From cb06ebe3c54e65516830f47c79b61e3377c58b3c Mon Sep 17 00:00:00 2001 From: Levi Yun Date: Wed, 21 Aug 2024 01:59:00 +0100 Subject: [PATCH] StandaloneMmCore: Apply embedded StandaloneMm Stack in StandaloneMmEntryPoint There are 2 communication interfaces between the SPMC and StandaloneMM 1. SpmMM 2. FF-A When SpmMM is enabled, TF-A acts as the SPMC at EL3 and the stack is setup by TF-A for use by StandaloneMm. However, when FF-A is enabled, the SPMC does not setup the stack for StandaloneMm and it is expected that the StandaloneMm code will setup its own stack. Therefore, reserve an area in the data region for use as the stack for StandaloneMM. This stack will be used in both the scenarios described above, i.e. when either SpmMM or FF-A is enabled. Although the stack is reserved from the data section which is expected to be Read-Write enabled, when TF-A maps the StandaloneMM binary into the DRAM it configures the entire StandaloneMM memory as Read-Only. Therefore, before the stack can be utilised, the PE Coff sections need to be scanned to change the the stack region from Read-Only to Read-Write. Signed-off-by: Levi Yun Change-Id: Ic2b7808427e5414cc6d8f4fb79e7dc567a4afdd9 --- .../Library/Arm/StandaloneMmCoreEntryPoint.h | 27 +- .../Arm/ModuleEntryPoint32.S | 220 +++++++++++++++++ .../Arm/ModuleEntryPoint64.S | 231 ++++++++++++++++++ .../Arm/StandaloneMmCoreEntryPoint.c | 2 +- .../StandaloneMmCoreEntryPoint.inf | 9 + 5 files changed, 478 insertions(+), 11 deletions(-) create mode 100644 StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/Arm/ModuleEntryPoint32.S create mode 100644 StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/Arm/ModuleEntryPoint64.S diff --git a/StandaloneMmPkg/Include/Library/Arm/StandaloneMmCoreEntryPoint.h b/StandaloneMmPkg/Include/Library/Arm/StandaloneMmCoreEntryPoint.h index dc02ecb2feb54..9dbb81010f1f6 100644 --- a/StandaloneMmPkg/Include/Library/Arm/StandaloneMmCoreEntryPoint.h +++ b/StandaloneMmPkg/Include/Library/Arm/StandaloneMmCoreEntryPoint.h @@ -16,7 +16,7 @@ @par Reference(s): - Transfer List [https://github.com/FirmwareHandoff/firmware_handoff] - Secure Partition Manager [https://trustedfirmware-a.readthedocs.io/en/latest/components/secure-partition-manager-mm.html]. - - Arm Firmware Framework for Arm A-Profile [https://developer.arm.com/documentation/den0077/j/?lang=en] + - Arm Firmware Framework for Arm A-Profile [https://developer.arm.com/documentation/den0077/latest] **/ @@ -214,17 +214,24 @@ LocateStandaloneMmCorePeCoffData ( ); /** - The entry point of Standalone MM Foundation. - - @param [in] Arg0 Boot information passed according to boot protocol. - @param [in] Arg1 Boot information passed according to boot protocol. - @param [in] Arg2 Boot information passed according to boot protocol. - @param [in] Arg3 Boot information passed according to boot protocol. + The handoff between the SPMC to StandaloneMM depends on the + communication interface between the SPMC and StandaloneMM. + When SpmMM is used, the handoff is implemented using the + Firmware Handoff protocol. When FF-A is used the FF-A boot + protocol is used. + + @param [in] Arg0 In case of FF-A, address of FF-A boot information + In case of SPM_MM, this parameter must be zero + @param [in] Arg1 In case of FF-A, this parameter must be zero + In case of SPM_MM, Signature and register convention version + @param [in] Arg2 Must be zero + @param [in] Arg3 In case of FF-A, this parameter must be zero + In case of SPM_MM, address of transfer list **/ VOID EFIAPI -_ModuleEntryPoint ( +CEntryPoint ( IN UINTN Arg0, IN UINTN Arg1, IN UINTN Arg2, @@ -234,7 +241,7 @@ _ModuleEntryPoint ( /** Auto generated function that calls the library constructors for all of the module's dependent libraries. - This function must be called by _ModuleEntryPoint(). + This function must be called by CEntryPoint(). This function calls the set of library constructors for the set of library instances that a module depends on. This includes library instances that a module depends on directly and library instances that a module depends on indirectly through other @@ -257,7 +264,7 @@ ProcessLibraryConstructorList ( /** Auto generated function that calls a set of module entry points. - This function must be called by _ModuleEntryPoint(). + This function must be called by CEntryPoint(). This function calls the set of module entry points. This function is auto generated by build tools and those build tools are responsible for collecting the module entry points and calling them in a specified order. diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/Arm/ModuleEntryPoint32.S b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/Arm/ModuleEntryPoint32.S new file mode 100644 index 0000000000000..0c2fc461a7c6a --- /dev/null +++ b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/Arm/ModuleEntryPoint32.S @@ -0,0 +1,220 @@ +#------------------------------------------------------------------------------ +# +# Entrypoint of StandaloneMm. +# +# Copyright (c) 2024, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# @par Reference(s): +# - [1] SPM based on the MM interface. +# (https://trustedfirmware-a.readthedocs.io/en/latest/components/ +# secure-partition-manager-mm.html) +# - [2] Arm Firmware Framework for Armv8-A, DEN0077, version 1.2 +# (https://developer.arm.com/documentation/den0077/latest/) +# - [3] FF-A Memory Management Protocol for Armv8-A, DEN0140, version 1.2 +# (https://developer.arm.com/documentation/den0140/latest/) +# +#------------------------------------------------------------------------------ + +#include +#include +#include +#include + +.data +.section .data.stmm_stack, "aw" +.align 12 +// Define a data section to be used for setting up the +// stack for StandaloneMm +stmm_stack: +.zero FixedPcdGet32 (PcdStMmStackSize) + +.text +// +// Check whether it is possible to use FF-A. +// If FF-A can use, return TRUE. otherwise return FALSE. +// +// BOOLEAN +// EFIAPI +// CheckFfaSupport ( +// VOID +// ) +// +ASM_FUNC(CheckFfaSupport) + // + // Try to check FF-A support via FFA_VERSION + // See [2], Section 13.2 FFA_VERSION + // + MOV32 (r0, ARM_FID_FFA_VERSION) + + // Set r1 as request version. + MOV32 (r1, ARM_FFA_CREATE_VERSION ( + ARM_FFA_MAJOR_VERSION, + ARM_FFA_MINOR_VERSION)) + + svc #0 + + // Set r4 as ARM_FFA_RET_NOT_SUPPORTED (-1) + mvn r4, #0x00 + + cmp r0, r4 + movne r0, #0x01 + moveq r0, #0x00 + mov r4, #0x00 + bx lr + +// +// Set write memory permission on StandaloneMm stack area via FF-A request. +// If success, return StMmStackBaseAddr. otherwise return 0. +// +// UINTN +// EFIAPI +// SetStackPermissionFfa ( +// IN UINTN StMmStackTopAddr +// ) +// +ASM_FUNC(SetStackPermissionFfa) + // + // Try to set write permission on stmm_stack with FF-A request + // See [3], Section 2.9 FFA_MEM_PERM_SET + // + MOV32 (r2, FixedPcdGet32 (PcdStMmStackSize)) + + // r1 = stmm_stack top + mov r1, r0 + + // r12 = Compute and save the stack base + add r12, r1, r2 + + // r2 = Count of pages of stmm_stack + lsr r2, r2, #EFI_PAGE_SHIFT + + // r3 = Memory permission + MOV32 (r3, + ARM_FFA_SET_MEM_ATTR_MAKE_PERM_REQUEST ( + ARM_FFA_SET_MEM_ATTR_DATA_PERM_RW, + ARM_FFA_SET_MEM_ATTR_CODE_PERM_XN)) + + MOV32 (r0, ARM_FID_FFA_MEM_PERM_SET) + + // Call FFA_MEM_PERM_SET to set stmm_stack with write permission + // See [3], Section 2.9 FFA_MEM_PERM_SET + svc #0 + + // Check FFA_MEM_PERM_SET operation is success. + MOV32 (r5, ARM_FID_FFA_SUCCESS_AARCH32) + cmp r0, r5 + + // Set return value as base address of stack. + mov r0, r12 + bne .Lout_set_stack_perm_ffa + // If failed, set return value as zero. + mov r0, #0x00 + +.Lout_set_stack_perm_ffa: + // Initialise SP with temp stack + mov r5, #0x00 + mov r12, #0x00 + bx lr + +// +// Set write memory permission on StandaloneMm stack area via SpmMm. +// If success, return StMmStackTopAddr. otherwise return 0. +// +// UINTN +// EFIAPI +// SetStackPermissionSpmMm ( +// IN UINTN StMmStackTopAddr +// ) +// +ASM_FUNC(SetStackPermissionSpmMm) + // + // Try to set write permission on stmm_stack with SPM_MM request + // See [1], Section 4.16.5.5.1 MM_SP_MEMORY_ATTRIBUTES_SET_AARCH64. + // + MOV32 (r2, FixedPcdGet32 (PcdStMmStackSize)) + + // r1 = stmm_stack top + mov r1, r0 + + // r12 = Compute and save the stack base + add r12, r1, r2 + + // r2 = Count of pages of stmm_stack + lsr r2, r2, #EFI_PAGE_SHIFT + + // r3 = Memory permission + MOV32 (r3, + ARM_SPM_MM_SET_MEM_ATTR_MAKE_PERM_REQUEST ( + ARM_SPM_MM_SET_MEM_ATTR_DATA_PERM_RW, + ARM_SPM_MM_SET_MEM_ATTR_CODE_PERM_XN)) + + MOV32 (r0, ARM_FID_SPM_MM_SP_SET_MEM_ATTRIBUTES) + + // Call SPM_MM_SP_SET_MEM_ATTRIBUTES to set stmm_stack with write permission + // See [1], Section 4.16.5.5.1 MM_SP_MEMORY_ATTRIBUTES_SET_AARCH64. + svc #0 + + MOV32 (r5, ARM_SPM_MM_RET_SUCCESS) + cmp r0, r5 + + // Set return value as base address of stack. + mov r0, r12 + beq .Lout_set_stack_perm + // If failed, set return value as zero. + mov r0, #0x00 + +.Lout_set_stack_perm: + mov r5, #0x00 + mov r12, #0x00 + bx lr + +// +// Entry point of StandaloneMm +// +ASM_FUNC(_ModuleEntryPoint) + // Stash boot information registers from the SPMC + mov r8, r0 + mov r9, r1 + mov r10, r2 + mov r11, r3 + + bl CheckFfaSupport + mov r1, r0 + + // Get StandaloneMm Stack top address and save in x0 + LDRL(r0, stmm_stack) + + // Set stack permission + cmp r1, #0x01 + beq .Lset_stack_perm_ffa + bne .Lset_stack_perm_spm + + // If SetStackPermission* failed, x0 is #0x00. + // Otherwise, x0 is base address of stack. +.Lset_stmm_sp: + cmp r0, #0x00 + bne .Lerror + + mov sp, r0 + + // Restore boot information registers from the SPMC + mov r3, r11 + mov r2, r10 + mov r1, r9 + mov r0, r8 + + // Invoke the C entrypoint + b CEntryPoint + +.Lerror: + b . + +Lset_stack_perm_ffa: + bl SetStackPermissionFfa + b .Lset_stmm_sp + +.Lset_stack_perm_spm: + bl SetStackPermissionSpmMm + b .Lset_stmm_sp diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/Arm/ModuleEntryPoint64.S b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/Arm/ModuleEntryPoint64.S new file mode 100644 index 0000000000000..a251cd05cfa87 --- /dev/null +++ b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/Arm/ModuleEntryPoint64.S @@ -0,0 +1,231 @@ +#------------------------------------------------------------------------------ +# +# Entrypoint of StandaloneMm. +# +# Copyright (c) 2024, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# @par Reference(s): +# - [1] SPM based on the MM interface. +# (https://trustedfirmware-a.readthedocs.io/en/latest/components/ +# secure-partition-manager-mm.html) +# - [2] Arm Firmware Framework for Armv8-A, DEN0077, version 1.2 +# (https://developer.arm.com/documentation/den0077/latest/) +# - [3] FF-A Memory Management Protocol for Armv8-A, DEN0140, version 1.2 +# (https://developer.arm.com/documentation/den0140/latest/) +# +#------------------------------------------------------------------------------ + +#include +#include +#include +#include + +.data +.section .data.stmm_stack, "aw" +.align 12 +// Define a data section to be used for setting up the +// stack for StandaloneMm +stmm_stack: +.zero FixedPcdGet32 (PcdStMmStackSize) + +.text +// +// Check whether it is possible to use FF-A. +// If FF-A is supported return TRUE, otherwise return FALSE. +// +// BOOLEAN +// EFIAPI +// CheckFfaSupport ( +// VOID +// ) +// +ASM_FUNC(CheckFfaSupport) + // + // Try to check FF-A support via FFA_VERSION + // See [2], Section 13.2 FFA_VERSION + // + MOV32 (x0, ARM_FID_FFA_VERSION) + + // Set x1 as request version. + MOV32 (x1, ARM_FFA_CREATE_VERSION ( + ARM_FFA_MAJOR_VERSION, + ARM_FFA_MINOR_VERSION)) + + svc #0 + + MOV64 (x9, ARM_FFA_RET_NOT_SUPPORTED) + cmp x0, x9 + cset x0, ne + mov x9, xzr + ret + +// +// Set write memory permission on StandaloneMm stack area via FF-A request. +// If success, return StMmStackBaseAddr. otherwise return 0. +// +// UINTN +// EFIAPI +// SetStackPermissionFfa ( +// IN UINTN StMmStackTopAddr +// ) +// +ASM_FUNC(SetStackPermissionFfa) + // + // Try to set write permission on stmm_stack with FF-A request + // See [3], Section 2.9 FFA_MEM_PERM_SET + // + MOV32 (x2, FixedPcdGet32 (PcdStMmStackSize)) + + // x1 = stmm_stack top + mov x1, x0 + + // x12 = Compute and save the stack base + add x12, x1, x2 + + // x2 = Count of pages of stmm_stack + lsr x2, x2, #EFI_PAGE_SHIFT + + // x3 = Memory permission + MOV32 (x3, + ARM_FFA_SET_MEM_ATTR_MAKE_PERM_REQUEST ( + ARM_FFA_SET_MEM_ATTR_DATA_PERM_RW, + ARM_FFA_SET_MEM_ATTR_CODE_PERM_XN)) + + MOV32 (x0, ARM_FID_FFA_MEM_PERM_SET) + + // Call FFA_MEM_PERM_SET to set stmm_stack with write permission + // See [3], Section 2.9 FFA_MEM_PERM_SET + svc #0 + + // Check FFA_MEM_PERM_SET operation is success. + mov x10, #0x00 + MOV32 (x11, ARM_FID_FFA_SUCCESS_AARCH64) + cmp x0, x11 + cinc x10, x10, eq + MOV32 (x11, ARM_FID_FFA_SUCCESS_AARCH32) + cmp x0, x11 + cinc x10, x10, eq + cmp x10, #0x00 + + // Set return value as base address of stack. + mov x0, x12 + b.ne .Lout_set_stack_perm_ffa + // If failed, set return value as zero. + mov x0, #0x00 + +.Lout_set_stack_perm_ffa: + mov x9, xzr + mov x10, xzr + mov x11, xzr + mov x12, xzr + ret + +// +// Set write memory permission on StandaloneMm stack area via SpmMm. +// If success, return StMmStackTopAddr. otherwise return 0. +// +// UINTN +// EFIAPI +// SetStackPermissionSpmMm ( +// IN UINTN StMmStackTopAddr +// ) +// +ASM_FUNC(SetStackPermissionSpmMm) + // + // Try to set write permission on stmm_stack with SPM_MM request + // See [1], Section 4.16.5.5.1 MM_SP_MEMORY_ATTRIBUTES_SET_AARCH64. + // + MOV32 (x2, FixedPcdGet32 (PcdStMmStackSize)) + + // x1 = stmm_stack top + mov x1, x0 + + // x12 = Compute and save the stack base + add x12, x1, x2 + + // x2 = Count of pages of stmm_stack + lsr x2, x2, #EFI_PAGE_SHIFT + + // x3 = Memory permission + MOV32 (x3, + ARM_SPM_MM_SET_MEM_ATTR_MAKE_PERM_REQUEST ( + ARM_SPM_MM_SET_MEM_ATTR_DATA_PERM_RW, + ARM_SPM_MM_SET_MEM_ATTR_CODE_PERM_XN)) + + MOV32 (x0, ARM_FID_SPM_MM_SP_SET_MEM_ATTRIBUTES) + + // Call SPM_MM_SP_SET_MEM_ATTRIBUTES to set stmm_stack with write permission + // See [1], Section 4.16.5.5.1 MM_SP_MEMORY_ATTRIBUTES_SET_AARCH64. + svc #0 + + cmp x0, #ARM_SPM_MM_RET_SUCCESS + + // Set return value as base address of stack. + mov x0, x12 + b.eq .Lout_set_stack_perm + // If failed, set return value as zero. + mov x0, #0x00 + +.Lout_set_stack_perm: + mov x9, xzr + mov x12, xzr + ret + +// +// Entry point of StandaloneMm +// +ASM_FUNC(_ModuleEntryPoint) + // Stash boot information registers from the SPMC + mov x19, x0 + mov x20, x1 + mov x21, x2 + mov x22, x3 + mov x23, x4 + + bl CheckFfaSupport + mov x1, x0 + + // Get StandaloneMm Stack top address and save in x0 + adrp x4, stmm_stack + mov x0, x4 + + // Set stack permission + cmp x1, #0x01 + b.eq .Lset_stack_perm_ffa + b.ne .Lset_stack_perm_spm + + // If SetStackPermission* failed, x0 is #0x00. + // Otherwise, x0 is base address of stack. +.Lset_stmm_sp: + cmp x0, #0x00 + b.eq .Lerror + + mov sp, x0 + + // Restore boot information registers from the SPMC + mov x0, x19 + mov x1, x20 + mov x2, x21 + mov x3, x22 + mov x4, x23 + mov x19, xzr + mov x20, xzr + mov x21, xzr + mov x22, xzr + mov x23, xzr + + // Invoke the C entrypoint + b CEntryPoint + +.Lerror: + b . + +.Lset_stack_perm_ffa: + bl SetStackPermissionFfa + b .Lset_stmm_sp + +.Lset_stack_perm_spm: + bl SetStackPermissionSpmMm + b .Lset_stmm_sp diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/Arm/StandaloneMmCoreEntryPoint.c b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/Arm/StandaloneMmCoreEntryPoint.c index f4e2c6b520508..d6218b1a427be 100644 --- a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/Arm/StandaloneMmCoreEntryPoint.c +++ b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/Arm/StandaloneMmCoreEntryPoint.c @@ -974,7 +974,7 @@ DelegatedEventLoop ( **/ VOID EFIAPI -_ModuleEntryPoint ( +CEntryPoint ( IN UINTN Arg0, IN UINTN Arg1, IN UINTN Arg2, diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMmCoreEntryPoint.inf b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMmCoreEntryPoint.inf index 80740245e9f17..14d42258e79fa 100644 --- a/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMmCoreEntryPoint.inf +++ b/StandaloneMmPkg/Library/StandaloneMmCoreEntryPoint/StandaloneMmCoreEntryPoint.inf @@ -25,6 +25,12 @@ Arm/StandaloneMmCoreEntryPoint.c Arm/SetPermissions.c +[Sources.AARCH64] + Arm/ModuleEntryPoint64.S + +[Sources.ARM] + Arm/ModuleEntryPoint32.S + [Sources.X64] X64/StandaloneMmCoreEntryPoint.c @@ -58,6 +64,9 @@ gEdkiiPiMmCpuDriverEpProtocolGuid gEfiMmCommunication2ProtocolGuid +[FixedPcd.ARM, FixedPcd.AARCH64] + gArmTokenSpaceGuid.PcdStMmStackSize + # # This configuration fails for CLANGPDB, which does not support PIE in the GCC # sense. Such however is required for ARM family StandaloneMmCore