_secondaries/services/receive_block.c -+++ b/test/vmapi/primary_with_secondaries/services/receive_block.c -@@ -40,7 +40,7 @@ TEST_SERVICE(receive_block) - - for (i = 0; i < 10; ++i) { - struct ffa_value res = ffa_msg_wait(); -- EXPECT_FFA_ERROR(res, FFA_INTERRUPTED); -+ EXPECT_FFA_INTERRUPT(res); - } - - memcpy_s(SERVICE_SEND_BUFFER(), FFA_MSG_PAYLOAD_MAX, message, --- -2.17.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-fix-ff-a-Add-FFA_SECONDARY_EP_REGISTER_64-to-list-of.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-fix-ff-a-Add-FFA_SECONDARY_EP_REGISTER_64-to-list-of.patch deleted file mode 100644 index 8d2cc13938..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-fix-ff-a-Add-FFA_SECONDARY_EP_REGISTER_64-to-list-of.patch +++ /dev/null @@ -1,28 +0,0 @@ -From a6f466c2594b2f56d34fee72494fbd29ea9c7d21 Mon Sep 17 00:00:00 2001 -From: Ben Horgan <ben.horgan@arm.com> -Date: Tue, 26 Apr 2022 12:59:42 +0000 -Subject: [PATCH 3/5] fix(ff-a): Add FFA_SECONDARY_EP_REGISTER_64 to list of - features - -Signed-off-by: Ben Horgan <ben.horgan@arm.com> -Change-Id: Ic1344eb2c982c195210dc2c86aa6845f3e037077 -Upstream-Status: Pending [Not submitted to upstream yet] ---- - src/api.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/api.c b/src/api.c -index 00c4d44..33a9b42 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -2021,6 +2021,7 @@ struct ffa_value api_ffa_features(uint32_t feature_function_id) - case FFA_MEM_PERM_SET_32: - case FFA_MEM_PERM_GET_64: - case FFA_MEM_PERM_SET_64: -+ case FFA_SECONDARY_EP_REGISTER_64: - #endif - return (struct ffa_value){.func = FFA_SUCCESS_32}; - --- -2.17.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0006-tc-increase-heap-pages.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-tc-increase-heap-pages.patch index 671f6a5c04..e86707389e 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0006-tc-increase-heap-pages.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-tc-increase-heap-pages.patch @@ -5,13 +5,13 @@ Subject: [PATCH] tc: increase heap pages Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com> --- - project/reference/BUILD.gn | 2 +- + /BUILD.gn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/project/reference/BUILD.gn b/project/reference/BUILD.gn +diff --git a//BUILD.gn b//BUILD.gn index 5d84d13..4ea0890 100644 ---- a/project/reference/BUILD.gn -+++ b/project/reference/BUILD.gn +--- a//BUILD.gn ++++ b//BUILD.gn @@ -233,7 +233,7 @@ aarch64_toolchains("secure_tc") { gicd_base_address = "0x30000000" gicr_base_address = "0x30080000" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0004-feat-disable-alignment-check-for-EL0-partitions.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0004-feat-disable-alignment-check-for-EL0-partitions.patch new file mode 100644 index 0000000000..d1e10d0ea0 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0004-feat-disable-alignment-check-for-EL0-partitions.patch @@ -0,0 +1,320 @@ +From 1e24b45a8ff34af45dda45c57f8403452d384f99 Mon Sep 17 00:00:00 2001 +From: Olivier Deprez <olivier.deprez@arm.com> +Date: Mon, 8 Aug 2022 19:14:23 +0200 +Subject: [PATCH] feat: disable alignment check for EL0 partitions + +Relax hw alignment check specifically for (S-)EL0 partitions when +Hafnium runs with VHE enabled. EL1 partitions have a specific control +for EL1 and EL0 with respect to alignment check. +Create a hyp_state structure (from already defined flying registers) +within the vCPU context to hold the Hypervisor EL2 static configuration +applied when a vCPU runs. This state is switched back and forth when +running the Hypervisor or the VM. +Add SCTLR_EL2 to this context. An EL0 partition context is initialized +with SCTLR_EL2.A=0 such that alignment check is disabled when EL0 runs +in the EL2&0 translation regime. SCTLR_EL2.A is set back when returning +to the Hypervisor such that Hypervisor execution runs with aligment +check enabled at EL2. +Remove HCR_EL2 saving from vCPU exit path provided this register state +is static and doesn't change while a vCPU runs. +The rationale for such change is to permit running upstream SW stacks +such as the EDKII/StandaloneMm [1] for which default build assumes +unaligned accesses are permitted. Similar query exists for running +Trusted Services on top of Hafnium [2]. + +[1] https://github.com/tianocore/edk2/tree/master/StandaloneMmPkg +[2] https://trusted-services.readthedocs.io/en/integration/ + +Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> +Change-Id: I2906f4c712425fcfb31adbf89e2e3b9ca293f181 +Upstream-Status: Submitted [https://review.trustedfirmware.org/c/hafnium/hafnium/+/16195] +--- + src/arch/aarch64/hypervisor/cpu.c | 9 ++++--- + src/arch/aarch64/hypervisor/exceptions.S | 32 ++++++++++++++++-------- + src/arch/aarch64/hypervisor/feature_id.c | 6 ++--- + src/arch/aarch64/hypervisor/handler.c | 18 +++++++------ + src/arch/aarch64/inc/hf/arch/types.h | 9 +++++-- + src/arch/aarch64/mm.c | 2 +- + src/arch/aarch64/sysregs.c | 11 ++++++-- + src/arch/aarch64/sysregs.h | 2 +- + 8 files changed, 59 insertions(+), 30 deletions(-) + +diff --git a/src/arch/aarch64/hypervisor/cpu.c b/src/arch/aarch64/hypervisor/cpu.c +index d2df77d..a000159 100644 +--- a/src/arch/aarch64/hypervisor/cpu.c ++++ b/src/arch/aarch64/hypervisor/cpu.c +@@ -115,7 +115,9 @@ void arch_regs_reset(struct vcpu *vcpu) + } + } + +- r->hcr_el2 = get_hcr_el2_value(vm_id, vcpu->vm->el0_partition); ++ r->hyp_state.hcr_el2 = ++ get_hcr_el2_value(vm_id, vcpu->vm->el0_partition); ++ r->hyp_state.sctlr_el2 = get_sctlr_el2_value(vcpu->vm->el0_partition); + r->lazy.cnthctl_el2 = cnthctl; + if (vcpu->vm->el0_partition) { + CHECK(has_vhe_support()); +@@ -125,10 +127,11 @@ void arch_regs_reset(struct vcpu *vcpu) + * are ignored and treated as 0. There is no need to mask the + * VMID (used as asid) to only 8 bits. + */ +- r->ttbr0_el2 = pa_addr(table) | ((uint64_t)vm_id << 48); ++ r->hyp_state.ttbr0_el2 = ++ pa_addr(table) | ((uint64_t)vm_id << 48); + r->spsr = PSR_PE_MODE_EL0T; + } else { +- r->ttbr0_el2 = read_msr(ttbr0_el2); ++ r->hyp_state.ttbr0_el2 = read_msr(ttbr0_el2); + r->lazy.vtcr_el2 = arch_mm_get_vtcr_el2(); + r->lazy.vttbr_el2 = pa_addr(table) | ((uint64_t)vm_id << 48); + #if SECURE_WORLD == 1 +diff --git a/src/arch/aarch64/hypervisor/exceptions.S b/src/arch/aarch64/hypervisor/exceptions.S +index 539e196..d3732f8 100644 +--- a/src/arch/aarch64/hypervisor/exceptions.S ++++ b/src/arch/aarch64/hypervisor/exceptions.S +@@ -20,6 +20,9 @@ + #define ID_AA64PFR0_SVE_SHIFT (32) + #define ID_AA64PFR0_SVE_LENGTH (4) + ++#define SCTLR_EL2_A_SHIFT (1) ++#define HCR_EL2_TGE_SHIFT (27) ++ + /** + * Saves the volatile registers into the register buffer of the current vCPU. + */ +@@ -51,8 +54,6 @@ + mrs x1, elr_el2 + mrs x2, spsr_el2 + stp x1, x2, [x18, #VCPU_REGS + 8 * 31] +- mrs x1, hcr_el2 +- str x1, [x18, #VCPU_REGS + 8 * 33] + .endm + + /** +@@ -871,12 +872,13 @@ vcpu_restore_volatile_and_run: + msr elr_el2, x1 + msr spsr_el2, x2 + +- ldr x1, [x0, #VCPU_REGS + 8 * 33] ++ ldp x1, x2, [x0, #VCPU_REGS + 8 * 33] + msr hcr_el2, x1 ++ msr ttbr0_el2, x2 + isb + +- ldr x1, [x0, #VCPU_REGS + 8 * 34] +- msr ttbr0_el2, x1 ++ ldr x1, [x0, #VCPU_REGS + 8 * 35] ++ msr sctlr_el2, x1 + isb + + /* Restore x0..x3, which we have used as scratch before. */ +@@ -886,15 +888,17 @@ vcpu_restore_volatile_and_run: + + #if ENABLE_VHE + enable_vhe_tge: ++ mrs x0, id_aa64mmfr1_el1 ++ tst x0, #0xf00 ++ b.eq 1f ++ + /** + * Switch to host mode ({E2H, TGE} = {1,1}) when VHE is enabled. + * Note that E2H is always set when VHE is enabled. + */ +- mrs x0, id_aa64mmfr1_el1 +- tst x0, #0xf00 +- b.eq 1f +- orr x1, x1, #(1 << 27) +- msr hcr_el2, x1 ++ mrs x0, hcr_el2 ++ orr x0, x0, #(1 << HCR_EL2_TGE_SHIFT) ++ msr hcr_el2, x0 + isb + + /** +@@ -905,6 +909,14 @@ enable_vhe_tge: + ldr x0, [x0] + msr ttbr0_el2, x0 + isb ++ ++ /** ++ * Enable alignment check while Hypervisor runs. ++ */ ++ mrs x0, sctlr_el2 ++ orr x0, x0, #(1 << SCTLR_EL2_A_SHIFT) ++ msr sctlr_el2, x0 ++ isb + 1: + ret + #endif +diff --git a/src/arch/aarch64/hypervisor/feature_id.c b/src/arch/aarch64/hypervisor/feature_id.c +index ed3bf8f..57f3262 100644 +--- a/src/arch/aarch64/hypervisor/feature_id.c ++++ b/src/arch/aarch64/hypervisor/feature_id.c +@@ -175,7 +175,7 @@ void feature_set_traps(struct vm *vm, struct arch_regs *regs) + ~(ID_AA64MMFR1_EL1_VH_MASK << ID_AA64MMFR1_EL1_VH_SHIFT); + + if (features & HF_FEATURE_RAS) { +- regs->hcr_el2 |= HCR_EL2_TERR; ++ regs->hyp_state.hcr_el2 |= HCR_EL2_TERR; + vm->arch.tid3_masks.id_aa64mmfr1_el1 &= + ~ID_AA64MMFR1_EL1_SPEC_SEI; + vm->arch.tid3_masks.id_aa64pfr0_el1 &= ~ID_AA64PFR0_EL1_RAS; +@@ -221,14 +221,14 @@ void feature_set_traps(struct vm *vm, struct arch_regs *regs) + } + + if (features & HF_FEATURE_LOR) { +- regs->hcr_el2 |= HCR_EL2_TLOR; ++ regs->hyp_state.hcr_el2 |= HCR_EL2_TLOR; + + vm->arch.tid3_masks.id_aa64mmfr1_el1 &= ~ID_AA64MMFR1_EL1_LO; + } + + if (features & HF_FEATURE_PAUTH) { + /* APK and API bits *enable* trapping when cleared. */ +- regs->hcr_el2 &= ~(HCR_EL2_APK | HCR_EL2_API); ++ regs->hyp_state.hcr_el2 &= ~(HCR_EL2_APK | HCR_EL2_API); + + vm->arch.tid3_masks.id_aa64isar1_el1 &= ~ID_AA64ISAR1_EL1_GPI; + vm->arch.tid3_masks.id_aa64isar1_el1 &= ~ID_AA64ISAR1_EL1_GPA; +diff --git a/src/arch/aarch64/hypervisor/handler.c b/src/arch/aarch64/hypervisor/handler.c +index cd5146b..8a3d628 100644 +--- a/src/arch/aarch64/hypervisor/handler.c ++++ b/src/arch/aarch64/hypervisor/handler.c +@@ -272,9 +272,9 @@ noreturn void sync_current_exception_noreturn(uintreg_t elr, uintreg_t spsr) + static void set_virtual_irq(struct arch_regs *r, bool enable) + { + if (enable) { +- r->hcr_el2 |= HCR_EL2_VI; ++ r->hyp_state.hcr_el2 |= HCR_EL2_VI; + } else { +- r->hcr_el2 &= ~HCR_EL2_VI; ++ r->hyp_state.hcr_el2 &= ~HCR_EL2_VI; + } + } + +@@ -283,14 +283,15 @@ static void set_virtual_irq(struct arch_regs *r, bool enable) + */ + static void set_virtual_irq_current(bool enable) + { +- uintreg_t hcr_el2 = current()->regs.hcr_el2; ++ struct vcpu *vcpu = current(); ++ uintreg_t hcr_el2 = vcpu->regs.hyp_state.hcr_el2; + + if (enable) { + hcr_el2 |= HCR_EL2_VI; + } else { + hcr_el2 &= ~HCR_EL2_VI; + } +- current()->regs.hcr_el2 = hcr_el2; ++ vcpu->regs.hyp_state.hcr_el2 = hcr_el2; + } + + /** +@@ -300,9 +301,9 @@ static void set_virtual_irq_current(bool enable) + static void set_virtual_fiq(struct arch_regs *r, bool enable) + { + if (enable) { +- r->hcr_el2 |= HCR_EL2_VF; ++ r->hyp_state.hcr_el2 |= HCR_EL2_VF; + } else { +- r->hcr_el2 &= ~HCR_EL2_VF; ++ r->hyp_state.hcr_el2 &= ~HCR_EL2_VF; + } + } + +@@ -311,14 +312,15 @@ static void set_virtual_fiq(struct arch_regs *r, bool enable) + */ + static void set_virtual_fiq_current(bool enable) + { +- uintreg_t hcr_el2 = current()->regs.hcr_el2; ++ struct vcpu *vcpu = current(); ++ uintreg_t hcr_el2 = vcpu->regs.hyp_state.hcr_el2; + + if (enable) { + hcr_el2 |= HCR_EL2_VF; + } else { + hcr_el2 &= ~HCR_EL2_VF; + } +- current()->regs.hcr_el2 = hcr_el2; ++ vcpu->regs.hyp_state.hcr_el2 = hcr_el2; + } + + #if SECURE_WORLD == 1 +diff --git a/src/arch/aarch64/inc/hf/arch/types.h b/src/arch/aarch64/inc/hf/arch/types.h +index 6379d73..6b8b24f 100644 +--- a/src/arch/aarch64/inc/hf/arch/types.h ++++ b/src/arch/aarch64/inc/hf/arch/types.h +@@ -79,8 +79,13 @@ struct arch_regs { + uintreg_t r[NUM_GP_REGS]; + uintreg_t pc; + uintreg_t spsr; +- uintreg_t hcr_el2; +- uintreg_t ttbr0_el2; ++ ++ /* Hypervisor configuration while a vCPU runs. */ ++ struct { ++ uintreg_t hcr_el2; ++ uintreg_t ttbr0_el2; ++ uintreg_t sctlr_el2; ++ } hyp_state; + + /* + * System registers. +diff --git a/src/arch/aarch64/mm.c b/src/arch/aarch64/mm.c +index 8ee65ca..487ae35 100644 +--- a/src/arch/aarch64/mm.c ++++ b/src/arch/aarch64/mm.c +@@ -886,7 +886,7 @@ bool arch_mm_init(paddr_t table) + #endif + (0xff << (8 * STAGE1_NORMALINDX)), + +- .sctlr_el2 = get_sctlr_el2_value(), ++ .sctlr_el2 = get_sctlr_el2_value(false), + .vstcr_el2 = (1U << 31) | /* RES1. */ + (0 << 30) | /* SA. */ + (0 << 29) | /* SW. */ +diff --git a/src/arch/aarch64/sysregs.c b/src/arch/aarch64/sysregs.c +index e8c154b..087ba4e 100644 +--- a/src/arch/aarch64/sysregs.c ++++ b/src/arch/aarch64/sysregs.c +@@ -159,7 +159,7 @@ uintreg_t get_cptr_el2_value(void) + /** + * Returns the value for SCTLR_EL2 for the CPU. + */ +-uintreg_t get_sctlr_el2_value(void) ++uintreg_t get_sctlr_el2_value(bool is_el0_partition) + { + uintreg_t sctlr_el2_value = 0; + +@@ -173,7 +173,14 @@ uintreg_t get_sctlr_el2_value(void) + + /* MMU-related bits. */ + sctlr_el2_value |= SCTLR_EL2_M; +- sctlr_el2_value |= SCTLR_EL2_A; ++ ++ /* ++ * Alignment check enabled, but in the case of an EL0 partition ++ * with VHE enabled. ++ */ ++ if (!(has_vhe_support() && is_el0_partition)) { ++ sctlr_el2_value |= SCTLR_EL2_A; ++ } + sctlr_el2_value |= SCTLR_EL2_C; + sctlr_el2_value |= SCTLR_EL2_SA; + sctlr_el2_value |= SCTLR_EL2_I; +diff --git a/src/arch/aarch64/sysregs.h b/src/arch/aarch64/sysregs.h +index babd237..6fdab58 100644 +--- a/src/arch/aarch64/sysregs.h ++++ b/src/arch/aarch64/sysregs.h +@@ -668,7 +668,7 @@ uintreg_t get_mdcr_el2_value(void); + + uintreg_t get_cptr_el2_value(void); + +-uintreg_t get_sctlr_el2_value(void); ++uintreg_t get_sctlr_el2_value(bool is_el0_partition); + + /** + * Branch Target Identification mechanism support in AArch64 state. +-- +2.34.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0005-Revert-fix-ff-a-check-receiver-s-attributes-on-memor.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0005-Revert-fix-ff-a-check-receiver-s-attributes-on-memor.patch deleted file mode 100644 index e5f9489e7f..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0005-Revert-fix-ff-a-check-receiver-s-attributes-on-memor.patch +++ /dev/null @@ -1,318 +0,0 @@ -From 64d5628c8439e4649e9c1da9b9e02ebd5c7fb8cf Mon Sep 17 00:00:00 2001 -From: Ben Horgan <ben.horgan@arm.com> -Date: Thu, 28 Apr 2022 15:53:31 +0000 -Subject: [PATCH 5/5] Revert "fix(ff-a): check receiver's attributes on memory - retrieve" - -This reverts commit a98603aa965e3ff3ca5383249213e2fd1a96d850. - -Change-Id: Ia71ce3ac52e9b2e85578372c24eb8d593b62435f -Signed-off-by: Ben Horgan <ben.horgan@arm.com> ---- - src/ffa_memory.c | 76 ++++++----------- - test/vmapi/el0_partitions/memory_sharing.c | 81 ------------------- - .../primary_with_secondaries/memory_sharing.c | 81 ------------------- - 3 files changed, 25 insertions(+), 213 deletions(-) - -diff --git a/src/ffa_memory.c b/src/ffa_memory.c -index ab47929..2fcc386 100644 ---- a/src/ffa_memory.c -+++ b/src/ffa_memory.c -@@ -1344,42 +1344,6 @@ static struct ffa_value ffa_memory_send_complete( - return ffa_mem_success(share_state->memory_region->handle); - } - --/** -- * Check that the memory attributes match Hafnium expectations: -- * Normal Memory, Inner shareable, Write-Back Read-Allocate -- * Write-Allocate Cacheable. -- */ --static struct ffa_value ffa_memory_attributes_validate( -- ffa_memory_access_permissions_t attributes) --{ -- enum ffa_memory_type memory_type; -- enum ffa_memory_cacheability cacheability; -- enum ffa_memory_shareability shareability; -- -- memory_type = ffa_get_memory_type_attr(attributes); -- if (memory_type != FFA_MEMORY_NORMAL_MEM) { -- dlog_verbose("Invalid memory type %#x, expected %#x.\n", -- memory_type, FFA_MEMORY_NORMAL_MEM); -- return ffa_error(FFA_DENIED); -- } -- -- cacheability = ffa_get_memory_cacheability_attr(attributes); -- if (cacheability != FFA_MEMORY_CACHE_WRITE_BACK) { -- dlog_verbose("Invalid cacheability %#x, expected %#x.\n", -- cacheability, FFA_MEMORY_CACHE_WRITE_BACK); -- return ffa_error(FFA_DENIED); -- } -- -- shareability = ffa_get_memory_shareability_attr(attributes); -- if (shareability != FFA_MEMORY_INNER_SHAREABLE) { -- dlog_verbose("Invalid shareability %#x, expected #%x.\n", -- shareability, FFA_MEMORY_INNER_SHAREABLE); -- return ffa_error(FFA_DENIED); -- } -- -- return (struct ffa_value){.func = FFA_SUCCESS_32}; --} -- - /** - * Check that the given `memory_region` represents a valid memory send request - * of the given `share_func` type, return the clear flag and permissions via the -@@ -1400,7 +1364,10 @@ static struct ffa_value ffa_memory_send_validate( - uint32_t constituents_length; - enum ffa_data_access data_access; - enum ffa_instruction_access instruction_access; -- struct ffa_value ret; -+ ffa_memory_access_permissions_t attributes; -+ enum ffa_memory_type memory_type; -+ enum ffa_memory_cacheability memory_cacheability; -+ enum ffa_memory_shareability memory_shareability; - - assert(permissions != NULL); - -@@ -1536,9 +1503,26 @@ static struct ffa_value ffa_memory_send_validate( - * Normal Memory, Inner shareable, Write-Back Read-Allocate - * Write-Allocate Cacheable. - */ -- ret = ffa_memory_attributes_validate(memory_region->attributes); -- if (ret.func != FFA_SUCCESS_32) { -- return ret; -+ attributes = memory_region->attributes; -+ memory_type = ffa_get_memory_type_attr(attributes); -+ if (memory_type != FFA_MEMORY_NORMAL_MEM) { -+ dlog_verbose("Invalid memory type %#x, expected %#x.\n", -+ memory_type, FFA_MEMORY_NORMAL_MEM); -+ return ffa_error(FFA_INVALID_PARAMETERS); -+ } -+ -+ memory_cacheability = ffa_get_memory_cacheability_attr(attributes); -+ if (memory_cacheability != FFA_MEMORY_CACHE_WRITE_BACK) { -+ dlog_verbose("Invalid cacheability %#x, expected %#x.\n", -+ memory_cacheability, FFA_MEMORY_CACHE_WRITE_BACK); -+ return ffa_error(FFA_INVALID_PARAMETERS); -+ } -+ -+ memory_shareability = ffa_get_memory_shareability_attr(attributes); -+ if (memory_shareability != FFA_MEMORY_INNER_SHAREABLE) { -+ dlog_verbose("Invalid shareability %#x, expected %#x.\n", -+ memory_shareability, FFA_MEMORY_INNER_SHAREABLE); -+ return ffa_error(FFA_INVALID_PARAMETERS); - } - - return (struct ffa_value){.func = FFA_SUCCESS_32}; -@@ -2376,6 +2360,7 @@ struct ffa_value ffa_memory_retrieve(struct vm_locked to_locked, - * Check permissions from sender against permissions requested by - * receiver. - */ -+ /* TODO: Check attributes too. */ - sent_permissions = - memory_region->receivers[0].receiver_permissions.permissions; - sent_data_access = ffa_get_data_access_attr(sent_permissions); -@@ -2453,17 +2438,6 @@ struct ffa_value ffa_memory_retrieve(struct vm_locked to_locked, - panic("Got unexpected FFA_INSTRUCTION_ACCESS_RESERVED. Should " - "be checked before this point."); - } -- -- /* -- * Ensure receiver's attributes are compatible with how Hafnium maps -- * memory: Normal Memory, Inner shareable, Write-Back Read-Allocate -- * Write-Allocate Cacheable. -- */ -- ret = ffa_memory_attributes_validate(retrieve_request->attributes); -- if (ret.func != FFA_SUCCESS_32) { -- goto out; -- } -- - memory_to_attributes = ffa_memory_permissions_to_mode( - permissions, share_state->sender_orig_mode); - ret = ffa_retrieve_check_update( -diff --git a/test/vmapi/el0_partitions/memory_sharing.c b/test/vmapi/el0_partitions/memory_sharing.c -index 3756d7d..c29f029 100644 ---- a/test/vmapi/el0_partitions/memory_sharing.c -+++ b/test/vmapi/el0_partitions/memory_sharing.c -@@ -2160,87 +2160,6 @@ TEST(memory_sharing, ffa_validate_retrieve_req_mbz) - } - } - --/** -- * Memory can't be shared with arbitrary attributes because Hafnium maps pages -- * with hardcoded values and doesn't support custom mappings. -- */ --TEST(memory_sharing, ffa_validate_retrieve_req_attributes) --{ -- struct ffa_value ret; -- struct mailbox_buffers mb = set_up_mailbox(); -- uint32_t msg_size; -- ffa_memory_handle_t handle; -- -- struct ffa_value (*send_function[])(uint32_t, uint32_t) = { -- ffa_mem_share, -- ffa_mem_lend, -- }; -- -- struct ffa_memory_region_constituent constituents[] = { -- {.address = (uint64_t)pages, .page_count = 2}, -- {.address = (uint64_t)pages + PAGE_SIZE * 3, .page_count = 1}, -- }; -- -- SERVICE_SELECT(SERVICE_VM1, "ffa_memory_share_fail", mb.send); -- -- struct { -- enum ffa_memory_type memory_type; -- enum ffa_memory_cacheability memory_cacheability; -- enum ffa_memory_shareability memory_shareability; -- } invalid_attributes[] = { -- /* Invalid memory type */ -- {FFA_MEMORY_DEVICE_MEM, FFA_MEMORY_CACHE_WRITE_BACK, -- FFA_MEMORY_INNER_SHAREABLE}, -- /* Invalid cacheability */ -- {FFA_MEMORY_NORMAL_MEM, FFA_MEMORY_CACHE_NON_CACHEABLE, -- FFA_MEMORY_INNER_SHAREABLE}, -- /* Invalid shareability */ -- {FFA_MEMORY_NORMAL_MEM, FFA_MEMORY_CACHE_WRITE_BACK, -- FFA_MEMORY_SHARE_NON_SHAREABLE}, -- {FFA_MEMORY_NORMAL_MEM, FFA_MEMORY_CACHE_WRITE_BACK, -- FFA_MEMORY_OUTER_SHAREABLE}}; -- -- for (uint32_t i = 0; i < ARRAY_SIZE(send_function); i++) { -- /* Prepare memory region, and set all flags */ -- EXPECT_EQ(ffa_memory_region_init( -- mb.send, HF_MAILBOX_SIZE, HF_PRIMARY_VM_ID, -- SERVICE_VM1, constituents, -- ARRAY_SIZE(constituents), 0, 0, -- FFA_DATA_ACCESS_RW, -- FFA_INSTRUCTION_ACCESS_NOT_SPECIFIED, -- FFA_MEMORY_NORMAL_MEM, -- FFA_MEMORY_CACHE_WRITE_BACK, -- FFA_MEMORY_INNER_SHAREABLE, NULL, &msg_size), -- 0); -- -- ret = send_function[i](msg_size, msg_size); -- EXPECT_EQ(ret.func, FFA_SUCCESS_32); -- -- handle = ffa_mem_success_handle(ret); -- -- for (uint32_t j = 0; j < ARRAY_SIZE(invalid_attributes); ++j) { -- msg_size = ffa_memory_retrieve_request_init( -- mb.send, handle, HF_PRIMARY_VM_ID, SERVICE_VM1, -- 0, 0, FFA_DATA_ACCESS_RW, -- FFA_INSTRUCTION_ACCESS_NOT_SPECIFIED, -- invalid_attributes[j].memory_type, -- invalid_attributes[j].memory_cacheability, -- invalid_attributes[j].memory_shareability); -- -- EXPECT_LE(msg_size, HF_MAILBOX_SIZE); -- -- EXPECT_EQ(ffa_msg_send(HF_PRIMARY_VM_ID, SERVICE_VM1, -- msg_size, 0) -- .func, -- FFA_SUCCESS_32); -- -- ffa_run(SERVICE_VM1, 0); -- } -- -- EXPECT_EQ(ffa_mem_reclaim(handle, 0).func, FFA_SUCCESS_32); -- } --} -- - /** - * If memory is shared can't request zeroing of memory at both send and - * relinquish. -diff --git a/test/vmapi/primary_with_secondaries/memory_sharing.c b/test/vmapi/primary_with_secondaries/memory_sharing.c -index 6080709..4bcf252 100644 ---- a/test/vmapi/primary_with_secondaries/memory_sharing.c -+++ b/test/vmapi/primary_with_secondaries/memory_sharing.c -@@ -2307,87 +2307,6 @@ TEST(memory_sharing, ffa_validate_retrieve_req_mbz) - } - } - --/** -- * Memory can't be shared with arbitrary attributes because Hafnium maps pages -- * with hardcoded values and doesn't support custom mappings. -- */ --TEST(memory_sharing, ffa_validate_retrieve_req_attributes) --{ -- struct ffa_value ret; -- struct mailbox_buffers mb = set_up_mailbox(); -- uint32_t msg_size; -- ffa_memory_handle_t handle; -- -- struct ffa_value (*send_function[])(uint32_t, uint32_t) = { -- ffa_mem_share, -- ffa_mem_lend, -- }; -- -- struct ffa_memory_region_constituent constituents[] = { -- {.address = (uint64_t)pages, .page_count = 2}, -- {.address = (uint64_t)pages + PAGE_SIZE * 3, .page_count = 1}, -- }; -- -- SERVICE_SELECT(SERVICE_VM1, "ffa_memory_share_fail_denied", mb.send); -- -- struct { -- enum ffa_memory_type memory_type; -- enum ffa_memory_cacheability memory_cacheability; -- enum ffa_memory_shareability memory_shareability; -- } invalid_attributes[] = { -- /* Invalid memory type */ -- {FFA_MEMORY_DEVICE_MEM, FFA_MEMORY_CACHE_WRITE_BACK, -- FFA_MEMORY_INNER_SHAREABLE}, -- /* Invalid cacheability */ -- {FFA_MEMORY_NORMAL_MEM, FFA_MEMORY_CACHE_NON_CACHEABLE, -- FFA_MEMORY_INNER_SHAREABLE}, -- /* Invalid shareability */ -- {FFA_MEMORY_NORMAL_MEM, FFA_MEMORY_CACHE_WRITE_BACK, -- FFA_MEMORY_SHARE_NON_SHAREABLE}, -- {FFA_MEMORY_NORMAL_MEM, FFA_MEMORY_CACHE_WRITE_BACK, -- FFA_MEMORY_OUTER_SHAREABLE}}; -- -- for (uint32_t i = 0; i < ARRAY_SIZE(send_function); i++) { -- /* Prepare memory region, and set all flags */ -- EXPECT_EQ(ffa_memory_region_init( -- mb.send, HF_MAILBOX_SIZE, HF_PRIMARY_VM_ID, -- SERVICE_VM1, constituents, -- ARRAY_SIZE(constituents), 0, 0, -- FFA_DATA_ACCESS_RW, -- FFA_INSTRUCTION_ACCESS_NOT_SPECIFIED, -- FFA_MEMORY_NORMAL_MEM, -- FFA_MEMORY_CACHE_WRITE_BACK, -- FFA_MEMORY_INNER_SHAREABLE, NULL, &msg_size), -- 0); -- -- ret = send_function[i](msg_size, msg_size); -- EXPECT_EQ(ret.func, FFA_SUCCESS_32); -- -- handle = ffa_mem_success_handle(ret); -- -- for (uint32_t j = 0; j < ARRAY_SIZE(invalid_attributes); ++j) { -- msg_size = ffa_memory_retrieve_request_init( -- mb.send, handle, HF_PRIMARY_VM_ID, SERVICE_VM1, -- 0, 0, FFA_DATA_ACCESS_RW, -- FFA_INSTRUCTION_ACCESS_NOT_SPECIFIED, -- invalid_attributes[j].memory_type, -- invalid_attributes[j].memory_cacheability, -- invalid_attributes[j].memory_shareability); -- -- EXPECT_LE(msg_size, HF_MAILBOX_SIZE); -- -- EXPECT_EQ(ffa_msg_send(HF_PRIMARY_VM_ID, SERVICE_VM1, -- msg_size, 0) -- .func, -- FFA_SUCCESS_32); -- -- ffa_run(SERVICE_VM1, 0); -- } -- -- EXPECT_EQ(ffa_mem_reclaim(handle, 0).func, FFA_SUCCESS_32); -- } --} -- - /** - * If memory is shared can't request zeroing of memory at both send and - * relinquish. --- -2.17.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0005-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0005-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch new file mode 100644 index 0000000000..1808295d4b --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0005-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch @@ -0,0 +1,44 @@ +From 02c8afc4f7315b4e12098ffeb8bd5e64e4891e78 Mon Sep 17 00:00:00 2001 +From: Davidson K <davidson.kumaresan@arm.com> +Date: Thu, 7 Oct 2021 12:20:08 +0530 +Subject: [PATCH] feat(vhe): set STAGE1_NS while mapping memory from NWd to SWd + +If the memory is shared by a VM executing in non secure world, attribute +MM_MODE_NS had to be set while mapping that in a S-EL0 SP executing in +secure world. It will not be needed for a S-EL1 SP since the NS bit is +available only for the stage 1 translations and the stage 1 translations +for a S-EL1 SP will be handled by a trusted OS running in S-EL1. + +Signed-off-by: Davidson K <davidson.kumaresan@arm.com> +Change-Id: I074e2d5a50a659bd3c097d797c4901f08d210b1b +Upstream-Status: Pending [Not submitted to upstream yet] +--- + src/ffa_memory.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/src/ffa_memory.c b/src/ffa_memory.c +index 048cca9..8910cc7 100644 +--- a/src/ffa_memory.c ++++ b/src/ffa_memory.c +@@ -2483,6 +2483,18 @@ struct ffa_value ffa_memory_retrieve(struct vm_locked to_locked, + + memory_to_attributes = ffa_memory_permissions_to_mode( + permissions, share_state->sender_orig_mode); ++ ++ if (to_locked.vm->el0_partition) { ++ /* ++ * Get extra mapping attributes for the given VM ID. ++ * If the memory is shared by a VM executing in non secure ++ * world, attribute MM_MODE_NS had to be set while mapping ++ * that in a SP executing in secure world. ++ */ ++ memory_to_attributes |= arch_mm_extra_attributes_from_vm( ++ retrieve_request->sender); ++ } ++ + ret = ffa_retrieve_check_update( + to_locked, memory_region->sender, share_state->fragments, + share_state->fragment_constituent_counts, +-- +2.34.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0006-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0006-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch new file mode 100644 index 0000000000..3139759e73 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0006-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch @@ -0,0 +1,34 @@ +From c235511a06a54bcccec97b3067c1004d3957b1d8 Mon Sep 17 00:00:00 2001 +From: Davidson K <davidson.kumaresan@arm.com> +Date: Thu, 8 Sep 2022 10:47:10 +0530 +Subject: [PATCH] feat(vhe): enable vhe and disable branch protection for TC + +Signed-off-by: Davidson K <davidson.kumaresan@arm.com> +Change-Id: I60cd607d9f2bf0114b482980e7ca68e24aaf4d1f +Upstream-Status: Pending [Not submitted to upstream yet] +--- + BUILD.gn | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/BUILD.gn b/BUILD.gn +index 62ba763..f26ce03 100644 +--- a/BUILD.gn ++++ b/BUILD.gn +@@ -238,7 +238,6 @@ aarch64_toolchains("secure_tc") { + heap_pages = 120 + max_cpus = 8 + max_vms = 16 +- branch_protection = "standard" + toolchain_args = { + plat_ffa = "//src/arch/aarch64/plat/ffa:spmc" + plat_psci = "//src/arch/aarch64/plat/psci:spmc" +@@ -247,5 +246,6 @@ aarch64_toolchains("secure_tc") { + secure_world = "1" + pl011_base_address = "0x7ff80000" + enable_mte = "1" ++ enable_vhe = "1" + } + } +-- +2.34.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/hafnium-tc.inc b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/hafnium-tc.inc index c8f77dc6d3..6dd08ad0a4 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/hafnium-tc.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/hafnium-tc.inc @@ -3,20 +3,21 @@ COMPATIBLE_MACHINE = "(tc?)" HAFNIUM_PLATFORM = "secure_tc" -SRCREV = "4eb7b54348234d7f4bbac64bac28f683d6574ba9" +# Intermediate SHA with 2.7 baseline version +SRCREV = "dd0561820946fe23bcd57cc129140437f72102a5" +PV = "2.7+git${SRCPV}" + FILESEXTRAPATHS:prepend:tc := "${THISDIR}/files/tc:" -SRC_URI:remove = " \ - file://host-ld.patch \ - file://native-dtc.patch" +SRC_URI:remove = "file://0001-Fix-build-with-clang-15.patch" SRC_URI:append = " \ file://0001-feat-emulate-cntp-timer-register-accesses-using-cnth.patch \ - file://0002-fix-ff-a-Use-FFA_INTERRUPT-to-signal-an-interrupted-.patch \ - file://0003-fix-ff-a-Add-FFA_SECONDARY_EP_REGISTER_64-to-list-of.patch \ - file://0004-feat-emulate-interrupt-controller-register-access.patch \ - file://0005-Revert-fix-ff-a-check-receiver-s-attributes-on-memor.patch \ - file://0006-tc-increase-heap-pages.patch \ + file://0002-feat-emulate-interrupt-controller-register-access.patch \ + file://0003-tc-increase-heap-pages.patch;patchdir=project/reference \ + file://0004-feat-disable-alignment-check-for-EL0-partitions.patch \ + file://0005-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch \ + file://0006-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch;patchdir=project/reference \ " do_compile() { diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb index ad5ec958fe..76a7126b29 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb +++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb @@ -6,8 +6,27 @@ LICENSE = "MIT" COMPATIBLE_MACHINE = "corstone1000" inherit image -inherit wic_nopt +inherit wic_nopt tfm_sign_image PACKAGE_INSTALL = "" IMAGE_FSTYPES += "wic wic.nopt" + +do_sign_images() { + # Sign TF-A BL2 + sign_host_image ${RECIPE_SYSROOT}/firmware/${TFA_BL2_BINARY} \ + ${TFA_BL2_RE_IMAGE_LOAD_ADDRESS} ${TFA_BL2_RE_SIGN_BIN_SIZE} + + # Update BL2 in the FIP image + cp ${RECIPE_SYSROOT}/firmware/${TFA_FIP_BINARY} . + fiptool update --tb-fw ${TFM_IMAGE_SIGN_DIR}/signed_${TFA_BL2_BINARY} \ + ${TFM_IMAGE_SIGN_DIR}/${TFA_FIP_BINARY} + + # Sign the FIP image + sign_host_image ${TFM_IMAGE_SIGN_DIR}/${TFA_FIP_BINARY} \ + ${TFA_FIP_RE_IMAGE_LOAD_ADDRESS} ${TFA_FIP_RE_SIGN_BIN_SIZE} +} +do_sign_images[depends] = "\ + trusted-firmware-a:do_populate_sysroot \ + fiptool-native:do_populate_sysroot \ + " diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb index b778a0080f..46427b749e 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb +++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb @@ -23,8 +23,8 @@ IMAGE_FEATURES:remove = "package-management" # all optee packages IMAGE_INSTALL += "optee-client" -# FF-A Debugfs driver -IMAGE_INSTALL += "ffa-debugfs-mod" +# external system linux userspace test application +IMAGE_INSTALL += "corstone1000-external-sys-tests" -# psa-arch-tests linux userspace application -IMAGE_INSTALL += "secure-partitions-psa-api-tests" +# TS PSA API tests commands for crypto, its, ps and iat +IMAGE_INSTALL += "packagegroup-ts-tests-psa" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/n1sdp-board-firmware_2021.10.12.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/n1sdp-board-firmware_2022.06.22.bb index dda99e74c1..ef7a4fca0b 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/images/n1sdp-board-firmware_2021.10.12.bb +++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/n1sdp-board-firmware_2022.06.22.bb @@ -2,7 +2,7 @@ SUMMARY = "Board Firmware binaries for N1SDP" SECTION = "firmware" LICENSE = "STM-SLA0044-Rev5" -LIC_FILES_CHKSUM = "file://LICENSES/STM.TXT;md5=cd18335eff80d0a690a650f0e6748baf" +LIC_FILES_CHKSUM = "file://LICENSES/MB/STM.TXT;md5=1b74d8c842307d03c116f2d71cbf868a" inherit deploy @@ -13,7 +13,7 @@ COMPATIBLE_MACHINE = "n1sdp" SRC_URI = "git://git.gitlab.arm.com/arm-reference-solutions/board-firmware.git;protocol=https;branch=n1sdp" -SRCREV = "e6cd91c7a9733e501bc3b57ff6f9eb2461ffee54" +SRCREV = "6d5253584a9c2fdc2edbdc39bf6f2436215d1382" S = "${WORKDIR}/git" @@ -25,6 +25,7 @@ do_install() { cp -Rp --no-preserve=ownership ${S}/* ${D}${INSTALL_DIR} } +FILES:${PN}-staticdev += " ${INSTALL_DIR}/LIB/sensor.a" FILES:${PN} = "${INSTALL_DIR}" SYSROOT_DIRS += "${INSTALL_DIR}" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc index e66469c36e..85f89a0116 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc @@ -3,14 +3,20 @@ SCP_PLATFORM = "n1sdp" SCP_LOG_LEVEL = "INFO" -# master branch at n1sdp: Introduce trusted board boot -SRCREV = "3e4c34ceccc1c960eb3a4adaa922f2a0c6b36be3" +SRCREV = "de7e464ecd77130147103cf48328099c2d0e6289" PV .= "+git${SRCPV}" COMPATIBLE_MACHINE:n1sdp = "n1sdp" DEPENDS += "fiptool-native" DEPENDS += "trusted-firmware-a" +DEPENDS += "n1sdp-board-firmware" + +# The n1sdp sensor library is needed for building SCP N1SDP Platform +# https://github.com/ARM-software/SCP-firmware/tree/master/product/n1sdp +EXTRA_OECMAKE:append = " \ + -DSCP_N1SDP_SENSOR_LIB_PATH=${RECIPE_SYSROOT}/n1sdp-board-firmware_source/LIB/sensor.a \ +" do_install:append() { fiptool \ diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0007-feat-arm-tc-Update-trusty-load-address-in-dts-files.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0007-feat-arm-tc-Update-trusty-load-address-in-dts-files.patch new file mode 100644 index 0000000000..c5a25e9a1a --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0007-feat-arm-tc-Update-trusty-load-address-in-dts-files.patch @@ -0,0 +1,44 @@ +From ea9556a14bec0249ac6e01e4a55cbb04fd15b51a Mon Sep 17 00:00:00 2001 +From: Rupinderjit Singh <rupinderjit.singh@arm.com> +Date: Wed, 27 Jul 2022 09:23:58 +0100 +Subject: [PATCH] feat(arm/tc): Update trusty load-address in dts files. + +Change is required to align with sp header size change from 0x1000 to 0x4000 + +Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com> +Change-Id: Ieeaa7450196b33ecff1612cf3b55cf173a7941e0 +Upstream-Status: Pending [Not submitted to upstream yet] +--- + plat/arm/board/tc/fdts/tc_spmc_trusty_sp_manifest.dts | 2 +- + plat/arm/board/tc/fdts/tc_tb_fw_config.dts | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/plat/arm/board/tc/fdts/tc_spmc_trusty_sp_manifest.dts b/plat/arm/board/tc/fdts/tc_spmc_trusty_sp_manifest.dts +index e2ea7b811..66a686c9a 100644 +--- a/plat/arm/board/tc/fdts/tc_spmc_trusty_sp_manifest.dts ++++ b/plat/arm/board/tc/fdts/tc_spmc_trusty_sp_manifest.dts +@@ -25,7 +25,7 @@ + vm1 { + is_ffa_partition; + debug_name = "trusty"; +- load_address = <0xf901f000>; ++ load_address = <0xf901c000>; + vcpu_count = <8>; + mem_size = <0x3f00000>; /* 64MB TZC DRAM - 1MB align */ + }; +diff --git a/plat/arm/board/tc/fdts/tc_tb_fw_config.dts b/plat/arm/board/tc/fdts/tc_tb_fw_config.dts +index a72772fb3..a5bb520fe 100644 +--- a/plat/arm/board/tc/fdts/tc_tb_fw_config.dts ++++ b/plat/arm/board/tc/fdts/tc_tb_fw_config.dts +@@ -50,7 +50,7 @@ + #elif TRUSTY_SP_FW_CONFIG + trusty { + uuid = "40ee25f0-a2bc-304c-8c4c-a173c57d8af1"; +- load-address = <0xf901f000>; ++ load-address = <0xf901c000>; + }; + #else + cactus-primary { +-- +2.25.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0007-fix-plat-tc-disable-smmu.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0007-fix-plat-tc-disable-smmu.patch deleted file mode 100644 index 91f5a9efa9..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0007-fix-plat-tc-disable-smmu.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 1a051bef6c63f6871edd8d87e969460f073820a7 Mon Sep 17 00:00:00 2001 -From: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com> -Date: Wed, 27 Apr 2022 18:15:47 +0100 -Subject: [PATCH 7/7] fix(plat/tc): disable smmu - -Reserve static shared-dma-pool below 4GB. This removes dependency on -SMMU driver. As there are stability issues in SMMU driver, it is -disabled. This change is temporary and will be reverted upon proper -fix and testing. - -Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com> -Change-Id: I6b1b4c2a0acdf62df8c26007c7ca596774e13710 -Upstream-Status: Pending [Not submitted to upstream yet] ---- - fdts/tc.dts | 16 +++------------- - 1 file changed, 3 insertions(+), 13 deletions(-) - -diff --git a/fdts/tc.dts b/fdts/tc.dts -index dc86958bf..fbae3e3e8 100644 ---- a/fdts/tc.dts -+++ b/fdts/tc.dts -@@ -209,12 +209,12 @@ - linux,cma { - compatible = "shared-dma-pool"; - reusable; -- size = <0x0 0x8000000>; -+ reg = <0x0 0xf1000000 0x0 0x8000000>; - linux,cma-default; - }; - -- optee@0xf8e00000 { -- reg = <0x00000000 0xf8e00000 0 0x00200000>; -+ optee@0xf0e00000 { -+ reg = <0x0 0xf0e00000 0 0x00200000>; - no-map; - }; - }; -@@ -460,13 +460,6 @@ - >; - }; - -- smmu: smmu@2ce00000 { -- #iommu-cells = <1>; -- compatible = "arm,smmu-v3"; -- reg = <0x0 0x2ce00000 0x0 0x20000>; -- status = "okay"; -- }; -- - dp0: display@2cc00000 { - #address-cells = <1>; - #size-cells = <0>; -@@ -476,9 +469,6 @@ - interrupt-names = "DPU"; - clocks = <&scmi_clk 0>; - clock-names = "aclk"; -- iommus = <&smmu 0>, <&smmu 1>, <&smmu 2>, <&smmu 3>, -- <&smmu 4>, <&smmu 5>, <&smmu 6>, <&smmu 7>, -- <&smmu 8>, <&smmu 9>; - pl0: pipeline@0 { - reg = <0>; - clocks = <&scmi_clk 1>; --- -2.30.2 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0008-feat-plat-tc-add-firmware-update-secure-partition.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0008-feat-plat-tc-add-firmware-update-secure-partition.patch new file mode 100644 index 0000000000..d36d95910c --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0008-feat-plat-tc-add-firmware-update-secure-partition.patch @@ -0,0 +1,63 @@ +From 16f183e3c09d64fee92638ea9d0017ac7973ddf8 Mon Sep 17 00:00:00 2001 +From: Tudor Cretu <tudor.cretu@arm.com> +Date: Fri, 24 Sep 2021 12:09:53 +0000 +Subject: [PATCH 1/2] feat(plat/tc): add firmware update secure partition + +Firmware update is a trusted service secure partition that implements +the PSA firmware update specification. It executes in the secure world +in total compute platform. + +Signed-off-by: Davidson K <davidson.kumaresan@arm.com> +Signed-off-by: Tudor Cretu <tudor.cretu@arm.com> +Change-Id: I6223d247b078de8c03b068185bf120b3d502f500 +Upstream-Status: Pending [Not submitted to upstream yet] +--- + plat/arm/board/tc/fdts/tc_spmc_optee_sp_manifest.dts | 9 ++++++++- + plat/arm/board/tc/fdts/tc_tb_fw_config.dts | 4 ++++ + 2 files changed, 12 insertions(+), 1 deletion(-) + +diff --git a/plat/arm/board/tc/fdts/tc_spmc_optee_sp_manifest.dts b/plat/arm/board/tc/fdts/tc_spmc_optee_sp_manifest.dts +index 92e2ddda6..23ad06888 100644 +--- a/plat/arm/board/tc/fdts/tc_spmc_optee_sp_manifest.dts ++++ b/plat/arm/board/tc/fdts/tc_spmc_optee_sp_manifest.dts +@@ -28,7 +28,7 @@ + load_address = <0xfd280000>; + vcpu_count = <8>; + #ifdef TS_SP_FW_CONFIG +- mem_size = <26738688>; /* 25MB TZC DRAM */ ++ mem_size = <20447232>; /* 19MB TZC DRAM */ + #else + mem_size = <30928896>; /* 29MB TZC DRAM */ + #endif +@@ -48,6 +48,13 @@ + vcpu_count = <1>; + mem_size = <2097152>; /* 2MB TZC DRAM */ + }; ++ vm4 { ++ is_ffa_partition; ++ debug_name = "firmware-update"; ++ load_address = <0xfe600000>; ++ vcpu_count = <1>; ++ mem_size = <6291456>; /* 6MB TZC DRAM */ ++ }; + #endif + }; + +diff --git a/plat/arm/board/tc/fdts/tc_tb_fw_config.dts b/plat/arm/board/tc/fdts/tc_tb_fw_config.dts +index a5bb520fe..2c640b363 100644 +--- a/plat/arm/board/tc/fdts/tc_tb_fw_config.dts ++++ b/plat/arm/board/tc/fdts/tc_tb_fw_config.dts +@@ -41,6 +41,10 @@ + uuid = "d9df52d5-16a2-4bb2-9aa4-d26d3b84e8c0"; + load-address = <0xfec00000>; + }; ++ firmware-update { ++ uuid = "6823a838-1b06-470e-9774-0cce8bfb53fd"; ++ load-address = <0xfe600000>; ++ }; + #endif + #if OPTEE_SP_FW_CONFIG + op-tee { +-- +2.34.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0009-feat-plat-tc-reserve-4-MB-for-stmm-communication-use.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0009-feat-plat-tc-reserve-4-MB-for-stmm-communication-use.patch new file mode 100644 index 0000000000..f20f9480a0 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0009-feat-plat-tc-reserve-4-MB-for-stmm-communication-use.patch @@ -0,0 +1,35 @@ +From a8cdd6c67d26c15642338a45279db5e39cf4e565 Mon Sep 17 00:00:00 2001 +From: Davidson K <davidson.kumaresan@arm.com> +Date: Fri, 3 Jun 2022 18:16:31 +0530 +Subject: [PATCH 2/2] feat(plat/tc): reserve 4 MB for stmm communication used + for firmware update + +The firmware update secure partition and u-boot communicates using +the stmm communication layer and it needs a dedicated memory region. + +Signed-off-by: Davidson K <davidson.kumaresan@arm.com> +Change-Id: I8d4da5c26843d225983dcaee0757694a6d43234c +Upstream-Status: Pending [Not submitted to upstream yet] +--- + fdts/tc.dts | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/fdts/tc.dts b/fdts/tc.dts +index dc86958bf..cb504c4a2 100644 +--- a/fdts/tc.dts ++++ b/fdts/tc.dts +@@ -217,6 +217,11 @@ + reg = <0x00000000 0xf8e00000 0 0x00200000>; + no-map; + }; ++ ++ fwu_mm@0xfca00000 { ++ reg = <0x00000000 0xfca00000 0 0x00400000>; ++ no-map; ++ }; + }; + + psci { +-- +2.34.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc index 341c8a278a..3034680d31 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc @@ -37,6 +37,3 @@ EXTRA_OEMAKE:append = " \ BL32=${RECIPE_SYSROOT}/lib/firmware/tee-pager_v2.bin \ LOG_LEVEL=50 \ " - -# trigger TF-M build so TF-A binaries get signed -do_deploy[depends]+= "virtual/trusted-firmware-m:do_prepare_recipe_sysroot" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc index 034dac30f4..9fb567fa74 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc @@ -1,6 +1,7 @@ # N1SDP specific TFA support -SRCREV_tfa = "1d867c14cb41c1171d16fa7e395a4eaed3d572b2" +# Align with post-N1SDP-2022.06.22 refresh +SRCREV_tfa = "1309c6c805190bd376c0561597653f3f8ecd0f58" PV .= "+git${SRCPV}" COMPATIBLE_MACHINE = "n1sdp" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-tc.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-tc.inc index 8cb53dece5..301f97c8fe 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-tc.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-tc.inc @@ -1,5 +1,9 @@ # TC0 specific TFA configuration +# Intermediate SHA with 2.7 baseline version +SRCREV_tfa = "e95abc4c01822ef43e9e874d63d6596dc0b57279" +PV = "2.7+git${SRCPV}" + DEPENDS += "scp-firmware util-linux-native gptfdisk-native" FILESEXTRAPATHS:prepend := "${THISDIR}/files/tc:" @@ -10,7 +14,9 @@ SRC_URI:append = " \ file://0004-fix-plat-tc-increase-tc_tzc_dram1_size.patch \ file://0005-feat-plat-tc-add-spmc-manifest-with-trusty-sp.patch \ file://0006-feat-plat-tc-update-dts-with-trusty-compatible-strin.patch \ - file://0007-fix-plat-tc-disable-smmu.patch \ + file://0007-feat-arm-tc-Update-trusty-load-address-in-dts-files.patch \ + file://0008-feat-plat-tc-add-firmware-update-secure-partition.patch \ + file://0009-feat-plat-tc-reserve-4-MB-for-stmm-communication-use.patch \ file://generate_metadata.py \ " @@ -41,6 +47,7 @@ EXTRA_OEMAKE += "SCP_BL2=${RECIPE_SYSROOT}/firmware/scp_ramfw.bin" EXTRA_OEMAKE += "TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \ ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem" EXTRA_OEMAKE += "PSA_FWU_SUPPORT=1 ARM_GPT_SUPPORT=1" +EXTRA_OEMAKE += "CTX_INCLUDE_MTE_REGS=1" do_generate_gpt() { gpt_image="${BUILD_DIR}/fip_gpt.bin" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc index eb400e5278..95c49d0665 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc @@ -25,25 +25,8 @@ SRC_URI += "git://github.com/OpenAMP/open-amp.git;protocol=https;branch=main;nam SRCREV_openamp = "347397decaa43372fc4d00f965640ebde042966d" EXTRA_OECMAKE += "-DLIBOPENAMP_SRC_PATH=${WORKDIR}/git/openamp -DLIBOPENAMP_BIN_PATH=${B}/libopenamp-build" -DEPENDS += "trusted-firmware-a" - -# adding host images signing support -require trusted-firmware-m-sign-host-images.inc - do_install() { install -D -p -m 0644 ${B}/install/outputs/tfm_s_signed.bin ${D}/firmware/tfm_s_signed.bin install -D -p -m 0644 ${B}/install/outputs/bl2_signed.bin ${D}/firmware/bl2_signed.bin install -D -p -m 0644 ${B}/install/outputs/bl1.bin ${D}/firmware/bl1.bin - - # - # Signing TF-A BL2 and the FIP image - # - - sign_host_image ${TFA_BL2_BINARY} ${RECIPE_SYSROOT}/firmware ${TFA_BL2_RE_IMAGE_LOAD_ADDRESS} ${TFA_BL2_RE_SIGN_BIN_SIZE} - - fiptool update \ - --tb-fw ${D}/firmware/signed_${TFA_BL2_BINARY} \ - ${RECIPE_SYSROOT}/firmware/${TFA_FIP_BINARY} - - sign_host_image ${TFA_FIP_BINARY} ${RECIPE_SYSROOT}/firmware ${TFA_FIP_RE_IMAGE_LOAD_ADDRESS} ${TFA_FIP_RE_SIGN_BIN_SIZE} } diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-sign-host-images.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-sign-host-images.inc deleted file mode 100644 index 49af35683d..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-sign-host-images.inc +++ /dev/null @@ -1,50 +0,0 @@ -# Signing host images using TF-M tools - -DEPENDS += "python3-imgtool-native fiptool-native" - -# -# sign_host_image -# -# Description: -# -# A generic function that signs a host image -# using MCUBOOT format -# -# Arguments: -# -# $1 ... host binary to sign -# $2 ... host binary path -# $3 ... load address of the given binary -# $4 ... signed binary size -# -# Note: The signed binary is copied to ${D}/firmware -# -sign_host_image() { - - host_binary_filename="`basename -s .bin ${1}`" - host_binary_layout="${host_binary_filename}_ns" - - cat << EOF > ${B}/${host_binary_layout} -enum image_attributes { - RE_IMAGE_LOAD_ADDRESS = ${3}, - RE_SIGN_BIN_SIZE = ${4}, -}; -EOF - - host_binary="${2}/`basename ${1}`" - host_binary_signed="${D}/firmware/signed_`basename ${1}`" - - ${PYTHON} ${S}/bl2/ext/mcuboot/scripts/wrapper/wrapper.py \ - -v ${RE_LAYOUT_WRAPPER_VERSION} \ - --layout ${B}/${host_binary_layout} \ - -k ${TFM_SIGN_PRIVATE_KEY} \ - --public-key-format full \ - --align 1 \ - --pad \ - --pad-header \ - -H ${RE_IMAGE_OFFSET} \ - -s auto \ - ${host_binary} \ - ${host_binary_signed} - -} diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0001-cmd-load-add-load-command-for-memory-mapped.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0001-cmd-load-add-load-command-for-memory-mapped.patch index dc64e3cf6c..4d7c51fc39 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0001-cmd-load-add-load-command-for-memory-mapped.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0001-cmd-load-add-load-command-for-memory-mapped.patch @@ -1,7 +1,7 @@ -From 7a1a84ea74fdd06a7f5f239f4c5f4b727d6cd232 Mon Sep 17 00:00:00 2001 +From 910760408430de32ad08b1e5ddf894cc9f2f3d0c Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva <rui.silva@linaro.org> Date: Thu, 24 Jun 2021 09:25:00 +0100 -Subject: [PATCH 01/24] cmd: load: add load command for memory mapped +Subject: [PATCH 01/26] cmd: load: add load command for memory mapped cp.b is used a lot as a way to load binaries to memory and execute them, however we may need to integrate this with the efi subsystem to @@ -16,6 +16,7 @@ with this a kernel with CONFIG_EFI_STUB enabled will be loaded and then subsequently booted with bootefi command. Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +Upstream-Status: Accepted [2022.10-rc1] --- README | 1 + cmd/Kconfig | 6 ++++ @@ -26,7 +27,7 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> 6 files changed, 78 insertions(+) diff --git a/README b/README -index b7ab6e50708d..cd76f95e74c1 100644 +index b7ab6e5070..cd76f95e74 100644 --- a/README +++ b/README @@ -2578,6 +2578,7 @@ rarpboot- boot image via network using RARP/TFTP protocol @@ -38,7 +39,7 @@ index b7ab6e50708d..cd76f95e74c1 100644 mm - memory modify (auto-incrementing) nm - memory modify (constant address) diff --git a/cmd/Kconfig b/cmd/Kconfig -index 09193b61b95f..ba2f321ae989 100644 +index 09193b61b9..ba2f321ae9 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -1143,6 +1143,12 @@ config CMD_LOADB @@ -55,7 +56,7 @@ index 09193b61b95f..ba2f321ae989 100644 bool "loads" default y diff --git a/cmd/bootefi.c b/cmd/bootefi.c -index 827fcd97dfd8..37ce659fa123 100644 +index 827fcd97df..37ce659fa1 100644 --- a/cmd/bootefi.c +++ b/cmd/bootefi.c @@ -34,6 +34,18 @@ static struct efi_device_path *bootefi_device_path; @@ -78,7 +79,7 @@ index 827fcd97dfd8..37ce659fa123 100644 * efi_clear_bootdev() - clear boot device */ diff --git a/cmd/load.c b/cmd/load.c -index 7e4a552d90ef..1224a7f85bb3 100644 +index 7e4a552d90..1224a7f85b 100644 --- a/cmd/load.c +++ b/cmd/load.c @@ -1063,6 +1063,44 @@ static ulong load_serial_ymodem(ulong offset, int mode) @@ -141,7 +142,7 @@ index 7e4a552d90ef..1224a7f85bb3 100644 +); +#endif /* CONFIG_CMD_LOADM */ diff --git a/include/efi_loader.h b/include/efi_loader.h -index 11930fbea838..5b41985244e2 100644 +index 11930fbea8..5b41985244 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -591,6 +591,8 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle, @@ -154,7 +155,7 @@ index 11930fbea838..5b41985244e2 100644 void efi_add_handle(efi_handle_t obj); /* Create handle */ diff --git a/lib/efi_loader/efi_device_path.c b/lib/efi_loader/efi_device_path.c -index 171661b89727..2493d7432613 100644 +index 171661b897..2493d74326 100644 --- a/lib/efi_loader/efi_device_path.c +++ b/lib/efi_loader/efi_device_path.c @@ -1158,6 +1158,8 @@ efi_status_t efi_dp_from_name(const char *dev, const char *devnr, @@ -181,5 +182,5 @@ index 171661b89727..2493d7432613 100644 part = blk_get_device_part_str(dev, devnr, &desc, &fs_partition, 1); -- -2.37.1 +2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0002-arm-add-support-to-corstone1000-platform.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0002-arm-add-support-to-corstone1000-platform.patch index 186362907e..4c7c9b1415 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0002-arm-add-support-to-corstone1000-platform.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0002-arm-add-support-to-corstone1000-platform.patch @@ -1,7 +1,7 @@ -From c9a9a467bb335047812004dd022dcadf9514101f Mon Sep 17 00:00:00 2001 +From 3523b1bac430f10f02a31f7d013ea369e29656be Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva <rui.silva@linaro.org> Date: Tue, 15 Feb 2022 09:44:10 +0000 -Subject: [PATCH 02/24] arm: add support to corstone1000 platform +Subject: [PATCH 02/26] arm: add support to corstone1000 platform Corstone1000 is a platform from arm, which includes pre verified Corstone SSE710 sub-system that combines Cortex-A and @@ -18,6 +18,7 @@ FPGA MPS3 board implementation of this platform. [2] Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +Upstream-Status: Accepted [2022.10-rc1] --- arch/arm/Kconfig | 8 ++ arch/arm/dts/Makefile | 3 + @@ -42,7 +43,7 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> create mode 100644 include/configs/corstone1000.h diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig -index 9898c7d68e1b..2fc2b7d20f12 100644 +index 9898c7d68e..2fc2b7d20f 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -1347,6 +1347,12 @@ config ARCH_VEXPRESS64 @@ -68,7 +69,7 @@ index 9898c7d68e1b..2fc2b7d20f12 100644 source "board/bosch/guardian/Kconfig" source "board/Marvell/octeontx/Kconfig" diff --git a/arch/arm/dts/Makefile b/arch/arm/dts/Makefile -index a7e0d9f6c0e8..8c8f15b6a813 100644 +index a7e0d9f6c0..8c8f15b6a8 100644 --- a/arch/arm/dts/Makefile +++ b/arch/arm/dts/Makefile @@ -1265,6 +1265,9 @@ dtb-$(CONFIG_TARGET_EA_LPC3250DEVKITV2) += lpc3250-ea3250.dtb @@ -83,7 +84,7 @@ index a7e0d9f6c0e8..8c8f15b6a813 100644 targets += $(dtb-y) diff --git a/arch/arm/dts/corstone1000-fvp.dts b/arch/arm/dts/corstone1000-fvp.dts new file mode 100644 -index 000000000000..1fcc137a493c +index 0000000000..1fcc137a49 --- /dev/null +++ b/arch/arm/dts/corstone1000-fvp.dts @@ -0,0 +1,23 @@ @@ -112,7 +113,7 @@ index 000000000000..1fcc137a493c +}; diff --git a/arch/arm/dts/corstone1000-mps3.dts b/arch/arm/dts/corstone1000-mps3.dts new file mode 100644 -index 000000000000..e3146747c2d9 +index 0000000000..e3146747c2 --- /dev/null +++ b/arch/arm/dts/corstone1000-mps3.dts @@ -0,0 +1,32 @@ @@ -150,7 +151,7 @@ index 000000000000..e3146747c2d9 +}; diff --git a/arch/arm/dts/corstone1000.dtsi b/arch/arm/dts/corstone1000.dtsi new file mode 100644 -index 000000000000..d0194aa893f2 +index 0000000000..d0194aa893 --- /dev/null +++ b/arch/arm/dts/corstone1000.dtsi @@ -0,0 +1,169 @@ @@ -325,7 +326,7 @@ index 000000000000..d0194aa893f2 +}; diff --git a/board/armltd/corstone1000/Kconfig b/board/armltd/corstone1000/Kconfig new file mode 100644 -index 000000000000..709674d4cf7d +index 0000000000..709674d4cf --- /dev/null +++ b/board/armltd/corstone1000/Kconfig @@ -0,0 +1,12 @@ @@ -343,7 +344,7 @@ index 000000000000..709674d4cf7d +endif diff --git a/board/armltd/corstone1000/MAINTAINERS b/board/armltd/corstone1000/MAINTAINERS new file mode 100644 -index 000000000000..8c905686de76 +index 0000000000..8c905686de --- /dev/null +++ b/board/armltd/corstone1000/MAINTAINERS @@ -0,0 +1,7 @@ @@ -356,7 +357,7 @@ index 000000000000..8c905686de76 +F: configs/corstone1000_defconfig diff --git a/board/armltd/corstone1000/Makefile b/board/armltd/corstone1000/Makefile new file mode 100644 -index 000000000000..77a82c28929b +index 0000000000..77a82c2892 --- /dev/null +++ b/board/armltd/corstone1000/Makefile @@ -0,0 +1,7 @@ @@ -369,7 +370,7 @@ index 000000000000..77a82c28929b +obj-y := corstone1000.o diff --git a/board/armltd/corstone1000/corstone1000.c b/board/armltd/corstone1000/corstone1000.c new file mode 100644 -index 000000000000..2fa485ff3799 +index 0000000000..2fa485ff37 --- /dev/null +++ b/board/armltd/corstone1000/corstone1000.c @@ -0,0 +1,125 @@ @@ -500,7 +501,7 @@ index 000000000000..2fa485ff3799 +} diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig new file mode 100644 -index 000000000000..02f931b0d469 +index 0000000000..02f931b0d4 --- /dev/null +++ b/configs/corstone1000_defconfig @@ -0,0 +1,80 @@ @@ -586,7 +587,7 @@ index 000000000000..02f931b0d469 +CONFIG_MISC=y diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h new file mode 100644 -index 000000000000..cf166f107efd +index 0000000000..cf166f107e --- /dev/null +++ b/include/configs/corstone1000.h @@ -0,0 +1,86 @@ @@ -677,5 +678,5 @@ index 000000000000..cf166f107efd + "bootefi $kernel_addr_r $fdtcontroladdr;" +#endif -- -2.37.1 +2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0003-usb-common-move-urb-code-to-common.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0003-usb-common-move-urb-code-to-common.patch index 1cebd07279..7e726fead8 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0003-usb-common-move-urb-code-to-common.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0003-usb-common-move-urb-code-to-common.patch @@ -1,12 +1,13 @@ -From 61c5fe3758a0febdee33429f5be16f69279045cc Mon Sep 17 00:00:00 2001 +From 178da5bee196f44c4c10e9804674fe5ac0bc1176 Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva <rui.silva@linaro.org> Date: Mon, 28 Jun 2021 23:20:55 +0100 -Subject: [PATCH 03/24] usb: common: move urb code to common +Subject: [PATCH 03/26] usb: common: move urb code to common Move urb code from musb only use to a more common scope, so other drivers in the future can use the handling of urb in usb. Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +Upstream-Status: Accepted [2022.10-rc1] --- drivers/usb/common/Makefile | 2 + drivers/usb/common/usb_urb.c | 160 ++++++++++++++++++ @@ -23,7 +24,7 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> rename drivers/usb/musb-new/usb-compat.h => include/linux/usb/usb_urb_compat.h (60%) diff --git a/drivers/usb/common/Makefile b/drivers/usb/common/Makefile -index 3bedbf213f47..dc05cb0a5077 100644 +index 3bedbf213f..dc05cb0a50 100644 --- a/drivers/usb/common/Makefile +++ b/drivers/usb/common/Makefile @@ -4,5 +4,7 @@ @@ -36,7 +37,7 @@ index 3bedbf213f47..dc05cb0a5077 100644 obj-$(CONFIG_USB_XHCI_FSL) += fsl-dt-fixup.o fsl-errata.o diff --git a/drivers/usb/common/usb_urb.c b/drivers/usb/common/usb_urb.c new file mode 100644 -index 000000000000..be3b6b9f32e8 +index 0000000000..be3b6b9f32 --- /dev/null +++ b/drivers/usb/common/usb_urb.c @@ -0,0 +1,160 @@ @@ -201,7 +202,7 @@ index 000000000000..be3b6b9f32e8 + return usb_urb_submit(hcd, urb); +} diff --git a/drivers/usb/host/r8a66597-hcd.c b/drivers/usb/host/r8a66597-hcd.c -index f1fc93f3d403..3ccbc16da379 100644 +index f1fc93f3d4..3ccbc16da3 100644 --- a/drivers/usb/host/r8a66597-hcd.c +++ b/drivers/usb/host/r8a66597-hcd.c @@ -14,6 +14,7 @@ @@ -249,7 +250,7 @@ index f1fc93f3d403..3ccbc16da379 100644 { struct usb_device *parent = usb_dev_get_parent(dev); diff --git a/drivers/usb/musb-new/musb_core.c b/drivers/usb/musb-new/musb_core.c -index 18d9bc805f8a..fc7af7484e4c 100644 +index 18d9bc805f..fc7af7484e 100644 --- a/drivers/usb/musb-new/musb_core.c +++ b/drivers/usb/musb-new/musb_core.c @@ -89,9 +89,9 @@ @@ -264,7 +265,7 @@ index 18d9bc805f8a..fc7af7484e4c 100644 #include "musb_core.h" diff --git a/drivers/usb/musb-new/musb_host.c b/drivers/usb/musb-new/musb_host.c -index acb2d40f3b5a..e5905d90d66f 100644 +index acb2d40f3b..e5905d90d6 100644 --- a/drivers/usb/musb-new/musb_host.c +++ b/drivers/usb/musb-new/musb_host.c @@ -26,8 +26,8 @@ @@ -278,7 +279,7 @@ index acb2d40f3b5a..e5905d90d66f 100644 #include "musb_core.h" diff --git a/drivers/usb/musb-new/musb_host.h b/drivers/usb/musb-new/musb_host.h -index afc8fa35a738..5a604bdb0cf2 100644 +index afc8fa35a7..5a604bdb0c 100644 --- a/drivers/usb/musb-new/musb_host.h +++ b/drivers/usb/musb-new/musb_host.h @@ -10,7 +10,7 @@ @@ -291,7 +292,7 @@ index afc8fa35a738..5a604bdb0cf2 100644 static inline struct usb_hcd *musb_to_hcd(struct musb *musb) diff --git a/drivers/usb/musb-new/musb_uboot.c b/drivers/usb/musb-new/musb_uboot.c -index 61ff68def2fa..d186facc7e02 100644 +index 61ff68def2..d186facc7e 100644 --- a/drivers/usb/musb-new/musb_uboot.c +++ b/drivers/usb/musb-new/musb_uboot.c @@ -8,10 +8,10 @@ @@ -347,7 +348,7 @@ index 61ff68def2fa..d186facc7e02 100644 -} -#endif diff --git a/drivers/usb/musb-new/musb_uboot.h b/drivers/usb/musb-new/musb_uboot.h -index 18282efccc9d..6b162f03b19e 100644 +index 18282efccc..6b162f03b1 100644 --- a/drivers/usb/musb-new/musb_uboot.h +++ b/drivers/usb/musb-new/musb_uboot.h @@ -8,8 +8,8 @@ @@ -364,7 +365,7 @@ diff --git a/drivers/usb/musb-new/usb-compat.h b/include/linux/usb/usb_urb_compa similarity index 60% rename from drivers/usb/musb-new/usb-compat.h rename to include/linux/usb/usb_urb_compat.h -index df68c9220a7a..5ed96fa64e96 100644 +index df68c9220a..5ed96fa64e 100644 --- a/drivers/usb/musb-new/usb-compat.h +++ b/include/linux/usb/usb_urb_compat.h @@ -1,16 +1,31 @@ @@ -439,7 +440,7 @@ index df68c9220a7a..5ed96fa64e96 100644 + #endif /* __USB_COMPAT_H__ */ diff --git a/include/usb_defs.h b/include/usb_defs.h -index 6dd2c997f9b3..ec00161710a5 100644 +index 6dd2c997f9..ec00161710 100644 --- a/include/usb_defs.h +++ b/include/usb_defs.h @@ -81,6 +81,32 @@ @@ -493,5 +494,5 @@ index 6dd2c997f9b3..ec00161710a5 100644 /* * Hub Status & Hub Change bit masks -- -2.37.1 +2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0004-usb-add-isp1760-family-driver.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0004-usb-add-isp1760-family-driver.patch index 1dd6f2597e..794389e309 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0004-usb-add-isp1760-family-driver.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0004-usb-add-isp1760-family-driver.patch @@ -1,12 +1,13 @@ -From 8abb9c6a342d750a3a3a66e674c3be6597fc9f66 Mon Sep 17 00:00:00 2001 +From 83ba88292211394ce6b3a21fbc0f702dae543290 Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva <rui.silva@linaro.org> Date: Mon, 28 Jun 2021 23:31:25 +0100 -Subject: [PATCH 04/24] usb: add isp1760 family driver +Subject: [PATCH 04/26] usb: add isp1760 family driver ISP1760/61/63 are a family of usb controllers, blah, blah, more info here. Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +Upstream-Status: Accepted [2022.10-rc1] --- Makefile | 1 + drivers/usb/Kconfig | 2 + @@ -34,7 +35,7 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> create mode 100644 drivers/usb/isp1760/isp1760-uboot.h diff --git a/Makefile b/Makefile -index 98867fbe06b4..67851020f5c1 100644 +index 98867fbe06..67851020f5 100644 --- a/Makefile +++ b/Makefile @@ -841,6 +841,7 @@ libs-y += drivers/usb/host/ @@ -46,7 +47,7 @@ index 98867fbe06b4..67851020f5c1 100644 libs-y += drivers/usb/ulpi/ ifdef CONFIG_POST diff --git a/drivers/usb/Kconfig b/drivers/usb/Kconfig -index ab1d061bd0d5..bbe07be02cab 100644 +index ab1d061bd0..bbe07be02c 100644 --- a/drivers/usb/Kconfig +++ b/drivers/usb/Kconfig @@ -78,6 +78,8 @@ source "drivers/usb/musb/Kconfig" @@ -59,7 +60,7 @@ index ab1d061bd0d5..bbe07be02cab 100644 source "drivers/usb/phy/Kconfig" diff --git a/drivers/usb/common/Makefile b/drivers/usb/common/Makefile -index dc05cb0a5077..f08b064d2493 100644 +index dc05cb0a50..f08b064d24 100644 --- a/drivers/usb/common/Makefile +++ b/drivers/usb/common/Makefile @@ -4,6 +4,7 @@ @@ -72,7 +73,7 @@ index dc05cb0a5077..f08b064d2493 100644 obj-$(CONFIG_USB_EHCI_FSL) += fsl-dt-fixup.o fsl-errata.o diff --git a/drivers/usb/isp1760/Kconfig b/drivers/usb/isp1760/Kconfig new file mode 100644 -index 000000000000..993d71e74cd2 +index 0000000000..993d71e74c --- /dev/null +++ b/drivers/usb/isp1760/Kconfig @@ -0,0 +1,12 @@ @@ -90,7 +91,7 @@ index 000000000000..993d71e74cd2 + capable bus. diff --git a/drivers/usb/isp1760/Makefile b/drivers/usb/isp1760/Makefile new file mode 100644 -index 000000000000..2c809c01b118 +index 0000000000..2c809c01b1 --- /dev/null +++ b/drivers/usb/isp1760/Makefile @@ -0,0 +1,6 @@ @@ -102,7 +103,7 @@ index 000000000000..2c809c01b118 +obj-$(CONFIG_USB_ISP1760) += isp1760.o diff --git a/drivers/usb/isp1760/isp1760-core.c b/drivers/usb/isp1760/isp1760-core.c new file mode 100644 -index 000000000000..3080595549c5 +index 0000000000..3080595549 --- /dev/null +++ b/drivers/usb/isp1760/isp1760-core.c @@ -0,0 +1,378 @@ @@ -486,7 +487,7 @@ index 000000000000..3080595549c5 +} diff --git a/drivers/usb/isp1760/isp1760-core.h b/drivers/usb/isp1760/isp1760-core.h new file mode 100644 -index 000000000000..0a60e30b5fe7 +index 0000000000..0a60e30b5f --- /dev/null +++ b/drivers/usb/isp1760/isp1760-core.h @@ -0,0 +1,96 @@ @@ -588,7 +589,7 @@ index 000000000000..0a60e30b5fe7 +#endif diff --git a/drivers/usb/isp1760/isp1760-hcd.c b/drivers/usb/isp1760/isp1760-hcd.c new file mode 100644 -index 000000000000..b1d86dd69b94 +index 0000000000..b1d86dd69b --- /dev/null +++ b/drivers/usb/isp1760/isp1760-hcd.c @@ -0,0 +1,2574 @@ @@ -3168,7 +3169,7 @@ index 000000000000..b1d86dd69b94 +} diff --git a/drivers/usb/isp1760/isp1760-hcd.h b/drivers/usb/isp1760/isp1760-hcd.h new file mode 100644 -index 000000000000..00f5ca8c1f75 +index 0000000000..00f5ca8c1f --- /dev/null +++ b/drivers/usb/isp1760/isp1760-hcd.h @@ -0,0 +1,82 @@ @@ -3256,7 +3257,7 @@ index 000000000000..00f5ca8c1f75 +#endif /* _ISP1760_HCD_H_ */ diff --git a/drivers/usb/isp1760/isp1760-if.c b/drivers/usb/isp1760/isp1760-if.c new file mode 100644 -index 000000000000..c610da6b23fb +index 0000000000..c610da6b23 --- /dev/null +++ b/drivers/usb/isp1760/isp1760-if.c @@ -0,0 +1,127 @@ @@ -3389,7 +3390,7 @@ index 000000000000..c610da6b23fb +}; diff --git a/drivers/usb/isp1760/isp1760-regs.h b/drivers/usb/isp1760/isp1760-regs.h new file mode 100644 -index 000000000000..94ea60c20b2a +index 0000000000..94ea60c20b --- /dev/null +++ b/drivers/usb/isp1760/isp1760-regs.h @@ -0,0 +1,292 @@ @@ -3687,7 +3688,7 @@ index 000000000000..94ea60c20b2a +#endif diff --git a/drivers/usb/isp1760/isp1760-uboot.c b/drivers/usb/isp1760/isp1760-uboot.c new file mode 100644 -index 000000000000..7635210fe2b4 +index 0000000000..7635210fe2 --- /dev/null +++ b/drivers/usb/isp1760/isp1760-uboot.c @@ -0,0 +1,76 @@ @@ -3769,7 +3770,7 @@ index 000000000000..7635210fe2b4 +}; diff --git a/drivers/usb/isp1760/isp1760-uboot.h b/drivers/usb/isp1760/isp1760-uboot.h new file mode 100644 -index 000000000000..2486de6f9e27 +index 0000000000..2486de6f9e --- /dev/null +++ b/drivers/usb/isp1760/isp1760-uboot.h @@ -0,0 +1,27 @@ @@ -3801,5 +3802,5 @@ index 000000000000..2486de6f9e27 + +#endif -- -2.37.1 +2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0005-corstone1000-enable-isp1763-usb-controller.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0005-corstone1000-enable-isp1763-usb-controller.patch index c4654557c0..6ebba568f9 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0005-corstone1000-enable-isp1763-usb-controller.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0005-corstone1000-enable-isp1763-usb-controller.patch @@ -1,20 +1,21 @@ -From 5031fea320bb4ccc1ce7470193d8f4402ae819c9 Mon Sep 17 00:00:00 2001 +From 8717357eff3f4172c74f0b10078c31cdff9bcc41 Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva <rui.silva@linaro.org> Date: Thu, 3 Mar 2022 16:52:02 +0000 -Subject: [PATCH 05/24] corstone1000: enable isp1763 usb controller +Subject: [PATCH 05/26] corstone1000: enable isp1763 usb controller MPS3 board have a ISP1763 usb controller, add the correspondent mmio area and enable it to be used for mass storage access for example. Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +Upstream-Status: Accepted [2022.10-rc1] --- configs/corstone1000_defconfig | 1 + include/configs/corstone1000.h | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig -index 02f931b0d469..e573fe6fe6a2 100644 +index 02f931b0d4..e573fe6fe6 100644 --- a/configs/corstone1000_defconfig +++ b/configs/corstone1000_defconfig @@ -42,6 +42,7 @@ CONFIG_REGMAP=y @@ -26,7 +27,7 @@ index 02f931b0d469..e573fe6fe6a2 100644 CONFIG_EFI_MM_COMM_TEE=y # CONFIG_OPTEE is not set diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h -index cf166f107efd..8ba0effb0ab2 100644 +index cf166f107e..8ba0effb0a 100644 --- a/include/configs/corstone1000.h +++ b/include/configs/corstone1000.h @@ -55,7 +55,13 @@ @@ -44,5 +45,5 @@ index cf166f107efd..8ba0effb0ab2 100644 "boot_bank_flag=0x08002000\0" \ "kernel_addr_bank_0=0x083EE000\0" \ -- -2.37.1 +2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-arm64-smccc-add-support-for-SMCCCv1.2-x0-x17-registe.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-arm64-smccc-add-support-for-SMCCCv1.2-x0-x17-registe.patch new file mode 100644 index 0000000000..01cd5615c3 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-arm64-smccc-add-support-for-SMCCCv1.2-x0-x17-registe.patch @@ -0,0 +1,204 @@ +From 7afe2370bc24b9003be8184fbd3169ebca03165a Mon Sep 17 00:00:00 2001 +From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Date: Fri, 29 Jul 2022 13:06:19 +0100 +Subject: [PATCH 06/26] arm64: smccc: add support for SMCCCv1.2 x0-x17 + registers + +add support for x0-x17 registers used by the SMC calls + +In SMCCC v1.2 [1] arguments are passed in registers x1-x17. +Results are returned in x0-x17. + +This work is inspired from the following kernel commit: + +arm64: smccc: Add support for SMCCCv1.2 extended input/output registers + +[1]: https://documentation-service.arm.com/static/5f8edaeff86e16515cdbe4c6?token= + +Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/] + +--- + +Changelog: +=============== + +v4: + +* rename the commit title and improve description + new commit title: the current + +v3: + +* port x0-x17 registers support from linux kernel as defined by SMCCCv1.2 + commit title: + arm64: smccc: add Xn registers support used by SMC calls + + arch/arm/cpu/armv8/smccc-call.S | 53 +++++++++++++++++++++++++++++++++ + arch/arm/lib/asm-offsets.c | 13 ++++++++ + include/linux/arm-smccc.h | 43 ++++++++++++++++++++++++++ + 3 files changed, 109 insertions(+) + +diff --git a/arch/arm/cpu/armv8/smccc-call.S b/arch/arm/cpu/armv8/smccc-call.S +index dc92b28777..ec6f299bc9 100644 +--- a/arch/arm/cpu/armv8/smccc-call.S ++++ b/arch/arm/cpu/armv8/smccc-call.S +@@ -1,6 +1,8 @@ + /* SPDX-License-Identifier: GPL-2.0 */ + /* + * Copyright (c) 2015, Linaro Limited ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> + */ + #include <linux/linkage.h> + #include <linux/arm-smccc.h> +@@ -45,3 +47,54 @@ ENDPROC(__arm_smccc_smc) + ENTRY(__arm_smccc_hvc) + SMCCC hvc + ENDPROC(__arm_smccc_hvc) ++ ++#ifdef CONFIG_ARM64 ++ ++ .macro SMCCC_1_2 instr ++ /* Save `res` and free a GPR that won't be clobbered */ ++ stp x1, x19, [sp, #-16]! ++ ++ /* Ensure `args` won't be clobbered while loading regs in next step */ ++ mov x19, x0 ++ ++ /* Load the registers x0 - x17 from the struct arm_smccc_1_2_regs */ ++ ldp x0, x1, [x19, #ARM_SMCCC_1_2_REGS_X0_OFFS] ++ ldp x2, x3, [x19, #ARM_SMCCC_1_2_REGS_X2_OFFS] ++ ldp x4, x5, [x19, #ARM_SMCCC_1_2_REGS_X4_OFFS] ++ ldp x6, x7, [x19, #ARM_SMCCC_1_2_REGS_X6_OFFS] ++ ldp x8, x9, [x19, #ARM_SMCCC_1_2_REGS_X8_OFFS] ++ ldp x10, x11, [x19, #ARM_SMCCC_1_2_REGS_X10_OFFS] ++ ldp x12, x13, [x19, #ARM_SMCCC_1_2_REGS_X12_OFFS] ++ ldp x14, x15, [x19, #ARM_SMCCC_1_2_REGS_X14_OFFS] ++ ldp x16, x17, [x19, #ARM_SMCCC_1_2_REGS_X16_OFFS] ++ ++ \instr #0 ++ ++ /* Load the `res` from the stack */ ++ ldr x19, [sp] ++ ++ /* Store the registers x0 - x17 into the result structure */ ++ stp x0, x1, [x19, #ARM_SMCCC_1_2_REGS_X0_OFFS] ++ stp x2, x3, [x19, #ARM_SMCCC_1_2_REGS_X2_OFFS] ++ stp x4, x5, [x19, #ARM_SMCCC_1_2_REGS_X4_OFFS] ++ stp x6, x7, [x19, #ARM_SMCCC_1_2_REGS_X6_OFFS] ++ stp x8, x9, [x19, #ARM_SMCCC_1_2_REGS_X8_OFFS] ++ stp x10, x11, [x19, #ARM_SMCCC_1_2_REGS_X10_OFFS] ++ stp x12, x13, [x19, #ARM_SMCCC_1_2_REGS_X12_OFFS] ++ stp x14, x15, [x19, #ARM_SMCCC_1_2_REGS_X14_OFFS] ++ stp x16, x17, [x19, #ARM_SMCCC_1_2_REGS_X16_OFFS] ++ ++ /* Restore original x19 */ ++ ldp xzr, x19, [sp], #16 ++ ret ++ .endm ++ ++/* ++ * void arm_smccc_1_2_smc(const struct arm_smccc_1_2_regs *args, ++ * struct arm_smccc_1_2_regs *res); ++ */ ++ENTRY(arm_smccc_1_2_smc) ++ SMCCC_1_2 smc ++ENDPROC(arm_smccc_1_2_smc) ++ ++#endif +diff --git a/arch/arm/lib/asm-offsets.c b/arch/arm/lib/asm-offsets.c +index 22fd541f9a..b6bd1b32b0 100644 +--- a/arch/arm/lib/asm-offsets.c ++++ b/arch/arm/lib/asm-offsets.c +@@ -9,6 +9,8 @@ + * generate asm statements containing #defines, + * compile this file to assembler, and then extract the + * #defines from the assembly-language output. ++ * ++ * (C) Copyright 2022 ARM Limited + */ + + #include <common.h> +@@ -117,6 +119,17 @@ int main(void) + DEFINE(ARM_SMCCC_RES_X2_OFFS, offsetof(struct arm_smccc_res, a2)); + DEFINE(ARM_SMCCC_QUIRK_ID_OFFS, offsetof(struct arm_smccc_quirk, id)); + DEFINE(ARM_SMCCC_QUIRK_STATE_OFFS, offsetof(struct arm_smccc_quirk, state)); ++ #ifdef CONFIG_ARM64 ++ DEFINE(ARM_SMCCC_1_2_REGS_X0_OFFS, offsetof(struct arm_smccc_1_2_regs, a0)); ++ DEFINE(ARM_SMCCC_1_2_REGS_X2_OFFS, offsetof(struct arm_smccc_1_2_regs, a2)); ++ DEFINE(ARM_SMCCC_1_2_REGS_X4_OFFS, offsetof(struct arm_smccc_1_2_regs, a4)); ++ DEFINE(ARM_SMCCC_1_2_REGS_X6_OFFS, offsetof(struct arm_smccc_1_2_regs, a6)); ++ DEFINE(ARM_SMCCC_1_2_REGS_X8_OFFS, offsetof(struct arm_smccc_1_2_regs, a8)); ++ DEFINE(ARM_SMCCC_1_2_REGS_X10_OFFS, offsetof(struct arm_smccc_1_2_regs, a10)); ++ DEFINE(ARM_SMCCC_1_2_REGS_X12_OFFS, offsetof(struct arm_smccc_1_2_regs, a12)); ++ DEFINE(ARM_SMCCC_1_2_REGS_X14_OFFS, offsetof(struct arm_smccc_1_2_regs, a14)); ++ DEFINE(ARM_SMCCC_1_2_REGS_X16_OFFS, offsetof(struct arm_smccc_1_2_regs, a16)); ++ #endif + #endif + + return 0; +diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h +index 7f2be23394..dae58d3476 100644 +--- a/include/linux/arm-smccc.h ++++ b/include/linux/arm-smccc.h +@@ -1,6 +1,8 @@ + /* SPDX-License-Identifier: GPL-2.0 */ + /* + * Copyright (c) 2015, Linaro Limited ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> + */ + #ifndef __LINUX_ARM_SMCCC_H + #define __LINUX_ARM_SMCCC_H +@@ -66,6 +68,47 @@ struct arm_smccc_res { + unsigned long a3; + }; + ++#ifdef CONFIG_ARM64 ++/** ++ * struct arm_smccc_1_2_regs - Arguments for or Results from SMC call ++ * @a0-a17 argument values from registers 0 to 17 ++ */ ++struct arm_smccc_1_2_regs { ++ unsigned long a0; ++ unsigned long a1; ++ unsigned long a2; ++ unsigned long a3; ++ unsigned long a4; ++ unsigned long a5; ++ unsigned long a6; ++ unsigned long a7; ++ unsigned long a8; ++ unsigned long a9; ++ unsigned long a10; ++ unsigned long a11; ++ unsigned long a12; ++ unsigned long a13; ++ unsigned long a14; ++ unsigned long a15; ++ unsigned long a16; ++ unsigned long a17; ++}; ++ ++/** ++ * arm_smccc_1_2_smc() - make SMC calls ++ * @args: arguments passed via struct arm_smccc_1_2_regs ++ * @res: result values via struct arm_smccc_1_2_regs ++ * ++ * This function is used to make SMC calls following SMC Calling Convention ++ * v1.2 or above. The content of the supplied param are copied from the ++ * structure to registers prior to the SMC instruction. The return values ++ * are updated with the content from registers on return from the SMC ++ * instruction. ++ */ ++asmlinkage void arm_smccc_1_2_smc(const struct arm_smccc_1_2_regs *args, ++ struct arm_smccc_1_2_regs *res); ++#endif ++ + /** + * struct arm_smccc_quirk - Contains quirk information + * @id: quirk identification +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-arm64-smccc-clear-the-Xn-registers-after-SMC-calls.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-arm64-smccc-clear-the-Xn-registers-after-SMC-calls.patch new file mode 100644 index 0000000000..cedac06189 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-arm64-smccc-clear-the-Xn-registers-after-SMC-calls.patch @@ -0,0 +1,59 @@ +From 83f9da30247c2d021658bc1b595c59ecc35eadf5 Mon Sep 17 00:00:00 2001 +From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Date: Fri, 29 Jul 2022 13:07:43 +0100 +Subject: [PATCH 07/26] arm64: smccc: clear the Xn registers after SMC calls + +set to zero the x0-x17 registers + +As per the SMCCC v1.2 spec, unused result and scratch registers can leak +information after an SMC call. We can mitigate against this risk by +returning zero in each register. + +Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/] +--- + +Changelog: +=============== + +v4: + +* move the clearing code into a new macro: clear_gp_regs + +v3: + +* clear the Xn registers after SMC calls + + arch/arm/cpu/armv8/smccc-call.S | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/arch/arm/cpu/armv8/smccc-call.S b/arch/arm/cpu/armv8/smccc-call.S +index ec6f299bc9..32f3eb8eeb 100644 +--- a/arch/arm/cpu/armv8/smccc-call.S ++++ b/arch/arm/cpu/armv8/smccc-call.S +@@ -50,6 +50,12 @@ ENDPROC(__arm_smccc_hvc) + + #ifdef CONFIG_ARM64 + ++ .macro clear_gp_regs ++ .irp n,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17 ++ mov x\n, xzr ++ .endr ++ .endm ++ + .macro SMCCC_1_2 instr + /* Save `res` and free a GPR that won't be clobbered */ + stp x1, x19, [sp, #-16]! +@@ -84,6 +90,9 @@ ENDPROC(__arm_smccc_hvc) + stp x14, x15, [x19, #ARM_SMCCC_1_2_REGS_X14_OFFS] + stp x16, x17, [x19, #ARM_SMCCC_1_2_REGS_X16_OFFS] + ++ /* x0-x17 registers can leak information after an SMC or HVC call. Let's clear them */ ++ clear_gp_regs ++ + /* Restore original x19 */ + ldp xzr, x19, [sp], #16 + ret +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-arm_ffa-introducing-MM-communication-with-FF-A.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-arm_ffa-introducing-MM-communication-with-FF-A.patch deleted file mode 100644 index 3b82b416a8..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-arm_ffa-introducing-MM-communication-with-FF-A.patch +++ /dev/null @@ -1,383 +0,0 @@ -From ee7c0aee66db53b2372a3b4245a8754dceee804d Mon Sep 17 00:00:00 2001 -From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> -Date: Wed, 13 Oct 2021 17:51:44 +0100 -Subject: [PATCH 08/24] arm_ffa: introducing MM communication with FF-A - -This commit allows to perform MM communication using FF-A transport. - -The MM SP (also called partition) can be StandAlonneMM or smm-gateway. -Both partitions run in OP-TEE. - -When using the u-boot FF-A driver, StandAlonneMM and smm-gateway are -supported. - -On EFI services such as GetVariable()/SetVariable(), the data -is copied from the communication buffer to the MM shared buffer. - -Then, notifies the MM SP about data availability in the MM shared buffer. -Communication with the MM SP is performed using FF-A transport. - -On such event, MM SP can read the data and updates the MM shared buffer -with response data. - -The response data is copied back to the communication buffer. - -Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - lib/efi_loader/Kconfig | 14 +- - lib/efi_loader/efi_variable_tee.c | 265 +++++++++++++++++++++++++++++- - 2 files changed, 273 insertions(+), 6 deletions(-) - -diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig -index e3f2402d0e8e..37131237af3f 100644 ---- a/lib/efi_loader/Kconfig -+++ b/lib/efi_loader/Kconfig -@@ -60,13 +60,23 @@ config EFI_VARIABLE_FILE_STORE - stored as file /ubootefi.var on the EFI system partition. - - config EFI_MM_COMM_TEE -- bool "UEFI variables storage service via OP-TEE" -- depends on OPTEE -+ bool "UEFI variables storage service via the trusted world" -+ depends on OPTEE || ARM_FFA_TRANSPORT - help -+ the MM SP (also called partition) can be StandAlonneMM or smm-gateway. -+ When using the u-boot OP-TEE driver, StandAlonneMM is supported. -+ When using the u-boot FF-A driver, StandAlonneMM and smm-gateway are supported. -+ - If OP-TEE is present and running StandAloneMM, dispatch all UEFI - variable related operations to that. The application will verify, - authenticate and store the variables on an RPMB. - -+ When ARM_FFA_TRANSPORT is used, dispatch all UEFI variable related -+ operations to the MM SP running under Optee in the trusted world. -+ A door bell mechanism is used to notify the SP when there is data in the shared -+ MM buffer. The data is copied by u-boot to thea shared buffer before issuing -+ the door bell event. -+ - config EFI_VARIABLE_NO_STORE - bool "Don't persist non-volatile UEFI variables" - help -diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c -index dfef18435dfa..9cb8cfb9c779 100644 ---- a/lib/efi_loader/efi_variable_tee.c -+++ b/lib/efi_loader/efi_variable_tee.c -@@ -15,6 +15,28 @@ - #include <malloc.h> - #include <mm_communication.h> - -+#if (IS_ENABLED(CONFIG_OPTEE)) -+#define OPTEE_PAGE_SIZE BIT(12) -+#endif -+ -+#if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) -+ -+#include <arm_ffa_helper.h> -+#include <mapmem.h> -+ -+/* MM return codes */ -+#define MM_SUCCESS (0) -+ -+#define ARM_SVC_ID_SP_EVENT_COMPLETE_AARCH64 (0xC4000061) -+#define ARM_SVC_ID_SP_EVENT_COMPLETE ARM_SVC_ID_SP_EVENT_COMPLETE_AARCH64 -+ -+/* MM_SP_UUID_DATA defined by the platform */ -+union ffa_partition_uuid mm_sp_svc_uuid = {.bytes = {MM_SP_UUID_DATA}}; -+ -+static u16 __efi_runtime_data mm_sp_id; -+ -+#endif -+ - extern struct efi_var_file __efi_runtime_data *efi_var_buf; - static efi_uintn_t max_buffer_size; /* comm + var + func + data */ - static efi_uintn_t max_payload_size; /* func + data */ -@@ -24,6 +46,7 @@ struct mm_connection { - u32 session; - }; - -+#if (IS_ENABLED(CONFIG_OPTEE)) - /** - * get_connection() - Retrieve OP-TEE session for a specific UUID. - * -@@ -143,16 +166,229 @@ static efi_status_t optee_mm_communicate(void *comm_buf, ulong dsize) - - return ret; - } -+#endif -+ -+#if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) -+ -+/** -+ * ffa_notify_mm_sp() - Announce there is data in the shared buffer -+ * -+ * Notifies the MM partition in the trusted world that -+ * data is available in the shared buffer. -+ * This is a blocking call during which trusted world has exclusive access -+ * to the MM shared buffer. -+ * -+ * Return: -+ * -+ * 0 on success -+ */ -+static int __efi_runtime ffa_notify_mm_sp(void) -+{ -+ struct ffa_interface_data func_data = {0}; -+ struct ffa_send_direct_data msg = {0}; -+ int ret; -+ u32 sp_event_complete; -+ int sp_event_ret; -+ -+ func_data.data0_size = sizeof(mm_sp_id); -+ func_data.data0 = &mm_sp_id; -+ -+ msg.a3 = FFA_SHARED_MM_BUFFER_ADDR; -+ msg.a4 = FFA_SHARED_MM_BUFFER_SIZE; -+ func_data.data1_size = sizeof(msg); -+ func_data.data1 = &msg; -+ -+ ret = ffa_helper_msg_send_direct_req(&func_data); -+ if (ret != FFA_ERR_STAT_SUCCESS) { -+ log_err("EFI: Failure to notify the MM SP , FF-A error (%d)\n", ret); -+ return ret; -+ } -+ -+ sp_event_complete = msg.a3; -+ sp_event_ret = (int)msg.a4; -+ -+ if (sp_event_complete == ARM_SVC_ID_SP_EVENT_COMPLETE && sp_event_ret == MM_SUCCESS) -+ return 0; -+ -+ log_err("EFI: Failure to notify the MM SP (0x%x , %d)\n", -+ sp_event_complete, -+ sp_event_ret); -+ -+ return -EACCES; -+} -+ -+/** -+ * ffa_discover_mm_sp_id() - Query the MM partition ID -+ * -+ * Use the FF-A driver to get the MM partition ID. -+ * If multiple partitions are found, use the first one -+ * -+ * Return: -+ * -+ * 0 on success -+ */ -+static int __efi_runtime ffa_discover_mm_sp_id(void) -+{ -+ struct ffa_interface_data func_data = {0}; -+ u32 count = 0; -+ int ret; -+ struct ffa_partition_info *parts_info; -+ -+ /* -+ * get from the driver the count of the SPs matching the UUID -+ */ -+ func_data.data0_size = sizeof(mm_sp_svc_uuid); -+ func_data.data0 = &mm_sp_svc_uuid; -+ func_data.data1_size = sizeof(count); -+ func_data.data1 = &count; -+ -+ ret = ffa_helper_get_partitions_info(&func_data); -+ if (ret != FFA_ERR_STAT_SUCCESS) { -+ log_err("EFI: Failure in querying partitions count (error code: %d)\n", ret); -+ return ret; -+ } -+ -+ if (!count) { -+ log_info("EFI: No MM partition found\n"); -+ return ret; -+ } -+ -+ /* -+ * pre-allocate a buffer to be filled by the driver -+ * with ffa_partition_info structs -+ */ -+ -+ parts_info = calloc(count, sizeof(struct ffa_partition_info)); -+ if (!parts_info) -+ return -EINVAL; -+ -+ log_info("EFI: Pre-allocating %d partition(s) info structures\n", count); -+ -+ func_data.data1_size = count * -+ sizeof(struct ffa_partition_info); -+ func_data.data1 = parts_info; -+ -+ /* -+ * ask the driver to fill the -+ * buffer with the SPs info -+ */ -+ ret = ffa_helper_get_partitions_info(&func_data); -+ if (ret != FFA_ERR_STAT_SUCCESS) { -+ log_err("EFI: Failure in querying partition(s) info (error code: %d)\n", ret); -+ free(parts_info); -+ return ret; -+ } -+ -+ /* -+ * MM SPs found , use the first one -+ */ -+ -+ mm_sp_id = parts_info[0].id; -+ -+ log_info("EFI: MM partition ID 0x%x\n", mm_sp_id); -+ -+ free(parts_info); -+ -+ return 0; -+} - - /** -- * mm_communicate() - Adjust the cmonnucation buffer to StandAlonneMM and send -+ * ffa_mm_communicate() - Exchange EFI services data with the MM partition using FF-A -+ * @comm_buf: locally allocated communication buffer used for for rx/tx -+ * @dsize: communication buffer size -+ * -+ * Issues a door bell event to notify the MM partition (SP) running in OP-TEE -+ * that there is data to read from the shared buffer. -+ * Communication with the MM SP is performed using FF-A transport. -+ * On the event, MM SP can read the data from the buffer and -+ * update the MM shared buffer with response data. -+ * The response data is copied back to the communication buffer. -+ * -+ * Return: -+ * -+ * EFI status code -+ */ -+static efi_status_t __efi_runtime ffa_mm_communicate(void *comm_buf, ulong comm_buf_size) -+{ -+ ulong tx_data_size; -+ int ffa_ret; -+ struct efi_mm_communicate_header *mm_hdr; -+ void *virt_shared_buf; -+ -+ if (!comm_buf) -+ return EFI_INVALID_PARAMETER; -+ -+ /* Discover MM partition ID */ -+ if (!mm_sp_id && ffa_discover_mm_sp_id() != FFA_ERR_STAT_SUCCESS) { -+ log_err("EFI: Failure to discover MM partition ID\n"); -+ return EFI_UNSUPPORTED; -+ } -+ -+ mm_hdr = (struct efi_mm_communicate_header *)comm_buf; -+ tx_data_size = mm_hdr->message_len + sizeof(efi_guid_t) + sizeof(size_t); -+ -+ if (comm_buf_size != tx_data_size || tx_data_size > FFA_SHARED_MM_BUFFER_SIZE) -+ return EFI_INVALID_PARAMETER; -+ -+ /* Copy the data to the shared buffer */ -+ -+ virt_shared_buf = (void *)map_sysmem((phys_addr_t)FFA_SHARED_MM_BUFFER_ADDR, 0); -+ efi_memcpy_runtime(virt_shared_buf, comm_buf, tx_data_size); -+ -+ /* Announce there is data in the shared buffer */ -+ -+ ffa_ret = ffa_notify_mm_sp(); -+ if (ffa_ret) -+ unmap_sysmem(virt_shared_buf); -+ -+ switch (ffa_ret) { -+ case 0: -+ { -+ ulong rx_data_size; -+ /* Copy the MM SP response from the shared buffer to the communication buffer */ -+ rx_data_size = ((struct efi_mm_communicate_header *)virt_shared_buf)->message_len + -+ sizeof(efi_guid_t) + -+ sizeof(size_t); -+ -+ if (rx_data_size > comm_buf_size) { -+ unmap_sysmem(virt_shared_buf); -+ return EFI_OUT_OF_RESOURCES; -+ } -+ -+ efi_memcpy_runtime(comm_buf, virt_shared_buf, rx_data_size); -+ unmap_sysmem(virt_shared_buf); -+ -+ return EFI_SUCCESS; -+ } -+ case -EINVAL: -+ return EFI_DEVICE_ERROR; -+ case -EPERM: -+ return EFI_INVALID_PARAMETER; -+ case -EACCES: -+ return EFI_ACCESS_DENIED; -+ case -EBUSY: -+ return EFI_OUT_OF_RESOURCES; -+ default: -+ return EFI_ACCESS_DENIED; -+ } -+} -+#endif -+ -+/** -+ * mm_communicate() - Adjust the communication buffer to the MM SP and send - * it to OP-TEE - * -- * @comm_buf: locally allocted communcation buffer -+ * @comm_buf: locally allocted communication buffer - * @dsize: buffer size -+ * -+ * The MM SP (also called partition) can be StandAlonneMM or smm-gateway. -+ * The comm_buf format is the same for both partitions. -+ * When using the u-boot OP-TEE driver, StandAlonneMM is supported. -+ * When using the u-boot FF-A driver, StandAlonneMM and smm-gateway are supported. -+ * - * Return: status code - */ --static efi_status_t mm_communicate(u8 *comm_buf, efi_uintn_t dsize) -+static efi_status_t __efi_runtime mm_communicate(u8 *comm_buf, efi_uintn_t dsize) - { - efi_status_t ret; - struct efi_mm_communicate_header *mm_hdr; -@@ -162,7 +398,11 @@ static efi_status_t mm_communicate(u8 *comm_buf, efi_uintn_t dsize) - mm_hdr = (struct efi_mm_communicate_header *)comm_buf; - var_hdr = (struct smm_variable_communicate_header *)mm_hdr->data; - -+ #if (IS_ENABLED(CONFIG_OPTEE)) - ret = optee_mm_communicate(comm_buf, dsize); -+ #elif (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) -+ ret = ffa_mm_communicate(comm_buf, dsize); -+ #endif - if (ret != EFI_SUCCESS) { - log_err("%s failed!\n", __func__); - return ret; -@@ -258,6 +498,23 @@ efi_status_t EFIAPI get_max_payload(efi_uintn_t *size) - goto out; - } - *size = var_payload->size; -+ -+ #if (IS_ENABLED(CONFIG_OPTEE)) -+ /* -+ * Although the max payload is configurable on StMM, we only share a -+ * single page from OP-TEE for the non-secure buffer used to communicate -+ * with StMM. Since OP-TEE will reject to map anything bigger than that, -+ * make sure we are in bounds. -+ */ -+ if (*size > OPTEE_PAGE_SIZE) -+ *size = OPTEE_PAGE_SIZE - MM_COMMUNICATE_HEADER_SIZE - -+ MM_VARIABLE_COMMUNICATE_SIZE; -+ #elif (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) -+ if (*size > FFA_SHARED_MM_BUFFER_SIZE) -+ *size = FFA_SHARED_MM_BUFFER_SIZE - MM_COMMUNICATE_HEADER_SIZE - -+ MM_VARIABLE_COMMUNICATE_SIZE; -+ #endif -+ - /* - * There seems to be a bug in EDK2 miscalculating the boundaries and - * size checks, so deduct 2 more bytes to fulfill this requirement. Fix -@@ -697,7 +954,7 @@ void efi_variables_boot_exit_notify(void) - ret = EFI_NOT_FOUND; - - if (ret != EFI_SUCCESS) -- log_err("Unable to notify StMM for ExitBootServices\n"); -+ log_err("Unable to notify the MM partition for ExitBootServices\n"); - free(comm_buf); - - /* --- -2.37.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-lib-uuid-introduce-be_uuid_str_to_le_bin-function.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-lib-uuid-introduce-be_uuid_str_to_le_bin-function.patch new file mode 100644 index 0000000000..769209b901 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-lib-uuid-introduce-be_uuid_str_to_le_bin-function.patch @@ -0,0 +1,127 @@ +From af17d357674393565c8be15f21c86cba972963e7 Mon Sep 17 00:00:00 2001 +From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Date: Thu, 4 Aug 2022 16:46:47 +0100 +Subject: [PATCH 08/26] lib: uuid: introduce be_uuid_str_to_le_bin function + +convert big endian UUID string to little endian buffer + +Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/] +--- + +Changelog: +=============== + +v4: + +* rename ffa_uuid_str_to_bin to be_uuid_str_to_le_bin and put in + a standalone commit (the current) + +v3: + +* introduce ffa_uuid_str_to_bin (provided by + arm_ffa: introduce Arm FF-A low-level driver) + + include/uuid.h | 6 +++++ + lib/uuid.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 69 insertions(+) + +diff --git a/include/uuid.h b/include/uuid.h +index 4a4883d3b5..5355230b5e 100644 +--- a/include/uuid.h ++++ b/include/uuid.h +@@ -44,4 +44,10 @@ int uuid_guid_get_bin(const char *guid_str, unsigned char *guid_bin); + const char *uuid_guid_get_str(const unsigned char *guid_bin); + void gen_rand_uuid(unsigned char *uuid_bin); + void gen_rand_uuid_str(char *uuid_str, int str_format); ++ ++/** ++ * be_uuid_str_to_le_bin - Converts a big endian UUID string to a little endian buffer ++ */ ++int be_uuid_str_to_le_bin(const char *uuid_str, unsigned char *uuid_bin); ++ + #endif +diff --git a/lib/uuid.c b/lib/uuid.c +index 284f8113ff..d0fa51d0bf 100644 +--- a/lib/uuid.c ++++ b/lib/uuid.c +@@ -1,6 +1,7 @@ + // SPDX-License-Identifier: GPL-2.0+ + /* + * Copyright 2011 Calxeda, Inc. ++ * Copyright 2022 ARM Limited + */ + + #include <common.h> +@@ -342,6 +343,68 @@ int uuid_str_to_bin(const char *uuid_str, unsigned char *uuid_bin, + return 0; + } + ++/** ++ * be_uuid_str_to_le_bin - Converts a big endian UUID string to a little endian buffer ++ * @uuid_str: UUID string in big endian format (36 bytes wide + '/0') ++ * @uuid_bin: preallocated 16 bytes UUID buffer in little endian format ++ * ++ * UUID string is 36 characters (36 bytes): ++ * ++ * xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx ++ * be be be be be ++ * ++ * where x is a hexadecimal character. Fields are separated by '-'s. ++ * When converting to a binary UUID, these endianness rules apply: ++ * be: means the field in the string is considered a big endian hex number ++ * and should be converted to little endian binary format ++ * ++ * Return: ++ * ++ * uuid_bin filled with little endian UUID data ++ * On success 0 is returned. Otherwise, failure code. ++ */ ++int be_uuid_str_to_le_bin(const char *uuid_str, unsigned char *uuid_bin) ++{ ++ u16 tmp16 = 0; ++ u32 tmp32 = 0; ++ u64 tmp64 = 0; ++ ++ if (!uuid_str_valid(uuid_str) || !uuid_bin) ++ return -EINVAL; ++ ++ /* ++ * reverse bytes from big to little endian ++ */ ++ tmp32 = simple_strtoul(uuid_str, NULL, 16); ++ memcpy(uuid_bin, &tmp32, 4); ++ ++ /* ++ * reverse bytes from big to little endian ++ */ ++ tmp16 = simple_strtoul(uuid_str + 9, NULL, 16); ++ memcpy(uuid_bin + 4, &tmp16, 2); ++ ++ /* ++ * reverse bytes from big to little endian ++ */ ++ tmp16 = simple_strtoul(uuid_str + 14, NULL, 16); ++ memcpy(uuid_bin + 6, &tmp16, 2); ++ ++ /* ++ * reverse bytes from big to little endian ++ */ ++ tmp16 = simple_strtoul(uuid_str + 19, NULL, 16); ++ memcpy(uuid_bin + 8, &tmp16, 2); ++ ++ /* ++ * reverse bytes from big to little endian ++ */ ++ tmp64 = simple_strtoull(uuid_str + 24, NULL, 16); ++ memcpy(uuid_bin + 10, (char *)&tmp64, 6); ++ ++ return 0; ++} ++ + /* + * uuid_bin_to_str() - convert big endian binary data to string UUID or GUID. + * +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-arm_ffa-introduce-Arm-FF-A-low-level-driver.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-arm_ffa-introduce-Arm-FF-A-low-level-driver.patch new file mode 100644 index 0000000000..64653b30fa --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-arm_ffa-introduce-Arm-FF-A-low-level-driver.patch @@ -0,0 +1,2245 @@ +From 4729efd57e260b8c02d8cd1c30a443d29885dbd1 Mon Sep 17 00:00:00 2001 +From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Date: Mon, 15 Aug 2022 15:00:44 +0100 +Subject: [PATCH 09/26] arm_ffa: introduce Arm FF-A low-level driver + +Add the driver implementing Arm Firmware Framework for Armv8-A v1.0 + +The Firmware Framework for Arm A-profile processors (FF-A) +describes interfaces (ABIs) that standardize communication +between the Secure World and Normal World leveraging TrustZone +technology. + +This driver uses 64-bit registers as per SMCCCv1.2 spec and comes +on top of the SMCCC layer. The driver provides the FF-A ABIs needed for +querying the FF-A framework from the secure world. + +32-bit version of the ABIs is supported and 64-bit version of FFA_RXTX_MAP +and FFA_MSG_SEND_DIRECT_{REQ, RESP}. + +In u-boot FF-A design, FF-A is considered as a discoverable bus. +The Secure World is considered as one entity to communicate with +using the FF-A bus. FF-A communication is handled by one device and +one instance (the bus). This FF-A driver takes care of all the +interactions between Normal world and Secure World. + +The driver exports its operations to be used by upper layers. + +Exported operations: + +- partition_info_get +- sync_send_receive +- rxtx_unmap + +This implementation provides an optional feature to copy the driver data +to EFI runtime area. + +Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/] +--- + +Changelog: +=============== + +v4: + +* add doc/README.ffa.drv +* moving the FF-A driver work to drivers/firmware/arm-ffa +* use less #ifdefs in lib/efi_loader/efi_boottime.c and replace + #if defined by #if CONFIG_IS_ENABLED +* improving error handling by mapping the FF-A errors to standard errors + and logs +* replacing panics with an error log and returning an error code +* improving features discovery in FFA_FEATURES by introducing + rxtx_min_pages private data field +* add ffa_remove and ffa_bind functions +* improve how the driver behaves when bus discovery is done more than + once + +v3: + +* align the interfaces of the u-boot FF-A driver with those in the linux + FF-A driver +* remove the FF-A helper layer +* make the u-boot FF-A driver independent from EFI +* provide an optional config that enables copying the driver data to EFI + runtime section at ExitBootServices service +* use 64-bit version of FFA_RXTX_MAP, FFA_MSG_SEND_DIRECT_{REQ, RESP} + +v2: + +* make FF-A bus discoverable using device_{bind, probe} APIs +* remove device tree support + +v1: + +* introduce FF-A bus driver with device tree support + + MAINTAINERS | 7 + + common/board_r.c | 7 + + doc/README.ffa.drv | 160 ++ + drivers/Kconfig | 2 + + drivers/Makefile | 1 + + drivers/firmware/arm-ffa/Kconfig | 39 + + drivers/firmware/arm-ffa/Makefile | 7 + + drivers/firmware/arm-ffa/arm-ffa-uclass.c | 16 + + drivers/firmware/arm-ffa/arm_ffa_prv.h | 196 +++ + drivers/firmware/arm-ffa/core.c | 1344 +++++++++++++++++ + .../arm-ffa/efi_ffa_runtime_data_mgr.c | 94 ++ + include/arm_ffa.h | 127 ++ + include/dm/uclass-id.h | 1 + + lib/efi_loader/efi_boottime.c | 12 + + 14 files changed, 2013 insertions(+) + create mode 100644 doc/README.ffa.drv + create mode 100644 drivers/firmware/arm-ffa/Kconfig + create mode 100644 drivers/firmware/arm-ffa/Makefile + create mode 100644 drivers/firmware/arm-ffa/arm-ffa-uclass.c + create mode 100644 drivers/firmware/arm-ffa/arm_ffa_prv.h + create mode 100644 drivers/firmware/arm-ffa/core.c + create mode 100644 drivers/firmware/arm-ffa/efi_ffa_runtime_data_mgr.c + create mode 100644 include/arm_ffa.h + +diff --git a/MAINTAINERS b/MAINTAINERS +index 7f27ff4c20..e760b4ca3a 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -244,6 +244,13 @@ F: board/CZ.NIC/ + F: configs/turris_*_defconfig + F: include/configs/turris_*.h + ++ARM FF-A ++M: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> ++S: Maintained ++F: doc/README.ffa.drv ++F: drivers/firmware/arm-ffa/ ++F: include/arm_ffa.h ++ + ARM FREESCALE IMX + M: Stefano Babic <sbabic@denx.de> + M: Fabio Estevam <festevam@gmail.com> +diff --git a/common/board_r.c b/common/board_r.c +index 6f4aca2077..c75634286b 100644 +--- a/common/board_r.c ++++ b/common/board_r.c +@@ -63,6 +63,10 @@ + #include <efi_loader.h> + #include <relocate.h> + ++#ifdef CONFIG_ARM_FFA_TRANSPORT ++#include <arm_ffa.h> ++#endif ++ + DECLARE_GLOBAL_DATA_PTR; + + ulong monitor_flash_len; +@@ -779,6 +783,9 @@ static init_fnc_t init_sequence_r[] = { + INIT_FUNC_WATCHDOG_RESET + initr_net, + #endif ++#ifdef CONFIG_ARM_FFA_TRANSPORT ++ ffa_bus_discover, ++#endif + #ifdef CONFIG_POST + initr_post, + #endif +diff --git a/doc/README.ffa.drv b/doc/README.ffa.drv +new file mode 100644 +index 0000000000..1c0a33deb8 +--- /dev/null ++++ b/doc/README.ffa.drv +@@ -0,0 +1,160 @@ ++Arm FF-A Driver ++==================== ++ ++Introduction ++-------------------- ++ ++FF-A stands for Firmware Framework for Arm A-profile processors. ++ ++FF-A specifies interfaces that enable a pair of software sandboxes to communicate with each other. A sandbox aka partition could ++be a VM in the Normal or Secure world, an application in S-EL0, or a Trusted OS in S-EL1. ++ ++This FF-A driver implements the interfaces to communicate with partitions in the Secure world aka Secure partitions (SPs). ++ ++The driver specifically focuses on communicating with SPs that isolate portions of EFI runtime services that must run in a ++protected environment which is inaccessible by the Host OS or Hypervisor. Examples of such services are set/get variables. ++ ++FF-A driver uses the SMC ABIs defined by the FF-A specification to: ++ ++- Discover the presence of SPs of interest. ++- Access an SP's service through communication protocols e.g. EFI MM communication protocol. ++ ++FF-A and SMC specifications ++------------------------------------------- ++ ++The current implementation of the driver relies on FF-A specification v1.0 and uses SMC32 calling convention. ++ ++The driver has been tested with Optee OS which supports SMC32 for most of the SMC ABIs. ++ ++For more details please refer to: https://developer.arm.com/documentation/den0077/a/?lang=en ++ ++The FF-A driver uses 64-bit registers as per SMCCCv1.2 specification. ++ ++For more details please refer to: https://documentation-service.arm.com/static/5f8edaeff86e16515cdbe4c6?token= ++ ++Supported hardware ++-------------------------------- ++ ++Aarch64 plaforms ++ ++Configuration ++---------------------- ++ ++CONFIG_ARM_FFA_TRANSPORT ++ Enables the FF-A bus driver. Turn this on if you want to use FF-A communication. ++ ++CONFIG_ARM_FFA_EFI_RUNTIME_MODE ++ Optional config that enables EFI runtime support for FF-A data and code. ++ ffa_copy_runtime_data allows to copy the FF-A driver data structures to EFI runtime data section. ++ Turning the config on makes ffa_copy_runtime_data available for use and the driver code placed at EFI runtime code section. ++ Call ffa_copy_runtime_data at the event on which you want the FF-A data to be copied (example: at ExitBootServices). ++ ++CONFIG_SANDBOX_FFA ++ Enables FF-A Sandbox driver. This emulates the FF-A ABIs handling under Sandbox and provides ++ functional tests for FF-A. ++ ++FF-A ABIs under the hood ++--------------------------------------- ++ ++Invoking an FF-A ABI involves providing to the secure world/hypervisor the expected arguments from the ABI. ++ ++The ABI arguments are stored in x0 to x7 registers. Then, an SMC instruction is executed. ++ ++At the secure side level or hypervisor the ABI is handled at a higher exception level and the arguments are read and processed. ++ ++The response is put back through x0 to x7 registers and control is giving back to the u-boot FF-A driver (non secure world). ++ ++The driver reads the response and processes it accordingly. ++ ++This methodology applies to all the FF-A ABIs in the driver. ++ ++FF-A bus discovery in u-boot ++------------------------------------------- ++ ++When CONFIG_ARM_FFA_TRANSPORT is enabled, the FF-A bus is automatically discovered at initcall level (after u-boot relocation). ++ ++The function that triggers the discovery process is ffa_bus_discover. ++ ++ffa_bus_discover creates, binds and probes the arm_ffa device using device_{bind, probe} APIs. ++ ++When the device is probed, ffa_probe is called which tries to communicate with the secure world or hypervisor. ++ ++The FF-A bus is usable when these checks succeed: ++ ++- querying the FF-A framework version ++- querying from secure world the u-boot endpoint ID ++- querying from secure world the supported features of the specified FF-A calls ++- mapping the RX/TX buffers ++- querying from secure world all the partitions information ++ ++Probing fails when any of these operations fail. The FF-A bus discovery succeeds when probing is successful. ++ ++When discovery fails the arm_ffa device is destroyed. ++ ++The bus driver layer ++------------------------------ ++ ++The driver comes on top of the SMCCC layer and is implemented in drivers/firmware/arm-ffa/core.c ++ ++The driver provides the following features: ++ ++- Support for the 32-bit version of the following ABIs: ++ ++FFA_VERSION ++FFA_ID_GET ++FFA_FEATURES ++FFA_PARTITION_INFO_GET ++FFA_RXTX_UNMAP ++FFA_RX_RELEASE ++FFA_RUN ++FFA_ERROR ++FFA_SUCCESS ++FFA_INTERRUPT ++ ++- Support for the 64-bit version of the following ABIs: ++ ++FFA_RXTX_MAP ++FFA_MSG_SEND_DIRECT_REQ ++FFA_MSG_SEND_DIRECT_RESP ++ ++- Processing the received data from the secure world/hypervisor and caching it ++ ++- Hiding from upper layers the FF-A protocol and registers details. Upper layers focus on exchanged data, ++the driver takes care of how to transport that to the secure world/hypervisor using FF-A. ++ ++- The driver provides callbacks to be used by clients to access the FF-A bus: ++ ++partition_info_get ++sync_send_receive ++rxtx_unmap ++ ++- FF-A bus discovery at initcalls level (after u-boot relocation). The bus is up and running if the FF-A framework is responsive and compatible with the driver. ++ ++- When EFI is enabled, unmap the RX/TX buffers at ExitBootServices() level. ++ ++- When CONFIG_ARM_FFA_EFI_RUNTIME_MODE enabled, ffa_copy_runtime_data function is available for use. ++ ++Using armffa command ++----------------------------------- ++ ++armffa is a command showcasing how to use the FF-A driver and how to invoke its operations. ++ ++This provides a guidance to the client developers on how to call the FF-A bus interfaces. ++ ++Usage: ++ ++armffa <sub-command> <arguments> ++ ++sub-commands: ++ ++ getpart <partition UUID> ++ ++ lists the partition(s) info ++ ++ ping <partition ID> ++ ++ sends a data pattern to the specified partition ++ ++ devlist ++ ++ displays the arm_ffa device info +diff --git a/drivers/Kconfig b/drivers/Kconfig +index b26ca8cf70..4a602517bf 100644 +--- a/drivers/Kconfig ++++ b/drivers/Kconfig +@@ -6,6 +6,8 @@ source "drivers/core/Kconfig" + + source "drivers/adc/Kconfig" + ++source "drivers/firmware/arm-ffa/Kconfig" ++ + source "drivers/ata/Kconfig" + + source "drivers/axi/Kconfig" +diff --git a/drivers/Makefile b/drivers/Makefile +index 67c8af7442..77db8736e6 100644 +--- a/drivers/Makefile ++++ b/drivers/Makefile +@@ -109,6 +109,7 @@ obj-y += iommu/ + obj-y += smem/ + obj-y += thermal/ + obj-$(CONFIG_TEE) += tee/ ++obj-$(CONFIG_ARM_FFA_TRANSPORT) += firmware/arm-ffa/ + obj-y += axi/ + obj-y += ufs/ + obj-$(CONFIG_W1) += w1/ +diff --git a/drivers/firmware/arm-ffa/Kconfig b/drivers/firmware/arm-ffa/Kconfig +new file mode 100644 +index 0000000000..aceb61cf49 +--- /dev/null ++++ b/drivers/firmware/arm-ffa/Kconfig +@@ -0,0 +1,39 @@ ++# SPDX-License-Identifier: GPL-2.0 ++ ++config ARM_FFA_TRANSPORT ++ bool "Enable Arm Firmware Framework for Armv8-A driver" ++ depends on DM && ARM64 ++ select ARM_SMCCC ++ select LIB_UUID ++ select DEVRES ++ help ++ The Firmware Framework for Arm A-profile processors (FF-A) ++ describes interfaces (ABIs) that standardize communication ++ between the Secure World and Normal World leveraging TrustZone ++ technology. ++ ++ This driver is based on FF-A specification v1.0 and uses SMC32 ++ calling convention. ++ ++ FF-A specification: ++ ++ https://developer.arm.com/documentation/den0077/a/?lang=en ++ ++ In u-boot FF-A design, FF-A is considered as a discoverable bus. ++ The Secure World is considered as one entity to communicate with ++ using the FF-A bus. ++ FF-A communication is handled by one device and one instance (the bus). ++ This FF-A driver takes care of all the interactions between Normal world ++ and Secure World. ++ ++ For more details about the FF-A driver, please refer to doc/README.ffa.drv ++ ++config ARM_FFA_EFI_RUNTIME_MODE ++ bool "Enable EFI runtime support for FF-A data and code" ++ depends on ARM_FFA_TRANSPORT && EFI_LOADER ++ help ++ Allows FF-A driver data structures and code to be accessible at EFI runtime. ++ FF-A data is copied by ffa_copy_runtime_data function. ++ The driver Code needed at runtime is placed at EFI runtime code section. ++ Turning this on makes ffa_copy_runtime_data available for use and the driver ++ code placed at EFI runtime code section. +diff --git a/drivers/firmware/arm-ffa/Makefile b/drivers/firmware/arm-ffa/Makefile +new file mode 100644 +index 0000000000..0b9b0a61b4 +--- /dev/null ++++ b/drivers/firmware/arm-ffa/Makefile +@@ -0,0 +1,7 @@ ++# SPDX-License-Identifier: GPL-2.0+ ++# ++# (C) Copyright 2022 Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> ++# ++ ++obj-y += arm-ffa-uclass.o core.o ++obj-$(CONFIG_ARM_FFA_EFI_RUNTIME_MODE) += efi_ffa_runtime_data_mgr.o +diff --git a/drivers/firmware/arm-ffa/arm-ffa-uclass.c b/drivers/firmware/arm-ffa/arm-ffa-uclass.c +new file mode 100644 +index 0000000000..7d9695d289 +--- /dev/null ++++ b/drivers/firmware/arm-ffa/arm-ffa-uclass.c +@@ -0,0 +1,16 @@ ++// SPDX-License-Identifier: GPL-2.0+ ++/* ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> ++ */ ++ ++#include <common.h> ++#include <dm.h> ++#include <asm/global_data.h> ++ ++DECLARE_GLOBAL_DATA_PTR; ++ ++UCLASS_DRIVER(ffa) = { ++ .name = "ffa", ++ .id = UCLASS_FFA, ++}; +diff --git a/drivers/firmware/arm-ffa/arm_ffa_prv.h b/drivers/firmware/arm-ffa/arm_ffa_prv.h +new file mode 100644 +index 0000000000..7bc90f7f66 +--- /dev/null ++++ b/drivers/firmware/arm-ffa/arm_ffa_prv.h +@@ -0,0 +1,196 @@ ++/* SPDX-License-Identifier: GPL-2.0+ */ ++/* ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> ++ */ ++ ++#ifndef __ARM_FFA_PRV_H ++#define __ARM_FFA_PRV_H ++ ++#include <arm_ffa.h> ++#include <linux/bitfield.h> ++#include <linux/bitops.h> ++#include <linux/arm-smccc.h> ++ ++/* ++ * This header is private. It is exclusively used by the FF-A driver ++ */ ++ ++/* FF-A core driver name */ ++#define FFA_DRV_NAME "arm_ffa" ++ ++/* FF-A driver version definitions */ ++ ++#define MAJOR_VERSION_MASK GENMASK(30, 16) ++#define MINOR_VERSION_MASK GENMASK(15, 0) ++#define GET_FFA_MAJOR_VERSION(x) \ ++ ((u16)(FIELD_GET(MAJOR_VERSION_MASK, (x)))) ++#define GET_FFA_MINOR_VERSION(x) \ ++ ((u16)(FIELD_GET(MINOR_VERSION_MASK, (x)))) ++#define PACK_VERSION_INFO(major, minor) \ ++ (FIELD_PREP(MAJOR_VERSION_MASK, (major)) | \ ++ FIELD_PREP(MINOR_VERSION_MASK, (minor))) ++ ++#define FFA_MAJOR_VERSION (1) ++#define FFA_MINOR_VERSION (0) ++#define FFA_VERSION_1_0 \ ++ PACK_VERSION_INFO(FFA_MAJOR_VERSION, FFA_MINOR_VERSION) ++ ++/* Endpoint ID mask (u-boot endpoint ID) */ ++ ++#define GET_SELF_ENDPOINT_ID_MASK GENMASK(15, 0) ++#define GET_SELF_ENDPOINT_ID(x) \ ++ ((u16)(FIELD_GET(GET_SELF_ENDPOINT_ID_MASK, (x)))) ++ ++#define PREP_SELF_ENDPOINT_ID_MASK GENMASK(31, 16) ++#define PREP_SELF_ENDPOINT_ID(x) \ ++ (FIELD_PREP(PREP_SELF_ENDPOINT_ID_MASK, (x))) ++ ++/* Partition endpoint ID mask (partition with which u-boot communicates with) */ ++ ++#define PREP_PART_ENDPOINT_ID_MASK GENMASK(15, 0) ++#define PREP_PART_ENDPOINT_ID(x) \ ++ (FIELD_PREP(PREP_PART_ENDPOINT_ID_MASK, (x))) ++ ++/* ++ * Definitions of the Arm FF-A interfaces supported by the Arm FF-A driver ++ */ ++ ++#define FFA_SMC(calling_convention, func_num) \ ++ ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, (calling_convention), \ ++ ARM_SMCCC_OWNER_STANDARD, (func_num)) ++ ++#define FFA_SMC_32(func_num) FFA_SMC(ARM_SMCCC_SMC_32, (func_num)) ++#define FFA_SMC_64(func_num) FFA_SMC(ARM_SMCCC_SMC_64, (func_num)) ++ ++enum ffa_abis { ++ FFA_ERROR = 0x60, ++ FFA_SUCCESS = 0x61, ++ FFA_INTERRUPT = 0x62, ++ FFA_VERSION = 0x63, ++ FFA_FEATURES = 0x64, ++ FFA_RX_RELEASE = 0x65, ++ FFA_RXTX_MAP = 0x66, ++ FFA_RXTX_UNMAP = 0x67, ++ FFA_PARTITION_INFO_GET = 0x68, ++ FFA_ID_GET = 0x69, ++ FFA_RUN = 0x6D, ++ FFA_MSG_SEND_DIRECT_REQ = 0x6F, ++ FFA_MSG_SEND_DIRECT_RESP = 0x70, ++ ++ /* to be updated when adding new FFA IDs */ ++ FFA_FIRST_ID = FFA_ERROR, /* lowest number ID*/ ++ FFA_LAST_ID = FFA_MSG_SEND_DIRECT_RESP, /* highest number ID*/ ++}; ++ ++/* number of the errors supported by the FF-A specification */ ++#define MAX_NUMBER_FFA_ERR 9 ++ ++/* container structure and helper macros to map between an FF-A error and relevant error log */ ++struct ffa_abi_errmap { ++ char *err_str[MAX_NUMBER_FFA_ERR]; ++}; ++ ++#define FFA_ERRMAP_COUNT (FFA_LAST_ID - FFA_FIRST_ID + 1) ++#define FFA_ID_TO_ERRMAP_ID(ffa_id) ((ffa_id) - FFA_FIRST_ID) ++ ++/* The FF-A SMC function definitions */ ++ ++typedef struct arm_smccc_1_2_regs ffa_value_t; ++typedef void (*invoke_ffa_fn_t)(ffa_value_t args, ffa_value_t *res); ++ ++/* ++ * struct ffa_partition_uuid - 16 bytes UUID transmitted by FFA_PARTITION_INFO_GET ++ * @a1-4: 32-bit words access to the UUID data ++ * ++ */ ++struct ffa_partition_uuid { ++ u32 a1; /* w1 */ ++ u32 a2; /* w2 */ ++ u32 a3; /* w3 */ ++ u32 a4; /* w4 */ ++}; ++ ++/** ++ * enum ffa_rxtx_buf_sizes - minimum sizes supported ++ * for the RX/TX buffers ++ */ ++enum ffa_rxtx_buf_sizes { ++ RXTX_4K, ++ RXTX_64K, ++ RXTX_16K ++}; ++ ++/** ++ * struct ffa_rxtxpair - structure hosting the RX/TX buffers virtual addresses ++ * @rxbuf: virtual address of the RX buffer ++ * @txbuf: virtual address of the TX buffer ++ * @rxtx_min_pages: RX/TX buffers minimum size in pages ++ * ++ * Data structure hosting the virtual addresses of the mapped RX/TX buffers ++ * These addresses are used by the FF-A functions that use the RX/TX buffers ++ */ ++struct ffa_rxtxpair { ++ u64 rxbuf; /* virtual address */ ++ u64 txbuf; /* virtual address */ ++ size_t rxtx_min_pages; /* minimum number of pages in each of the RX/TX buffers */ ++}; ++ ++/** ++ * struct ffa_partition_desc - the secure partition descriptor ++ * @info: partition information ++ * @sp_uuid: the secure partition UUID ++ * ++ * Each partition has its descriptor containing the partitions information and the UUID ++ */ ++struct ffa_partition_desc { ++ struct ffa_partition_info info; ++ struct ffa_partition_uuid sp_uuid; ++}; ++ ++/** ++ * struct ffa_partitions - descriptors for all secure partitions ++ * @count: The number of partitions descriptors ++ * @descs The partitions descriptors table ++ * ++ * This data structure contains the partitions descriptors table ++ */ ++struct ffa_partitions { ++ u32 count; ++ struct ffa_partition_desc *descs; /* virtual address */ ++}; ++ ++/** ++ * struct ffa_prvdata - the driver private data structure ++ * ++ * @dev: The arm_ffa device under u-boot driver model ++ * @ffa_ops: The driver operations structure ++ * @fwk_version: FF-A framework version ++ * @id: u-boot endpoint ID ++ * @partitions: The partitions descriptors structure ++ * @pair: The RX/TX buffers pair ++ * @invoke_ffa_fn: The function executing the FF-A function ++ * ++ * The driver data structure hosting all resident data. ++ */ ++struct ffa_prvdata { ++ struct udevice *dev; ++ struct ffa_bus_ops ffa_ops; ++ u32 fwk_version; ++ u16 id; ++ struct ffa_partitions partitions; ++ struct ffa_rxtxpair pair; ++ invoke_ffa_fn_t invoke_ffa_fn; ++}; ++ ++/** ++ * ffa_device_get - create, bind and probe the arm_ffa device ++ */ ++int ffa_device_get(void); ++ ++/** ++ * ffa_bus_prvdata_get - bus driver private data getter ++ */ ++struct ffa_prvdata **ffa_bus_prvdata_get(void); ++ ++#endif +diff --git a/drivers/firmware/arm-ffa/core.c b/drivers/firmware/arm-ffa/core.c +new file mode 100644 +index 0000000000..41c7b96e68 +--- /dev/null ++++ b/drivers/firmware/arm-ffa/core.c +@@ -0,0 +1,1344 @@ ++// SPDX-License-Identifier: GPL-2.0+ ++/* ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> ++ */ ++ ++#include "arm_ffa_prv.h" ++#include <asm/global_data.h> ++#include <common.h> ++#include <dm.h> ++#include <dm/device-internal.h> ++#include <dm/devres.h> ++#include <dm/root.h> ++#include <linux/errno.h> ++#include <linux/sizes.h> ++#include <log.h> ++#include <malloc.h> ++#include <string.h> ++#include <uuid.h> ++ ++DECLARE_GLOBAL_DATA_PTR; ++ ++/** ++ * The device private data structure containing all the resident ++ * data read from secure world ++ */ ++__ffa_runtime_data struct ffa_prvdata *ffa_priv_data; ++ ++/* Error mapping declarations */ ++ ++__ffa_runtime_data int ffa_to_std_errmap[MAX_NUMBER_FFA_ERR] = { ++ 0, ++ -EOPNOTSUPP, /* NOT_SUPPORTED */ ++ -EINVAL, /* INVALID_PARAMETERS */ ++ -ENOMEM, /* NO_MEMORY */ ++ -EBUSY, /* BUSY */ ++ -EINTR, /* INTERRUPTED */ ++ -EACCES, /* DENIED */ ++ -EAGAIN, /* RETRY */ ++ -ECANCELED, /* ABORTED */ ++}; ++ ++struct ffa_abi_errmap err_msg_map[FFA_ERRMAP_COUNT] = { ++ [FFA_ID_TO_ERRMAP_ID(FFA_VERSION)] = { ++ { ++ "", ++ "NOT_SUPPORTED: A Firmware Framework implementation does not exist", ++ "", /* INVALID_PARAMETERS */ ++ "", /* NO_MEMORY */ ++ "", /* BUSY */ ++ "", /* INTERRUPTED */ ++ "", /* DENIED */ ++ "", /* RETRY */ ++ "", /* ABORTED */ ++ }, ++ }, ++ [FFA_ID_TO_ERRMAP_ID(FFA_ID_GET)] = { ++ { ++ "", ++ "NOT_SUPPORTED: This function is not implemented at this FF-A instance", ++ "", /* INVALID_PARAMETERS */ ++ "", /* NO_MEMORY */ ++ "", /* BUSY */ ++ "", /* INTERRUPTED */ ++ "", /* DENIED */ ++ "", /* RETRY */ ++ "", /* ABORTED */ ++ }, ++ }, ++ [FFA_ID_TO_ERRMAP_ID(FFA_FEATURES)] = { ++ { ++ "", ++ "NOT_SUPPORTED: FFA_RXTX_MAP is not implemented at this FF-A instance", ++ "", /* INVALID_PARAMETERS */ ++ "", /* NO_MEMORY */ ++ "", /* BUSY */ ++ "", /* INTERRUPTED */ ++ "", /* DENIED */ ++ "", /* RETRY */ ++ "", /* ABORTED */ ++ }, ++ }, ++ [FFA_ID_TO_ERRMAP_ID(FFA_PARTITION_INFO_GET)] = { ++ { ++ "", ++ "NOT_SUPPORTED: This function is not implemented at this FF-A instance", ++ "INVALID_PARAMETERS: Unrecognized UUID", ++ "NO_MEMORY: Results cannot fit in RX buffer of the caller", ++ "BUSY: RX buffer of the caller is not free", ++ "", /* INTERRUPTED */ ++ "DENIED: Callee is not in a state to handle this request", ++ "", /* RETRY */ ++ "", /* ABORTED */ ++ }, ++ }, ++ [FFA_ID_TO_ERRMAP_ID(FFA_RXTX_UNMAP)] = { ++ { ++ "", ++ "NOT_SUPPORTED: FFA_RXTX_UNMAP is not implemented at this FF-A instance", ++ "INVALID_PARAMETERS: No buffer pair registered on behalf of the caller", ++ "", /* NO_MEMORY */ ++ "", /* BUSY */ ++ "", /* INTERRUPTED */ ++ "", /* DENIED */ ++ "", /* RETRY */ ++ "", /* ABORTED */ ++ }, ++ }, ++ [FFA_ID_TO_ERRMAP_ID(FFA_RX_RELEASE)] = { ++ { ++ "", ++ "NOT_SUPPORTED: FFA_RX_RELEASE is not implemented at this FF-A instance", ++ "", /* INVALID_PARAMETERS */ ++ "", /* NO_MEMORY */ ++ "", /* BUSY */ ++ "", /* INTERRUPTED */ ++ "DENIED: Caller did not have ownership of the RX buffer", ++ "", /* RETRY */ ++ "", /* ABORTED */ ++ }, ++ }, ++ [FFA_ID_TO_ERRMAP_ID(FFA_RXTX_MAP)] = { ++ { ++ "", ++ "NOT_SUPPORTED: This function is not implemented at this FF-A instance", ++ "INVALID_PARAMETERS: Field(s) in input parameters incorrectly encoded", ++ "NO_MEMORY: Not enough memory", ++ "", /* BUSY */ ++ "", /* INTERRUPTED */ ++ "DENIED: Buffer pair already registered", ++ "", /* RETRY */ ++ "", /* ABORTED */ ++ }, ++ }, ++}; ++ ++/** ++ * ffa_to_std_errno - convert FF-A error code to standard error code ++ * @ffa_errno: Error code returned by the FF-A ABI ++ * ++ * This runtime function maps the given FF-A error code as specified ++ * by the spec to a u-boot standard error code. ++ * ++ * Return: ++ * ++ * The standard error code on success. . Otherwise, failure ++ */ ++__ffa_runtime int ffa_to_std_errno(int ffa_errno) ++{ ++ int err_idx = -ffa_errno; ++ ++ /* map the FF-A error code to the standard u-boot error code */ ++ if (err_idx > 0 && err_idx < MAX_NUMBER_FFA_ERR) ++ return ffa_to_std_errmap[err_idx]; ++ return -EINVAL; ++} ++ ++/** ++ * ffa_print_error_log - print the error log corresponding to the selected FF-A ABI ++ * @ffa_id: FF-A ABI ID ++ * @ffa_errno: Error code returned by the FF-A ABI ++ * ++ * This boot time function maps the FF-A error code to the error log relevant to the ++ * selected FF-A ABI. Then the error log is printed. ++ * ++ * Return: ++ * ++ * 0 on success. . Otherwise, failure ++ */ ++int ffa_print_error_log(u32 ffa_id, int ffa_errno) ++{ ++ int err_idx = -ffa_errno, abi_idx = 0; ++ ++ /* map the FF-A error code to the corresponding error log */ ++ ++ if (err_idx <= 0 || err_idx >= MAX_NUMBER_FFA_ERR) ++ return -EINVAL; ++ ++ if (ffa_id < FFA_FIRST_ID || ffa_id > FFA_LAST_ID) ++ return -EINVAL; ++ ++ abi_idx = FFA_ID_TO_ERRMAP_ID(ffa_id); ++ if (abi_idx < 0 || abi_idx >= FFA_ERRMAP_COUNT) ++ return -EINVAL; ++ ++ if (!err_msg_map[abi_idx].err_str || !err_msg_map[abi_idx].err_str[err_idx]) ++ return -EINVAL; ++ ++ ffa_err("%s", err_msg_map[abi_idx].err_str[err_idx]); ++ ++ return 0; ++} ++ ++/* ++ * Driver core functions ++ */ ++ ++/** ++ * ffa_remove_device - removes the arm_ffa device ++ * @dev: the device to be removed ++ * ++ * This boot time function makes sure the arm_ffa device is removed ++ * No need to free the kmalloced data when the device is destroyed. ++ * It's automatically done by devm management by ++ * device_remove() -> device_free() -> devres_release_probe(). ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++int ffa_remove_device(struct udevice *dev) ++{ ++ int ret; ++ ++ if (!dev) { ++ ffa_err("no udevice found"); ++ return -ENODEV; ++ } ++ ++ ret = device_remove(dev, DM_REMOVE_NORMAL); ++ if (ret) { ++ ffa_err("unable to remove. err:%d\n", ret); ++ return ret; ++ } ++ ++ ffa_info("device removed and freed"); ++ ++ ret = device_unbind(dev); ++ if (ret) { ++ ffa_err("unable to unbind. err:%d\n", ret); ++ return ret; ++ } ++ ++ ffa_info("device unbound"); ++ ++ return 0; ++} ++ ++/** ++ * ffa_device_get - create, bind and probe the arm_ffa device ++ * ++ * This boot time function makes sure the arm_ffa device is ++ * created, bound to this driver, probed and ready to use. ++ * Arm FF-A transport is implemented through a single u-boot ++ * device managing the FF-A bus (arm_ffa). ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++int ffa_device_get(void) ++{ ++ int ret; ++ struct udevice *dev = NULL; ++ ++ ret = device_bind(dm_root(), ++ DM_DRIVER_GET(arm_ffa), ++ FFA_DRV_NAME, ++ NULL, ++ ofnode_null(), ++ &dev); ++ if (ret) ++ return ret; ++ ++ /* The FF-A bus discovery succeeds when probing is successful */ ++ ret = device_probe(dev); ++ if (ret) { ++ ffa_err("arm_ffa device probing failed"); ++ ffa_remove_device(dev); ++ return ret; ++ } ++ ++ return 0; ++} ++ ++/** ++ * ffa_get_version - FFA_VERSION handler function ++ * ++ * This is the boot time function that implements FFA_VERSION FF-A function ++ * to get from the secure world the FF-A framework version ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_get_version(void) ++{ ++ u16 major, minor; ++ ffa_value_t res = {0}; ++ int ffa_errno; ++ ++ ffa_priv_data->invoke_ffa_fn((ffa_value_t){ ++ .a0 = FFA_SMC_32(FFA_VERSION), ++ .a1 = FFA_VERSION_1_0, .a2 = 0, .a3 = 0, .a4 = 0, .a5 = 0, .a6 = 0, .a7 = 0, ++ }, &res); ++ ++ ffa_errno = (int)res.a0; ++ if (ffa_errno < 0) { ++ ffa_print_error_log(FFA_VERSION, ffa_errno); ++ return ffa_to_std_errno(ffa_errno); ++ } ++ ++ major = GET_FFA_MAJOR_VERSION((u32)res.a0); ++ minor = GET_FFA_MINOR_VERSION((u32)res.a0); ++ ++ ffa_info("FF-A driver %d.%d\nFF-A framework %d.%d", ++ FFA_MAJOR_VERSION, FFA_MINOR_VERSION, major, minor); ++ ++ if ((major == FFA_MAJOR_VERSION && minor >= FFA_MINOR_VERSION)) { ++ ffa_info("Versions are compatible "); ++ ++ ffa_priv_data->fwk_version = (u32)res.a0; ++ ++ return 0; ++ } ++ ++ ffa_err("versions are incompatible\nExpected: %d.%d , Found: %d.%d\n", ++ FFA_MAJOR_VERSION, FFA_MINOR_VERSION, major, minor); ++ ++ return -EPROTONOSUPPORT; ++} ++ ++/** ++ * ffa_get_endpoint_id - FFA_ID_GET handler function ++ * ++ * This is the boot time function that implements FFA_ID_GET FF-A function ++ * to get from the secure world u-boot endpoint ID ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_get_endpoint_id(void) ++{ ++ ffa_value_t res = {0}; ++ int ffa_errno; ++ ++ ffa_priv_data->invoke_ffa_fn((ffa_value_t){ ++ .a0 = FFA_SMC_32(FFA_ID_GET), ++ .a1 = 0, .a2 = 0, .a3 = 0, .a4 = 0, .a5 = 0, .a6 = 0, .a7 = 0, ++ }, &res); ++ ++ if (res.a0 == FFA_SMC_32(FFA_SUCCESS)) { ++ ffa_priv_data->id = GET_SELF_ENDPOINT_ID((u32)res.a2); ++ ffa_info("endpoint ID is %u", ffa_priv_data->id); ++ ++ return 0; ++ } ++ ++ ffa_errno = (int)res.a2; ++ ++ ffa_print_error_log(FFA_ID_GET, ffa_errno); ++ ++ return ffa_to_std_errno(ffa_errno); ++} ++ ++/** ++ * ffa_set_rxtx_buffers_pages_cnt - sets the minimum number of pages in each of the RX/TX buffers ++ * @prop_field: properties field obtained from FFA_FEATURES ABI ++ * ++ * This boot time function sets the minimum number of pages ++ * in each of the RX/TX buffers in the private data structure ++ * ++ * Return: ++ * ++ * buf_4k_pages points to the returned number of pages ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_set_rxtx_buffers_pages_cnt(u32 prop_field) ++{ ++ if (!ffa_priv_data) ++ return -EINVAL; ++ ++ switch (prop_field) { ++ case RXTX_4K: ++ ffa_priv_data->pair.rxtx_min_pages = 1; ++ break; ++ case RXTX_16K: ++ ffa_priv_data->pair.rxtx_min_pages = 4; ++ break; ++ case RXTX_64K: ++ ffa_priv_data->pair.rxtx_min_pages = 16; ++ break; ++ default: ++ ffa_err("RX/TX buffer size not supported"); ++ return -EINVAL; ++ } ++ ++ return 0; ++} ++ ++/** ++ * ffa_get_rxtx_map_features - FFA_FEATURES handler function with FFA_RXTX_MAP argument ++ * ++ * This is the boot time function that implements FFA_FEATURES FF-A function ++ * to retrieve the FFA_RXTX_MAP features ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_get_rxtx_map_features(void) ++{ ++ ffa_value_t res = {0}; ++ int ffa_errno; ++ ++ ffa_priv_data->invoke_ffa_fn((ffa_value_t){ ++ .a0 = FFA_SMC_32(FFA_FEATURES), ++ .a1 = FFA_SMC_64(FFA_RXTX_MAP), ++ .a2 = 0, .a3 = 0, .a4 = 0, .a5 = 0, .a6 = 0, .a7 = 0, ++ }, &res); ++ ++ if (res.a0 == FFA_SMC_32(FFA_SUCCESS)) ++ return ffa_set_rxtx_buffers_pages_cnt((u32)res.a2); ++ ++ ffa_errno = (int)res.a2; ++ ffa_print_error_log(FFA_FEATURES, ffa_errno); ++ ++ return ffa_to_std_errno(ffa_errno); ++} ++ ++/** ++ * ffa_free_rxtx_buffers - frees the RX/TX buffers ++ * ++ * This is the boot time function used to free the RX/TX buffers ++ * ++ */ ++static void ffa_free_rxtx_buffers(void) ++{ ++ ffa_info("Freeing RX/TX buffers"); ++ ++ if (ffa_priv_data->pair.rxbuf) { ++ free((void *)ffa_priv_data->pair.rxbuf); ++ ffa_priv_data->pair.rxbuf = 0; ++ } ++ ++ if (ffa_priv_data->pair.txbuf) { ++ free((void *)ffa_priv_data->pair.txbuf); ++ ffa_priv_data->pair.txbuf = 0; ++ } ++} ++ ++/** ++ * ffa_alloc_rxtx_buffers - allocates the RX/TX buffers ++ * ++ * This is the boot time function used by ffa_map_rxtx_buffers to allocate ++ * the RX/TX buffers before mapping them. The allocated memory is physically ++ * contiguous since memalign ends up calling malloc which allocates ++ * contiguous memory in u-boot. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_alloc_rxtx_buffers(void) ++{ ++ u64 bytes; ++ ++ ffa_info("Using %lu 4KB page(s) for RX/TX buffers size", ++ ffa_priv_data->pair.rxtx_min_pages); ++ ++ bytes = ffa_priv_data->pair.rxtx_min_pages * SZ_4K; ++ ++ /* RX/TX buffers addresses should be PAGE_SIZE aligned */ ++ ++ ffa_priv_data->pair.rxbuf = (u64)memalign(PAGE_SIZE, bytes); ++ if (!ffa_priv_data->pair.rxbuf) { ++ ffa_err("failure to allocate RX buffer"); ++ return -ENOBUFS; ++ } ++ ++ ffa_info("RX buffer at virtual address 0x%llx", ffa_priv_data->pair.rxbuf); ++ ++ ffa_priv_data->pair.txbuf = (u64)memalign(PAGE_SIZE, bytes); ++ if (!ffa_priv_data->pair.txbuf) { ++ free((void *)ffa_priv_data->pair.rxbuf); ++ ffa_priv_data->pair.rxbuf = 0; ++ ffa_err("failure to allocate the TX buffer"); ++ return -ENOBUFS; ++ } ++ ++ ffa_info("TX buffer at virtual address 0x%llx", ffa_priv_data->pair.txbuf); ++ ++ /* ++ * make sure the buffers are cleared before use ++ */ ++ memset((void *)ffa_priv_data->pair.rxbuf, 0, bytes); ++ memset((void *)ffa_priv_data->pair.txbuf, 0, bytes); ++ ++ return 0; ++} ++ ++/** ++ * ffa_map_rxtx_buffers - FFA_RXTX_MAP handler function ++ * ++ * This is the boot time function that implements FFA_RXTX_MAP FF-A function ++ * to map the RX/TX buffers ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_map_rxtx_buffers(void) ++{ ++ int ret; ++ ffa_value_t res = {0}; ++ int ffa_errno; ++ ++ ret = ffa_alloc_rxtx_buffers(); ++ if (ret) ++ return ret; ++ ++ /* ++ * we need to pass the physical addresses of the RX/TX buffers ++ * in u-boot physical/virtual mapping is 1:1 ++ *no need to convert from virtual to physical ++ */ ++ ++ ffa_priv_data->invoke_ffa_fn((ffa_value_t){ ++ .a0 = FFA_SMC_64(FFA_RXTX_MAP), ++ .a1 = ffa_priv_data->pair.txbuf, ++ .a2 = ffa_priv_data->pair.rxbuf, ++ .a3 = ffa_priv_data->pair.rxtx_min_pages, ++ .a4 = 0, .a5 = 0, .a6 = 0, .a7 = 0, ++ }, &res); ++ ++ if (res.a0 == FFA_SMC_32(FFA_SUCCESS)) { ++ ffa_info("RX/TX buffers mapped"); ++ return 0; ++ } ++ ++ ffa_errno = (int)res.a2; ++ ffa_print_error_log(FFA_RXTX_MAP, ffa_errno); ++ ++ ffa_free_rxtx_buffers(); ++ ++ return ffa_to_std_errno(ffa_errno); ++} ++ ++/** ++ * ffa_unmap_rxtx_buffers - FFA_RXTX_UNMAP handler function ++ * ++ * This is the boot time function that implements FFA_RXTX_UNMAP FF-A function ++ * to unmap the RX/TX buffers ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_unmap_rxtx_buffers(void) ++{ ++ ffa_value_t res = {0}; ++ int ffa_errno; ++ ++ ffa_priv_data->invoke_ffa_fn((ffa_value_t){ ++ .a0 = FFA_SMC_32(FFA_RXTX_UNMAP), ++ .a1 = PREP_SELF_ENDPOINT_ID(ffa_priv_data->id), ++ .a2 = 0, .a3 = 0, .a4 = 0, .a5 = 0, .a6 = 0, .a7 = 0, ++ }, &res); ++ ++ if (res.a0 == FFA_SMC_32(FFA_SUCCESS)) { ++ ffa_free_rxtx_buffers(); ++ return 0; ++ } ++ ++ ffa_errno = (int)res.a2; ++ ffa_print_error_log(FFA_RXTX_UNMAP, ffa_errno); ++ ++ return ffa_to_std_errno(ffa_errno); ++} ++ ++/** ++ * ffa_release_rx_buffer - FFA_RX_RELEASE handler function ++ * ++ * This is the boot time function that invokes FFA_RX_RELEASE FF-A function ++ * to release the ownership of the RX buffer ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_release_rx_buffer(void) ++{ ++ ffa_value_t res = {0}; ++ int ffa_errno; ++ ++ ffa_priv_data->invoke_ffa_fn((ffa_value_t){ ++ .a0 = FFA_SMC_32(FFA_RX_RELEASE), ++ .a1 = 0, .a2 = 0, .a3 = 0, .a4 = 0, .a5 = 0, .a6 = 0, .a7 = 0, ++ }, &res); ++ ++ if (res.a0 == FFA_SMC_32(FFA_SUCCESS)) ++ return 0; ++ ++ ffa_errno = (int)res.a2; ++ ffa_print_error_log(FFA_RX_RELEASE, ffa_errno); ++ ++ return ffa_to_std_errno(ffa_errno); ++} ++ ++/** ++ * ffa_uuid_are_identical - checks whether two given UUIDs are identical ++ * @uuid1: first UUID ++ * @uuid2: second UUID ++ * ++ * This is a boot time function used by ffa_read_partitions_info to search ++ * for a UUID in the partitions descriptors table ++ * ++ * Return: ++ * ++ * 1 when UUIDs match. Otherwise, 0 ++ */ ++int ffa_uuid_are_identical(const struct ffa_partition_uuid *uuid1, ++ const struct ffa_partition_uuid *uuid2) ++{ ++ if (!uuid1 || !uuid2) ++ return 0; ++ ++ return (!memcmp(uuid1, uuid2, sizeof(struct ffa_partition_uuid))); ++} ++ ++/** ++ * ffa_read_partitions_info - reads the data queried by FFA_PARTITION_INFO_GET ++ * and saves it in the private structure ++ * @count: The number of partitions queried ++ * @part_uuid: Pointer to the partition(s) UUID ++ * ++ * This is the boot time function that reads the partitions information ++ * returned by the FFA_PARTITION_INFO_GET and saves it in the private ++ * data structure. ++ * ++ * Return: ++ * ++ * The private data structure is updated with the partition(s) information ++ * 0 is returned on success. Otherwise, failure ++ */ ++static int ffa_read_partitions_info(u32 count, struct ffa_partition_uuid *part_uuid) ++{ ++ if (!count) { ++ ffa_err("no partition detected"); ++ return -ENODATA; ++ } ++ ++ ffa_info("Reading partitions data from the RX buffer"); ++ ++ if (!part_uuid) { ++ /* ++ * querying information of all partitions ++ */ ++ u64 buf_bytes; ++ u64 data_bytes; ++ u32 desc_idx; ++ struct ffa_partition_info *parts_info; ++ ++ data_bytes = count * sizeof(struct ffa_partition_desc); ++ ++ buf_bytes = ffa_priv_data->pair.rxtx_min_pages * SZ_4K; ++ ++ if (data_bytes > buf_bytes) { ++ ffa_err("partitions data size exceeds the RX buffer size:"); ++ ffa_err(" sizes in bytes: data %llu , RX buffer %llu ", ++ data_bytes, ++ buf_bytes); ++ ++ return -ENOMEM; ++ } ++ ++ ffa_priv_data->partitions.descs = (struct ffa_partition_desc *) ++ devm_kmalloc(ffa_priv_data->dev, data_bytes, __GFP_ZERO); ++ if (!ffa_priv_data->partitions.descs) { ++ ffa_err("cannot allocate partitions data buffer"); ++ return -ENOMEM; ++ } ++ ++ parts_info = (struct ffa_partition_info *)ffa_priv_data->pair.rxbuf; ++ ++ for (desc_idx = 0 ; desc_idx < count ; desc_idx++) { ++ ffa_priv_data->partitions.descs[desc_idx].info = ++ parts_info[desc_idx]; ++ ++ ffa_info("Partition ID %x : info cached", ++ ffa_priv_data->partitions.descs[desc_idx].info.id); ++ } ++ ++ ffa_priv_data->partitions.count = count; ++ ++ ffa_info("%d partition(s) found and cached", count); ++ ++ } else { ++ u32 rx_desc_idx, cached_desc_idx; ++ struct ffa_partition_info *parts_info; ++ u8 desc_found; ++ ++ parts_info = (struct ffa_partition_info *)ffa_priv_data->pair.rxbuf; ++ ++ /* ++ * search for the SP IDs read from the RX buffer ++ * in the already cached SPs. ++ * Update the UUID when ID found. ++ */ ++ for (rx_desc_idx = 0; rx_desc_idx < count ; rx_desc_idx++) { ++ desc_found = 0; ++ ++ /* ++ * search the current ID in the cached partitions ++ */ ++ for (cached_desc_idx = 0; ++ cached_desc_idx < ffa_priv_data->partitions.count; ++ cached_desc_idx++) { ++ /* ++ * save the UUID ++ */ ++ if (ffa_priv_data->partitions.descs[cached_desc_idx].info.id == ++ parts_info[rx_desc_idx].id) { ++ ffa_priv_data->partitions.descs[cached_desc_idx].sp_uuid = ++ *part_uuid; ++ ++ desc_found = 1; ++ break; ++ } ++ } ++ ++ if (!desc_found) ++ return -ENODATA; ++ } ++ } ++ ++ return 0; ++} ++ ++/** ++ * ffa_query_partitions_info - invokes FFA_PARTITION_INFO_GET and saves partitions data ++ * ++ * @part_uuid: Pointer to the partition(s) UUID ++ * @pcount: Pointer to the number of partitions variable filled when querying ++ * ++ * This is the boot time function that executes the FFA_PARTITION_INFO_GET ++ * to query the partitions data. Then, it calls ffa_read_partitions_info ++ * to save the data in the private data structure. ++ * ++ * After reading the data the RX buffer is released using ffa_release_rx_buffer ++ * ++ * Return: ++ * ++ * When part_uuid is NULL, all partitions data are retrieved from secure world ++ * When part_uuid is non NULL, data for partitions matching the given UUID are ++ * retrieved and the number of partitions is returned ++ * 0 is returned on success. Otherwise, failure ++ */ ++static int ffa_query_partitions_info(struct ffa_partition_uuid *part_uuid, ++ u32 *pcount) ++{ ++ struct ffa_partition_uuid query_uuid = {0}; ++ ffa_value_t res = {0}; ++ int ffa_errno; ++ ++ /* ++ * If a UUID is specified. Information for one or more ++ * partitions in the system is queried. Otherwise, information ++ * for all installed partitions is queried ++ */ ++ ++ if (part_uuid) { ++ if (!pcount) ++ return -EINVAL; ++ ++ query_uuid = *part_uuid; ++ } else if (pcount) { ++ return -EINVAL; ++ } ++ ++ ffa_priv_data->invoke_ffa_fn((ffa_value_t){ ++ .a0 = FFA_SMC_32(FFA_PARTITION_INFO_GET), ++ .a1 = query_uuid.a1, ++ .a2 = query_uuid.a2, ++ .a3 = query_uuid.a3, ++ .a4 = query_uuid.a4, ++ .a5 = 0, ++ .a6 = 0, ++ .a7 = 0, ++ }, &res); ++ ++ if (res.a0 == FFA_SMC_32(FFA_SUCCESS)) { ++ int ret; ++ ++ /* ++ * res.a2 contains the count of partition information descriptors ++ * populated in the RX buffer ++ */ ++ if (res.a2) { ++ ret = ffa_read_partitions_info((u32)res.a2, part_uuid); ++ if (ret) { ++ ffa_err("failed to read partition(s) data , error (%d)", ret); ++ ffa_release_rx_buffer(); ++ return -EINVAL; ++ } ++ } ++ ++ /* ++ * return the SP count (when querying using a UUID) ++ */ ++ if (pcount) ++ *pcount = (u32)res.a2; ++ ++ /* ++ * After calling FFA_PARTITION_INFO_GET the buffer ownership ++ * is assigned to the consumer (u-boot). So, we need to give ++ * the ownership back to the SPM or hypervisor ++ */ ++ ret = ffa_release_rx_buffer(); ++ ++ return ret; ++ } ++ ++ ffa_errno = (int)res.a2; ++ ffa_print_error_log(FFA_PARTITION_INFO_GET, ffa_errno); ++ ++ return ffa_to_std_errno(ffa_errno); ++} ++ ++/** ++ * ffa_get_partitions_info - FFA_PARTITION_INFO_GET handler function ++ * ++ * The passed arguments: ++ * Mode 1: When getting from the driver the number of ++ * secure partitions: ++ * @uuid_str: pointer to the UUID string ++ * @parts_size: pointer to the variable that contains the number of partitions ++ * The variable will be set by the driver ++ * @buffer: NULL ++ * ++ * Mode 2: When requesting the driver to return the ++ * partitions information: ++ * @uuid_str: pointer to the UUID string ++ * @parts_size: pointer to the size of the SPs information buffer in bytes ++ * @buffer: pointer to SPs information buffer ++ * (allocated by the client). ++ * The buffer will be filled by the driver ++ * ++ * This is the boot time function that queries the secure partition data from ++ * the private data structure. If not found, it invokes FFA_PARTITION_INFO_GET ++ * FF-A function to query the partition information from secure world. ++ * ++ * A client of the FF-A driver should know the UUID of the service it wants to ++ * access. It should use the UUID to request the FF-A driver to provide the ++ * partition(s) information of the service. The FF-A driver uses ++ * PARTITION_INFO_GET to obtain this information. This is implemented through ++ * ffa_get_partitions_info function. ++ * A new FFA_PARTITION_INFO_GET call is issued (first one performed through ++ * ffa_cache_partitions_info) allowing to retrieve the partition(s) information. ++ * They are not saved (already done). We only update the UUID in the cached area. ++ * This assumes that partitions data does not change in the secure world. ++ * Otherwise u-boot will have an outdated partition data. The benefit of caching ++ * the information in the FF-A driver is to accommodate discovery after ++ * ExitBootServices(). ++ * ++ * When invoked through a client request, ffa_get_partitions_info should be ++ * called twice. First call is to get from the driver the number of secure ++ * partitions (SPs) associated to a particular UUID. ++ * Then, the caller (client) allocates the buffer to host the SPs data and ++ * issues a 2nd call. Then, the driver fills the SPs data in the pre-allocated ++ * buffer. ++ * ++ * To achieve the mechanism described above, ffa_get_partitions_info uses the ++ * following functions: ++ * ffa_read_partitions_info ++ * ffa_query_partitions_info ++ * ++ * Return: ++ * ++ * @parts_size: When pointing to the number of partitions variable, the number is ++ * set by the driver. ++ * When pointing to the partitions information buffer size, the buffer will be ++ * filled by the driver. ++ * ++ * On success 0 is returned. Otherwise, failure ++ */ ++static int ffa_get_partitions_info(const char *uuid_str, ++ u32 *parts_size, struct ffa_partition_info *buffer) ++{ ++ /* ++ * fill_data: ++ * 0: return the SP count ++ * 1: fill SP data and return it to the caller ++ * -1: undefined mode ++ */ ++ int fill_data = -1; ++ u32 desc_idx, client_desc_idx; ++ struct ffa_partition_uuid part_uuid = {0}; ++ u32 client_desc_max_cnt; ++ u32 parts_found = 0; ++ ++ if (!ffa_priv_data->partitions.count || !ffa_priv_data->partitions.descs) { ++ ffa_err("no partition installed"); ++ return -EINVAL; ++ } ++ ++ if (!uuid_str) { ++ ffa_err("no UUID provided"); ++ return -EINVAL; ++ } ++ ++ if (!parts_size) { ++ ffa_err("no size/count provided"); ++ return -EINVAL; ++ } ++ ++ if (be_uuid_str_to_le_bin(uuid_str, (unsigned char *)&part_uuid)) { ++ ffa_err("invalid UUID"); ++ return -EINVAL; ++ } ++ ++ if (!buffer) { ++ /* Mode 1: getting the number of secure partitions */ ++ ++ fill_data = 0; ++ ++ ffa_info("Preparing for checking partitions count"); ++ ++ } else if ((*parts_size >= sizeof(struct ffa_partition_info)) && ++ !(*parts_size % sizeof(struct ffa_partition_info))) { ++ /* Mode 2: retrieving the partitions information */ ++ ++ fill_data = 1; ++ ++ client_desc_idx = 0; ++ ++ /* ++ * number of empty descriptors preallocated by the caller ++ */ ++ client_desc_max_cnt = *parts_size / sizeof(struct ffa_partition_info); ++ ++ ffa_info("Preparing for filling partitions info"); ++ ++ } else { ++ ffa_err("invalid function arguments provided"); ++ return -EINVAL; ++ } ++ ++ ffa_info("Searching partitions using the provided UUID"); ++ ++ /* ++ * search in the cached partitions ++ */ ++ for (desc_idx = 0; ++ desc_idx < ffa_priv_data->partitions.count; ++ desc_idx++) { ++ if (ffa_uuid_are_identical(&ffa_priv_data->partitions.descs[desc_idx].sp_uuid, ++ &part_uuid)) { ++ ffa_info("Partition ID %x matches the provided UUID", ++ ffa_priv_data->partitions.descs[desc_idx].info.id); ++ ++ parts_found++; ++ ++ if (fill_data) { ++ /* ++ * trying to fill the partition info in the input buffer ++ */ ++ ++ if (client_desc_idx < client_desc_max_cnt) { ++ buffer[client_desc_idx++] = ++ ffa_priv_data->partitions.descs[desc_idx].info; ++ continue; ++ } ++ ++ ffa_err("failed to fill the current descriptor client buffer full"); ++ return -ENOBUFS; ++ } ++ } ++ } ++ ++ if (!parts_found) { ++ int ret; ++ ++ ffa_info("No partition found. Querying framework ..."); ++ ++ ret = ffa_query_partitions_info(&part_uuid, &parts_found); ++ ++ if (ret == 0) { ++ if (!fill_data) { ++ *parts_size = parts_found; ++ ++ ffa_info("Number of partition(s) found matching the UUID: %d", ++ parts_found); ++ } else { ++ /* ++ * If SPs data detected, they are already in the private data ++ * structure, retry searching SP data again to return them ++ * to the caller ++ */ ++ if (parts_found) ++ ret = ffa_get_partitions_info(uuid_str, parts_size, buffer); ++ else ++ ret = -ENODATA; ++ } ++ } ++ ++ return ret; ++ } ++ ++ /* partition(s) found */ ++ if (!fill_data) ++ *parts_size = parts_found; ++ ++ return 0; ++} ++ ++/** ++ * ffa_cache_partitions_info - Queries and saves all secure partitions data ++ * ++ * This is a boot time function that invokes FFA_PARTITION_INFO_GET FF-A ++ * function to query from secure world all partitions information. ++ * ++ * The FFA_PARTITION_INFO_GET call is issued with nil UUID as an argument. ++ * All installed partitions information are returned. We cache them in the ++ * resident private data structure and we keep the UUID field empty ++ * (in FF-A 1.0 UUID is not provided by the partition descriptor) ++ * ++ * This function is called at the device probing level. ++ * ffa_cache_partitions_info uses ffa_query_partitions_info to get the data ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_cache_partitions_info(void) ++{ ++ return ffa_query_partitions_info(NULL, NULL); ++} ++ ++/** ++ * ffa_msg_send_direct_req - FFA_MSG_SEND_DIRECT_{REQ,RESP} handler function ++ * @dst_part_id: destination partition ID ++ * @msg: pointer to the message data preallocated by the client (in/out) ++ * ++ * This is the runtime function that implements FFA_MSG_SEND_DIRECT_{REQ,RESP} ++ * FF-A functions. ++ * ++ * FFA_MSG_SEND_DIRECT_REQ is used to send the data to the secure partition. ++ * The response from the secure partition is handled by reading the ++ * FFA_MSG_SEND_DIRECT_RESP arguments. ++ * ++ * The maximum size of the data that can be exchanged is 40 bytes which is ++ * sizeof(struct ffa_send_direct_data) as defined by the FF-A specification 1.0 ++ * in the section relevant to FFA_MSG_SEND_DIRECT_{REQ,RESP} ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int __ffa_runtime ffa_msg_send_direct_req(u16 dst_part_id, struct ffa_send_direct_data *msg) ++{ ++ ffa_value_t res = {0}; ++ int ffa_errno; ++ ++ if (!ffa_priv_data || !ffa_priv_data->invoke_ffa_fn) ++ return -EINVAL; ++ ++ /* No partition installed */ ++ if (!ffa_priv_data->partitions.count || !ffa_priv_data->partitions.descs) ++ return -ENODEV; ++ ++ ffa_priv_data->invoke_ffa_fn((ffa_value_t){ ++ .a0 = FFA_SMC_64(FFA_MSG_SEND_DIRECT_REQ), ++ .a1 = PREP_SELF_ENDPOINT_ID(ffa_priv_data->id) | ++ PREP_PART_ENDPOINT_ID(dst_part_id), ++ .a2 = 0, ++ .a3 = msg->data0, ++ .a4 = msg->data1, ++ .a5 = msg->data2, ++ .a6 = msg->data3, ++ .a7 = msg->data4, ++ }, &res); ++ ++ while (res.a0 == FFA_SMC_32(FFA_INTERRUPT)) ++ ffa_priv_data->invoke_ffa_fn((ffa_value_t){ ++ .a0 = FFA_SMC_32(FFA_RUN), ++ .a1 = res.a1, .a2 = 0, .a3 = 0, .a4 = 0, .a5 = 0, .a6 = 0, .a7 = 0, ++ }, &res); ++ ++ if (res.a0 == FFA_SMC_32(FFA_SUCCESS)) { ++ /* Message sent with no response */ ++ return 0; ++ } ++ ++ if (res.a0 == FFA_SMC_64(FFA_MSG_SEND_DIRECT_RESP)) { ++ /* ++ * Message sent with response ++ * extract the return data ++ */ ++ msg->data0 = res.a3; ++ msg->data1 = res.a4; ++ msg->data2 = res.a5; ++ msg->data3 = res.a6; ++ msg->data4 = res.a7; ++ ++ return 0; ++ } ++ ++ ffa_errno = (int)res.a2; ++ return ffa_to_std_errno(ffa_errno); ++} ++ ++/** ++ * __arm_ffa_fn_smc - SMC wrapper ++ * @args: FF-A ABI arguments to be copied to Xn registers ++ * @res: FF-A ABI return data to be copied from Xn registers ++ * ++ * Calls low level SMC assembly function ++ * ++ * Return: void ++ */ ++void __ffa_runtime __arm_ffa_fn_smc(ffa_value_t args, ffa_value_t *res) ++{ ++ arm_smccc_1_2_smc(&args, res); ++} ++ ++/** ++ * ffa_set_smc_conduit - Set the SMC conduit ++ * ++ * This boot time function selects the SMC conduit by setting the driver invoke function ++ * to SMC assembly function ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_set_smc_conduit(void) ++{ ++ ffa_priv_data->invoke_ffa_fn = __arm_ffa_fn_smc; ++ ++ if (!ffa_priv_data->invoke_ffa_fn) { ++ ffa_err("failure to set the invoke function"); ++ return -EINVAL; ++ } ++ ++ ffa_info("Conduit is SMC"); ++ ++ return 0; ++} ++ ++/** ++ * ffa_set_bus_ops - Set the bus driver operations ++ * ++ * Setting the driver callbacks. ++ * ++ */ ++static void ffa_set_bus_ops(void) ++{ ++ ffa_priv_data->ffa_ops.partition_info_get = ffa_get_partitions_info; ++ ffa_priv_data->ffa_ops.sync_send_receive = ffa_msg_send_direct_req; ++ ffa_priv_data->ffa_ops.rxtx_unmap = ffa_unmap_rxtx_buffers; ++} ++ ++/** ++ * ffa_alloc_prvdata - allocate the driver main data structure and sets the device ++ * @dev: the arm_ffa device ++ * ++ * This boot time function creates the main data structure embedding all the driver data. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_alloc_prvdata(struct udevice *dev) ++{ ++ if (!dev) { ++ ffa_err("no udevice found"); ++ return -ENODEV; ++ } ++ ++ /* The device is registered with the DM. Let's create the driver main data structure*/ ++ ++ ffa_priv_data = devm_kmalloc(dev, sizeof(struct ffa_prvdata), __GFP_ZERO); ++ if (!ffa_priv_data) { ++ ffa_err("can not allocate the driver main data structure"); ++ return -ENOMEM; ++ } ++ ++ ffa_priv_data->dev = dev; ++ ++ return 0; ++} ++ ++/** ++ * ffa_probe - The driver probe function ++ * @dev: the arm_ffa device ++ * ++ * Probing is done at boot time and triggered by the uclass device discovery. ++ * At probe level the following actions are done: ++ * - setting the conduit ++ * - querying the FF-A framework version ++ * - querying from secure world the u-boot endpoint ID ++ * - querying from secure world the supported features of FFA_RXTX_MAP ++ * - mapping the RX/TX buffers ++ * - querying from secure world all the partitions information ++ * ++ * All data queried from secure world is saved in the resident private data structure. ++ * ++ * The probe will fail if either FF-A framework is not detected or the ++ * FF-A requests are not behaving correctly. This ensures that the ++ * driver is not installed and its operations are not exported to the clients. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int ffa_probe(struct udevice *dev) ++{ ++ int ret; ++ ++ ret = ffa_alloc_prvdata(dev); ++ if (ret != 0) ++ return ret; ++ ++ ffa_set_bus_ops(); ++ ++ ret = ffa_set_smc_conduit(); ++ if (ret != 0) ++ return ret; ++ ++ ret = ffa_get_version(); ++ if (ret != 0) ++ return ret; ++ ++ ret = ffa_get_endpoint_id(); ++ if (ret != 0) ++ return ret; ++ ++ ret = ffa_get_rxtx_map_features(); ++ if (ret != 0) ++ return ret; ++ ++ ret = ffa_map_rxtx_buffers(); ++ if (ret != 0) ++ return ret; ++ ++ ret = ffa_cache_partitions_info(); ++ if (ret != 0) { ++ ffa_free_rxtx_buffers(); ++ return ret; ++ } ++ ++ return 0; ++} ++ ++/** ++ * ffa_remove - The driver remove function ++ * @dev: the arm_ffa device ++ * When the device is about to be removed , unmap the RX/TX buffers and free the memory ++ * Return: ++ * ++ * 0 on success. ++ */ ++static int ffa_remove(struct udevice *dev) ++{ ++ ffa_info("removing the device"); ++ ++ ffa_unmap_rxtx_buffers(); ++ ++ if (ffa_priv_data->pair.rxbuf || ffa_priv_data->pair.txbuf) ++ ffa_free_rxtx_buffers(); ++ ++ return 0; ++} ++ ++/** ++ * ffa_unbind - The driver unbind function ++ * @dev: the arm_ffa device ++ * After the device is removed and memory freed the device is unbound ++ * Return: ++ * ++ * 0 on success. ++ */ ++static int ffa_unbind(struct udevice *dev) ++{ ++ ffa_info("unbinding the device , private data already released"); ++ ++ ffa_priv_data = NULL; ++ ++ return 0; ++} ++ ++/** ++ * ffa_bus_ops_get - bus driver operations getter ++ * ++ * Return: ++ * This runtime function returns a pointer to the driver operations structure ++ */ ++const struct ffa_bus_ops * __ffa_runtime ffa_bus_ops_get(void) ++{ ++ return &ffa_priv_data->ffa_ops; ++} ++ ++/** ++ * ffa_bus_prvdata_get - bus driver private data getter ++ * ++ * Return: ++ * This boot time function returns a pointer to the main private data structure ++ */ ++struct ffa_prvdata **ffa_bus_prvdata_get(void) ++{ ++ return &ffa_priv_data; ++} ++ ++/** ++ * ffa_bus_discover - discover FF-A bus and probe the arm_ffa device ++ * ++ * This boot time function makes sure the FF-A bus is discoverable. ++ * Then, the arm_ffa device is probed and ready to use. ++ * This function is called automatically at initcalls ++ * level (after u-boot relocation). ++ * ++ * When the bus was already discovered successfully the discovery will not run again. ++ * ++ * Arm FF-A transport is implemented through arm_ffa u-boot device managing the FF-A ++ * communication. ++ * All FF-A clients should use the arm_ffa device to use the FF-A transport. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++int ffa_bus_discover(void) ++{ ++ int ret = 0; ++ ++ if (!ffa_priv_data) ++ ret = ffa_device_get(); ++ ++ return ret; ++} ++ ++/** ++ * Declaring the arm_ffa driver under UCLASS_FFA ++ */ ++ ++U_BOOT_DRIVER(arm_ffa) = { ++ .name = FFA_DRV_NAME, ++ .id = UCLASS_FFA, ++ .probe = ffa_probe, ++ .remove = ffa_remove, ++ .unbind = ffa_unbind, ++}; +diff --git a/drivers/firmware/arm-ffa/efi_ffa_runtime_data_mgr.c b/drivers/firmware/arm-ffa/efi_ffa_runtime_data_mgr.c +new file mode 100644 +index 0000000000..c76cf2147b +--- /dev/null ++++ b/drivers/firmware/arm-ffa/efi_ffa_runtime_data_mgr.c +@@ -0,0 +1,94 @@ ++// SPDX-License-Identifier: GPL-2.0+ ++/* ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> ++ */ ++ ++#include "arm_ffa_prv.h" ++ ++/** ++ * ffa_copy_runtime_data - copy the private data structure to the runtime area ++ * ++ * This boot time function copies the arm_ffa driver data structures including ++ * partitions data to the EFI runtime data section. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++efi_status_t ffa_copy_runtime_data(void) ++{ ++ efi_status_t efi_ret; ++ efi_uintn_t prvdata_pages; ++ efi_uintn_t descs_pages; ++ struct ffa_prvdata **prvdata = NULL; /* Pointer to the current structure */ ++ struct ffa_prvdata *runtime_prvdata = NULL; /* Pointer to the structure runtime copy */ ++ u64 runtime_descs = 0; ++ ++ prvdata = ffa_bus_prvdata_get(); ++ ++ printf("INFO: EFI: FFA: prv data area at 0x%llx\n", (u64)prvdata); ++ ++ /* allocate private data runtime area */ ++ ++ prvdata_pages = efi_size_in_pages(sizeof(struct ffa_prvdata)); ++ efi_ret = efi_allocate_pages(EFI_ALLOCATE_ANY_PAGES, ++ EFI_RUNTIME_SERVICES_DATA, ++ prvdata_pages, ++ (u64 *)&runtime_prvdata); ++ ++ if (efi_ret != EFI_SUCCESS) { ++ printf("ERROR: EFI: FFA: allocating runtime data (err: 0x%lx, addr 0x%llx)\n", ++ efi_ret, (u64)runtime_prvdata); ++ ++ return efi_ret; ++ } ++ ++ printf("INFO: EFI: FFA: runtime data area at 0x%llx\n", (u64)runtime_prvdata); ++ ++ if (!runtime_prvdata) ++ return EFI_INVALID_PARAMETER; ++ ++ /* allocate the partition data runtime area */ ++ ++ descs_pages = efi_size_in_pages((*prvdata)->partitions.count * ++ sizeof(struct ffa_partition_desc)); ++ efi_ret = efi_allocate_pages(EFI_ALLOCATE_ANY_PAGES, ++ EFI_RUNTIME_SERVICES_DATA, ++ descs_pages, ++ &runtime_descs); ++ ++ if (efi_ret != EFI_SUCCESS) { ++ printf("ERROR: EFI: FFA: allocating runtime SPs data (err: 0x%lx, addr 0x%llx)\n", ++ efi_ret, runtime_descs); ++ ++ efi_free_pages((u64)runtime_prvdata, prvdata_pages); ++ ++ return efi_ret; ++ } ++ ++ printf("INFO: EFI: FFA: SPs runtime area at 0x%llx\n", (u64)runtime_descs); ++ ++ if (!runtime_descs) ++ return EFI_INVALID_PARAMETER; ++ ++ *runtime_prvdata = **prvdata; ++ ++ runtime_prvdata->dev = NULL; ++ runtime_prvdata->ffa_ops.partition_info_get = NULL; ++ runtime_prvdata->ffa_ops.rxtx_unmap = NULL; ++ runtime_prvdata->partitions.descs = (struct ffa_partition_desc *)runtime_descs; ++ runtime_prvdata->pair.rxbuf = 0; ++ runtime_prvdata->pair.txbuf = 0; ++ ++ /* ++ * Update the private data structure pointer in the driver ++ * no need to free the old structure. devm takes care of that ++ */ ++ *prvdata = runtime_prvdata; ++ ++ printf("INFO: EFI: FFA: runtime prv data now at 0x%llx , SPs count %d\n", ++ (u64)*prvdata, (*prvdata)->partitions.count); ++ ++ return 0; ++} +diff --git a/include/arm_ffa.h b/include/arm_ffa.h +new file mode 100644 +index 0000000000..f17b100497 +--- /dev/null ++++ b/include/arm_ffa.h +@@ -0,0 +1,127 @@ ++/* SPDX-License-Identifier: GPL-2.0+ */ ++/* ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> ++ */ ++ ++#ifndef __ARM_FFA_H ++#define __ARM_FFA_H ++ ++#include <linux/printk.h> ++ ++/* ++ * This header is public. It can be used by clients to access ++ * data structures and definitions they need ++ */ ++ ++/* ++ * Macros for displaying logs ++ */ ++ ++#define ffa_info(fmt, ...) pr_info("[FFA] " fmt "\n", ##__VA_ARGS__) ++#define ffa_err(fmt, ...) pr_err("[FFA] " fmt "\n", ##__VA_ARGS__) ++ ++/* ++ * struct ffa_partition_info - Partition information descriptor ++ * @id: Partition ID ++ * @exec_ctxt: Execution context count ++ * @properties: Partition properties ++ * ++ * Data structure containing information about partitions instantiated in the system ++ * This structure is filled with the data queried by FFA_PARTITION_INFO_GET ++ */ ++struct __packed ffa_partition_info { ++ u16 id; ++ u16 exec_ctxt; ++/* partition supports receipt of direct requests */ ++#define FFA_PARTITION_DIRECT_RECV BIT(0) ++/* partition can send direct requests. */ ++#define FFA_PARTITION_DIRECT_SEND BIT(1) ++/* partition can send and receive indirect messages. */ ++#define FFA_PARTITION_INDIRECT_MSG BIT(2) ++ u32 properties; ++}; ++ ++/* ++ * struct ffa_send_direct_data - Data structure hosting the data ++ * used by FFA_MSG_SEND_DIRECT_{REQ,RESP} ++ * @data0-4: Data read/written from/to x3-x7 registers ++ * ++ * Data structure containing the data to be sent by FFA_MSG_SEND_DIRECT_REQ ++ * or read from FFA_MSG_SEND_DIRECT_RESP ++ */ ++ ++/* For use with FFA_MSG_SEND_DIRECT_{REQ,RESP} which pass data via registers */ ++struct __packed ffa_send_direct_data { ++ unsigned long data0; /* w3/x3 */ ++ unsigned long data1; /* w4/x4 */ ++ unsigned long data2; /* w5/x5 */ ++ unsigned long data3; /* w6/x6 */ ++ unsigned long data4; /* w7/x7 */ ++}; ++ ++#if CONFIG_IS_ENABLED(ARM_FFA_EFI_RUNTIME_MODE) ++ ++#include <efi_loader.h> ++ ++/* ++ * __ffa_runtime - controls whether functions are ++ * available after calling the EFI ExitBootServices service. ++ * Functions tagged with these keywords are resident (available at boot time and ++ * at runtime) ++ */ ++ ++#define __ffa_runtime_data __efi_runtime_data ++#define __ffa_runtime __efi_runtime ++ ++#else ++ ++/* ++ * The FF-A driver is independent from EFI ++ */ ++ ++#define __ffa_runtime_data ++#define __ffa_runtime ++ ++#endif ++ ++/** ++ * struct ffa_bus_ops - The driver operations structure ++ * @partition_info_get: callback for the FFA_PARTITION_INFO_GET ++ * @sync_send_receive: callback for the FFA_MSG_SEND_DIRECT_REQ ++ * @rxtx_unmap: callback for the FFA_RXTX_UNMAP ++ * ++ * The data structure providing all the operations supported by the driver. ++ * This structure is EFI runtime resident. ++ */ ++struct ffa_bus_ops { ++ int (*partition_info_get)(const char *uuid_str, ++ u32 *parts_size, struct ffa_partition_info *buffer); ++ int (*sync_send_receive)(u16 dst_part_id, struct ffa_send_direct_data *msg); ++ int (*rxtx_unmap)(void); ++}; ++ ++/** ++ * The device driver and the Uclass driver public functions ++ */ ++ ++/** ++ * ffa_bus_ops_get - driver operations getter ++ */ ++const struct ffa_bus_ops * __ffa_runtime ffa_bus_ops_get(void); ++ ++/** ++ * ffa_bus_discover - discover FF-A bus and probes the arm_ffa device ++ */ ++int ffa_bus_discover(void); ++ ++#if CONFIG_IS_ENABLED(ARM_FFA_EFI_RUNTIME_MODE) ++ ++/** ++ * ffa_copy_runtime_data - copy the private data structure and the SPs data to the runtime area ++ */ ++efi_status_t ffa_copy_runtime_data(void); ++ ++#endif ++ ++#endif +diff --git a/include/dm/uclass-id.h b/include/dm/uclass-id.h +index 3ba69ad9a0..7324418245 100644 +--- a/include/dm/uclass-id.h ++++ b/include/dm/uclass-id.h +@@ -55,6 +55,7 @@ enum uclass_id { + UCLASS_EFI_MEDIA, /* Devices provided by UEFI firmware */ + UCLASS_ETH, /* Ethernet device */ + UCLASS_ETH_PHY, /* Ethernet PHY device */ ++ UCLASS_FFA, /* Arm Firmware Framework for Armv8-A */ + UCLASS_FIRMWARE, /* Firmware */ + UCLASS_FS_FIRMWARE_LOADER, /* Generic loader */ + UCLASS_GPIO, /* Bank of general-purpose I/O pins */ +diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c +index 4da64b5d29..0ec002ac8b 100644 +--- a/lib/efi_loader/efi_boottime.c ++++ b/lib/efi_loader/efi_boottime.c +@@ -23,6 +23,10 @@ + #include <asm/setjmp.h> + #include <linux/libfdt_env.h> + ++#if CONFIG_IS_ENABLED(ARM_FFA_TRANSPORT) ++#include <arm_ffa.h> ++#endif ++ + DECLARE_GLOBAL_DATA_PTR; + + /* Task priority level */ +@@ -2173,6 +2177,14 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, + dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL); + } + ++#if CONFIG_IS_ENABLED(ARM_FFA_TRANSPORT) ++ /* unmap FF-A RX/TX buffers */ ++ if (ffa_bus_ops_get()->rxtx_unmap()) ++ debug("[efi_boottime][ERROR]: can not unmap FF-A RX/TX buffers\n"); ++ else ++ debug("[efi_boottime][INFO]: FF-A RX/TX buffers unmapped\n"); ++#endif ++ + /* Patch out unsupported runtime function */ + efi_runtime_detach(); + +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-arm_ffa-introducing-test-module-for-UCLASS_FFA.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-arm_ffa-introducing-test-module-for-UCLASS_FFA.patch deleted file mode 100644 index ae4bb02f18..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-arm_ffa-introducing-test-module-for-UCLASS_FFA.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 6f998a5e94e2562b5876b88864876c8b03b88f5a Mon Sep 17 00:00:00 2001 -From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> -Date: Tue, 16 Nov 2021 12:38:48 +0000 -Subject: [PATCH 09/24] arm_ffa: introducing test module for UCLASS_FFA - -This is the test module for the UCLASS_FFA class. - -Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - MAINTAINERS | 1 + - test/dm/Makefile | 1 + - test/dm/ffa.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++ - test/dm/ffa.h | 19 ++++++++++++++++ - 4 files changed, 77 insertions(+) - create mode 100644 test/dm/ffa.c - create mode 100644 test/dm/ffa.h - -diff --git a/MAINTAINERS b/MAINTAINERS -index 32fc267fcf13..8209dc9319f1 100644 ---- a/MAINTAINERS -+++ b/MAINTAINERS -@@ -252,6 +252,7 @@ F: drivers/arm-ffa/ - F: include/arm_ffa.h - F: include/arm_ffa_helper.h - F: lib/arm-ffa/ -+F: test/dm/ffa.c - - ARM FREESCALE IMX - M: Stefano Babic <sbabic@denx.de> -diff --git a/test/dm/Makefile b/test/dm/Makefile -index f0a7c97e3d17..09a3403d2f53 100644 ---- a/test/dm/Makefile -+++ b/test/dm/Makefile -@@ -79,6 +79,7 @@ obj-$(CONFIG_POWER_DOMAIN) += power-domain.o - obj-$(CONFIG_ACPI_PMC) += pmc.o - obj-$(CONFIG_DM_PMIC) += pmic.o - obj-$(CONFIG_DM_PWM) += pwm.o -+obj-$(CONFIG_ARM_FFA_TRANSPORT) += ffa.o - obj-$(CONFIG_QFW) += qfw.o - obj-$(CONFIG_RAM) += ram.o - obj-y += regmap.o -diff --git a/test/dm/ffa.c b/test/dm/ffa.c -new file mode 100644 -index 000000000000..b937cea57b80 ---- /dev/null -+++ b/test/dm/ffa.c -@@ -0,0 +1,56 @@ -+// SPDX-License-Identifier: GPL-2.0+ -+/* -+ * Test for UCLASS_FFA class -+ * -+ * (C) Copyright 2021 ARM Limited -+ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> -+ */ -+ -+#include <common.h> -+#include <dm.h> -+#include <dm/test.h> -+#include <test/test.h> -+#include <test/ut.h> -+#include <arm_ffa_helper.h> -+#include "ffa.h" -+ -+/* Basic test of 'armffa' command */ -+static int dm_test_armffa_cmd(struct unit_test_state *uts) -+{ -+ ut_assertok(ffa_helper_init_device()); -+ -+ ut_assertok(console_record_reset_enable()); -+ -+ /* armffa getpart <UUID> */ -+ ut_assertok(run_command("armffa getpart " SE_PROXY_PARTITION_UUID, 0)); -+ ut_assert_console_end(); -+ -+ /* armffa ping <ID> */ -+ ut_assertok(run_command("armffa ping " SE_PROXY_PARTITION_ID, 0)); -+ ut_assert_console_end(); -+ -+ /* armffa devlist */ -+ ut_assertok(run_command("armffa devlist", 0)); -+ ut_assert_console_end(); -+ -+ return 0; -+} -+ -+DM_TEST(dm_test_armffa_cmd, UT_TESTF_SCAN_PDATA | UT_TESTF_SCAN_FDT | UT_TESTF_CONSOLE_REC); -+ -+static int test_ffa_msg_send_direct_req(void) -+{ -+ char *const argv[1] = {SE_PROXY_PARTITION_ID}; /* Corstone1000 SE Proxy ID */ -+ -+ return do_ffa_msg_send_direct_req(NULL, 0, 1, argv); -+} -+ -+/* Basic test of the FFA uclass */ -+static int dm_test_ffa_uclass(struct unit_test_state *uts) -+{ -+ ut_assertok(ffa_init_device()); -+ ut_assertok(test_ffa_msg_send_direct_req()); -+ return 0; -+} -+ -+DM_TEST(dm_test_ffa_uclass, UT_TESTF_SCAN_PDATA | UT_TESTF_SCAN_FDT); -diff --git a/test/dm/ffa.h b/test/dm/ffa.h -new file mode 100644 -index 000000000000..a0802bd6928a ---- /dev/null -+++ b/test/dm/ffa.h -@@ -0,0 +1,19 @@ -+/* SPDX-License-Identifier: GPL-2.0+ */ -+/* -+ * (C) Copyright 2021 ARM Limited -+ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> -+ */ -+ -+#ifndef __TEST_DM_FFA_H -+#define __TEST_DM_FFA_H -+ -+#define SE_PROXY_PARTITION_ID "0x8002" -+#define SE_PROXY_PARTITION_UUID "46bb39d1-b4d9-45b5-88ff-040027dab249" -+ -+/** -+ * do_ffa_msg_send_direct_req - implementation of the ping subcommand -+ */ -+int do_ffa_msg_send_direct_req(struct cmd_tbl *cmdtp, int flag, int argc, -+ char *const argv[]); -+ -+#endif /*__TEST_DM_FFA_H */ --- -2.37.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-arm_ffa-introducing-armffa-command.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0010-arm_ffa-introduce-armffa-command.patch index 582bc3e5aa..f52f88ddcd 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-arm_ffa-introducing-armffa-command.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0010-arm_ffa-introduce-armffa-command.patch @@ -1,26 +1,48 @@ -From 58358f79d9f8abbdc8bcfc7d08bd0c7c4c90ec84 Mon Sep 17 00:00:00 2001 +From a09ed2542f4d991fef61bd51f87d373f44ad1ff3 Mon Sep 17 00:00:00 2001 From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> -Date: Tue, 16 Nov 2021 12:36:27 +0000 -Subject: [PATCH 07/24] arm_ffa: introducing armffa command +Date: Mon, 6 Jun 2022 12:46:38 +0100 +Subject: [PATCH 10/26] arm_ffa: introduce armffa command -A new armffa command is provided as an example of how to use -the FF-A helper functions to communicate with secure world. +Provide armffa command showcasing the use of the FF-A driver The armffa command allows to query secure partitions data from the secure world and exchanging messages with the partitions. Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/] --- - MAINTAINERS | 1 + - cmd/Kconfig | 10 ++ - cmd/Makefile | 2 + - cmd/armffa.c | 266 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 4 files changed, 279 insertions(+) + +Changelog: +=============== + +v4: + +* remove pattern data in do_ffa_msg_send_direct_req + +v3: + +* use the new driver interfaces (partition_info_get, sync_send_receive) + in armffa command + +v2: + +* replace use of ffa_helper_init_device function by + ffa_helper_bus_discover + +v1: + +* introduce armffa command + + MAINTAINERS | 1 + + cmd/Kconfig | 10 ++ + cmd/Makefile | 2 + + cmd/armffa.c | 242 +++++++++++++++++++++++++++++++ + drivers/firmware/arm-ffa/Kconfig | 1 + + 5 files changed, 256 insertions(+) create mode 100644 cmd/armffa.c diff --git a/MAINTAINERS b/MAINTAINERS -index d29d7e040764..32fc267fcf13 100644 +index e760b4ca3a..9f0a1b7387 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -247,6 +247,7 @@ F: include/configs/turris_*.h @@ -28,11 +50,11 @@ index d29d7e040764..32fc267fcf13 100644 M: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> S: Maintained +F: cmd/armffa.c - F: drivers/arm-ffa/ + F: doc/README.ffa.drv + F: drivers/firmware/arm-ffa/ F: include/arm_ffa.h - F: include/arm_ffa_helper.h diff --git a/cmd/Kconfig b/cmd/Kconfig -index ba2f321ae989..090e668125d5 100644 +index ba2f321ae9..090e668125 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -873,6 +873,16 @@ endmenu @@ -53,7 +75,7 @@ index ba2f321ae989..090e668125d5 100644 #depends on FLASH_CFI_DRIVER bool "armflash" diff --git a/cmd/Makefile b/cmd/Makefile -index 5e43a1e022e8..e40f52f1e416 100644 +index 5e43a1e022..e40f52f1e4 100644 --- a/cmd/Makefile +++ b/cmd/Makefile @@ -12,6 +12,8 @@ obj-y += panic.o @@ -67,17 +89,17 @@ index 5e43a1e022e8..e40f52f1e416 100644 obj-$(CONFIG_CMD_AES) += aes.o diff --git a/cmd/armffa.c b/cmd/armffa.c new file mode 100644 -index 000000000000..71a6ebb656d1 +index 0000000000..9b56e8a830 --- /dev/null +++ b/cmd/armffa.c -@@ -0,0 +1,266 @@ +@@ -0,0 +1,242 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* -+ * (C) Copyright 2021 ARM Limited ++ * (C) Copyright 2022 ARM Limited + * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> + */ + -+#include <arm_ffa_helper.h> ++#include <arm_ffa.h> +#include <asm/io.h> +#include <common.h> +#include <command.h> @@ -93,7 +115,7 @@ index 000000000000..71a6ebb656d1 + * @argv: arguments + * + * This function queries the secure partition information which the UUID is provided -+ * as an argument. The function uses the arm_ffa driver helper function ++ * as an argument. The function uses the arm_ffa driver partition_info_get operation + * to retrieve the data. + * The input UUID string is expected to be in big endian format. + * @@ -104,31 +126,17 @@ index 000000000000..71a6ebb656d1 +static int do_ffa_get_singular_partition_info(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ -+ struct ffa_interface_data func_data = {0}; -+ u32 count = 0; ++ u32 count = 0, size = 0; + int ret; -+ union ffa_partition_uuid service_uuid = {0}; + struct ffa_partition_info *parts_info; + u32 info_idx; + + if (argc != 1) + return -EINVAL; + -+ if (ffa_uuid_str_to_bin(argv[0], (unsigned char *)&service_uuid)) { -+ ffa_err("Invalid UUID"); -+ return -EINVAL; -+ } -+ -+ /* -+ * get from the driver the count of the SPs matching the UUID -+ */ -+ func_data.data0_size = sizeof(service_uuid); -+ func_data.data0 = &service_uuid; -+ func_data.data1_size = sizeof(count); -+ func_data.data1 = &count; -+ -+ ret = ffa_helper_get_partitions_info(&func_data); -+ if (ret != FFA_ERR_STAT_SUCCESS) { ++ /* Mode 1: getting the number of secure partitions */ ++ ret = ffa_bus_ops_get()->partition_info_get(argv[0], &count, NULL); ++ if (ret != 0) { + ffa_err("Failure in querying partitions count (error code: %d)", ret); + return ret; + } @@ -140,23 +148,23 @@ index 000000000000..71a6ebb656d1 + + /* + * pre-allocate a buffer to be filled by the driver -+ * with ffa_partition_info structs ++ * with ffa_partition_info structs + */ + ++ ffa_info("Pre-allocating %d partition(s) info structures", count); ++ + parts_info = calloc(count, sizeof(struct ffa_partition_info)); + if (!parts_info) + return -EINVAL; + -+ ffa_info("Pre-allocating %d partition(s) info structures", count); -+ -+ func_data.data1_size = count * sizeof(struct ffa_partition_info); -+ func_data.data1 = parts_info; ++ size = count * sizeof(struct ffa_partition_info); + + /* + * ask the driver to fill the buffer with the SPs info + */ -+ ret = ffa_helper_get_partitions_info(&func_data); -+ if (ret != FFA_ERR_STAT_SUCCESS) { ++ ++ ret = ffa_bus_ops_get()->partition_info_get(argv[0], &size, parts_info); ++ if (ret != 0) { + ffa_err("Failure in querying partition(s) info (error code: %d)", ret); + free(parts_info); + return ret; @@ -185,7 +193,7 @@ index 000000000000..71a6ebb656d1 + * @argv: arguments + * + * This function sends data to the secure partition which the ID is provided -+ * as an argument. The function uses the arm_ffa driver helper function ++ * as an argument. The function uses the arm_ffa driver sync_send_receive operation + * to send data. + * + * Return: @@ -195,9 +203,13 @@ index 000000000000..71a6ebb656d1 +int do_ffa_msg_send_direct_req(struct cmd_tbl *cmdtp, int flag, int argc, + char *const argv[]) +{ -+ struct ffa_interface_data func_data = {0}; -+ struct ffa_send_direct_data msg = {0}; -+ u32 pattern = 0xaabbccd0; ++ struct ffa_send_direct_data msg = { ++ .data0 = 0xaaaaaaaa, ++ .data1 = 0xbbbbbbbb, ++ .data2 = 0xcccccccc, ++ .data3 = 0xdddddddd, ++ .data4 = 0xeeeeeeee, ++ }; + u16 part_id; + int ret; + @@ -212,32 +224,15 @@ index 000000000000..71a6ebb656d1 + return -EINVAL; + } + -+ /* -+ * telling the driver which partition to use -+ */ -+ func_data.data0_size = sizeof(part_id); -+ func_data.data0 = &part_id; -+ -+ /* -+ * filling the message data -+ */ -+ msg.a3 = ++pattern; -+ msg.a4 = ++pattern; -+ msg.a5 = ++pattern; -+ msg.a6 = ++pattern; -+ msg.a7 = ++pattern; -+ func_data.data1_size = sizeof(msg); -+ func_data.data1 = &msg; -+ -+ ret = ffa_helper_msg_send_direct_req(&func_data); -+ if (ret == FFA_ERR_STAT_SUCCESS) { ++ ret = ffa_bus_ops_get()->sync_send_receive(part_id, &msg); ++ if (ret == 0) { + u8 cnt; + + ffa_info("SP response:\n[LSB]"); + for (cnt = 0; -+ cnt < sizeof(struct ffa_send_direct_data) / sizeof(u32); ++ cnt < sizeof(struct ffa_send_direct_data) / sizeof(u64); + cnt++) -+ ffa_info("0x%x", ((u32 *)&msg)[cnt]); ++ ffa_info("0x%llx", ((u64 *)&msg)[cnt]); + } else { + ffa_err("Sending direct request error (%d)", ret); + } @@ -320,10 +315,13 @@ index 000000000000..71a6ebb656d1 + if (!armffa_cmd || argc > armffa_cmd->maxargs) + return CMD_RET_USAGE; + -+ ret = ffa_helper_init_device(); -+ if (ret != FFA_ERR_STAT_SUCCESS) ++ ret = ffa_bus_discover(); ++ if (ret != 0) + return cmd_process_error(cmdtp, ret); + ++ if (!ffa_bus_ops_get()) ++ return -EINVAL; ++ + ret = armffa_cmd->cmd(armffa_cmd, flag, argc, argv); + + return cmd_process_error(armffa_cmd, ret); @@ -337,6 +335,18 @@ index 000000000000..71a6ebb656d1 + " - sends a data pattern to the specified partition\n" + "devlist\n" + " - displays the arm_ffa device info\n"); +diff --git a/drivers/firmware/arm-ffa/Kconfig b/drivers/firmware/arm-ffa/Kconfig +index aceb61cf49..40b467b0a5 100644 +--- a/drivers/firmware/arm-ffa/Kconfig ++++ b/drivers/firmware/arm-ffa/Kconfig +@@ -4,6 +4,7 @@ config ARM_FFA_TRANSPORT + bool "Enable Arm Firmware Framework for Armv8-A driver" + depends on DM && ARM64 + select ARM_SMCCC ++ select CMD_ARMFFA + select LIB_UUID + select DEVRES + help -- -2.37.1 +2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-arm_ffa-introduce-the-FF-A-Sandbox-driver.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-arm_ffa-introduce-the-FF-A-Sandbox-driver.patch new file mode 100644 index 0000000000..739f7810c1 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-arm_ffa-introduce-the-FF-A-Sandbox-driver.patch @@ -0,0 +1,1185 @@ +From 553b57e39808ef04bc6aa54e0324f92b0175e476 Mon Sep 17 00:00:00 2001 +From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Date: Mon, 6 Jun 2022 12:55:08 +0100 +Subject: [PATCH 11/26] arm_ffa: introduce the FF-A Sandbox driver + +Provide a Sandbox driver to emulate the FF-A ABIs + +The emulated ABIs are those supported by the FF-A core driver +and according to FF-A specification v1.0. + +The Sandbox driver provides operations allowing the test +application to read the status of all the inspected ABIs +and perform functional tests based on that. + +Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/] +--- + +Changelog: +=============== + +v4: align sandbox driver with the new FF-A driver interfaces + and new way of error handling + +v1: introduce the sandbox driver + + MAINTAINERS | 1 + + common/board_r.c | 2 +- + configs/sandbox64_defconfig | 2 + + configs/sandbox_defconfig | 2 + + doc/arch/sandbox.rst | 1 + + drivers/firmware/arm-ffa/Kconfig | 10 +- + drivers/firmware/arm-ffa/Makefile | 1 + + drivers/firmware/arm-ffa/arm_ffa_prv.h | 15 +- + drivers/firmware/arm-ffa/core.c | 24 +- + drivers/firmware/arm-ffa/sandbox.c | 659 ++++++++++++++++++ + .../firmware/arm-ffa/sandbox_arm_ffa_prv.h | 144 ++++ + include/arm_ffa.h | 2 +- + include/sandbox_arm_ffa.h | 91 +++ + lib/efi_loader/efi_boottime.c | 2 +- + 14 files changed, 941 insertions(+), 15 deletions(-) + create mode 100644 drivers/firmware/arm-ffa/sandbox.c + create mode 100644 drivers/firmware/arm-ffa/sandbox_arm_ffa_prv.h + create mode 100644 include/sandbox_arm_ffa.h + +diff --git a/MAINTAINERS b/MAINTAINERS +index 9f0a1b7387..96157db6b6 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -251,6 +251,7 @@ F: cmd/armffa.c + F: doc/README.ffa.drv + F: drivers/firmware/arm-ffa/ + F: include/arm_ffa.h ++F: include/sandbox_arm_ffa.h + + ARM FREESCALE IMX + M: Stefano Babic <sbabic@denx.de> +diff --git a/common/board_r.c b/common/board_r.c +index c75634286b..f838cd5958 100644 +--- a/common/board_r.c ++++ b/common/board_r.c +@@ -783,7 +783,7 @@ static init_fnc_t init_sequence_r[] = { + INIT_FUNC_WATCHDOG_RESET + initr_net, + #endif +-#ifdef CONFIG_ARM_FFA_TRANSPORT ++#if defined(CONFIG_ARM_FFA_TRANSPORT) && !defined(CONFIG_SANDBOX_FFA) + ffa_bus_discover, + #endif + #ifdef CONFIG_POST +diff --git a/configs/sandbox64_defconfig b/configs/sandbox64_defconfig +index d7f22b39ae..78bc5aaa96 100644 +--- a/configs/sandbox64_defconfig ++++ b/configs/sandbox64_defconfig +@@ -250,3 +250,5 @@ CONFIG_TEST_FDTDEC=y + CONFIG_UNIT_TEST=y + CONFIG_UT_TIME=y + CONFIG_UT_DM=y ++CONFIG_ARM_FFA_TRANSPORT=y ++CONFIG_SANDBOX_FFA=y +\ No newline at end of file +diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig +index c509a924e6..8942aa7157 100644 +--- a/configs/sandbox_defconfig ++++ b/configs/sandbox_defconfig +@@ -327,3 +327,5 @@ CONFIG_TEST_FDTDEC=y + CONFIG_UNIT_TEST=y + CONFIG_UT_TIME=y + CONFIG_UT_DM=y ++CONFIG_ARM_FFA_TRANSPORT=y ++CONFIG_SANDBOX_FFA=y +\ No newline at end of file +diff --git a/doc/arch/sandbox.rst b/doc/arch/sandbox.rst +index 068d4a3be4..5d7e1b2c48 100644 +--- a/doc/arch/sandbox.rst ++++ b/doc/arch/sandbox.rst +@@ -203,6 +203,7 @@ Supported Drivers + + U-Boot sandbox supports these emulations: + ++- Arm FF-A + - Block devices + - Chrome OS EC + - GPIO +diff --git a/drivers/firmware/arm-ffa/Kconfig b/drivers/firmware/arm-ffa/Kconfig +index 40b467b0a5..263481de96 100644 +--- a/drivers/firmware/arm-ffa/Kconfig ++++ b/drivers/firmware/arm-ffa/Kconfig +@@ -2,8 +2,8 @@ + + config ARM_FFA_TRANSPORT + bool "Enable Arm Firmware Framework for Armv8-A driver" +- depends on DM && ARM64 +- select ARM_SMCCC ++ depends on DM && (ARM64 || SANDBOX) ++ select ARM_SMCCC if !SANDBOX + select CMD_ARMFFA + select LIB_UUID + select DEVRES +@@ -38,3 +38,9 @@ config ARM_FFA_EFI_RUNTIME_MODE + The driver Code needed at runtime is placed at EFI runtime code section. + Turning this on makes ffa_copy_runtime_data available for use and the driver + code placed at EFI runtime code section. ++ ++config SANDBOX_FFA ++ bool "FF-A Sandbox driver" ++ depends on ARM_FFA_TRANSPORT && SANDBOX ++ help ++ This emulates the FF-A handling under Sandbox and allows to test the FF-A driver +diff --git a/drivers/firmware/arm-ffa/Makefile b/drivers/firmware/arm-ffa/Makefile +index 0b9b0a61b4..d50060b836 100644 +--- a/drivers/firmware/arm-ffa/Makefile ++++ b/drivers/firmware/arm-ffa/Makefile +@@ -5,3 +5,4 @@ + + obj-y += arm-ffa-uclass.o core.o + obj-$(CONFIG_ARM_FFA_EFI_RUNTIME_MODE) += efi_ffa_runtime_data_mgr.o ++obj-$(CONFIG_SANDBOX_FFA) += sandbox.o +diff --git a/drivers/firmware/arm-ffa/arm_ffa_prv.h b/drivers/firmware/arm-ffa/arm_ffa_prv.h +index 7bc90f7f66..3e0d4c112c 100644 +--- a/drivers/firmware/arm-ffa/arm_ffa_prv.h ++++ b/drivers/firmware/arm-ffa/arm_ffa_prv.h +@@ -19,6 +19,16 @@ + /* FF-A core driver name */ + #define FFA_DRV_NAME "arm_ffa" + ++/* The FF-A SMC function definitions */ ++ ++#if CONFIG_IS_ENABLED(SANDBOX_FFA) ++#include "sandbox_arm_ffa.h" ++#else ++typedef struct arm_smccc_1_2_regs ffa_value_t; ++#endif ++ ++typedef void (*invoke_ffa_fn_t)(ffa_value_t args, ffa_value_t *res); ++ + /* FF-A driver version definitions */ + + #define MAJOR_VERSION_MASK GENMASK(30, 16) +@@ -94,11 +104,6 @@ struct ffa_abi_errmap { + #define FFA_ERRMAP_COUNT (FFA_LAST_ID - FFA_FIRST_ID + 1) + #define FFA_ID_TO_ERRMAP_ID(ffa_id) ((ffa_id) - FFA_FIRST_ID) + +-/* The FF-A SMC function definitions */ +- +-typedef struct arm_smccc_1_2_regs ffa_value_t; +-typedef void (*invoke_ffa_fn_t)(ffa_value_t args, ffa_value_t *res); +- + /* + * struct ffa_partition_uuid - 16 bytes UUID transmitted by FFA_PARTITION_INFO_GET + * @a1-4: 32-bit words access to the UUID data +diff --git a/drivers/firmware/arm-ffa/core.c b/drivers/firmware/arm-ffa/core.c +index 41c7b96e68..caba10caae 100644 +--- a/drivers/firmware/arm-ffa/core.c ++++ b/drivers/firmware/arm-ffa/core.c +@@ -1101,6 +1101,7 @@ static int __ffa_runtime ffa_msg_send_direct_req(u16 dst_part_id, struct ffa_sen + return ffa_to_std_errno(ffa_errno); + } + ++#if !CONFIG_IS_ENABLED(SANDBOX_FFA) + /** + * __arm_ffa_fn_smc - SMC wrapper + * @args: FF-A ABI arguments to be copied to Xn registers +@@ -1114,6 +1115,7 @@ void __ffa_runtime __arm_ffa_fn_smc(ffa_value_t args, ffa_value_t *res) + { + arm_smccc_1_2_smc(&args, res); + } ++#endif + + /** + * ffa_set_smc_conduit - Set the SMC conduit +@@ -1127,7 +1129,12 @@ void __ffa_runtime __arm_ffa_fn_smc(ffa_value_t args, ffa_value_t *res) + */ + static int ffa_set_smc_conduit(void) + { +- ffa_priv_data->invoke_ffa_fn = __arm_ffa_fn_smc; ++#if CONFIG_IS_ENABLED(SANDBOX_FFA) ++ ffa_priv_data->invoke_ffa_fn = sandbox_arm_ffa_smccc_smc; ++ ffa_info("Using SMC emulation"); ++#else ++ ffa_priv_data->invoke_ffa_fn = __arm_ffa_fn_smc; ++#endif + + if (!ffa_priv_data->invoke_ffa_fn) { + ffa_err("failure to set the invoke function"); +@@ -1304,17 +1311,18 @@ struct ffa_prvdata **ffa_bus_prvdata_get(void) + } + + /** +- * ffa_bus_discover - discover FF-A bus and probe the arm_ffa device ++ * ffa_bus_discover - discover FF-A bus and probe arm_ffa and sandbox_arm_ffa devices + * + * This boot time function makes sure the FF-A bus is discoverable. +- * Then, the arm_ffa device is probed and ready to use. ++ * Then, the arm_ffa and sandbox_arm_ffa devices are ready to use. ++ * + * This function is called automatically at initcalls + * level (after u-boot relocation). + * + * When the bus was already discovered successfully the discovery will not run again. + * + * Arm FF-A transport is implemented through arm_ffa u-boot device managing the FF-A +- * communication. ++ * communication. In Sandbox mode sandbox_arm_ffa is used to test arm_ffa driver. + * All FF-A clients should use the arm_ffa device to use the FF-A transport. + * + * Return: +@@ -1325,9 +1333,15 @@ int ffa_bus_discover(void) + { + int ret = 0; + +- if (!ffa_priv_data) ++ if (!ffa_priv_data) { + ret = ffa_device_get(); + ++#if CONFIG_IS_ENABLED(SANDBOX_FFA) ++ if (ret == 0) ++ ret = sandbox_ffa_device_get(); ++#endif ++ } ++ + return ret; + } + +diff --git a/drivers/firmware/arm-ffa/sandbox.c b/drivers/firmware/arm-ffa/sandbox.c +new file mode 100644 +index 0000000000..16e1fdc809 +--- /dev/null ++++ b/drivers/firmware/arm-ffa/sandbox.c +@@ -0,0 +1,659 @@ ++// SPDX-License-Identifier: GPL-2.0+ ++/* ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> ++ */ ++ ++#include "sandbox_arm_ffa_prv.h" ++#include <asm/global_data.h> ++#include <common.h> ++#include <dm.h> ++#include <dm/device-internal.h> ++#include <dm/root.h> ++#include <linux/errno.h> ++#include <linux/sizes.h> ++#include <mapmem.h> ++#include <string.h> ++ ++DECLARE_GLOBAL_DATA_PTR; ++ ++/** ++ * The device private data structure containing all the emulated secure world data ++ */ ++static struct sandbox_ffa_prvdata sandbox_ffa_priv_data = {0}; ++ ++/* The partitions (SPs) table */ ++static struct ffa_partition_desc sandbox_partitions[SANDBOX_PARTITIONS_CNT] = { ++ { ++ .info = { .id = SANDBOX_SP1_ID, .exec_ctxt = 0x5687, .properties = 0x89325621 }, ++ .sp_uuid = { ++ .a1 = SANDBOX_SERVICE1_UUID_A1, ++ .a2 = SANDBOX_SERVICE1_UUID_A2, ++ .a3 = SANDBOX_SERVICE1_UUID_A3, ++ .a4 = SANDBOX_SERVICE1_UUID_A4, ++ } ++ }, ++ { ++ .info = { .id = SANDBOX_SP2_ID, .exec_ctxt = 0x9587, .properties = 0x45325621 }, ++ .sp_uuid = { ++ .a1 = SANDBOX_SERVICE2_UUID_A1, ++ .a2 = SANDBOX_SERVICE2_UUID_A2, ++ .a3 = SANDBOX_SERVICE2_UUID_A3, ++ .a4 = SANDBOX_SERVICE2_UUID_A4, ++ } ++ }, ++ { ++ .info = { .id = SANDBOX_SP3_ID, .exec_ctxt = 0x7687, .properties = 0x23325621 }, ++ .sp_uuid = { ++ .a1 = SANDBOX_SERVICE1_UUID_A1, ++ .a2 = SANDBOX_SERVICE1_UUID_A2, ++ .a3 = SANDBOX_SERVICE1_UUID_A3, ++ .a4 = SANDBOX_SERVICE1_UUID_A4, ++ } ++ }, ++ { ++ .info = { .id = SANDBOX_SP4_ID, .exec_ctxt = 0x1487, .properties = 0x70325621 }, ++ .sp_uuid = { ++ .a1 = SANDBOX_SERVICE2_UUID_A1, ++ .a2 = SANDBOX_SERVICE2_UUID_A2, ++ .a3 = SANDBOX_SERVICE2_UUID_A3, ++ .a4 = SANDBOX_SERVICE2_UUID_A4, ++ } ++ } ++ ++}; ++ ++/* ++ * Driver functions ++ */ ++ ++/** ++ * sandbox_ffa_get_device - probes the sandbox_arm_ffa device ++ * ++ * This function makes sure the sandbox_arm_ffa device is probed ++ * This function makes sure the sandbox_arm_ffa device is ++ * created, bound to this driver, probed and ready to use. ++ * ++ * sandbox_arm_ffa depends on arm_ffa device. This dependency is ++ * handled by ffa_bus_discover function. arm_ffa is probed first then ++ * sandbox_arm_ffa. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++int sandbox_ffa_device_get(void) ++{ ++ int ret; ++ ++ if (sandbox_ffa_priv_data.dev) ++ return 0; ++ ++ ret = device_bind(dm_root(), ++ DM_DRIVER_GET(sandbox_arm_ffa), ++ FFA_SANDBOX_DRV_NAME, ++ NULL, ++ ofnode_null(), ++ &sandbox_ffa_priv_data.dev); ++ if (ret) { ++ sandbox_ffa_priv_data.dev = NULL; ++ return ret; ++ } ++ ++ ret = device_probe(sandbox_ffa_priv_data.dev); ++ if (ret) { ++ ffa_err("[Sandbox] can not probe the device"); ++ device_unbind(sandbox_ffa_priv_data.dev); ++ sandbox_ffa_priv_data.dev = NULL; ++ return ret; ++ } ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_version - Emulated FFA_VERSION handler function ++ * @{a0-a7} , res: The SMC call arguments and return structure. ++ * ++ * This is the function that emulates FFA_VERSION FF-A function. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++SANDBOX_SMC_FFA_ABI(ffa_version) ++{ ++ sandbox_ffa_priv_data.fwk_version = FFA_VERSION_1_0; ++ res->a0 = sandbox_ffa_priv_data.fwk_version; ++ ++ /* x1-x7 MBZ */ ++ memset(FFA_X1X7_MBZ_REG_START, 0, FFA_X1X7_MBZ_CNT * sizeof(unsigned long)); ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_id_get - Emulated FFA_ID_GET handler function ++ * @{a0-a7} , res: The SMC call arguments and return structure. ++ * ++ * This is the function that emulates FFA_ID_GET FF-A function. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++SANDBOX_SMC_FFA_ABI(ffa_id_get) ++{ ++ res->a0 = FFA_SMC_32(FFA_SUCCESS); ++ res->a1 = 0; ++ ++ sandbox_ffa_priv_data.id = NS_PHYS_ENDPOINT_ID; ++ res->a2 = sandbox_ffa_priv_data.id; ++ ++ /* x3-x7 MBZ */ ++ memset(FFA_X3_MBZ_REG_START, 0, FFA_X3X7_MBZ_CNT * sizeof(unsigned long)); ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_features - Emulated FFA_FEATURES handler function ++ * @{a0-a7} , res: The SMC call arguments and return structure. ++ * ++ * This is the function that emulates FFA_FEATURES FF-A function. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++SANDBOX_SMC_FFA_ABI(ffa_features) ++{ ++ if (pargs->a1 == FFA_SMC_64(FFA_RXTX_MAP)) { ++ res->a0 = FFA_SMC_32(FFA_SUCCESS); ++ res->a2 = RXTX_BUFFERS_MIN_SIZE; ++ res->a3 = 0; ++ /* x4-x7 MBZ */ ++ memset(FFA_X4X7_MBZ_REG_START, ++ 0, FFA_X4X7_MBZ_CNT * sizeof(unsigned long)); ++ } else { ++ res->a0 = FFA_SMC_32(FFA_ERROR); ++ res->a2 = FFA_ERR_STAT_NOT_SUPPORTED; ++ /* x3-x7 MBZ */ ++ memset(FFA_X3_MBZ_REG_START, ++ 0, FFA_X3X7_MBZ_CNT * sizeof(unsigned long)); ++ ffa_err("[Sandbox] FF-A interface 0x%lx not implemented", pargs->a1); ++ } ++ ++ res->a1 = 0; ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_partition_info_get - Emulated FFA_PARTITION_INFO_GET handler function ++ * @{a0-a7} , res: The SMC call arguments and return structure. ++ * ++ * This is the function that emulates FFA_PARTITION_INFO_GET FF-A function. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++SANDBOX_SMC_FFA_ABI(ffa_partition_info_get) ++{ ++ struct ffa_partition_info *rxbuf_desc_info = NULL; ++ u32 descs_cnt; ++ u32 descs_size_bytes; ++ ++ res->a0 = FFA_SMC_32(FFA_ERROR); ++ ++ if (!sandbox_ffa_priv_data.pair.rxbuf) { ++ res->a2 = FFA_ERR_STAT_DENIED; ++ goto cleanup; ++ } ++ ++ if (sandbox_ffa_priv_data.pair_info.rxbuf_owned) { ++ res->a2 = FFA_ERR_STAT_BUSY; ++ goto cleanup; ++ } ++ ++ if (!sandbox_ffa_priv_data.partitions.descs) { ++ sandbox_ffa_priv_data.partitions.descs = sandbox_partitions; ++ sandbox_ffa_priv_data.partitions.count = SANDBOX_PARTITIONS_CNT; ++ } ++ ++ descs_size_bytes = SANDBOX_PARTITIONS_CNT * sizeof(struct ffa_partition_desc); ++ ++ /* Abort if the RX buffer size is smaller than the descriptors buffer size */ ++ if ((sandbox_ffa_priv_data.pair_info.rxtx_buf_size * SZ_4K) < descs_size_bytes) { ++ res->a2 = FFA_ERR_STAT_NO_MEMORY; ++ goto cleanup; ++ } ++ ++ rxbuf_desc_info = (struct ffa_partition_info *)sandbox_ffa_priv_data.pair.rxbuf; ++ ++ /* No UUID specified. Return the information of all partitions */ ++ if (!pargs->a1 && !pargs->a2 && !pargs->a3 && !pargs->a4) { ++ for (descs_cnt = 0 ; descs_cnt < SANDBOX_PARTITIONS_CNT ; descs_cnt++) ++ *(rxbuf_desc_info++) = ++ sandbox_ffa_priv_data.partitions.descs[descs_cnt].info; ++ ++ res->a0 = FFA_SMC_32(FFA_SUCCESS); ++ res->a2 = SANDBOX_PARTITIONS_CNT; ++ /* transfer ownership to the consumer: the non secure world */ ++ sandbox_ffa_priv_data.pair_info.rxbuf_owned = 1; ++ ++ goto cleanup; ++ } ++ ++ /* ++ * A UUID is specified. Return the information of all partitions matching ++ * the UUID ++ */ ++ ++ for (descs_cnt = 0 ; descs_cnt < SANDBOX_PARTITIONS_CNT ; descs_cnt++) ++ if (pargs->a1 == sandbox_ffa_priv_data.partitions.descs[descs_cnt].sp_uuid.a1 && ++ pargs->a2 == sandbox_ffa_priv_data.partitions.descs[descs_cnt].sp_uuid.a2 && ++ pargs->a3 == sandbox_ffa_priv_data.partitions.descs[descs_cnt].sp_uuid.a3 && ++ pargs->a4 == sandbox_ffa_priv_data.partitions.descs[descs_cnt].sp_uuid.a4) { ++ *(rxbuf_desc_info++) = ++ sandbox_ffa_priv_data.partitions.descs[descs_cnt].info; ++ } ++ ++ if (rxbuf_desc_info != ((struct ffa_partition_info *)sandbox_ffa_priv_data.pair.rxbuf)) { ++ res->a0 = FFA_SMC_32(FFA_SUCCESS); ++ /* store the partitions count */ ++ res->a2 = (unsigned long) ++ (rxbuf_desc_info - (struct ffa_partition_info *) ++ sandbox_ffa_priv_data.pair.rxbuf); ++ ++ /* transfer ownership to the consumer: the non secure world */ ++ sandbox_ffa_priv_data.pair_info.rxbuf_owned = 1; ++ } else { ++ /* Unrecognized UUID */ ++ res->a2 = FFA_ERR_STAT_INVALID_PARAMETERS; ++ } ++ ++cleanup: ++ ++ ffa_err("[Sandbox] FFA_PARTITION_INFO_GET (%ld)", res->a2); ++ ++ res->a1 = 0; ++ ++ /* x3-x7 MBZ */ ++ memset(FFA_X3_MBZ_REG_START, 0, FFA_X3X7_MBZ_CNT * sizeof(unsigned long)); ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_rxtx_map - Emulated FFA_RXTX_MAP handler function ++ * @{a0-a7} , res: The SMC call arguments and return structure. ++ * ++ * This is the function that emulates FFA_RXTX_MAP FF-A function. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++SANDBOX_SMC_FFA_ABI(ffa_rxtx_map) ++{ ++ res->a0 = FFA_SMC_32(FFA_ERROR); ++ ++ if (sandbox_ffa_priv_data.pair.txbuf && sandbox_ffa_priv_data.pair.rxbuf) { ++ res->a2 = FFA_ERR_STAT_DENIED; ++ goto feedback; ++ } ++ ++ if (pargs->a3 >= RXTX_BUFFERS_MIN_PAGES && pargs->a1 && pargs->a2) { ++ sandbox_ffa_priv_data.pair.txbuf = pargs->a1; ++ sandbox_ffa_priv_data.pair.rxbuf = pargs->a2; ++ sandbox_ffa_priv_data.pair_info.rxtx_buf_size = pargs->a3; ++ sandbox_ffa_priv_data.pair_info.rxbuf_mapped = 1; ++ res->a0 = FFA_SMC_32(FFA_SUCCESS); ++ res->a2 = 0; ++ goto feedback; ++ } ++ ++ if (!pargs->a1 || !pargs->a2) ++ res->a2 = FFA_ERR_STAT_INVALID_PARAMETERS; ++ else ++ res->a2 = FFA_ERR_STAT_NO_MEMORY; ++ ++ ffa_err("[Sandbox] error in FFA_RXTX_MAP arguments (%d)", (int)res->a2); ++ ++feedback: ++ ++ res->a1 = 0; ++ ++ /* x3-x7 MBZ */ ++ memset(FFA_X3_MBZ_REG_START, ++ 0, FFA_X3X7_MBZ_CNT * sizeof(unsigned long)); ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_rxtx_unmap - Emulated FFA_RXTX_UNMAP handler function ++ * @{a0-a7} , res: The SMC call arguments and return structure. ++ * ++ * This is the function that emulates FFA_RXTX_UNMAP FF-A function. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++SANDBOX_SMC_FFA_ABI(ffa_rxtx_unmap) ++{ ++ res->a0 = FFA_SMC_32(FFA_ERROR); ++ res->a2 = FFA_ERR_STAT_INVALID_PARAMETERS; ++ ++ if (GET_NS_PHYS_ENDPOINT_ID(pargs->a1) != sandbox_ffa_priv_data.id) ++ goto feedback; ++ ++ if (sandbox_ffa_priv_data.pair.txbuf && sandbox_ffa_priv_data.pair.rxbuf) { ++ sandbox_ffa_priv_data.pair.txbuf = 0; ++ sandbox_ffa_priv_data.pair.rxbuf = 0; ++ sandbox_ffa_priv_data.pair_info.rxtx_buf_size = 0; ++ sandbox_ffa_priv_data.pair_info.rxbuf_mapped = 0; ++ res->a0 = FFA_SMC_32(FFA_SUCCESS); ++ res->a2 = 0; ++ goto feedback; ++ } ++ ++ ffa_err("[Sandbox] No buffer pair registered on behalf of the caller"); ++ ++feedback: ++ ++ res->a1 = 0; ++ ++ /* x3-x7 MBZ */ ++ memset(FFA_X3_MBZ_REG_START, ++ 0, FFA_X3X7_MBZ_CNT * sizeof(unsigned long)); ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_rx_release - Emulated FFA_RX_RELEASE handler function ++ * @{a0-a7} , res: The SMC call arguments and return structure. ++ * ++ * This is the function that emulates FFA_RX_RELEASE FF-A function. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++SANDBOX_SMC_FFA_ABI(ffa_rx_release) ++{ ++ if (!sandbox_ffa_priv_data.pair_info.rxbuf_owned) { ++ res->a0 = FFA_SMC_32(FFA_ERROR); ++ res->a2 = FFA_ERR_STAT_DENIED; ++ } else { ++ sandbox_ffa_priv_data.pair_info.rxbuf_owned = 0; ++ res->a0 = FFA_SMC_32(FFA_SUCCESS); ++ res->a2 = 0; ++ } ++ ++ res->a1 = 0; ++ ++ /* x3-x7 MBZ */ ++ memset(FFA_X3_MBZ_REG_START, ++ 0, FFA_X3X7_MBZ_CNT * sizeof(unsigned long)); ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_sp_valid - Checks SP validity ++ * @part_id: partition ID to check ++ * ++ * This is the function searches the input ID in the descriptors table. ++ * ++ * Return: ++ * ++ * 1 on success (Partition found). Otherwise, failure ++ */ ++static int sandbox_ffa_sp_valid(u16 part_id) ++{ ++ u32 descs_cnt; ++ ++ for (descs_cnt = 0 ; descs_cnt < SANDBOX_PARTITIONS_CNT ; descs_cnt++) ++ if (sandbox_ffa_priv_data.partitions.descs[descs_cnt].info.id == part_id) ++ return 1; ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_msg_send_direct_req - Emulated FFA_MSG_SEND_DIRECT_{REQ,RESP} handler function ++ * @{a0-a7} , res: The SMC call arguments and return structure. ++ * ++ * This is the function that emulates FFA_MSG_SEND_DIRECT_{REQ,RESP} ++ * FF-A functions. ++ * ++ * Emulating interrupts is not supported. So, FFA_RUN and FFA_INTERRUPT are not supported. ++ * In case of success FFA_MSG_SEND_DIRECT_RESP is returned with default pattern data (0xff). ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++SANDBOX_SMC_FFA_ABI(ffa_msg_send_direct_req) ++{ ++ u16 part_id; ++ ++ part_id = GET_DST_SP_ID(pargs->a1); ++ ++ if ((GET_NS_PHYS_ENDPOINT_ID(pargs->a1) != sandbox_ffa_priv_data.id) || ++ !sandbox_ffa_sp_valid(part_id) || ++ pargs->a2) { ++ res->a0 = FFA_SMC_32(FFA_ERROR); ++ res->a1 = 0; ++ res->a2 = FFA_ERR_STAT_INVALID_PARAMETERS; ++ ++ /* x3-x7 MBZ */ ++ memset(FFA_X3_MBZ_REG_START, ++ 0, FFA_X3X7_MBZ_CNT * sizeof(unsigned long)); ++ ++ return 0; ++ } ++ ++ res->a0 = FFA_SMC_64(FFA_MSG_SEND_DIRECT_RESP); ++ ++ res->a1 = PREP_SRC_SP_ID(part_id) | ++ PREP_NS_PHYS_ENDPOINT_ID(sandbox_ffa_priv_data.id); ++ ++ res->a2 = 0; ++ ++ /* ++ * return 0xff bytes as a response ++ */ ++ res->a3 = 0xffffffffffffffff; ++ res->a4 = 0xffffffffffffffff; ++ res->a5 = 0xffffffffffffffff; ++ res->a6 = 0xffffffffffffffff; ++ res->a7 = 0xffffffffffffffff; ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_get_prv_data - Returns the pointer to FF-A core pivate data ++ * @func_data: Pointer to the FF-A function arguments container structure ++ * ++ * This is the handler that returns the address of the FF-A core pivate data. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int sandbox_ffa_get_prv_data(struct ffa_sandbox_data *func_data) ++{ ++ if (!func_data) ++ return -EINVAL; ++ ++ if (!func_data->data0 || func_data->data0_size != sizeof(struct ffa_prvdata **)) ++ return -EINVAL; ++ ++ if (!func_data->data1 || func_data->data1_size != sizeof(struct sandbox_ffa_prvdata **)) ++ return -EINVAL; ++ ++ *((struct ffa_prvdata **)func_data->data0) = *(ffa_bus_prvdata_get()); ++ *((struct sandbox_ffa_prvdata **)func_data->data1) = &sandbox_ffa_priv_data; ++ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_get_rxbuf_flags - Reading the mapping/ownership flags ++ * @queried_func_id: The FF-A function to be queried ++ * @func_data: Pointer to the FF-A function arguments container structure ++ * ++ * This is the handler that queries the status flags of the following emulated ABIs: ++ * FFA_RXTX_MAP, FFA_RXTX_UNMAP, FFA_RX_RELEASE ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int sandbox_ffa_get_rxbuf_flags(u32 queried_func_id, struct ffa_sandbox_data *func_data) ++{ ++ if (!func_data) ++ return -EINVAL; ++ ++ if (!func_data->data0 || func_data->data0_size != sizeof(u8)) ++ return -EINVAL; ++ ++ switch (queried_func_id) { ++ case FFA_RXTX_MAP: ++ case FFA_RXTX_UNMAP: ++ *((u8 *)func_data->data0) = sandbox_ffa_priv_data.pair_info.rxbuf_mapped; ++ return 0; ++ case FFA_RX_RELEASE: ++ *((u8 *)func_data->data0) = sandbox_ffa_priv_data.pair_info.rxbuf_owned; ++ return 0; ++ default: ++ ffa_err("[Sandbox] The querried FF-A interface flag (%d) undefined", ++ queried_func_id); ++ return -EINVAL; ++ } ++} ++ ++/** ++ * sandbox_ffa_query_core_state - The driver dispatcher function ++ * @queried_func_id: The FF-A function to be queried ++ * @func_data: Pointer to the FF-A function arguments container structure ++ * ++ * Queries the status of FF-A ABI specified in the input argument. ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++int sandbox_ffa_query_core_state(u32 queried_func_id, struct ffa_sandbox_data *func_data) ++{ ++ switch (queried_func_id) { ++ case FFA_VERSION: ++ case FFA_ID_GET: ++ case FFA_FEATURES: ++ return sandbox_ffa_get_prv_data(func_data); ++ case FFA_RXTX_MAP: ++ case FFA_RXTX_UNMAP: ++ case FFA_RX_RELEASE: ++ return sandbox_ffa_get_rxbuf_flags(queried_func_id, func_data); ++ default: ++ ffa_err("[Sandbox] The querried FF-A interface (%d) undefined", queried_func_id); ++ return -EINVAL; ++ } ++} ++ ++/** ++ * sandbox_arm_ffa_smccc_smc - FF-A SMC call emulation ++ * @args: the SMC call arguments ++ * @res: the SMC call returned data ++ * ++ * Sandbox driver emulates the FF-A ABIs SMC call using this function. ++ * The emulated FF-A ABI is identified and invoked. ++ * FF-A emulation is based on the FF-A specification 1.0 ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure. ++ * FF-A protocol error codes are returned using the registers arguments as described ++ * by the specification ++ */ ++void sandbox_arm_ffa_smccc_smc(ffa_value_t args, ffa_value_t *res) ++{ ++ int ret = 0; ++ ++ switch (args.a0) { ++ case FFA_SMC_32(FFA_VERSION): ++ ret = sandbox_ffa_version(&args, res); ++ break; ++ case FFA_SMC_32(FFA_PARTITION_INFO_GET): ++ ret = sandbox_ffa_partition_info_get(&args, res); ++ break; ++ case FFA_SMC_32(FFA_RXTX_UNMAP): ++ ret = sandbox_ffa_rxtx_unmap(&args, res); ++ break; ++ case FFA_SMC_64(FFA_MSG_SEND_DIRECT_REQ): ++ ret = sandbox_ffa_msg_send_direct_req(&args, res); ++ break; ++ case FFA_SMC_32(FFA_ID_GET): ++ ret = sandbox_ffa_id_get(&args, res); ++ break; ++ case FFA_SMC_32(FFA_FEATURES): ++ ret = sandbox_ffa_features(&args, res); ++ break; ++ case FFA_SMC_64(FFA_RXTX_MAP): ++ ret = sandbox_ffa_rxtx_map(&args, res); ++ break; ++ case FFA_SMC_32(FFA_RX_RELEASE): ++ ret = sandbox_ffa_rx_release(&args, res); ++ break; ++ default: ++ ffa_err("[Sandbox] Undefined FF-A interface (0x%lx)", args.a0); ++ } ++ ++ if (ret != 0) ++ ffa_err("[Sandbox] FF-A ABI internal failure (%d)", ret); ++} ++ ++/** ++ * sandbox_ffa_probe - The driver probe function ++ * @dev: the sandbox_arm_ffa device ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int sandbox_ffa_probe(struct udevice *dev) ++{ ++ return 0; ++} ++ ++/** ++ * sandbox_ffa_remove - The driver remove function ++ * @dev: the sandbox_arm_ffa device ++ * ++ * Return: ++ * ++ * 0 on success. Otherwise, failure ++ */ ++static int sandbox_ffa_remove(struct udevice *dev) ++{ ++ ffa_info("[Sandbox] removing the device"); ++ memset(&sandbox_ffa_priv_data, 0, sizeof(sandbox_ffa_priv_data)); ++ return 0; ++} ++ ++/** ++ * Declaring the sandbox_arm_ffa driver under UCLASS_FFA ++ */ ++U_BOOT_DRIVER(sandbox_arm_ffa) = { ++ .name = FFA_SANDBOX_DRV_NAME, ++ .id = UCLASS_FFA, ++ .probe = sandbox_ffa_probe, ++ .remove = sandbox_ffa_remove, ++}; +diff --git a/drivers/firmware/arm-ffa/sandbox_arm_ffa_prv.h b/drivers/firmware/arm-ffa/sandbox_arm_ffa_prv.h +new file mode 100644 +index 0000000000..4db57f5092 +--- /dev/null ++++ b/drivers/firmware/arm-ffa/sandbox_arm_ffa_prv.h +@@ -0,0 +1,144 @@ ++/* SPDX-License-Identifier: GPL-2.0+ */ ++/* ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> ++ */ ++ ++#ifndef __SANDBOX_ARM_FFA_PRV_H ++#define __SANDBOX_ARM_FFA_PRV_H ++ ++#include "arm_ffa_prv.h" ++#include <sandbox_arm_ffa.h> ++ ++/* ++ * This header is private. It is exclusively used by the Sandbox FF-A driver ++ */ ++ ++/* FF-A core driver name */ ++#define FFA_SANDBOX_DRV_NAME "sandbox_arm_ffa" ++ ++/* FF-A ABIs internal error codes (as defined by the spec) */ ++ ++#define FFA_ERR_STAT_NOT_SUPPORTED -1 ++#define FFA_ERR_STAT_INVALID_PARAMETERS -2 ++#define FFA_ERR_STAT_NO_MEMORY -3 ++#define FFA_ERR_STAT_BUSY -4 ++#define FFA_ERR_STAT_DENIED -6 ++ ++/* Providing Arm SMCCC declarations to sandbox */ ++ ++#define ARM_SMCCC_FAST_CALL 1UL ++#define ARM_SMCCC_OWNER_STANDARD 4 ++#define ARM_SMCCC_SMC_32 0 ++#define ARM_SMCCC_SMC_64 1 ++#define ARM_SMCCC_TYPE_SHIFT 31 ++#define ARM_SMCCC_CALL_CONV_SHIFT 30 ++#define ARM_SMCCC_OWNER_MASK 0x3F ++#define ARM_SMCCC_OWNER_SHIFT 24 ++#define ARM_SMCCC_FUNC_MASK 0xFFFF ++ ++#define ARM_SMCCC_CALL_VAL(type, calling_convention, owner, func_num) \ ++ (((type) << ARM_SMCCC_TYPE_SHIFT) | \ ++ ((calling_convention) << ARM_SMCCC_CALL_CONV_SHIFT) | \ ++ (((owner) & ARM_SMCCC_OWNER_MASK) << ARM_SMCCC_OWNER_SHIFT) | \ ++ ((func_num) & ARM_SMCCC_FUNC_MASK)) ++ ++/* Non-secure physical FF-A instance */ ++#define NS_PHYS_ENDPOINT_ID (0) ++ ++#define GET_NS_PHYS_ENDPOINT_ID_MASK GENMASK(31, 16) ++#define GET_NS_PHYS_ENDPOINT_ID(x) \ ++ ((u16)(FIELD_GET(GET_NS_PHYS_ENDPOINT_ID_MASK, (x)))) ++ ++/* Helper macro for reading the destination partition ID */ ++#define GET_DST_SP_ID_MASK GENMASK(15, 0) ++#define GET_DST_SP_ID(x) \ ++ ((u16)(FIELD_GET(GET_DST_SP_ID_MASK, (x)))) ++ ++/* Helper macro for setting the source partition ID */ ++#define PREP_SRC_SP_ID_MASK GENMASK(31, 16) ++#define PREP_SRC_SP_ID(x) \ ++ (FIELD_PREP(PREP_SRC_SP_ID_MASK, (x))) ++ ++/* Helper macro for setting the destination endpoint ID */ ++#define PREP_NS_PHYS_ENDPOINT_ID_MASK GENMASK(15, 0) ++#define PREP_NS_PHYS_ENDPOINT_ID(x) \ ++ (FIELD_PREP(PREP_NS_PHYS_ENDPOINT_ID_MASK, (x))) ++ ++/* RX/TX buffers minimum size */ ++#define RXTX_BUFFERS_MIN_SIZE (RXTX_4K) ++#define RXTX_BUFFERS_MIN_PAGES (1) ++ ++/* MBZ registers info */ ++ ++/* x1-x7 MBZ */ ++#define FFA_X1X7_MBZ_CNT (7) ++#define FFA_X1X7_MBZ_REG_START (&res->a1) ++ ++/* x4-x7 MBZ */ ++#define FFA_X4X7_MBZ_CNT (4) ++#define FFA_X4X7_MBZ_REG_START (&res->a4) ++ ++/* x3-x7 MBZ */ ++#define FFA_X3X7_MBZ_CNT (5) ++#define FFA_X3_MBZ_REG_START (&res->a3) ++ ++/* secure partitions count */ ++#define SANDBOX_PARTITIONS_CNT (4) ++ ++/* service 1 UUID binary data (little-endian format) */ ++#define SANDBOX_SERVICE1_UUID_A1 0xed32d533 ++#define SANDBOX_SERVICE1_UUID_A2 0x99e64209 ++#define SANDBOX_SERVICE1_UUID_A3 0x9cc02d72 ++#define SANDBOX_SERVICE1_UUID_A4 0xcdd998a7 ++ ++/* service 2 UUID binary data (little-endian format) */ ++#define SANDBOX_SERVICE2_UUID_A1 0xed32d544 ++#define SANDBOX_SERVICE2_UUID_A2 0x99e64209 ++#define SANDBOX_SERVICE2_UUID_A3 0x9cc02d72 ++#define SANDBOX_SERVICE2_UUID_A4 0xcdd998a7 ++ ++/** ++ * struct ffa_rxtxpair_info - structure hosting the RX/TX buffers flags ++ * @rxbuf_owned: RX buffer ownership flag (the owner is non secure world: the consumer) ++ * @rxbuf_mapped: RX buffer mapping flag ++ * @txbuf_owned TX buffer ownership flag ++ * @txbuf_mapped: TX buffer mapping flag ++ * @rxtx_buf_size: RX/TX buffers size as set by the FF-A core driver ++ * ++ * Data structure hosting the ownership/mapping flags of the RX/TX buffers ++ * When a buffer is owned/mapped its corresponding flag is set to 1 otherwise 0. ++ */ ++struct ffa_rxtxpair_info { ++ u8 rxbuf_owned; ++ u8 rxbuf_mapped; ++ u8 txbuf_owned; ++ u8 txbuf_mapped; ++ u32 rxtx_buf_size; ++}; ++ ++/** ++ * struct sandbox_ffa_prvdata - the driver private data structure ++ * ++ * @dev: The arm_ffa device under u-boot driver model ++ * @fwk_version: FF-A framework version ++ * @id: u-boot endpoint ID ++ * @partitions: The partitions descriptors structure ++ * @pair: The RX/TX buffers pair ++ * @pair_info: The RX/TX buffers pair flags and size ++ * @conduit: The selected conduit ++ * ++ * The driver data structure hosting all the emulated secure world data. ++ */ ++struct sandbox_ffa_prvdata { ++ struct udevice *dev; ++ u32 fwk_version; ++ u16 id; ++ struct ffa_partitions partitions; ++ struct ffa_rxtxpair pair; ++ struct ffa_rxtxpair_info pair_info; ++}; ++ ++#define SANDBOX_SMC_FFA_ABI(ffabi) static int sandbox_##ffabi(ffa_value_t *pargs, ffa_value_t *res) ++ ++#endif +diff --git a/include/arm_ffa.h b/include/arm_ffa.h +index f17b100497..665413a0c5 100644 +--- a/include/arm_ffa.h ++++ b/include/arm_ffa.h +@@ -111,7 +111,7 @@ struct ffa_bus_ops { + const struct ffa_bus_ops * __ffa_runtime ffa_bus_ops_get(void); + + /** +- * ffa_bus_discover - discover FF-A bus and probes the arm_ffa device ++ * ffa_bus_discover - discover FF-A bus and probes the arm_ffa and sandbox_arm_ffa devices + */ + int ffa_bus_discover(void); + +diff --git a/include/sandbox_arm_ffa.h b/include/sandbox_arm_ffa.h +new file mode 100644 +index 0000000000..d5df16f282 +--- /dev/null ++++ b/include/sandbox_arm_ffa.h +@@ -0,0 +1,91 @@ ++/* SPDX-License-Identifier: GPL-2.0+ */ ++/* ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> ++ */ ++ ++#ifndef __SANDBOX_ARM_FFA_H ++#define __SANDBOX_ARM_FFA_H ++ ++#include <arm_ffa.h> ++ ++/** ++ * struct sandbox_smccc_1_2_regs - Arguments for or Results from emulated SMC call ++ * @a0-a17 argument values from registers 0 to 17 ++ */ ++struct sandbox_smccc_1_2_regs { ++ unsigned long a0; ++ unsigned long a1; ++ unsigned long a2; ++ unsigned long a3; ++ unsigned long a4; ++ unsigned long a5; ++ unsigned long a6; ++ unsigned long a7; ++ unsigned long a8; ++ unsigned long a9; ++ unsigned long a10; ++ unsigned long a11; ++ unsigned long a12; ++ unsigned long a13; ++ unsigned long a14; ++ unsigned long a15; ++ unsigned long a16; ++ unsigned long a17; ++}; ++ ++typedef struct sandbox_smccc_1_2_regs ffa_value_t; ++ ++/* UUIDs of services supported by the sandbox driver */ ++#define SANDBOX_SERVICE1_UUID "ed32d533-4209-99e6-2d72-cdd998a79cc0" ++#define SANDBOX_SERVICE2_UUID "ed32d544-4209-99e6-2d72-cdd998a79cc0" ++#define SANDBOX_SP1_ID 0x1245 ++#define SANDBOX_SP2_ID 0x9836 ++#define SANDBOX_SP3_ID 0x6452 ++#define SANDBOX_SP4_ID 0x7814 ++ ++/* invalid service UUID (no matching SP) */ ++#define SANDBOX_SERVICE3_UUID "55d532ed-0942-e699-722d-c09ca798d9cd" ++ ++/* invalid service UUID (invalid UUID string format) */ ++#define SANDBOX_SERVICE4_UUID "32ed-0942-e699-722d-c09ca798d9cd" ++ ++#define SANDBOX_SP_COUNT_PER_VALID_SERVICE 2 ++ ++/** ++ * struct ffa_sandbox_data - generic data structure used to exchange ++ * data between test cases and the sandbox driver ++ * @data0_size: size of the first argument ++ * @data0: pointer to the first argument ++ * @data1_size>: size of the second argument ++ * @data1: pointer to the second argument ++ * ++ * Using this structure sandbox test cases can pass various types of data with different sizes. ++ */ ++struct ffa_sandbox_data { ++ u32 data0_size; /* size of the first argument */ ++ void *data0; /* pointer to the first argument */ ++ u32 data1_size; /* size of the second argument */ ++ void *data1; /* pointer to the second argument */ ++}; ++ ++/** ++ * The sandbox driver public functions ++ */ ++ ++/** ++ * sandbox_ffa_query_core_state - Queries the status of FF-A ABIs ++ */ ++int sandbox_ffa_query_core_state(u32 queried_func_id, struct ffa_sandbox_data *func_data); ++ ++/** ++ * sandbox_ffa_get_device - create, bind and probe the sandbox_arm_ffa device ++ */ ++int sandbox_ffa_device_get(void); ++ ++/** ++ * sandbox_arm_ffa_smccc_smc - FF-A SMC call emulation ++ */ ++void sandbox_arm_ffa_smccc_smc(ffa_value_t args, ffa_value_t *res); ++ ++#endif +diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c +index 0ec002ac8b..8fa9a58d76 100644 +--- a/lib/efi_loader/efi_boottime.c ++++ b/lib/efi_loader/efi_boottime.c +@@ -2177,7 +2177,7 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, + dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL); + } + +-#if CONFIG_IS_ENABLED(ARM_FFA_TRANSPORT) ++#if CONFIG_IS_ENABLED(ARM_FFA_TRANSPORT) && !CONFIG_IS_ENABLED(SANDBOX_FFA) + /* unmap FF-A RX/TX buffers */ + if (ffa_bus_ops_get()->rxtx_unmap()) + debug("[efi_boottime][ERROR]: can not unmap FF-A RX/TX buffers\n"); +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-arm_ffa-introduce-Sandbox-test-cases-for-UCLASS_FFA.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-arm_ffa-introduce-Sandbox-test-cases-for-UCLASS_FFA.patch new file mode 100644 index 0000000000..edc5ed60e9 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-arm_ffa-introduce-Sandbox-test-cases-for-UCLASS_FFA.patch @@ -0,0 +1,455 @@ +From dbc51066367481b5a45ce24f91571f83a022576e Mon Sep 17 00:00:00 2001 +From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Date: Mon, 6 Jun 2022 17:26:06 +0100 +Subject: [PATCH 12/26] arm_ffa: introduce Sandbox test cases for UCLASS_FFA + +Add functional test cases for the FF-A core driver + +These tests rely on the FF-A Sandbox driver which helps in + inspecting the FF-A core driver. + +Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/] +--- + +Changelog: +=============== + +v4: align sandbox tests with the new FF-A driver interfaces + and new way of error handling + +v1: introduce sandbox tests + + MAINTAINERS | 1 + + test/dm/Makefile | 1 + + test/dm/ffa.c | 394 +++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 396 insertions(+) + create mode 100644 test/dm/ffa.c + +diff --git a/MAINTAINERS b/MAINTAINERS +index 96157db6b6..e5b71b0ade 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -252,6 +252,7 @@ F: doc/README.ffa.drv + F: drivers/firmware/arm-ffa/ + F: include/arm_ffa.h + F: include/sandbox_arm_ffa.h ++F: test/dm/ffa.c + + ARM FREESCALE IMX + M: Stefano Babic <sbabic@denx.de> +diff --git a/test/dm/Makefile b/test/dm/Makefile +index f0a7c97e3d..f96f848046 100644 +--- a/test/dm/Makefile ++++ b/test/dm/Makefile +@@ -79,6 +79,7 @@ obj-$(CONFIG_POWER_DOMAIN) += power-domain.o + obj-$(CONFIG_ACPI_PMC) += pmc.o + obj-$(CONFIG_DM_PMIC) += pmic.o + obj-$(CONFIG_DM_PWM) += pwm.o ++obj-$(CONFIG_SANDBOX_FFA) += ffa.o + obj-$(CONFIG_QFW) += qfw.o + obj-$(CONFIG_RAM) += ram.o + obj-y += regmap.o +diff --git a/test/dm/ffa.c b/test/dm/ffa.c +new file mode 100644 +index 0000000000..052d5fc3f4 +--- /dev/null ++++ b/test/dm/ffa.c +@@ -0,0 +1,394 @@ ++// SPDX-License-Identifier: GPL-2.0+ ++/* ++ * Functional tests for UCLASS_FFA class ++ * ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> ++ */ ++ ++#include <common.h> ++#include <console.h> ++#include <dm.h> ++#include <dm/test.h> ++#include "../../drivers/firmware/arm-ffa/sandbox_arm_ffa_prv.h" ++#include <sandbox_arm_ffa.h> ++#include <test/test.h> ++#include <test/ut.h> ++ ++/* Macros */ ++ ++#define LOG_MSG_SZ (100) ++#define LOG_CMD_SZ (LOG_MSG_SZ * 2) ++ ++/* Functional tests for the UCLASS_FFA */ ++ ++static int dm_test_ffa_log(struct unit_test_state *uts, char *msg) ++{ ++ char cmd[LOG_CMD_SZ] = {0}; ++ ++ console_record_reset(); ++ ++ snprintf(cmd, LOG_CMD_SZ, "echo \"%s\"", msg); ++ run_command(cmd, 0); ++ ++ ut_assert_console_end(); ++ ++ return CMD_RET_SUCCESS; ++} ++ ++static int check_fwk_version(struct ffa_prvdata *prvdata, struct sandbox_ffa_prvdata *sdx_prvdata, ++ struct unit_test_state *uts) ++{ ++ if (prvdata->fwk_version != sdx_prvdata->fwk_version) { ++ char msg[LOG_MSG_SZ] = {0}; ++ ++ snprintf(msg, LOG_MSG_SZ, ++ "[%s]: Error: framework version: core = 0x%x , sandbox = 0x%x", __func__, ++ prvdata->fwk_version, ++ sdx_prvdata->fwk_version); ++ ++ dm_test_ffa_log(uts, msg); ++ return CMD_RET_FAILURE; ++ } ++ return CMD_RET_SUCCESS; ++} ++ ++static int check_endpoint_id(struct ffa_prvdata *prvdata, struct unit_test_state *uts) ++{ ++ if (prvdata->id) { ++ char msg[LOG_MSG_SZ] = {0}; ++ ++ snprintf(msg, LOG_MSG_SZ, ++ "[%s]: Error: endpoint id: core = 0x%x", __func__, prvdata->id); ++ dm_test_ffa_log(uts, msg); ++ return CMD_RET_FAILURE; ++ } ++ return CMD_RET_SUCCESS; ++} ++ ++static int check_core_dev(struct ffa_prvdata *prvdata, struct unit_test_state *uts) ++{ ++ if (!prvdata->dev) { ++ char msg[LOG_MSG_SZ] = {0}; ++ ++ snprintf(msg, LOG_MSG_SZ, "[%s]: Error: core device NULL", __func__); ++ dm_test_ffa_log(uts, msg); ++ return CMD_RET_FAILURE; ++ } ++ return CMD_RET_SUCCESS; ++} ++ ++static int check_sandbox_dev(struct sandbox_ffa_prvdata *sdx_prvdata, struct unit_test_state *uts) ++{ ++ if (!sdx_prvdata->dev) { ++ char msg[LOG_MSG_SZ] = {0}; ++ ++ snprintf(msg, LOG_MSG_SZ, "[%s]: Error: sandbox device NULL", __func__); ++ dm_test_ffa_log(uts, msg); ++ return CMD_RET_FAILURE; ++ } ++ return CMD_RET_SUCCESS; ++} ++ ++static int check_rxtxbuf(struct ffa_prvdata *prvdata, struct unit_test_state *uts) ++{ ++ if (!prvdata->pair.rxbuf && prvdata->pair.txbuf) { ++ char msg[LOG_MSG_SZ] = {0}; ++ ++ snprintf(msg, LOG_MSG_SZ, "[%s]: Error: rxbuf = 0x%llx txbuf = 0x%llx", __func__, ++ prvdata->pair.rxbuf, ++ prvdata->pair.txbuf); ++ dm_test_ffa_log(uts, msg); ++ return CMD_RET_FAILURE; ++ } ++ return CMD_RET_SUCCESS; ++} ++ ++static int check_features(struct ffa_prvdata *prvdata, struct unit_test_state *uts) ++{ ++ char msg[LOG_MSG_SZ] = {0}; ++ ++ if (prvdata->pair.rxtx_min_pages != RXTX_4K && ++ prvdata->pair.rxtx_min_pages != RXTX_16K && ++ prvdata->pair.rxtx_min_pages != RXTX_64K) { ++ snprintf(msg, ++ LOG_MSG_SZ, ++ "[%s]: Error: FFA_RXTX_MAP features = 0x%lx", ++ __func__, ++ prvdata->pair.rxtx_min_pages); ++ dm_test_ffa_log(uts, msg); ++ return CMD_RET_FAILURE; ++ } ++ ++ return CMD_RET_SUCCESS; ++} ++ ++static int check_rxbuf_mapped_flag(u32 queried_func_id, ++ u8 rxbuf_mapped, ++ struct unit_test_state *uts) ++{ ++ char msg[LOG_MSG_SZ] = {0}; ++ ++ switch (queried_func_id) { ++ case FFA_RXTX_MAP: ++ { ++ if (rxbuf_mapped) ++ return CMD_RET_SUCCESS; ++ break; ++ } ++ case FFA_RXTX_UNMAP: ++ { ++ if (!rxbuf_mapped) ++ return CMD_RET_SUCCESS; ++ break; ++ } ++ default: ++ return CMD_RET_FAILURE; ++ } ++ ++ snprintf(msg, LOG_MSG_SZ, "[%s]: Error: %s mapping issue", __func__, ++ (queried_func_id == FFA_RXTX_MAP ? "FFA_RXTX_MAP" : "FFA_RXTX_UNMAP")); ++ dm_test_ffa_log(uts, msg); ++ ++ return CMD_RET_FAILURE; ++} ++ ++static int check_rxbuf_release_flag(u8 rxbuf_owned, struct unit_test_state *uts) ++{ ++ if (rxbuf_owned) { ++ char msg[LOG_MSG_SZ] = {0}; ++ ++ snprintf(msg, LOG_MSG_SZ, "[%s]: Error: RX buffer not released", __func__); ++ dm_test_ffa_log(uts, msg); ++ return CMD_RET_FAILURE; ++ } ++ return CMD_RET_SUCCESS; ++} ++ ++static int test_ffa_msg_send_direct_req(u16 part_id, struct unit_test_state *uts) ++{ ++ struct ffa_send_direct_data msg = {0}; ++ u8 cnt; ++ ++ ut_assertok(ffa_bus_ops_get()->sync_send_receive(part_id, &msg)); ++ ++ for (cnt = 0; cnt < sizeof(struct ffa_send_direct_data) / sizeof(u64); cnt++) ++ ut_assertok(((u64 *)&msg)[cnt] != 0xffffffffffffffff); ++ ++ return CMD_RET_SUCCESS; ++} ++ ++static int test_partitions_and_comms(const char *service_uuid, ++ struct sandbox_ffa_prvdata *sdx_prvdata, ++ struct unit_test_state *uts) ++{ ++ u32 count = 0, size = 0; ++ struct ffa_partition_info *parts_info; ++ u32 info_idx, exp_info_idx; ++ int ret; ++ ++ /* ++ * get from the driver the count of the SPs matching the UUID ++ */ ++ ret = ffa_bus_ops_get()->partition_info_get(service_uuid, &count, NULL); ++ /* make sure partitions are detected */ ++ ut_assertok(ret != 0); ++ ut_assertok(count != SANDBOX_SP_COUNT_PER_VALID_SERVICE); ++ ++ /* ++ * pre-allocate a buffer to be filled by the driver ++ * with ffa_partition_info structs ++ */ ++ ++ parts_info = calloc(count, sizeof(struct ffa_partition_info)); ++ ut_assertok(!parts_info); ++ ++ size = count * sizeof(struct ffa_partition_info); ++ ++ /* ++ * ask the driver to fill the buffer with the SPs info ++ */ ++ ret = ffa_bus_ops_get()->partition_info_get(service_uuid, &size, parts_info); ++ if (ret != 0) { ++ free(parts_info); ++ ut_assertok(ret != 0); ++ } ++ ++ /* ++ * SPs found , verify the partitions information ++ */ ++ ++ ret = CMD_RET_FAILURE; ++ ++ for (info_idx = 0; info_idx < count ; info_idx++) { ++ for (exp_info_idx = 0; ++ exp_info_idx < sdx_prvdata->partitions.count; ++ exp_info_idx++) { ++ if (parts_info[info_idx].id == ++ sdx_prvdata->partitions.descs[exp_info_idx].info.id) { ++ ret = memcmp(&parts_info[info_idx], ++ &sdx_prvdata->partitions.descs[exp_info_idx] ++ .info, ++ sizeof(struct ffa_partition_info)); ++ if (ret) ++ free(parts_info); ++ ut_assertok(ret != 0); ++ /* send and receive data from the current partition */ ++ test_ffa_msg_send_direct_req(parts_info[info_idx].id, uts); ++ } ++ ret = CMD_RET_SUCCESS; ++ } ++ } ++ ++ free(parts_info); ++ ++ /* Verify expected partitions found in the emulated secure world*/ ++ ut_assertok(ret != CMD_RET_SUCCESS); ++ ++ return CMD_RET_SUCCESS; ++} ++ ++static int dm_test_ffa_ack(struct unit_test_state *uts) ++{ ++ struct ffa_prvdata *prvdata = NULL; ++ struct sandbox_ffa_prvdata *sdx_prvdata = NULL; ++ struct ffa_sandbox_data func_data = {0}; ++ u8 rxbuf_flag = 0; ++ const char *svc1_uuid = SANDBOX_SERVICE1_UUID; ++ const char *svc2_uuid = SANDBOX_SERVICE2_UUID; ++ int ret; ++ ++ /* test probing FF-A devices */ ++ ut_assertok(ffa_bus_discover()); ++ ++ /* get a pointer to the FF-A core and sandbox drivers private data */ ++ func_data.data0 = &prvdata; ++ func_data.data0_size = sizeof(prvdata); ++ func_data.data1 = &sdx_prvdata; ++ func_data.data1_size = sizeof(sdx_prvdata); ++ ++ ut_assertok(sandbox_ffa_query_core_state(FFA_VERSION, &func_data)); ++ ++ /* make sure private data pointers are retrieved */ ++ ut_assertok(prvdata == 0); ++ ut_assertok(sdx_prvdata == 0); ++ ++ /* make sure dev devices created */ ++ ut_assertok(check_core_dev(prvdata, uts)); ++ ut_assertok(check_sandbox_dev(sdx_prvdata, uts)); ++ ++ /* test FFA_VERSION */ ++ ut_assertok(check_fwk_version(prvdata, sdx_prvdata, uts)); ++ ++ /* test FFA_ID_GET */ ++ ut_assertok(check_endpoint_id(prvdata, uts)); ++ ++ /* test FFA_FEATURES */ ++ ut_assertok(check_features(prvdata, uts)); ++ ++ /* test core RX/TX buffers */ ++ ut_assertok(check_rxtxbuf(prvdata, uts)); ++ ++ /* test FFA_RXTX_MAP */ ++ func_data.data0 = &rxbuf_flag; ++ func_data.data0_size = sizeof(rxbuf_flag); ++ ++ rxbuf_flag = 0; ++ ut_assertok(sandbox_ffa_query_core_state(FFA_RXTX_MAP, &func_data)); ++ ut_assertok(check_rxbuf_mapped_flag(FFA_RXTX_MAP, rxbuf_flag, uts)); ++ ++ /* FFA_PARTITION_INFO_GET / FFA_MSG_SEND_DIRECT_REQ */ ++ ret = test_partitions_and_comms(svc1_uuid, sdx_prvdata, uts); ++ ut_assertok(ret != CMD_RET_SUCCESS); ++ ++ /* test FFA_RX_RELEASE */ ++ rxbuf_flag = 1; ++ ut_assertok(sandbox_ffa_query_core_state(FFA_RX_RELEASE, &func_data)); ++ ut_assertok(check_rxbuf_release_flag(rxbuf_flag, uts)); ++ ++ /* FFA_PARTITION_INFO_GET / FFA_MSG_SEND_DIRECT_REQ */ ++ ret = test_partitions_and_comms(svc2_uuid, sdx_prvdata, uts); ++ ut_assertok(ret != CMD_RET_SUCCESS); ++ ++ /* test FFA_RX_RELEASE */ ++ rxbuf_flag = 1; ++ ut_assertok(sandbox_ffa_query_core_state(FFA_RX_RELEASE, &func_data)); ++ ut_assertok(check_rxbuf_release_flag(rxbuf_flag, uts)); ++ ++ /* test FFA_RXTX_UNMAP */ ++ ut_assertok(ffa_bus_ops_get()->rxtx_unmap()); ++ ++ rxbuf_flag = 1; ++ ut_assertok(sandbox_ffa_query_core_state(FFA_RXTX_UNMAP, &func_data)); ++ ut_assertok(check_rxbuf_mapped_flag(FFA_RXTX_UNMAP, rxbuf_flag, uts)); ++ ++ return CMD_RET_SUCCESS; ++} ++ ++DM_TEST(dm_test_ffa_ack, UT_TESTF_SCAN_FDT | UT_TESTF_CONSOLE_REC); ++ ++static int dm_test_ffa_nack(struct unit_test_state *uts) ++{ ++ struct ffa_prvdata *prvdata = NULL; ++ struct sandbox_ffa_prvdata *sdx_prvdata = NULL; ++ struct ffa_sandbox_data func_data = {0}; ++ const char *valid_svc_uuid = SANDBOX_SERVICE1_UUID; ++ const char *unvalid_svc_uuid = SANDBOX_SERVICE3_UUID; ++ const char *unvalid_svc_uuid_str = SANDBOX_SERVICE4_UUID; ++ struct ffa_send_direct_data msg = {0}; ++ int ret; ++ u32 count = 0; ++ u16 part_id = 0; ++ ++ /* test probing FF-A devices */ ++ ut_assertok(ffa_bus_discover()); ++ ++ /* get a pointer to the FF-A core and sandbox drivers private data */ ++ func_data.data0 = &prvdata; ++ func_data.data0_size = sizeof(prvdata); ++ func_data.data1 = &sdx_prvdata; ++ func_data.data1_size = sizeof(sdx_prvdata); ++ ++ ut_assertok(sandbox_ffa_query_core_state(FFA_VERSION, &func_data)); ++ ++ /* make sure private data pointers are retrieved */ ++ ut_assertok(prvdata == 0); ++ ut_assertok(sdx_prvdata == 0); ++ ++ /* make sure dev devices created */ ++ ut_assertok(check_core_dev(prvdata, uts)); ++ ut_assertok(check_sandbox_dev(sdx_prvdata, uts)); ++ ++ /* query partitions count using invalid arguments */ ++ ret = ffa_bus_ops_get()->partition_info_get(unvalid_svc_uuid, NULL, NULL); ++ ut_assertok(ret != -EINVAL); ++ ++ /* query partitions count using an invalid UUID string */ ++ ret = ffa_bus_ops_get()->partition_info_get(unvalid_svc_uuid_str, &count, NULL); ++ ut_assertok(ret != -EINVAL); ++ ++ /* query partitions count using an invalid UUID (no matching SP) */ ++ count = 0; ++ ret = ffa_bus_ops_get()->partition_info_get(unvalid_svc_uuid, &count, NULL); ++ ut_assertok(count != 0); ++ ++ /* query partitions count using a valid UUID */ ++ count = 0; ++ ret = ffa_bus_ops_get()->partition_info_get(valid_svc_uuid, &count, NULL); ++ /* make sure partitions are detected */ ++ ut_assertok(ret != 0); ++ ut_assertok(count != SANDBOX_SP_COUNT_PER_VALID_SERVICE); ++ ++ /* send data to an invalid partition */ ++ ret = ffa_bus_ops_get()->sync_send_receive(part_id, &msg); ++ ut_assertok(ret != -EINVAL); ++ ++ /* send data to a valid partition */ ++ part_id = prvdata->partitions.descs[0].info.id; ++ ret = ffa_bus_ops_get()->sync_send_receive(part_id, &msg); ++ ut_assertok(ret != 0); ++ ++ return CMD_RET_SUCCESS; ++} ++ ++DM_TEST(dm_test_ffa_nack, UT_TESTF_SCAN_FDT | UT_TESTF_CONSOLE_REC); +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-arm_ffa-introduce-armffa-command-Sandbox-test.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-arm_ffa-introduce-armffa-command-Sandbox-test.patch new file mode 100644 index 0000000000..9722677c5d --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-arm_ffa-introduce-armffa-command-Sandbox-test.patch @@ -0,0 +1,94 @@ +From 5be8c1d52045cbdc1adf79299792a6a49fef66c3 Mon Sep 17 00:00:00 2001 +From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Date: Mon, 6 Jun 2022 17:30:44 +0100 +Subject: [PATCH 13/26] arm_ffa: introduce armffa command Sandbox test + +Add Sandbox test for the armffa command + +Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/] +--- + +Changelog: +=============== + +v4: drop use of helper APIs + +v1: introduce armffa command sandbox test + + MAINTAINERS | 1 + + test/cmd/Makefile | 1 + + test/cmd/armffa.c | 40 ++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 42 insertions(+) + create mode 100644 test/cmd/armffa.c + +diff --git a/MAINTAINERS b/MAINTAINERS +index e5b71b0ade..505fffff14 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -252,6 +252,7 @@ F: doc/README.ffa.drv + F: drivers/firmware/arm-ffa/ + F: include/arm_ffa.h + F: include/sandbox_arm_ffa.h ++F: test/cmd/armffa.c + F: test/dm/ffa.c + + ARM FREESCALE IMX +diff --git a/test/cmd/Makefile b/test/cmd/Makefile +index a59adb1e6d..d9dc0809d6 100644 +--- a/test/cmd/Makefile ++++ b/test/cmd/Makefile +@@ -11,3 +11,4 @@ obj-$(CONFIG_CMD_MEM_SEARCH) += mem_search.o + obj-$(CONFIG_CMD_PINMUX) += pinmux.o + obj-$(CONFIG_CMD_PWM) += pwm.o + obj-$(CONFIG_CMD_SETEXPR) += setexpr.o ++obj-$(CONFIG_SANDBOX_FFA) += armffa.o +diff --git a/test/cmd/armffa.c b/test/cmd/armffa.c +new file mode 100644 +index 0000000000..531f82066e +--- /dev/null ++++ b/test/cmd/armffa.c +@@ -0,0 +1,40 @@ ++// SPDX-License-Identifier: GPL-2.0+ ++/* ++ * Test for armffa command ++ * ++ * (C) Copyright 2022 ARM Limited ++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> ++ */ ++ ++#include <common.h> ++#include <dm.h> ++#include <dm/test.h> ++#include <sandbox_arm_ffa.h> ++#include <string.h> ++#include <test/test.h> ++#include <test/ut.h> ++ ++#define PING_CMD_SIZE 19 ++ ++/* Basic test of 'armffa' command */ ++static int dm_test_armffa_cmd(struct unit_test_state *uts) ++{ ++ char ping_cmd[PING_CMD_SIZE] = {0}; ++ ++ ut_assertok(ffa_bus_discover()); ++ ++ /* armffa getpart <UUID> */ ++ ut_assertok(run_command("armffa getpart " SANDBOX_SERVICE1_UUID, 0)); ++ ++ snprintf(ping_cmd, PING_CMD_SIZE, "armffa ping 0x%x", SANDBOX_SP1_ID); ++ ++ /* armffa ping <ID> */ ++ ut_assertok(run_command(ping_cmd, 0)); ++ ++ /* armffa devlist */ ++ ut_assertok(run_command("armffa devlist", 0)); ++ ++ return CMD_RET_SUCCESS; ++} ++ ++DM_TEST(dm_test_armffa_cmd, UT_TESTF_SCAN_FDT | UT_TESTF_CONSOLE_REC); +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-corstone1000-Make-sure-shared-buffer-contents-are-no.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-corstone1000-Make-sure-shared-buffer-contents-are-no.patch deleted file mode 100644 index 2caeb58b82..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-corstone1000-Make-sure-shared-buffer-contents-are-no.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 370422921b2a3f4f7b73ce5b08820c24e82bba19 Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> -Date: Thu, 18 Nov 2021 16:42:59 +0000 -Subject: [PATCH 13/24] corstone1000: Make sure shared buffer contents are not - cached - -After updating the shared buffer, it is required to flush the cache -to ensure that the secure world sees expected the shared buffer -contents. - -The MM communication shared buffer is configured in device region of optee -which has cache disabled. So we need to invalidate the cache every time we -update the buffer on uboot otherwise the secure world does not see the -accurate values. - -Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> -%% original patch: 0027-Make-sure-shared-buffer-contents-are-not-cached.patch - -%% original patch: 0027-Make-sure-shared-buffer-contents-are-not-cached.patch - -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - lib/efi_loader/efi_variable_tee.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c -index 9cb8cfb9c779..b6be2b54a030 100644 ---- a/lib/efi_loader/efi_variable_tee.c -+++ b/lib/efi_loader/efi_variable_tee.c -@@ -22,6 +22,7 @@ - #if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) - - #include <arm_ffa_helper.h> -+#include <cpu_func.h> - #include <mapmem.h> - - /* MM return codes */ -@@ -335,6 +336,11 @@ static efi_status_t __efi_runtime ffa_mm_communicate(void *comm_buf, ulong comm_ - virt_shared_buf = (void *)map_sysmem((phys_addr_t)FFA_SHARED_MM_BUFFER_ADDR, 0); - efi_memcpy_runtime(virt_shared_buf, comm_buf, tx_data_size); - -+ /* The secure world has cache disabled for device region which we use for shared buffer -+ So, the secure world reads the data from DDR. Let's flush the cache so the DDR is -+ updated with the latest data */ -+ invalidate_dcache_all(); -+ - /* Announce there is data in the shared buffer */ - - ffa_ret = ffa_notify_mm_sp(); --- -2.37.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-arm_ffa-introduce-FF-A-MM-communication.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-arm_ffa-introduce-FF-A-MM-communication.patch new file mode 100644 index 0000000000..04e55576a9 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-arm_ffa-introduce-FF-A-MM-communication.patch @@ -0,0 +1,540 @@ +From b3c7d84dcde6ee1cbc13e10664d24ffa220f5fb3 Mon Sep 17 00:00:00 2001 +From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Date: Mon, 15 Aug 2022 15:12:49 +0100 +Subject: [PATCH 14/26] arm_ffa: introduce FF-A MM communication + +Add MM communication support using FF-A transport + +Access an SP's service through EFI MM communication protocol. + +This feature allows accessing MM partitions services through +EFI MM communication protocol. MM partitions such as StandAlonneMM +or smm-gateway secure partitions which reside in secure world. + +An MM shared buffer and a door bell event are used to exchange +the data. + +The data is used by EFI services such as GetVariable()/SetVariable() +and copied from the communication buffer to the MM shared buffer. + +The secure partition is notified about availability of data in the +MM shared buffer by an FF-A message (door bell). + +On such event, MM SP can read the data and updates the MM shared +buffer with the response data. + +The response data is copied back to the communication buffer and +consumed by the EFI subsystem. + +FF-A driver private data is copied to EFI runtime section at +ExitBootServices(). This garantees secure world partitions data are +available at EFI runtime level. + +Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/] +--- + +Changelog: +=============== + +v4: + +* use the new FF-A driver interfaces +* discover MM partitions at runtime +* copy FF-A driver private data to EFI runtime section at + ExitBootServices() +* drop use of FFA_ERR_STAT_SUCCESS error code +* replace EFI_BUFFER_TOO_SMALL by EFI_OUT_OF_RESOURCES + in ffa_mm_communicate(). No need for efi_memcpy_runtime() anymore +* revert the error log in mm_communicate() in case of failure +* remove packed attribute from efi_mm_communicate_header and + smm_variable_communicate_header + +v2: + +* set default values to 0 for FFA_SHARED_MM_BUFFER_SIZE, FFA_SHARED_MM_BUFFER_ADDR and MM_SP_UUID_DATA and add warnings + +v1: + +* introduce FF-A MM communication + + arch/arm/cpu/armv8/cache.S | 16 ++ + arch/arm/cpu/armv8/cache_v8.c | 3 +- + include/mm_communication.h | 7 +- + lib/efi_loader/Kconfig | 14 +- + lib/efi_loader/efi_boottime.c | 7 + + lib/efi_loader/efi_variable_tee.c | 261 +++++++++++++++++++++++++++++- + 6 files changed, 299 insertions(+), 9 deletions(-) + +diff --git a/arch/arm/cpu/armv8/cache.S b/arch/arm/cpu/armv8/cache.S +index d1cee23437..f69ef64ed6 100644 +--- a/arch/arm/cpu/armv8/cache.S ++++ b/arch/arm/cpu/armv8/cache.S +@@ -21,7 +21,11 @@ + * x1: 0 clean & invalidate, 1 invalidate only + * x2~x9: clobbered + */ ++#ifdef CONFIG_EFI_LOADER ++.pushsection .text.efi_runtime, "ax" ++#else + .pushsection .text.__asm_dcache_level, "ax" ++#endif + ENTRY(__asm_dcache_level) + lsl x12, x0, #1 + msr csselr_el1, x12 /* select cache level */ +@@ -65,7 +69,11 @@ ENDPROC(__asm_dcache_level) + * + * flush or invalidate all data cache by SET/WAY. + */ ++#ifdef CONFIG_EFI_LOADER ++.pushsection .text.efi_runtime, "ax" ++#else + .pushsection .text.__asm_dcache_all, "ax" ++#endif + ENTRY(__asm_dcache_all) + mov x1, x0 + dsb sy +@@ -109,7 +117,11 @@ ENTRY(__asm_flush_dcache_all) + ENDPROC(__asm_flush_dcache_all) + .popsection + ++#ifdef CONFIG_EFI_LOADER ++.pushsection .text.efi_runtime, "ax" ++#else + .pushsection .text.__asm_invalidate_dcache_all, "ax" ++#endif + ENTRY(__asm_invalidate_dcache_all) + mov x0, #0x1 + b __asm_dcache_all +@@ -182,7 +194,11 @@ ENTRY(__asm_invalidate_icache_all) + ENDPROC(__asm_invalidate_icache_all) + .popsection + ++#ifdef CONFIG_EFI_LOADER ++.pushsection .text.efi_runtime, "ax" ++#else + .pushsection .text.