Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

StandaloneMm: Remove hob creation in Arm and Support FF-A v1.2 #6116

Merged
merged 30 commits into from
Jan 17, 2025

Conversation

LeviYeoReum
Copy link
Contributor

@LeviYeoReum LeviYeoReum commented Aug 27, 2024

Description

This patch series remove hob creation in Arm/StandaloneMmCoreEntryPoint.
For this, This patch series includes:
1. Simplify StandaloneMm entrypoint code for Arm
2. Replace CpuEntryPoint Hob with the protocol
3. Remove arm specific HobLib implementation used in StandaloneMmCore.
4. Support FF-A v1.2, add ArmFfaLib
5. Apply FF-A boot protocol for StandaloneMm
6. To apply booting with FF-A, use embedded stack for StandaloneMm because TF-A doesn't set stack for StandaloneMm
7. Apply FF-A Library in Mmcommunication Driver in Arm
8. StandaloneMm in Arm is UP migratable. Remove per-cpu feature
9. Support ExtractSectionLib for StandaloneMm.
10. Move StandaloneMmCoreEntryPoint & StandaloneMmCpu driver for Arm to ArmPkg.

How This Was Tested

Tested in Base FVP RevC platform by checking Boot and dumping uefi variables.

Integration Instructions

.

@ardbiesheuvel
Copy link
Member

cc @apalos

Please asses the impact of these changes on the code in Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc in the edk2-platforms repo.

Also, please merge all patches that rename the MM #defines into a single one, so we don't break the build intermittently.

@LeviYeoReum
Copy link
Contributor Author

Hi @ardbiesheuvel.

Please asses the impact of these changes on the code in Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc in the edk2-platforms repo.

Yes. It would break until I post the patchset related to FF-A boot protocol usage and it requires for optee to create phit hob using FF-A boot protocol.

I have a plan to FF-A boot protocol patch for edk2 in couple of week, and later I'll post the optee patch for this.

Also, please merge all patches that rename the MM #defines into a single one, so we don't break the build intermittently.

Thanks. I'll merge it

@LeviYeoReum LeviYeoReum force-pushed the levi/2999_stmm_milestone_1 branch from ad497a7 to dece401 Compare August 29, 2024 08:49
@LeviYeoReum LeviYeoReum requested review from apalos and niruiyu August 29, 2024 08:53
@apalos
Copy link
Contributor

apalos commented Sep 4, 2024

Hi @ardbiesheuvel.

Please asses the impact of these changes on the code in Platform/StandaloneMm/PlatformStandaloneMmPkg/PlatformStandaloneMmRpmb.dsc in the edk2-platforms repo.

Yes. It would break until I post the patchset related to FF-A boot protocol usage and it requires for optee to create phit hob using FF-A boot protocol.

I have a plan to FF-A boot protocol patch for edk2 in couple of week, and later I'll post the optee patch for this.

I'd still like to understand a bit more how this affects the whole situation. Wouldn't that make certain versions of stmm incompatible with OP-TEE? Do we have a versioning field in there we could use and at least report an error message that makes sense?

Also, please merge all patches that rename the MM #defines into a single one, so we don't break the build intermittently.

Thanks. I'll merge it

@LeviYeoReum
Copy link
Contributor Author

Hi @apalos.

I'd still like to understand a bit more how this affects the whole situation. Wouldn't that make certain versions of stmm incompatible with OP-TEE? Do we have a versioning field in there we could use and at least report an error message that makes sense?

Here is what I think:

optee standaloneMm Working Comments
old old O Legacy
new old X load_stmm() in optee, doesn't set stack pointer. So as soon as enter standaloneMm, It will crash TA.
old new X StandaloneMm check FF-A version, If it's under v1.2, StandaloneMm prints error message and fail to load TA.
new new O .

Because, FF-A v1.2's. manifest doesn't have stack memory region for partition. So new standaloneMm set stack by itself.

For this. I think optee's stmm.c code should be modified with:
- At the load, create Hob list and passes it with FF-A boot protocol
- update stmm svc handler.

BTW, to confirm the optee modification, could you share me what is proper build command for TF-A / optee / u-boot for vexpress-fvp platform?

Thanks.

@apalos
Copy link
Contributor

apalos commented Sep 4, 2024

Hi @apalos.

