1 /*
2 * Copyright (c) 2020-2021, ARM Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8 #include <errno.h>
9 #include <inttypes.h>
10 #include <stdint.h>
11 #include <string.h>
12
13 #include <arch_helpers.h>
14 #include <arch/aarch64/arch_features.h>
15 #include <bl31/bl31.h>
16 #include <bl31/interrupt_mgmt.h>
17 #include <common/debug.h>
18 #include <common/runtime_svc.h>
19 #include <lib/el3_runtime/context_mgmt.h>
20 #include <lib/smccc.h>
21 #include <lib/spinlock.h>
22 #include <lib/utils.h>
23 #include <plat/common/common_def.h>
24 #include <plat/common/platform.h>
25 #include <platform_def.h>
26 #include <services/ffa_svc.h>
27 #include <services/spmd_svc.h>
28 #include <smccc_helpers.h>
29 #include "spmd_private.h"
30
31 /*******************************************************************************
32 * SPM Core context information.
33 ******************************************************************************/
34 static spmd_spm_core_context_t spm_core_context[PLATFORM_CORE_COUNT];
35
36 /*******************************************************************************
37 * SPM Core attribute information read from its manifest.
38 ******************************************************************************/
39 static spmc_manifest_attribute_t spmc_attrs;
40
41 /*******************************************************************************
42 * SPM Core entry point information. Discovered on the primary core and reused
43 * on secondary cores.
44 ******************************************************************************/
45 static entry_point_info_t *spmc_ep_info;
46
47 /*******************************************************************************
48 * SPM Core context on CPU based on mpidr.
49 ******************************************************************************/
spmd_get_context_by_mpidr(uint64_t mpidr)50 spmd_spm_core_context_t *spmd_get_context_by_mpidr(uint64_t mpidr)
51 {
52 int core_idx = plat_core_pos_by_mpidr(mpidr);
53
54 if (core_idx < 0) {
55 ERROR("Invalid mpidr: %" PRIx64 ", returned ID: %d\n", mpidr, core_idx);
56 panic();
57 }
58
59 return &spm_core_context[core_idx];
60 }
61
62 /*******************************************************************************
63 * SPM Core context on current CPU get helper.
64 ******************************************************************************/
spmd_get_context(void)65 spmd_spm_core_context_t *spmd_get_context(void)
66 {
67 return spmd_get_context_by_mpidr(read_mpidr());
68 }
69
70 /*******************************************************************************
71 * SPM Core ID getter.
72 ******************************************************************************/
spmd_spmc_id_get(void)73 uint16_t spmd_spmc_id_get(void)
74 {
75 return spmc_attrs.spmc_id;
76 }
77
78 /*******************************************************************************
79 * Static function declaration.
80 ******************************************************************************/
81 static int32_t spmd_init(void);
82 static int spmd_spmc_init(void *pm_addr);
83 static uint64_t spmd_ffa_error_return(void *handle,
84 int error_code);
85 static uint64_t spmd_smc_forward(uint32_t smc_fid,
86 bool secure_origin,
87 uint64_t x1,
88 uint64_t x2,
89 uint64_t x3,
90 uint64_t x4,
91 void *handle);
92
93 /*******************************************************************************
94 * This function takes an SPMC context pointer and performs a synchronous
95 * SPMC entry.
96 ******************************************************************************/
spmd_spm_core_sync_entry(spmd_spm_core_context_t * spmc_ctx)97 uint64_t spmd_spm_core_sync_entry(spmd_spm_core_context_t *spmc_ctx)
98 {
99 uint64_t rc;
100
101 assert(spmc_ctx != NULL);
102
103 cm_set_context(&(spmc_ctx->cpu_ctx), SECURE);
104
105 /* Restore the context assigned above */
106 #if SPMD_SPM_AT_SEL2
107 cm_el2_sysregs_context_restore(SECURE);
108 #else
109 cm_el1_sysregs_context_restore(SECURE);
110 #endif
111 cm_set_next_eret_context(SECURE);
112
113 /* Enter SPMC */
114 rc = spmd_spm_core_enter(&spmc_ctx->c_rt_ctx);
115
116 /* Save secure state */
117 #if SPMD_SPM_AT_SEL2
118 cm_el2_sysregs_context_save(SECURE);
119 #else
120 cm_el1_sysregs_context_save(SECURE);
121 #endif
122
123 return rc;
124 }
125
126 /*******************************************************************************
127 * This function returns to the place where spmd_spm_core_sync_entry() was
128 * called originally.