__asm_invalidate_l3_dcache, "ax" ++#endif + WEAK(__asm_invalidate_l3_dcache) + mov x0, #0 /* return status as success */ + ret +diff --git a/arch/arm/cpu/armv8/cache_v8.c b/arch/arm/cpu/armv8/cache_v8.c +index e4736e5643..afbc487fa1 100644 +--- a/arch/arm/cpu/armv8/cache_v8.c ++++ b/arch/arm/cpu/armv8/cache_v8.c +@@ -9,6 +9,7 @@ + + #include <common.h> + #include <cpu_func.h> ++#include <efi_loader.h> + #include <hang.h> + #include <log.h> + #include <asm/cache.h> +@@ -445,7 +446,7 @@ __weak void mmu_setup(void) + /* + * Performs a invalidation of the entire data cache at all levels + */ +-void invalidate_dcache_all(void) ++void __efi_runtime invalidate_dcache_all(void) + { + __asm_invalidate_dcache_all(); + __asm_invalidate_l3_dcache(); +diff --git a/include/mm_communication.h b/include/mm_communication.h +index e65fbde60d..32dc5dbac8 100644 +--- a/include/mm_communication.h ++++ b/include/mm_communication.h +@@ -13,6 +13,9 @@ + + #include <part_efi.h> + ++/* MM service UUID string (big-endian format). This UUID is common across all MM SPs */ ++#define MM_SP_UUID "33d532ed-e699-0942-c09c-a798d9cd722d" ++ + /* + * Interface to the pseudo Trusted Application (TA), which provides a + * communication channel with the Standalone MM (Management Mode) +@@ -43,7 +46,7 @@ + * To avoid confusion in interpreting frames, the communication buffer should + * always begin with efi_mm_communicate_header. + */ +-struct __packed efi_mm_communicate_header { ++struct efi_mm_communicate_header { + efi_guid_t header_guid; + size_t message_len; + u8 data[]; +@@ -145,7 +148,7 @@ struct smm_variable_communicate_header { + * Defined in EDK2 as SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE. + * + */ +-struct smm_variable_access { ++struct __packed smm_variable_access { + efi_guid_t guid; + efi_uintn_t data_size; + efi_uintn_t name_size; +diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig +index e3f2402d0e..2a6d70f862 100644 +--- a/lib/efi_loader/Kconfig ++++ b/lib/efi_loader/Kconfig +@@ -60,13 +60,23 @@ config EFI_VARIABLE_FILE_STORE + stored as file /ubootefi.var on the EFI system partition. + + config EFI_MM_COMM_TEE +- bool "UEFI variables storage service via OP-TEE" +- depends on OPTEE ++ bool "UEFI variables storage service via the trusted world" ++ depends on OPTEE || ARM_FFA_TRANSPORT + help ++ Allowing access to the MM SP services (SPs such as StandAlonneMM, smm-gateway). ++ When using the u-boot OP-TEE driver, StandAlonneMM is supported. ++ When using the u-boot FF-A driver any MM SP is supported. ++ + If OP-TEE is present and running StandAloneMM, dispatch all UEFI + variable related operations to that. The application will verify, + authenticate and store the variables on an RPMB. + ++ When ARM_FFA_TRANSPORT is used, dispatch all UEFI variable related ++ operations to the MM SP running in the secure world. ++ A door bell mechanism is used to notify the SP when there is data in the shared ++ MM buffer. The data is copied by u-boot to the shared buffer before issuing ++ the door bell event. ++ + config EFI_VARIABLE_NO_STORE + bool "Don't persist non-volatile UEFI variables" + help +diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c +index 8fa9a58d76..cede7826bd 100644 +--- a/lib/efi_loader/efi_boottime.c ++++ b/lib/efi_loader/efi_boottime.c +@@ -2185,6 +2185,13 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, + debug("[efi_boottime][INFO]: FF-A RX/TX buffers unmapped\n"); + #endif + ++#if CONFIG_IS_ENABLED(ARM_FFA_EFI_RUNTIME_MODE) && !CONFIG_IS_ENABLED(SANDBOX_FFA) ++ if (ffa_copy_runtime_data()) ++ printf("ERROR: EFI: FFA: copying runtime data\n"); ++ else ++ printf("INFO: EFI: FFA: runtime data copied\n"); ++#endif ++ + /* Patch out unsupported runtime function */ + efi_runtime_detach(); + +diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c +index dfef18435d..7d9d577281 100644 +--- a/lib/efi_loader/efi_variable_tee.c ++++ b/lib/efi_loader/efi_variable_tee.c +@@ -15,6 +15,36 @@ + #include <malloc.h> + #include <mm_communication.h> + ++#if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) ++ ++#include <arm_ffa.h> ++#include <cpu_func.h> ++#include <mapmem.h> ++ ++#ifndef FFA_SHARED_MM_BUFFER_SIZE ++#warning "FFA_SHARED_MM_BUFFER_SIZE must be defined in include/configs/<board>.h" ++#define FFA_SHARED_MM_BUFFER_SIZE 0 ++#endif ++ ++#ifndef FFA_SHARED_MM_BUFFER_OFFSET ++#warning "FFA_SHARED_MM_BUFFER_OFFSET must be defined in include/configs/<board>.h" ++#define FFA_SHARED_MM_BUFFER_OFFSET 0 ++#endif ++ ++#ifndef FFA_SHARED_MM_BUFFER_ADDR ++#warning "FFA_SHARED_MM_BUFFER_ADDR must be defined in include/configs/<board>.h" ++#define FFA_SHARED_MM_BUFFER_ADDR 0 ++#endif ++ ++/* MM return codes */ ++#define MM_SUCCESS (0) ++ ++const char *mm_sp_svc_uuid = MM_SP_UUID; ++ ++static __efi_runtime_data u16 mm_sp_id; ++ ++#endif ++ + extern struct efi_var_file __efi_runtime_data *efi_var_buf; + static efi_uintn_t max_buffer_size; /* comm + var + func + data */ + static efi_uintn_t max_payload_size; /* func + data */ +@@ -24,6 +54,7 @@ struct mm_connection { + u32 session; + }; + ++#if (IS_ENABLED(CONFIG_OPTEE)) + /** + * get_connection() - Retrieve OP-TEE session for a specific UUID. + * +@@ -143,16 +174,227 @@ static efi_status_t optee_mm_communicate(void *comm_buf, ulong dsize) + + return ret; + } ++#endif ++ ++#if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) + + /** +- * mm_communicate() - Adjust the cmonnucation buffer to StandAlonneMM and send ++ * ffa_notify_mm_sp() - Announce there is data in the shared buffer ++ * ++ * Notifies the MM partition in the trusted world that ++ * data is available in the shared buffer. ++ * This is a blocking call during which trusted world has exclusive access ++ * to the MM shared buffer. ++ * ++ * Return: ++ * ++ * 0 on success ++ */ ++static int __efi_runtime ffa_notify_mm_sp(void) ++{ ++ struct ffa_send_direct_data msg = {0}; ++ int ret; ++ int sp_event_ret = -1; ++ ++ if (!ffa_bus_ops_get()) ++ return -EINVAL; ++ ++ msg.data0 = FFA_SHARED_MM_BUFFER_OFFSET; /* x3 */ ++ ++ ret = ffa_bus_ops_get()->sync_send_receive(mm_sp_id, &msg); ++ if (ret != 0) ++ return ret; ++ ++ sp_event_ret = msg.data0; /* x3 */ ++ ++ if (sp_event_ret == MM_SUCCESS) ++ return 0; ++ ++ /* ++ * Failure to notify the MM SP ++ */ ++ ++ return -EACCES; ++} ++ ++/** ++ * ffa_discover_mm_sp_id() - Query the MM partition ID ++ * ++ * Use the FF-A driver to get the MM partition ID. ++ * If multiple partitions are found, use the first one. ++ * This is a boot time function. ++ * ++ * Return: ++ * ++ * 0 on success ++ */ ++static int ffa_discover_mm_sp_id(void) ++{ ++ u32 count = 0, size = 0; ++ int ret; ++ struct ffa_partition_info *parts_info; ++ ++ if (!ffa_bus_ops_get()) ++ return -EINVAL; ++ ++ /* ++ * get from the driver the count of the SPs matching the UUID ++ */ ++ ret = ffa_bus_ops_get()->partition_info_get(mm_sp_svc_uuid, &count, NULL); ++ if (ret != 0) { ++ log_err("EFI: Failure in querying partitions count (error code: %d)\n", ret); ++ return ret; ++ } ++ ++ if (!count) { ++ log_info("EFI: No MM partition found\n"); ++ return ret; ++ } ++ ++ /* ++ * pre-allocate a buffer to be filled by the driver ++ * with ffa_partition_info structs ++ */ ++ ++ log_info("EFI: Pre-allocating %d partition(s) info structures\n", count); ++ ++ parts_info = calloc(count, sizeof(struct ffa_partition_info)); ++ if (!parts_info) ++ return -EINVAL; ++ ++ size = count * sizeof(struct ffa_partition_info); ++ ++ /* ++ * ask the driver to fill the ++ * buffer with the SPs info ++ */ ++ ret = ffa_bus_ops_get()->partition_info_get(mm_sp_svc_uuid, &size, parts_info); ++ if (ret != 0) { ++ log_err("EFI: Failure in querying partition(s) info (error code: %d)\n", ret); ++ free(parts_info); ++ return ret; ++ } ++ ++ /* ++ * MM SPs found , use the first one ++ */ ++ ++ mm_sp_id = parts_info[0].id; ++ ++ log_info("EFI: MM partition ID 0x%x\n", mm_sp_id); ++ ++ free(parts_info); ++ ++ return 0; ++} ++ ++/** ++ * ffa_mm_communicate() - Exchange EFI services data with the MM partition using FF-A ++ * @comm_buf: locally allocated communication buffer used for rx/tx ++ * @dsize: communication buffer size ++ * ++ * Issues a door bell event to notify the MM partition (SP) running in OP-TEE ++ * that there is data to read from the shared buffer. ++ * Communication with the MM SP is performed using FF-A transport. ++ * On the event, MM SP can read the data from the buffer and ++ * update the MM shared buffer with response data. ++ * The response data is copied back to the communication buffer. ++ * ++ * Return: ++ * ++ * EFI status code ++ */ ++static efi_status_t __efi_runtime ffa_mm_communicate(void *comm_buf, ulong comm_buf_size) ++{ ++ ulong tx_data_size; ++ int ffa_ret; ++ struct efi_mm_communicate_header *mm_hdr; ++ void *virt_shared_buf; ++ ++ if (!comm_buf) ++ return EFI_INVALID_PARAMETER; ++ ++ /* Discover MM partition ID at boot time */ ++ if (!mm_sp_id && ffa_discover_mm_sp_id() != 0) { ++ log_err("EFI: Failure to discover MM partition ID at boot time\n"); ++ return EFI_UNSUPPORTED; ++ } ++ ++ mm_hdr = (struct efi_mm_communicate_header *)comm_buf; ++ tx_data_size = mm_hdr->message_len + sizeof(efi_guid_t) + sizeof(size_t); ++ ++ if (comm_buf_size != tx_data_size || tx_data_size > FFA_SHARED_MM_BUFFER_SIZE) ++ return EFI_INVALID_PARAMETER; ++ ++ /* Copy the data to the shared buffer */ ++ ++ virt_shared_buf = (void *)map_sysmem((phys_addr_t)FFA_SHARED_MM_BUFFER_ADDR, 0); ++ efi_memcpy_runtime(virt_shared_buf, comm_buf, tx_data_size); ++ ++ /* ++ * The secure world might have cache disabled for ++ * the device region used for shared buffer (which is the case for Optee). ++ * In this case, the secure world reads the data from DRAM. ++ * Let's flush the cache so the DRAM is updated with the latest data. ++ */ ++ #ifdef CONFIG_ARM64 ++ invalidate_dcache_all(); ++ #endif ++ ++ /* Announce there is data in the shared buffer */ ++ ++ ffa_ret = ffa_notify_mm_sp(); ++ if (ffa_ret) ++ unmap_sysmem(virt_shared_buf); ++ ++ switch (ffa_ret) { ++ case 0: ++ { ++ ulong rx_data_size; ++ /* Copy the MM SP response from the shared buffer to the communication buffer */ ++ rx_data_size = ((struct efi_mm_communicate_header *)virt_shared_buf)->message_len + ++ sizeof(efi_guid_t) + ++ sizeof(size_t); ++ ++ if (rx_data_size > comm_buf_size) { ++ unmap_sysmem(virt_shared_buf); ++ return EFI_OUT_OF_RESOURCES; ++ } ++ ++ efi_memcpy_runtime(comm_buf, virt_shared_buf, rx_data_size); ++ unmap_sysmem(virt_shared_buf); ++ ++ return EFI_SUCCESS; ++ } ++ case -EINVAL: ++ return EFI_DEVICE_ERROR; ++ case -EPERM: ++ return EFI_INVALID_PARAMETER; ++ case -EACCES: ++ return EFI_ACCESS_DENIED; ++ case -EBUSY: ++ return EFI_OUT_OF_RESOURCES; ++ default: ++ return EFI_ACCESS_DENIED; ++ } ++} ++#endif ++ ++/** ++ * mm_communicate() - Adjust the communication buffer to the MM SP and send + * it to OP-TEE + * +- * @comm_buf: locally allocted communcation buffer ++ * @comm_buf: locally allocated communication buffer + * @dsize: buffer size ++ * ++ * The MM SP (also called partition) can be StandAlonneMM or smm-gateway. ++ * The comm_buf format is the same for both partitions. ++ * When using the u-boot OP-TEE driver, StandAlonneMM is supported. ++ * When using the u-boot FF-A driver, StandAlonneMM and smm-gateway are supported. ++ * + * Return: status code + */ +-static efi_status_t mm_communicate(u8 *comm_buf, efi_uintn_t dsize) ++static efi_status_t __efi_runtime mm_communicate(u8 *comm_buf, efi_uintn_t dsize) + { + efi_status_t ret; + struct efi_mm_communicate_header *mm_hdr; +@@ -162,7 +404,11 @@ static efi_status_t mm_communicate(u8 *comm_buf, efi_uintn_t dsize) + mm_hdr = (struct efi_mm_communicate_header *)comm_buf; + var_hdr = (struct smm_variable_communicate_header *)mm_hdr->data; + ++ #if (IS_ENABLED(CONFIG_OPTEE)) + ret = optee_mm_communicate(comm_buf, dsize); ++ #elif (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) ++ ret = ffa_mm_communicate(comm_buf, dsize); ++ #endif + if (ret != EFI_SUCCESS) { + log_err("%s failed!\n", __func__); + return ret; +@@ -258,6 +504,13 @@ efi_status_t EFIAPI get_max_payload(efi_uintn_t *size) + goto out; + } + *size = var_payload->size; ++ ++ #if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) ++ if (*size > FFA_SHARED_MM_BUFFER_SIZE) ++ *size = FFA_SHARED_MM_BUFFER_SIZE - MM_COMMUNICATE_HEADER_SIZE - ++ MM_VARIABLE_COMMUNICATE_SIZE; ++ #endif ++ + /* + * There seems to be a bug in EDK2 miscalculating the boundaries and + * size checks, so deduct 2 more bytes to fulfill this requirement. Fix +@@ -697,7 +950,7 @@ void efi_variables_boot_exit_notify(void) + ret = EFI_NOT_FOUND; + + if (ret != EFI_SUCCESS) +- log_err("Unable to notify StMM for ExitBootServices\n"); ++ log_err("Unable to notify the MM partition for ExitBootServices\n"); + free(comm_buf); + + /* +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0010-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch index 8cab40c200..dcc3ea7a1f 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0010-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch @@ -1,7 +1,7 @@ -From c0b01dff84d74f1b5aaff0d9b594e0aaec16c744 Mon Sep 17 00:00:00 2001 +From 01d1487cebc37834e2a5d259e0417a610539a0f5 Mon Sep 17 00:00:00 2001 From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> -Date: Tue, 2 Nov 2021 16:44:39 +0000 -Subject: [PATCH 10/24] arm_ffa: corstone1000: enable FF-A and MM support +Date: Thu, 9 Jun 2022 12:47:35 +0100 +Subject: [PATCH 15/26] arm_ffa: corstone1000: enable FF-A and MM support This commit allows corstone1000 platform to perform MM communication between u-boot and the secure world @@ -9,38 +9,33 @@ using FF-A transport. Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/] --- - configs/corstone1000_defconfig | 1 + - include/configs/corstone1000.h | 15 +++++++++++++++ - 2 files changed, 16 insertions(+) + configs/corstone1000_defconfig | 2 ++ + include/configs/corstone1000.h | 9 +++++++++ + 2 files changed, 11 insertions(+) diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig -index e573fe6fe6a2..b042d4e49419 100644 +index e573fe6fe6..c299dda49f 100644 --- a/configs/corstone1000_defconfig +++ b/configs/corstone1000_defconfig -@@ -44,6 +44,7 @@ CONFIG_USB=y +@@ -44,6 +44,8 @@ CONFIG_USB=y CONFIG_DM_USB=y CONFIG_USB_ISP1760=y CONFIG_USB_STORAGE=y +CONFIG_ARM_FFA_TRANSPORT=y ++CONFIG_ARM_FFA_EFI_RUNTIME_MODE=y CONFIG_EFI_MM_COMM_TEE=y # CONFIG_OPTEE is not set # CONFIG_GENERATE_SMBIOS_TABLE is not set diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h -index 8ba0effb0ab2..afc9ccfc192b 100644 +index 8ba0effb0a..5960c6b4be 100644 --- a/include/configs/corstone1000.h +++ b/include/configs/corstone1000.h -@@ -14,6 +14,21 @@ +@@ -14,6 +14,15 @@ #include <linux/sizes.h> -+/* MM SP UUID binary data (little-endian format) */ -+#define MM_SP_UUID_DATA \ -+ 0xed, 0x32, 0xd5, 0x33, \ -+ 0x99, 0xe6, 0x42, 0x09, \ -+ 0x9c, 0xc0, 0x2d, 0x72, \ -+ 0xcd, 0xd9, 0x98, 0xa7 -+ +#define FFA_SHARED_MM_BUFFER_SIZE SZ_4K /* 4 KB */ + +/* @@ -48,10 +43,11 @@ index 8ba0effb0ab2..afc9ccfc192b 100644 + * u-boot and the MM SP + */ +#define FFA_SHARED_MM_BUFFER_ADDR (0x023F8000) ++#define FFA_SHARED_MM_BUFFER_OFFSET (0) + #define CONFIG_SYS_INIT_SP_ADDR (CONFIG_SYS_SDRAM_BASE + 0x03f00000) #define CONFIG_SKIP_LOWLEVEL_INIT -- -2.37.1 +2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-efi-corstone1000-introduce-EFI-capsule-update.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-efi-corstone1000-introduce-EFI-capsule-update.patch index 0a829c410a..291d15d39e 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-efi-corstone1000-introduce-EFI-capsule-update.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-efi-corstone1000-introduce-EFI-capsule-update.patch @@ -1,7 +1,7 @@ -From 652259af2f795a5d69c628ae7b1e79d33c234abd Mon Sep 17 00:00:00 2001 +From 10e155a677192731481ebe7f302e2d9ad790346a Mon Sep 17 00:00:00 2001 From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> -Date: Thu, 11 Nov 2021 16:27:59 +0000 -Subject: [PATCH 11/24] efi: corstone1000: introduce EFI capsule update +Date: Thu, 28 Jul 2022 15:01:55 +0100 +Subject: [PATCH 16/26] efi: corstone1000: introduce EFI capsule update This commit provides capsule update feature for Corstone1000. @@ -20,16 +20,17 @@ SE Proxy FW update service. This event is generated on each boot. Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +Upstream-Status: Pending [Not submitted to upstream yet] --- include/configs/corstone1000.h | 18 +++++ include/efi_loader.h | 4 +- - lib/efi_loader/efi_boottime.c | 47 ++++++++++++ - lib/efi_loader/efi_capsule.c | 135 ++++++++++++++++++++++++++++++++- + lib/efi_loader/efi_boottime.c | 36 ++++++++++ + lib/efi_loader/efi_capsule.c | 124 ++++++++++++++++++++++++++++++++- lib/efi_loader/efi_setup.c | 15 ++++ - 5 files changed, 215 insertions(+), 4 deletions(-) + 5 files changed, 193 insertions(+), 4 deletions(-) diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h -index afc9ccfc192b..a400cdef69d0 100644 +index 5960c6b4be..fe5ec0adcd 100644 --- a/include/configs/corstone1000.h +++ b/include/configs/corstone1000.h @@ -14,6 +14,24 @@ @@ -54,11 +55,11 @@ index afc9ccfc192b..a400cdef69d0 100644 + EFI_GUID(0x3a770ddc, 0x409b, 0x48b2, 0x81, 0x41, \ + 0x93, 0xb7, 0xc6, 0x0b, 0x20, 0x9e) + - /* MM SP UUID binary data (little-endian format) */ - #define MM_SP_UUID_DATA \ - 0xed, 0x32, 0xd5, 0x33, \ + #define FFA_SHARED_MM_BUFFER_SIZE SZ_4K /* 4 KB */ + + /* diff --git a/include/efi_loader.h b/include/efi_loader.h -index 5b41985244e2..796419b69b40 100644 +index 5b41985244..796419b69b 100644 --- a/include/efi_loader.h +++ b/include/efi_loader.h @@ -984,11 +984,11 @@ extern const struct efi_firmware_management_protocol efi_fmp_fit; @@ -76,10 +77,10 @@ index 5b41985244e2..796419b69b40 100644 efi_uintn_t capsule_count, u64 *maximum_capsule_size, diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c -index c68d9ed4f0bd..f2b5c7834c01 100644 +index cede7826bd..9bf2596597 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c -@@ -2095,6 +2095,44 @@ static void efi_exit_caches(void) +@@ -2095,6 +2095,33 @@ static void efi_exit_caches(void) #endif } @@ -95,28 +96,17 @@ index c68d9ed4f0bd..f2b5c7834c01 100644 + */ +static int efi_corstone1000_kernel_started_event(void) +{ -+ struct ffa_interface_data func_data = {0}; + struct ffa_send_direct_data msg = {0}; -+ u16 part_id = CORSTONE1000_SEPROXY_PART_ID; + + log_debug("[%s]\n", __func__); + + /* -+ * telling the driver which partition to use -+ */ -+ func_data.data0_size = sizeof(part_id); -+ func_data.data0 = &part_id; -+ -+ /* + * setting the kernel started event arguments + */ -+ msg.a3 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID; -+ msg.a5 = CORSTONE1000_KERNEL_STARTED_EVT; ++ msg.data0 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID; /* x3 */ ++ msg.data2 = CORSTONE1000_KERNEL_STARTED_EVT; /* x5 */ + -+ func_data.data1_size = sizeof(msg); -+ func_data.data1 = &msg; -+ -+ return ffa_helper_msg_send_direct_req(&func_data); ++ return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg); +} + +#endif @@ -124,7 +114,7 @@ index c68d9ed4f0bd..f2b5c7834c01 100644 /** * efi_exit_boot_services() - stop all boot services * @image_handle: handle of the loaded image -@@ -2208,6 +2246,15 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, +@@ -2210,6 +2237,15 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, /* Recalculate CRC32 */ efi_update_table_header_crc32(&systab.hdr); @@ -141,7 +131,7 @@ index c68d9ed4f0bd..f2b5c7834c01 100644 efi_set_watchdog(0); WATCHDOG_RESET(); diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c -index a6b98f066a0b..a0689ba912fc 100644 +index a6b98f066a..c0f3427a60 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -25,6 +25,14 @@ @@ -149,7 +139,7 @@ index a6b98f066a0b..a0689ba912fc 100644 #include <linux/err.h> +#ifdef CONFIG_TARGET_CORSTONE1000 -+#include <arm_ffa_helper.h> ++#include <arm_ffa.h> +#include <cpu_func.h> + +void *__efi_runtime_data corstone1000_capsule_buf; /* capsule shared buffer virtual address */ @@ -159,7 +149,7 @@ index a6b98f066a0b..a0689ba912fc 100644 DECLARE_GLOBAL_DATA_PTR; const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID; -@@ -512,6 +520,89 @@ static efi_status_t efi_capsule_update_firmware( +@@ -512,6 +520,78 @@ static efi_status_t efi_capsule_update_firmware( } #endif /* CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT */ @@ -220,36 +210,25 @@ index a6b98f066a0b..a0689ba912fc 100644 + */ +static int __efi_runtime efi_corstone1000_buffer_ready_event(u32 capsule_image_size) +{ -+ struct ffa_interface_data func_data = {0}; + struct ffa_send_direct_data msg = {0}; -+ u16 part_id = CORSTONE1000_SEPROXY_PART_ID; + + log_debug("[%s]\n", __func__); + + /* -+ * telling the driver which partition to use -+ */ -+ func_data.data0_size = sizeof(part_id); -+ func_data.data0 = &part_id; -+ -+ /* + * setting the buffer ready event arguments + */ -+ msg.a3 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID; -+ msg.a4 = capsule_image_size; -+ msg.a5 = CORSTONE1000_BUFFER_READY_EVT; -+ -+ func_data.data1_size = sizeof(msg); -+ func_data.data1 = &msg; ++ msg.data0 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID; /* x3 */ ++ msg.data1 = capsule_image_size; /* x4 */ ++ msg.data2 = CORSTONE1000_BUFFER_READY_EVT; /* x5 */ + -+ return ffa_helper_msg_send_direct_req(&func_data); ++ return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg); +} +#endif + /** * efi_update_capsule() - process information from operating system * @capsule_header_array: Array of virtual address pointers -@@ -525,7 +616,7 @@ static efi_status_t efi_capsule_update_firmware( +@@ -525,7 +605,7 @@ static efi_status_t efi_capsule_update_firmware( * * Return: status code */ @@ -258,7 +237,7 @@ index a6b98f066a0b..a0689ba912fc 100644 struct efi_capsule_header **capsule_header_array, efi_uintn_t capsule_count, u64 scatter_gather_list) -@@ -542,6 +633,13 @@ efi_status_t EFIAPI efi_update_capsule( +@@ -542,6 +622,13 @@ efi_status_t EFIAPI efi_update_capsule( goto out; } @@ -272,7 +251,7 @@ index a6b98f066a0b..a0689ba912fc 100644 ret = EFI_SUCCESS; for (i = 0, capsule = *capsule_header_array; i < capsule_count; i++, capsule = *(++capsule_header_array)) { -@@ -554,6 +652,39 @@ efi_status_t EFIAPI efi_update_capsule( +@@ -554,6 +641,39 @@ efi_status_t EFIAPI efi_update_capsule( log_debug("Capsule[%d] (guid:%pUs)\n", i, &capsule->capsule_guid); @@ -312,7 +291,7 @@ index a6b98f066a0b..a0689ba912fc 100644 if (!guidcmp(&capsule->capsule_guid, &efi_guid_firmware_management_capsule_id)) { ret = efi_capsule_update_firmware(capsule); -@@ -592,7 +723,7 @@ out: +@@ -592,7 +712,7 @@ out: * * Return: status code */ @@ -322,7 +301,7 @@ index a6b98f066a0b..a0689ba912fc 100644 efi_uintn_t capsule_count, u64 *maximum_capsule_size, diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c -index 492ecf4cb15c..bfd4687e10b5 100644 +index 492ecf4cb1..bfd4687e10 100644 --- a/lib/efi_loader/efi_setup.c +++ b/lib/efi_loader/efi_setup.c @@ -16,6 +16,13 @@ @@ -355,5 +334,5 @@ index 492ecf4cb15c..bfd4687e10b5 100644 ret = efi_set_variable_int(u"CapsuleMax", &efi_guid_capsule_report, -- -2.37.1 +2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-corstone1000-Update-FFA-shared-buffer-address.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-corstone1000-Update-FFA-shared-buffer-address.patch index d1e13f68cf..7f5464c83c 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-corstone1000-Update-FFA-shared-buffer-address.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-corstone1000-Update-FFA-shared-buffer-address.patch @@ -1,7 +1,7 @@ -From 1ff229c8e02bdd3c859d581787636cfdf674eec1 Mon Sep 17 00:00:00 2001 +From a84f6be14f1bb31edea987fc02efd5a079a28db1 Mon Sep 17 00:00:00 2001 From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> Date: Wed, 17 Nov 2021 15:28:06 +0000 -Subject: [PATCH 12/24] corstone1000: Update FFA shared buffer address +Subject: [PATCH 17/26] corstone1000: Update FFA shared buffer address FFA shared buffer address changed to 0x02000000. @@ -10,28 +10,25 @@ Optee so the virtual address returned to the SMM gateway is 0x0000. So the buffer is moved to 0x02000000. Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> -%% original patch: 0025-Update-FFA-shared-buffer-address.patch - -%% original patch: 0025-Update-FFA-shared-buffer-address.patch - Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +Upstream-Status: Pending [Not submitted to upstream yet] --- include/configs/corstone1000.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h -index a400cdef69d0..db0f91335cef 100644 +index fe5ec0adcd..2d89a8966e 100644 --- a/include/configs/corstone1000.h +++ b/include/configs/corstone1000.h -@@ -45,7 +45,7 @@ +@@ -38,7 +38,7 @@ * shared buffer physical address used for communication between * u-boot and the MM SP */ -#define FFA_SHARED_MM_BUFFER_ADDR (0x023F8000) +#define FFA_SHARED_MM_BUFFER_ADDR (0x02000000) + #define FFA_SHARED_MM_BUFFER_OFFSET (0) #define CONFIG_SYS_INIT_SP_ADDR (CONFIG_SYS_SDRAM_BASE + 0x03f00000) - #define CONFIG_SKIP_LOWLEVEL_INIT -- -2.37.1 +2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-arm-corstone1000-fix-unrecognized-filesystem-type.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-arm-corstone1000-fix-unrecognized-filesystem-type.patch index 3151741027..1a28d6ca9f 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-arm-corstone1000-fix-unrecognized-filesystem-type.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-arm-corstone1000-fix-unrecognized-filesystem-type.patch @@ -1,18 +1,19 @@ -From 340ba3fbb0ea388578e30aede92695886f221eaf Mon Sep 17 00:00:00 2001 +From 3f8d35ccbb0d59d4820b81f7f939ada95b3cd92c Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva <rui.silva@linaro.org> Date: Fri, 4 Mar 2022 15:56:09 +0000 -Subject: [PATCH 14/24] arm: corstone1000: fix unrecognized filesystem type +Subject: [PATCH 18/26] arm: corstone1000: fix unrecognized filesystem type Some usb sticks are not recognized by usb, just add a delay before checking status. Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +Upstream-Status: Pending [Not submitted to upstream yet] --- common/usb_storage.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/common/usb_storage.c b/common/usb_storage.c -index eaa31374ef73..79cf4297d4f4 100644 +index eaa31374ef..79cf4297d4 100644 --- a/common/usb_storage.c +++ b/common/usb_storage.c @@ -784,6 +784,9 @@ static int usb_stor_BBB_transport(struct scsi_cmd *srb, struct us_data *us) @@ -26,5 +27,5 @@ index eaa31374ef73..79cf4297d4f4 100644 result = usb_bulk_msg(us->pusb_dev, pipein, csw, UMASS_BBB_CSW_SIZE, &actlen, USB_CNTL_TIMEOUT*5); -- -2.37.1 +2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-arm_ffa-removing-the-cast-when-using-binary-OR-on-FI.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-arm_ffa-removing-the-cast-when-using-binary-OR-on-FI.patch deleted file mode 100644 index f858a26ebc..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-arm_ffa-removing-the-cast-when-using-binary-OR-on-FI.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 460406b46b51b6c585788001147a8961c95cc73c Mon Sep 17 00:00:00 2001 -From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> -Date: Sat, 11 Dec 2021 21:05:10 +0000 -Subject: [PATCH 18/24] arm_ffa: removing the cast when using binary OR on - FIELD_PREP macros - -When the GENMASK used is above 16-bits wide a u16 cast will cause -loss of data. - -This commit fixes that. - -Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - drivers/arm-ffa/arm_ffa_prv.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/drivers/arm-ffa/arm_ffa_prv.h b/drivers/arm-ffa/arm_ffa_prv.h -index 38ea4ba83efc..d0db3ef508a1 100644 ---- a/drivers/arm-ffa/arm_ffa_prv.h -+++ b/drivers/arm-ffa/arm_ffa_prv.h -@@ -40,13 +40,13 @@ - - #define PREP_SELF_ENDPOINT_ID_MASK GENMASK(31, 16) - #define PREP_SELF_ENDPOINT_ID(x) \ -- ((u16)(FIELD_PREP(PREP_SELF_ENDPOINT_ID_MASK, (x)))) -+ (FIELD_PREP(PREP_SELF_ENDPOINT_ID_MASK, (x))) - - /* Partition endpoint ID mask (partition with which u-boot communicates with) */ - - #define PREP_PART_ENDPOINT_ID_MASK GENMASK(15, 0) - #define PREP_PART_ENDPOINT_ID(x) \ -- ((u16)(FIELD_PREP(PREP_PART_ENDPOINT_ID_MASK, (x)))) -+ (FIELD_PREP(PREP_PART_ENDPOINT_ID_MASK, (x))) - - /* The FF-A SMC function prototype definition */ - --- -2.37.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-Use-correct-buffer-size.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-Use-correct-buffer-size.patch deleted file mode 100644 index af857f4147..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-Use-correct-buffer-size.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 936c857add300f41bc58c300793a0e10b48ff69f Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> -Date: Mon, 13 Dec 2021 15:25:23 +0000 -Subject: [PATCH 19/24] Use correct buffer size - -The comm buffer created has additional 4 bytes length which -needs to be trimmed. This change will reduce the size of the -comm buffer to what is expected. - -Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> ---- - include/mm_communication.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/include/mm_communication.h b/include/mm_communication.h -index e65fbde60d0a..bb9919095649 100644 ---- a/include/mm_communication.h -+++ b/include/mm_communication.h -@@ -123,7 +123,7 @@ struct __packed efi_mm_communicate_header { - * - * Defined in EDK2 as SMM_VARIABLE_COMMUNICATE_HEADER. - */ --struct smm_variable_communicate_header { -+struct __packed smm_variable_communicate_header { - efi_uintn_t function; - efi_status_t ret_status; - u8 data[]; -@@ -145,7 +145,7 @@ struct smm_variable_communicate_header { - * Defined in EDK2 as SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE. - * - */ --struct smm_variable_access { -+struct __packed smm_variable_access { - efi_guid_t guid; - efi_uintn_t data_size; - efi_uintn_t name_size; --- -2.37.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch index 4e3f237f63..3d8a62168f 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch @@ -1,7 +1,7 @@ -From 4c249de0915750b328e456c34f18546f92850afd Mon Sep 17 00:00:00 2001 +From 3bb5826af8e3891617d41a30419de0ce089f9fc3 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 10 Dec 2021 20:03:35 +0000 -Subject: [PATCH 15/24] efi_capsule: corstone1000: pass interface id and buffer +Subject: [PATCH 19/26] efi_capsule: corstone1000: pass interface id and buffer event id using register w4 Initially the interface/event IDs are passed to the SP using register @@ -16,13 +16,14 @@ firmware update. Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +Upstream-Status: Pending [Not submitted to upstream yet] --- include/configs/corstone1000.h | 6 ++++++ lib/efi_loader/efi_capsule.c | 11 +++++++---- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h -index db0f91335cef..a7445e61348b 100644 +index 2d89a8966e..4637dd5d5d 100644 --- a/include/configs/corstone1000.h +++ b/include/configs/corstone1000.h @@ -24,6 +24,12 @@ @@ -39,20 +40,20 @@ index db0f91335cef..a7445e61348b 100644 #define CORSTONE1000_CAPSULE_BUFFER_SIZE (8192) /* 32 MB */ diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c -index a0689ba912fc..e08e97cf3fb7 100644 +index c0f3427a60..bf8bd68256 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -28,6 +28,8 @@ #ifdef CONFIG_TARGET_CORSTONE1000 - #include <arm_ffa_helper.h> + #include <arm_ffa.h> #include <cpu_func.h> +#include <linux/bitfield.h> +#include <linux/bitops.h> void *__efi_runtime_data corstone1000_capsule_buf; /* capsule shared buffer virtual address */ efi_guid_t corstone1000_capsule_guid = EFI_CORSTONE1000_CAPSULE_ID_GUID; -@@ -590,11 +592,12 @@ static int __efi_runtime efi_corstone1000_buffer_ready_event(u32 capsule_image_s - func_data.data0 = &part_id; +@@ -582,11 +584,12 @@ static int __efi_runtime efi_corstone1000_buffer_ready_event(u32 capsule_image_s + log_debug("[%s]\n", __func__); /* - * setting the buffer ready event arguments @@ -60,14 +61,14 @@ index a0689ba912fc..e08e97cf3fb7 100644 + * - capsule update interface ID (31:16) + * - the buffer ready event ID (15:0) */ -- msg.a3 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID; -- msg.a4 = capsule_image_size; -- msg.a5 = CORSTONE1000_BUFFER_READY_EVT; -+ msg.a4 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) | -+ PREP_SEPROXY_EVT(CORSTONE1000_BUFFER_READY_EVT); +- msg.data0 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID; /* x3 */ +- msg.data1 = capsule_image_size; /* x4 */ +- msg.data2 = CORSTONE1000_BUFFER_READY_EVT; /* x5 */ ++ msg.data1 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) | ++ PREP_SEPROXY_EVT(CORSTONE1000_BUFFER_READY_EVT); /* w4 */ - func_data.data1_size = sizeof(msg); - func_data.data1 = &msg; + return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg); + } -- -2.37.1 +2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-efi_boottime-corstone1000-pass-interface-id-and-kern.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-efi_boottime-corstone1000-pass-interface-id-and-kern.patch index e134f23a66..db2ff32ced 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-efi_boottime-corstone1000-pass-interface-id-and-kern.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-efi_boottime-corstone1000-pass-interface-id-and-kern.patch @@ -1,7 +1,7 @@ -From e5e1cf36cb7b77a5bb526f1744c0c77164374ca3 Mon Sep 17 00:00:00 2001 +From 668fe40ccb0db5542ef333cd4655511dbb8572f9 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 10 Dec 2021 20:10:41 +0000 -Subject: [PATCH 16/24] efi_boottime: corstone1000: pass interface id and +Subject: [PATCH 20/26] efi_boottime: corstone1000: pass interface id and kernel event id using register w4 Initially the interface/event IDs are passed to the SP using register @@ -16,16 +16,17 @@ secure enclave just before ExitbootService(). Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +Upstream-Status: Pending [Not submitted to upstream yet] --- lib/efi_loader/efi_boottime.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c -index f2b5c7834c01..140d0f4f71da 100644 +index 9bf2596597..de815484d2 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c @@ -27,6 +27,11 @@ - #include <arm_ffa_helper.h> + #include <arm_ffa.h> #endif +#if IS_ENABLED(CONFIG_TARGET_CORSTONE1000) @@ -36,8 +37,8 @@ index f2b5c7834c01..140d0f4f71da 100644 DECLARE_GLOBAL_DATA_PTR; /* Task priority level */ -@@ -2120,10 +2125,12 @@ static int efi_corstone1000_kernel_started_event(void) - func_data.data0 = &part_id; +@@ -2112,10 +2117,12 @@ static int efi_corstone1000_kernel_started_event(void) + log_debug("[%s]\n", __func__); /* - * setting the kernel started event arguments @@ -45,13 +46,13 @@ index f2b5c7834c01..140d0f4f71da 100644 + * setting capsule update interface ID(31:16) + * the kernel started event ID(15:0) */ -- msg.a3 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID; -- msg.a5 = CORSTONE1000_KERNEL_STARTED_EVT; -+ msg.a4 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) | -+ PREP_SEPROXY_EVT(CORSTONE1000_KERNEL_STARTED_EVT); +- msg.data0 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID; /* x3 */ +- msg.data2 = CORSTONE1000_KERNEL_STARTED_EVT; /* x5 */ ++ msg.data1 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) | ++ PREP_SEPROXY_EVT(CORSTONE1000_KERNEL_STARTED_EVT); /* w4 */ - func_data.data1_size = sizeof(msg); - func_data.data1 = &msg; + return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg); + } -- -2.37.1 +2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-efi_loader-corstone1000-remove-guid-check-from-corst.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-efi_loader-corstone1000-remove-guid-check-from-corst.patch index b5a17156e0..38ef1c0860 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-efi_loader-corstone1000-remove-guid-check-from-corst.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-efi_loader-corstone1000-remove-guid-check-from-corst.patch @@ -1,7 +1,7 @@ -From 596cf4d04580b191d2f4f6082000534bdab13791 Mon Sep 17 00:00:00 2001 +From 4d7fd850347dbea10a73cd5cf6eb518607118414 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Sat, 11 Dec 2021 13:23:55 +0000 -Subject: [PATCH 17/24] efi_loader: corstone1000: remove guid check from +Subject: [PATCH 21/26] efi_loader: corstone1000: remove guid check from corstone1000 config option Use generic fmp guid and no separte check is required for @@ -9,15 +9,16 @@ CORSTONE1000 target. Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +Upstream-Status: Pending [Not submitted to upstream yet] --- lib/efi_loader/efi_capsule.c | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c -index e08e97cf3fb7..891143c33909 100644 +index bf8bd68256..5db9d30d53 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c -@@ -657,12 +657,6 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule( +@@ -646,12 +646,6 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule( i, &capsule->capsule_guid); #if CONFIG_IS_ENABLED(TARGET_CORSTONE1000) @@ -30,7 +31,7 @@ index e08e97cf3fb7..891143c33909 100644 if (efi_size_in_pages(capsule->capsule_image_size) > CORSTONE1000_CAPSULE_BUFFER_SIZE) { log_err("Corstone1000: Capsule data size exceeds the shared buffer size\n"); -@@ -688,15 +682,7 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule( +@@ -677,15 +671,7 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule( goto out; #endif @@ -48,5 +49,5 @@ index e08e97cf3fb7..891143c33909 100644 goto out; } -- -2.37.1 +2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch index 1204f2a428..3cedaa7a2d 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch @@ -1,7 +1,7 @@ -From 5c57ef351882afebde479de430acf2c4f8fdefc8 Mon Sep 17 00:00:00 2001 +From 720e5ada733b0f7b019baaec57d74603a9dff67e Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 17 Dec 2021 19:49:02 +0000 -Subject: [PATCH 20/24] efi_loader: populate ESRT table if EFI_ESRT config +Subject: [PATCH 22/26] efi_loader: populate ESRT table if EFI_ESRT config option is set This change is to call efi_esrt_populate function if CONFIG_EFI_ESRT @@ -9,15 +9,16 @@ is set. This will populte esrt table with firmware image info Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +Upstream-Status: Pending [Not submitted to upstream yet] --- lib/efi_loader/efi_capsule.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c -index 891143c33909..7db78f1f7648 100644 +index 5db9d30d53..65e2fc8296 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c -@@ -679,6 +679,13 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule( +@@ -668,6 +668,13 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule( ret = EFI_SUCCESS; } @@ -32,5 +33,5 @@ index 891143c33909..7db78f1f7648 100644 #endif -- -2.37.1 +2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-efi_firmware-add-get_image_info-for-corstone1000.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-efi_firmware-add-get_image_info-for-corstone1000.patch index 8f86b653bf..f6aafa35f0 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-efi_firmware-add-get_image_info-for-corstone1000.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-efi_firmware-add-get_image_info-for-corstone1000.patch @@ -1,22 +1,20 @@ -From fcd1dc670d83bd7e7528370d0d6f168bfb44054d Mon Sep 17 00:00:00 2001 +From 2cad562823976134f201d6e2ef187bf103e17d1e Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 17 Dec 2021 19:50:25 +0000 -Subject: [PATCH 21/24] efi_firmware: add get_image_info for corstone1000 +Subject: [PATCH 23/26] efi_firmware: add get_image_info for corstone1000 This change is to populate get_image_info which eventually will be populated in ESRT table Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - -%% original patch: 0047-efi_firmware-add-get_image_info-for-corstone1000.patch - Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +Upstream-Status: Pending [Not submitted to upstream yet] --- lib/efi_loader/efi_firmware.c | 71 ++++++++++++++++++++++++++++++++++- 1 file changed, 70 insertions(+), 1 deletion(-) diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c -index 30cafd15caac..af43d4502f92 100644 +index 30cafd15ca..af43d4502f 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -17,11 +17,69 @@ @@ -120,5 +118,5 @@ index 30cafd15caac..af43d4502f92 100644 NULL, NULL)) return EFI_EXIT(EFI_DEVICE_ERROR); -- -2.37.1 +2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-efi_loader-send-bootcomplete-message-to-secure-encla.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-efi_loader-send-bootcomplete-message-to-secure-encla.patch index 1dc04553d7..35f5cb2354 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-efi_loader-send-bootcomplete-message-to-secure-encla.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-efi_loader-send-bootcomplete-message-to-secure-encla.patch @@ -1,7 +1,7 @@ -From 902d5c499b6627a505986d298986a4ac430592b8 Mon Sep 17 00:00:00 2001 +From 709e5d8ff07474f840f1d34d3077135f77795452 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Wed, 5 Jan 2022 17:56:09 +0000 -Subject: [PATCH 22/24] efi_loader: send bootcomplete message to secure enclave +Date: Mon, 15 Aug 2022 15:46:18 +0100 +Subject: [PATCH 24/26] efi_loader: send bootcomplete message to secure enclave On corstone1000 platform, Secure Enclave will be expecting an event from uboot when it performs capsule update. Previously, @@ -11,15 +11,17 @@ to send an uboot efi initialized event at efi sub-system initialization stage. Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Upstream-Status: Pending [Not submitted to upstream yet] --- include/configs/corstone1000.h | 2 +- - lib/efi_loader/efi_boottime.c | 49 ---------------------------------- + lib/efi_loader/efi_boottime.c | 43 ---------------------------------- lib/efi_loader/efi_firmware.c | 2 +- - lib/efi_loader/efi_setup.c | 48 +++++++++++++++++++++++++++++++++ - 4 files changed, 50 insertions(+), 51 deletions(-) + lib/efi_loader/efi_setup.c | 39 ++++++++++++++++++++++++++++++ + 4 files changed, 41 insertions(+), 45 deletions(-) diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h -index a7445e61348b..06b605e43bdf 100644 +index 4637dd5d5d..333b1d93b6 100644 --- a/include/configs/corstone1000.h +++ b/include/configs/corstone1000.h @@ -22,7 +22,7 @@ @@ -32,10 +34,22 @@ index a7445e61348b..06b605e43bdf 100644 #define PREP_SEPROXY_SVC_ID_MASK GENMASK(31, 16) #define PREP_SEPROXY_SVC_ID(x) (FIELD_PREP(PREP_SEPROXY_SVC_ID_MASK, (x))) diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c -index 140d0f4f71da..6b9f5cf272b8 100644 +index de815484d2..cede7826bd 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c -@@ -2100,46 +2100,6 @@ static void efi_exit_caches(void) +@@ -27,11 +27,6 @@ + #include <arm_ffa.h> + #endif + +-#if IS_ENABLED(CONFIG_TARGET_CORSTONE1000) +-#include <linux/bitfield.h> +-#include <linux/bitops.h> +-#endif +- + DECLARE_GLOBAL_DATA_PTR; + + /* Task priority level */ +@@ -2100,35 +2095,6 @@ static void efi_exit_caches(void) #endif } @@ -51,30 +65,19 @@ index 140d0f4f71da..6b9f5cf272b8 100644 - */ -static int efi_corstone1000_kernel_started_event(void) -{ -- struct ffa_interface_data func_data = {0}; - struct ffa_send_direct_data msg = {0}; -- u16 part_id = CORSTONE1000_SEPROXY_PART_ID; - - log_debug("[%s]\n", __func__); - - /* -- * telling the driver which partition to use -- */ -- func_data.data0_size = sizeof(part_id); -- func_data.data0 = &part_id; -- -- /* - * setting the kernel started event arguments: - * setting capsule update interface ID(31:16) - * the kernel started event ID(15:0) - */ -- msg.a4 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) | -- PREP_SEPROXY_EVT(CORSTONE1000_KERNEL_STARTED_EVT); -- -- func_data.data1_size = sizeof(msg); -- func_data.data1 = &msg; +- msg.data1 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) | +- PREP_SEPROXY_EVT(CORSTONE1000_KERNEL_STARTED_EVT); /* w4 */ - -- return ffa_helper_msg_send_direct_req(&func_data); +- return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg); -} - -#endif @@ -82,7 +85,7 @@ index 140d0f4f71da..6b9f5cf272b8 100644 /** * efi_exit_boot_services() - stop all boot services * @image_handle: handle of the loaded image -@@ -2253,15 +2213,6 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, +@@ -2244,15 +2210,6 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, /* Recalculate CRC32 */ efi_update_table_header_crc32(&systab.hdr); @@ -99,7 +102,7 @@ index 140d0f4f71da..6b9f5cf272b8 100644 efi_set_watchdog(0); WATCHDOG_RESET(); diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c -index af43d4502f92..25f427b93669 100644 +index af43d4502f..25f427b936 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -47,7 +47,7 @@ static efi_status_t efi_corstone1000_img_info_get ( @@ -112,7 +115,7 @@ index af43d4502f92..25f427b93669 100644 } diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c -index bfd4687e10b5..a20128e9b582 100644 +index bfd4687e10..6c9e14c37e 100644 --- a/lib/efi_loader/efi_setup.c +++ b/lib/efi_loader/efi_setup.c @@ -17,6 +17,9 @@ @@ -121,11 +124,11 @@ index bfd4687e10b5..a20128e9b582 100644 #if IS_ENABLED(CONFIG_TARGET_CORSTONE1000) +#include <linux/bitfield.h> +#include <linux/bitops.h> -+#include <arm_ffa_helper.h> ++#include <arm_ffa.h> /** * efi_corstone1000_alloc_capsule_shared_buf - allocate capsule shared buffer */ -@@ -126,6 +129,44 @@ static efi_status_t efi_init_secure_boot(void) +@@ -126,6 +129,34 @@ static efi_status_t efi_init_secure_boot(void) } #endif /* CONFIG_EFI_SECURE_BOOT */ @@ -141,42 +144,31 @@ index bfd4687e10b5..a20128e9b582 100644 + * */ +static int efi_corstone1000_uboot_efi_started_event(void) +{ -+ struct ffa_interface_data func_data = {0}; + struct ffa_send_direct_data msg = {0}; -+ u16 part_id = CORSTONE1000_SEPROXY_PART_ID; + + log_debug("[%s]\n", __func__); + + /* -+ * telling the driver which partition to use -+ */ -+ func_data.data0_size = sizeof(part_id); -+ func_data.data0 = &part_id; -+ /* -+ * setting the uboot efi subsystem started event arguments: ++ * setting the kernel started event arguments: + * setting capsule update interface ID(31:16) -+ * the uboot efi subsystem started event ID(15:0) ++ * the kernel started event ID(15:0) + */ -+ msg.a4 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) | -+ PREP_SEPROXY_EVT(CORSTONE1000_UBOOT_EFI_STARTED_EVT); ++ msg.data1 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) | ++ PREP_SEPROXY_EVT(CORSTONE1000_UBOOT_EFI_STARTED_EVT); /* w4 */ + -+ func_data.data1_size = sizeof(msg); -+ func_data.data1 = &msg; -+ -+ return ffa_helper_msg_send_direct_req(&func_data); ++ return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg); +} +#endif + /** * efi_init_capsule - initialize capsule update state * -@@ -134,8 +175,15 @@ static efi_status_t efi_init_secure_boot(void) - static efi_status_t efi_init_capsule(void) - { +@@ -136,6 +167,14 @@ static efi_status_t efi_init_capsule(void) efi_status_t ret = EFI_SUCCESS; -+ int ffa_ret; #if IS_ENABLED(CONFIG_TARGET_CORSTONE1000) ++ int ffa_ret; ++ + ffa_ret = efi_corstone1000_uboot_efi_started_event(); + if (ffa_ret) + debug("[efi_boottime][ERROR]: Failure to notify SE Proxy FW update service\n"); @@ -187,5 +179,5 @@ index bfd4687e10b5..a20128e9b582 100644 if (ret != EFI_SUCCESS) { printf("EFI: Corstone-1000: cannot allocate caspsule shared buffer\n"); -- -2.37.1 +2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-efi_loader-fix-null-pointer-exception-with-get_image.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-efi_loader-fix-null-pointer-exception-with-get_image.patch index 165fac5fa0..dc9063ac41 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-efi_loader-fix-null-pointer-exception-with-get_image.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-efi_loader-fix-null-pointer-exception-with-get_image.patch @@ -1,7 +1,7 @@ -From 383078dde2fbf509dc3d24505f6b328316aee030 Mon Sep 17 00:00:00 2001 +From 456e616401b02a579e9ea5ec3e5ab1d1c884b389 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> Date: Fri, 14 Jan 2022 15:24:18 +0000 -Subject: [PATCH 23/24] efi_loader: fix null pointer exception with +Subject: [PATCH 25/26] efi_loader: fix null pointer exception with get_image_info get_img_info API implemented for corstone1000 target does not @@ -11,12 +11,13 @@ exception. Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +Upstream-Status: Pending [Not submitted to upstream yet] --- lib/efi_loader/efi_firmware.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c -index 25f427b93669..28d9a19edb90 100644 +index 25f427b936..28d9a19edb 100644 --- a/lib/efi_loader/efi_firmware.c +++ b/lib/efi_loader/efi_firmware.c @@ -38,26 +38,29 @@ static efi_status_t efi_corstone1000_img_info_get ( @@ -58,5 +59,5 @@ index 25f427b93669..28d9a19edb90 100644 IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED; image_info[i].attributes_setting = IMAGE_ATTRIBUTE_IMAGE_UPDATABLE; -- -2.37.1 +2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-arm-corstone1000-add-mmc-for-fvp.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0026-arm-corstone1000-add-mmc-for-fvp.patch index 2b9ca780e6..d4bf652007 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-arm-corstone1000-add-mmc-for-fvp.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0026-arm-corstone1000-add-mmc-for-fvp.patch @@ -1,12 +1,13 @@ -From cc3356c2a30b7aa85a25e9bc7b69a03537df3f27 Mon Sep 17 00:00:00 2001 +From 5e4c819c7ab0841429016c098106615b33486c8b Mon Sep 17 00:00:00 2001 From: Rui Miguel Silva <rui.silva@linaro.org> Date: Tue, 5 Apr 2022 10:24:38 +0100 -Subject: [PATCH 24/24] arm:corstone1000: add mmc for fvp +Subject: [PATCH 26/26] arm:corstone1000: add mmc for fvp Enable support mmc/sdcard for the corstone1000 FVP. Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +Upstream-Status: Pending [Not submitted to upstream yet] --- arch/arm/dts/corstone1000-fvp.dts | 28 +++++++++++++++ board/armltd/corstone1000/corstone1000.c | 46 ++++++++++++++++-------- @@ -15,7 +16,7 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> 4 files changed, 69 insertions(+), 17 deletions(-) diff --git a/arch/arm/dts/corstone1000-fvp.dts b/arch/arm/dts/corstone1000-fvp.dts -index 1fcc137a493c..26b0f1b3cea6 100644 +index 1fcc137a49..26b0f1b3ce 100644 --- a/arch/arm/dts/corstone1000-fvp.dts +++ b/arch/arm/dts/corstone1000-fvp.dts @@ -20,4 +20,32 @@ @@ -52,7 +53,7 @@ index 1fcc137a493c..26b0f1b3cea6 100644 + }; }; diff --git a/board/armltd/corstone1000/corstone1000.c b/board/armltd/corstone1000/corstone1000.c -index 2fa485ff3799..3d537d7a9052 100644 +index 2fa485ff37..3d537d7a90 100644 --- a/board/armltd/corstone1000/corstone1000.c +++ b/board/armltd/corstone1000/corstone1000.c @@ -46,22 +46,38 @@ static struct mm_region corstone1000_mem_map[] = { @@ -110,7 +111,7 @@ index 2fa485ff3799..3d537d7a9052 100644 /* OCVM */ .virt = 0x80000000UL, diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig -index b042d4e49419..147c14c94865 100644 +index c299dda49f..76e07fc20c 100644 --- a/configs/corstone1000_defconfig +++ b/configs/corstone1000_defconfig @@ -38,7 +38,13 @@ CONFIG_CMD_EFIDEBUG=y @@ -129,10 +130,10 @@ index b042d4e49419..147c14c94865 100644 CONFIG_USB=y CONFIG_DM_USB=y diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h -index 06b605e43bdf..d9855bf91ebf 100644 +index 333b1d93b6..815239590e 100644 --- a/include/configs/corstone1000.h +++ b/include/configs/corstone1000.h -@@ -95,7 +95,9 @@ +@@ -89,7 +89,9 @@ #define CONFIG_SYS_MAXARGS 64 /* max command args */ #define BOOT_TARGET_DEVICES(func) \ @@ -144,5 +145,5 @@ index 06b605e43bdf..d9855bf91ebf 100644 #include <config_distro_bootcmd.h> -- -2.37.1 +2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-corstone1000-use-a-compressed-kernel.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0027-corstone1000-use-a-compressed-kernel.patch index 4cc2498bf0..59000cd511 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-corstone1000-use-a-compressed-kernel.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0027-corstone1000-use-a-compressed-kernel.patch @@ -1,7 +1,7 @@ -From df70c467c5d100f1522b4521f48da4c51e43688c Mon Sep 17 00:00:00 2001 +From 26c8a8528b794dbaba49bcf3e1bae8a1e15a8448 Mon Sep 17 00:00:00 2001 From: Jon Mason <jon.mason@arm.com> -Date: Thu, 25 Aug 2022 13:48:22 +0000 -Subject: [PATCH 25/25] corstone1000: use a compressed kernel +Date: Thu, 25 Aug 2022 11:21:28 +0100 +Subject: [PATCH] corstone1000: add compressed kernel support The corstone1000 kernel has become too large to fit in the available storage. Swtiching to a compressed kernel avoids the problem, but @@ -9,24 +9,26 @@ requires uncompressing it. Add this decompression to the default boot instructions. Signed-off-by: Jon Mason <jon.mason@arm.com> +Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> +Upstream-Status: Pending [Not submitted to upstream yet] --- include/configs/corstone1000.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h -index d9855bf91e..d0cbc40121 100644 +index 815239590e..a8aa105fe6 100644 --- a/include/configs/corstone1000.h +++ b/include/configs/corstone1000.h -@@ -126,7 +126,8 @@ +@@ -120,7 +120,8 @@ #define CONFIG_BOOTCOMMAND \ "run retrieve_kernel_load_addr;" \ "echo Loading kernel from $kernel_addr to memory ... ;" \ - "loadm $kernel_addr $kernel_addr_r 0xc00000;" \ -+ "unzip $kernel_addr 0x90000000;" \ -+ "loadm 0x90000000 $kernel_addr_r 0xd00000;" \ ++ "unzip $kernel_addr 0x90000000;" \ ++ "loadm 0x90000000 $kernel_addr_r 0xf00000;" \ "usb start; usb reset;" \ "run distro_bootcmd;" \ "bootefi $kernel_addr_r $fdtcontroladdr;" -- -2.30.2 +2.17.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0028-Introduce-external-sys-driver-to-device-tree.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0028-Introduce-external-sys-driver-to-device-tree.patch new file mode 100644 index 0000000000..bd9a6cf660 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0028-Introduce-external-sys-driver-to-device-tree.patch @@ -0,0 +1,35 @@ +From 83f16fe96a86b00f7a4b7c4c4f7416119b80eddd Mon Sep 17 00:00:00 2001 +From: Emekcan <emekcan.aras@arm.com> +Date: Fri, 19 Aug 2022 16:04:48 +0100 +Subject: [PATCH] Introduce external sys driver to device-tree + +It adds external sys driver binding to u-boot +device tree. + +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +Upstream-Status: Pending [Not submitted to upstream yet] +--- + arch/arm/dts/corstone1000.dtsi | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/arch/arm/dts/corstone1000.dtsi b/arch/arm/dts/corstone1000.dtsi +index d0194aa893..19b6e3ea72 100644 +--- a/arch/arm/dts/corstone1000.dtsi ++++ b/arch/arm/dts/corstone1000.dtsi +@@ -160,6 +160,13 @@ + secure-status = "okay"; /* secure-world-only */ + status = "disabled"; + }; ++ ++ extsys0: extsys@1A010310 { ++ compatible = "arm,extsys_ctrl"; ++ reg = <0x1A010310 0x4>, ++ <0x1A010314 0X4>; ++ reg-names = "rstreg", "streg"; ++ }; + }; + + arm_ffa: arm_ffa { +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0029-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0029-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch new file mode 100644 index 0000000000..57bdef4575 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0029-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch @@ -0,0 +1,79 @@ +From a1b8b91a43cfa9dbaa2d907a6d9629da6f93fa3e Mon Sep 17 00:00:00 2001 +From: Emekcan <emekcan.aras@arm.com> +Date: Mon, 12 Sep 2022 15:47:06 +0100 +Subject: [PATCH] Add mhu and rpmsg client to u-boot device tree + +Adds external system controller and mhu driver to u-boot +device tree. This enables communication between host and +the external system. + +Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> +Upstream-Status: Pending [Not submitted to upstream yet] +--- + arch/arm/dts/corstone1000.dtsi | 50 ++++++++++++++++++++++++++++++++ + 1 file changed, 50 insertions(+) + +diff --git a/arch/arm/dts/corstone1000.dtsi b/arch/arm/dts/corstone1000.dtsi +index 19b6e3ea72..61dd6c432c 100644 +--- a/arch/arm/dts/corstone1000.dtsi ++++ b/arch/arm/dts/corstone1000.dtsi +@@ -161,6 +161,56 @@ + status = "disabled"; + }; + ++ mbox_es0mhu0_tx: mhu@1b000000 { ++ compatible = "arm,mhuv2-tx","arm,primecell"; ++ reg = <0x1b000000 0x1000>; ++ clocks = <&refclk100mhz>; ++ clock-names = "apb_pclk"; ++ interrupts = <GIC_SPI 11 IRQ_TYPE_LEVEL_HIGH>; ++ #mbox-cells = <2>; ++ arm,mhuv2-protocols = <1 1>; ++ mbox-name = "arm-es0-mhu0_tx"; ++ }; ++ ++ mbox_es0mhu0_rx: mhu@1b010000 { ++ compatible = "arm,mhuv2-rx","arm,primecell"; ++ reg = <0x1b010000 0x1000>; ++ clocks = <&refclk100mhz>; ++ clock-names = "apb_pclk"; ++ interrupts = <GIC_SPI 12 IRQ_TYPE_LEVEL_HIGH>; ++ #mbox-cells = <2>; ++ arm,mhuv2-protocols = <1 1>; ++ mbox-name = "arm-es0-mhu0_rx"; ++ }; ++ ++ mbox_es0mhu1_tx: mhu@1b020000 { ++ compatible = "arm,mhuv2-tx","arm,primecell"; ++ reg = <0x1b020000 0x1000>; ++ clocks = <&refclk100mhz>; ++ clock-names = "apb_pclk"; ++ interrupts = <GIC_SPI 46 IRQ_TYPE_LEVEL_HIGH>; ++ #mbox-cells = <2>; ++ arm,mhuv2-protocols = <1 1>; ++ mbox-name = "arm-es0-mhu1_tx"; ++ }; ++ ++ mbox_es0mhu1_rx: mhu@1b030000 { ++ compatible = "arm,mhuv2-rx","arm,primecell"; ++ reg = <0x1b030000 0x1000>; ++ clocks = <&refclk100mhz>; ++ clock-names = "apb_pclk"; ++ interrupts = <GIC_SPI 47 IRQ_TYPE_LEVEL_HIGH>; ++ #mbox-cells = <2>; ++ arm,mhuv2-protocols = <1 1>; ++ mbox-name = "arm-es0-mhu1_rx"; ++ }; ++ ++ client { ++ compatible = "arm,client"; ++ mboxes = <&mbox_es0mhu0_tx 0 0>, <&mbox_es0mhu1_tx 0 0>, <&mbox_es0mhu0_rx 0 0>, <&mbox_es0mhu1_rx 0 0>; ++ mbox-names = "es0mhu0_tx", "es0mhu1_tx", "es0mhu0_rx", "es0mhu1_rx"; ++ }; ++ + extsys0: extsys@1A010310 { + compatible = "arm,extsys_ctrl"; + reg = <0x1A010310 0x4>, +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-arm_ffa-introducing-Arm-FF-A-low-level-driver.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0002-arm_ffa-introducing-Arm-FF-A-low-level-driver.patch index 617aaf77e2..7749858188 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-arm_ffa-introducing-Arm-FF-A-low-level-driver.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0002-arm_ffa-introducing-Arm-FF-A-low-level-driver.patch @@ -1,7 +1,7 @@ -From 968c86e8a6ed3e9e6621f0ae44977b5b13d90bfd Mon Sep 17 00:00:00 2001 +From 42fd69fb5ec0c441b3d31ec544ed03bedab28d45 Mon Sep 17 00:00:00 2001 From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> Date: Tue, 16 Nov 2021 12:34:52 +0000 -Subject: [PATCH 06/24] arm_ffa: introducing Arm FF-A low-level driver +Subject: [PATCH 2/7] arm_ffa: introducing Arm FF-A low-level driver This driver implements Arm Firmware Framework for Armv8-A on u-boot @@ -23,6 +23,7 @@ FF-A function to use for the communication with secure world. Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> +Upstream-Status: Submitted [https://patchwork.ozlabs.org/project/uboot/patch/20220801172053.20163-4-abdellatif.elkhlifi@arm.com/] --- MAINTAINERS | 8 + arch/arm/cpu/armv8/smccc-call.S | 27 + @@ -58,10 +59,10 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> create mode 100644 lib/arm-ffa/arm_ffa_helper.c diff --git a/MAINTAINERS b/MAINTAINERS -index 7f27ff4c20fc..d29d7e040764 100644 +index 96582fc677..14307e6da6 100644 --- a/MAINTAINERS +++ b/MAINTAINERS -@@ -244,6 +244,14 @@ F: board/CZ.NIC/ +@@ -232,6 +232,14 @@ F: board/CZ.NIC/ F: configs/turris_*_defconfig F: include/configs/turris_*.h @@ -77,7 +78,7 @@ index 7f27ff4c20fc..d29d7e040764 100644 M: Stefano Babic <sbabic@denx.de> M: Fabio Estevam <festevam@gmail.com> diff --git a/arch/arm/cpu/armv8/smccc-call.S b/arch/arm/cpu/armv8/smccc-call.S -index dc92b28777c3..ffc39c9fefa2 100644 +index dc92b28777..ffc39c9fef 100644 --- a/arch/arm/cpu/armv8/smccc-call.S +++ b/arch/arm/cpu/armv8/smccc-call.S @@ -1,6 +1,8 @@ @@ -119,7 +120,7 @@ index dc92b28777c3..ffc39c9fefa2 100644 + +#endif diff --git a/arch/arm/lib/asm-offsets.c b/arch/arm/lib/asm-offsets.c -index 22fd541f9a28..45eca83a473c 100644 +index 22fd541f9a..45eca83a47 100644 --- a/arch/arm/lib/asm-offsets.c +++ b/arch/arm/lib/asm-offsets.c @@ -9,6 +9,8 @@ @@ -143,20 +144,20 @@ index 22fd541f9a28..45eca83a473c 100644 DEFINE(ARM_SMCCC_QUIRK_STATE_OFFS, offsetof(struct arm_smccc_quirk, state)); #endif diff --git a/common/board_r.c b/common/board_r.c -index 6f4aca2077d6..412a0ea9fac3 100644 +index c24d9b4e22..af20f38b10 100644 --- a/common/board_r.c +++ b/common/board_r.c -@@ -62,6 +62,9 @@ +@@ -61,6 +61,9 @@ + #include <wdt.h> #include <asm-generic/gpio.h> #include <efi_loader.h> - #include <relocate.h> +#ifdef CONFIG_ARM_FFA_TRANSPORT +#include <arm_ffa_helper.h> +#endif DECLARE_GLOBAL_DATA_PTR; -@@ -779,6 +782,9 @@ static init_fnc_t init_sequence_r[] = { +@@ -770,6 +773,9 @@ static init_fnc_t init_sequence_r[] = { INIT_FUNC_WATCHDOG_RESET initr_net, #endif @@ -167,7 +168,7 @@ index 6f4aca2077d6..412a0ea9fac3 100644 initr_post, #endif diff --git a/drivers/Kconfig b/drivers/Kconfig -index b26ca8cf70c9..e83c23789d1b 100644 +index b26ca8cf70..e83c23789d 100644 --- a/drivers/Kconfig +++ b/drivers/Kconfig @@ -6,6 +6,8 @@ source "drivers/core/Kconfig" @@ -180,10 +181,10 @@ index b26ca8cf70c9..e83c23789d1b 100644 source "drivers/axi/Kconfig" diff --git a/drivers/Makefile b/drivers/Makefile -index 67c8af74424e..1be687b55d13 100644 +index 4e7cf28440..6671d2a604 100644 --- a/drivers/Makefile +++ b/drivers/Makefile -@@ -109,6 +109,7 @@ obj-y += iommu/ +@@ -107,6 +107,7 @@ obj-y += iommu/ obj-y += smem/ obj-y += thermal/ obj-$(CONFIG_TEE) += tee/ @@ -193,7 +194,7 @@ index 67c8af74424e..1be687b55d13 100644 obj-$(CONFIG_W1) += w1/ diff --git a/drivers/arm-ffa/Kconfig b/drivers/arm-ffa/Kconfig new file mode 100644 -index 000000000000..d71444c1fa90 +index 0000000000..d71444c1fa --- /dev/null +++ b/drivers/arm-ffa/Kconfig @@ -0,0 +1,26 @@ @@ -225,7 +226,7 @@ index 000000000000..d71444c1fa90 + all the interactions between Normal world and Secure World. diff --git a/drivers/arm-ffa/Makefile b/drivers/arm-ffa/Makefile new file mode 100644 -index 000000000000..9fb5bea52299 +index 0000000000..9fb5bea522 --- /dev/null +++ b/drivers/arm-ffa/Makefile @@ -0,0 +1,3 @@ @@ -234,7 +235,7 @@ index 000000000000..9fb5bea52299 +obj-y += arm-ffa-uclass.o core.o diff --git a/drivers/arm-ffa/arm-ffa-uclass.c b/drivers/arm-ffa/arm-ffa-uclass.c new file mode 100644 -index 000000000000..43f6066281fe +index 0000000000..43f6066281 --- /dev/null +++ b/drivers/arm-ffa/arm-ffa-uclass.c @@ -0,0 +1,67 @@ @@ -307,7 +308,7 @@ index 000000000000..43f6066281fe +} diff --git a/drivers/arm-ffa/arm_ffa_prv.h b/drivers/arm-ffa/arm_ffa_prv.h new file mode 100644 -index 000000000000..38ea4ba83efc +index 0000000000..38ea4ba83e --- /dev/null +++ b/drivers/arm-ffa/arm_ffa_prv.h @@ -0,0 +1,199 @@ @@ -512,7 +513,7 @@ index 000000000000..38ea4ba83efc +#endif diff --git a/drivers/arm-ffa/core.c b/drivers/arm-ffa/core.c new file mode 100644 -index 000000000000..98e2d2fa1767 +index 0000000000..98e2d2fa17 --- /dev/null +++ b/drivers/arm-ffa/core.c @@ -0,0 +1,1484 @@ @@ -2002,7 +2003,7 @@ index 000000000000..98e2d2fa1767 +}; diff --git a/include/arm_ffa.h b/include/arm_ffa.h new file mode 100644 -index 000000000000..313f46f74764 +index 0000000000..313f46f747 --- /dev/null +++ b/include/arm_ffa.h @@ -0,0 +1,191 @@ @@ -2199,7 +2200,7 @@ index 000000000000..313f46f74764 +#endif diff --git a/include/arm_ffa_helper.h b/include/arm_ffa_helper.h new file mode 100644 -index 000000000000..0e143e54511e +index 0000000000..0e143e5451 --- /dev/null +++ b/include/arm_ffa_helper.h @@ -0,0 +1,45 @@ @@ -2249,10 +2250,10 @@ index 000000000000..0e143e54511e +int ffa_uuid_str_to_bin(const char *uuid_str, unsigned char *uuid_bin); +#endif diff --git a/include/dm/uclass-id.h b/include/dm/uclass-id.h -index 3ba69ad9a084..732441824557 100644 +index 0e26e1d138..a1181b8f48 100644 --- a/include/dm/uclass-id.h +++ b/include/dm/uclass-id.h -@@ -55,6 +55,7 @@ enum uclass_id { +@@ -52,6 +52,7 @@ enum uclass_id { UCLASS_EFI_MEDIA, /* Devices provided by UEFI firmware */ UCLASS_ETH, /* Ethernet device */ UCLASS_ETH_PHY, /* Ethernet PHY device */ @@ -2261,7 +2262,7 @@ index 3ba69ad9a084..732441824557 100644 UCLASS_FS_FIRMWARE_LOADER, /* Generic loader */ UCLASS_GPIO, /* Bank of general-purpose I/O pins */ diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h -index 7f2be2339475..54980a130fdb 100644 +index 7f2be23394..54980a130f 100644 --- a/include/linux/arm-smccc.h +++ b/include/linux/arm-smccc.h @@ -1,6 +1,8 @@ @@ -2320,10 +2321,10 @@ index 7f2be2339475..54980a130fdb 100644 #define arm_smccc_smc_quirk(...) __arm_smccc_smc(__VA_ARGS__) diff --git a/lib/Kconfig b/lib/Kconfig -index acc0ac081a44..65db65c3c4cd 100644 +index 3c6fa99b1a..473821b882 100644 --- a/lib/Kconfig +++ b/lib/Kconfig -@@ -902,6 +902,7 @@ config SMBIOS_PARSER +@@ -810,6 +810,7 @@ config SMBIOS_PARSER source lib/efi/Kconfig source lib/efi_loader/Kconfig source lib/optee/Kconfig @@ -2332,7 +2333,7 @@ index acc0ac081a44..65db65c3c4cd 100644 config TEST_FDTDEC bool "enable fdtdec test" diff --git a/lib/Makefile b/lib/Makefile -index d9b1811f7506..4aa3e2ed2a7e 100644 +index 11b03d1cbe..8e6fad6130 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -9,6 +9,7 @@ obj-$(CONFIG_EFI) += efi/ @@ -2345,7 +2346,7 @@ index d9b1811f7506..4aa3e2ed2a7e 100644 obj-$(CONFIG_TIZEN) += tizen/ diff --git a/lib/arm-ffa/Kconfig b/lib/arm-ffa/Kconfig new file mode 100644 -index 000000000000..79acbc5a8fe3 +index 0000000000..79acbc5a8f --- /dev/null +++ b/lib/arm-ffa/Kconfig @@ -0,0 +1,6 @@ @@ -2357,7 +2358,7 @@ index 000000000000..79acbc5a8fe3 + pass the data and the FF-A function ID to the low level driver diff --git a/lib/arm-ffa/Makefile b/lib/arm-ffa/Makefile new file mode 100644 -index 000000000000..c30c0f398126 +index 0000000000..c30c0f3981 --- /dev/null +++ b/lib/arm-ffa/Makefile @@ -0,0 +1,8 @@ @@ -2371,7 +2372,7 @@ index 000000000000..c30c0f398126 +obj-y += arm_ffa_helper.o diff --git a/lib/arm-ffa/arm_ffa_helper.c b/lib/arm-ffa/arm_ffa_helper.c new file mode 100644 -index 000000000000..623899d38044 +index 0000000000..623899d380 --- /dev/null +++ b/lib/arm-ffa/arm_ffa_helper.c @@ -0,0 +1,188 @@ @@ -2564,7 +2565,7 @@ index 000000000000..623899d38044 + return 0; +} diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c -index 4da64b5d2962..c68d9ed4f0bd 100644 +index 5bcb8253ed..cffa2c69d6 100644 --- a/lib/efi_loader/efi_boottime.c +++ b/lib/efi_loader/efi_boottime.c @@ -23,6 +23,10 @@ @@ -2578,7 +2579,7 @@ index 4da64b5d2962..c68d9ed4f0bd 100644 DECLARE_GLOBAL_DATA_PTR; /* Task priority level */ -@@ -2113,6 +2117,10 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, +@@ -2114,6 +2118,10 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, struct efi_event *evt, *next_event; efi_status_t ret = EFI_SUCCESS; @@ -2589,7 +2590,7 @@ index 4da64b5d2962..c68d9ed4f0bd 100644 EFI_ENTRY("%p, %zx", image_handle, map_key); /* Check that the caller has read the current memory map */ -@@ -2173,6 +2181,15 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, +@@ -2174,6 +2182,15 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle, dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL); } @@ -2606,5 +2607,5 @@ index 4da64b5d2962..c68d9ed4f0bd 100644 efi_runtime_detach(); -- -2.37.1 +2.34.1 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0003-arm-total_compute-enable-psci.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0003-arm-total_compute-enable-psci.patch new file mode 100644 index 0000000000..da8d3f0053 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0003-arm-total_compute-enable-psci.patch @@ -0,0 +1,30 @@ +From 8dd3e03bd83939746b6a849dce37435ea7581032 Mon Sep 17 00:00:00 2001 +From: Davidson K <davidson.kumaresan@arm.com> +Date: Thu, 14 Jul 2022 19:35:41 +0530 +Subject: [PATCH 3/7] arm: total_compute: enable psci + +psci is used for system reset + +Signed-off-by: Davidson K <davidson.kumaresan@arm.com> +Change-Id: Iff4f769dc5e64b6000e892d77a011102b090acfd +Upstream-Status: Submitted [https://patchwork.ozlabs.org/project/uboot/patch/20220809102652.23776-1-davidson.kumaresan@arm.com/] +--- + arch/arm/dts/total_compute.dts | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/arch/arm/dts/total_compute.dts b/arch/arm/dts/total_compute.dts +index 4399269a44..96edacda0b 100644 +--- a/arch/arm/dts/total_compute.dts ++++ b/arch/arm/dts/total_compute.dts +@@ -45,4 +45,8 @@ + clock-frequency = <24000000>; + clock-output-names = "bp:clock24mhz"; + }; ++ psci { ++ compatible = "arm,psci-1.0", "arm,psci-0.2"; ++ method = "smc"; ++ }; + }; +-- +2.34.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0004-arm_ffa-rxtx_map-should-use-64-bit-calls.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0004-arm_ffa-rxtx_map-should-use-64-bit-calls.patch new file mode 100644 index 0000000000..fb1e9ea9f8 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0004-arm_ffa-rxtx_map-should-use-64-bit-calls.patch @@ -0,0 +1,37 @@ +From 6eee50e5376356b1faeb30507b411120a8b5c7d1 Mon Sep 17 00:00:00 2001 +From: Davidson K <davidson.kumaresan@arm.com> +Date: Mon, 6 Jun 2022 15:13:15 +0530 +Subject: [PATCH 4/7] arm_ffa: rxtx_map should use 64 bit calls + +rxtx_map deals with the 64 bit addresses and hence the 64 bit calls +should be used + +Signed-off-by: Davidson K <davidson.kumaresan@arm.com> +Change-Id: Iec1251266e61139767588d683d60bada1ed10abe +Upstream-Status: Pending [Not submitted to upstream yet] +--- + include/arm_ffa.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/include/arm_ffa.h b/include/arm_ffa.h +index 313f46f747..9627107079 100644 +--- a/include/arm_ffa.h ++++ b/include/arm_ffa.h +@@ -58,12 +58,13 @@ + ARM_SMCCC_OWNER_STANDARD, (func_num)) + + #define FFA_SMC_32(func_num) FFA_SMC(ARM_SMCCC_SMC_32, (func_num)) ++#define FFA_SMC_64(func_num) FFA_SMC(ARM_SMCCC_SMC_64, (func_num)) + + #define FFA_VERSION FFA_SMC_32(0x63) + #define FFA_ID_GET FFA_SMC_32(0x69) + #define FFA_FEATURES FFA_SMC_32(0x64) + #define FFA_PARTITION_INFO_GET FFA_SMC_32(0x68) +-#define FFA_RXTX_MAP FFA_SMC_32(0x66) ++#define FFA_RXTX_MAP FFA_SMC_64(0x66) + #define FFA_RXTX_UNMAP FFA_SMC_32(0x67) + #define FFA_RX_RELEASE FFA_SMC_32(0x65) + #define FFA_MSG_SEND_DIRECT_REQ FFA_SMC_32(0x6F) +-- +2.34.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0005-efi_firmware-add-new-fmp-driver-that-supports-arm-fw.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0005-efi_firmware-add-new-fmp-driver-that-supports-arm-fw.patch new file mode 100644 index 0000000000..159b048a06 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0005-efi_firmware-add-new-fmp-driver-that-supports-arm-fw.patch @@ -0,0 +1,993 @@ +From 6d26058401bce6012173b5341cdf4de72772a1c2 Mon Sep 17 00:00:00 2001 +From: Davidson K <davidson.kumaresan@arm.com> +Date: Mon, 6 Jun 2022 13:19:07 +0530 +Subject: [PATCH 5/7] efi_firmware: add new fmp driver that supports arm fwu + specification + +This fmp driver communicates to the firmware update secure partition +executing in the secure world which is an implementation of the arm +psa specification for the firmware update. The communication to the +firmware update secure partition is based on stmm and arm ff-a framework. + +It implements only the get_image_info and set_image api. + +Signed-off-by: Davidson K <davidson.kumaresan@arm.com> +Change-Id: I94c2cad210c32a60a8a0594cacf530b68ab6a09d +Upstream-Status: Pending [Not submitted to upstream yet] +--- + include/efi_firmware_arm_psa.h | 218 +++++++++++ + include/efi_loader.h | 1 + + lib/efi_loader/Kconfig | 9 + + lib/efi_loader/Makefile | 1 + + lib/efi_loader/efi_capsule.c | 8 + + lib/efi_loader/efi_firmware.c | 134 +++++++ + lib/efi_loader/efi_firmware_arm_psa.c | 520 ++++++++++++++++++++++++++ + 7 files changed, 891 insertions(+) + create mode 100644 include/efi_firmware_arm_psa.h + create mode 100644 lib/efi_loader/efi_firmware_arm_psa.c + +diff --git a/include/efi_firmware_arm_psa.h b/include/efi_firmware_arm_psa.h +new file mode 100644 +index 0000000000..82f932066c +--- /dev/null ++++ b/include/efi_firmware_arm_psa.h +@@ -0,0 +1,218 @@ ++/* SPDX-License-Identifier: GPL-2.0+ */ ++/* ++ * Copyright (C) 2022 Arm Limited ++ */ ++ ++#ifndef _EFI_FIRMWARE_ARM_PSA_H ++#define _EFI_FIRMWARE_ARM_PSA_H ++ ++#include <efi_loader.h> ++#include <mm_communication.h> ++#include <stdint.h> ++ ++#define PSA_FWU_DIRECTORY_UUID \ ++ EFI_GUID(0xdeee58d9, 0x5147, 0x4ad3, \ ++ 0xa2, 0x90, 0x77, 0x66, 0x6e, 0x23, 0x41, 0xa5) ++ ++#define PSA_FWU_SP_UUID \ ++ EFI_GUID(0x6823a838, 0x1b06, 0x470e, \ ++ 0x97, 0x74, 0x0c, 0xce, 0x8b, 0xfb, 0x53, 0xfd) ++ ++#define FFA_FWU_SP_UUID \ ++ {0x68, 0x23, 0xa8, 0x38, 0x1b, 0x06, 0x47, \ ++ 0x0e, 0x97, 0x74, 0x0c, 0xce, 0x8b, 0xfb, 0x53, 0xfd} ++ ++#define FWU_DISCOVER 0 ++#define FWU_BEGIN_STAGING 1 ++#define FWU_END_STAGING 2 ++#define FWU_CANCEL_STAGING 3 ++#define FWU_OPEN 4 ++#define FWU_WRITE_STREAM 5 ++#define FWU_READ_STREAM 6 ++#define FWU_COMMIT 7 ++#define FWU_ACCEPT_IMAGE 9 ++#define FWU_SELECT_PREVIOUS 10 ++ ++#define FWU_SUCCESS 0 ++#define FWU_UNKNOWN ((int32_t)-1) ++#define FWU_BUSY ((int32_t)-2) ++#define FWU_OUT_OF_BOUNDS ((int32_t)-3) ++#define FWU_AUTH_FAIL ((int32_t)-4) ++#define FWU_NO_PERMISSION ((int32_t)-5) ++#define FWU_DENIED ((int32_t)-6) ++#define FWU_RESUME ((int32_t)-7) ++ ++#define MAX_IMAGES 5 ++ ++typedef int32_t fwu_status_t; ++ ++struct fwu_image_info_entry { ++ efi_guid_t image_guid; ++ uint32_t client_permissions; ++ uint32_t img_max_size; ++ uint32_t lowest_acceptable_version; ++ uint32_t img_version; ++ uint32_t accepted; ++ uint32_t reserved; ++}__packed; ++ ++struct fwu_image_directory { ++ uint32_t directory_version; ++ uint32_t num_images; ++ uint32_t active_index; ++ uint32_t boot_index; ++ struct fwu_image_info_entry entries[MAX_IMAGES]; ++}__packed; ++ ++int __efi_runtime arm_psa_get_image_info( ++ efi_uintn_t *image_info_size, ++ struct efi_firmware_image_descriptor *image_info, ++ u32 *descriptor_version, ++ u8 *descriptor_count, ++ efi_uintn_t *descriptor_size, ++ u32 *package_version, ++ u16 **package_version_name ++); ++ ++int __efi_runtime arm_psa_update( ++ const void *image, ++ u8 image_index, ++ efi_uintn_t image_size ++); ++ ++struct mm_fwu_discover_arg { ++ uint32_t func_id; ++}__packed; ++ ++struct mm_fwu_discover_ret { ++ uint32_t status; ++ uint8_t version_major; ++ uint8_t version_minor; ++ uint16_t num_func; ++ uint8_t function_presence[]; ++}__packed; ++ ++struct mm_fwu_begin_staging_arg { ++ uint32_t func_id; ++}__packed; ++ ++struct mm_fwu_begin_staging_ret { ++ uint32_t status; ++}__packed; ++ ++struct mm_fwu_end_staging_arg { ++ uint32_t func_id; ++}__packed; ++ ++struct mm_fwu_end_staging_ret { ++ uint32_t status; ++}__packed; ++ ++struct mm_fwu_cancel_staging_arg { ++ uint32_t func_id; ++}__packed; ++ ++struct mm_fwu_cancel_staging_ret { ++ uint32_t status; ++}__packed; ++ ++struct mm_fwu_open_arg { ++ uint32_t func_id; ++ efi_guid_t image_guid; ++}__packed; ++ ++struct mm_fwu_open_ret { ++ uint32_t status; ++ uint32_t handle; ++}__packed; ++ ++struct mm_fwu_write_stream_arg { ++ uint32_t func_id; ++ uint32_t handle; ++ uint32_t data_len; ++ uint8_t payload[]; ++}__packed; ++ ++struct mm_fwu_write_stream_ret { ++ uint32_t status; ++}; ++ ++struct mm_fwu_read_stream_arg { ++ uint32_t func_id; ++ uint32_t handle; ++}__packed; ++ ++struct mm_fwu_read_stream_ret { ++ uint32_t status; ++ uint32_t read_bytes; ++ uint32_t total_bytes; ++ uint8_t payload[]; ++}__packed; ++ ++struct mm_fwu_commit_arg { ++ uint32_t func_id; ++ uint32_t handle; ++ uint32_t acceptance_req; ++ uint32_t max_atomic_len; ++}__packed; ++ ++struct mm_fwu_commit_ret { ++ uint32_t status; ++ uint32_t progress; ++ uint32_t total_work; ++}__packed; ++ ++struct mm_fwu_accept_arg { ++ uint32_t func_id; ++ uint32_t reserved; ++ efi_guid_t image_type_uuid; ++}__packed; ++ ++struct mm_fwu_accept_ret { ++ uint32_t status; ++}; ++ ++struct mm_fwu_select_previous_arg { ++ uint32_t func_id; ++}__packed; ++ ++struct mm_fwu_select_previous_ret { ++ uint32_t status; ++}__packed; ++ ++inline static void *get_fwu_hdr(struct efi_mm_communicate_header *mm_hdr) ++{ ++ const efi_guid_t fwu_sp_guid = PSA_FWU_SP_UUID; ++ guidcpy(&mm_hdr->header_guid, &fwu_sp_guid); ++ return mm_hdr->data; ++} ++ ++#define GET_HDR(name) \ ++static inline struct mm_fwu_##name * \ ++get_fwu_##name (struct efi_mm_communicate_header *mm_hdr) \ ++{ \ ++ return (struct mm_fwu_##name *)get_fwu_hdr(mm_hdr); \ ++} \ ++ ++GET_HDR(discover_arg) ++GET_HDR(discover_ret) ++GET_HDR(begin_staging_arg) ++GET_HDR(begin_staging_ret) ++GET_HDR(end_staging_arg) ++GET_HDR(end_staging_ret) ++GET_HDR(cancel_staging_arg) ++GET_HDR(cancel_staging_ret) ++GET_HDR(open_arg) ++GET_HDR(open_ret) ++GET_HDR(write_stream_arg) ++GET_HDR(write_stream_ret) ++GET_HDR(read_stream_arg) ++GET_HDR(read_stream_ret) ++GET_HDR(commit_arg) ++GET_HDR(commit_ret) ++GET_HDR(accept_arg) ++GET_HDR(accept_ret) ++GET_HDR(select_previous_arg) ++GET_HDR(select_previous_ret) ++ ++#endif /* _EFI_FIRMWARE_ARM_PSA_H */ +diff --git a/include/efi_loader.h b/include/efi_loader.h +index af36639ec6..7327c87497 100644 +--- a/include/efi_loader.h ++++ b/include/efi_loader.h +@@ -961,6 +961,7 @@ u16 *efi_create_indexed_name(u16 *buffer, size_t buffer_size, const char *name, + + extern const struct efi_firmware_management_protocol efi_fmp_fit; + extern const struct efi_firmware_management_protocol efi_fmp_raw; ++extern const struct efi_firmware_management_protocol efi_fmp_arm_psa; + + /* Capsule update */ + efi_status_t EFIAPI efi_update_capsule( +diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig +index e5e35fe51f..f99d436f16 100644 +--- a/lib/efi_loader/Kconfig ++++ b/lib/efi_loader/Kconfig +@@ -168,6 +168,15 @@ config EFI_CAPSULE_FIRMWARE_MANAGEMENT + Select this option if you want to enable capsule-based + firmware update using Firmware Management Protocol. + ++config EFI_CAPSULE_FIRMWARE_ARM_PSA ++ bool "FMP driver for ARM PSA FWU specification" ++ depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT ++ select EFI_CAPSULE_FIRMWARE ++ help ++ Select this option if you want to enable firmware management protocol ++ driver that supports the ARM PSA firmware update specification as ++ mentioned in https://developer.arm.com/documentation/den0118/a/ ++ + config EFI_CAPSULE_FIRMWARE_FIT + bool "FMP driver for FIT images" + depends on FIT +diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile +index 034d26cf01..f986ac6417 100644 +--- a/lib/efi_loader/Makefile ++++ b/lib/efi_loader/Makefile +@@ -38,6 +38,7 @@ obj-y += efi_boottime.o + obj-y += efi_helper.o + obj-$(CONFIG_EFI_HAVE_CAPSULE_SUPPORT) += efi_capsule.o + obj-$(CONFIG_EFI_CAPSULE_FIRMWARE) += efi_firmware.o ++obj-$(CONFIG_EFI_CAPSULE_FIRMWARE_ARM_PSA) += efi_firmware_arm_psa.o + obj-y += efi_console.o + obj-y += efi_device_path.o + obj-$(CONFIG_EFI_DEVICE_PATH_TO_TEXT) += efi_device_path_to_text.o +diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c +index f00440163d..3154fc51d3 100644 +--- a/lib/efi_loader/efi_capsule.c ++++ b/lib/efi_loader/efi_capsule.c +@@ -1041,6 +1041,14 @@ efi_status_t __weak efi_load_capsule_drivers(void) + &efi_fmp_raw, NULL)); + } + ++ if (IS_ENABLED(CONFIG_EFI_CAPSULE_FIRMWARE_ARM_PSA)) { ++ handle = NULL; ++ ret = EFI_CALL(efi_install_multiple_protocol_interfaces( ++ &handle, ++ &efi_guid_firmware_management_protocol, ++ &efi_fmp_arm_psa, NULL)); ++ } ++ + return ret; + } + +diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c +index a5ff32f121..3356559af8 100644 +--- a/lib/efi_loader/efi_firmware.c ++++ b/lib/efi_loader/efi_firmware.c +@@ -9,6 +9,7 @@ + #include <common.h> + #include <charset.h> + #include <dfu.h> ++#include <efi_firmware_arm_psa.h> + #include <efi_loader.h> + #include <image.h> + #include <signatures.h> +@@ -478,3 +479,136 @@ const struct efi_firmware_management_protocol efi_fmp_raw = { + .set_package_info = efi_firmware_set_package_info_unsupported, + }; + #endif /* CONFIG_EFI_CAPSULE_FIRMWARE_RAW */ ++ ++#ifdef CONFIG_EFI_CAPSULE_FIRMWARE_ARM_PSA ++/* ++ * This FIRMWARE_MANAGEMENT_PROTOCOL driver provides a firmware update ++ * method that supports the arm psa firmware update specification. ++ */ ++ ++/** ++ * efi_firmware_arm_psa_get_image_info - return information about the ++ * current firmware image ++ * @this: Protocol instance ++ * @image_info_size: Size of @image_info ++ * @image_info: Image information ++ * @descriptor_version: Pointer to version number ++ * @descriptor_count: Pointer to number of descriptors ++ * @descriptor_size: Pointer to descriptor size ++ * package_version: Package version ++ * package_version_name: Package version's name ++ * ++ * Return information bout the current firmware image in @image_info. ++ * @image_info will consist of a number of descriptors. ++ * ++ * Return status code ++ */ ++ ++static ++efi_status_t EFIAPI efi_firmware_arm_psa_get_image_info( ++ struct efi_firmware_management_protocol *this, ++ efi_uintn_t *image_info_size, ++ struct efi_firmware_image_descriptor *image_info, ++ u32 *descriptor_version, ++ u8 *descriptor_count, ++ efi_uintn_t *descriptor_size, ++ u32 *package_version, ++ u16 **package_version_name) ++{ ++ int ret; ++ ++ EFI_ENTRY("%p %p %p %p %p %p %p %p\n", this, ++ image_info_size, image_info, ++ descriptor_version, descriptor_count, descriptor_size, ++ package_version, package_version_name); ++ ++ if (!image_info_size) ++ return EFI_EXIT(EFI_INVALID_PARAMETER); ++ ++ if (*image_info_size && ++ (!image_info || !descriptor_version || !descriptor_count || ++ !descriptor_size || !package_version || !package_version_name)) ++ return EFI_EXIT(EFI_INVALID_PARAMETER); ++ ++ ret = arm_psa_get_image_info(image_info_size, image_info, ++ descriptor_version, descriptor_count, ++ descriptor_size, ++ package_version, package_version_name); ++ ++ if (ret) { ++ if (ret == -ENOMEM) ++ return EFI_EXIT(EFI_BUFFER_TOO_SMALL); ++ else ++ return EFI_EXIT(EFI_DEVICE_ERROR); ++ } ++ ++ return EFI_EXIT(EFI_SUCCESS); ++} ++ ++/** ++ * efi_firmware_arm_psa_set_image - update the firmware image ++ * @this: Protocol instance ++ * @image_index: Image index number ++ * @image: New image ++ * @image_size: Size of new image ++ * @vendor_code: Vendor-specific update policy ++ * @progress: Function to report the progress of update ++ * @abort_reason: Pointer to string of abort reason ++ * ++ * Update the firmware to new image, following the arm psa firmware ++ * update specification. ++ * @vendor_code, @progress and @abort_reason are not supported. ++ * ++ * Return: status code ++ */ ++static ++efi_status_t EFIAPI efi_firmware_arm_psa_set_image( ++ struct efi_firmware_management_protocol *this, ++ u8 image_index, ++ const void *image, ++ efi_uintn_t image_size, ++ const void *vendor_code, ++ efi_status_t (*progress)(efi_uintn_t completion), ++ u16 **abort_reason) ++{ ++ u32 fmp_hdr_signature; ++ const struct fmp_payload_header *header; ++ ++ EFI_ENTRY("%p %d %p %zd %p %p %p\n", this, image_index, image, ++ image_size, vendor_code, progress, abort_reason); ++ ++ if (!image) ++ return EFI_EXIT(EFI_INVALID_PARAMETER); ++ ++ /* TODO: capsule authentication */ ++ ++ fmp_hdr_signature = FMP_PAYLOAD_HDR_SIGNATURE; ++ header = (void *)image; ++ ++ if (!memcmp(&header->signature, &fmp_hdr_signature, ++ sizeof(fmp_hdr_signature))) { ++ /* ++ * When building the capsule with the scripts in ++ * edk2, a FMP header is inserted above the capsule ++ * payload. Compensate for this header to get the ++ * actual payload that is to be updated. ++ */ ++ image = (unsigned char *)image + header->header_size; ++ image_size -= header->header_size; ++ } ++ ++ if (arm_psa_update(image, image_index, image_size)) ++ return EFI_EXIT(EFI_DEVICE_ERROR); ++ ++ return EFI_EXIT(EFI_SUCCESS); ++} ++ ++const struct efi_firmware_management_protocol efi_fmp_arm_psa = { ++ .get_image_info = efi_firmware_arm_psa_get_image_info, ++ .get_image = efi_firmware_get_image_unsupported, ++ .set_image = efi_firmware_arm_psa_set_image, ++ .check_image = efi_firmware_check_image_unsupported, ++ .get_package_info = efi_firmware_get_package_info_unsupported, ++ .set_package_info = efi_firmware_set_package_info_unsupported, ++}; ++#endif /* CONFIG_EFI_CAPSULE_FIRMWARE_ARM_PSA */ +diff --git a/lib/efi_loader/efi_firmware_arm_psa.c b/lib/efi_loader/efi_firmware_arm_psa.c +new file mode 100644 +index 0000000000..ab575f0124 +--- /dev/null ++++ b/lib/efi_loader/efi_firmware_arm_psa.c +@@ -0,0 +1,520 @@ ++/* SPDX-License-Identifier: GPL-2.0+ */ ++/* ++ * Copyright (C) 2022 Arm Limited ++ */ ++ ++#include <arm_ffa_helper.h> ++#include <configs/total_compute.h> ++#include <efi_firmware_arm_psa.h> ++#include <efi_loader.h> ++#include <malloc.h> ++#include <mapmem.h> ++#include <mm_communication.h> ++ ++/* MM return codes */ ++#define MM_SUCCESS 0 ++ ++#define ARM_SVC_ID_SP_EVENT_COMPLETE_AARCH64 0xC4000061 ++#define ARM_SVC_ID_SP_EVENT_COMPLETE ARM_SVC_ID_SP_EVENT_COMPLETE_AARCH64 ++ ++__efi_runtime_data static u16 mm_sp_id; ++__efi_runtime_data static int fwu_initialized = 0; ++__efi_runtime_data struct fwu_image_directory cached_image_directory; ++__efi_runtime_data struct efi_mm_communicate_header *mm_hdr; ++__efi_runtime_data void *mm_comm_buf; ++ ++/** ++ * ffa_discover_mm_sp_id() - Query the MM partition ID ++ * ++ * Use the FF-A driver to get the MM partition ID. ++ * If multiple partitions are found, use the first one ++ * ++ * Return: ++ * ++ * 0 on success ++ */ ++static int __efi_runtime ffa_discover_mm_sp_id(void) ++{ ++ struct ffa_interface_data func_data = {0}; ++ u32 count = 0; ++ int ret; ++ struct ffa_partition_info *parts_info; ++ static union ffa_partition_uuid fwu_sp_uuid = {.bytes = FFA_FWU_SP_UUID}; ++ ++ /* ++ * get from the driver the count of the SPs matching the UUID ++ */ ++ func_data.data0_size = sizeof(fwu_sp_uuid); ++ func_data.data0 = &fwu_sp_uuid; ++ func_data.data1_size = sizeof(count); ++ func_data.data1 = &count; ++ ++ ret = ffa_helper_get_partitions_info(&func_data); ++ if (ret != FFA_ERR_STAT_SUCCESS) { ++ log_err("EFI: Failure in querying partitions count (error code: %d)\n", ret); ++ return ret; ++ } ++ ++ if (!count) { ++ log_info("EFI: No MM partition found\n"); ++ return ret; ++ } ++ ++ /* ++ * pre-allocate a buffer to be filled by the driver ++ * with ffa_partition_info structs ++ */ ++ parts_info = calloc(count, sizeof(struct ffa_partition_info)); ++ if (!parts_info) ++ return -EINVAL; ++ ++ log_info("EFI: Pre-allocating %d partition(s) info structures\n", count); ++ ++ func_data.data1_size = count * sizeof(struct ffa_partition_info); ++ func_data.data1 = parts_info; ++ ++ /* ++ * ask the driver to fill the ++ * buffer with the SPs info ++ */ ++ ret = ffa_helper_get_partitions_info(&func_data); ++ if (ret != FFA_ERR_STAT_SUCCESS) { ++ log_err("EFI: Failure in querying partition(s) info (error code: %d)\n", ret); ++ free(parts_info); ++ return ret; ++ } ++ ++ /* ++ * MM SPs found , use the first one ++ */ ++ ++ mm_sp_id = parts_info[0].id; ++ ++ log_info("EFI: MM partition ID 0x%x\n", mm_sp_id); ++ ++ free(parts_info); ++ ++ return 0; ++} ++ ++/** ++ * ffa_notify_mm_sp() - Announce there is data in the shared buffer ++ * ++ * Notifies the MM partition in the trusted world that ++ * data is available in the shared buffer. ++ * This is a blocking call during which trusted world has exclusive access ++ * to the MM shared buffer. ++ * ++ * Return: ++ * ++ * 0 on success ++ */ ++static int __efi_runtime ffa_notify_mm_sp(void) ++{ ++ struct ffa_interface_data func_data = {0}; ++ struct ffa_send_direct_data msg = {0}; ++ int ret; ++ u32 sp_event_complete; ++ int sp_event_ret; ++ ++ func_data.data0_size = sizeof(mm_sp_id); ++ func_data.data0 = &mm_sp_id; ++ ++ msg.a3 = FFA_SHARED_MM_BUFFER_ADDR; ++ msg.a4 = FFA_SHARED_MM_BUFFER_SIZE; ++ func_data.data1_size = sizeof(msg); ++ func_data.data1 = &msg; ++ ++ ret = ffa_helper_msg_send_direct_req(&func_data); ++ if (ret != FFA_ERR_STAT_SUCCESS) { ++ log_err("EFI: Failure to notify the MM SP , FF-A error (%d)\n", ret); ++ return ret; ++ } ++ ++ sp_event_complete = msg.a3; ++ sp_event_ret = (int)msg.a4; ++ ++ if (sp_event_complete == ARM_SVC_ID_SP_EVENT_COMPLETE && sp_event_ret == MM_SUCCESS) ++ return 0; ++ ++ log_err("EFI: Failure to notify the MM SP (0x%x , %d)\n", ++ sp_event_complete, ++ sp_event_ret); ++ ++ return -EACCES; ++} ++ ++static fwu_status_t __efi_runtime fwu_discover(void) ++{ ++ int ret; ++ struct mm_fwu_discover_arg *discover_arg = get_fwu_discover_arg(mm_hdr); ++ struct mm_fwu_discover_ret *discover_ret = get_fwu_discover_ret(mm_hdr); ++ ++ discover_arg->func_id = FWU_DISCOVER; ++ ++ mm_hdr->message_len = sizeof(struct mm_fwu_discover_arg); ++ ++ ret = ffa_notify_mm_sp(); ++ if (ret) ++ return ret; ++ ++ if (discover_ret->version_major != 1) { ++ log_err("FWU: Unsupported Update Agent version\n"); ++ return -EINVAL; ++ } ++ /* TODO: check other parameters as well */ ++ ++ return discover_ret->status; ++} ++ ++static fwu_status_t __efi_runtime fwu_begin_staging(void) ++{ ++ int ret; ++ struct mm_fwu_begin_staging_arg *begin_staging_arg = get_fwu_begin_staging_arg(mm_hdr); ++ struct mm_fwu_begin_staging_ret *begin_staging_ret = get_fwu_begin_staging_ret(mm_hdr); ++ ++ begin_staging_arg->func_id = FWU_BEGIN_STAGING; ++ ++ mm_hdr->message_len = sizeof(struct mm_fwu_begin_staging_arg); ++ ++ ret = ffa_notify_mm_sp(); ++ if (ret) ++ return ret; ++ ++ return begin_staging_ret->status; ++} ++ ++static fwu_status_t __efi_runtime fwu_end_staging(void) ++{ ++ int ret; ++ struct mm_fwu_end_staging_arg *end_staging_arg = get_fwu_end_staging_arg(mm_hdr); ++ struct mm_fwu_end_staging_ret *end_staging_ret = get_fwu_end_staging_ret(mm_hdr); ++ ++ end_staging_arg->func_id = FWU_END_STAGING; ++ ++ mm_hdr->message_len = sizeof(struct mm_fwu_end_staging_arg); ++ ++ ret = ffa_notify_mm_sp(); ++ if (ret) ++ return ret; ++ ++ return end_staging_ret->status; ++} ++ ++static fwu_status_t __efi_runtime fwu_cancel_staging(void) ++{ ++ int ret; ++ struct mm_fwu_cancel_staging_arg *cancel_staging_arg = get_fwu_cancel_staging_arg(mm_hdr); ++ struct mm_fwu_cancel_staging_ret *cancel_staging_ret = get_fwu_cancel_staging_ret(mm_hdr); ++ ++ cancel_staging_arg->func_id = FWU_CANCEL_STAGING; ++ ++ mm_hdr->message_len = sizeof(struct mm_fwu_cancel_staging_arg); ++ ++ ret = ffa_notify_mm_sp(); ++ if (ret) ++ return ret; ++ ++ return cancel_staging_ret->status; ++} ++ ++static fwu_status_t __efi_runtime fwu_open(const efi_guid_t *img_uuid, uint32_t *handle) ++{ ++ int ret; ++ struct mm_fwu_open_arg *open_hdr = get_fwu_open_arg(mm_hdr); ++ struct mm_fwu_open_ret *open_ret = get_fwu_open_ret(mm_hdr); ++ ++ open_hdr->func_id = FWU_OPEN; ++ guidcpy(&open_hdr->image_guid, img_uuid); ++ ++ mm_hdr->message_len = sizeof(struct mm_fwu_open_arg); ++ ++ ret = ffa_notify_mm_sp(); ++ if (ret) ++ return ret; ++ ++ *handle = open_ret->handle; ++ ++ return open_ret->status; ++} ++ ++static fwu_status_t __efi_runtime fwu_read_stream(uint32_t handle, uint8_t *buffer, uint32_t buffer_size) ++{ ++ int ret; ++ struct mm_fwu_read_stream_arg *read_stream_hdr = get_fwu_read_stream_arg(mm_hdr); ++ struct mm_fwu_read_stream_ret *read_stream_ret = get_fwu_read_stream_ret(mm_hdr); ++ uint32_t payload_size = FFA_SHARED_MM_BUFFER_SIZE - sizeof(struct mm_fwu_read_stream_ret) ++ - sizeof(struct efi_mm_communicate_header); ++ uint32_t read_offset = 0, read_size, total_size; ++ ++ do { ++ read_stream_hdr->func_id = FWU_READ_STREAM; ++ read_stream_hdr->handle = handle; ++ ++ mm_hdr->message_len = sizeof(struct mm_fwu_read_stream_arg); ++ ++ ret = ffa_notify_mm_sp(); ++ if (ret) ++ return ret; ++ ++ if (read_stream_ret->status) ++ return read_stream_ret->status; ++ ++ read_size = read_stream_ret->read_bytes; ++ total_size = read_stream_ret->total_bytes; ++ ++ log_info("FWU: read bytes / total bytes : %d/%d\n", read_size, total_size); ++ ++ if ((read_size <= payload_size) && (read_offset + read_size <= buffer_size)) ++ memcpy(buffer + read_offset, read_stream_ret->payload, read_size); ++ else ++ return -EINVAL; ++ ++ read_offset += read_size; ++ ++ if (read_offset > total_size) ++ return -EINVAL; ++ } while (total_size != read_offset); ++ ++ return read_stream_ret->status; ++} ++ ++static fwu_status_t __efi_runtime fwu_write_stream(uint32_t handle, const uint8_t *buffer, uint32_t remaining_size) ++{ ++ int ret; ++ struct mm_fwu_write_stream_arg *write_stream_arg = get_fwu_write_stream_arg(mm_hdr); ++ struct mm_fwu_write_stream_ret *write_stream_ret = get_fwu_write_stream_ret(mm_hdr); ++ uint32_t write_size; ++ uint32_t payload_size = FFA_SHARED_MM_BUFFER_SIZE - sizeof(struct mm_fwu_write_stream_arg) ++ - sizeof(struct efi_mm_communicate_header); ++ ++ while (remaining_size) { ++ write_size = (remaining_size < payload_size) ? remaining_size : payload_size; ++ write_stream_arg->func_id = FWU_WRITE_STREAM; ++ write_stream_arg->handle = handle; ++ write_stream_arg->data_len = write_size; ++ memcpy(write_stream_arg->payload, buffer, write_size); ++ ++ mm_hdr->message_len = sizeof(struct mm_fwu_write_stream_arg) + write_size; ++ ++ ret = ffa_notify_mm_sp(); ++ if (ret) ++ return ret; ++ ++ if(write_stream_ret->status) ++ return write_stream_ret->status; ++ ++ remaining_size -= write_size; ++ buffer += write_size; ++ ++ log_info("FWU: write size = %d, remaining size = %d\n", ++ write_size, remaining_size); ++ } ++ ++ return write_stream_ret->status; ++} ++ ++static fwu_status_t __efi_runtime fwu_commit(uint32_t handle, bool client_accept) ++{ ++ int ret; ++ struct mm_fwu_commit_arg *commit_arg = get_fwu_commit_arg(mm_hdr); ++ struct mm_fwu_commit_ret *commit_ret = get_fwu_commit_ret(mm_hdr); ++ ++ do { ++ commit_arg->func_id = FWU_COMMIT; ++ commit_arg->handle = handle; ++ commit_arg->acceptance_req = client_accept; ++ commit_arg->max_atomic_len = 0; ++ ++ mm_hdr->message_len = sizeof(struct mm_fwu_commit_arg); ++ ++ ret = ffa_notify_mm_sp(); ++ if (ret) ++ return ret; ++ ++ log_info("FWU: commit progress %d/%d (work/total_work)\n", ++ commit_ret->progress, commit_ret->total_work); ++ ++ } while(commit_ret->status==FWU_RESUME); ++ ++ return commit_ret->status; ++} ++ ++int __efi_runtime arm_psa_update( ++ const void *image, ++ u8 image_index, ++ efi_uintn_t image_size ++) ++{ ++ int ret = 0; ++ uint32_t handle; ++ ++ if(image_index >= cached_image_directory.num_images) ++ return -EINVAL; ++ ++ ret = fwu_begin_staging(); ++ if (ret) { ++ log_err("FWU: begin staging failed, ret = %d\n", ret); ++ return ret; ++ } ++ ++ ret = fwu_open(&cached_image_directory.entries[image_index].image_guid, &handle); ++ if (ret) { ++ log_err("FWU: firmware image open failed, ret = %d\n", ret); ++ goto cancel_staging; ++ } ++ ++ ret = fwu_write_stream(handle, (uint8_t *)image, image_size); ++ if (ret) { ++ log_err("FWU: write stream failed, ret = %d\n", ret); ++ goto cancel_staging; ++ } ++ ++ /* TODO: implement client driven image acceptance */ ++ ret = fwu_commit(handle, 0); ++ if (ret) { ++ log_err("FWU: commit failed, ret = %d\n", ret); ++ goto cancel_staging; ++ } ++ ++ ret = fwu_end_staging(); ++ if (ret) { ++ log_err("FWU: end staging failed, ret = %d\n", ret); ++ goto cancel_staging; ++ } ++ ++ log_info("successfully updated the image at index %d\n", image_index); ++ return ret; ++ ++cancel_staging: ++ if (fwu_cancel_staging()) ++ log_err("FWU: cancel staging failed, ret = %d\n", ret); ++ ++ return ret; ++} ++ ++static int __efi_runtime read_image_directory(void) ++{ ++ int ret; ++ uint32_t handle; ++ ++ const efi_guid_t fwu_directory_uuid = PSA_FWU_DIRECTORY_UUID; ++ ++ ret = fwu_open(&fwu_directory_uuid, &handle); ++ if (ret) { ++ log_err("FWU: open image directory failed, ret = %d\n", ret); ++ return ret; ++ } ++ ++ ret = fwu_read_stream(handle, (uint8_t *)&cached_image_directory, sizeof(cached_image_directory)); ++ if (ret) { ++ log_err("FWU: read stream failed, ret = %d\n", ret); ++ return ret; ++ } ++ ++ if(cached_image_directory.num_images > MAX_IMAGES) { ++ log_err("FWU: image limit exceeded.\n"); ++ log_err("FWU: number of images present: %d, max number of images supported: %d\n", ++ cached_image_directory.num_images, MAX_IMAGES); ++ return -EINVAL; ++ } ++ ++ return ret; ++} ++ ++static int update_agent_init(void) ++{ ++ int ret; ++ ++ ret = ffa_discover_mm_sp_id(); ++ if (ret) { ++ log_err("FWU: discover update agent failed, ret = %d\n", ret); ++ return ret; ++ } ++ ++ mm_comm_buf = (void *)map_sysmem((phys_addr_t)FFA_SHARED_MM_BUFFER_ADDR, 0); ++ mm_hdr = (struct efi_mm_communicate_header *)mm_comm_buf; ++ ++ ret = fwu_discover(); ++ if (ret) { ++ log_err("FWU: discover failed, ret = %d\n", ret); ++ goto out; ++ } ++ ++ ret = read_image_directory(); ++ if (ret) { ++ log_err("FWU: reading image directory failed, ret = %d\n", ret); ++ goto out; ++ } ++ ++ fwu_initialized = 1; ++ return ret; ++out: ++ unmap_sysmem(mm_comm_buf); ++ return ret; ++} ++ ++int __efi_runtime arm_psa_get_image_info( ++ efi_uintn_t *image_info_size, ++ struct efi_firmware_image_descriptor *image_info, ++ u32 *descriptor_version, ++ u8 *descriptor_count, ++ efi_uintn_t *descriptor_size, ++ u32 *package_version, ++ u16 **package_version_name) ++{ ++ int ret = 0; ++ int required_image_info_size; ++ ++ if (!fwu_initialized) { ++ ret = update_agent_init(); ++ if (ret) { ++ log_err("update agent init failed, ret = %d\n", ret); ++ return ret; ++ } ++ } ++ ++ required_image_info_size = cached_image_directory.num_images * ++ sizeof(struct efi_firmware_image_descriptor); ++ ++ if (*image_info_size < required_image_info_size) { ++ *image_info_size = required_image_info_size; ++ return -ENOMEM; ++ } ++ ++ *descriptor_version = EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION; ++ *descriptor_count = cached_image_directory.num_images; ++ *descriptor_size = required_image_info_size; ++ *package_version = 0xffffffff; /* not supported */ ++ *package_version_name = NULL; /* not supported */ ++ ++ for (int i = 0; i < cached_image_directory.num_images; i++) { ++ image_info[i].image_index = i+1; ++ guidcpy(&image_info[i].image_type_id, &cached_image_directory.entries[i].image_guid); ++ image_info[i].image_id = i; ++ image_info[i].image_id_name = NULL; /* not supported */ ++ image_info[i].version = cached_image_directory.entries[i].img_version; ++ image_info[i].version_name = NULL; /* not supported */ ++ image_info[i].size = cached_image_directory.entries[i].img_max_size; ++ ++ image_info[i].attributes_supported = ++ IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | ++ IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED; ++ image_info[i].attributes_setting = ++ IMAGE_ATTRIBUTE_IMAGE_UPDATABLE; ++ ++ /* Check if the capsule authentication is enabled */ ++ if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE)) ++ image_info[i].attributes_setting |= ++ IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED; ++ ++ image_info[i].lowest_supported_image_version = ++ cached_image_directory.entries[i].lowest_acceptable_version; ++ image_info[i].last_attempt_version = 0; ++ image_info[i].last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS; ++ image_info[i].hardware_instance = 1; ++ image_info[i].dependencies = NULL; /* not supported */ ++ } ++ ++ return ret; ++} +-- +2.34.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0006-arm-total_compute-enable-capsule-update.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0006-arm-total_compute-enable-capsule-update.patch new file mode 100644 index 0000000000..bf2bfe8cb9 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0006-arm-total_compute-enable-capsule-update.patch @@ -0,0 +1,70 @@ +From 2ab887402b9e22842d07e5f2fe1ac54518555af5 Mon Sep 17 00:00:00 2001 +From: Davidson K <davidson.kumaresan@arm.com> +Date: Mon, 6 Jun 2022 13:24:42 +0530 +Subject: [PATCH 6/7] arm: total_compute: enable capsule update + +It includes: +* Enabling runtime capsule update +* Enabling efidebug command line tool +* Enabling the FMP driver that supports ARM PSA firmware update specification +* Predefining the carved out memory to be used for MM communication +* Enabling FF-A transport driver and adding an entry in dts + +Signed-off-by: Davidson K <davidson.kumaresan@arm.com> +Change-Id: I6d6c70c6fc386d6c40def800a7417c1ce4b8acf5 +Upstream-Status: Pending [Not submitted to upstream yet] +--- + arch/arm/dts/total_compute.dts | 7 +++++++ + configs/total_compute_defconfig | 5 +++++ + include/configs/total_compute.h | 4 ++++ + 3 files changed, 16 insertions(+) + +diff --git a/arch/arm/dts/total_compute.dts b/arch/arm/dts/total_compute.dts +index 96edacda0b..9b2cbfb452 100644 +--- a/arch/arm/dts/total_compute.dts ++++ b/arch/arm/dts/total_compute.dts +@@ -45,8 +45,15 @@ + clock-frequency = <24000000>; + clock-output-names = "bp:clock24mhz"; + }; ++ + psci { + compatible = "arm,psci-1.0", "arm,psci-0.2"; + method = "smc"; + }; ++ ++ arm_ffa { ++ compatible = "arm,ffa"; ++ method = "smc"; ++ status = "okay"; ++ }; + }; +diff --git a/configs/total_compute_defconfig b/configs/total_compute_defconfig +index 6a375543cd..531ce41cd3 100644 +--- a/configs/total_compute_defconfig ++++ b/configs/total_compute_defconfig +@@ -52,3 +52,8 @@ CONFIG_SYS_FLASH_PROTECTION=y + CONFIG_SYS_FLASH_CFI=y + CONFIG_LIBAVB=y + CONFIG_OF_LIBFDT_OVERLAY=y ++CONFIG_ARM_FFA_TRANSPORT=y ++CONFIG_CMD_EFIDEBUG=y ++CONFIG_EFI_CAPSULE_FIRMWARE_ARM_PSA=y ++CONFIG_EFI_CAPSULE_ON_DISK=y ++CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y +diff --git a/include/configs/total_compute.h b/include/configs/total_compute.h +index 62bdb4f6a3..4b00f47ec6 100644 +--- a/include/configs/total_compute.h ++++ b/include/configs/total_compute.h +@@ -59,4 +59,8 @@ + #define CONFIG_SYS_FLASH_EMPTY_INFO /* flinfo indicates empty blocks */ + #define FLASH_MAX_SECTOR_SIZE 0x00040000 + ++/* Shared buffer used for communication between u-boot and the FWU SP */ ++#define FFA_SHARED_MM_BUFFER_SIZE 4 * 1024 * 1024 /* 4 MB */ ++#define FFA_SHARED_MM_BUFFER_ADDR (0xFCA00000) ++ + #endif /* __TOTAL_COMPUTE_H */ +-- +2.34.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0007-arm_ffa-unmap-rxtx-buffer-before-exiting-u-boot.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0007-arm_ffa-unmap-rxtx-buffer-before-exiting-u-boot.patch new file mode 100644 index 0000000000..5c437232df --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0007-arm_ffa-unmap-rxtx-buffer-before-exiting-u-boot.patch @@ -0,0 +1,51 @@ +From 47be0456ea1760837d2de857e57842e595e9ea5e Mon Sep 17 00:00:00 2001 +From: Davidson K <davidson.kumaresan@arm.com> +Date: Mon, 27 Jun 2022 14:11:27 +0530 +Subject: [PATCH 7/7] arm_ffa: unmap rxtx buffer before exiting u-boot + +The linux kernel ffa driver will be used after the kernel boots. It +will try to map its own rxtx buffer. But there can be only one rxtx +buffer mapped from the non secure world. Since the rxtx buffer of +the u-boot is no longer used and we have to map the rxtx buffer of +the linux kernel, the rxtx buffer of the u-boot should be unmapped. + +This will not be needed after the efi runtime services are enabled + +Signed-off-by: Davidson K <davidson.kumaresan@arm.com> +Change-Id: I9deb6283d81f791185aa0a32d205b394d6d91f76 +Upstream-Status: Pending [Not submitted to upstream yet] +--- + drivers/arm-ffa/core.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/drivers/arm-ffa/core.c b/drivers/arm-ffa/core.c +index 98e2d2fa17..0c619439cb 100644 +--- a/drivers/arm-ffa/core.c ++++ b/drivers/arm-ffa/core.c +@@ -1470,6 +1470,16 @@ static const struct udevice_id ffa_match_id[] = { + {}, + }; + ++/** ++ * Unmap the rxtx buffer before exiting u-boot ++ * This avoids conflicts with the linux kernel ffa driver ++ */ ++ ++static int ffa_remove(struct udevice *dev) ++{ ++ return ffa_unmap_rxtx_buffers(); ++} ++ + /** + * Declaring the arm_ffa driver under UCLASS_FFA + */ +@@ -1481,4 +1491,6 @@ U_BOOT_DRIVER(arm_ffa) = { + .of_to_plat = ffa_of_to_plat, + .probe = ffa_probe, + .plat_auto = sizeof(struct ffa_pdata), ++ .remove = ffa_remove, ++ .flags = DM_FLAG_OS_PREPARE, + }; +-- +2.34.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend index a0a7284554..420cee6550 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend @@ -18,32 +18,36 @@ EXTRA_OEMAKE:append:corstone1000 = ' DEVICE_TREE=${CORSTONE1000_DEVICE_TREE}' SYSROOT_DIRS:append:corstone1000 = " /boot" SRC_URI:append:corstone1000 = " \ - file://0001-cmd-load-add-load-command-for-memory-mapped.patch \ - file://0002-arm-add-support-to-corstone1000-platform.patch \ - file://0003-usb-common-move-urb-code-to-common.patch \ - file://0004-usb-add-isp1760-family-driver.patch \ - file://0005-corstone1000-enable-isp1763-usb-controller.patch \ - file://0006-arm_ffa-introducing-Arm-FF-A-low-level-driver.patch \ - file://0007-arm_ffa-introducing-armffa-command.patch \ - file://0008-arm_ffa-introducing-MM-communication-with-FF-A.patch \ - file://0009-arm_ffa-introducing-test-module-for-UCLASS_FFA.patch \ - file://0010-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch \ - file://0011-efi-corstone1000-introduce-EFI-capsule-update.patch \ - file://0012-corstone1000-Update-FFA-shared-buffer-address.patch \ - file://0013-corstone1000-Make-sure-shared-buffer-contents-are-no.patch \ - file://0014-arm-corstone1000-fix-unrecognized-filesystem-type.patch \ - file://0015-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch \ - file://0016-efi_boottime-corstone1000-pass-interface-id-and-kern.patch \ - file://0017-efi_loader-corstone1000-remove-guid-check-from-corst.patch \ - file://0018-arm_ffa-removing-the-cast-when-using-binary-OR-on-FI.patch \ - file://0019-Use-correct-buffer-size.patch \ - file://0020-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch \ - file://0021-efi_firmware-add-get_image_info-for-corstone1000.patch \ - file://0022-efi_loader-send-bootcomplete-message-to-secure-encla.patch \ - file://0023-efi_loader-fix-null-pointer-exception-with-get_image.patch \ - file://0024-arm-corstone1000-add-mmc-for-fvp.patch \ - file://0025-corstone1000-use-a-compressed-kernel.patch \ - " + file://0001-cmd-load-add-load-command-for-memory-mapped.patch \ + file://0002-arm-add-support-to-corstone1000-platform.patch \ + file://0003-usb-common-move-urb-code-to-common.patch \ + file://0004-usb-add-isp1760-family-driver.patch \ + file://0005-corstone1000-enable-isp1763-usb-controller.patch \ + file://0006-arm64-smccc-add-support-for-SMCCCv1.2-x0-x17-registe.patch \ + file://0007-arm64-smccc-clear-the-Xn-registers-after-SMC-calls.patch \ + file://0008-lib-uuid-introduce-be_uuid_str_to_le_bin-function.patch \ + file://0009-arm_ffa-introduce-Arm-FF-A-low-level-driver.patch \ + file://0010-arm_ffa-introduce-armffa-command.patch \ + file://0011-arm_ffa-introduce-the-FF-A-Sandbox-driver.patch \ + file://0012-arm_ffa-introduce-Sandbox-test-cases-for-UCLASS_FFA.patch \ + file://0013-arm_ffa-introduce-armffa-command-Sandbox-test.patch \ + file://0014-arm_ffa-introduce-FF-A-MM-communication.patch \ + file://0015-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch \ + file://0016-efi-corstone1000-introduce-EFI-capsule-update.patch \ + file://0017-corstone1000-Update-FFA-shared-buffer-address.patch \ + file://0018-arm-corstone1000-fix-unrecognized-filesystem-type.patch \ + file://0019-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch \ + file://0020-efi_boottime-corstone1000-pass-interface-id-and-kern.patch \ + file://0021-efi_loader-corstone1000-remove-guid-check-from-corst.patch \ + file://0022-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch \ + file://0023-efi_firmware-add-get_image_info-for-corstone1000.patch \ + file://0024-efi_loader-send-bootcomplete-message-to-secure-encla.patch \ + file://0025-efi_loader-fix-null-pointer-exception-with-get_image.patch \ + file://0026-arm-corstone1000-add-mmc-for-fvp.patch \ + file://0027-corstone1000-use-a-compressed-kernel.patch \ + file://0028-Introduce-external-sys-driver-to-device-tree.patch \ + file://0029-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch \ + " # # FVP BASE @@ -85,4 +89,10 @@ SRC_URI:append:juno = " file://0001-arm-juno-add-custom-bootcmd-to-autoboot-from SRC_URI:append:tc = " \ file://bootargs.cfg \ file://0001-arm-total_compute-update-secure-dram-size.patch \ + file://0002-arm_ffa-introducing-Arm-FF-A-low-level-driver.patch \ + file://0003-arm-total_compute-enable-psci.patch \ + file://0004-arm_ffa-rxtx_map-should-use-64-bit-calls.patch \ + file://0005-efi_firmware-add-new-fmp-driver-that-supports-arm-fw.patch \ + file://0006-arm-total_compute-enable-capsule-update.patch \ + file://0007-arm_ffa-unmap-rxtx-buffer-before-exiting-u-boot.patch \ " diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2022.04.bb b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2022.04.bb index bc2d6d427e..46f9244699 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2022.04.bb +++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2022.04.bb @@ -23,4 +23,4 @@ do_configure[cleandirs] = "${B}" require recipes-bsp/u-boot/u-boot.inc -DEPENDS += "bc-native dtc-native" +DEPENDS += "bc-native dtc-native gnutls-native" diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-n1sdp.inc index 90c3f2ae70..629ea04947 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-n1sdp.inc +++ b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-n1sdp.inc @@ -1,3 +1,8 @@ +# Align with N1SDP-2022.06.22 release +SRCREV_edk2 = "b24306f15daa2ff8510b06702114724b33895d3c" +SRCREV_edk2-platforms = "fdaf4eb69a8b6839aecf6d3bdd938aa5c34a8a17" +PV .= "+git${SRCPV}" + # N1SDP specific EDK2 configurations EDK2_BUILD_RELEASE = "0" EDK2_PLATFORM = "n1sdp" @@ -14,7 +19,9 @@ EFI_BOOT_IMAGE = "bootaa64.efi" FILESEXTRAPATHS:prepend := "${THISDIR}/files/edk2-platforms:" SRC_URI:append = "\ - file://add-nt-fw-config.patch;patchdir=edk2-platforms \ + file://0001-Platform-ARM-N1sdp-Add-support-to-parse-NT_FW_CONFIG.patch;patchdir=edk2-platforms \ + file://0002-Platform-ARM-N1Sdp-Fix-RemoteDdrSize-cast.patch;patchdir=edk2-platforms \ + file://0003-Platform-ARM-N1Sdp-Modify-the-IRQ-ID-of-Debug-UART-a.patch;patchdir=edk2-platforms \ " do_deploy:append() { diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/add-nt-fw-config.patch b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/0001-Platform-ARM-N1sdp-Add-support-to-parse-NT_FW_CONFIG.patch index f6f1895116..e5526dd66e 100644 --- a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/add-nt-fw-config.patch +++ b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/0001-Platform-ARM-N1sdp-Add-support-to-parse-NT_FW_CONFIG.patch @@ -1,7 +1,7 @@ -From cc58709b32d74273736886ccfc08e4723a436ea4 Mon Sep 17 00:00:00 2001 +From fa3fd24ffbc987e952a2e5610a7b02556afd2087 Mon Sep 17 00:00:00 2001 From: sahil <sahil@arm.com> Date: Thu, 17 Mar 2022 16:28:05 +0530 -Subject: [PATCH] Platform/ARM/N1sdp: Add support to parse NT_FW_CONFIG +Subject: [PATCH 1/3] Platform/ARM/N1sdp: Add support to parse NT_FW_CONFIG NT_FW_CONFIG DTB contains platform information passed by Tf-A boot stage. @@ -11,6 +11,7 @@ it is used in ConfigurationManagerDxe. Upstream-Status: Pending Signed-off-by: Adam Johnston <adam.johnston@arm.com> +Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com> Signed-off-by: sahil <sahil@arm.com> Change-Id: Ib82571280bf1ca5febe5766e618de09e7b70bb02 @@ -26,7 +27,7 @@ Change-Id: Ib82571280bf1ca5febe5766e618de09e7b70bb02 8 files changed, 152 insertions(+), 25 deletions(-) diff --git a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c -index f50623ae3f..e023d47cfd 100644 +index f50623ae..e023d47c 100644 --- a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c +++ b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c @@ -1,7 +1,7 @@ @@ -138,7 +139,7 @@ index f50623ae3f..e023d47cfd 100644 // Configuration Manager Protocol
Status = InitializePlatformRepository (
diff --git a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManagerDxe.inf b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManagerDxe.inf -index 4f8e7f1302..fb59c29501 100644 +index 4f8e7f13..fb59c295 100644 --- a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManagerDxe.inf +++ b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManagerDxe.inf @@ -1,7 +1,7 @@ @@ -159,7 +160,7 @@ index 4f8e7f1302..fb59c29501 100644 UefiBootServicesTableLib
UefiDriverEntryPoint
diff --git a/Silicon/ARM/NeoverseN1Soc/Include/NeoverseN1Soc.h b/Silicon/ARM/NeoverseN1Soc/Include/NeoverseN1Soc.h -index 097160c7e2..63cebaf0e0 100644 +index 097160c7..63cebaf0 100644 --- a/Silicon/ARM/NeoverseN1Soc/Include/NeoverseN1Soc.h +++ b/Silicon/ARM/NeoverseN1Soc/Include/NeoverseN1Soc.h @@ -1,6 +1,6 @@ @@ -203,7 +204,7 @@ index 097160c7e2..63cebaf0e0 100644 +
#endif
diff --git a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/AArch64/Helper.S b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/AArch64/Helper.S -index 8d2069dea8..88ed640d29 100644 +index 8d2069de..88ed640d 100644 --- a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/AArch64/Helper.S +++ b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/AArch64/Helper.S @@ -1,6 +1,6 @@ @@ -224,7 +225,7 @@ index 8d2069dea8..88ed640d29 100644 //
diff --git a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.c b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.c -index c0effd37f3..fabe902cd0 100644 +index c0effd37..fabe902c 100644 --- a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.c +++ b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.c @@ -1,6 +1,6 @@ @@ -269,7 +270,7 @@ index c0effd37f3..fabe902cd0 100644 };
diff --git a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.inf b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.inf -index 96e590cdd8..6f9c9d5ab6 100644 +index 96e590cd..6f9c9d5a 100644 --- a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.inf +++ b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.inf @@ -1,7 +1,7 @@ @@ -307,7 +308,7 @@ index 96e590cdd8..6f9c9d5ab6 100644 gArmMpCoreInfoPpiGuid
+ gNtFwConfigDtInfoPpiGuid
diff --git a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c -index 339fa07b32..b58bda4b76 100644 +index 339fa07b..b58bda4b 100644 --- a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c +++ b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c @@ -1,6 +1,6 @@ @@ -441,7 +442,7 @@ index 339fa07b32..b58bda4b76 100644 NEOVERSEN1SOC_DRAM_BLOCK1_SIZE / SIZE_1GB) *
(UINT64)SIZE_1GB);
diff --git a/Silicon/ARM/NeoverseN1Soc/NeoverseN1Soc.dec b/Silicon/ARM/NeoverseN1Soc/NeoverseN1Soc.dec -index d59f25a5b9..4dea8fe1e8 100644 +index d59f25a5..4dea8fe1 100644 --- a/Silicon/ARM/NeoverseN1Soc/NeoverseN1Soc.dec +++ b/Silicon/ARM/NeoverseN1Soc/NeoverseN1Soc.dec @@ -1,7 +1,7 @@ @@ -470,5 +471,5 @@ index d59f25a5b9..4dea8fe1e8 100644 +[Ppis]
+ gNtFwConfigDtInfoPpiGuid = { 0xb50dee0e, 0x577f, 0x47fb, { 0x83, 0xd0, 0x41, 0x78, 0x61, 0x8b, 0x33, 0x8a } }
-- -2.17.1 +2.37.2 diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/0002-Platform-ARM-N1Sdp-Fix-RemoteDdrSize-cast.patch b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/0002-Platform-ARM-N1Sdp-Fix-RemoteDdrSize-cast.patch new file mode 100644 index 0000000000..1c097fcc7e --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/0002-Platform-ARM-N1Sdp-Fix-RemoteDdrSize-cast.patch @@ -0,0 +1,48 @@ +From 73aab76042ae34fa4b07414c1830129e572dcd65 Mon Sep 17 00:00:00 2001 +From: sahil <sahil@arm.com> +Date: Wed, 20 Apr 2022 12:24:41 +0530 +Subject: [PATCH 2/3] Platform/ARM/N1Sdp: Fix RemoteDdrSize cast + +RemoteDdrSize calculation wraps around when booting N1Sdp in +multichip mode. Casting it to UINT64 to fix the issue. + +Upstream-Status: Pending +Signed-off-by: Adam Johnston <adam.johnston@arm.com> +Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com> +Signed-off-by: sahil <sahil@arm.com> +Change-Id: I2c2a70c2ab046337236fba92d25dec5905ccd117 + +--- + .../ConfigurationManagerDxe/ConfigurationManager.c | 2 +- + Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c +index e023d47c..36b5fc9e 100644 +--- a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c ++++ b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c +@@ -1254,7 +1254,7 @@ InitializePlatformRepository ( + PlatRepoInfo->MemAffInfo[LOCAL_DDR_REGION2].Length = Dram2Size;
+
+ if (PlatInfo->MultichipMode == 1) {
+- RemoteDdrSize = ((PlatInfo->RemoteDdrSize - 2) * SIZE_1GB);
++ RemoteDdrSize = ((UINT64)(PlatInfo->RemoteDdrSize - 2) * SIZE_1GB);
+
+ // Update Remote DDR Region1
+ PlatRepoInfo->MemAffInfo[REMOTE_DDR_REGION1].ProximityDomain = 1;
+diff --git a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c +index b58bda4b..fbc9b05e 100644 +--- a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c ++++ b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c +@@ -157,7 +157,7 @@ ArmPlatformGetVirtualMemoryMap ( + DramBlock2Size);
+
+ if (PlatInfo->MultichipMode == 1) {
+- RemoteDdrSize = ((PlatInfo->RemoteDdrSize - 2) * SIZE_1GB);
++ RemoteDdrSize = ((UINT64)(PlatInfo->RemoteDdrSize - 2) * SIZE_1GB);
+
+ BuildResourceDescriptorHob (
+ EFI_RESOURCE_SYSTEM_MEMORY,
+-- +2.37.2 + diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/0003-Platform-ARM-N1Sdp-Modify-the-IRQ-ID-of-Debug-UART-a.patch b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/0003-Platform-ARM-N1Sdp-Modify-the-IRQ-ID-of-Debug-UART-a.patch new file mode 100644 index 0000000000..f0de02eb66 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/0003-Platform-ARM-N1Sdp-Modify-the-IRQ-ID-of-Debug-UART-a.patch @@ -0,0 +1,67 @@ +From adc66d99663f71ec97313c40b0d00a908f292c30 Mon Sep 17 00:00:00 2001 +From: Himanshu Sharma <Himanshu.Sharma@arm.com> +Date: Mon, 30 May 2022 10:53:30 +0000 +Subject: [PATCH 3/3] Platform/ARM/N1Sdp: Modify the IRQ ID of Debug UART and + routing it to IOFPGA UART1 + +In DBG2 table, IRQ ID was set as 0 for the UART. This overwrote the +IPI0 trigger method to "level", which prevented SGI0 to be enabled +again after a CPU offline/online cycle. + +This patch fixes the above issue by assigning a reserved IRQ ID +for the Debug UART, other than 0 and also routing it to use IOFPGA +UART1 by unsharing it from currently using serial terminal. + +Upstream-Status: Pending +Signed-off-by: Adam Johnston <adam.johnston@arm.com> +Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com> +Signed-off-by: Himanshu Sharma <Himanshu.Sharma@arm.com> +Change-Id: I6640c3c8f77afd233304ce9cb06dcf80a8659c16 + +--- + .../ConfigurationManagerDxe/ConfigurationManager.c | 2 +- + Platform/ARM/N1Sdp/N1SdpPlatform.dsc | 8 ++++---- + 2 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c +index 36b5fc9e..e8873200 100644 +--- a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c ++++ b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c +@@ -320,7 +320,7 @@ EDKII_PLATFORM_REPOSITORY_INFO N1sdpRepositoryInfo = { + // Debug Serial Port
+ {
+ FixedPcdGet64 (PcdSerialDbgRegisterBase), // BaseAddress
+- 0, // Interrupt -unused
++ 250, // Interrupt (reserved)
+ FixedPcdGet64 (PcdSerialDbgUartBaudRate), // BaudRate
+ FixedPcdGet32 (PcdSerialDbgUartClkInHz), // Clock
+ EFI_ACPI_DBG2_PORT_SUBTYPE_SERIAL_ARM_PL011_UART // Port subtype
+diff --git a/Platform/ARM/N1Sdp/N1SdpPlatform.dsc b/Platform/ARM/N1Sdp/N1SdpPlatform.dsc +index 865dd04d..878c8f2f 100644 +--- a/Platform/ARM/N1Sdp/N1SdpPlatform.dsc ++++ b/Platform/ARM/N1Sdp/N1SdpPlatform.dsc +@@ -4,7 +4,7 @@ + # This provides platform specific component descriptions and libraries that
+ # conform to EFI/Framework standards.
