--- /dev/null
+/** @file\r
+ Entry point to the Standalone MM Foundation when initialized during the SEC\r
+ phase on ARM platforms\r
+\r
+Copyright (c) 2017 - 2021, Arm Ltd. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
+\r
+**/\r
+\r
+\r
+#include <PiMm.h>\r
+\r
+#include <Library/Arm/StandaloneMmCoreEntryPoint.h>\r
+\r
+#include <PiPei.h>\r
+#include <Guid/MmramMemoryReserve.h>\r
+#include <Guid/MpInformation.h>\r
+\r
+#include <Library/ArmMmuLib.h>\r
+#include <Library/ArmSvcLib.h>\r
+#include <Library/DebugLib.h>\r
+#include <Library/HobLib.h>\r
+#include <Library/BaseLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/SerialPortLib.h>\r
+#include <Library/PcdLib.h>\r
+\r
+#include <IndustryStandard/ArmStdSmc.h>\r
+#include <IndustryStandard/ArmMmSvc.h>\r
+#include <IndustryStandard/ArmFfaSvc.h>\r
+\r
+#define SPM_MAJOR_VER_MASK 0xFFFF0000\r
+#define SPM_MINOR_VER_MASK 0x0000FFFF\r
+#define SPM_MAJOR_VER_SHIFT 16\r
+#define FFA_NOT_SUPPORTED -1\r
+\r
+STATIC CONST UINT32 mSpmMajorVer = SPM_MAJOR_VERSION;\r
+STATIC CONST UINT32 mSpmMinorVer = SPM_MINOR_VERSION;\r
+\r
+STATIC CONST UINT32 mSpmMajorVerFfa = SPM_MAJOR_VERSION_FFA;\r
+STATIC CONST UINT32 mSpmMinorVerFfa = SPM_MINOR_VERSION_FFA;\r
+\r
+#define BOOT_PAYLOAD_VERSION 1\r
+\r
+PI_MM_ARM_TF_CPU_DRIVER_ENTRYPOINT CpuDriverEntryPoint = NULL;\r
+\r
+/**\r
+ Retrieve a pointer to and print the boot information passed by privileged\r
+ secure firmware.\r
+\r
+ @param [in] SharedBufAddress The pointer memory shared with privileged\r
+ firmware.\r
+\r
+**/\r
+EFI_SECURE_PARTITION_BOOT_INFO *\r
+GetAndPrintBootinformation (\r
+ IN VOID *SharedBufAddress\r
+)\r
+{\r
+ EFI_SECURE_PARTITION_BOOT_INFO *PayloadBootInfo;\r
+ EFI_SECURE_PARTITION_CPU_INFO *PayloadCpuInfo;\r
+ UINTN Index;\r
+\r
+ PayloadBootInfo = (EFI_SECURE_PARTITION_BOOT_INFO *) SharedBufAddress;\r
+\r
+ if (PayloadBootInfo == NULL) {\r
+ DEBUG ((DEBUG_ERROR, "PayloadBootInfo NULL\n"));\r
+ return NULL;\r
+ }\r
+\r
+ if (PayloadBootInfo->Header.Version != BOOT_PAYLOAD_VERSION) {\r
+ DEBUG ((DEBUG_ERROR, "Boot Information Version Mismatch. Current=0x%x, Expected=0x%x.\n",\r
+ PayloadBootInfo->Header.Version, BOOT_PAYLOAD_VERSION));\r
+ return NULL;\r
+ }\r
+\r
+ DEBUG ((DEBUG_INFO, "NumSpMemRegions - 0x%x\n", PayloadBootInfo->NumSpMemRegions));\r
+ DEBUG ((DEBUG_INFO, "SpMemBase - 0x%lx\n", PayloadBootInfo->SpMemBase));\r
+ DEBUG ((DEBUG_INFO, "SpMemLimit - 0x%lx\n", PayloadBootInfo->SpMemLimit));\r
+ DEBUG ((DEBUG_INFO, "SpImageBase - 0x%lx\n", PayloadBootInfo->SpImageBase));\r
+ DEBUG ((DEBUG_INFO, "SpStackBase - 0x%lx\n", PayloadBootInfo->SpStackBase));\r