129 ******************************************************************************/
spmd_spm_core_sync_exit(uint64_t rc)130 __dead2 void spmd_spm_core_sync_exit(uint64_t rc)
131 {
132 spmd_spm_core_context_t *ctx = spmd_get_context();
133
134 /* Get current CPU context from SPMC context */
135 assert(cm_get_context(SECURE) == &(ctx->cpu_ctx));
136
137 /*
138 * The SPMD must have initiated the original request through a
139 * synchronous entry into SPMC. Jump back to the original C runtime
140 * context with the value of rc in x0;
141 */
142 spmd_spm_core_exit(ctx->c_rt_ctx, rc);
143
144 panic();
145 }
146
147 /*******************************************************************************
148 * Jump to the SPM Core for the first time.
149 ******************************************************************************/
spmd_init(void)150 static int32_t spmd_init(void)
151 {
152 spmd_spm_core_context_t *ctx = spmd_get_context();
153 uint64_t rc;
154
155 VERBOSE("SPM Core init start.\n");
156
157 /* Primary boot core enters the SPMC for initialization. */
158 ctx->state = SPMC_STATE_ON_PENDING;
159
160 rc = spmd_spm_core_sync_entry(ctx);
161 if (rc != 0ULL) {
162 ERROR("SPMC initialisation failed 0x%" PRIx64 "\n", rc);
163 return 0;
164 }
165
166 ctx->state = SPMC_STATE_ON;
167
168 VERBOSE("SPM Core init end.\n");
169
170 return 1;
171 }
172
173 /*******************************************************************************
174 * spmd_secure_interrupt_handler
175 * Enter the SPMC for further handling of the secure interrupt by the SPMC
176 * itself or a Secure Partition.
177 ******************************************************************************/
spmd_secure_interrupt_handler(uint32_t id,uint32_t flags,void * handle,void * cookie)178 static uint64_t spmd_secure_interrupt_handler(uint32_t id,
179 uint32_t flags,
180 void *handle,
181 void *cookie)
182 {
183 spmd_spm_core_context_t *ctx = spmd_get_context();
184 gp_regs_t *gpregs = get_gpregs_ctx(&ctx->cpu_ctx);
185 unsigned int linear_id = plat_my_core_pos();
186 int64_t rc;
187
188 /* Sanity check the security state when the exception was generated */
189 assert(get_interrupt_src_ss(flags) == NON_SECURE);
190
191 /* Sanity check the pointer to this cpu's context */
192 assert(handle == cm_get_context(NON_SECURE));
193
194 /* Save the non-secure context before entering SPMC */
195 cm_el1_sysregs_context_save(NON_SECURE);
196 #if SPMD_SPM_AT_SEL2
197 cm_el2_sysregs_context_save(NON_SECURE);
198 #endif
199
200 /* Convey the event to the SPMC through the FFA_INTERRUPT interface. */
201 write_ctx_reg(gpregs, CTX_GPREG_X0, FFA_INTERRUPT);
202 write_ctx_reg(gpregs, CTX_GPREG_X1, 0);
203 write_ctx_reg(gpregs, CTX_GPREG_X2, 0);
204 write_ctx_reg(gpregs, CTX_GPREG_X3, 0);
205 write_ctx_reg(gpregs, CTX_GPREG_X4, 0);
206 write_ctx_reg(gpregs, CTX_GPREG_X5, 0);
207 write_ctx_reg(gpregs, CTX_GPREG_X6, 0);
208 write_ctx_reg(gpregs, CTX_GPREG_X7, 0);
209
210 /* Mark current core as handling a secure interrupt. */
211 ctx->secure_interrupt_ongoing = true;
212
213 rc = spmd_spm_core_sync_entry(ctx);
214 if (rc != 0ULL) {
215 ERROR("%s failed (%" PRId64 ") on CPU%u\n", __func__, rc, linear_id);
216 }
217
218 ctx->secure_interrupt_ongoing = false;
219
220 cm_el1_sysregs_context_restore(NON_SECURE);
221 #if SPMD_SPM_AT_SEL2
222 cm_el2_sysregs_context_restore(NON_SECURE);
223 #endif
224 cm_set_next_eret_context(NON_SECURE);
225
226 SMC_RET0(&ctx->cpu_ctx);
227 }
228
229 /*******************************************************************************
230 * Loads SPMC manifest and inits SPMC.