I'd still like to understand a bit more how this affects the whole situation. Wouldn't that make certain versions of stmm incompatible with OP-TEE? Do we have a versioning field in there we could use and at least report an error message that makes sense?

Here is what I think:
optee standaloneMm Working Comments
old old O Legacy
new old X load_stmm() in optee, doesn't set stack pointer. So as soon as enter standaloneMm, It will crash TA.
old new X StandaloneMm check FF-A version, If it's under v1.2, StandaloneMm prints error message and fail to load TA.
new new O .

Because, FF-A v1.2's. manifest doesn't have stack memory region for partition. So new standaloneMm set stack by itself.

Yes, that's what I assumed when I read the patches, thanks for the confirmation.

I don't personally mind if we remove the 1.0 variant, but this needs to be done properly and in coordination with OP-TEE. Parsing the FF-A version and not launching StMM if an older version is loaded is the bare minimum we should fix.

In any case, I'll ask around and see if anyone is affected by removing 1.0.

For this. I think optee's stmm.c code should be modified with: - At the load, create Hob list and passes it with FF-A boot protocol - update stmm svc handler.

BTW, to confirm the optee modification, could you share me what is proper build command for TF-A / optee / u-boot for vexpress-fvp platform?

I don't have anything for the FVP.
I do keep a hacky branch that emulates an RPMB partition (in memory) for U-Boot though and you can test Get/Set variable from the bootloader. Just clone https://git.linaro.org/people/ilias.apalodimas/efi_optee_variables.git/, change your cross compiler in the build.sh script and run it. Once the build is done, the script will print a qemu cmd line for you to run. Once you reach the U-Boot consol do printenv -e .

Thanks.

@LeviYeoReum LeviYeoReum force-pushed the levi/2999_stmm_milestone_1 branch from dece401 to 79f6e6f Compare September 24, 2024 12:38
@LeviYeoReum LeviYeoReum requested a review from niruiyu September 24, 2024 12:39
@LeviYeoReum LeviYeoReum force-pushed the levi/2999_stmm_milestone_1 branch 2 times, most recently from e2de4dd to 4aaa79e Compare September 24, 2024 13:37
ArmPkg/Library/ArmFfaLib/ArmFfaCommon.c Outdated Show resolved Hide resolved
ArmPkg/Library/ArmFfaLib/ArmFfaCommon.c Outdated Show resolved Hide resolved
ArmPkg/Library/ArmFfaLib/ArmFfaDxeLib.c Show resolved Hide resolved
ArmPkg/Library/ArmFfaLib/ArmFfaCommon.c Show resolved Hide resolved
ArmPkg/Library/ArmFfaLib/ArmFfaCommon.h Show resolved Hide resolved
@LeviYeoReum LeviYeoReum requested a review from kuqin12 September 24, 2024 20:04
@LeviYeoReum LeviYeoReum force-pushed the levi/2999_stmm_milestone_1 branch 6 times, most recently from 4ccfe5b to cc51b9a Compare September 26, 2024 09:01
Partition descriptor is used to get partition information via
FFA_PARTITION_INFO_GET or FFA_PARTITION_INFO_GET_REGS FF-A ABI.

Adds defines for partition descriptor and some macros used to call above
ABIs.

Signed-off-by: Levi Yun <[email protected]>
To communicate with spmc or spmd, UEFI needs to map the Rx/Tx buffer
(which is a global resource in a partition)
by getting the required information from the partition descriptor.

for this, Define ArmFfaLib related Pcd and Guid.

Pcd:
  - PcdFfaLibConduitSmc
      conudit to use ArmFfaLib.

  - PcdFfaTxBufeer
      address of Tx buffer.

  - PcdFfaRxBuffer:
      address of Rx buffer.

  - PcdTxRxPageCount:
      specify buffer size with EFI_PAGE_SIZE unit.

  - PcdFfaExitBootEventRegistered:
      check exit boot event registered to unmap rx/tx buffer.

Guid:
   - gArmFfaRxTxBufferInfoGuid:
       This is used in Hob to get Rx/Tx buffer information to pass
       Rx/Tx buffer information via HobList if Rx/Tx Buffer mapped in
       PEI phase.

Signed-off-by: Levi Yun <[email protected]>
PcdFfaEnabled is no more used because ArmFfaLib could find whether FF-A
is supported dynamically.

