The StandaloneMm implementation for Arm sets up the stack in
the early startup code using the data section reserved in the
assembly code.
When TF-A loads the StandaloneMM binary in the DRAM it maps
the entire StandaloneMM memory region as Read Only.
Therefore, the initial startup assembly code updates the mem
permissions of the stack region to Read Write.
However, when the StandaloneMmCore is loaded the function
UpdateMmFoundationPeCoffPermissions() starts applying the
memory permissions based on the PE COFF sections as below:
A. If the section is not executable, it first removes the
executable permission of the section by calling TextUpdate().
TextUpdate() is the StandaloneMM MMU library function
ArmSetMemoryRegionNoExec().
B. It then checks if the section is writable, and if it is
it calls ReadWriteUpdater(), which invokes the StandaloneMM
MMU library function ArmClearMemoryRegionReadOnly() to make
the section writable.
However, this results in the stack being made read-only
between A and B. To understand this please see the following
flow.
1. TF-A sets the entire StandaloneMM region as Read Only.
2. The stack is reserved in the data section by the early
assembly entry point code.
+--------------------+ <--- Start of Data Section
| |
| Data Section |
| |
| +----------------+ | <--- Stack region
| | Stack | |
| +----------------+ |
| |
+--------------------+
3. The StanaloneMM early entry point code updates the
attributes of the stack to Read Write.
4. When UpdateMmFoundationPeCoffPermissions() sets the
permission of the data section to remove the Execute
attribute, it calls ArmSetMemoryRegionNoExec().
5. The ArmSetMemoryRegionNoExec() implementation gets the
attributes of the first granule which is at the start
of the data section, then clears the execute permission
and applies the attribute for the entire data section.
6. Since TF-A has mapped the entire section as read only
the first granule of the data section is read only and
therefore the stack region attributes are changed to
Read Only no execute.
7. Since the stack is read only after point A any updates
to the stack result in an exception.
To resolve this issue with update the library with FF-A v1.2,
get/set memory permission per page unit.
Links: https://developer.arm.com/documentation/den0140/latest/ [0]
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
PcdFfaEnabled is no more used because ArmFfaLib could find whether FF-A
is supported dynamically.
This patch removes usage of PcdFfaEnabled.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Changes in ArmPkg to prepare building StandaloneMm firmware for
32bit Arm architectures.
Adds ArmmmuStandaloneMmLib library to the list of the standard
components build for ArmPkg on when ARM architectures.
Changes path of source file AArch64/ArmMmuStandaloneMmLib.c
and compile it for both 32bit and 64bit architectures.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
This patch fixes the following Ecc reported error:
Module file has FILE_GUID collision with other
module file
The two .inf files with clashing GUID are:
ArmPkg/Library/ArmMmuLib/ArmMmuBaseLib.inf
ArmPkg/Library/StandaloneMmMmuLib/ArmMmuStandaloneMmLib.inf
As ArmMmuBaseLib.inf is older than ArmMmuStandaloneMmLib.inf,
it has precedence.
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Allow getting memory region's permissions using either of the Firmware
Framework(FF-A) ABI transport or through the earlier used SVC calls.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Co-developed-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
While this isn't the only Aarch64 directory in the tree, let's
keep from adding more of them.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
The Standalone MM environment runs in S-EL0 in AArch64 on ARM Standard
Platforms. Privileged firmware e.g. ARM Trusted Firmware sets up its
architectural context including the initial translation tables for the
S-EL1/EL0 translation regime. The MM environment will still request ARM
TF to change the memory attributes of memory regions during
initialization.
The Standalone MM image is a FV that encapsulates the MM foundation
and drivers. These are PE-COFF images with data and text segments.
To initialise the MM environment, Arm Trusted Firmware has to create
translation tables with sane default attributes for the memory
occupied by the FV. This library sends SVCs to ARM Trusted Firmware
to request memory permissions change for data and text segments.
This patch adds a simple MMU library suitable for execution in S-EL0 and
requesting memory permissions change operations from Arm Trusted Firmware.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Levi Yun
Etienne Carriere
Pierre Gondois
Achin Gupta
Michael D Kinney
Leif Lindholm