231 ******************************************************************************/
spmd_spmc_init(void * pm_addr)232 static int spmd_spmc_init(void *pm_addr)
233 {
234 cpu_context_t *cpu_ctx;
235 unsigned int core_id;
236 uint32_t ep_attr, flags;
237 int rc;
238
239 /* Load the SPM Core manifest */
240 rc = plat_spm_core_manifest_load(&spmc_attrs, pm_addr);
241 if (rc != 0) {
242 WARN("No or invalid SPM Core manifest image provided by BL2\n");
243 return rc;
244 }
245
246 /*
247 * Ensure that the SPM Core version is compatible with the SPM
248 * Dispatcher version.
249 */
250 if ((spmc_attrs.major_version != FFA_VERSION_MAJOR) ||
251 (spmc_attrs.minor_version > FFA_VERSION_MINOR)) {
252 WARN("Unsupported FFA version (%u.%u)\n",
253 spmc_attrs.major_version, spmc_attrs.minor_version);
254 return -EINVAL;
255 }
256
257 VERBOSE("FFA version (%u.%u)\n", spmc_attrs.major_version,
258 spmc_attrs.minor_version);
259
260 VERBOSE("SPM Core run time EL%x.\n",
261 SPMD_SPM_AT_SEL2 ? MODE_EL2 : MODE_EL1);
262
263 /* Validate the SPMC ID, Ensure high bit is set */
264 if (((spmc_attrs.spmc_id >> SPMC_SECURE_ID_SHIFT) &
265 SPMC_SECURE_ID_MASK) == 0U) {
266 WARN("Invalid ID (0x%x) for SPMC.\n", spmc_attrs.spmc_id);
267 return -EINVAL;
268 }
269
270 /* Validate the SPM Core execution state */
271 if ((spmc_attrs.exec_state != MODE_RW_64) &&
272 (spmc_attrs.exec_state != MODE_RW_32)) {
273 WARN("Unsupported %s%x.\n", "SPM Core execution state 0x",
274 spmc_attrs.exec_state);
275 return -EINVAL;
276 }
277
278 VERBOSE("%s%x.\n", "SPM Core execution state 0x",
279 spmc_attrs.exec_state);
280
281 #if SPMD_SPM_AT_SEL2
282 /* Ensure manifest has not requested AArch32 state in S-EL2 */
283 if (spmc_attrs.exec_state == MODE_RW_32) {
284 WARN("AArch32 state at S-EL2 is not supported.\n");
285 return -EINVAL;
286 }
287
288 /*
289 * Check if S-EL2 is supported on this system if S-EL2
290 * is required for SPM
291 */
292 if (!is_armv8_4_sel2_present()) {
293 WARN("SPM Core run time S-EL2 is not supported.\n");
294 return -EINVAL;
295 }
296 #endif /* SPMD_SPM_AT_SEL2 */
297
298 /* Initialise an entrypoint to set up the CPU context */
299 ep_attr = SECURE | EP_ST_ENABLE;
300 if ((read_sctlr_el3() & SCTLR_EE_BIT) != 0ULL) {
301 ep_attr |= EP_EE_BIG;
302 }
303
304 SET_PARAM_HEAD(spmc_ep_info, PARAM_EP, VERSION_1, ep_attr);
305
306 /*
307 * Populate SPSR for SPM Core based upon validated parameters from the
308 * manifest.
309 */
310 if (spmc_attrs.exec_state == MODE_RW_32) {
311 spmc_ep_info->spsr = SPSR_MODE32(MODE32_svc, SPSR_T_ARM,
312 SPSR_E_LITTLE,
313 DAIF_FIQ_BIT |
314 DAIF_IRQ_BIT |
315 DAIF_ABT_BIT);
316 } else {
317
318 #if SPMD_SPM_AT_SEL2
319 static const uint32_t runtime_el = MODE_EL2;
320 #else
321 static const uint32_t runtime_el = MODE_EL1;
322 #endif
323 spmc_ep_info->spsr = SPSR_64(runtime_el,
324 MODE_SP_ELX,
325 DISABLE_ALL_EXCEPTIONS);
326 }
327
328 /* Set an initial SPMC context state for all cores. */
329 for (core_id = 0U; core_id < PLATFORM_CORE_COUNT; core_id++) {
330 spm_core_context[core_id].state = SPMC_STATE_OFF;
331
332 /* Setup an initial cpu context for the SPMC. */
333 cpu_ctx = &spm_core_context[core_id].cpu_ctx;
334 cm_setup_context(cpu_ctx, spmc_ep_info);
335
336 /*
337 * Pass the core linear ID to the SPMC through x4.
338 * (TF-A implementation defined behavior helping
339 * a legacy TOS migration to adopt FF-A).
340 */
341 write_ctx_reg(get_gpregs_ctx(cpu_ctx), CTX_GPREG_X4, core_id);
342 }
343
344 /* Register power management hooks with PSCI */
345 psci_register_spd_pm_hook(&spmd_pm);
346
347 /* Register init function for deferred init. */
348 bl31_register_bl32_init(&spmd_init);
349
350 INFO("SPM Core setup done.\n");
351
352 /*
353 * Register an interrupt handler routing secure interrupts to SPMD
354 * while the NWd is running.
355 */
356 flags = 0;
357 set_interrupt_rm_flag(flags, NON_SECURE);
358 rc = register_interrupt_type_handler(INTR_TYPE_S_EL1,
359 spmd_secure_interrupt_handler,
360 flags);
361 if (rc != 0) {
362 panic();
363 }
364
365 return 0;
366 }
367
368 /*******************************************************************************
369 * Initialize context of SPM Core.
370 ******************************************************************************/
spmd_setup(void)371 int spmd_setup(void)
372 {
373 void *spmc_manifest;
374 int rc;
375
376 spmc_ep_info = bl31_plat_get_next_image_ep_info(SECURE);
377 if (spmc_ep_info == NULL) {
378 WARN("No SPM Core image provided by BL2 boot loader.\n");
379 return -EINVAL;
380 }
381
382 /* Under no circumstances will this parameter be 0 */
383 assert(spmc_ep_info->pc != 0ULL);
384
385 /*
386 * Check if BL32 ep_info has a reference to 'tos_fw_config'. This will
387 * be used as a manifest for the SPM Core at the next lower EL/mode.
388 */
389 spmc_manifest = (void *)spmc_ep_info->args.arg0;
390 if (spmc_manifest == NULL) {
391 ERROR("Invalid or absent SPM Core manifest.\n");
392 return -EINVAL;
393 }
394
395 /* Load manifest, init SPMC */
396 rc = spmd_spmc_init(spmc_manifest);
397 if (rc != 0) {
398 WARN("Booting device without SPM initialization.\n");
399 }
400
401 return rc;
402 }
403
404 /*******************************************************************************
405 * Forward SMC to the other security state
406 ******************************************************************************/
spmd_smc_forward(uint32_t smc_fid,bool secure_origin,uint64_t x1,uint64_t x2,uint64_t x3,uint64_t x4,void * handle)407 static uint64_t spmd_smc_forward(uint32_t smc_fid,
408 bool secure_origin,
409 uint64_t x1,
410 uint64_t x2,
411 uint64_t x3,
412 uint64_t x4,
413 void *handle)
414 {
415 unsigned int secure_state_in = (secure_origin) ? SECURE : NON_SECURE;
416 unsigned int secure_state_out = (!secure_origin) ? SECURE : NON_SECURE;
417
418 /* Save incoming security state */
419 #if SPMD_SPM_AT_SEL2
420 if (secure_state_in == NON_SECURE) {
421 cm_el1_sysregs_context_save(secure_state_in);
422 }
423 cm_el2_sysregs_context_save(secure_state_in);
424 #else
425 cm_el1_sysregs_context_save(secure_state_in);
426 #endif
427
428 /* Restore outgoing security state */
429 #if SPMD_SPM_AT_SEL2
430 if (secure_state_out == NON_SECURE) {
431 cm_el1_sysregs_context_restore(secure_state_out);
432 }
433 cm_el2_sysregs_context_restore(secure_state_out);
434 #else
435 cm_el1_sysregs_context_restore(secure_state_out);
436 #endif
437 cm_set_next_eret_context(secure_state_out);
438
439 SMC_RET8(cm_get_context(secure_state_out), smc_fid, x1, x2, x3, x4,
440 SMC_GET_GP(handle, CTX_GPREG_X5),
441 SMC_GET_GP(handle, CTX_GPREG_X6),
442 SMC_GET_GP(handle, CTX_GPREG_X7));
443 }
444
445 /*******************************************************************************
446 * Return FFA_ERROR with specified error code
447 ******************************************************************************/
spmd_ffa_error_return(void * handle,int error_code)448 static uint64_t spmd_ffa_error_return(void *handle, int error_code)
449 {
450 SMC_RET8(handle, (uint32_t) FFA_ERROR,
451 FFA_TARGET_INFO_MBZ, (uint32_t)error_code,
452 FFA_PARAM_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ,
453 FFA_PARAM_MBZ, FFA_PARAM_MBZ);
454 }
455
456 /*******************************************************************************
457 * spmd_check_address_in_binary_image
458 ******************************************************************************/
spmd_check_address_in_binary_image(uint64_t address)459 bool spmd_check_address_in_binary_image(uint64_t address)
460 {
461 assert(!check_uptr_overflow(spmc_attrs.load_address, spmc_attrs.binary_size));
462
463 return ((address >= spmc_attrs.load_address) &&
464 (address < (spmc_attrs.load_address + spmc_attrs.binary_size)));
465 }
466
467 /******************************************************************************
468 * spmd_is_spmc_message
469 *****************************************************************************/
spmd_is_spmc_message(unsigned int ep)470 static bool spmd_is_spmc_message(unsigned int ep)
471 {
472 return ((ffa_endpoint_destination(ep) == SPMD_DIRECT_MSG_ENDPOINT_ID)
473 && (ffa_endpoint_source(ep) == spmc_attrs.spmc_id));
474 }
475
476 /******************************************************************************
477 * spmd_handle_spmc_message
478 *****************************************************************************/