+ DEBUG ((DEBUG_INFO, "SpHeapBase - 0x%lx\n", PayloadBootInfo->SpHeapBase));\r
+ DEBUG ((DEBUG_INFO, "SpNsCommBufBase - 0x%lx\n", PayloadBootInfo->SpNsCommBufBase));\r
+ DEBUG ((DEBUG_INFO, "SpSharedBufBase - 0x%lx\n", PayloadBootInfo->SpSharedBufBase));\r
+\r
+ DEBUG ((DEBUG_INFO, "SpImageSize - 0x%x\n", PayloadBootInfo->SpImageSize));\r
+ DEBUG ((DEBUG_INFO, "SpPcpuStackSize - 0x%x\n", PayloadBootInfo->SpPcpuStackSize));\r
+ DEBUG ((DEBUG_INFO, "SpHeapSize - 0x%x\n", PayloadBootInfo->SpHeapSize));\r
+ DEBUG ((DEBUG_INFO, "SpNsCommBufSize - 0x%x\n", PayloadBootInfo->SpNsCommBufSize));\r
+ DEBUG ((DEBUG_INFO, "SpPcpuSharedBufSize - 0x%x\n", PayloadBootInfo->SpPcpuSharedBufSize));\r
+\r
+ DEBUG ((DEBUG_INFO, "NumCpus - 0x%x\n", PayloadBootInfo->NumCpus));\r
+ DEBUG ((DEBUG_INFO, "CpuInfo - 0x%p\n", PayloadBootInfo->CpuInfo));\r
+\r
+ PayloadCpuInfo = (EFI_SECURE_PARTITION_CPU_INFO *) PayloadBootInfo->CpuInfo;\r
+\r
+ if (PayloadCpuInfo == NULL) {\r
+ DEBUG ((DEBUG_ERROR, "PayloadCpuInfo NULL\n"));\r
+ return NULL;\r
+ }\r
+\r
+ for (Index = 0; Index < PayloadBootInfo->NumCpus; Index++) {\r
+ DEBUG ((DEBUG_INFO, "Mpidr - 0x%lx\n", PayloadCpuInfo[Index].Mpidr));\r
+ DEBUG ((DEBUG_INFO, "LinearId - 0x%x\n", PayloadCpuInfo[Index].LinearId));\r
+ DEBUG ((DEBUG_INFO, "Flags - 0x%x\n", PayloadCpuInfo[Index].Flags));\r
+ }\r
+\r
+ return PayloadBootInfo;\r
+}\r
+\r
+/**\r
+ A loop to delegated events.\r
+\r
+ @param [in] EventCompleteSvcArgs Pointer to the event completion arguments.\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+DelegatedEventLoop (\r
+ IN ARM_SVC_ARGS *EventCompleteSvcArgs\r
+ )\r
+{\r
+ BOOLEAN FfaEnabled;\r
+ EFI_STATUS Status;\r
+ UINTN SvcStatus;\r
+\r
+ while (TRUE) {\r
+ ArmCallSvc (EventCompleteSvcArgs);\r
+\r
+ DEBUG ((DEBUG_INFO, "Received delegated event\n"));\r
+ DEBUG ((DEBUG_INFO, "X0 : 0x%x\n", (UINT32) EventCompleteSvcArgs->Arg0));\r
+ DEBUG ((DEBUG_INFO, "X1 : 0x%x\n", (UINT32) EventCompleteSvcArgs->Arg1));\r
+ DEBUG ((DEBUG_INFO, "X2 : 0x%x\n", (UINT32) EventCompleteSvcArgs->Arg2));\r
+ DEBUG ((DEBUG_INFO, "X3 : 0x%x\n", (UINT32) EventCompleteSvcArgs->Arg3));\r
+ DEBUG ((DEBUG_INFO, "X4 : 0x%x\n", (UINT32) EventCompleteSvcArgs->Arg4));\r
+ DEBUG ((DEBUG_INFO, "X5 : 0x%x\n", (UINT32) EventCompleteSvcArgs->Arg5));\r
+ DEBUG ((DEBUG_INFO, "X6 : 0x%x\n", (UINT32) EventCompleteSvcArgs->Arg6));\r
+ DEBUG ((DEBUG_INFO, "X7 : 0x%x\n", (UINT32) EventCompleteSvcArgs->Arg7));\r
+\r
+ FfaEnabled = FeaturePcdGet (PcdFfaEnable);\r
+ if (FfaEnabled) {\r
+ Status = CpuDriverEntryPoint (\r
+ EventCompleteSvcArgs->Arg0,\r
+ EventCompleteSvcArgs->Arg6,\r
