StandaloneMmCore: Apply embedded StandaloneMm Stack in StandaloneMmEn…

…tryPoint There are 2 communication interfaces between the SPMC and StandaloneMM 1. SpmMM 2. FF-A When SpmMM is enabled, TF-A acts as the SPMC at EL3 and the stack is setup by TF-A for use by StandaloneMm. However, when FF-A is enabled, the SPMC does not setup the stack for StandaloneMm and it is expected that the StandaloneMm code will setup its own stack. Therefore, reserve an area in the data region for use as the stack for StandaloneMM. This stack will be used in both the scenarios described above, i.e. when either SpmMM or FF-A is enabled. Although the stack is reserved from the data section which is expected to be Read-Write enabled, when TF-A maps the StandaloneMM binary into the DRAM it configures the entire StandaloneMM memory as Read-Only. Therefore, before the stack can be utilised, the PE Coff sections need to be scanned to change the the stack region from Read-Only to Read-Write. Signed-off-by: Levi Yun <[email protected]> Change-Id: Ic2b7808427e5414cc6d8f4fb79e7dc567a4afdd9
tianocore · Sep 24, 2024 · cb06ebe · cb06ebe
1 parent a170673
commit cb06ebe
Show file tree

Hide file tree

Showing 5 changed files with 478 additions and 11 deletions.
diff --git a/StandaloneMmPkg/Include/Library/Arm/StandaloneMmCoreEntryPoint.h b/StandaloneMmPkg/Include/Library/Arm/StandaloneMmCoreEntryPoint.h
@@ -16,7 +16,7 @@
   @par Reference(s):
     - Transfer List [https://github.com/FirmwareHandoff/firmware_handoff]
     - Secure Partition Manager [https://trustedfirmware-a.readthedocs.io/en/latest/components/secure-partition-manager-mm.html].
-    - Arm Firmware Framework for Arm A-Profile [https://developer.arm.com/documentation/den0077/j/?lang=en]
+    - Arm Firmware Framework for Arm A-Profile [https://developer.arm.com/documentation/den0077/latest]
 
 **/
 
@@ -214,17 +214,24 @@ LocateStandaloneMmCorePeCoffData (
   );
 
 /**
-  The entry point of Standalone MM Foundation.
-
-  @param  [in]  Arg0        Boot information passed according to boot protocol.
-  @param  [in]  Arg1        Boot information passed according to boot protocol.
-  @param  [in]  Arg2        Boot information passed according to boot protocol.
-  @param  [in]  Arg3        Boot information passed according to boot protocol.
+  The handoff between the SPMC to StandaloneMM depends on the
+  communication interface between the SPMC and StandaloneMM.
+  When SpmMM is used, the handoff is implemented using the
+  Firmware Handoff protocol. When FF-A is used the FF-A boot
+  protocol is used.
+
+  @param  [in]  Arg0        In case of FF-A, address of FF-A boot information
+                            In case of SPM_MM, this parameter must be zero
+  @param  [in]  Arg1        In case of FF-A, this parameter must be zero
+                            In case of SPM_MM, Signature and register convention version
+  @param  [in]  Arg2        Must be zero
+  @param  [in]  Arg3        In case of FF-A, this parameter must be zero
+                            In case of SPM_MM, address of transfer list
 
 **/
 VOID
 EFIAPI
-_ModuleEntryPoint (
+CEntryPoint (
   IN UINTN  Arg0,
   IN UINTN  Arg1,
   IN UINTN  Arg2,
@@ -234,7 +241,7 @@ _ModuleEntryPoint (
 /**
   Auto generated function that calls the library constructors for all of the module's dependent libraries.
 
-  This function must be called by _ModuleEntryPoint().
+  This function must be called by CEntryPoint().
   This function calls the set of library constructors for the set of library instances
   that a module depends on.  This includes library instances that a module depends on
   directly and library instances that a module depends on indirectly through other
@@ -257,7 +264,7 @@ ProcessLibraryConstructorList (
 /**
   Auto generated function that calls a set of module entry points.
 