This patch removes usage of PcdFfaEnabled.

Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Levi Yun <[email protected]>
Add ArmFfaLib.h which defines interfaces correspond to FF-A ABIs.

Signed-off-by: Levi Yun <[email protected]>
Add ArmFfaLib used in Dxe driver

Signed-off-by: Levi Yun <[email protected]>
Add ArmFfaLib used in PEIM.

Signed-off-by: Levi Yun <[email protected]>
Add ArmFfaLib used in StandaloneMmCore/StandaloneMm Driver.

Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Levi Yun <[email protected]>
…ulirty

The StandaloneMm implementation for Arm sets up the stack in
the early startup code using the data section reserved in the
assembly code.

When TF-A loads the StandaloneMM binary in the DRAM it maps
the entire StandaloneMM memory region as Read Only.

Therefore, the initial startup assembly code updates the mem
permissions of the stack region to Read Write.

However, when the StandaloneMmCore is loaded the function
UpdateMmFoundationPeCoffPermissions() starts applying the
memory permissions based on the PE COFF sections as below:

A. If the section is not executable, it first removes the
executable permission of the section by calling TextUpdate().
TextUpdate() is the StandaloneMM MMU library function
ArmSetMemoryRegionNoExec().

B. It then checks if the section is writable, and if it is
it calls ReadWriteUpdater(), which invokes the StandaloneMM
MMU library function ArmClearMemoryRegionReadOnly() to make
the section writable.

However, this results in the stack being made read-only
between A and B. To understand this please see the following
flow.

1. TF-A sets the entire StandaloneMM region as Read Only.
2. The stack is reserved in the data section by the early
   assembly entry point code.
    +--------------------+   <--- Start of Data Section
    |                    |
    |  Data Section      |
    |                    |
    | +----------------+ |   <--- Stack region
    | |   Stack        | |
    | +----------------+ |
    |                    |
    +--------------------+

3. The StanaloneMM early entry point code updates the
   attributes of the stack to Read Write.
4. When UpdateMmFoundationPeCoffPermissions() sets the
   permission of the data section to remove the Execute
   attribute, it calls ArmSetMemoryRegionNoExec().
5. The ArmSetMemoryRegionNoExec() implementation gets the
   attributes of the first granule which is at the start
   of the data section, then clears the execute permission
   and applies the attribute for the entire data section.
6. Since TF-A has mapped the entire section as read only
   the first granule of the data section is read only and
   therefore the stack region attributes are changed to
   Read Only no execute.
7. Since the stack is read only after point A any updates
   to the stack result in an exception.

To resolve this issue with update the library with FF-A v1.2,
get/set memory permission per page unit.

Links: https://developer.arm.com/documentation/den0140/latest/ [0]
Signed-off-by: Levi Yun <[email protected]>
To support the service other than Mmcommunication service,
StandaloneMm should use FF-A v1.2 or later [0].

For this, StandaloneMm needs to change:
  1. apply FF-A boot protocol
      - FF-A uses its own boot protocol and it can deliver phit hob.
        So, StandaloneMm should understand FF-A boot protocol and
        get phit hob from it to initialize.

  2. Use DIRECT_REQ2 / DIRECT_RESP2
      - To support the other service via FF-A protocol
        than MmCommunication,
        StandaloneMm should use DIRECT_REQ2 / DIRECT_RESP2.
        In case of service provided with MmCommunication protocol,
        register x2/x3 value is set as gEfiMmCommunication2ProtocolGuid and
        register x4 value is set with MmCommunication Buffer
        (ServiceTypeMmCommunication).
        In case of service with each speicifiation via FF-A,
        register x2/x3 value is set as each service guid
        and StandaloneMmCoreEntryPoint genreates Mm communication header
        with passed arguments to dispatch this service
        provided by StandaloneMm.
        i.e) Tpm service, Firmware update service and etc.
        (ServiceTypeMisc)

Link: https://developer.arm.com/documentation/den0077/latest/ [0]

Signed-off-by: Levi Yun <[email protected]>
Support Mmcommunication protocol via FF-A with StandaloneMm.

Signed-off-by: Levi Yun <[email protected]>
Support Mmcommunication protocol via FF-A with StandaloneMm.
For this, FF-A v1.2 is required.