+ EventCompleteSvcArgs->Arg3\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Failed delegated event 0x%x, Status 0x%x\n",\r
+ EventCompleteSvcArgs->Arg3, Status));\r
+ }\r
+ } else {\r
+ Status = CpuDriverEntryPoint (\r
+ EventCompleteSvcArgs->Arg0,\r
+ EventCompleteSvcArgs->Arg3,\r
+ EventCompleteSvcArgs->Arg1\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Failed delegated event 0x%x, Status 0x%x\n",\r
+ EventCompleteSvcArgs->Arg0, Status));\r
+ }\r
+ }\r
+\r
+ switch (Status) {\r
+ case EFI_SUCCESS:\r
+ SvcStatus = ARM_SVC_SPM_RET_SUCCESS;\r
+ break;\r
+ case EFI_INVALID_PARAMETER:\r
+ SvcStatus = ARM_SVC_SPM_RET_INVALID_PARAMS;\r
+ break;\r
+ case EFI_ACCESS_DENIED:\r
+ SvcStatus = ARM_SVC_SPM_RET_DENIED;\r
+ break;\r
+ case EFI_OUT_OF_RESOURCES:\r
+ SvcStatus = ARM_SVC_SPM_RET_NO_MEMORY;\r
+ break;\r
+ case EFI_UNSUPPORTED:\r
+ SvcStatus = ARM_SVC_SPM_RET_NOT_SUPPORTED;\r
+ break;\r
+ default:\r
+ SvcStatus = ARM_SVC_SPM_RET_NOT_SUPPORTED;\r
+ break;\r
+ }\r
+\r
+ if (FfaEnabled) {\r
+ EventCompleteSvcArgs->Arg0 = ARM_SVC_ID_FFA_MSG_SEND_DIRECT_RESP;\r
+ EventCompleteSvcArgs->Arg1 = 0;\r
+ EventCompleteSvcArgs->Arg2 = 0;\r
+ EventCompleteSvcArgs->Arg3 = ARM_SVC_ID_SP_EVENT_COMPLETE;\r
+ EventCompleteSvcArgs->Arg4 = SvcStatus;\r
+ } else {\r
+ EventCompleteSvcArgs->Arg0 = ARM_SVC_ID_SP_EVENT_COMPLETE;\r
+ EventCompleteSvcArgs->Arg1 = SvcStatus;\r
+ }\r
+ }\r
+}\r
+\r
+/**\r
+ Query the SPM version, check compatibility and return success if compatible.\r
+\r
+ @retval EFI_SUCCESS SPM versions compatible.\r
+ @retval EFI_UNSUPPORTED SPM versions not compatible.\r
+**/\r
+STATIC\r
+EFI_STATUS\r
+GetSpmVersion (VOID)\r
+{\r
+ EFI_STATUS Status;\r
+ UINT16 CalleeSpmMajorVer;\r
+ UINT16 CallerSpmMajorVer;\r
+ UINT16 CalleeSpmMinorVer;\r
+ UINT16 CallerSpmMinorVer;\r
+ UINT32 SpmVersion;\r
+ ARM_SVC_ARGS SpmVersionArgs;\r
+\r
+ if (FeaturePcdGet (PcdFfaEnable)) {\r
+ SpmVersionArgs.Arg0 = ARM_SVC_ID_FFA_VERSION_AARCH32;\r
+ SpmVersionArgs.Arg1 = mSpmMajorVerFfa << SPM_MAJOR_VER_SHIFT;\r
+ SpmVersionArgs.Arg1 |= mSpmMinorVerFfa;\r
+ CallerSpmMajorVer = mSpmMajorVerFfa;\r
+ CallerSpmMinorVer = mSpmMinorVerFfa;\r
+ } else {\r
+ SpmVersionArgs.Arg0 = ARM_SVC_ID_SPM_VERSION_AARCH32;\r
+ CallerSpmMajorVer = mSpmMajorVer;\r
+ CallerSpmMinorVer = mSpmMinorVer;\r
+ }\r
+\r
+ ArmCallSvc (&SpmVersionArgs);\r
+\r
+ SpmVersion = SpmVersionArgs.Arg0;\r
+ if (SpmVersion == FFA_NOT_SUPPORTED) {\r
+ return EFI_UNSUPPORTED;\r
+ }\r
+\r
+ CalleeSpmMajorVer = ((SpmVersion & SPM_MAJOR_VER_MASK) >> SPM_MAJOR_VER_SHIFT);\r
+ CalleeSpmMinorVer = ((SpmVersion & SPM_MINOR_VER_MASK) >> 0);\r
+\r
+ // Different major revision values indicate possibly incompatible functions.\r