+ #
+-# Copyright (c) 2018 - 2021, ARM Limited. All rights reserved.<BR>
++# Copyright (c) 2018 - 2022, ARM Limited. All rights reserved.<BR>
+ #
+ # SPDX-License-Identifier: BSD-2-Clause-Patent
+ #
+@@ -136,9 +136,9 @@ + gArmPlatformTokenSpaceGuid.PL011UartInterrupt|95
+
+ # PL011 Serial Debug UART (DBG2)
+- gArmPlatformTokenSpaceGuid.PcdSerialDbgRegisterBase|gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase
+- gArmPlatformTokenSpaceGuid.PcdSerialDbgUartBaudRate|gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate
+- gArmPlatformTokenSpaceGuid.PcdSerialDbgUartClkInHz|50000000
++ gArmPlatformTokenSpaceGuid.PcdSerialDbgRegisterBase|0x1C0A0000
++ gArmPlatformTokenSpaceGuid.PcdSerialDbgUartBaudRate|115200
++ gArmPlatformTokenSpaceGuid.PcdSerialDbgUartClkInHz|24000000
+
+ # SBSA Watchdog
+ gArmTokenSpaceGuid.PcdGenericWatchdogEl2IntrNum|93
+-- +2.37.2 + diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0002-Add-external-system-driver.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0002-Add-external-system-driver.patch new file mode 100644 index 0000000000..ae69090a36 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0002-Add-external-system-driver.patch @@ -0,0 +1,223 @@ +Upstream-Status: Pending[Not submitted to upstream yet] +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> + +From 97509e82b51c57935fc8e918b33c09c4f6648ed7 Mon Sep 17 00:00:00 2001 +From: Emekcan <emekcan.aras@arm.com> +Date: Fri, 19 Aug 2022 14:51:08 +0100 +Subject: [PATCH] Add external system driver + +Adds external system driver to control it +from user-space. It provides run and reset +functionality at the moment. + +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +--- + drivers/misc/Kconfig | 2 + + drivers/misc/Makefile | 1 + + drivers/misc/arm/Kconfig | 5 ++ + drivers/misc/arm/Makefile | 1 + + drivers/misc/arm/extsys_ctrl.c | 151 +++++++++++++++++++++++++++++++++ + 5 files changed, 160 insertions(+) + create mode 100644 drivers/misc/arm/Kconfig + create mode 100644 drivers/misc/arm/Makefile + create mode 100644 drivers/misc/arm/extsys_ctrl.c + +diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig +index 0f5a49fc7c9e..5ca195110b3f 100644 +--- a/drivers/misc/Kconfig ++++ b/drivers/misc/Kconfig +@@ -487,4 +487,6 @@ source "drivers/misc/cardreader/Kconfig" + source "drivers/misc/habanalabs/Kconfig" + source "drivers/misc/uacce/Kconfig" + source "drivers/misc/pvpanic/Kconfig" ++source "drivers/misc/arm/Kconfig" ++ + endmenu +diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile +index a086197af544..f5c1bd5747f7 100644 +--- a/drivers/misc/Makefile ++++ b/drivers/misc/Makefile +@@ -59,3 +59,4 @@ obj-$(CONFIG_UACCE) += uacce/ + obj-$(CONFIG_XILINX_SDFEC) += xilinx_sdfec.o + obj-$(CONFIG_HISI_HIKEY_USB) += hisi_hikey_usb.o + obj-$(CONFIG_HI6421V600_IRQ) += hi6421v600-irq.o ++obj-y += arm/ +diff --git a/drivers/misc/arm/Kconfig b/drivers/misc/arm/Kconfig +new file mode 100644 +index 000000000000..3c4b3f08e6b4 +--- /dev/null ++++ b/drivers/misc/arm/Kconfig +@@ -0,0 +1,5 @@ ++config EXTSYS_CTRL ++ tristate "Arm External System control driver" ++ help ++ Say y here to enable support for external system control ++ driver for the Arm Corstone-700 and Corstone1000 platform +\ No newline at end of file +diff --git a/drivers/misc/arm/Makefile b/drivers/misc/arm/Makefile +new file mode 100644 +index 000000000000..1ca3084cf8a0 +--- /dev/null ++++ b/drivers/misc/arm/Makefile +@@ -0,0 +1 @@ ++obj-$(CONFIG_EXTSYS_CTRL) += extsys_ctrl.o +diff --git a/drivers/misc/arm/extsys_ctrl.c b/drivers/misc/arm/extsys_ctrl.c +new file mode 100644 +index 000000000000..1c6ef14a32ae +--- /dev/null ++++ b/drivers/misc/arm/extsys_ctrl.c +@@ -0,0 +1,151 @@ ++// SPDX-License-Identifier: GPL-2.0 ++/* ++ * Arm Corstone700 and Corstone1000 external system reset control driver ++ * ++ * Copyright (C) 2019 Arm Ltd. ++ * ++ */ ++ ++#include <linux/fs.h> ++#include <linux/clk.h> ++#include <linux/err.h> ++#include <linux/interrupt.h> ++#include <linux/io.h> ++#include <linux/kernel.h> ++#include <linux/mod_devicetable.h> ++#include <linux/module.h> ++#include <linux/platform_device.h> ++#include <linux/miscdevice.h> ++#include <linux/init.h> ++ ++#define EXTSYS_DRV_NAME "extsys_ctrl" ++#define EXTSYS_MAX_DEVS 4 ++ ++#define EXTSYS_RST_SIZE U(0x8) ++#define EXTSYS_RST_CTRL_OFF U(0x0) ++#define EXTSYS_RST_ST_OFF U(0x4) ++ ++/* External system reset control indexes */ ++#define EXTSYS_CPU_WAIT (0x0) ++#define EXTSYS_RST_REQ (0x1) ++ ++/* External system reset status masks */ ++#define EXTSYS_RST_ST_ACK_OFF U(0x1) ++ ++/* No Reset Requested */ ++#define EXTSYS_RST_ST_ACK_NRR (0x0 << EXTSYS_RST_ST_ACK_OFF) ++ ++/* Reset Request Complete */ ++#define EXTSYS_RST_ST_ACK_RRC (0x2 << EXTSYS_RST_ST_ACK_OFF) ++ ++/* Reset Request Unable to Complete */ ++#define EXTSYS_RST_ST_ACK_RRUC (0x3 << EXTSYS_RST_ST_ACK_OFF) ++ ++/* IOCTL commands */ ++#define EXTSYS_CPU_WAIT_DISABLE 0x0 ++#define EXTSYS_RESET_REQ_ENABLE 0x1 ++ ++struct extsys_ctrl { ++ struct miscdevice miscdev; ++ void __iomem *reset_reg; ++ void __iomem *set_reg; ++}; ++ ++#define CLEAR_BIT(addr, index) writel(readl(addr) & ~(1UL << index), addr) ++#define SET_BIT(addr, index) writel(readl(addr) | (1UL << index), addr) ++ ++static long extsys_ctrl_ioctl(struct file *f, unsigned int cmd, ++ unsigned long arg) ++{ ++ struct extsys_ctrl *extsys; ++ ++ extsys = container_of(f->private_data, struct extsys_ctrl, miscdev); ++ ++ switch (cmd) { ++ case EXTSYS_CPU_WAIT_DISABLE: ++ CLEAR_BIT(extsys->reset_reg, EXTSYS_CPU_WAIT); ++ break; ++ case EXTSYS_RESET_REQ_ENABLE: ++ SET_BIT(extsys->reset_reg, EXTSYS_RST_REQ); ++ break; ++ default: ++ break; ++ } ++ ++ return 0; ++} ++ ++static const struct file_operations extsys_ctrl_fops = { ++ .owner = THIS_MODULE, ++ .unlocked_ioctl = extsys_ctrl_ioctl, ++}; ++ ++static int extsys_ctrl_probe(struct platform_device *pdev) ++{ ++ struct device *dev = &pdev->dev; ++ struct extsys_ctrl *extsys; ++ struct resource *res; ++ void __iomem *reset_reg; ++ void __iomem *set_reg; ++ int ret; ++ ++ res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "rstreg"); ++ reset_reg = devm_ioremap_resource(dev, res); ++ if (IS_ERR(reset_reg)) ++ return PTR_ERR(reset_reg); ++ ++ res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "streg"); ++ set_reg = devm_ioremap_resource(dev, res); ++ if (IS_ERR(set_reg)) ++ return PTR_ERR(set_reg); ++ ++ extsys = devm_kzalloc(dev, sizeof(*extsys), GFP_KERNEL); ++ if (!extsys) ++ return -ENOMEM; ++ ++ extsys->reset_reg = reset_reg; ++ extsys->set_reg = set_reg; ++ ++ extsys->miscdev.minor = MISC_DYNAMIC_MINOR; ++ extsys->miscdev.name = EXTSYS_DRV_NAME; ++ extsys->miscdev.fops = &extsys_ctrl_fops; ++ extsys->miscdev.parent = dev; ++ ++ ret = misc_register(&extsys->miscdev); ++ if (ret) ++ return ret; ++ ++ dev_info(dev, "external system controller ready\n"); ++ ++ return 0; ++} ++ ++static int extsys_ctrl_remove(struct platform_device *pdev) ++{ ++ struct extsys_ctrl *extsys = dev_get_drvdata(&pdev->dev); ++ ++ misc_deregister(&extsys->miscdev); ++ ++ return 0; ++} ++ ++static const struct of_device_id extsys_ctrl_match[] = { ++ { .compatible = "arm,extsys_ctrl" }, ++ { }, ++}; ++MODULE_DEVICE_TABLE(of, extsys_ctrl_match); ++ ++static struct platform_driver extsys_ctrl_driver = { ++ .driver = { ++ .name = EXTSYS_DRV_NAME, ++ .of_match_table = extsys_ctrl_match, ++ }, ++ .probe = extsys_ctrl_probe, ++ .remove = extsys_ctrl_remove, ++}; ++module_platform_driver(extsys_ctrl_driver); ++ ++MODULE_LICENSE("GPL v2"); ++MODULE_DESCRIPTION("Arm External System Control Driver"); ++MODULE_AUTHOR("Morten Borup Petersen"); ++MODULE_AUTHOR("Rui Miguel Silva <rui.silva@arm.com>"); +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0003-Add-rpsmg-driver-for-corstone1000.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0003-Add-rpsmg-driver-for-corstone1000.patch new file mode 100644 index 0000000000..d88acfc0f6 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0003-Add-rpsmg-driver-for-corstone1000.patch @@ -0,0 +1,222 @@ +Upstream-Status: Pending [Not submitted to upstream yet] +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> + +From e683c37ee51717e625c8a598056cf4bb1bdadcbc Mon Sep 17 00:00:00 2001 +From: Emekcan <emekcan.aras@arm.com> +Date: Wed, 17 Aug 2022 14:21:42 +0100 +Subject: [PATCH] Add rpsmg driver for corstone1000 + +Adds rpsmg driver to communicate with external +system in corstone1000 platform. + +Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> +--- + drivers/rpmsg/Kconfig | 10 ++ + drivers/rpmsg/Makefile | 1 + + drivers/rpmsg/rpmsg_arm_mailbox.c | 164 ++++++++++++++++++++++ + 3 files changed, 175 insertions(+) + create mode 100644 drivers/rpmsg/rpmsg_arm_mailbox.c + +diff --git a/drivers/rpmsg/Kconfig b/drivers/rpmsg/Kconfig +index 0b4407abdf13..c276bd17bffe 100644 +--- a/drivers/rpmsg/Kconfig ++++ b/drivers/rpmsg/Kconfig +@@ -73,4 +73,14 @@ config RPMSG_VIRTIO + select RPMSG_NS + select VIRTIO + ++config RPMSG_ARM ++ tristate "ARM RPMSG driver" ++ select RPMSG ++ depends on HAS_IOMEM ++ depends on MAILBOX ++ help ++ Say y here to enable support for rpmsg lient driver which is built ++ around mailbox client using Arm MHUv2.1 as physical medium.This ++ driver enables communication which remote processor using MHU. ++ + endmenu +diff --git a/drivers/rpmsg/Makefile b/drivers/rpmsg/Makefile +index 8d452656f0ee..34e9c146cd64 100644 +--- a/drivers/rpmsg/Makefile ++++ b/drivers/rpmsg/Makefile +@@ -1,5 +1,6 @@ + # SPDX-License-Identifier: GPL-2.0 + obj-$(CONFIG_RPMSG) += rpmsg_core.o ++obj-$(CONFIG_RPMSG_ARM) += rpmsg_arm_mailbox.o + obj-$(CONFIG_RPMSG_CHAR) += rpmsg_char.o + obj-$(CONFIG_RPMSG_NS) += rpmsg_ns.o + obj-$(CONFIG_RPMSG_MTK_SCP) += mtk_rpmsg.o +diff --git a/drivers/rpmsg/rpmsg_arm_mailbox.c b/drivers/rpmsg/rpmsg_arm_mailbox.c +new file mode 100644 +index 000000000000..4a80102669f6 +--- /dev/null ++++ b/drivers/rpmsg/rpmsg_arm_mailbox.c +@@ -0,0 +1,164 @@ ++// SPDX-License-Identifier: GPL-2.0 ++/* ++ * rpmsg client driver using mailbox client interface ++ * ++ * Copyright (C) 2019 ARM Ltd. ++ * ++ */ ++ ++#include <linux/bitmap.h> ++#include <linux/export.h> ++#include <linux/io.h> ++#include <linux/kernel.h> ++#include <linux/ktime.h> ++#include <linux/mailbox_client.h> ++#include <linux/module.h> ++#include <linux/of_address.h> ++#include <linux/of_device.h> ++#include <linux/processor.h> ++#include <linux/semaphore.h> ++#include <linux/slab.h> ++#include <linux/rpmsg.h> ++#include "rpmsg_internal.h" ++#include <linux/mailbox/arm_mhuv2_message.h> ++ ++#define RPMSG_NAME "arm_rpmsg" ++#define RPMSG_ADDR_ANY 0xFFFFFFFF ++ ++struct arm_channel { ++ struct rpmsg_endpoint ept; ++ struct mbox_client cl; ++ struct mbox_chan *mbox; ++}; ++ ++#define arm_channel_from_rpmsg(_ept) container_of(_ept, struct arm_channel, ept) ++#define arm_channel_from_mbox(_ept) container_of(_ept, struct arm_channel, cl) ++ ++ ++static void arm_msg_rx_handler(struct mbox_client *cl, void *mssg) ++{ ++ struct arm_mhuv2_mbox_msg *msg = mssg; ++ struct arm_channel* channel = arm_channel_from_mbox(cl); ++ int err = channel->ept.cb(channel->ept.rpdev, msg->data, 4, channel->ept.priv, RPMSG_ADDR_ANY); ++ if(err) { ++ printk("ARM Mailbox: Endpoint callback failed with error: %d", err); ++ } ++} ++ ++ ++static void arm_destroy_ept(struct rpmsg_endpoint *ept) ++{ ++ struct arm_channel *channel = arm_channel_from_rpmsg(ept); ++ mbox_free_channel(channel->mbox); ++ kfree(channel); ++} ++ ++static int arm_send(struct rpmsg_endpoint *ept, void *data, int len) ++{ ++ struct arm_channel *channel = arm_channel_from_rpmsg(ept); ++ ++ mbox_send_message(channel->mbox, data); ++ return 0; ++} ++ ++static int arm_sendto(struct rpmsg_endpoint *ept, void *data, int len, u32 dest) ++{ ++ struct arm_mhuv2_mbox_msg msg; ++ struct arm_channel *channel = arm_channel_from_rpmsg(ept); ++ msg.data = data; ++ msg.len = len; ++ mbox_send_message(channel->mbox, &msg); ++ return 0; ++} ++ ++ ++static const struct rpmsg_endpoint_ops arm_endpoint_ops = { ++ .destroy_ept = arm_destroy_ept, ++ .send = arm_send, ++ .sendto = arm_sendto, ++}; ++ ++ ++static struct rpmsg_endpoint *arm_create_ept(struct rpmsg_device *rpdev, ++ rpmsg_rx_cb_t cb, void *priv, struct rpmsg_channel_info chinfo) ++{ ++ struct arm_channel *channel; ++ ++ channel = kzalloc(sizeof(*channel), GFP_KERNEL); ++ ++ // Initialize rpmsg endpoint ++ kref_init(&channel->ept.refcount); ++ channel->ept.rpdev = rpdev; ++ channel->ept.cb = cb; ++ channel->ept.priv = priv; ++ channel->ept.ops = &arm_endpoint_ops; ++ ++ // Initialize mailbox client ++ channel->cl.dev = rpdev->dev.parent; ++ channel->cl.rx_callback = arm_msg_rx_handler; ++ channel->cl.tx_done = NULL; /* operate in blocking mode */ ++ channel->cl.tx_block = true; ++ channel->cl.tx_tout = 500; /* by half a second */ ++ channel->cl.knows_txdone = false; /* depending upon protocol */ ++ ++ channel->mbox = mbox_request_channel_byname(&channel->cl, chinfo.name); ++ if (IS_ERR_OR_NULL(channel->mbox)) { ++ printk("RPMsg ARM: Cannot get channel by name: '%s'\n", chinfo.name); ++ return -1; ++ } ++ ++ return &channel->ept; ++} ++ ++static const struct rpmsg_device_ops arm_device_ops = { ++ .create_ept = arm_create_ept, ++}; ++ ++ ++static void arm_release_device(struct device *dev) ++{ ++ struct rpmsg_device *rpdev = to_rpmsg_device(dev); ++ ++ kfree(rpdev); ++} ++ ++ ++static int client_probe(struct platform_device *pdev) ++{ ++ struct device *dev = &pdev->dev; ++ struct rpmsg_device *rpdev; ++ ++ rpdev = kzalloc(sizeof(*rpdev), GFP_KERNEL); ++ if (!rpdev) ++ return -ENOMEM; ++ ++ /* Assign callbacks for rpmsg_device */ ++ rpdev->ops = &arm_device_ops; ++ ++ /* Assign public information to the rpmsg_device */ ++ memcpy(rpdev->id.name, RPMSG_NAME, strlen(RPMSG_NAME)); ++ ++ rpdev->dev.parent = dev; ++ rpdev->dev.release = arm_release_device; ++ ++ return rpmsg_chrdev_register_device(rpdev); ++} ++ ++static const struct of_device_id client_of_match[] = { ++ { .compatible = "arm,client", .data = NULL }, ++ { /* Sentinel */ }, ++}; ++ ++static struct platform_driver client_driver = { ++ .driver = { ++ .name = "arm-mhu-client", ++ .of_match_table = client_of_match, ++ }, ++ .probe = client_probe, ++}; ++ ++module_platform_driver(client_driver); ++ ++MODULE_LICENSE("GPL v2"); ++MODULE_DESCRIPTION("ARM RPMSG Driver"); ++MODULE_AUTHOR("Tushar Khandelwal <tushar.khandelwal@arm.com>"); +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig index 5f0a7e9198..3fe7a03877 100644 --- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig @@ -10,7 +10,6 @@ CONFIG_ARCH_VEXPRESS=y CONFIG_CMDLINE="console=ttyAMA0 loglevel=9" CONFIG_EFI=y # CONFIG_SUSPEND is not set -CONFIG_ARM_FFA_TRANSPORT=y CONFIG_EFI_BOOTLOADER_CONTROL=y CONFIG_EFI_CAPSULE_LOADER=y CONFIG_EFI_TEST=y @@ -92,3 +91,9 @@ CONFIG_LIBCRC32C=y CONFIG_DEBUG_FS=y CONFIG_PANIC_TIMEOUT=5 CONFIG_STACKTRACE=y +CONFIG_EXTSYS_CTRL=y +CONFIG_MAILBOX=y +CONFIG_ARM_MHU_V2=y +CONFIG_RPMSG=y +CONFIG_RPMSG_CHAR=y +CONFIG_RPMSG_ARM=y diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc index 7bb4a92556..0d1017ac2d 100644 --- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc @@ -32,6 +32,7 @@ KCONFIG_MODE:corstone500 = "--alldefconfig" # Corstone1000 KMACHINE # FILESEXTRAPATHS:prepend:corstone1000 := "${ARMBSPFILESPATHS}" +FILESEXTRAPATHS:prepend:corstone1000 := "${ARMFILESPATHS}" COMPATIBLE_MACHINE:corstone1000 = "${MACHINE}" KCONFIG_MODE:corstone1000 = "--alldefconfig" KMACHINE:corstone1000 = "corstone1000" @@ -41,6 +42,8 @@ KERNEL_EXTRA_ARGS:corstone1000 += "CONFIG_INITRAMFS_COMPRESSION_NONE=y" SRC_URI:append:corstone1000 = " \ file://defconfig \ file://0001-UPSTREAM-firmware-arm_ffa-Handle-compatibility-with-.patch \ + file://0002-Add-external-system-driver.patch \ + file://0003-Add-rpsmg-driver-for-corstone1000.patch \ " SRC_URI:append:corstone1000 = " ${@bb.utils.contains('MACHINE_FEATURES', \ diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch index a75ca247dc..e1cbb80919 100644 --- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch @@ -1,11 +1,7 @@ -Upstream-Status: Inappropriate [Workaround] -Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com> - -From 949ba3f12ec1f3177a82a9228dc402ab5d8c9d60 Mon Sep 17 00:00:00 2001 +From f88153a427046f92d52694708adc5ee0eefa8d55 Mon Sep 17 00:00:00 2001 From: Manoj Kumar <manoj.kumar3@arm.com> Date: Mon, 1 Feb 2021 21:36:43 +0530 -Subject: [PATCH 1/5] iommu/arm-smmu-v3: workaround for ATC_INV_SIZE_ALL in - N1SDP +Subject: [PATCH] iommu/arm-smmu-v3: workaround for ATC_INV_SIZE_ALL in N1SDP ATC_INV_SIZE_ALL request should automatically translate to ATS address which is not happening in SMMUv3 version gone into @@ -15,16 +11,19 @@ field to proper value for ATC_INV_SIZE_ALL command. Change-Id: If89465be94720a62be85e1e6612f17e93fa9b8a5 Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com> Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com> + +Upstream-Status: Inappropriate [Workaround] +Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com> --- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 1 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h | 1 + 2 files changed, 2 insertions(+) diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c -index a388e318f86e..ceca576b0bf6 100644 +index 79edfdca6607..ded17e199ee4 100644 --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c -@@ -1724,6 +1724,7 @@ arm_smmu_atc_inv_to_cmd(int ssid, unsigned long iova, size_t size, +@@ -1725,6 +1725,7 @@ arm_smmu_atc_inv_to_cmd(int ssid, unsigned long iova, size_t size, }; if (!size) { @@ -44,6 +43,3 @@ index 4cb136f07914..5615ffd24e46 100644 struct { u32 sid; u32 ssid; --- -2.17.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch index a6284098b1..b4e2a8c50c 100644 --- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch @@ -1,26 +1,26 @@ -Upstream-Status: Inappropriate [will not be submitted as its a workaround to address hardware issue] -Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com> - -From e47ab593ee36b2480f8c2196722cded42749629a Mon Sep 17 00:00:00 2001 +From 478d96ce8a4d30ef80975271a2ad89a77012c1b8 Mon Sep 17 00:00:00 2001 From: Manoj Kumar <manoj.kumar3@arm.com> Date: Tue, 31 Aug 2021 16:15:38 +0000 -Subject: [PATCH 2/5] n1sdp: pci_quirk: add acs override for PCI devices +Subject: [PATCH] n1sdp: pci_quirk: add acs override for PCI devices Patch taken from: https://gitlab.com/Queuecumber/linux-acs-override/raw/master/workspaces/5.4/acso.patch Change-Id: Ib926bf50524ce9990fbaa2f2f8670fe84bd571f9 Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com> + +Upstream-Status: Inappropriate [will not be submitted as its a workaround to address hardware issue] +Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com> --- .../admin-guide/kernel-parameters.txt | 8 ++ drivers/pci/quirks.c | 102 ++++++++++++++++++ 2 files changed, 110 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt -index 43dc35fe5bc0..a60e454854d7 100644 +index 4445baac48c1..ee90aeeb1dbb 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -3892,6 +3892,14 @@ +@@ -3935,6 +3935,14 @@ nomsi [MSI] If the PCI_MSI kernel config parameter is enabled, this kernel boot option can be used to disable the use of MSI interrupts system-wide. @@ -36,10 +36,10 @@ index 43dc35fe5bc0..a60e454854d7 100644 Safety option to keep boot IRQs enabled. This should never be necessary. diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c -index 4537d1ea14fd..984f30d25a6d 100644 +index a531064233f9..ebe192134a97 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c -@@ -3588,6 +3588,107 @@ static void quirk_no_bus_reset(struct pci_dev *dev) +@@ -3600,6 +3600,107 @@ static void quirk_no_bus_reset(struct pci_dev *dev) dev->dev_flags |= PCI_DEV_FLAGS_NO_BUS_RESET; } @@ -147,7 +147,7 @@ index 4537d1ea14fd..984f30d25a6d 100644 /* * Some NVIDIA GPU devices do not work with bus reset, SBR needs to be * prevented for those affected devices. -@@ -4949,6 +5050,7 @@ static const struct pci_dev_acs_enabled { +@@ -4968,6 +5069,7 @@ static const struct pci_dev_acs_enabled { { PCI_VENDOR_ID_NXP, 0x8d9b, pci_quirk_nxp_rp_acs }, /* Zhaoxin Root/Downstream Ports */ { PCI_VENDOR_ID_ZHAOXIN, PCI_ANY_ID, pci_quirk_zhaoxin_pcie_ports_acs }, @@ -155,6 +155,3 @@ index 4537d1ea14fd..984f30d25a6d 100644 { 0 } }; --- -2.17.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0003-pcie-Add-quirk-for-the-Arm-Neoverse-N1SDP-platform.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0003-pcie-Add-quirk-for-the-Arm-Neoverse-N1SDP-platform.patch index f0184a0b15..4ffe347a17 100644 --- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0003-pcie-Add-quirk-for-the-Arm-Neoverse-N1SDP-platform.patch +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0003-pcie-Add-quirk-for-the-Arm-Neoverse-N1SDP-platform.patch @@ -1,10 +1,7 @@ -Upstream-Status: Inappropriate [will not be submitted as its a workaround to address hardware issue] -Signed-off-by: Deepak Pandey <Deepak.Pandey@arm.com> - -From 63ee3a71eeb778a632f5683f3b9e404a70760e75 Mon Sep 17 00:00:00 2001 +From 4877796976647a24a3a9102facd0577586f5ac9a Mon Sep 17 00:00:00 2001 From: Deepak Pandey <Deepak.Pandey@arm.com> Date: Fri, 31 May 2019 16:42:43 +0100 -Subject: [PATCH 3/5] pcie: Add quirk for the Arm Neoverse N1SDP platform +Subject: [PATCH] pcie: Add quirk for the Arm Neoverse N1SDP platform The Arm N1SDP SoC suffers from some PCIe integration issues, most prominently config space accesses to not existing BDFs being answered @@ -27,6 +24,9 @@ Signed-off-by: Deepak Pandey <Deepak.Pandey@arm.com> Signed-off-by: Sudipto Paul <sudipto.paul@arm.com> [Andre: fix coding style issues, rewrite some parts, add DT support] Signed-off-by: Andre Przywara <andre.przywara@arm.com> + +Upstream-Status: Inappropriate [will not be submitted as its a workaround to address hardware issue] +Signed-off-by: Deepak Pandey <Deepak.Pandey@arm.com> --- arch/arm64/configs/defconfig | 1 + drivers/acpi/pci_mcfg.c | 7 + @@ -38,10 +38,10 @@ Signed-off-by: Andre Przywara <andre.przywara@arm.com> create mode 100644 drivers/pci/controller/pcie-n1sdp.c diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig -index 545197bc0501..57ae850ccdf0 100644 +index c27d0fed2ce2..70ed38cecee9 100644 --- a/arch/arm64/configs/defconfig +++ b/arch/arm64/configs/defconfig -@@ -212,6 +212,7 @@ CONFIG_NFC_NCI=m +@@ -209,6 +209,7 @@ CONFIG_NFC_NCI=m CONFIG_NFC_S3FWRN5_I2C=m CONFIG_PCI=y CONFIG_PCIEPORTBUS=y @@ -50,23 +50,23 @@ index 545197bc0501..57ae850ccdf0 100644 CONFIG_PCI_PASID=y CONFIG_HOTPLUG_PCI=y diff --git a/drivers/acpi/pci_mcfg.c b/drivers/acpi/pci_mcfg.c -index 53cab975f612..f31727da21ac 100644 +index 63b98eae5e75..67c34e6c24a7 100644 --- a/drivers/acpi/pci_mcfg.c +++ b/drivers/acpi/pci_mcfg.c -@@ -169,6 +169,13 @@ static struct mcfg_fixup mcfg_quirks[] = { - ALTRA_ECAM_QUIRK(1, 13), - ALTRA_ECAM_QUIRK(1, 14), - ALTRA_ECAM_QUIRK(1, 15), -+ +@@ -152,6 +152,13 @@ static struct mcfg_fixup mcfg_quirks[] = { + XGENE_V2_ECAM_MCFG(4, 1), + XGENE_V2_ECAM_MCFG(4, 2), + +#define N1SDP_ECAM_MCFG(rev, seg, ops) \ + {"ARMLTD", "ARMN1SDP", rev, seg, MCFG_BUS_ANY, ops } + + /* N1SDP SoC with v1 PCIe controller */ + N1SDP_ECAM_MCFG(0x20181101, 0, &pci_n1sdp_pcie_ecam_ops), + N1SDP_ECAM_MCFG(0x20181101, 1, &pci_n1sdp_ccix_ecam_ops), - }; ++ + #define ALTRA_ECAM_QUIRK(rev, seg) \ + { "Ampere", "Altra ", rev, seg, MCFG_BUS_ANY, &pci_32b_read_ops } - static char mcfg_oem_id[ACPI_OEM_ID_SIZE]; diff --git a/drivers/pci/controller/Kconfig b/drivers/pci/controller/Kconfig index 326f7d13024f..f9700d037c46 100644 --- a/drivers/pci/controller/Kconfig @@ -318,6 +318,3 @@ index adea5a4771cf..e6bbc037cef8 100644 #endif #if IS_ENABLED(CONFIG_PCI_HOST_COMMON) --- -2.17.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0004-n1sdp-pcie-add-quirk-support-enabling-remote-chip-PC.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0004-n1sdp-pcie-add-quirk-support-enabling-remote-chip-PC.patch index c15b464c73..bd88fa4995 100644 --- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0004-n1sdp-pcie-add-quirk-support-enabling-remote-chip-PC.patch +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0004-n1sdp-pcie-add-quirk-support-enabling-remote-chip-PC.patch @@ -1,10 +1,7 @@ -Upstream-Status: Inappropriate [will not be submitted as its an hack required to fix the hardware issue] -Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com> - -From 4d69e38213bf52a48f2f0239da8c7b76501428b2 Mon Sep 17 00:00:00 2001 +From 7a5147f51f2eb80ecb6f62a28b8bd86aa5ceebf7 Mon Sep 17 00:00:00 2001 From: Sayanta Pattanayak <sayanta.pattanayak@arm.com> Date: Wed, 9 Feb 2022 20:37:43 +0530 -Subject: [PATCH 4/5] n1sdp: pcie: add quirk support enabling remote chip PCIe +Subject: [PATCH] n1sdp: pcie: add quirk support enabling remote chip PCIe Base address mapping for remote chip Root PCIe ECAM space. @@ -19,6 +16,9 @@ Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com> Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com> Signed-off-by: Andre Przywara <andre.przywara@arm.com> Signed-off-by: sahil <sahil@arm.com> + +Upstream-Status: Inappropriate [will not be submitted as its an hack required to fix the hardware issue] +Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com> --- drivers/acpi/pci_mcfg.c | 1 + drivers/pci/controller/pcie-n1sdp.c | 32 +++++++++++++++++++++++++---- @@ -26,17 +26,17 @@ Signed-off-by: sahil <sahil@arm.com> 3 files changed, 30 insertions(+), 4 deletions(-) diff --git a/drivers/acpi/pci_mcfg.c b/drivers/acpi/pci_mcfg.c -index f31727da21ac..58f59b5fffa2 100644 +index 67c34e6c24a7..4584a5a2ca20 100644 --- a/drivers/acpi/pci_mcfg.c +++ b/drivers/acpi/pci_mcfg.c -@@ -176,6 +176,7 @@ static struct mcfg_fixup mcfg_quirks[] = { +@@ -158,6 +158,7 @@ static struct mcfg_fixup mcfg_quirks[] = { /* N1SDP SoC with v1 PCIe controller */ N1SDP_ECAM_MCFG(0x20181101, 0, &pci_n1sdp_pcie_ecam_ops), N1SDP_ECAM_MCFG(0x20181101, 1, &pci_n1sdp_ccix_ecam_ops), + N1SDP_ECAM_MCFG(0x20181101, 2, &pci_n1sdp_remote_pcie_ecam_ops), - }; - static char mcfg_oem_id[ACPI_OEM_ID_SIZE]; + #define ALTRA_ECAM_QUIRK(rev, seg) \ + { "Ampere", "Altra ", rev, seg, MCFG_BUS_ANY, &pci_32b_read_ops } diff --git a/drivers/pci/controller/pcie-n1sdp.c b/drivers/pci/controller/pcie-n1sdp.c index 408699b9dcb1..a03665dd056a 100644 --- a/drivers/pci/controller/pcie-n1sdp.c @@ -121,17 +121,14 @@ index 408699b9dcb1..a03665dd056a 100644 { .compatible = "arm,n1sdp-pcie", .data = &pci_n1sdp_pcie_ecam_ops }, { }, diff --git a/include/linux/pci-ecam.h b/include/linux/pci-ecam.h -index e6bbc037cef8..7bd8c1d702ee 100644 +index e6bbc037cef8..d936d3f14bce 100644 --- a/include/linux/pci-ecam.h +++ b/include/linux/pci-ecam.h -@@ -89,6 +89,7 @@ extern const struct pci_ecam_ops al_pcie_ops; /* Amazon Annapurna Labs PCIe */ - extern const struct pci_ecam_ops tegra194_pcie_ops; /* Tegra194 PCIe */ - extern const struct pci_ecam_ops pci_n1sdp_pcie_ecam_ops; /* Arm N1SDP PCIe */ +@@ -91,6 +91,7 @@ extern const struct pci_ecam_ops pci_n1sdp_pcie_ecam_ops; /* Arm N1SDP PCIe */ extern const struct pci_ecam_ops pci_n1sdp_ccix_ecam_ops; /* Arm N1SDP PCIe */ -+extern const struct pci_ecam_ops pci_n1sdp_remote_pcie_ecam_ops; /* Arm N1SDP PCIe */ #endif ++extern const struct pci_ecam_ops pci_n1sdp_remote_pcie_ecam_ops; /* Arm N1SDP PCIe */ #if IS_ENABLED(CONFIG_PCI_HOST_COMMON) --- -2.17.1 - + /* for DT-based PCI controllers that support ECAM */ + int pci_host_common_probe(struct platform_device *pdev); diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0005-arm64-kpti-Whitelist-early-Arm-Neoverse-N1-revisions.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0005-arm64-kpti-Whitelist-early-Arm-Neoverse-N1-revisions.patch index 040408615a..b89c59878a 100644 --- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0005-arm64-kpti-Whitelist-early-Arm-Neoverse-N1-revisions.patch +++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0005-arm64-kpti-Whitelist-early-Arm-Neoverse-N1-revisions.patch @@ -1,10 +1,7 @@ -Upstream-Status: Inappropriate -Signed-off-by: Andre Przywara <andre.przywara@arm.com> - -From d20f5afffadcdbaca7032f547cce80720d8a414a Mon Sep 17 00:00:00 2001 +From 85581abbfc7e3df12091c5004788b0729cfd99f1 Mon Sep 17 00:00:00 2001 From: Andre Przywara <andre.przywara@arm.com> Date: Fri, 17 May 2019 17:39:27 +0100 -Subject: [PATCH 5/5] arm64: kpti: Whitelist early Arm Neoverse N1 revisions +Subject: [PATCH] arm64: kpti: Whitelist early Arm Neoverse N1 revisions Early revisions (r1p0) of the Neoverse N1 core did not feature the CSV3 field in ID_AA64PFR0_EL1 to advertise they are not affected by @@ -13,15 +10,18 @@ the Spectre variant 3 (aka Meltdown) vulnerability. Add this particular revision to the whitelist to avoid enabling KPTI. Signed-off-by: Andre Przywara <andre.przywara@arm.com> + +Upstream-Status: Inappropriate +Signed-off-by: Andre Przywara <andre.przywara@arm.com> --- arch/arm64/kernel/cpufeature.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c -index 6ec7036ef7e1..ceba98773608 100644 +index 3e52a9e8b50b..2e64bc4689a0 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c -@@ -1509,6 +1509,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, +@@ -1530,6 +1530,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_2XX_SILVER), MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_3XX_SILVER), MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_SILVER), @@ -29,6 +29,3 @@ index 6ec7036ef7e1..ceba98773608 100644 { /* sentinel */ } }; char const *str = "kpti command line option"; --- -2.17.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/0006-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/0006-allow-setting-sysroot-for-libgcc-lookup.patch new file mode 100644 index 0000000000..b838335e6a --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/0006-allow-setting-sysroot-for-libgcc-lookup.patch @@ -0,0 +1,35 @@ +From 4b2c1a31efe0c5514ae27e696e75659b55e41259 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Tue, 26 May 2020 14:38:02 -0500 +Subject: [PATCH] allow setting sysroot for libgcc lookup + +Explicitly pass the new variable LIBGCC_LOCATE_CFLAGS variable when searching +for the compiler libraries as there's no easy way to reliably pass --sysroot +otherwise. + +Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188] +Signed-off-by: Ross Burton <ross.burton@arm.com> + +--- + mk/gcc.mk | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/mk/gcc.mk b/mk/gcc.mk +index adc77a24..81bfa78a 100644 +--- a/mk/gcc.mk ++++ b/mk/gcc.mk +@@ -13,11 +13,11 @@ nostdinc$(sm) := -nostdinc -isystem $(shell $(CC$(sm)) \ + -print-file-name=include 2> /dev/null) + + # Get location of libgcc from gcc +-libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \ ++libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \ + -print-libgcc-file-name 2> /dev/null) +-libstdc++$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ ++libstdc++$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ + -print-file-name=libstdc++.a 2> /dev/null) +-libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ ++libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \ + -print-file-name=libgcc_eh.a 2> /dev/null) + + # Define these to something to discover accidental use diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/0007-allow-setting-sysroot-for-clang.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/0007-allow-setting-sysroot-for-clang.patch new file mode 100644 index 0000000000..d5e3694886 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/0007-allow-setting-sysroot-for-clang.patch @@ -0,0 +1,30 @@ +From 992bed8a62c75aab034fe53d6329fa7c15cf06ee Mon Sep 17 00:00:00 2001 +From: Brett Warren <brett.warren@arm.com> +Date: Wed, 23 Sep 2020 09:27:34 +0100 +Subject: [PATCH] optee: enable clang support + +When compiling with clang, the LIBGCC_LOCATE_CFLAG variable used +to provide a sysroot wasn't included, which results in not locating +compiler-rt. This is mitigated by including the variable as ammended. + +Upstream-Status: Pending +ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701 +Signed-off-by: Brett Warren <brett.warren@arm.com> + +--- + mk/clang.mk | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/mk/clang.mk b/mk/clang.mk +index 0f48c836..47465523 100644 +--- a/mk/clang.mk ++++ b/mk/clang.mk +@@ -27,7 +27,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \ + + # Note, use the compiler runtime library (libclang_rt.builtins.*.a) instead of + # libgcc for clang +-libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \ ++libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \ + -rtlib=compiler-rt -print-libgcc-file-name 2> /dev/null) + + # Core ASLR relies on the executable being ready to run from its preferred load diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/0008-no-warn-rwx-segments.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/0008-no-warn-rwx-segments.patch new file mode 100644 index 0000000000..404822825b --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/0008-no-warn-rwx-segments.patch @@ -0,0 +1,65 @@ +From 3126adccaf9c9dc669bb7e1f96326c03da4b570d Mon Sep 17 00:00:00 2001 +From: Jerome Forissier <jerome.forissier@linaro.org> +Date: Fri, 5 Aug 2022 09:48:03 +0200 +Subject: [PATCH] core: link: add --no-warn-rwx-segments + +Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> +Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474] + +binutils ld.bfd generates one RWX LOAD segment by merging several sections +with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it +also warns by default when that happens [1], which breaks the build due to +--fatal-warnings. The RWX segment is not a problem for the TEE core, since +that information is not used to set memory permissions. Therefore, silence +the warning. + +Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 +Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448 +Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com> +Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> +Acked-by: Jens Wiklander <jens.wiklander@linaro.org> + +--- + core/arch/arm/kernel/link.mk | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk +index 69375ad6..bea239cf 100644 +--- a/core/arch/arm/kernel/link.mk ++++ b/core/arch/arm/kernel/link.mk +@@ -17,6 +17,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map + link-ldflags += --sort-section=alignment + link-ldflags += --fatal-warnings + link-ldflags += --gc-sections ++link-ldflags += $(call ld-option,--no-warn-rwx-segments) + + link-ldadd = $(LDADD) + link-ldadd += $(libdeps) +@@ -37,6 +38,7 @@ link-script-cppflags := \ + $(cppflagscore)) + + ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \ ++ $(call ld-option,--no-warn-rwx-segments) \ + $(link-objs) $(link-ldadd) $(libgcccore) + cleanfiles += $(link-out-dir)/all_objs.o + $(link-out-dir)/all_objs.o: $(objs) $(libdeps) $(MAKEFILE_LIST) +@@ -49,7 +51,8 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o + $(q)$(NMcore) $< | \ + $(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@ + +-unpaged-ldargs = -T $(link-script-dummy) --no-check-sections --gc-sections ++unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ ++ $(call ld-option,--no-warn-rwx-segments) + unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore) + cleanfiles += $(link-out-dir)/unpaged.o + $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt +@@ -77,7 +80,8 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o + $(q)$(NMcore) $< | \ + $(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@ + +-init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections ++init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ ++ $(call ld-option,--no-warn-rwx-segments) + init-ldadd := $(link-objs-init) $(link-out-dir)/version.o $(link-ldadd) \ + $(libgcccore) + cleanfiles += $(link-out-dir)/init.o diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-plat-corstone1000-add-corstone1000-platform.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-plat-corstone1000-add-corstone1000-platform.patch deleted file mode 100644 index 7666486d7e..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-plat-corstone1000-add-corstone1000-platform.patch +++ /dev/null @@ -1,201 +0,0 @@ -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Arpita S.K <arpita.s.k@arm.com> - -From 439a87df6a9f60f2b29afd988ad58a67e6f0b603 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Tue, 22 Jun 2021 22:09:28 +0100 -Subject: [PATCH] plat-corstone1000: add corstone1000 platform - -These changes are to add corstone1000 platform to optee core - -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - -diff --git a/core/arch/arm/plat-corstone1000/conf.mk b/core/arch/arm/plat-corstone1000/conf.mk -new file mode 100644 -index 00000000..b14dd442 ---- /dev/null -+++ b/core/arch/arm/plat-corstone1000/conf.mk -@@ -0,0 +1,37 @@ -+PLATFORM_FLAVOR ?= mps3 -+ -+$(call force,CFG_HWSUPP_MEM_PERM_WXN,y) -+$(call force,CFG_HWSUPP_MEM_PERM_PXN,y) -+$(call force,CFG_ENABLE_SCTLR_RR,n) -+$(call force,CFG_ENABLE_SCTLR_Z,n) -+ -+arm64-platform-cpuarch := cortex-a35 -+arm64-platform-cflags += -mcpu=$(arm64-platform-cpuarch) -+arm64-platform-aflags += -mcpu=$(arm64-platform-cpuarch) -+platform-flavor-armv8 := 1 -+ -+$(call force,CFG_GIC,y) -+$(call force,CFG_PL011,y) -+$(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,y) -+ -+$(call force,CFG_ARM64_core,y) -+ -+CFG_WITH_STATS ?= y -+ -+CFG_WITH_ARM_TRUSTED_FW ?= y -+CFG_WITH_LPAE ?=y -+ -+CFG_TEE_CORE_NB_CORE = 1 -+CFG_TZDRAM_START ?= 0x02002000 -+CFG_TZDRAM_SIZE ?= 0x000FE000 -+CFG_TEE_RAM_VA_SIZE ?= 0x00AF000 -+CFG_SHMEM_START ?= 0x86000000 -+CFG_SHMEM_SIZE ?= 0x00200000 -+ -+CFG_DDR_SIZE ?= 0x80000000 -+CFG_DT_ADDR ?= 0x82100000 -+CFG_DTB_MAX_SIZE ?= 0x100000 -+ -+$(call force,CFG_PSCI_ARM64,y) -+$(call force,CFG_DT,y) -+$(call force,CFG_EXTERNAL_DTB_OVERLAY,y) -diff --git a/core/arch/arm/plat-corstone1000/main.c b/core/arch/arm/plat-corstone1000/main.c -new file mode 100644 -index 00000000..35d89535 ---- /dev/null -+++ b/core/arch/arm/plat-corstone1000/main.c -@@ -0,0 +1,77 @@ -+// SPDX-License-Identifier: BSD-2-Clause -+/* -+ * Copyright (c) 2020, Linaro Limited -+ */ -+ -+#include <arm64.h> -+#include <console.h> -+#include <drivers/gic.h> -+#include <drivers/pl011.h> -+#include <drivers/tzc400.h> -+#include <initcall.h> -+#include <keep.h> -+#include <kernel/boot.h> -+#include <kernel/interrupt.h> -+#include <kernel/misc.h> -+#include <kernel/panic.h> -+#include <kernel/tee_time.h> -+#include <mm/core_memprot.h> -+#include <mm/core_mmu.h> -+#include <platform_config.h> -+#include <sm/psci.h> -+#include <stdint.h> -+#include <string.h> -+#include <trace.h> -+ -+static struct gic_data gic_data __nex_bss; -+static struct pl011_data console_data __nex_bss; -+ -+register_phys_mem_pgdir(MEM_AREA_IO_SEC, CONSOLE_UART_BASE, PL011_REG_SIZE); -+#ifdef DRAM0_BASE -+register_ddr(DRAM0_BASE, DRAM0_SIZE); -+#endif -+ -+#ifdef GIC_BASE -+register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICD_BASE, GIC_DIST_REG_SIZE); -+register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICC_BASE, GIC_DIST_REG_SIZE); -+ -+void main_init_gic(void) -+{ -+ vaddr_t gicc_base; -+ vaddr_t gicd_base; -+ -+ gicc_base = core_mmu_get_va(GICC_BASE, MEM_AREA_IO_SEC); -+ gicd_base = core_mmu_get_va(GICD_BASE, MEM_AREA_IO_SEC); -+ -+ if (!gicc_base || !gicd_base) -+ panic(); -+ -+ /* Initialize GIC */ -+ gic_init(&gic_data, gicc_base, gicd_base); -+ itr_init(&gic_data.chip); -+ -+} -+ -+void main_secondary_init_gic(void) -+{ -+ gic_cpu_init(&gic_data); -+} -+ -+void itr_core_handler(void) -+{ -+ gic_it_handle(&gic_data); -+} -+#endif -+ -+void console_init(void) -+{ -+ pl011_init(&console_data, CONSOLE_UART_BASE, CONSOLE_UART_CLK_IN_HZ, -+ CONSOLE_BAUDRATE); -+ register_serial_console(&console_data.chip); -+} -+ -+void ffa_secondary_cpu_boot_req(vaddr_t secondary_ep, uint64_t cookie) -+{ -+ DMSG("This is single core platform\n"); -+} -+ -diff --git a/core/arch/arm/plat-corstone1000/platform_config.h b/core/arch/arm/plat-corstone1000/platform_config.h -new file mode 100644 -index 00000000..cfee6fa4 ---- /dev/null -+++ b/core/arch/arm/plat-corstone1000/platform_config.h -@@ -0,0 +1,46 @@ -+/* SPDX-License-Identifier: BSD-2-Clause */ -+/* -+ * Copyright (c) 2020, Linaro Limited -+ */ -+ -+#ifndef PLATFORM_CONFIG_H -+#define PLATFORM_CONFIG_H -+ -+#include <mm/generic_ram_layout.h> -+#include <stdint.h> -+ -+/* Make stacks aligned to data cache line length */ -+#define STACK_ALIGNMENT 64 -+ -+ -+#define GIC_BASE 0x1c000000 -+#define UART0_BASE 0x1a510000 -+#define UART1_BASE 0x1a520000 -+ -+#define CONSOLE_UART_BASE UART1_BASE -+ -+#define DRAM0_BASE 0x80000000 -+#define DRAM0_SIZE 0x7f000000 -+ -+#define GICD_OFFSET 0x10000 -+#define GICC_OFFSET 0x2f000 -+ -+#ifdef GIC_BASE -+#define GICD_BASE (GIC_BASE + GICD_OFFSET) -+#define GICC_BASE (GIC_BASE + GICC_OFFSET) -+#endif -+ -+#ifndef UART_BAUDRATE -+#define UART_BAUDRATE 115200 -+#endif -+#ifndef CONSOLE_BAUDRATE -+#define CONSOLE_BAUDRATE UART_BAUDRATE -+#endif -+ -+#ifndef SYS_COUNTER_FREQ_IN_TICKS -+#define SYS_COUNTER_FREQ_IN_TICKS UL(50000000) /* 32MHz */ -+#endif -+ -+#define CONSOLE_UART_CLK_IN_HZ UL(50000000) /* 32MHz*/ -+ -+#endif /*PLATFORM_CONFIG_H*/ -diff --git a/core/arch/arm/plat-corstone1000/sub.mk b/core/arch/arm/plat-corstone1000/sub.mk -new file mode 100644 -index 00000000..8ddc2fd4 ---- /dev/null -+++ b/core/arch/arm/plat-corstone1000/sub.mk -@@ -0,0 +1,2 @@ -+global-incdirs-y += . -+srcs-y += main.c --- -2.17.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch deleted file mode 100644 index ea60fee297..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch +++ /dev/null @@ -1,30 +0,0 @@ -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Arpita S.K <arpita.s.k@arm.com> - -From dbaf7a11e686d362eb09e63841eb718ea777dd03 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Wed, 1 Sep 2021 16:46:42 +0100 -Subject: [PATCH] plat-corstone1000: reserve 3MB CVM memory for optee - -optee requires 3MB CVM memory to include SecurePartition's into -it's image - -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - -diff --git a/core/arch/arm/plat-corstone1000/conf.mk b/core/arch/arm/plat-corstone1000/conf.mk -index b14dd442..7a4aa13c 100644 ---- a/core/arch/arm/plat-corstone1000/conf.mk -+++ b/core/arch/arm/plat-corstone1000/conf.mk -@@ -23,8 +23,7 @@ CFG_WITH_LPAE ?=y - - CFG_TEE_CORE_NB_CORE = 1 - CFG_TZDRAM_START ?= 0x02002000 --CFG_TZDRAM_SIZE ?= 0x000FE000 --CFG_TEE_RAM_VA_SIZE ?= 0x00AF000 -+CFG_TZDRAM_SIZE ?= 0x300000 # OPTEE CODE + DATA +TA_RAM = 3MB - CFG_SHMEM_START ?= 0x86000000 - CFG_SHMEM_SIZE ?= 0x00200000 - --- -2.17.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0003-plat-corstone1000-add-a-rule-in-Makefile-to-SP_MAKEF.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0003-plat-corstone1000-add-a-rule-in-Makefile-to-SP_MAKEF.patch deleted file mode 100644 index 9aec829c67..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0003-plat-corstone1000-add-a-rule-in-Makefile-to-SP_MAKEF.patch +++ /dev/null @@ -1,38 +0,0 @@ -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - -From 327290faefe16440c4975c9539b11d43c92bcf48 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Thu, 25 Nov 2021 06:20:48 +0000 -Subject: [PATCH] plat-corstone1000: add a rule in Makefile to SP_MAKEFILE_PATH - -This change is to provide an option to user to include -secure manifest into optee-os Makefile so that the secure -partition is part of optee-os image - -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - -diff --git a/Makefile b/Makefile -index f6fcea8b..21722939 100644 ---- a/Makefile -+++ b/Makefile -@@ -18,6 +18,16 @@ unexport MAKEFILE_LIST - # nonzero status). Useful since a few recipes use shell redirection. - .DELETE_ON_ERROR: - -+# include secure partition make file and manifest file -+ifdef CFG_SP_MKFILE_PATH -+ifdef CFG_EMBED_DTB_SOURCE_FILE -+include $(CFG_SP_MKFILE_PATH) -+$(info Loading secure partitions manifest ${CFG_EMBED_DTB_SOURCE_FILE}) -+CFG_EMBED_DTB_SOURCE_FILE :=${CFG_EMBED_DTB_SOURCE_FILE} -+OPTEE_OS_COMMON_EXTRA_FLAGS+=${CFG_EMBED_DTB_SOURCE_FILE} -+endif -+endif -+ - include mk/checkconf.mk - - .PHONY: all --- -2.17.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0004-plat-corstone1000-increase-OPTEE-core-heap-size.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0004-plat-corstone1000-increase-OPTEE-core-heap-size.patch deleted file mode 100644 index 42babb16f5..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0004-plat-corstone1000-increase-OPTEE-core-heap-size.patch +++ /dev/null @@ -1,29 +0,0 @@ -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - -From 5fdf7792ead29784718d30d8a8a5383a994e2fef Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Thu, 2 Dec 2021 12:51:11 +0000 -Subject: [PATCH] plat-corstone1000: increase OPTEE core heap size - -This change is to increase optee core heap size to 131072 -from its default value to fit openAMP and smm-gateway -in SEL0 - -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - -diff --git a/core/arch/arm/plat-corstone1000/conf.mk b/core/arch/arm/plat-corstone1000/conf.mk -index 7a4aa13c..65d652a4 100644 ---- a/core/arch/arm/plat-corstone1000/conf.mk -+++ b/core/arch/arm/plat-corstone1000/conf.mk -@@ -31,6 +31,7 @@ CFG_DDR_SIZE ?= 0x80000000 - CFG_DT_ADDR ?= 0x82100000 - CFG_DTB_MAX_SIZE ?= 0x100000 - -+CFG_CORE_HEAP_SIZE ?= 131072 - $(call force,CFG_PSCI_ARM64,y) - $(call force,CFG_DT,y) - $(call force,CFG_EXTERNAL_DTB_OVERLAY,y) --- -2.17.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0005-Fix-add-missing-error-check-during-SP-init.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0005-Fix-add-missing-error-check-during-SP-init.patch deleted file mode 100644 index 852067bc2f..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0005-Fix-add-missing-error-check-during-SP-init.patch +++ /dev/null @@ -1,40 +0,0 @@ -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - -From 4617f85b70c7e4206b244f3eaffdc62ac3744a17 Mon Sep 17 00:00:00 2001 -From: Jelle Sels <jelle.sels@arm.com> -Date: Mon, 10 May 2021 11:37:23 +0200 -Subject: [PATCH] Fix: add missing error check during SP init - -Error checking during SP initialization (sp_init_uuid()) was lacking. -As a result an out of CORE HEAP situation resulted in a panic. This was -due to lack of memory in the inflate() function of zlib. - -Signed-off-by: Jelle Sels <jelle.sels@arm.com> -Change-Id: I287e2e2dd507feb45991b32ed264b3b6ad6fcd39 - -diff --git a/core/arch/arm/kernel/sp.c b/core/arch/arm/kernel/sp.c -index 4acbc2e2..23532a01 100644 ---- a/core/arch/arm/kernel/sp.c -+++ b/core/arch/arm/kernel/sp.c -@@ -383,10 +383,14 @@ static TEE_Result __attribute__((unused)) sp_init_uuid(const TEE_UUID *uuid) - cancel_req_to, - ¶m); - -- args.a0 = sp_get_session(sess->id)->sp_regs.x[0]; -- sp_thread(sess->id, FFA_NW_ID, &args); -+ if (res == TEE_SUCCESS) { -+ args.a0 = sp_get_session(sess->id)->sp_regs.x[0]; -+ sp_thread(sess->id, FFA_NW_ID, &args); - -- thread_spmc_msg_recv(&args, sess->id); -+ thread_spmc_msg_recv(&args, sess->id); -+ } else { -+ EMSG("SP initialization failed, try increasing CFG_CORE_HEAP_SIZE"); -+ } - - return res; - } --- -2.25.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/sp_manifest_combined_se.dts b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/sp_manifest_combined_se.dts deleted file mode 100644 index b09018eee5..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/sp_manifest_combined_se.dts +++ /dev/null @@ -1,62 +0,0 @@ -/* -* Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -* -* SPDX-License-Identifier: BSD-3-Clause -*/ - -/dts-v1/; - -/ { - se-proxy{ - compatible = "arm,ffa-manifest-1.0"; - ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */ - uuid = <0x46bb39d1 0xb4d945b5 0x88ff0400 0x27dab249>; - description = "SE Proxy"; - execution-ctx-count = <1>; - exception-level = <1>; /* S-EL0 */ - execution-state = <0>; /* AArch64 */ - xlat-granule = <0>; /* 4KiB */ - messaging-method = <0>; /* Direct messaging only */ - device-regions { - compatible = "arm,ffa-manifest-device-regions"; - mhu-sender { - /* Armv8 A Foundation Platform values */ - base-address = <0x00000000 0x1b820000>; - pages-count = <16>; - attributes = <0x3>; /* read-write */ - }; - mhu-receiver { - /* Armv8 A Foundation Platform values */ - base-address = <0x00000000 0x1b830000>; - pages-count = <16>; - attributes = <0x3>; /* read-write */ - }; - openamp-virtio { - /* Armv8 A Foundation Platform values */ - base-address = <0x00000000 0x88000000>; - pages-count = <256>; - attributes = <0x3>; /* read-write */ - }; - }; - }; - smm-gateway{ - compatible = "arm,ffa-manifest-1.0"; - ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */ - uuid = <0xed32d533 0x99e64209 0x9cc02d72 0xcdd998a7>; - description = "SMM Gateway"; - execution-ctx-count = <1>; - exception-level = <1>; /* S-EL0 */ - execution-state = <0>; /* AArch64 */ - xlat-granule = <0>; /* 4KiB */ - messaging-method = <0>; /* Direct messaging only */ - device-regions { - compatible = "arm,ffa-manifest-device-regions"; - mm-comm-buffer { - /* Armv8 A Foundation Platform values */ - base-address = <0x00000000 0x02000000>; - pages-count = <1>; - attributes = <0x3>; /* read-write */ - }; - }; - }; -}; diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0001-WIP-Enable-managed-exit.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0001-WIP-Enable-managed-exit.patch index 3a21b39a38..0f0a76e4f1 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0001-WIP-Enable-managed-exit.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0001-WIP-Enable-managed-exit.patch @@ -1,7 +1,7 @@ -From 14b84786e85483bf3c737ef8b392204e307c0ff1 Mon Sep 17 00:00:00 2001 +From 34db1357ab3192f18629ceadf4ea33b948513fec Mon Sep 17 00:00:00 2001 From: Olivier Deprez <olivier.deprez@arm.com> Date: Mon, 16 Nov 2020 10:14:02 +0100 -Subject: [PATCH] WIP: Enable managed exit +Subject: [PATCH 1/2] WIP: Enable managed exit This change declares OP-TEE SP as supporting managed exit in response to a NS interrupt triggering while the SWd runs. @@ -27,14 +27,14 @@ Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com> core/arch/arm/kernel/boot.c | 12 ++++++++++++ core/arch/arm/kernel/thread_a64.S | 11 ++++++++++- core/arch/arm/kernel/thread_spmc.c | 11 +++++++++++ - .../arm/plat-totalcompute/fdts/optee_sp_manifest.dts | 2 +- - 4 files changed, 34 insertions(+), 2 deletions(-) + .../arm/plat-totalcompute/fdts/optee_sp_manifest.dts | 1 + + 4 files changed, 34 insertions(+), 1 deletion(-) diff --git a/core/arch/arm/kernel/boot.c b/core/arch/arm/kernel/boot.c -index 09c1b811..d130107f 100644 +index f173384d..466c042e 100644 --- a/core/arch/arm/kernel/boot.c +++ b/core/arch/arm/kernel/boot.c -@@ -1279,6 +1279,18 @@ static void init_secondary_helper(unsigned long nsec_entry) +@@ -1350,6 +1350,18 @@ static void init_secondary_helper(unsigned long nsec_entry) init_vfp_sec(); init_vfp_nsec(); @@ -54,10 +54,10 @@ index 09c1b811..d130107f 100644 } diff --git a/core/arch/arm/kernel/thread_a64.S b/core/arch/arm/kernel/thread_a64.S -index 3e0f5115..63bf396a 100644 +index d6baee4d..1b0c8f37 100644 --- a/core/arch/arm/kernel/thread_a64.S +++ b/core/arch/arm/kernel/thread_a64.S -@@ -904,6 +904,14 @@ END_FUNC el0_sync_abort +@@ -1087,6 +1087,14 @@ END_FUNC el0_sync_abort bl dcache_op_louis ic iallu #endif @@ -72,7 +72,7 @@ index 3e0f5115..63bf396a 100644 /* * Mark current thread as suspended */ -@@ -1021,8 +1029,9 @@ LOCAL_FUNC elx_irq , : +@@ -1204,8 +1212,9 @@ LOCAL_FUNC elx_irq , : #endif END_FUNC elx_irq @@ -84,10 +84,10 @@ index 3e0f5115..63bf396a 100644 #else native_intr_handler fiq diff --git a/core/arch/arm/kernel/thread_spmc.c b/core/arch/arm/kernel/thread_spmc.c -index bd7930e7..89ff82bc 100644 +index ea9e8f03..15577e7e 100644 --- a/core/arch/arm/kernel/thread_spmc.c +++ b/core/arch/arm/kernel/thread_spmc.c -@@ -1394,6 +1394,17 @@ static TEE_Result spmc_init(void) +@@ -1518,6 +1518,17 @@ static TEE_Result spmc_init(void) my_endpoint_id = spmc_get_id(); DMSG("My endpoint ID %#x", my_endpoint_id); @@ -104,21 +104,19 @@ index bd7930e7..89ff82bc 100644 + return TEE_SUCCESS; } - #endif /*CFG_CORE_SEL2_SPMC*/ + #endif /* !defined(CFG_CORE_SEL1_SPMC) */ diff --git a/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts b/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts -index 4b8b3681..04847c4d 100644 +index 0bfe33f3..00cfa5b2 100644 --- a/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts +++ b/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts -@@ -23,7 +23,8 @@ - entrypoint-offset = <0x1000>; +@@ -24,6 +24,7 @@ xlat-granule = <0>; /* 4KiB */ boot-order = <0>; -- messaging-method = <0>; /* Direct messaging only */ -+ messaging-method = <3>; /* Direct request/response supported */ + messaging-method = <0x3>; /* Direct request/response supported */ + managed-exit; /* Managed exit supported */ - + device-regions { compatible = "arm,ffa-manifest-device-regions"; -- -2.29.2 +2.34.1 diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0002-ffa-Update-function-ID-according-to-FFA-v1.1-spec.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0002-ffa-Update-function-ID-according-to-FFA-v1.1-spec.patch deleted file mode 100644 index 44138cbecb..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0002-ffa-Update-function-ID-according-to-FFA-v1.1-spec.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 3a240f6b6c58d70471fd0752b8854c43c7c4df72 Mon Sep 17 00:00:00 2001 -From: Usama Arif <usama.arif@arm.com> -Date: Wed, 11 Aug 2021 11:00:52 +0100 -Subject: [PATCH 2/2] ffa: Update function ID according to FFA v1.1 spec - -This updates function ID FFA_SECONDARY_EP_REGISTER_64. - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Usama Arif <usama.arif@arm.com> ---- - core/arch/arm/include/ffa.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/core/arch/arm/include/ffa.h b/core/arch/arm/include/ffa.h -index 20a009ca..b0d68173 100644 ---- a/core/arch/arm/include/ffa.h -+++ b/core/arch/arm/include/ffa.h -@@ -69,7 +69,7 @@ - #define FFA_MEM_RECLAIM U(0x84000077) - #define FFA_MEM_FRAG_RX U(0x8400007A) - #define FFA_MEM_FRAG_TX U(0x8400007B) --#define FFA_SECONDARY_EP_REGISTER_64 U(0xC4000084) -+#define FFA_SECONDARY_EP_REGISTER_64 U(0xC4000087) - - /* Special value for traffic targeted to the Hypervisor or SPM */ - #define FFA_TARGET_INFO_MBZ U(0x0) --- -2.17.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0002-plat-totalcompute-fix-TZDRAM-start-and-size.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0002-plat-totalcompute-fix-TZDRAM-start-and-size.patch new file mode 100644 index 0000000000..ff7f513357 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0002-plat-totalcompute-fix-TZDRAM-start-and-size.patch @@ -0,0 +1,50 @@ +From 35dba075593cb32c62b881e7763fcf0ea37908f7 Mon Sep 17 00:00:00 2001 +From: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com> +Date: Mon, 23 May 2022 11:32:41 +0100 +Subject: [PATCH 2/2] plat-totalcompute: fix TZDRAM start and size + +- Fix TZDRAM_SIZE in TC platform +- For CFG_CORE_SEL2_SPMC, manifest size is increased from 0x1000 to + 0x4000 for boot protocol support. + +Upstream-Status: Pending [Not submitted to upstream yet] + +Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com> +Change-Id: Iff19c498e9edae961f469604d69419c1a32145f5 +--- + core/arch/arm/plat-totalcompute/conf.mk | 5 +++-- + core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts | 2 +- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/core/arch/arm/plat-totalcompute/conf.mk b/core/arch/arm/plat-totalcompute/conf.mk +index b39ac0f0..2f6c0ee1 100644 +--- a/core/arch/arm/plat-totalcompute/conf.mk ++++ b/core/arch/arm/plat-totalcompute/conf.mk +@@ -32,8 +32,9 @@ ifeq ($(CFG_CORE_SEL1_SPMC),y) + CFG_TZDRAM_START ?= 0xfd000000 + CFG_TZDRAM_SIZE ?= 0x02000000 + else ifeq ($(CFG_CORE_SEL2_SPMC),y) +-CFG_TZDRAM_START ?= 0xfd281000 +-CFG_TZDRAM_SIZE ?= 0x01d7f000 ++CFG_TZDRAM_START ?= 0xfd284000 ++# TZDRAM size 0x1980000 - 0x4000 manifest size ++CFG_TZDRAM_SIZE ?= 0x0197c000 + else + CFG_TZDRAM_START ?= 0xff000000 + CFG_TZDRAM_SIZE ?= 0x01000000 +diff --git a/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts b/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts +index 00cfa5b2..56e69f37 100644 +--- a/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts ++++ b/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts +@@ -20,7 +20,7 @@ + exception-level = <2>; /* S-EL1 */ + execution-state = <0>; /* AARCH64 */ + load-address = <0xfd280000>; +- entrypoint-offset = <0x1000>; ++ entrypoint-offset = <0x4000>; + xlat-granule = <0>; /* 4KiB */ + boot-order = <0>; + messaging-method = <0x3>; /* Direct request/response supported */ +-- +2.34.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0003-Fix-optee-UUID.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0003-Fix-optee-UUID.patch deleted file mode 100644 index 5374c02138..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0003-Fix-optee-UUID.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 37fd6f3c18015bcad2c099bf9269e72140e55557 Mon Sep 17 00:00:00 2001 -From: Davidson K <davidson.kumaresan@arm.com> -Date: Wed, 12 Jan 2022 17:14:03 +0530 -Subject: [PATCH] Fix optee UUID - -Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/commit/a9a8e483b6ff7f6e40c5ed95310a18e0bd1993c3#diff-2a310f8cc43d961b2efc05ac1619521653ba8977ff5e6dc5bb89754fd60fe954] -Signed-off-by: Davidson K <davidson.kumaresan@arm.com> ---- - core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts b/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts -index 04847c4d..3b76fc7d 100644 ---- a/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts -+++ b/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts -@@ -14,7 +14,7 @@ - /* Properties */ - description = "op-tee"; - ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */ -- uuid = <0x486178e0 0xe7f811e3 0xbc5e0002 0xa5d5c51b>; -+ uuid = <0xe0786148 0xe311f8e7 0x02005ebc 0x1bc5d5a5>; - id = <1>; - execution-ctx-count = <8>; - exception-level = <2>; /* S-EL1 */ --- -2.17.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0004-plat-totalcompute-add-support-for-higher-DRAM.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0004-plat-totalcompute-add-support-for-higher-DRAM.patch deleted file mode 100644 index 293ea7d0ce..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0004-plat-totalcompute-add-support-for-higher-DRAM.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 7fb6d720a285b6135a9247b2adde833ea90e2549 Mon Sep 17 00:00:00 2001 -From: Usama Arif <usama.arif@arm.com> -Date: Mon, 27 Sep 2021 19:58:56 +0100 -Subject: [PATCH] plat-totalcompute: add support for higher DRAM - -The new 6GB DRAM bank starts at 0x8080000000. - -Signed-off-by: Usama Arif <usama.arif@arm.com> -Acked-by: Jens Wiklander <jens.wiklander@linaro.org> - -Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/commit/6d8430f943e091282849b188fbc0847c159e5de4] -Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com> ---- - core/arch/arm/plat-totalcompute/conf.mk | 2 ++ - core/arch/arm/plat-totalcompute/main.c | 1 + - core/arch/arm/plat-totalcompute/platform_config.h | 3 +++ - 3 files changed, 6 insertions(+) - -diff --git a/core/arch/arm/plat-totalcompute/conf.mk b/core/arch/arm/plat-totalcompute/conf.mk -index 558b7889..e894b1e1 100644 ---- a/core/arch/arm/plat-totalcompute/conf.mk -+++ b/core/arch/arm/plat-totalcompute/conf.mk -@@ -24,6 +24,8 @@ platform-cflags-debug-info = -gdwarf-2 - platform-aflags-debug-info = -gdwarf-2 - endif - -+$(call force,CFG_CORE_ARM64_PA_BITS,40) -+ - ifneq (,$(filter ${PLATFORM_FLAVOR},tc0 tc1)) - CFG_TEE_CORE_NB_CORE = 8 - -diff --git a/core/arch/arm/plat-totalcompute/main.c b/core/arch/arm/plat-totalcompute/main.c -index 42acf8dd..eab237bf 100644 ---- a/core/arch/arm/plat-totalcompute/main.c -+++ b/core/arch/arm/plat-totalcompute/main.c -@@ -27,6 +27,7 @@ register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICD_BASE, GIC_DIST_REG_SIZE); - #endif - - register_ddr(DRAM0_BASE, DRAM0_SIZE); -+register_ddr(DRAM1_BASE, DRAM1_SIZE); - - #ifndef CFG_CORE_SEL2_SPMC - void main_init_gic(void) -diff --git a/core/arch/arm/plat-totalcompute/platform_config.h b/core/arch/arm/plat-totalcompute/platform_config.h -index 4255abca..b474a899 100644 ---- a/core/arch/arm/plat-totalcompute/platform_config.h -+++ b/core/arch/arm/plat-totalcompute/platform_config.h -@@ -26,6 +26,9 @@ - #define DRAM0_BASE 0x80000000 - #define DRAM0_SIZE 0x7d000000 - -+#define DRAM1_BASE 0x8080000000ULL -+#define DRAM1_SIZE 0x180000000ULL -+ - #define TZCDRAM_BASE 0xff000000 - #define TZCDRAM_SIZE 0x01000000 - --- -2.30.2 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service new file mode 100644 index 0000000000..c273832d72 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service @@ -0,0 +1,10 @@ +[Unit] +Description=TEE Supplicant + +[Service] +User=root +EnvironmentFile=-@sysconfdir@/default/tee-supplicant +ExecStart=@sbindir@/tee-supplicant $OPTARGS + +[Install] +WantedBy=basic.target diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.sh b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.sh new file mode 100644 index 0000000000..b4d2195022 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.sh @@ -0,0 +1,46 @@ +#!/bin/sh + +# Source function library +. /etc/init.d/functions + +NAME=tee-supplicant +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DESC="OP-TEE Supplicant" + +DAEMON=@sbindir@/$NAME + +test -f $DAEMON || exit 0 + +test -f @sysconfdir@/default/$NAME && . @sysconfdir@/default/$NAME +test -f @sysconfdir@/default/rcS && . @sysconfdir@/default/rcS + +SSD_OPTIONS="--oknodo --quiet --exec $DAEMON -- -d $OPTARGS" + +set -e + +case $1 in + start) + echo -n "Starting $DESC: " + start-stop-daemon --start $SSD_OPTIONS + echo "${DAEMON##*/}." + ;; + stop) + echo -n "Stopping $DESC: " + start-stop-daemon --stop $SSD_OPTIONS + echo "${DAEMON##*/}." + ;; + restart|force-reload) + $0 stop + sleep 1 + $0 start + ;; + status) + status ${DAEMON} || exit $? + ;; + *) + echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-client_3.14.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bb index be78b88081..641fb0a0b0 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-client_3.14.0.bb +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bb @@ -1,3 +1,3 @@ -require optee-client.inc +require recipes-security/optee/optee-client.inc SRCREV = "06e1b32f6a7028e039c625b07cfc25fda0c17d53" diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc new file mode 100644 index 0000000000..1aca3a91a2 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc @@ -0,0 +1,17 @@ +SRCREV = "42f6617108fa43712652ef52f9d5b4ec5b2665f8" +PV = "3.18.0+git${SRCPV}" + +SRC_URI:remove = " \ + file://0008-no-warn-rwx-segments.patch \ + " + +COMPATIBLE_MACHINE = "corstone1000" + +OPTEEMACHINE = "corstone1000" +# Enable optee memory layout and boot logs +EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4" + +# default disable latency benchmarks (over all OP-TEE layers) +EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n" + +EXTRA_OEMAKE += " CFG_CORE_SEL1_SPMC=y CFG_CORE_FFA=y" diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-generic-tc.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-generic-tc.inc index eeaa59a056..31f1915868 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-generic-tc.inc +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-generic-tc.inc @@ -1,17 +1,10 @@ # Total Compute (tc) specific configuration for optee-os and optee-os-tadevkit -# Intermediate SHA with 3.14 baseline version -# This has TC0 and TC1 platform support -SRCREV = "e4f34e786135079160697d88212591105a65fbce" -PV = "3.14.0+git${SRCPV}" - FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/tc:" SRC_URI:append:tc = " \ file://sp_layout.json \ file://0001-WIP-Enable-managed-exit.patch \ - file://0002-ffa-Update-function-ID-according-to-FFA-v1.1-spec.patch \ - file://0003-Fix-optee-UUID.patch \ - file://0004-plat-totalcompute-add-support-for-higher-DRAM.patch \ + file://0002-plat-totalcompute-fix-TZDRAM-start-and-size.patch \ " COMPATIBLE_MACHINE = "(tc?)" diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bbappend index 6a22d47ef1..6a22d47ef1 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bbappend diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.10.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.10.0.bb new file mode 100644 index 0000000000..19beaa7c7e --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.10.0.bb @@ -0,0 +1,3 @@ +require recipes-security/optee/optee-os.inc + +SRCREV = "d1c635434c55b7d75eadf471bde04926bd1e50a7" diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend deleted file mode 100644 index 7834b64bf9..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend +++ /dev/null @@ -1,7 +0,0 @@ -# Machine specific configurations - -MACHINE_OPTEE_OS_REQUIRE ?= "" -MACHINE_OPTEE_OS_REQUIRE:corstone1000 = "optee-os_corstone1000.inc" -MACHINE_OPTEE_OS_REQUIRE:tc = "optee-os-tc.inc" - -require ${MACHINE_OPTEE_OS_REQUIRE} diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend index f80e09f82d..4b03985ac9 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend @@ -2,5 +2,7 @@ MACHINE_OPTEE_OS_REQUIRE ?= "" MACHINE_OPTEE_OS_REQUIRE:n1sdp = "optee-os-n1sdp.inc" +MACHINE_OPTEE_OS_REQUIRE:tc = "optee-os-tc.inc" +MACHINE_OPTEE_OS_REQUIRE:corstone1000 = "optee-os-corstone1000-common.inc" require ${MACHINE_OPTEE_OS_REQUIRE} diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000.inc deleted file mode 100644 index eb5f6df0b5..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000.inc +++ /dev/null @@ -1,20 +0,0 @@ -require optee-os_corstone1000_common.inc - -DEPENDS += " secure-partitions" -EXTRA_OEMAKE +="'SP_PACKAGING_METHOD=embedded'" - -TS_INSTALL_PREFIX_PATH="${RECIPE_SYSROOT}/firmware/sp/opteesp" -EXTRA_OEMAKE += "'TS_INSTALL_PREFIX=${TS_INSTALL_PREFIX_PATH}'" - -# se-proxy secure partition -SP_MKFILE_PATH="${TS_INSTALL_PREFIX}/lib/make/se-proxy.mk" - -# smm-gateway secure partition -SP_MKFILE_PATH += "${TS_INSTALL_PREFIX}/lib/make/smm-gateway.mk" - -EXTRA_OEMAKE += "'CFG_SP_MKFILE_PATH=${SP_MKFILE_PATH}'" - -EXTRA_OEMAKE += "CFG_EMBED_DTB_SOURCE_FILE=${EMBED_DTB_SOURCE_FILE}" - -SRC_URI:append = " file://sp_manifest_combined_se.dts;" -EMBED_DTB_SOURCE_FILE = "${WORKDIR}/sp_manifest_combined_se.dts" diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000_common.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000_common.inc deleted file mode 100644 index 9f372413a3..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000_common.inc +++ /dev/null @@ -1,31 +0,0 @@ -SRC_URI = "git://git.trustedfirmware.org/OP-TEE/optee_os.git;protocol=https;branch=psa-development" -SRCREV = "f9de2c9520ed97b89760cc4c99424aae440b63f4" -PV = "3.10.0+git${SRCPV}" - -DEPENDS += "python3-pycryptodomex-native dtc-native" - -FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/corstone1000:" - -SRC_URI:append = " \ - file://0001-plat-corstone1000-add-corstone1000-platform.patch \ - file://0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch \ - file://0003-plat-corstone1000-add-a-rule-in-Makefile-to-SP_MAKEF.patch \ - file://0004-plat-corstone1000-increase-OPTEE-core-heap-size.patch \ - file://0005-Fix-add-missing-error-check-during-SP-init.patch \ - " - -COMPATIBLE_MACHINE = "corstone1000" - -OPTEEMACHINE = "corstone1000" -# Enable optee memory layout and boot logs -EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4" - -# default disable latency benchmarks (over all OP-TEE layers) -EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n" - -EXTRA_OEMAKE += " CFG_CORE_SEL1_SPMC=y CFG_CORE_FFA=y" - -EXTRA_OEMAKE += " CFG_WITH_SP=y" - -EXTRA_OEMAKE += " HOST_PREFIX=${HOST_PREFIX}" -EXTRA_OEMAKE += " CROSS_COMPILE64=${HOST_PREFIX}" diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_3.10.0.bbappend index 13e109cb6a..cfc3023f2d 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_git.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_3.10.0.bbappend @@ -1,6 +1,5 @@ # Machine specific configurations MACHINE_OPTEE_SPDEVKIT_REQUIRE ?= "" -MACHINE_OPTEE_SPDEVKIT_REQUIRE:corstone1000 = "optee-spdevkit_corstone1000.inc" require ${MACHINE_OPTEE_SPDEVKIT_REQUIRE} diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_corstone1000.inc deleted file mode 100644 index 363b0ed1b0..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_corstone1000.inc +++ /dev/null @@ -1 +0,0 @@ -require optee-os_corstone1000_common.inc diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.18.0.bbappend index 490b350049..490b350049 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.18.0.bbappend diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-plat-add-corstone1000-platform-to-drivers-arm.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-plat-add-corstone1000-platform-to-drivers-arm.patch new file mode 100644 index 0000000000..3b15c7218f --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-plat-add-corstone1000-platform-to-drivers-arm.patch @@ -0,0 +1,36 @@ +From d262ab277a87c1cda4f71137f6bb963066ba6997 Mon Sep 17 00:00:00 2001 +From: Vishnu Banavath <vishnu.banavath@arm.com> +Date: Tue, 13 Sep 2022 16:46:14 +0100 +Subject: [PATCH 26/27] plat: add corstone1000 platform to drivers/arm + +This change is to add corstone1000 platform cmake. Smm gateway +uses SE proxy to route the calls for any NV storage. + +Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> +Upstream-Status: Pending [Not submitted to upstream yet] +--- + platform/providers/arm/corstone1000/platform.cmake | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + create mode 100644 platform/providers/arm/corstone1000/platform.cmake + +diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake +new file mode 100644 +index 00000000..14a9f6b0 +--- /dev/null ++++ b/platform/providers/arm/corstone1000/platform.cmake +@@ -0,0 +1,12 @@ ++#------------------------------------------------------------------------------- ++# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. ++# ++# SPDX-License-Identifier: BSD-3-Clause ++# ++# Platform definition for the corstone1000 platform. ++#------------------------------------------------------------------------------- ++ ++target_compile_definitions(${TGT} PRIVATE ++ SMM_GATEWAY_NV_STORE_SN="sn:ffa:46bb39d1-b4d9-45b5-88ff-040027dab249:1" ++) ++ +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0008-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0027-Add-MHU-driver.patch index 47ca59ff17..77be7f3573 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0008-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0027-Add-MHU-driver.patch @@ -1,57 +1,24 @@ -From 993a3c3cb08a723f5b5eb07cf38d70e9acf52e7f Mon Sep 17 00:00:00 2001 +From 9e6f16c236fbf5d8631ebc53a79c80b85042b736 Mon Sep 17 00:00:00 2001 From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 3 Dec 2021 18:00:46 +0000 -Subject: [PATCH] Implement mhu driver and the OpenAmp conversion layer. +Date: Tue, 27 Sep 2022 18:47:36 +0100 +Subject: [PATCH 27/27] Add MHU driver -This commit adds an mhu driver (v2.1 and v2) to the secure -partition se_proxy and a conversion layer to communicate with -the secure enclave using OpenAmp. +This change is to add MHU driver. This is required to communicate +between cortex-A and cortex-M -Signed-off-by: Rui Miguel Silva <rui.silva@arm.com> Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - +Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - - --- - .../se-proxy/opteesp/default_se-proxy.dts.in | 16 + .../drivers/arm/mhu_driver/component.cmake | 12 + platform/drivers/arm/mhu_driver/mhu_v2.h | 391 ++++++++++++ platform/drivers/arm/mhu_driver/mhu_v2_x.c | 602 ++++++++++++++++++ - .../providers/arm/corstone1000/platform.cmake | 10 + - 5 files changed, 1031 insertions(+) + .../providers/arm/corstone1000/platform.cmake | 3 + + 4 files changed, 1008 insertions(+) create mode 100644 platform/drivers/arm/mhu_driver/component.cmake create mode 100644 platform/drivers/arm/mhu_driver/mhu_v2.h create mode 100644 platform/drivers/arm/mhu_driver/mhu_v2_x.c - create mode 100644 platform/providers/arm/corstone1000/platform.cmake -diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in -index 9f5cf712..f351a592 100644 ---- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in -+++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in -@@ -17,5 +17,21 @@ - execution-state = <0>; /* AArch64 */ - xlat-granule = <0>; /* 4KiB */ - messaging-method = <0>; /* Direct messaging only */ -+ -+ device-regions { -+ compatible = "arm,ffa-manifest-device-regions"; -+ mhu-sender { -+ /* Armv8 A Foundation Platform values */ -+ base-address = <0x00000000 0x1b820000>; -+ pages-count = <16>; -+ attributes = <0x3>; /* read-write */ -+ }; -+ mhu-receiver { -+ /* Armv8 A Foundation Platform values */ -+ base-address = <0x00000000 0x1b830000>; -+ pages-count = <16>; -+ attributes = <0x3>; /* read-write */ -+ }; -+ }; - }; - }; diff --git a/platform/drivers/arm/mhu_driver/component.cmake b/platform/drivers/arm/mhu_driver/component.cmake new file mode 100644 index 00000000..77a5a50b @@ -1076,18 +1043,19 @@ index 00000000..01d8f659 + return MHU_V_2_X_ERR_GENERAL; +} diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake -new file mode 100644 -index 00000000..bb778bb9 ---- /dev/null +index 14a9f6b0..df9cab71 100644 +--- a/platform/providers/arm/corstone1000/platform.cmake +++ b/platform/providers/arm/corstone1000/platform.cmake -@@ -0,0 +1,10 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+# Platform definition for the 'fvp_base_revc-2xaem8a' virtual platform. -+#------------------------------------------------------------------------------- -+ +@@ -6,6 +6,9 @@ + # Platform definition for the corstone1000 platform. + #------------------------------------------------------------------------------- + +# include MHU driver +include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake) ++ + target_compile_definitions(${TGT} PRIVATE + SMM_GATEWAY_NV_STORE_SN="sn:ffa:46bb39d1-b4d9-45b5-88ff-040027dab249:1" + ) +-- +2.17.1 + diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0001-tools-cmake-common-applying-lowercase-project-conven.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0001-tools-cmake-common-applying-lowercase-project-conven.patch deleted file mode 100644 index 83c7b545c9..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0001-tools-cmake-common-applying-lowercase-project-conven.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 73c27b917e15eb04f39eedac9b79e5011e8a754f Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Sat, 13 Nov 2021 07:47:44 +0000 -Subject: [PATCH] tools/cmake/common: applying lowercase project convention - -Lowercase convention should only apply on the paths inside TS -source-code. -Host build paths should not be lowercased. Otherwise, builds -with uppercase paths will break. - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> - - ---- - tools/cmake/common/AddPlatform.cmake | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/tools/cmake/common/AddPlatform.cmake b/tools/cmake/common/AddPlatform.cmake -index ae34c6e4..31bcd8ca 100644 ---- a/tools/cmake/common/AddPlatform.cmake -+++ b/tools/cmake/common/AddPlatform.cmake -@@ -37,8 +37,8 @@ function(add_platform) - set(TGT ${MY_PARAMS_TARGET} CACHE STRING "") - - # Ensure file path conforms to lowercase project convention -- string(TOLOWER "${TS_PLATFORM_ROOT}/${TS_PLATFORM}/platform.cmake" _platdef) -- include(${_platdef}) -+ string(TOLOWER "${TS_PLATFORM}/platform.cmake" _platdef) -+ include(${TS_PLATFORM_ROOT}/${_platdef}) - set(CMAKE_CONFIGURE_DEPENDS ${_platdef}) - - unset(TGT CACHE) diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0002-fix-EARLY_TA_PATHS-env-variable.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0002-fix-EARLY_TA_PATHS-env-variable.patch deleted file mode 100644 index f56b45530c..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0002-fix-EARLY_TA_PATHS-env-variable.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 146f4dfa73aa316d611188f63e3530cffe9200af Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Sat, 13 Nov 2021 07:51:53 +0000 -Subject: [PATCH] fix EARLY_TA_PATHS env variable - -Yocto cleans up environment varaibles at build time. -EARLY_TA_PATHS should be set a separate rule for securepartitions -to be included into optee-os image - -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> - - ---- - environments/opteesp/sp.mk.in | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/environments/opteesp/sp.mk.in b/environments/opteesp/sp.mk.in -index c44ad59e..d67e2dca 100644 ---- a/environments/opteesp/sp.mk.in -+++ b/environments/opteesp/sp.mk.in -@@ -14,7 +14,8 @@ ifeq (,${@EXPORT_SP_UUID@-included}) - endif - - ifeq (embedded,${SP_PACKAGING_METHOD}) --OPTEE_OS_COMMON_EXTRA_FLAGS+=EARLY_TA_PATHS+=${TS_INSTALL_PREFIX}/opteesp/bin/@EXPORT_SP_UUID@.stripped.elf -+EARLY_TA_PATHS+=${TS_INSTALL_PREFIX}/bin/@EXPORT_SP_UUID@.stripped.elf -+OPTEE_OS_COMMON_EXTRA_FLAGS+=${EARLY_TA_PATHS} - TS_SP_DTSI_LIST+="\\n\#include \"${TS_INSTALL_PREFIX}/opteesp/manifest/@EXPORT_SP_UUID@.dtsi\"" - else ifeq (fip,${SP_PACKAGING_METHOD}) - TS_SP_JSON_LIST+=${TS_INSTALL_PREFIX}/opteesp/json/@EXPORT_SP_NAME@.json diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0003-corstone1000-port-crypto-config.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0003-corstone1000-port-crypto-config.patch deleted file mode 100644 index 3b26b77a92..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0003-corstone1000-port-crypto-config.patch +++ /dev/null @@ -1,234 +0,0 @@ -From f86f5b42d853d2a65f6753362361bbb95aac1800 Mon Sep 17 00:00:00 2001 -From: Satish Kumar <satish.kumar01@arm.com> -Date: Sat, 11 Dec 2021 11:06:57 +0000 -Subject: [PATCH] corstone1000: port crypto config - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> - -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> - -%% original patch: 0003-corstone1000-port-crypto-config.patch ---- - .../nspe/pal_crypto_config.h | 83 +++++++++++++++---- - 1 file changed, 66 insertions(+), 17 deletions(-) - -diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h -index 844cd2e..c936bdd 100755 ---- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h -+++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h -@@ -1,5 +1,5 @@ - /** @file -- * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved. -+ * Copyright (c) 2019-2020, Arm Limited or its affiliates. All rights reserved. - * SPDX-License-Identifier : Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); -@@ -34,10 +34,14 @@ - * - * Comment macros to disable the types - */ -+#ifndef TF_M_PROFILE_SMALL -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_RSA - #define ARCH_TEST_RSA_1024 - #define ARCH_TEST_RSA_2048 - #define ARCH_TEST_RSA_3072 -+#endif -+#endif - - /** - * \def ARCH_TEST_ECC -@@ -50,11 +54,17 @@ - * Requires: ARCH_TEST_ECC - * Comment macros to disable the curve - */ -+#ifndef TF_M_PROFILE_SMALL - #define ARCH_TEST_ECC - #define ARCH_TEST_ECC_CURVE_SECP192R1 -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_ECC_CURVE_SECP224R1 -+#endif - #define ARCH_TEST_ECC_CURVE_SECP256R1 -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_ECC_CURVE_SECP384R1 -+#endif -+#endif - - /** - * \def ARCH_TEST_AES -@@ -78,10 +88,10 @@ - * - * Comment macros to disable the types - */ --#define ARCH_TEST_DES --#define ARCH_TEST_DES_1KEY --#define ARCH_TEST_DES_2KEY --#define ARCH_TEST_DES_3KEY -+//#define ARCH_TEST_DES -+//#define ARCH_TEST_DES_1KEY -+//#define ARCH_TEST_DES_2KEY -+//#define ARCH_TEST_DES_3KEY - - /** - * \def ARCH_TEST_RAW -@@ -104,7 +114,7 @@ - * - * Enable the ARC4 key type. - */ --#define ARCH_TEST_ARC4 -+//#define ARCH_TEST_ARC4 - - /** - * \def ARCH_TEST_CIPHER_MODE_CTR -@@ -113,7 +123,11 @@ - * - * Requires: ARCH_TEST_CIPHER - */ -+#ifndef TF_M_PROFILE_SMALL -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_CIPHER_MODE_CTR -+#endif -+#endif - - /** - * \def ARCH_TEST_CIPHER_MODE_CFB -@@ -138,7 +152,11 @@ - * - * Requires: ARCH_TEST_CIPHER, ARCH_TEST_AES, ARCH_TEST_CIPHER_MODE_CTR - */ -+#ifndef TF_M_PROFILE_SMALL -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_CTR_AES -+#endif -+#endif - - /** - * \def ARCH_TEST_CBC_AES -@@ -157,7 +175,11 @@ - * - * Comment macros to disable the types - */ -+#ifndef TF_M_PROFILE_SMALL -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_CBC_NO_PADDING -+#endif -+#endif - - /** - * \def ARCH_TEST_CFB_AES -@@ -177,11 +199,15 @@ - * - * Comment macros to disable the types - */ -+#ifndef TF_M_PROFILE_SMALL -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_PKCS1V15 - #define ARCH_TEST_RSA_PKCS1V15_SIGN - #define ARCH_TEST_RSA_PKCS1V15_SIGN_RAW - #define ARCH_TEST_RSA_PKCS1V15_CRYPT - #define ARCH_TEST_RSA_OAEP -+#endif -+#endif - - /** - * \def ARCH_TEST_CBC_PKCS7 -@@ -190,7 +216,11 @@ - * - * Comment macros to disable the types - */ -+#ifndef TF_M_PROFILE_SMALL -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_CBC_PKCS7 -+#endif -+#endif - - /** - * \def ARCH_TEST_ASYMMETRIC_ENCRYPTION -@@ -227,21 +257,27 @@ - * - * Comment macros to disable the types - */ --// #define ARCH_TEST_MD2 --// #define ARCH_TEST_MD4 --#define ARCH_TEST_MD5 --#define ARCH_TEST_RIPEMD160 --#define ARCH_TEST_SHA1 -+//#define ARCH_TEST_MD2 -+//#define ARCH_TEST_MD4 -+//#define ARCH_TEST_MD5 -+//#define ARCH_TEST_RIPEMD160 -+//#define ARCH_TEST_SHA1 -+#ifndef TF_M_PROFILE_SMALL - #define ARCH_TEST_SHA224 -+#endif - #define ARCH_TEST_SHA256 -+#ifndef TF_M_PROFILE_SMALL -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_SHA384 - #define ARCH_TEST_SHA512 --// #define ARCH_TEST_SHA512_224 --// #define ARCH_TEST_SHA512_256 --// #define ARCH_TEST_SHA3_224 --// #define ARCH_TEST_SHA3_256 --// #define ARCH_TEST_SHA3_384 --// #define ARCH_TEST_SHA3_512 -+#endif -+#endif -+//#define ARCH_TEST_SHA512_224 -+//#define ARCH_TEST_SHA512_256 -+//#define ARCH_TEST_SHA3_224 -+//#define ARCH_TEST_SHA3_256 -+//#define ARCH_TEST_SHA3_384 -+//#define ARCH_TEST_SHA3_512 - - /** - * \def ARCH_TEST_HKDF -@@ -261,7 +297,12 @@ - * - * Comment macros to disable the types - */ -+#ifndef TF_M_PROFILE_SMALL -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_CMAC -+#endif -+#endif -+//#define ARCH_TEST_GMAC - #define ARCH_TEST_HMAC - - /** -@@ -281,7 +322,11 @@ - * Requires: ARCH_TEST_AES - * - */ -+#ifndef TF_M_PROFILE_SMALL -+#ifndef TF_M_PROFILE_MEDIUM - #define ARCH_TEST_GCM -+#endif -+#endif - - /** - * \def ARCH_TEST_TRUNCATED_MAC -@@ -300,7 +345,9 @@ - * - * Requires: ARCH_TEST_ECC - */ -+#ifndef TF_M_PROFILE_SMALL - #define ARCH_TEST_ECDH -+#endif - - /** - * \def ARCH_TEST_ECDSA -@@ -308,7 +355,9 @@ - * Enable the elliptic curve DSA library. - * Requires: ARCH_TEST_ECC - */ -+#ifndef TF_M_PROFILE_SMALL - #define ARCH_TEST_ECDSA -+#endif - - /** - * \def ARCH_TEST_DETERMINISTIC_ECDSA --- -2.25.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0003-se-proxy-dts-add-se-proxy-as-child-node.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0003-se-proxy-dts-add-se-proxy-as-child-node.patch deleted file mode 100644 index bb4fc82efb..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0003-se-proxy-dts-add-se-proxy-as-child-node.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 0ec1b3d20d612325b9c55baa2539d080eb6a72a8 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Sat, 13 Nov 2021 08:34:42 +0000 -Subject: [PATCH] se-proxy:dts: add se-proxy as child node - -se-proxy sp string should be added for se-proxy node to be -read properly. - -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> - - ---- - .../se-proxy/opteesp/default_se-proxy.dts.in | 20 ++++++++++--------- - 1 file changed, 11 insertions(+), 9 deletions(-) - -diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in -index 961071ad..9f5cf712 100644 ---- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in -+++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in -@@ -7,13 +7,15 @@ - @DTS_TAG@ - - @DTS_NODE@ { -- compatible = "arm,ffa-manifest-1.0"; -- ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */ -- uuid = <@EXPORT_SP_UUID_DT@>; -- description = "SE Proxy"; -- execution-ctx-count = <1>; -- exception-level = <1>; /* S-EL0 */ -- execution-state = <0>; /* AArch64 */ -- xlat-granule = <0>; /* 4KiB */ -- messaging-method = <0>; /* Direct messaging only */ -+ se-proxy { -+ compatible = "arm,ffa-manifest-1.0"; -+ ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */ -+ uuid = <@EXPORT_SP_UUID_DT@>; -+ description = "SE Proxy"; -+ execution-ctx-count = <1>; -+ exception-level = <1>; /* S-EL0 */ -+ execution-state = <0>; /* AArch64 */ -+ xlat-granule = <0>; /* 4KiB */ -+ messaging-method = <0>; /* Direct messaging only */ -+ }; - }; diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0004-Update-mm-comm-buffer-region-in-dts-file.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0004-Update-mm-comm-buffer-region-in-dts-file.patch deleted file mode 100644 index 9ceb176c3d..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0004-Update-mm-comm-buffer-region-in-dts-file.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 97b4f3cd0216c30c39f6ece4f68d8faf3901fded Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> -Date: Wed, 17 Nov 2021 15:31:09 +0000 -Subject: [PATCH] Update mm-comm-buffer region in dts file - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> - - ---- - .../opteesp/default_smm-gateway.dts.in | 35 ++++++++++--------- - 1 file changed, 18 insertions(+), 17 deletions(-) - -diff --git a/deployments/smm-gateway/opteesp/default_smm-gateway.dts.in b/deployments/smm-gateway/opteesp/default_smm-gateway.dts.in -index 0ad7878b..183c38a7 100644 ---- a/deployments/smm-gateway/opteesp/default_smm-gateway.dts.in -+++ b/deployments/smm-gateway/opteesp/default_smm-gateway.dts.in -@@ -7,23 +7,24 @@ - @DTS_TAG@ - - @DTS_NODE@ { -- compatible = "arm,ffa-manifest-1.0"; -- ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */ -- uuid = <@EXPORT_SP_UUID_DT@>; -- description = "SMM Gateway"; -- execution-ctx-count = <1>; -- exception-level = <1>; /* S-EL0 */ -- execution-state = <0>; /* AArch64 */ -- xlat-granule = <0>; /* 4KiB */ -- messaging-method = <0>; /* Direct messaging only */ -- -- memory-regions { -- compatible = "arm,ffa-manifest-memory-regions"; -- -- mm-comm-buffer { -- base-address = <@MM_COMM_BUFFER_ADDRESS@>; -- pages-count = <@MM_COMM_BUFFER_PAGE_COUNT@>; -- attributes = <0xb>; /* ns access-read-write */ -+ smm-gateway{ -+ compatible = "arm,ffa-manifest-1.0"; -+ ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */ -+ uuid = <@EXPORT_SP_UUID_DT@>; -+ description = "SMM Gateway"; -+ execution-ctx-count = <1>; -+ exception-level = <1>; /* S-EL0 */ -+ execution-state = <0>; /* AArch64 */ -+ xlat-granule = <0>; /* 4KiB */ -+ messaging-method = <0>; /* Direct messaging only */ -+ device-regions { -+ compatible = "arm,ffa-manifest-device-regions"; -+ mm-comm-buffer { -+ /* Armv8 A Foundation Platform values */ -+ base-address = <0x00000000 0x02000000>; -+ pages-count = <1>; -+ attributes = <0x3>; /* read-write */ -+ }; - }; - }; - }; diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0005-Configure-NV-storage-macro.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0005-Configure-NV-storage-macro.patch deleted file mode 100644 index 8d2d62bffa..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0005-Configure-NV-storage-macro.patch +++ /dev/null @@ -1,26 +0,0 @@ -From a11b23dd5f0c4124a5c6c2fcab0ea623bc76f4ba Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> -Date: Wed, 17 Nov 2021 15:32:04 +0000 -Subject: [PATCH] Configure NV storage macro - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> - - ---- - deployments/smm-gateway/smm_gateway.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/deployments/smm-gateway/smm_gateway.c b/deployments/smm-gateway/smm_gateway.c -index 4884a040..7828b3af 100644 ---- a/deployments/smm-gateway/smm_gateway.c -+++ b/deployments/smm-gateway/smm_gateway.c -@@ -13,6 +13,8 @@ - - /* Build-time default configuration */ - -+#define SMM_GATEWAY_NV_STORE_SN "sn:ffa:46bb39d1-b4d9-45b5-88ff-040027dab249:1" -+ - /* Default to using the Protected Storage SP */ - #ifndef SMM_GATEWAY_NV_STORE_SN - #define SMM_GATEWAY_NV_STORE_SN "sn:ffa:751bf801-3dde-4768-a514-0f10aeed1790:0" diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0006-Use-device-region.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0006-Use-device-region.patch deleted file mode 100644 index eba1338eb8..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0006-Use-device-region.patch +++ /dev/null @@ -1,53 +0,0 @@ -From ae22f5077d35e6acf3feb8a84a8ef7f599261b00 Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> -Date: Wed, 17 Nov 2021 15:32:46 +0000 -Subject: [PATCH] Use device region - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> - - ---- - deployments/smm-gateway/opteesp/smm_gateway_sp.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/deployments/smm-gateway/opteesp/smm_gateway_sp.c b/deployments/smm-gateway/opteesp/smm_gateway_sp.c -index 6f138850..0bc09023 100644 ---- a/deployments/smm-gateway/opteesp/smm_gateway_sp.c -+++ b/deployments/smm-gateway/opteesp/smm_gateway_sp.c -@@ -10,7 +10,7 @@ - #include <config/loader/sp/sp_config_loader.h> - #include "components/rpc/mm_communicate/endpoint/sp/mm_communicate_call_ep.h" - #include "components/service/smm_variable/frontend/mm_communicate/smm_variable_mm_service.h" --#include "platform/interface/memory_region.h" -+#include "platform/interface/device_region.h" - #include <ffa_api.h> - #include <sp_api.h> - #include <sp_messaging.h> -@@ -25,7 +25,7 @@ static int sp_init(uint16_t *own_sp_id); - - void __noreturn sp_main(struct ffa_init_info *init_info) - { -- struct memory_region mm_comm_buffer_region = { 0 }; -+ struct device_region mm_comm_buffer_region = { 0 }; - struct rpc_interface *gateway_iface = NULL; - struct smm_variable_mm_service smm_var_service = { 0 }; - struct mm_service_interface *smm_var_service_interface = NULL; -@@ -42,7 +42,7 @@ void __noreturn sp_main(struct ffa_init_info *init_info) - config_ramstore_init(); - sp_config_load(init_info); - -- if (!config_store_query(CONFIG_CLASSIFIER_MEMORY_REGION, CONFIG_NAME_MM_COMM_BUFFER_REGION, -+ if (!config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, CONFIG_NAME_MM_COMM_BUFFER_REGION, - 0, &mm_comm_buffer_region, sizeof(mm_comm_buffer_region))) { - EMSG(CONFIG_NAME_MM_COMM_BUFFER_REGION " is not set in SP configuration"); - goto fatal_error; -@@ -57,7 +57,7 @@ void __noreturn sp_main(struct ffa_init_info *init_info) - /* Initialize MM communication layer */ - if (!mm_communicate_call_ep_init(&mm_communicate_call_ep, - (void *)mm_comm_buffer_region.base_addr, -- mm_comm_buffer_region.region_size)) -+ mm_comm_buffer_region.io_region_size)) - goto fatal_error; - - /* Attach SMM variable service to MM communication layer */ diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0007-Add-openamp-to-SE-proxy-deployment.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0007-Add-openamp-to-SE-proxy-deployment.patch deleted file mode 100644 index eb51ef71b6..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0007-Add-openamp-to-SE-proxy-deployment.patch +++ /dev/null @@ -1,259 +0,0 @@ -From 90712f624c7b676e5b9a2d95cbe97d2b63fddcc9 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 3 Dec 2021 16:36:51 +0000 -Subject: [PATCH] Add openamp to SE proxy deployment - -Openamp is required to communicate between secure partitions(running on -Cortex-A) and trusted-firmware-m(running on Cortex-M). -These changes are to fetch libmetal and openamp from github repo's -and build it. - -Signed-off-by: Rui Miguel Silva <rui.silva@arm.com> -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - - ---- - deployments/se-proxy/opteesp/CMakeLists.txt | 14 ++++ - deployments/se-proxy/opteesp/lse.S | 19 +++++ - external/openamp/libmetal.cmake | 81 ++++++++++++++++++++ - external/openamp/openamp.cmake | 82 +++++++++++++++++++++ - 4 files changed, 196 insertions(+) - create mode 100644 deployments/se-proxy/opteesp/lse.S - create mode 100644 external/openamp/libmetal.cmake - create mode 100644 external/openamp/openamp.cmake - -diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt -index 4e2069a5..248bd7e3 100644 ---- a/deployments/se-proxy/opteesp/CMakeLists.txt -+++ b/deployments/se-proxy/opteesp/CMakeLists.txt -@@ -89,6 +89,7 @@ add_components(TARGET "se-proxy" - target_sources(se-proxy PRIVATE - se_proxy_sp.c - service_proxy_factory.c -+ lse.S - ) - - #------------------------------------------------------------------------------- -@@ -108,6 +109,19 @@ include(../../../external/nanopb/nanopb.cmake) - target_link_libraries(se-proxy PRIVATE nanopb::protobuf-nanopb-static) - protobuf_generate_all(TGT "se-proxy" NAMESPACE "protobuf" BASE_DIR "${TS_ROOT}/protocols") - -+# libmetal -+list(APPEND LIBMETAL_EXTERNAL_INCLUDE_PATHS ${SP_DEV_KIT_INCLUDE_DIR}) -+set(LIBMETAL_EXTRA_INCLUDE_PATHS ${LIBMETAL_EXTRA_INCLUDE_PATHS} -+ CACHE STRING "" FORCE) -+include(../../../external/openamp/libmetal.cmake) -+ -+# OpenAMP -+list(APPEND OPENAMP_EXTERNAL_INCLUDE_PATHS ${SP_DEV_KIT_INCLUDE_DIR}) -+set(OPENAMP_EXTRA_INCLUDE_PATHS ${OPENAMP_EXTRA_INCLUDE_PATHS} -+ CACHE STRING "" FORCE) -+include(../../../external/openamp/openamp.cmake) -+target_link_libraries(se-proxy PRIVATE openamp libmetal) -+ - ################################################################# - - target_compile_definitions(se-proxy PRIVATE -diff --git a/deployments/se-proxy/opteesp/lse.S b/deployments/se-proxy/opteesp/lse.S -new file mode 100644 -index 00000000..840683a6 ---- /dev/null -+++ b/deployments/se-proxy/opteesp/lse.S -@@ -0,0 +1,19 @@ -+// SPDX-License-Identifier: BSD-3-Clause -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ */ -+ -+.text -+.globl __aarch64_cas4_acq_rel -+ -+__aarch64_cas4_acq_rel: -+ mov w16, w0 -+ ldaxr w0, [x2] -+ cmp w0, w16 -+0: bne 1f -+ -+ stlxr w17, w1, [x2] -+ cbnz w17, 0b -+1: ret -+ -+ -diff --git a/external/openamp/libmetal.cmake b/external/openamp/libmetal.cmake -new file mode 100644 -index 00000000..3a647e69 ---- /dev/null -+++ b/external/openamp/libmetal.cmake -@@ -0,0 +1,81 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021 Linaro Limited -+# Copyright (c) 2021, Arm Limited. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+ -+set (LIBMETAL_URL "https://github.com/OpenAMP/libmetal.git" CACHE STRING "libmetal repository URL") -+set (LIBMETAL_INSTALL_PATH "${CMAKE_CURRENT_BINARY_DIR}/libmetal_install" CACHE PATH "libmetal installation directory") -+set (LIBMETAL_PACKAGE_PATH "${LIBMETAL_INSTALL_PATH}/libmetal/cmake" CACHE PATH "libmetal CMake package directory") -+set (LIBMETAL_TARGET_NAME "libmetal") -+set (LIBMETAL_VERSION "f252f0e007fbfb8b3a52b1d5901250ddac96baad" CACHE STRING "The version of libmetal to use") -+ -+if(NOT LIBMETAL_DEBUG) -+ set(LIBMETAL_BUILD_TYPE "Release") -+else() -+ set(LIBMETAL_BUILD_TYPE "Debug") -+endif() -+ -+include(FetchContent) -+ -+# Checking git -+find_program(GIT_COMMAND "git") -+if (NOT GIT_COMMAND) -+ message(FATAL_ERROR "Please install git") -+endif() -+ -+FetchContent_Declare( -+ libmetal -+ GIT_REPOSITORY ${LIBMETAL_URL} -+ GIT_TAG ${LIBMETAL_VERSION} -+) -+ -+# FetchContent_GetProperties exports libmetal_SOURCE_DIR and libmetal_BINARY_DIR variables -+FetchContent_GetProperties(libmetal) -+if(NOT libmetal_POPULATED) -+ message(STATUS "Fetching libmetal") -+ FetchContent_Populate(libmetal) -+endif() -+ -+# Ensure list of include paths is separated correctly -+string(REPLACE ";" "\\;" LIBMETAL_EXTERNAL_INCLUDE_PATHS "${LIBMETAL_EXTERNAL_INCLUDE_PATHS}") -+ -+#Configure the library -+execute_process(COMMAND -+ ${CMAKE_COMMAND} -+ -DCMAKE_BUILD_TYPE=${LIBMETAL_BUILD_TYPE} -+ -DCMAKE_C_COMPILER=${CMAKE_C_COMPILER} -+ -DCMAKE_C_COMPILER_ID=${CMAKE_C_COMPILER_ID} -+ -DCMAKE_TOOLCHAIN_FILE=${TS_EXTERNAL_LIB_TOOLCHAIN_FILE} -+ -DCMAKE_INSTALL_PREFIX=${LIBMETAL_INSTALL_PATH} -+ -DCMAKE_C_FLAGS_DEBUG=${CMAKE_C_FLAGS_DEBUG} -+ -DCMAKE_C_FLAGS=${CMAKE_C_FLAGS} -+ -DCMAKE_C_OUTPUT_EXTENSION=.o -+ -DCMAKE_C_COMPILER_WORKS=true -+ -DCMAKE_SYSTEM_PROCESSOR=arm -+ -DWITH_DOC=off -+ -DWITH_TESTS=off -+ -DWITH_EXAMPLES=off -+ -DWITH_DEFAULT_LOGGER=off -+ -DEXTERNAL_INCLUDE_PATHS=${LIBMETAL_EXTERNAL_INCLUDE_PATHS} -+ -DMACHINE=template -+ ${libmetal_SOURCE_DIR} -+ WORKING_DIRECTORY -+ ${libmetal_BINARY_DIR} -+) -+ -+# Build the library -+execute_process(COMMAND -+ ${CMAKE_COMMAND} --build ${libmetal_BINARY_DIR} -- install -+ RESULT_VARIABLE _exec_error -+ ) -+if (_exec_error) -+ message(FATAL_ERROR "Build step of libmetal failed with ${_exec_error}.") -+endif() -+ -+#Create an imported target to have clean abstraction in the build-system. -+add_library(libmetal STATIC IMPORTED) -+set_property(TARGET libmetal PROPERTY IMPORTED_LOCATION "${LIBMETAL_INSTALL_PATH}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}metal${CMAKE_STATIC_LIBRARY_SUFFIX}") -+set_property(TARGET libmetal PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${LIBMETAL_INSTALL_PATH}/include") -diff --git a/external/openamp/openamp.cmake b/external/openamp/openamp.cmake -new file mode 100644 -index 00000000..aae13bad ---- /dev/null -+++ b/external/openamp/openamp.cmake -@@ -0,0 +1,82 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021 Linaro Limited -+# Copyright (c) 2021, Arm Limited. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+ -+set (OPENAMP_URL "https://github.com/OpenAMP/open-amp.git" CACHE STRING "OpenAMP repository URL") -+set (OPENAMP_INSTALL_PATH "${CMAKE_CURRENT_BINARY_DIR}/openamp_install" CACHE PATH "OpenAMP installation directory") -+set (OPENAMP_PACKAGE_PATH "${OPENAMP_INSTALL_PATH}/openamp/cmake" CACHE PATH "OpenAMP CMake package directory") -+set (OPENAMP_TARGET_NAME "openamp") -+set (OPENAMP_VERSION "347397decaa43372fc4d00f965640ebde042966d" CACHE STRING "The version of openamp to use") -+ -+ -+if(NOT OPENAMP_DEBUG) -+ set(OPENAMP_BUILD_TYPE "Release") -+else() -+ set(OPENAMP_BUILD_TYPE "Debug") -+endif() -+ -+include(FetchContent) -+ -+# Checking git -+find_program(GIT_COMMAND "git") -+if (NOT GIT_COMMAND) -+ message(FATAL_ERROR "Please install git") -+endif() -+ -+FetchContent_Declare( -+ openamp -+ GIT_REPOSITORY ${OPENAMP_URL} -+ GIT_TAG ${OPENAMP_VERSION} -+) -+ -+# FetchContent_GetProperties exports openamp_SOURCE_DIR and openamp_BINARY_DIR variables -+FetchContent_GetProperties(openamp) -+if(NOT openamp_POPULATED) -+ message(STATUS "Fetching openamp") -+ FetchContent_Populate(openamp) -+endif() -+ -+# Ensure list of include paths is separated correctly -+get_target_property(_libmetal_inc libmetal INTERFACE_INCLUDE_DIRECTORIES) -+set (_openam_external_include_paths ${_libmetal_inc} ${OPENAMP_EXTERNAL_INCLUDE_PATHS}) -+string(REPLACE ";" "\\;" OPENAMP_EXTERNAL_INCLUDE_PATHS "${_openam_external_include_paths}") -+ -+#Configure the library -+execute_process(COMMAND -+ ${CMAKE_COMMAND} -+ -DCMAKE_BUILD_TYPE=${OPENAMP_BUILD_TYPE} -+ -DCMAKE_C_COMPILER=${CMAKE_C_COMPILER} -+ -DCMAKE_C_COMPILER_ID=${CMAKE_C_COMPILER_ID} -+ -DCMAKE_TOOLCHAIN_FILE=${TS_EXTERNAL_LIB_TOOLCHAIN_FILE} -+ -DCMAKE_INSTALL_PREFIX=${OPENAMP_INSTALL_PATH} -+ -DCMAKE_C_FLAGS_DEBUG=${CMAKE_C_FLAGS_DEBUG} -+ -DLIBMETAL_INCLUDE_DIR=${CMAKE_CURRENT_BINARY_DIR}/libmetal/lib/include -+ -DLIBMETAL_LIB=${CMAKE_CURRENT_BINARY_DIR}/libmetal/lib -+ -DCMAKE_C_OUTPUT_EXTENSION=.o -+ -DCMAKE_C_COMPILER_WORKS=true -+ -DCMAKE_SYSTEM_PROCESSOR=arm -+ -DEXTERNAL_INCLUDE_PATHS=${OPENAMP_EXTERNAL_INCLUDE_PATHS} -+ -DMACHINE=template -+ -DRPMSG_BUFFER_SIZE=512 -+ ${openamp_SOURCE_DIR} -+ WORKING_DIRECTORY -+ ${openamp_BINARY_DIR} -+) -+ -+# Build the library -+execute_process(COMMAND -+ ${CMAKE_COMMAND} --build ${openamp_BINARY_DIR} -- install -+ RESULT_VARIABLE _exec_error -+ ) -+if (_exec_error) -+ message(FATAL_ERROR "Build step of OpenAMP failed with ${_exec_error}.") -+endif() -+ -+#Create an imported target to have clean abstraction in the build-system. -+add_library(openamp STATIC IMPORTED) -+set_property(TARGET openamp PROPERTY IMPORTED_LOCATION "${OPENAMP_INSTALL_PATH}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}open_amp${CMAKE_STATIC_LIBRARY_SUFFIX}") -+set_property(TARGET openamp PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${OPENAMP_INSTALL_PATH}/include") diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0009-Add-openamp-rpc-caller.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0009-Add-openamp-rpc-caller.patch deleted file mode 100644 index 0f3f2c64d2..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0009-Add-openamp-rpc-caller.patch +++ /dev/null @@ -1,1197 +0,0 @@ -From a6721cc391397f5f999db84e4ebec4c20985996a Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 3 Dec 2021 19:00:54 +0000 -Subject: [PATCH] Add openamp rpc caller - -Signed-off-by: Rui Miguel Silva <rui.silva@arm.com> -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - - ---- - components/rpc/common/caller/rpc_caller.c | 10 + - components/rpc/common/interface/rpc_caller.h | 8 + - .../rpc/openamp/caller/sp/component.cmake | 15 + - .../rpc/openamp/caller/sp/openamp_caller.c | 203 +++++++ - .../rpc/openamp/caller/sp/openamp_caller.h | 43 ++ - .../rpc/openamp/caller/sp/openamp_mhu.c | 191 ++++++ - .../rpc/openamp/caller/sp/openamp_mhu.h | 19 + - .../rpc/openamp/caller/sp/openamp_virtio.c | 554 ++++++++++++++++++ - .../rpc/openamp/caller/sp/openamp_virtio.h | 24 + - deployments/se-proxy/opteesp/CMakeLists.txt | 1 + - .../se-proxy/opteesp/default_se-proxy.dts.in | 6 + - 11 files changed, 1074 insertions(+) - create mode 100644 components/rpc/openamp/caller/sp/component.cmake - create mode 100644 components/rpc/openamp/caller/sp/openamp_caller.c - create mode 100644 components/rpc/openamp/caller/sp/openamp_caller.h - create mode 100644 components/rpc/openamp/caller/sp/openamp_mhu.c - create mode 100644 components/rpc/openamp/caller/sp/openamp_mhu.h - create mode 100644 components/rpc/openamp/caller/sp/openamp_virtio.c - create mode 100644 components/rpc/openamp/caller/sp/openamp_virtio.h - -diff --git a/components/rpc/common/caller/rpc_caller.c b/components/rpc/common/caller/rpc_caller.c -index 2dceabeb..20d889c1 100644 ---- a/components/rpc/common/caller/rpc_caller.c -+++ b/components/rpc/common/caller/rpc_caller.c -@@ -37,3 +37,13 @@ void rpc_caller_end(struct rpc_caller *s, rpc_call_handle handle) - { - s->call_end(s->context, handle); - } -+ -+void *rpc_caller_virt_to_phys(struct rpc_caller *s, void *va) -+{ -+ return s->virt_to_phys(s->context, va); -+} -+ -+void *rpc_caller_phys_to_virt(struct rpc_caller *s, void *pa) -+{ -+ return s->phys_to_virt(s->context, pa); -+} -diff --git a/components/rpc/common/interface/rpc_caller.h b/components/rpc/common/interface/rpc_caller.h -index 387489cd..ef9bb649 100644 ---- a/components/rpc/common/interface/rpc_caller.h -+++ b/components/rpc/common/interface/rpc_caller.h -@@ -45,6 +45,10 @@ struct rpc_caller - rpc_opstatus_t *opstatus, uint8_t **resp_buf, size_t *resp_len); - - void (*call_end)(void *context, rpc_call_handle handle); -+ -+ void *(*virt_to_phys)(void *context, void *va); -+ -+ void *(*phys_to_virt)(void *context, void *pa); - }; - - /* -@@ -87,6 +91,10 @@ RPC_CALLER_EXPORTED rpc_status_t rpc_caller_invoke(struct rpc_caller *s, rpc_cal - */ - RPC_CALLER_EXPORTED void rpc_caller_end(struct rpc_caller *s, rpc_call_handle handle); - -+RPC_CALLER_EXPORTED void *rpc_caller_virt_to_phys(struct rpc_caller *s, void *va); -+ -+RPC_CALLER_EXPORTED void *rpc_caller_phys_to_virt(struct rpc_caller *s, void *pa); -+ - #ifdef __cplusplus - } - #endif -diff --git a/components/rpc/openamp/caller/sp/component.cmake b/components/rpc/openamp/caller/sp/component.cmake -new file mode 100644 -index 00000000..fc919529 ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/component.cmake -@@ -0,0 +1,15 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/openamp_caller.c" -+ "${CMAKE_CURRENT_LIST_DIR}/openamp_virtio.c" -+ "${CMAKE_CURRENT_LIST_DIR}/openamp_mhu.c" -+ ) -diff --git a/components/rpc/openamp/caller/sp/openamp_caller.c b/components/rpc/openamp/caller/sp/openamp_caller.c -new file mode 100644 -index 00000000..6cdfb756 ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_caller.c -@@ -0,0 +1,203 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <stddef.h> -+#include <trace.h> -+#include "openamp_caller.h" -+#include "openamp_mhu.h" -+#include "openamp_virtio.h" -+#include <protocols/rpc/common/packed-c/status.h> -+ -+#define OPENAMP_TRANSACTION_IDLE 0x0 -+#define OPENAMP_TRANSACTION_INPROGRESS 0x1 -+#define OPENAMP_TRANSACTION_INVOKED 0x2 -+ -+static rpc_call_handle openamp_call_begin(void *context, uint8_t **req_buf, -+ size_t req_len) -+{ -+ struct openamp_caller *openamp = context; -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ rpc_call_handle handle; -+ int ret; -+ -+ if (!req_buf) { -+ EMSG("openamp: call_begin: not req_buf"); -+ return NULL; -+ } -+ -+ if (req_len > UINT32_MAX || req_len == 0) { -+ EMSG("openamp: call_begin: resp_len invalid: %lu", req_len); -+ return NULL; -+ } -+ -+ if (openamp->status != OPENAMP_TRANSACTION_IDLE) { -+ EMSG("openamp: call_begin: transaction not idle"); -+ return NULL; -+ } -+ -+ ret = ops->platform_call_begin(openamp, req_buf, req_len); -+ if (ret < 0) { -+ EMSG("openamp: call_begin: platform begin failed: %d", ret); -+ return NULL; -+ } -+ -+ openamp->status = OPENAMP_TRANSACTION_INPROGRESS; -+ handle = openamp; -+ -+ return handle; -+} -+ -+static rpc_status_t openamp_call_invoke(void *context, rpc_call_handle handle, -+ uint32_t opcode, int *opstatus, -+ uint8_t **resp_buf, size_t *resp_len) -+{ -+ struct openamp_caller *openamp = context; -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ rpc_status_t status; -+ int ret; -+ -+ (void)opcode; -+ -+ if ((handle != openamp) || !opstatus || !resp_buf || !resp_len) { -+ EMSG("openamp: call_invoke: invalid arguments"); -+ return TS_RPC_ERROR_INVALID_PARAMETER; -+ } -+ -+ if (openamp->status != OPENAMP_TRANSACTION_INPROGRESS) { -+ EMSG("openamp: call_invoke: transaction needed to be started"); -+ return TS_RPC_ERROR_NOT_READY; -+ } -+ -+ ret = ops->platform_call_invoke(openamp, opstatus, resp_buf, resp_len); -+ if (ret < 0) -+ return TS_RPC_ERROR_INTERNAL; -+ -+ openamp->status = OPENAMP_TRANSACTION_INVOKED; -+ *opstatus = 0; -+ -+ return TS_RPC_CALL_ACCEPTED; -+} -+ -+static void openamp_call_end(void *context, rpc_call_handle handle) -+{ -+ struct openamp_caller *openamp = context; -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ -+ if (handle != openamp) { -+ EMSG("openamp: call_end: invalid arguments"); -+ return; -+ } -+ -+ if (openamp->status == OPENAMP_TRANSACTION_IDLE) { -+ EMSG("openamp: call_end: transaction idle"); -+ return; -+ } -+ -+ ops->platform_call_end(openamp); -+ -+ openamp->status = OPENAMP_TRANSACTION_IDLE; -+} -+ -+static void *openamp_virt_to_phys(void *context, void *va) -+{ -+ struct openamp_caller *openamp = context; -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ -+ return ops->platform_virt_to_phys(openamp, va); -+} -+ -+static void *openamp_phys_to_virt(void *context, void *pa) -+{ -+ struct openamp_caller *openamp = context; -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ -+ return ops->platform_phys_to_virt(openamp, pa); -+} -+ -+static int openamp_init(struct openamp_caller *openamp) -+{ -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ int ret; -+ -+ ret = ops->transport_init(openamp); -+ if (ret < 0) -+ return ret; -+ -+ ret = ops->platform_init(openamp); -+ if (ret < 0) -+ goto denit_transport; -+ -+ return 0; -+ -+denit_transport: -+ ops->transport_deinit(openamp); -+ -+ return ret; -+} -+ -+static const struct openamp_platform_ops openamp_virtio_ops = { -+ .transport_init = openamp_mhu_init, -+ .transport_deinit = openamp_mhu_deinit, -+ .transport_notify = openamp_mhu_notify_peer, -+ .transport_receive = openamp_mhu_receive, -+ .platform_init = openamp_virtio_init, -+ .platform_call_begin = openamp_virtio_call_begin, -+ .platform_call_invoke = openamp_virtio_call_invoke, -+ .platform_call_end = openamp_virtio_call_end, -+ .platform_virt_to_phys = openamp_virtio_virt_to_phys, -+ .platform_phys_to_virt = openamp_virtio_phys_to_virt, -+}; -+ -+struct rpc_caller *openamp_caller_init(struct openamp_caller *openamp) -+{ -+ struct rpc_caller *rpc = &openamp->rpc_caller; -+ int ret; -+ -+ if (openamp->ref_count) -+ return rpc; -+ -+ rpc_caller_init(rpc, openamp); -+ -+ rpc->call_begin = openamp_call_begin; -+ rpc->call_invoke = openamp_call_invoke; -+ rpc->call_end = openamp_call_end; -+ rpc->virt_to_phys = openamp_virt_to_phys; -+ rpc->phys_to_virt = openamp_phys_to_virt; -+ openamp->platform_ops = &openamp_virtio_ops; -+ -+ ret = openamp_init(openamp); -+ if (ret < 0) { -+ EMSG("openamp_init: failed to start: %d", ret); -+ return rpc; -+ } -+ openamp->ref_count++; -+ -+ return rpc; -+} -+ -+void openamp_caller_deinit(struct openamp_caller *openamp) -+{ -+ struct rpc_caller *rpc = &openamp->rpc_caller; -+ -+ if (--openamp->ref_count) -+ return; -+ -+ rpc->context = NULL; -+ rpc->call_begin = NULL; -+ rpc->call_invoke = NULL; -+ rpc->call_end = NULL; -+} -+ -+int openamp_caller_discover(struct openamp_caller *openamp) -+{ -+ return openamp_init(openamp); -+} -+ -+int openamp_caller_open(struct openamp_caller *openamp) -+{ -+ -+} -diff --git a/components/rpc/openamp/caller/sp/openamp_caller.h b/components/rpc/openamp/caller/sp/openamp_caller.h -new file mode 100644 -index 00000000..3fb67c56 ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_caller.h -@@ -0,0 +1,43 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+#ifndef OPENAMP_CALLER_H -+#define OPENAMP_CALLER_H -+ -+#include <stddef.h> -+#include <rpc_caller.h> -+ -+struct openamp_caller { -+ struct rpc_caller rpc_caller; -+ const struct openamp_platform_ops *platform_ops; -+ uint32_t ref_count; -+ uint8_t status; -+ -+ void *transport; -+ void *platform; -+}; -+ -+struct openamp_platform_ops { -+ int (*transport_init)(struct openamp_caller *openamp); -+ int (*transport_deinit)(struct openamp_caller *openamp); -+ int (*transport_notify)(struct openamp_caller *openamp); -+ int (*transport_receive)(struct openamp_caller *openamp); -+ int (*platform_init)(struct openamp_caller *openamp); -+ int (*platform_deinit)(struct openamp_caller *openamp); -+ int (*platform_call_begin)(struct openamp_caller *openamp, -+ uint8_t **req_buf, size_t req_len); -+ int (*platform_call_invoke)(struct openamp_caller *openamp, -+ int *opstatus, uint8_t **resp_buf, -+ size_t *resp_len); -+ int (*platform_call_end)(struct openamp_caller *openamp); -+ void *(*platform_virt_to_phys)(struct openamp_caller *openamp, void *va); -+ void *(*platform_phys_to_virt)(struct openamp_caller *openamp, void *pa); -+}; -+ -+struct rpc_caller *openamp_caller_init(struct openamp_caller *openamp); -+void openamp_caller_deinit(struct openamp_caller *openamp); -+ -+#endif -diff --git a/components/rpc/openamp/caller/sp/openamp_mhu.c b/components/rpc/openamp/caller/sp/openamp_mhu.c -new file mode 100644 -index 00000000..ffdadaf8 ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_mhu.c -@@ -0,0 +1,191 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <config/interface/config_store.h> -+#include <config/interface/config_blob.h> -+#include <platform/interface/device_region.h> -+#include <platform/drivers/arm/mhu_driver/mhu_v2.h> -+#include <trace.h> -+#include <errno.h> -+#include <stdlib.h> -+#include <stdint.h> -+#include <stddef.h> -+#include <limits.h> -+ -+#include "openamp_caller.h" -+ -+#define MHU_V_2_NOTIFY_CHANNEL 0 -+#define MHU_V_2_NOTIFY_VALUE 0xff -+ -+struct openamp_mhu { -+ struct device_region rx_region; -+ struct device_region tx_region; -+ struct mhu_v2_x_dev_t rx_dev; -+ struct mhu_v2_x_dev_t tx_dev; -+}; -+ -+static int openamp_mhu_device_get(const char *dev, -+ struct device_region *dev_region) -+{ -+ bool found; -+ -+ found = config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, dev, 0, -+ dev_region, sizeof(*dev_region)); -+ if (!found) -+ return -EINVAL; -+ -+ if (!dev_region->base_addr) -+ return -EINVAL; -+ -+ IMSG("mhu: device region found: %s addr: 0x%x size: %d", dev, -+ dev_region->base_addr, dev_region->io_region_size); -+ -+ return 0; -+} -+ -+int openamp_mhu_receive(struct openamp_caller *openamp) -+{ -+ struct mhu_v2_x_dev_t *rx_dev; -+ enum mhu_v2_x_error_t ret; -+ struct openamp_mhu *mhu; -+ uint32_t channel = 0; -+ uint32_t irq_status; -+ -+ if (!openamp->transport) { -+ EMSG("openamp: mhu: receive transport not initialized"); -+ return -EINVAL; -+ } -+ -+ mhu = openamp->transport; -+ rx_dev = &mhu->rx_dev; -+ -+ irq_status = 0; -+ -+ do { -+ irq_status = mhu_v2_x_get_interrupt_status(rx_dev); -+ } while(!irq_status); -+ -+ ret = mhu_v2_1_get_ch_interrupt_num(rx_dev, &channel); -+ -+ ret = mhu_v2_x_channel_clear(rx_dev, channel); -+ if (ret != MHU_V_2_X_ERR_NONE) { -+ EMSG("openamp: mhu: failed to clear channel: %d", channel); -+ return -EPROTO; -+ } -+ -+ return 0; -+} -+ -+int openamp_mhu_notify_peer(struct openamp_caller *openamp) -+{ -+ struct mhu_v2_x_dev_t *tx_dev; -+ enum mhu_v2_x_error_t ret; -+ struct openamp_mhu *mhu; -+ uint32_t access_ready; -+ -+ if (!openamp->transport) { -+ EMSG("openamp: mhu: notify transport not initialized"); -+ return -EINVAL; -+ } -+ -+ mhu = openamp->transport; -+ tx_dev = &mhu->tx_dev; -+ -+ ret = mhu_v2_x_set_access_request(tx_dev); -+ if (ret != MHU_V_2_X_ERR_NONE) { -+ EMSG("openamp: mhu: set access request failed"); -+ return -EPROTO; -+ } -+ -+ do { -+ ret = mhu_v2_x_get_access_ready(tx_dev, &access_ready); -+ if (ret != MHU_V_2_X_ERR_NONE) { -+ EMSG("openamp: mhu: failed to get access_ready"); -+ return -EPROTO; -+ } -+ } while (!access_ready); -+ -+ ret = mhu_v2_x_channel_send(tx_dev, MHU_V_2_NOTIFY_CHANNEL, -+ MHU_V_2_NOTIFY_VALUE); -+ if (ret != MHU_V_2_X_ERR_NONE) { -+ EMSG("openamp: mhu: failed send over channel"); -+ return -EPROTO; -+ } -+ -+ ret = mhu_v2_x_reset_access_request(tx_dev); -+ if (ret != MHU_V_2_X_ERR_NONE) { -+ EMSG("openamp: mhu: failed reset access request"); -+ return -EPROTO; -+ } -+ -+ return 0; -+} -+ -+int openamp_mhu_init(struct openamp_caller *openamp) -+{ -+ struct mhu_v2_x_dev_t *rx_dev; -+ struct mhu_v2_x_dev_t *tx_dev; -+ struct openamp_mhu *mhu; -+ int ret; -+ -+ /* if we already have initialized skip this */ -+ if (openamp->transport) -+ return 0; -+ -+ mhu = malloc(sizeof(*mhu)); -+ if (!mhu) -+ return -1; -+ -+ ret = openamp_mhu_device_get("mhu-sender", &mhu->tx_region); -+ if (ret < 0) -+ goto free_mhu; -+ -+ ret = openamp_mhu_device_get("mhu-receiver", &mhu->rx_region); -+ if (ret < 0) -+ goto free_mhu; -+ -+ rx_dev = &mhu->rx_dev; -+ tx_dev = &mhu->tx_dev; -+ -+ rx_dev->base = (unsigned int)mhu->rx_region.base_addr; -+ rx_dev->frame = MHU_V2_X_RECEIVER_FRAME; -+ -+ tx_dev->base = (unsigned int)mhu->tx_region.base_addr; -+ tx_dev->frame = MHU_V2_X_SENDER_FRAME; -+ -+ ret = mhu_v2_x_driver_init(rx_dev, MHU_REV_READ_FROM_HW); -+ if (ret < 0) -+ goto free_mhu; -+ -+ ret = mhu_v2_x_driver_init(tx_dev, MHU_REV_READ_FROM_HW); -+ if (ret < 0) -+ goto free_mhu; -+ -+ openamp->transport = (void *)mhu; -+ -+ return 0; -+ -+free_mhu: -+ free(mhu); -+ -+ return ret; -+} -+ -+int openamp_mhu_deinit(struct openamp_caller *openamp) -+{ -+ struct openamp_mhu *mhu; -+ -+ if (!openamp->transport) -+ return 0; -+ -+ mhu = openamp->transport; -+ free(mhu); -+ -+ openamp->transport = NULL; -+ -+ return 0; -+} -diff --git a/components/rpc/openamp/caller/sp/openamp_mhu.h b/components/rpc/openamp/caller/sp/openamp_mhu.h -new file mode 100644 -index 00000000..2ae5cb8e ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_mhu.h -@@ -0,0 +1,19 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+#ifndef OPENAMP_MHU_H -+#define OPENAMP_MHU_H -+ -+#include <stddef.h> -+#include "openamp_caller.h" -+ -+int openamp_mhu_init(struct openamp_caller *openamp); -+int openamp_mhu_deinit(struct openamp_caller *openamp); -+ -+int openamp_mhu_notify_peer(struct openamp_caller *openamp); -+int openamp_mhu_receive(struct openamp_caller *openamp); -+ -+#endif -diff --git a/components/rpc/openamp/caller/sp/openamp_virtio.c b/components/rpc/openamp/caller/sp/openamp_virtio.c -new file mode 100644 -index 00000000..06e0735b ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_virtio.c -@@ -0,0 +1,554 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <metal/device.h> -+#include <metal/spinlock.h> -+#include <openamp/open_amp.h> -+#include <platform/interface/device_region.h> -+#include <config/interface/config_store.h> -+ -+#include <stddef.h> -+#include "openamp_caller.h" -+ -+#define OPENAMP_SHEM_DEVICE_NAME "openamp-virtio" -+#define OPENAMP_RPMSG_ENDPOINT_NAME OPENAMP_SHEM_DEVICE_NAME -+#define OPENAMP_RPMSG_ENDPOINT_ADDR 1024 -+ -+#define OPENAMP_SHEM_PHYS 0x88000000 -+#define OPENAMP_SHEM_PHYS_PAGES 1 -+#define OPENAMP_SHEM_SE_PHYS 0xa8000000 -+ -+#define OPENAMP_SHEM_VDEV_SIZE (4 * 1024) -+#define OPENAMP_SHEM_VRING_SIZE (4 * 1024) -+ -+#define OPENAMP_BUFFER_NO_WAIT 0 -+#define OPENAMP_BUFFER_WAIT 1 -+ -+#define VIRTQUEUE_NR 2 -+#define VQ_TX 0 -+#define VQ_RX 1 -+ -+#define VRING_DESCRIPTORS 16 -+#define VRING_ALIGN 4 -+ -+#define container_of(ptr, type, member) \ -+ ((type *)((char *)(ptr) - (unsigned long)(&((type *)0)->member))) -+ -+struct openamp_virtio_shm { -+ uintptr_t base_addr; -+ size_t size; -+ uintptr_t vdev_status; -+ size_t vdev_status_size; -+ uintptr_t payload_addr; -+ size_t payload_size; -+ uintptr_t vring_tx; -+ size_t vring_tx_size; -+ uintptr_t vring_rx; -+ size_t vring_rx_size; -+ -+ metal_phys_addr_t shm_physmap[OPENAMP_SHEM_PHYS_PAGES]; -+}; -+ -+struct openamp_virtio_metal { -+ struct metal_spinlock lock; -+ struct metal_device shm_dev; -+ struct metal_device *io_dev; -+ -+ struct metal_io_region *io; -+ struct openamp_virtio_shm shm; -+}; -+ -+struct openamp_virtio_device { -+ struct virtio_device virtio_dev; -+ struct virtqueue *vq[VIRTQUEUE_NR]; -+ struct virtio_vring_info rvrings[VIRTQUEUE_NR]; -+}; -+ -+struct openamp_virtio_rpmsg { -+ struct rpmsg_virtio_device rpmsg_vdev; -+ struct rpmsg_endpoint ep; -+ uint8_t *req_buf; -+ uint32_t req_len; -+ uint8_t *resp_buf; -+ size_t resp_len; -+}; -+ -+struct openamp_virtio { -+ struct openamp_caller *openamp; -+ struct openamp_virtio_rpmsg rpmsg; -+ struct openamp_virtio_device vdev; -+ struct openamp_virtio_metal metal; -+}; -+ -+static struct openamp_virtio *openamp_virtio_from_dev(struct virtio_device *vdev) -+{ -+ struct openamp_virtio_device *openamp_vdev; -+ -+ openamp_vdev = container_of(vdev, struct openamp_virtio_device, -+ virtio_dev); -+ -+ return container_of(openamp_vdev, struct openamp_virtio, vdev); -+} -+ -+static struct openamp_virtio_rpmsg *openamp_virtio_rpmsg_from_dev(struct rpmsg_device *rdev) -+{ -+ struct rpmsg_virtio_device *rvdev; -+ -+ rvdev = container_of(rdev, struct rpmsg_virtio_device, rdev); -+ -+ return container_of(rvdev, struct openamp_virtio_rpmsg, rpmsg_vdev); -+ -+} -+ -+static void openamp_virtio_metal_device_setup(struct metal_device *shm_dev, -+ struct openamp_virtio_shm *shm) -+{ -+ struct metal_io_region *shm_region; -+ -+ shm_region = &shm_dev->regions[0]; -+ -+ shm_dev->name = OPENAMP_SHEM_DEVICE_NAME; -+ shm_dev->num_regions = 1; -+ -+ shm_region->virt = (void *)shm->payload_addr; -+ shm_region->size = shm->payload_size; -+ -+ shm_region->physmap = &shm->shm_physmap; -+ shm_region->page_shift = (metal_phys_addr_t)(-1); -+ shm_region->page_mask = (metal_phys_addr_t)(-1); -+} -+ -+static int openamp_virtio_metal_init(struct openamp_virtio_metal *metal) -+{ -+ struct metal_init_params params = METAL_INIT_DEFAULTS; -+ struct metal_device *shm_dev = &metal->shm_dev; -+ int ret; -+ -+ openamp_virtio_metal_device_setup(shm_dev, &metal->shm); -+ -+ metal_spinlock_init(&metal->lock); -+ -+ ret = metal_init(¶ms); -+ if (ret < 0) -+ return ret; -+ -+ ret = metal_register_generic_device(shm_dev); -+ if (ret < 0) -+ goto metal_finish; -+ -+ ret = metal_device_open("generic", OPENAMP_SHEM_DEVICE_NAME, -+ &metal->io_dev); -+ if (ret < 0) -+ goto metal_finish; -+ -+ metal->io = metal_device_io_region(metal->io_dev, 0); -+ if (!metal->io) { -+ EMSG("openamp: virtio: failed to init metal io"); -+ ret = -EPROTO; -+ goto metal_finish; -+ } -+ -+ return 0; -+ -+metal_finish: -+ metal_finish(); -+ return ret; -+} -+ -+static unsigned char openamp_virtio_status_get(struct virtio_device *vdev) -+{ -+ struct openamp_virtio *virtio = openamp_virtio_from_dev(vdev); -+ struct openamp_virtio_shm *shm = &virtio->metal.shm; -+ -+ uint32_t status = *(volatile uint32_t *)shm->vdev_status; -+ -+ return status; -+} -+ -+static void openamp_virtio_status_set(struct virtio_device *vdev, -+ unsigned char status) -+{ -+ struct openamp_virtio *virtio = openamp_virtio_from_dev(vdev); -+ struct openamp_virtio_shm *shm = &virtio->metal.shm; -+ -+ *(volatile uint32_t *)shm->vdev_status = status; -+} -+ -+static int count; -+ -+static uint32_t openamp_virtio_features_get(struct virtio_device *vdev) -+{ -+ return 1 << VIRTIO_RPMSG_F_NS; -+} -+ -+static void openamp_virtio_notify(struct virtqueue *vq) -+{ -+ struct openamp_virtio_device *openamp_vdev; -+ struct openamp_caller *openamp; -+ struct openamp_virtio *virtio; -+ int ret; -+ -+ openamp_vdev = container_of(vq->vq_dev, struct openamp_virtio_device, virtio_dev); -+ virtio = container_of(openamp_vdev, struct openamp_virtio, vdev); -+ openamp = virtio->openamp; -+ -+ ret = openamp->platform_ops->transport_notify(openamp); -+ if (ret < 0) -+ EMSG("openamp: virtio: erro in transport_notify: %d", ret); -+} -+ -+const static struct virtio_dispatch openamp_virtio_dispatch = { -+ .get_status = openamp_virtio_status_get, -+ .set_status = openamp_virtio_status_set, -+ .get_features = openamp_virtio_features_get, -+ .notify = openamp_virtio_notify, -+}; -+ -+static int openamp_virtio_device_setup(struct openamp_virtio *virtio) -+{ -+ struct openamp_virtio_metal *metal = &virtio->metal; -+ struct openamp_virtio_device *openamp_vdev = &virtio->vdev; -+ struct virtio_device *vdev = &openamp_vdev->virtio_dev; -+ struct openamp_virtio_shm *shm = &metal->shm; -+ struct virtio_vring_info *rvring; -+ -+ rvring = &openamp_vdev->rvrings[0]; -+ -+ vdev->role = RPMSG_REMOTE; -+ vdev->vrings_num = VIRTQUEUE_NR; -+ vdev->func = &openamp_virtio_dispatch; -+ -+ openamp_vdev->vq[VQ_TX] = virtqueue_allocate(VRING_DESCRIPTORS); -+ if (!openamp_vdev->vq[VQ_TX]) { -+ EMSG("openamp: virtio: failed to allocate virtqueue 0"); -+ return -ENOMEM; -+ } -+ rvring->io = metal->io; -+ rvring->info.vaddr = (void *)shm->vring_tx; -+ rvring->info.num_descs = VRING_DESCRIPTORS; -+ rvring->info.align = VRING_ALIGN; -+ rvring->vq = openamp_vdev->vq[VQ_TX]; -+ -+ openamp_vdev->vq[VQ_RX] = virtqueue_allocate(VRING_DESCRIPTORS); -+ if (!openamp_vdev->vq[VQ_RX]) { -+ EMSG("openamp: virtio: failed to allocate virtqueue 1"); -+ goto free_vq; -+ } -+ rvring = &openamp_vdev->rvrings[VQ_RX]; -+ rvring->io = metal->io; -+ rvring->info.vaddr = (void *)shm->vring_rx; -+ rvring->info.num_descs = VRING_DESCRIPTORS; -+ rvring->info.align = VRING_ALIGN; -+ rvring->vq = openamp_vdev->vq[VQ_RX]; -+ -+ vdev->vrings_info = &openamp_vdev->rvrings[0]; -+ -+ return 0; -+ -+free_vq: -+ virtqueue_free(openamp_vdev->vq[VQ_TX]); -+ virtqueue_free(openamp_vdev->vq[VQ_RX]); -+ -+ return -ENOMEM; -+} -+ -+static int openamp_virtio_rpmsg_endpoint_callback(struct rpmsg_endpoint *ep, -+ void *data, size_t len, -+ uint32_t src, void *priv) -+{ -+ struct openamp_virtio_rpmsg *vrpmsg; -+ struct rpmsg_device *rdev; -+ struct openamp_virtio *virtio; -+ -+ rdev = ep->rdev; -+ vrpmsg = openamp_virtio_rpmsg_from_dev(rdev); -+ virtio = container_of(vrpmsg, struct openamp_virtio, rpmsg); -+ -+ rpmsg_hold_rx_buffer(ep, data); -+ vrpmsg->resp_buf = data; -+ vrpmsg->resp_len = len; -+ -+ return 0; -+} -+ -+static void openamp_virtio_rpmsg_service_unbind(struct rpmsg_endpoint *ep) -+{ -+ struct openamp_virtio_rpmsg *vrpmsg; -+ struct rpmsg_device *rdev; -+ -+ rdev = container_of(ep, struct rpmsg_device, ns_ept); -+ vrpmsg = openamp_virtio_rpmsg_from_dev(rdev); -+ -+ rpmsg_destroy_ept(&vrpmsg->ep); -+} -+ -+static void openamp_virtio_rpmsg_endpoint_bind(struct rpmsg_device *rdev, -+ const char *name, -+ unsigned int dest) -+{ -+ struct openamp_virtio_rpmsg *vrpmsg; -+ -+ vrpmsg = openamp_virtio_rpmsg_from_dev(rdev); -+ -+ rpmsg_create_ept(&vrpmsg->ep, rdev, name, RPMSG_ADDR_ANY, dest, -+ openamp_virtio_rpmsg_endpoint_callback, -+ openamp_virtio_rpmsg_service_unbind); -+} -+ -+static int openamp_virtio_rpmsg_device_setup(struct openamp_virtio *virtio, -+ struct device_region *virtio_dev) -+{ -+ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg; -+ struct rpmsg_virtio_device *rpmsg_vdev = &vrpmsg->rpmsg_vdev; -+ struct openamp_virtio_device *openamp_vdev = &virtio->vdev; -+ struct virtio_device *vdev = &openamp_vdev->virtio_dev; -+ struct openamp_virtio_metal *metal = &virtio->metal; -+ int ret; -+ -+ /* -+ * we assume here that we are the client side and do not need to -+ * initialize the share memory poll (this is done at server side). -+ */ -+ ret = rpmsg_init_vdev(rpmsg_vdev, vdev, -+ openamp_virtio_rpmsg_endpoint_bind, metal->io, -+ NULL); -+ if (ret < 0) { -+ EMSG("openamp: virtio: init vdev failed: %d", ret); -+ return ret; -+ } -+ -+ -+ ret = rpmsg_create_ept(&vrpmsg->ep, &rpmsg_vdev->rdev, -+ OPENAMP_RPMSG_ENDPOINT_NAME, RPMSG_ADDR_ANY, -+ RPMSG_ADDR_ANY, -+ openamp_virtio_rpmsg_endpoint_callback, -+ openamp_virtio_rpmsg_service_unbind); -+ if (ret < 0) { -+ EMSG("openamp: virtio: failed to create endpoint: %d", ret); -+ return ret; -+ } -+ -+ /* set default remote addr */ -+ vrpmsg->ep.dest_addr = OPENAMP_RPMSG_ENDPOINT_ADDR; -+ -+ return 0; -+} -+ -+static void openamp_virtio_shm_set(struct openamp_virtio *virtio, -+ struct device_region *virtio_region) -+{ -+ struct openamp_virtio_shm *shm = &virtio->metal.shm; -+ -+ shm->base_addr = virtio_region->base_addr; -+ shm->size = virtio_region->io_region_size; -+ -+ shm->vdev_status = shm->base_addr; -+ shm->vdev_status_size = OPENAMP_SHEM_VDEV_SIZE; -+ -+ shm->vring_rx = shm->base_addr + shm->size - -+ (2 * OPENAMP_SHEM_VRING_SIZE); -+ shm->vring_rx_size = OPENAMP_SHEM_VRING_SIZE; -+ -+ shm->vring_tx = shm->vring_rx + shm->vring_rx_size; -+ shm->vring_tx_size = OPENAMP_SHEM_VRING_SIZE; -+ -+ shm->payload_addr = shm->vdev_status + shm->vdev_status_size; -+ shm->payload_size = shm->size - shm->vdev_status_size - -+ shm->vring_rx_size - shm->vring_tx_size; -+ -+ shm->shm_physmap[0] = OPENAMP_SHEM_PHYS + shm->vdev_status_size; -+ -+ IMSG("SHEM: base: 0x%0x size: 0x%0x size: %d", -+ shm->base_addr, shm->size, shm->size); -+ IMSG("VDEV: base: 0x%0x size: 0x%0x size: %d", -+ shm->vdev_status, shm->vdev_status_size, shm->vdev_status_size); -+ IMSG("PAYLOAD: base: 0x%0x size: 0x%0x size: %d", -+ shm->payload_addr, shm->payload_size, shm->payload_size); -+ IMSG("VRING_TX: base: 0x%0x size: 0x%0x size: %d", -+ shm->vring_tx, shm->vring_tx_size, shm->vring_tx_size); -+ IMSG("VRING_RX: base: 0x%0x size: 0x%0x size: %d", -+ shm->vring_rx, shm->vring_rx_size, shm->vring_rx_size); -+ IMSG("PHYMAP: base: 0x%0x", shm->shm_physmap[0]); -+} -+ -+static int openamp_virtio_device_get(const char *dev, -+ struct device_region *dev_region) -+{ -+ bool found; -+ -+ found = config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, dev, 0, -+ dev_region, sizeof(*dev_region)); -+ if (!found) { -+ EMSG("openamp: virtio: device region not found: %s", dev); -+ return -EINVAL; -+ } -+ -+ if (dev_region->base_addr == 0 || dev_region->io_region_size == 0) { -+ EMSG("openamp: virtio: device region not valid"); -+ return -EINVAL; -+ } -+ -+ IMSG("openamp: virtio: device region found: %s addr: 0x%x size: %d", -+ dev, dev_region->base_addr, dev_region->io_region_size); -+ -+ return 0; -+} -+ -+int openamp_virtio_call_begin(struct openamp_caller *openamp, uint8_t **req_buf, -+ size_t req_len) -+{ -+ struct openamp_virtio *virtio = openamp->platform; -+ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg; -+ struct rpmsg_endpoint *ep = &vrpmsg->ep; -+ -+ -+ *req_buf = rpmsg_get_tx_payload_buffer(ep, &vrpmsg->req_len, -+ OPENAMP_BUFFER_WAIT); -+ if (*req_buf == NULL) -+ return -EINVAL; -+ -+ if (vrpmsg->req_len < req_len) -+ return -E2BIG; -+ -+ vrpmsg->req_buf = *req_buf; -+ -+ return 0; -+} -+ -+int openamp_virtio_call_invoke(struct openamp_caller *openamp, int *opstatus, -+ uint8_t **resp_buf, size_t *resp_len) -+{ -+ const struct openamp_platform_ops *ops = openamp->platform_ops; -+ struct openamp_virtio *virtio = openamp->platform; -+ struct openamp_virtio_device *openamp_vdev = &virtio->vdev; -+ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg; -+ struct rpmsg_endpoint *ep = &vrpmsg->ep; -+ int ret; -+ -+ ret = rpmsg_send_nocopy(ep, vrpmsg->req_buf, vrpmsg->req_len); -+ if (ret < 0) { -+ EMSG("openamp: virtio: send nocopy failed: %d", ret); -+ return -EIO; -+ } -+ -+ if (ret != vrpmsg->req_len) { -+ EMSG("openamp: virtio: send less bytes %d than requested %d", -+ ret, vrpmsg->req_len); -+ return -EIO; -+ } -+ -+ if (!ops->transport_receive) -+ return 0; -+ -+ ret = ops->transport_receive(openamp); -+ if (ret < 0) { -+ EMSG("openamp: virtio: failed transport_receive"); -+ return -EIO; -+ } -+ -+ virtqueue_notification(openamp_vdev->vq[VQ_RX]); -+ -+ *resp_buf = vrpmsg->resp_buf; -+ *resp_len = vrpmsg->resp_len; -+ -+ return 0; -+} -+ -+void openamp_virtio_call_end(struct openamp_caller *openamp) -+{ -+ struct openamp_virtio *virtio = openamp->platform; -+ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg; -+ -+ rpmsg_release_rx_buffer(&vrpmsg->ep, vrpmsg->resp_buf); -+ -+ vrpmsg->req_buf = NULL; -+ vrpmsg->req_len = 0; -+ vrpmsg->resp_buf = NULL; -+ vrpmsg->resp_len = 0; -+} -+ -+void *openamp_virtio_virt_to_phys(struct openamp_caller *openamp, void *va) -+{ -+ struct openamp_virtio *virtio = openamp->platform; -+ struct openamp_virtio_metal *metal = &virtio->metal; -+ -+ return metal_io_virt_to_phys(metal->io, va); -+} -+ -+void *openamp_virtio_phys_to_virt(struct openamp_caller *openamp, void *pa) -+{ -+ struct openamp_virtio *virtio = openamp->platform; -+ struct openamp_virtio_metal *metal = &virtio->metal; -+ -+ return metal_io_phys_to_virt(metal->io, pa); -+} -+ -+int openamp_virtio_init(struct openamp_caller *openamp) -+{ -+ struct device_region virtio_dev; -+ struct openamp_virtio *virtio; -+ int ret; -+ -+ if (openamp->platform) -+ return 0; -+ -+ -+ virtio = malloc(sizeof(*virtio)); -+ if (!virtio) -+ return -ENOMEM; -+ -+ virtio->openamp = openamp; -+ -+ ret = openamp_virtio_device_get(OPENAMP_SHEM_DEVICE_NAME, &virtio_dev); -+ if (ret < 0) -+ goto free_virtio; -+ -+ openamp_virtio_shm_set(virtio, &virtio_dev); -+ -+ ret = openamp_virtio_metal_init(&virtio->metal); -+ if (ret < 0) -+ goto free_virtio; -+ -+ ret = openamp_virtio_device_setup(virtio); -+ if (ret < 0) -+ goto finish_metal; -+ -+ ret = openamp_virtio_rpmsg_device_setup(virtio, &virtio_dev); -+ if (ret < 0) { -+ EMSG("openamp: virtio: rpmsg device setup failed: %d", ret); -+ goto finish_metal; -+ } -+ -+ openamp->platform = virtio; -+ -+ return 0; -+ -+finish_metal: -+ metal_finish(); -+ -+free_virtio: -+ free(virtio); -+ -+ return ret; -+} -+ -+int openamp_virtio_deinit(struct openamp_caller *openamp) -+{ -+ struct openamp_virtio *virtio; -+ -+ if (!openamp->platform) -+ return 0; -+ -+ virtio = openamp->platform; -+ -+ metal_finish(); -+ free(virtio); -+ -+ openamp->platform = NULL; -+ -+ return 0; -+} -diff --git a/components/rpc/openamp/caller/sp/openamp_virtio.h b/components/rpc/openamp/caller/sp/openamp_virtio.h -new file mode 100644 -index 00000000..915128ff ---- /dev/null -+++ b/components/rpc/openamp/caller/sp/openamp_virtio.h -@@ -0,0 +1,24 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021, Linaro Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+#ifndef OPENAMP_VIRTIO_H -+#define OPENAMP_VIRTIO_H -+ -+#include <stddef.h> -+#include "openamp_caller.h" -+ -+int openamp_virtio_call_begin(struct openamp_caller *openamp, uint8_t **req_buf, -+ size_t req_len); -+int openamp_virtio_call_invoke(struct openamp_caller *openamp, int *opstatus, -+ uint8_t **resp_buf, size_t *resp_len); -+int openamp_virtio_call_end(struct openamp_caller *openamp); -+void *openamp_virtio_virt_to_phys(struct openamp_caller *openamp, void *va); -+void *openamp_virtio_phys_to_virt(struct openamp_caller *openamp, void *pa); -+ -+int openamp_virtio_init(struct openamp_caller *openamp); -+int openamp_virtio_deinit(struct openamp_caller *openamp); -+ -+#endif -diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt -index 248bd7e3..1511bbad 100644 ---- a/deployments/se-proxy/opteesp/CMakeLists.txt -+++ b/deployments/se-proxy/opteesp/CMakeLists.txt -@@ -75,6 +75,7 @@ add_components(TARGET "se-proxy" - "components/service/attestation/include" - "components/service/attestation/provider" - "components/service/attestation/provider/serializer/packed-c" -+ "components/rpc/openamp/caller/sp" - - # Stub service provider backends - "components/rpc/dummy" -diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in -index f351a592..55d49b31 100644 ---- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in -+++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in -@@ -32,6 +32,12 @@ - pages-count = <16>; - attributes = <0x3>; /* read-write */ - }; -+ openamp-virtio { -+ /* Armv8 A Foundation Platform values */ -+ base-address = <0x00000000 0x88000000>; -+ pages-count = <256>; -+ attributes = <0x3>; /* read-write */ -+ }; - }; - }; - }; diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0010-add-psa-client-definitions-for-ff-m.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0010-add-psa-client-definitions-for-ff-m.patch deleted file mode 100644 index f41556a3c5..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0010-add-psa-client-definitions-for-ff-m.patch +++ /dev/null @@ -1,299 +0,0 @@ -From 791a1302d7b779f3aeee7d6f7c9fac00b4244c1b Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 3 Dec 2021 19:05:18 +0000 -Subject: [PATCH] add psa client definitions for ff-m - -Add PSA client definitions in common include to add future -ff-m support. - -Signed-off-by: Rui Miguel Silva <rui.silva@arm.com> -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - - ---- - .../service/common/include/psa/client.h | 194 ++++++++++++++++++ - components/service/common/include/psa/sid.h | 71 +++++++ - 2 files changed, 265 insertions(+) - create mode 100644 components/service/common/include/psa/client.h - create mode 100644 components/service/common/include/psa/sid.h - -diff --git a/components/service/common/include/psa/client.h b/components/service/common/include/psa/client.h -new file mode 100644 -index 00000000..69ccf14f ---- /dev/null -+++ b/components/service/common/include/psa/client.h -@@ -0,0 +1,194 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef SERVICE_PSA_IPC_H -+#define SERVICE_PSA_IPC_H -+ -+#include <stddef.h> -+#include <stdint.h> -+ -+#include <rpc_caller.h> -+#include <psa/error.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+#ifndef IOVEC_LEN -+#define IOVEC_LEN(arr) ((uint32_t)(sizeof(arr)/sizeof(arr[0]))) -+#endif -+ -+/*********************** PSA Client Macros and Types *************************/ -+ -+typedef int32_t psa_handle_t; -+ -+/** -+ * The version of the PSA Framework API that is being used to build the calling -+ * firmware. Only part of features of FF-M v1.1 have been implemented. FF-M v1.1 -+ * is compatible with v1.0. -+ */ -+#define PSA_FRAMEWORK_VERSION (0x0101u) -+ -+/** -+ * Return value from psa_version() if the requested RoT Service is not present -+ * in the system. -+ */ -+#define PSA_VERSION_NONE (0u) -+ -+/** -+ * The zero-value null handle can be assigned to variables used in clients and -+ * RoT Services, indicating that there is no current connection or message. -+ */ -+#define PSA_NULL_HANDLE ((psa_handle_t)0) -+ -+/** -+ * Tests whether a handle value returned by psa_connect() is valid. -+ */ -+#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t)(handle) > 0) -+ -+/** -+ * Converts the handle value returned from a failed call psa_connect() into -+ * an error code. -+ */ -+#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t)(handle)) -+ -+/** -+ * Maximum number of input and output vectors for a request to psa_call(). -+ */ -+#define PSA_MAX_IOVEC (4u) -+ -+/** -+ * An IPC message type that indicates a generic client request. -+ */ -+#define PSA_IPC_CALL (0) -+ -+/** -+ * A read-only input memory region provided to an RoT Service. -+ */ -+struct __attribute__ ((__packed__)) psa_invec { -+ uint32_t base; /*!< the start address of the memory buffer */ -+ uint32_t len; /*!< the size in bytes */ -+}; -+ -+/** -+ * A writable output memory region provided to an RoT Service. -+ */ -+struct __attribute__ ((__packed__)) psa_outvec { -+ uint32_t base; /*!< the start address of the memory buffer */ -+ uint32_t len; /*!< the size in bytes */ -+}; -+ -+/*************************** PSA Client API **********************************/ -+ -+/** -+ * \brief Retrieve the version of the PSA Framework API that is implemented. -+ * -+ * \param[in] rpc_caller RPC caller to use -+ * \return version The version of the PSA Framework implementation -+ * that is providing the runtime services to the -+ * caller. The major and minor version are encoded -+ * as follows: -+ * \arg version[15:8] -- major version number. -+ * \arg version[7:0] -- minor version number. -+ */ -+uint32_t psa_framework_version(struct rpc_caller *caller); -+ -+/** -+ * \brief Retrieve the version of an RoT Service or indicate that it is not -+ * present on this system. -+ * -+ * \param[in] rpc_caller RPC caller to use -+ * \param[in] sid ID of the RoT Service to query. -+ * -+ * \retval PSA_VERSION_NONE The RoT Service is not implemented, or the -+ * caller is not permitted to access the service. -+ * \retval > 0 The version of the implemented RoT Service. -+ */ -+uint32_t psa_version(struct rpc_caller *caller, uint32_t sid); -+ -+/** -+ * \brief Connect to an RoT Service by its SID. -+ * -+ * \param[in] rpc_caller RPC caller to use -+ * \param[in] sid ID of the RoT Service to connect to. -+ * \param[in] version Requested version of the RoT Service. -+ * -+ * \retval > 0 A handle for the connection. -+ * \retval PSA_ERROR_CONNECTION_REFUSED The SPM or RoT Service has refused the -+ * connection. -+ * \retval PSA_ERROR_CONNECTION_BUSY The SPM or RoT Service cannot make the -+ * connection at the moment. -+ * \retval "PROGRAMMER ERROR" The call is a PROGRAMMER ERROR if one or more -+ * of the following are true: -+ * \arg The RoT Service ID is not present. -+ * \arg The RoT Service version is not supported. -+ * \arg The caller is not allowed to access the RoT -+ * service. -+ */ -+psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, -+ uint32_t version); -+ -+/** -+ * \brief Call an RoT Service on an established connection. -+ * -+ * \note FF-M 1.0 proposes 6 parameters for psa_call but the secure gateway ABI -+ * support at most 4 parameters. TF-M chooses to encode 'in_len', -+ * 'out_len', and 'type' into a 32-bit integer to improve efficiency. -+ * Compared with struct-based encoding, this method saves extra memory -+ * check and memory copy operation. The disadvantage is that the 'type' -+ * range has to be reduced into a 16-bit integer. So with this encoding, -+ * the valid range for 'type' is 0-32767. -+ * -+ * \param[in] rpc_caller RPC caller to use -+ * \param[in] handle A handle to an established connection. -+ * \param[in] type The request type. -+ * Must be zero( \ref PSA_IPC_CALL) or positive. -+ * \param[in] in_vec Array of input \ref psa_invec structures. -+ * \param[in] in_len Number of input \ref psa_invec structures. -+ * \param[in,out] out_vec Array of output \ref psa_outvec structures. -+ * \param[in] out_len Number of output \ref psa_outvec structures. -+ * -+ * \retval >=0 RoT Service-specific status value. -+ * \retval <0 RoT Service-specific error code. -+ * \retval PSA_ERROR_PROGRAMMER_ERROR The connection has been terminated by the -+ * RoT Service. The call is a PROGRAMMER ERROR if -+ * one or more of the following are true: -+ * \arg An invalid handle was passed. -+ * \arg The connection is already handling a request. -+ * \arg type < 0. -+ * \arg An invalid memory reference was provided. -+ * \arg in_len + out_len > PSA_MAX_IOVEC. -+ * \arg The message is unrecognized by the RoT -+ * Service or incorrectly formatted. -+ */ -+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle, -+ int32_t type, const struct psa_invec *in_vec, -+ size_t in_len, struct psa_outvec *out_vec, size_t out_len); -+ -+/** -+ * \brief Close a connection to an RoT Service. -+ * -+ * \param[in] rpc_caller RPC caller to use -+ * \param[in] handle A handle to an established connection, or the -+ * null handle. -+ * -+ * \retval void Success. -+ * \retval "PROGRAMMER ERROR" The call is a PROGRAMMER ERROR if one or more -+ * of the following are true: -+ * \arg An invalid handle was provided that is not -+ * the null handle. -+ * \arg The connection is currently handling a -+ * request. -+ */ -+void psa_close(struct rpc_caller *caller, psa_handle_t handle); -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* SERVICE_PSA_IPC_H */ -+ -+ -diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -new file mode 100644 -index 00000000..aaa973c6 ---- /dev/null -+++ b/components/service/common/include/psa/sid.h -@@ -0,0 +1,71 @@ -+/* -+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ * -+ */ -+ -+#ifndef __PSA_MANIFEST_SID_H__ -+#define __PSA_MANIFEST_SID_H__ -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/******** TFM_SP_PS ********/ -+#define TFM_PROTECTED_STORAGE_SERVICE_SID (0x00000060U) -+#define TFM_PROTECTED_STORAGE_SERVICE_VERSION (1U) -+#define TFM_PROTECTED_STORAGE_SERVICE_HANDLE (0x40000101U) -+ -+/* Invalid UID */ -+#define TFM_PS_INVALID_UID 0 -+ -+/* PS message types that distinguish PS services. */ -+#define TFM_PS_SET 1001 -+#define TFM_PS_GET 1002 -+#define TFM_PS_GET_INFO 1003 -+#define TFM_PS_REMOVE 1004 -+#define TFM_PS_GET_SUPPORT 1005 -+ -+/******** TFM_SP_ITS ********/ -+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SID (0x00000070U) -+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_VERSION (1U) -+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE (0x40000102U) -+ -+/******** TFM_SP_CRYPTO ********/ -+#define TFM_CRYPTO_SID (0x00000080U) -+#define TFM_CRYPTO_VERSION (1U) -+#define TFM_CRYPTO_HANDLE (0x40000100U) -+ -+/******** TFM_SP_PLATFORM ********/ -+#define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U) -+#define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U) -+#define TFM_SP_PLATFORM_IOCTL_SID (0x00000041U) -+#define TFM_SP_PLATFORM_IOCTL_VERSION (1U) -+#define TFM_SP_PLATFORM_NV_COUNTER_SID (0x00000042U) -+#define TFM_SP_PLATFORM_NV_COUNTER_VERSION (1U) -+ -+/******** TFM_SP_INITIAL_ATTESTATION ********/ -+#define TFM_ATTESTATION_SERVICE_SID (0x00000020U) -+#define TFM_ATTESTATION_SERVICE_VERSION (1U) -+#define TFM_ATTESTATION_SERVICE_HANDLE (0x40000103U) -+ -+/******** TFM_SP_FWU ********/ -+#define TFM_FWU_WRITE_SID (0x000000A0U) -+#define TFM_FWU_WRITE_VERSION (1U) -+#define TFM_FWU_INSTALL_SID (0x000000A1U) -+#define TFM_FWU_INSTALL_VERSION (1U) -+#define TFM_FWU_ABORT_SID (0x000000A2U) -+#define TFM_FWU_ABORT_VERSION (1U) -+#define TFM_FWU_QUERY_SID (0x000000A3U) -+#define TFM_FWU_QUERY_VERSION (1U) -+#define TFM_FWU_REQUEST_REBOOT_SID (0x000000A4U) -+#define TFM_FWU_REQUEST_REBOOT_VERSION (1U) -+#define TFM_FWU_ACCEPT_SID (0x000000A5U) -+#define TFM_FWU_ACCEPT_VERSION (1U) -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* __PSA_MANIFEST_SID_H__ */ diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0011-Add-common-service-component-to-ipc-support.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0011-Add-common-service-component-to-ipc-support.patch deleted file mode 100644 index 7ecb60f0d5..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0011-Add-common-service-component-to-ipc-support.patch +++ /dev/null @@ -1,295 +0,0 @@ -From b7e9e6fc59263f5daf4ae79eb758fa7647058338 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 3 Dec 2021 19:13:03 +0000 -Subject: [PATCH] Add common service component to ipc support - -Add support for inter processor communication for PSA -including, the openamp client side structures lib. - -Signed-off-by: Rui Miguel Silva <rui.silva@arm.com> - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - - ---- - .../service/common/psa_ipc/component.cmake | 13 ++ - .../service/common/psa_ipc/service_psa_ipc.c | 97 +++++++++++++ - .../psa_ipc/service_psa_ipc_openamp_lib.h | 131 ++++++++++++++++++ - deployments/se-proxy/opteesp/CMakeLists.txt | 1 + - 4 files changed, 242 insertions(+) - create mode 100644 components/service/common/psa_ipc/component.cmake - create mode 100644 components/service/common/psa_ipc/service_psa_ipc.c - create mode 100644 components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h - -diff --git a/components/service/common/psa_ipc/component.cmake b/components/service/common/psa_ipc/component.cmake -new file mode 100644 -index 00000000..5a1c9e62 ---- /dev/null -+++ b/components/service/common/psa_ipc/component.cmake -@@ -0,0 +1,13 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/service_psa_ipc.c" -+ ) -diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c -new file mode 100644 -index 00000000..e8093c20 ---- /dev/null -+++ b/components/service/common/psa_ipc/service_psa_ipc.c -@@ -0,0 +1,97 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <stddef.h> -+#include <stdint.h> -+#include <string.h> -+#include <trace.h> -+ -+#include <protocols/rpc/common/packed-c/status.h> -+#include <psa/error.h> -+#include <rpc_caller.h> -+ -+#include <psa/client.h> -+#include "service_psa_ipc_openamp_lib.h" -+ -+psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, -+ uint32_t version) -+{ -+ psa_status_t psa_status = PSA_SUCCESS; -+ struct s_openamp_msg *resp_msg = NULL; -+ struct ns_openamp_msg *req_msg; -+ rpc_call_handle rpc_handle; -+ size_t resp_len; -+ uint8_t *resp; -+ uint8_t *req; -+ int ret; -+ -+ rpc_handle = rpc_caller_begin(caller, &req, -+ sizeof(struct ns_openamp_msg)); -+ if (!rpc_handle) { -+ EMSG("psa_connect: could not get handle"); -+ return PSA_ERROR_GENERIC_ERROR; -+ } -+ -+ req_msg = (struct ns_openamp_msg *)req; -+ -+ req_msg->call_type = OPENAMP_PSA_CONNECT; -+ req_msg->params.psa_connect_params.sid = sid; -+ req_msg->params.psa_connect_params.version = version; -+ -+ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp, -+ &resp_len); -+ if (ret != TS_RPC_CALL_ACCEPTED) { -+ EMSG("psa_connect: invoke failed: %d", ret); -+ return PSA_ERROR_GENERIC_ERROR; -+ } -+ -+ if (psa_status == PSA_SUCCESS) -+ resp_msg = (struct s_openamp_msg *)resp; -+ -+ rpc_caller_end(caller, rpc_handle); -+ -+ return resp_msg ? (psa_handle_t)resp_msg->reply : PSA_NULL_HANDLE; -+} -+ -+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle, -+ int32_t type, const struct psa_invec *in_vec, -+ size_t in_len, struct psa_outvec *out_vec, size_t out_len) -+{ -+ -+} -+ -+void psa_close(struct rpc_caller *caller, psa_handle_t handle) -+{ -+ psa_status_t psa_status = PSA_SUCCESS; -+ struct s_openamp_msg *resp_msg = NULL; -+ struct ns_openamp_msg *req_msg; -+ rpc_call_handle rpc_handle; -+ size_t resp_len; -+ uint8_t *resp; -+ uint8_t *req; -+ int ret; -+ -+ rpc_handle = rpc_caller_begin(caller, &req, -+ sizeof(struct ns_openamp_msg)); -+ if (!rpc_handle) { -+ EMSG("psa_close: could not get handle"); -+ return; -+ } -+ -+ req_msg = (struct ns_openamp_msg *)req; -+ -+ req_msg->call_type = OPENAMP_PSA_CLOSE; -+ req_msg->params.psa_close_params.handle = handle; -+ -+ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp, -+ &resp_len); -+ if (ret != TS_RPC_CALL_ACCEPTED) { -+ EMSG("psa_close: invoke failed: %d", ret); -+ return; -+ } -+ -+ rpc_caller_end(caller, rpc_handle); -+} -diff --git a/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h b/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h -new file mode 100644 -index 00000000..33ea9666 ---- /dev/null -+++ b/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h -@@ -0,0 +1,131 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef SERVICE_PSA_IPC_OPENAMP_LIB_H -+#define SERVICE_PSA_IPC_OPENAMP_LIB_H -+ -+#include <stddef.h> -+#include <stdint.h> -+ -+#include <compiler.h> -+#include <psa/error.h> -+ -+#include <stdint.h> -+#include <psa/client.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/* PSA client call type value */ -+#define OPENAMP_PSA_FRAMEWORK_VERSION (0x1) -+#define OPENAMP_PSA_VERSION (0x2) -+#define OPENAMP_PSA_CONNECT (0x3) -+#define OPENAMP_PSA_CALL (0x4) -+#define OPENAMP_PSA_CLOSE (0x5) -+ -+/* Return code of openamp APIs */ -+#define OPENAMP_SUCCESS (0) -+#define OPENAMP_MAP_FULL (INT32_MIN + 1) -+#define OPENAMP_MAP_ERROR (INT32_MIN + 2) -+#define OPENAMP_INVAL_PARAMS (INT32_MIN + 3) -+#define OPENAMP_NO_PERMS (INT32_MIN + 4) -+#define OPENAMP_NO_PEND_EVENT (INT32_MIN + 5) -+#define OPENAMP_CHAN_BUSY (INT32_MIN + 6) -+#define OPENAMP_CALLBACK_REG_ERROR (INT32_MIN + 7) -+#define OPENAMP_INIT_ERROR (INT32_MIN + 8) -+ -+#define HOLD_INPUT_BUFFER (1) /* IF true, TF-M Library will hold the openamp -+ * buffer so that openamp shared memory buffer -+ * does not get freed. -+ */ -+ -+/* -+ * This structure holds the parameters used in a PSA client call. -+ */ -+typedef struct __packed psa_client_in_params { -+ union { -+ struct __packed { -+ uint32_t sid; -+ } psa_version_params; -+ -+ struct __packed { -+ uint32_t sid; -+ uint32_t version; -+ } psa_connect_params; -+ -+ struct __packed { -+ psa_handle_t handle; -+ int32_t type; -+ uint32_t in_vec; -+ uint32_t in_len; -+ uint32_t out_vec; -+ uint32_t out_len; -+ } psa_call_params; -+ -+ struct __packed { -+ psa_handle_t handle; -+ } psa_close_params; -+ }; -+} psa_client_in_params_t; -+ -+/* Openamp message passed from NSPE to SPE to deliver a PSA client call */ -+struct __packed ns_openamp_msg { -+ uint32_t call_type; /* PSA client call type */ -+ struct psa_client_in_params params; /* Contain parameters used in PSA -+ * client call -+ */ -+ -+ int32_t client_id; /* Optional client ID of the -+ * non-secure caller. -+ * It is required to identify the -+ * non-secure task when NSPE OS -+ * enforces non-secure task -+ * isolation -+ */ -+ int32_t request_id; /* This is the unique ID for a -+ * request send to TF-M by the -+ * non-secure core. TF-M forward -+ * the ID back to non-secure on the -+ * reply to a given request. Using -+ * this id, the non-secure library -+ * can identify the request for -+ * which the reply has received. -+ */ -+}; -+ -+/* -+ * This structure holds the location of the out data of the PSA client call. -+ */ -+struct __packed psa_client_out_params { -+ uint32_t out_vec; -+ uint32_t out_len; -+}; -+ -+ -+/* Openamp message from SPE to NSPE delivering the reply back for a PSA client -+ * call. -+ */ -+struct __packed s_openamp_msg { -+ int32_t request_id; /* Using this id, the non-secure -+ * library identifies the request. -+ * TF-M forwards the same -+ * request-id received on the -+ * initial request. -+ */ -+ int32_t reply; /* Reply of the PSA client call */ -+ struct psa_client_out_params params; /* Contain out data result of the -+ * PSA client call. -+ */ -+}; -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* SERVICE_PSA_IPC_OPENAMP_LIB_H */ -+ -+ -diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt -index 1511bbad..e0e0e12b 100644 ---- a/deployments/se-proxy/opteesp/CMakeLists.txt -+++ b/deployments/se-proxy/opteesp/CMakeLists.txt -@@ -54,6 +54,7 @@ add_components(TARGET "se-proxy" - "components/service/common/include" - "components/service/common/serializer/protobuf" - "components/service/common/client" -+ "components/service/common/psa_ipc" - "components/service/common/provider" - "components/service/discovery/provider" - "components/service/discovery/provider/serializer/packed-c" diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0012-Add-secure-storage-ipc-backend.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0012-Add-secure-storage-ipc-backend.patch deleted file mode 100644 index 068468b8c5..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0012-Add-secure-storage-ipc-backend.patch +++ /dev/null @@ -1,523 +0,0 @@ -From 962056a9c8115e9228719d46b09da983678ab024 Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 3 Dec 2021 19:19:24 +0000 -Subject: [PATCH] Add secure storage ipc backend - -Add secure storage ipc ff-m implementation which may use -openamp as rpc to communicate with other processor. - -Signed-off-by: Rui Miguel Silva <rui.silva@arm.com> - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - - ---- - .../service/common/psa_ipc/service_psa_ipc.c | 143 +++++++++++- - .../secure_storage_ipc/component.cmake | 14 ++ - .../secure_storage_ipc/secure_storage_ipc.c | 214 ++++++++++++++++++ - .../secure_storage_ipc/secure_storage_ipc.h | 52 +++++ - deployments/se-proxy/opteesp/CMakeLists.txt | 1 + - 5 files changed, 420 insertions(+), 4 deletions(-) - create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/component.cmake - create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c - create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h - -diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c -index e8093c20..95a07c13 100644 ---- a/components/service/common/psa_ipc/service_psa_ipc.c -+++ b/components/service/common/psa_ipc/service_psa_ipc.c -@@ -16,6 +16,52 @@ - #include <psa/client.h> - #include "service_psa_ipc_openamp_lib.h" - -+static struct psa_invec *psa_call_in_vec_param(uint8_t *req) -+{ -+ return (struct psa_invec *)(req + sizeof(struct ns_openamp_msg)); -+} -+ -+static struct psa_outvec *psa_call_out_vec_param(uint8_t *req, size_t in_len) -+{ -+ return (struct psa_outvec *)(req + sizeof(struct ns_openamp_msg) + -+ (in_len * sizeof(struct psa_invec))); -+} -+ -+static size_t psa_call_header_len(const struct psa_invec *in_vec, size_t in_len, -+ struct psa_outvec *out_vec, size_t out_len) -+{ -+ return sizeof(struct ns_openamp_msg) + (in_len * sizeof(*in_vec)) + -+ (out_len * sizeof(*out_vec)); -+} -+ -+static size_t psa_call_in_vec_len(const struct psa_invec *in_vec, size_t in_len) -+{ -+ size_t req_len = 0; -+ int i; -+ -+ if (!in_vec || !in_len) -+ return 0; -+ -+ for (i = 0; i < in_len; i++) -+ req_len += in_vec[i].len; -+ -+ return req_len; -+} -+ -+static size_t psa_call_out_vec_len(const struct psa_outvec *out_vec, size_t out_len) -+{ -+ size_t resp_len = 0; -+ int i; -+ -+ if (!out_vec || !out_len) -+ return 0; -+ -+ for (i = 0; i < out_len; i++) -+ resp_len += out_vec[i].len; -+ -+ return resp_len; -+} -+ - psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, - uint32_t version) - { -@@ -31,7 +77,7 @@ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, - rpc_handle = rpc_caller_begin(caller, &req, - sizeof(struct ns_openamp_msg)); - if (!rpc_handle) { -- EMSG("psa_connect: could not get handle"); -+ EMSG("psa_connect: could not get rpc handle"); - return PSA_ERROR_GENERIC_ERROR; - } - -@@ -56,14 +102,100 @@ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, - return resp_msg ? (psa_handle_t)resp_msg->reply : PSA_NULL_HANDLE; - } - --psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle, -+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle, - int32_t type, const struct psa_invec *in_vec, - size_t in_len, struct psa_outvec *out_vec, size_t out_len) - { -+ psa_status_t psa_status = PSA_SUCCESS; -+ struct s_openamp_msg *resp_msg = NULL; -+ struct psa_outvec *out_vec_param; -+ struct psa_invec *in_vec_param; -+ struct ns_openamp_msg *req_msg; -+ rpc_call_handle rpc_handle; -+ size_t out_vec_len; -+ size_t in_vec_len; -+ size_t header_len; -+ uint8_t *payload; -+ size_t resp_len; -+ uint8_t *resp; -+ uint8_t *req; -+ int ret; -+ int i; -+ -+ if ((psa_handle == PSA_NULL_HANDLE) || !caller) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ header_len = psa_call_header_len(in_vec, in_len, out_vec, out_len); -+ in_vec_len = psa_call_in_vec_len(in_vec, in_len); -+ out_vec_len = psa_call_out_vec_len(out_vec, out_len); - -+ rpc_handle = rpc_caller_begin(caller, &req, header_len + in_vec_len); -+ if (!rpc_handle) { -+ EMSG("psa_call: could not get handle"); -+ return PSA_ERROR_GENERIC_ERROR; -+ } -+ -+ payload = req + header_len; -+ -+ out_vec_param = psa_call_out_vec_param(req, in_len); -+ in_vec_param = psa_call_in_vec_param(req); -+ -+ req_msg = (struct ns_openamp_msg *)req; -+ -+ req_msg->call_type = OPENAMP_PSA_CALL; -+ req_msg->request_id = 1234; -+ req_msg->params.psa_call_params.handle = psa_handle; -+ req_msg->params.psa_call_params.type = type; -+ req_msg->params.psa_call_params.in_len = in_len; -+ req_msg->params.psa_call_params.in_vec = rpc_caller_virt_to_phys(caller, in_vec_param); -+ req_msg->params.psa_call_params.out_len = out_len; -+ req_msg->params.psa_call_params.out_vec = rpc_caller_virt_to_phys(caller, out_vec_param); -+ -+ for (i = 0; i < in_len; i++) { -+ in_vec_param[i].base = rpc_caller_virt_to_phys(caller, payload); -+ in_vec_param[i].len = in_vec[i].len; -+ -+ memcpy(payload, in_vec[i].base, in_vec[i].len); -+ payload += in_vec[i].len; -+ } -+ -+ for (i = 0; i < out_len; i++) { -+ out_vec_param[i].base = NULL; -+ out_vec_param[i].len = out_vec[i].len; -+ } -+ -+ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp, -+ &resp_len); -+ if (ret != TS_RPC_CALL_ACCEPTED) { -+ EMSG("psa_call: invoke failed: %d", ret); -+ return PSA_ERROR_GENERIC_ERROR; -+ } -+ -+ if (psa_status != PSA_SUCCESS) { -+ EMSG("psa_call: psa_status invoke failed: %d", psa_status); -+ return PSA_ERROR_GENERIC_ERROR; -+ } -+ -+ resp_msg = (struct s_openamp_msg *)resp; -+ -+ if (!resp_msg || !out_len || resp_msg->reply != PSA_SUCCESS) -+ goto caller_end; -+ -+ out_vec_param = (struct psa_outvec *)rpc_caller_phys_to_virt(caller, -+ resp_msg->params.out_vec); -+ -+ for (i = 0; i < resp_msg->params.out_len; i++) { -+ memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base), -+ out_vec[i].len); -+ } -+ -+caller_end: -+ rpc_caller_end(caller, rpc_handle); -+ -+ return resp_msg ? resp_msg->reply : PSA_ERROR_COMMUNICATION_FAILURE; - } - --void psa_close(struct rpc_caller *caller, psa_handle_t handle) -+void psa_close(struct rpc_caller *caller, psa_handle_t psa_handle) - { - psa_status_t psa_status = PSA_SUCCESS; - struct s_openamp_msg *resp_msg = NULL; -@@ -74,6 +206,9 @@ void psa_close(struct rpc_caller *caller, psa_handle_t handle) - uint8_t *req; - int ret; - -+ if ((psa_handle == PSA_NULL_HANDLE) || !caller) -+ return; -+ - rpc_handle = rpc_caller_begin(caller, &req, - sizeof(struct ns_openamp_msg)); - if (!rpc_handle) { -@@ -84,7 +219,7 @@ void psa_close(struct rpc_caller *caller, psa_handle_t handle) - req_msg = (struct ns_openamp_msg *)req; - - req_msg->call_type = OPENAMP_PSA_CLOSE; -- req_msg->params.psa_close_params.handle = handle; -+ req_msg->params.psa_close_params.handle = psa_handle; - - ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp, - &resp_len); -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/component.cmake b/components/service/secure_storage/backend/secure_storage_ipc/component.cmake -new file mode 100644 -index 00000000..5d8f6714 ---- /dev/null -+++ b/components/service/secure_storage/backend/secure_storage_ipc/component.cmake -@@ -0,0 +1,14 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/secure_storage_ipc.c" -+ ) -+ -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -new file mode 100644 -index 00000000..9b55f77d ---- /dev/null -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -@@ -0,0 +1,214 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <protocols/rpc/common/packed-c/status.h> -+#include "secure_storage_ipc.h" -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <rpc_caller.h> -+#include <string.h> -+#include <trace.h> -+ -+ -+static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id, -+ psa_storage_uid_t uid, size_t data_length, -+ const void *p_data, psa_storage_create_flags_t create_flags) -+{ -+ struct secure_storage_ipc *ipc = context; -+ struct rpc_caller *caller = ipc->client.caller; -+ psa_handle_t psa_handle; -+ psa_status_t psa_status; -+ struct psa_invec in_vec[] = { -+ { .base = &uid, .len = sizeof(uid) }, -+ { .base = p_data, .len = data_length }, -+ { .base = &create_flags, .len = sizeof(create_flags) }, -+ }; -+ -+ (void)client_id; -+ -+ ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED; -+ -+ /* Validating input parameters */ -+ if (p_data == NULL) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -+ TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0); -+ if (psa_status < 0) -+ EMSG("ipc_set: psa_call failed: %d", psa_status); -+ -+ return psa_status; -+} -+ -+static psa_status_t secure_storage_ipc_get(void *context, -+ uint32_t client_id, -+ psa_storage_uid_t uid, -+ size_t data_offset, -+ size_t data_size, -+ void *p_data, -+ size_t *p_data_length) -+{ -+ struct secure_storage_ipc *ipc = context; -+ struct rpc_caller *caller = ipc->client.caller; -+ psa_handle_t psa_handle; -+ psa_status_t psa_status; -+ uint32_t offset = (uint32_t)data_offset; -+ struct psa_invec in_vec[] = { -+ { .base = &uid, .len = sizeof(uid) }, -+ { .base = &offset, .len = sizeof(offset) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = p_data, .len = data_size }, -+ }; -+ -+ if (!p_data_length) { -+ EMSG("ipc_get: p_data_length not defined"); -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -+ TFM_PS_GET, in_vec, IOVEC_LEN(in_vec), -+ out_vec, IOVEC_LEN(out_vec)); -+ if (psa_status == PSA_SUCCESS) -+ *p_data_length = out_vec[0].len; -+ -+ return psa_status; -+} -+ -+static psa_status_t secure_storage_ipc_get_info(void *context, -+ uint32_t client_id, -+ psa_storage_uid_t uid, -+ struct psa_storage_info_t *p_info) -+{ -+ struct secure_storage_ipc *ipc = context; -+ struct rpc_caller *caller = ipc->client.caller; -+ psa_handle_t psa_handle; -+ psa_status_t psa_status; -+ struct psa_invec in_vec[] = { -+ { .base = &uid, .len = sizeof(uid) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = p_info, .len = sizeof(*p_info) }, -+ }; -+ -+ (void)client_id; -+ -+ /* Validating input parameters */ -+ if (!p_info) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -+ TFM_PS_GET_INFO, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ if (psa_status != PSA_SUCCESS) -+ EMSG("ipc_get_info: failed to psa_call: %d", psa_status); -+ -+ return psa_status; -+} -+ -+static psa_status_t secure_storage_ipc_remove(void *context, -+ uint32_t client_id, -+ psa_storage_uid_t uid) -+{ -+ struct secure_storage_ipc *ipc = context; -+ struct rpc_caller *caller = ipc->client.caller; -+ psa_handle_t psa_handle; -+ psa_status_t psa_status; -+ struct psa_invec in_vec[] = { -+ { .base = &uid, .len = sizeof(uid) }, -+ }; -+ -+ (void)client_id; -+ -+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -+ TFM_PS_REMOVE, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ if (psa_status != PSA_SUCCESS) -+ EMSG("ipc_remove: failed to psa_call: %d", psa_status); -+ -+ return psa_status; -+} -+ -+static psa_status_t secure_storage_ipc_create(void *context, -+ uint32_t client_id, -+ uint64_t uid, -+ size_t capacity, -+ uint32_t create_flags) -+{ -+ (void)context; -+ (void)uid; -+ (void)client_id; -+ (void)capacity; -+ (void)create_flags; -+ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static psa_status_t secure_storage_set_extended(void *context, -+ uint32_t client_id, -+ uint64_t uid, -+ size_t data_offset, -+ size_t data_length, -+ const void *p_data) -+{ -+ (void)context; -+ (void)uid; -+ (void)client_id; -+ (void)data_offset; -+ (void)data_length; -+ (void)p_data; -+ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static uint32_t secure_storage_get_support(void *context, uint32_t client_id) -+{ -+ struct secure_storage_ipc *ipc = context; -+ struct rpc_caller *caller = ipc->client.caller; -+ psa_handle_t psa_handle; -+ psa_status_t psa_status; -+ uint32_t support_flags; -+ struct psa_outvec out_vec[] = { -+ { .base = &support_flags, .len = sizeof(support_flags) }, -+ }; -+ -+ (void)client_id; -+ -+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -+ TFM_PS_GET_SUPPORT, NULL, 0, -+ out_vec, IOVEC_LEN(out_vec)); -+ if (psa_status != PSA_SUCCESS) -+ EMSG("ipc_get_support: failed to psa_call: %d", psa_status); -+ -+ return psa_status; -+} -+ -+struct storage_backend *secure_storage_ipc_init(struct secure_storage_ipc *context, -+ struct rpc_caller *caller) -+{ -+ service_client_init(&context->client, caller); -+ -+ static const struct storage_backend_interface interface = -+ { -+ .set = secure_storage_ipc_set, -+ .get = secure_storage_ipc_get, -+ .get_info = secure_storage_ipc_get_info, -+ .remove = secure_storage_ipc_remove, -+ .create = secure_storage_ipc_create, -+ .set_extended = secure_storage_set_extended, -+ .get_support = secure_storage_get_support, -+ }; -+ -+ context->backend.context = context; -+ context->backend.interface = &interface; -+ -+ return &context->backend; -+} -+ -+void secure_storage_ipc_deinit(struct secure_storage_ipc *context) -+{ -+ service_client_deinit(&context->client); -+} -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h -new file mode 100644 -index 00000000..e8c1e8fd ---- /dev/null -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h -@@ -0,0 +1,52 @@ -+/* -+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef SECURE_STORAGE_IPC_H -+#define SECURE_STORAGE_IPC_H -+ -+#include <service/secure_storage/backend/storage_backend.h> -+#include <service/common/client/service_client.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/** -+ * @brief Secure storage ipc instance -+ */ -+struct secure_storage_ipc -+{ -+ struct storage_backend backend; -+ struct service_client client; -+}; -+ -+/** -+ * @brief Initialize a secure storage ipc client -+ * -+ * A secure storage client is a storage backend that makes RPC calls -+ * to a remote secure storage provider. -+ * -+ * @param[in] context Instance data -+ * @param[in] rpc_caller RPC caller instance -+ * -+ * -+ * @return Pointer to inialized storage backend or NULL on failure -+ */ -+struct storage_backend *secure_storage_ipc_init(struct secure_storage_ipc *context, -+ struct rpc_caller *caller); -+ -+/** -+ * @brief Deinitialize a secure storage ipc client -+ * -+ * @param[in] context Instance data -+ */ -+void secure_storage_ipc_deinit(struct secure_storage_ipc *context); -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* SECURE_STORAGE_IPC_H */ -diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt -index e0e0e12b..663177b7 100644 ---- a/deployments/se-proxy/opteesp/CMakeLists.txt -+++ b/deployments/se-proxy/opteesp/CMakeLists.txt -@@ -73,6 +73,7 @@ add_components(TARGET "se-proxy" - "components/service/crypto/factory/full" - "components/service/secure_storage/include" - "components/service/secure_storage/frontend/secure_storage_provider" -+ "components/service/secure_storage/backend/secure_storage_ipc" - "components/service/attestation/include" - "components/service/attestation/provider" - "components/service/attestation/provider/serializer/packed-c" diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0013-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0013-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch deleted file mode 100644 index 56964b5c1e..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0013-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 12b8b8bb28c96e6f121122939b7d23e6c7055f0f Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 3 Dec 2021 19:25:34 +0000 -Subject: [PATCH] Use secure storage ipc and openamp for se_proxy - -Remove mock up backend for secure storage in se proxy -deployment and use instead the secure storage ipc backend with -openamp as rpc to secure enclave side. - -Signed-off-by: Rui Miguel Silva <rui.silva@arm.com> - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - - ---- - .../se-proxy/opteesp/service_proxy_factory.c | 16 +++++++++++++--- - 1 file changed, 13 insertions(+), 3 deletions(-) - -diff --git a/deployments/se-proxy/opteesp/service_proxy_factory.c b/deployments/se-proxy/opteesp/service_proxy_factory.c -index acfb6e88..57290056 100644 ---- a/deployments/se-proxy/opteesp/service_proxy_factory.c -+++ b/deployments/se-proxy/opteesp/service_proxy_factory.c -@@ -6,15 +6,20 @@ - - #include <stddef.h> - #include <rpc/common/endpoint/rpc_interface.h> -+#include <rpc/openamp/caller/sp/openamp_caller.h> - #include <service/attestation/provider/attest_provider.h> - #include <service/attestation/provider/serializer/packed-c/packedc_attest_provider_serializer.h> - #include <service/crypto/factory/crypto_provider_factory.h> - #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h> -+#include <trace.h> - - /* Stub backends */ - #include <service/crypto/backend/stub/stub_crypto_backend.h> -+#include <service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h> - #include <service/secure_storage/backend/mock_store/mock_store.h> - -+struct openamp_caller openamp; -+ - struct rpc_interface *attest_proxy_create(void) - { - struct rpc_interface *attest_iface; -@@ -47,10 +52,15 @@ struct rpc_interface *crypto_proxy_create(void) - - struct rpc_interface *ps_proxy_create(void) - { -- static struct mock_store ps_backend; - static struct secure_storage_provider ps_provider; -- -- struct storage_backend *backend = mock_store_init(&ps_backend); -+ static struct secure_storage_ipc ps_backend; -+ static struct rpc_caller *storage_caller; -+ struct storage_backend *backend; -+ -+ storage_caller = openamp_caller_init(&openamp); -+ if (!storage_caller) -+ return NULL; -+ backend = secure_storage_ipc_init(&ps_backend, &openamp.rpc_caller); - - return secure_storage_provider_init(&ps_provider, backend); - } diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0014-Add-uefi-variable-append-write-support.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0014-Add-uefi-variable-append-write-support.patch deleted file mode 100644 index cf7357e84c..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0014-Add-uefi-variable-append-write-support.patch +++ /dev/null @@ -1,1162 +0,0 @@ -From 254f564c76320478e7b509faf279c0c493470657 Mon Sep 17 00:00:00 2001 -From: Julian Hall <julian.hall@arm.com> -Date: Thu, 2 Dec 2021 10:15:54 +0000 -Subject: [PATCH] Add uefi variable append write support - -Adds support for extending UEFI variable data handled by the -smm_variable service provider using the EFI_VARIABLE_APPEND_WRITE -attribute. - -Signed-off-by: Julian Hall <julian.hall@arm.com> -Change-Id: I7a6562327bc0a5ce5cd0e85276325227b83e9f9e - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - - ---- - .../backend/test/variable_index_tests.cpp | 90 +++--- - .../backend/test/variable_store_tests.cpp | 40 ++- - .../backend/uefi_variable_store.c | 263 +++++++++++------- - .../smm_variable/backend/variable_index.c | 95 +++---- - .../smm_variable/backend/variable_index.h | 58 ++-- - .../backend/variable_index_iterator.c | 4 +- - .../backend/variable_index_iterator.h | 2 +- - .../service/smm_variable_service_tests.cpp | 48 ++++ - protocols/service/smm_variable/parameters.h | 3 + - 9 files changed, 364 insertions(+), 239 deletions(-) - -diff --git a/components/service/smm_variable/backend/test/variable_index_tests.cpp b/components/service/smm_variable/backend/test/variable_index_tests.cpp -index c8bacf97..8edc0e70 100644 ---- a/components/service/smm_variable/backend/test/variable_index_tests.cpp -+++ b/components/service/smm_variable/backend/test/variable_index_tests.cpp -@@ -69,34 +69,37 @@ TEST_GROUP(UefiVariableIndexTests) - - void create_variables() - { -- const struct variable_info *info = NULL; -+ struct variable_info *info = NULL; - -- info = variable_index_add_variable( -+ info = variable_index_add_entry( - &m_variable_index, - &guid_1, - name_1.size() * sizeof(int16_t), -- name_1.data(), -- EFI_VARIABLE_BOOTSERVICE_ACCESS); -- -+ name_1.data()); - CHECK_TRUE(info); -+ variable_index_set_variable( -+ info, -+ EFI_VARIABLE_BOOTSERVICE_ACCESS); - -- info = variable_index_add_variable( -+ info = variable_index_add_entry( - &m_variable_index, - &guid_2, - name_2.size() * sizeof(int16_t), -- name_2.data(), -- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS); -- -+ name_2.data()); - CHECK_TRUE(info); -+ variable_index_set_variable( -+ info, -+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS); - -- info = variable_index_add_variable( -+ info = variable_index_add_entry( - &m_variable_index, - &guid_1, - name_3.size() * sizeof(int16_t), -- name_3.data(), -- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS); -- -+ name_3.data()); - CHECK_TRUE(info); -+ variable_index_set_variable( -+ info, -+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS); - } - - static const size_t MAX_VARIABLES = 10; -@@ -111,7 +114,7 @@ TEST_GROUP(UefiVariableIndexTests) - - TEST(UefiVariableIndexTests, emptyIndexOperations) - { -- const struct variable_info *info = NULL; -+ struct variable_info *info = NULL; - - /* Expect not to find a variable */ - info = variable_index_find( -@@ -130,36 +133,34 @@ TEST(UefiVariableIndexTests, emptyIndexOperations) - POINTERS_EQUAL(NULL, info); - - /* Remove should silently return */ -- variable_index_remove_variable( -+ variable_index_clear_variable( - &m_variable_index, - info); - } - - TEST(UefiVariableIndexTests, addWithOversizedName) - { -- const struct variable_info *info = NULL; -+ struct variable_info *info = NULL; - std::vector<int16_t> name; - - name = to_variable_name(L"a long variable name that exceeds the length limit"); - -- info = variable_index_add_variable( -+ info = variable_index_add_entry( - &m_variable_index, - &guid_1, - name.size() * sizeof(int16_t), -- name.data(), -- EFI_VARIABLE_BOOTSERVICE_ACCESS); -+ name.data()); - - /* Expect the add to fail because of an oversized name */ - POINTERS_EQUAL(NULL, info); - - name = to_variable_name(L"a long variable name that fits!"); - -- info = variable_index_add_variable( -+ info = variable_index_add_entry( - &m_variable_index, - &guid_1, - name.size() * sizeof(int16_t), -- name.data(), -- EFI_VARIABLE_BOOTSERVICE_ACCESS); -+ name.data()); - - /* Expect the add succeed */ - CHECK_TRUE(info); -@@ -167,18 +168,17 @@ TEST(UefiVariableIndexTests, addWithOversizedName) - - TEST(UefiVariableIndexTests, variableIndexFull) - { -- const struct variable_info *info = NULL; -+ struct variable_info *info = NULL; - EFI_GUID guid = guid_1; - - /* Expect to be able to fill the index */ - for (size_t i = 0; i < MAX_VARIABLES; ++i) { - -- info = variable_index_add_variable( -+ info = variable_index_add_entry( - &m_variable_index, - &guid, - name_1.size() * sizeof(int16_t), -- name_1.data(), -- EFI_VARIABLE_BOOTSERVICE_ACCESS); -+ name_1.data()); - - CHECK_TRUE(info); - -@@ -187,12 +187,11 @@ TEST(UefiVariableIndexTests, variableIndexFull) - } - - /* Variable index should now be full */ -- info = variable_index_add_variable( -+ info = variable_index_add_entry( - &m_variable_index, - &guid, - name_1.size() * sizeof(int16_t), -- name_1.data(), -- EFI_VARIABLE_BOOTSERVICE_ACCESS); -+ name_1.data()); - - POINTERS_EQUAL(NULL, info); - } -@@ -323,7 +322,7 @@ TEST(UefiVariableIndexTests, dumpBufferTooSmall) - TEST(UefiVariableIndexTests, removeVariable) - { - uint8_t buffer[MAX_VARIABLES * sizeof(struct variable_metadata)]; -- const struct variable_info *info = NULL; -+ struct variable_info *info = NULL; - - create_variables(); - -@@ -334,7 +333,7 @@ TEST(UefiVariableIndexTests, removeVariable) - name_2.size() * sizeof(int16_t), - name_2.data()); - -- variable_index_remove_variable( -+ variable_index_clear_variable( - &m_variable_index, - info); - -@@ -352,7 +351,7 @@ TEST(UefiVariableIndexTests, removeVariable) - name_1.size() * sizeof(int16_t), - name_1.data()); - -- variable_index_remove_variable( -+ variable_index_clear_variable( - &m_variable_index, - info); - -@@ -370,7 +369,7 @@ TEST(UefiVariableIndexTests, removeVariable) - name_3.size() * sizeof(int16_t), - name_3.data()); - -- variable_index_remove_variable( -+ variable_index_clear_variable( - &m_variable_index, - info); - -@@ -395,7 +394,7 @@ TEST(UefiVariableIndexTests, removeVariable) - - TEST(UefiVariableIndexTests, checkIterator) - { -- const struct variable_info *info = NULL; -+ struct variable_info *info = NULL; - - create_variables(); - -@@ -419,7 +418,7 @@ TEST(UefiVariableIndexTests, checkIterator) - UNSIGNED_LONGS_EQUAL(name_2.size() * sizeof(int16_t), info->metadata.name_size); - MEMCMP_EQUAL(name_2.data(), info->metadata.name, info->metadata.name_size); - -- const struct variable_info *info_to_remove = info; -+ struct variable_info *info_to_remove = info; - - variable_index_iterator_next(&iter); - CHECK_FALSE(variable_index_iterator_is_done(&iter)); -@@ -435,7 +434,8 @@ TEST(UefiVariableIndexTests, checkIterator) - CHECK_TRUE(variable_index_iterator_is_done(&iter)); - - /* Now remove the middle entry */ -- variable_index_remove_variable(&m_variable_index, info_to_remove); -+ variable_index_clear_variable(&m_variable_index, info_to_remove); -+ variable_index_remove_unused_entry(&m_variable_index, info_to_remove); - - /* Iterate again but this time there should only be two entries */ - variable_index_iterator_first(&iter, &m_variable_index); -@@ -478,7 +478,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsExistingVar) - constraints.max_size = 100; - - /* Set check constraints on one of the variables */ -- const struct variable_info *info = variable_index_find( -+ struct variable_info *info = variable_index_find( - &m_variable_index, - &guid_2, - name_2.size() * sizeof(int16_t), -@@ -488,7 +488,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsExistingVar) - CHECK_TRUE(info->is_variable_set); - CHECK_FALSE(info->is_constraints_set); - -- variable_index_update_constraints(info, &constraints); -+ variable_index_set_constraints(info, &constraints); - - CHECK_TRUE(info->is_constraints_set); - CHECK_TRUE(info->is_variable_set); -@@ -496,7 +496,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsExistingVar) - /* Remove the variable but still expect the variable to be indexed - * because of the set constraints. - */ -- variable_index_remove_variable( -+ variable_index_clear_variable( - &m_variable_index, - info); - -@@ -588,7 +588,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsNonExistingVar) - constraints.max_size = 100; - - /* Initially expect no variable_info */ -- const struct variable_info *info = variable_index_find( -+ struct variable_info *info = variable_index_find( - &m_variable_index, - &guid_2, - name_2.size() * sizeof(int16_t), -@@ -597,19 +597,19 @@ TEST(UefiVariableIndexTests, setCheckConstraintsNonExistingVar) - CHECK_FALSE(info); - - /* Adding the check constraints should result in an entry being added */ -- info = variable_index_add_constraints( -+ info = variable_index_add_entry( - &m_variable_index, - &guid_2, - name_2.size() * sizeof(int16_t), -- name_2.data(), -- &constraints); -- -+ name_2.data()); - CHECK_TRUE(info); -+ -+ variable_index_set_constraints(info, &constraints); - CHECK_FALSE(info->is_variable_set); - CHECK_TRUE(info->is_constraints_set); - - /* Updating the variable should cause the variable to be marked as set */ -- variable_index_update_variable(info, EFI_VARIABLE_RUNTIME_ACCESS); -+ variable_index_set_variable(info, EFI_VARIABLE_RUNTIME_ACCESS); - - CHECK_TRUE(info->is_variable_set); - CHECK_TRUE(info->is_constraints_set); -diff --git a/components/service/smm_variable/backend/test/variable_store_tests.cpp b/components/service/smm_variable/backend/test/variable_store_tests.cpp -index f6aba13a..578f118f 100644 ---- a/components/service/smm_variable/backend/test/variable_store_tests.cpp -+++ b/components/service/smm_variable/backend/test/variable_store_tests.cpp -@@ -250,6 +250,21 @@ TEST(UefiVariableStoreTests, setGetRoundtrip) - /* Expect got variable data to be the same as the set value */ - UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); - LONGS_EQUAL(0, input_data.compare(output_data)); -+ -+ /* Extend the variable using an append write */ -+ std::string input_data2 = " jumps over the lazy dog"; -+ -+ status = set_variable(var_name, input_data2, EFI_VARIABLE_APPEND_WRITE); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -+ -+ status = get_variable(var_name, output_data); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -+ -+ std::string expected_output = input_data + input_data2; -+ -+ /* Expect the append write operation to have extended the variable */ -+ UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size()); -+ LONGS_EQUAL(0, expected_output.compare(output_data)); - } - - TEST(UefiVariableStoreTests, persistentSetGet) -@@ -259,7 +274,8 @@ TEST(UefiVariableStoreTests, persistentSetGet) - std::string input_data = "quick brown fox"; - std::string output_data; - -- status = set_variable(var_name, input_data, EFI_VARIABLE_NON_VOLATILE); -+ status = set_variable(var_name, input_data, -+ EFI_VARIABLE_NON_VOLATILE); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - - status = get_variable(var_name, output_data); -@@ -269,6 +285,22 @@ TEST(UefiVariableStoreTests, persistentSetGet) - UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); - LONGS_EQUAL(0, input_data.compare(output_data)); - -+ /* Extend the variable using an append write */ -+ std::string input_data2 = " jumps over the lazy dog"; -+ -+ status = set_variable(var_name, input_data2, -+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_APPEND_WRITE); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -+ -+ status = get_variable(var_name, output_data); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -+ -+ std::string expected_output = input_data + input_data2; -+ -+ /* Expect the append write operation to have extended the variable */ -+ UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size()); -+ LONGS_EQUAL(0, expected_output.compare(output_data)); -+ - /* Expect the variable to survive a power cycle */ - power_cycle(); - -@@ -277,8 +309,8 @@ TEST(UefiVariableStoreTests, persistentSetGet) - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - - /* Still expect got variable data to be the same as the set value */ -- UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); -- LONGS_EQUAL(0, input_data.compare(output_data)); -+ UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size()); -+ LONGS_EQUAL(0, expected_output.compare(output_data)); - } - - TEST(UefiVariableStoreTests, removeVolatile) -@@ -317,7 +349,7 @@ TEST(UefiVariableStoreTests, removePersistent) - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - - /* Remove by setting with zero data length */ -- status = set_variable(var_name, std::string(), 0); -+ status = set_variable(var_name, std::string(), EFI_VARIABLE_NON_VOLATILE); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - - /* Expect variable to no loger exist */ -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index b7091d75..bcb85995 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -46,6 +46,13 @@ static efi_status_t load_variable_data( - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var, - size_t max_data_len); - -+static psa_status_t append_write( -+ struct storage_backend *storage_backend, -+ uint32_t client_id, -+ uint64_t uid, -+ size_t data_length, -+ const void *data); -+ - static void purge_orphan_index_entries( - struct uefi_variable_store *context); - -@@ -113,40 +120,45 @@ efi_status_t uefi_variable_store_set_variable( - struct uefi_variable_store *context, - const SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var) - { -+ bool should_sync_index = false; -+ -+ /* Validate incoming request */ - efi_status_t status = check_name_terminator(var->Name, var->NameSize); - if (status != EFI_SUCCESS) return status; - - status = check_capabilities(var); -- bool should_sync_index = false; -- - if (status != EFI_SUCCESS) return status; - -- /* Find in index */ -- const struct variable_info *info = variable_index_find( -+ /* Find an existing entry in the variable index or add a new one */ -+ struct variable_info *info = variable_index_find( - &context->variable_index, - &var->Guid, - var->NameSize, - var->Name); - -- if (info) { -+ if (!info) { - -- /* Variable info already exists */ -- status = check_access_permitted_on_set(context, info, var); -+ info = variable_index_add_entry( -+ &context->variable_index, -+ &var->Guid, -+ var->NameSize, -+ var->Name); - -- if (status == EFI_SUCCESS) { -+ if (!info) return EFI_OUT_OF_RESOURCES; -+ } - -- should_sync_index = -- (var->Attributes & EFI_VARIABLE_NON_VOLATILE) || -- (info->is_variable_set && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)); -+ /* Control access */ -+ status = check_access_permitted_on_set(context, info, var); - -- if (var->DataSize) { -+ if (status == EFI_SUCCESS) { - -- /* It's a set rather than a remove operation */ -- variable_index_update_variable( -- info, -- var->Attributes); -- } -- else { -+ /* Access permitted */ -+ if (info->is_variable_set) { -+ -+ /* It's a request to update to an existing variable */ -+ if (!(var->Attributes & -+ (EFI_VARIABLE_APPEND_WRITE | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK)) && -+ !var->DataSize) { - - /* It's a remove operation - for a remove, the variable - * data must be removed from the storage backend before -@@ -155,30 +167,29 @@ efi_status_t uefi_variable_store_set_variable( - * the storage backend without a corresponding index entry. - */ - remove_variable_data(context, info); -- variable_index_remove_variable(&context->variable_index, info); -+ variable_index_clear_variable(&context->variable_index, info); - -- /* Variable info no longer valid */ -- info = NULL; -+ should_sync_index = (var->Attributes & EFI_VARIABLE_NON_VOLATILE); -+ } -+ else { -+ -+ /* It's a set operation where variable data is potentially -+ * being overwritten or extended. -+ */ -+ if ((var->Attributes & ~EFI_VARIABLE_APPEND_WRITE) != info->metadata.attributes) { -+ -+ /* Modifying attributes is forbidden */ -+ return EFI_INVALID_PARAMETER; -+ } - } - } - else { - -- /* Access forbidden */ -- info = NULL; -- } -- } -- else if (var->DataSize) { -+ /* It's a request to create a new variable */ -+ variable_index_set_variable(info, var->Attributes); - -- /* It's a new variable */ -- info = variable_index_add_variable( -- &context->variable_index, -- &var->Guid, -- var->NameSize, -- var->Name, -- var->Attributes); -- -- if (!info) status = EFI_OUT_OF_RESOURCES; -- should_sync_index = info && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE); -+ should_sync_index = (var->Attributes & EFI_VARIABLE_NON_VOLATILE); -+ } - } - - /* The order of these operations is important. For an update -@@ -195,11 +206,13 @@ efi_status_t uefi_variable_store_set_variable( - } - - /* Store any variable data to the storage backend */ -- if (info && (status == EFI_SUCCESS)) { -+ if (info->is_variable_set && (status == EFI_SUCCESS)) { - - status = store_variable_data(context, info, var); - } - -+ variable_index_remove_unused_entry(&context->variable_index, info); -+ - return status; - } - -@@ -293,54 +306,42 @@ efi_status_t uefi_variable_store_set_var_check_property( - efi_status_t status = check_name_terminator(property->Name, property->NameSize); - if (status != EFI_SUCCESS) return status; - -- /* Find in index */ -- const struct variable_info *info = variable_index_find( -+ /* Find in index or create a new entry */ -+ struct variable_info *info = variable_index_find( - &context->variable_index, - &property->Guid, - property->NameSize, - property->Name); - -- if (info) { -+ if (!info) { - -- /* Applying check constraints to an existing variable that may have -- * constraints already set. These could constrain the setting of -- * the constraints. -- */ -- struct variable_constraints constraints = info->check_constraints; -- -- status = variable_checker_set_constraints( -- &constraints, -- info->is_constraints_set, -- &property->VariableProperty); -- -- if (status == EFI_SUCCESS) { -+ info = variable_index_add_entry( -+ &context->variable_index, -+ &property->Guid, -+ property->NameSize, -+ property->Name); - -- variable_index_update_constraints(info, &constraints); -- } -+ if (!info) return EFI_OUT_OF_RESOURCES; - } -- else { -- -- /* Applying check constraints for a new variable */ -- struct variable_constraints constraints; - -- status = variable_checker_set_constraints( -- &constraints, -- false, -- &property->VariableProperty); -+ /* Applying check constraints to an existing variable that may have -+ * constraints already set. These could constrain the setting of -+ * the constraints. -+ */ -+ struct variable_constraints constraints = info->check_constraints; - -- if (status == EFI_SUCCESS) { -+ status = variable_checker_set_constraints( -+ &constraints, -+ info->is_constraints_set, -+ &property->VariableProperty); - -- info = variable_index_add_constraints( -- &context->variable_index, -- &property->Guid, -- property->NameSize, -- property->Name, -- &constraints); -+ if (status == EFI_SUCCESS) { - -- if (!info) status = EFI_OUT_OF_RESOURCES; -- } -+ variable_index_set_constraints(info, &constraints); - } - -+ variable_index_remove_unused_entry(&context->variable_index, info); -+ - return status; - } - -@@ -440,7 +441,8 @@ static efi_status_t check_capabilities( - if (var->Attributes & ~( - EFI_VARIABLE_NON_VOLATILE | - EFI_VARIABLE_BOOTSERVICE_ACCESS | -- EFI_VARIABLE_RUNTIME_ACCESS)) { -+ EFI_VARIABLE_RUNTIME_ACCESS | -+ EFI_VARIABLE_APPEND_WRITE)) { - - /* An unsupported attribute has been requested */ - status = EFI_UNSUPPORTED; -@@ -486,17 +488,6 @@ static efi_status_t check_access_permitted_on_set( - var->DataSize); - } - -- if ((status == EFI_SUCCESS) && var->DataSize) { -- -- /* Restrict which attributes can be modified for an existing variable */ -- if ((var->Attributes & EFI_VARIABLE_NON_VOLATILE) != -- (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) { -- -- /* Don't permit change of storage class */ -- status = EFI_INVALID_PARAMETER; -- } -- } -- - return status; - } - -@@ -518,20 +509,34 @@ static efi_status_t store_variable_data( - - if (storage_backend) { - -- psa_status = storage_backend->interface->set( -- storage_backend->context, -- context->owner_id, -- info->metadata.uid, -- data_len, -- data, -- PSA_STORAGE_FLAG_NONE); -+ if (!(var->Attributes & EFI_VARIABLE_APPEND_WRITE)) { -+ -+ /* Create or overwrite variable data */ -+ psa_status = storage_backend->interface->set( -+ storage_backend->context, -+ context->owner_id, -+ info->metadata.uid, -+ data_len, -+ data, -+ PSA_STORAGE_FLAG_NONE); -+ } -+ else { -+ -+ /* Append new data to existing variable data */ -+ psa_status = append_write( -+ storage_backend, -+ context->owner_id, -+ info->metadata.uid, -+ data_len, -+ data); -+ } - } - - if ((psa_status != PSA_SUCCESS) && is_nv) { - - /* A storage failure has occurred so attempt to fix any -- * mismatch between the variable index and stored NV variables. -- */ -+ * mismatch between the variable index and stored NV variables. -+ */ - purge_orphan_index_entries(context); - } - -@@ -598,6 +603,76 @@ static efi_status_t load_variable_data( - return psa_to_efi_storage_status(psa_status); - } - -+static psa_status_t append_write( -+ struct storage_backend *storage_backend, -+ uint32_t client_id, -+ uint64_t uid, -+ size_t data_length, -+ const void *data) -+{ -+ struct psa_storage_info_t storage_info; -+ -+ if (data_length == 0) return PSA_SUCCESS; -+ -+ psa_status_t psa_status = storage_backend->interface->get_info( -+ storage_backend->context, -+ client_id, -+ uid, -+ &storage_info); -+ -+ if (psa_status != PSA_SUCCESS) return psa_status; -+ -+ /* Determine size of appended variable */ -+ size_t new_size = storage_info.size + data_length; -+ -+ /* Defend against integer overflow */ -+ if (new_size < storage_info.size) return PSA_ERROR_INVALID_ARGUMENT; -+ -+ /* Storage backend doesn't support an append operation so we need -+ * need to read the current variable data, extend it and write it back. -+ */ -+ uint8_t *rw_buf = malloc(new_size); -+ if (!rw_buf) return PSA_ERROR_INSUFFICIENT_MEMORY; -+ -+ size_t old_size = 0; -+ psa_status = storage_backend->interface->get( -+ storage_backend->context, -+ client_id, -+ uid, -+ 0, -+ new_size, -+ rw_buf, -+ &old_size); -+ -+ if (psa_status == PSA_SUCCESS) { -+ -+ if ((old_size + data_length) <= new_size) { -+ -+ /* Extend the variable data */ -+ memcpy(&rw_buf[old_size], data, data_length); -+ -+ psa_status = storage_backend->interface->set( -+ storage_backend->context, -+ client_id, -+ uid, -+ old_size + data_length, -+ rw_buf, -+ storage_info.flags); -+ } -+ else { -+ -+ /* There's a mismatch between the length obtained from -+ * get_info() and the subsequent length returned by get(). -+ */ -+ psa_status = PSA_ERROR_STORAGE_FAILURE; -+ } -+ } -+ -+ free(rw_buf); -+ -+ return psa_status; -+} -+ - static void purge_orphan_index_entries( - struct uefi_variable_store *context) - { -@@ -612,7 +687,7 @@ static void purge_orphan_index_entries( - */ - while (!variable_index_iterator_is_done(&iter)) { - -- const struct variable_info *info = variable_index_iterator_current(&iter); -+ struct variable_info *info = variable_index_iterator_current(&iter); - - if (info->is_variable_set && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) { - -@@ -628,7 +703,7 @@ static void purge_orphan_index_entries( - if (psa_status != PSA_SUCCESS) { - - /* Detected a mismatch between the index and storage */ -- variable_index_remove_variable(&context->variable_index, info); -+ variable_index_clear_variable(&context->variable_index, info); - any_orphans = true; - } - } -diff --git a/components/service/smm_variable/backend/variable_index.c b/components/service/smm_variable/backend/variable_index.c -index 99d7c97a..a8a55753 100644 ---- a/components/service/smm_variable/backend/variable_index.c -+++ b/components/service/smm_variable/backend/variable_index.c -@@ -132,13 +132,13 @@ size_t variable_index_max_dump_size( - return sizeof(struct variable_metadata) * context->max_variables; - } - --const struct variable_info *variable_index_find( -- const struct variable_index *context, -+struct variable_info *variable_index_find( -+ struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, - const int16_t *name) - { -- const struct variable_info *result = NULL; -+ struct variable_info *result = NULL; - int pos = find_variable(context, guid, name_size, name); - - if (pos >= 0) { -@@ -149,13 +149,13 @@ const struct variable_info *variable_index_find( - return result; - } - --const struct variable_info *variable_index_find_next( -+struct variable_info *variable_index_find_next( - const struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, - const int16_t *name) - { -- const struct variable_info *result = NULL; -+ struct variable_info *result = NULL; - - if (name_size >= sizeof(int16_t)) { - -@@ -263,12 +263,11 @@ static struct variable_entry *add_entry( - return entry; - } - --const struct variable_info *variable_index_add_variable( -+struct variable_info *variable_index_add_entry( - struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, -- const int16_t *name, -- uint32_t attributes) -+ const int16_t *name) - { - struct variable_info *info = NULL; - struct variable_entry *entry = add_entry(context, guid, name_size, name); -@@ -276,40 +275,41 @@ const struct variable_info *variable_index_add_variable( - if (entry) { - - info = &entry->info; -- -- info->metadata.attributes = attributes; -- info->is_variable_set = true; -- -- mark_dirty(entry); - } - - return info; - } - --const struct variable_info *variable_index_add_constraints( -+void variable_index_remove_unused_entry( - struct variable_index *context, -- const EFI_GUID *guid, -- size_t name_size, -- const int16_t *name, -- const struct variable_constraints *constraints) -+ struct variable_info *info) - { -- struct variable_info *info = NULL; -- struct variable_entry *entry = add_entry(context, guid, name_size, name); -- -- if (entry) { -+ if (info && -+ !info->is_constraints_set && -+ !info->is_variable_set) { - -- info = &entry->info; -+ struct variable_entry *entry = containing_entry(info); -+ entry->in_use = false; - -- info->check_constraints = *constraints; -- info->is_constraints_set = true; -+ memset(info, 0, sizeof(struct variable_info)); - } -+} - -- return info; -+void variable_index_set_variable( -+ struct variable_info *info, -+ uint32_t attributes) -+{ -+ struct variable_entry *entry = containing_entry(info); -+ -+ info->metadata.attributes = attributes; -+ info->is_variable_set = true; -+ -+ mark_dirty(entry); - } - --void variable_index_remove_variable( -+void variable_index_clear_variable( - struct variable_index *context, -- const struct variable_info *info) -+ struct variable_info *info) - { - if (info) { - -@@ -318,48 +318,17 @@ void variable_index_remove_variable( - - /* Mark variable as no longer set */ - entry->info.is_variable_set = false; -- -- /* Entry may still be needed if check constraints were set */ -- entry->in_use = info->is_constraints_set; -- -- if (!entry->in_use) { -- -- /* Entry not needed so wipe */ -- memset(&entry->info, 0, sizeof(struct variable_info)); -- } - } - } - --void variable_index_update_variable( -- const struct variable_info *info, -- uint32_t attributes) --{ -- if (info) { -- -- struct variable_info *modified_info = (struct variable_info*)info; -- struct variable_entry *entry = containing_entry(modified_info); -- -- if (!modified_info->is_variable_set || -- (attributes != modified_info->metadata.attributes)) { -- -- /* The update changes the variable_info state */ -- modified_info->is_variable_set = true; -- modified_info->metadata.attributes = attributes; -- mark_dirty(entry); -- } -- } --} -- --void variable_index_update_constraints( -- const struct variable_info *info, -+void variable_index_set_constraints( -+ struct variable_info *info, - const struct variable_constraints *constraints) - { - if (info) { - -- struct variable_info *modified_info = (struct variable_info*)info; -- -- modified_info->check_constraints = *constraints; -- modified_info->is_constraints_set = true; -+ info->check_constraints = *constraints; -+ info->is_constraints_set = true; - } - } - -diff --git a/components/service/smm_variable/backend/variable_index.h b/components/service/smm_variable/backend/variable_index.h -index e109d0d1..63f42ab6 100644 ---- a/components/service/smm_variable/backend/variable_index.h -+++ b/components/service/smm_variable/backend/variable_index.h -@@ -119,8 +119,8 @@ size_t variable_index_max_dump_size( - * - * @return Pointer to variable_info or NULL - */ --const struct variable_info *variable_index_find( -- const struct variable_index *context, -+struct variable_info *variable_index_find( -+ struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, - const int16_t *name); -@@ -135,78 +135,76 @@ const struct variable_info *variable_index_find( - * - * @return Pointer to variable_info or NULL - */ --const struct variable_info *variable_index_find_next( -+struct variable_info *variable_index_find_next( - const struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, - const int16_t *name); - - /** -- * @brief Add a new variable to the index -+ * @brief Add a new entry to the index -+ * -+ * An entry is needed either when a new variable is created or -+ * when variable constraints are set for a variable that doesn't -+ * yet exist. - * - * @param[in] context variable_index - * @param[in] guid The variable's guid - * @param[in] name_size The name parameter's size - * @param[in] name The variable's name -- * @param[in] attributes The variable's attributes - * - * @return Pointer to variable_info or NULL - */ --const struct variable_info *variable_index_add_variable( -+struct variable_info *variable_index_add_entry( - struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, -- const int16_t *name, -- uint32_t attributes); -+ const int16_t *name); - - /** -- * @brief Remove a variable from the index -+ * @brief Remove an unused entry from the index - * -- * Removes a variable from the index if it exists. -+ * Removes an entry if it is not in use. - * - * @param[in] context variable_index - * @param[in] info The variable info corresponding to the entry to remove - */ --void variable_index_remove_variable( -+void variable_index_remove_unused_entry( - struct variable_index *context, -- const struct variable_info *info); -+ struct variable_info *info); - - /** -- * @brief Update a variable that's already in the index -+ * @brief Set a variable to the index -+ * -+ * An entry for the variable must already exist. - * - * @param[in] info variable info - * @param[in] attributes The variable's attributes - */ --void variable_index_update_variable( -- const struct variable_info *info, -+void variable_index_set_variable( -+ struct variable_info *info, - uint32_t attributes); - - /** -- * @brief Add a new check constraints object to the index -+ * @brief Clear a variable from the index - * -- * @param[in] context variable_index -- * @param[in] guid The variable's guid -- * @param[in] name_size The name parameter's size -- * @param[in] name The variable's name -- * @param[in] constraints The check constraints -+ * Clears a variable from the index - * -- * @return Pointer to variable_info or NULL -+ * @param[in] context variable_index -+ * @param[in] info The variable info corresponding to the variable to clear - */ --const struct variable_info *variable_index_add_constraints( -+void variable_index_clear_variable( - struct variable_index *context, -- const EFI_GUID *guid, -- size_t name_size, -- const int16_t *name, -- const struct variable_constraints *constraints); -+ struct variable_info *info); - - /** -- * @brief Update variable constraints that are already in the index -+ * @brief Set a check constraints object associated with a variavle - * - * @param[in] info variable info - * @param[in] constraints The check constraints - */ --void variable_index_update_constraints( -- const struct variable_info *info, -+void variable_index_set_constraints( -+ struct variable_info *info, - const struct variable_constraints *constraints); - - /** -diff --git a/components/service/smm_variable/backend/variable_index_iterator.c b/components/service/smm_variable/backend/variable_index_iterator.c -index 7cc6dc7a..8f8fc741 100644 ---- a/components/service/smm_variable/backend/variable_index_iterator.c -+++ b/components/service/smm_variable/backend/variable_index_iterator.c -@@ -31,10 +31,10 @@ bool variable_index_iterator_is_done( - return iter->current_pos >= iter->variable_index->max_variables; - } - --const struct variable_info *variable_index_iterator_current( -+struct variable_info *variable_index_iterator_current( - const struct variable_index_iterator *iter) - { -- const struct variable_info *current = NULL; -+ struct variable_info *current = NULL; - - if (!variable_index_iterator_is_done(iter)) { - -diff --git a/components/service/smm_variable/backend/variable_index_iterator.h b/components/service/smm_variable/backend/variable_index_iterator.h -index f64a2c49..7ff77c50 100644 ---- a/components/service/smm_variable/backend/variable_index_iterator.h -+++ b/components/service/smm_variable/backend/variable_index_iterator.h -@@ -54,7 +54,7 @@ bool variable_index_iterator_is_done( - * - * @return Pointer to variable_info or NULL - */ --const struct variable_info *variable_index_iterator_current( -+struct variable_info *variable_index_iterator_current( - const struct variable_index_iterator *iter); - - /** -diff --git a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -index d76d9cce..088940a8 100644 ---- a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -+++ b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -@@ -249,6 +249,30 @@ TEST(SmmVariableServiceTests, setAndGet) - UNSIGNED_LONGS_EQUAL(set_data.size(), get_data.size()); - LONGS_EQUAL(0, get_data.compare(set_data)); - -+ /* Extend the variable using an append write */ -+ std::string append_data = " values added with append write"; -+ -+ efi_status = m_client->set_variable( -+ m_common_guid, -+ var_name, -+ append_data, -+ EFI_VARIABLE_APPEND_WRITE); -+ -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+ -+ efi_status = m_client->get_variable( -+ m_common_guid, -+ var_name, -+ get_data); -+ -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+ -+ std::string appended_data = set_data + append_data; -+ -+ /* Expect the append write operation to have extended the variable */ -+ UNSIGNED_LONGLONGS_EQUAL(appended_data.size(), get_data.size()); -+ LONGS_EQUAL(0, appended_data.compare(get_data)); -+ - /* Expect remove to be permitted */ - efi_status = m_client->remove_variable(m_common_guid, var_name); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -@@ -279,6 +303,30 @@ TEST(SmmVariableServiceTests, setAndGetNv) - UNSIGNED_LONGS_EQUAL(set_data.size(), get_data.size()); - LONGS_EQUAL(0, get_data.compare(set_data)); - -+ /* Extend the variable using an append write */ -+ std::string append_data = " values added with append write"; -+ -+ efi_status = m_client->set_variable( -+ m_common_guid, -+ var_name, -+ append_data, -+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_APPEND_WRITE); -+ -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+ -+ efi_status = m_client->get_variable( -+ m_common_guid, -+ var_name, -+ get_data); -+ -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+ -+ std::string appended_data = set_data + append_data; -+ -+ /* Expect the append write operation to have extended the variable */ -+ UNSIGNED_LONGLONGS_EQUAL(appended_data.size(), get_data.size()); -+ LONGS_EQUAL(0, appended_data.compare(get_data)); -+ - /* Expect remove to be permitted */ - efi_status = m_client->remove_variable(m_common_guid, var_name); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -diff --git a/protocols/service/smm_variable/parameters.h b/protocols/service/smm_variable/parameters.h -index 1f795a9b..233f301b 100644 ---- a/protocols/service/smm_variable/parameters.h -+++ b/protocols/service/smm_variable/parameters.h -@@ -47,6 +47,9 @@ typedef struct { - EFI_VARIABLE_HARDWARE_ERROR_RECORD | \ - EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \ - EFI_VARIABLE_APPEND_WRITE) -+#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK \ -+ (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \ -+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) - - /** - * Parameter structure for SetVariable and GetVariable. diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0015-Add-UEFI-variable-support-for-QueryVariableInfo.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0015-Add-UEFI-variable-support-for-QueryVariableInfo.patch deleted file mode 100644 index 978600dd94..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0015-Add-UEFI-variable-support-for-QueryVariableInfo.patch +++ /dev/null @@ -1,830 +0,0 @@ -From c4eaf83548eed4ed6194ff9e1368d6ae65f4ebf9 Mon Sep 17 00:00:00 2001 -From: Julian Hall <julian.hall@arm.com> -Date: Thu, 2 Dec 2021 17:27:55 +0000 -Subject: [PATCH] Add UEFI variable support for QueryVariableInfo - -Adds support for the UEFI QueryVariableInfo operation. The total -store size currently relies on pre-configured values, set for a -particular deployment. Ideally, this information would be read -from the storage backend. This facility is not however yet -supported by the storage backend interface or by any PSA -storage backend storage providers. - -Signed-off-by: Julian Hall <julian.hall@arm.com> -Change-Id: I971252831f7e478914d736c672d184a371e64502 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - - ---- - .../backend/test/variable_store_tests.cpp | 89 +++++++- - .../backend/uefi_variable_store.c | 213 ++++++++++++++---- - .../backend/uefi_variable_store.h | 39 +++- - .../client/cpp/smm_variable_client.cpp | 66 ++++++ - .../client/cpp/smm_variable_client.h | 7 + - .../provider/smm_variable_provider.c | 31 ++- - .../service/smm_variable_service_tests.cpp | 55 ++++- - 7 files changed, 445 insertions(+), 55 deletions(-) - -diff --git a/components/service/smm_variable/backend/test/variable_store_tests.cpp b/components/service/smm_variable/backend/test/variable_store_tests.cpp -index 578f118f..e90c1067 100644 ---- a/components/service/smm_variable/backend/test/variable_store_tests.cpp -+++ b/components/service/smm_variable/backend/test/variable_store_tests.cpp -@@ -27,6 +27,18 @@ TEST_GROUP(UefiVariableStoreTests) - - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - -+ uefi_variable_store_set_storage_limits( -+ &m_uefi_variable_store, -+ EFI_VARIABLE_NON_VOLATILE, -+ STORE_CAPACITY, -+ MAX_VARIABLE_SIZE); -+ -+ uefi_variable_store_set_storage_limits( -+ &m_uefi_variable_store, -+ 0, -+ STORE_CAPACITY, -+ MAX_VARIABLE_SIZE); -+ - setup_common_guid(); - } - -@@ -152,6 +164,33 @@ TEST_GROUP(UefiVariableStoreTests) - return status; - } - -+ efi_status_t query_variable_info( -+ uint32_t attributes, -+ size_t *max_variable_storage_size, -+ size_t *remaining_variable_storage_size, -+ size_t *max_variable_size) -+ { -+ SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO query; -+ -+ query.MaximumVariableStorageSize = 0; -+ query.RemainingVariableStorageSize = 0; -+ query.MaximumVariableSize = 0; -+ query.Attributes = attributes; -+ -+ efi_status_t status = uefi_variable_store_query_variable_info( -+ &m_uefi_variable_store, -+ &query); -+ -+ if (status == EFI_SUCCESS) { -+ -+ *max_variable_storage_size = query.MaximumVariableStorageSize; -+ *remaining_variable_storage_size = query.RemainingVariableStorageSize; -+ *max_variable_size = query.MaximumVariableSize; -+ } -+ -+ return status; -+ } -+ - efi_status_t set_check_var_property( - const std::wstring &name, - const VAR_CHECK_VARIABLE_PROPERTY &check_property) -@@ -195,7 +234,8 @@ TEST_GROUP(UefiVariableStoreTests) - - if (info && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) { - -- struct storage_backend *storage_backend = m_uefi_variable_store.persistent_store; -+ struct storage_backend *storage_backend = -+ m_uefi_variable_store.persistent_store.storage_backend; - - storage_backend->interface->remove( - storage_backend->context, -@@ -220,9 +260,24 @@ TEST_GROUP(UefiVariableStoreTests) - m_volatile_backend); - - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -+ -+ uefi_variable_store_set_storage_limits( -+ &m_uefi_variable_store, -+ EFI_VARIABLE_NON_VOLATILE, -+ STORE_CAPACITY, -+ MAX_VARIABLE_SIZE); -+ -+ uefi_variable_store_set_storage_limits( -+ &m_uefi_variable_store, -+ 0, -+ STORE_CAPACITY, -+ MAX_VARIABLE_SIZE); - } - - static const size_t MAX_VARIABLES = 10; -+ static const size_t MAX_VARIABLE_SIZE = 100; -+ static const size_t STORE_CAPACITY = 1000; -+ - static const uint32_t OWNER_ID = 100; - static const size_t VARIABLE_BUFFER_SIZE = 1024; - -@@ -265,6 +320,22 @@ TEST(UefiVariableStoreTests, setGetRoundtrip) - /* Expect the append write operation to have extended the variable */ - UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size()); - LONGS_EQUAL(0, expected_output.compare(output_data)); -+ -+ /* Expect query_variable_info to return consistent values */ -+ size_t max_variable_storage_size = 0; -+ size_t remaining_variable_storage_size = 0; -+ size_t max_variable_size = 0; -+ -+ status = query_variable_info( -+ 0, -+ &max_variable_storage_size, -+ &remaining_variable_storage_size, -+ &max_variable_size); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -+ -+ UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY, max_variable_storage_size); -+ UNSIGNED_LONGLONGS_EQUAL(MAX_VARIABLE_SIZE, max_variable_size); -+ UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY - expected_output.size(), remaining_variable_storage_size); - } - - TEST(UefiVariableStoreTests, persistentSetGet) -@@ -311,6 +382,22 @@ TEST(UefiVariableStoreTests, persistentSetGet) - /* Still expect got variable data to be the same as the set value */ - UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size()); - LONGS_EQUAL(0, expected_output.compare(output_data)); -+ -+ /* Expect query_variable_info to return consistent values */ -+ size_t max_variable_storage_size = 0; -+ size_t remaining_variable_storage_size = 0; -+ size_t max_variable_size = 0; -+ -+ status = query_variable_info( -+ EFI_VARIABLE_NON_VOLATILE, -+ &max_variable_storage_size, -+ &remaining_variable_storage_size, -+ &max_variable_size); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -+ -+ UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY, max_variable_storage_size); -+ UNSIGNED_LONGLONGS_EQUAL(MAX_VARIABLE_SIZE, max_variable_size); -+ UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY - expected_output.size(), remaining_variable_storage_size); - } - - TEST(UefiVariableStoreTests, removeVolatile) -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index bcb85995..ed50eaf9 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -46,8 +46,15 @@ static efi_status_t load_variable_data( - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var, - size_t max_data_len); - --static psa_status_t append_write( -- struct storage_backend *storage_backend, -+static psa_status_t store_overwrite( -+ struct delegate_variable_store *delegate_store, -+ uint32_t client_id, -+ uint64_t uid, -+ size_t data_length, -+ const void *data); -+ -+static psa_status_t store_append_write( -+ struct delegate_variable_store *delegate_store, - uint32_t client_id, - uint64_t uid, - size_t data_length, -@@ -56,6 +63,15 @@ static psa_status_t append_write( - static void purge_orphan_index_entries( - struct uefi_variable_store *context); - -+static struct delegate_variable_store *select_delegate_store( -+ struct uefi_variable_store *context, -+ uint32_t attributes); -+ -+static size_t space_used( -+ struct uefi_variable_store *context, -+ uint32_t attributes, -+ struct storage_backend *storage_backend); -+ - static efi_status_t psa_to_efi_storage_status( - psa_status_t psa_status); - -@@ -66,6 +82,10 @@ static efi_status_t check_name_terminator( - /* Private UID for storing the variable index */ - #define VARIABLE_INDEX_STORAGE_UID (1) - -+/* Default maximum variable size - -+ * may be overridden using uefi_variable_store_set_storage_limits() -+ */ -+#define DEFAULT_MAX_VARIABLE_SIZE (2048) - - efi_status_t uefi_variable_store_init( - struct uefi_variable_store *context, -@@ -76,8 +96,17 @@ efi_status_t uefi_variable_store_init( - { - efi_status_t status = EFI_SUCCESS; - -- context->persistent_store = persistent_store; -- context->volatile_store = volatile_store; -+ /* Initialise persistent store defaults */ -+ context->persistent_store.is_nv = true; -+ context->persistent_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE; -+ context->persistent_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables; -+ context->persistent_store.storage_backend = persistent_store; -+ -+ /* Initialise volatile store defaults */ -+ context->volatile_store.is_nv = false; -+ context->volatile_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE; -+ context->volatile_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables; -+ context->volatile_store.storage_backend = volatile_store; - - context->owner_id = owner_id; - context->is_boot_service = true; -@@ -116,6 +145,20 @@ void uefi_variable_store_deinit( - context->index_sync_buffer = NULL; - } - -+void uefi_variable_store_set_storage_limits( -+ struct uefi_variable_store *context, -+ uint32_t attributes, -+ size_t total_capacity, -+ size_t max_variable_size) -+{ -+ struct delegate_variable_store *delegate_store = select_delegate_store( -+ context, -+ attributes); -+ -+ delegate_store->total_capacity = total_capacity; -+ delegate_store->max_variable_size = max_variable_size; -+} -+ - efi_status_t uefi_variable_store_set_variable( - struct uefi_variable_store *context, - const SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var) -@@ -284,12 +327,24 @@ efi_status_t uefi_variable_store_get_next_variable_name( - - efi_status_t uefi_variable_store_query_variable_info( - struct uefi_variable_store *context, -- SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *cur) -+ SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *var_info) - { -- efi_status_t status = EFI_UNSUPPORTED; -+ struct delegate_variable_store *delegate_store = select_delegate_store( -+ context, -+ var_info->Attributes); - -+ size_t total_used = space_used( -+ context, -+ var_info->Attributes, -+ delegate_store->storage_backend); - -- return status; -+ var_info->MaximumVariableSize = delegate_store->max_variable_size; -+ var_info->MaximumVariableStorageSize = delegate_store->total_capacity; -+ var_info->RemainingVariableStorageSize = (total_used < delegate_store->total_capacity) ? -+ delegate_store->total_capacity - total_used : -+ 0; -+ -+ return EFI_SUCCESS; - } - - efi_status_t uefi_variable_store_exit_boot_service( -@@ -375,7 +430,7 @@ efi_status_t uefi_variable_store_get_var_check_property( - static void load_variable_index( - struct uefi_variable_store *context) - { -- struct storage_backend *persistent_store = context->persistent_store; -+ struct storage_backend *persistent_store = context->persistent_store.storage_backend; - - if (persistent_store) { - -@@ -413,7 +468,7 @@ static efi_status_t sync_variable_index( - - if (is_dirty) { - -- struct storage_backend *persistent_store = context->persistent_store; -+ struct storage_backend *persistent_store = context->persistent_store.storage_backend; - - if (persistent_store) { - -@@ -501,30 +556,27 @@ static efi_status_t store_variable_data( - const uint8_t *data = (const uint8_t*)var + - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(var); - -- bool is_nv = (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE); -- -- struct storage_backend *storage_backend = (is_nv) ? -- context->persistent_store : -- context->volatile_store; -+ struct delegate_variable_store *delegate_store = select_delegate_store( -+ context, -+ info->metadata.attributes); - -- if (storage_backend) { -+ if (delegate_store->storage_backend) { - - if (!(var->Attributes & EFI_VARIABLE_APPEND_WRITE)) { - - /* Create or overwrite variable data */ -- psa_status = storage_backend->interface->set( -- storage_backend->context, -+ psa_status = store_overwrite( -+ delegate_store, - context->owner_id, - info->metadata.uid, - data_len, -- data, -- PSA_STORAGE_FLAG_NONE); -+ data); - } - else { - - /* Append new data to existing variable data */ -- psa_status = append_write( -- storage_backend, -+ psa_status = store_append_write( -+ delegate_store, - context->owner_id, - info->metadata.uid, - data_len, -@@ -532,7 +584,7 @@ static efi_status_t store_variable_data( - } - } - -- if ((psa_status != PSA_SUCCESS) && is_nv) { -+ if ((psa_status != PSA_SUCCESS) && delegate_store->is_nv) { - - /* A storage failure has occurred so attempt to fix any - * mismatch between the variable index and stored NV variables. -@@ -551,16 +603,14 @@ static efi_status_t remove_variable_data( - - if (info->is_variable_set) { - -- bool is_nv = (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE); -+ struct delegate_variable_store *delegate_store = select_delegate_store( -+ context, -+ info->metadata.attributes); - -- struct storage_backend *storage_backend = (is_nv) ? -- context->persistent_store : -- context->volatile_store; -+ if (delegate_store->storage_backend) { - -- if (storage_backend) { -- -- psa_status = storage_backend->interface->remove( -- storage_backend->context, -+ psa_status = delegate_store->storage_backend->interface->remove( -+ delegate_store->storage_backend->context, - context->owner_id, - info->metadata.uid); - } -@@ -580,16 +630,14 @@ static efi_status_t load_variable_data( - uint8_t *data = (uint8_t*)var + - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(var); - -- bool is_nv = (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE); -+ struct delegate_variable_store *delegate_store = select_delegate_store( -+ context, -+ info->metadata.attributes); - -- struct storage_backend *storage_backend = (is_nv) ? -- context->persistent_store : -- context->volatile_store; -+ if (delegate_store->storage_backend) { - -- if (storage_backend) { -- -- psa_status = storage_backend->interface->get( -- storage_backend->context, -+ psa_status = delegate_store->storage_backend->interface->get( -+ delegate_store->storage_backend->context, - context->owner_id, - info->metadata.uid, - 0, -@@ -603,8 +651,29 @@ static efi_status_t load_variable_data( - return psa_to_efi_storage_status(psa_status); - } - --static psa_status_t append_write( -- struct storage_backend *storage_backend, -+static psa_status_t store_overwrite( -+ struct delegate_variable_store *delegate_store, -+ uint32_t client_id, -+ uint64_t uid, -+ size_t data_length, -+ const void *data) -+{ -+ /* Police maximum variable size limit */ -+ if (data_length > delegate_store->max_variable_size) return PSA_ERROR_INVALID_ARGUMENT; -+ -+ psa_status_t psa_status = delegate_store->storage_backend->interface->set( -+ delegate_store->storage_backend->context, -+ client_id, -+ uid, -+ data_length, -+ data, -+ PSA_STORAGE_FLAG_NONE); -+ -+ return psa_status; -+} -+ -+static psa_status_t store_append_write( -+ struct delegate_variable_store *delegate_store, - uint32_t client_id, - uint64_t uid, - size_t data_length, -@@ -614,8 +683,8 @@ static psa_status_t append_write( - - if (data_length == 0) return PSA_SUCCESS; - -- psa_status_t psa_status = storage_backend->interface->get_info( -- storage_backend->context, -+ psa_status_t psa_status = delegate_store->storage_backend->interface->get_info( -+ delegate_store->storage_backend->context, - client_id, - uid, - &storage_info); -@@ -628,6 +697,9 @@ static psa_status_t append_write( - /* Defend against integer overflow */ - if (new_size < storage_info.size) return PSA_ERROR_INVALID_ARGUMENT; - -+ /* Police maximum variable size limit */ -+ if (new_size > delegate_store->max_variable_size) return PSA_ERROR_INVALID_ARGUMENT; -+ - /* Storage backend doesn't support an append operation so we need - * need to read the current variable data, extend it and write it back. - */ -@@ -635,8 +707,8 @@ static psa_status_t append_write( - if (!rw_buf) return PSA_ERROR_INSUFFICIENT_MEMORY; - - size_t old_size = 0; -- psa_status = storage_backend->interface->get( -- storage_backend->context, -+ psa_status = delegate_store->storage_backend->interface->get( -+ delegate_store->storage_backend->context, - client_id, - uid, - 0, -@@ -651,8 +723,8 @@ static psa_status_t append_write( - /* Extend the variable data */ - memcpy(&rw_buf[old_size], data, data_length); - -- psa_status = storage_backend->interface->set( -- storage_backend->context, -+ psa_status = delegate_store->storage_backend->interface->set( -+ delegate_store->storage_backend->context, - client_id, - uid, - old_size + data_length, -@@ -692,7 +764,7 @@ static void purge_orphan_index_entries( - if (info->is_variable_set && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) { - - struct psa_storage_info_t storage_info; -- struct storage_backend *storage_backend = context->persistent_store; -+ struct storage_backend *storage_backend = context->persistent_store.storage_backend; - - psa_status_t psa_status = storage_backend->interface->get_info( - storage_backend->context, -@@ -714,6 +786,53 @@ static void purge_orphan_index_entries( - if (any_orphans) sync_variable_index(context); - } - -+static struct delegate_variable_store *select_delegate_store( -+ struct uefi_variable_store *context, -+ uint32_t attributes) -+{ -+ bool is_nv = (attributes & EFI_VARIABLE_NON_VOLATILE); -+ -+ return (is_nv) ? -+ &context->persistent_store : -+ &context->volatile_store; -+} -+ -+static size_t space_used( -+ struct uefi_variable_store *context, -+ uint32_t attributes, -+ struct storage_backend *storage_backend) -+{ -+ if (!storage_backend) return 0; -+ -+ size_t total_used = 0; -+ struct variable_index_iterator iter; -+ variable_index_iterator_first(&iter, &context->variable_index); -+ -+ while (!variable_index_iterator_is_done(&iter)) { -+ -+ struct variable_info *info = variable_index_iterator_current(&iter); -+ -+ if (info->is_variable_set && -+ ((info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE) == -+ (attributes & EFI_VARIABLE_NON_VOLATILE))) { -+ -+ struct psa_storage_info_t storage_info; -+ -+ psa_status_t psa_status = storage_backend->interface->get_info( -+ storage_backend->context, -+ context->owner_id, -+ info->metadata.uid, -+ &storage_info); -+ -+ if (psa_status == PSA_SUCCESS) total_used += storage_info.size; -+ } -+ -+ variable_index_iterator_next(&iter); -+ } -+ -+ return total_used; -+} -+ - static efi_status_t psa_to_efi_storage_status( - psa_status_t psa_status) - { -diff --git a/components/service/smm_variable/backend/uefi_variable_store.h b/components/service/smm_variable/backend/uefi_variable_store.h -index fe0f24af..cc992067 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.h -+++ b/components/service/smm_variable/backend/uefi_variable_store.h -@@ -20,6 +20,20 @@ - extern "C" { - #endif - -+/** -+ * \brief delegate_variable_store structure definition -+ * -+ * A delegate_variable_store combines an association with a concrete -+ * storage backend and a set of limits parameters. -+ */ -+struct delegate_variable_store -+{ -+ bool is_nv; -+ size_t total_capacity; -+ size_t max_variable_size; -+ struct storage_backend *storage_backend; -+}; -+ - /** - * \brief uefi_variable_store structure definition - * -@@ -35,8 +49,8 @@ struct uefi_variable_store - uint8_t *index_sync_buffer; - size_t index_sync_buffer_size; - struct variable_index variable_index; -- struct storage_backend *persistent_store; -- struct storage_backend *volatile_store; -+ struct delegate_variable_store persistent_store; -+ struct delegate_variable_store volatile_store; - }; - - /** -@@ -69,6 +83,23 @@ efi_status_t uefi_variable_store_init( - void uefi_variable_store_deinit( - struct uefi_variable_store *context); - -+/** -+ * @brief Set storage limits -+ * -+ * Overrides the default limits for the specified storage space. These -+ * values are reflected in the values returned by QueryVariableInfo. -+ * -+ * @param[in] context uefi_variable_store instance -+ * @param[in] attributes EFI_VARIABLE_NON_VOLATILE or 0 -+ * @param[in] total_capacity The total storage capacity in bytes -+ * @param[in] max_variable_size Variable size limit -+ */ -+void uefi_variable_store_set_storage_limits( -+ struct uefi_variable_store *context, -+ uint32_t attributes, -+ size_t total_capacity, -+ size_t max_variable_size); -+ - /** - * @brief Set variable - * -@@ -123,13 +154,13 @@ efi_status_t uefi_variable_store_get_next_variable_name( - * @brief Query for variable info - * - * @param[in] context uefi_variable_store instance -- * @param[out] info Returns info -+ * @param[inout] var_info Returns info - * - * @return EFI_SUCCESS if succesful - */ - efi_status_t uefi_variable_store_query_variable_info( - struct uefi_variable_store *context, -- SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *cur); -+ SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *var_info); - - /** - * @brief Exit boot service -diff --git a/components/service/smm_variable/client/cpp/smm_variable_client.cpp b/components/service/smm_variable/client/cpp/smm_variable_client.cpp -index a68b7ace..8438285b 100644 ---- a/components/service/smm_variable/client/cpp/smm_variable_client.cpp -+++ b/components/service/smm_variable/client/cpp/smm_variable_client.cpp -@@ -219,6 +219,72 @@ efi_status_t smm_variable_client::get_next_variable_name( - 0); - } - -+efi_status_t smm_variable_client::query_variable_info( -+ uint32_t attributes, -+ size_t *max_variable_storage_size, -+ size_t *remaining_variable_storage_size, -+ size_t *max_variable_size) -+{ -+ efi_status_t efi_status = EFI_NOT_READY; -+ -+ size_t req_len = sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO); -+ rpc_call_handle call_handle; -+ uint8_t *req_buf; -+ -+ call_handle = rpc_caller_begin(m_caller, &req_buf, req_len); -+ -+ if (call_handle) { -+ -+ uint8_t *resp_buf; -+ size_t resp_len; -+ rpc_opstatus_t opstatus; -+ -+ SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *query = -+ (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO*)req_buf; -+ -+ query->Attributes = attributes; -+ query->MaximumVariableSize = 0; -+ query->MaximumVariableStorageSize = 0; -+ query->RemainingVariableStorageSize = 0; -+ -+ m_err_rpc_status = rpc_caller_invoke(m_caller, call_handle, -+ SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO, &opstatus, &resp_buf, &resp_len); -+ -+ if (m_err_rpc_status == TS_RPC_CALL_ACCEPTED) { -+ -+ efi_status = opstatus; -+ -+ if (efi_status == EFI_SUCCESS) { -+ -+ if (resp_len >= sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO)) { -+ -+ query = (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO*)resp_buf; -+ -+ *max_variable_storage_size = query->MaximumVariableStorageSize; -+ *remaining_variable_storage_size = query->RemainingVariableStorageSize; -+ *max_variable_size = query->MaximumVariableSize; -+ } -+ else { -+ -+ efi_status = EFI_PROTOCOL_ERROR; -+ } -+ } -+ else { -+ -+ efi_status = EFI_PROTOCOL_ERROR; -+ } -+ } -+ else { -+ -+ efi_status = rpc_to_efi_status(); -+ } -+ -+ rpc_caller_end(m_caller, call_handle); -+ } -+ -+ return efi_status; -+} -+ - efi_status_t smm_variable_client::get_next_variable_name( - EFI_GUID &guid, - std::wstring &name, -diff --git a/components/service/smm_variable/client/cpp/smm_variable_client.h b/components/service/smm_variable/client/cpp/smm_variable_client.h -index 9c36c4eb..c7973916 100644 ---- a/components/service/smm_variable/client/cpp/smm_variable_client.h -+++ b/components/service/smm_variable/client/cpp/smm_variable_client.h -@@ -63,6 +63,13 @@ public: - const EFI_GUID &guid, - const std::wstring &name); - -+ /* Query variable info */ -+ efi_status_t query_variable_info( -+ uint32_t attributes, -+ size_t *max_variable_storage_size, -+ size_t *remaining_variable_storage_size, -+ size_t *max_variable_size); -+ - /* Get the next variable name - for enumerating store contents */ - efi_status_t get_next_variable_name( - EFI_GUID &guid, -diff --git a/components/service/smm_variable/provider/smm_variable_provider.c b/components/service/smm_variable/provider/smm_variable_provider.c -index d239a428..52e68d09 100644 ---- a/components/service/smm_variable/provider/smm_variable_provider.c -+++ b/components/service/smm_variable/provider/smm_variable_provider.c -@@ -252,11 +252,38 @@ static rpc_status_t set_variable_handler(void *context, struct call_req* req) - - static rpc_status_t query_variable_info_handler(void *context, struct call_req* req) - { -+ efi_status_t efi_status = EFI_INVALID_PARAMETER; - struct smm_variable_provider *this_instance = (struct smm_variable_provider*)context; - -- /* todo */ -+ const struct call_param_buf *req_buf = call_req_get_req_buf(req); -+ -+ if (req_buf->data_len >= sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO)) { -+ -+ struct call_param_buf *resp_buf = call_req_get_resp_buf(req); -+ -+ if (resp_buf->size >= req_buf->data_len) { - -- return TS_RPC_ERROR_NOT_READY; -+ memmove(resp_buf->data, req_buf->data, req_buf->data_len); -+ -+ efi_status = uefi_variable_store_query_variable_info( -+ &this_instance->variable_store, -+ (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO*)resp_buf->data); -+ -+ if (efi_status == EFI_SUCCESS) { -+ -+ resp_buf->data_len = sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO); -+ } -+ } -+ else { -+ -+ /* Reponse buffer not big enough */ -+ efi_status = EFI_BAD_BUFFER_SIZE; -+ } -+ } -+ -+ call_req_set_opstatus(req, efi_status); -+ -+ return TS_RPC_CALL_ACCEPTED; - } - - static rpc_status_t exit_boot_service_handler(void *context, struct call_req* req) -diff --git a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -index 088940a8..15556e9d 100644 ---- a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -+++ b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -@@ -335,12 +335,38 @@ TEST(SmmVariableServiceTests, setAndGetNv) - TEST(SmmVariableServiceTests, enumerateStoreContents) - { - efi_status_t efi_status = EFI_SUCCESS; -+ -+ /* Query information about the empty variable store */ -+ size_t nv_max_variable_storage_size = 0; -+ size_t nv_max_variable_size = 0; -+ size_t nv_remaining_variable_storage_size = 0; -+ -+ efi_status = m_client->query_variable_info( -+ EFI_VARIABLE_NON_VOLATILE, -+ &nv_max_variable_storage_size, -+ &nv_remaining_variable_storage_size, -+ &nv_max_variable_size); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+ UNSIGNED_LONGLONGS_EQUAL(nv_max_variable_storage_size, nv_remaining_variable_storage_size); -+ -+ size_t v_max_variable_storage_size = 0; -+ size_t v_max_variable_size = 0; -+ size_t v_remaining_variable_storage_size = 0; -+ -+ efi_status = m_client->query_variable_info( -+ 0, -+ &v_max_variable_storage_size, -+ &v_remaining_variable_storage_size, -+ &v_max_variable_size); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+ UNSIGNED_LONGLONGS_EQUAL(v_max_variable_storage_size, v_remaining_variable_storage_size); -+ -+ /* Add some variables to the store */ - std::wstring var_name_1 = L"varibale_1"; - std::wstring var_name_2 = L"varibale_2"; - std::wstring var_name_3 = L"varibale_3"; - std::string set_data = "Some variable data"; - -- /* Add some variables to the store */ - efi_status = m_client->set_variable( - m_common_guid, - var_name_1, -@@ -365,6 +391,33 @@ TEST(SmmVariableServiceTests, enumerateStoreContents) - - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); - -+ /* Query variable info again and check it's as expected */ -+ size_t max_variable_storage_size = 0; -+ size_t max_variable_size = 0; -+ size_t remaining_variable_storage_size = 0; -+ -+ /* Check non-volatile - two variables have been added */ -+ efi_status = m_client->query_variable_info( -+ EFI_VARIABLE_NON_VOLATILE, -+ &max_variable_storage_size, -+ &remaining_variable_storage_size, -+ &max_variable_size); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+ UNSIGNED_LONGLONGS_EQUAL( -+ (nv_remaining_variable_storage_size - set_data.size() * 2), -+ remaining_variable_storage_size); -+ -+ /* Check volatile - one variables have been added */ -+ efi_status = m_client->query_variable_info( -+ 0, -+ &max_variable_storage_size, -+ &remaining_variable_storage_size, -+ &max_variable_size); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+ UNSIGNED_LONGLONGS_EQUAL( -+ (v_remaining_variable_storage_size - set_data.size() * 1), -+ remaining_variable_storage_size); -+ - /* Enumerate store contents - expect the values we added */ - std::wstring var_name; - EFI_GUID guid = {0}; diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0016-Add-uefi-test-deployment.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0016-Add-uefi-test-deployment.patch deleted file mode 100644 index 66a4499ef0..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0016-Add-uefi-test-deployment.patch +++ /dev/null @@ -1,248 +0,0 @@ -From 22120b4bd64da232e5a4e04a9a15376f34a933a3 Mon Sep 17 00:00:00 2001 -From: Julian Hall <julian.hall@arm.com> -Date: Mon, 6 Dec 2021 15:20:12 +0000 -Subject: [PATCH] Add uefi-test deployment - -Adds a new deployment for building and running service level tests -for UEFI SMM services. Tests may be run against StMM, smm-gateway -or any other similar secure-world uefi service provider. - -Signed-off-by: Julian Hall <julian.hall@arm.com> -Change-Id: Ic0e16dff51ef76ddd1f4dea37a4a55b029edd696 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - - ---- - .../ts-service-test/arm-linux/CMakeLists.txt | 3 - - .../uefi-test/arm-linux/CMakeLists.txt | 43 +++++++++++ - deployments/uefi-test/linux-pc/CMakeLists.txt | 76 +++++++++++++++++++ - deployments/uefi-test/uefi-test.cmake | 52 +++++++++++++ - tools/b-test/test_data.yaml | 10 +++ - 5 files changed, 181 insertions(+), 3 deletions(-) - create mode 100644 deployments/uefi-test/arm-linux/CMakeLists.txt - create mode 100644 deployments/uefi-test/linux-pc/CMakeLists.txt - create mode 100644 deployments/uefi-test/uefi-test.cmake - -diff --git a/deployments/ts-service-test/arm-linux/CMakeLists.txt b/deployments/ts-service-test/arm-linux/CMakeLists.txt -index 6a01d38a..e902cd2f 100644 ---- a/deployments/ts-service-test/arm-linux/CMakeLists.txt -+++ b/deployments/ts-service-test/arm-linux/CMakeLists.txt -@@ -23,9 +23,6 @@ add_components( - BASE_DIR ${TS_ROOT} - COMPONENTS - "components/app/test-runner" --# Running smm_variable tests currently requires kernel built with CONFIG_STRICT_DEVMEM=n --# "components/service/smm_variable/client/cpp" --# "components/service/smm_variable/test/service" - ) - - include(${TS_ROOT}/external/CppUTest/CppUTest.cmake) -diff --git a/deployments/uefi-test/arm-linux/CMakeLists.txt b/deployments/uefi-test/arm-linux/CMakeLists.txt -new file mode 100644 -index 00000000..053041ad ---- /dev/null -+++ b/deployments/uefi-test/arm-linux/CMakeLists.txt -@@ -0,0 +1,43 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+cmake_minimum_required(VERSION 3.16) -+include(../../deployment.cmake REQUIRED) -+ -+#------------------------------------------------------------------------------- -+# The CMakeLists.txt for building the uefi-test deployment for arm-linux -+# -+# Used for building and running service level tests from Linux user-space -+# on an Arm platform with real deployments of UEFI SMM services -+#------------------------------------------------------------------------------- -+include(${TS_ROOT}/environments/arm-linux/env.cmake) -+project(trusted-services LANGUAGES CXX C) -+add_executable(uefi-test) -+target_include_directories(uefi-test PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}") -+ -+add_components( -+ TARGET "uefi-test" -+ BASE_DIR ${TS_ROOT} -+ COMPONENTS -+ "components/app/test-runner" -+ ) -+ -+include(${TS_ROOT}/external/CppUTest/CppUTest.cmake) -+target_link_libraries(uefi-test PRIVATE CppUTest) -+ -+#------------------------------------------------------------------------------- -+# Extend with components that are common across all deployments of -+# uefi-test -+# -+#------------------------------------------------------------------------------- -+include(../uefi-test.cmake REQUIRED) -+ -+#------------------------------------------------------------------------------- -+# Define library options and dependencies. -+# -+#------------------------------------------------------------------------------- -+env_set_link_options(TGT uefi-test) -+target_link_libraries(uefi-test PRIVATE stdc++ gcc m) -diff --git a/deployments/uefi-test/linux-pc/CMakeLists.txt b/deployments/uefi-test/linux-pc/CMakeLists.txt -new file mode 100644 -index 00000000..be6e9840 ---- /dev/null -+++ b/deployments/uefi-test/linux-pc/CMakeLists.txt -@@ -0,0 +1,76 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+cmake_minimum_required(VERSION 3.16) -+include(../../deployment.cmake REQUIRED) -+ -+#------------------------------------------------------------------------------- -+# The CMakeLists.txt for building the uefi-test deployment for linux-pc -+# -+# Used for building and running service level tests in a native PC enviroment. -+# Tests can be run by running the built executable called "uefi-test" -+#------------------------------------------------------------------------------- -+include(${TS_ROOT}/environments/linux-pc/env.cmake) -+project(trusted-services LANGUAGES CXX C) -+ -+# Prevents symbols in the uefi-test executable overriding symbols with -+# with same name in libts during dynamic linking performed by the program -+# loader. -+set(CMAKE_C_VISIBILITY_PRESET hidden) -+ -+# Preparing firmware-test-build by including it -+include(${TS_ROOT}/external/firmware_test_builder/FirmwareTestBuilder.cmake) -+ -+include(CTest) -+include(UnitTest) -+ -+set(COVERAGE FALSE CACHE BOOL "Enable code coverage measurement") -+set(UNIT_TEST_PROJECT_PATH ${TS_ROOT} CACHE PATH "Path of the project directory") -+set(CMAKE_CXX_STANDARD 11) -+ -+unit_test_init_cpputest() -+ -+if (COVERAGE) -+ include(Coverage) -+ -+ set(COVERAGE_FILE "coverage.info") -+ set(TS_SERVICE_TEST_COVERAGE_FILE "uefi-test-coverage.info" CACHE PATH "Path of coverage info file") -+ set(TS_SERVICE_TEST_COVERAGE_REPORT_DIR "${CMAKE_CURRENT_BINARY_DIR}/ts-service-coverage-report" CACHE PATH "Directory of coverage report") -+ -+ # Collecting coverage -+ coverage_generate( -+ NAME "ts-service test" -+ SOURCE_DIR ${TS_ROOT} -+ BINARY_DIR ${CMAKE_CURRENT_BINARY_DIR} -+ OUTPUT_FILE ${COVERAGE_FILE} -+ ) -+ -+ # Filtering project file coverage -+ coverage_filter( -+ INPUT_FILE ${COVERAGE_FILE} -+ OUTPUT_FILE ${TS_SERVICE_TEST_COVERAGE_FILE} -+ INCLUDE_DIRECTORY ${UNIT_TEST_PROJECT_PATH}/components -+ ) -+ -+ # Coverage report -+ coverage_generate_report( -+ INPUT_FILE ${TS_SERVICE_TEST_COVERAGE_FILE} -+ OUTPUT_DIRECTORY ${TS_SERVICE_TEST_COVERAGE_REPORT_DIR} -+ ) -+endif() -+ -+unit_test_add_suite( -+ NAME uefi-test -+) -+ -+target_include_directories(uefi-test PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}") -+ -+#------------------------------------------------------------------------------- -+# Extend with components that are common across all deployments of -+# uefi-test -+# -+#------------------------------------------------------------------------------- -+include(../uefi-test.cmake REQUIRED) -diff --git a/deployments/uefi-test/uefi-test.cmake b/deployments/uefi-test/uefi-test.cmake -new file mode 100644 -index 00000000..ea678d0e ---- /dev/null -+++ b/deployments/uefi-test/uefi-test.cmake -@@ -0,0 +1,52 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+ -+#------------------------------------------------------------------------------- -+# The base build file shared between deployments of 'uefi-test' for -+# different environments. Used for running end-to-end service-level tests -+# against SMM service providers that implement UEFI services such as smm -+# variable. -+#------------------------------------------------------------------------------- -+ -+#------------------------------------------------------------------------------- -+# Use libts for locating and accessing services. An appropriate version of -+# libts will be imported for the enviroment in which service tests are -+# deployed. -+#------------------------------------------------------------------------------- -+include(${TS_ROOT}/deployments/libts/libts-import.cmake) -+target_link_libraries(uefi-test PRIVATE libts) -+ -+#------------------------------------------------------------------------------- -+# Components that are common accross all deployments -+# -+#------------------------------------------------------------------------------- -+add_components( -+ TARGET "uefi-test" -+ BASE_DIR ${TS_ROOT} -+ COMPONENTS -+ "components/service/smm_variable/client/cpp" -+ "components/service/smm_variable/test/service" -+) -+ -+#------------------------------------------------------------------------------- -+# Components used from external projects -+# -+#------------------------------------------------------------------------------- -+ -+# Nanopb -+include(${TS_ROOT}/external/nanopb/nanopb.cmake) -+target_link_libraries(uefi-test PRIVATE nanopb::protobuf-nanopb-static) -+protobuf_generate_all(TGT "uefi-test" NAMESPACE "protobuf" BASE_DIR "${TS_ROOT}/protocols") -+ -+#------------------------------------------------------------------------------- -+# Define install content. -+# -+#------------------------------------------------------------------------------- -+if (CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT) -+ set(CMAKE_INSTALL_PREFIX ${CMAKE_BINARY_DIR}/install CACHE PATH "location to install build output to." FORCE) -+endif() -+install(TARGETS uefi-test RUNTIME DESTINATION ${TS_ENV}/bin) -diff --git a/tools/b-test/test_data.yaml b/tools/b-test/test_data.yaml -index 11f8f633..33a85b12 100644 ---- a/tools/b-test/test_data.yaml -+++ b/tools/b-test/test_data.yaml -@@ -163,3 +163,13 @@ data: - os_id : "GNU/Linux" - params: - - "-GUnix Makefiles" -+ - name: "uefi-test-pc-linux" -+ src: "$TS_ROOT/deployments/uefi-test/linux-pc" -+ os_id : "GNU/Linux" -+ params: -+ - "-GUnix Makefiles" -+ - name: "uefi-test-arm-linux" -+ src: "$TS_ROOT/deployments/uefi-test/arm-linux" -+ os_id : "GNU/Linux" -+ params: -+ - "-GUnix Makefiles" diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0017-Fix-interface-ID-parameter-setting-in-sp-ffarpc_call.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0017-Fix-interface-ID-parameter-setting-in-sp-ffarpc_call.patch deleted file mode 100644 index 9ad506b1bd..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0017-Fix-interface-ID-parameter-setting-in-sp-ffarpc_call.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 289bec4cacac80cb43c19e4ca7b2c50fc932712e Mon Sep 17 00:00:00 2001 -From: Julian Hall <julian.hall@arm.com> -Date: Wed, 8 Dec 2021 11:48:28 +0000 -Subject: [PATCH] Fix interface ID parameter setting in sp/ffarpc_caller - -When making FFA based RPC calls from one SP to another, the -destination interface ID parameter was not being set correctly. -This change fixes this issue. - -Signed-off-by: Julian Hall <julian.hall@arm.com> -Change-Id: Iab520e4c7dc63ee1f5d3bf1bd1de702e4cc6f093 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - - ---- - components/rpc/ffarpc/caller/sp/ffarpc_caller.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/components/rpc/ffarpc/caller/sp/ffarpc_caller.c b/components/rpc/ffarpc/caller/sp/ffarpc_caller.c -index 250b1781..dabcd90c 100644 ---- a/components/rpc/ffarpc/caller/sp/ffarpc_caller.c -+++ b/components/rpc/ffarpc/caller/sp/ffarpc_caller.c -@@ -81,7 +81,7 @@ static rpc_status_t call_invoke(void *context, rpc_call_handle handle, uint32_t - req.destination_id = this_context->dest_partition_id; - req.source_id = own_id; - req.args[SP_CALL_ARGS_IFACE_ID_OPCODE] = -- FFA_CALL_ARGS_COMBINE_IFACE_ID_OPCODE(this_context->dest_partition_id, opcode); -+ FFA_CALL_ARGS_COMBINE_IFACE_ID_OPCODE(this_context->dest_iface_id, opcode); - //TODO: downcast problem? - req.args[SP_CALL_ARGS_REQ_DATA_LEN] = (uint32_t)this_context->req_len; - req.args[SP_CALL_ARGS_ENCODING] = this_context->rpc_caller.encoding; diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0018-Support-FFARPC-call-requests-with-no-shared-buffer.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0018-Support-FFARPC-call-requests-with-no-shared-buffer.patch deleted file mode 100644 index 6ea473b0b1..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0018-Support-FFARPC-call-requests-with-no-shared-buffer.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 18b20dea7cf7e8afc26c5d49d5368d3180bd54d7 Mon Sep 17 00:00:00 2001 -From: Julian Hall <julian.hall@arm.com> -Date: Wed, 8 Dec 2021 16:05:22 +0000 -Subject: [PATCH] Support FFARPC call requests with no shared buffer - -To allow simple clients to make RPC calls for service operations -that take no request parameters and return no response parameters, -the ffarpc_call_ep.c has been modified to accept call requests -when no shared buffer exists, as long as there is no request data. - -Signed-off-by: Julian Hall <julian.hall@arm.com> -Change-Id: I83b1bfb719a005922d6394887492d2d272b74907 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - - ---- - .../rpc/ffarpc/endpoint/ffarpc_call_ep.c | 52 ++++++++++--------- - 1 file changed, 27 insertions(+), 25 deletions(-) - -diff --git a/components/rpc/ffarpc/endpoint/ffarpc_call_ep.c b/components/rpc/ffarpc/endpoint/ffarpc_call_ep.c -index 17f957c2..a08a250c 100644 ---- a/components/rpc/ffarpc/endpoint/ffarpc_call_ep.c -+++ b/components/rpc/ffarpc/endpoint/ffarpc_call_ep.c -@@ -150,29 +150,43 @@ out: - static void handle_service_msg(struct ffa_call_ep *call_ep, uint16_t source_id, - const uint32_t *req_args, uint32_t *resp_args) - { -- rpc_status_t rpc_status = TS_RPC_ERROR_INTERNAL; -+ rpc_status_t rpc_status = TS_RPC_ERROR_INVALID_PARAMETER; - struct call_req call_req; - - uint32_t ifaceid_opcode = req_args[SP_CALL_ARGS_IFACE_ID_OPCODE]; - int idx = find_shm(call_ep, source_id); - -- if (idx < 0) { -- EMSG("handle service msg error"); -- goto out; -- } -- - call_req.caller_id = source_id; - call_req.interface_id = FFA_CALL_ARGS_EXTRACT_IFACE(ifaceid_opcode); - call_req.opcode = FFA_CALL_ARGS_EXTRACT_OPCODE(ifaceid_opcode); - call_req.encoding = req_args[SP_CALL_ARGS_ENCODING]; - -- call_req.req_buf.data = call_ep->shmem_buf[idx]; - call_req.req_buf.data_len = req_args[SP_CALL_ARGS_REQ_DATA_LEN]; -- call_req.req_buf.size = call_ep->shmem_buf_size[idx]; -- -- call_req.resp_buf.data = call_ep->shmem_buf[idx]; - call_req.resp_buf.data_len = 0; -- call_req.resp_buf.size = call_ep->shmem_buf_size[idx]; -+ -+ if (idx >= 0 && call_ep->shmem_buf[idx]) { -+ /* A shared buffer is available for call parameters */ -+ call_req.req_buf.data = call_ep->shmem_buf[idx]; -+ call_req.req_buf.size = call_ep->shmem_buf_size[idx]; -+ -+ call_req.resp_buf.data = call_ep->shmem_buf[idx]; -+ call_req.resp_buf.size = call_ep->shmem_buf_size[idx]; -+ } -+ else if (call_req.req_buf.data_len == 0) { -+ /* No shared buffer so only allow calls with no request data */ -+ call_req.req_buf.data = NULL; -+ call_req.req_buf.size = 0; -+ -+ call_req.resp_buf.data = NULL; -+ call_req.resp_buf.size = 0; -+ } -+ else { -+ /* -+ * Caller has specified non-zero length request data but there is -+ * no shared buffer to carry the request data. -+ */ -+ goto out; -+ } - - rpc_status = rpc_interface_receive(call_ep->iface, &call_req); - -@@ -223,7 +237,6 @@ void ffa_call_ep_receive(struct ffa_call_ep *call_ep, - { - const uint32_t *req_args = req_msg->args; - uint32_t *resp_args = resp_msg->args; -- int idx; - - uint16_t source_id = req_msg->source_id; - uint32_t ifaceid_opcode = req_args[SP_CALL_ARGS_IFACE_ID_OPCODE]; -@@ -232,18 +245,7 @@ void ffa_call_ep_receive(struct ffa_call_ep *call_ep, - /* It's an RPC layer management request */ - handle_mgmt_msg(call_ep, source_id, req_args, resp_args); - } else { -- /* -- * Assume anything else is a service request. Service requests -- * rely on a buffer being shared from the requesting client. -- * If it hasn't been set-up, fail the request. -- */ -- idx = find_shm(call_ep, source_id); -- -- if (idx >= 0 && call_ep->shmem_buf[idx]) { -- handle_service_msg(call_ep, source_id, req_args, resp_args); -- } else { -- EMSG("shared buffer not found or NULL"); -- set_mgmt_resp_args(resp_args, ifaceid_opcode, TS_RPC_ERROR_NOT_READY); -- } -+ /* Assume anything else is a service request */ -+ handle_service_msg(call_ep, source_id, req_args, resp_args); - } - } diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0019-Run-psa-arch-test.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0019-Run-psa-arch-test.patch deleted file mode 100644 index 4f5421587d..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0019-Run-psa-arch-test.patch +++ /dev/null @@ -1,86 +0,0 @@ -From a496978dcf82494c69e600f65adf061f15e565f4 Mon Sep 17 00:00:00 2001 -From: Satish Kumar <satish.kumar01@arm.com> -Date: Sun, 12 Dec 2021 10:43:48 +0000 -Subject: [PATCH] Run psa-arch-test - -Fixes needed to run psa-arch-test - -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> - - ---- - components/service/common/psa_ipc/service_psa_ipc.c | 1 + - .../backend/secure_storage_ipc/secure_storage_ipc.c | 8 -------- - .../service/secure_storage/include/psa/storage_common.h | 4 ++-- - external/openamp/openamp.cmake | 2 +- - 4 files changed, 4 insertions(+), 11 deletions(-) - -diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c -index 95a07c13..5e5815db 100644 ---- a/components/service/common/psa_ipc/service_psa_ipc.c -+++ b/components/service/common/psa_ipc/service_psa_ipc.c -@@ -185,6 +185,7 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle, - resp_msg->params.out_vec); - - for (i = 0; i < resp_msg->params.out_len; i++) { -+ out_vec[i].len = out_vec_param[i].len; - memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base), - out_vec[i].len); - } -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -index 9b55f77d..a1f369db 100644 ---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -@@ -31,10 +31,6 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id, - - ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED; - -- /* Validating input parameters */ -- if (p_data == NULL) -- return PSA_ERROR_INVALID_ARGUMENT; -- - psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, - TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0); - if (psa_status < 0) -@@ -96,10 +92,6 @@ static psa_status_t secure_storage_ipc_get_info(void *context, - - (void)client_id; - -- /* Validating input parameters */ -- if (!p_info) -- return PSA_ERROR_INVALID_ARGUMENT; -- - psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, - TFM_PS_GET_INFO, in_vec, - IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -diff --git a/components/service/secure_storage/include/psa/storage_common.h b/components/service/secure_storage/include/psa/storage_common.h -index 4f6ba2a7..1fd6b40d 100644 ---- a/components/service/secure_storage/include/psa/storage_common.h -+++ b/components/service/secure_storage/include/psa/storage_common.h -@@ -20,8 +20,8 @@ typedef uint64_t psa_storage_uid_t; - typedef uint32_t psa_storage_create_flags_t; - - struct psa_storage_info_t { -- size_t capacity; -- size_t size; -+ uint32_t capacity; -+ uint32_t size; - psa_storage_create_flags_t flags; - }; - -diff --git a/external/openamp/openamp.cmake b/external/openamp/openamp.cmake -index aae13bad..75ab2290 100644 ---- a/external/openamp/openamp.cmake -+++ b/external/openamp/openamp.cmake -@@ -61,7 +61,7 @@ execute_process(COMMAND - -DCMAKE_SYSTEM_PROCESSOR=arm - -DEXTERNAL_INCLUDE_PATHS=${OPENAMP_EXTERNAL_INCLUDE_PATHS} - -DMACHINE=template -- -DRPMSG_BUFFER_SIZE=512 -+ -DRPMSG_BUFFER_SIZE=8192 - ${openamp_SOURCE_DIR} - WORKING_DIRECTORY - ${openamp_BINARY_DIR} diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0020-Use-address-instead-of-pointers.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0020-Use-address-instead-of-pointers.patch deleted file mode 100644 index 844bca3c1e..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0020-Use-address-instead-of-pointers.patch +++ /dev/null @@ -1,169 +0,0 @@ -From b417c1124af9d4569ba8871dfd1e43e626dddf12 Mon Sep 17 00:00:00 2001 -From: Satish Kumar <satish.kumar01@arm.com> -Date: Sun, 12 Dec 2021 10:57:17 +0000 -Subject: [PATCH] Use address instead of pointers - -Since secure enclave is 32bit and we 64bit there is an issue -in the protocol communication design that force us to handle -on our side the manipulation of address and pointers to make -this work. - -Signed-off-by: Rui Miguel Silva <rui.silva@arm.com> -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> - - ---- - .../service/common/include/psa/client.h | 15 ++++++++++++++ - .../service/common/psa_ipc/service_psa_ipc.c | 20 ++++++++++++------- - .../secure_storage_ipc/secure_storage_ipc.c | 20 +++++++++---------- - 3 files changed, 38 insertions(+), 17 deletions(-) - -diff --git a/components/service/common/include/psa/client.h b/components/service/common/include/psa/client.h -index 69ccf14f..12dcd68f 100644 ---- a/components/service/common/include/psa/client.h -+++ b/components/service/common/include/psa/client.h -@@ -81,6 +81,21 @@ struct __attribute__ ((__packed__)) psa_outvec { - uint32_t len; /*!< the size in bytes */ - }; - -+static void *psa_u32_to_ptr(uint32_t addr) -+{ -+ return (void *)(uintptr_t)addr; -+} -+ -+static uint32_t psa_ptr_to_u32(void *ptr) -+{ -+ return (uintptr_t)ptr; -+} -+ -+static uint32_t psa_ptr_const_to_u32(const void *ptr) -+{ -+ return (uintptr_t)ptr; -+} -+ - /*************************** PSA Client API **********************************/ - - /** -diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c -index 5e5815db..435c6c0a 100644 ---- a/components/service/common/psa_ipc/service_psa_ipc.c -+++ b/components/service/common/psa_ipc/service_psa_ipc.c -@@ -62,6 +62,11 @@ static size_t psa_call_out_vec_len(const struct psa_outvec *out_vec, size_t out_ - return resp_len; - } - -+static uint32_t psa_virt_to_phys_u32(struct rpc_caller *caller, void *va) -+{ -+ return (uintptr_t)rpc_caller_virt_to_phys(caller, va); -+} -+ - psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid, - uint32_t version) - { -@@ -147,20 +152,20 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle, - req_msg->params.psa_call_params.handle = psa_handle; - req_msg->params.psa_call_params.type = type; - req_msg->params.psa_call_params.in_len = in_len; -- req_msg->params.psa_call_params.in_vec = rpc_caller_virt_to_phys(caller, in_vec_param); -+ req_msg->params.psa_call_params.in_vec = psa_virt_to_phys_u32(caller, in_vec_param); - req_msg->params.psa_call_params.out_len = out_len; -- req_msg->params.psa_call_params.out_vec = rpc_caller_virt_to_phys(caller, out_vec_param); -+ req_msg->params.psa_call_params.out_vec = psa_virt_to_phys_u32(caller, out_vec_param); - - for (i = 0; i < in_len; i++) { -- in_vec_param[i].base = rpc_caller_virt_to_phys(caller, payload); -+ in_vec_param[i].base = psa_virt_to_phys_u32(caller, payload); - in_vec_param[i].len = in_vec[i].len; - -- memcpy(payload, in_vec[i].base, in_vec[i].len); -+ memcpy(payload, psa_u32_to_ptr(in_vec[i].base), in_vec[i].len); - payload += in_vec[i].len; - } - - for (i = 0; i < out_len; i++) { -- out_vec_param[i].base = NULL; -+ out_vec_param[i].base = 0; - out_vec_param[i].len = out_vec[i].len; - } - -@@ -182,11 +187,12 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle, - goto caller_end; - - out_vec_param = (struct psa_outvec *)rpc_caller_phys_to_virt(caller, -- resp_msg->params.out_vec); -+ psa_u32_to_ptr(resp_msg->params.out_vec)); - - for (i = 0; i < resp_msg->params.out_len; i++) { - out_vec[i].len = out_vec_param[i].len; -- memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base), -+ memcpy(psa_u32_to_ptr(out_vec[i].base), -+ rpc_caller_phys_to_virt(caller, psa_u32_to_ptr(out_vec_param[i].base)), - out_vec[i].len); - } - -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -index a1f369db..bda442a6 100644 ---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -@@ -22,9 +22,9 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id, - psa_handle_t psa_handle; - psa_status_t psa_status; - struct psa_invec in_vec[] = { -- { .base = &uid, .len = sizeof(uid) }, -- { .base = p_data, .len = data_length }, -- { .base = &create_flags, .len = sizeof(create_flags) }, -+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, -+ { .base = psa_ptr_const_to_u32(p_data), .len = data_length }, -+ { .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) }, - }; - - (void)client_id; -@@ -53,11 +53,11 @@ static psa_status_t secure_storage_ipc_get(void *context, - psa_status_t psa_status; - uint32_t offset = (uint32_t)data_offset; - struct psa_invec in_vec[] = { -- { .base = &uid, .len = sizeof(uid) }, -- { .base = &offset, .len = sizeof(offset) }, -+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, -+ { .base = psa_ptr_to_u32(&offset), .len = sizeof(offset) }, - }; - struct psa_outvec out_vec[] = { -- { .base = p_data, .len = data_size }, -+ { .base = psa_ptr_to_u32(p_data), .len = data_size }, - }; - - if (!p_data_length) { -@@ -84,10 +84,10 @@ static psa_status_t secure_storage_ipc_get_info(void *context, - psa_handle_t psa_handle; - psa_status_t psa_status; - struct psa_invec in_vec[] = { -- { .base = &uid, .len = sizeof(uid) }, -+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, - }; - struct psa_outvec out_vec[] = { -- { .base = p_info, .len = sizeof(*p_info) }, -+ { .base = psa_ptr_to_u32(p_info), .len = sizeof(*p_info) }, - }; - - (void)client_id; -@@ -110,7 +110,7 @@ static psa_status_t secure_storage_ipc_remove(void *context, - psa_handle_t psa_handle; - psa_status_t psa_status; - struct psa_invec in_vec[] = { -- { .base = &uid, .len = sizeof(uid) }, -+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) }, - }; - - (void)client_id; -@@ -164,7 +164,7 @@ static uint32_t secure_storage_get_support(void *context, uint32_t client_id) - psa_status_t psa_status; - uint32_t support_flags; - struct psa_outvec out_vec[] = { -- { .base = &support_flags, .len = sizeof(support_flags) }, -+ { .base = psa_ptr_to_u32(&support_flags), .len = sizeof(support_flags) }, - }; - - (void)client_id; diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0021-Add-psa-ipc-attestation-to-se-proxy.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0021-Add-psa-ipc-attestation-to-se-proxy.patch deleted file mode 100644 index 5376bb22e4..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0021-Add-psa-ipc-attestation-to-se-proxy.patch +++ /dev/null @@ -1,267 +0,0 @@ -From 259300dc81b95ff65cd2e95e0fecd140d76e4b5e Mon Sep 17 00:00:00 2001 -From: Rui Miguel Silva <rui.silva@linaro.org> -Date: Tue, 7 Dec 2021 11:50:00 +0000 -Subject: [PATCH] Add psa ipc attestation to se proxy - -Implement attestation client API as psa ipc and include it to -se proxy deployment. - -Signed-off-by: Rui Miguel Silva <rui.silva@arm.com> -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> - - ---- - .../client/psa_ipc/component.cmake | 13 +++ - .../client/psa_ipc/iat_ipc_client.c | 86 +++++++++++++++++++ - .../reporter/psa_ipc/component.cmake | 13 +++ - .../reporter/psa_ipc/psa_ipc_attest_report.c | 45 ++++++++++ - components/service/common/include/psa/sid.h | 4 + - deployments/se-proxy/opteesp/CMakeLists.txt | 3 +- - .../se-proxy/opteesp/service_proxy_factory.c | 6 ++ - 7 files changed, 169 insertions(+), 1 deletion(-) - create mode 100644 components/service/attestation/client/psa_ipc/component.cmake - create mode 100644 components/service/attestation/client/psa_ipc/iat_ipc_client.c - create mode 100644 components/service/attestation/reporter/psa_ipc/component.cmake - create mode 100644 components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c - -diff --git a/components/service/attestation/client/psa_ipc/component.cmake b/components/service/attestation/client/psa_ipc/component.cmake -new file mode 100644 -index 00000000..a5bc6b4a ---- /dev/null -+++ b/components/service/attestation/client/psa_ipc/component.cmake -@@ -0,0 +1,13 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/iat_ipc_client.c" -+ ) -diff --git a/components/service/attestation/client/psa_ipc/iat_ipc_client.c b/components/service/attestation/client/psa_ipc/iat_ipc_client.c -new file mode 100644 -index 00000000..30bd0a13 ---- /dev/null -+++ b/components/service/attestation/client/psa_ipc/iat_ipc_client.c -@@ -0,0 +1,86 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <stddef.h> -+#include <string.h> -+ -+#include "../psa/iat_client.h" -+#include <protocols/rpc/common/packed-c/status.h> -+#include <psa/initial_attestation.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+ -+/** -+ * @brief The singleton psa_iat_client instance -+ * -+ * The psa attestation C API assumes a single backend service provider. -+ */ -+static struct service_client instance; -+ -+ -+psa_status_t psa_iat_client_init(struct rpc_caller *caller) -+{ -+ return service_client_init(&instance, caller); -+} -+ -+void psa_iat_client_deinit(void) -+{ -+ service_client_deinit(&instance); -+} -+ -+int psa_iat_client_rpc_status(void) -+{ -+ return instance.rpc_status; -+} -+ -+psa_status_t psa_initial_attest_get_token(const uint8_t *auth_challenge, -+ size_t challenge_size, -+ uint8_t *token_buf, -+ size_t token_buf_size, -+ size_t *token_size) -+{ -+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; -+ struct rpc_caller *caller = instance.caller; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_const_to_u32(auth_challenge), .len = challenge_size}, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(token_buf), .len = token_buf_size}, -+ }; -+ -+ if (!token_buf || !token_buf_size) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE, -+ TFM_ATTEST_GET_TOKEN, in_vec, IOVEC_LEN(in_vec), -+ out_vec, IOVEC_LEN(out_vec)); -+ if (status == PSA_SUCCESS) { -+ *token_size = out_vec[0].len; -+ } -+ -+ return status; -+} -+ -+psa_status_t psa_initial_attest_get_token_size(size_t challenge_size, -+ size_t *token_size) -+{ -+ struct rpc_caller *caller = instance.caller; -+ psa_status_t status; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&challenge_size), .len = sizeof(uint32_t)} -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(token_size), .len = sizeof(uint32_t)} -+ }; -+ -+ status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE, -+ TFM_ATTEST_GET_TOKEN_SIZE, -+ in_vec, IOVEC_LEN(in_vec), -+ out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -diff --git a/components/service/attestation/reporter/psa_ipc/component.cmake b/components/service/attestation/reporter/psa_ipc/component.cmake -new file mode 100644 -index 00000000..b37830c6 ---- /dev/null -+++ b/components/service/attestation/reporter/psa_ipc/component.cmake -@@ -0,0 +1,13 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/psa_ipc_attest_report.c" -+ ) -diff --git a/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c -new file mode 100644 -index 00000000..15805e8e ---- /dev/null -+++ b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c -@@ -0,0 +1,45 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+/** -+ * A attestation reporter for psa ipc -+ */ -+ -+#include <stddef.h> -+#include <psa/error.h> -+#include <service/attestation/reporter/attest_report.h> -+#include <psa/initial_attestation.h> -+ -+#define TOKEN_BUF_SIZE 1024 -+ -+static uint8_t token_buf[TOKEN_BUF_SIZE]; -+ -+int attest_report_create(int32_t client_id, const uint8_t *auth_challenge_data, -+ size_t auth_challenge_len, const uint8_t **report, -+ size_t *report_len) -+{ -+ *report = token_buf; -+ psa_status_t ret; -+ size_t token_size = 0; -+ -+ ret = psa_initial_attest_get_token(auth_challenge_data, -+ auth_challenge_len, token_buf, -+ TOKEN_BUF_SIZE, &token_size); -+ if (ret != PSA_SUCCESS) { -+ *report = NULL; -+ *report_len = 0; -+ return ret; -+ } -+ -+ *report_len = token_size; -+ -+ return PSA_SUCCESS; -+} -+ -+void attest_report_destroy(const uint8_t *report) -+{ -+ (void)report; -+} -diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -index aaa973c6..833f5039 100644 ---- a/components/service/common/include/psa/sid.h -+++ b/components/service/common/include/psa/sid.h -@@ -50,6 +50,10 @@ extern "C" { - #define TFM_ATTESTATION_SERVICE_VERSION (1U) - #define TFM_ATTESTATION_SERVICE_HANDLE (0x40000103U) - -+/* Initial Attestation message types that distinguish Attest services. */ -+#define TFM_ATTEST_GET_TOKEN 1001 -+#define TFM_ATTEST_GET_TOKEN_SIZE 1002 -+ - /******** TFM_SP_FWU ********/ - #define TFM_FWU_WRITE_SID (0x000000A0U) - #define TFM_FWU_WRITE_VERSION (1U) -diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt -index 663177b7..af2225e7 100644 ---- a/deployments/se-proxy/opteesp/CMakeLists.txt -+++ b/deployments/se-proxy/opteesp/CMakeLists.txt -@@ -77,12 +77,13 @@ add_components(TARGET "se-proxy" - "components/service/attestation/include" - "components/service/attestation/provider" - "components/service/attestation/provider/serializer/packed-c" -+ "components/service/attestation/reporter/psa_ipc" -+ "components/service/attestation/client/psa_ipc" - "components/rpc/openamp/caller/sp" - - # Stub service provider backends - "components/rpc/dummy" - "components/rpc/common/caller" -- "components/service/attestation/reporter/stub" - "components/service/attestation/key_mngr/stub" - "components/service/crypto/backend/stub" - "components/service/crypto/client/psa" -diff --git a/deployments/se-proxy/opteesp/service_proxy_factory.c b/deployments/se-proxy/opteesp/service_proxy_factory.c -index 57290056..4b8ccecc 100644 ---- a/deployments/se-proxy/opteesp/service_proxy_factory.c -+++ b/deployments/se-proxy/opteesp/service_proxy_factory.c -@@ -23,12 +23,18 @@ struct openamp_caller openamp; - struct rpc_interface *attest_proxy_create(void) - { - struct rpc_interface *attest_iface; -+ struct rpc_caller *attest_caller; - - /* Static objects for proxy instance */ - static struct attest_provider attest_provider; - -+ attest_caller = openamp_caller_init(&openamp); -+ if (!attest_caller) -+ return NULL; -+ - /* Initialize the service provider */ - attest_iface = attest_provider_init(&attest_provider); -+ psa_iat_client_init(&openamp.rpc_caller); - - attest_provider_register_serializer(&attest_provider, - TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance()); diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0022-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0022-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch deleted file mode 100644 index aa389d8bc0..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0022-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch +++ /dev/null @@ -1,164 +0,0 @@ -From 90006cecbbba58afee5f51e6bd72f7027a257b5e Mon Sep 17 00:00:00 2001 -From: Satish Kumar <satish.kumar01@arm.com> -Date: Thu, 9 Dec 2021 14:11:06 +0000 -Subject: [PATCH] Setup its backend as openamp rpc using secure storage ipc - implementation. - -Signed-off-by: Rui Miguel Silva <rui.silva@arm.com> -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> - - ---- - components/service/common/include/psa/sid.h | 12 +++++----- - .../secure_storage_ipc/secure_storage_ipc.c | 20 ++++++++--------- - .../secure_storage_ipc/secure_storage_ipc.h | 1 + - .../se-proxy/opteesp/service_proxy_factory.c | 22 +++++++++++++------ - 4 files changed, 32 insertions(+), 23 deletions(-) - -diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -index 833f5039..4a951d4a 100644 ---- a/components/service/common/include/psa/sid.h -+++ b/components/service/common/include/psa/sid.h -@@ -20,12 +20,12 @@ extern "C" { - /* Invalid UID */ - #define TFM_PS_INVALID_UID 0 - --/* PS message types that distinguish PS services. */ --#define TFM_PS_SET 1001 --#define TFM_PS_GET 1002 --#define TFM_PS_GET_INFO 1003 --#define TFM_PS_REMOVE 1004 --#define TFM_PS_GET_SUPPORT 1005 -+/* PS / ITS message types that distinguish PS services. */ -+#define TFM_PS_ITS_SET 1001 -+#define TFM_PS_ITS_GET 1002 -+#define TFM_PS_ITS_GET_INFO 1003 -+#define TFM_PS_ITS_REMOVE 1004 -+#define TFM_PS_ITS_GET_SUPPORT 1005 - - /******** TFM_SP_ITS ********/ - #define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SID (0x00000070U) -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -index bda442a6..0e1b48c0 100644 ---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c -@@ -31,8 +31,8 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id, - - ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED; - -- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -- TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0); -+ psa_status = psa_call(caller, ipc->service_handle, TFM_PS_ITS_SET, -+ in_vec, IOVEC_LEN(in_vec), NULL, 0); - if (psa_status < 0) - EMSG("ipc_set: psa_call failed: %d", psa_status); - -@@ -65,8 +65,8 @@ static psa_status_t secure_storage_ipc_get(void *context, - return PSA_ERROR_INVALID_ARGUMENT; - } - -- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -- TFM_PS_GET, in_vec, IOVEC_LEN(in_vec), -+ psa_status = psa_call(caller, ipc->service_handle, -+ TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec), - out_vec, IOVEC_LEN(out_vec)); - if (psa_status == PSA_SUCCESS) - *p_data_length = out_vec[0].len; -@@ -92,8 +92,8 @@ static psa_status_t secure_storage_ipc_get_info(void *context, - - (void)client_id; - -- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -- TFM_PS_GET_INFO, in_vec, -+ psa_status = psa_call(caller, ipc->service_handle, -+ TFM_PS_ITS_GET_INFO, in_vec, - IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); - if (psa_status != PSA_SUCCESS) - EMSG("ipc_get_info: failed to psa_call: %d", psa_status); -@@ -115,8 +115,8 @@ static psa_status_t secure_storage_ipc_remove(void *context, - - (void)client_id; - -- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -- TFM_PS_REMOVE, in_vec, -+ psa_status = psa_call(caller, ipc->service_handle, -+ TFM_PS_ITS_REMOVE, in_vec, - IOVEC_LEN(in_vec), NULL, 0); - if (psa_status != PSA_SUCCESS) - EMSG("ipc_remove: failed to psa_call: %d", psa_status); -@@ -169,8 +169,8 @@ static uint32_t secure_storage_get_support(void *context, uint32_t client_id) - - (void)client_id; - -- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, -- TFM_PS_GET_SUPPORT, NULL, 0, -+ psa_status = psa_call(caller, ipc->service_handle, -+ TFM_PS_ITS_GET_SUPPORT, NULL, 0, - out_vec, IOVEC_LEN(out_vec)); - if (psa_status != PSA_SUCCESS) - EMSG("ipc_get_support: failed to psa_call: %d", psa_status); -diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h -index e8c1e8fd..d9949f6a 100644 ---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h -+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h -@@ -21,6 +21,7 @@ struct secure_storage_ipc - { - struct storage_backend backend; - struct service_client client; -+ int32_t service_handle; - }; - - /** -diff --git a/deployments/se-proxy/opteesp/service_proxy_factory.c b/deployments/se-proxy/opteesp/service_proxy_factory.c -index 4b8ccecc..1110ac46 100644 ---- a/deployments/se-proxy/opteesp/service_proxy_factory.c -+++ b/deployments/se-proxy/opteesp/service_proxy_factory.c -@@ -5,6 +5,7 @@ - */ - - #include <stddef.h> -+#include <psa/sid.h> - #include <rpc/common/endpoint/rpc_interface.h> - #include <rpc/openamp/caller/sp/openamp_caller.h> - #include <service/attestation/provider/attest_provider.h> -@@ -60,23 +61,30 @@ struct rpc_interface *ps_proxy_create(void) - { - static struct secure_storage_provider ps_provider; - static struct secure_storage_ipc ps_backend; -- static struct rpc_caller *storage_caller; -+ struct rpc_caller *storage_caller; - struct storage_backend *backend; - - storage_caller = openamp_caller_init(&openamp); - if (!storage_caller) - return NULL; - backend = secure_storage_ipc_init(&ps_backend, &openamp.rpc_caller); -+ ps_backend.service_handle = TFM_PROTECTED_STORAGE_SERVICE_HANDLE; - - return secure_storage_provider_init(&ps_provider, backend); - } - - struct rpc_interface *its_proxy_create(void) - { -- static struct mock_store its_backend; -- static struct secure_storage_provider its_provider; -- -- struct storage_backend *backend = mock_store_init(&its_backend); -- -- return secure_storage_provider_init(&its_provider, backend); -+ static struct secure_storage_provider its_provider; -+ static struct secure_storage_ipc its_backend; -+ struct rpc_caller *storage_caller; -+ struct storage_backend *backend; -+ -+ storage_caller = openamp_caller_init(&openamp); -+ if (!storage_caller) -+ return NULL; -+ backend = secure_storage_ipc_init(&its_backend, &openamp.rpc_caller); -+ its_backend.service_handle = TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE; -+ -+ return secure_storage_provider_init(&its_provider, backend); - } diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0023-add-psa-ipc-crypto-backend.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0023-add-psa-ipc-crypto-backend.patch deleted file mode 100644 index a20a6a48ef..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0023-add-psa-ipc-crypto-backend.patch +++ /dev/null @@ -1,2586 +0,0 @@ -From 5af98a77887c2aa60bc93dbdddb174e03501b733 Mon Sep 17 00:00:00 2001 -From: Rui Miguel Silva <rui.silva@linaro.org> -Date: Thu, 9 Dec 2021 14:17:39 +0000 -Subject: [PATCH] add psa ipc crypto backend - -Add psa ipc crypto backend and attach it to se proxy -deployment. - -Signed-off-by: Rui Miguel Silva <rui.silva@arm.com> -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> - - ---- - components/service/common/include/psa/sid.h | 73 +++++ - .../crypto/backend/psa_ipc/component.cmake | 21 ++ - .../backend/psa_ipc/crypto_ipc_backend.c | 26 ++ - .../backend/psa_ipc/crypto_ipc_backend.h | 70 ++++ - .../client/caller/psa_ipc/crypto_caller.h | 34 ++ - .../caller/psa_ipc/crypto_caller_aead.h | 252 +++++++++++++++ - .../crypto_caller_asymmetric_decrypt.h | 76 +++++ - .../crypto_caller_asymmetric_encrypt.h | 76 +++++ - .../caller/psa_ipc/crypto_caller_cipher.h | 246 +++++++++++++++ - .../caller/psa_ipc/crypto_caller_copy_key.h | 57 ++++ - .../psa_ipc/crypto_caller_destroy_key.h | 51 +++ - .../caller/psa_ipc/crypto_caller_export_key.h | 59 ++++ - .../psa_ipc/crypto_caller_export_public_key.h | 59 ++++ - .../psa_ipc/crypto_caller_generate_key.h | 55 ++++ - .../psa_ipc/crypto_caller_generate_random.h | 57 ++++ - .../crypto_caller_get_key_attributes.h | 56 ++++ - .../caller/psa_ipc/crypto_caller_hash.h | 220 +++++++++++++ - .../caller/psa_ipc/crypto_caller_import_key.h | 57 ++++ - .../psa_ipc/crypto_caller_key_attributes.h | 51 +++ - .../psa_ipc/crypto_caller_key_derivation.h | 298 ++++++++++++++++++ - .../client/caller/psa_ipc/crypto_caller_mac.h | 207 ++++++++++++ - .../caller/psa_ipc/crypto_caller_purge_key.h | 51 +++ - .../caller/psa_ipc/crypto_caller_sign_hash.h | 64 ++++ - .../psa_ipc/crypto_caller_verify_hash.h | 59 ++++ - .../crypto/include/psa/crypto_client_struct.h | 8 +- - .../service/crypto/include/psa/crypto_sizes.h | 2 +- - deployments/se-proxy/opteesp/CMakeLists.txt | 2 +- - .../se-proxy/opteesp/service_proxy_factory.c | 15 +- - .../providers/arm/corstone1000/platform.cmake | 2 + - 29 files changed, 2293 insertions(+), 11 deletions(-) - create mode 100644 components/service/crypto/backend/psa_ipc/component.cmake - create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c - create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h - create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h - -diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h -index 4a951d4a..7a29cc25 100644 ---- a/components/service/common/include/psa/sid.h -+++ b/components/service/common/include/psa/sid.h -@@ -37,6 +37,79 @@ extern "C" { - #define TFM_CRYPTO_VERSION (1U) - #define TFM_CRYPTO_HANDLE (0x40000100U) - -+/** -+ * \brief Define a progressive numerical value for each SID which can be used -+ * when dispatching the requests to the service -+ */ -+enum { -+ TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID = (0u), -+ TFM_CRYPTO_RESET_KEY_ATTRIBUTES_SID, -+ TFM_CRYPTO_OPEN_KEY_SID, -+ TFM_CRYPTO_CLOSE_KEY_SID, -+ TFM_CRYPTO_IMPORT_KEY_SID, -+ TFM_CRYPTO_DESTROY_KEY_SID, -+ TFM_CRYPTO_EXPORT_KEY_SID, -+ TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID, -+ TFM_CRYPTO_PURGE_KEY_SID, -+ TFM_CRYPTO_COPY_KEY_SID, -+ TFM_CRYPTO_HASH_COMPUTE_SID, -+ TFM_CRYPTO_HASH_COMPARE_SID, -+ TFM_CRYPTO_HASH_SETUP_SID, -+ TFM_CRYPTO_HASH_UPDATE_SID, -+ TFM_CRYPTO_HASH_FINISH_SID, -+ TFM_CRYPTO_HASH_VERIFY_SID, -+ TFM_CRYPTO_HASH_ABORT_SID, -+ TFM_CRYPTO_HASH_CLONE_SID, -+ TFM_CRYPTO_MAC_COMPUTE_SID, -+ TFM_CRYPTO_MAC_VERIFY_SID, -+ TFM_CRYPTO_MAC_SIGN_SETUP_SID, -+ TFM_CRYPTO_MAC_VERIFY_SETUP_SID, -+ TFM_CRYPTO_MAC_UPDATE_SID, -+ TFM_CRYPTO_MAC_SIGN_FINISH_SID, -+ TFM_CRYPTO_MAC_VERIFY_FINISH_SID, -+ TFM_CRYPTO_MAC_ABORT_SID, -+ TFM_CRYPTO_CIPHER_ENCRYPT_SID, -+ TFM_CRYPTO_CIPHER_DECRYPT_SID, -+ TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID, -+ TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID, -+ TFM_CRYPTO_CIPHER_GENERATE_IV_SID, -+ TFM_CRYPTO_CIPHER_SET_IV_SID, -+ TFM_CRYPTO_CIPHER_UPDATE_SID, -+ TFM_CRYPTO_CIPHER_FINISH_SID, -+ TFM_CRYPTO_CIPHER_ABORT_SID, -+ TFM_CRYPTO_AEAD_ENCRYPT_SID, -+ TFM_CRYPTO_AEAD_DECRYPT_SID, -+ TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID, -+ TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID, -+ TFM_CRYPTO_AEAD_GENERATE_NONCE_SID, -+ TFM_CRYPTO_AEAD_SET_NONCE_SID, -+ TFM_CRYPTO_AEAD_SET_LENGTHS_SID, -+ TFM_CRYPTO_AEAD_UPDATE_AD_SID, -+ TFM_CRYPTO_AEAD_UPDATE_SID, -+ TFM_CRYPTO_AEAD_FINISH_SID, -+ TFM_CRYPTO_AEAD_VERIFY_SID, -+ TFM_CRYPTO_AEAD_ABORT_SID, -+ TFM_CRYPTO_SIGN_MESSAGE_SID, -+ TFM_CRYPTO_VERIFY_MESSAGE_SID, -+ TFM_CRYPTO_SIGN_HASH_SID, -+ TFM_CRYPTO_VERIFY_HASH_SID, -+ TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID, -+ TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID, -+ TFM_CRYPTO_KEY_DERIVATION_SETUP_SID, -+ TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID, -+ TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID, -+ TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID, -+ TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID, -+ TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID, -+ TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID, -+ TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID, -+ TFM_CRYPTO_KEY_DERIVATION_ABORT_SID, -+ TFM_CRYPTO_RAW_KEY_AGREEMENT_SID, -+ TFM_CRYPTO_GENERATE_RANDOM_SID, -+ TFM_CRYPTO_GENERATE_KEY_SID, -+ TFM_CRYPTO_SID_MAX, -+}; -+ - /******** TFM_SP_PLATFORM ********/ - #define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U) - #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U) -diff --git a/components/service/crypto/backend/psa_ipc/component.cmake b/components/service/crypto/backend/psa_ipc/component.cmake -new file mode 100644 -index 00000000..93c297a8 ---- /dev/null -+++ b/components/service/crypto/backend/psa_ipc/component.cmake -@@ -0,0 +1,21 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/crypto_ipc_backend.c" -+ ) -+ -+# The ipc crypto backend uses the psa crypto client to realize the -+# psa crypto API that the crypto provider depends on. This define -+# configures the psa crypto client to be built with the ipc crypto -+# caller. -+target_compile_definitions(${TGT} PRIVATE -+ PSA_CRYPTO_CLIENT_CALLER_SELECTION_H="service/crypto/client/caller/psa_ipc/crypto_caller.h" -+) -diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c -new file mode 100644 -index 00000000..e47cd4ff ---- /dev/null -+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c -@@ -0,0 +1,26 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <stddef.h> -+#include <psa/crypto.h> -+#include <service/crypto/client/psa/psa_crypto_client.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include "crypto_ipc_backend.h" -+ -+psa_status_t crypto_ipc_backend_init(struct rpc_caller *caller) -+{ -+ psa_status_t status = psa_crypto_client_init(caller); -+ -+ if (status == PSA_SUCCESS) -+ status = psa_crypto_init(); -+ -+ return status; -+} -+ -+void crypto_ipc_backend_deinit(void) -+{ -+ psa_crypto_client_deinit(); -+} -diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -new file mode 100644 -index 00000000..c13c20e8 ---- /dev/null -+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -@@ -0,0 +1,70 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef CRYPTO_IPC_BACKEND_H -+#define CRYPTO_IPC_BACKEND_H -+ -+#include <service/crypto/client/psa/psa_crypto_client.h> -+#include <psa/error.h> -+#include <rpc_caller.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/** -+ * \brief This type is used to overcome a limitation in the number of maximum -+ * IOVECs that can be used especially in psa_aead_encrypt and -+ * psa_aead_decrypt. To be removed in case the AEAD APIs number of -+ * parameters passed gets restructured -+ */ -+#define TFM_CRYPTO_MAX_NONCE_LENGTH (16u) -+struct psa_ipc_crypto_aead_pack_input { -+ uint8_t nonce[TFM_CRYPTO_MAX_NONCE_LENGTH]; -+ uint32_t nonce_length; -+}; -+ -+struct psa_ipc_crypto_pack_iovec { -+ uint32_t sfn_id; /*!< Secure function ID used to dispatch the -+ * request -+ */ -+ uint16_t step; /*!< Key derivation step */ -+ psa_key_id_t key_id; /*!< Key id */ -+ psa_algorithm_t alg; /*!< Algorithm */ -+ uint32_t op_handle; /*!< Frontend context handle associated to a -+ * multipart operation -+ */ -+ uint32_t capacity; /*!< Key derivation capacity */ -+ -+ struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for -+ * AEAD until the API is -+ * restructured -+ */ -+}; -+ -+#define iov_size sizeof(struct psa_ipc_crypto_pack_iovec) -+ -+/** -+ * \brief Initialize the psa ipc crypto backend -+ * -+ * Initializes a crypto backend that uses the psa API client with a -+ * psa_ipc_backend caller to realize the PSA crypto API used by the crypto -+ * service proviser. -+ * -+ * \return PSA_SUCCESS if backend initialized successfully -+ */ -+psa_status_t crypto_ipc_backend_init(struct rpc_caller *caller); -+ -+/** -+ * \brief Clean-up to free any resource used by the crypto backend -+ */ -+void crypto_ipc_backend_deinit(void); -+ -+#ifdef __cplusplus -+} /* extern "C" */ -+#endif -+ -+#endif /* CRYPTO_IPC_BACKEND_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller.h -new file mode 100644 -index 00000000..0a972187 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller.h -@@ -0,0 +1,34 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_H -+#define PSA_IPC_CRYPTO_CALLER_H -+ -+/** -+ * Includes all header files that form the psa ipc crypto caller -+ * interface. May be used by a client that needs to call operations -+ * provided by a crypto service instance using the psa ipc interface. -+ */ -+#include "crypto_caller_aead.h" -+#include "crypto_caller_asymmetric_decrypt.h" -+#include "crypto_caller_asymmetric_encrypt.h" -+#include "crypto_caller_cipher.h" -+#include "crypto_caller_copy_key.h" -+#include "crypto_caller_destroy_key.h" -+#include "crypto_caller_export_key.h" -+#include "crypto_caller_export_public_key.h" -+#include "crypto_caller_generate_key.h" -+#include "crypto_caller_generate_random.h" -+#include "crypto_caller_get_key_attributes.h" -+#include "crypto_caller_hash.h" -+#include "crypto_caller_import_key.h" -+#include "crypto_caller_key_derivation.h" -+#include "crypto_caller_mac.h" -+#include "crypto_caller_purge_key.h" -+#include "crypto_caller_sign_hash.h" -+#include "crypto_caller_verify_hash.h" -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -new file mode 100644 -index 00000000..78517fe3 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -@@ -0,0 +1,252 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_AEAD_H -+#define PSA_IPC_CRYPTO_CALLER_AEAD_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_aead_encrypt( -+ struct service_client *context, -+ psa_key_id_t key, -+ psa_algorithm_t alg, -+ const uint8_t *nonce, -+ size_t nonce_length, -+ const uint8_t *additional_data, -+ size_t additional_data_length, -+ const uint8_t *plaintext, -+ size_t plaintext_length, -+ uint8_t *aeadtext, -+ size_t aeadtext_size, -+ size_t *aeadtext_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ size_t in_len; -+ int i; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID, -+ .key_id = key, -+ .alg = alg, -+ .aead_in = { .nonce = {0}, .nonce_length = nonce_length }, -+ }; -+ -+ if (!additional_data && additional_data_length) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(plaintext), -+ .len = plaintext_length }, -+ { .base = psa_ptr_const_to_u32(additional_data), -+ .len = additional_data_length}, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(aeadtext), .len = aeadtext_size }, -+ }; -+ -+ if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ if (nonce) { -+ for (i = 0; i < nonce_length; i++) -+ iov.aead_in.nonce[i] = nonce[i]; -+ } -+ -+ in_len = IOVEC_LEN(in_vec); -+ -+ if (!additional_data) -+ in_len--; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ -+ *aeadtext_length = out_vec[0].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_aead_decrypt( -+ struct service_client *context, -+ psa_key_id_t key, -+ psa_algorithm_t alg, -+ const uint8_t *nonce, -+ size_t nonce_length, -+ const uint8_t *additional_data, -+ size_t additional_data_length, -+ const uint8_t *aeadtext, -+ size_t aeadtext_length, -+ uint8_t *plaintext, -+ size_t plaintext_size, -+ size_t *plaintext_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ size_t in_len; -+ int i; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID, -+ .key_id = key, -+ .alg = alg, -+ .aead_in = { .nonce = {0}, .nonce_length = nonce_length }, -+ }; -+ -+ if (!additional_data && additional_data_length) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(aeadtext), -+ .len = aeadtext_length }, -+ { .base = psa_ptr_const_to_u32(additional_data), -+ .len = additional_data_length}, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(plaintext), .len = plaintext_size }, -+ }; -+ -+ if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ if (nonce) { -+ for (i = 0; i < nonce_length; i++) -+ iov.aead_in.nonce[i] = nonce[i]; -+ } -+ -+ in_len = IOVEC_LEN(in_vec); -+ -+ if (!additional_data) -+ in_len--; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ -+ *plaintext_length = out_vec[0].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_aead_encrypt_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_decrypt_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_generate_nonce( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *nonce, -+ size_t nonce_size, -+ size_t *nonce_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_set_nonce( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *nonce, -+ size_t nonce_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_set_lengths( -+ struct service_client *context, -+ uint32_t op_handle, -+ size_t ad_length, -+ size_t plaintext_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_update_ad( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *input, -+ size_t input_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_update( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *input, -+ size_t input_length, -+ uint8_t *output, -+ size_t output_size, -+ size_t *output_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_finish( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *aeadtext, -+ size_t aeadtext_size, -+ size_t *aeadtext_length, -+ uint8_t *tag, -+ size_t tag_size, -+ size_t *tag_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_verify( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *plaintext, -+ size_t plaintext_size, -+ size_t *plaintext_length, -+ const uint8_t *tag, -+ size_t tag_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_aead_abort( -+ struct service_client *context, -+ uint32_t op_handle) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_AEAD_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h -new file mode 100644 -index 00000000..ff01815c ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h -@@ -0,0 +1,76 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H -+#define PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_asymmetric_decrypt( -+ struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *input, size_t input_length, -+ const uint8_t *salt, size_t salt_length, -+ uint8_t *output, size_t output_size, -+ size_t *output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ size_t in_len; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID, -+ .key_id = id, -+ .alg = alg, -+ }; -+ -+ /* Sanitize optional input */ -+ if (!salt && salt_length) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(input), .len = input_length }, -+ { .base = psa_ptr_const_to_u32(salt), .len = salt_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(output), .len = output_size }, -+ }; -+ -+ -+ in_len = IOVEC_LEN(in_vec); -+ if (!salt) -+ in_len--; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h -new file mode 100644 -index 00000000..1daf1689 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h -@@ -0,0 +1,76 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H -+#define PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_asymmetric_encrypt( -+ struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *input, size_t input_length, -+ const uint8_t *salt, size_t salt_length, -+ uint8_t *output, size_t output_size, -+ size_t *output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ size_t in_len; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID, -+ .key_id = id, -+ .alg = alg, -+ }; -+ -+ /* Sanitize optional input */ -+ if (!salt && salt_length) -+ return PSA_ERROR_INVALID_ARGUMENT; -+ -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(input), .len = input_length }, -+ { .base = psa_ptr_const_to_u32(salt), .len = salt_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(output), .len = output_size }, -+ }; -+ -+ -+ in_len = IOVEC_LEN(in_vec); -+ if (!salt) -+ in_len--; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h -new file mode 100644 -index 00000000..fbefb28d ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h -@@ -0,0 +1,246 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_CIPHER_H -+#define PSA_IPC_CRYPTO_CALLER_CIPHER_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_cipher_encrypt_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_decrypt_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_generate_iv( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *iv, -+ size_t iv_size, -+ size_t *iv_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ { .base = psa_ptr_to_u32(iv), .len = iv_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *iv_length = out_vec[1].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_set_iv( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *iv, -+ size_t iv_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_SET_IV_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(iv), .len = iv_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_update( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *input, -+ size_t input_length, -+ uint8_t *output, -+ size_t output_size, -+ size_t *output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_UPDATE_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(input), .len = input_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ { .base = psa_ptr_to_u32(output), .len = output_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[1].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_finish( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *output, -+ size_t output_size, -+ size_t *output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_FINISH_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ { .base = psa_ptr_to_u32(output), .len = output_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[1].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_cipher_abort( -+ struct service_client *context, -+ uint32_t op_handle) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_CIPHER_ABORT_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline size_t crypto_caller_cipher_max_update_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the cipher_update operation -+ * using the ipc encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = iov_size; -+ -+ /* Allow for output to be a whole number of blocks */ -+ overhead += PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_CIPHER_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h -new file mode 100644 -index 00000000..9a988171 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h -@@ -0,0 +1,57 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_COPY_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_COPY_KEY_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_copy_key(struct service_client *context, -+ psa_key_id_t source_key, -+ const psa_key_attributes_t *attributes, -+ psa_key_id_t *target_key) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_COPY_KEY_SID, -+ .key_id = source_key, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ { .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(target_key), .len = sizeof(psa_key_id_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_COPY_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h -new file mode 100644 -index 00000000..d00f4faa ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h -@@ -0,0 +1,51 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_destroy_key(struct service_client *context, -+ psa_key_id_t id) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_DESTROY_KEY_SID, -+ .key_id = id, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h -new file mode 100644 -index 00000000..8ac5477f ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h -@@ -0,0 +1,59 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_export_key(struct service_client *context, -+ psa_key_id_t id, -+ uint8_t *data, -+ size_t data_size, -+ size_t *data_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_EXPORT_KEY_SID, -+ .key_id = id, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(data), .len = data_size } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *data_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h -new file mode 100644 -index 00000000..b24c47f1 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h -@@ -0,0 +1,59 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_export_public_key(struct service_client *context, -+ psa_key_id_t id, -+ uint8_t *data, -+ size_t data_size, -+ size_t *data_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID, -+ .key_id = id, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(data), .len = data_size } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *data_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h -new file mode 100644 -index 00000000..1b66ed40 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h -@@ -0,0 +1,55 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_generate_key(struct service_client *context, -+ const psa_key_attributes_t *attributes, -+ psa_key_id_t *id) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_GENERATE_KEY_SID, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ { .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(id), .len = sizeof(psa_key_id_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h -new file mode 100644 -index 00000000..7c538237 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h -@@ -0,0 +1,57 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H -+#define PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_generate_random(struct service_client *context, -+ uint8_t *output, -+ size_t output_size) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_GENERATE_RANDOM_SID, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(output), .len = output_size } -+ }; -+ -+ if (!output_size) -+ return PSA_SUCCESS; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h -new file mode 100644 -index 00000000..22f1d18f ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h -@@ -0,0 +1,56 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H -+#define PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_get_key_attributes( -+ struct service_client *context, -+ psa_key_id_t key, -+ psa_key_attributes_t *attributes) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID, -+ .key_id = key, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(attributes), .len = sizeof(psa_key_attributes_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h -new file mode 100644 -index 00000000..9f37908a ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h -@@ -0,0 +1,220 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_HASH_H -+#define PSA_IPC_CRYPTO_CALLER_HASH_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_hash_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_SETUP_SID, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_update( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *input, -+ size_t input_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_UPDATE_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(input), .len = input_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_finish( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *hash, -+ size_t hash_size, -+ size_t *hash_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_FINISH_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ { .base = psa_ptr_to_u32(hash), .len = hash_size}, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *hash_length = out_vec[1].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_abort( -+ struct service_client *context, -+ uint32_t op_handle) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_ABORT_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_verify( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *hash, -+ size_t hash_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_VERIFY_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(hash), .len = hash_length}, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_clone( -+ struct service_client *context, -+ uint32_t source_op_handle, -+ uint32_t *target_op_handle) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_HASH_CLONE_SID, -+ .op_handle = source_op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(target_op_handle), -+ .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_hash_suspend(struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *hash_state, -+ size_t hash_state_size, -+ size_t *hash_state_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline psa_status_t crypto_caller_hash_resume(struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *hash_state, -+ size_t hash_state_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ -+static inline size_t crypto_caller_hash_max_update_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the hash_update operation -+ * using the packed-c encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = iov_size; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_HASH_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h -new file mode 100644 -index 00000000..d4703366 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h -@@ -0,0 +1,57 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_IMPORT_KEY_H -+#define PSA_IPC_CRYPTO_CALLER_IMPORT_KEY_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_import_key(struct service_client *context, -+ const psa_key_attributes_t *attributes, -+ const uint8_t *data, size_t data_length, -+ psa_key_id_t *id) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_IMPORT_KEY_SID, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ { .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) }, -+ { .base = psa_ptr_const_to_u32(data), .len = data_length } -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(id), .len = sizeof(psa_key_id_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PACKEDC_CRYPTO_CALLER_IMPORT_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h -new file mode 100644 -index 00000000..2fad2f0a ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h -@@ -0,0 +1,51 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H -+#define PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H -+ -+#include <psa/crypto.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline void packedc_crypto_caller_translate_key_attributes_to_proto( -+ struct ts_crypto_key_attributes *proto_attributes, -+ const psa_key_attributes_t *psa_attributes) -+{ -+ proto_attributes->type = psa_get_key_type(psa_attributes); -+ proto_attributes->key_bits = psa_get_key_bits(psa_attributes); -+ proto_attributes->lifetime = psa_get_key_lifetime(psa_attributes); -+ proto_attributes->id = psa_get_key_id(psa_attributes); -+ -+ proto_attributes->policy.usage = psa_get_key_usage_flags(psa_attributes); -+ proto_attributes->policy.alg = psa_get_key_algorithm(psa_attributes); -+ } -+ -+static inline void packedc_crypto_caller_translate_key_attributes_from_proto( -+ psa_key_attributes_t *psa_attributes, -+ const struct ts_crypto_key_attributes *proto_attributes) -+{ -+ psa_set_key_type(psa_attributes, proto_attributes->type); -+ psa_set_key_bits(psa_attributes, proto_attributes->key_bits); -+ psa_set_key_lifetime(psa_attributes, proto_attributes->lifetime); -+ -+ if (proto_attributes->lifetime == PSA_KEY_LIFETIME_PERSISTENT) { -+ -+ psa_set_key_id(psa_attributes, proto_attributes->id); -+ } -+ -+ psa_set_key_usage_flags(psa_attributes, proto_attributes->policy.usage); -+ psa_set_key_algorithm(psa_attributes, proto_attributes->policy.alg); -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h -new file mode 100644 -index 00000000..5ce4fb6c ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h -@@ -0,0 +1,298 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H -+#define PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_key_derivation_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_get_capacity( -+ struct service_client *context, -+ const uint32_t op_handle, -+ size_t *capacity) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(capacity), .len = sizeof(uint32_t) } -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_set_capacity( -+ struct service_client *context, -+ uint32_t op_handle, -+ size_t capacity) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID, -+ .capacity = capacity, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_input_bytes( -+ struct service_client *context, -+ uint32_t op_handle, -+ psa_key_derivation_step_t step, -+ const uint8_t *data, -+ size_t data_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID, -+ .step = step, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(data), .len = data_length }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_input_key( -+ struct service_client *context, -+ uint32_t op_handle, -+ psa_key_derivation_step_t step, -+ psa_key_id_t key) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID, -+ .key_id = key, -+ .step = step, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_output_bytes( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *output, -+ size_t output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(output), .len = output_length }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_output_key( -+ struct service_client *context, -+ const psa_key_attributes_t *attributes, -+ uint32_t op_handle, -+ psa_key_id_t *key) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(attributes), -+ .len = sizeof(psa_key_attributes_t) }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(key), .len = sizeof(psa_key_id_t)}, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_abort( -+ struct service_client *context, -+ uint32_t op_handle) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_key_derivation_key_agreement( -+ struct service_client *context, -+ uint32_t op_handle, -+ psa_key_derivation_step_t step, -+ psa_key_id_t private_key, -+ const uint8_t *peer_key, -+ size_t peer_key_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID, -+ .key_id = private_key, -+ .step = step, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(peer_key), -+ .len = peer_key_length}, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_raw_key_agreement( -+ struct service_client *context, -+ psa_algorithm_t alg, -+ psa_key_id_t private_key, -+ const uint8_t *peer_key, -+ size_t peer_key_length, -+ uint8_t *output, -+ size_t output_size, -+ size_t *output_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID, -+ .alg = alg, -+ .key_id = private_key, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(peer_key), -+ .len = peer_key_length}, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(output), .len = output_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h -new file mode 100644 -index 00000000..3a820192 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h -@@ -0,0 +1,207 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_MAC_H -+#define PSA_IPC_CRYPTO_CALLER_MAC_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_mac_sign_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_mac_verify_setup( -+ struct service_client *context, -+ uint32_t *op_handle, -+ psa_key_id_t key, -+ psa_algorithm_t alg) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = *op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_mac_update( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *input, -+ size_t input_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_UPDATE_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(input), .len = input_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_mac_sign_finish( -+ struct service_client *context, -+ uint32_t op_handle, -+ uint8_t *mac, -+ size_t mac_size, -+ size_t *mac_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ { .base = psa_ptr_to_u32(mac), .len = mac_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *mac_length = out_vec[1].len; -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_mac_verify_finish( -+ struct service_client *context, -+ uint32_t op_handle, -+ const uint8_t *mac, -+ size_t mac_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(mac), .len = mac_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline psa_status_t crypto_caller_mac_abort( -+ struct service_client *context, -+ uint32_t op_handle) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_MAC_ABORT_SID, -+ .op_handle = op_handle, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; -+} -+ -+static inline size_t crypto_caller_mac_max_update_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the mac_update operation -+ * using the packed-c encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = iov_size; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_MAC_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h -new file mode 100644 -index 00000000..a3a796e2 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h -@@ -0,0 +1,51 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PACKEDC_CRYPTO_CALLER_PURGE_KEY_H -+#define PACKEDC_CRYPTO_CALLER_PURGE_KEY_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_purge_key(struct service_client *context, -+ psa_key_id_t id) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_PURGE_KEY_SID, -+ .key_id = id, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PACKEDC_CRYPTO_CALLER_PURGE_KEY_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -new file mode 100644 -index 00000000..71d88ced ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -@@ -0,0 +1,64 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H -+#define PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_sign_hash(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, -+ size_t hash_length, -+ uint8_t *signature, -+ size_t signature_size, -+ size_t *signature_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_SIGN_HASH_SID, -+ .key_id = id, -+ .alg = alg, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(hash), .len = hash_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(signature), .len = signature_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *signature_length = out_vec[0].len; -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H */ -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -new file mode 100644 -index 00000000..e16f6e54 ---- /dev/null -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -@@ -0,0 +1,59 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H -+#define PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H -+ -+#include <string.h> -+#include <stdlib.h> -+#include <psa/crypto.h> -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <service/common/client/service_client.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include <protocols/service/crypto/packed-c/opcodes.h> -+#include <protocols/service/crypto/packed-c/key_attributes.h> -+#include <protocols/service/crypto/packed-c/import_key.h> -+#include "crypto_caller_key_attributes.h" -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+static inline psa_status_t crypto_caller_verify_hash(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, -+ size_t hash_length, -+ const uint8_t *signature, -+ size_t signature_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_VERIFY_HASH_SID, -+ .key_id = id, -+ .alg = alg, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) }, -+ { .base = psa_ptr_const_to_u32(hash), .len = hash_length }, -+ { .base = psa_ptr_const_to_u32(signature), .len = signature_length}, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), NULL, 0); -+ -+ return status; -+} -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H */ -diff --git a/components/service/crypto/include/psa/crypto_client_struct.h b/components/service/crypto/include/psa/crypto_client_struct.h -index abd420c8..bf95c982 100644 ---- a/components/service/crypto/include/psa/crypto_client_struct.h -+++ b/components/service/crypto/include/psa/crypto_client_struct.h -@@ -31,12 +31,12 @@ extern "C" { - * data structure internally. */ - struct psa_client_key_attributes_s - { -+ uint16_t type; -+ uint16_t bits; - uint32_t lifetime; -- uint32_t id; -- uint32_t alg; -+ psa_key_id_t id; - uint32_t usage; -- size_t bits; -- uint16_t type; -+ uint32_t alg; - }; - - #define PSA_CLIENT_KEY_ATTRIBUTES_INIT {0, 0, 0, 0, 0, 0} -diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h -index 7a0149bb..4d7bf6e9 100644 ---- a/components/service/crypto/include/psa/crypto_sizes.h -+++ b/components/service/crypto/include/psa/crypto_sizes.h -@@ -81,7 +81,7 @@ - #define PSA_HASH_MAX_SIZE 64 - #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128 - #else --#define PSA_HASH_MAX_SIZE 32 -+#define PSA_HASH_MAX_SIZE 64 - #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64 - #endif - -diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt -index af2225e7..21904283 100644 ---- a/deployments/se-proxy/opteesp/CMakeLists.txt -+++ b/deployments/se-proxy/opteesp/CMakeLists.txt -@@ -85,7 +85,7 @@ add_components(TARGET "se-proxy" - "components/rpc/dummy" - "components/rpc/common/caller" - "components/service/attestation/key_mngr/stub" -- "components/service/crypto/backend/stub" -+ "components/service/crypto/backend/psa_ipc" - "components/service/crypto/client/psa" - "components/service/secure_storage/backend/mock_store" - ) -diff --git a/deployments/se-proxy/opteesp/service_proxy_factory.c b/deployments/se-proxy/opteesp/service_proxy_factory.c -index 1110ac46..7edeef8b 100644 ---- a/deployments/se-proxy/opteesp/service_proxy_factory.c -+++ b/deployments/se-proxy/opteesp/service_proxy_factory.c -@@ -15,7 +15,7 @@ - #include <trace.h> - - /* Stub backends */ --#include <service/crypto/backend/stub/stub_crypto_backend.h> -+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> - #include <service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h> - #include <service/secure_storage/backend/mock_store/mock_store.h> - -@@ -47,12 +47,17 @@ struct rpc_interface *crypto_proxy_create(void) - { - struct rpc_interface *crypto_iface = NULL; - struct crypto_provider *crypto_provider; -+ struct rpc_caller *crypto_caller; - -- if (stub_crypto_backend_init() == PSA_SUCCESS) { -+ crypto_caller = openamp_caller_init(&openamp); -+ if (!crypto_caller) -+ return NULL; -+ -+ if (crypto_ipc_backend_init(&openamp.rpc_caller) != PSA_SUCCESS) -+ return NULL; - -- crypto_provider = crypto_provider_factory_create(); -- crypto_iface = service_provider_get_rpc_interface(&crypto_provider->base_provider); -- } -+ crypto_provider = crypto_provider_factory_create(); -+ crypto_iface = service_provider_get_rpc_interface(&crypto_provider->base_provider); - - return crypto_iface; - } -diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake -index bb778bb9..51e5faa3 100644 ---- a/platform/providers/arm/corstone1000/platform.cmake -+++ b/platform/providers/arm/corstone1000/platform.cmake -@@ -8,3 +8,5 @@ - - # include MHU driver - include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake) -+ -+add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED) diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0024-Increase-SMM-gateway-UEFI-variable-macro-value.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0024-Increase-SMM-gateway-UEFI-variable-macro-value.patch deleted file mode 100644 index 91207bdd98..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0024-Increase-SMM-gateway-UEFI-variable-macro-value.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 8fca2a8eed6ebc1cbf9f7972c6a9bb137ebafe1a Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> -Date: Sun, 12 Dec 2021 17:07:03 +0000 -Subject: [PATCH] Increase SMM gateway UEFI variable macro value - -The maximum number of UEFI variables that be supported by SMM -gateway is currently 40. When more than 40 variables are written, -or read SMM gateway returns error code. Currently this value is -increased to 100 to support more UEFI variables. - -Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> - - ---- - deployments/smm-gateway/smm_gateway.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/deployments/smm-gateway/smm_gateway.c b/deployments/smm-gateway/smm_gateway.c -index 7828b3af..7e6729ee 100644 ---- a/deployments/smm-gateway/smm_gateway.c -+++ b/deployments/smm-gateway/smm_gateway.c -@@ -20,6 +20,9 @@ - #define SMM_GATEWAY_NV_STORE_SN "sn:ffa:751bf801-3dde-4768-a514-0f10aeed1790:0" - #endif - -+/* Maximum number of UEFI variables set to 100 */ -+#define SMM_GATEWAY_MAX_UEFI_VARIABLES (100) -+ - /* Default maximum number of UEFI variables */ - #ifndef SMM_GATEWAY_MAX_UEFI_VARIABLES - #define SMM_GATEWAY_MAX_UEFI_VARIABLES (40) diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0025-Add-stub-capsule-update-service-components.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0025-Add-stub-capsule-update-service-components.patch deleted file mode 100644 index 943568c8c6..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0025-Add-stub-capsule-update-service-components.patch +++ /dev/null @@ -1,436 +0,0 @@ -From eb1beb0f4f3a0d97a1ee941b068fb1f3b7ba7d7b Mon Sep 17 00:00:00 2001 -From: Julian Hall <julian.hall@arm.com> -Date: Tue, 12 Oct 2021 15:45:41 +0100 -Subject: [PATCH] Add stub capsule update service components - -To facilitate development of a capsule update service provider, -stub components are added to provide a starting point for an -implementation. The capsule update service provider is integrated -into the se-proxy/opteesp deployment. - -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> -Signed-off-by: Julian Hall <julian.hall@arm.com> -Change-Id: I0d4049bb4de5af7ca80806403301692507085d28 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - - ---- - .../backend/capsule_update_backend.h | 24 ++++ - .../provider/capsule_update_provider.c | 133 ++++++++++++++++++ - .../provider/capsule_update_provider.h | 51 +++++++ - .../capsule_update/provider/component.cmake | 13 ++ - deployments/se-proxy/opteesp/CMakeLists.txt | 1 + - deployments/se-proxy/opteesp/se_proxy_sp.c | 3 + - .../se-proxy/opteesp/service_proxy_factory.c | 16 +++ - .../se-proxy/opteesp/service_proxy_factory.h | 1 + - deployments/se-proxy/se_proxy_interfaces.h | 9 +- - .../capsule_update/capsule_update_proto.h | 13 ++ - protocols/service/capsule_update/opcodes.h | 17 +++ - protocols/service/capsule_update/parameters.h | 15 ++ - 12 files changed, 292 insertions(+), 4 deletions(-) - create mode 100644 components/service/capsule_update/backend/capsule_update_backend.h - create mode 100644 components/service/capsule_update/provider/capsule_update_provider.c - create mode 100644 components/service/capsule_update/provider/capsule_update_provider.h - create mode 100644 components/service/capsule_update/provider/component.cmake - create mode 100644 protocols/service/capsule_update/capsule_update_proto.h - create mode 100644 protocols/service/capsule_update/opcodes.h - create mode 100644 protocols/service/capsule_update/parameters.h - -diff --git a/components/service/capsule_update/backend/capsule_update_backend.h b/components/service/capsule_update/backend/capsule_update_backend.h -new file mode 100644 -index 00000000..f3144ff1 ---- /dev/null -+++ b/components/service/capsule_update/backend/capsule_update_backend.h -@@ -0,0 +1,24 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef CAPSULE_UPDATE_BACKEND_H -+#define CAPSULE_UPDATE_BACKEND_H -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/** -+ * Defines the common capsule update backend interface. Concrete backends -+ * implement this interface for different types of platform. -+ */ -+ -+ -+#ifdef __cplusplus -+} /* extern "C" */ -+#endif -+ -+#endif /* CAPSULE_UPDATE_BACKEND_H */ -diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c -new file mode 100644 -index 00000000..9bbd7abc ---- /dev/null -+++ b/components/service/capsule_update/provider/capsule_update_provider.c -@@ -0,0 +1,133 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#include <psa/client.h> -+#include <psa/sid.h> -+#include <trace.h> -+ -+#include <protocols/service/capsule_update/capsule_update_proto.h> -+#include <protocols/rpc/common/packed-c/status.h> -+#include "capsule_update_provider.h" -+ -+ -+#define CAPSULE_UPDATE_REQUEST (0x1) -+#define KERNEL_STARTED_EVENT (0x2) -+ -+enum corstone1000_ioctl_id_t { -+ IOCTL_CORSTONE1000_FWU_FLASH_IMAGES = 0, -+ IOCTL_CORSTONE1000_FWU_HOST_ACK, -+}; -+ -+/* Service request handlers */ -+static rpc_status_t update_capsule_handler(void *context, struct call_req *req); -+static rpc_status_t boot_confirmed_handler(void *context, struct call_req *req); -+ -+/* Handler mapping table for service */ -+static const struct service_handler handler_table[] = { -+ {CAPSULE_UPDATE_OPCODE_UPDATE_CAPSULE, update_capsule_handler}, -+ {CAPSULE_UPDATE_OPCODE_BOOT_CONFIRMED, boot_confirmed_handler} -+}; -+ -+struct rpc_interface *capsule_update_provider_init( -+ struct capsule_update_provider *context) -+{ -+ struct rpc_interface *rpc_interface = NULL; -+ -+ if (context) { -+ -+ service_provider_init( -+ &context->base_provider, -+ context, -+ handler_table, -+ sizeof(handler_table)/sizeof(struct service_handler)); -+ -+ rpc_interface = service_provider_get_rpc_interface(&context->base_provider); -+ } -+ -+ return rpc_interface; -+} -+ -+void capsule_update_provider_deinit(struct capsule_update_provider *context) -+{ -+ (void)context; -+} -+ -+static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller) -+{ -+ uint32_t ioctl_id; -+ psa_handle_t handle; -+ rpc_status_t rpc_status = TS_RPC_CALL_ACCEPTED; -+ -+ struct psa_invec in_vec[] = { -+ { .base = &ioctl_id, .len = sizeof(ioctl_id) } -+ }; -+ -+ if(!caller) { -+ EMSG("event_handler rpc_caller is NULL"); -+ rpc_status = TS_RPC_ERROR_RESOURCE_FAILURE; -+ return rpc_status; -+ } -+ -+ MSG("event handler opcode %x", opcode); -+ switch(opcode) { -+ case CAPSULE_UPDATE_REQUEST: -+ /* Openamp call with IOCTL for firmware update*/ -+ ioctl_id = IOCTL_CORSTONE1000_FWU_FLASH_IMAGES; -+ handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID, -+ TFM_SP_PLATFORM_IOCTL_VERSION); -+ if (handle <= 0) { -+ EMSG("%s Invalid handle", __func__); -+ rpc_status = TS_RPC_ERROR_INVALID_PARAMETER; -+ return rpc_status; -+ } -+ psa_call(caller,handle, PSA_IPC_CALL, -+ in_vec,IOVEC_LEN(in_vec), NULL, 0); -+ break; -+ -+ case KERNEL_STARTED_EVENT: -+ ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK; -+ /*openamp call with IOCTL for kernel start*/ -+ handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID, -+ TFM_SP_PLATFORM_IOCTL_VERSION); -+ if (handle <= 0) { -+ EMSG("%s Invalid handle", __func__); -+ rpc_status = TS_RPC_ERROR_INVALID_PARAMETER; -+ return rpc_status; -+ } -+ psa_call(caller,handle, PSA_IPC_CALL, -+ in_vec,IOVEC_LEN(in_vec), NULL, 0); -+ break; -+ default: -+ EMSG("%s unsupported opcode", __func__); -+ rpc_status = TS_RPC_ERROR_INVALID_PARAMETER; -+ return rpc_status; -+ } -+ return rpc_status; -+ -+} -+ -+static rpc_status_t update_capsule_handler(void *context, struct call_req *req) -+{ -+ struct capsule_update_provider *this_instance = (struct capsule_update_provider*)context; -+ struct rpc_caller *caller = this_instance->client.caller; -+ uint32_t opcode = req->opcode; -+ rpc_status_t rpc_status = TS_RPC_ERROR_NOT_READY; -+ -+ rpc_status = event_handler(opcode, caller); -+ return rpc_status; -+} -+ -+static rpc_status_t boot_confirmed_handler(void *context, struct call_req *req) -+{ -+ struct capsule_update_provider *this_instance = (struct capsule_update_provider*)context; -+ struct rpc_caller *caller = this_instance->client.caller; -+ uint32_t opcode = req->opcode; -+ rpc_status_t rpc_status = TS_RPC_ERROR_NOT_READY; -+ -+ rpc_status = event_handler(opcode, caller); -+ -+ return rpc_status; -+} -diff --git a/components/service/capsule_update/provider/capsule_update_provider.h b/components/service/capsule_update/provider/capsule_update_provider.h -new file mode 100644 -index 00000000..3de49854 ---- /dev/null -+++ b/components/service/capsule_update/provider/capsule_update_provider.h -@@ -0,0 +1,51 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef CAPSULE_UPDATE_PROVIDER_H -+#define CAPSULE_UPDATE_PROVIDER_H -+ -+#include <rpc/common/endpoint/rpc_interface.h> -+#include <service/common/provider/service_provider.h> -+#include <service/common/client/service_client.h> -+#include <service/capsule_update/backend/capsule_update_backend.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/** -+ * The capsule_update_provider is a service provider that accepts update capsule -+ * requests and delegates them to a suitable backend that applies the update. -+ */ -+struct capsule_update_provider -+{ -+ struct service_provider base_provider; -+ struct service_client client; -+}; -+ -+/** -+ * \brief Initialize an instance of the capsule update service provider -+ * -+ * @param[in] context The instance to initialize -+ * -+ * \return An rpc_interface or NULL on failure -+ */ -+struct rpc_interface *capsule_update_provider_init( -+ struct capsule_update_provider *context); -+ -+/** -+ * \brief Cleans up when the instance is no longer needed -+ * -+ * \param[in] context The instance to de-initialize -+ */ -+void capsule_update_provider_deinit( -+ struct capsule_update_provider *context); -+ -+#ifdef __cplusplus -+} /* extern "C" */ -+#endif -+ -+#endif /* CAPSULE_UPDATE_PROVIDER_H */ -diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake -new file mode 100644 -index 00000000..1d412eb2 ---- /dev/null -+++ b/components/service/capsule_update/provider/component.cmake -@@ -0,0 +1,13 @@ -+#------------------------------------------------------------------------------- -+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# -+# SPDX-License-Identifier: BSD-3-Clause -+# -+#------------------------------------------------------------------------------- -+if (NOT DEFINED TGT) -+ message(FATAL_ERROR "mandatory parameter TGT is not defined.") -+endif() -+ -+target_sources(${TGT} PRIVATE -+ "${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c" -+ ) -diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt -index 21904283..953bb716 100644 ---- a/deployments/se-proxy/opteesp/CMakeLists.txt -+++ b/deployments/se-proxy/opteesp/CMakeLists.txt -@@ -80,6 +80,7 @@ add_components(TARGET "se-proxy" - "components/service/attestation/reporter/psa_ipc" - "components/service/attestation/client/psa_ipc" - "components/rpc/openamp/caller/sp" -+ "components/service/capsule_update/provider" - - # Stub service provider backends - "components/rpc/dummy" -diff --git a/deployments/se-proxy/opteesp/se_proxy_sp.c b/deployments/se-proxy/opteesp/se_proxy_sp.c -index ef90d9ee..11b014b2 100644 ---- a/deployments/se-proxy/opteesp/se_proxy_sp.c -+++ b/deployments/se-proxy/opteesp/se_proxy_sp.c -@@ -48,6 +48,9 @@ void __noreturn sp_main(struct ffa_init_info *init_info) - rpc_iface = attest_proxy_create(); - rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_ATTEST, rpc_iface); - -+ rpc_iface = capsule_update_proxy_create(); -+ rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE, rpc_iface); -+ - /* End of boot phase */ - sp_msg_wait(&req_msg); - -diff --git a/deployments/se-proxy/opteesp/service_proxy_factory.c b/deployments/se-proxy/opteesp/service_proxy_factory.c -index 7edeef8b..591cc9ee 100644 ---- a/deployments/se-proxy/opteesp/service_proxy_factory.c -+++ b/deployments/se-proxy/opteesp/service_proxy_factory.c -@@ -13,6 +13,7 @@ - #include <service/crypto/factory/crypto_provider_factory.h> - #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h> - #include <trace.h> -+#include <service/capsule_update/provider/capsule_update_provider.h> - - /* Stub backends */ - #include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h> -@@ -93,3 +94,18 @@ struct rpc_interface *its_proxy_create(void) - - return secure_storage_provider_init(&its_provider, backend); - } -+ -+struct rpc_interface *capsule_update_proxy_create(void) -+{ -+ static struct capsule_update_provider capsule_update_provider; -+ static struct rpc_caller *capsule_update_caller; -+ -+ capsule_update_caller = openamp_caller_init(&openamp); -+ -+ if (!capsule_update_caller) -+ return NULL; -+ -+ capsule_update_provider.client.caller = capsule_update_caller; -+ -+ return capsule_update_provider_init(&capsule_update_provider); -+} -diff --git a/deployments/se-proxy/opteesp/service_proxy_factory.h b/deployments/se-proxy/opteesp/service_proxy_factory.h -index 298d407a..02aa7fe2 100644 ---- a/deployments/se-proxy/opteesp/service_proxy_factory.h -+++ b/deployments/se-proxy/opteesp/service_proxy_factory.h -@@ -17,6 +17,7 @@ struct rpc_interface *attest_proxy_create(void); - struct rpc_interface *crypto_proxy_create(void); - struct rpc_interface *ps_proxy_create(void); - struct rpc_interface *its_proxy_create(void); -+struct rpc_interface *capsule_update_proxy_create(void); - - #ifdef __cplusplus - } -diff --git a/deployments/se-proxy/se_proxy_interfaces.h b/deployments/se-proxy/se_proxy_interfaces.h -index 48908f84..3d4a7c20 100644 ---- a/deployments/se-proxy/se_proxy_interfaces.h -+++ b/deployments/se-proxy/se_proxy_interfaces.h -@@ -8,9 +8,10 @@ - #define SE_PROXY_INTERFACES_H - - /* Interface IDs from service endpoints available from an se-proxy deployment */ --#define SE_PROXY_INTERFACE_ID_ITS (0) --#define SE_PROXY_INTERFACE_ID_PS (1) --#define SE_PROXY_INTERFACE_ID_CRYPTO (2) --#define SE_PROXY_INTERFACE_ID_ATTEST (3) -+#define SE_PROXY_INTERFACE_ID_ITS (0) -+#define SE_PROXY_INTERFACE_ID_PS (1) -+#define SE_PROXY_INTERFACE_ID_CRYPTO (2) -+#define SE_PROXY_INTERFACE_ID_ATTEST (3) -+#define SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE (4) - - #endif /* SE_PROXY_INTERFACES_H */ -diff --git a/protocols/service/capsule_update/capsule_update_proto.h b/protocols/service/capsule_update/capsule_update_proto.h -new file mode 100644 -index 00000000..8f326cd3 ---- /dev/null -+++ b/protocols/service/capsule_update/capsule_update_proto.h -@@ -0,0 +1,13 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef CAPSULE_UPDATE_PROTO_H -+#define CAPSULE_UPDATE_PROTO_H -+ -+#include <protocols/service/capsule_update/opcodes.h> -+#include <protocols/service/capsule_update/parameters.h> -+ -+#endif /* CAPSULE_UPDATE_PROTO_H */ -diff --git a/protocols/service/capsule_update/opcodes.h b/protocols/service/capsule_update/opcodes.h -new file mode 100644 -index 00000000..8185a090 ---- /dev/null -+++ b/protocols/service/capsule_update/opcodes.h -@@ -0,0 +1,17 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef CAPSULE_UPDATE_OPCODES_H -+#define CAPSULE_UPDATE_OPCODES_H -+ -+/** -+ * Opcode definitions for the capsule update service -+ */ -+ -+#define CAPSULE_UPDATE_OPCODE_UPDATE_CAPSULE 1 -+#define CAPSULE_UPDATE_OPCODE_BOOT_CONFIRMED 2 -+ -+#endif /* CAPSULE_UPDATE_OPCODES_H */ -diff --git a/protocols/service/capsule_update/parameters.h b/protocols/service/capsule_update/parameters.h -new file mode 100644 -index 00000000..285d9241 ---- /dev/null -+++ b/protocols/service/capsule_update/parameters.h -@@ -0,0 +1,15 @@ -+/* -+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * -+ * SPDX-License-Identifier: BSD-3-Clause -+ */ -+ -+#ifndef CAPSULE_UPDATE_PARAMETERS_H -+#define CAPSULE_UPDATE_PARAMETERS_H -+ -+/** -+ * Operation parameter definitions for the capsule update service access protocol. -+ */ -+ -+ -+#endif /* CAPSULE_UPDATE_PARAMETERS_H */ diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0026-Add-logs-to-functions-in-SMM-gateway-SP.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0026-Add-logs-to-functions-in-SMM-gateway-SP.patch deleted file mode 100644 index 38ce24398b..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0026-Add-logs-to-functions-in-SMM-gateway-SP.patch +++ /dev/null @@ -1,248 +0,0 @@ -From c9188e59fd27d208a975187da285a9b5938bb00d Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> -Date: Thu, 16 Dec 2021 13:29:58 +0000 -Subject: [PATCH] Add logs to functions in SMM gateway SP - -Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> - - ---- - .../backend/uefi_variable_store.c | 29 +++++++++++++++++-- - .../provider/smm_variable_provider.c | 7 +++-- - 2 files changed, 32 insertions(+), 4 deletions(-) - -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index ed50eaf9..0c371e94 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -11,6 +11,7 @@ - #include "uefi_variable_store.h" - #include "variable_index_iterator.h" - #include "variable_checker.h" -+#include <trace.h> - - /* Private functions */ - static void load_variable_index( -@@ -151,12 +152,15 @@ void uefi_variable_store_set_storage_limits( - size_t total_capacity, - size_t max_variable_size) - { -+ EMSG("In func %s\n", __func__); - struct delegate_variable_store *delegate_store = select_delegate_store( - context, - attributes); - - delegate_store->total_capacity = total_capacity; - delegate_store->max_variable_size = max_variable_size; -+ EMSG("In func %s total_capacity is %d\n", __func__, total_capacity); -+ EMSG("In func %s max_variable_size is %d\n", __func__, max_variable_size); - } - - efi_status_t uefi_variable_store_set_variable( -@@ -265,6 +269,7 @@ efi_status_t uefi_variable_store_get_variable( - size_t max_data_len, - size_t *total_length) - { -+ EMSG("In func %s\n", __func__); - efi_status_t status = check_name_terminator(var->Name, var->NameSize); - if (status != EFI_SUCCESS) return status; - -@@ -299,6 +304,7 @@ efi_status_t uefi_variable_store_get_next_variable_name( - size_t max_name_len, - size_t *total_length) - { -+ EMSG("In func %s\n", __func__); - efi_status_t status = check_name_terminator(cur->Name, cur->NameSize); - if (status != EFI_SUCCESS) return status; - -@@ -329,6 +335,8 @@ efi_status_t uefi_variable_store_query_variable_info( - struct uefi_variable_store *context, - SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *var_info) - { -+ -+ EMSG("In func %s\n", __func__); - struct delegate_variable_store *delegate_store = select_delegate_store( - context, - var_info->Attributes); -@@ -337,13 +345,15 @@ efi_status_t uefi_variable_store_query_variable_info( - context, - var_info->Attributes, - delegate_store->storage_backend); -- -+ EMSG("In func %s total_used is %d\n", __func__, total_used); - var_info->MaximumVariableSize = delegate_store->max_variable_size; - var_info->MaximumVariableStorageSize = delegate_store->total_capacity; - var_info->RemainingVariableStorageSize = (total_used < delegate_store->total_capacity) ? - delegate_store->total_capacity - total_used : - 0; -- -+ EMSG("In func %s var_info->MaximumVariableSize is %d\n", __func__, var_info->MaximumVariableSize); -+ EMSG("In func %s var_info->MaximumVariableStorageSize is %d\n", __func__, var_info->MaximumVariableStorageSize); -+ EMSG("In func %s var_info->RemainingVariableStorageSize is %d\n", __func__, var_info->RemainingVariableStorageSize); - return EFI_SUCCESS; - } - -@@ -358,6 +368,7 @@ efi_status_t uefi_variable_store_set_var_check_property( - struct uefi_variable_store *context, - const SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *property) - { -+ EMSG("In func %s\n", __func__); - efi_status_t status = check_name_terminator(property->Name, property->NameSize); - if (status != EFI_SUCCESS) return status; - -@@ -404,6 +415,7 @@ efi_status_t uefi_variable_store_get_var_check_property( - struct uefi_variable_store *context, - SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *property) - { -+ EMSG("In func %s\n", __func__); - efi_status_t status = check_name_terminator(property->Name, property->NameSize); - if (status != EFI_SUCCESS) return status; - -@@ -430,6 +442,7 @@ efi_status_t uefi_variable_store_get_var_check_property( - static void load_variable_index( - struct uefi_variable_store *context) - { -+ EMSG("In func %s\n", __func__); - struct storage_backend *persistent_store = context->persistent_store.storage_backend; - - if (persistent_store) { -@@ -444,6 +457,7 @@ static void load_variable_index( - context->index_sync_buffer_size, - context->index_sync_buffer, - &data_len); -+ EMSG("In func %s get status is %d\n", __func__, psa_status); - - if (psa_status == PSA_SUCCESS) { - -@@ -455,6 +469,7 @@ static void load_variable_index( - static efi_status_t sync_variable_index( - struct uefi_variable_store *context) - { -+ EMSG("In func %s\n", __func__); - efi_status_t status = EFI_SUCCESS; - - /* Sync the varibale index to storage if anything is dirty */ -@@ -479,6 +494,7 @@ static efi_status_t sync_variable_index( - data_len, - context->index_sync_buffer, - PSA_STORAGE_FLAG_NONE); -+ EMSG("In func %s set status is %d\n", __func__, psa_status); - - status = psa_to_efi_storage_status(psa_status); - } -@@ -490,6 +506,7 @@ static efi_status_t sync_variable_index( - static efi_status_t check_capabilities( - const SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var) - { -+ EMSG("In func %s\n", __func__); - efi_status_t status = EFI_SUCCESS; - - /* Check if any unsupported variable attributes have been requested */ -@@ -551,6 +568,7 @@ static efi_status_t store_variable_data( - const struct variable_info *info, - const SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var) - { -+ EMSG("In func %s\n", __func__); - psa_status_t psa_status = PSA_SUCCESS; - size_t data_len = var->DataSize; - const uint8_t *data = (const uint8_t*)var + -@@ -599,6 +617,7 @@ static efi_status_t remove_variable_data( - struct uefi_variable_store *context, - const struct variable_info *info) - { -+ EMSG("In func %s\n", __func__); - psa_status_t psa_status = PSA_SUCCESS; - - if (info->is_variable_set) { -@@ -613,6 +632,7 @@ static efi_status_t remove_variable_data( - delegate_store->storage_backend->context, - context->owner_id, - info->metadata.uid); -+ EMSG("In func %s status is %d\n", __func__, psa_status); - } - } - -@@ -625,6 +645,7 @@ static efi_status_t load_variable_data( - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var, - size_t max_data_len) - { -+ EMSG("In func %s\n", __func__); - psa_status_t psa_status = PSA_SUCCESS; - size_t data_len = 0; - uint8_t *data = (uint8_t*)var + -@@ -644,6 +665,7 @@ static efi_status_t load_variable_data( - max_data_len, - data, - &data_len); -+ EMSG("In func %s get status is %d\n", __func__, psa_status); - - var->DataSize = data_len; - } -@@ -771,6 +793,7 @@ static void purge_orphan_index_entries( - context->owner_id, - info->metadata.uid, - &storage_info); -+ EMSG("In func %s get status is %d\n", __func__, psa_status); - - if (psa_status != PSA_SUCCESS) { - -@@ -802,6 +825,7 @@ static size_t space_used( - uint32_t attributes, - struct storage_backend *storage_backend) - { -+ EMSG("In func %s\n", __func__); - if (!storage_backend) return 0; - - size_t total_used = 0; -@@ -823,6 +847,7 @@ static size_t space_used( - context->owner_id, - info->metadata.uid, - &storage_info); -+ EMSG("In func %s get status is %d\n", __func__, psa_status); - - if (psa_status == PSA_SUCCESS) total_used += storage_info.size; - } -diff --git a/components/service/smm_variable/provider/smm_variable_provider.c b/components/service/smm_variable/provider/smm_variable_provider.c -index 52e68d09..1f362c17 100644 ---- a/components/service/smm_variable/provider/smm_variable_provider.c -+++ b/components/service/smm_variable/provider/smm_variable_provider.c -@@ -9,6 +9,7 @@ - #include <protocols/service/smm_variable/smm_variable_proto.h> - #include <protocols/rpc/common/packed-c/status.h> - #include "smm_variable_provider.h" -+#include <trace.h> - - /* Service request handlers */ - static rpc_status_t get_variable_handler(void *context, struct call_req *req); -@@ -252,17 +253,18 @@ static rpc_status_t set_variable_handler(void *context, struct call_req* req) - - static rpc_status_t query_variable_info_handler(void *context, struct call_req* req) - { -+ EMSG("In func %s \n", __func__); - efi_status_t efi_status = EFI_INVALID_PARAMETER; - struct smm_variable_provider *this_instance = (struct smm_variable_provider*)context; - - const struct call_param_buf *req_buf = call_req_get_req_buf(req); -- -+ EMSG("In func %s sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO) is %d\n", __func__, sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO)); - if (req_buf->data_len >= sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO)) { - - struct call_param_buf *resp_buf = call_req_get_resp_buf(req); - - if (resp_buf->size >= req_buf->data_len) { -- -+ - memmove(resp_buf->data, req_buf->data, req_buf->data_len); - - efi_status = uefi_variable_store_query_variable_info( -@@ -272,6 +274,7 @@ static rpc_status_t query_variable_info_handler(void *context, struct call_req* - if (efi_status == EFI_SUCCESS) { - - resp_buf->data_len = sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO); -+ EMSG("In func %s resp_buf->data_len is %d\n", __func__, resp_buf->data_len); - } - } - else { diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0027-Configure-storage-size.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0027-Configure-storage-size.patch deleted file mode 100644 index ddf9503410..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0027-Configure-storage-size.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 3e472452bca64ed90071b61416460f1a69382293 Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> -Date: Thu, 16 Dec 2021 21:31:40 +0000 -Subject: [PATCH] Configure storage size - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> - - ---- - .../service/smm_variable/backend/uefi_variable_store.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index 0c371e94..b7cfff40 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -87,6 +87,7 @@ static efi_status_t check_name_terminator( - * may be overridden using uefi_variable_store_set_storage_limits() - */ - #define DEFAULT_MAX_VARIABLE_SIZE (2048) -+#define CONFIGURE_STORAGE_SIZE (50) - - efi_status_t uefi_variable_store_init( - struct uefi_variable_store *context, -@@ -100,13 +101,13 @@ efi_status_t uefi_variable_store_init( - /* Initialise persistent store defaults */ - context->persistent_store.is_nv = true; - context->persistent_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE; -- context->persistent_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables; -+ context->persistent_store.total_capacity = CONFIGURE_STORAGE_SIZE * max_variables; - context->persistent_store.storage_backend = persistent_store; - - /* Initialise volatile store defaults */ - context->volatile_store.is_nv = false; - context->volatile_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE; -- context->volatile_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables; -+ context->volatile_store.total_capacity = CONFIGURE_STORAGE_SIZE * max_variables; - context->volatile_store.storage_backend = volatile_store; - - context->owner_id = owner_id; diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0028-Revert-Add-uefi-variable-append-write-support.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0028-Revert-Add-uefi-variable-append-write-support.patch deleted file mode 100644 index 9bb3f91d79..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0028-Revert-Add-uefi-variable-append-write-support.patch +++ /dev/null @@ -1,1219 +0,0 @@ -From da3bd0721f2403562b6ae6d1939f5f331fd141bb Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> -Date: Wed, 15 Dec 2021 17:23:25 +0000 -Subject: [PATCH] Revert "Add uefi variable append write support" - -This reverts commit e8758d9aff0eddae81a74b0191cd027bcdc92c04. - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> - - ---- - .../backend/test/variable_index_tests.cpp | 90 +++--- - .../backend/test/variable_store_tests.cpp | 72 +---- - .../backend/uefi_variable_store.c | 293 ++++++------------ - .../smm_variable/backend/variable_index.c | 95 ++++-- - .../smm_variable/backend/variable_index.h | 58 ++-- - .../backend/variable_index_iterator.c | 4 +- - .../backend/variable_index_iterator.h | 2 +- - .../service/smm_variable_service_tests.cpp | 48 --- - protocols/service/smm_variable/parameters.h | 3 - - 9 files changed, 239 insertions(+), 426 deletions(-) - -diff --git a/components/service/smm_variable/backend/test/variable_index_tests.cpp b/components/service/smm_variable/backend/test/variable_index_tests.cpp -index 8edc0e70..c8bacf97 100644 ---- a/components/service/smm_variable/backend/test/variable_index_tests.cpp -+++ b/components/service/smm_variable/backend/test/variable_index_tests.cpp -@@ -69,37 +69,34 @@ TEST_GROUP(UefiVariableIndexTests) - - void create_variables() - { -- struct variable_info *info = NULL; -+ const struct variable_info *info = NULL; - -- info = variable_index_add_entry( -+ info = variable_index_add_variable( - &m_variable_index, - &guid_1, - name_1.size() * sizeof(int16_t), -- name_1.data()); -- CHECK_TRUE(info); -- variable_index_set_variable( -- info, -+ name_1.data(), - EFI_VARIABLE_BOOTSERVICE_ACCESS); - -- info = variable_index_add_entry( -+ CHECK_TRUE(info); -+ -+ info = variable_index_add_variable( - &m_variable_index, - &guid_2, - name_2.size() * sizeof(int16_t), -- name_2.data()); -- CHECK_TRUE(info); -- variable_index_set_variable( -- info, -+ name_2.data(), - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS); - -- info = variable_index_add_entry( -+ CHECK_TRUE(info); -+ -+ info = variable_index_add_variable( - &m_variable_index, - &guid_1, - name_3.size() * sizeof(int16_t), -- name_3.data()); -- CHECK_TRUE(info); -- variable_index_set_variable( -- info, -+ name_3.data(), - EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS); -+ -+ CHECK_TRUE(info); - } - - static const size_t MAX_VARIABLES = 10; -@@ -114,7 +111,7 @@ TEST_GROUP(UefiVariableIndexTests) - - TEST(UefiVariableIndexTests, emptyIndexOperations) - { -- struct variable_info *info = NULL; -+ const struct variable_info *info = NULL; - - /* Expect not to find a variable */ - info = variable_index_find( -@@ -133,34 +130,36 @@ TEST(UefiVariableIndexTests, emptyIndexOperations) - POINTERS_EQUAL(NULL, info); - - /* Remove should silently return */ -- variable_index_clear_variable( -+ variable_index_remove_variable( - &m_variable_index, - info); - } - - TEST(UefiVariableIndexTests, addWithOversizedName) - { -- struct variable_info *info = NULL; -+ const struct variable_info *info = NULL; - std::vector<int16_t> name; - - name = to_variable_name(L"a long variable name that exceeds the length limit"); - -- info = variable_index_add_entry( -+ info = variable_index_add_variable( - &m_variable_index, - &guid_1, - name.size() * sizeof(int16_t), -- name.data()); -+ name.data(), -+ EFI_VARIABLE_BOOTSERVICE_ACCESS); - - /* Expect the add to fail because of an oversized name */ - POINTERS_EQUAL(NULL, info); - - name = to_variable_name(L"a long variable name that fits!"); - -- info = variable_index_add_entry( -+ info = variable_index_add_variable( - &m_variable_index, - &guid_1, - name.size() * sizeof(int16_t), -- name.data()); -+ name.data(), -+ EFI_VARIABLE_BOOTSERVICE_ACCESS); - - /* Expect the add succeed */ - CHECK_TRUE(info); -@@ -168,17 +167,18 @@ TEST(UefiVariableIndexTests, addWithOversizedName) - - TEST(UefiVariableIndexTests, variableIndexFull) - { -- struct variable_info *info = NULL; -+ const struct variable_info *info = NULL; - EFI_GUID guid = guid_1; - - /* Expect to be able to fill the index */ - for (size_t i = 0; i < MAX_VARIABLES; ++i) { - -- info = variable_index_add_entry( -+ info = variable_index_add_variable( - &m_variable_index, - &guid, - name_1.size() * sizeof(int16_t), -- name_1.data()); -+ name_1.data(), -+ EFI_VARIABLE_BOOTSERVICE_ACCESS); - - CHECK_TRUE(info); - -@@ -187,11 +187,12 @@ TEST(UefiVariableIndexTests, variableIndexFull) - } - - /* Variable index should now be full */ -- info = variable_index_add_entry( -+ info = variable_index_add_variable( - &m_variable_index, - &guid, - name_1.size() * sizeof(int16_t), -- name_1.data()); -+ name_1.data(), -+ EFI_VARIABLE_BOOTSERVICE_ACCESS); - - POINTERS_EQUAL(NULL, info); - } -@@ -322,7 +323,7 @@ TEST(UefiVariableIndexTests, dumpBufferTooSmall) - TEST(UefiVariableIndexTests, removeVariable) - { - uint8_t buffer[MAX_VARIABLES * sizeof(struct variable_metadata)]; -- struct variable_info *info = NULL; -+ const struct variable_info *info = NULL; - - create_variables(); - -@@ -333,7 +334,7 @@ TEST(UefiVariableIndexTests, removeVariable) - name_2.size() * sizeof(int16_t), - name_2.data()); - -- variable_index_clear_variable( -+ variable_index_remove_variable( - &m_variable_index, - info); - -@@ -351,7 +352,7 @@ TEST(UefiVariableIndexTests, removeVariable) - name_1.size() * sizeof(int16_t), - name_1.data()); - -- variable_index_clear_variable( -+ variable_index_remove_variable( - &m_variable_index, - info); - -@@ -369,7 +370,7 @@ TEST(UefiVariableIndexTests, removeVariable) - name_3.size() * sizeof(int16_t), - name_3.data()); - -- variable_index_clear_variable( -+ variable_index_remove_variable( - &m_variable_index, - info); - -@@ -394,7 +395,7 @@ TEST(UefiVariableIndexTests, removeVariable) - - TEST(UefiVariableIndexTests, checkIterator) - { -- struct variable_info *info = NULL; -+ const struct variable_info *info = NULL; - - create_variables(); - -@@ -418,7 +419,7 @@ TEST(UefiVariableIndexTests, checkIterator) - UNSIGNED_LONGS_EQUAL(name_2.size() * sizeof(int16_t), info->metadata.name_size); - MEMCMP_EQUAL(name_2.data(), info->metadata.name, info->metadata.name_size); - -- struct variable_info *info_to_remove = info; -+ const struct variable_info *info_to_remove = info; - - variable_index_iterator_next(&iter); - CHECK_FALSE(variable_index_iterator_is_done(&iter)); -@@ -434,8 +435,7 @@ TEST(UefiVariableIndexTests, checkIterator) - CHECK_TRUE(variable_index_iterator_is_done(&iter)); - - /* Now remove the middle entry */ -- variable_index_clear_variable(&m_variable_index, info_to_remove); -- variable_index_remove_unused_entry(&m_variable_index, info_to_remove); -+ variable_index_remove_variable(&m_variable_index, info_to_remove); - - /* Iterate again but this time there should only be two entries */ - variable_index_iterator_first(&iter, &m_variable_index); -@@ -478,7 +478,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsExistingVar) - constraints.max_size = 100; - - /* Set check constraints on one of the variables */ -- struct variable_info *info = variable_index_find( -+ const struct variable_info *info = variable_index_find( - &m_variable_index, - &guid_2, - name_2.size() * sizeof(int16_t), -@@ -488,7 +488,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsExistingVar) - CHECK_TRUE(info->is_variable_set); - CHECK_FALSE(info->is_constraints_set); - -- variable_index_set_constraints(info, &constraints); -+ variable_index_update_constraints(info, &constraints); - - CHECK_TRUE(info->is_constraints_set); - CHECK_TRUE(info->is_variable_set); -@@ -496,7 +496,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsExistingVar) - /* Remove the variable but still expect the variable to be indexed - * because of the set constraints. - */ -- variable_index_clear_variable( -+ variable_index_remove_variable( - &m_variable_index, - info); - -@@ -588,7 +588,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsNonExistingVar) - constraints.max_size = 100; - - /* Initially expect no variable_info */ -- struct variable_info *info = variable_index_find( -+ const struct variable_info *info = variable_index_find( - &m_variable_index, - &guid_2, - name_2.size() * sizeof(int16_t), -@@ -597,19 +597,19 @@ TEST(UefiVariableIndexTests, setCheckConstraintsNonExistingVar) - CHECK_FALSE(info); - - /* Adding the check constraints should result in an entry being added */ -- info = variable_index_add_entry( -+ info = variable_index_add_constraints( - &m_variable_index, - &guid_2, - name_2.size() * sizeof(int16_t), -- name_2.data()); -- CHECK_TRUE(info); -+ name_2.data(), -+ &constraints); - -- variable_index_set_constraints(info, &constraints); -+ CHECK_TRUE(info); - CHECK_FALSE(info->is_variable_set); - CHECK_TRUE(info->is_constraints_set); - - /* Updating the variable should cause the variable to be marked as set */ -- variable_index_set_variable(info, EFI_VARIABLE_RUNTIME_ACCESS); -+ variable_index_update_variable(info, EFI_VARIABLE_RUNTIME_ACCESS); - - CHECK_TRUE(info->is_variable_set); - CHECK_TRUE(info->is_constraints_set); -diff --git a/components/service/smm_variable/backend/test/variable_store_tests.cpp b/components/service/smm_variable/backend/test/variable_store_tests.cpp -index e90c1067..235642e6 100644 ---- a/components/service/smm_variable/backend/test/variable_store_tests.cpp -+++ b/components/service/smm_variable/backend/test/variable_store_tests.cpp -@@ -305,37 +305,6 @@ TEST(UefiVariableStoreTests, setGetRoundtrip) - /* Expect got variable data to be the same as the set value */ - UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); - LONGS_EQUAL(0, input_data.compare(output_data)); -- -- /* Extend the variable using an append write */ -- std::string input_data2 = " jumps over the lazy dog"; -- -- status = set_variable(var_name, input_data2, EFI_VARIABLE_APPEND_WRITE); -- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -- -- status = get_variable(var_name, output_data); -- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -- -- std::string expected_output = input_data + input_data2; -- -- /* Expect the append write operation to have extended the variable */ -- UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size()); -- LONGS_EQUAL(0, expected_output.compare(output_data)); -- -- /* Expect query_variable_info to return consistent values */ -- size_t max_variable_storage_size = 0; -- size_t remaining_variable_storage_size = 0; -- size_t max_variable_size = 0; -- -- status = query_variable_info( -- 0, -- &max_variable_storage_size, -- &remaining_variable_storage_size, -- &max_variable_size); -- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -- -- UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY, max_variable_storage_size); -- UNSIGNED_LONGLONGS_EQUAL(MAX_VARIABLE_SIZE, max_variable_size); -- UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY - expected_output.size(), remaining_variable_storage_size); - } - - TEST(UefiVariableStoreTests, persistentSetGet) -@@ -345,8 +314,7 @@ TEST(UefiVariableStoreTests, persistentSetGet) - std::string input_data = "quick brown fox"; - std::string output_data; - -- status = set_variable(var_name, input_data, -- EFI_VARIABLE_NON_VOLATILE); -+ status = set_variable(var_name, input_data, EFI_VARIABLE_NON_VOLATILE); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - - status = get_variable(var_name, output_data); -@@ -356,22 +324,6 @@ TEST(UefiVariableStoreTests, persistentSetGet) - UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); - LONGS_EQUAL(0, input_data.compare(output_data)); - -- /* Extend the variable using an append write */ -- std::string input_data2 = " jumps over the lazy dog"; -- -- status = set_variable(var_name, input_data2, -- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_APPEND_WRITE); -- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -- -- status = get_variable(var_name, output_data); -- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -- -- std::string expected_output = input_data + input_data2; -- -- /* Expect the append write operation to have extended the variable */ -- UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size()); -- LONGS_EQUAL(0, expected_output.compare(output_data)); -- - /* Expect the variable to survive a power cycle */ - power_cycle(); - -@@ -380,24 +332,8 @@ TEST(UefiVariableStoreTests, persistentSetGet) - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - - /* Still expect got variable data to be the same as the set value */ -- UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size()); -- LONGS_EQUAL(0, expected_output.compare(output_data)); -- -- /* Expect query_variable_info to return consistent values */ -- size_t max_variable_storage_size = 0; -- size_t remaining_variable_storage_size = 0; -- size_t max_variable_size = 0; -- -- status = query_variable_info( -- EFI_VARIABLE_NON_VOLATILE, -- &max_variable_storage_size, -- &remaining_variable_storage_size, -- &max_variable_size); -- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -- -- UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY, max_variable_storage_size); -- UNSIGNED_LONGLONGS_EQUAL(MAX_VARIABLE_SIZE, max_variable_size); -- UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY - expected_output.size(), remaining_variable_storage_size); -+ UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); -+ LONGS_EQUAL(0, input_data.compare(output_data)); - } - - TEST(UefiVariableStoreTests, removeVolatile) -@@ -436,7 +372,7 @@ TEST(UefiVariableStoreTests, removePersistent) - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - - /* Remove by setting with zero data length */ -- status = set_variable(var_name, std::string(), EFI_VARIABLE_NON_VOLATILE); -+ status = set_variable(var_name, std::string(), 0); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); - - /* Expect variable to no loger exist */ -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index b7cfff40..6a90f46a 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -47,20 +47,6 @@ static efi_status_t load_variable_data( - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var, - size_t max_data_len); - --static psa_status_t store_overwrite( -- struct delegate_variable_store *delegate_store, -- uint32_t client_id, -- uint64_t uid, -- size_t data_length, -- const void *data); -- --static psa_status_t store_append_write( -- struct delegate_variable_store *delegate_store, -- uint32_t client_id, -- uint64_t uid, -- size_t data_length, -- const void *data); -- - static void purge_orphan_index_entries( - struct uefi_variable_store *context); - -@@ -168,45 +154,40 @@ efi_status_t uefi_variable_store_set_variable( - struct uefi_variable_store *context, - const SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var) - { -- bool should_sync_index = false; -- -- /* Validate incoming request */ - efi_status_t status = check_name_terminator(var->Name, var->NameSize); - if (status != EFI_SUCCESS) return status; - - status = check_capabilities(var); -+ bool should_sync_index = false; -+ - if (status != EFI_SUCCESS) return status; - -- /* Find an existing entry in the variable index or add a new one */ -- struct variable_info *info = variable_index_find( -+ /* Find in index */ -+ const struct variable_info *info = variable_index_find( - &context->variable_index, - &var->Guid, - var->NameSize, - var->Name); - -- if (!info) { -+ if (info) { - -- info = variable_index_add_entry( -- &context->variable_index, -- &var->Guid, -- var->NameSize, -- var->Name); -+ /* Variable info already exists */ -+ status = check_access_permitted_on_set(context, info, var); - -- if (!info) return EFI_OUT_OF_RESOURCES; -- } -+ if (status == EFI_SUCCESS) { - -- /* Control access */ -- status = check_access_permitted_on_set(context, info, var); -+ should_sync_index = -+ (var->Attributes & EFI_VARIABLE_NON_VOLATILE) || -+ (info->is_variable_set && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)); - -- if (status == EFI_SUCCESS) { -+ if (var->DataSize) { - -- /* Access permitted */ -- if (info->is_variable_set) { -- -- /* It's a request to update to an existing variable */ -- if (!(var->Attributes & -- (EFI_VARIABLE_APPEND_WRITE | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK)) && -- !var->DataSize) { -+ /* It's a set rather than a remove operation */ -+ variable_index_update_variable( -+ info, -+ var->Attributes); -+ } -+ else { - - /* It's a remove operation - for a remove, the variable - * data must be removed from the storage backend before -@@ -215,30 +196,31 @@ efi_status_t uefi_variable_store_set_variable( - * the storage backend without a corresponding index entry. - */ - remove_variable_data(context, info); -- variable_index_clear_variable(&context->variable_index, info); -+ variable_index_remove_variable(&context->variable_index, info); - -- should_sync_index = (var->Attributes & EFI_VARIABLE_NON_VOLATILE); -- } -- else { -- -- /* It's a set operation where variable data is potentially -- * being overwritten or extended. -- */ -- if ((var->Attributes & ~EFI_VARIABLE_APPEND_WRITE) != info->metadata.attributes) { -- -- /* Modifying attributes is forbidden */ -- return EFI_INVALID_PARAMETER; -- } -+ /* Variable info no longer valid */ -+ info = NULL; - } - } - else { - -- /* It's a request to create a new variable */ -- variable_index_set_variable(info, var->Attributes); -- -- should_sync_index = (var->Attributes & EFI_VARIABLE_NON_VOLATILE); -+ /* Access forbidden */ -+ info = NULL; - } - } -+ else if (var->DataSize) { -+ -+ /* It's a new variable */ -+ info = variable_index_add_variable( -+ &context->variable_index, -+ &var->Guid, -+ var->NameSize, -+ var->Name, -+ var->Attributes); -+ -+ if (!info) status = EFI_OUT_OF_RESOURCES; -+ should_sync_index = info && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE); -+ } - - /* The order of these operations is important. For an update - * or create operation, The variable index is always synchronized -@@ -254,13 +236,11 @@ efi_status_t uefi_variable_store_set_variable( - } - - /* Store any variable data to the storage backend */ -- if (info->is_variable_set && (status == EFI_SUCCESS)) { -+ if (info && (status == EFI_SUCCESS)) { - - status = store_variable_data(context, info, var); - } - -- variable_index_remove_unused_entry(&context->variable_index, info); -- - return status; - } - -@@ -373,41 +353,53 @@ efi_status_t uefi_variable_store_set_var_check_property( - efi_status_t status = check_name_terminator(property->Name, property->NameSize); - if (status != EFI_SUCCESS) return status; - -- /* Find in index or create a new entry */ -- struct variable_info *info = variable_index_find( -+ /* Find in index */ -+ const struct variable_info *info = variable_index_find( - &context->variable_index, - &property->Guid, - property->NameSize, - property->Name); - -- if (!info) { -+ if (info) { - -- info = variable_index_add_entry( -- &context->variable_index, -- &property->Guid, -- property->NameSize, -- property->Name); -+ /* Applying check constraints to an existing variable that may have -+ * constraints already set. These could constrain the setting of -+ * the constraints. -+ */ -+ struct variable_constraints constraints = info->check_constraints; -+ -+ status = variable_checker_set_constraints( -+ &constraints, -+ info->is_constraints_set, -+ &property->VariableProperty); -+ -+ if (status == EFI_SUCCESS) { - -- if (!info) return EFI_OUT_OF_RESOURCES; -+ variable_index_update_constraints(info, &constraints); -+ } - } -+ else { - -- /* Applying check constraints to an existing variable that may have -- * constraints already set. These could constrain the setting of -- * the constraints. -- */ -- struct variable_constraints constraints = info->check_constraints; -+ /* Applying check constraints for a new variable */ -+ struct variable_constraints constraints; - -- status = variable_checker_set_constraints( -- &constraints, -- info->is_constraints_set, -- &property->VariableProperty); -+ status = variable_checker_set_constraints( -+ &constraints, -+ false, -+ &property->VariableProperty); - -- if (status == EFI_SUCCESS) { -+ if (status == EFI_SUCCESS) { - -- variable_index_set_constraints(info, &constraints); -- } -+ info = variable_index_add_constraints( -+ &context->variable_index, -+ &property->Guid, -+ property->NameSize, -+ property->Name, -+ &constraints); - -- variable_index_remove_unused_entry(&context->variable_index, info); -+ if (!info) status = EFI_OUT_OF_RESOURCES; -+ } -+ } - - return status; - } -@@ -514,8 +506,7 @@ static efi_status_t check_capabilities( - if (var->Attributes & ~( - EFI_VARIABLE_NON_VOLATILE | - EFI_VARIABLE_BOOTSERVICE_ACCESS | -- EFI_VARIABLE_RUNTIME_ACCESS | -- EFI_VARIABLE_APPEND_WRITE)) { -+ EFI_VARIABLE_RUNTIME_ACCESS)) { - - /* An unsupported attribute has been requested */ - status = EFI_UNSUPPORTED; -@@ -561,6 +552,17 @@ static efi_status_t check_access_permitted_on_set( - var->DataSize); - } - -+ if ((status == EFI_SUCCESS) && var->DataSize) { -+ -+ /* Restrict which attributes can be modified for an existing variable */ -+ if ((var->Attributes & EFI_VARIABLE_NON_VOLATILE) != -+ (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) { -+ -+ /* Don't permit change of storage class */ -+ status = EFI_INVALID_PARAMETER; -+ } -+ } -+ - return status; - } - -@@ -581,33 +583,20 @@ static efi_status_t store_variable_data( - - if (delegate_store->storage_backend) { - -- if (!(var->Attributes & EFI_VARIABLE_APPEND_WRITE)) { -- -- /* Create or overwrite variable data */ -- psa_status = store_overwrite( -- delegate_store, -- context->owner_id, -- info->metadata.uid, -- data_len, -- data); -- } -- else { -- -- /* Append new data to existing variable data */ -- psa_status = store_append_write( -- delegate_store, -- context->owner_id, -- info->metadata.uid, -- data_len, -- data); -- } -+ psa_status = delegate_store->storage_backend->interface->set( -+ delegate_store->storage_backend->context, -+ context->owner_id, -+ info->metadata.uid, -+ data_len, -+ data, -+ PSA_STORAGE_FLAG_NONE); - } - - if ((psa_status != PSA_SUCCESS) && delegate_store->is_nv) { - - /* A storage failure has occurred so attempt to fix any -- * mismatch between the variable index and stored NV variables. -- */ -+ * mismatch between the variable index and stored NV variables. -+ */ - purge_orphan_index_entries(context); - } - -@@ -674,100 +663,6 @@ static efi_status_t load_variable_data( - return psa_to_efi_storage_status(psa_status); - } - --static psa_status_t store_overwrite( -- struct delegate_variable_store *delegate_store, -- uint32_t client_id, -- uint64_t uid, -- size_t data_length, -- const void *data) --{ -- /* Police maximum variable size limit */ -- if (data_length > delegate_store->max_variable_size) return PSA_ERROR_INVALID_ARGUMENT; -- -- psa_status_t psa_status = delegate_store->storage_backend->interface->set( -- delegate_store->storage_backend->context, -- client_id, -- uid, -- data_length, -- data, -- PSA_STORAGE_FLAG_NONE); -- -- return psa_status; --} -- --static psa_status_t store_append_write( -- struct delegate_variable_store *delegate_store, -- uint32_t client_id, -- uint64_t uid, -- size_t data_length, -- const void *data) --{ -- struct psa_storage_info_t storage_info; -- -- if (data_length == 0) return PSA_SUCCESS; -- -- psa_status_t psa_status = delegate_store->storage_backend->interface->get_info( -- delegate_store->storage_backend->context, -- client_id, -- uid, -- &storage_info); -- -- if (psa_status != PSA_SUCCESS) return psa_status; -- -- /* Determine size of appended variable */ -- size_t new_size = storage_info.size + data_length; -- -- /* Defend against integer overflow */ -- if (new_size < storage_info.size) return PSA_ERROR_INVALID_ARGUMENT; -- -- /* Police maximum variable size limit */ -- if (new_size > delegate_store->max_variable_size) return PSA_ERROR_INVALID_ARGUMENT; -- -- /* Storage backend doesn't support an append operation so we need -- * need to read the current variable data, extend it and write it back. -- */ -- uint8_t *rw_buf = malloc(new_size); -- if (!rw_buf) return PSA_ERROR_INSUFFICIENT_MEMORY; -- -- size_t old_size = 0; -- psa_status = delegate_store->storage_backend->interface->get( -- delegate_store->storage_backend->context, -- client_id, -- uid, -- 0, -- new_size, -- rw_buf, -- &old_size); -- -- if (psa_status == PSA_SUCCESS) { -- -- if ((old_size + data_length) <= new_size) { -- -- /* Extend the variable data */ -- memcpy(&rw_buf[old_size], data, data_length); -- -- psa_status = delegate_store->storage_backend->interface->set( -- delegate_store->storage_backend->context, -- client_id, -- uid, -- old_size + data_length, -- rw_buf, -- storage_info.flags); -- } -- else { -- -- /* There's a mismatch between the length obtained from -- * get_info() and the subsequent length returned by get(). -- */ -- psa_status = PSA_ERROR_STORAGE_FAILURE; -- } -- } -- -- free(rw_buf); -- -- return psa_status; --} -- - static void purge_orphan_index_entries( - struct uefi_variable_store *context) - { -@@ -782,7 +677,7 @@ static void purge_orphan_index_entries( - */ - while (!variable_index_iterator_is_done(&iter)) { - -- struct variable_info *info = variable_index_iterator_current(&iter); -+ const struct variable_info *info = variable_index_iterator_current(&iter); - - if (info->is_variable_set && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) { - -@@ -799,7 +694,7 @@ static void purge_orphan_index_entries( - if (psa_status != PSA_SUCCESS) { - - /* Detected a mismatch between the index and storage */ -- variable_index_clear_variable(&context->variable_index, info); -+ variable_index_remove_variable(&context->variable_index, info); - any_orphans = true; - } - } -diff --git a/components/service/smm_variable/backend/variable_index.c b/components/service/smm_variable/backend/variable_index.c -index a8a55753..99d7c97a 100644 ---- a/components/service/smm_variable/backend/variable_index.c -+++ b/components/service/smm_variable/backend/variable_index.c -@@ -132,13 +132,13 @@ size_t variable_index_max_dump_size( - return sizeof(struct variable_metadata) * context->max_variables; - } - --struct variable_info *variable_index_find( -- struct variable_index *context, -+const struct variable_info *variable_index_find( -+ const struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, - const int16_t *name) - { -- struct variable_info *result = NULL; -+ const struct variable_info *result = NULL; - int pos = find_variable(context, guid, name_size, name); - - if (pos >= 0) { -@@ -149,13 +149,13 @@ struct variable_info *variable_index_find( - return result; - } - --struct variable_info *variable_index_find_next( -+const struct variable_info *variable_index_find_next( - const struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, - const int16_t *name) - { -- struct variable_info *result = NULL; -+ const struct variable_info *result = NULL; - - if (name_size >= sizeof(int16_t)) { - -@@ -263,11 +263,12 @@ static struct variable_entry *add_entry( - return entry; - } - --struct variable_info *variable_index_add_entry( -+const struct variable_info *variable_index_add_variable( - struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, -- const int16_t *name) -+ const int16_t *name, -+ uint32_t attributes) - { - struct variable_info *info = NULL; - struct variable_entry *entry = add_entry(context, guid, name_size, name); -@@ -275,41 +276,40 @@ struct variable_info *variable_index_add_entry( - if (entry) { - - info = &entry->info; -+ -+ info->metadata.attributes = attributes; -+ info->is_variable_set = true; -+ -+ mark_dirty(entry); - } - - return info; - } - --void variable_index_remove_unused_entry( -+const struct variable_info *variable_index_add_constraints( - struct variable_index *context, -- struct variable_info *info) -+ const EFI_GUID *guid, -+ size_t name_size, -+ const int16_t *name, -+ const struct variable_constraints *constraints) - { -- if (info && -- !info->is_constraints_set && -- !info->is_variable_set) { -- -- struct variable_entry *entry = containing_entry(info); -- entry->in_use = false; -+ struct variable_info *info = NULL; -+ struct variable_entry *entry = add_entry(context, guid, name_size, name); - -- memset(info, 0, sizeof(struct variable_info)); -- } --} -+ if (entry) { - --void variable_index_set_variable( -- struct variable_info *info, -- uint32_t attributes) --{ -- struct variable_entry *entry = containing_entry(info); -+ info = &entry->info; - -- info->metadata.attributes = attributes; -- info->is_variable_set = true; -+ info->check_constraints = *constraints; -+ info->is_constraints_set = true; -+ } - -- mark_dirty(entry); -+ return info; - } - --void variable_index_clear_variable( -+void variable_index_remove_variable( - struct variable_index *context, -- struct variable_info *info) -+ const struct variable_info *info) - { - if (info) { - -@@ -318,17 +318,48 @@ void variable_index_clear_variable( - - /* Mark variable as no longer set */ - entry->info.is_variable_set = false; -+ -+ /* Entry may still be needed if check constraints were set */ -+ entry->in_use = info->is_constraints_set; -+ -+ if (!entry->in_use) { -+ -+ /* Entry not needed so wipe */ -+ memset(&entry->info, 0, sizeof(struct variable_info)); -+ } - } - } - --void variable_index_set_constraints( -- struct variable_info *info, -+void variable_index_update_variable( -+ const struct variable_info *info, -+ uint32_t attributes) -+{ -+ if (info) { -+ -+ struct variable_info *modified_info = (struct variable_info*)info; -+ struct variable_entry *entry = containing_entry(modified_info); -+ -+ if (!modified_info->is_variable_set || -+ (attributes != modified_info->metadata.attributes)) { -+ -+ /* The update changes the variable_info state */ -+ modified_info->is_variable_set = true; -+ modified_info->metadata.attributes = attributes; -+ mark_dirty(entry); -+ } -+ } -+} -+ -+void variable_index_update_constraints( -+ const struct variable_info *info, - const struct variable_constraints *constraints) - { - if (info) { - -- info->check_constraints = *constraints; -- info->is_constraints_set = true; -+ struct variable_info *modified_info = (struct variable_info*)info; -+ -+ modified_info->check_constraints = *constraints; -+ modified_info->is_constraints_set = true; - } - } - -diff --git a/components/service/smm_variable/backend/variable_index.h b/components/service/smm_variable/backend/variable_index.h -index 63f42ab6..e109d0d1 100644 ---- a/components/service/smm_variable/backend/variable_index.h -+++ b/components/service/smm_variable/backend/variable_index.h -@@ -119,8 +119,8 @@ size_t variable_index_max_dump_size( - * - * @return Pointer to variable_info or NULL - */ --struct variable_info *variable_index_find( -- struct variable_index *context, -+const struct variable_info *variable_index_find( -+ const struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, - const int16_t *name); -@@ -135,76 +135,78 @@ struct variable_info *variable_index_find( - * - * @return Pointer to variable_info or NULL - */ --struct variable_info *variable_index_find_next( -+const struct variable_info *variable_index_find_next( - const struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, - const int16_t *name); - - /** -- * @brief Add a new entry to the index -- * -- * An entry is needed either when a new variable is created or -- * when variable constraints are set for a variable that doesn't -- * yet exist. -+ * @brief Add a new variable to the index - * - * @param[in] context variable_index - * @param[in] guid The variable's guid - * @param[in] name_size The name parameter's size - * @param[in] name The variable's name -+ * @param[in] attributes The variable's attributes - * - * @return Pointer to variable_info or NULL - */ --struct variable_info *variable_index_add_entry( -+const struct variable_info *variable_index_add_variable( - struct variable_index *context, - const EFI_GUID *guid, - size_t name_size, -- const int16_t *name); -+ const int16_t *name, -+ uint32_t attributes); - - /** -- * @brief Remove an unused entry from the index -+ * @brief Remove a variable from the index - * -- * Removes an entry if it is not in use. -+ * Removes a variable from the index if it exists. - * - * @param[in] context variable_index - * @param[in] info The variable info corresponding to the entry to remove - */ --void variable_index_remove_unused_entry( -+void variable_index_remove_variable( - struct variable_index *context, -- struct variable_info *info); -+ const struct variable_info *info); - - /** -- * @brief Set a variable to the index -- * -- * An entry for the variable must already exist. -+ * @brief Update a variable that's already in the index - * - * @param[in] info variable info - * @param[in] attributes The variable's attributes - */ --void variable_index_set_variable( -- struct variable_info *info, -+void variable_index_update_variable( -+ const struct variable_info *info, - uint32_t attributes); - - /** -- * @brief Clear a variable from the index -- * -- * Clears a variable from the index -+ * @brief Add a new check constraints object to the index - * - * @param[in] context variable_index -- * @param[in] info The variable info corresponding to the variable to clear -+ * @param[in] guid The variable's guid -+ * @param[in] name_size The name parameter's size -+ * @param[in] name The variable's name -+ * @param[in] constraints The check constraints -+ * -+ * @return Pointer to variable_info or NULL - */ --void variable_index_clear_variable( -+const struct variable_info *variable_index_add_constraints( - struct variable_index *context, -- struct variable_info *info); -+ const EFI_GUID *guid, -+ size_t name_size, -+ const int16_t *name, -+ const struct variable_constraints *constraints); - - /** -- * @brief Set a check constraints object associated with a variavle -+ * @brief Update variable constraints that are already in the index - * - * @param[in] info variable info - * @param[in] constraints The check constraints - */ --void variable_index_set_constraints( -- struct variable_info *info, -+void variable_index_update_constraints( -+ const struct variable_info *info, - const struct variable_constraints *constraints); - - /** -diff --git a/components/service/smm_variable/backend/variable_index_iterator.c b/components/service/smm_variable/backend/variable_index_iterator.c -index 8f8fc741..7cc6dc7a 100644 ---- a/components/service/smm_variable/backend/variable_index_iterator.c -+++ b/components/service/smm_variable/backend/variable_index_iterator.c -@@ -31,10 +31,10 @@ bool variable_index_iterator_is_done( - return iter->current_pos >= iter->variable_index->max_variables; - } - --struct variable_info *variable_index_iterator_current( -+const struct variable_info *variable_index_iterator_current( - const struct variable_index_iterator *iter) - { -- struct variable_info *current = NULL; -+ const struct variable_info *current = NULL; - - if (!variable_index_iterator_is_done(iter)) { - -diff --git a/components/service/smm_variable/backend/variable_index_iterator.h b/components/service/smm_variable/backend/variable_index_iterator.h -index 7ff77c50..f64a2c49 100644 ---- a/components/service/smm_variable/backend/variable_index_iterator.h -+++ b/components/service/smm_variable/backend/variable_index_iterator.h -@@ -54,7 +54,7 @@ bool variable_index_iterator_is_done( - * - * @return Pointer to variable_info or NULL - */ --struct variable_info *variable_index_iterator_current( -+const struct variable_info *variable_index_iterator_current( - const struct variable_index_iterator *iter); - - /** -diff --git a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -index 15556e9d..38c08ebe 100644 ---- a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -+++ b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -@@ -249,30 +249,6 @@ TEST(SmmVariableServiceTests, setAndGet) - UNSIGNED_LONGS_EQUAL(set_data.size(), get_data.size()); - LONGS_EQUAL(0, get_data.compare(set_data)); - -- /* Extend the variable using an append write */ -- std::string append_data = " values added with append write"; -- -- efi_status = m_client->set_variable( -- m_common_guid, -- var_name, -- append_data, -- EFI_VARIABLE_APPEND_WRITE); -- -- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -- -- efi_status = m_client->get_variable( -- m_common_guid, -- var_name, -- get_data); -- -- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -- -- std::string appended_data = set_data + append_data; -- -- /* Expect the append write operation to have extended the variable */ -- UNSIGNED_LONGLONGS_EQUAL(appended_data.size(), get_data.size()); -- LONGS_EQUAL(0, appended_data.compare(get_data)); -- - /* Expect remove to be permitted */ - efi_status = m_client->remove_variable(m_common_guid, var_name); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -@@ -303,30 +279,6 @@ TEST(SmmVariableServiceTests, setAndGetNv) - UNSIGNED_LONGS_EQUAL(set_data.size(), get_data.size()); - LONGS_EQUAL(0, get_data.compare(set_data)); - -- /* Extend the variable using an append write */ -- std::string append_data = " values added with append write"; -- -- efi_status = m_client->set_variable( -- m_common_guid, -- var_name, -- append_data, -- EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_APPEND_WRITE); -- -- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -- -- efi_status = m_client->get_variable( -- m_common_guid, -- var_name, -- get_data); -- -- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -- -- std::string appended_data = set_data + append_data; -- -- /* Expect the append write operation to have extended the variable */ -- UNSIGNED_LONGLONGS_EQUAL(appended_data.size(), get_data.size()); -- LONGS_EQUAL(0, appended_data.compare(get_data)); -- - /* Expect remove to be permitted */ - efi_status = m_client->remove_variable(m_common_guid, var_name); - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -diff --git a/protocols/service/smm_variable/parameters.h b/protocols/service/smm_variable/parameters.h -index 233f301b..1f795a9b 100644 ---- a/protocols/service/smm_variable/parameters.h -+++ b/protocols/service/smm_variable/parameters.h -@@ -47,9 +47,6 @@ typedef struct { - EFI_VARIABLE_HARDWARE_ERROR_RECORD | \ - EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \ - EFI_VARIABLE_APPEND_WRITE) --#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK \ -- (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \ -- EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) - - /** - * Parameter structure for SetVariable and GetVariable. diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0029-Change-UID-of-variable-index-in-SMM.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0029-Change-UID-of-variable-index-in-SMM.patch deleted file mode 100644 index caa1d9a952..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0029-Change-UID-of-variable-index-in-SMM.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 12e9b977e4c7515ce90fecc62630be394fd7da62 Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> -Date: Mon, 20 Dec 2021 19:54:39 +0000 -Subject: [PATCH] Change UID of variable index in SMM - -This patch fixes the os_indications setVariable() failure. The variable -index UID in SMM gateway which was 1 is changed in this patch. TFM has a -special usage for variable with UID 1, which makes it write once only. -This is not required for SMM variable index. - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> - - ---- - components/service/smm_variable/backend/uefi_variable_store.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index 6a90f46a..1bb869ae 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -67,7 +67,7 @@ static efi_status_t check_name_terminator( - size_t name_size); - - /* Private UID for storing the variable index */ --#define VARIABLE_INDEX_STORAGE_UID (1) -+#define VARIABLE_INDEX_STORAGE_UID (0x787) - - /* Default maximum variable size - - * may be overridden using uefi_variable_store_set_storage_limits() diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0030-Add-missing-features-to-setVariable.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0030-Add-missing-features-to-setVariable.patch deleted file mode 100644 index 244146a2be..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0030-Add-missing-features-to-setVariable.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 55fc3dbfb0ec21b1239808d0dddae14fbb8bb5f3 Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> -Date: Mon, 20 Dec 2021 19:56:30 +0000 -Subject: [PATCH] Add missing features to setVariable() - -This patch resolves the failing tests in SCT related to -setVariable() function. The existing implementation is -missing few cases where error codes are returned when called -with certain paramters. These conditions are implemented in -this patch based on the explanation provided in uefi spec. - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> - - ---- - .../backend/uefi_variable_store.c | 29 ++++++++++++++++--- - 1 file changed, 25 insertions(+), 4 deletions(-) - -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index 1bb869ae..a1671074 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -161,6 +161,17 @@ efi_status_t uefi_variable_store_set_variable( - bool should_sync_index = false; - - if (status != EFI_SUCCESS) return status; -+ -+ /* -+ * Runtime access to a data variable implies boot service access. Attributes that have -+ * EFI_VARIABLE_RUNTIME_ACCESS set must also have EFI_VARIABLE_BOOTSERVICE_ACCESS set. -+ * The caller is responsible for following this rule. -+ */ -+ if((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS)) -+ { -+ if((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) != EFI_VARIABLE_BOOTSERVICE_ACCESS ) -+ return EFI_INVALID_PARAMETER; -+ } - - /* Find in index */ - const struct variable_info *info = variable_index_find( -@@ -221,6 +232,13 @@ efi_status_t uefi_variable_store_set_variable( - if (!info) status = EFI_OUT_OF_RESOURCES; - should_sync_index = info && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE); - } -+ else -+ { -+ /* Return EFI_NOT_FOUND when a remove operation is performed -+ * on variable that is not existing. -+ */ -+ status = EFI_NOT_FOUND; -+ } - - /* The order of these operations is important. For an update - * or create operation, The variable index is always synchronized -@@ -555,10 +573,13 @@ static efi_status_t check_access_permitted_on_set( - if ((status == EFI_SUCCESS) && var->DataSize) { - - /* Restrict which attributes can be modified for an existing variable */ -- if ((var->Attributes & EFI_VARIABLE_NON_VOLATILE) != -- (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) { -- -- /* Don't permit change of storage class */ -+ if (((var->Attributes & EFI_VARIABLE_NON_VOLATILE) != -+ (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) || -+ ((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) != -+ (info->metadata.attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) || -+ ((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) != -+ (info->metadata.attributes & EFI_VARIABLE_RUNTIME_ACCESS))) { -+ /* Don't permit change of attributes */ - status = EFI_INVALID_PARAMETER; - } - } diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0031-Add-invalid-parameter-check-in-getNextVariableName.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0031-Add-invalid-parameter-check-in-getNextVariableName.patch deleted file mode 100644 index 3990d82c55..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0031-Add-invalid-parameter-check-in-getNextVariableName.patch +++ /dev/null @@ -1,55 +0,0 @@ -From dc3f134436ad6852f1bad9542232e84166843a7e Mon Sep 17 00:00:00 2001 -From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> -Date: Mon, 20 Dec 2021 20:01:10 +0000 -Subject: [PATCH] Add invalid parameter check in getNextVariableName() - -This patch resolves the failing tests in SCT related to -getNextVariableName() function. The existing implementation is -missing few cases where error codes are returned when called -with certain paramters. These conditions are implemented in -this patch based on the explanation provided in uefi spec. - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> - - ---- - .../smm_variable/backend/uefi_variable_store.c | 18 +++++++++++++++++- - 1 file changed, 17 insertions(+), 1 deletion(-) - -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index a1671074..a57b3346 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -161,7 +161,7 @@ efi_status_t uefi_variable_store_set_variable( - bool should_sync_index = false; - - if (status != EFI_SUCCESS) return status; -- -+ - /* - * Runtime access to a data variable implies boot service access. Attributes that have - * EFI_VARIABLE_RUNTIME_ACCESS set must also have EFI_VARIABLE_BOOTSERVICE_ACCESS set. -@@ -310,6 +310,22 @@ efi_status_t uefi_variable_store_get_next_variable_name( - status = EFI_NOT_FOUND; - *total_length = 0; - -+ /* -+ * If input values of VariableName and VendorGuid are not a name and GUID of an -+ * existing variable, EFI_INVALID_PARAMETER is returned. -+ */ -+ if (cur->NameSize >= sizeof(int16_t)) { -+ /* -+ * Name must be at least one character long to accommodate -+ * the mandatory null terminator. -+ */ -+ if (cur->Name[0] != 0) { -+ const struct variable_info *var_info = variable_index_find(&context->variable_index,&cur->Guid,cur->NameSize,cur->Name); -+ if(var_info == NULL) -+ return EFI_INVALID_PARAMETER; -+ } -+ } -+ - const struct variable_info *info = variable_index_find_next( - &context->variable_index, - &cur->Guid, diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0032-smm_gateway-add-checks-for-null-attributes.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0032-smm_gateway-add-checks-for-null-attributes.patch deleted file mode 100644 index da3ddaf63e..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0032-smm_gateway-add-checks-for-null-attributes.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 571ddac16048dfba4b25b04fe5cbd706c392b5ba Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Fri, 24 Dec 2021 19:17:17 +0000 -Subject: [PATCH] smm_gateway: add checks for null attributes - -As par EDK-2 and EDK-2 test code, when a user issue's -setVariable() with 0 in attributes field, it means a variable -delete request. Currently, smm gatway doesn't handle this scenario. -This change is to add that support - -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> - - ---- - .../backend/uefi_variable_store.c | 28 ++++++++++++------- - 1 file changed, 18 insertions(+), 10 deletions(-) - -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index a57b3346..e8771c21 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -167,7 +167,9 @@ efi_status_t uefi_variable_store_set_variable( - * EFI_VARIABLE_RUNTIME_ACCESS set must also have EFI_VARIABLE_BOOTSERVICE_ACCESS set. - * The caller is responsible for following this rule. - */ -- if((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS)) -+ if (!var->Attributes) -+ EMSG("It might be a delete variable request\n"); -+ else if((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS)) - { - if((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) != EFI_VARIABLE_BOOTSERVICE_ACCESS ) - return EFI_INVALID_PARAMETER; -@@ -191,7 +193,7 @@ efi_status_t uefi_variable_store_set_variable( - (var->Attributes & EFI_VARIABLE_NON_VOLATILE) || - (info->is_variable_set && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)); - -- if (var->DataSize) { -+ if (var->DataSize && var->Attributes) { - - /* It's a set rather than a remove operation */ - variable_index_update_variable( -@@ -206,7 +208,9 @@ efi_status_t uefi_variable_store_set_variable( - * that it's never possible for an object to exist within - * the storage backend without a corresponding index entry. - */ -- remove_variable_data(context, info); -+ EMSG(" deleting variable %s \n",var->Name); -+ if (remove_variable_data(context, info) != PSA_SUCCESS) -+ EMSG(" deleting variable %s FAILED\n",var->Name); - variable_index_remove_variable(&context->variable_index, info); - - /* Variable info no longer valid */ -@@ -587,14 +591,18 @@ static efi_status_t check_access_permitted_on_set( - } - - if ((status == EFI_SUCCESS) && var->DataSize) { -- -+ /* Delete the variable with Attributes is 0 */ -+ if (!var->Attributes) { -+ EMSG("Null attributes, may be a delete variable request\n"); -+ status = EFI_SUCCESS; -+ } - /* Restrict which attributes can be modified for an existing variable */ -- if (((var->Attributes & EFI_VARIABLE_NON_VOLATILE) != -- (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) || -- ((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) != -- (info->metadata.attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) || -- ((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) != -- (info->metadata.attributes & EFI_VARIABLE_RUNTIME_ACCESS))) { -+ else if (((var->Attributes & EFI_VARIABLE_NON_VOLATILE) != -+ (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) || -+ ((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) != -+ (info->metadata.attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) || -+ ((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) != -+ (info->metadata.attributes & EFI_VARIABLE_RUNTIME_ACCESS))) { - /* Don't permit change of attributes */ - status = EFI_INVALID_PARAMETER; - } diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0033-Enhance-mbedtls-fetch-process.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0033-Enhance-mbedtls-fetch-process.patch deleted file mode 100644 index 02130b56d6..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0033-Enhance-mbedtls-fetch-process.patch +++ /dev/null @@ -1,258 +0,0 @@ -From 47db072e9ec749c6be7c0a27d64d7fbd75748d60 Mon Sep 17 00:00:00 2001 -From: Gyorgy Szing <Gyorgy.Szing@arm.com> -Date: Wed, 8 Dec 2021 04:20:34 +0100 -Subject: [PATCH] Enhance mbedtls fetch process - -Update management of MbedTLS external component to be optimized -for download speed insted of availability. -The updated process is: - - check if binary is available. If yes configure build to use it - and stop. - - if not, check is source is available. If yes, build it and use - the resulting binary. - - if not, then download the source using git, compile it and use - the resulting binary - -The following variables can be set on the command line to alter the -behavior of the module: - - MBEDTLS_URL git repo URL to fetch from. - - MBEDTLS_REFSPEC revision to fetch - - MBEDTLS_SOURCE_DIR to specify location of source code in - local file syetem. - - MBEDTLS_INSTALL_DIR to specify location of binary. - -I.e. cmake -S <...> -B <...> -DMBEDTLS_INSTALL_DIR=~/mbedtls -will make the resulting binary installed to ~/mbedtls. This can be -used later to speed up a clean build an use the prebuilt binary. - -Change-Id: I8a9ad8b3303e6dfa0a7c9c3d7e4b4787b94d925a -Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com> - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> - - ---- - external/MbedTLS/MbedTLS.cmake | 192 ++++++++++++++++++++------------- - 1 file changed, 119 insertions(+), 73 deletions(-) - -diff --git a/external/MbedTLS/MbedTLS.cmake b/external/MbedTLS/MbedTLS.cmake -index 3cbaed15..935be765 100644 ---- a/external/MbedTLS/MbedTLS.cmake -+++ b/external/MbedTLS/MbedTLS.cmake -@@ -1,96 +1,142 @@ - #------------------------------------------------------------------------------- --# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+# Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - # - # SPDX-License-Identifier: BSD-3-Clause - # - #------------------------------------------------------------------------------- - --# Determine the number of processes to run while running parallel builds. --# Pass -DPROCESSOR_COUNT=<n> to cmake to override. --if(NOT DEFINED PROCESSOR_COUNT) -- include(ProcessorCount) -- ProcessorCount(PROCESSOR_COUNT) -- set(PROCESSOR_COUNT ${PROCESSOR_COUNT} CACHE STRING "Number of cores to use for parallel builds.") --endif() -+set(MBEDTLS_URL "https://github.com/ARMmbed/mbedtls.git" -+ CACHE STRING "Mbed TLS repository URL") -+set(MBEDTLS_REFSPEC "mbedtls-3.0.0" -+ CACHE STRING "Mbed TLS git refspec") -+set(MBEDTLS_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/mbedtls-src" -+ CACHE PATH "MbedTLS source directory") -+set(MBEDTLS_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbedtls_install" -+ CACHE PATH "Mbed TLS installation directory") - --set(MBEDTLS_URL "https://github.com/ARMmbed/mbedtls.git" CACHE STRING "Mbed TLS repository URL") --set(MBEDTLS_REFSPEC "mbedtls-3.0.0" CACHE STRING "Mbed TLS git refspec") --set(MBEDTLS_INSTALL_PATH "${CMAKE_CURRENT_BINARY_DIR}/mbedtls_install" CACHE PATH "Mbed TLS installation directory") --set(MBEDTLS_PACKAGE_PATH "${MBEDTLS_INSTALL_PATH}/lib/mbedtls/cmake" CACHE PATH "Mbed TLS CMake package directory") -+find_library(MBEDCRYPTO_LIB_FILE -+ NAMES libmbedcrypto.a mbedcrypto.a libmbedcrypto.lib mbedcrypto.lib -+ PATHS ${MBEDTLS_INSTALL_DIR} -+ PATH_SUFFIXES "lib" -+ DOC "Location of mberdrypto library." -+ NO_DEFAULT_PATH -+) - --include(FetchContent) -+set(MBEDCRYPTO_LIB_FILE ${MBEDCRYPTO_LIB_FILE}) -+unset(MBEDCRYPTO_LIB_FILE CACHE) - --# Checking git --find_program(GIT_COMMAND "git") --if (NOT GIT_COMMAND) -- message(FATAL_ERROR "Please install git") --endif() -+set(MBEDTLS_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/mbedtls-build") - --# Fetching Mbed TLS --FetchContent_Declare( -- mbedtls -- GIT_REPOSITORY ${MBEDTLS_URL} -- GIT_TAG ${MBEDTLS_REFSPEC} -- GIT_SHALLOW TRUE --) -+# Binary not found and it needs to be built. -+if (NOT MBEDCRYPTO_LIB_FILE) -+ # Determine the number of processes to run while running parallel builds. -+ # Pass -DPROCESSOR_COUNT=<n> to cmake to override. -+ if(NOT DEFINED PROCESSOR_COUNT) -+ include(ProcessorCount) -+ ProcessorCount(PROCESSOR_COUNT) -+ set(PROCESSOR_COUNT ${PROCESSOR_COUNT} -+ CACHE STRING "Number of cores to use for parallel builds.") -+ endif() - --# FetchContent_GetProperties exports mbedtls_SOURCE_DIR and mbedtls_BINARY_DIR variables --FetchContent_GetProperties(mbedtls) --if(NOT mbedtls_POPULATED) -- message(STATUS "Fetching Mbed TLS") -- FetchContent_Populate(mbedtls) --endif() -+ # See if the source is available locally -+ find_file(MBEDCRYPTO_HEADER_FILE -+ NAMES crypto.h -+ PATHS ${MBEDTLS_SOURCE_DIR} -+ PATH_SUFFIXES "include/psa" -+ NO_DEFAULT_PATH -+ ) -+ set(MBEDCRYPTO_HEADER_FILE ${MBEDCRYPTO_HEADER_FILE}) -+ unset(MBEDCRYPTO_HEADER_FILE CACHE) - --# Convert the include path list to a string. Needed to make parameter passing to --# Mbed TLS build work fine. --string(REPLACE ";" "\\;" MBEDTLS_EXTRA_INCLUDES "${MBEDTLS_EXTRA_INCLUDES}") -+ # Source not found, fetch it. -+ if (NOT MBEDCRYPTO_HEADER_FILE) -+ include(FetchContent) - --find_package(Python3 COMPONENTS Interpreter) --if (NOT Python3_Interpreter_FOUND) -- message(FATAL_ERROR "Python 3 interpreter not found.") --endif() -+ # Checking git -+ find_program(GIT_COMMAND "git") -+ if (NOT GIT_COMMAND) -+ message(FATAL_ERROR "Please install git") -+ endif() - --#Configure Mbed TLS to build only mbedcrypto lib --execute_process(COMMAND ${Python3_EXECUTABLE} scripts/config.py crypto WORKING_DIRECTORY ${mbedtls_SOURCE_DIR}) -- --# Advertise Mbed TLS as the provider of the psa crypto API --set(PSA_CRYPTO_API_INCLUDE "${MBEDTLS_INSTALL_PATH}/include" CACHE STRING "PSA Crypto API include path") -- --#Configure the library --execute_process(COMMAND -- ${CMAKE_COMMAND} -- -DENABLE_PROGRAMS=OFF -- -DENABLE_TESTING=OFF -- -DUNSAFE_BUILD=ON -- -DCMAKE_INSTALL_PREFIX=${MBEDTLS_INSTALL_PATH} -- -DCMAKE_TOOLCHAIN_FILE=${TS_EXTERNAL_LIB_TOOLCHAIN_FILE} -- -DCMAKE_TRY_COMPILE_TARGET_TYPE=STATIC_LIBRARY -- -DEXTERNAL_DEFINITIONS=-DMBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}" -- -DEXTERNAL_INCLUDE_PATHS=${MBEDTLS_EXTRA_INCLUDES} -- -GUnix\ Makefiles -- ${mbedtls_SOURCE_DIR} -- WORKING_DIRECTORY -- ${mbedtls_BINARY_DIR} -- RESULT_VARIABLE _exec_error --) -+ # Fetching Mbed TLS -+ FetchContent_Declare( -+ mbedtls -+ SOURCE_DIR ${MBEDTLS_SOURCE_DIR} -+ BINARY_DIR ${MBEDTLS_BINARY_DIR} -+ GIT_REPOSITORY ${MBEDTLS_URL} -+ GIT_TAG ${MBEDTLS_REFSPEC} -+ GIT_SHALLOW TRUE -+ ) - --if (_exec_error) -- message(FATAL_ERROR "Configuration step of Mbed TLS failed with ${_exec_error}.") --endif() -+ # FetchContent_GetProperties exports mbedtls_SOURCE_DIR and mbedtls_BINARY_DIR variables -+ FetchContent_GetProperties(mbedtls) -+ # FetchContent_Populate will fail if the source directory is removed since it will try to -+ # do an "update" and not a "populate" action. As a workaround, remove the subbuild directory. -+ # Note: this fix assumes, the default subbuild location is used. -+ file(REMOVE_RECURSE "${CMAKE_CURRENT_BINARY_DIR}/_deps/mbedtls-subbuild") -+ -+ # If the source directory has been moved, the binary dir must be regenerated from scratch. -+ file(REMOVE_RECURSE "${MBEDTLS_BINARY_DIR}") - --#TODO: add dependency to generated project on this file! --#TODO: add custom target to rebuild Mbed TLS -+ if (NOT mbedtls_POPULATED) -+ message(STATUS "Fetching Mbed TLS") -+ FetchContent_Populate(mbedtls) -+ endif() -+ set_property(DIRECTORY APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS ${MBEDTLS_SOURCE_DIR}) -+ endif() - --#Build the library --execute_process(COMMAND -- ${CMAKE_COMMAND} --build ${mbedtls_BINARY_DIR} --parallel ${PROCESSOR_COUNT} --target install -+ # Build mbedcrypto library -+ -+ # Convert the include path list to a string. Needed to make parameter passing to -+ # Mbed TLS build work fine. -+ string(REPLACE ";" "\\;" MBEDTLS_EXTRA_INCLUDES "${MBEDTLS_EXTRA_INCLUDES}") -+ -+ find_package(Python3 REQUIRED COMPONENTS Interpreter) -+ -+ #Configure Mbed TLS to build only mbedcrypto lib -+ execute_process(COMMAND ${Python3_EXECUTABLE} scripts/config.py crypto WORKING_DIRECTORY ${MBEDTLS_SOURCE_DIR}) -+ -+ # Advertise Mbed TLS as the provider of the psa crypto API -+ set(PSA_CRYPTO_API_INCLUDE "${MBEDTLS_INSTALL_DIR}/include" CACHE STRING "PSA Crypto API include path") -+ -+ #Configure the library -+ execute_process(COMMAND -+ ${CMAKE_COMMAND} -E env CROSS_COMPILE=${CROSS_COMPILE} -+ ${CMAKE_COMMAND} -+ -DENABLE_PROGRAMS=OFF -+ -DENABLE_TESTING=OFF -+ -DUNSAFE_BUILD=ON -+ -DCMAKE_INSTALL_PREFIX=${MBEDTLS_INSTALL_DIR} -+ -DCMAKE_TOOLCHAIN_FILE=${TS_EXTERNAL_LIB_TOOLCHAIN_FILE} -+ -DCMAKE_TRY_COMPILE_TARGET_TYPE=STATIC_LIBRARY -+ -DEXTERNAL_DEFINITIONS=-DMBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}" -+ -DEXTERNAL_INCLUDE_PATHS=${MBEDTLS_EXTRA_INCLUDES} -+ -GUnix\ Makefiles -+ ${MBEDTLS_SOURCE_DIR} -+ WORKING_DIRECTORY -+ ${MBEDTLS_BINARY_DIR} - RESULT_VARIABLE _exec_error - ) --if (_exec_error) -- message(FATAL_ERROR "Build step of Mbed TLS failed with ${_exec_error}.") -+ -+ if (_exec_error) -+ message(FATAL_ERROR "Configuration step of Mbed TLS failed with ${_exec_error}.") -+ endif() -+ -+ #Build the library -+ execute_process(COMMAND -+ ${CMAKE_COMMAND} --build ${MBEDTLS_BINARY_DIR} --parallel ${PROCESSOR_COUNT} --target install -+ RESULT_VARIABLE _exec_error -+ ) -+ -+ if (_exec_error) -+ message(FATAL_ERROR "Build step of Mbed TLS failed with ${_exec_error}.") -+ endif() -+ -+ set(MBEDCRYPTO_LIB_FILE "${MBEDTLS_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}mbedcrypto${CMAKE_STATIC_LIBRARY_SUFFIX}") - endif() - - #Create an imported target to have clean abstraction in the build-system. - add_library(mbedcrypto STATIC IMPORTED) --set_property(TARGET mbedcrypto PROPERTY IMPORTED_LOCATION "${MBEDTLS_INSTALL_PATH}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}mbedcrypto${CMAKE_STATIC_LIBRARY_SUFFIX}") --set_property(TARGET mbedcrypto PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${MBEDTLS_INSTALL_PATH}/include") -+set_property(DIRECTORY ${CMAKE_SOURCE_DIR} APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS ${MBEDCRYPTO_LIB_FILE}) -+set_property(TARGET mbedcrypto PROPERTY IMPORTED_LOCATION ${MBEDCRYPTO_LIB_FILE}) -+set_property(TARGET mbedcrypto PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${MBEDTLS_INSTALL_DIR}/include") diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0034-Fix-format-specifier-in-logging_caller.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0034-Fix-format-specifier-in-logging_caller.patch deleted file mode 100644 index 75fa7c2ad4..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0034-Fix-format-specifier-in-logging_caller.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 131bb3c577fff93ff9ba6f5e7d450f727fec0e62 Mon Sep 17 00:00:00 2001 -From: Julian Hall <julian.hall@arm.com> -Date: Fri, 11 Feb 2022 12:30:45 +0000 -Subject: [PATCH] Fix format specifier in logging_caller - -A previous change increased the width of the opstatus value -returned by an rpc endpoint from 32 to 64 bits. This change -corrects the printf format specifier in the rpc logging_caller -that corresponds to logging the opstatus value. - -Signed-off-by: Julian Hall <julian.hall@arm.com> -Change-Id: Ie695a6bf8cf8014317b85196d7b933d344782b2c - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> - - ---- - components/rpc/common/logging/logging_caller.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/components/rpc/common/logging/logging_caller.c b/components/rpc/common/logging/logging_caller.c -index 07c33de5..cac03f2f 100644 ---- a/components/rpc/common/logging/logging_caller.c -+++ b/components/rpc/common/logging/logging_caller.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -87,7 +87,7 @@ static rpc_status_t call_invoke(void *context, rpc_call_handle handle, uint32_t - - if (status == TS_RPC_CALL_ACCEPTED) { - -- fprintf(this_instance->log_file, "op_status: %d\n", *opstatus); -+ fprintf(this_instance->log_file, "op_status: %ld\n", *opstatus); - fprintf(this_instance->log_file, "resp_len: %ld\n", *resp_len); - } - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0035-Update-refspecs-for-mbedtls-and-psa-arch-tests-for-v.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0035-Update-refspecs-for-mbedtls-and-psa-arch-tests-for-v.patch deleted file mode 100644 index 01b99d3ef3..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0035-Update-refspecs-for-mbedtls-and-psa-arch-tests-for-v.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 7aa9796020487ce32746c25934ce20829acc462c Mon Sep 17 00:00:00 2001 -From: Julian Hall <julian.hall@arm.com> -Date: Fri, 11 Feb 2022 13:42:59 +0000 -Subject: [PATCH] Update refspecs for mbedtls and psa-arch-tests for v3.1.0 - -Updates external component refspecs to use mbedtls 3.1.0 and -compatible API tests from psa-arch-test. - -Signed-off-by: Julian Hall <julian.hall@arm.com> -Change-Id: I1b5cebd7de3c1885f5f8a8ea21ba5e4c52aefaf4 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> - - ---- - external/MbedTLS/MbedTLS.cmake | 2 +- - external/psa_arch_tests/psa_arch_tests.cmake | 17 ++++++----------- - 2 files changed, 7 insertions(+), 12 deletions(-) - -diff --git a/external/MbedTLS/MbedTLS.cmake b/external/MbedTLS/MbedTLS.cmake -index 935be765..3350d8a0 100644 ---- a/external/MbedTLS/MbedTLS.cmake -+++ b/external/MbedTLS/MbedTLS.cmake -@@ -7,7 +7,7 @@ - - set(MBEDTLS_URL "https://github.com/ARMmbed/mbedtls.git" - CACHE STRING "Mbed TLS repository URL") --set(MBEDTLS_REFSPEC "mbedtls-3.0.0" -+set(MBEDTLS_REFSPEC "mbedtls-3.1.0" - CACHE STRING "Mbed TLS git refspec") - set(MBEDTLS_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/mbedtls-src" - CACHE PATH "MbedTLS source directory") -diff --git a/external/psa_arch_tests/psa_arch_tests.cmake b/external/psa_arch_tests/psa_arch_tests.cmake -index e6ab73f7..f6d2fb9f 100644 ---- a/external/psa_arch_tests/psa_arch_tests.cmake -+++ b/external/psa_arch_tests/psa_arch_tests.cmake -@@ -5,20 +5,15 @@ - # - #------------------------------------------------------------------------------- - --# Determine the number of processes to run while running parallel builds. --# Pass -DPROCESSOR_COUNT=<n> to cmake to override. --if(NOT DEFINED PROCESSOR_COUNT) -- include(ProcessorCount) -- ProcessorCount(PROCESSOR_COUNT) -- set(PROCESSOR_COUNT ${PROCESSOR_COUNT} CACHE STRING "Number of cores to use for parallel builds.") --endif() -+# Temporarily using modified tests used for tf-m verification -+set(PSA_ARCH_TESTS_URL "https://github.com/bensze01/psa-arch-tests.git" CACHE STRING "psa-arch-tests repository URL") -+set(PSA_ARCH_TESTS_REFSPEC "fix-multipart-aead" CACHE STRING "psa-arch-tests git refspec") - --set(PSA_ARCH_TESTS_URL "https://github.com/ARM-software/psa-arch-tests.git" CACHE STRING "psa-arch-tests repository URL") --set(PSA_ARCH_TESTS_REFSPEC "master" CACHE STRING "psa-arch-tests git refspec") -+#set(PSA_ARCH_TESTS_URL "https://github.com/ARM-software/psa-arch-tests.git" CACHE STRING "psa-arch-tests repository URL") -+#set(PSA_ARCH_TESTS_REFSPEC "2a1852252a9b9af655cbe02d5d3c930952d0d798" CACHE STRING "psa-arch-tests v22.01_API1.4_ADAC_BETA") - set(PSA_ARCH_TESTS_INSTALL_PATH "${CMAKE_CURRENT_BINARY_DIR}/psa-arch-tests_install" CACHE PATH "psa-arch-tests installation directory") - set(PSA_ARCH_TESTS_PACKAGE_PATH "${PSA_ARCH_TESTS_INSTALL_PATH}/libpsa-arch-tests/cmake" CACHE PATH "psa-arch-tests CMake package directory") -- --include(FetchContent) -+set(PSA_ARCH_TESTS_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/psa_arch_tests-src" CACHE PATH "psa-arch-tests source.") - - # Checking git - find_program(GIT_COMMAND "git") diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0036-Separate-sign-verify-message-and-hash-operations.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0036-Separate-sign-verify-message-and-hash-operations.patch deleted file mode 100644 index ae78f41a01..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0036-Separate-sign-verify-message-and-hash-operations.patch +++ /dev/null @@ -1,1080 +0,0 @@ -From b160f734006f4959d92377dc3aa8eabc3ac7c1da Mon Sep 17 00:00:00 2001 -From: Julian Hall <julian.hall@arm.com> -Date: Fri, 11 Feb 2022 14:08:13 +0000 -Subject: [PATCH] Separate sign/verify message and hash operations - -Previous versions of mbedtls didn't distinguish between -asymmetric sign and verify operations on a hash or message. -They are now treated as separate operations from a usage -control perspective. This change makes the corresponding -hash/message sepration in client and service provider -components. - -Signed-off-by: Julian Hall <julian.hall@arm.com> -Change-Id: Ic0041c694c026522c9b00c974d22261e9e2feadd - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> - - ---- - .../caller/packed-c/crypto_caller_sign_hash.h | 29 +++++++- - .../packed-c/crypto_caller_verify_hash.h | 33 ++++++++- - .../caller/stub/crypto_caller_sign_hash.h | 11 ++- - .../caller/stub/crypto_caller_verify_hash.h | 11 ++- - .../service/crypto/client/cpp/crypto_client.h | 17 ++++- - .../packed-c/packedc_crypto_client.cpp | 22 +++++- - .../protocol/packed-c/packedc_crypto_client.h | 17 ++++- - .../protobuf/protobuf_crypto_client.cpp | 43 ++++++++++- - .../protobuf/protobuf_crypto_client.h | 27 ++++++- - .../crypto/client/psa/psa_sign_message.c | 24 +++--- - .../crypto/client/psa/psa_verify_message.c | 24 +++--- - .../service/crypto/provider/crypto_provider.c | 40 ++++++---- - .../serializer/crypto_provider_serializer.h | 6 +- - .../packedc_crypto_provider_serializer.c | 12 +-- - .../protobuf/pb_crypto_provider_serializer.c | 74 +++++++++---------- - .../check_crypto_opcode_alignment.cpp | 25 ++++--- - .../test/service/crypto_service_scenarios.cpp | 56 +++++++++++++- - .../test/service/crypto_service_scenarios.h | 3 +- - .../packed-c/crypto_service_packedc_tests.cpp | 7 +- - .../crypto_service_protobuf_tests.cpp | 7 +- - protocols/service/crypto/packed-c/opcodes.h | 4 +- - .../service/crypto/protobuf/opcodes.proto | 4 +- - 22 files changed, 366 insertions(+), 130 deletions(-) - -diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/packed-c/crypto_caller_sign_hash.h -index e807773e..4a9ed20d 100644 ---- a/components/service/crypto/client/caller/packed-c/crypto_caller_sign_hash.h -+++ b/components/service/crypto/client/caller/packed-c/crypto_caller_sign_hash.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -20,7 +20,8 @@ - extern "C" { - #endif - --static inline psa_status_t crypto_caller_sign_hash(struct service_client *context, -+static inline psa_status_t crypto_caller_asym_sign_commom(struct service_client *context, -+ uint32_t opcode, - psa_key_id_t id, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, -@@ -60,7 +61,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex - - context->rpc_status = - rpc_caller_invoke(context->caller, call_handle, -- TS_CRYPTO_OPCODE_SIGN_HASH, &opstatus, &resp_buf, &resp_len); -+ opcode, &opstatus, &resp_buf, &resp_len); - - if (context->rpc_status == TS_RPC_CALL_ACCEPTED) { - -@@ -98,6 +99,28 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex - return psa_status; - } - -+static inline psa_status_t crypto_caller_sign_hash(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, size_t hash_length, -+ uint8_t *signature, size_t signature_size, size_t *signature_length) -+{ -+ return crypto_caller_asym_sign_commom(context, TS_CRYPTO_OPCODE_SIGN_HASH, -+ id, alg, hash, hash_length, -+ signature, signature_size, signature_length); -+} -+ -+static inline psa_status_t crypto_caller_sign_message(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, size_t hash_length, -+ uint8_t *signature, size_t signature_size, size_t *signature_length) -+{ -+ return crypto_caller_asym_sign_commom(context, TS_CRYPTO_OPCODE_SIGN_MESSAGE, -+ id, alg, hash, hash_length, -+ signature, signature_size, signature_length); -+} -+ - #ifdef __cplusplus - } - #endif -diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/packed-c/crypto_caller_verify_hash.h -index 47152946..daa11330 100644 ---- a/components/service/crypto/client/caller/packed-c/crypto_caller_verify_hash.h -+++ b/components/service/crypto/client/caller/packed-c/crypto_caller_verify_hash.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -20,7 +20,8 @@ - extern "C" { - #endif - --static inline psa_status_t crypto_caller_verify_hash(struct service_client *context, -+static inline psa_status_t crypto_caller_asym_verify_common(struct service_client *context, -+ uint32_t opcode, - psa_key_id_t id, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, -@@ -65,7 +66,7 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont - - context->rpc_status = - rpc_caller_invoke(context->caller, call_handle, -- TS_CRYPTO_OPCODE_VERIFY_HASH, &opstatus, &resp_buf, &resp_len); -+ opcode, &opstatus, &resp_buf, &resp_len); - - if (context->rpc_status == TS_RPC_CALL_ACCEPTED) psa_status = opstatus; - -@@ -75,6 +76,32 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont - return psa_status; - } - -+static inline psa_status_t crypto_caller_verify_hash(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, size_t hash_length, -+ const uint8_t *signature, size_t signature_length) -+{ -+ return crypto_caller_asym_verify_common(context, -+ TS_CRYPTO_OPCODE_VERIFY_HASH, -+ id, alg, -+ hash, hash_length, -+ signature, signature_length); -+} -+ -+static inline psa_status_t crypto_caller_verify_message(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *input, size_t input_length, -+ const uint8_t *signature, size_t signature_length) -+{ -+ return crypto_caller_asym_verify_common(context, -+ TS_CRYPTO_OPCODE_VERIFY_MESSAGE, -+ id, alg, -+ input, input_length, -+ signature, signature_length); -+} -+ - #ifdef __cplusplus - } - #endif -diff --git a/components/service/crypto/client/caller/stub/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/stub/crypto_caller_sign_hash.h -index d09369a2..09049f5c 100644 ---- a/components/service/crypto/client/caller/stub/crypto_caller_sign_hash.h -+++ b/components/service/crypto/client/caller/stub/crypto_caller_sign_hash.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -23,6 +23,15 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex - return PSA_ERROR_NOT_SUPPORTED; - } - -+static inline psa_status_t crypto_caller_sign_message(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, size_t hash_length, -+ uint8_t *signature, size_t signature_size, size_t *signature_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ - #ifdef __cplusplus - } - #endif -diff --git a/components/service/crypto/client/caller/stub/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/stub/crypto_caller_verify_hash.h -index 20d11dcf..3f3eb878 100644 ---- a/components/service/crypto/client/caller/stub/crypto_caller_verify_hash.h -+++ b/components/service/crypto/client/caller/stub/crypto_caller_verify_hash.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -23,6 +23,15 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont - return PSA_ERROR_NOT_SUPPORTED; - } - -+static inline psa_status_t crypto_caller_verify_message(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *input, size_t input_length, -+ const uint8_t *signature, size_t signature_length) -+{ -+ return PSA_ERROR_NOT_SUPPORTED; -+} -+ - #ifdef __cplusplus - } - #endif -diff --git a/components/service/crypto/client/cpp/crypto_client.h b/components/service/crypto/client/cpp/crypto_client.h -index 2a5e5b99..ccb0714a 100644 ---- a/components/service/crypto/client/cpp/crypto_client.h -+++ b/components/service/crypto/client/cpp/crypto_client.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -57,7 +57,7 @@ public: - psa_key_id_t id, - uint8_t *data, size_t data_size, size_t *data_length) = 0; - -- /* Sign/verify methods */ -+ /* Sign/verify hash methods */ - virtual psa_status_t sign_hash( - psa_key_id_t id, - psa_algorithm_t alg, -@@ -70,6 +70,19 @@ public: - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length) = 0; - -+ /* Sign/verify message methods */ -+ virtual psa_status_t sign_message( -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *message, size_t message_length, -+ uint8_t *signature, size_t signature_size, size_t *signature_length) = 0; -+ -+ virtual psa_status_t verify_message( -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *message, size_t message_length, -+ const uint8_t *signature, size_t signature_length) = 0; -+ - /* Asymmetric encrypt/decrypt */ - virtual psa_status_t asymmetric_encrypt( - psa_key_id_t id, -diff --git a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp -index 4d9d8f41..4e10f9be 100644 ---- a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp -+++ b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -107,6 +107,26 @@ psa_status_t packedc_crypto_client::verify_hash( - signature, signature_length); - } - -+psa_status_t packedc_crypto_client::sign_message( -+ psa_key_id_t id, psa_algorithm_t alg, -+ const uint8_t *message, size_t message_length, -+ uint8_t *signature, size_t signature_size, size_t *signature_length) -+{ -+ return crypto_caller_sign_message(&m_client, id, alg, -+ message, message_length, -+ signature, signature_size, signature_length); -+} -+ -+psa_status_t packedc_crypto_client::verify_message( -+ psa_key_id_t id, psa_algorithm_t alg, -+ const uint8_t *message, size_t message_length, -+ const uint8_t *signature, size_t signature_length) -+{ -+ return crypto_caller_verify_message(&m_client, id, alg, -+ message, message_length, -+ signature, signature_length); -+} -+ - psa_status_t packedc_crypto_client::asymmetric_encrypt( - psa_key_id_t id, psa_algorithm_t alg, - const uint8_t *input, size_t input_length, -diff --git a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h -index 377b51d1..d74ba609 100644 ---- a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h -+++ b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -54,7 +54,7 @@ public: - psa_key_id_t id, - uint8_t *data, size_t data_size, size_t *data_length); - -- /* Sign/verify methods */ -+ /* Sign/verify hash methods */ - psa_status_t sign_hash( - psa_key_id_t id, - psa_algorithm_t alg, -@@ -67,6 +67,19 @@ public: - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length); - -+ /* Sign/verify message methods */ -+ psa_status_t sign_message( -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *message, size_t message_length, -+ uint8_t *signature, size_t signature_size, size_t *signature_length); -+ -+ psa_status_t verify_message( -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *message, size_t message_length, -+ const uint8_t *signature, size_t signature_length); -+ - /* Asymmetric encrypt/decrypt */ - psa_status_t asymmetric_encrypt( - psa_key_id_t id, -diff --git a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp -index 17780351..28c8f6fb 100644 ---- a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp -+++ b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp -@@ -386,6 +386,25 @@ psa_status_t protobuf_crypto_client::export_public_key(psa_key_id_t id, - psa_status_t protobuf_crypto_client::sign_hash(psa_key_id_t id, psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length) -+{ -+ return asym_sign(ts_crypto_Opcode_SIGN_HASH, id, alg, -+ hash, hash_length, -+ signature, signature_size, signature_length); -+} -+ -+psa_status_t protobuf_crypto_client::sign_message(psa_key_id_t id, psa_algorithm_t alg, -+ const uint8_t *message, size_t message_length, -+ uint8_t *signature, size_t signature_size, size_t *signature_length) -+{ -+ return asym_sign(ts_crypto_Opcode_SIGN_MESSAGE, id, alg, -+ message, message_length, -+ signature, signature_size, signature_length); -+} -+ -+psa_status_t protobuf_crypto_client::asym_sign(uint32_t opcode, -+ psa_key_id_t id, psa_algorithm_t alg, -+ const uint8_t *hash, size_t hash_length, -+ uint8_t *signature, size_t signature_size, size_t *signature_length) - { - size_t req_len; - pb_bytes_array_t *hash_byte_array = -@@ -416,7 +435,7 @@ psa_status_t protobuf_crypto_client::sign_hash(psa_key_id_t id, psa_algorithm_t - pb_encode(&ostream, ts_crypto_SignHashIn_fields, &req_msg); - - m_client.rpc_status = rpc_caller_invoke(m_client.caller, call_handle, -- ts_crypto_Opcode_SIGN_HASH, &opstatus, &resp_buf, &resp_len); -+ opcode, &opstatus, &resp_buf, &resp_len); - - if (m_client.rpc_status == TS_RPC_CALL_ACCEPTED) { - -@@ -462,10 +481,28 @@ psa_status_t protobuf_crypto_client::sign_hash(psa_key_id_t id, psa_algorithm_t - return psa_status; - } - -- - psa_status_t protobuf_crypto_client::verify_hash(psa_key_id_t id, psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length) -+{ -+ return asym_verify(ts_crypto_Opcode_VERIFY_HASH, id, alg, -+ hash, hash_length, -+ signature, signature_length); -+} -+ -+psa_status_t protobuf_crypto_client::verify_message(psa_key_id_t id, psa_algorithm_t alg, -+ const uint8_t *message, size_t message_length, -+ const uint8_t *signature, size_t signature_length) -+{ -+ return asym_verify(ts_crypto_Opcode_VERIFY_MESSAGE, id, alg, -+ message, message_length, -+ signature, signature_length); -+} -+ -+psa_status_t protobuf_crypto_client::asym_verify(uint32_t opcode, -+ psa_key_id_t id, psa_algorithm_t alg, -+ const uint8_t *hash, size_t hash_length, -+ const uint8_t *signature, size_t signature_length) - { - size_t req_len; - pb_bytes_array_t *hash_byte_array = -@@ -497,7 +534,7 @@ psa_status_t protobuf_crypto_client::verify_hash(psa_key_id_t id, psa_algorithm_ - pb_encode(&ostream, ts_crypto_VerifyHashIn_fields, &req_msg); - - m_client.rpc_status = rpc_caller_invoke(m_client.caller, call_handle, -- ts_crypto_Opcode_VERIFY_HASH, &opstatus, &resp_buf, &resp_len); -+ opcode, &opstatus, &resp_buf, &resp_len); - - if (m_client.rpc_status == TS_RPC_CALL_ACCEPTED) psa_status = opstatus; - -diff --git a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h -index 085d9cfa..abe4439e 100644 ---- a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h -+++ b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -54,7 +54,7 @@ public: - psa_key_id_t id, - uint8_t *data, size_t data_size, size_t *data_length); - -- /* Sign/verify methods */ -+ /* Sign/verify hash methods */ - psa_status_t sign_hash( - psa_key_id_t id, - psa_algorithm_t alg, -@@ -67,6 +67,19 @@ public: - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length); - -+ /* Sign/verify message methods */ -+ psa_status_t sign_message( -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *message, size_t message_length, -+ uint8_t *signature, size_t signature_size, size_t *signature_length); -+ -+ psa_status_t verify_message( -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *message, size_t message_length, -+ const uint8_t *signature, size_t signature_length); -+ - /* Asymmetric encrypt/decrypt */ - psa_status_t asymmetric_encrypt( - psa_key_id_t id, -@@ -221,6 +234,16 @@ public: - - private: - -+ psa_status_t asym_sign(uint32_t opcode, -+ psa_key_id_t id, psa_algorithm_t alg, -+ const uint8_t *hash, size_t hash_length, -+ uint8_t *signature, size_t signature_size, size_t *signature_length); -+ -+ psa_status_t asym_verify(uint32_t opcode, -+ psa_key_id_t id, psa_algorithm_t alg, -+ const uint8_t *hash, size_t hash_length, -+ const uint8_t *signature, size_t signature_length); -+ - void translate_key_attributes( - ts_crypto_KeyAttributes &proto_attributes, - const psa_key_attributes_t &psa_attributes); -diff --git a/components/service/crypto/client/psa/psa_sign_message.c b/components/service/crypto/client/psa/psa_sign_message.c -index dc2f7e80..b6446253 100644 ---- a/components/service/crypto/client/psa/psa_sign_message.c -+++ b/components/service/crypto/client/psa/psa_sign_message.c -@@ -1,13 +1,15 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - - #include <psa/crypto.h> -+#include "psa_crypto_client.h" -+#include "crypto_caller_selector.h" - - psa_status_t psa_sign_message( -- psa_key_id_t key, -+ psa_key_id_t id, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, -@@ -15,19 +17,11 @@ psa_status_t psa_sign_message( - size_t signature_size, - size_t *signature_length) - { -- size_t hash_len; -- uint8_t hash[PSA_HASH_MAX_SIZE]; -+ if (psa_crypto_client_instance.init_status != PSA_SUCCESS) -+ return psa_crypto_client_instance.init_status; - -- psa_status_t psa_status = psa_hash_compute(PSA_ALG_SIGN_GET_HASH(alg), -+ return crypto_caller_sign_message(&psa_crypto_client_instance.base, -+ id, alg, - input, input_length, -- hash, sizeof(hash), &hash_len); -- -- if (psa_status == PSA_SUCCESS) { -- -- psa_status = psa_sign_hash(key, alg, -- hash, hash_len, -- signature, signature_size, signature_length); -- } -- -- return psa_status; -+ signature, signature_size, signature_length); - } -diff --git a/components/service/crypto/client/psa/psa_verify_message.c b/components/service/crypto/client/psa/psa_verify_message.c -index d0fbc7c8..57c2c5e8 100644 ---- a/components/service/crypto/client/psa/psa_verify_message.c -+++ b/components/service/crypto/client/psa/psa_verify_message.c -@@ -1,32 +1,26 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ - - #include <psa/crypto.h> -+#include "psa_crypto_client.h" -+#include "crypto_caller_selector.h" - - psa_status_t psa_verify_message( -- psa_key_id_t key, -+ psa_key_id_t id, - psa_algorithm_t alg, - const uint8_t *input, - size_t input_length, - const uint8_t * signature, - size_t signature_length) - { -- size_t hash_len; -- uint8_t hash[PSA_HASH_MAX_SIZE]; -+ if (psa_crypto_client_instance.init_status != PSA_SUCCESS) -+ return psa_crypto_client_instance.init_status; - -- psa_status_t psa_status = psa_hash_compute(PSA_ALG_SIGN_GET_HASH(alg), -+ return crypto_caller_verify_message(&psa_crypto_client_instance.base, -+ id, alg, - input, input_length, -- hash, sizeof(hash), &hash_len); -- -- if (psa_status == PSA_SUCCESS) { -- -- psa_status = psa_verify_hash(key, alg, -- hash, hash_len, -- signature, signature_length); -- } -- -- return psa_status; -+ signature, signature_length); - } -diff --git a/components/service/crypto/provider/crypto_provider.c b/components/service/crypto/provider/crypto_provider.c -index d0fc7cac..67a5b340 100644 ---- a/components/service/crypto/provider/crypto_provider.c -+++ b/components/service/crypto/provider/crypto_provider.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -16,8 +16,8 @@ static rpc_status_t destroy_key_handler(void *context, struct call_req* req); - static rpc_status_t export_key_handler(void *context, struct call_req* req); - static rpc_status_t export_public_key_handler(void *context, struct call_req* req); - static rpc_status_t import_key_handler(void *context, struct call_req* req); --static rpc_status_t sign_hash_handler(void *context, struct call_req* req); --static rpc_status_t verify_hash_handler(void *context, struct call_req* req); -+static rpc_status_t asymmetric_sign_handler(void *context, struct call_req* req); -+static rpc_status_t asymmetric_verify_handler(void *context, struct call_req* req); - static rpc_status_t asymmetric_decrypt_handler(void *context, struct call_req* req); - static rpc_status_t asymmetric_encrypt_handler(void *context, struct call_req* req); - static rpc_status_t generate_random_handler(void *context, struct call_req* req); -@@ -32,14 +32,16 @@ static const struct service_handler handler_table[] = { - {TS_CRYPTO_OPCODE_EXPORT_KEY, export_key_handler}, - {TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, export_public_key_handler}, - {TS_CRYPTO_OPCODE_IMPORT_KEY, import_key_handler}, -- {TS_CRYPTO_OPCODE_SIGN_HASH, sign_hash_handler}, -- {TS_CRYPTO_OPCODE_VERIFY_HASH, verify_hash_handler}, -+ {TS_CRYPTO_OPCODE_SIGN_HASH, asymmetric_sign_handler}, -+ {TS_CRYPTO_OPCODE_VERIFY_HASH, asymmetric_verify_handler}, - {TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, asymmetric_decrypt_handler}, - {TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, asymmetric_encrypt_handler}, - {TS_CRYPTO_OPCODE_GENERATE_RANDOM, generate_random_handler}, - {TS_CRYPTO_OPCODE_COPY_KEY, copy_key_handler}, - {TS_CRYPTO_OPCODE_PURGE_KEY, purge_key_handler}, - {TS_CRYPTO_OPCODE_GET_KEY_ATTRIBUTES, get_key_attributes_handler}, -+ {TS_CRYPTO_OPCODE_SIGN_MESSAGE, asymmetric_sign_handler}, -+ {TS_CRYPTO_OPCODE_VERIFY_MESSAGE, asymmetric_verify_handler}, - }; - - struct rpc_interface *crypto_provider_init(struct crypto_provider *context) -@@ -272,7 +274,7 @@ static rpc_status_t import_key_handler(void *context, struct call_req* req) - return rpc_status; - } - --static rpc_status_t sign_hash_handler(void *context, struct call_req* req) -+static rpc_status_t asymmetric_sign_handler(void *context, struct call_req* req) - { - rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED; - struct call_param_buf *req_buf = call_req_get_req_buf(req); -@@ -284,7 +286,7 @@ static rpc_status_t sign_hash_handler(void *context, struct call_req* req) - uint8_t hash_buffer[PSA_HASH_MAX_SIZE]; - - if (serializer) -- rpc_status = serializer->deserialize_sign_hash_req(req_buf, &id, &alg, hash_buffer, &hash_len); -+ rpc_status = serializer->deserialize_asymmetric_sign_req(req_buf, &id, &alg, hash_buffer, &hash_len); - - if (rpc_status == TS_RPC_CALL_ACCEPTED) { - -@@ -292,14 +294,16 @@ static rpc_status_t sign_hash_handler(void *context, struct call_req* req) - size_t sig_len; - uint8_t sig_buffer[PSA_SIGNATURE_MAX_SIZE]; - -- psa_status = psa_sign_hash(id, alg, -- hash_buffer, hash_len, -- sig_buffer, sizeof(sig_buffer), &sig_len); -+ psa_status = (call_req_get_opcode(req) == TS_CRYPTO_OPCODE_SIGN_HASH) ? -+ psa_sign_hash(id, alg, hash_buffer, hash_len, -+ sig_buffer, sizeof(sig_buffer), &sig_len) : -+ psa_sign_message(id, alg, hash_buffer, hash_len, -+ sig_buffer, sizeof(sig_buffer), &sig_len); - - if (psa_status == PSA_SUCCESS) { - - struct call_param_buf *resp_buf = call_req_get_resp_buf(req); -- rpc_status = serializer->serialize_sign_hash_resp(resp_buf, sig_buffer, sig_len); -+ rpc_status = serializer->serialize_asymmetric_sign_resp(resp_buf, sig_buffer, sig_len); - } - - call_req_set_opstatus(req, psa_status); -@@ -308,7 +312,7 @@ static rpc_status_t sign_hash_handler(void *context, struct call_req* req) - return rpc_status; - } - --static rpc_status_t verify_hash_handler(void *context, struct call_req* req) -+static rpc_status_t asymmetric_verify_handler(void *context, struct call_req* req) - { - rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED; - struct call_param_buf *req_buf = call_req_get_req_buf(req); -@@ -322,7 +326,7 @@ static rpc_status_t verify_hash_handler(void *context, struct call_req* req) - uint8_t sig_buffer[PSA_SIGNATURE_MAX_SIZE]; - - if (serializer) -- rpc_status = serializer->deserialize_verify_hash_req(req_buf, &id, &alg, -+ rpc_status = serializer->deserialize_asymmetric_verify_req(req_buf, &id, &alg, - hash_buffer, &hash_len, - sig_buffer, &sig_len); - -@@ -330,9 +334,13 @@ static rpc_status_t verify_hash_handler(void *context, struct call_req* req) - - psa_status_t psa_status; - -- psa_status = psa_verify_hash(id, alg, -- hash_buffer, hash_len, -- sig_buffer, sig_len); -+ psa_status = (call_req_get_opcode(req) == TS_CRYPTO_OPCODE_VERIFY_HASH) ? -+ psa_verify_hash(id, alg, -+ hash_buffer, hash_len, -+ sig_buffer, sig_len) : -+ psa_verify_message(id, alg, -+ hash_buffer, hash_len, -+ sig_buffer, sig_len); - - call_req_set_opstatus(req, psa_status); - } -diff --git a/components/service/crypto/provider/serializer/crypto_provider_serializer.h b/components/service/crypto/provider/serializer/crypto_provider_serializer.h -index 68940cae..57364f24 100644 ---- a/components/service/crypto/provider/serializer/crypto_provider_serializer.h -+++ b/components/service/crypto/provider/serializer/crypto_provider_serializer.h -@@ -79,15 +79,15 @@ struct crypto_provider_serializer { - const psa_key_attributes_t *attributes); - - /* Operation: sign_hash */ -- rpc_status_t (*deserialize_sign_hash_req)(const struct call_param_buf *req_buf, -+ rpc_status_t (*deserialize_asymmetric_sign_req)(const struct call_param_buf *req_buf, - psa_key_id_t *id, psa_algorithm_t *alg, - uint8_t *hash, size_t *hash_len); - -- rpc_status_t (*serialize_sign_hash_resp)(struct call_param_buf *resp_buf, -+ rpc_status_t (*serialize_asymmetric_sign_resp)(struct call_param_buf *resp_buf, - const uint8_t *sig, size_t sig_len); - - /* Operation: verify_hash */ -- rpc_status_t (*deserialize_verify_hash_req)(const struct call_param_buf *req_buf, -+ rpc_status_t (*deserialize_asymmetric_verify_req)(const struct call_param_buf *req_buf, - psa_key_id_t *id, psa_algorithm_t *alg, - uint8_t *hash, size_t *hash_len, - uint8_t *sig, size_t *sig_len); -diff --git a/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c b/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c -index c70db865..4a7e59f0 100644 ---- a/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c -+++ b/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c -@@ -333,7 +333,7 @@ static rpc_status_t serialize_get_key_attributes_resp(struct call_param_buf *res - } - - /* Operation: sign_hash */ --static rpc_status_t deserialize_sign_hash_req(const struct call_param_buf *req_buf, -+static rpc_status_t deserialize_asymmetric_sign_req(const struct call_param_buf *req_buf, - psa_key_id_t *id, psa_algorithm_t *alg, - uint8_t *hash, size_t *hash_len) - { -@@ -378,7 +378,7 @@ static rpc_status_t deserialize_sign_hash_req(const struct call_param_buf *req_b - return rpc_status; - } - --static rpc_status_t serialize_sign_hash_resp(struct call_param_buf *resp_buf, -+static rpc_status_t serialize_asymmetric_sign_resp(struct call_param_buf *resp_buf, - const uint8_t *sig, size_t sig_len) - { - rpc_status_t rpc_status = TS_RPC_ERROR_INTERNAL; -@@ -401,7 +401,7 @@ static rpc_status_t serialize_sign_hash_resp(struct call_param_buf *resp_buf, - } - - /* Operation: verify_hash */ --static rpc_status_t deserialize_verify_hash_req(const struct call_param_buf *req_buf, -+static rpc_status_t deserialize_asymmetric_verify_req(const struct call_param_buf *req_buf, - psa_key_id_t *id, psa_algorithm_t *alg, - uint8_t *hash, size_t *hash_len, - uint8_t *sig, size_t *sig_len) -@@ -695,9 +695,9 @@ const struct crypto_provider_serializer *packedc_crypto_provider_serializer_inst - deserialize_purge_key_req, - deserialize_get_key_attributes_req, - serialize_get_key_attributes_resp, -- deserialize_sign_hash_req, -- serialize_sign_hash_resp, -- deserialize_verify_hash_req, -+ deserialize_asymmetric_sign_req, -+ serialize_asymmetric_sign_resp, -+ deserialize_asymmetric_verify_req, - deserialize_asymmetric_decrypt_req, - serialize_asymmetric_decrypt_resp, - deserialize_asymmetric_encrypt_req, -diff --git a/components/service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.c b/components/service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.c -index 7767d20a..083a581a 100644 ---- a/components/service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.c -+++ b/components/service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.c -@@ -267,9 +267,9 @@ static rpc_status_t serialize_get_key_attributes_resp(struct call_param_buf *res - } - - /* Operation: sign_hash */ --static rpc_status_t deserialize_sign_hash_req(const struct call_param_buf *req_buf, -- psa_key_id_t *id, psa_algorithm_t *alg, -- uint8_t *hash, size_t *hash_len) -+static rpc_status_t deserialize_asymmetric_sign_req(const struct call_param_buf *req_buf, -+ psa_key_id_t *id, psa_algorithm_t *alg, -+ uint8_t *hash, size_t *hash_len) - { - rpc_status_t rpc_status = TS_RPC_ERROR_INVALID_REQ_BODY; - ts_crypto_SignHashIn recv_msg = ts_crypto_SignHashIn_init_default; -@@ -295,8 +295,8 @@ static rpc_status_t deserialize_sign_hash_req(const struct call_param_buf *req_b - return rpc_status; - } - --static rpc_status_t serialize_sign_hash_resp(struct call_param_buf *resp_buf, -- const uint8_t *sig, size_t sig_len) -+static rpc_status_t serialize_asymmetric_sign_resp(struct call_param_buf *resp_buf, -+ const uint8_t *sig, size_t sig_len) - { - size_t packed_resp_size; - rpc_status_t rpc_status = TS_RPC_ERROR_INTERNAL; -@@ -323,10 +323,10 @@ static rpc_status_t serialize_sign_hash_resp(struct call_param_buf *resp_buf, - } - - /* Operation: verify_hash */ --static rpc_status_t deserialize_verify_hash_req(const struct call_param_buf *req_buf, -- psa_key_id_t *id, psa_algorithm_t *alg, -- uint8_t *hash, size_t *hash_len, -- uint8_t *sig, size_t *sig_len) -+static rpc_status_t deserialize_asymmetric_verify_req(const struct call_param_buf *req_buf, -+ psa_key_id_t *id, psa_algorithm_t *alg, -+ uint8_t *hash, size_t *hash_len, -+ uint8_t *sig, size_t *sig_len) - { - rpc_status_t rpc_status = TS_RPC_ERROR_INVALID_REQ_BODY; - ts_crypto_VerifyHashIn recv_msg = ts_crypto_VerifyHashIn_init_default; -@@ -538,32 +538,32 @@ static rpc_status_t serialize_generate_random_resp(struct call_param_buf *resp_b - /* Singleton method to provide access to the serializer instance */ - const struct crypto_provider_serializer *pb_crypto_provider_serializer_instance(void) - { -- static const struct crypto_provider_serializer instance = { -- max_deserialised_parameter_size, -- deserialize_generate_key_req, -- serialize_generate_key_resp, -- deserialize_destroy_key_req, -- deserialize_export_key_req, -- serialize_export_key_resp, -- deserialize_export_public_key_req, -- serialize_export_public_key_resp, -- deserialize_import_key_req, -- serialize_import_key_resp, -- deserialize_copy_key_req, -- serialize_copy_key_resp, -- deserialize_purge_key_req, -- deserialize_get_key_attributes_req, -- serialize_get_key_attributes_resp, -- deserialize_sign_hash_req, -- serialize_sign_hash_resp, -- deserialize_verify_hash_req, -- deserialize_asymmetric_decrypt_req, -- serialize_asymmetric_decrypt_resp, -- deserialize_asymmetric_encrypt_req, -- serialize_asymmetric_encrypt_resp, -- deserialize_generate_random_req, -- serialize_generate_random_resp -- }; -- -- return &instance; -+ static const struct crypto_provider_serializer instance = { -+ max_deserialised_parameter_size, -+ deserialize_generate_key_req, -+ serialize_generate_key_resp, -+ deserialize_destroy_key_req, -+ deserialize_export_key_req, -+ serialize_export_key_resp, -+ deserialize_export_public_key_req, -+ serialize_export_public_key_resp, -+ deserialize_import_key_req, -+ serialize_import_key_resp, -+ deserialize_copy_key_req, -+ serialize_copy_key_resp, -+ deserialize_purge_key_req, -+ deserialize_get_key_attributes_req, -+ serialize_get_key_attributes_resp, -+ deserialize_asymmetric_sign_req, -+ serialize_asymmetric_sign_resp, -+ deserialize_asymmetric_verify_req, -+ deserialize_asymmetric_decrypt_req, -+ serialize_asymmetric_decrypt_resp, -+ deserialize_asymmetric_encrypt_req, -+ serialize_asymmetric_encrypt_resp, -+ deserialize_generate_random_req, -+ serialize_generate_random_resp -+ }; -+ -+ return &instance; - } -diff --git a/components/service/crypto/test/protocol/check_crypto_opcode_alignment.cpp b/components/service/crypto/test/protocol/check_crypto_opcode_alignment.cpp -index bd6c66ee..da01abf4 100644 ---- a/components/service/crypto/test/protocol/check_crypto_opcode_alignment.cpp -+++ b/components/service/crypto/test/protocol/check_crypto_opcode_alignment.cpp -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -18,15 +18,16 @@ TEST_GROUP(CryptoProtocolOpcodeChecks) - - TEST(CryptoProtocolOpcodeChecks, checkPackedcToProtobuf) - { -- CHECK_EQUAL(TS_CRYPTO_OPCODE_GENERATE_KEY, ts_crypto_Opcode_GENERATE_KEY); -- CHECK_EQUAL(TS_CRYPTO_OPCODE_DESTROY_KEY, ts_crypto_Opcode_DESTROY_KEY); -- CHECK_EQUAL(TS_CRYPTO_OPCODE_EXPORT_KEY, ts_crypto_Opcode_EXPORT_KEY); -- CHECK_EQUAL(TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, ts_crypto_Opcode_EXPORT_PUBLIC_KEY); -- CHECK_EQUAL(TS_CRYPTO_OPCODE_IMPORT_KEY, ts_crypto_Opcode_IMPORT_KEY); -- CHECK_EQUAL(TS_CRYPTO_OPCODE_SIGN_HASH, ts_crypto_Opcode_SIGN_HASH); -- CHECK_EQUAL(TS_CRYPTO_OPCODE_VERIFY_HASH, ts_crypto_Opcode_VERIFY_HASH); -- CHECK_EQUAL(TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, ts_crypto_Opcode_ASYMMETRIC_DECRYPT); -- CHECK_EQUAL(TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, ts_crypto_Opcode_ASYMMETRIC_ENCRYPT); -- CHECK_EQUAL(TS_CRYPTO_OPCODE_GENERATE_RANDOM, ts_crypto_Opcode_GENERATE_RANDOM); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_GENERATE_KEY, ts_crypto_Opcode_GENERATE_KEY); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_DESTROY_KEY, ts_crypto_Opcode_DESTROY_KEY); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_EXPORT_KEY, ts_crypto_Opcode_EXPORT_KEY); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, ts_crypto_Opcode_EXPORT_PUBLIC_KEY); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_IMPORT_KEY, ts_crypto_Opcode_IMPORT_KEY); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_SIGN_HASH, ts_crypto_Opcode_SIGN_HASH); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_VERIFY_HASH, ts_crypto_Opcode_VERIFY_HASH); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, ts_crypto_Opcode_ASYMMETRIC_DECRYPT); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, ts_crypto_Opcode_ASYMMETRIC_ENCRYPT); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_GENERATE_RANDOM, ts_crypto_Opcode_GENERATE_RANDOM); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_SIGN_MESSAGE, ts_crypto_Opcode_SIGN_MESSAGE); -+ CHECK_EQUAL(TS_CRYPTO_OPCODE_VERIFY_MESSAGE, ts_crypto_Opcode_VERIFY_MESSAGE); - } -- -diff --git a/components/service/crypto/test/service/crypto_service_scenarios.cpp b/components/service/crypto/test/service/crypto_service_scenarios.cpp -index ec2c6736..b3345551 100644 ---- a/components/service/crypto/test/service/crypto_service_scenarios.cpp -+++ b/components/service/crypto/test/service/crypto_service_scenarios.cpp -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -290,6 +290,56 @@ void crypto_service_scenarios::signAndVerifyHash() - CHECK_EQUAL(PSA_SUCCESS, status); - } - -+void crypto_service_scenarios::signAndVerifyMessage() -+{ -+ psa_status_t status; -+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; -+ psa_key_id_t key_id; -+ -+ psa_set_key_id(&attributes, 14); -+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE); -+ psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)); -+ psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); -+ psa_set_key_bits(&attributes, 256); -+ -+ /* Generate a key */ -+ status = m_crypto_client->generate_key(&attributes, &key_id); -+ CHECK_EQUAL(PSA_SUCCESS, status); -+ -+ psa_reset_key_attributes(&attributes); -+ -+ /* Sign a message */ -+ uint8_t message[21]; -+ uint8_t signature[PSA_SIGNATURE_MAX_SIZE]; -+ size_t signature_length; -+ -+ memset(message, 0x99, sizeof(message)); -+ -+ status = m_crypto_client->sign_message(key_id, -+ PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), message, sizeof(message), -+ signature, sizeof(signature), &signature_length); -+ -+ CHECK_EQUAL(PSA_SUCCESS, status); -+ CHECK(signature_length > 0); -+ -+ /* Verify the signature */ -+ status = m_crypto_client->verify_message(key_id, -+ PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), message, sizeof(message), -+ signature, signature_length); -+ CHECK_EQUAL(PSA_SUCCESS, status); -+ -+ /* Change the message and expect verify to fail */ -+ message[0] = 0x72; -+ status = m_crypto_client->verify_message(key_id, -+ PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), message, sizeof(message), -+ signature, signature_length); -+ CHECK_EQUAL(PSA_ERROR_INVALID_SIGNATURE, status); -+ -+ /* Remove the key */ -+ status = m_crypto_client->destroy_key(key_id); -+ CHECK_EQUAL(PSA_SUCCESS, status); -+} -+ - void crypto_service_scenarios::signAndVerifyEat() - { - /* Sign and verify a hash using EAT key type and algorithm */ -@@ -348,7 +398,7 @@ void crypto_service_scenarios::asymEncryptDecrypt() - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id; - -- psa_set_key_id(&attributes, 14); -+ psa_set_key_id(&attributes, 15); - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); - psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT); - psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR); -@@ -394,7 +444,7 @@ void crypto_service_scenarios::asymEncryptDecryptWithSalt() - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id; - -- psa_set_key_id(&attributes, 15); -+ psa_set_key_id(&attributes, 16); - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); - psa_set_key_algorithm(&attributes, PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR); -diff --git a/components/service/crypto/test/service/crypto_service_scenarios.h b/components/service/crypto/test/service/crypto_service_scenarios.h -index c65eba26..23671644 100644 ---- a/components/service/crypto/test/service/crypto_service_scenarios.h -+++ b/components/service/crypto/test/service/crypto_service_scenarios.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -24,6 +24,7 @@ public: - void asymEncryptDecrypt(); - void asymEncryptDecryptWithSalt(); - void signAndVerifyHash(); -+ void signAndVerifyMessage(); - void signAndVerifyEat(); - void exportAndImportKeyPair(); - void exportPublicKey(); -diff --git a/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp b/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp -index 79eddfbb..ea238432 100644 ---- a/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp -+++ b/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -87,6 +87,11 @@ TEST(CryptoServicePackedcTests, signAndVerifyHash) - m_scenarios->signAndVerifyHash(); - } - -+TEST(CryptoServicePackedcTests, signAndVerifyMessage) -+{ -+ m_scenarios->signAndVerifyMessage(); -+} -+ - TEST(CryptoServicePackedcTests, signAndVerifyEat) - { - m_scenarios->signAndVerifyEat(); -diff --git a/components/service/crypto/test/service/protobuf/crypto_service_protobuf_tests.cpp b/components/service/crypto/test/service/protobuf/crypto_service_protobuf_tests.cpp -index 1230752c..c172ad4a 100644 ---- a/components/service/crypto/test/service/protobuf/crypto_service_protobuf_tests.cpp -+++ b/components/service/crypto/test/service/protobuf/crypto_service_protobuf_tests.cpp -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -77,6 +77,11 @@ TEST(CryptoServiceProtobufTests, signAndVerifyHash) - m_scenarios->signAndVerifyHash(); - } - -+TEST(CryptoServiceProtobufTests, signAndVerifyMessage) -+{ -+ m_scenarios->signAndVerifyMessage(); -+} -+ - TEST(CryptoServiceProtobufTests, asymEncryptDecrypt) - { - m_scenarios->asymEncryptDecrypt(); -diff --git a/protocols/service/crypto/packed-c/opcodes.h b/protocols/service/crypto/packed-c/opcodes.h -index a07bd57e..5aebf2fa 100644 ---- a/protocols/service/crypto/packed-c/opcodes.h -+++ b/protocols/service/crypto/packed-c/opcodes.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -25,6 +25,8 @@ - #define TS_CRYPTO_OPCODE_COPY_KEY (TS_CRYPTO_OPCODE_BASE + 13) - #define TS_CRYPTO_OPCODE_PURGE_KEY (TS_CRYPTO_OPCODE_BASE + 14) - #define TS_CRYPTO_OPCODE_GET_KEY_ATTRIBUTES (TS_CRYPTO_OPCODE_BASE + 15) -+#define TS_CRYPTO_OPCODE_SIGN_MESSAGE (TS_CRYPTO_OPCODE_BASE + 16) -+#define TS_CRYPTO_OPCODE_VERIFY_MESSAGE (TS_CRYPTO_OPCODE_BASE + 17) - - /* Hash operations */ - #define TS_CRYPTO_OPCODE_HASH_BASE (0x0200) -diff --git a/protocols/service/crypto/protobuf/opcodes.proto b/protocols/service/crypto/protobuf/opcodes.proto -index 094d3a02..ef64d044 100644 ---- a/protocols/service/crypto/protobuf/opcodes.proto -+++ b/protocols/service/crypto/protobuf/opcodes.proto -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - * SPDX-License-Identifier: BSD-3-Clause - */ - syntax = "proto3"; -@@ -18,4 +18,6 @@ enum Opcode { - ASYMMETRIC_DECRYPT = 0x010a; - ASYMMETRIC_ENCRYPT = 0x010b; - GENERATE_RANDOM = 0x010c; -+ SIGN_MESSAGE = 0x0110; -+ VERIFY_MESSAGE = 0x0111; - } diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0037-Add-defence-against-uninitialised-multi-part-transac.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0037-Add-defence-against-uninitialised-multi-part-transac.patch deleted file mode 100644 index a56e0f8813..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0037-Add-defence-against-uninitialised-multi-part-transac.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 9a83c32964ee2b1ecb7b36b4c08466202efd3bf2 Mon Sep 17 00:00:00 2001 -From: Julian Hall <julian.hall@arm.com> -Date: Fri, 11 Feb 2022 14:19:26 +0000 -Subject: [PATCH] Add defence against uninitialised multi-part transaction - -Adds checks for the condition where there is an attempt to -setup a multi-part transaction without first initialising -transaction state. - -Signed-off-by: Julian Hall <julian.hall@arm.com> -Change-Id: I754479260fed0490d8f32b41a077d26028dc9903 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> - - ---- - components/service/crypto/client/psa/psa_cipher.c | 14 +++++++++++++- - components/service/crypto/client/psa/psa_hash.c | 8 +++++++- - components/service/crypto/client/psa/psa_mac.c | 10 ++++++++-- - 3 files changed, 28 insertions(+), 4 deletions(-) - -diff --git a/components/service/crypto/client/psa/psa_cipher.c b/components/service/crypto/client/psa/psa_cipher.c -index 70836ea6..3ab8ea21 100644 ---- a/components/service/crypto/client/psa/psa_cipher.c -+++ b/components/service/crypto/client/psa/psa_cipher.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -13,6 +13,12 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, - psa_key_id_t key, - psa_algorithm_t alg) - { -+ if (psa_crypto_client_instance.init_status != PSA_SUCCESS) -+ return psa_crypto_client_instance.init_status; -+ -+ if (operation->handle) -+ return PSA_ERROR_BAD_STATE; -+ - return crypto_caller_cipher_encrypt_setup(&psa_crypto_client_instance.base, - &operation->handle, - key, alg); -@@ -22,6 +28,12 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, - psa_key_id_t key, - psa_algorithm_t alg) - { -+ if (psa_crypto_client_instance.init_status != PSA_SUCCESS) -+ return psa_crypto_client_instance.init_status; -+ -+ if (operation->handle) -+ return PSA_ERROR_BAD_STATE; -+ - return crypto_caller_cipher_decrypt_setup(&psa_crypto_client_instance.base, - &operation->handle, - key, alg); -diff --git a/components/service/crypto/client/psa/psa_hash.c b/components/service/crypto/client/psa/psa_hash.c -index 7005c390..83278de6 100644 ---- a/components/service/crypto/client/psa/psa_hash.c -+++ b/components/service/crypto/client/psa/psa_hash.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -14,6 +14,9 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation, - if (psa_crypto_client_instance.init_status != PSA_SUCCESS) - return psa_crypto_client_instance.init_status; - -+ if (operation->handle) -+ return PSA_ERROR_BAD_STATE; -+ - return crypto_caller_hash_setup(&psa_crypto_client_instance.base, - &operation->handle, alg); - } -@@ -55,6 +58,9 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation, - psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, - psa_hash_operation_t *target_operation) - { -+ if (target_operation->handle) -+ return PSA_ERROR_BAD_STATE; -+ - return crypto_caller_hash_clone(&psa_crypto_client_instance.base, - source_operation->handle, - &target_operation->handle); -diff --git a/components/service/crypto/client/psa/psa_mac.c b/components/service/crypto/client/psa/psa_mac.c -index 5efa1c4d..5c5eb32a 100644 ---- a/components/service/crypto/client/psa/psa_mac.c -+++ b/components/service/crypto/client/psa/psa_mac.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -16,6 +16,9 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, - if (psa_crypto_client_instance.init_status != PSA_SUCCESS) - return psa_crypto_client_instance.init_status; - -+ if (operation->handle) -+ return PSA_ERROR_BAD_STATE; -+ - return crypto_caller_mac_sign_setup(&psa_crypto_client_instance.base, - &operation->handle, - key, alg); -@@ -28,7 +31,10 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, - if (psa_crypto_client_instance.init_status != PSA_SUCCESS) - return psa_crypto_client_instance.init_status; - -- return crypto_caller_mac_sign_setup(&psa_crypto_client_instance.base, -+ if (operation->handle) -+ return PSA_ERROR_BAD_STATE; -+ -+ return crypto_caller_mac_verify_setup(&psa_crypto_client_instance.base, - &operation->handle, - key, alg); - } diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0038-Integrate-AEAD-operation-support.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0038-Integrate-AEAD-operation-support.patch deleted file mode 100644 index 2ad1efb765..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0038-Integrate-AEAD-operation-support.patch +++ /dev/null @@ -1,521 +0,0 @@ -From 00b4f777b377c69f948f5a9d68cbfc8fa8c38a86 Mon Sep 17 00:00:00 2001 -From: Julian Hall <julian.hall@arm.com> -Date: Fri, 11 Feb 2022 14:24:53 +0000 -Subject: [PATCH] Integrate AEAD operation support - -Resolves issues and integrates AEAD support into the crypto service -provider and clients. - -Signed-off-by: Julian Hall <julian.hall@arm.com> -Change-Id: I5fbe78a2dd825f592e26fd665f60c18b576f9de9 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> - - ---- - .../caller/packed-c/crypto_caller_aead.h | 70 +++--- - .../client/caller/stub/crypto_caller_aead.h | 12 +- - .../service/crypto/client/psa/psa_aead.c | 221 +++++++++++++++--- - .../factory/full/crypto_provider_factory.c | 16 +- - .../component-test/component-test.cmake | 4 +- - deployments/crypto/opteesp/CMakeLists.txt | 4 +- - deployments/libts/linux-pc/CMakeLists.txt | 4 +- - deployments/se-proxy/opteesp/CMakeLists.txt | 4 +- - 8 files changed, 263 insertions(+), 72 deletions(-) - -diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h -index 3d9947d5..c4ffb20c 100644 ---- a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h -+++ b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -20,38 +20,6 @@ - extern "C" { - #endif - --static inline psa_status_t crypto_caller_aead_encrypt(struct service_client *context, -- psa_key_id_t key, -- psa_algorithm_t alg, -- const uint8_t *nonce, -- size_t nonce_length, -- const uint8_t *additional_data, -- size_t additional_data_length, -- const uint8_t *plaintext, -- size_t plaintext_length, -- uint8_t *aeadtext, -- size_t aeadtext_size, -- size_t *aeadtext_length) --{ -- return PSA_ERROR_NOT_SUPPORTED; --} -- --static inline psa_status_t crypto_caller_aead_decrypt(struct service_client *context, -- psa_key_id_t key, -- psa_algorithm_t alg, -- const uint8_t *nonce, -- size_t nonce_length, -- const uint8_t *additional_data, -- size_t additional_data_length, -- const uint8_t *aeadtext, -- size_t aeadtext_length, -- uint8_t *plaintext, -- size_t plaintext_size, -- size_t *plaintext_length) --{ -- return PSA_ERROR_NOT_SUPPORTED; --} -- - static inline psa_status_t common_aead_setup(struct service_client *context, - uint32_t *op_handle, - psa_key_id_t key, -@@ -247,7 +215,7 @@ static inline psa_status_t crypto_caller_aead_set_lengths(struct service_client - { - psa_status_t psa_status = PSA_ERROR_GENERIC_ERROR; - struct ts_crypto_aead_set_lengths_in req_msg; -- size_t req_fixed_len = sizeof(struct ts_crypto_aead_abort_in); -+ size_t req_fixed_len = sizeof(struct ts_crypto_aead_set_lengths_in); - size_t req_len = req_fixed_len; - - req_msg.op_handle = op_handle; -@@ -611,6 +579,40 @@ static inline psa_status_t crypto_caller_aead_abort(struct service_client *conte - return psa_status; - } - -+/** -+ * The maximum data length that may be carried in an update operation will be -+ * constrained by the maximum call payload capacity imposed by the end-to-end -+ * RPC call path. These functions return the maximum update size when serialization -+ * overheads are considered. This allows large paylaods to be processed in -+ * maximum size chunks. -+ */ -+static inline size_t crypto_caller_aead_max_update_ad_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes of additional data that may be -+ * carried as a parameter of the aead_update_ad operation -+ * using the packed-c encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = sizeof(struct ts_crypto_aead_update_ad_in) + TLV_HDR_LEN; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; -+} -+ -+static inline size_t crypto_caller_aead_max_update_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the aead_update operation -+ * using the packed-c encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = sizeof(struct ts_crypto_aead_update_in) + TLV_HDR_LEN; -+ -+ /* Allow for output to be a whole number of blocks */ -+ overhead += PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; -+} -+ - #ifdef __cplusplus - } - #endif -diff --git a/components/service/crypto/client/caller/stub/crypto_caller_aead.h b/components/service/crypto/client/caller/stub/crypto_caller_aead.h -index 18aa8cec..455e7ac1 100644 ---- a/components/service/crypto/client/caller/stub/crypto_caller_aead.h -+++ b/components/service/crypto/client/caller/stub/crypto_caller_aead.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -135,6 +135,16 @@ static inline psa_status_t crypto_caller_aead_abort(struct service_client *conte - return PSA_ERROR_NOT_SUPPORTED; - } - -+static inline size_t crypto_caller_aead_max_update_ad_size(const struct service_client *context) -+{ -+ return 0; -+} -+ -+static inline size_t crypto_caller_aead_max_update_size(const struct service_client *context) -+{ -+ return 0; -+} -+ - #ifdef __cplusplus - } - #endif -diff --git a/components/service/crypto/client/psa/psa_aead.c b/components/service/crypto/client/psa/psa_aead.c -index 22fd3da1..e4579e63 100644 ---- a/components/service/crypto/client/psa/psa_aead.c -+++ b/components/service/crypto/client/psa/psa_aead.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -8,37 +8,6 @@ - #include "psa_crypto_client.h" - #include "crypto_caller_selector.h" - -- --psa_status_t psa_aead_encrypt(psa_key_id_t key, -- psa_algorithm_t alg, -- const uint8_t *nonce, -- size_t nonce_length, -- const uint8_t *additional_data, -- size_t additional_data_length, -- const uint8_t *plaintext, -- size_t plaintext_length, -- uint8_t *aeadtext, -- size_t aeadtext_size, -- size_t *aeadtext_length) --{ -- return PSA_ERROR_NOT_SUPPORTED; --} -- --psa_status_t psa_aead_decrypt(psa_key_id_t key, -- psa_algorithm_t alg, -- const uint8_t *nonce, -- size_t nonce_length, -- const uint8_t *additional_data, -- size_t additional_data_length, -- const uint8_t *aeadtext, -- size_t aeadtext_length, -- uint8_t *plaintext, -- size_t plaintext_size, -- size_t *plaintext_length) --{ -- return PSA_ERROR_NOT_SUPPORTED; --} -- - psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, - psa_key_id_t key, - psa_algorithm_t alg) -@@ -143,3 +112,191 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation) - return crypto_caller_aead_abort(&psa_crypto_client_instance.base, - operation->handle); - } -+ -+static psa_status_t multi_aead_update_ad(psa_aead_operation_t *operation, -+ const uint8_t *input, -+ size_t input_length) -+{ -+ psa_status_t psa_status = PSA_SUCCESS; -+ size_t max_update_size = -+ crypto_caller_aead_max_update_ad_size(&psa_crypto_client_instance.base); -+ size_t bytes_input = 0; -+ -+ if (!max_update_size) { -+ -+ /* Don't know the max update size so assume that the entire -+ * input and output can be handled in a single update. If -+ * this isn't true, the first aead update operation will fail -+ * safely. -+ */ -+ max_update_size = input_length; -+ } -+ -+ while (bytes_input < input_length) { -+ -+ size_t bytes_remaining = input_length - bytes_input; -+ size_t update_len = (bytes_remaining < max_update_size) ? -+ bytes_remaining : -+ max_update_size; -+ -+ psa_status = psa_aead_update_ad(operation, -+ &input[bytes_input], update_len); -+ -+ if (psa_status != PSA_SUCCESS) break; -+ -+ bytes_input += update_len; -+ } -+ -+ return psa_status; -+} -+ -+static psa_status_t multi_aead_update(psa_aead_operation_t *operation, -+ const uint8_t *input, -+ size_t input_length, -+ uint8_t *output, -+ size_t output_size, -+ size_t *output_length) -+{ -+ psa_status_t psa_status = PSA_SUCCESS; -+ size_t max_update_size = -+ crypto_caller_aead_max_update_size(&psa_crypto_client_instance.base); -+ size_t bytes_input = 0; -+ size_t bytes_output = 0; -+ -+ *output_length = 0; -+ -+ if (!max_update_size) { -+ -+ /* Don't know the max update size so assume that the entire -+ * input and output can be handled in a single update. If -+ * this isn't true, the first aead update operation will fail -+ * safely. -+ */ -+ max_update_size = input_length; -+ } -+ -+ while ((bytes_input < input_length) && (bytes_output < output_size)) { -+ -+ size_t update_output_len = 0; -+ size_t bytes_remaining = input_length - bytes_input; -+ size_t update_len = (bytes_remaining < max_update_size) ? -+ bytes_remaining : -+ max_update_size; -+ -+ psa_status = psa_aead_update(operation, -+ &input[bytes_input], update_len, -+ &output[bytes_output], output_size - bytes_output, &update_output_len); -+ -+ if (psa_status != PSA_SUCCESS) break; -+ -+ bytes_input += update_len; -+ bytes_output += update_output_len; -+ } -+ -+ if (psa_status == PSA_SUCCESS) { -+ -+ *output_length = bytes_output; -+ } -+ -+ return psa_status; -+} -+ -+psa_status_t psa_aead_encrypt(psa_key_id_t key, -+ psa_algorithm_t alg, -+ const uint8_t *nonce, -+ size_t nonce_length, -+ const uint8_t *additional_data, -+ size_t additional_data_length, -+ const uint8_t *plaintext, -+ size_t plaintext_length, -+ uint8_t *aeadtext, -+ size_t aeadtext_size, -+ size_t *aeadtext_length) -+{ -+ psa_aead_operation_t operation = psa_aead_operation_init(); -+ size_t bytes_output = 0; -+ *aeadtext_length = 0; -+ -+ psa_status_t psa_status = psa_aead_encrypt_setup(&operation, key, alg); -+ if (psa_status != PSA_SUCCESS) return psa_status; -+ -+ if ((psa_status = psa_aead_set_lengths(&operation, additional_data_length, plaintext_length), -+ psa_status == PSA_SUCCESS) && -+ (psa_status = psa_aead_set_nonce(&operation, nonce, nonce_length), -+ psa_status == PSA_SUCCESS) && -+ (psa_status = multi_aead_update_ad(&operation, additional_data, additional_data_length), -+ psa_status == PSA_SUCCESS) && -+ (psa_status = multi_aead_update(&operation, plaintext, plaintext_length, -+ aeadtext, aeadtext_size, &bytes_output), -+ psa_status == PSA_SUCCESS)) -+ { -+ size_t remaining_aead_len = 0; -+ size_t tag_len = 0; -+ -+ psa_status = psa_aead_finish(&operation, -+ NULL, 0, &remaining_aead_len, -+ &aeadtext[bytes_output], aeadtext_size - bytes_output, &tag_len); -+ -+ if (psa_status == PSA_SUCCESS) { -+ -+ *aeadtext_length = bytes_output + remaining_aead_len + tag_len; -+ } -+ } -+ else { -+ -+ psa_aead_abort(&operation); -+ } -+ -+ return psa_status; -+} -+ -+psa_status_t psa_aead_decrypt(psa_key_id_t key, -+ psa_algorithm_t alg, -+ const uint8_t *nonce, -+ size_t nonce_length, -+ const uint8_t *additional_data, -+ size_t additional_data_length, -+ const uint8_t *aeadtext, -+ size_t aeadtext_length, -+ uint8_t *plaintext, -+ size_t plaintext_size, -+ size_t *plaintext_length) -+{ -+ psa_aead_operation_t operation = psa_aead_operation_init(); -+ size_t bytes_output = 0; -+ *plaintext_length = 0; -+ -+ psa_status_t psa_status = psa_aead_decrypt_setup(&operation, key, alg); -+ if (psa_status != PSA_SUCCESS) return psa_status; -+ -+ size_t tag_len = PSA_ALG_AEAD_GET_TAG_LENGTH(alg); -+ size_t ciphertext_len = (aeadtext_length > tag_len) ? aeadtext_length - tag_len : 0; -+ -+ if ((psa_status = psa_aead_set_lengths(&operation, additional_data_length, ciphertext_len), -+ psa_status == PSA_SUCCESS) && -+ (psa_status = psa_aead_set_nonce(&operation, nonce, nonce_length), -+ psa_status == PSA_SUCCESS) && -+ (psa_status = multi_aead_update_ad(&operation, additional_data, additional_data_length), -+ psa_status == PSA_SUCCESS) && -+ (psa_status = multi_aead_update(&operation, aeadtext, ciphertext_len, -+ plaintext, plaintext_size, &bytes_output), -+ psa_status == PSA_SUCCESS)) -+ { -+ size_t remaining_plaintext_len = 0; -+ -+ psa_status = psa_aead_verify(&operation, -+ NULL, 0, &remaining_plaintext_len, -+ &aeadtext[bytes_output], aeadtext_length - bytes_output); -+ -+ if (psa_status == PSA_SUCCESS) { -+ -+ *plaintext_length = bytes_output + remaining_plaintext_len; -+ } -+ } -+ else { -+ -+ psa_aead_abort(&operation); -+ } -+ -+ return psa_status; -+} -diff --git a/components/service/crypto/factory/full/crypto_provider_factory.c b/components/service/crypto/factory/full/crypto_provider_factory.c -index 2d926eb6..ee2b4473 100644 ---- a/components/service/crypto/factory/full/crypto_provider_factory.c -+++ b/components/service/crypto/factory/full/crypto_provider_factory.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - * -@@ -17,6 +17,8 @@ - #include <service/crypto/provider/extension/key_derivation/serializer/packed-c/packedc_key_derivation_provider_serializer.h> - #include <service/crypto/provider/extension/mac/mac_provider.h> - #include <service/crypto/provider/extension/mac/serializer/packed-c/packedc_mac_provider_serializer.h> -+#include <service/crypto/provider/extension/aead/aead_provider.h> -+#include <service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.h> - #include <service/discovery/provider/discovery_provider.h> - #include <service/discovery/provider/serializer/packed-c/packedc_discovery_provider_serializer.h> - -@@ -34,6 +36,7 @@ static struct full_crypto_provider - struct cipher_provider cipher_provider; - struct key_derivation_provider key_derivation_provider; - struct mac_provider mac_provider; -+ struct aead_provider aead_provider; - - } instance; - -@@ -98,6 +101,17 @@ struct crypto_provider *crypto_provider_factory_create(void) - crypto_provider_extend(&instance.crypto_provider, - &instance.mac_provider.base_provider); - -+ /** -+ * Extend with aead operations -+ */ -+ aead_provider_init(&instance.aead_provider); -+ -+ aead_provider_register_serializer(&instance.aead_provider, -+ TS_RPC_ENCODING_PACKED_C, packedc_aead_provider_serializer_instance()); -+ -+ crypto_provider_extend(&instance.crypto_provider, -+ &instance.aead_provider.base_provider); -+ - return &instance.crypto_provider; - } - -diff --git a/deployments/component-test/component-test.cmake b/deployments/component-test/component-test.cmake -index a0233c34..c3b015ab 100644 ---- a/deployments/component-test/component-test.cmake -+++ b/deployments/component-test/component-test.cmake -@@ -1,5 +1,5 @@ - #------------------------------------------------------------------------------- --# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+# Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - # - # SPDX-License-Identifier: BSD-3-Clause - # -@@ -85,6 +85,8 @@ add_components( - "components/service/crypto/provider/extension/key_derivation/serializer/packed-c" - "components/service/crypto/provider/extension/mac" - "components/service/crypto/provider/extension/mac/serializer/packed-c" -+ "components/service/crypto/provider/extension/aead" -+ "components/service/crypto/provider/extension/aead/serializer/packed-c" - "components/service/crypto/provider/test" - "components/service/crypto/backend/mbedcrypto" - "components/service/crypto/factory/full" -diff --git a/deployments/crypto/opteesp/CMakeLists.txt b/deployments/crypto/opteesp/CMakeLists.txt -index 8ada74e9..eb5d0847 100644 ---- a/deployments/crypto/opteesp/CMakeLists.txt -+++ b/deployments/crypto/opteesp/CMakeLists.txt -@@ -1,5 +1,5 @@ - #------------------------------------------------------------------------------- --# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+# Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - # - # SPDX-License-Identifier: BSD-3-Clause - # -@@ -62,6 +62,8 @@ add_components(TARGET "crypto-sp" - "components/service/crypto/provider/extension/key_derivation/serializer/packed-c" - "components/service/crypto/provider/extension/mac" - "components/service/crypto/provider/extension/mac/serializer/packed-c" -+ "components/service/crypto/provider/extension/aead" -+ "components/service/crypto/provider/extension/aead/serializer/packed-c" - "components/service/crypto/factory/full" - "components/service/crypto/backend/mbedcrypto" - "components/service/crypto/backend/mbedcrypto/trng_adapter/platform" -diff --git a/deployments/libts/linux-pc/CMakeLists.txt b/deployments/libts/linux-pc/CMakeLists.txt -index fc98407c..97eaaa73 100644 ---- a/deployments/libts/linux-pc/CMakeLists.txt -+++ b/deployments/libts/linux-pc/CMakeLists.txt -@@ -1,5 +1,5 @@ - #------------------------------------------------------------------------------- --# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved. -+# Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved. - # - # SPDX-License-Identifier: BSD-3-Clause - # -@@ -71,6 +71,8 @@ add_components( - "components/service/crypto/provider/extension/key_derivation/serializer/packed-c" - "components/service/crypto/provider/extension/mac" - "components/service/crypto/provider/extension/mac/serializer/packed-c" -+ "components/service/crypto/provider/extension/aead" -+ "components/service/crypto/provider/extension/aead/serializer/packed-c" - "components/service/crypto/factory/full" - "components/service/crypto/backend/mbedcrypto" - "components/service/crypto/backend/mbedcrypto/trng_adapter/linux" -diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt -index 953bb716..24a8ca65 100644 ---- a/deployments/se-proxy/opteesp/CMakeLists.txt -+++ b/deployments/se-proxy/opteesp/CMakeLists.txt -@@ -1,5 +1,5 @@ - #------------------------------------------------------------------------------- --# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - # - # SPDX-License-Identifier: BSD-3-Clause - # -@@ -70,6 +70,8 @@ add_components(TARGET "se-proxy" - "components/service/crypto/provider/extension/key_derivation/serializer/packed-c" - "components/service/crypto/provider/extension/mac" - "components/service/crypto/provider/extension/mac/serializer/packed-c" -+ "components/service/crypto/provider/extension/aead" -+ "components/service/crypto/provider/extension/aead/serializer/packed-c" - "components/service/crypto/factory/full" - "components/service/secure_storage/include" - "components/service/secure_storage/frontend/secure_storage_provider" diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0039-Add-IV-generation-to-one-shot-cipher-operation.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0039-Add-IV-generation-to-one-shot-cipher-operation.patch deleted file mode 100644 index 0c93a26c6e..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0039-Add-IV-generation-to-one-shot-cipher-operation.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 43388a8e071980d9146f935f486a859d0a04322b Mon Sep 17 00:00:00 2001 -From: Julian Hall <julian.hall@arm.com> -Date: Tue, 15 Feb 2022 15:46:58 +0000 -Subject: [PATCH] Add IV generation to one-shot cipher operation - -The functions psa_cipher_encrypt and psa_cipher_decrypt are -one-shot operations that can take an arbitrary sized input. -These operations are implemented as client-side functions -that use multi-part cipher operations to allow large inputs -to be handled. The existing implementations were missing the -generation and setting of the IV at the start of the data. -This was leading to PSA Arch test failures (248 & 249). This -commit adds the missing IV handling and resolves the test -failures. - -Signed-off-by: Julian Hall <julian.hall@arm.com> -Change-Id: I4afb555ee7062ebb387e5bb27fb1e082288ad8c7 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> - - ---- - .../service/crypto/client/psa/psa_cipher.c | 40 +++++++++++++++---- - 1 file changed, 33 insertions(+), 7 deletions(-) - -diff --git a/components/service/crypto/client/psa/psa_cipher.c b/components/service/crypto/client/psa/psa_cipher.c -index 3ab8ea21..111af829 100644 ---- a/components/service/crypto/client/psa/psa_cipher.c -+++ b/components/service/crypto/client/psa/psa_cipher.c -@@ -8,7 +8,6 @@ - #include "psa_crypto_client.h" - #include "crypto_caller_selector.h" - -- - psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, - psa_key_id_t key, - psa_algorithm_t alg) -@@ -171,9 +170,16 @@ psa_status_t psa_cipher_encrypt(psa_key_id_t key, - - if (psa_status == PSA_SUCCESS) { - -+ size_t ciphertext_len = 0; -+ size_t iv_len = 0; -+ -+ psa_cipher_generate_iv(&operation, output, output_size, &iv_len); -+ - psa_status = multi_cipher_update(&operation, - input, input_length, -- output, output_size, output_length); -+ &output[iv_len], output_size - iv_len, &ciphertext_len); -+ -+ *output_length = iv_len + ciphertext_len; - } - - return psa_status; -@@ -187,14 +193,34 @@ psa_status_t psa_cipher_decrypt(psa_key_id_t key, - size_t output_size, - size_t *output_length) - { -- psa_cipher_operation_t operation = psa_cipher_operation_init(); -- psa_status_t psa_status = psa_cipher_decrypt_setup(&operation, key, alg); -+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; -+ psa_status_t psa_status = psa_get_key_attributes(key, &attributes); - - if (psa_status == PSA_SUCCESS) { - -- psa_status = multi_cipher_update(&operation, -- input, input_length, -- output, output_size, output_length); -+ psa_cipher_operation_t operation = psa_cipher_operation_init(); -+ psa_status = psa_cipher_decrypt_setup(&operation, key, alg); -+ -+ if (psa_status == PSA_SUCCESS) { -+ -+ size_t iv_len = PSA_CIPHER_IV_LENGTH(psa_get_key_type(&attributes), alg); -+ -+ if (input_length >= iv_len) { -+ -+ psa_cipher_set_iv(&operation, input, iv_len); -+ -+ psa_status = multi_cipher_update(&operation, -+ &input[iv_len], input_length - iv_len, -+ output, output_size, output_length); -+ } -+ else { -+ -+ psa_cipher_abort(&operation); -+ psa_status = PSA_ERROR_INVALID_ARGUMENT; -+ } -+ } -+ -+ psa_reset_key_attributes(&attributes); - } - - return psa_status; diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0040-Fix-multi-part-termination-on-error.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0040-Fix-multi-part-termination-on-error.patch deleted file mode 100644 index bdafcead08..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0040-Fix-multi-part-termination-on-error.patch +++ /dev/null @@ -1,241 +0,0 @@ -From 07277e2ab4b54e5844c28f0cb33e64a91aa5f492 Mon Sep 17 00:00:00 2001 -From: Julian Hall <julian.hall@arm.com> -Date: Wed, 16 Feb 2022 10:37:04 +0000 -Subject: [PATCH] Fix multi-part termination on error - -For multi-part operations, the PSA Crypto API specifies that if -the final operation does not return PSA_SUCCESS, the abort -operaion must be called by a client to clean-up the operation. -This change modifies behaviour in-line with the API definition. - -Signed-off-by: Julian Hall <julian.hall@arm.com> -Change-Id: Ia3d3ec004164647a7ab5988cac45c39c22e76e9a - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> - - ---- - components/service/crypto/client/psa/psa_aead.c | 8 ++++++++ - components/service/crypto/client/psa/psa_cipher.c | 4 ++++ - components/service/crypto/client/psa/psa_hash.c | 10 ++++++++++ - components/service/crypto/client/psa/psa_mac.c | 10 ++++++++++ - .../crypto/provider/extension/aead/aead_provider.c | 10 +++++----- - .../provider/extension/cipher/cipher_provider.c | 6 +++--- - .../crypto/provider/extension/hash/hash_provider.c | 6 +++--- - .../crypto/provider/extension/mac/mac_provider.c | 11 +++++++---- - 8 files changed, 50 insertions(+), 15 deletions(-) - -diff --git a/components/service/crypto/client/psa/psa_aead.c b/components/service/crypto/client/psa/psa_aead.c -index e4579e63..559eb6a3 100644 ---- a/components/service/crypto/client/psa/psa_aead.c -+++ b/components/service/crypto/client/psa/psa_aead.c -@@ -241,6 +241,10 @@ psa_status_t psa_aead_encrypt(psa_key_id_t key, - - *aeadtext_length = bytes_output + remaining_aead_len + tag_len; - } -+ else { -+ -+ psa_aead_abort(&operation); -+ } - } - else { - -@@ -292,6 +296,10 @@ psa_status_t psa_aead_decrypt(psa_key_id_t key, - - *plaintext_length = bytes_output + remaining_plaintext_len; - } -+ else { -+ -+ psa_aead_abort(&operation); -+ } - } - else { - -diff --git a/components/service/crypto/client/psa/psa_cipher.c b/components/service/crypto/client/psa/psa_cipher.c -index 111af829..4e4264b6 100644 ---- a/components/service/crypto/client/psa/psa_cipher.c -+++ b/components/service/crypto/client/psa/psa_cipher.c -@@ -146,6 +146,10 @@ static psa_status_t multi_cipher_update(psa_cipher_operation_t *operation, - - *output_length = bytes_output + finish_output_len; - } -+ else { -+ -+ psa_cipher_abort(operation); -+ } - } - else { - -diff --git a/components/service/crypto/client/psa/psa_hash.c b/components/service/crypto/client/psa/psa_hash.c -index 83278de6..e5dd0030 100644 ---- a/components/service/crypto/client/psa/psa_hash.c -+++ b/components/service/crypto/client/psa/psa_hash.c -@@ -137,6 +137,11 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg, - if (psa_status == PSA_SUCCESS) { - - psa_status = psa_hash_verify(&operation, hash, hash_length); -+ -+ if (psa_status != PSA_SUCCESS) { -+ -+ psa_hash_abort(&operation); -+ } - } - - return psa_status; -@@ -155,6 +160,11 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg, - if (psa_status == PSA_SUCCESS) { - - psa_status = psa_hash_finish(&operation, hash, hash_size, hash_length); -+ -+ if (psa_status != PSA_SUCCESS) { -+ -+ psa_hash_abort(&operation); -+ } - } - - return psa_status; -diff --git a/components/service/crypto/client/psa/psa_mac.c b/components/service/crypto/client/psa/psa_mac.c -index 5c5eb32a..a3db8644 100644 ---- a/components/service/crypto/client/psa/psa_mac.c -+++ b/components/service/crypto/client/psa/psa_mac.c -@@ -129,6 +129,11 @@ psa_status_t psa_mac_verify(psa_key_id_t key, - if (psa_status == PSA_SUCCESS) { - - psa_status = psa_mac_verify_finish(&operation, mac, mac_length); -+ -+ if (psa_status != PSA_SUCCESS) { -+ -+ psa_mac_abort(&operation); -+ } - } - - return psa_status; -@@ -153,6 +158,11 @@ psa_status_t psa_mac_compute(psa_key_id_t key, - if (psa_status == PSA_SUCCESS) { - - psa_status = psa_mac_sign_finish(&operation, mac, mac_size, mac_length); -+ -+ if (psa_status != PSA_SUCCESS) { -+ -+ psa_mac_abort(&operation); -+ } - } - - return psa_status; -diff --git a/components/service/crypto/provider/extension/aead/aead_provider.c b/components/service/crypto/provider/extension/aead/aead_provider.c -index f4e81a03..14a25436 100644 ---- a/components/service/crypto/provider/extension/aead/aead_provider.c -+++ b/components/service/crypto/provider/extension/aead/aead_provider.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -369,9 +369,9 @@ static rpc_status_t aead_finish_handler(void *context, struct call_req *req) - rpc_status = serializer->serialize_aead_finish_resp(resp_buf, - ciphertext, ciphertext_len, - tag, tag_len); -- } - -- crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ } - } - - call_req_set_opstatus(req, psa_status); -@@ -418,9 +418,9 @@ static rpc_status_t aead_verify_handler(void *context, struct call_req *req) - struct call_param_buf *resp_buf = call_req_get_resp_buf(req); - rpc_status = serializer->serialize_aead_verify_resp(resp_buf, - plaintext, plaintext_len); -- } - -- crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ } - } - - call_req_set_opstatus(req, psa_status); -diff --git a/components/service/crypto/provider/extension/cipher/cipher_provider.c b/components/service/crypto/provider/extension/cipher/cipher_provider.c -index 8e7a86de..a5dd0371 100644 ---- a/components/service/crypto/provider/extension/cipher/cipher_provider.c -+++ b/components/service/crypto/provider/extension/cipher/cipher_provider.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -283,9 +283,9 @@ static rpc_status_t cipher_finish_handler(void *context, struct call_req* req) - - struct call_param_buf *resp_buf = call_req_get_resp_buf(req); - rpc_status = serializer->serialize_cipher_finish_resp(resp_buf, output, output_len); -- } - -- crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ } - } - - call_req_set_opstatus(req, psa_status); -diff --git a/components/service/crypto/provider/extension/hash/hash_provider.c b/components/service/crypto/provider/extension/hash/hash_provider.c -index 2c560513..fd39d440 100644 ---- a/components/service/crypto/provider/extension/hash/hash_provider.c -+++ b/components/service/crypto/provider/extension/hash/hash_provider.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -179,9 +179,9 @@ static rpc_status_t hash_finish_handler(void *context, struct call_req* req) - - struct call_param_buf *resp_buf = call_req_get_resp_buf(req); - rpc_status = serializer->serialize_hash_finish_resp(resp_buf, hash, hash_len); -- } - -- crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ } - } - - call_req_set_opstatus(req, psa_status); -diff --git a/components/service/crypto/provider/extension/mac/mac_provider.c b/components/service/crypto/provider/extension/mac/mac_provider.c -index 96fe4cf3..eef55586 100644 ---- a/components/service/crypto/provider/extension/mac/mac_provider.c -+++ b/components/service/crypto/provider/extension/mac/mac_provider.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -181,9 +181,9 @@ static rpc_status_t mac_sign_finish_handler(void *context, struct call_req* req) - - struct call_param_buf *resp_buf = call_req_get_resp_buf(req); - rpc_status = serializer->serialize_mac_sign_finish_resp(resp_buf, mac, mac_len); -- } - -- crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ } - } - - call_req_set_opstatus(req, psa_status); -@@ -220,7 +220,10 @@ static rpc_status_t mac_verify_finish_handler(void *context, struct call_req* re - - psa_status = psa_mac_verify_finish(&crypto_context->op.mac, mac, mac_len); - -- crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ if (psa_status == PSA_SUCCESS) { -+ -+ crypto_context_pool_free(&this_instance->context_pool, crypto_context); -+ } - } - - call_req_set_opstatus(req, psa_status); diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0041-Abort-AEAD-operation-if-client-provided-buffer-is-to.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0041-Abort-AEAD-operation-if-client-provided-buffer-is-to.patch deleted file mode 100644 index 6a11552de6..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0041-Abort-AEAD-operation-if-client-provided-buffer-is-to.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 92987ec20beedb44d08d429947958c1c068d815c Mon Sep 17 00:00:00 2001 -From: Julian Hall <julian.hall@arm.com> -Date: Wed, 16 Feb 2022 11:36:09 +0000 -Subject: [PATCH] Abort AEAD operation if client provided buffer is too small - -To enable PSA Arch test c258 to pass, handling is added in the -PSA API client adaptor for AEAD (psa_aead.c) to abort an AEAD -operation if an update operation is performed but the client -provided buffer for the output is too small. - -Signed-off-by: Julian Hall <julian.hall@arm.com> -Change-Id: Ib4b26ebc0a83a8928e1b643fba4becd935f6deb0 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> - - ---- - components/service/crypto/client/psa/psa_aead.c | 14 +++++++++++++- - 1 file changed, 13 insertions(+), 1 deletion(-) - -diff --git a/components/service/crypto/client/psa/psa_aead.c b/components/service/crypto/client/psa/psa_aead.c -index 559eb6a3..c820d222 100644 ---- a/components/service/crypto/client/psa/psa_aead.c -+++ b/components/service/crypto/client/psa/psa_aead.c -@@ -74,10 +74,22 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation, - size_t output_size, - size_t *output_length) - { -- return crypto_caller_aead_update(&psa_crypto_client_instance.base, -+ psa_status_t status = crypto_caller_aead_update(&psa_crypto_client_instance.base, - operation->handle, - input, input_length, - output, output_size, output_length); -+ -+ /* -+ * If too small a buffer has been provided for the output, the operation -+ * state will have been updated but the result can't be put anywhere. This -+ * is an unrecoveral condition so abort the operation. -+ */ -+ if (status == PSA_ERROR_BUFFER_TOO_SMALL) { -+ -+ psa_aead_abort(operation); -+ } -+ -+ return status; - } - - psa_status_t psa_aead_finish(psa_aead_operation_t *operation, diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0042-Peg-to-updated-t_cose-version-fc3a4b2c.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0042-Peg-to-updated-t_cose-version-fc3a4b2c.patch deleted file mode 100644 index fedb79ce29..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0042-Peg-to-updated-t_cose-version-fc3a4b2c.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 75c0689513e7da7fb26bf23c1da4e1aa49783d46 Mon Sep 17 00:00:00 2001 -From: Julian Hall <julian.hall@arm.com> -Date: Tue, 11 Jan 2022 09:43:52 +0000 -Subject: [PATCH] Peg to updated t_cose version fc3a4b2c - -The current version of TS fails to build due to a regression introduced -by a new t_cose version in the upstream project. -The issue is caused by the t_cose external component incorrectly using -tip of master as the upstream version id, which makes strict dependency -control impossible. Change the upstream version id to an SHA, to enable -controlling compatibility issues introduced by future upstream updates. - -At the same time update the dependency to the current latest version. -The upstream project is now compatile with mbedtls 3.0.0 API changes -so the previously required compatibility patch has been removed. - -Signed-off-by: Julian Hall <julian.hall@arm.com> -Change-Id: I9491a5210904cc369846da2af45b0f7e5913bed8 - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> - - ---- - .../0002-add-tls3_0_0-compatibility.patch | 31 ------------------- - external/t_cose/t_cose.cmake | 5 ++- - 2 files changed, 2 insertions(+), 34 deletions(-) - delete mode 100644 external/t_cose/0002-add-tls3_0_0-compatibility.patch - -diff --git a/external/t_cose/0002-add-tls3_0_0-compatibility.patch b/external/t_cose/0002-add-tls3_0_0-compatibility.patch -deleted file mode 100644 -index 20a7d131..00000000 ---- a/external/t_cose/0002-add-tls3_0_0-compatibility.patch -+++ /dev/null -@@ -1,31 +0,0 @@ --diff --git a/crypto_adapters/t_cose_psa_crypto.c b/crypto_adapters/t_cose_psa_crypto.c --index 49c5b60..3aa7b58 100644 ----- a/crypto_adapters/t_cose_psa_crypto.c --+++ b/crypto_adapters/t_cose_psa_crypto.c --@@ -99,7 +99,7 @@ static enum t_cose_err_t psa_status_to_t_cose_error_signing(psa_status_t err) -- err == PSA_ERROR_INVALID_SIGNATURE ? T_COSE_ERR_SIG_VERIFY : -- err == PSA_ERROR_NOT_SUPPORTED ? T_COSE_ERR_UNSUPPORTED_SIGNING_ALG: -- err == PSA_ERROR_INSUFFICIENT_MEMORY ? T_COSE_ERR_INSUFFICIENT_MEMORY : --- err == PSA_ERROR_TAMPERING_DETECTED ? T_COSE_ERR_TAMPERING_DETECTED : --+ err == PSA_ERROR_CORRUPTION_DETECTED ? T_COSE_ERR_TAMPERING_DETECTED : -- T_COSE_ERR_SIG_FAIL; -- } -- --@@ -152,7 +152,7 @@ t_cose_crypto_pub_key_verify(int32_t cose_algorithm_id, -- * Crypto ceases providing backwards compatibility then this code -- * has to be changed to use psa_verify_hash(). -- */ --- psa_result = psa_asymmetric_verify(verification_key_psa, --+ psa_result = psa_verify_hash(verification_key_psa, -- psa_alg_id, -- hash_to_verify.ptr, -- hash_to_verify.len, --@@ -212,7 +212,7 @@ t_cose_crypto_pub_key_sign(int32_t cose_algorithm_id, -- * providing backwards compatibility then this code has to be -- * changed to use psa_sign_hash(). -- */ --- psa_result = psa_asymmetric_sign(signing_key_psa, --+ psa_result = psa_sign_hash(signing_key_psa, -- psa_alg_id, -- hash_to_sign.ptr, -- hash_to_sign.len, -diff --git a/external/t_cose/t_cose.cmake b/external/t_cose/t_cose.cmake -index 660824bd..9321466f 100644 ---- a/external/t_cose/t_cose.cmake -+++ b/external/t_cose/t_cose.cmake -@@ -1,5 +1,5 @@ - #------------------------------------------------------------------------------- --# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - # - # SPDX-License-Identifier: BSD-3-Clause - # -@@ -16,7 +16,7 @@ endif() - - # External component details - set(T_COSE_URL "https://github.com/laurencelundblade/t_cose.git" CACHE STRING "t_cose repository URL") --set(T_COSE_REFSPEC "master" CACHE STRING "t_cose git refspec") -+set(T_COSE_REFSPEC "fc3a4b2c7196ff582e8242de8bd4a1bc4eec577f" CACHE STRING "t_cose git refspec") - set(T_COSE_INSTALL_PATH "${CMAKE_CURRENT_BINARY_DIR}/t_cose_install" CACHE PATH "t_cose installation directory") - set(T_COSE_PACKAGE_PATH "${T_COSE_INSTALL_PATH}/libt_cose/cmake" CACHE PATH "t_cose CMake package directory") - -@@ -37,7 +37,6 @@ FetchContent_Declare( - - PATCH_COMMAND git stash - COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0001-add-install-definition.patch -- COMMAND git apply ${CMAKE_CURRENT_LIST_DIR}/0002-add-tls3_0_0-compatibility.patch - COMMAND git reset HEAD~1 - - ) diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0043-pass-sysroot_yocto.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0043-pass-sysroot_yocto.patch deleted file mode 100644 index 64ac094056..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0043-pass-sysroot_yocto.patch +++ /dev/null @@ -1,110 +0,0 @@ -From 24436d459ddde697c89ff947c821cec9c5e0906e Mon Sep 17 00:00:00 2001 -From: Vishnu Banavath <vishnu.banavath@arm.com> -Date: Wed, 16 Feb 2022 15:55:55 +0000 -Subject: [PATCH] pass sysroot_yocto - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> - - ---- - deployments/libts/libts-import.cmake | 3 +++ - external/MbedTLS/MbedTLS.cmake | 1 + - external/psa_arch_tests/psa_arch_tests.cmake | 25 +++++++++++++------- - 3 files changed, 20 insertions(+), 9 deletions(-) - -diff --git a/deployments/libts/libts-import.cmake b/deployments/libts/libts-import.cmake -index 792ba86c..b900ce3f 100644 ---- a/deployments/libts/libts-import.cmake -+++ b/deployments/libts/libts-import.cmake -@@ -27,9 +27,12 @@ set(LIBTS_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/libts-build" CACHE PATH - - file(MAKE_DIRECTORY ${LIBTS_BINARY_DIR}) - -+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --sysroot=${SYSROOT_YOCTO}") -+ - #Configure the library - execute_process(COMMAND - ${CMAKE_COMMAND} -+ -DCMAKE_SYSROOT=${SYSROOT_YOCTO} - -DCMAKE_INSTALL_PREFIX=${LIBTS_INSTALL_PATH} - -GUnix\ Makefiles - ${LIBTS_SOURCE_DIR} -diff --git a/external/MbedTLS/MbedTLS.cmake b/external/MbedTLS/MbedTLS.cmake -index 3350d8a0..33467cf0 100644 ---- a/external/MbedTLS/MbedTLS.cmake -+++ b/external/MbedTLS/MbedTLS.cmake -@@ -103,6 +103,7 @@ if (NOT MBEDCRYPTO_LIB_FILE) - execute_process(COMMAND - ${CMAKE_COMMAND} -E env CROSS_COMPILE=${CROSS_COMPILE} - ${CMAKE_COMMAND} -+ -DCMAKE_SYSROOT=${SYSROOT_YOCTO} - -DENABLE_PROGRAMS=OFF - -DENABLE_TESTING=OFF - -DUNSAFE_BUILD=ON -diff --git a/external/psa_arch_tests/psa_arch_tests.cmake b/external/psa_arch_tests/psa_arch_tests.cmake -index f6d2fb9f..42f73a37 100644 ---- a/external/psa_arch_tests/psa_arch_tests.cmake -+++ b/external/psa_arch_tests/psa_arch_tests.cmake -@@ -5,30 +5,33 @@ - # - #------------------------------------------------------------------------------- - --# Temporarily using modified tests used for tf-m verification -+# Determine the number of processes to run while running parallel builds. -+# Pass -DPROCESSOR_COUNT=<n> to cmake to override. -+if(NOT DEFINED PROCESSOR_COUNT) -+ include(ProcessorCount) -+ ProcessorCount(PROCESSOR_COUNT) -+ set(PROCESSOR_COUNT ${PROCESSOR_COUNT} CACHE STRING "Number of cores to use for parallel builds.") -+endif() -+ - set(PSA_ARCH_TESTS_URL "https://github.com/bensze01/psa-arch-tests.git" CACHE STRING "psa-arch-tests repository URL") - set(PSA_ARCH_TESTS_REFSPEC "fix-multipart-aead" CACHE STRING "psa-arch-tests git refspec") -- --#set(PSA_ARCH_TESTS_URL "https://github.com/ARM-software/psa-arch-tests.git" CACHE STRING "psa-arch-tests repository URL") --#set(PSA_ARCH_TESTS_REFSPEC "2a1852252a9b9af655cbe02d5d3c930952d0d798" CACHE STRING "psa-arch-tests v22.01_API1.4_ADAC_BETA") - set(PSA_ARCH_TESTS_INSTALL_PATH "${CMAKE_CURRENT_BINARY_DIR}/psa-arch-tests_install" CACHE PATH "psa-arch-tests installation directory") - set(PSA_ARCH_TESTS_PACKAGE_PATH "${PSA_ARCH_TESTS_INSTALL_PATH}/libpsa-arch-tests/cmake" CACHE PATH "psa-arch-tests CMake package directory") --set(PSA_ARCH_TESTS_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/psa_arch_tests-src" CACHE PATH "psa-arch-tests source.") -+ -+include(FetchContent) - - # Checking git - find_program(GIT_COMMAND "git") - if (NOT GIT_COMMAND) - message(FATAL_ERROR "Please install git") - endif() -- -+if ("${PSA_ARCH_TESTS_PATH}" STREQUAL "DOWNLOAD") - # Fetching psa-arch-tests - FetchContent_Declare( - psa-arch-tests - GIT_REPOSITORY ${PSA_ARCH_TESTS_URL} - GIT_TAG ${PSA_ARCH_TESTS_REFSPEC} - GIT_SHALLOW TRUE -- PATCH_COMMAND git stash -- COMMAND git apply ${CMAKE_CURRENT_LIST_DIR}/modify_attest_config.patch - ) - - # FetchContent_GetProperties exports psa-arch-tests_SOURCE_DIR and psa-arch-tests_BINARY_DIR variables -@@ -37,7 +40,10 @@ if(NOT psa-arch-tests_POPULATED) - message(STATUS "Fetching psa-arch-tests") - FetchContent_Populate(psa-arch-tests) - endif() -- -+else() -+ set(psa-arch-tests_SOURCE_DIR "${TS_ROOT}/../psa-arch-tests") -+ set(psa-arch-tests_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}") -+endif() - # Ensure list of include paths is separated correctly - string(REPLACE ";" "\\;" PSA_ARCH_TESTS_EXTERNAL_INCLUDE_PATHS "${PSA_ARCH_TESTS_EXTERNAL_INCLUDE_PATHS}") - -@@ -47,6 +53,7 @@ string(REPLACE ";" " " PSA_ARCH_TEST_EXTERNAL_DEFS "${PSA_ARCH_TEST_EXTERNAL_DEF - # Configure the psa-arch-test library - execute_process(COMMAND - ${CMAKE_COMMAND} -+ -DCMAKE_SYSROOT=${SYSROOT_YOCTO} - -DTOOLCHAIN=INHERIT - -DCMAKE_TOOLCHAIN_FILE=${TS_EXTERNAL_LIB_TOOLCHAIN_FILE} - -DPSA_INCLUDE_PATHS=${PSA_ARCH_TESTS_EXTERNAL_INCLUDE_PATHS} diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0044-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0044-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch deleted file mode 100644 index 68d0a9785a..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0044-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 0a0007d594db2fceed413cd73e7f08dd8d8ddd57 Mon Sep 17 00:00:00 2001 -From: Satish Kumar <satish.kumar01@arm.com> -Date: Sun, 13 Feb 2022 09:01:10 +0000 -Subject: [PATCH] Fix: Crypto interface structure aligned with tf-m change. - -NO NEED TO RAISE PR: The PR for this FIX is raied by Emek. - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> - - ---- - components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -index c13c20e8..ec25eaf8 100644 ---- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h -@@ -38,7 +38,8 @@ struct psa_ipc_crypto_pack_iovec { - * multipart operation - */ - uint32_t capacity; /*!< Key derivation capacity */ -- -+ uint32_t ad_length; /*!< Additional Data length for multipart AEAD */ -+ uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */ - struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for - * AEAD until the API is - * restructured diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0045-Integrate-remaining-psa-ipc-client-APIs.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0045-Integrate-remaining-psa-ipc-client-APIs.patch deleted file mode 100644 index a08ab32fea..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0045-Integrate-remaining-psa-ipc-client-APIs.patch +++ /dev/null @@ -1,494 +0,0 @@ -From b8060d9e15b1b910cf9b466a3f43088c71d7a38f Mon Sep 17 00:00:00 2001 -From: Satish Kumar <satish.kumar01@arm.com> -Date: Sun, 13 Feb 2022 09:49:51 +0000 -Subject: [PATCH] Integrate remaining psa-ipc client APIs. - -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> - - ---- - .../caller/psa_ipc/crypto_caller_aead.h | 297 +++++++++++++++++- - .../caller/psa_ipc/crypto_caller_sign_hash.h | 35 +++ - .../psa_ipc/crypto_caller_verify_hash.h | 33 +- - 3 files changed, 352 insertions(+), 13 deletions(-) - -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -index 78517fe3..f6aadd8b 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h -@@ -152,7 +152,27 @@ static inline psa_status_t crypto_caller_aead_encrypt_setup( - psa_key_id_t key, - psa_algorithm_t alg) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = (*op_handle), -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t)} -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; - } - - static inline psa_status_t crypto_caller_aead_decrypt_setup( -@@ -161,7 +181,26 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup( - psa_key_id_t key, - psa_algorithm_t alg) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID, -+ .key_id = key, -+ .alg = alg, -+ .op_handle = (*op_handle), -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t)} -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ return status; - } - - static inline psa_status_t crypto_caller_aead_generate_nonce( -@@ -171,7 +210,27 @@ static inline psa_status_t crypto_caller_aead_generate_nonce( - size_t nonce_size, - size_t *nonce_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID, -+ .op_handle = op_handle, -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, -+ {.base = psa_ptr_to_u32(nonce), .len = nonce_size} -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *nonce_length = out_vec[1].len; -+ return status; - } - - static inline psa_status_t crypto_caller_aead_set_nonce( -@@ -180,7 +239,25 @@ static inline psa_status_t crypto_caller_aead_set_nonce( - const uint8_t *nonce, - size_t nonce_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID, -+ .op_handle = op_handle, -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ {.base = psa_ptr_to_u32(nonce), .len = nonce_length} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)} -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ return status; - } - - static inline psa_status_t crypto_caller_aead_set_lengths( -@@ -189,7 +266,27 @@ static inline psa_status_t crypto_caller_aead_set_lengths( - size_t ad_length, - size_t plaintext_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID, -+ .ad_length = ad_length, -+ .plaintext_length = plaintext_length, -+ .op_handle = op_handle, -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)} -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ return status; - } - - static inline psa_status_t crypto_caller_aead_update_ad( -@@ -198,7 +295,35 @@ static inline psa_status_t crypto_caller_aead_update_ad( - const uint8_t *input, - size_t input_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID, -+ .op_handle = op_handle, -+ }; -+ -+ /* Sanitize the optional input */ -+ if ((input == NULL) && (input_length != 0)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ {.base = psa_ptr_const_to_u32(input), .len = input_length} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)} -+ }; -+ -+ size_t in_len = IOVEC_LEN(in_vec); -+ -+ if (input == NULL) { -+ in_len--; -+ } -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ return status; - } - - static inline psa_status_t crypto_caller_aead_update( -@@ -210,7 +335,38 @@ static inline psa_status_t crypto_caller_aead_update( - size_t output_size, - size_t *output_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID, -+ .op_handle = op_handle, -+ }; -+ -+ /* Sanitize the optional input */ -+ if ((input == NULL) && (input_length != 0)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ {.base = psa_ptr_const_to_u32(input), .len = input_length} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, -+ {.base = psa_ptr_const_to_u32(output), .len = output_size}, -+ }; -+ -+ size_t in_len = IOVEC_LEN(in_vec); -+ -+ if (input == NULL) { -+ in_len--; -+ } -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ in_len, out_vec, IOVEC_LEN(out_vec)); -+ -+ *output_length = out_vec[1].len; -+ return status; - } - - static inline psa_status_t crypto_caller_aead_finish( -@@ -223,7 +379,48 @@ static inline psa_status_t crypto_caller_aead_finish( - size_t tag_size, - size_t *tag_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID, -+ .op_handle = op_handle, -+ }; -+ -+ /* Sanitize the optional output */ -+ if ((aeadtext == NULL) && (aeadtext_size != 0)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, -+ {.base = psa_ptr_const_to_u32(tag), .len = tag_size}, -+ {.base = psa_ptr_const_to_u32(aeadtext), .len = aeadtext_size} -+ }; -+ -+ size_t out_len = IOVEC_LEN(out_vec); -+ -+ if (aeadtext == NULL || aeadtext_size == 0) { -+ out_len--; -+ } -+ if ((out_len == 3) && (aeadtext_length == NULL)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, out_len); -+ -+ *tag_length = out_vec[1].len; -+ -+ if (out_len == 3) { -+ *aeadtext_length = out_vec[2].len; -+ } else { -+ *aeadtext_length = 0; -+ } -+ return status; - } - - static inline psa_status_t crypto_caller_aead_verify( -@@ -235,14 +432,94 @@ static inline psa_status_t crypto_caller_aead_verify( - const uint8_t *tag, - size_t tag_length) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID, -+ .op_handle = op_handle, -+ }; -+ -+ /* Sanitize the optional output */ -+ if ((plaintext == NULL) && (plaintext_size != 0)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ {.base = psa_ptr_const_to_u32(tag), .len = tag_length} -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, -+ {.base = psa_ptr_const_to_u32(plaintext), .len = plaintext_size}, -+ }; -+ -+ size_t out_len = IOVEC_LEN(out_vec); -+ -+ if (plaintext == NULL || plaintext_size == 0) { -+ out_len--; -+ } -+ if ((out_len == 2) && (plaintext_length == NULL)) { -+ return PSA_ERROR_INVALID_ARGUMENT; -+ } -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, out_len); -+ -+ if (out_len == 2) { -+ *plaintext_length = out_vec[1].len; -+ } else { -+ *plaintext_length = 0; -+ } -+ return status; - } - - static inline psa_status_t crypto_caller_aead_abort( - struct service_client *context, - uint32_t op_handle) - { -- return PSA_ERROR_NOT_SUPPORTED; -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID, -+ .op_handle = op_handle, -+ }; -+ -+ struct psa_invec in_vec[] = { -+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}, -+ }; -+ struct psa_outvec out_vec[] = { -+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ return status; -+} -+ -+static inline size_t crypto_caller_aead_max_update_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the mac_update operation -+ * using the packed-c encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = iov_size; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; -+} -+ -+static inline size_t crypto_caller_aead_max_update_ad_size(const struct service_client *context) -+{ -+ /* Returns the maximum number of bytes that may be -+ * carried as a parameter of the mac_update operation -+ * using the packed-c encoding. -+ */ -+ size_t payload_space = context->service_info.max_payload; -+ size_t overhead = iov_size; -+ -+ return (payload_space > overhead) ? payload_space - overhead : 0; - } - - #ifdef __cplusplus -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -index 71d88ced..e4a2b167 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h -@@ -57,6 +57,41 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex - return status; - } - -+static inline psa_status_t crypto_caller_sign_message(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, -+ size_t hash_length, -+ uint8_t *signature, -+ size_t signature_size, -+ size_t *signature_length) -+{ -+ struct service_client *ipc = context; -+ struct rpc_caller *caller = ipc->caller; -+ psa_status_t status; -+ struct psa_ipc_crypto_pack_iovec iov = { -+ .sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID, -+ .key_id = id, -+ .alg = alg, -+ }; -+ struct psa_invec in_vec[] = { -+ { .base = psa_ptr_to_u32(&iov), .len = iov_size }, -+ { .base = psa_ptr_const_to_u32(hash), .len = hash_length }, -+ }; -+ struct psa_outvec out_vec[] = { -+ { .base = psa_ptr_to_u32(signature), .len = signature_size }, -+ }; -+ -+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec, -+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec)); -+ -+ *signature_length = out_vec[0].len; -+ -+ return status; -+} -+ -+ -+ - #ifdef __cplusplus - } - #endif -diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -index e16f6e54..cc9279ee 100644 ---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h -@@ -24,19 +24,20 @@ - extern "C" { - #endif - --static inline psa_status_t crypto_caller_verify_hash(struct service_client *context, -+static inline psa_status_t crypto_caller_common(struct service_client *context, - psa_key_id_t id, - psa_algorithm_t alg, - const uint8_t *hash, - size_t hash_length, - const uint8_t *signature, -- size_t signature_length) -+ size_t signature_length, -+ uint32_t sfn_id) - { - struct service_client *ipc = context; - struct rpc_caller *caller = ipc->caller; - psa_status_t status; - struct psa_ipc_crypto_pack_iovec iov = { -- .sfn_id = TFM_CRYPTO_VERIFY_HASH_SID, -+ .sfn_id = sfn_id, - .key_id = id, - .alg = alg, - }; -@@ -52,6 +53,32 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont - return status; - } - -+static inline psa_status_t crypto_caller_verify_hash(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, -+ size_t hash_length, -+ const uint8_t *signature, -+ size_t signature_length) -+{ -+ -+ return crypto_caller_common(context,id,alg,hash,hash_length, -+ signature,signature_length, TFM_CRYPTO_VERIFY_HASH_SID); -+} -+ -+static inline psa_status_t crypto_caller_verify_message(struct service_client *context, -+ psa_key_id_t id, -+ psa_algorithm_t alg, -+ const uint8_t *hash, -+ size_t hash_length, -+ const uint8_t *signature, -+ size_t signature_length) -+{ -+ -+ return crypto_caller_common(context,id,alg,hash,hash_length, -+ signature,signature_length, TFM_CRYPTO_VERIFY_MESSAGE_SID); -+} -+ - #ifdef __cplusplus - } - #endif diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0046-Fix-update-psa_set_key_usage_flags-definition-to-the.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0046-Fix-update-psa_set_key_usage_flags-definition-to-the.patch deleted file mode 100644 index 4bd846d236..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0046-Fix-update-psa_set_key_usage_flags-definition-to-the.patch +++ /dev/null @@ -1,40 +0,0 @@ -From a037ef21c0334117ad0741776a4b7b6e1a428d19 Mon Sep 17 00:00:00 2001 -From: Satish Kumar <satish.kumar01@arm.com> -Date: Mon, 14 Feb 2022 17:52:00 +0000 -Subject: [PATCH] Fix : update psa_set_key_usage_flags definition to the latest - from the tf-m - -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> - - ---- - components/service/crypto/include/psa/crypto_struct.h | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/components/service/crypto/include/psa/crypto_struct.h b/components/service/crypto/include/psa/crypto_struct.h -index 1bc55e37..b4a7ed4b 100644 ---- a/components/service/crypto/include/psa/crypto_struct.h -+++ b/components/service/crypto/include/psa/crypto_struct.h -@@ -155,9 +155,19 @@ static inline psa_key_lifetime_t psa_get_key_lifetime( - return( attributes->lifetime ); - } - -+static inline void psa_extend_key_usage_flags( psa_key_usage_t *usage_flags ) -+{ -+ if( *usage_flags & PSA_KEY_USAGE_SIGN_HASH ) -+ *usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE; -+ -+ if( *usage_flags & PSA_KEY_USAGE_VERIFY_HASH ) -+ *usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE; -+} -+ - static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes, - psa_key_usage_t usage_flags) - { -+ psa_extend_key_usage_flags( &usage_flags ); - attributes->usage = usage_flags; - } - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0047-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0047-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch deleted file mode 100644 index 4ad4be0070..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0047-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch +++ /dev/null @@ -1,120 +0,0 @@ -From 55463b12cca39d2c6a3fd18bbd3d28ae95dff8cf Mon Sep 17 00:00:00 2001 -From: Satish Kumar <satish.kumar01@arm.com> -Date: Mon, 14 Feb 2022 08:22:25 +0000 -Subject: [PATCH] Fixes in AEAD for psa-arch test 54 and 58. - -Signed-off-by: Satish Kumar <satish.kumar01@arm.com> - -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com> - - ---- - .../crypto/client/caller/packed-c/crypto_caller_aead.h | 1 + - components/service/crypto/include/psa/crypto_sizes.h | 2 +- - .../crypto/provider/extension/aead/aead_provider.c | 8 ++++++-- - .../extension/aead/serializer/aead_provider_serializer.h | 1 + - .../packed-c/packedc_aead_provider_serializer.c | 2 ++ - protocols/service/crypto/packed-c/aead.h | 1 + - 6 files changed, 12 insertions(+), 3 deletions(-) - -diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h -index c4ffb20c..a91f66c1 100644 ---- a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h -+++ b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h -@@ -309,6 +309,7 @@ static inline psa_status_t crypto_caller_aead_update(struct service_client *cont - size_t req_len = req_fixed_len; - - *output_length = 0; -+ req_msg.output_size = output_size; - req_msg.op_handle = op_handle; - - /* Mandatory input data parameter */ -diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h -index 4d7bf6e9..e3c4df29 100644 ---- a/components/service/crypto/include/psa/crypto_sizes.h -+++ b/components/service/crypto/include/psa/crypto_sizes.h -@@ -351,7 +351,7 @@ - * just the largest size that may be generated by - * #psa_aead_generate_nonce(). - */ --#define PSA_AEAD_NONCE_MAX_SIZE 12 -+#define PSA_AEAD_NONCE_MAX_SIZE 16 - - /** A sufficient output buffer size for psa_aead_update(). - * -diff --git a/components/service/crypto/provider/extension/aead/aead_provider.c b/components/service/crypto/provider/extension/aead/aead_provider.c -index 14a25436..6b144db8 100644 ---- a/components/service/crypto/provider/extension/aead/aead_provider.c -+++ b/components/service/crypto/provider/extension/aead/aead_provider.c -@@ -283,10 +283,11 @@ static rpc_status_t aead_update_handler(void *context, struct call_req *req) - uint32_t op_handle; - const uint8_t *input; - size_t input_len; -+ uint32_t recv_output_size; - - if (serializer) - rpc_status = serializer->deserialize_aead_update_req(req_buf, &op_handle, -- &input, &input_len); -+ &recv_output_size, &input, &input_len); - - if (rpc_status == TS_RPC_CALL_ACCEPTED) { - -@@ -300,9 +301,12 @@ static rpc_status_t aead_update_handler(void *context, struct call_req *req) - if (crypto_context) { - - size_t output_len = 0; -- size_t output_size = PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_len); -+ size_t output_size = PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(24); - uint8_t *output = malloc(output_size); - -+ if (recv_output_size < output_size) { -+ output_size = recv_output_size; -+ } - if (output) { - - psa_status = psa_aead_update(&crypto_context->op.aead, -diff --git a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h -index bb1a2a97..0156aaba 100644 ---- a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h -+++ b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h -@@ -51,6 +51,7 @@ struct aead_provider_serializer { - /* Operation: aead_update */ - rpc_status_t (*deserialize_aead_update_req)(const struct call_param_buf *req_buf, - uint32_t *op_handle, -+ uint32_t *output_size, - const uint8_t **input, size_t *input_len); - - rpc_status_t (*serialize_aead_update_resp)(struct call_param_buf *resp_buf, -diff --git a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c -index 6f00b3e3..45c739ab 100644 ---- a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c -+++ b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c -@@ -192,6 +192,7 @@ static rpc_status_t deserialize_aead_update_ad_req(const struct call_param_buf * - /* Operation: aead_update */ - static rpc_status_t deserialize_aead_update_req(const struct call_param_buf *req_buf, - uint32_t *op_handle, -+ uint32_t *output_size, - const uint8_t **input, size_t *input_len) - { - rpc_status_t rpc_status = TS_RPC_ERROR_INVALID_REQ_BODY; -@@ -208,6 +209,7 @@ static rpc_status_t deserialize_aead_update_req(const struct call_param_buf *req - memcpy(&recv_msg, req_buf->data, expected_fixed_len); - - *op_handle = recv_msg.op_handle; -+ *output_size = recv_msg.output_size; - - tlv_const_iterator_begin(&req_iter, - (uint8_t*)req_buf->data + expected_fixed_len, -diff --git a/protocols/service/crypto/packed-c/aead.h b/protocols/service/crypto/packed-c/aead.h -index 0be266b5..435fd3b5 100644 ---- a/protocols/service/crypto/packed-c/aead.h -+++ b/protocols/service/crypto/packed-c/aead.h -@@ -98,6 +98,7 @@ enum - struct __attribute__ ((__packed__)) ts_crypto_aead_update_in - { - uint32_t op_handle; -+ uint32_t output_size; - }; - - /* Variable length input parameter tags */ diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0048-Fix-UEFI-get_variable-with-small-buffer.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0048-Fix-UEFI-get_variable-with-small-buffer.patch deleted file mode 100644 index e4573a5196..0000000000 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0048-Fix-UEFI-get_variable-with-small-buffer.patch +++ /dev/null @@ -1,407 +0,0 @@ -Upstream-Status: Pending -Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com> - -From 2d975e5ec5df6f81d6c35fe927f72d49181142f8 Mon Sep 17 00:00:00 2001 -From: Julian Hall <julian.hall@arm.com> -Date: Tue, 19 Jul 2022 12:43:30 +0100 -Subject: [PATCH] Fix UEFI get_variable with small buffer - -The handling of the UEFI get_variable operation was incorrect when -a small or zero data length was specified by a requester. A zero -length data length is a legitimate way to discover the size of a -variable without actually retrieving its data. This change adds -test cases that reproduce the problem and a fix. - -Signed-off-by: Julian Hall <julian.hall@arm.com> -Change-Id: Iec087fbf9305746d1438888e871602ec0ce15824 ---- - .../backend/test/variable_store_tests.cpp | 60 ++++++++++++++++-- - .../backend/uefi_variable_store.c | 46 +++++++++++--- - .../client/cpp/smm_variable_client.cpp | 33 +++++----- - .../client/cpp/smm_variable_client.h | 8 ++- - .../provider/smm_variable_provider.c | 2 +- - .../service/smm_variable_service_tests.cpp | 62 +++++++++++++++++++ - 6 files changed, 179 insertions(+), 32 deletions(-) - -diff --git a/components/service/smm_variable/backend/test/variable_store_tests.cpp b/components/service/smm_variable/backend/test/variable_store_tests.cpp -index 235642e6..98faf761 100644 ---- a/components/service/smm_variable/backend/test/variable_store_tests.cpp -+++ b/components/service/smm_variable/backend/test/variable_store_tests.cpp -@@ -128,7 +128,8 @@ TEST_GROUP(UefiVariableStoreTests) - - efi_status_t get_variable( - const std::wstring &name, -- std::string &data) -+ std::string &data, -+ size_t data_len_clamp = VARIABLE_BUFFER_SIZE) - { - std::vector<int16_t> var_name = to_variable_name(name); - size_t name_size = var_name.size() * sizeof(int16_t); -@@ -144,21 +145,40 @@ TEST_GROUP(UefiVariableStoreTests) - access_variable->NameSize = name_size; - memcpy(access_variable->Name, var_name.data(), name_size); - -- access_variable->DataSize = 0; -+ size_t max_data_len = (data_len_clamp == VARIABLE_BUFFER_SIZE) ? -+ VARIABLE_BUFFER_SIZE - -+ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(access_variable) : -+ data_len_clamp; -+ -+ access_variable->DataSize = max_data_len; - - efi_status_t status = uefi_variable_store_get_variable( - &m_uefi_variable_store, - access_variable, -- VARIABLE_BUFFER_SIZE - -- SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(access_variable), -+ max_data_len, - &total_size); - -+ data.clear(); -+ - if (status == EFI_SUCCESS) { - - const char *data_start = (const char*)(msg_buffer + - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(access_variable)); - - data = std::string(data_start, access_variable->DataSize); -+ -+ UNSIGNED_LONGLONGS_EQUAL( -+ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_TOTAL_SIZE(access_variable), -+ total_size); -+ } -+ else if (status == EFI_BUFFER_TOO_SMALL) { -+ -+ /* String length set to reported variable length */ -+ data.insert(0, access_variable->DataSize, '!'); -+ -+ UNSIGNED_LONGLONGS_EQUAL( -+ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(access_variable), -+ total_size); - } - - return status; -@@ -336,6 +356,38 @@ TEST(UefiVariableStoreTests, persistentSetGet) - LONGS_EQUAL(0, input_data.compare(output_data)); - } - -+TEST(UefiVariableStoreTests, getWithSmallBuffer) -+{ -+ efi_status_t status = EFI_SUCCESS; -+ std::wstring var_name = L"test_variable"; -+ std::string input_data = "quick brown fox"; -+ std::string output_data; -+ -+ /* A get with a zero length buffer is a legitimate way to -+ * discover the variable size. This test performs GetVariable -+ * operations with various buffer small buffer sizes. */ -+ status = set_variable(var_name, input_data, 0); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -+ -+ /* First get the variable without a constrained buffer */ -+ status = get_variable(var_name, output_data); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status); -+ -+ /* Expect got variable data to be the same as the set value */ -+ UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); -+ LONGS_EQUAL(0, input_data.compare(output_data)); -+ -+ /* Now try with a zero length buffer */ -+ status = get_variable(var_name, output_data, 0); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, status); -+ UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); -+ -+ /* Try with a non-zero length but too small buffer */ -+ status = get_variable(var_name, output_data, input_data.size() -1); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, status); -+ UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size()); -+} -+ - TEST(UefiVariableStoreTests, removeVolatile) - { - efi_status_t status = EFI_SUCCESS; -diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c -index e8771c21..90d648de 100644 ---- a/components/service/smm_variable/backend/uefi_variable_store.c -+++ b/components/service/smm_variable/backend/uefi_variable_store.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - * -@@ -294,7 +294,10 @@ efi_status_t uefi_variable_store_get_variable( - - status = load_variable_data(context, info, var, max_data_len); - var->Attributes = info->metadata.attributes; -- *total_length = SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_TOTAL_SIZE(var); -+ -+ *total_length = (status == EFI_SUCCESS) ? -+ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_TOTAL_SIZE(var) : -+ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(var); - } - } - -@@ -682,7 +685,6 @@ static efi_status_t load_variable_data( - { - EMSG("In func %s\n", __func__); - psa_status_t psa_status = PSA_SUCCESS; -- size_t data_len = 0; - uint8_t *data = (uint8_t*)var + - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(var); - -@@ -692,17 +694,41 @@ static efi_status_t load_variable_data( - - if (delegate_store->storage_backend) { - -- psa_status = delegate_store->storage_backend->interface->get( -+ struct psa_storage_info_t storage_info; -+ -+ psa_status = delegate_store->storage_backend->interface->get_info( - delegate_store->storage_backend->context, - context->owner_id, - info->metadata.uid, -- 0, -- max_data_len, -- data, -- &data_len); -- EMSG("In func %s get status is %d\n", __func__, psa_status); -+ &storage_info); -+ -+ if (psa_status == PSA_SUCCESS) { - -- var->DataSize = data_len; -+ size_t get_limit = (var->DataSize < max_data_len) ? -+ var->DataSize : -+ max_data_len; -+ -+ if (get_limit >= storage_info.size) { -+ -+ size_t got_len = 0; -+ -+ psa_status = delegate_store->storage_backend->interface->get( -+ delegate_store->storage_backend->context, -+ context->owner_id, -+ info->metadata.uid, -+ 0, -+ max_data_len, -+ data, -+ &got_len); -+ -+ var->DataSize = got_len; -+ } -+ else { -+ -+ var->DataSize = storage_info.size; -+ psa_status = PSA_ERROR_BUFFER_TOO_SMALL; -+ } -+ } - } - - return psa_to_efi_storage_status(psa_status); -diff --git a/components/service/smm_variable/client/cpp/smm_variable_client.cpp b/components/service/smm_variable/client/cpp/smm_variable_client.cpp -index 8438285b..b6b4ed90 100644 ---- a/components/service/smm_variable/client/cpp/smm_variable_client.cpp -+++ b/components/service/smm_variable/client/cpp/smm_variable_client.cpp -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -122,21 +122,22 @@ efi_status_t smm_variable_client::get_variable( - guid, - name, - data, -- 0); -+ 0, -+ MAX_VAR_DATA_SIZE); - } - - efi_status_t smm_variable_client::get_variable( - const EFI_GUID &guid, - const std::wstring &name, - std::string &data, -- size_t override_name_size) -+ size_t override_name_size, -+ size_t max_data_size) - { - efi_status_t efi_status = EFI_NOT_READY; - - std::vector<int16_t> var_name = to_variable_name(name); - size_t name_size = var_name.size() * sizeof(int16_t); -- size_t data_size = 0; -- size_t req_len = SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_SIZE(name_size, data_size); -+ size_t req_len = SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_SIZE(name_size, 0); - - rpc_call_handle call_handle; - uint8_t *req_buf; -@@ -154,7 +155,7 @@ efi_status_t smm_variable_client::get_variable( - - access_var->Guid = guid; - access_var->NameSize = name_size; -- access_var->DataSize = data_size; -+ access_var->DataSize = max_data_size; - - memcpy(access_var->Name, var_name.data(), name_size); - -@@ -168,26 +169,28 @@ efi_status_t smm_variable_client::get_variable( - - efi_status = opstatus; - -- if (efi_status == EFI_SUCCESS) { -- -- efi_status = EFI_PROTOCOL_ERROR; -+ if (resp_len >= SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET) { - -- if (resp_len >= SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET) { -+ access_var = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE*)resp_buf; -+ size_t data_size = access_var->DataSize; - -- access_var = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE*)resp_buf; -+ if (resp_len >= -+ SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_TOTAL_SIZE(access_var)) { - -- if (resp_len >= -- SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_TOTAL_SIZE(access_var)) { -+ if (efi_status == EFI_SUCCESS) { - -- data_size = access_var->DataSize; - const char *data_start = (const char*) - &resp_buf[ - SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(access_var)]; - - data.assign(data_start, data_size); -- efi_status = EFI_SUCCESS; - } - } -+ else if (efi_status == EFI_BUFFER_TOO_SMALL) { -+ -+ data.clear(); -+ data.insert(0, data_size, '!'); -+ } - } - } - else { -diff --git a/components/service/smm_variable/client/cpp/smm_variable_client.h b/components/service/smm_variable/client/cpp/smm_variable_client.h -index c7973916..3d2371a8 100644 ---- a/components/service/smm_variable/client/cpp/smm_variable_client.h -+++ b/components/service/smm_variable/client/cpp/smm_variable_client.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved. -+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -@@ -56,7 +56,8 @@ public: - const EFI_GUID &guid, - const std::wstring &name, - std::string &data, -- size_t override_name_size); -+ size_t override_name_size, -+ size_t max_data_size = MAX_VAR_DATA_SIZE); - - /* Remove a variable */ - efi_status_t remove_variable( -@@ -113,6 +114,9 @@ public: - - - private: -+ -+ static const size_t MAX_VAR_DATA_SIZE = 65536; -+ - efi_status_t rpc_to_efi_status() const; - - static std::vector<int16_t> to_variable_name(const std::wstring &string); -diff --git a/components/service/smm_variable/provider/smm_variable_provider.c b/components/service/smm_variable/provider/smm_variable_provider.c -index 1f362c17..95c4fdc9 100644 ---- a/components/service/smm_variable/provider/smm_variable_provider.c -+++ b/components/service/smm_variable/provider/smm_variable_provider.c -@@ -165,7 +165,7 @@ static rpc_status_t get_variable_handler(void *context, struct call_req *req) - } - else { - -- /* Reponse buffer not big enough */ -+ /* Response buffer not big enough */ - efi_status = EFI_BAD_BUFFER_SIZE; - } - } -diff --git a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -index 38c08ebe..989a3e63 100644 ---- a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -+++ b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp -@@ -284,6 +284,68 @@ TEST(SmmVariableServiceTests, setAndGetNv) - UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); - } - -+TEST(SmmVariableServiceTests, getVarSize) -+{ -+ efi_status_t efi_status = EFI_SUCCESS; -+ std::wstring var_name = L"test_variable"; -+ std::string set_data = "UEFI variable data string"; -+ std::string get_data; -+ -+ efi_status = m_client->set_variable( -+ m_common_guid, -+ var_name, -+ set_data, -+ 0); -+ -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+ -+ /* Get with the data size set to zero. This is the standard way -+ * to discover the variable size. */ -+ efi_status = m_client->get_variable( -+ m_common_guid, -+ var_name, -+ get_data, -+ 0, 0); -+ -+ UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, efi_status); -+ UNSIGNED_LONGS_EQUAL(set_data.size(), get_data.size()); -+ -+ /* Expect remove to be permitted */ -+ efi_status = m_client->remove_variable(m_common_guid, var_name); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+} -+ -+TEST(SmmVariableServiceTests, getVarSizeNv) -+{ -+ efi_status_t efi_status = EFI_SUCCESS; -+ std::wstring var_name = L"test_variable"; -+ std::string set_data = "UEFI variable data string"; -+ std::string get_data; -+ -+ efi_status = m_client->set_variable( -+ m_common_guid, -+ var_name, -+ set_data, -+ EFI_VARIABLE_NON_VOLATILE); -+ -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+ -+ /* Get with the data size set to zero. This is the standard way -+ * to discover the variable size. */ -+ efi_status = m_client->get_variable( -+ m_common_guid, -+ var_name, -+ get_data, -+ 0, 0); -+ -+ UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, efi_status); -+ UNSIGNED_LONGS_EQUAL(set_data.size(), get_data.size()); -+ -+ /* Expect remove to be permitted */ -+ efi_status = m_client->remove_variable(m_common_guid, var_name); -+ UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status); -+} -+ - TEST(SmmVariableServiceTests, enumerateStoreContents) - { - efi_status_t efi_status = EFI_SUCCESS; --- -2.17.1 - diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc index b04863fcfa..12d300a04b 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc @@ -1,127 +1,11 @@ -FILESEXTRAPATHS:prepend := "${THISDIR}/secure-partitions/corstone1000:" - -COMPATIBLE_MACHINE = "corstone1000" - -LIC_FILES_CHKSUM += "file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \ - file://../nanopb/LICENSE.txt;md5=9db4b73a55a3994384112efcdb37c01f \ - file://../openamp/LICENSE.md;md5=a8d8cf662ef6bf9936a1e1413585ecbf \ - file://../libmetal/LICENSE.md;md5=fe0b8a4beea8f0813b606d15a3df3d3c \ - file://../psa-arch-tests/LICENSE.md;md5=2a944942e1496af1886903d274dedb13 \ - " +FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:" SRC_URI:append = " \ - ${SRC_URI_MBEDTLS} ${SRC_URI_NANOPB} ${SRC_URI_OPENAMP} ${SRC_URI_LIBMETAL} ${SRC_URI_ARCH-TESTS}\ - file://0001-tools-cmake-common-applying-lowercase-project-conven.patch \ - file://0002-fix-EARLY_TA_PATHS-env-variable.patch \ - file://0003-se-proxy-dts-add-se-proxy-as-child-node.patch \ - file://0004-Update-mm-comm-buffer-region-in-dts-file.patch \ - file://0005-Configure-NV-storage-macro.patch \ - file://0006-Use-device-region.patch \ - file://0007-Add-openamp-to-SE-proxy-deployment.patch \ - file://0008-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch \ - file://0009-Add-openamp-rpc-caller.patch \ - file://0010-add-psa-client-definitions-for-ff-m.patch \ - file://0011-Add-common-service-component-to-ipc-support.patch \ - file://0012-Add-secure-storage-ipc-backend.patch \ - file://0013-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch \ - file://0014-Add-uefi-variable-append-write-support.patch \ - file://0015-Add-UEFI-variable-support-for-QueryVariableInfo.patch \ - file://0016-Add-uefi-test-deployment.patch \ - file://0017-Fix-interface-ID-parameter-setting-in-sp-ffarpc_call.patch \ - file://0018-Support-FFARPC-call-requests-with-no-shared-buffer.patch \ - file://0019-Run-psa-arch-test.patch \ - file://0020-Use-address-instead-of-pointers.patch \ - file://0021-Add-psa-ipc-attestation-to-se-proxy.patch \ - file://0022-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch \ - file://0023-add-psa-ipc-crypto-backend.patch \ - file://0024-Increase-SMM-gateway-UEFI-variable-macro-value.patch \ - file://0025-Add-stub-capsule-update-service-components.patch \ - file://0026-Add-logs-to-functions-in-SMM-gateway-SP.patch \ - file://0027-Configure-storage-size.patch \ - file://0028-Revert-Add-uefi-variable-append-write-support.patch \ - file://0029-Change-UID-of-variable-index-in-SMM.patch \ - file://0030-Add-missing-features-to-setVariable.patch \ - file://0031-Add-invalid-parameter-check-in-getNextVariableName.patch \ - file://0032-smm_gateway-add-checks-for-null-attributes.patch \ - file://0033-Enhance-mbedtls-fetch-process.patch \ - file://0034-Fix-format-specifier-in-logging_caller.patch \ - file://0035-Update-refspecs-for-mbedtls-and-psa-arch-tests-for-v.patch \ - file://0036-Separate-sign-verify-message-and-hash-operations.patch \ - file://0037-Add-defence-against-uninitialised-multi-part-transac.patch \ - file://0038-Integrate-AEAD-operation-support.patch \ - file://0039-Add-IV-generation-to-one-shot-cipher-operation.patch \ - file://0040-Fix-multi-part-termination-on-error.patch \ - file://0041-Abort-AEAD-operation-if-client-provided-buffer-is-to.patch \ - file://0042-Peg-to-updated-t_cose-version-fc3a4b2c.patch \ - file://0043-pass-sysroot_yocto.patch \ - file://0044-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch \ - file://0045-Integrate-remaining-psa-ipc-client-APIs.patch \ - file://0046-Fix-update-psa_set_key_usage_flags-definition-to-the.patch \ - file://0047-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch \ - file://0003-corstone1000-port-crypto-config.patch;patchdir=../psa-arch-tests \ - file://0048-Fix-UEFI-get_variable-with-small-buffer.patch \ - " - -SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=development;name=mbedtls;destsuffix=git/mbedtls" -SRCREV_mbedtls = "d65aeb37349ad1a50e0f6c9b694d4b5290d60e49" - -SRC_URI_NANOPB = "git://github.com/nanopb/nanopb.git;name=nanopb;protocol=https;branch=master;destsuffix=git/nanopb" -SRCREV_nanopb = "df0e92f474f9cca704fe2b31483f0b4d1b1715a4" - -SRC_URI_OPENAMP = "git://github.com/OpenAMP/open-amp.git;name=openamp;protocol=https;branch=main;destsuffix=git/openamp" -SRCREV_openamp = "347397decaa43372fc4d00f965640ebde042966d" - -SRC_URI_LIBMETAL = "git://github.com/OpenAMP/libmetal.git;name=libmetal;protocol=https;branch=main;destsuffix=git/libmetal" -SRCREV_libmetal = "f252f0e007fbfb8b3a52b1d5901250ddac96baad" - -SRC_URI_ARCH-TESTS = "git://github.com/bensze01/psa-arch-tests.git;name=psa-arch-tests;protocol=https;nobranch=1;destsuffix=git/psa-arch-tests" -SRCREV_psa-arch-tests = "5d1a87f9c0a82e1632a3145687b4c8d7cbbeed2d" - -TS_ENVIRONMENT_LINUX = "arm-linux" -TS_PLATFORM = "arm/corstone1000" -TS_ENVIRONMENT = "opteesp" -SP_PACKAGING_METHOD = "embedded" - -# Secure Enclave proxy secure partition -TS_DEPLOYMENTS += "'deployments/se-proxy/${TS_ENVIRONMENT}'" - -# smm-gateway secure partition -TS_DEPLOYMENTS += "'deployments/smm-gateway/${TS_ENVIRONMENT}'" - -PSA_API_TESTS = "deployments/psa-api-test/protected_storage/${TS_ENVIRONMENT_LINUX}" -PSA_API_TESTS += "deployments/psa-api-test/internal_trusted_storage/${TS_ENVIRONMENT_LINUX}" -PSA_API_TESTS += "deployments/psa-api-test/initial_attestation/${TS_ENVIRONMENT_LINUX}" -PSA_API_TESTS += "deployments/psa-api-test/crypto/${TS_ENVIRONMENT_LINUX}" - -# ffa-debugfs-mod provides arm_ffa_user.h needed by psa-arch-tests source-code -DEPENDS += "ffa-debugfs-mod" - -do_configure:append() { - for PSA_API_TEST in ${PSA_API_TESTS}; do - cmake \ - -DSYSROOT_YOCTO=${RECIPE_SYSROOT} \ - -S ${S}/$PSA_API_TEST -B "${B}/$PSA_API_TEST" - done -} - -do_compile:append() { - for PSA_API_TEST in ${PSA_API_TESTS}; do - cmake --build "${B}/$PSA_API_TEST" - done -} + file://0026-plat-add-corstone1000-platform-to-drivers-arm.patch \ + file://0027-Add-MHU-driver.patch \ + " -do_install:append() { - for PSA_API_TEST in ${PSA_API_TESTS}; do - install -d -m 0755 ${D}${libdir}/${PSA_API_TEST} - install -d -m 0755 ${D}${includedir}/${PSA_API_TEST} - psafile_fullpath=`ls ${B}/${PSA_API_TEST}/psa-*` - psafile_filename="`basename -s .bin ${psafile_fullpath}`" - install -D -p -m 0755 ${psafile_fullpath} ${D}/${bindir}/${psafile_filename} - done - cp -rf ${B}/${PSA_API_TEST}/libts_install/arm-linux/lib/*.so* ${D}/${libdir} -} -FILES:${PN}-dev = "${includedir}/deployments/psa-api-test/" -INSANE_SKIP:${PN}-psa-api-tests += "rpaths dev-so buildpaths" -PACKAGES += "${PN}-psa-api-tests" -FILES:${PN}-psa-api-tests = "${libdir} ${bindir}" +EXTRA_OECMAKE:append = "-DMM_COMM_BUFFER_ADDRESS="0x00000000 0x02000000" \ + -DMM_COMM_BUFFER_PAGE_COUNT="1" \ +" diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend index 8a37a28175..8a37a28175 100644 --- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions_%.bbappend +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend new file mode 100644 index 0000000000..8a37a28175 --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend @@ -0,0 +1,4 @@ +MACHINE_TS_REQUIRE ?= "" +MACHINE_TS_REQUIRE:corstone1000 = "ts-corstone1000.inc" + +require ${MACHINE_TS_REQUIRE} diff --git a/meta-arm/meta-arm-bsp/recipes-test/corstone1000-external-sys-tests/corstone1000-external-sys-tests_1.0.bb b/meta-arm/meta-arm-bsp/recipes-test/corstone1000-external-sys-tests/corstone1000-external-sys-tests_1.0.bb new file mode 100644 index 0000000000..474342040e --- /dev/null +++ b/meta-arm/meta-arm-bsp/recipes-test/corstone1000-external-sys-tests/corstone1000-external-sys-tests_1.0.bb @@ -0,0 +1,21 @@ +SUMMARY = "CORSTONE1000 external systems communications tests" +DESCRIPTION = "This is a Linux userspace tool to test the communication between Corstone1000 cores" +HOMEPAGE = "https://git.linaro.org/landing-teams/working/arm/test-apps.git" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://license.md;md5=e44b2531cd6ffe9dece394dbe988d9a0" + +SRC_URI = "git://git.gitlab.arm.com/arm-reference-solutions/corstone1000/applications.git;protocol=https;branch=master" +SRCREV = "2945cd92f7c6dbe4999ee72cd5cf1e2615eedba7" +PV .= "+git${SRCPV}" + +COMPATIBLE_MACHINE = "corstone1000" + +S = "${WORKDIR}/git" + +do_compile() { + ${CC} ${S}/test-app.c ${CFLAGS} ${LDFLAGS} -o ${S}/systems-comms-tests +} + +do_install() { + install -D -p -m 0755 ${S}/systems-comms-tests ${D}${bindir}/systems-comms-tests +} diff --git a/meta-arm/meta-arm-toolchain/conf/layer.conf b/meta-arm/meta-arm-toolchain/conf/layer.conf index 3cb8b064b9..f21fa6fb27 100644 --- a/meta-arm/meta-arm-toolchain/conf/layer.conf +++ b/meta-arm/meta-arm-toolchain/conf/layer.conf @@ -9,4 +9,4 @@ BBFILE_PATTERN_arm-toolchain := "^${LAYERDIR}/" BBFILE_PRIORITY_arm-toolchain = "5" LAYERDEPENDS_arm-toolchain = "core" -LAYERSERIES_COMPAT_arm-toolchain = "kirkstone" +LAYERSERIES_COMPAT_arm-toolchain = "langdale" diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/external-arm-toolchain.bb b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/external-arm-toolchain.bb index dcc8ebf021..fab1761177 100644 --- a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/external-arm-toolchain.bb +++ b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/external-arm-toolchain.bb @@ -75,7 +75,7 @@ do_install() { install -d ${D}${includedir} install -d ${D}/include install -d ${D}${libdir}/${TARGET_SYS}/${EAT_VER_GCC} - install -d ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC} + install -d ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include CP_ARGS="-Prf --preserve=mode,timestamps --no-preserve=ownership" cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/${EAT_LIBDIR}/* ${D}${base_libdir} @@ -104,7 +104,11 @@ do_install() { cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/crt*.o ${D}${libdir}/${TARGET_SYS}/${EAT_VER_GCC}/ cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/libgcc* ${D}${libdir}/${TARGET_SYS}/${EAT_VER_GCC}/ cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/libgcov* ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/ - cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/ + cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/ssp ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include || true + cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/sanitizers ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include || true + cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/quadmath* ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include || true + cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/omp.h ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include || true + cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/openacc.h ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include || true cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/finclude ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/ # fix up the copied symlinks (they are still pointing to the multiarch directory) @@ -495,7 +499,6 @@ FILES:libgcc-dev = "\ ${@oe.utils.conditional('BASETARGET_SYS', '${TARGET_SYS}', '', '${libdir}/${BASETARGET_SYS}', d)} \ ${libdir}/${TARGET_SYS}/${BINV}* \ ${libdir}/${TARGET_ARCH}${TARGET_VENDOR}* \ - ${libdir}/gcc/${TARGET_SYS}/${BINV}/include \ " FILES:linux-libc-headers = "" diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-common.inc b/meta-arm/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-common.inc index d7cc4e7b6e..fa23e8469d 100644 --- a/meta-arm/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-common.inc +++ b/meta-arm/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-common.inc @@ -12,7 +12,7 @@ do_install:prepend:class-target () { if [ "${TCMODE}" = "external-arm" -a ! -f ${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/gcc/${TARGET_SYS}/${BINV}/include/unwind.h ]; then install -d ${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/gcc/${TARGET_SYS}/${BINV}/include/ - install ${STAGING_LIBDIR}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include/unwind.h ${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/gcc/${TARGET_SYS}/${BINV}/include/ + install ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/unwind.h ${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/gcc/${TARGET_SYS}/${BINV}/include/ fi } diff --git a/meta-arm/meta-arm/classes/fvpboot.bbclass b/meta-arm/meta-arm/classes/fvpboot.bbclass index fbdfa965d4..78dabd7369 100644 --- a/meta-arm/meta-arm/classes/fvpboot.bbclass +++ b/meta-arm/meta-arm/classes/fvpboot.bbclass @@ -23,6 +23,8 @@ FVP_CONSOLE ?= "" FVP_CONSOLES[default] ?= "${FVP_CONSOLE}" # Arbitrary extra arguments FVP_EXTRA_ARGS ?= "" +# Bitbake variables to pass to the FVP environment +FVP_ENV_PASSTHROUGH ?= "" EXTRA_IMAGEDEPENDS += "${FVP_PROVIDER}" @@ -66,6 +68,10 @@ python do_write_fvpboot_conf() { data["terminals"] = getFlags("FVP_TERMINALS") data["args"] = shlex.split(d.getVar("FVP_EXTRA_ARGS") or "") + data["env"] = {} + for var in d.getVar("FVP_ENV_PASSTHROUGH").split(): + data["env"][var] = d.getVar(var) + os.makedirs(os.path.dirname(conffile), exist_ok=True) with open(conffile, "wt") as f: json.dump(data, f) diff --git a/meta-arm/meta-arm/classes/tfm_sign_image.bbclass b/meta-arm/meta-arm/classes/tfm_sign_image.bbclass new file mode 100644 index 0000000000..542b708b62 --- /dev/null +++ b/meta-arm/meta-arm/classes/tfm_sign_image.bbclass @@ -0,0 +1,79 @@ +# Functionality to sign binary images using the wrapper script bundled with +# TF-M. Signed images are written to the deploy directory by default. +# To use: +# * Inherit this class +# * Override the do_sign_images task +# * Write the signing logic, which may call the function sign_host_image, +# described below + +inherit python3native deploy + +# The output and working directory +TFM_IMAGE_SIGN_DIR = "${WORKDIR}/tfm-signed-images" + +tfm_sign_image_do_sign_images() { + : +} +addtask sign_images after do_configure before do_compile +do_sign_images[dirs] = "${TFM_IMAGE_SIGN_DIR}" + +tfm_sign_image_do_deploy() { + : +} +addtask deploy after do_sign_images + +deploy_signed_images() { + cp ${TFM_IMAGE_SIGN_DIR}/signed_* ${DEPLOYDIR}/ +} +do_deploy[postfuncs] += "deploy_signed_images" + +EXPORT_FUNCTIONS do_sign_images do_deploy + +DEPENDS += "trusted-firmware-m-scripts-native" + +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the +# right path until this is relocated automatically. +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" + +# +# sign_host_image +# +# Description: +# +# A generic function that signs a host image +# using MCUBOOT format +# +# Arguments: +# +# $1 ... path of binary to sign +# $2 ... load address of the given binary +# $3 ... signed binary size +# +# Note: The signed binary is copied to ${TFM_IMAGE_SIGN_DIR} +# +sign_host_image() { + host_binary_filename="$(basename -s .bin "${1}")" + host_binary_layout="${host_binary_filename}_ns" + + cat << EOF > ${TFM_IMAGE_SIGN_DIR}/${host_binary_layout} +enum image_attributes { + RE_IMAGE_LOAD_ADDRESS = ${2}, + RE_SIGN_BIN_SIZE = ${3}, +}; +EOF + + host_binary_signed="${TFM_IMAGE_SIGN_DIR}/signed_$(basename "${1}")" + + ${PYTHON} "${STAGING_LIBDIR_NATIVE}/tfm-scripts/wrapper/wrapper.py" \ + -v ${RE_LAYOUT_WRAPPER_VERSION} \ + --layout "${TFM_IMAGE_SIGN_DIR}/${host_binary_layout}" \ + -k "${RECIPE_SYSROOT_NATIVE}/${TFM_SIGN_PRIVATE_KEY}" \ + --public-key-format full \ + --align 1 \ + --pad \ + --pad-header \ + -H ${RE_IMAGE_OFFSET} \ + -s auto \ + "${1}" \ + "${host_binary_signed}" +} diff --git a/meta-arm/meta-arm/conf/layer.conf b/meta-arm/meta-arm/conf/layer.conf index c23ea56f88..af8c4cc387 100644 --- a/meta-arm/meta-arm/conf/layer.conf +++ b/meta-arm/meta-arm/conf/layer.conf @@ -13,7 +13,7 @@ LAYERDEPENDS_meta-arm = " \ core \ arm-toolchain \ " -LAYERSERIES_COMPAT_meta-arm = "kirkstone" +LAYERSERIES_COMPAT_meta-arm = "langdale" # runfvp --console needs telnet, so pull this in for testimage. HOSTTOOLS_NONFATAL += "telnet" diff --git a/meta-arm/meta-arm/conf/machine/microbit-v1.conf b/meta-arm/meta-arm/conf/machine/microbit-v1.conf deleted file mode 100644 index ef3872fef2..0000000000 --- a/meta-arm/meta-arm/conf/machine/microbit-v1.conf +++ /dev/null @@ -1,24 +0,0 @@ -#@TYPE: Machine -#@NAME: microbit_v1 -#@DESCRIPTION: Machine for BBC Microbit v1, Zephyr BOARD qemu_cortex_m0 - -require conf/machine/include/qemu.inc -require conf/machine/include/arm/armv6m/tune-cortexm0.inc - -MACHINEOVERRIDES =. "nordic:" - -# GLIBC will not work with Cortex-M. -TCLIBC = "newlib" - -# For runqemu -QB_SYSTEM_NAME = "qemu-system-arm" -QB_MACHINE = "-machine microbit" -QB_CPU = "-cpu cortex-m0" -QB_GRAPHICS = "-nographic -vga none" -QB_RNG = "" -QB_OPT_APPEND = "-icount shift=6,align=off,sleep=on -rtc clock=vm" - -# Zephyr RTOS settings -ZEPHYR_BOARD = "qemu_cortex_m0" -ZEPHYR_INHERIT_CLASSES += "zephyr-qemuboot" -ARCH:qemu-cortex-m0 = "arm" diff --git a/meta-arm/meta-arm/conf/machine/qemu-cortex-a53.conf b/meta-arm/meta-arm/conf/machine/qemu-cortex-a53.conf deleted file mode 100644 index 7147face89..0000000000 --- a/meta-arm/meta-arm/conf/machine/qemu-cortex-a53.conf +++ /dev/null @@ -1,19 +0,0 @@ -#@TYPE: Machine -#@NAME: qemu-cortex-a53 -#@DESCRIPTION: Machine for Zephyr BOARD qemu_cortex_a53 - -require conf/machine/include/qemu.inc -require conf/machine/include/arm/armv8a/tune-cortexa53.inc - -TCLIBC = "newlib" - -# For runqemu -QB_SYSTEM_NAME = "qemu-system-aarch64" -QB_MACHINE = "-machine virt" -QB_CPU = "-cpu cortex-a53" -QB_GRAPHICS = "-nographic -vga none" - -# Zephyr RTOS settings -ZEPHYR_BOARD = "qemu_cortex_a53" -ZEPHYR_INHERIT_CLASSES += "zephyr-qemuboot" -ARCH:qemu-cortex-a53 = "aarch64" diff --git a/meta-arm/meta-arm/conf/machine/qemuarm-secureboot.conf b/meta-arm/meta-arm/conf/machine/qemuarm-secureboot.conf index e48d9642df..f08b84fe5e 100644 --- a/meta-arm/meta-arm/conf/machine/qemuarm-secureboot.conf +++ b/meta-arm/meta-arm/conf/machine/qemuarm-secureboot.conf @@ -21,6 +21,3 @@ WKS_FILE_DEPENDS = "trusted-firmware-a" IMAGE_BOOT_FILES = "${KERNEL_IMAGETYPE}" MACHINE_FEATURES += "optee-ftpm" - -# FIXME - CPUs 2-4 don't start in the newer OPTEE -PREFERRED_VERSION_optee-os ?= "3.14%" diff --git a/meta-arm/meta-arm/lib/fvp/conffile.py b/meta-arm/meta-arm/lib/fvp/conffile.py index acede40ee5..603851d1dc 100644 --- a/meta-arm/meta-arm/lib/fvp/conffile.py +++ b/meta-arm/meta-arm/lib/fvp/conffile.py @@ -51,6 +51,7 @@ def load(config_file): sanitise("terminals", {}) sanitise("args", []) sanitise("consoles", {}) + sanitise("env", {}) if not config["exe"]: raise ValueError("Required value FVP_EXE not set in machine configuration") diff --git a/meta-arm/meta-arm/lib/fvp/runner.py b/meta-arm/meta-arm/lib/fvp/runner.py index 7641cd67c5..c5c795dd32 100644 --- a/meta-arm/meta-arm/lib/fvp/runner.py +++ b/meta-arm/meta-arm/lib/fvp/runner.py @@ -59,8 +59,19 @@ class FVPRunner: async def start(self, config, extra_args=[], terminal_choice="none"): cli = cli_from_config(config, terminal_choice) cli += extra_args + + # Pass through environment variables needed for GUI applications, such + # as xterm, to work. + env = config['env'] + for name in ('DISPLAY', 'WAYLAND_DISPLAY'): + if name in os.environ: + env[name] = os.environ[name] + self._logger.debug(f"Constructed FVP call: {cli}") - self._fvp_process = await asyncio.create_subprocess_exec(*cli, stdin=subprocess.DEVNULL, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + self._fvp_process = await asyncio.create_subprocess_exec( + *cli, + stdin=subprocess.DEVNULL, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, + env=env) def detect_terminals(line): m = re.match(r"^(\S+): Listening for serial connection on port (\d+)$", line) diff --git a/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py b/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py index d1e452f633..cf8a3c53f4 100644 --- a/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py +++ b/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py @@ -20,11 +20,10 @@ class RunFVPTests(OESelftestTestCase): on exit code 0 or fail the test, otherwise return the CompletedProcess instance. """ - # Put the test directory in PATH so that any mock FVPs are found first - newenv = {"PATH": str(testdir) + ":" + os.environ["PATH"]} cli = [runfvp,] + list(args) print(f"Calling {cli}") - ret = subprocess.run(cli, env=newenv, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, universal_newlines=True) + # Set cwd to testdir so that any mock FVPs are found + ret = subprocess.run(cli, cwd=testdir, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, universal_newlines=True) if should_succeed: self.assertEqual(ret.returncode, 0, f"runfvp exit {ret.returncode}, output: {ret.stdout}") return ret.stdout @@ -40,8 +39,6 @@ class RunFVPTests(OESelftestTestCase): self.run_fvp("--this-is-an-invalid-option", should_succeed=False) def test_run_auto_tests(self): - newenv = {"PATH": str(testdir) + ":" + os.environ["PATH"]} - cases = list(testdir.glob("auto-*.json")) if not cases: self.fail("No tests found") @@ -79,6 +76,7 @@ class ConfFileTests(OESelftestTestCase): self.assertTrue("terminals" in conf) self.assertTrue("args" in conf) self.assertTrue("consoles" in conf) + self.assertTrue("env" in conf) class RunnerTests(OESelftestTestCase): @@ -97,6 +95,7 @@ class RunnerTests(OESelftestTestCase): "applications": {'a1': 'file'}, "terminals": {}, "args": ['--extra-arg'], + "env": {"FOO": "BAR"} })) m.assert_called_once_with('/usr/bin/FVP_Binary', @@ -106,4 +105,27 @@ class RunnerTests(OESelftestTestCase): '--extra-arg', stdin=unittest.mock.ANY, stdout=unittest.mock.ANY, - stderr=unittest.mock.ANY) + stderr=unittest.mock.ANY, + env={"FOO":"BAR"}) + + @unittest.mock.patch.dict(os.environ, {"DISPLAY": ":42", "WAYLAND_DISPLAY": "wayland-42"}) + def test_env_passthrough(self): + from fvp import runner + with self.create_mock() as m: + fvp = runner.FVPRunner(self.logger) + asyncio.run(fvp.start({ + "fvp-bindir": "/usr/bin", + "exe": "FVP_Binary", + "parameters": {}, + "data": [], + "applications": {}, + "terminals": {}, + "args": [], + "env": {"FOO": "BAR"} + })) + + m.assert_called_once_with('/usr/bin/FVP_Binary', + stdin=unittest.mock.ANY, + stdout=unittest.mock.ANY, + stderr=unittest.mock.ANY, + env={"DISPLAY":":42", "FOO": "BAR", "WAYLAND_DISPLAY": "wayland-42"}) diff --git a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-basic.json b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-basic.json index 476eb57217..a476ac108a 100644 --- a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-basic.json +++ b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-basic.json @@ -1,3 +1,4 @@ { + "fvp-bindir": ".", "exe": "auto-basic.sh" } diff --git a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-parameters.json b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-parameters.json index 0c7d4ef922..a60abac3f4 100644 --- a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-parameters.json +++ b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-parameters.json @@ -1,4 +1,5 @@ { + "fvp-bindir": ".", "exe": "test-parameters.py", "parameters": { "board.cow": "moo", diff --git a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/test-parameter.json b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/test-parameter.json index 9b565f27f6..031ef6600e 100644 --- a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/test-parameter.json +++ b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/test-parameter.json @@ -1,4 +1,5 @@ { + "fvp-bindir": ".", "exe": "test-parameters.py", "parameters": { "board.cow": "moo" diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-Fix-build-with-clang-15.patch b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-Fix-build-with-clang-15.patch new file mode 100644 index 0000000000..f037d2b58f --- /dev/null +++ b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-Fix-build-with-clang-15.patch @@ -0,0 +1,116 @@ +From d96f696244e0869654004f49586b53811037db30 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Thu, 22 Sep 2022 19:13:49 -0700 +Subject: [PATCH] Fix build with clang-15 + +Clang-15 warns about prototypes a bit harder +Remove unused variable suites_in_image + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> + +--- + test/hftest/common.c | 2 -- + test/vmapi/arch/aarch64/gicv3/gicv3.c | 2 +- + test/vmapi/arch/aarch64/gicv3/inc/gicv3.h | 2 +- + test/vmapi/arch/aarch64/gicv3/timer_secondary.c | 2 +- + test/vmapi/el0_partitions/services/interruptible.c | 2 +- + test/vmapi/el0_partitions/services/interruptible_echo.c | 2 +- + test/vmapi/primary_with_secondaries/services/interruptible.c | 2 +- + 7 files changed, 6 insertions(+), 8 deletions(-) + +diff --git a/test/hftest/common.c b/test/hftest/common.c +index 344ff24..175230a 100644 +--- a/test/hftest/common.c ++++ b/test/hftest/common.c +@@ -67,7 +67,6 @@ void hftest_json(void) + { + const char *suite = NULL; + size_t i; +- size_t suites_in_image = 0; + size_t tests_in_suite = 0; + + HFTEST_LOG("{"); +@@ -81,7 +80,6 @@ void hftest_json(void) + HFTEST_LOG(" },"); + } + /* Move onto new suite. */ +- ++suites_in_image; + suite = test->suite; + tests_in_suite = 0; + HFTEST_LOG(" {"); +diff --git a/test/vmapi/arch/aarch64/gicv3/gicv3.c b/test/vmapi/arch/aarch64/gicv3/gicv3.c +index 682bc4e..82582f0 100644 +--- a/test/vmapi/arch/aarch64/gicv3/gicv3.c ++++ b/test/vmapi/arch/aarch64/gicv3/gicv3.c +@@ -42,7 +42,7 @@ static void irq(void) + dlog("primary IRQ %d ended\n", interrupt_id); + } + +-void system_setup() ++void system_setup(void) + { + const uint32_t mode = MM_MODE_R | MM_MODE_W | MM_MODE_D; + hftest_mm_identity_map((void *)GICD_BASE, PAGE_SIZE, mode); +diff --git a/test/vmapi/arch/aarch64/gicv3/inc/gicv3.h b/test/vmapi/arch/aarch64/gicv3/inc/gicv3.h +index 5faf3a8..f681e58 100644 +--- a/test/vmapi/arch/aarch64/gicv3/inc/gicv3.h ++++ b/test/vmapi/arch/aarch64/gicv3/inc/gicv3.h +@@ -30,4 +30,4 @@ extern void *recv_buffer; + + extern volatile uint32_t last_interrupt_id; + +-void system_setup(); ++void system_setup(void); +diff --git a/test/vmapi/arch/aarch64/gicv3/timer_secondary.c b/test/vmapi/arch/aarch64/gicv3/timer_secondary.c +index ebc4db3..8260e10 100644 +--- a/test/vmapi/arch/aarch64/gicv3/timer_secondary.c ++++ b/test/vmapi/arch/aarch64/gicv3/timer_secondary.c +@@ -55,7 +55,7 @@ TEAR_DOWN(timer_secondary_ffa) + EXPECT_FFA_ERROR(ffa_rx_release(), FFA_DENIED); + } + +-static void timer_busywait_secondary() ++static void timer_busywait_secondary(void) + { + const char message[] = "loop 0099999"; + const char expected_response[] = "Got IRQ 03."; +diff --git a/test/vmapi/el0_partitions/services/interruptible.c b/test/vmapi/el0_partitions/services/interruptible.c +index 0d00b16..3c3250d 100644 +--- a/test/vmapi/el0_partitions/services/interruptible.c ++++ b/test/vmapi/el0_partitions/services/interruptible.c +@@ -43,7 +43,7 @@ static void irq(void) + * Try to receive a message from the mailbox, blocking if necessary, and + * retrying if interrupted. + */ +-static struct ffa_value mailbox_receive_retry() ++static struct ffa_value mailbox_receive_retry(void) + { + struct ffa_value received; + +diff --git a/test/vmapi/el0_partitions/services/interruptible_echo.c b/test/vmapi/el0_partitions/services/interruptible_echo.c +index b618cf2..636ebc9 100644 +--- a/test/vmapi/el0_partitions/services/interruptible_echo.c ++++ b/test/vmapi/el0_partitions/services/interruptible_echo.c +@@ -32,7 +32,7 @@ static void irq(void) + * Try to receive a message from the mailbox, blocking if necessary, and + * retrying if interrupted. + */ +-static struct ffa_value mailbox_receive_retry() ++static struct ffa_value mailbox_receive_retry(void) + { + struct ffa_value received; + +diff --git a/test/vmapi/primary_with_secondaries/services/interruptible.c b/test/vmapi/primary_with_secondaries/services/interruptible.c +index cc1c1f9..c94093b 100644 +--- a/test/vmapi/primary_with_secondaries/services/interruptible.c ++++ b/test/vmapi/primary_with_secondaries/services/interruptible.c +@@ -40,7 +40,7 @@ static void irq(void) + * Try to receive a message from the mailbox, blocking if necessary, and + * retrying if interrupted. + */ +-struct ffa_value mailbox_receive_retry() ++struct ffa_value mailbox_receive_retry(void) + { + struct ffa_value received; + diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-define-_Noreturn-if-needed.patch b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-define-_Noreturn-if-needed.patch index b73c53393f..6f61177ac3 100644 --- a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-define-_Noreturn-if-needed.patch +++ b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-define-_Noreturn-if-needed.patch @@ -1,4 +1,4 @@ -From 0d941ba32a082023575fd0d14d52a12b7547b367 Mon Sep 17 00:00:00 2001 +From a433727e0fe8424db984f3afa2bda898dd517e9d Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Tue, 19 Apr 2022 22:32:56 -0700 Subject: [PATCH] define _Noreturn if needed @@ -11,12 +11,13 @@ noreturn void panic(const char *fmt, ...); ^ Signed-off-by: Khem Raj <raj.khem@gmail.com> + --- inc/hf/panic.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/inc/hf/panic.h b/inc/hf/panic.h -index ec864e4f..588f1193 100644 +index ec864e4..588f119 100644 --- a/inc/hf/panic.h +++ b/inc/hf/panic.h @@ -10,4 +10,8 @@ @@ -28,6 +29,3 @@ index ec864e4f..588f1193 100644 +#endif + noreturn void panic(const char *fmt, ...); --- -2.36.0 - diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/host-ld.patch b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/host-ld.patch index 040d61b253..2a34239050 100644 --- a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/host-ld.patch +++ b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/host-ld.patch @@ -1,3 +1,8 @@ +From 9b1b93184c365a07b340c9404a6a0581e971bd54 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Tue, 9 Nov 2021 23:31:22 +0000 +Subject: [PATCH] arm/hafnium: fix kernel tool linking + We need to be sure that the host linker flags are passed to the kernel build, as otherwise it is possible that binaries are incorrectly linked. For example: @@ -7,8 +12,12 @@ ld: .../recipe-sysroot-native/usr/lib/pkgconfig/../../../usr/lib/libcrypto.so: u Upstream-Status: Inappropriate Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + build/linux/linux.gni | 1 + + 1 file changed, 1 insertion(+) + diff --git a/build/linux/linux.gni b/build/linux/linux.gni -index 65cc9df..19adbfb 100644 +index 45860fa..b010254 100644 --- a/build/linux/linux.gni +++ b/build/linux/linux.gni @@ -60,6 +60,7 @@ template("linux_kernel") { @@ -16,6 +25,6 @@ index 65cc9df..19adbfb 100644 "LLVM_IAS=1", "CROSS_COMPILE=aarch64-linux-gnu-", + "HOSTLDFLAGS=" + getenv("BUILD_LDFLAGS"), - + # Build out-of-tree in `target_out_dir`. "O=" + rebase_path(target_out_dir), diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/native-dtc.patch b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/native-dtc.patch deleted file mode 100644 index 840c0bc98b..0000000000 --- a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/native-dtc.patch +++ /dev/null @@ -1,16 +0,0 @@ -Use our dtc tools instead of the prebuilt (x86-64-only) binaries. - -Upstream-Status: Pending [part of a larger effort to remove prebuilt] -Signed-off-by: Ross Burton <ross.burton@arm.com> - -diff --git a/build/image/dtc.py b/build/image/dtc.py -index d077818..1513120 100755 ---- a/build/image/dtc.py -+++ b/build/image/dtc.py -@@ -16,4 +16,2 @@ import sys --HF_ROOT = os.path.dirname(os.path.dirname(os.path.dirname(__file__))) --DTC_ROOT = os.path.join(HF_ROOT, "prebuilts", "linux-x64", "dtc") --DTC = os.path.join(DTC_ROOT, "dtc") --FDTOVERLAY = os.path.join(DTC_ROOT, "fdtoverlay") -+DTC = "dtc" -+FDTOVERLAY = "fdtoverlay" diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/pkg-config-native.patch b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/pkg-config-native.patch index bc03195602..40129acf08 100644 --- a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/pkg-config-native.patch +++ b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/pkg-config-native.patch @@ -1,20 +1,29 @@ -Use pkg-config-native to find the libssl headers. +From b0405e0e25740ca0ea8b75d9b3b4f35b39d82e0e Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Sat, 17 Jul 2021 14:38:02 -0500 +Subject: [PATCH] Use pkg-config-native to find the libssl headers. Upstream-Status: Inappropriate Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + scripts/Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/Makefile b/scripts/Makefile -index b4b7d8b58..26a5160ee 100644 ---- a/third_party/linux/scripts/Makefile -+++ b/third_party/linux/scripts/Makefile -@@ -10,8 +10,8 @@ - - HOST_EXTRACFLAGS += -I$(srctree)/tools/include - +index 9adb6d247..5fe371c7d 100644 +--- a/scripts/Makefile ++++ b/scripts/Makefile +@@ -3,8 +3,8 @@ + # scripts contains sources for various helper programs used throughout + # the kernel for the build process. + -CRYPTO_LIBS = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto) -CRYPTO_CFLAGS = $(shell pkg-config --cflags libcrypto 2> /dev/null) +CRYPTO_LIBS = $(shell pkg-config-native --libs libcrypto 2> /dev/null || echo -lcrypto) +CRYPTO_CFLAGS = $(shell pkg-config-native --cflags libcrypto 2> /dev/null) + + hostprogs-always-$(CONFIG_BUILD_BIN2C) += bin2c + hostprogs-always-$(CONFIG_KALLSYMS) += kallsyms +-- +2.30.2 - hostprogs-$(CONFIG_BUILD_BIN2C) += bin2c - hostprogs-$(CONFIG_KALLSYMS) += kallsyms diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.6.bb b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.7.bb index ae89e8d9e8..0c4e294192 100644 --- a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.6.bb +++ b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.7.bb @@ -7,14 +7,19 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=782b40c14bad5294672c500501edc103" PACKAGE_ARCH = "${MACHINE_ARCH}" -inherit deploy python3native pkgconfig + +CLANGNATIVE = "" +CLANGNATIVE:runtime-llvm = "clang-native" + +inherit deploy python3native pkgconfig ${CLANGNATIVE} SRC_URI = "gitsm://git.trustedfirmware.org/hafnium/hafnium.git;protocol=https;branch=master \ file://0001-define-_Noreturn-if-needed.patch \ file://host-ld.patch \ - file://pkg-config-native.patch \ - file://native-dtc.patch" -SRCREV = "55b74f893948dd08d2782dd8fa9e903c143a6704" + file://pkg-config-native.patch;patchdir=third_party/linux \ + file://0001-Fix-build-with-clang-15.patch \ + " +SRCREV = "79e9522d26fc2a88a44af149034acc27312b73a1" S = "${WORKDIR}/git" B = "${WORKDIR}/build" @@ -72,3 +77,5 @@ python() { if d.getVar("BUILD_ARCH") != "x86_64": raise bb.parse.SkipRecipe("Cannot be built on non-x86-64 hosts") } + +EXCLUDE_FROM_WORLD = "1" diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb index bda27713db..c10efd5a62 100644 --- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb +++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb @@ -16,20 +16,23 @@ LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \ file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8" SRC_URI = "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https;branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \ - git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https;branch=release/1.6.x;name=tfm-tests;destsuffix=git/tf-m-tests \ - git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=master;name=mbedtls;destsuffix=git/mbedtls \ - git://github.com/mcu-tools/mcuboot.git;protocol=https;branch=main;name=mcuboot;destsuffix=git/mcuboot \ + git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https;branch=${SRCBRANCH_tfm-tests};name=tfm-tests;destsuffix=git/tf-m-tests \ + git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=${SRCBRANCH_mbedtls};name=mbedtls;destsuffix=git/mbedtls \ + git://github.com/mcu-tools/mcuboot.git;protocol=https;branch=${SRCBRANCH_mcuboot};name=mcuboot;destsuffix=git/mcuboot \ " # The required dependencies are documented in tf-m/config/config_default.cmake # TF-Mv1.6.0 -SRCBRANCH_tfm = "release/1.6.x" +SRCBRANCH_tfm ?= "release/1.6.x" SRCREV_tfm = "7387d88158701a3c51ad51c90a05326ee12847a8" # mbedtls-3.1.0 +SRCBRANCH_mbedtls ?= "master" SRCREV_mbedtls = "d65aeb37349ad1a50e0f6c9b694d4b5290d60e49" # TF-Mv1.6.0 +SRCBRANCH_tfm-tests ?= "release/1.6.x" SRCREV_tfm-tests = "723905d46019596f3f2df66d79b5d6bff6f3f213" # v1.9.0 +SRCBRANCH_mcuboot ?= "main" SRCREV_mcuboot = "c657cbea75f2bb1faf1fceacf972a0537a8d26dd" UPSTREAM_CHECK_GITTAGREGEX = "^TF-Mv(?P<pver>\d+(\.\d+)+)$" diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware.inc b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware.inc index e0dfa28b22..c9f1f1da07 100644 --- a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware.inc +++ b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware.inc @@ -81,7 +81,7 @@ export CLANG38_ARM_PREFIX = "${TARGET_PREFIX}" TOOLCHAIN:arm = "gcc" do_configure:prepend() { - sed -i -e "s#-target ${HOST_ARCH}-linux-gnu*#-target ${HOST_SYS}#" ${S}/BaseTools/Conf/tools_def.template + sed -i -e "s#-target ${HOST_ARCH}-linux-gnu.*#-target ${HOST_SYS}#" ${S}/BaseTools/Conf/tools_def.template } do_compile() { diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/files/unaligned.patch b/meta-arm/meta-arm/recipes-bsp/uefi/files/unaligned.patch index fa13956feb..783b764439 100644 --- a/meta-arm/meta-arm/recipes-bsp/uefi/files/unaligned.patch +++ b/meta-arm/meta-arm/recipes-bsp/uefi/files/unaligned.patch @@ -1,4 +1,8 @@ -Latest clang is causing build failures because -Werror is used: +From 17f490101f51b03c1ffc7151cc35e9fbd42b6060 Mon Sep 17 00:00:00 2001 +From: Ross Burton <ross.burton@arm.com> +Date: Tue, 22 Feb 2022 10:38:13 +0000 +Subject: [PATCH] Latest clang is causing build failures because -Werror is + used edk2/MdeModulePkg/Include/Guid/ExtendedFirmwarePerformance.h:78:47: error: field Guid within 'FPDT_GUID_EVENT_RECORD' is less aligned than 'EFI_GUID' @@ -11,11 +15,20 @@ This has been reported upstream[1] so until this is resolved, ignore the warning Upstream-Status: Pending Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + BaseTools/Conf/tools_def.template | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template -index f2bb6247e8..ca2b449f0a 100755 +index 5ed19810b7..9b4f173519 100755 --- a/BaseTools/Conf/tools_def.template +++ b/BaseTools/Conf/tools_def.template -@@ -2570 +2570 @@ DEFINE CLANG38_X64_TARGET = -target x86_64-pc-linux-gnu +@@ -2548,7 +2548,7 @@ DEFINE CLANG38_X64_PREFIX = ENV(CLANG38_BIN) + DEFINE CLANG38_IA32_TARGET = -target i686-pc-linux-gnu