-  This function must be called by _ModuleEntryPoint().
+  This function must be called by CEntryPoint().
   This function calls the set of module entry points.
   This function is auto generated by build tools and those build tools are responsible
   for collecting the module entry points and calling them in a specified order.

diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/Arm/ModuleEntryPoint32.S b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/Arm/ModuleEntryPoint32.S
@@ -0,0 +1,220 @@
+#------------------------------------------------------------------------------
+#
+# Entrypoint of StandaloneMm.
+#
+# Copyright (c) 2024, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# @par Reference(s):
+#   - [1] SPM based on the MM interface.
+#        (https://trustedfirmware-a.readthedocs.io/en/latest/components/
+#         secure-partition-manager-mm.html)
+#   - [2] Arm Firmware Framework for Armv8-A, DEN0077, version 1.2
+#        (https://developer.arm.com/documentation/den0077/latest/)
+#   - [3] FF-A Memory Management Protocol for Armv8-A, DEN0140, version 1.2
+#        (https://developer.arm.com/documentation/den0140/latest/)
+#
+#------------------------------------------------------------------------------
+
+#include <AsmMacroIoLib.h>
+#include <IndustryStandard/ArmMmSvc.h>
+#include <IndustryStandard/ArmFfaSvc.h>
+#include <Uefi/UefiBaseType.h>
+
+.data
+.section .data.stmm_stack, "aw"
+.align 12
+// Define a data section to be used for setting up the
+// stack for StandaloneMm
+stmm_stack:
+.zero FixedPcdGet32 (PcdStMmStackSize)
+
+.text
+//
+// Check whether it is possible to use FF-A.
+// If FF-A can use, return TRUE. otherwise return FALSE.
+//
+// BOOLEAN
+// EFIAPI
+// CheckFfaSupport (
+//   VOID
+//   )
+//
+ASM_FUNC(CheckFfaSupport)
+  //
+  // Try to check FF-A support via FFA_VERSION
+  // See [2], Section 13.2 FFA_VERSION
+  //
+  MOV32 (r0, ARM_FID_FFA_VERSION)
+
+  // Set r1 as request version.
+  MOV32 (r1, ARM_FFA_CREATE_VERSION (
+               ARM_FFA_MAJOR_VERSION,
+               ARM_FFA_MINOR_VERSION))
+
+  svc #0
+
+  // Set r4 as ARM_FFA_RET_NOT_SUPPORTED (-1)
+  mvn r4, #0x00
+
+  cmp r0, r4
+  movne r0, #0x01
+  moveq r0, #0x00
+  mov r4, #0x00
+  bx lr
+
+//
+// Set write memory permission on StandaloneMm stack area via FF-A request.
+// If success, return StMmStackBaseAddr. otherwise return 0.
+//
+// UINTN
+// EFIAPI
+// SetStackPermissionFfa (
+//   IN UINTN StMmStackTopAddr
+//   )
+//
+ASM_FUNC(SetStackPermissionFfa)
+  //
+  // Try to set write permission on stmm_stack with FF-A request
+  // See [3], Section 2.9 FFA_MEM_PERM_SET
+  //
+  MOV32 (r2, FixedPcdGet32 (PcdStMmStackSize))
+
+  // r1 = stmm_stack top
+  mov r1, r0
+
+  // r12 = Compute and save the stack base
+  add r12, r1, r2
+
+  // r2 = Count of pages of stmm_stack
+  lsr r2, r2, #EFI_PAGE_SHIFT
+
+  // r3 = Memory permission