+ // For two revisions, A and B, for which the major revision values are\r
+ // identical, if the minor revision value of revision B is greater than\r
+ // the minor revision value of revision A, then every function in\r
+ // revision A must work in a compatible way with revision B.\r
+ // However, it is possible for revision B to have a higher\r
+ // function count than revision A.\r
+ if ((CalleeSpmMajorVer == CallerSpmMajorVer) &&\r
+ (CalleeSpmMinorVer >= CallerSpmMinorVer))\r
+ {\r
+ DEBUG ((DEBUG_INFO, "SPM Version: Major=0x%x, Minor=0x%x\n",\r
+ CalleeSpmMajorVer, CalleeSpmMinorVer));\r
+ Status = EFI_SUCCESS;\r
+ }\r
+ else\r
+ {\r
+ DEBUG ((DEBUG_INFO, "Incompatible SPM Versions.\n Callee Version: Major=0x%x, Minor=0x%x.\n Caller: Major=0x%x, Minor>=0x%x.\n",\r
+ CalleeSpmMajorVer, CalleeSpmMinorVer, CallerSpmMajorVer, CallerSpmMinorVer));\r
+ Status = EFI_UNSUPPORTED;\r
+ }\r
+\r
+ return Status;\r
+}\r
+\r
+/**\r
+ Initialize parameters to be sent via SVC call.\r
+\r
+ @param[out] InitMmFoundationSvcArgs Args structure\r
+ @param[out] Ret Return Code\r
+\r
+**/\r
+STATIC\r
+VOID\r
+InitArmSvcArgs (\r
+ OUT ARM_SVC_ARGS *InitMmFoundationSvcArgs,\r
+ OUT INT32 *Ret\r
+ )\r
+{\r
+ if (FeaturePcdGet (PcdFfaEnable)) {\r
+ InitMmFoundationSvcArgs->Arg0 = ARM_SVC_ID_FFA_MSG_SEND_DIRECT_RESP;\r
+ InitMmFoundationSvcArgs->Arg1 = 0;\r
+ InitMmFoundationSvcArgs->Arg2 = 0;\r
+ InitMmFoundationSvcArgs->Arg3 = ARM_SVC_ID_SP_EVENT_COMPLETE;\r
+ InitMmFoundationSvcArgs->Arg4 = *Ret;\r
+ } else {\r
+ InitMmFoundationSvcArgs->Arg0 = ARM_SVC_ID_SP_EVENT_COMPLETE;\r
+ InitMmFoundationSvcArgs->Arg1 = *Ret;\r
+ }\r
+}\r
+\r
+/**\r
+ The entry point of Standalone MM Foundation.\r
+\r
+ @param [in] SharedBufAddress Pointer to the Buffer between SPM and SP.\r
+ @param [in] SharedBufSize Size of the shared buffer.\r
+ @param [in] cookie1 Cookie 1\r
+ @param [in] cookie2 Cookie 2\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+_ModuleEntryPoint (\r
+ IN VOID *SharedBufAddress,\r
+ IN UINT64 SharedBufSize,\r
+ IN UINT64 cookie1,\r
+ IN UINT64 cookie2\r
+ )\r
+{\r
+ PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;\r
+ EFI_SECURE_PARTITION_BOOT_INFO *PayloadBootInfo;\r
+ ARM_SVC_ARGS InitMmFoundationSvcArgs;\r
+ EFI_STATUS Status;\r
+ INT32 Ret;\r
+ UINT32 SectionHeaderOffset;\r
+ UINT16 NumberOfSections;\r
+ VOID *HobStart;\r
+ VOID *TeData;\r
+ UINTN TeDataSize;\r
+ EFI_PHYSICAL_ADDRESS ImageBase;\r
+\r
+ // Get Secure Partition Manager Version Information\r
+ Status = GetSpmVersion ();\r
+ if (EFI_ERROR (Status)) {\r
+ goto finish;\r
+ }\r
+\r
+ PayloadBootInfo = GetAndPrintBootinformation (SharedBufAddress);\r
+ if (PayloadBootInfo == NULL) {\r
+ Status = EFI_UNSUPPORTED;\r
+ goto finish;\r
+ }\r
+\r
+ // Locate PE/COFF File information for the Standalone MM core module\r
+ Status = LocateStandaloneMmCorePeCoffData (\r
+ (EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PayloadBootInfo->SpImageBase,\r
+ &TeData,\r
+ &TeDataSize\r
+ );\r
+\r
+ if (EFI_ERROR (Status)) {\r
+ goto finish;\r
+ }\r
+\r
+ // Obtain the PE/COFF Section information for the Standalone MM core module\r
+ Status = GetStandaloneMmCorePeCoffSections (\r
+ TeData,\r
+ &ImageContext,\r
+ &ImageBase,\r
+ &SectionHeaderOffset,\r
+ &NumberOfSections\r
+ );\r
+\r
+ if (EFI_ERROR (Status)) {\r
+ goto finish;\r
+ }\r
+\r
+ //\r
+ // ImageBase may deviate from ImageContext.ImageAddress if we are dealing\r
+ // with a TE image, in which case the latter points to the actual offset\r
+ // of the image, whereas ImageBase refers to the address where the image\r
+ // would start if the stripped PE headers were still in place. In either\r
+ // case, we need to fix up ImageBase so it refers to the actual current\r
+ // load address.\r
+ //\r
+ ImageBase += (UINTN)TeData - ImageContext.ImageAddress;\r
+\r
+ // Update the memory access permissions of individual sections in the\r
+ // Standalone MM core module\r
+ Status = UpdateMmFoundationPeCoffPermissions (\r
+ &ImageContext,\r
+ ImageBase,\r
+ SectionHeaderOffset,\r
+ NumberOfSections,\r
+ ArmSetMemoryRegionNoExec,\r
+ ArmSetMemoryRegionReadOnly,\r
+ ArmClearMemoryRegionReadOnly\r
+ );\r
+\r
+ if (EFI_ERROR (Status)) {\r
+ goto finish;\r
+ }\r
+\r
+ if (ImageContext.ImageAddress != (UINTN)TeData) {\r
+ ImageContext.ImageAddress = (UINTN)TeData;\r
+ ArmSetMemoryRegionNoExec (ImageBase, SIZE_4KB);\r
+ ArmClearMemoryRegionReadOnly (ImageBase, SIZE_4KB);\r
+\r
+ Status = PeCoffLoaderRelocateImage (&ImageContext);\r
+ ASSERT_EFI_ERROR (Status);\r
+ }\r
+\r
+ //\r
+ // Create Hoblist based upon boot information passed by privileged software\r
+ //\r
+ HobStart = CreateHobListFromBootInfo (&CpuDriverEntryPoint, PayloadBootInfo);\r
+\r
+ //\r
+ // Call the MM Core entry point\r
+ //\r
+ ProcessModuleEntryPointList (HobStart);\r
+\r
+ DEBUG ((DEBUG_INFO, "Shared Cpu Driver EP %p\n", (VOID *) CpuDriverEntryPoint));\r
+\r
+finish:\r
+ if (Status == RETURN_UNSUPPORTED) {\r
+ Ret = -1;\r
+ } else if (Status == RETURN_INVALID_PARAMETER) {\r
+ Ret = -2;\r
+ } else if (Status == EFI_NOT_FOUND) {\r
+ Ret = -7;\r
+ } else {\r
+ Ret = 0;\r
+ }\r
+ ZeroMem (&InitMmFoundationSvcArgs, sizeof(InitMmFoundationSvcArgs));\r
+ InitArmSvcArgs (&InitMmFoundationSvcArgs, &Ret);\r
+ DelegatedEventLoop (&InitMmFoundationSvcArgs);\r
+}\r