+ DEFINE CLANG38_X64_TARGET = -target x86_64-pc-linux-gnu
+
-DEFINE CLANG38_WARNING_OVERRIDES = -Wno-parentheses-equality -Wno-tautological-compare -Wno-tautological-constant-out-of-range-compare -Wno-empty-body -Wno-unused-const-variable -Wno-varargs -Wno-unknown-warning-option -Wno-unused-but-set-variable -Wno-unused-const-variable
-+DEFINE CLANG38_WARNING_OVERRIDES = -Wno-parentheses-equality -Wno-tautological-compare -Wno-tautological-constant-out-of-range-compare -Wno-empty-body -Wno-unused-const-variable -Wno-varargs -Wno-unknown-warning-option -Wno-unused-but-set-variable -Wno-unused-const-variable -Wno-error=unaligned-access
++DEFINE CLANG38_WARNING_OVERRIDES = -Wno-parentheses-equality -Wno-tautological-compare -Wno-tautological-constant-out-of-range-compare -Wno-empty-body -Wno-unused-const-variable -Wno-varargs -Wno-unknown-warning-option -Wno-unused-but-set-variable -Wno-unused-const-variable -Wno-error=unaligned-access -Wno-unused-command-line-argument
+ DEFINE CLANG38_ALL_CC_FLAGS = DEF(GCC48_ALL_CC_FLAGS) DEF(CLANG38_WARNING_OVERRIDES) -fno-stack-protector -mms-bitfields -Wno-address -Wno-shift-negative-value -Wno-unknown-pragmas -Wno-incompatible-library-redeclaration -fno-asynchronous-unwind-tables -mno-sse -mno-mmx -msoft-float -mno-implicit-float -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang -funsigned-char -fno-ms-extensions -Wno-null-dereference
+
+ ###########################
diff --git a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.18.16.bb b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.19.14.bb index e8704c2f73..3ef089121e 100644 --- a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.18.16.bb +++ b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.19.14.bb @@ -5,6 +5,6 @@ LIC_FILES_CHKSUM = "file://license_terms/license_agreement.txt;md5=1a33828e132ba file://license_terms/third_party_licenses/third_party_licenses.txt;md5=34a1ba318d745f05e6197def68ea5411 \ file://license_terms/third_party_licenses/arm_license_management_utilities/third_party_licenses.txt;md5=2e53bda6ff2db4c35d69944b93926c9f" -SRC_URI[sha256sum] = "a7a5ee0b7f3b84a2e98e136a6f3ab648e4b6b5ad365186a397595f3f7c69f558" +SRC_URI[sha256sum] = "788ede659414af36a2d09489e400c4d822c859b726565f1f171bc3102a9413d0" MODEL_CODE = "FVP_Base_AEMv8R" diff --git a/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb b/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb new file mode 100644 index 0000000000..453d456abf --- /dev/null +++ b/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb @@ -0,0 +1,24 @@ + +SRC_URI = "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https;branch=${SRCBRANCH}" +# Use the wrapper script from TF-Mv1.6.0 +SRCBRANCH ?= "release/1.6.x" +SRCREV = "7387d88158701a3c51ad51c90a05326ee12847a8" + +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa" + +S = "${WORKDIR}/git" + +inherit native + +RDEPENDS:${PN} = "python3-imgtool-native python3-click-native" + +do_configure[noexec] = "1" +do_compile[noexec] = "1" + +do_install() { + install -d ${D}/${libdir} + cp -rf ${S}/bl2/ext/mcuboot/scripts/ ${D}/${libdir}/tfm-scripts + cp -rf ${S}/bl2/ext/mcuboot/*.pem ${D}/${libdir}/tfm-scripts +} +FILES:${PN} = "${libdir}/tfm-scripts" diff --git a/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/ffa-debugfs-mod_2.1.0.bb b/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/ffa-debugfs-mod_2.1.0.bb deleted file mode 100644 index 4051c3455f..0000000000 --- a/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/ffa-debugfs-mod_2.1.0.bb +++ /dev/null @@ -1,39 +0,0 @@ -SUMMARY = "FF-A Debugfs Linux kernel module" -DESCRIPTION = "This out-of-tree kernel module exposes FF-A operations to user space \ -used for development purposes" -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://arm_ffa_user.c;beginline=1;endline=1;md5=fcab174c20ea2e2bc0be64b493708266" - -SRC_URI = "git://git.gitlab.arm.com/linux-arm/linux-trusted-services.git;branch=main;protocol=https" - -# ffa-debugfs v2.1.0 -SRCREV = "77967912d033144aff2695cecbd52d3be450deaa" - -S = "${WORKDIR}/git" - -inherit module - -SRC_URI:append = " \ - file://0001-build-add-Yocto-support.patch \ - file://0002-script-loading-the-driver-in-a-generic-way.patch \ - " - -FILES:${PN} += "${bindir}/load_ffa_debugfs.sh" -FILES:${PN}-dev += "${includedir}/arm_ffa_user.h" - -do_install:append() { - install -D -p -m 0755 ${B}/load_ffa_debugfs.sh ${D}/${bindir}/load_ffa_debugfs.sh - install -m 0644 ${S}/arm_ffa_user.h ${D}/${includedir}/arm_ffa_user.h -} - -COMPATIBLE_HOST = "(arm|aarch64).*-linux" - -# Kernel modules currently RDEPEND on the kernel, which is troublesome when you want to put a -# kernel module into a initramfs without pulling the kernel into the initramfs, which would be -# silly. Until this is a recommends the easiest way to handle this is to remove the dependency -# in this recipe. -PACKAGESPLITFUNCS:append = " remove_kernel_dependency" -python remove_kernel_dependency() { - key = "RDEPENDS:kernel-module-arm-ffa-user-" + d.getVar("KERNEL_VERSION") - d.delVar(key) -} diff --git a/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/files/0001-build-add-Yocto-support.patch b/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/files/0001-build-add-Yocto-support.patch deleted file mode 100644 index 5d7e977004..0000000000 --- a/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/files/0001-build-add-Yocto-support.patch +++ /dev/null @@ -1,79 +0,0 @@ -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Arpita S.K <arpita.s.k@arm.com> - -From 8a7bea4e7d08395036ffc2fde57c4fb44315e181 Mon Sep 17 00:00:00 2001 -From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> -Date: Mon, 25 Oct 2021 13:12:11 +0100 -Subject: [PATCH 1/2] build: add Yocto support - -This commit allows to build the driver under Yocto - -Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> ---- - Kbuild | 4 ---- - Makefile | 40 +++++++++++----------------------------- - 2 files changed, 11 insertions(+), 33 deletions(-) - delete mode 100644 Kbuild - -diff --git a/Kbuild b/Kbuild -deleted file mode 100644 -index 330b019..0000000 ---- a/Kbuild -+++ /dev/null -@@ -1,4 +0,0 @@ --# SPDX-License-Identifier: GPL-2.0-only -- --arm-ffa-user-objs := arm_ffa_user.o --obj-m := arm-ffa-user.o -diff --git a/Makefile b/Makefile -index 62dbfb1..90dfaef 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,33 +1,15 @@ --# SPDX-License-Identifier: GPL-2.0-only -+arm-ffa-user-objs := arm_ffa_user.o -+obj-m := arm-ffa-user.o - --ARCH := arm64 --CROSS_COMPILE ?= aarch64-linux-gnu- -+SRC := $(shell pwd) - --ROOT ?= $(CURDIR)/.. --KDIR ?= $(ROOT)/linux --TARGET_DIR ?= $(ROOT)/shared --BUILD_DIR ?= $(CURDIR)/build --BUILD_DIR_MAKEFILE ?= $(BUILD_DIR)/Makefile -+all: -+ $(MAKE) -C $(KERNEL_SRC) M=$(SRC) - --all: module -+modules_install: -+ $(MAKE) -C $(KERNEL_SRC) M=$(SRC) modules_install - --clean: module-clean -- --install: all -- cp $(BUILD_DIR)/arm-ffa-user.ko $(TARGET_DIR)/ -- cp load_module.sh $(TARGET_DIR)/ -- --module: $(BUILD_DIR_MAKEFILE) -- $(MAKE) -C $(KDIR) M=$(BUILD_DIR) src=$(CURDIR) modules \ -- ARCH=$(ARCH) CROSS_COMPILE="$(CROSS_COMPILE)" -- --module-clean: -- $(MAKE) -C $(KDIR) M=$(BUILD_DIR) src=$(CURDIR) clean \ -- ARCH=$(ARCH) CROSS_COMPILE="$(CROSS_COMPILE)" -- rm $(BUILD_DIR_MAKEFILE) -- --$(BUILD_DIR): -- mkdir -p "$@" -- --$(BUILD_DIR_MAKEFILE): $(BUILD_DIR) -- touch "$@" -+clean: -+ rm -f *.o *~ core .depend .*.cmd *.ko *.mod.c -+ rm -f Module.markers Module.symvers modules.order -+ rm -rf .tmp_versions Modules.symvers --- -2.17.1 - diff --git a/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/files/0002-script-loading-the-driver-in-a-generic-way.patch b/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/files/0002-script-loading-the-driver-in-a-generic-way.patch deleted file mode 100644 index e2469d90d9..0000000000 --- a/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/files/0002-script-loading-the-driver-in-a-generic-way.patch +++ /dev/null @@ -1,46 +0,0 @@ -Upstream-Status: Pending [Not submitted to upstream yet] -Signed-off-by: Arpita S.K <arpita.s.k@arm.com> - -From e5d9dfa703a5a57e535b5dab4eda47a9707972d3 Mon Sep 17 00:00:00 2001 -From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> -Date: Mon, 25 Oct 2021 12:51:37 +0100 -Subject: [PATCH 2/2] script: loading the driver in a generic way - -Use the kernel module from the modules path. - -Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com> ---- - load_module.sh => load_ffa_debugfs.sh | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - rename load_module.sh => load_ffa_debugfs.sh (50%) - mode change 100755 => 100644 - -diff --git a/load_module.sh b/load_ffa_debugfs.sh -old mode 100755 -new mode 100644 -similarity index 50% -rename from load_module.sh -rename to load_ffa_debugfs.sh -index 2137245..4f31ff3 ---- a/load_module.sh -+++ b/load_ffa_debugfs.sh -@@ -1,10 +1,14 @@ - #!/bin/sh -+# -+# Use: -+# load_ffa_debugfs.sh <folder containing sp_uuid_list.txt> -+# - --[ ! -f $(dirname "$0")/sp_uuid_list.txt ] && \ -+[ ! -f "$1"/sp_uuid_list.txt ] && \ - { echo "Error: missing SP UUID list"; exit 1; } - - if ! grep -qs 'arm-ffa-user' /proc/modules; then -- insmod $(dirname "$0")/arm-ffa-user.ko uuid_str_list=$(cat $(dirname "$0")/sp_uuid_list.txt) -+ insmod /lib/modules/$(uname -r)/extra/arm-ffa-user.ko uuid_str_list=$(cat "$1"/sp_uuid_list.txt) - fi - - if ! grep -qs 'debugfs' /proc/mounts; then --- -2.17.1 - diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_5.19%.bbappend b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_5.19%.bbappend new file mode 100644 index 0000000000..7dec2f5c9f --- /dev/null +++ b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_5.19%.bbappend @@ -0,0 +1,9 @@ +# enable arm_ffa regardless on 5.19 +SRC_URI:append:qemuarm = " \ + file://tee.cfg \ + file://arm-ffa-transport.cfg \ +" +SRC_URI:append:qemuarm64 = " \ + file://tee.cfg \ + file://arm-ffa-transport.cfg \ +" diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb deleted file mode 100644 index f2b5f7ddc6..0000000000 --- a/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb +++ /dev/null @@ -1,4 +0,0 @@ -require optee-examples.inc - -SRCREV = "e9c870525af8f7e7fccf575a0ca5394ce55adcec" - diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb deleted file mode 100644 index 0d37a528f2..0000000000 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb +++ /dev/null @@ -1,20 +0,0 @@ -FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:" -require optee-os_3.14.0.bb - -SUMMARY = "OP-TEE Trusted OS TA devkit" -DESCRIPTION = "OP-TEE TA devkit for build TAs" -HOMEPAGE = "https://www.op-tee.org/" - -do_install() { - #install TA devkit - install -d ${D}${includedir}/optee/export-user_ta/ - for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do - cp -aR $f ${D}${includedir}/optee/export-user_ta/ - done -} - -do_deploy() { - echo "Do not inherit do_deploy from optee-os." -} - -FILES:${PN} = "${includedir}/optee/" diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-core-Define-section-attributes-for-clang.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-core-Define-section-attributes-for-clang.patch index db88e7f0fc..a69d77761d 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-core-Define-section-attributes-for-clang.patch +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-core-Define-section-attributes-for-clang.patch @@ -37,11 +37,9 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com> core/kernel/thread.c | 13 +++++++++++- 4 files changed, 71 insertions(+), 8 deletions(-) -diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c -index f083b159e..432983c86 100644 --- a/core/arch/arm/kernel/thread.c +++ b/core/arch/arm/kernel/thread.c -@@ -44,15 +44,30 @@ static size_t thread_user_kcode_size __nex_bss; +@@ -44,16 +44,31 @@ static size_t thread_user_kcode_size __n #if defined(CFG_CORE_UNMAP_CORE_AT_EL0) && \ defined(CFG_CORE_WORKAROUND_SPECTRE_BP_SEC) && defined(ARM64) long thread_user_kdata_sp_offset __nex_bss; @@ -64,21 +62,20 @@ index f083b159e..432983c86 100644 - __section(".nex_nozi.kdata_page"); + __section(".nex_nozi.kdata_page") #endif -+#endif + #endif + ; +#endif + +/* reset BSS section to default ( .bss ) */ +#ifdef __clang__ +#pragma clang section bss="" - #endif ++#endif #ifdef ARM32 -diff --git a/core/arch/arm/mm/core_mmu_lpae.c b/core/arch/arm/mm/core_mmu_lpae.c -index 19cd7b61b..78f5910c5 100644 + uint32_t __nostackcheck thread_get_exceptions(void) --- a/core/arch/arm/mm/core_mmu_lpae.c +++ b/core/arch/arm/mm/core_mmu_lpae.c -@@ -230,19 +230,46 @@ typedef uint16_t l1_idx_t; +@@ -233,19 +233,46 @@ typedef uint16_t l1_idx_t; typedef uint64_t base_xlat_tbls_t[CFG_TEE_CORE_NB_CORE][NUM_BASE_LEVEL_ENTRIES]; typedef uint64_t xlat_tbl_t[XLAT_TABLE_ENTRIES]; @@ -129,8 +126,6 @@ index 19cd7b61b..78f5910c5 100644 /* * TAs page table entry inside a level 1 page table. * -diff --git a/core/arch/arm/mm/pgt_cache.c b/core/arch/arm/mm/pgt_cache.c -index d658b3e68..6c36706c0 100644 --- a/core/arch/arm/mm/pgt_cache.c +++ b/core/arch/arm/mm/pgt_cache.c @@ -104,8 +104,18 @@ void pgt_init(void) @@ -153,11 +148,9 @@ index d658b3e68..6c36706c0 100644 size_t n; for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) { -diff --git a/core/kernel/thread.c b/core/kernel/thread.c -index 18d34e6ad..086129e28 100644 --- a/core/kernel/thread.c +++ b/core/kernel/thread.c -@@ -37,13 +37,24 @@ struct thread_core_local thread_core_local[CFG_TEE_CORE_NB_CORE] __nex_bss; +@@ -37,13 +37,24 @@ struct thread_core_local thread_core_loc name[stack_num][sizeof(name[stack_num]) / sizeof(uint32_t) - 1] #endif @@ -183,6 +176,55 @@ index 18d34e6ad..086129e28 100644 #define GET_STACK(stack) ((vaddr_t)(stack) + STACK_SIZE(stack)) DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE, --- -2.37.2 - +--- a/core/arch/arm/mm/core_mmu_v7.c ++++ b/core/arch/arm/mm/core_mmu_v7.c +@@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_EN + typedef uint32_t l2_xlat_tbl_t[NUM_L2_ENTRIES]; + typedef uint32_t ul1_xlat_tbl_t[NUM_UL1_ENTRIES]; + ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.l1" ++#endif + static l1_xlat_tbl_t main_mmu_l1_ttb +- __aligned(L1_ALIGNMENT) __section(".nozi.mmu.l1"); ++ __aligned(L1_ALIGNMENT) ++#ifndef __clang__ ++ __section(".nozi.mmu.l1") ++#endif ++; ++#ifdef __clang__ ++#pragma clang section bss="" ++#endif + + /* L2 MMU tables */ ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.l2" ++#endif + static l2_xlat_tbl_t main_mmu_l2_ttb[MAX_XLAT_TABLES] +- __aligned(L2_ALIGNMENT) __section(".nozi.mmu.l2"); ++ __aligned(L2_ALIGNMENT) ++#ifndef __clang__ ++ __section(".nozi.mmu.l2") ++#endif ++; ++#ifdef __clang__ ++#pragma clang section bss="" ++#endif + + /* MMU L1 table for TAs, one for each thread */ ++#ifdef __clang__ ++#pragma clang section bss=".nozi.mmu.ul1" ++#endif + static ul1_xlat_tbl_t main_mmu_ul1_ttb[CFG_NUM_THREADS] +- __aligned(UL1_ALIGNMENT) __section(".nozi.mmu.ul1"); ++ __aligned(UL1_ALIGNMENT) ++#ifndef __clang__ ++ __section(".nozi.mmu.ul1") ++#endif ++; ++#ifdef __clang__ ++#pragma clang section bss="" ++#endif + + struct mmu_partition { + l1_xlat_tbl_t *l1_table; diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch index 17005396d4..ab4a6dbc0a 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch @@ -1,4 +1,4 @@ -From 0bab935695ebcf0c533b49896ab18ff33d4a47d1 Mon Sep 17 00:00:00 2001 +From 528aeb42652a3159c1bfd51d6c1442c3ff27b84c Mon Sep 17 00:00:00 2001 From: Ross Burton <ross.burton@arm.com> Date: Tue, 26 May 2020 14:38:02 -0500 Subject: [PATCH] allow setting sysroot for libgcc lookup @@ -9,6 +9,7 @@ otherwise. Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188] Signed-off-by: Ross Burton <ross.burton@arm.com> + --- mk/gcc.mk | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch index 5c0d0a5659..067ba6ebfb 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch @@ -1,4 +1,4 @@ -From 3167f2c0dba4db59d61b60a8fe66f969d20aafa9 Mon Sep 17 00:00:00 2001 +From db9e44af75c7cfd3316cab15aaa387383df3e57e Mon Sep 17 00:00:00 2001 From: Brett Warren <brett.warren@arm.com> Date: Wed, 23 Sep 2020 09:27:34 +0100 Subject: [PATCH] optee: enable clang support @@ -10,12 +10,13 @@ compiler-rt. This is mitigated by including the variable as ammended. Upstream-Status: Pending ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701 Signed-off-by: Brett Warren <brett.warren@arm.com> + --- mk/clang.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mk/clang.mk b/mk/clang.mk -index 0f48c836..47465523 100644 +index c141a3f2..7d067cc0 100644 --- a/mk/clang.mk +++ b/mk/clang.mk @@ -27,7 +27,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \ diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch index 1dd70b3129..6d48a7601b 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch @@ -1,11 +1,11 @@ -Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> -Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474] - -From 0b8a917fa51a366806edc0f04b88cd23b24098c4 Mon Sep 17 00:00:00 2001 +From cf2a2451f4e9300532d677bb3a8315494a3b3a82 Mon Sep 17 00:00:00 2001 From: Jerome Forissier <jerome.forissier@linaro.org> Date: Fri, 5 Aug 2022 09:48:03 +0200 Subject: [PATCH] core: link: add --no-warn-rwx-segments +Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> +Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474] + binutils ld.bfd generates one RWX LOAD segment by merging several sections with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it also warns by default when that happens [1], which breaks the build due to @@ -18,12 +18,13 @@ Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448 Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com> Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> + --- core/arch/arm/kernel/link.mk | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk -index 7eed333a32..c39d43cbfc 100644 +index 7eed333a..c39d43cb 100644 --- a/core/arch/arm/kernel/link.mk +++ b/core/arch/arm/kernel/link.mk @@ -31,6 +31,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.18/0009-add-z-execstack.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0009-add-z-execstack.patch index 5463a345c9..3ba6c4ef38 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.18/0009-add-z-execstack.patch +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0009-add-z-execstack.patch @@ -1,4 +1,4 @@ -From a9d099d17ef0af6deac4c3b4d15ad0555d258ec8 Mon Sep 17 00:00:00 2001 +From ea932656461865ab9ac4036245c756c082aeb3e1 Mon Sep 17 00:00:00 2001 From: Jerome Forissier <jerome.forissier@linaro.org> Date: Tue, 23 Aug 2022 11:41:00 +0000 Subject: [PATCH] core, ldelf: link: add -z execstack @@ -22,6 +22,10 @@ Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] --- + core/arch/arm/kernel/link.mk | 13 +++++++++---- + ldelf/link.mk | 3 +++ + 2 files changed, 12 insertions(+), 4 deletions(-) + diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk index c39d43cb..0e96e606 100644 --- a/core/arch/arm/kernel/link.mk diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.18/0010-add-note-GNU-stack-section.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0010-add-note-GNU-stack-section.patch index 95d5e676a6..4ea65d88cc 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.18/0010-add-note-GNU-stack-section.patch +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0010-add-note-GNU-stack-section.patch @@ -1,4 +1,4 @@ -From 38bf606653ee08b10db6bb298e369cb3a9cdcda9 Mon Sep 17 00:00:00 2001 +From ec30e84671aac9a2e9549754eb7bc6201728db4c Mon Sep 17 00:00:00 2001 From: Jerome Forissier <jerome.forissier@linaro.org> Date: Tue, 23 Aug 2022 12:31:46 +0000 Subject: [PATCH] arm32: libutils, libutee, ta: add .note.GNU-stack section to diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0009-add-z-execstack.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0009-add-z-execstack.patch deleted file mode 100644 index 616a0fff5a..0000000000 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0009-add-z-execstack.patch +++ /dev/null @@ -1,95 +0,0 @@ -From cb4349edce6ce360436f10da8b6aa32e68fb778d Mon Sep 17 00:00:00 2001 -From: Jerome Forissier <jerome.forissier@linaro.org> -Date: Tue, 23 Aug 2022 11:41:00 +0000 -Subject: [PATCH] core, ldelf: link: add -z execstack - -When building for arm32 with GNU binutils 2.39, the linker outputs -warnings when generating some TEE core binaries (all_obj.o, init.o, -unpaged.o and tee.elf) as well as ldelf.elf: - - arm-poky-linux-gnueabi-ld.bfd: warning: atomic_a32.o: missing .note.GNU-stack section implies executable stack - arm-poky-linux-gnueabi-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker - -The permissions used when mapping the TEE core stacks do not depend on -any metadata found in the ELF file. Similarly when the TEE core loads -ldelf it already creates a non-executable stack regardless of ELF -information. Therefore we can safely ignore the warnings. This is done -by adding the '-z execstack' option. - -Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> - -Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> -Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] - ---- - core/arch/arm/kernel/link.mk | 13 +++++++++---- - ldelf/link.mk | 4 ++++ - 2 files changed, 13 insertions(+), 4 deletions(-) - -diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk -index 3dc459d6..85cde58e 100644 ---- a/core/arch/arm/kernel/link.mk -+++ b/core/arch/arm/kernel/link.mk -@@ -9,6 +9,11 @@ link-script-dep = $(link-out-dir)/.kern.ld.d - - AWK = awk - -+link-ldflags-common += $(call ld-option,--no-warn-rwx-segments) -+ifeq ($(CFG_ARM32_core),y) -+link-ldflags-common += $(call ld-option,--no-warn-execstack) -+endif -+ - link-ldflags = $(LDFLAGS) - ifeq ($(CFG_CORE_ASLR),y) - link-ldflags += -pie -Bsymbolic -z notext -z norelro $(ldflag-apply-dynamic-relocs) -@@ -17,7 +22,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map - link-ldflags += --sort-section=alignment - link-ldflags += --fatal-warnings - link-ldflags += --gc-sections --link-ldflags += $(call ld-option,--no-warn-rwx-segments) -+link-ldflags += $(link-ldflags-common) - - link-ldadd = $(LDADD) - link-ldadd += $(ldflags-external) -@@ -39,7 +44,7 @@ link-script-cppflags := \ - $(cppflagscore)) - - ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \ -- $(call ld-option,--no-warn-rwx-segments) \ -+ $(link-ldflags-common) \ - $(link-objs) $(link-ldadd) $(libgcccore) - cleanfiles += $(link-out-dir)/all_objs.o - $(link-out-dir)/all_objs.o: $(objs) $(libdeps) $(MAKEFILE_LIST) -@@ -53,7 +58,7 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o - $(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@ - - unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ -- $(call ld-option,--no-warn-rwx-segments) -+ $(link-ldflags-common) - unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore) - cleanfiles += $(link-out-dir)/unpaged.o - $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt -@@ -82,7 +87,7 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o - $(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@ - - init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \ -- $(call ld-option,--no-warn-rwx-segments) -+ $(link-ldflags-common) - init-ldadd := $(link-objs-init) $(link-out-dir)/version.o $(link-ldadd) \ - $(libgcccore) - cleanfiles += $(link-out-dir)/init.o -diff --git a/ldelf/link.mk b/ldelf/link.mk -index 8fafc879..d8a05ea6 100644 ---- a/ldelf/link.mk -+++ b/ldelf/link.mk -@@ -19,6 +19,10 @@ link-ldflags += --sort-section=alignment - link-ldflags += -z max-page-size=4096 # OP-TEE always uses 4K alignment - link-ldflags += $(link-ldflags$(sm)) - -+ifeq ($(CFG_ARM32_$(sm)), y) -+link-ldflags += $(call ld-option,--no-warn-execstack) -+endif -+ - link-ldadd = $(addprefix -L,$(libdirs)) - link-ldadd += --start-group $(addprefix -l,$(libnames)) --end-group - ldargs-ldelf.elf := $(link-ldflags) $(objs) $(link-ldadd) $(libgcc$(sm)) diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0010-add-note-GNU-stack-section.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0010-add-note-GNU-stack-section.patch deleted file mode 100644 index c0330b9fc8..0000000000 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0010-add-note-GNU-stack-section.patch +++ /dev/null @@ -1,128 +0,0 @@ -From f99a0278ad5e26772b3dcf8c74b5bf986ecfbe1e Mon Sep 17 00:00:00 2001 -From: Jerome Forissier <jerome.forissier@linaro.org> -Date: Tue, 23 Aug 2022 12:31:46 +0000 -Subject: [PATCH] arm32: libutils, libutee, ta: add .note.GNU-stack section to - - .S files - -When building for arm32 with GNU binutils 2.39, the linker outputs -warnings when linking Trusted Applications: - - arm-unknown-linux-uclibcgnueabihf-ld.bfd: warning: utee_syscalls_a32.o: missing .note.GNU-stack section implies executable stack - arm-unknown-linux-uclibcgnueabihf-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker - -We could silence the warning by adding the '-z execstack' option to the -TA link flags, like we did in the parent commit for the TEE core and -ldelf. Indeed, ldelf always allocates a non-executable piece of memory -for the TA to use as a stack. - -However it seems preferable to comply with the common ELF practices in -this case. A better fix is therefore to add the missing .note.GNU-stack -sections in the assembler files. - -Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> - -Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> -Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499] - ---- - lib/libutee/arch/arm/utee_syscalls_a32.S | 2 ++ - lib/libutils/ext/arch/arm/atomic_a32.S | 2 ++ - lib/libutils/ext/arch/arm/mcount_a32.S | 2 ++ - lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S | 2 ++ - lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S | 2 ++ - lib/libutils/isoc/arch/arm/setjmp_a32.S | 2 ++ - ta/arch/arm/ta_entry_a32.S | 2 ++ - 7 files changed, 14 insertions(+) - -diff --git a/lib/libutee/arch/arm/utee_syscalls_a32.S b/lib/libutee/arch/arm/utee_syscalls_a32.S -index 6e621ca6..af405f62 100644 ---- a/lib/libutee/arch/arm/utee_syscalls_a32.S -+++ b/lib/libutee/arch/arm/utee_syscalls_a32.S -@@ -7,6 +7,8 @@ - #include <tee_syscall_numbers.h> - #include <asm.S> - -+ .section .note.GNU-stack,"",%progbits -+ - .section .text - .balign 4 - .code 32 -diff --git a/lib/libutils/ext/arch/arm/atomic_a32.S b/lib/libutils/ext/arch/arm/atomic_a32.S -index eaef6914..2be73ffa 100644 ---- a/lib/libutils/ext/arch/arm/atomic_a32.S -+++ b/lib/libutils/ext/arch/arm/atomic_a32.S -@@ -5,6 +5,8 @@ - - #include <asm.S> - -+ .section .note.GNU-stack,"",%progbits -+ - /* uint32_t atomic_inc32(uint32_t *v); */ - FUNC atomic_inc32 , : - ldrex r1, [r0] -diff --git a/lib/libutils/ext/arch/arm/mcount_a32.S b/lib/libutils/ext/arch/arm/mcount_a32.S -index 51439a23..54dc3c02 100644 ---- a/lib/libutils/ext/arch/arm/mcount_a32.S -+++ b/lib/libutils/ext/arch/arm/mcount_a32.S -@@ -7,6 +7,8 @@ - - #if defined(CFG_TA_GPROF_SUPPORT) || defined(CFG_FTRACE_SUPPORT) - -+ .section .note.GNU-stack,"",%progbits -+ - /* - * Convert return address to call site address by subtracting the size of the - * mcount call instruction (blx __gnu_mcount_nc). -diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S -index a600c879..37ae9ec6 100644 ---- a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S -+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S -@@ -5,6 +5,8 @@ - - #include <asm.S> - -+ .section .note.GNU-stack,"",%progbits -+ - /* - * signed ret_idivmod_values(signed quot, signed rem); - * return quotient and remaining the EABI way (regs r0,r1) -diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S -index 2dc50bc9..5c3353e2 100644 ---- a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S -+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S -@@ -5,6 +5,8 @@ - - #include <asm.S> - -+ .section .note.GNU-stack,"",%progbits -+ - /* - * __value_in_regs lldiv_t __aeabi_ldivmod( long long n, long long d) - */ -diff --git a/lib/libutils/isoc/arch/arm/setjmp_a32.S b/lib/libutils/isoc/arch/arm/setjmp_a32.S -index 43ea5937..f8a0b70d 100644 ---- a/lib/libutils/isoc/arch/arm/setjmp_a32.S -+++ b/lib/libutils/isoc/arch/arm/setjmp_a32.S -@@ -51,6 +51,8 @@ - #define SIZE(x) - #endif - -+ .section .note.GNU-stack,"",%progbits -+ - /* Arm/Thumb interworking support: - - The interworking scheme expects functions to use a BX instruction -diff --git a/ta/arch/arm/ta_entry_a32.S b/ta/arch/arm/ta_entry_a32.S -index d2f8a69d..cd9a12f9 100644 ---- a/ta/arch/arm/ta_entry_a32.S -+++ b/ta/arch/arm/ta_entry_a32.S -@@ -5,6 +5,8 @@ - - #include <asm.S> - -+ .section .note.GNU-stack,"",%progbits -+ - /* - * This function is the bottom of the user call stack. Mark it as such so that - * the unwinding code won't try to go further down. diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.14.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.14.0.bb deleted file mode 100644 index 6400ac2a6c..0000000000 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.14.0.bb +++ /dev/null @@ -1,10 +0,0 @@ -require optee-os.inc - -SRCREV = "d21befa5e53eae9db469eba1685f5aa5c6f92c2f" - -DEPENDS = "python3-pycryptodome-native python3-pyelftools-native" - -SRC_URI:append = " \ - file://3.14/0009-add-z-execstack.patch \ - file://3.14/0010-add-note-GNU-stack-section.patch \ - " diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb index f459efce66..59e58ed30f 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb +++ b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb @@ -5,6 +5,6 @@ DEPENDS += "dtc-native" SRCREV = "1ee647035939e073a2e8dddb727c0f019cc035f1" SRC_URI:append = " \ file://0001-core-Define-section-attributes-for-clang.patch \ - file://3.18/0009-add-z-execstack.patch \ - file://3.18/0010-add-note-GNU-stack-section.patch \ + file://0009-add-z-execstack.patch \ + file://0010-add-note-GNU-stack-section.patch \ " diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-spdevkit_git.bb b/meta-arm/meta-arm/recipes-security/optee/optee-spdevkit_3.10.0.bb index 7608cec044..7608cec044 100644 --- a/meta-arm/meta-arm/recipes-security/optee/optee-spdevkit_git.bb +++ b/meta-arm/meta-arm/recipes-security/optee/optee-spdevkit_3.10.0.bb diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-test_3.14.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-test_3.14.0.bb deleted file mode 100644 index 6367c27612..0000000000 --- a/meta-arm/meta-arm/recipes-security/optee/optee-test_3.14.0.bb +++ /dev/null @@ -1,3 +0,0 @@ -require optee-test.inc - -SRCREV = "f2eb88affbb7f028561b4fd5cbd049d5d704f741" diff --git a/meta-arm/meta-arm/recipes-security/packagegroups/packagegroup-ts-tests.bb b/meta-arm/meta-arm/recipes-security/packagegroups/packagegroup-ts-tests.bb index 72ba33f419..b9c6507ce7 100644 --- a/meta-arm/meta-arm/recipes-security/packagegroups/packagegroup-ts-tests.bb +++ b/meta-arm/meta-arm/recipes-security/packagegroups/packagegroup-ts-tests.bb @@ -1,11 +1,11 @@ SUMMARY = "Trusted Services test/demo linux tools" +PACKAGE_ARCH = "${MACHINE_ARCH}" + inherit packagegroup COMPATIBLE_HOST = "aarch64.*-linux" -PACKAGE_ARCH = "${MACHINE_ARCH}" - PACKAGES = "${PN} ${PN}-psa" RDEPENDS:${PN} = "\ diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions.inc b/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions.inc deleted file mode 100644 index 1df7409c6c..0000000000 --- a/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions.inc +++ /dev/null @@ -1,27 +0,0 @@ -LICENSE = "Apache-2.0 & BSD-3-Clause & Zlib" -LIC_FILES_CHKSUM = "file://license.rst;md5=ea160bac7f690a069c608516b17997f4" - -SRC_URI = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https;branch=integration;name=ts;destsuffix=git/ts" - -SRCREV_ts ?= "a365a04f937b9b76ebb2e0eeade226f208cbc0d2" - -S = "${WORKDIR}/git/ts" -B = "${WORKDIR}/build" - -export CROSS_COMPILE="${TARGET_PREFIX}" - -CFLAGS[unexport] = "1" -CPPFLAGS[unexport] = "1" -AS[unexport] = "1" -LD[unexport] = "1" - -# setting the linker options used to build the secure partitions -SECURITY_LDFLAGS = "" -TARGET_LDFLAGS = "-Wl,--build-id=none -Wl,--hash-style=both" - -do_configure[cleandirs] = "${B}" - -# Currently trusted-services and psa-arch-tests use FetchContent to download -# more sources during do_configure. Until this is resolved we need to allow -# network operations. -do_configure[network] = "1" diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb deleted file mode 100644 index fca6d9d3c9..0000000000 --- a/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb +++ /dev/null @@ -1,74 +0,0 @@ -SUMMARY = "Trusted Services secure partitions" -HOMEPAGE = "https://trusted-services.readthedocs.io/en/latest/index.html" - -COMPATIBLE_MACHINE ?= "invalid" - -PACKAGE_ARCH = "${MACHINE_ARCH}" - -require secure-partitions.inc - -SRCREV_FORMAT = "ts" -PV = "0.0+git${SRCPV}" - -# Which environment to create the secure partions for (opteesp or shim) -TS_ENVIRONMENT ?= "opteesp" - -inherit deploy python3native - -DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native \ - python3-pyelftools-native python3-grpcio-tools-native \ - python3-protobuf-native protobuf-native cmake-native \ - " - -DEPENDS:append = " ${@bb.utils.contains('TS_ENVIRONMENT', 'opteesp', 'optee-spdevkit', '', d)}" - -export CROSS_COMPILE="${TARGET_PREFIX}" - -CFLAGS[unexport] = "1" -CPPFLAGS[unexport] = "1" -AS[unexport] = "1" -LD[unexport] = "1" - -# only used if TS_ENVIRONMENT is opteesp -SP_DEV_KIT_DIR = "${@bb.utils.contains('TS_ENVIRONMENT', 'opteesp', '${STAGING_INCDIR}/optee/export-user_sp', '', d)}" - -# SP images are embedded into optee os image -SP_PACKAGING_METHOD ?= "embedded" - -do_configure() { - for TS_DEPLOYMENT in ${TS_DEPLOYMENTS}; do - cmake \ - -DCMAKE_INSTALL_PREFIX=${D}/firmware/sp \ - -DSP_DEV_KIT_DIR=${SP_DEV_KIT_DIR} \ - -DSP_PACKAGING_METHOD=${SP_PACKAGING_METHOD} \ - -DTS_PLATFORM="${TS_PLATFORM}" \ - -S ${S}/$TS_DEPLOYMENT -B "${B}/$TS_DEPLOYMENT" - done -} - -do_compile() { - for TS_DEPLOYMENT in ${TS_DEPLOYMENTS}; do - cmake --build "${B}/$TS_DEPLOYMENT" - done -} - -do_install () { - if [ "${TS_ENVIRONMENT}" = "opteesp" ]; then - for TS_DEPLOYMENT in ${TS_DEPLOYMENTS}; do - cmake --install "${B}/$TS_DEPLOYMENT" - done - fi -} - -SYSROOT_DIRS = "/firmware" - -do_deploy() { - cp -rf ${D}/firmware/* ${DEPLOYDIR}/ -} -addtask deploy after do_install - -FILES:${PN} = "/firmware/sp/opteesp*" - -# Build paths are currently embedded -INSANE_SKIP:${PN} += "buildpaths" -INSANE_SKIP:${PN}-dbg += "buildpaths" diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc b/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc index 80c0849903..a8f49a5e1e 100644 --- a/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc +++ b/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc @@ -50,3 +50,5 @@ EXTRA_OECMAKE += "${@oe.utils.conditional('TS_ENV', 'opteesp', \ EXTRA_OECMAKE += "-Dlibts_DIR=${STAGING_DIR_HOST}${TS_INSTALL}/lib/cmake/ \ -DNEWLIB_INSTALL_DIR=${STAGING_DIR_HOST}${TS_INSTALL}/newlib_install \ " +# Newlib does not compile with clang +TOOLCHAIN = "gcc" diff --git a/meta-arm/meta-atp/conf/layer.conf b/meta-arm/meta-atp/conf/layer.conf index 3ec36e8cd2..191a8e85e1 100644 --- a/meta-arm/meta-atp/conf/layer.conf +++ b/meta-arm/meta-atp/conf/layer.conf @@ -6,4 +6,4 @@ BBFILE_COLLECTIONS += "meta-atp" BBFILE_PATTERN_meta-atp = "^${LAYERDIR}/" LAYERDEPENDS_meta-atp = "core openembedded-layer meta-gem5" -LAYERSERIES_COMPAT_meta-atp = "kirkstone" +LAYERSERIES_COMPAT_meta-atp = "langdale" diff --git a/meta-arm/meta-gem5/conf/layer.conf b/meta-arm/meta-gem5/conf/layer.conf index d329bd0424..1d129bca19 100644 --- a/meta-arm/meta-gem5/conf/layer.conf +++ b/meta-arm/meta-gem5/conf/layer.conf @@ -10,7 +10,7 @@ BBFILE_PATTERN_meta-gem5 = "^${LAYERDIR}/" BBFILE_PRIORITY_meta-gem5 = "5" LAYERDEPENDS_meta-gem5 = "core openembedded-layer meta-arm" -LAYERSERIES_COMPAT_meta-gem5 = "kirkstone" +LAYERSERIES_COMPAT_meta-gem5 = "langdale" BBFILES_DYNAMIC += " \ virtualization-layer:${LAYERDIR}/dynamic-layers/meta-virtualization/*/*/*.bbappend \ diff --git a/meta-arm/meta-gem5/recipes-kernel/linux/files/0001-lib-build_OID_registry-fix-reproducibility-issues.patch b/meta-arm/meta-gem5/recipes-kernel/linux/files/0001-lib-build_OID_registry-fix-reproducibility-issues.patch new file mode 100644 index 0000000000..4c95a415a2 --- /dev/null +++ b/meta-arm/meta-gem5/recipes-kernel/linux/files/0001-lib-build_OID_registry-fix-reproducibility-issues.patch @@ -0,0 +1,46 @@ +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From f678d79b3bede48c9e095e6e9c46bd3542f23077 Mon Sep 17 00:00:00 2001 +From: Bruce Ashfield <bruce.ashfield@gmail.com> +Date: Sun, 10 Jul 2022 22:56:53 -0400 +Subject: [PATCH 1/2] lib/build_OID_registry: fix reproducibility issues + +The script build_OID_registry captures the full path of itself +in the generated data. This causes reproduciblity issues as the +path is captured and packaged. + +We use the basename of the script instead, and that allows us +to be reprodicible, with slightly less information captured in +the output data (but the generating script can still easily +be found). + +Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> +--- + lib/build_OID_registry | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/build_OID_registry b/lib/build_OID_registry +index d7fc32ea8ac2..f6de0a7f7457 100755 +--- a/lib/build_OID_registry ++++ b/lib/build_OID_registry +@@ -8,6 +8,7 @@ + # + + use strict; ++use File::Basename; + + my @names = (); + my @oids = (); +@@ -35,7 +36,7 @@ close IN_FILE || die; + # + open C_FILE, ">$ARGV[1]" or die; + print C_FILE "/*\n"; +-print C_FILE " * Automatically generated by ", $0, ". Do not edit\n"; ++print C_FILE " * Automatically generated by ", basename $0, ". Do not edit\n"; + print C_FILE " */\n"; + + # +-- +2.34.1 + diff --git a/meta-arm/meta-gem5/recipes-kernel/linux/files/0002-vt-conmakehash-improve-reproducibility.patch b/meta-arm/meta-gem5/recipes-kernel/linux/files/0002-vt-conmakehash-improve-reproducibility.patch new file mode 100644 index 0000000000..74156afe8e --- /dev/null +++ b/meta-arm/meta-gem5/recipes-kernel/linux/files/0002-vt-conmakehash-improve-reproducibility.patch @@ -0,0 +1,56 @@ +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 10a09290f97d0435b9b304d3ef980b0cafa87bd2 Mon Sep 17 00:00:00 2001 +From: Bruce Ashfield <bruce.ashfield@gmail.com> +Date: Sun, 10 Jul 2022 21:37:07 -0400 +Subject: [PATCH 2/2] vt/conmakehash: improve reproducibility + +The file generated by conmakehash capture the application +path used to generate the file. While that can be informative, +it varies based on where the kernel was built, as the full +path is captured. + +We tweak the application to use a second input as the "capture +name", and then modify the Makefile to pass the basename of +the source, making it reproducible. + +This could be improved by using some sort of path mapping, +or the application manipualing argv[1] itself, but for now +this solves the reprodicibility issue. + +Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> +--- + drivers/tty/vt/Makefile | 2 +- + scripts/conmakehash.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/tty/vt/Makefile b/drivers/tty/vt/Makefile +index edbbe0ccdb83..19e21968f8de 100644 +--- a/drivers/tty/vt/Makefile ++++ b/drivers/tty/vt/Makefile +@@ -13,7 +13,7 @@ obj-$(CONFIG_HW_CONSOLE) += vt.o defkeymap.o + clean-files := consolemap_deftbl.c defkeymap.c + + quiet_cmd_conmk = CONMK $@ +- cmd_conmk = scripts/conmakehash $< > $@ ++ cmd_conmk = scripts/conmakehash $< $(shell basename $<) > $@ + + $(obj)/consolemap_deftbl.c: $(src)/$(FONTMAPFILE) + $(call cmd,conmk) +diff --git a/scripts/conmakehash.c b/scripts/conmakehash.c +index cddd789fe46e..d62510b280e9 100644 +--- a/scripts/conmakehash.c ++++ b/scripts/conmakehash.c +@@ -253,7 +253,7 @@ int main(int argc, char *argv[]) + #include <linux/types.h>\n\ + \n\ + u8 dfont_unicount[%d] = \n\ +-{\n\t", argv[1], fontlen); ++{\n\t", argv[2], fontlen); + + for ( i = 0 ; i < fontlen ; i++ ) + { +-- +2.34.1 + diff --git a/meta-arm/meta-gem5/recipes-kernel/linux/linux-yocto_5.4.bb b/meta-arm/meta-gem5/recipes-kernel/linux/linux-yocto_5.4.bb index 99a1669015..a1a301ccba 100644 --- a/meta-arm/meta-gem5/recipes-kernel/linux/linux-yocto_5.4.bb +++ b/meta-arm/meta-gem5/recipes-kernel/linux/linux-yocto_5.4.bb @@ -2,14 +2,17 @@ KBRANCH ?= "v5.4/standard/base" require recipes-kernel/linux/linux-yocto.inc -SRCREV_machine ?= "e2020dbe2ccaef50d7e8f37a5bf08c68a006a064" +SRCREV_machine ?= "8a59dfded81659402005acfb06fbb00b71c8ce86" SRCREV_meta ?= "e8c675c7e11fbd96cd812dfb9f4f6fb6f92b6abb" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \ - git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}" + git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA} \ + file://0001-lib-build_OID_registry-fix-reproducibility-issues.patch \ + file://0002-vt-conmakehash-improve-reproducibility.patch \ + " LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814" -LINUX_VERSION ?= "5.4.178" +LINUX_VERSION ?= "5.4.205" DEPENDS += "openssl-native util-linux-native" diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/gerbera/gerbera/0001-Fix-build-with-fmt-9.0.patch b/meta-openembedded/meta-multimedia/recipes-multimedia/gerbera/gerbera/0001-Fix-build-with-fmt-9.0.patch new file mode 100644 index 0000000000..9de0e4f28e --- /dev/null +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/gerbera/gerbera/0001-Fix-build-with-fmt-9.0.patch @@ -0,0 +1,35 @@ +From d7b8fafbc94405c20753fed569abd8878cccde89 Mon Sep 17 00:00:00 2001 +From: Felix Yan <felixonmars@archlinux.org> +Date: Fri, 19 Aug 2022 15:22:10 +0300 +Subject: [PATCH] Fix build with fmt 9.0 + +Fixes #2681 +--- + src/database/sql_format.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/database/sql_format.h b/src/database/sql_format.h +index 32dc00ef..e4e1909a 100644 +--- a/src/database/sql_format.h ++++ b/src/database/sql_format.h +@@ -42,7 +42,7 @@ struct SQLIdentifier { + template <> + struct fmt::formatter<SQLIdentifier> : formatter<std::string_view> { + template <typename FormatContext> +- auto format(const SQLIdentifier& tn, FormatContext& ctx) -> decltype(ctx.out()) ++ auto format(const SQLIdentifier& tn, FormatContext& ctx) const -> decltype(ctx.out()) + { + return format_to(ctx.out(), "{}{}{}", tn.quote_begin, tn.name, tn.quote_end); + } +@@ -61,7 +61,7 @@ struct ColumnUpdate { + template <> + struct fmt::formatter<ColumnUpdate> : formatter<std::string_view> { + template <typename FormatContext> +- auto format(const ColumnUpdate& a, FormatContext& ctx) -> decltype(ctx.out()) ++ auto format(const ColumnUpdate& a, FormatContext& ctx) const -> decltype(ctx.out()) + { + return format_to(ctx.out(), "{} = {}", a.column, a.value); + } +-- +2.38.0.rc1.362.ged0d419d3c-goog + diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/gerbera/gerbera/0001-Fix-for-fmt-8.0.patch b/meta-openembedded/meta-multimedia/recipes-multimedia/gerbera/gerbera/0001-Fix-for-fmt-8.0.patch deleted file mode 100644 index efd8dc066c..0000000000 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/gerbera/gerbera/0001-Fix-for-fmt-8.0.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 22b3a91473d548456a0823f9f170db0d7db5a444 Mon Sep 17 00:00:00 2001 -From: kyak <bas@bmail.ru> -Date: Wed, 12 Jan 2022 19:41:37 +0300 -Subject: [PATCH] Fix for fmt > 8.0 - -Upstream-Status: Backport [https://github.com/gerbera/gerbera/commit/82d84ac5e62c23e717198fc7b2ef190ff95e70d1] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - src/util/logger.h | 15 +++++++++++++++ - 1 file changed, 15 insertions(+) - -diff --git a/src/util/logger.h b/src/util/logger.h -index 8a8f0b1f..0a512bff 100644 ---- a/src/util/logger.h -+++ b/src/util/logger.h -@@ -32,7 +32,9 @@ - #ifndef __LOGGER_H__ - #define __LOGGER_H__ - -+#include <fmt/format.h> - #include <spdlog/spdlog.h> -+#include <type_traits> - - #define log_debug SPDLOG_DEBUG - #define log_info SPDLOG_INFO -@@ -40,4 +42,17 @@ - #define log_error SPDLOG_ERROR - #define log_js SPDLOG_INFO - -+#if FMT_VERSION >= 80100 -+template <typename T> -+struct fmt::formatter<T, std::enable_if_t<std::is_enum_v<T>, char>> -+ : formatter<std::underlying_type_t<T>> { -+ template <typename FormatContext> -+ auto format(const T& value, FormatContext& ctx) -> decltype(ctx.out()) -+ { -+ return fmt::formatter<std::underlying_type_t<T>>::format( -+ static_cast<std::underlying_type_t<T>>(value), ctx); -+ } -+}; -+#endif -+ - #endif // __LOGGER_H__ --- -2.35.0 - diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/gerbera/gerbera_1.9.2.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/gerbera/gerbera_1.11.0.bb index cbb127d3dc..9f2f1b093e 100644 --- a/meta-openembedded/meta-multimedia/recipes-multimedia/gerbera/gerbera_1.9.2.bb +++ b/meta-openembedded/meta-multimedia/recipes-multimedia/gerbera/gerbera_1.11.0.bb @@ -3,11 +3,11 @@ Description = "Gerbera - An UPnP media server" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://LICENSE.md;md5=25cdec9afe3f1f26212ead6bd2f7fac8" -SRC_URI = "git://github.com/v00d00/gerbera.git;protocol=https;branch=master \ - file://0001-Fix-for-fmt-8.0.patch \ +SRC_URI = "git://github.com/gerbera/gerbera.git;protocol=https;branch=master \ + file://0001-Fix-build-with-fmt-9.0.patch \ " -SRCREV = "3b93d362ec33f738868a4e896a2c9ee8e9d7a92a" +SRCREV = "d73d8c1346213d784753c02ea771970500e0df2a" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-multimedia/recipes-support/gst-instruments/gst-instruments_git.bb b/meta-openembedded/meta-multimedia/recipes-support/gst-instruments/gst-instruments_git.bb index 9a6c71cb71..8f0ad65120 100644 --- a/meta-openembedded/meta-multimedia/recipes-support/gst-instruments/gst-instruments_git.bb +++ b/meta-openembedded/meta-multimedia/recipes-support/gst-instruments/gst-instruments_git.bb @@ -4,17 +4,20 @@ SECTION = "multimedia" LICENSE = "LGPL-3.0-only" LIC_FILES_CHKSUM = "file://LICENSE;md5=e6a600fd5e1d9cbde2d983680233ad02" - DEPENDS = "gstreamer1.0" +SRCREV = "cb8977a6711657e32853159cd539d1d75fcbc772" +PV = "0.3.1+git${SRCPV}" + +SRC_URI = "git://github.com/kirushyk/gst-instruments.git;protocol=https;branch=master" S = "${WORKDIR}/git" -SRCREV = "3b862e52e5c53ad1023dc6808effa4cb75572c4b" -SRC_URI = "git://github.com/kirushyk/gst-instruments.git;protocol=https;;branch=master" + +inherit vala meson pkgconfig FILES:${PN}-staticdev += "${libdir}/gstreamer-1.0/*a" FILES:${PN} += "${libdir}/*" -INSANE_SKIP:${PN} = "dev-so" - -inherit autotools pkgconfig +INSANE_SKIP:${PN}-dev = "dev-elf" +PACKAGECONFIG ??= "ui" +PACKAGECONFIG[ui] = "-Dui=enabled,-Dui=disabled,gtk+3" diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/radiusd-volatiles.conf b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/radiusd-volatiles.conf index fa62962975..f3619dddb6 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/radiusd-volatiles.conf +++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/radiusd-volatiles.conf @@ -1,2 +1,2 @@ d /var/log/radius 0755 radiusd radiusd - -d /var/run/radiusd 0755 radiusd radiusd - +d /run/radiusd 0755 radiusd radiusd - diff --git a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/radiusd.service b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/radiusd.service index 2d766488e6..37a2eb3d7d 100644 --- a/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/radiusd.service +++ b/meta-openembedded/meta-networking/recipes-connectivity/freeradius/files/radiusd.service @@ -5,7 +5,7 @@ After=syslog.target network.target [Service] Type=forking PIDFile=/run/radiusd/radiusd.pid -ExecStartPre=-@BASE_BINDIR@/chown -R radiusd.radiusd /run/radiusd +ExecStartPre=-@BASE_BINDIR@/chown -R radiusd:radiusd /run/radiusd ExecStartPre=@SBINDIR@/radiusd -C ExecStart=@SBINDIR@/radiusd -d @SYSCONFDIR@/raddb ExecReload=@SBINDIR@/radiusd -C diff --git a/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl/0001-avoid-naming-local-function-as-one-of-printf-family.patch b/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl/0001-avoid-naming-local-function-as-one-of-printf-family.patch deleted file mode 100644 index 68eb04a83e..0000000000 --- a/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl/0001-avoid-naming-local-function-as-one-of-printf-family.patch +++ /dev/null @@ -1,650 +0,0 @@ -From e03b003610a176d608da9a02e433e7ded7e4b75f Mon Sep 17 00:00:00 2001 -From: Todd Cunningham <tcunningham07@gmail.com> -Date: Wed, 11 Dec 2019 10:18:56 +1000 -Subject: [PATCH] avoid naming local function as one of printf family - -Fixes build issues with clang -error: no member named '__builtin___snprintf_chk' in 'struct expr_ops' - -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> - -Signed-off-by: Yuan Chao <yuanc.fnst@cn.fujitsu.com> -Signed-off-by: Todd Cunningham <tcunningham07@gmail.com> - -Use wiggle to get the patch to apply for version 1.2.0. - -Add the same change in src/expr/last.c to make the patch apply for -1.2.1. Also correct the patch to show the original author and metadata. - -Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> ---- - include/expr_ops.h | 2 +- - include/obj.h | 2 +- - src/expr.c | 4 ++-- - src/expr/bitwise.c | 2 +- - src/expr/byteorder.c | 2 +- - src/expr/cmp.c | 2 +- - src/expr/connlimit.c | 2 +- - src/expr/counter.c | 2 +- - src/expr/ct.c | 2 +- - src/expr/dup.c | 2 +- - src/expr/dynset.c | 2 +- - src/expr/exthdr.c | 2 +- - src/expr/fib.c | 2 +- - src/expr/flow_offload.c | 2 +- - src/expr/fwd.c | 2 +- - src/expr/hash.c | 2 +- - src/expr/immediate.c | 2 +- - src/expr/last.c | 2 +- - src/expr/limit.c | 2 +- - src/expr/log.c | 2 +- - src/expr/lookup.c | 2 +- - src/expr/masq.c | 2 +- - src/expr/match.c | 2 +- - src/expr/meta.c | 2 +- - src/expr/nat.c | 2 +- - src/expr/numgen.c | 2 +- - src/expr/objref.c | 2 +- - src/expr/osf.c | 2 +- - src/expr/payload.c | 2 +- - src/expr/queue.c | 2 +- - src/expr/quota.c | 2 +- - src/expr/range.c | 2 +- - src/expr/redir.c | 2 +- - src/expr/reject.c | 2 +- - src/expr/rt.c | 2 +- - src/expr/socket.c | 2 +- - src/expr/synproxy.c | 2 +- - src/expr/target.c | 2 +- - src/expr/tproxy.c | 2 +- - src/expr/tunnel.c | 2 +- - src/expr/xfrm.c | 2 +- - src/obj/counter.c | 2 +- - src/obj/ct_expect.c | 2 +- - src/obj/ct_helper.c | 2 +- - src/obj/ct_timeout.c | 2 +- - src/obj/limit.c | 2 +- - src/obj/quota.c | 2 +- - src/obj/secmark.c | 2 +- - src/obj/synproxy.c | 2 +- - src/obj/tunnel.c | 2 +- - src/object.c | 2 +- - 51 files changed, 52 insertions(+), 52 deletions(-) - -diff --git a/include/expr_ops.h b/include/expr_ops.h -index 7a6aa23..d3a2855 100644 ---- a/include/expr_ops.h -+++ b/include/expr_ops.h -@@ -18,7 +18,7 @@ struct expr_ops { - const void *(*get)(const struct nftnl_expr *e, uint16_t type, uint32_t *data_len); - int (*parse)(struct nftnl_expr *e, struct nlattr *attr); - void (*build)(struct nlmsghdr *nlh, const struct nftnl_expr *e); -- int (*snprintf)(char *buf, size_t len, uint32_t flags, const struct nftnl_expr *e); -+ int (*snprintf_)(char *buf, size_t len, uint32_t flags, const struct nftnl_expr *e); - }; - - struct expr_ops *nftnl_expr_ops_lookup(const char *name); -diff --git a/include/obj.h b/include/obj.h -index 60dc853..1c1c3c1 100644 ---- a/include/obj.h -+++ b/include/obj.h -@@ -109,7 +109,7 @@ struct obj_ops { - const void *(*get)(const struct nftnl_obj *e, uint16_t type, uint32_t *data_len); - int (*parse)(struct nftnl_obj *e, struct nlattr *attr); - void (*build)(struct nlmsghdr *nlh, const struct nftnl_obj *e); -- int (*snprintf)(char *buf, size_t len, uint32_t flags, const struct nftnl_obj *e); -+ int (*snprintf_)(char *buf, size_t len, uint32_t flags, const struct nftnl_obj *e); - }; - - extern struct obj_ops obj_ops_counter; -diff --git a/src/expr.c b/src/expr.c -index 277bbde..2231b21 100644 ---- a/src/expr.c -+++ b/src/expr.c -@@ -279,10 +279,10 @@ int nftnl_expr_snprintf(char *buf, size_t remain, const struct nftnl_expr *expr, - if (remain) - buf[0] = '\0'; - -- if (!expr->ops->snprintf || type != NFTNL_OUTPUT_DEFAULT) -+ if (!expr->ops->snprintf_ || type != NFTNL_OUTPUT_DEFAULT) - return 0; - -- ret = expr->ops->snprintf(buf + offset, remain, flags, expr); -+ ret = expr->ops->snprintf_(buf + offset, remain, flags, expr); - SNPRINTF_BUFFER_SIZE(ret, remain, offset); - - return offset; -diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c -index d0c7827..eded505 100644 ---- a/src/expr/bitwise.c -+++ b/src/expr/bitwise.c -@@ -282,5 +282,5 @@ struct expr_ops expr_ops_bitwise = { - .get = nftnl_expr_bitwise_get, - .parse = nftnl_expr_bitwise_parse, - .build = nftnl_expr_bitwise_build, -- .snprintf = nftnl_expr_bitwise_snprintf, -+ .snprintf_ = nftnl_expr_bitwise_snprintf, - }; -diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c -index d299745..0068ab2 100644 ---- a/src/expr/byteorder.c -+++ b/src/expr/byteorder.c -@@ -220,5 +220,5 @@ struct expr_ops expr_ops_byteorder = { - .get = nftnl_expr_byteorder_get, - .parse = nftnl_expr_byteorder_parse, - .build = nftnl_expr_byteorder_build, -- .snprintf = nftnl_expr_byteorder_snprintf, -+ .snprintf_ = nftnl_expr_byteorder_snprintf, - }; -diff --git a/src/expr/cmp.c b/src/expr/cmp.c -index 6030693..7e548e6 100644 ---- a/src/expr/cmp.c -+++ b/src/expr/cmp.c -@@ -202,5 +202,5 @@ struct expr_ops expr_ops_cmp = { - .get = nftnl_expr_cmp_get, - .parse = nftnl_expr_cmp_parse, - .build = nftnl_expr_cmp_build, -- .snprintf = nftnl_expr_cmp_snprintf, -+ .snprintf_ = nftnl_expr_cmp_snprintf, - }; -diff --git a/src/expr/connlimit.c b/src/expr/connlimit.c -index 3b37587..39b7092 100644 ---- a/src/expr/connlimit.c -+++ b/src/expr/connlimit.c -@@ -135,5 +135,5 @@ struct expr_ops expr_ops_connlimit = { - .get = nftnl_expr_connlimit_get, - .parse = nftnl_expr_connlimit_parse, - .build = nftnl_expr_connlimit_build, -- .snprintf = nftnl_expr_connlimit_snprintf, -+ .snprintf_ = nftnl_expr_connlimit_snprintf, - }; -diff --git a/src/expr/counter.c b/src/expr/counter.c -index 1676d70..42c96d9 100644 ---- a/src/expr/counter.c -+++ b/src/expr/counter.c -@@ -133,5 +133,5 @@ struct expr_ops expr_ops_counter = { - .get = nftnl_expr_counter_get, - .parse = nftnl_expr_counter_parse, - .build = nftnl_expr_counter_build, -- .snprintf = nftnl_expr_counter_snprintf, -+ .snprintf_ = nftnl_expr_counter_snprintf, - }; -diff --git a/src/expr/ct.c b/src/expr/ct.c -index d5dfc81..8c15db1 100644 ---- a/src/expr/ct.c -+++ b/src/expr/ct.c -@@ -258,5 +258,5 @@ struct expr_ops expr_ops_ct = { - .get = nftnl_expr_ct_get, - .parse = nftnl_expr_ct_parse, - .build = nftnl_expr_ct_build, -- .snprintf = nftnl_expr_ct_snprintf, -+ .snprintf_ = nftnl_expr_ct_snprintf, - }; -diff --git a/src/expr/dup.c b/src/expr/dup.c -index f041b55..6238a43 100644 ---- a/src/expr/dup.c -+++ b/src/expr/dup.c -@@ -138,5 +138,5 @@ struct expr_ops expr_ops_dup = { - .get = nftnl_expr_dup_get, - .parse = nftnl_expr_dup_parse, - .build = nftnl_expr_dup_build, -- .snprintf = nftnl_expr_dup_snprintf, -+ .snprintf_ = nftnl_expr_dup_snprintf, - }; -diff --git a/src/expr/dynset.c b/src/expr/dynset.c -index 85d64bb..9afbb94 100644 ---- a/src/expr/dynset.c -+++ b/src/expr/dynset.c -@@ -373,5 +373,5 @@ struct expr_ops expr_ops_dynset = { - .get = nftnl_expr_dynset_get, - .parse = nftnl_expr_dynset_parse, - .build = nftnl_expr_dynset_build, -- .snprintf = nftnl_expr_dynset_snprintf, -+ .snprintf_ = nftnl_expr_dynset_snprintf, - }; -diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c -index 1b813b1..25f1491 100644 ---- a/src/expr/exthdr.c -+++ b/src/expr/exthdr.c -@@ -262,5 +262,5 @@ struct expr_ops expr_ops_exthdr = { - .get = nftnl_expr_exthdr_get, - .parse = nftnl_expr_exthdr_parse, - .build = nftnl_expr_exthdr_build, -- .snprintf = nftnl_expr_exthdr_snprintf, -+ .snprintf_ = nftnl_expr_exthdr_snprintf, - }; -diff --git a/src/expr/fib.c b/src/expr/fib.c -index aaff52a..3916e18 100644 ---- a/src/expr/fib.c -+++ b/src/expr/fib.c -@@ -198,5 +198,5 @@ struct expr_ops expr_ops_fib = { - .get = nftnl_expr_fib_get, - .parse = nftnl_expr_fib_parse, - .build = nftnl_expr_fib_build, -- .snprintf = nftnl_expr_fib_snprintf, -+ .snprintf_ = nftnl_expr_fib_snprintf, - }; -diff --git a/src/expr/flow_offload.c b/src/expr/flow_offload.c -index a826202..c1ca678 100644 ---- a/src/expr/flow_offload.c -+++ b/src/expr/flow_offload.c -@@ -120,5 +120,5 @@ struct expr_ops expr_ops_flow = { - .get = nftnl_expr_flow_get, - .parse = nftnl_expr_flow_parse, - .build = nftnl_expr_flow_build, -- .snprintf = nftnl_expr_flow_snprintf, -+ .snprintf_ = nftnl_expr_flow_snprintf, - }; -diff --git a/src/expr/fwd.c b/src/expr/fwd.c -index 82e5a41..4e80687 100644 ---- a/src/expr/fwd.c -+++ b/src/expr/fwd.c -@@ -158,5 +158,5 @@ struct expr_ops expr_ops_fwd = { - .get = nftnl_expr_fwd_get, - .parse = nftnl_expr_fwd_parse, - .build = nftnl_expr_fwd_build, -- .snprintf = nftnl_expr_fwd_snprintf, -+ .snprintf_ = nftnl_expr_fwd_snprintf, - }; -diff --git a/src/expr/hash.c b/src/expr/hash.c -index 10b4a72..84ace31 100644 ---- a/src/expr/hash.c -+++ b/src/expr/hash.c -@@ -226,5 +226,5 @@ struct expr_ops expr_ops_hash = { - .get = nftnl_expr_hash_get, - .parse = nftnl_expr_hash_parse, - .build = nftnl_expr_hash_build, -- .snprintf = nftnl_expr_hash_snprintf, -+ .snprintf_ = nftnl_expr_hash_snprintf, - }; -diff --git a/src/expr/immediate.c b/src/expr/immediate.c -index 94b043c..a8a3c1f 100644 ---- a/src/expr/immediate.c -+++ b/src/expr/immediate.c -@@ -229,5 +229,5 @@ struct expr_ops expr_ops_immediate = { - .get = nftnl_expr_immediate_get, - .parse = nftnl_expr_immediate_parse, - .build = nftnl_expr_immediate_build, -- .snprintf = nftnl_expr_immediate_snprintf, -+ .snprintf_ = nftnl_expr_immediate_snprintf, - }; -diff --git a/src/expr/last.c b/src/expr/last.c -index e2a60c4..2f75464 100644 ---- a/src/expr/last.c -+++ b/src/expr/last.c -@@ -134,5 +134,5 @@ struct expr_ops expr_ops_last = { - .get = nftnl_expr_last_get, - .parse = nftnl_expr_last_parse, - .build = nftnl_expr_last_build, -- .snprintf = nftnl_expr_last_snprintf, -+ .snprintf_ = nftnl_expr_last_snprintf, - }; -diff --git a/src/expr/limit.c b/src/expr/limit.c -index 3dfd54a..f652df0 100644 ---- a/src/expr/limit.c -+++ b/src/expr/limit.c -@@ -202,5 +202,5 @@ struct expr_ops expr_ops_limit = { - .get = nftnl_expr_limit_get, - .parse = nftnl_expr_limit_parse, - .build = nftnl_expr_limit_build, -- .snprintf = nftnl_expr_limit_snprintf, -+ .snprintf_ = nftnl_expr_limit_snprintf, - }; -diff --git a/src/expr/log.c b/src/expr/log.c -index 86db548..d96b7ce 100644 ---- a/src/expr/log.c -+++ b/src/expr/log.c -@@ -253,5 +253,5 @@ struct expr_ops expr_ops_log = { - .get = nftnl_expr_log_get, - .parse = nftnl_expr_log_parse, - .build = nftnl_expr_log_build, -- .snprintf = nftnl_expr_log_snprintf, -+ .snprintf_ = nftnl_expr_log_snprintf, - }; -diff --git a/src/expr/lookup.c b/src/expr/lookup.c -index 83adce9..1fbace4 100644 ---- a/src/expr/lookup.c -+++ b/src/expr/lookup.c -@@ -206,5 +206,5 @@ struct expr_ops expr_ops_lookup = { - .get = nftnl_expr_lookup_get, - .parse = nftnl_expr_lookup_parse, - .build = nftnl_expr_lookup_build, -- .snprintf = nftnl_expr_lookup_snprintf, -+ .snprintf_ = nftnl_expr_lookup_snprintf, - }; -diff --git a/src/expr/masq.c b/src/expr/masq.c -index 684708c..1ce099c 100644 ---- a/src/expr/masq.c -+++ b/src/expr/masq.c -@@ -163,5 +163,5 @@ struct expr_ops expr_ops_masq = { - .get = nftnl_expr_masq_get, - .parse = nftnl_expr_masq_parse, - .build = nftnl_expr_masq_build, -- .snprintf = nftnl_expr_masq_snprintf, -+ .snprintf_ = nftnl_expr_masq_snprintf, - }; -diff --git a/src/expr/match.c b/src/expr/match.c -index 533fdf5..8561986 100644 ---- a/src/expr/match.c -+++ b/src/expr/match.c -@@ -189,5 +189,5 @@ struct expr_ops expr_ops_match = { - .get = nftnl_expr_match_get, - .parse = nftnl_expr_match_parse, - .build = nftnl_expr_match_build, -- .snprintf = nftnl_expr_match_snprintf, -+ .snprintf_ = nftnl_expr_match_snprintf, - }; -diff --git a/src/expr/meta.c b/src/expr/meta.c -index 34fbb9b..1ef79a4 100644 ---- a/src/expr/meta.c -+++ b/src/expr/meta.c -@@ -216,5 +216,5 @@ struct expr_ops expr_ops_meta = { - .get = nftnl_expr_meta_get, - .parse = nftnl_expr_meta_parse, - .build = nftnl_expr_meta_build, -- .snprintf = nftnl_expr_meta_snprintf, -+ .snprintf_ = nftnl_expr_meta_snprintf, - }; -diff --git a/src/expr/nat.c b/src/expr/nat.c -index 0a9cdd7..bc4a3fa 100644 ---- a/src/expr/nat.c -+++ b/src/expr/nat.c -@@ -274,5 +274,5 @@ struct expr_ops expr_ops_nat = { - .get = nftnl_expr_nat_get, - .parse = nftnl_expr_nat_parse, - .build = nftnl_expr_nat_build, -- .snprintf = nftnl_expr_nat_snprintf, -+ .snprintf_ = nftnl_expr_nat_snprintf, - }; -diff --git a/src/expr/numgen.c b/src/expr/numgen.c -index 159dfec..99bb442 100644 ---- a/src/expr/numgen.c -+++ b/src/expr/numgen.c -@@ -180,5 +180,5 @@ struct expr_ops expr_ops_ng = { - .get = nftnl_expr_ng_get, - .parse = nftnl_expr_ng_parse, - .build = nftnl_expr_ng_build, -- .snprintf = nftnl_expr_ng_snprintf, -+ .snprintf_ = nftnl_expr_ng_snprintf, - }; -diff --git a/src/expr/objref.c b/src/expr/objref.c -index a4b6470..1b2d387 100644 ---- a/src/expr/objref.c -+++ b/src/expr/objref.c -@@ -205,5 +205,5 @@ struct expr_ops expr_ops_objref = { - .get = nftnl_expr_objref_get, - .parse = nftnl_expr_objref_parse, - .build = nftnl_expr_objref_build, -- .snprintf = nftnl_expr_objref_snprintf, -+ .snprintf_ = nftnl_expr_objref_snprintf, - }; -diff --git a/src/expr/osf.c b/src/expr/osf.c -index 215a681..75a6b3c 100644 ---- a/src/expr/osf.c -+++ b/src/expr/osf.c -@@ -147,5 +147,5 @@ struct expr_ops expr_ops_osf = { - .get = nftnl_expr_osf_get, - .parse = nftnl_expr_osf_parse, - .build = nftnl_expr_osf_build, -- .snprintf = nftnl_expr_osf_snprintf, -+ .snprintf_ = nftnl_expr_osf_snprintf, - }; -diff --git a/src/expr/payload.c b/src/expr/payload.c -index 82747ec..e9130ec 100644 ---- a/src/expr/payload.c -+++ b/src/expr/payload.c -@@ -259,5 +259,5 @@ struct expr_ops expr_ops_payload = { - .get = nftnl_expr_payload_get, - .parse = nftnl_expr_payload_parse, - .build = nftnl_expr_payload_build, -- .snprintf = nftnl_expr_payload_snprintf, -+ .snprintf_ = nftnl_expr_payload_snprintf, - }; -diff --git a/src/expr/queue.c b/src/expr/queue.c -index 8f70977..6bc76ef 100644 ---- a/src/expr/queue.c -+++ b/src/expr/queue.c -@@ -193,5 +193,5 @@ struct expr_ops expr_ops_queue = { - .get = nftnl_expr_queue_get, - .parse = nftnl_expr_queue_parse, - .build = nftnl_expr_queue_build, -- .snprintf = nftnl_expr_queue_snprintf, -+ .snprintf_ = nftnl_expr_queue_snprintf, - }; -diff --git a/src/expr/quota.c b/src/expr/quota.c -index 8c841d8..1a5f2fa 100644 ---- a/src/expr/quota.c -+++ b/src/expr/quota.c -@@ -147,5 +147,5 @@ struct expr_ops expr_ops_quota = { - .get = nftnl_expr_quota_get, - .parse = nftnl_expr_quota_parse, - .build = nftnl_expr_quota_build, -- .snprintf = nftnl_expr_quota_snprintf, -+ .snprintf_ = nftnl_expr_quota_snprintf, - }; -diff --git a/src/expr/range.c b/src/expr/range.c -index f76843a..73a1930 100644 ---- a/src/expr/range.c -+++ b/src/expr/range.c -@@ -213,5 +213,5 @@ struct expr_ops expr_ops_range = { - .get = nftnl_expr_range_get, - .parse = nftnl_expr_range_parse, - .build = nftnl_expr_range_build, -- .snprintf = nftnl_expr_range_snprintf, -+ .snprintf_ = nftnl_expr_range_snprintf, - }; -diff --git a/src/expr/redir.c b/src/expr/redir.c -index 4f56cb4..51ec71c 100644 ---- a/src/expr/redir.c -+++ b/src/expr/redir.c -@@ -167,5 +167,5 @@ struct expr_ops expr_ops_redir = { - .get = nftnl_expr_redir_get, - .parse = nftnl_expr_redir_parse, - .build = nftnl_expr_redir_build, -- .snprintf = nftnl_expr_redir_snprintf, -+ .snprintf_ = nftnl_expr_redir_snprintf, - }; -diff --git a/src/expr/reject.c b/src/expr/reject.c -index 716d25c..acf32c2 100644 ---- a/src/expr/reject.c -+++ b/src/expr/reject.c -@@ -134,5 +134,5 @@ struct expr_ops expr_ops_reject = { - .get = nftnl_expr_reject_get, - .parse = nftnl_expr_reject_parse, - .build = nftnl_expr_reject_build, -- .snprintf = nftnl_expr_reject_snprintf, -+ .snprintf_ = nftnl_expr_reject_snprintf, - }; -diff --git a/src/expr/rt.c b/src/expr/rt.c -index 1ad9b2a..9f2fdf3 100644 ---- a/src/expr/rt.c -+++ b/src/expr/rt.c -@@ -162,5 +162,5 @@ struct expr_ops expr_ops_rt = { - .get = nftnl_expr_rt_get, - .parse = nftnl_expr_rt_parse, - .build = nftnl_expr_rt_build, -- .snprintf = nftnl_expr_rt_snprintf, -+ .snprintf_ = nftnl_expr_rt_snprintf, - }; -diff --git a/src/expr/socket.c b/src/expr/socket.c -index 02d86f8..49a126b 100644 ---- a/src/expr/socket.c -+++ b/src/expr/socket.c -@@ -165,5 +165,5 @@ struct expr_ops expr_ops_socket = { - .get = nftnl_expr_socket_get, - .parse = nftnl_expr_socket_parse, - .build = nftnl_expr_socket_build, -- .snprintf = nftnl_expr_socket_snprintf, -+ .snprintf_ = nftnl_expr_socket_snprintf, - }; -diff --git a/src/expr/synproxy.c b/src/expr/synproxy.c -index 630f3f4..b22ad2f 100644 ---- a/src/expr/synproxy.c -+++ b/src/expr/synproxy.c -@@ -152,5 +152,5 @@ struct expr_ops expr_ops_synproxy = { - .get = nftnl_expr_synproxy_get, - .parse = nftnl_expr_synproxy_parse, - .build = nftnl_expr_synproxy_build, -- .snprintf = nftnl_expr_synproxy_snprintf, -+ .snprintf_ = nftnl_expr_synproxy_snprintf, - }; -diff --git a/src/expr/target.c b/src/expr/target.c -index b7c595a..31a039c 100644 ---- a/src/expr/target.c -+++ b/src/expr/target.c -@@ -189,5 +189,5 @@ struct expr_ops expr_ops_target = { - .get = nftnl_expr_target_get, - .parse = nftnl_expr_target_parse, - .build = nftnl_expr_target_build, -- .snprintf = nftnl_expr_target_snprintf, -+ .snprintf_ = nftnl_expr_target_snprintf, - }; -diff --git a/src/expr/tproxy.c b/src/expr/tproxy.c -index d3ee8f8..1b01591 100644 ---- a/src/expr/tproxy.c -+++ b/src/expr/tproxy.c -@@ -170,5 +170,5 @@ struct expr_ops expr_ops_tproxy = { - .get = nftnl_expr_tproxy_get, - .parse = nftnl_expr_tproxy_parse, - .build = nftnl_expr_tproxy_build, -- .snprintf = nftnl_expr_tproxy_snprintf, -+ .snprintf_ = nftnl_expr_tproxy_snprintf, - }; -diff --git a/src/expr/tunnel.c b/src/expr/tunnel.c -index 1460fd2..6c2f653 100644 ---- a/src/expr/tunnel.c -+++ b/src/expr/tunnel.c -@@ -145,5 +145,5 @@ struct expr_ops expr_ops_tunnel = { - .get = nftnl_expr_tunnel_get, - .parse = nftnl_expr_tunnel_parse, - .build = nftnl_expr_tunnel_build, -- .snprintf = nftnl_expr_tunnel_snprintf, -+ .snprintf_ = nftnl_expr_tunnel_snprintf, - }; -diff --git a/src/expr/xfrm.c b/src/expr/xfrm.c -index c81d14d..e648ee5 100644 ---- a/src/expr/xfrm.c -+++ b/src/expr/xfrm.c -@@ -196,5 +196,5 @@ struct expr_ops expr_ops_xfrm = { - .get = nftnl_expr_xfrm_get, - .parse = nftnl_expr_xfrm_parse, - .build = nftnl_expr_xfrm_build, -- .snprintf = nftnl_expr_xfrm_snprintf, -+ .snprintf_ = nftnl_expr_xfrm_snprintf, - }; -diff --git a/src/obj/counter.c b/src/obj/counter.c -index ef0cd20..0c199f7 100644 ---- a/src/obj/counter.c -+++ b/src/obj/counter.c -@@ -127,5 +127,5 @@ struct obj_ops obj_ops_counter = { - .get = nftnl_obj_counter_get, - .parse = nftnl_obj_counter_parse, - .build = nftnl_obj_counter_build, -- .snprintf = nftnl_obj_counter_snprintf, -+ .snprintf_ = nftnl_obj_counter_snprintf, - }; -diff --git a/src/obj/ct_expect.c b/src/obj/ct_expect.c -index 8136ad9..b3e1d70 100644 ---- a/src/obj/ct_expect.c -+++ b/src/obj/ct_expect.c -@@ -196,5 +196,5 @@ struct obj_ops obj_ops_ct_expect = { - .get = nftnl_obj_ct_expect_get, - .parse = nftnl_obj_ct_expect_parse, - .build = nftnl_obj_ct_expect_build, -- .snprintf = nftnl_obj_ct_expect_snprintf, -+ .snprintf_ = nftnl_obj_ct_expect_snprintf, - }; -diff --git a/src/obj/ct_helper.c b/src/obj/ct_helper.c -index c52032a..12b783c 100644 ---- a/src/obj/ct_helper.c -+++ b/src/obj/ct_helper.c -@@ -150,5 +150,5 @@ struct obj_ops obj_ops_ct_helper = { - .get = nftnl_obj_ct_helper_get, - .parse = nftnl_obj_ct_helper_parse, - .build = nftnl_obj_ct_helper_build, -- .snprintf = nftnl_obj_ct_helper_snprintf, -+ .snprintf_ = nftnl_obj_ct_helper_snprintf, - }; -diff --git a/src/obj/ct_timeout.c b/src/obj/ct_timeout.c -index 1d4f8fb..0a12883 100644 ---- a/src/obj/ct_timeout.c -+++ b/src/obj/ct_timeout.c -@@ -316,5 +316,5 @@ struct obj_ops obj_ops_ct_timeout = { - .get = nftnl_obj_ct_timeout_get, - .parse = nftnl_obj_ct_timeout_parse, - .build = nftnl_obj_ct_timeout_build, -- .snprintf = nftnl_obj_ct_timeout_snprintf, -+ .snprintf_ = nftnl_obj_ct_timeout_snprintf, - }; -diff --git a/src/obj/limit.c b/src/obj/limit.c -index 8b40f9d..2f049b8 100644 ---- a/src/obj/limit.c -+++ b/src/obj/limit.c -@@ -168,5 +168,5 @@ struct obj_ops obj_ops_limit = { - .get = nftnl_obj_limit_get, - .parse = nftnl_obj_limit_parse, - .build = nftnl_obj_limit_build, -- .snprintf = nftnl_obj_limit_snprintf, -+ .snprintf_ = nftnl_obj_limit_snprintf, - }; -diff --git a/src/obj/quota.c b/src/obj/quota.c -index 8ab3300..8666334 100644 ---- a/src/obj/quota.c -+++ b/src/obj/quota.c -@@ -144,5 +144,5 @@ struct obj_ops obj_ops_quota = { - .get = nftnl_obj_quota_get, - .parse = nftnl_obj_quota_parse, - .build = nftnl_obj_quota_build, -- .snprintf = nftnl_obj_quota_snprintf, -+ .snprintf_ = nftnl_obj_quota_snprintf, - }; -diff --git a/src/obj/secmark.c b/src/obj/secmark.c -index 2ccc803..e96e06f 100644 ---- a/src/obj/secmark.c -+++ b/src/obj/secmark.c -@@ -116,5 +116,5 @@ struct obj_ops obj_ops_secmark = { - .get = nftnl_obj_secmark_get, - .parse = nftnl_obj_secmark_parse, - .build = nftnl_obj_secmark_build, -- .snprintf = nftnl_obj_secmark_snprintf, -+ .snprintf_ = nftnl_obj_secmark_snprintf, - }; -diff --git a/src/obj/synproxy.c b/src/obj/synproxy.c -index d689fee..d06cb6d 100644 ---- a/src/obj/synproxy.c -+++ b/src/obj/synproxy.c -@@ -143,5 +143,5 @@ struct obj_ops obj_ops_synproxy = { - .get = nftnl_obj_synproxy_get, - .parse = nftnl_obj_synproxy_parse, - .build = nftnl_obj_synproxy_build, -- .snprintf = nftnl_obj_synproxy_snprintf, -+ .snprintf_ = nftnl_obj_synproxy_snprintf, - }; -diff --git a/src/obj/tunnel.c b/src/obj/tunnel.c -index 5ede6bd..d3743ff 100644 ---- a/src/obj/tunnel.c -+++ b/src/obj/tunnel.c -@@ -547,5 +547,5 @@ struct obj_ops obj_ops_tunnel = { - .get = nftnl_obj_tunnel_get, - .parse = nftnl_obj_tunnel_parse, - .build = nftnl_obj_tunnel_build, -- .snprintf = nftnl_obj_tunnel_snprintf, -+ .snprintf_ = nftnl_obj_tunnel_snprintf, - }; -diff --git a/src/object.c b/src/object.c -index 46e208b..d321c50 100644 ---- a/src/object.c -+++ b/src/object.c -@@ -396,7 +396,7 @@ static int nftnl_obj_snprintf_dflt(char *buf, size_t remain, - SNPRINTF_BUFFER_SIZE(ret, remain, offset); - - if (obj->ops) { -- ret = obj->ops->snprintf(buf + offset, remain, flags, obj); -+ ret = obj->ops->snprintf_(buf + offset, remain, flags, obj); - SNPRINTF_BUFFER_SIZE(ret, remain, offset); - } - ret = snprintf(buf + offset, remain, "]"); --- -2.33.1 - diff --git a/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.2.bb b/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.3.bb index 3eca92dcec..ab55767fee 100644 --- a/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.2.bb +++ b/meta-openembedded/meta-networking/recipes-filter/libnftnl/libnftnl_1.2.3.bb @@ -2,28 +2,27 @@ SUMMARY = "Library for low-level interaction with nftables Netlink's API over li LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=79808397c3355f163c012616125c9e26" SECTION = "libs" -DEPENDS = "libmnl" -SRCREV = "f6575131e60ab10f131ea3ff36f69af2b6c3f614" SRC_URI = "git://git.netfilter.org/libnftnl;branch=master \ - file://0001-avoid-naming-local-function-as-one-of-printf-family.patch \ file://0001-configure.ac-Add-serial-tests.patch \ file://run-ptest \ " +SRCREV = "817c8b66f1ea8c223b7513d4cd7bff525d8a0a9f" S = "${WORKDIR}/git" inherit autotools pkgconfig ptest +DEPENDS = "libmnl" RDEPENDS:${PN}-ptest += " bash python3-core make" - + TESTDIR = "tests" do_compile_ptest() { cp -rf ${S}/build-aux . oe_runmake buildtest-TESTS } - + do_install_ptest() { cp -rf ${B}/build-aux ${D}${PTEST_PATH} install -d ${D}${PTEST_PATH}/${TESTDIR} @@ -38,4 +37,3 @@ do_install_ptest() { # other nonexistent paths before running the actual tests sed -i 's/^Makefile/_Makefile/' ${D}${PTEST_PATH}/${TESTDIR}/Makefile } - diff --git a/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_1.0.4.bb b/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_1.0.5.bb index 3466e16a62..1708786f49 100644 --- a/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_1.0.4.bb +++ b/meta-openembedded/meta-networking/recipes-filter/nftables/nftables_1.0.5.bb @@ -11,7 +11,7 @@ SRC_URI = "http://www.netfilter.org/projects/nftables/files/${BP}.tar.bz2 \ file://run-ptest \ " -SRC_URI[sha256sum] = "927fb1fea1f685a328c10cf791eb655d7e1ed49d310eea5cb3101dfd8d6cba35" +SRC_URI[sha256sum] = "8d1b4b18393af43698d10baa25d2b9b6397969beecac7816c35dd0714e4de50a" inherit autotools manpages pkgconfig ptest diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-bgpd-avoid-notify-race-between-io-and-main-pthreads.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-bgpd-avoid-notify-race-between-io-and-main-pthreads.patch new file mode 100644 index 0000000000..40284d6f4f --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-bgpd-avoid-notify-race-between-io-and-main-pthreads.patch @@ -0,0 +1,151 @@ +From 71ca5b09bc71e8cbe38177cf41e83fe164e52eee Mon Sep 17 00:00:00 2001 +From: Mark Stapp <mstapp@nvidia.com> +Date: Thu, 8 Sep 2022 16:14:36 -0400 +Subject: [PATCH] bgpd: avoid notify race between io and main pthreads + +The "bgp_notify_" apis in bgp_packet.c generate a notification +to a peer, usually during error handling. The io pthread wants +to send notifications in a couple of cases during early +received-packet validation - but the existing api interacts +with the peer struct itself, and that's not safe. + +Add a new api for use by the io pthread, and adjust the main +notify api so that it can avoid touching the peer struct. + +Signed-off-by: Mark Stapp <mstapp@nvidia.com> + +CVE: CVE-2022-37035 + +Upstream-Status: Backport +[https://github.com/FRRouting/frr/commit/71ca5b09bc71e8cbe38177cf41e83fe164e52eee] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + bgpd/bgp_io.c | 17 ++++++++--------- + bgpd/bgp_packet.c | 32 ++++++++++++++++++++++++++++---- + bgpd/bgp_packet.h | 2 ++ + 3 files changed, 38 insertions(+), 13 deletions(-) + +diff --git a/bgpd/bgp_io.c b/bgpd/bgp_io.c +index 7af1fae28..f9bb8d518 100644 +--- a/bgpd/bgp_io.c ++++ b/bgpd/bgp_io.c +@@ -37,7 +37,7 @@ + #include "bgpd/bgp_debug.h" // for bgp_debug_neighbor_events, bgp_type_str + #include "bgpd/bgp_errors.h" // for expanded error reference information + #include "bgpd/bgp_fsm.h" // for BGP_EVENT_ADD, bgp_event +-#include "bgpd/bgp_packet.h" // for bgp_notify_send_with_data, bgp_notify... ++#include "bgpd/bgp_packet.h" // for bgp_notify_io_invalid... + #include "bgpd/bgp_trace.h" // for frrtraces + #include "bgpd/bgpd.h" // for peer, BGP_MARKER_SIZE, bgp_master, bm + /* clang-format on */ +@@ -526,8 +526,8 @@ static bool validate_header(struct peer *peer) + return false; + + if (memcmp(m_correct, m_rx, BGP_MARKER_SIZE) != 0) { +- bgp_notify_send(peer, BGP_NOTIFY_HEADER_ERR, +- BGP_NOTIFY_HEADER_NOT_SYNC); ++ bgp_notify_io_invalid(peer, BGP_NOTIFY_HEADER_ERR, ++ BGP_NOTIFY_HEADER_NOT_SYNC, NULL, 0); + return false; + } + +@@ -547,9 +547,8 @@ static bool validate_header(struct peer *peer) + zlog_debug("%s unknown message type 0x%02x", peer->host, + type); + +- bgp_notify_send_with_data(peer, BGP_NOTIFY_HEADER_ERR, +- BGP_NOTIFY_HEADER_BAD_MESTYPE, &type, +- 1); ++ bgp_notify_io_invalid(peer, BGP_NOTIFY_HEADER_ERR, ++ BGP_NOTIFY_HEADER_BAD_MESTYPE, &type, 1); + return false; + } + +@@ -574,9 +573,9 @@ static bool validate_header(struct peer *peer) + + uint16_t nsize = htons(size); + +- bgp_notify_send_with_data(peer, BGP_NOTIFY_HEADER_ERR, +- BGP_NOTIFY_HEADER_BAD_MESLEN, +- (unsigned char *)&nsize, 2); ++ bgp_notify_io_invalid(peer, BGP_NOTIFY_HEADER_ERR, ++ BGP_NOTIFY_HEADER_BAD_MESLEN, ++ (unsigned char *)&nsize, 2); + return false; + } + +diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c +index 7daac4494..90695219a 100644 +--- a/bgpd/bgp_packet.c ++++ b/bgpd/bgp_packet.c +@@ -871,8 +871,9 @@ bool bgp_notify_received_hard_reset(struct peer *peer, uint8_t code, + * @param data Data portion + * @param datalen length of data portion + */ +-void bgp_notify_send_with_data(struct peer *peer, uint8_t code, +- uint8_t sub_code, uint8_t *data, size_t datalen) ++static void bgp_notify_send_internal(struct peer *peer, uint8_t code, ++ uint8_t sub_code, uint8_t *data, ++ size_t datalen, bool use_curr) + { + struct stream *s; + bool hard_reset = bgp_notify_send_hard_reset(peer, code, sub_code); +@@ -917,8 +918,11 @@ void bgp_notify_send_with_data(struct peer *peer, uint8_t code, + * If possible, store last packet for debugging purposes. This check is + * in place because we are sometimes called with a doppelganger peer, + * who tends to have a plethora of fields nulled out. ++ * ++ * Some callers should not attempt this - the io pthread for example ++ * should not touch internals of the peer struct. + */ +- if (peer->curr) { ++ if (use_curr && peer->curr) { + size_t packetsize = stream_get_endp(peer->curr); + assert(packetsize <= peer->max_packet_size); + memcpy(peer->last_reset_cause, peer->curr->data, packetsize); +@@ -1001,7 +1005,27 @@ void bgp_notify_send_with_data(struct peer *peer, uint8_t code, + */ + void bgp_notify_send(struct peer *peer, uint8_t code, uint8_t sub_code) + { +- bgp_notify_send_with_data(peer, code, sub_code, NULL, 0); ++ bgp_notify_send_internal(peer, code, sub_code, NULL, 0, true); ++} ++ ++/* ++ * Enqueue notification; called from the main pthread, peer object access is ok. ++ */ ++void bgp_notify_send_with_data(struct peer *peer, uint8_t code, ++ uint8_t sub_code, uint8_t *data, size_t datalen) ++{ ++ bgp_notify_send_internal(peer, code, sub_code, data, datalen, true); ++} ++ ++/* ++ * For use by the io pthread, queueing a notification but avoiding access to ++ * the peer object. ++ */ ++void bgp_notify_io_invalid(struct peer *peer, uint8_t code, uint8_t sub_code, ++ uint8_t *data, size_t datalen) ++{ ++ /* Avoid touching the peer object */ ++ bgp_notify_send_internal(peer, code, sub_code, data, datalen, false); + } + + /* +diff --git a/bgpd/bgp_packet.h b/bgpd/bgp_packet.h +index a0eb579db..9f6d772bc 100644 +--- a/bgpd/bgp_packet.h ++++ b/bgpd/bgp_packet.h +@@ -62,6 +62,8 @@ extern void bgp_open_send(struct peer *); + extern void bgp_notify_send(struct peer *, uint8_t, uint8_t); + extern void bgp_notify_send_with_data(struct peer *, uint8_t, uint8_t, + uint8_t *, size_t); ++void bgp_notify_io_invalid(struct peer *peer, uint8_t code, uint8_t sub_code, ++ uint8_t *data, size_t datalen); + extern void bgp_route_refresh_send(struct peer *peer, afi_t afi, safi_t safi, + uint8_t orf_type, uint8_t when_to_refresh, + int remove, uint8_t subtype); +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-configure-Check-for-readline-function-instead-of-mai.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-configure-Check-for-readline-function-instead-of-mai.patch index 4b218a61e8..20e8472233 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-configure-Check-for-readline-function-instead-of-mai.patch +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-configure-Check-for-readline-function-instead-of-mai.patch @@ -6,7 +6,9 @@ Subject: [PATCH] configure: Check for readline() function instead of main main is not a function found in libreadline, its better to check for a function thats provided by it. -Upstream-Status: Submitted [https://github.com/FRRouting/frr/pull/11893] +Upstream-Status: Backport +[https://github.com/FRRouting/frr/commit/9399d58c13257849179d3c2b3698a2b43bc1b2a0] + Signed-off-by: Khem Raj <raj.khem@gmail.com> --- configure.ac | 2 +- diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-ospfd-Adding-SUPPORT_OSPF_API-define-in-ospf_spf.c.patch b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-ospfd-Adding-SUPPORT_OSPF_API-define-in-ospf_spf.c.patch new file mode 100644 index 0000000000..09988946b6 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr/0001-ospfd-Adding-SUPPORT_OSPF_API-define-in-ospf_spf.c.patch @@ -0,0 +1,48 @@ +From ec3bb054c331f9d928ac21a1747e0f921b51dfbc Mon Sep 17 00:00:00 2001 +From: Michal Ruprich <michalruprich@gmail.com> +Date: Tue, 6 Sep 2022 12:25:01 +0200 +Subject: [PATCH] ospfd: Adding SUPPORT_OSPF_API define in ospf_spf.c + +It is not possible to build ospf_spf.c file with --disable-ospfapi because +ospf_apiserver.c has SUPPORT_OSPF_API around all function definitions and +that results in an undefined reference to the ospf_apiserver_notify_reachable +function error while building. + +Signed-off-by: Michal Ruprich <mruprich@redhat.com> + +Upstream-Status: Backport +[https://github.com/FRRouting/frr/commit/ec3bb054c331f9d928ac21a1747e0f921b51dfbc] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + ospfd/ospf_spf.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/ospfd/ospf_spf.c b/ospfd/ospf_spf.c +index 46492ff6b..4edc1de81 100644 +--- a/ospfd/ospf_spf.c ++++ b/ospfd/ospf_spf.c +@@ -48,7 +48,10 @@ + #include "ospfd/ospf_sr.h" + #include "ospfd/ospf_ti_lfa.h" + #include "ospfd/ospf_errors.h" ++ ++#ifdef SUPPORT_OSPF_API + #include "ospfd/ospf_apiserver.h" ++#endif + + /* Variables to ensure a SPF scheduled log message is printed only once */ + +@@ -1895,7 +1898,9 @@ static void ospf_spf_calculate_schedule_worker(struct thread *thread) + /* Update all routers routing table */ + ospf->oall_rtrs = ospf->all_rtrs; + ospf->all_rtrs = all_rtrs; ++#ifdef SUPPORT_OSPF_API + ospf_apiserver_notify_reachable(ospf->oall_rtrs, ospf->all_rtrs); ++#endif + + /* Free old ABR/ASBR routing table */ + if (ospf->old_rtrs) +-- +2.25.1 + diff --git a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.3.1.bb index 607ed8b9dd..c69720e6f0 100644 --- a/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.2.2.bb +++ b/meta-openembedded/meta-networking/recipes-protocols/frr/frr_8.3.1.bb @@ -9,12 +9,14 @@ LICENSE = "GPL-2.0-only & LGPL-2.1-only" LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://COPYING-LGPLv2.1;md5=4fbd65380cdd255951079008b364516c" -SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.2 \ +SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.3 \ file://0001-configure-Check-for-readline-function-instead-of-mai.patch \ + file://0001-ospfd-Adding-SUPPORT_OSPF_API-define-in-ospf_spf.c.patch \ + file://0001-bgpd-avoid-notify-race-between-io-and-main-pthreads.patch \ file://frr.pam \ " -SRCREV = "79188bf710e92acf42fb5b9b0a2e9593a5ee9b05" +SRCREV = "a74f7a9ad9623e6f9654fe4a7177e5da0b194828" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-connectivity/libnet/libnet/0001-Support-musl-libc-remove-support-for-glibc-2.1.patch b/meta-openembedded/meta-oe/recipes-connectivity/libnet/libnet/0001-Support-musl-libc-remove-support-for-glibc-2.1.patch deleted file mode 100644 index 98008dba94..0000000000 --- a/meta-openembedded/meta-oe/recipes-connectivity/libnet/libnet/0001-Support-musl-libc-remove-support-for-glibc-2.1.patch +++ /dev/null @@ -1,58 +0,0 @@ -From ffd7fab744a9ad2893169a8fb6244074604d5d0d Mon Sep 17 00:00:00 2001 -From: rofl0r <retnyg@gmx.net> -Date: Tue, 12 Aug 2014 21:51:39 +0200 -Subject: [PATCH] Support musl libc, remove support for glibc < 2.1 - -Upstream-Status: Backport - -The workarounds for glibc < 2.1 (was released february 1999) break the -build with musl libc. - -It is very unlikely that 2.0 or earlier is still in use, and if so, -1) that's a big security hole -2) code wouldnt compile anyway since noone tested build in the last decade -3) user of it wouldn't expect anyway to get bleeding edge sw built on it, - so he would just use the latest version that works for him. - -Closes #52 - -Signed-off-by: rofl0r <retnyg@gmx.net> -Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com> ---- - libnet/src/libnet_link_linux.c | 11 ----------- - 1 file changed, 11 deletions(-) - -diff --git a/src/libnet_link_linux.c b/src/libnet_link_linux.c -index 054458d..3c6df3c 100644 ---- a/src/libnet_link_linux.c -+++ b/src/libnet_link_linux.c -@@ -30,26 +30,15 @@ - #include <sys/time.h> - - #include <net/if.h> --#if (__GLIBC__) - #include <netinet/if_ether.h> - #include <net/if_arp.h> --#else --#include <linux/if_arp.h> --#include <linux/if_ether.h> --#endif - - #if (HAVE_PACKET_SOCKET) - #ifndef SOL_PACKET - #define SOL_PACKET 263 - #endif /* SOL_PACKET */ --#if __GLIBC__ >= 2 && __GLIBC_MINOR >= 1 - #include <netpacket/packet.h> - #include <net/ethernet.h> /* the L2 protocols */ --#else --#include <asm/types.h> --#include <linux/if_packet.h> --#include <linux/if_ether.h> /* The L2 protocols */ --#endif - #endif /* HAVE_PACKET_SOCKET */ - - #include "../include/libnet.h" --- -1.9.1 - diff --git a/meta-openembedded/meta-oe/recipes-connectivity/libnet/libnet/0001-Use-standard-int64_t-instead-of-__int64_t-for-mingw-.patch b/meta-openembedded/meta-oe/recipes-connectivity/libnet/libnet/0001-Use-standard-int64_t-instead-of-__int64_t-for-mingw-.patch new file mode 100644 index 0000000000..f1c607dd8a --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-connectivity/libnet/libnet/0001-Use-standard-int64_t-instead-of-__int64_t-for-mingw-.patch @@ -0,0 +1,31 @@ +From a1659e261888bdbed51803132d52d9a6c6803c8a Mon Sep 17 00:00:00 2001 +From: Joachim Nilsson <troglobit@gmail.com> +Date: Sat, 19 Oct 2019 12:26:26 +0200 +Subject: [PATCH] Use standard int64_t instead of __int64_t for mingw cross + build + +Signed-off-by: Joachim Nilsson <troglobit@gmail.com> +--- + include/libnet/libnet-structures.h | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/include/libnet/libnet-structures.h b/include/libnet/libnet-structures.h +index 6084caa..34fffc6 100644 +--- a/include/libnet/libnet-structures.h ++++ b/include/libnet/libnet-structures.h +@@ -49,9 +49,9 @@ struct libnet_port_list_chain + /* libnet statistics structure */ + struct libnet_stats + { +- __int64_t packets_sent; /* packets sent */ +- __int64_t packet_errors; /* packets errors */ +- __int64_t bytes_written; /* bytes written */ ++ int64_t packets_sent; /* packets sent */ ++ int64_t packet_errors; /* packets errors */ ++ int64_t bytes_written; /* bytes written */ + }; + + +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-connectivity/libnet/libnet_1.2-rc3.bb b/meta-openembedded/meta-oe/recipes-connectivity/libnet/libnet_1.2-rc3.bb deleted file mode 100644 index 785abf66d6..0000000000 --- a/meta-openembedded/meta-oe/recipes-connectivity/libnet/libnet_1.2-rc3.bb +++ /dev/null @@ -1,24 +0,0 @@ -SUMMARY = "A packet dissection and creation library" -# libnet at packetfactory.net is dead -HOMEPAGE = "https://github.com/sam-github/libnet" -SECTION = "libs" -LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://doc/COPYING;md5=3ec839e00408b484d33b472a86b7c266" -DEPENDS = "libpcap" -# There are major API changes beween libnet v1.0 and libnet v1.1 -PROVIDES = "libnet-1.2rc2" - -SRC_URI = "${SOURCEFORGE_MIRROR}/libnet-dev/${BPN}-${PV}.tar.gz \ - file://0001-Support-musl-libc-remove-support-for-glibc-2.1.patch \ - " - -SRC_URI[md5sum] = "f051e6e5bdecddb90f77c701c2ca1804" -SRC_URI[sha256sum] = "72c380785ad44183005e654b47cc12485ee0228d7fa6b0a87109ff7614be4a63" - -UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/libnet-dev/files/" -UPSTREAM_CHECK_REGEX = "libnet-(?P<pver>\d+(\.\d+)+-*[a-z]*\d*)\.tar" - -S = "${WORKDIR}/${BPN}-${PV}" - -inherit autotools binconfig - diff --git a/meta-openembedded/meta-oe/recipes-connectivity/libnet/libnet_1.2.bb b/meta-openembedded/meta-oe/recipes-connectivity/libnet/libnet_1.2.bb new file mode 100644 index 0000000000..a996f9404b --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-connectivity/libnet/libnet_1.2.bb @@ -0,0 +1,19 @@ +SUMMARY = "A packet dissection and creation library" +HOMEPAGE = "https://github.com/libnet/libnet" + +SECTION = "libs" + +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=07f291bf6e78efa05cec668cf6a09acc" + +DEPENDS = "libpcap" + +SRC_URI = "git://github.com/libnet/libnet.git;protocol=https;branch=master \ + file://0001-Use-standard-int64_t-instead-of-__int64_t-for-mingw-.patch" + +SRC_URI[sha256sum] = "1e9e9054d688b059bcbaf878d8c4fbf69bfc0c9386cd4e7779fbb53339050d2e" +SRCREV = "deeeeaeb84f8bc5d2299913d4ccf53d0d4c26966" + +S = "${WORKDIR}/git" + +inherit autotools binconfig diff --git a/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.3.2.bb b/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.3.2.bb index 21297f2c4e..0ce0513f3b 100644 --- a/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.3.2.bb +++ b/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.3.2.bb @@ -24,21 +24,29 @@ PACKAGECONFIG[libuv] = "-DLWS_WITH_LIBUV=ON,-DLWS_WITH_LIBUV=OFF,libuv" PACKAGECONFIG[server] = "-DLWS_WITHOUT_SERVER=OFF,-DLWS_WITHOUT_SERVER=ON," PACKAGECONFIG[ssl] = "-DLWS_WITH_SSL=ON,-DLWS_WITH_SSL=OFF,openssl" PACKAGECONFIG[static] = "-DLWS_WITH_STATIC=ON,-DLWS_WITH_STATIC=OFF -DLWS_LINK_TESTAPPS_DYNAMIC=ON," +PACKAGECONFIG[systemd] = "-DLWS_WITH_SDEVENT=ON,-DLWS_WITH_SDEVENT=OFF,systemd" + +python __anonymous() { + if bb.utils.contains('PACKAGECONFIG', 'systemd', True, False, d) and not bb.utils.contains('DISTRO_FEATURES', 'systemd', True, False, d): + bb.fatal("PACKAGECONFIG contains systemd but DISTRO_FEATURES doesn't") +} EXTRA_OECMAKE += " \ -DLIB_SUFFIX=${@d.getVar('baselib').replace('lib', '')} \ " -PACKAGES =+ "${PN}-testapps ${PN}-evlib-event ${PN}-evlib-uv ${PN}-evlib-ev" +PACKAGES =+ "${PN}-testapps ${PN}-evlib-event ${PN}-evlib-uv ${PN}-evlib-ev ${PN}-evlib-sd" FILES:${PN}-testapps += "${datadir}/libwebsockets-test-server/* ${bindir}/libwebsockets-test-*" FILES:${PN}-evlib-event += "${libdir}/libwebsockets-evlib_event.so" FILES:${PN}-evlib-uv += "${libdir}/libwebsockets-evlib_uv.so" FILES:${PN}-evlib-ev += "${libdir}/libwebsockets-evlib_ev.so" +FILES:${PN}-evlib-sd += "${libdir}/libwebsockets-evlib_sd.so" RDEPENDS:${PN} += " ${@bb.utils.contains('PACKAGECONFIG', 'libevent', '${PN}-evlib-event', '', d)}" RDEPENDS:${PN} += " ${@bb.utils.contains('PACKAGECONFIG', 'libuv', '${PN}-evlib-uv', '', d)}" RDEPENDS:${PN} += " ${@bb.utils.contains('PACKAGECONFIG', 'libev', '${PN}-evlib-ev', '', d)}" +RDEPENDS:${PN} += " ${@bb.utils.contains('PACKAGECONFIG', 'systemd', '${PN}-evlib-sd', '', d)}" RDEPENDS:${PN}-dev += " ${@bb.utils.contains('PACKAGECONFIG', 'static', '${PN}-staticdev', '', d)}" diff --git a/meta-openembedded/meta-oe/recipes-core/plymouth/files/0001-Fix-daemon-install-ignoring-configured-runstatedir.patch b/meta-openembedded/meta-oe/recipes-core/plymouth/files/0001-Fix-daemon-install-ignoring-configured-runstatedir.patch new file mode 100644 index 0000000000..e04917e305 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-core/plymouth/files/0001-Fix-daemon-install-ignoring-configured-runstatedir.patch @@ -0,0 +1,30 @@ +From 4c90a66fb7fd9dbb861c5a888fc828f3795fe540 Mon Sep 17 00:00:00 2001 +From: Ben Brown <ben@demerara.io> +Date: Tue, 19 Jul 2022 16:12:12 +0100 +Subject: [PATCH] Fix daemon install ignoring configured runstatedir + +Upstream-Status: Backport + +Signed-off-by: Ben Brown <ben@demerara.io> +Signed-off-by: Ming Liu <liu.ming50@gmail.com> + +--- + src/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/Makefile.am b/src/Makefile.am +index ad3655d..abd7a4c 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -37,7 +37,7 @@ escrow_PROGRAMS = plymouthd-fd-escrow + + plymouthd_fd_escrow_SOURCES = plymouthd-fd-escrow.c + +-plymouthdrundir = $(localstatedir)/run/plymouth ++plymouthdrundir = $(plymouthruntimedir) + plymouthdspooldir = $(localstatedir)/spool/plymouth + plymouthdtimedir = $(localstatedir)/lib/plymouth + +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-core/plymouth/files/0001-Use-standard-runstatedir-vs-custom-flag.patch b/meta-openembedded/meta-oe/recipes-core/plymouth/files/0001-Use-standard-runstatedir-vs-custom-flag.patch new file mode 100644 index 0000000000..e351098f35 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-core/plymouth/files/0001-Use-standard-runstatedir-vs-custom-flag.patch @@ -0,0 +1,50 @@ +From 97012d2c38b84fffb32867fb5eeac64a93455626 Mon Sep 17 00:00:00 2001 +From: Ben Brown <ben@demerara.io> +Date: Tue, 19 Jul 2022 16:10:24 +0100 +Subject: [PATCH] Use standard runstatedir vs custom flag + +Upstream-Status: Backport + +--- + configure.ac | 11 ++--------- + 1 file changed, 2 insertions(+), 9 deletions(-) + +Signed-off-by: Ben Brown <ben@demerara.io> +Signed-off-by: Ming Liu <liu.ming50@gmail.com> + +diff --git a/configure.ac b/configure.ac +index 608ad02..34a2f2c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -140,9 +140,7 @@ if test x$enable_systemd_integration = xyes; then + AC_SUBST(SYSTEMD_UNIT_DIR) + fi + +-AC_ARG_WITH([runtimedir], +- AC_HELP_STRING([--with-runtimedir=DIR], [runtime data dir [LOCALSTATEDIR/run]]), +- [plymouthruntimedir=${withval}/plymouth], [plymouthruntimedir=""]) ++AC_ARG_WITH([runtimedir], [], [AC_MSG_ERROR([--with-runtimedir is obsolete, use --runstatedir instead])], []) + + AC_ARG_WITH(system-root-install, AS_HELP_STRING([--with-system-root-install],[Install client in /bin and daemon in /sbin]),with_system_root_install=${withval},with_system_root_install=no) + AM_CONDITIONAL(WITH_SYSTEM_ROOT_INSTALL, [test "$with_system_root_install" = yes]) +@@ -150,16 +148,11 @@ AM_CONDITIONAL(WITH_SYSTEM_ROOT_INSTALL, [test "$with_system_root_install" = ye + if test x$with_system_root_install = xyes; then + plymouthclientdir=/bin + plymouthdaemondir=/sbin +- if (test -z "${plymouthruntimedir}"); then +- plymouthruntimedir=/run/plymouth +- fi + else + plymouthclientdir=$bindir + plymouthdaemondir=$sbindir +- if (test -z "${plymouthruntimedir}"); then +- plymouthruntimedir=$localstatedir/run/plymouth +- fi + fi ++plymouthruntimedir=$runstatedir/plymouth + AC_SUBST(plymouthclientdir) + AC_SUBST(plymouthdaemondir) + AC_SUBST(plymouthruntimedir) +-- +2.25.1 + diff --git a/meta-openembedded/meta-oe/recipes-core/plymouth/plymouth_0.9.5.bb b/meta-openembedded/meta-oe/recipes-core/plymouth/plymouth_22.02.122.bb index 143ffa10d1..469914cd47 100644 --- a/meta-openembedded/meta-oe/recipes-core/plymouth/plymouth_0.9.5.bb +++ b/meta-openembedded/meta-oe/recipes-core/plymouth/plymouth_22.02.122.bb @@ -1,62 +1,58 @@ SUMMARY = "Plymouth is a project from Fedora providing a flicker-free graphical boot process." - DESCRIPTION = "Plymouth is an application that runs very early in the boot process \ - (even before the root filesystem is mounted!) that provides a \ - graphical boot animation while the boot process happens in the background. \ -" - +(even before the root filesystem is mounted!) that provides a \ +graphical boot animation while the boot process happens in the background." HOMEPAGE = "http://www.freedesktop.org/wiki/Software/Plymouth" SECTION = "base" LICENSE = "GPL-2.0-or-later" - LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" -DEPENDS = "libcap libpng cairo dbus udev" -DEPENDS:append:libc-musl = " musl-rpmatch" -PROVIDES = "virtual/psplash" -RPROVIDES:${PN} = "virtual-psplash virtual-psplash-support" - SRC_URI = " \ http://www.freedesktop.org/software/plymouth/releases/${BPN}-${PV}.tar.xz \ file://0001-Make-full-path-to-systemd-tty-ask-password-agent-con.patch \ - file://0001-systemd-switch-to-KillMode-mixed.patch \ file://0001-plymouth-start-service-in-add-related-kernel-paramet.patch \ file://0001-plymouth-Add-the-retain-splash-option.patch \ - " + file://0001-Use-standard-runstatedir-vs-custom-flag.patch \ + file://0001-Fix-daemon-install-ignoring-configured-runstatedir.patch \ +" -SRC_URI[md5sum] = "8a25d23f3ae732af300a56fa33cacff2" +SRC_URI[sha256sum] = "100551442221033ce868c447ad6c74d831d209c18ae232b98ae0207e34eadaeb" -EXTRA_OECONF += " --enable-shared --disable-static --disable-gtk --disable-documentation \ - --with-logo=${LOGO} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-systemd-integration --with-systemd-tty-ask-password-agent=${base_bindir}/systemd-tty-ask-password-agent', '--disable-systemd-integration', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'usrmerge','--without-system-root-install','--with-system-root-install',d)} \ -" +LOGO ??= "${datadir}/plymouth/bizcom.png" +RUNSTATEDIR ??= "${localstatedir}/run" + +EXTRA_OECONF = "--runstatedir=${RUNSTATEDIR}" -PACKAGECONFIG ??= "pango initrd" +PACKAGECONFIG ??= "initrd logo pango udev ${@bb.utils.filter('DISTRO_FEATURES', 'systemd usrmerge', d)}" PACKAGECONFIG:append:x86 = " drm" PACKAGECONFIG:append:x86-64 = " drm" PACKAGECONFIG[drm] = "--enable-drm,--disable-drm,libdrm" -PACKAGECONFIG[pango] = "--enable-pango,--disable-pango,pango" +PACKAGECONFIG[documentation] = "--enable-documentation,--disable-documentation" +PACKAGECONFIG[initrd] = ",," PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+3" -PACKAGECONFIG[initrd] = ",,," - -LOGO ??= "${datadir}/plymouth/bizcom.png" +PACKAGECONFIG[logo] = "--with-logo=${LOGO},--without-logo" +PACKAGECONFIG[pango] = "--enable-pango,--disable-pango,pango" +PACKAGECONFIG[systemd] = "--enable-systemd-integration --with-systemd-tty-ask-password-agent=${base_bindir}/systemd-tty-ask-password-agent,--disable-systemd-integration,systemd" +PACKAGECONFIG[udev] = "--with-udev,--without-udev,udev" +PACKAGECONFIG[upstart-monitoring] = "--enable-upstart-monitoring,--disable-upstart-monitoring,ncurses dbus" +PACKAGECONFIG[usrmerge] = "--without-system-root-install,--with-system-root-install" inherit autotools pkgconfig systemd gettext -LDFLAGS:append:libc-musl = " -lrpmatch" - do_install:append() { # Remove /var/run from package as plymouth will populate it on startup - rm -fr "${D}${localstatedir}/run" + rm -fr ${D}${RUNSTATEDIR} if ! ${@bb.utils.contains('PACKAGECONFIG', 'initrd', 'true', 'false', d)}; then rm -rf "${D}${libexecdir}" fi } +PROVIDES = "virtual/psplash" +RPROVIDES:${PN} = "virtual-psplash virtual-psplash-support" + PACKAGES =. "${@bb.utils.contains('PACKAGECONFIG', 'initrd', '${PN}-initrd ', '', d)}" PACKAGES =+ "${PN}-set-default-theme" @@ -66,6 +62,10 @@ FILES:${PN}-set-default-theme = "${sbindir}/plymouth-set-default-theme" FILES:${PN} += "${systemd_unitdir}/system/*" FILES:${PN}-dbg += "${libdir}/plymouth/renderers/.debug" +DEPENDS = "libcap libpng" +DEPENDS:append:libc-musl = " musl-rpmatch" + +LDFLAGS:append:libc-musl = " -lrpmatch" RDEPENDS:${PN}-initrd = "bash dracut" RDEPENDS:${PN}-set-default-theme = "bash" diff --git a/meta-openembedded/meta-oe/recipes-extended/jansson/jansson/0001-Fix-overwriting-linker-flags.patch b/meta-openembedded/meta-oe/recipes-extended/jansson/jansson/0001-Fix-overwriting-linker-flags.patch new file mode 100644 index 0000000000..5eee6f85aa --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/jansson/jansson/0001-Fix-overwriting-linker-flags.patch @@ -0,0 +1,29 @@ +From fe6e8eec7e7df4f1e72f0c9d9337b1fe11236687 Mon Sep 17 00:00:00 2001 +From: Thomas Heinrichs <46387399+Thomas1664@users.noreply.github.com> +Date: Thu, 28 Apr 2022 17:36:54 +0200 +Subject: [PATCH] Fix overwriting linker flags + +Upstream-Status: Backport +[https://github.com/akheron/jansson/commit/fe6e8eec7e7df4f1e72f0c9d9337b1fe11236687] +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> + +--- + CMakeLists.txt | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 39b9ad365f78..ed33e3c47f70 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -342,7 +342,7 @@ if(JANSSON_BUILD_SHARED_LIBS) + ) + list(REMOVE_ITEM CMAKE_REQUIRED_LIBRARIES "-Wl,--version-script,${CMAKE_CURRENT_BINARY_DIR}/jansson.sym") + if (VSCRIPT_WORKS) +- set(CMAKE_SHARED_LINKER_FLAGS "-Wl,--version-script,${CMAKE_CURRENT_BINARY_DIR}/jansson.sym") ++ set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,--version-script,${CMAKE_CURRENT_BINARY_DIR}/jansson.sym") + endif() + endif() + +-- +2.35.1 + diff --git a/meta-openembedded/meta-oe/recipes-extended/jansson/jansson/0001-Honour-multilib-paths.patch b/meta-openembedded/meta-oe/recipes-extended/jansson/jansson/0001-Honour-multilib-paths.patch new file mode 100644 index 0000000000..513d109459 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/jansson/jansson/0001-Honour-multilib-paths.patch @@ -0,0 +1,63 @@ +From e66885e66a2ce7fd916933b12d1ba523a25141e4 Mon Sep 17 00:00:00 2001 +From: Alex Kiernan <alex.kiernan@gmail.com> +Date: Mon, 3 Oct 2022 13:25:05 +0100 +Subject: [PATCH] Honour multilib paths + +Upstream-Status: Pending +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +--- + CMakeLists.txt | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 39b9ad365f78..bf297e936a72 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -20,8 +20,8 @@ endif () + + # Set some nicer output dirs. + set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/bin) +-set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/lib) +-set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/lib) ++set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_INSTALL_LIBDIR}) ++set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_INSTALL_LIBDIR}) + set(JANSSON_TEMP_DIR ${CMAKE_CURRENT_BINARY_DIR}/tmp) + + # Give the debug version a different postfix for windows, +@@ -573,14 +573,14 @@ endif () + # + + # Allow the user to override installation directories. +-set(JANSSON_INSTALL_LIB_DIR lib CACHE PATH "Installation directory for libraries") ++set(JANSSON_INSTALL_LIB_DIR ${CMAKE_INSTALL_LIBDIR} CACHE PATH "Installation directory for libraries") + set(JANSSON_INSTALL_BIN_DIR bin CACHE PATH "Installation directory for executables") + set(JANSSON_INSTALL_INCLUDE_DIR include CACHE PATH "Installation directory for header files") + + if(WIN32 AND NOT CYGWIN) + set(DEF_INSTALL_CMAKE_DIR cmake) + else() +- set(DEF_INSTALL_CMAKE_DIR lib/cmake/jansson) ++ set(DEF_INSTALL_CMAKE_DIR ${CMAKE_INSTALL_LIBDIR}/cmake/jansson) + endif() + + set(JANSSON_INSTALL_CMAKE_DIR ${DEF_INSTALL_CMAKE_DIR} CACHE PATH "Installation directory for CMake files") +@@ -633,8 +633,8 @@ option(JANSSON_INSTALL "Generate installation target" ON) + if (JANSSON_INSTALL) + install(TARGETS jansson + EXPORT janssonTargets +- LIBRARY DESTINATION "lib" +- ARCHIVE DESTINATION "lib" ++ LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}" ++ ARCHIVE DESTINATION "${CMAKE_INSTALL_LIBDIR}" + RUNTIME DESTINATION "bin" + INCLUDES DESTINATION "include") + +@@ -644,7 +644,7 @@ if (JANSSON_INSTALL) + # Install the pkg-config. + install(FILES + ${CMAKE_CURRENT_BINARY_DIR}/jansson.pc +- DESTINATION lib/pkgconfig) ++ DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) + + # Install the configs. + install(FILES diff --git a/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.14.bb b/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.14.bb index 94bb99ab71..833060686a 100644 --- a/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.14.bb +++ b/meta-openembedded/meta-oe/recipes-extended/jansson/jansson_2.14.bb @@ -4,7 +4,10 @@ BUGTRACKER = "https://github.com/akheron/jansson/issues" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=afd92c4cfc08f4896003251b878cc0bf" -SRC_URI = "https://github.com/akheron/${BPN}/releases/download/v${PV}/${BP}.tar.bz2" +SRC_URI = "https://github.com/akheron/${BPN}/releases/download/v${PV}/${BP}.tar.bz2 \ + file://0001-Fix-overwriting-linker-flags.patch \ + file://0001-Honour-multilib-paths.patch \ + " SRC_URI[sha256sum] = "fba956f27c6ae56ce6dfd52fbf9d20254aad42821f74fa52f83957625294afb9" UPSTREAM_CHECK_URI = "https://github.com/akheron/${BPN}/releases" @@ -12,4 +15,6 @@ UPSTREAM_CHECK_REGEX = "${BPN}-(?P<pver>\d+(\.\d+)+)\.tar" inherit cmake pkgconfig +EXTRA_OECMAKE = "-DJANSSON_BUILD_SHARED_LIBS=${@ 'OFF' if d.getVar('DISABLE_STATIC') == '' else 'ON' }" + BBCLASSEXTEND = "native" diff --git a/meta-openembedded/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb b/meta-openembedded/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb index e2992b5dd9..50c501574b 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/libsdl/libsdl_1.2.15.bb @@ -80,3 +80,6 @@ do_configure:prepend() { } BBCLASSEXTEND = "native nativesdk" + +#CVE-2019-14906 is a RHEL specific vulnerability. +CVE_CHECK_IGNORE += "CVE-2019-14906" diff --git a/meta-openembedded/meta-oe/recipes-graphics/xorg-app/xterm_372.bb b/meta-openembedded/meta-oe/recipes-graphics/xorg-app/xterm_373.bb index 3e1e9d7042..bc555cbcd9 100644 --- a/meta-openembedded/meta-oe/recipes-graphics/xorg-app/xterm_372.bb +++ b/meta-openembedded/meta-oe/recipes-graphics/xorg-app/xterm_373.bb @@ -8,7 +8,7 @@ SRC_URI = "http://invisible-mirror.net/archives/${BPN}/${BP}.tgz \ file://0001-Add-configure-time-check-for-setsid.patch \ " -SRC_URI[sha256sum] = "c6d08127cb2409c3a04bcae559b7025196ed770bb7bf26630abcb45d95f60ab1" +SRC_URI[sha256sum] = "deb0989473a63908b5a8d44dfeea8301c8710f6ce01fb57ce8c30002375746b6" PACKAGECONFIG ?= "" PACKAGECONFIG[xft] = "--enable-freetype,--disable-freetype,libxft fontconfig freetype-native" @@ -27,6 +27,8 @@ EXTRA_OECONF = " --x-includes=${STAGING_INCDIR} \ B = "${S}" +CFLAGS += "-D_GNU_SOURCE" + do_configure() { gnu-configize --force sed -e "s%/usr/contrib/X11R6%${STAGING_LIBDIR}%g" -i configure diff --git a/meta-openembedded/meta-oe/recipes-graphics/xorg-driver/xf86-video-ati/0001-Fix-link-failure-with-gcc-10.patch b/meta-openembedded/meta-oe/recipes-graphics/xorg-driver/xf86-video-ati/0001-Fix-link-failure-with-gcc-10.patch deleted file mode 100644 index 7dfa233423..0000000000 --- a/meta-openembedded/meta-oe/recipes-graphics/xorg-driver/xf86-video-ati/0001-Fix-link-failure-with-gcc-10.patch +++ /dev/null @@ -1,34 +0,0 @@ -From cebbeaa9d0bdc18377faef27ea9ffd38e509d180 Mon Sep 17 00:00:00 2001 -From: Adam Jackson <ajax@redhat.com> -Date: Tue, 4 Feb 2020 16:38:06 -0500 -Subject: [PATCH] Fix link failure with gcc 10 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Without the 'extern' this looks like a definition not just a -declaration, in every file that includes the header. gcc 10 is stricter -about this kind of multiple definition. - -Upstream-Status: Backport [https://cgit.freedesktop.org/xorg/driver/xf86-video-ati/commit/?id=f223035f4ffcff2a9296d1e907a5193f8e8845a3] -Reviewed-by: Michel Dänzer <mdaenzer@redhat.com> ---- - src/drmmode_display.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/drmmode_display.h b/src/drmmode_display.h -index 96eaef0..8cd8a0a 100644 ---- a/src/drmmode_display.h -+++ b/src/drmmode_display.h -@@ -262,7 +262,7 @@ Bool drmmode_wait_vblank(xf86CrtcPtr crtc, drmVBlankSeqType type, - uint64_t *ust, uint32_t *result_seq); - - --miPointerSpriteFuncRec drmmode_sprite_funcs; -+extern miPointerSpriteFuncRec drmmode_sprite_funcs; - - - #endif --- -2.28.0 - diff --git a/meta-openembedded/meta-oe/recipes-graphics/xorg-driver/xf86-video-ati/0001-ati-cleanup-terminology-to-use-primary-secondary.patch b/meta-openembedded/meta-oe/recipes-graphics/xorg-driver/xf86-video-ati/0001-ati-cleanup-terminology-to-use-primary-secondary.patch deleted file mode 100644 index cda2c2f146..0000000000 --- a/meta-openembedded/meta-oe/recipes-graphics/xorg-driver/xf86-video-ati/0001-ati-cleanup-terminology-to-use-primary-secondary.patch +++ /dev/null @@ -1,369 +0,0 @@ -From 6e035c007876ffe972a497681dd3debdc806e979 Mon Sep 17 00:00:00 2001 -From: Dave Airlie <airlied@redhat.com> -Date: Mon, 13 Jul 2020 09:11:28 +1000 -Subject: [PATCH] ati: cleanup terminology to use primary/secondary - -The X server changed some API/ABIs here. - -Based on amdgpu patch by Michel ---- -Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/driver/xf86-video-ati/-/commit/8da3e4561ef82bb78c9a17b8cd8bf139b9cfd680.patch] -man/radeon.man | 2 +- - src/compat-api.h | 6 ++++ - src/drmmode_display.c | 4 +-- - src/evergreen_state.h | 2 +- - src/r600_state.h | 2 +- - src/radeon.h | 10 +++--- - src/radeon_exa.c | 2 +- - src/radeon_glamor.c | 2 +- - src/radeon_kms.c | 74 +++++++++++++++++++++---------------------- - 9 files changed, 55 insertions(+), 49 deletions(-) - -diff --git a/man/radeon.man b/man/radeon.man -index dcebf53..247dcdb 100644 ---- a/man/radeon.man -+++ b/man/radeon.man -@@ -290,7 +290,7 @@ on. If this option is set, the default value of the property is 'on' or 'off' - accordingly. If this option isn't set, the default value of the property is - .B auto, - which means that TearFree is on for rotated outputs, outputs with RandR --transforms applied and for RandR 1.4 slave outputs, otherwise off. -+transforms applied and for RandR 1.4 secondary outputs, otherwise off. - .TP - .BI "Option \*qAccelMethod\*q \*q" "string" \*q - Chooses between available acceleration architectures. Valid values are -diff --git a/src/compat-api.h b/src/compat-api.h -index f4e7524..def6d3e 100644 ---- a/src/compat-api.h -+++ b/src/compat-api.h -@@ -34,4 +34,10 @@ - #define BLOCKHANDLER_ARGS pScreen, pTimeout, pReadmask - #endif - -+#if ABI_VIDEODRV_VERSION < SET_ABI_VERSION(25, 2) -+#define current_primary current_master -+#define primary_pixmap master_pixmap -+#define secondary_dst slave_dst -+#endif -+ - #endif -diff --git a/src/drmmode_display.c b/src/drmmode_display.c -index 0e9e247..3dec91e 100644 ---- a/src/drmmode_display.c -+++ b/src/drmmode_display.c -@@ -720,7 +720,7 @@ drmmode_crtc_prime_scanout_update(xf86CrtcPtr crtc, DisplayModePtr mode, - xorg_list_for_each_entry(dirty, &screen->pixmap_dirty_list, - ent) { - if (radeon_dirty_src_equals(dirty, drmmode_crtc->prime_scanout_pixmap)) { -- dirty->slave_dst = -+ dirty->secondary_dst = - drmmode_crtc->scanout[scanout_id].pixmap; - break; - } -@@ -1356,7 +1356,7 @@ drmmode_set_scanout_pixmap(xf86CrtcPtr crtc, PixmapPtr ppix) - - xorg_list_for_each_entry(dirty, &screen->pixmap_dirty_list, ent) { - if (radeon_dirty_src_equals(dirty, drmmode_crtc->prime_scanout_pixmap)) { -- PixmapStopDirtyTracking(dirty->src, dirty->slave_dst); -+ PixmapStopDirtyTracking(dirty->src, dirty->secondary_dst); - break; - } - } -diff --git a/src/evergreen_state.h b/src/evergreen_state.h -index 7e54e1c..34ba87b 100644 ---- a/src/evergreen_state.h -+++ b/src/evergreen_state.h -@@ -350,7 +350,7 @@ extern void *RADEONEXACreatePixmap2(ScreenPtr pScreen, int width, int height, - int *new_pitch); - extern void RADEONEXADestroyPixmap(ScreenPtr pScreen, void *driverPriv); - extern Bool RADEONEXAPixmapIsOffscreen(PixmapPtr pPix); --extern Bool RADEONEXASharePixmapBacking(PixmapPtr ppix, ScreenPtr slave, void **handle_p); -+extern Bool RADEONEXASharePixmapBacking(PixmapPtr ppix, ScreenPtr secondary, void **handle_p); - extern Bool RADEONEXASetSharedPixmapBacking(PixmapPtr ppix, void *handle); - - #endif -diff --git a/src/r600_state.h b/src/r600_state.h -index 3434599..567c3ca 100644 ---- a/src/r600_state.h -+++ b/src/r600_state.h -@@ -321,6 +321,6 @@ extern void *RADEONEXACreatePixmap2(ScreenPtr pScreen, int width, int height, - int *new_pitch); - extern void RADEONEXADestroyPixmap(ScreenPtr pScreen, void *driverPriv); - extern Bool RADEONEXAPixmapIsOffscreen(PixmapPtr pPix); --extern Bool RADEONEXASharePixmapBacking(PixmapPtr ppix, ScreenPtr slave, void **handle_p); -+extern Bool RADEONEXASharePixmapBacking(PixmapPtr ppix, ScreenPtr secondary, void **handle_p); - extern Bool RADEONEXASetSharedPixmapBacking(PixmapPtr ppix, void *handle); - #endif -diff --git a/src/radeon.h b/src/radeon.h -index 2c91346..85fd021 100644 ---- a/src/radeon.h -+++ b/src/radeon.h -@@ -182,18 +182,18 @@ typedef enum { - - - static inline ScreenPtr --radeon_master_screen(ScreenPtr screen) -+radeon_primary_screen(ScreenPtr screen) - { -- if (screen->current_master) -- return screen->current_master; -+ if (screen->current_primary) -+ return screen->current_primary; - - return screen; - } - - static inline ScreenPtr --radeon_dirty_master(PixmapDirtyUpdatePtr dirty) -+radeon_dirty_primary(PixmapDirtyUpdatePtr dirty) - { -- return radeon_master_screen(dirty->slave_dst->drawable.pScreen); -+ return radeon_primary_screen(dirty->secondary_dst->drawable.pScreen); - } - - static inline DrawablePtr -diff --git a/src/radeon_exa.c b/src/radeon_exa.c -index 268155e..320ff99 100644 ---- a/src/radeon_exa.c -+++ b/src/radeon_exa.c -@@ -282,7 +282,7 @@ void RADEONEXADestroyPixmap(ScreenPtr pScreen, void *driverPriv) - free(driverPriv); - } - --Bool RADEONEXASharePixmapBacking(PixmapPtr ppix, ScreenPtr slave, void **fd_handle) -+Bool RADEONEXASharePixmapBacking(PixmapPtr ppix, ScreenPtr seconndary, void **fd_handle) - { - struct radeon_exa_pixmap_priv *driver_priv = exaGetPixmapDriverPrivate(ppix); - -diff --git a/src/radeon_glamor.c b/src/radeon_glamor.c -index f109838..ccf9994 100644 ---- a/src/radeon_glamor.c -+++ b/src/radeon_glamor.c -@@ -366,7 +366,7 @@ radeon_glamor_set_pixmap_bo(DrawablePtr drawable, PixmapPtr pixmap) - - - static Bool --radeon_glamor_share_pixmap_backing(PixmapPtr pixmap, ScreenPtr slave, -+radeon_glamor_share_pixmap_backing(PixmapPtr pixmap, ScreenPtr secondary, - void **handle_p) - { - ScreenPtr screen = pixmap->drawable.pScreen; -diff --git a/src/radeon_kms.c b/src/radeon_kms.c -index b3db7c4..62962d6 100644 ---- a/src/radeon_kms.c -+++ b/src/radeon_kms.c -@@ -559,8 +559,8 @@ dirty_region(PixmapDirtyUpdatePtr dirty) - if (dirty->rotation != RR_Rotate_0) { - dstregion = transform_region(damageregion, - &dirty->f_inverse, -- dirty->slave_dst->drawable.width, -- dirty->slave_dst->drawable.height); -+ dirty->secondary_dst->drawable.width, -+ dirty->secondary_dst->drawable.height); - } else - #endif - { -@@ -568,7 +568,7 @@ dirty_region(PixmapDirtyUpdatePtr dirty) - - dstregion = RegionDuplicate(damageregion); - RegionTranslate(dstregion, -dirty->x, -dirty->y); -- PixmapRegionInit(&pixregion, dirty->slave_dst); -+ PixmapRegionInit(&pixregion, dirty->secondary_dst); - RegionIntersect(dstregion, dstregion, &pixregion); - RegionUninit(&pixregion); - } -@@ -585,8 +585,8 @@ redisplay_dirty(PixmapDirtyUpdatePtr dirty, RegionPtr region) - if (RegionNil(region)) - goto out; - -- if (dirty->slave_dst->master_pixmap) -- DamageRegionAppend(&dirty->slave_dst->drawable, region); -+ if (dirty->secondary_dst->primary_pixmap) -+ DamageRegionAppend(&dirty->secondary_dst->drawable, region); - - #ifdef HAS_DIRTYTRACKING_ROTATION - PixmapSyncDirtyHelper(dirty); -@@ -595,8 +595,8 @@ redisplay_dirty(PixmapDirtyUpdatePtr dirty, RegionPtr region) - #endif - - radeon_cs_flush_indirect(src_scrn); -- if (dirty->slave_dst->master_pixmap) -- DamageRegionProcessPending(&dirty->slave_dst->drawable); -+ if (dirty->secondary_dst->primary_pixmap) -+ DamageRegionProcessPending(&dirty->secondary_dst->drawable); - - out: - DamageEmpty(dirty->damage); -@@ -613,12 +613,12 @@ radeon_prime_scanout_update_abort(xf86CrtcPtr crtc, void *event_data) - void - radeon_sync_shared_pixmap(PixmapDirtyUpdatePtr dirty) - { -- ScreenPtr master_screen = radeon_dirty_master(dirty); -+ ScreenPtr primary_screen = radeon_dirty_primary(dirty); - PixmapDirtyUpdatePtr ent; - RegionPtr region; - -- xorg_list_for_each_entry(ent, &master_screen->pixmap_dirty_list, ent) { -- if (!radeon_dirty_src_equals(dirty, ent->slave_dst)) -+ xorg_list_for_each_entry(ent, &primary_screen->pixmap_dirty_list, ent) { -+ if (!radeon_dirty_src_equals(dirty, ent->secondary_dst)) - continue; - - region = dirty_region(ent); -@@ -631,45 +631,45 @@ radeon_sync_shared_pixmap(PixmapDirtyUpdatePtr dirty) - #if HAS_SYNC_SHARED_PIXMAP - - static Bool --master_has_sync_shared_pixmap(ScrnInfoPtr scrn, PixmapDirtyUpdatePtr dirty) -+primary_has_sync_shared_pixmap(ScrnInfoPtr scrn, PixmapDirtyUpdatePtr dirty) - { -- ScreenPtr master_screen = radeon_dirty_master(dirty); -+ ScreenPtr primary_screen = radeon_dirty_primary(dirty); - -- return !!master_screen->SyncSharedPixmap; -+ return !!primary_screen->SyncSharedPixmap; - } - - static Bool --slave_has_sync_shared_pixmap(ScrnInfoPtr scrn, PixmapDirtyUpdatePtr dirty) -+secondary_has_sync_shared_pixmap(ScrnInfoPtr scrn, PixmapDirtyUpdatePtr dirty) - { -- ScreenPtr slave_screen = dirty->slave_dst->drawable.pScreen; -+ ScreenPtr secondary_screen = dirty->secondary_dst->drawable.pScreen; - -- return !!slave_screen->SyncSharedPixmap; -+ return !!secondary_screen->SyncSharedPixmap; - } - - static void - call_sync_shared_pixmap(PixmapDirtyUpdatePtr dirty) - { -- ScreenPtr master_screen = radeon_dirty_master(dirty); -+ ScreenPtr primary_screen = radeon_dirty_primary(dirty); - -- master_screen->SyncSharedPixmap(dirty); -+ primary_screen->SyncSharedPixmap(dirty); - } - - #else /* !HAS_SYNC_SHARED_PIXMAP */ - - static Bool --master_has_sync_shared_pixmap(ScrnInfoPtr scrn, PixmapDirtyUpdatePtr dirty) -+primary_has_sync_shared_pixmap(ScrnInfoPtr scrn, PixmapDirtyUpdatePtr dirty) - { -- ScrnInfoPtr master_scrn = xf86ScreenToScrn(radeon_dirty_master(dirty)); -+ ScrnInfoPtr primary_scrn = xf86ScreenToScrn(radeon_dirty_primary(dirty)); - -- return master_scrn->driverName == scrn->driverName; -+ return primary_scrn->driverName == scrn->driverName; - } - - static Bool --slave_has_sync_shared_pixmap(ScrnInfoPtr scrn, PixmapDirtyUpdatePtr dirty) -+secondary_has_sync_shared_pixmap(ScrnInfoPtr scrn, PixmapDirtyUpdatePtr dirty) - { -- ScrnInfoPtr slave_scrn = xf86ScreenToScrn(dirty->slave_dst->drawable.pScreen); -+ ScrnInfoPtr secondary_scrn = xf86ScreenToScrn(dirty->secondary_dst->drawable.pScreen); - -- return slave_scrn->driverName == scrn->driverName; -+ return secondary_scrn->driverName == scrn->driverName; - } - - static void -@@ -684,12 +684,12 @@ call_sync_shared_pixmap(PixmapDirtyUpdatePtr dirty) - static xf86CrtcPtr - radeon_prime_dirty_to_crtc(PixmapDirtyUpdatePtr dirty) - { -- ScreenPtr screen = dirty->slave_dst->drawable.pScreen; -+ ScreenPtr screen = dirty->secondary_dst->drawable.pScreen; - ScrnInfoPtr scrn = xf86ScreenToScrn(screen); - xf86CrtcConfigPtr xf86_config = XF86_CRTC_CONFIG_PTR(scrn); - int c; - -- /* Find the CRTC which is scanning out from this slave pixmap */ -+ /* Find the CRTC which is scanning out from this secondary pixmap */ - for (c = 0; c < xf86_config->num_crtc; c++) { - xf86CrtcPtr xf86_crtc = xf86_config->crtc[c]; - drmmode_crtc_private_ptr drmmode_crtc = xf86_crtc->driver_private; -@@ -714,7 +714,7 @@ radeon_prime_scanout_do_update(xf86CrtcPtr crtc, unsigned scanout_id) - if (radeon_dirty_src_equals(dirty, drmmode_crtc->prime_scanout_pixmap)) { - RegionPtr region; - -- if (master_has_sync_shared_pixmap(scrn, dirty)) -+ if (primary_has_sync_shared_pixmap(scrn, dirty)) - call_sync_shared_pixmap(dirty); - - region = dirty_region(dirty); -@@ -727,7 +727,7 @@ radeon_prime_scanout_do_update(xf86CrtcPtr crtc, unsigned scanout_id) - radeon_cs_flush_indirect(scrn); - RegionCopy(&drmmode_crtc->scanout_last_region, region); - RegionTranslate(region, -crtc->x, -crtc->y); -- dirty->slave_dst = drmmode_crtc->scanout[scanout_id].pixmap; -+ dirty->secondary_dst = drmmode_crtc->scanout[scanout_id].pixmap; - } - - redisplay_dirty(dirty, region); -@@ -754,7 +754,7 @@ radeon_prime_scanout_update_handler(xf86CrtcPtr crtc, uint32_t frame, uint64_t u - static void - radeon_prime_scanout_update(PixmapDirtyUpdatePtr dirty) - { -- ScreenPtr screen = dirty->slave_dst->drawable.pScreen; -+ ScreenPtr screen = dirty->secondary_dst->drawable.pScreen; - ScrnInfoPtr scrn = xf86ScreenToScrn(screen); - RADEONEntPtr pRADEONEnt = RADEONEntPriv(scrn); - xf86CrtcPtr xf86_crtc = radeon_prime_dirty_to_crtc(dirty); -@@ -818,7 +818,7 @@ radeon_prime_scanout_update(PixmapDirtyUpdatePtr dirty) - static void - radeon_prime_scanout_flip(PixmapDirtyUpdatePtr ent) - { -- ScreenPtr screen = ent->slave_dst->drawable.pScreen; -+ ScreenPtr screen = ent->secondary_dst->drawable.pScreen; - ScrnInfoPtr scrn = xf86ScreenToScrn(screen); - RADEONEntPtr pRADEONEnt = RADEONEntPriv(scrn); - xf86CrtcPtr crtc = radeon_prime_dirty_to_crtc(ent); -@@ -893,11 +893,11 @@ radeon_dirty_update(ScrnInfoPtr scrn) - if (screen->isGPU) { - PixmapDirtyUpdatePtr region_ent = ent; - -- if (master_has_sync_shared_pixmap(scrn, ent)) { -- ScreenPtr master_screen = radeon_dirty_master(ent); -+ if (primary_has_sync_shared_pixmap(scrn, ent)) { -+ ScreenPtr primary_screen = radeon_dirty_primary(ent); - -- xorg_list_for_each_entry(region_ent, &master_screen->pixmap_dirty_list, ent) { -- if (radeon_dirty_src_equals(ent, region_ent->slave_dst)) -+ xorg_list_for_each_entry(region_ent, &primary_screen->pixmap_dirty_list, ent) { -+ if (radeon_dirty_src_equals(ent, region_ent->secondary_dst)) - break; - } - } -@@ -921,7 +921,7 @@ radeon_dirty_update(ScrnInfoPtr scrn) - - RegionDestroy(region); - } else { -- if (slave_has_sync_shared_pixmap(scrn, ent)) -+ if (secondary_has_sync_shared_pixmap(scrn, ent)) - continue; - - region = dirty_region(ent); -@@ -1216,7 +1216,7 @@ static void RADEONBlockHandler_KMS(BLOCKHANDLER_ARGS_DECL) - (*pScreen->BlockHandler) (BLOCKHANDLER_ARGS); - pScreen->BlockHandler = RADEONBlockHandler_KMS; - -- if (!xf86ScreenToScrn(radeon_master_screen(pScreen))->vtSema) -+ if (!xf86ScreenToScrn(radeon_primary_screen(pScreen))->vtSema) - return; - - if (!pScreen->isGPU) -@@ -2584,7 +2584,7 @@ CARD32 cleanup_black_fb(OsTimerPtr timer, CARD32 now, pointer data) - xf86CrtcConfigPtr xf86_config = XF86_CRTC_CONFIG_PTR(scrn); - int c; - -- if (xf86ScreenToScrn(radeon_master_screen(screen))->vtSema) -+ if (xf86ScreenToScrn(radeon_primary_screen(screen))->vtSema) - return 0; - - /* Unreference the all-black FB created by RADEONLeaveVT_KMS. After --- -2.33.1 - diff --git a/meta-openembedded/meta-oe/recipes-graphics/xorg-driver/xf86-video-ati_19.1.0.bb b/meta-openembedded/meta-oe/recipes-graphics/xorg-driver/xf86-video-ati_19.1.0.bb deleted file mode 100644 index c8ce77ab88..0000000000 --- a/meta-openembedded/meta-oe/recipes-graphics/xorg-driver/xf86-video-ati_19.1.0.bb +++ /dev/null @@ -1,25 +0,0 @@ -require recipes-graphics/xorg-driver/xorg-driver-video.inc - -LIC_FILES_CHKSUM = "file://COPYING;md5=aabff1606551f9461ccf567739af63dc" - -SUMMARY = "X.Org X server -- ATI Radeon video driver" - -DESCRIPTION = "Open-source X.org graphics driver for ATI Radeon graphics" - -DEPENDS += "virtual/libx11 libxvmc drm \ - virtual/libgl xorgproto libpciaccess" - -inherit features_check -REQUIRED_DISTRO_FEATURES += "opengl" - -SRC_URI += "file://0001-Fix-link-failure-with-gcc-10.patch \ - file://0001-ati-cleanup-terminology-to-use-primary-secondary.patch \ - " -SRC_URI[sha256sum] = "659f5a1629eea5f5334d9b39b18e6807a63aa1efa33c1236d9cc53acbb223c49" - -#EXTRA_OECONF += "--disable-glamor" - -RDEPENDS:${PN} += "xserver-xorg-module-exa" -RRECOMMENDS:${PN} += "linux-firmware-radeon" - -FILES:${PN} += "${datadir}/X11" diff --git a/meta-openembedded/meta-oe/recipes-graphics/xorg-driver/xf86-video-ati_git.bb b/meta-openembedded/meta-oe/recipes-graphics/xorg-driver/xf86-video-ati_git.bb new file mode 100644 index 0000000000..9452c3a915 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-graphics/xorg-driver/xf86-video-ati_git.bb @@ -0,0 +1,41 @@ +require recipes-graphics/xorg-driver/xorg-driver-video.inc + +LIC_FILES_CHKSUM = "file://COPYING;md5=aabff1606551f9461ccf567739af63dc" + +SUMMARY = "X.Org X server -- ATI Radeon video driver" + +DESCRIPTION = "Open-source X.org graphics driver for ATI Radeon graphics" + +DEPENDS += "virtual/libx11 libxvmc drm \ + virtual/libgl xorgproto libpciaccess" + +inherit features_check + +REQUIRED_DISTRO_FEATURES += "opengl" + +SRC_URI = "git://git@gitlab.freedesktop.org/xorg/driver/xf86-video-ati.git;branch=master" +SRCREV = "7a6a34af026f0bef8080b91baf97a729380bca01" + +SRC_URI[sha256sum] = "659f5a1629eea5f5334d9b39b18e6807a63aa1efa33c1236d9cc53acbb223c49" + +PV = "19.1.0+git${SRCPV}" + +S = "${WORKDIR}/git" + +PACKAGECONFIG ??= "udev" +PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev" +PACKAGECONFIG[glamor] = "--enable-glamor,--disable-glamor" + +RDEPENDS:${PN}:append = "\ + ${@bb.utils.contains('PACKAGECONFIG', 'glamor', 'libegl', '', d)} \ + mesa-megadriver \ + xserver-xorg-extension-glx \ + xserver-xorg-module-exa \ +" + +RRECOMMENDS:${PN} += "linux-firmware-radeon" + +PACKAGES =+ "${PN}-config" + +FILES:${PN}-config = "${datadir}/X11/xorg.conf.d" +FILES:${PN} += "${datadir}/X11" diff --git a/meta-openembedded/meta-oe/recipes-kernel/bpftool/bpftool.bb b/meta-openembedded/meta-oe/recipes-kernel/bpftool/bpftool.bb index 01046c063f..67a821c07c 100644 --- a/meta-openembedded/meta-oe/recipes-kernel/bpftool/bpftool.bb +++ b/meta-openembedded/meta-oe/recipes-kernel/bpftool/bpftool.bb @@ -24,7 +24,7 @@ SECURITY_CFLAGS = "" do_configure[depends] += "virtual/kernel:do_shared_workdir" -COMPATIBLE_HOST = "(x86_64).*-linux" +COMPATIBLE_HOST = "(x86_64|aarch64).*-linux" COMPATIBLE_HOST:libc-musl = 'null' do_compile() { diff --git a/meta-openembedded/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb b/meta-openembedded/meta-oe/recipes-multimedia/faad2/faad2_2.10.0.bb index 56d5e1201e..1b42360739 100644 --- a/meta-openembedded/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb +++ b/meta-openembedded/meta-oe/recipes-multimedia/faad2/faad2_2.10.0.bb @@ -7,8 +7,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=381c8cbe277a7bc1ee2ae6083a04c958" LICENSE_FLAGS = "commercial" -SRC_URI = "${SOURCEFORGE_MIRROR}/faac/faad2-src/faad2-2.8.0/${BP}.tar.gz" -SRC_URI[md5sum] = "28f6116efdbe9378269f8a6221767d1f" -SRC_URI[sha256sum] = "985c3fadb9789d2815e50f4ff714511c79c2710ac27a4aaaf5c0c2662141426d" +PV .= "+git${SRCPV}" + +SRC_URI = "git://github.com/knik0/faad2.git;branch=master;protocol=https" +SRCREV = "df42c6fc018552519d140e3d8ffe7046ed48b0cf" + +S = "${WORKDIR}/git" inherit autotools lib_package diff --git a/meta-openembedded/meta-oe/recipes-multimedia/v4l2apps/v4l-utils/0007-Do-not-use-getsubopt.patch b/meta-openembedded/meta-oe/recipes-multimedia/v4l2apps/v4l-utils/0004-Do-not-use-getsubopt.patch index d8d1b8d184..fb844acbe4 100644 --- a/meta-openembedded/meta-oe/recipes-multimedia/v4l2apps/v4l-utils/0007-Do-not-use-getsubopt.patch +++ b/meta-openembedded/meta-oe/recipes-multimedia/v4l2apps/v4l-utils/0004-Do-not-use-getsubopt.patch @@ -1,4 +1,4 @@ -From e4582c11f76b9390a3e172dcf0741dca90a9dc8d Mon Sep 17 00:00:00 2001 +From 6e7e52de7afe29597016952a7317faf9c3ea3268 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Sat, 30 Nov 2019 18:50:34 -0800 Subject: [PATCH] Do not use getsubopt @@ -11,24 +11,32 @@ Simply avoid getsubopt, since we cannot rely on it. Imported from Alpine Linux Upstream-Status: Pending + Signed-off-by: Khem Raj <raj.khem@gmail.com> +Adapt patch to 1.23.0. + +(v4l-utils rev fd544473800d02e90bc289434cc44e5aa8fadd0f). + +%% original patch: 0007-Do-not-use-getsubopt.patch + +Signed-off-by: Daniel Gomez <daniel@qtec.com> --- utils/v4l2-ctl/v4l2-ctl-common.cpp | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/utils/v4l2-ctl/v4l2-ctl-common.cpp b/utils/v4l2-ctl/v4l2-ctl-common.cpp -index c940171..49c0f39 100644 +index d77f7104..838c297d 100644 --- a/utils/v4l2-ctl/v4l2-ctl-common.cpp +++ b/utils/v4l2-ctl/v4l2-ctl-common.cpp -@@ -956,15 +956,17 @@ static bool parse_subset(char *optarg) +@@ -994,15 +994,17 @@ static bool parse_subset(char *optarg) static bool parse_next_subopt(char **subs, char **value) { - static char *const subopts[] = { - nullptr - }; -- int opt = getsubopt(subs, subopts, value); +- int opt = v4l_getsubopt(subs, subopts, value); + char *p = *subs; + *value = *subs; @@ -47,3 +55,6 @@ index c940171..49c0f39 100644 } void common_cmd(const std::string &media_bus_info, int ch, char *optarg) +-- +2.35.1 + diff --git a/meta-openembedded/meta-oe/recipes-multimedia/v4l2apps/v4l-utils_1.22.1.bb b/meta-openembedded/meta-oe/recipes-multimedia/v4l2apps/v4l-utils_1.23.0.bb index 741e1030cf..2f5ae3586a 100644 --- a/meta-openembedded/meta-oe/recipes-multimedia/v4l2apps/v4l-utils_1.22.1.bb +++ b/meta-openembedded/meta-oe/recipes-multimedia/v4l2apps/v4l-utils_1.23.0.bb @@ -6,7 +6,10 @@ PROVIDES = "libv4l media-ctl" DEPENDS = "jpeg \ ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'virtual/libx11', '', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'alsa', 'alsa-lib', '', d)} \ + ${@bb.utils.contains_any('PACKAGECONFIG', 'qv4l2 qvidcap', 'qtbase qtbase-native', '', d)}" + DEPENDS:append:libc-musl = " argp-standalone" DEPENDS:append:class-target = " udev" LDFLAGS:append = " -pthread" @@ -15,30 +18,56 @@ inherit autotools gettext pkgconfig PACKAGECONFIG ??= "media-ctl" PACKAGECONFIG[media-ctl] = "--enable-v4l-utils,--disable-v4l-utils,," +PACKAGECONFIG[qv4l2] = ",--disable-qv4l2" +PACKAGECONFIG[qvidcap] = ",--disable-qvidcap" + +SRC_URI = "\ + git://git.linuxtv.org/v4l-utils.git;protocol=https;branch=master \ + file://0001-Revert-media-ctl-Don-t-install-libmediactl-and-libv4.patch \ + file://0002-original-patch-mediactl-pkgconfig.patch \ + file://0003-original-patch-export-mediactl-headers.patch \ + file://0004-Do-not-use-getsubopt.patch \ +" + +SRCREV = "fd544473800d02e90bc289434cc44e5aa8fadd0f" + +S = "${WORKDIR}/git" +B = "${S}" -SRC_URI = "http://linuxtv.org/downloads/v4l-utils/v4l-utils-${PV}.tar.bz2 \ - file://0001-Revert-media-ctl-Don-t-install-libmediactl-and-libv4.patch \ - file://0002-original-patch-mediactl-pkgconfig.patch \ - file://0003-original-patch-export-mediactl-headers.patch \ - file://0007-Do-not-use-getsubopt.patch \ - " +do_configure:prepend() { + ${S}/bootstrap.sh +} SRC_URI[md5sum] = "8aa73287320a49e9170a8255d7b2c7e6" SRC_URI[sha256sum] = "65c6fbe830a44ca105c443b027182c1b2c9053a91d1e72ad849dfab388b94e31" -EXTRA_OECONF = "--disable-qv4l2 --enable-shared --with-udevdir=${base_libdir}/udev \ +EXTRA_OECONF = "--enable-shared --with-udevdir=${base_libdir}/udev \ --disable-v4l2-compliance-32 --disable-v4l2-ctl-32" VIRTUAL-RUNTIME_ir-keytable-keymaps ?= "rc-keymaps" -PACKAGES =+ "media-ctl ir-keytable rc-keymaps libv4l libv4l-dev" +PACKAGES =+ "media-ctl ir-keytable rc-keymaps libv4l libv4l-dev qv4l2 qvidcap" RPROVIDES:${PN}-dbg += "libv4l-dbg" FILES:media-ctl = "${bindir}/media-ctl ${libdir}/libmediactl.so.*" +FILES:qv4l2 = "\ + ${bindir}/qv4l2 \ + ${datadir}/applications/qv4l2.desktop \ + ${datadir}/icons/hicolor/*/apps/qv4l2.* \ +" +FILES:qvidcap = "\ + ${bindir}/qvidcap \ + ${datadir}/applications/qvidcap.desktop \ + ${datadir}/icons/hicolor/*/apps/qvidcap.* \ +" FILES:ir-keytable = "${bindir}/ir-keytable ${base_libdir}/udev/rules.d/*-infrared.rules" RDEPENDS:ir-keytable += "${VIRTUAL-RUNTIME_ir-keytable-keymaps}" +RDEPENDS:qv4l2 += "\ + ${@bb.utils.contains('PACKAGECONFIG', 'qv4l2', 'qtbase', '', d)}" +RDEPENDS:qvidcap += "\ + ${@bb.utils.contains('PACKAGECONFIG', 'qvidcap', 'qtbase', '', d)}" FILES:rc-keymaps = "${sysconfdir}/rc* ${base_libdir}/udev/rc*" diff --git a/meta-openembedded/meta-oe/recipes-support/fmt/fmt_8.1.1.bb b/meta-openembedded/meta-oe/recipes-support/fmt/fmt_9.1.0.bb index c53dd38901..34896153c2 100644 --- a/meta-openembedded/meta-oe/recipes-support/fmt/fmt_8.1.1.bb +++ b/meta-openembedded/meta-oe/recipes-support/fmt/fmt_9.1.0.bb @@ -5,7 +5,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=af88d758f75f3c5c48a967501f24384b" SRC_URI = "git://github.com/fmtlib/fmt;branch=master;protocol=https" -SRCREV = "b6f4ceaed0a0a24ccf575fab6c56dd50ccf6f1a9" +SRCREV = "a33701196adfad74917046096bf5a2aa0ab0bb50" S = "${WORKDIR}/git" diff --git a/meta-openembedded/meta-oe/recipes-support/libftdi/libftdi_1.5.bb b/meta-openembedded/meta-oe/recipes-support/libftdi/libftdi_1.5.bb index b03a0c7f4a..bc5897413f 100644 --- a/meta-openembedded/meta-oe/recipes-support/libftdi/libftdi_1.5.bb +++ b/meta-openembedded/meta-oe/recipes-support/libftdi/libftdi_1.5.bb @@ -20,14 +20,16 @@ inherit cmake binconfig pkgconfig python3native PACKAGECONFIG ??= "" PACKAGECONFIG[cpp-wrapper] = "-DFTDI_BUILD_CPP=on -DFTDIPP=on,-DFTDI_BUILD_CPP=off -DFTDIPP=off,boost" +PACKAGECONFIG[ftdi-eeprom] = "-DFTDI_EEPROM=on,-DFTDI_EEPROM=off,libconfuse" -EXTRA_OECMAKE = "-DSTATICLIBS=off -DEXAMPLES=off -DFTDI_EEPROM=off \ +EXTRA_OECMAKE = "-DSTATICLIBS=off -DEXAMPLES=off \ -DLIB_SUFFIX=${@d.getVar('baselib').replace('lib', '')} \ -DPYTHON_LIBRARY=${STAGING_LIBDIR}/lib${PYTHON_DIR}${PYTHON_ABI}.so \ -DPYTHON_INCLUDE_DIR=${STAGING_INCDIR}/${PYTHON_DIR}${PYTHON_ABI}" BBCLASSEXTEND = "native nativesdk" -PACKAGES += "${PN}-python" +PACKAGES =+ "${PN}-python ftdi-eeprom" +FILES:ftdi-eeprom = "${bindir}/ftdi_eeprom" FILES:${PN}-python = "${libdir}/${PYTHON_DIR}/site-packages/" diff --git a/meta-openembedded/meta-oe/recipes-support/onig/onig/0001-build-don-t-link-against-host-system-libraries.patch b/meta-openembedded/meta-oe/recipes-support/onig/onig/0001-build-don-t-link-against-host-system-libraries.patch index 891592650d..1db9684abd 100644 --- a/meta-openembedded/meta-oe/recipes-support/onig/onig/0001-build-don-t-link-against-host-system-libraries.patch +++ b/meta-openembedded/meta-oe/recipes-support/onig/onig/0001-build-don-t-link-against-host-system-libraries.patch @@ -1,7 +1,7 @@ -From 78103ecd18efcd0966531d8718f6e94dcb7a5abf Mon Sep 17 00:00:00 2001 +From 543990bc34a0e5d4f66a9167efb1f3b8de6a3635 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <git@andred.net> Date: Mon, 6 Jan 2020 16:56:31 +0000 -Subject: [PATCH] build: don't link against (host) system libraries +Subject: [PATCH 1/2] build: don't link against (host) system libraries MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -14,29 +14,29 @@ Signed-off-by: André Draszik <git@andred.net> 2 files changed, 2 deletions(-) diff --git a/sample/Makefile.am b/sample/Makefile.am -index 22a4989..e935bf0 100644 +index 681cd2a933de..c4f796d36da0 100644 --- a/sample/Makefile.am +++ b/sample/Makefile.am -@@ -3,7 +3,6 @@ - lib_onig = ../src/libonig.la +@@ -4,7 +4,6 @@ lib_onig = ../src/libonig.la LDADD = $(lib_onig) --AM_LDFLAGS = -L$(prefix)/lib + AM_CFLAGS = -Wall +-AM_LDFLAGS = -L$(libdir) AM_CPPFLAGS = -I$(top_srcdir)/src if ENABLE_POSIX_API diff --git a/test/Makefile.am b/test/Makefile.am -index 4d62568..b7a2105 100644 +index 94739a24ab22..a23ef1e2e139 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -1,7 +1,6 @@ ## Makefile.am for Oniguruma lib_onig = ../src/libonig.la --AM_LDFLAGS = -L$(prefix)/lib +-AM_LDFLAGS = -L$(libdir) AM_CFLAGS = -Wall -Wno-invalid-source-encoding AM_CPPFLAGS = -I$(top_srcdir)/src -- -2.23.0.rc1 +2.35.1 diff --git a/meta-openembedded/meta-oe/recipes-support/onig/onig/0001-build-enable-serial-tests-automake-option-for-ptest.patch b/meta-openembedded/meta-oe/recipes-support/onig/onig/0002-build-enable-serial-tests-automake-option-for-ptest.patch index 587e5ac1b8..a7a28536fb 100644 --- a/meta-openembedded/meta-oe/recipes-support/onig/onig/0001-build-enable-serial-tests-automake-option-for-ptest.patch +++ b/meta-openembedded/meta-oe/recipes-support/onig/onig/0002-build-enable-serial-tests-automake-option-for-ptest.patch @@ -1,7 +1,7 @@ -From 8bf8189ec4a0d7ee569f66feb0e590e9602c31b6 Mon Sep 17 00:00:00 2001 +From 1ab999aa5a7a21329bab13e05f843e5e029493e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <git@andred.net> Date: Mon, 6 Jan 2020 15:10:30 +0000 -Subject: [PATCH] build: enable serial-tests automake option (for ptest) +Subject: [PATCH 2/2] build: enable serial-tests automake option (for ptest) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -19,10 +19,10 @@ Signed-off-by: André Draszik <git@andred.net> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index ac51e85..48e63ce 100644 +index 079fef9a1a52..058b5504b9b7 100644 --- a/configure.ac +++ b/configure.ac -@@ -3,7 +3,7 @@ AC_INIT(onig, 6.9.4) +@@ -3,7 +3,7 @@ AC_INIT(onig, 6.9.8) AC_CONFIG_MACRO_DIR([m4]) @@ -32,5 +32,5 @@ index ac51e85..48e63ce 100644 -- -2.23.0.rc1 +2.35.1 diff --git a/meta-openembedded/meta-oe/recipes-support/onig/onig_6.9.4.bb b/meta-openembedded/meta-oe/recipes-support/onig/onig_6.9.8.bb index 701f65c299..2144592286 100644 --- a/meta-openembedded/meta-oe/recipes-support/onig/onig_6.9.4.bb +++ b/meta-openembedded/meta-oe/recipes-support/onig/onig_6.9.8.bb @@ -5,17 +5,16 @@ implementations that traditionally exist in different languages. \ Character encoding can be specified per regular expression object." HOMEPAGE = "https://github.com/kkos/oniguruma" LICENSE = "BSD-2-Clause" -LIC_FILES_CHKSUM = "file://COPYING;md5=1ee043784bdce7503e619b2d1a85798b" +LIC_FILES_CHKSUM = "file://COPYING;md5=e6365c225bb5cc4321d0913f0baffa04" SRC_URI = "\ https://github.com/kkos/oniguruma/releases/download/v${PV}/${BP}.tar.gz \ file://0001-build-don-t-link-against-host-system-libraries.patch \ - file://0001-build-enable-serial-tests-automake-option-for-ptest.patch \ + file://0002-build-enable-serial-tests-automake-option-for-ptest.patch \ file://run-ptest \ " -SRC_URI[md5sum] = "a12d2fe997b789bd87cf63799c091879" -SRC_URI[sha256sum] = "4669d22ff7e0992a7e93e116161cac9c0949cd8960d1c562982026726f0e6d53" +SRC_URI[sha256sum] = "28cd62c1464623c7910565fb1ccaaa0104b2fe8b12bcd646e81f73b47535213e" BINCONFIG = "${bindir}/onig-config" @@ -24,12 +23,12 @@ inherit autotools binconfig-disabled ptest BBCLASSEXTEND = "native" do_compile_ptest() { - oe_runmake -C test buildtest-TESTS + oe_runmake -C test buildtest-TESTS } do_install_ptest() { - mkdir -p ${D}${PTEST_PATH}/tests - install -m 0755 -t ${D}${PTEST_PATH}/tests/ ${B}/test/.libs/* + mkdir -p ${D}${PTEST_PATH}/tests + install -m 0755 -t ${D}${PTEST_PATH}/tests/ ${B}/test/.libs/* } PROVIDES += "oniguruma" diff --git a/meta-openembedded/meta-oe/recipes-support/tio/tio_2.0.bb b/meta-openembedded/meta-oe/recipes-support/tio/tio_2.0.bb new file mode 100644 index 0000000000..3cc510081c --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-support/tio/tio_2.0.bb @@ -0,0 +1,19 @@ +SUMMARY = "tio - a simple serial device I/O tool" +DESCRIPTION = "tio is a simple serial device tool which features a \ + straightforward command-line and configuration file interface to easily \ + connect to serial TTY devices for basic I/O operations." + +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://LICENSE;md5=0e1a95b7892d3015ecd6d0016f601f2c" + +SRC_URI = "git://github.com/tio/tio;protocol=https;nobranch=1" +SRCREV = "6618642acf28fec6d3e70ed75b50d4ce138ea08a" + +S = "${WORKDIR}/git" + +inherit meson pkgconfig + +DEPENDS += " libinih" +RDEPENDS:${PN} += " libinih" + +FILES:${PN} += " /usr/share/bash-completion/completions/tio " diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-gevent_21.12.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-gevent_21.12.0.bb index 9efeec4d9f..5cbb3268b0 100644 --- a/meta-openembedded/meta-python/recipes-devtools/python/python3-gevent_21.12.0.bb +++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-gevent_21.12.0.bb @@ -4,7 +4,7 @@ a high-level synchronous API on top of the libevent event loop." HOMEPAGE = "http://www.gevent.org" LICENSE = "MIT & Python-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=4de99aac27b470c29c6c309e0c279b65" -DEPENDS += "${PYTHON_PN}-greenlet libev c-ares" +DEPENDS += "${PYTHON_PN}-greenlet libev libuv c-ares" RDEPENDS:${PN} = "${PYTHON_PN}-greenlet \ ${PYTHON_PN}-mime \ @@ -15,8 +15,10 @@ SRC_URI[sha256sum] = "f48b64578c367b91fa793bf8eaaaf4995cb93c8bc45860e473bf868070 inherit pypi setuptools3 -# Don't embed libraries, link to the system instead -export GEVENTSETUP_EMBED = "0" +# Don't embed libraries, link to the system provided libs instead +export GEVENTSETUP_EMBED_CARES = "0" +export GEVENTSETUP_EMBED_LIBEV = "0" +export GEVENTSETUP_EMBED_LIBUV = "0" # Delete the embedded copies of libraries so we can't accidentally link to them do_configure:append() { |