spmd_handle_spmc_message(unsigned long long msg,unsigned long long parm1,unsigned long long parm2,unsigned long long parm3,unsigned long long parm4)479 static int spmd_handle_spmc_message(unsigned long long msg,
480 unsigned long long parm1, unsigned long long parm2,
481 unsigned long long parm3, unsigned long long parm4)
482 {
483 VERBOSE("%s %llx %llx %llx %llx %llx\n", __func__,
484 msg, parm1, parm2, parm3, parm4);
485
486 return -EINVAL;
487 }
488
489 /*******************************************************************************
490 * This function handles all SMCs in the range reserved for FFA. Each call is
491 * either forwarded to the other security state or handled by the SPM dispatcher
492 ******************************************************************************/
spmd_smc_handler(uint32_t smc_fid,uint64_t x1,uint64_t x2,uint64_t x3,uint64_t x4,void * cookie,void * handle,uint64_t flags)493 uint64_t spmd_smc_handler(uint32_t smc_fid,
494 uint64_t x1,
495 uint64_t x2,
496 uint64_t x3,
497 uint64_t x4,
498 void *cookie,
499 void *handle,
500 uint64_t flags)
501 {
502 unsigned int linear_id = plat_my_core_pos();
503 spmd_spm_core_context_t *ctx = spmd_get_context();
504 bool secure_origin;
505 int32_t ret;
506 uint32_t input_version;
507
508 /* Determine which security state this SMC originated from */
509 secure_origin = is_caller_secure(flags);
510
511 VERBOSE("SPM(%u): 0x%x 0x%" PRIx64 " 0x%" PRIx64 " 0x%" PRIx64 " 0x%" PRIx64
512 " 0x%" PRIx64 " 0x%" PRIx64 " 0x%" PRIx64 "\n",
513 linear_id, smc_fid, x1, x2, x3, x4,
514 SMC_GET_GP(handle, CTX_GPREG_X5),
515 SMC_GET_GP(handle, CTX_GPREG_X6),
516 SMC_GET_GP(handle, CTX_GPREG_X7));
517
518 switch (smc_fid) {
519 case FFA_ERROR:
520 /*
521 * Check if this is the first invocation of this interface on
522 * this CPU. If so, then indicate that the SPM Core initialised
523 * unsuccessfully.
524 */
525 if (secure_origin && (ctx->state == SPMC_STATE_ON_PENDING)) {
526 spmd_spm_core_sync_exit(x2);
527 }
528
529 return spmd_smc_forward(smc_fid, secure_origin,
530 x1, x2, x3, x4, handle);
531 break; /* not reached */
532
533 case FFA_VERSION:
534 input_version = (uint32_t)(0xFFFFFFFF & x1);
535 /*
536 * If caller is secure and SPMC was initialized,
537 * return FFA_VERSION of SPMD.
538 * If caller is non secure and SPMC was initialized,
539 * return SPMC's version.
540 * Sanity check to "input_version".
541 */
542 if ((input_version & FFA_VERSION_BIT31_MASK) ||
543 (ctx->state == SPMC_STATE_RESET)) {
544 ret = FFA_ERROR_NOT_SUPPORTED;
545 } else if (!secure_origin) {
546 ret = MAKE_FFA_VERSION(spmc_attrs.major_version,
547 spmc_attrs.minor_version);
548 } else {
549 ret = MAKE_FFA_VERSION(FFA_VERSION_MAJOR,
550 FFA_VERSION_MINOR);
551 }
552
553 SMC_RET8(handle, (uint32_t)ret, FFA_TARGET_INFO_MBZ,
554 FFA_TARGET_INFO_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ,
555 FFA_PARAM_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ);
556 break; /* not reached */
557
558 case FFA_FEATURES:
559 /*
560 * This is an optional interface. Do the minimal checks and
561 * forward to SPM Core which will handle it if implemented.
562 */
563
564 /* Forward SMC from Normal world to the SPM Core */
565 if (!secure_origin) {
566 return spmd_smc_forward(smc_fid, secure_origin,
567 x1, x2, x3, x4, handle);
568 }
569
570 /*
571 * Return success if call was from secure world i.e. all
572 * FFA functions are supported. This is essentially a
573 * nop.
574 */
575 SMC_RET8(handle, FFA_SUCCESS_SMC32, x1, x2, x3, x4,
576 SMC_GET_GP(handle, CTX_GPREG_X5),
577 SMC_GET_GP(handle, CTX_GPREG_X6),
578 SMC_GET_GP(handle, CTX_GPREG_X7));
579
580 break; /* not reached */
581
582 case FFA_ID_GET:
583 /*
584 * Returns the ID of the calling FFA component.
585 */
586 if (!secure_origin) {
587 SMC_RET8(handle, FFA_SUCCESS_SMC32,
588 FFA_TARGET_INFO_MBZ, FFA_NS_ENDPOINT_ID,
589 FFA_PARAM_MBZ, FFA_PARAM_MBZ,
590 FFA_PARAM_MBZ, FFA_PARAM_MBZ,
591 FFA_PARAM_MBZ);
592 }
593
594 SMC_RET8(handle, FFA_SUCCESS_SMC32,
595 FFA_TARGET_INFO_MBZ, spmc_attrs.spmc_id,
596 FFA_PARAM_MBZ, FFA_PARAM_MBZ,
597 FFA_PARAM_MBZ, FFA_PARAM_MBZ,
598 FFA_PARAM_MBZ);
599
600 break; /* not reached */
601
602 case FFA_SECONDARY_EP_REGISTER_SMC64:
603 if (secure_origin) {
604 ret = spmd_pm_secondary_ep_register(x1);
605
606 if (ret < 0) {
607 SMC_RET8(handle, FFA_ERROR_SMC64,
608 FFA_TARGET_INFO_MBZ, ret,
609 FFA_PARAM_MBZ, FFA_PARAM_MBZ,
610 FFA_PARAM_MBZ, FFA_PARAM_MBZ,
611 FFA_PARAM_MBZ);
612 } else {
613 SMC_RET8(handle, FFA_SUCCESS_SMC64,
614 FFA_TARGET_INFO_MBZ, FFA_PARAM_MBZ,
615 FFA_PARAM_MBZ, FFA_PARAM_MBZ,
616 FFA_PARAM_MBZ, FFA_PARAM_MBZ,
617 FFA_PARAM_MBZ);
618 }
619 }
620
621 return spmd_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED);
622 break; /* Not reached */
623
624 case FFA_SPM_ID_GET:
625 if (MAKE_FFA_VERSION(1, 1) > FFA_VERSION_COMPILED) {
626 return spmd_ffa_error_return(handle,
627 FFA_ERROR_NOT_SUPPORTED);
628 }
629 /*
630 * Returns the ID of the SPMC or SPMD depending on the FF-A
631 * instance where this function is invoked
632 */
633 if (!secure_origin) {
634 SMC_RET8(handle, FFA_SUCCESS_SMC32,
635 FFA_TARGET_INFO_MBZ, spmc_attrs.spmc_id,
636 FFA_PARAM_MBZ, FFA_PARAM_MBZ,
637 FFA_PARAM_MBZ, FFA_PARAM_MBZ,
638 FFA_PARAM_MBZ);
639 }
640 SMC_RET8(handle, FFA_SUCCESS_SMC32,
641 FFA_TARGET_INFO_MBZ, SPMD_DIRECT_MSG_ENDPOINT_ID,
642 FFA_PARAM_MBZ, FFA_PARAM_MBZ,
643 FFA_PARAM_MBZ, FFA_PARAM_MBZ,
644 FFA_PARAM_MBZ);
645
646 break; /* not reached */
647
648 case FFA_MSG_SEND_DIRECT_REQ_SMC32:
649 if (secure_origin && spmd_is_spmc_message(x1)) {
650 ret = spmd_handle_spmc_message(x3, x4,
651 SMC_GET_GP(handle, CTX_GPREG_X5),
652 SMC_GET_GP(handle, CTX_GPREG_X6),
653 SMC_GET_GP(handle, CTX_GPREG_X7));
654
655 SMC_RET8(handle, FFA_SUCCESS_SMC32,
656 FFA_TARGET_INFO_MBZ, ret,
657 FFA_PARAM_MBZ, FFA_PARAM_MBZ,
658 FFA_PARAM_MBZ, FFA_PARAM_MBZ,
659 FFA_PARAM_MBZ);
660 } else {
661 /* Forward direct message to the other world */
662 return spmd_smc_forward(smc_fid, secure_origin,
663 x1, x2, x3, x4, handle);
664 }
665 break; /* Not reached */
666
667 case FFA_MSG_SEND_DIRECT_RESP_SMC32:
668 if (secure_origin && spmd_is_spmc_message(x1)) {
669 spmd_spm_core_sync_exit(0ULL);
670 } else {
671 /* Forward direct message to the other world */
672 return spmd_smc_forward(smc_fid, secure_origin,
673 x1, x2, x3, x4, handle);
674 }
675 break; /* Not reached */
676
677 case FFA_RX_RELEASE:
678 case FFA_RXTX_MAP_SMC32:
679 case FFA_RXTX_MAP_SMC64:
680 case FFA_RXTX_UNMAP:
681 case FFA_PARTITION_INFO_GET:
682 #if MAKE_FFA_VERSION(1, 1) <= FFA_VERSION_COMPILED
683 case FFA_NOTIFICATION_BITMAP_CREATE:
684 case FFA_NOTIFICATION_BITMAP_DESTROY:
685 case FFA_NOTIFICATION_BIND:
686 case FFA_NOTIFICATION_UNBIND:
687 case FFA_NOTIFICATION_SET:
688 case FFA_NOTIFICATION_GET:
689 case FFA_NOTIFICATION_INFO_GET:
690 case FFA_NOTIFICATION_INFO_GET_SMC64:
691 #endif
692 /*
693 * Above calls should not be forwarded from Secure world to
694 * Normal world.
695 *
696 * Fall through to forward the call to the other world
697 */
698 case FFA_MSG_RUN:
699 /* This interface must be invoked only by the Normal world */
700
701 if (secure_origin) {
702 return spmd_ffa_error_return(handle,
703 FFA_ERROR_NOT_SUPPORTED);
704 }
705
706 /* Fall through to forward the call to the other world */
707 case FFA_MSG_SEND:
708 case FFA_MSG_SEND_DIRECT_REQ_SMC64:
709 case FFA_MSG_SEND_DIRECT_RESP_SMC64:
710 case FFA_MEM_DONATE_SMC32:
711 case FFA_MEM_DONATE_SMC64:
712 case FFA_MEM_LEND_SMC32:
713 case FFA_MEM_LEND_SMC64:
714 case FFA_MEM_SHARE_SMC32:
715 case FFA_MEM_SHARE_SMC64:
716 case FFA_MEM_RETRIEVE_REQ_SMC32:
717 case FFA_MEM_RETRIEVE_REQ_SMC64:
718 case FFA_MEM_RETRIEVE_RESP:
719 case FFA_MEM_RELINQUISH:
720 case FFA_MEM_RECLAIM:
721 case FFA_SUCCESS_SMC32:
722 case FFA_SUCCESS_SMC64:
723 /*
724 * TODO: Assume that no requests originate from EL3 at the
725 * moment. This will change if a SP service is required in
726 * response to secure interrupts targeted to EL3. Until then
727 * simply forward the call to the Normal world.
728 */
729
730 return spmd_smc_forward(smc_fid, secure_origin,
731 x1, x2, x3, x4, handle);
732 break; /* not reached */
733
734 case FFA_MSG_WAIT:
735 /*
736 * Check if this is the first invocation of this interface on
737 * this CPU from the Secure world. If so, then indicate that the
738 * SPM Core initialised successfully.
739 */
740 if (secure_origin && (ctx->state == SPMC_STATE_ON_PENDING)) {
741 spmd_spm_core_sync_exit(0ULL);
742 }
743
744 /* Fall through to forward the call to the other world */
745 case FFA_INTERRUPT:
746 case FFA_MSG_YIELD:
747 /* This interface must be invoked only by the Secure world */
748 if (!secure_origin) {
749 return spmd_ffa_error_return(handle,
750 FFA_ERROR_NOT_SUPPORTED);
751 }
752
753 return spmd_smc_forward(smc_fid, secure_origin,
754 x1, x2, x3, x4, handle);
755 break; /* not reached */
756
757 case FFA_NORMAL_WORLD_RESUME:
758 if (secure_origin && ctx->secure_interrupt_ongoing) {
759 spmd_spm_core_sync_exit(0ULL);
760 } else {
761 return spmd_ffa_error_return(handle, FFA_ERROR_DENIED);
762 }
763 break; /* Not reached */
764
765 default:
766 WARN("SPM: Unsupported call 0x%08x\n", smc_fid);
767 return spmd_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED);
768 }
769 }
770