ArmGicEndOfInterrupt () is never used: the v2 and v3 versions of the
driver call respective specific versions directly, and so this API can
be removed.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
ArmGicSendSgiTo () is never used, and is fundamentally tied to multi-CPU
operation which is no longer supported. So drop the implementation.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
The ArmGicLib API exposes ArmGicEnableInterruptInterface () and
ArmGicDisableInterruptInterface (), but only the former is actually
used, and only from the GICv2 driver. So drop the API entirely, and
invoke the v2 version of the underlying interface directly.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Support for GICv2 legacy mode was introduced to accommodate secure world
firmware that was lagging behind in terms of development, and was
running the GIC in v2 mode on the secure side for lack of a GICv3
driver.
As per the GIC architecture, the non-secure world can only run the GIC
in v3 mode if the secure world does so too.
At this point, there is no longer a need to for this fallback: GICv2
support it still needed for platforms such as Raspberry Pi 4 that do not
implement GICv3 at all. But on platforms that do implement it, falling
back to GICv2 is unnecessary.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
STATIC_ASSERT is #define'd to a compiler specific value, based on
built-in macros exposed by those compilers. If none of those are found,
an #error is raised.
This breaks the DTCPP build rule, which relies on the C preprocessor
for header file inclusion and value substitution, but doesn't define any
of the compiler macros we look for.
So drop the error case. If STATIC_ASSERT is used without a definition,
an error will be raised anyway.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
StandaloneMmCpu driver is only used for Arm architecture and
StandaloneMmCoreEntryPointLib for Arm has specific implementation with
StandaloneMmCpu driver.
Move StandaloneMmCpu Driver and StandaloneMmCoreEntryPointLib for Arm
to ArmPkg.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
The default ExtractGuidedSectionLib used by Standalone MM is the
implementation in EmbeddedPkg. However, the ExtractGuidedSectionLib
implementation in EmbeddedPkg builds HOBs to save the extract handler
information.
Since StandaloneMm is consumer of HOB, not a HOB producer, introduce
a StandaloneMmExtraGuidedSectionLib implementation that saves the
extract handler information in the ConfigurationTable.
This StandaloneMmExtraGuidedSectionLib can be used by MM_STANDALONE
and MM_CORE_STANDALONE modules.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
StandaloneMm in Arm is UP-migratable which means StandaloneMm
cannot run concurrently.
Therefore, remove per-cpu feature in StandaloneMm.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Arm has three types of communication buffer
- Non secure communication buffer: shared buffer with NS partition
- Secure communication buffer: shared buffer with Secure partition
- Internal Misc service buffer: For misc service
i.e. for services that do not use MmCommunication protocol,
a buffer is created and populated internally.
Since, internal Misc service buffer is allocated dynamically in
StandaloneMm there is no additional check required for the Misc
service buffer.
This patch move sanity check of communication buffer from
StandaloneMmCpu Driver to StandaloneMmEntryPoint.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
There are 2 communication interfaces between the SPMC and StandaloneMM
1. SpmMM
2. FF-A
When SpmMM is enabled, TF-A acts as the SPMC at EL3 and the stack is setup
by TF-A for use by StandaloneMm. However, when FF-A is enabled, the SPMC
does not setup the stack for StandaloneMm and it is expected that the
StandaloneMm code will setup its own stack.
Therefore, reserve an area in the data region for use as the stack for
StandaloneMM. This stack will be used in both the scenarios described
above, i.e. when either SpmMM or FF-A is enabled.
Although the stack is reserved from the data section which is expected
to be Read-Write enabled, when TF-A maps the StandaloneMM binary into
the DRAM it configures the entire StandaloneMM memory as Read-Only.
Therefore, before the stack can be utilised, the PE Coff sections
need to be scanned to change the the stack region from Read-Only to
Read-Write.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
StandaloneMm Arm uses stack allocated in data section.
This patch adds Pcd which specify the stack size of StandaloneMm.
Signed-off-by: levi.yun <yeoreum.yun@arm.com>
On Arm all requests are handled as Asynchronous events by the Root
MMI handler.
Since the communication data is conveyed using either the NS shared
buffer or the Secure shared buffer, the Arm implementation does not
setup the mCommunicationBuffer. Therefore, the mCommunicationBuffer
being NULL is not an error case.
Moreover, the existing code switches to Asynchronous event processing
when the mCommunicationBuffer is NULL, which means that the log is an
info log rather than an error.
Therefore, change the log level from ERROR to INFO when the
mCommunicationBuffer is NULL.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
To support the service other than Mmcommunication service,
StandaloneMm should use FF-A v1.2 or later [0].
