| Age | Commit message (Collapse) | Author |
|---|
|
Change-Id: I1c90856346941df4f49811755991c9a0683ce6b2
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Service ID #42 is not recognized by Cactus (it used to be in a
previous version of the code) so the test fails.
Introduce a new service ID (#2) that just makes Cactus return
success. This service may be used to simply check the communication
channel between a client and Cactus.
Use this new service ID from TFTF instead of ID #42.
Note that using this new service over the existing "sleep" service has
2 advantages:
- It speeds up the tests. The timer service is mostly useful for
testing the interrupt routing model but there's no point using it
in the MM_COMMUNICATE tests.
- It may be concurrently called from different CPUs. This is not the
case of the "sleep" service, which involves a shared buffer.
Change-Id: Ifa4391b69314845066912777b1db03ab78239547
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
|
|
Return SPM_INVALID_PARAMETER when Cactus receives an unknown service
ID in the payload of an MM_COMMUNICATE call. Previously, it was just
printing a message and returning success.
Change-Id: I0c892f5ff2d3e7637f2fc98476211369fab67881
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
|
|
The goal is to easily build a version of Cactus that speaks the
MM_COMMUNICATE legacy language, without interfering with the new
SPCI/SPRT interfaces.
This patch introduces the notion of "profile" for Cactus. For now, the
only profile is "legacy". In a subsequent patch we will introduce a
profile for SPCI/SPRT. Profiles are specified on the command line when
building Cactus, e.g.:
> make CACTUS_PROFILE=legacy cactus
The initialisation code is shared amongst all profiles but then each
profile is supposed to provide its own version of the
secure_services_loop() function, which is called from cactus_main().
The profile name is printed in the version string at boot time.
The cactus_sleep() function has been moved to the cactus_helpers.c
file because it will be shared amongst the legacy and SPCI/SPRT
profiles.
Change-Id: Iab1d0ec972f9bd5b818eec6eed131fd0ea328c51
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
|
|
This patch introduces a new test in TFTF that checks that a non-secure
interrupt (in this case, a non-secure timer interrupt) cannot
interrupt a fast secure service request handled in a secure partition
(in this case, Cactus).
Change-Id: Iaf9d1a5afde9e1211a37eb60a23f25515bf48990
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
|
|
Add support for the first fast secure service in Cactus: the timer
sleep secure service, which allows a caller to request Cactus to
sleep for a certain amount of time.
Change-Id: I85263d33ca570ef08ecc51164ba89d288d1a2cbc
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
|
|
The MM_COMMUNICATE SMC interface supports passing a communication
buffer for additional payload data from normal world to the secure
partition. This commit adds support to use it.
On the TFTF side, the memory mappings have been changed to map this
memory buffer area. This allows TFTF tests to fill in this buffer to
pass data associated to secure service requests. The number of
translation tables had to be increased to map this new memory region.
On Cactus' side, the secure services loop has been modified to read
the communication buffer for MM_COMMUNICATE messages.
A common data structure has been defined, that corresponds to the
type of information that TFTF and Cactus will exchange through
MM_COMMUNICATE messages. The structure might evolve in the future
as we get a better idea of the kind of data that need to be passed
for secure services requests.
The existing MM_COMMUNICATE tests in TFTF have been modified to
pass a valid communication buffer address with a dummy ID.
Change-Id: I2df80a3e64f77eb229783802201a01008d3f9c2f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
|
|
Rename SP_VERSION macros to MM_VERSION, which is the name used in the MM
specification [1]. Also, a few more helper macros have been added.
MM-specific definitions have been moved to their own header file.
[1] http://infocenter.arm.com/help/topic/com.arm.doc.den0060a/DEN0060A_ARM_MM_Interface_Specification.pdf
Change-Id: Ieb01bce8f5e9658b16c3650b3db074e10a8f732d
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Change the prototype of the cactus_svc() helper function to:
u_register_t cactus_svc(svc_args *args)
The arguments to pass through the SVC call must be stored in the svc_args
structure. The return values of the SVC call will be stored in the same
structure (overriding the input arguments).
Return the first return value. It is equivalent to args.arg0 but is also
provided as the return value for convenience.
Modify the MM_COMMUNICATE handler to print these additional values,
which in the case of an MM_COMMUNICATE call, correspond to the event
context address, size and cookie.
Change-Id: I78085fb1012ee834e1f82f6be1300085742a3119
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
|
|
At the moment, Cactus doesn't really fulfil the role of a Secure
Partition because it does not expose any secure service. It is
involved during boot time only (where it exercises the memory
management features provided by the SPM) and then does not serve any
purpose at run time.
This patch adds a run time dimension to Cactus. After sending the
first SP_EVENT_COMPLETE SVC to SPM to signal it has completed its
initialisations, Cactus is now able to handle service requests.
For now, only the MM_COMMUNICATE call is supported.
Change-Id: Icb3094f1bff2f618eaca3d63126ea183aebe23e3
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
|
|
According to the SP_EVENT_COMPLETE specification, the secure partition
can either return:
- 0 to indicate it has successfully initialized;
- A negative value to indicate an error;
- A positive value to pass a specific Event Status code.
Therefore, returning 1 in case of error violates the specification.
This patch changes it to -1.
Change-Id: I73566bb164e0d26509af5a09304ea0082ea492dd
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
|
|
The defines have been renamed to match the names used in the
documentation.
Change-Id: I1b2dc9087953aa283790da2c9e895869a2c36a81
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
Change-Id: I8b7ca623ad5e350de1fa0f7bf15bae9121a306d4
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
|
|
This patch examines the secure_partition_boot_info_t structure passed
from TF to Cactus and makes sure it matches Cactus' expections.
Also add some comments.
Change-Id: I512384003b5192e63cfd9a9ed7cf4ef965090b95
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
|
|
Cactus receives from the ARM Trusted Firmware the address of a memory
buffer containing some boot information. This patch casts this void*
pointer into a pointer to secure_partition_boot_info_t to manipulate
it easily.
Change-Id: Ic59335fb89f11f3990b962f43b26cf8de6c5f0d6
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
|
|
After the changes done to the shared buffers and the heap of the Secure
Partitions (now they are mapped with a 4 KiB granularity) it is needed
to find a new memory region for the tests.
The region chosen is the 2 MiB block right after the UART registers.
This means that, even if the test failed and the region changed its
attributes it wouldn't leave the console useless.
This only applies to FVP.
Change-Id: I108603d12c53fd8078f7c05aa806484c1224546b
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
|
This image performs some boot tests to make sure that the Secure
Partition Manager works correctly. It is introduced as an example of how
to implement and build a Secure Partition using the Trusted Firmware
build system.
This image uses position-independent code so that it can be placed in
all places where the Trusted Firmware supports having a Secure
Partition.
This image is only available for fvp in AArch64 mode.
To compile it:
CROSS_COMPILE=aarch64-linux-gnu- make PLAT=fvp cactus
Change-Id: I636b5e3299ecd4dbae2815a08c7f343a24053568
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
|