Signed-off-by: Levi Yun <[email protected]>
MmCommunication.h is used in MmCommunicationDxe/Pei both.
Move this header file to common include.

Signed-off-by: Levi Yun <[email protected]>
Add helper function converting smc return value to efi status.

Signed-off-by: Levi Yun <[email protected]>
On Arm all requests are handled as Asynchronous events by the Root
MMI handler.
Since the communication data is conveyed using either the NS shared
buffer or the Secure shared buffer, the Arm implementation does not
setup the mCommunicationBuffer. Therefore, the mCommunicationBuffer
being NULL is not an error case.

Moreover, the existing code switches to Asynchronous event processing
when the mCommunicationBuffer is NULL, which means that the log is an
info log rather than an error.

Therefore, change the log level from ERROR to INFO when the
mCommunicationBuffer is NULL.

Signed-off-by: Levi Yun <[email protected]>
StandaloneMm Arm uses stack allocated in data section.
This patch adds Pcd which specify the stack size of StandaloneMm.

Signed-off-by: levi.yun <[email protected]>
There are 2 communication interfaces between the SPMC and StandaloneMM
1. SpmMM
2. FF-A

When SpmMM is enabled, TF-A acts as the SPMC at EL3 and the stack is setup
by TF-A for use by StandaloneMm. However, when FF-A is enabled, the SPMC
does not setup the stack for StandaloneMm and it is expected that the
StandaloneMm code will setup its own stack.

Therefore, reserve an area in the data region for use as the stack for
StandaloneMM. This stack will be used in both the scenarios described
above, i.e. when either SpmMM or FF-A is enabled.

Although the stack is reserved from the data section which is expected
to be Read-Write enabled, when TF-A maps the StandaloneMM binary into
the DRAM it configures the entire StandaloneMM memory as Read-Only.

Therefore, before the stack can be utilised, the PE Coff sections
need to be scanned to change the the stack region from Read-Only to
Read-Write.

Signed-off-by: Levi Yun <[email protected]>
Arm has three types of communication buffer
    - Non secure communication buffer: shared buffer with NS partition
    - Secure communication buffer: shared buffer with Secure partition
    - Internal Misc service buffer: For misc service
        i.e. for services that do not use MmCommunication protocol,
        a buffer is created and populated internally.

Since, internal Misc service buffer is allocated dynamically in
StandaloneMm there is no additional check required for the Misc
service buffer.

This patch move sanity check of communication buffer from
StandaloneMmCpu Driver to StandaloneMmEntryPoint.

Signed-off-by: Levi Yun <[email protected]>
StandaloneMm in Arm is UP-migratable which means StandaloneMm
cannot run concurrently.

Therefore, remove per-cpu feature in StandaloneMm.

Signed-off-by: Levi Yun <[email protected]>
The default ExtractGuidedSectionLib used by Standalone MM is the
implementation in EmbeddedPkg. However, the ExtractGuidedSectionLib
implementation in EmbeddedPkg builds HOBs to save the extract handler
information.
Since StandaloneMm is consumer of HOB, not a HOB producer, introduce
a StandaloneMmExtraGuidedSectionLib implementation that saves the
extract handler information in the ConfigurationTable.
This StandaloneMmExtraGuidedSectionLib can be used by MM_STANDALONE
and MM_CORE_STANDALONE modules.

Signed-off-by: Levi Yun <[email protected]>
StandaloneMmCpu driver is only used for Arm architecture and
StandaloneMmCoreEntryPointLib for Arm has specific implementation with
StandaloneMmCpu driver.

Move StandaloneMmCpu Driver and StandaloneMmCoreEntryPointLib for Arm
to ArmPkg.

Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Levi Yun <[email protected]>
@LeviYeoReum LeviYeoReum force-pushed the levi/2999_stmm_milestone_1 branch from 808b749 to 7cedb62 Compare January 9, 2025 12:38
@samimujawar
Copy link
Contributor

The TF-A patches have now been merged in the TF-A mainline at https://git.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a.git/+log/refs/heads/master.
If there are no further comments, I plan to merge this series on 17th Jan 2025.