For this, StandaloneMm needs to change:
1. apply FF-A boot protocol
- FF-A uses its own boot protocol and it can deliver phit hob.
So, StandaloneMm should understand FF-A boot protocol and
get phit hob from it to initialize.
2. Use DIRECT_REQ2 / DIRECT_RESP2
- To support the other service via FF-A protocol
than MmCommunication,
StandaloneMm should use DIRECT_REQ2 / DIRECT_RESP2.
In case of service provided with MmCommunication protocol,
register x2/x3 value is set as gEfiMmCommunication2ProtocolGuid and
register x4 value is set with MmCommunication Buffer
(ServiceTypeMmCommunication).
In case of service with each speicifiation via FF-A,
register x2/x3 value is set as each service guid
and StandaloneMmCoreEntryPoint genreates Mm communication header
with passed arguments to dispatch this service
provided by StandaloneMm.
i.e) Tpm service, Firmware update service and etc.
(ServiceTypeMisc)
Link: https://developer.arm.com/documentation/den0077/latest/ [0]
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
The StandaloneMm implementation for Arm sets up the stack in
the early startup code using the data section reserved in the
assembly code.
When TF-A loads the StandaloneMM binary in the DRAM it maps
the entire StandaloneMM memory region as Read Only.
Therefore, the initial startup assembly code updates the mem
permissions of the stack region to Read Write.
However, when the StandaloneMmCore is loaded the function
UpdateMmFoundationPeCoffPermissions() starts applying the
memory permissions based on the PE COFF sections as below:
A. If the section is not executable, it first removes the
executable permission of the section by calling TextUpdate().
TextUpdate() is the StandaloneMM MMU library function
ArmSetMemoryRegionNoExec().
B. It then checks if the section is writable, and if it is
it calls ReadWriteUpdater(), which invokes the StandaloneMM
MMU library function ArmClearMemoryRegionReadOnly() to make
the section writable.
However, this results in the stack being made read-only
between A and B. To understand this please see the following
flow.
1. TF-A sets the entire StandaloneMM region as Read Only.
2. The stack is reserved in the data section by the early
assembly entry point code.
+--------------------+ <--- Start of Data Section
| |
| Data Section |
| |
| +----------------+ | <--- Stack region
| | Stack | |
| +----------------+ |
| |
+--------------------+
3. The StanaloneMM early entry point code updates the
attributes of the stack to Read Write.
4. When UpdateMmFoundationPeCoffPermissions() sets the
permission of the data section to remove the Execute
attribute, it calls ArmSetMemoryRegionNoExec().
5. The ArmSetMemoryRegionNoExec() implementation gets the
attributes of the first granule which is at the start
of the data section, then clears the execute permission
and applies the attribute for the entire data section.
6. Since TF-A has mapped the entire section as read only
the first granule of the data section is read only and
therefore the stack region attributes are changed to
Read Only no execute.
7. Since the stack is read only after point A any updates
to the stack result in an exception.
To resolve this issue with update the library with FF-A v1.2,
get/set memory permission per page unit.
Links: https://developer.arm.com/documentation/den0140/latest/ [0]
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Add ArmFfaLib used in StandaloneMmCore/StandaloneMm Driver.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
PcdFfaEnabled is no more used because ArmFfaLib could find whether FF-A
is supported dynamically.
This patch removes usage of PcdFfaEnabled.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
To communicate with spmc or spmd, UEFI needs to map the Rx/Tx buffer
(which is a global resource in a partition)
by getting the required information from the partition descriptor.
for this, Define ArmFfaLib related Pcd and Guid.
Pcd:
- PcdFfaLibConduitSmc
conudit to use ArmFfaLib.
- PcdFfaTxBufeer
address of Tx buffer.
- PcdFfaRxBuffer:
address of Rx buffer.
- PcdTxRxPageCount:
specify buffer size with EFI_PAGE_SIZE unit.
- PcdFfaExitBootEventRegistered:
check exit boot event registered to unmap rx/tx buffer.
Guid:
- gArmFfaRxTxBufferInfoGuid:
This is used in Hob to get Rx/Tx buffer information to pass
Rx/Tx buffer information via HobList if Rx/Tx Buffer mapped in
PEI phase.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Partition descriptor is used to get partition information via
FFA_PARTITION_INFO_GET or FFA_PARTITION_INFO_GET_REGS FF-A ABI.
Adds defines for partition descriptor and some macros used to call above
ABIs.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
ArmFfaBootInfo.h contains boot information used in FF-A [0].
This boot information will be used to
initalize firmware (i.e) StandaloneMm.
Links: https://developer.arm.com/documentation/den0077/latest/ [0]
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
To remove hob creation in StandaloneMm entrypoint,
TF-A should pass PHIT hob information to StandaloneMm.
When it passes PHIT hob, it passes according to
firmware handoff specification[0].
This patch applies boot protocol using transfer list with firmware
handoff specification and remove hob creation in StandaloneMm
entrypoint.
Link: https://github.com/FirmwareHandoff/firmware_handoff [0]
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Introduce a new helper function SpmMmStatusToEfiStatus() to convert
the SPM_MM status values to EFI_STATUS values.
Signed-off-by: Levi yun <yeoreum.yun@arm.com>
Change naming convention in ArmMmSvc.h with
MM to SPM_MM
This would make it clear to discern ABI protocol used to communicate
with secure partition.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
By using transfer list passed by TF-A,
StandaloneMmCore is no more producer of HOBs, But it is consumer.
So, the Arm-specific implementation of StandaloneMmCoreHobLib
is no longer needed.
This change removes the Arm-specific HOB creation code and
integrates the necessary adjustments.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
ArmTransferList is used to pass boot information according to
firmware handoff protocol specification [0].
When initializing StandaloneMm, it gets boot information from
the PHIT HOB in the TransferList.
[0] https://github.com/FirmwareHandoff/firmware_handoff
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
This patch introduces a PI_MM_CPU_DRIVER_EP protocol to handle
Mmcommunication request based on the CPU driver.
Previously the CPU driver entry point was retrieved using the
gEfiArmTfCpuDriverEntryPoint HOB.
However, this practice is incorrect as StandaloneMM must be a HOB
consumer and not a HOB producer.
Therefore, remove the CPU entry HOB gEfiArmTfCpuDriverEntryPoint,
and replace it with the CPU driver entry protocol
EDKII_PI_MM_CPU_DRIVER_EP_PROTOCOL.
The EDKII_PI_MM_CPU_DRIVER_EP_PROTOCOL installed in
StandaloneMmCpuInitialize() will be used by the code in
Arm/StandaloneMmCoreEntryPoint.
This protocol is used like below:
+=====+
|StandaloneMmCore|
+=====+
|
CEntryPoint()
===================
|
ProcessModuleEntryPointList()
|
+--> StandaloneMmMain()
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| // Load StandaloneMmCpu driver which implements
| // CpuDriverEntryPoint used by DelegatedEventLoop().
| // and install the gEdkiiPiMmCpuDriverEpProtocolGuid.
--------------
|
... // Get CpuDriverEntryPoint implemented by
// StandaloneMmCpu driver with gEdkiiPiMmCpuDriverEpProtocolGuid
|
DelegatedEventLoop() // Handle request by delegating it to
// CpuDriverEntryPoint.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Communication with Stmm can be via SPM using MM or FF-A.
However, some return values differ between these
communication models.
This patch adds helper functions to covert the return
values based on the communication model.
It also fixes an issue when using the SPM using MM model,
wherein an error code value of -7 was being returned when
an unknown error occurred. The -7 value is not defined in
SPM using MM. Therefore, return an UNSUPPORTED code instead.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
SnpDxe registers for an ExitBootServices callback and runs the
PXE_OPCODE_SHUTDOWN and PXE_OPCODE_STOP commands for any network
controllers that the driver is attached to.
Register the SnpDxe callback for gEfiEventBeforeExitBootServicesGuid
instead of gEfiEventExitBootServicesGuid to ensure the correct ordering:
1. ExitBootServices event
2. Network card shutdown sequence is completed
Also, close the event to prevent rerunning the shutdown if multiple
ExitBootServices events need to be called by the OS.
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
Per RFC 1350, TFTP error packets include 2 byte OpCode and ErrorCode
fields in network byte order. Those need to be swapped to host order to
be interpreted correctly. Without this change, the TftpErrorReceived and
TftpError Mode fields are never set and EFI applications can't inspect
the error received from the TFTP server.
Signed-off-by: Dan Nicholson <dbn@endlessos.org>
While fixing https://github.com/tianocore/edk2/pull/6092 (the
fact that some OvmfPkg and ArmVirtPkg platforms included residual
NetworkPkg components even when compiled with -D NETWORK_ENABLE=0),
it was noted that OvmfPkg/Include/*/Shell*.inc files which apply
the required fix logic are available and already used in some
OvmfPkg platforms.
A previous commit applied these files consistently within OvmfPkg.
This commit applies these files within ArmVirtPkg.
This has the side effect that some platforms now include one or
more of HttpDynamicCommand, VariablePolicyDynamicCommand and
LinuxInitrdDynamicShellCommand when they previously did not.
This fixes unintentional drift between platforms, and provides
additional shell commands which may be useful in some cases.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
While fixing https://github.com/tianocore/edk2/pull/6092 (the
fact that some OvmfPkg and ArmVirtPkg platforms included residual
NetworkPkg components even when compiled with -D NETWORK_ENABLE=0),
it was noted that OvmfPkg/Include/*/Shell*.inc files which apply
the required fix logic are available and already used in some
OvmfPkg platforms.
This commit applies these files consistently within OvmfPkg.
This has the side effect that some platforms now include one or
more of HttpDynamicCommand, VariablePolicyDynamicCommand and
LinuxInitrdDynamicShellCommand when they previously did not.
This fixes unintentional drift between platforms, and provides
additional shell commands which may be useful in some cases.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
Place the EFI shell as EFI/BOOT/BOOT{ARCH}.EFI on the virtual drive.
This allows the "Run to shell" CI test case to work even in case the
shell is not included in the firmware image.
This is needed because a follow up patch will exclude the shell from
secure boot enabled firmware images.
The same update was previously applied to OvmfPkg by
6862b9d538.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
This issue showed up when addressing
https://bugzilla.tianocore.org/show_bug.cgi?id=4829
in https://github.com/tianocore/edk2/pull/6087 .
Various OvmfPkg and ArmVirtPkg platforms include some residual NetworkPkg
components when compiled with -D NETWORK_ENABLE=0, even though they use
NetworkPkg includes intended to allow all NetworkPkg components to be
disabled on this flag.
For the OvmfPkg Intel platforms only, commit
d933ec115b started
the change of not including these residual NetworkPkg
components, and commit
7f17a15564 completed it.
This commit rolls these changes out to the ArmVirtPkg platforms where
they make sense in the same way.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
This issue showed up when addressing
https://bugzilla.tianocore.org/show_bug.cgi?id=4829
in https://github.com/tianocore/edk2/pull/6087 .
Various OvmfPkg and ArmVirtPkg platforms include some residual NetworkPkg
components when compiled with -D NETWORK_ENABLE=0, even though they use
NetworkPkg includes intended to allow all NetworkPkg components to be
disabled on this flag.
For the OvmfPkg Intel platforms only, commit
d933ec115b started
the change of not including these residual NetworkPkg
components, and commit
7f17a15564 completed it.
This commit rolls these changes out to the remaining OvmfPkg platforms
where they make sense in the same way.
Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
Add a new gFspSmmBootLoaderFvContextHobGuid in IntelFsp2Pkg.dec.
The FSP SMM bootloader FV context HOB provides a mechanism for
the bootloader to provide platform specific configuration data
to platform specific SMM drivers.
Signed-off-by: Dun Tan <dun.tan@intel.com>
The clang compiler generates the following error
error: use of 'static_assert' without inclusion of <assert.h>
This is due to the use of the MSC Extension static_assert.
Use _Static_assert instead for clang and GNUC compilers.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Makes changes to comply with alerts raised by CodeQL.
Most of the issues here fall into the following two categories:
1. Potential use of uninitialized pointer.
2. Inconsistent integer width in comparison.
Co-authored-by: Taylor Beebe <taylor.d.beebe@gmail.com>
Co-authored-by: Ken Lautner <kenlautner3@gmail.com>
Co-authored-by: Bret Barkelew <bret@corthon.com>
Signed-off-by: Vineel Kovvuri[MSFT] <vineelko@microsoft.com>
Since commit d64d1e195c ("MdeModulePkg: PeiMain: Introduce
implementation of delayed dispatch") the pei core wants read PCDs, so
the NULL lib doesn't cut it any more.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
When running the /wholearchive test build, generate the test .dll as a
different filename to prevent the system holding onto the dll file too
long and generating a build error that the actual dll cannot be found.
Remove the temporary file after it was generated because the successful
completion of the link command is the test case.
Signed-off-by: Aaron Pop <aaronpop@microsoft.com>
For bootup of VMs with multiple accelerators, these logging instructions
flood the logs for a good 30 seconds.
Originally found by Gary Zibrat.
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
Ard Biesheuvel
Levi Yun
Nickle Wang
joe
Dan Nicholson
Mike Beaton
Michael Kubacki
Dun Tan
Michael D Kinney
Vineel Kovvuri[MSFT]
Gerd Hoffmann
Aaron Pop
Dionna Glaze
Praveen K Paladugu