+  MOV32 (r3,
+    ARM_FFA_SET_MEM_ATTR_MAKE_PERM_REQUEST (
+      ARM_FFA_SET_MEM_ATTR_DATA_PERM_RW,
+      ARM_FFA_SET_MEM_ATTR_CODE_PERM_XN))
+
+  MOV32 (r0, ARM_FID_FFA_MEM_PERM_SET)
+
+  // Call FFA_MEM_PERM_SET to set stmm_stack with write permission
+  // See [3], Section 2.9 FFA_MEM_PERM_SET
+  svc #0
+
+  // Check FFA_MEM_PERM_SET operation is success.
+  MOV32 (r5, ARM_FID_FFA_SUCCESS_AARCH32)
+  cmp r0, r5
+
+  // Set return value as base address of stack.
+  mov r0, r12
+  bne .Lout_set_stack_perm_ffa
+  // If failed, set return value as zero.
+  mov r0, #0x00
+
+.Lout_set_stack_perm_ffa:
+  // Initialise SP with temp stack
+  mov r5, #0x00
+  mov r12, #0x00
+  bx lr
+
+//
+// Set write memory permission on StandaloneMm stack area via SpmMm.
+// If success, return StMmStackTopAddr. otherwise return 0.
+//
+// UINTN
+// EFIAPI
+// SetStackPermissionSpmMm (
+//   IN UINTN StMmStackTopAddr
+//   )
+//
+ASM_FUNC(SetStackPermissionSpmMm)
+  //
+  // Try to set write permission on stmm_stack with SPM_MM request
+  // See [1], Section 4.16.5.5.1 MM_SP_MEMORY_ATTRIBUTES_SET_AARCH64.
+  //
+  MOV32 (r2, FixedPcdGet32 (PcdStMmStackSize))
+
+  // r1 = stmm_stack top
+  mov r1, r0
+
+  // r12 = Compute and save the stack base
+  add r12, r1, r2
+
+  // r2 = Count of pages of stmm_stack
+  lsr r2, r2, #EFI_PAGE_SHIFT
+
+  // r3 = Memory permission
+  MOV32 (r3,
+    ARM_SPM_MM_SET_MEM_ATTR_MAKE_PERM_REQUEST (
+      ARM_SPM_MM_SET_MEM_ATTR_DATA_PERM_RW,
+      ARM_SPM_MM_SET_MEM_ATTR_CODE_PERM_XN))
+
+  MOV32 (r0, ARM_FID_SPM_MM_SP_SET_MEM_ATTRIBUTES)
+
+  // Call SPM_MM_SP_SET_MEM_ATTRIBUTES to set stmm_stack with write permission
+  // See [1], Section 4.16.5.5.1 MM_SP_MEMORY_ATTRIBUTES_SET_AARCH64.
+  svc #0
+
+  MOV32 (r5, ARM_SPM_MM_RET_SUCCESS)
+  cmp r0, r5
+
+  // Set return value as base address of stack.
+  mov r0, r12
+  beq .Lout_set_stack_perm
+  // If failed, set return value as zero.
+  mov r0, #0x00
+
+.Lout_set_stack_perm:
+  mov r5, #0x00
+  mov r12, #0x00
+  bx lr
+
+//
+// Entry point of StandaloneMm
+//
+ASM_FUNC(_ModuleEntryPoint)
+  // Stash boot information registers from the SPMC
+  mov r8, r0
+  mov r9, r1
+  mov r10, r2
+  mov r11, r3
+
+  bl CheckFfaSupport
+  mov r1, r0
+
+  // Get StandaloneMm Stack top address and save in x0
+  LDRL(r0, stmm_stack)
+
+  // Set stack permission
+  cmp r1, #0x01
+  beq .Lset_stack_perm_ffa
+  bne .Lset_stack_perm_spm
+
+  // If SetStackPermission* failed, x0 is #0x00.
+  // Otherwise, x0 is base address of stack.
+.Lset_stmm_sp:
+  cmp r0, #0x00
+  bne .Lerror
+
+  mov sp, r0
+
+  // Restore boot information registers from the SPMC
+  mov r3, r11
+  mov r2, r10
+  mov r1, r9
+  mov r0, r8
+
+  // Invoke the C entrypoint
+  b     CEntryPoint
+
+.Lerror:
+  b .
+
+Lset_stack_perm_ffa:
+  bl SetStackPermissionFfa
+  b .Lset_stmm_sp
+
+.Lset_stack_perm_spm:
+  bl SetStackPermissionSpmMm
+  b .Lset_stmm_sp