@samimujawar samimujawar added the push Auto push patch series in PR if all checks pass label Jan 17, 2025
@mergify mergify bot merged commit f0c87b9 into tianocore:master Jan 17, 2025
126 checks passed
LeviYeoReum added a commit to LeviYeoReum/optee_os that referenced this pull request Jan 17, 2025
According to Platform Initialization (PI) Specification [1] and
Discussion on edk2 mailing list [2],
StandaloneMm shouldn't create Hob but it should be passed from TF-A.
That's why StandaloneMm in Arm wouldn't produce Hob by itself [3] but
other software stack should pass boot information via PHIT Hob.

This patch introduces libefi including create Hob to deliver
boot information to StandaloneMm and defines related data structures.

Link: https://uefi.org/sites/default/files/resources/PI_Spec_1_6.pdf [1]
Link: https://edk2.groups.io/g/devel/topic/103675962#114283 [2]
Link: tianocore/edk2#6116 [3]

Signed-off-by: Levi Yun <[email protected]>
@apalos
Copy link
Contributor

apalos commented Jan 20, 2025

@samimujawar apologies for the late reply, I was on vacation.

I plan to test this later today. The patches needed are this, the TF-A changes, the OP-TEE patches and https://github.com/tianocore/edk2-platforms/pull/209/commits right?

@LeviYeoReum
Copy link
Contributor Author

LeviYeoReum commented Jan 20, 2025

Hi,

I plan to test this later today. The patches needed are this, the TF-A changes, the OP-TEE patches and https://github.com/tianocore/edk2-platforms/pull/209/commits right?

Yes it is,
But because of 56dfab9 which makes shadow copy for Boot firmware volume.
It could be failed because of out of memory of heap.

For this, there is 2 options

Thanks.

@LeviYeoReum
Copy link
Contributor Author

@samimujawar apologies for the late reply, I was on vacation.

I plan to test this later today. The patches needed are this, the TF-A changes, the OP-TEE patches and https://github.com/tianocore/edk2-platforms/pull/209/commits right?

And here is my test result in Rpmb platform:

=> print -e
print -e
SetupMode:
    8be4df61-93ca-11d2-aa0d-00e098032b8c (EFI_GLOBAL_VARIABLE_GUID)
    BS|RT|RO, DataSize = 0x1
    00000000: 01                                               .
SignatureSupport:
    8be4df61-93ca-11d2-aa0d-00e098032b8c (EFI_GLOBAL_VARIABLE_GUID)
    BS|RT|RO, DataSize = 0x60
    00000000: 12 a5 6c 82 10 cf c9 4a b1 87 be 01 49 66 31 bd  ..l....J....If1.
    00000010: 26 16 c4 c1 4c 50 92 40 ac a9 41 f9 36 93 43 28  &[email protected](
    00000020: 07 53 3e ff d0 9f c9 48 85 f1 8a d5 6c 70 1e 01  .S>....H....lp..
    00000030: ae 0f 3e 09 c4 a6 50 4f 9f 1b d4 1e 2b 89 c1 9a  ..>...PO....+...
    00000040: e8 66 57 3c 9c 26 34 4e aa 14 ed 77 6e 85 b3 b6  .fW<.&4N...wn...
    00000050: a1 59 c0 a5 e4 94 a7 4a 87 b5 ab 15 5c 2b f0 72  .Y.....J....\+.r
SecureBoot:
    8be4df61-93ca-11d2-aa0d-00e098032b8c (EFI_GLOBAL_VARIABLE_GUID)
    BS|RT|RO, DataSize = 0x1
    00000000: 00                                               .
certdbv:
    d9bee56e-75dc-49d9-b4d7-b534210f637a (d9bee56e-75dc-49d9-b4d7-b534210f637a)
    1970-01-01 00:00:01
    BS|RT|AT|RO, DataSize = 0x4
    00000000: 04 00 00 00                                      ....
AuditMode:
    8be4df61-93ca-11d2-aa0d-00e098032b8c (EFI_GLOBAL_VARIABLE_GUID)
    BS|RT|RO, DataSize = 0x1
    00000000: 00                                               .
DeployedMode:
    8be4df61-93ca-11d2-aa0d-00e098032b8c (EFI_GLOBAL_VARIABLE_GUID)
    BS|RT|RO, DataSize = 0x1
    00000000: 00                                               .
    ```

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
push Auto push patch series in PR if all checks pass
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants