Hi,
This is to notify that we are planning to target the Trusted Firmware-A 2.4 release during the second week of November 2020 as part of the regular 6 month cadence. The aim is to consolidate all TF-A work since the 2.3 release. As part of this, a release candidate tag will be created and release activities will commence from Friday 30th Oct 2020 (code freeze date). Essentially we will not merge any major enhancements from this date until the release is made. Please ensure any Pull Requests (PR’s) desired to make the 2.4 release are submitted in good time, to be completed by Tuesday 27th Oct 2020. Any major enhancement PR’s still open after that date will not be merged until after the release
Please note, there is no guarantee that all patches under review will be merged before the code freeze date. Any patches that don’t make the code freeze date will complete their review and merge post the release date.
Thanks
Manish Badarkhe
Hi All,
I am getting compilation error with Mainline TFA on renesas platform for bl31 build.
Build command:
#make CROSS_COMPILE=aarch64-linux-gnu- bl31 PLAT=rcar LSI=M3 MBEDTLS_DIR=../mbedtls
Q1) Have any one see this issue? Please correct me, if I am doing something wrong.
On further investigation, the below commit introduced the issue [1]
[1] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/plat/ren…
It gives compilation error " error: initializer element is not constant" for BL_CODE_BASE [2]
[2] https://elixir.bootlin.com/arm-trusted-firmware/latest/source/plat/renesas/…
BL_CODE_BASE gets its value from linker in [3]
[3] https://elixir.bootlin.com/arm-trusted-firmware/latest/source/include/commo…
If you see [4], the initializer element is not constant
[4] https://elixir.bootlin.com/arm-trusted-firmware/latest/source/include/lib/u…
Error logs:
biju@biju-VirtualBox:~/work/trusted-firmware-a$
CC plat/renesas/rcar/bl31_plat_setup.c
plat/renesas/rcar/bl31_plat_setup.c:25:39: error: initializer element is not constant
static const uint64_t BL31_RO_BASE = BL_CODE_BASE;
^~~~~~~~~~~~
plat/renesas/rcar/bl31_plat_setup.c:26:40: error: initializer element is not constant
static const uint64_t BL31_RO_LIMIT = BL_CODE_END;
^~~~~~~~~~~
plat/renesas/rcar/bl31_plat_setup.c:29:48: error: initializer element is not constant
static const uint64_t BL31_COHERENT_RAM_BASE = BL_COHERENT_RAM_BASE;
^~~~~~~~~~~~~~~~~~~~
plat/renesas/rcar/bl31_plat_setup.c:30:49: error: initializer element is not constant
static const uint64_t BL31_COHERENT_RAM_LIMIT = BL_COHERENT_RAM_END;
^~~~~~~~~~~~~~~~~~~
Makefile:1109: recipe for target '/home/biju/work/trusted-firmware-a/build/rcar/release/bl31/bl31_plat_setup.o' failed
make: *** [/home/biju/work/trusted-firmware-a/build/rcar/release/bl31/bl31_plat_setup.o] Error 1
Regards,
Biju
Renesas Electronics Europe GmbH, Geschaeftsfuehrer/President: Carsten Jauch, Sitz der Gesellschaft/Registered office: Duesseldorf, Arcadiastrasse 10, 40472 Duesseldorf, Germany, Handelsregister/Commercial Register: Duesseldorf, HRB 3708 USt-IDNr./Tax identification no.: DE 119353406 WEEE-Reg.-Nr./WEEE reg. no.: DE 14978647
Hi Sandeep,
A few comments inline from a SW architecture/FF-A perspective.
> On 5 Oct 2020, at 12:28, Sandeep Tripathy via TF-A <tf-a(a)lists.trustedfirmware.org> wrote:
>
> Hi Olivier,
> Appreciate the details. I have a different perception of G0
> interrupts and their relevance to RAS/ critical events.
> Comments in line.
> Thanks
> Sandeep
>
> On Fri, Oct 2, 2020 at 6:47 PM Olivier Deprez <Olivier.Deprez(a)arm.com> wrote:
>>
>> Hi Sandeep,
>>
>> Here are a few more details.
>> The reasoning differs when considering pre-Armv8.4 platforms (1) vs Armv8.4 platforms onwards with secure virtualization enabled (2).
>>
>> Case (1):
>>
>> EHF framework unifies EL3 exceptions delivered via different vectors and allows them to be handled in a common way. It is also allowing exception delegation handling to lower secure ELs. This framework although primarily used for RAS, is also used for SDEI and platform EL3 interrupts. EL3's role in this case is about trapping and routing the event to appropriate the component (when the interrupt/exception is not handled solely at EL3).
>>
>> The interoperability between EHF and a Trusted OS is not accurately defined apart from this guidance in EHF documentation:
>> "In order for S-EL1 software to handle Non-secure interrupts while having EHF enabled, the dispatcher must adopt a model where Non-secure interrupts are received at EL3, but are then synchronously handled over to S-EL1."
>>
>> Until then for the specific RAS handling scenario, this was delegated to a StandaloneMM partition running at S-EL0 (through the SPM-MM implementation) and not necessarily delegated to a TOS.
>
> Reliability is provided by the feature of G0 interrupt that it can not
> be masked by lower ELs. Such interrupt being handled at EL3 or being
> delegated to other components does not impact the
> reliable feature of G0 interrupt. Sure its handling must be offloaded
> to other components to keep EL3 firmware light. But If it were just
> about handling an interrupt then it could have been entirely handled
> in each state without even requiring an EL3 interrupt type.
Reliability in RAS is a different concept. RAS error interrupts do not provide reliability. They report unreliable operation.
Routing RAS interrupts to EL3 is an implementation choice called Firmware First Handling (FFH). Indeed, the interrupts could be routed to a lower EL which is called Kernel first handling (KFH).
For e.g. an implementation could decide to handle corrected errors Kernel first. Uncorrected errors could be routed to a platform controller instead of firmware or be routed to both. There is no single solution.
With FFH, the main requirement is that an uncorrected error must be handled even if the Normal world is not in a position to do so. There are non-technical requirements too but lets not go there. So I don’t think there is a requirement that "no lower EL" should be able to mask the interrupt.
EL3/S-EL1 and EL3/S-EL2 are at the same privilege level as far as access to the physical address space is concerned. G0 interrupts could be routed to EL3 but they can be disabled by S-EL1 or S-EL2 by programming the GIC distributor.
The main point being that software in all privileged exception levels in the Secure world must be trusted to handle RAS errors in the Normal world. Routing G0 interrupts to EL3 is not a silver bullet.
When support for FFH was added to TF-A, there was no use case to put software in S-EL1. This EL is owned by TF-A which deploys a simple shim layer. The EHF was developed with this assumption in mind.
If your requirement is to put a Trusted OS in S-EL1 and continue doing RAS error handling, then the requirements of the Trusted OS w.r.t the interrupt routing model must be factored in. Hence, the question about what exactly are your requirements.
I can understand the desire to reuse EHF but it cannot come at the cost of not meeting the TOS requirements. It needs a SW architecture discussion first. It might be possible to preempt S-EL1 and route RAS errors to EL3 in some cases. A cooperative model (2) between S-EL1 and EL3 (as Olivier described) is what most Trusted OSs implement today. It would be good to understand why that would not work for RAS.
>
>>
>> In order to better help you, we would need more information on the scenario you intend to achieve, and the environment (Arm architecture version and extensions, GIC version).
>> Or maybe your question was out of curiosity for the longer term approach (2) as described below?
>
> As per sbsa level III spec: sbsa non secure watchdog WS1 (reset) must
> be targeted at EL3. The patch in review ref:
> https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/5495
> And we would want a watchdog interrupt to preempt all execution
> context. I would expect the same with any RAS or SDEI critical prio
> events.
Thanks for pointing this out!
SBSA applies to the Server segment. It was reasonable to assume that Secure firmware almost entirely resides in EL3. Hence the guidance. We will look at rewording this in a future release. The intent is that since it is a Non-secure Watchdog, the WS1 signal must not be masked by the Normal world.
The BSA applies to all segments. It leaves routing of WS1 implementation defined as long as the Normal world cannot mask it. It could be routed to S-EL1 or S-EL2 if that fulfils the requirement.
> Another misc application of our platform is to be able to forcefully
> turn off/ halt/ just ping any core at any execution context (S/NS).
> These motivated me to leverage EHF. But the idea of dropping EHF in
> future designs makes me think now !
>
> Our current system is pre Armv8.4. We will stick to case (1). Case
> (2) ie SPMD was just my quoricity. However, I felt PSA-FFA may
> replace TOS specific SPDs someday.
> Making SPMD relevant in this discussion even with pre 8.4 systems.
> Because at least the TOS will have to follow one policy.
The SPMD is indeed meant to replace TOS specific SPDs. It is meant to cater for the RAS use case as well. From an FF-A perspective, a cooperative approach is simpler. I would like to understand why this would not work for RAS error interrupts as well. Reuse of EHF is an implementation level discussion and I don’t think that is off the table even with (2).
>
>>
>> Case (2):
>>
>> As a general rule, it is preferred that EL3 reduces its footprint and minimises platform specific handling code.
>
> Agreed. Applies to case(1) aswell and heavy lifting to be delegated
> to lower ELs in either security states. My concern is on 'Taking' the
> interrupt handling (mjust)can be delegated.
It would certainly be desirable to reuse the EHF. However, it is not possible to delegate the heavy lifting to preempted software in S-EL1 or S-EL2 without significantly increasing their complexity. This is not the current direction of travel of FF-A.
>
>> EHF framework would most probably not be enabled at all.
>> The priority logic provided by the GIC PMR register to mask NS interrupts cannot really work as before because all of trusted EL3/S-EL2 and untrusted S-EL1 SPs can manipulate this register.
>
> This is a limitation. This can be taken care of by cooperative
> software design. ie. S_EL2/S_EL1 will not set PMR out of its range.
> And the platform defines what's EL3 priority range.
> GIC_LOWEST_EL3_PRI.
This falls under the solution space. It would be good to understand what is it you want to run on S-EL1/S-EL2 first.
>
>> Any secure/non-secure interrupt triggered while running SEL1/SEL0 is trapped first by the S-EL2 firmware (or the so-called SPMC). This translates into SCR_EL3.FIQ/IRQ=0 in the secure world.
>> Group1NS interrupts are redirected to SPMD for routing to NWd.
>>
>> A Group0 interrupt is possibly redirected to a platform driver into an S-EL1 secure partition (e.g. a RAS handling service).
>> Hence it does no longer hold true that Group0 interrupts are necessarily qualified as "EL3 interrupts".
>> It is still possible to redirect Group0 interrupts from S-EL2 to EL3 and be handled there, but as said, this is a less preferred approach.
>>
>> Either way when NWd runs (with SCR_EL3.FIQ=1/IRQ=0), a Group1S/Group0 secure interrupt is trapped at EL3 and routed to SPMD then SPMC.
>> The SPMC can take the decision to resume the secure partition which registered the corresponding secure INTID.
>>
>> This design does mean that SDEI interrupt handling would need SPMC and BL31 collaboration and this is something we are working on.
>
> I understood this scheme. But it means RAS interrupts and other
> critical events will always have blackout periods even with proper
> software design.
RAS interrupts will have blackout periods even if a SMC is handled entirely in EL3. How is routing them to S-EL1 or S-EL2 any different?
Afaiu, the RAS architecture spec does not lay down any time limits on by when an error must be reported. All RAS errors are not critical errors. Even critical errors e.g. uncontainable errors report something that has already happened. With unrecoverable errors, ESBs ensure that the problem is contained to a particular EL or Security state.
Could you elaborate on what timing requirements you have and why a cooperative model would cause problems?
> Whereas with the other routing model scheme the reliability of EHF
> handlers can be retained with the constraint of PMR ranges. There may
> be something
> I am missing.
I don’t think “reliability” is an argument here. It is about reusing the EHF in EL3. It is not off the table but we cannot overlook other evolutions in the software and hardware architecture since the EHF was written.
Let me know what you think.
Cheers,
Achin
>
>>
>> Hope this helps.
>>
>> Regards,
>> Olivier.
>>
>>
>> ________________________________________
>> From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of Olivier Deprez via TF-A <tf-a(a)lists.trustedfirmware.org>
>> Sent: 28 September 2020 14:01
>> To: Sandeep Tripathy; Soby Mathew
>> Cc: tf-a(a)lists.trustedfirmware.org; nd
>> Subject: Re: [TF-A] Query SPD/SPMD behavior with EHF
>>
>> Hi Sandeep,
>>
>> Your question is very valid and we're discussing options internally.
>>
>> We will come back to you with a consolidated answer shortly.
>>
>> Regards,
>> Olivier.
>>
>> ________________________________________
>> From: Sandeep Tripathy
>> Sent: Monday, September 28, 2020 05:28
>> To: Soby Mathew
>> Cc: Dan Handley; tf-a(a)lists.trustedfirmware.org; nd; Olivier Deprez
>> Subject: Re: [TF-A] Query SPD/SPMD behavior with EHF
>>
>>
>> Thanks Soby and Dan for confirmation on TSPD. I can see a few more gaps
>> in the related area.
>>
>> "The EL3 interrupts (G0 interrupts) should be able to pre-empt Fast
>> SMC i.e. any execution context for that matter ".
>> This should apply to all SPDs including SPMD. However I learned from
>> @Oliver that SPMD/SPMC design traps FIQs to S_EL2.
>>
>> In that case a RAS interrupt can be masked by S_EL2 software (eg:
>> Hafnium). Probably by design it will be ensured that S_EL2 will never
>> mask the physical FIQ ?
>>
>> S_EL2 FIQ handler will exit to EL3/SPMD by SMC call. And depending on
>> the pending interrupt type either it can exit to NWd OR invoke el3 fiq
>> vector handler synchronously ?
>>
>> Are there limitations if we trap fiq to EL3 instead ?
>>
>> Thanks
>> Sandeep
>> On Fri, Sep 18, 2020 at 6:26 PM Soby Mathew <Soby.Mathew(a)arm.com> wrote:
>>>
>>> Hi Sandeep
>>>
>>>> Except during yielding SMC ‘disable_intr_rm_local(INTR_TYPE_NS, SECUE);’ is in effect. Intention is to avoid NS interrupt preempt secure execution (Fast SMC).
>>>> But I think that will also disable G0 interrupt as both NS interrupt and G0 interrupt are on FIQ.
>>>> EHF already ensures this by GIC PMR adjustment. So disabling routing model seems unnecessary in this case.
>>>> This is my understanding from the code please confirm if this is correct.
>>>
>>> The EL3 interrupts (G0 interrupts) should be able to pre-empt Fast SMC. Hence the usage of GIC PMR to mask the NS interrupts. As Dan says, the TSP_NS_INTR_ASYNC_PREEMPT predates the EHF design and it seems there is a problem as you describe.
>>>
>>>> EHF already ensures this by GIC PMR adjustment. So disabling routing model seems unnecessary in this case.
>>>> This is my understanding from the code please confirm if this is correct.
>>>
>>> You are right. Routing model manipulation is not required when EL3 interrupts are present as GIC PMR manipulation should take care of the required behaviour for yielding vs atomic SMC. You also need to ensure it works as expected when EL3 interrupts are not enabled and when EHF is disabled.
>>>
>>> Best Regards
>>> Soby Mathew
>>>
>>>> -----Original Message-----
>>>> From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Sandeep
>>>> Tripathy via TF-A
>>>> Sent: 17 September 2020 16:53
>>>> To: Dan Handley <Dan.Handley(a)arm.com>
>>>> Cc: tf-a(a)lists.trustedfirmware.org
>>>> Subject: Re: [TF-A] Query TSPD behavior with EHF
>>>>
>>>> Hi Dan,
>>>> I am not sure if this is mentioned anywhere in any documents but I think
>>>> EHF handlers should be able to preempt all execution contexts at lower ELs
>>>> and lower ELs should never be able to mask such interrupts.
>>>> If the behavioral expectation is set the implementation can be fixed.
>>>>
>>>> Thanks
>>>> Sandeep
>>>>
>>>> On Thu, Sep 17, 2020 at 7:57 PM Dan Handley via TF-A <tf-
>>>> a(a)lists.trustedfirmware.org> wrote:
>>>>>
>>>>> A correction...
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Dan
>>>>>> Handley via TF-A
>>>>>> Sent: 17 September 2020 15:14
>>>>>>>>
>>>>>>>> I want to handle something similar in OP-TEED along with EHF
>>>>>>>> depending on
>>>>>>> what is the expected behavior.
>>>>>>>>
>>>>>> Hmm, I thought OP-TEED was more like the
>>>> TSP_NS_INTR_ASYNC_PREEMPT=0
>>>>>> case, where NS interrupts are routed to S-EL1 while processing a
>>>>>> yielding SMC in S- EL1? Perhaps that's a better TSPD config for you to
>>>> follow?
>>>>>>
>>>>> Sorry, if EL3_EXCEPTION_HANDLING=1 then obviously NS interrupts are
>>>> routed to EL3 first, but the TSPD re-enables NS interrupts before handing
>>>> over to the TSP to handle yielding calls, via a call to
>>>> ehf_allow_ns_preemption.
>>>>>
>>>>
>>>> Right, that is the case for yielding SMC handling where both NS interrupts
>>>> and EL3/G0 interrupts can preempt the S_EL1/S_EL2 context.
>>>> But I would expect the same routing model even for 'Fast SMC' unlike what is
>>>> happening in TSPD.
>>>>
>>>>> Dan.
>>>>>
>>>>> --
>>>>> TF-A mailing list
>>>>> TF-A(a)lists.trustedfirmware.org
>>>>> https://lists.trustedfirmware.org/mailman/listinfo/tf-a
>>>> --
>>>> TF-A mailing list
>>>> TF-A(a)lists.trustedfirmware.org
>>>> https://lists.trustedfirmware.org/mailman/listinfo/tf-a
>>
>>
>> --
>> TF-A mailing list
>> TF-A(a)lists.trustedfirmware.org
>> https://lists.trustedfirmware.org/mailman/listinfo/tf-a
> --
> TF-A mailing list
> TF-A(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-a
Hi Varun,
The Arm security support pages provides official responses to questions related to security vulnerabilities. [https://developer.arm.com/support/arm-security-updates]
Trustedfirmware.org provides Security Centre pages covering the security incident handling and vulnerability disclosure process for hosted projects. [https://developer.trustedfirmware.org/w/collaboration/security_center/]
You can find information regarding Nailgun on the following Arm security support FAQ page [https://developer.arm.com/support/arm-security-updates/speculative-processo…].
If you have further questions then please email arm-security(a)arm.com<mailto:arm-security@arm.com> as mentioned in the Arm security support pages.
Joanna
From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of Varun Wadekar via TF-A <tf-a(a)lists.trustedfirmware.org>
Reply to: Varun Wadekar <vwadekar(a)nvidia.com>
Date: Monday, 28 September 2020 at 21:53
To: "tf-a(a)lists.trustedfirmware.org" <tf-a(a)lists.trustedfirmware.org>
Subject: [TF-A] Nailgun
Hi,
Recently, I learned about Nailgun [1] – leak information by snooping across privilege boundaries with the help of CoreSight. The proof of concept uses Raspberry Pi3 (uses Cortex A-53 CPUs) platform to demonstrate the exploit.
Has anyone reviewed this attack and does it affect other Arm v8 CPUs too? Do we have support in TF-A to disable CoreSight to mitigate against such attacks? Are there any other mitigations against this attack?
-Varun
[1] https://github.com/ningzhenyu/nailgun
Hello team,
After the recent discussion in the tech forums for the need of a LTS release, I have create a wiki page [1] on tf.org to discuss how we should move forward. The page is expected to be a "live" document and the intention is to allow the community to capture current problems and expectations from the LTS version.
Request you to review the page and provide feedback.
Thanks,
-Varun
[1] https://developer.trustedfirmware.org/w/tf_a/lts_proposal/
Hi Ravi,
Have you tried to use RESET_TO_BL31 build option for your platform?
Regards.
Alexei
________________________________
From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of rkohli2000 gmail via TF-A <tf-a(a)lists.trustedfirmware.org>
Sent: 07 October 2020 17:01
To: tf-a(a)lists.trustedfirmware.org <tf-a(a)lists.trustedfirmware.org>
Subject: [TF-A] BL31 as bootloader
Hi,
I'm a new user and sorry for some basic TF-A questions. Any guidance is appreciated.
I'm am able boot the TF-A bl31.bin image itself on my i.MX8QM MEK platform without using u-boot.
I can use the imx-mkimage tool to create a flash or eMMC bootable image (flash.bin). Here, I can
specify this container image with both bl31.bin and a separate custom app at a give flash address.
This is without any security requirements or dependencies.
Can I use the T-FA bl31.bin image to act as a first stage bootloader (without u-boot) and then launch
a "custom" bare metal app for Cortex-A53 (for example) on the i.MX8QM at the given (BL33) entry point
0x80020000 address ?
Thanks in advance.
Ravi
--
TF-A mailing list
TF-A(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-a
Hi,
I'm a new user and sorry for some basic TF-A questions. Any guidance is appreciated.
I'm am able boot the TF-A bl31.bin image itself on my i.MX8QM MEK platform without using u-boot.
I can use the imx-mkimage tool to create a flash or eMMC bootable image (flash.bin). Here, I can
specify this container image with both bl31.bin and a separate custom app at a give flash address.
This is without any security requirements or dependencies.
Can I use the T-FA bl31.bin image to act as a first stage bootloader (without u-boot) and then launch
a "custom" bare metal app for Cortex-A53 (for example) on the i.MX8QM at the given (BL33) entry point
0x80020000 address ?
Thanks in advance.
Ravi
Hi All,
The next TF-A Tech Forum is scheduled for Thu 8th October 2020 16:00 – 17:00 (BST). A reoccurring meeting invite has been sent out to the subscribers of this TF-A mailing list. If you don’t have this please let me know.
Agenda:
* Measured Boot Support in TF-A
* Presented by Alexei Fedorov and Javier Almansa Sobrino
* Update on the support for Measured Boot in TF-A along with an overview of test cases for integration with a TPM service
* Optional TF-A Mailing List Topic Discussions
If TF-A contributors have anything they wish to present at any future TF-A tech forum please contact me to have that scheduled.
Previous sessions, both recording and presentation material can be found on the trustedfirmware.org TF-A Technical meeting webpage: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/
A scheduling tracking page is also available to help track sessions suggested and being prepared: https://developer.trustedfirmware.org/w/tf_a/tf-a-tech-forum-scheduling/ Final decisions on what will be presented will be shared a few days before the next meeting and shared on the TF-A mailing list.
Thanks
Joanna
Hi,
Sorry for the wide distribution and if this isn't the appropriate board.
I'm interested in TF-A image construction for the i.MX8QM SoC platform
and basic image construction instructions.
I'd like to understand how to deploy a user application for the Cortex-A53
core and flash image construction. For example, how to deploy BL31.bin and
launch a user app for the platform and what does the following TF-A console
log imply for user apps:
INFO: Entry point address = 0x80020000
INFO: SPSR = 0x3c9
Any intro info is appreciated. Thanks again.
Regards
Ravi
Hi Sandeep,
Here are a few more details.
The reasoning differs when considering pre-Armv8.4 platforms (1) vs Armv8.4 platforms onwards with secure virtualization enabled (2).
Case (1):
EHF framework unifies EL3 exceptions delivered via different vectors and allows them to be handled in a common way. It is also allowing exception delegation handling to lower secure ELs. This framework although primarily used for RAS, is also used for SDEI and platform EL3 interrupts. EL3's role in this case is about trapping and routing the event to appropriate the component (when the interrupt/exception is not handled solely at EL3).
The interoperability between EHF and a Trusted OS is not accurately defined apart from this guidance in EHF documentation:
"In order for S-EL1 software to handle Non-secure interrupts while having EHF enabled, the dispatcher must adopt a model where Non-secure interrupts are received at EL3, but are then synchronously handled over to S-EL1."
Until then for the specific RAS handling scenario, this was delegated to a StandaloneMM partition running at S-EL0 (through the SPM-MM implementation) and not necessarily delegated to a TOS.
In order to better help you, we would need more information on the scenario you intend to achieve, and the environment (Arm architecture version and extensions, GIC version).
Or maybe your question was out of curiosity for the longer term approach (2) as described below?
Case (2):
As a general rule, it is preferred that EL3 reduces its footprint and minimises platform specific handling code.
EHF framework would most probably not be enabled at all.
The priority logic provided by the GIC PMR register to mask NS interrupts cannot really work as before because all of trusted EL3/S-EL2 and untrusted S-EL1 SPs can manipulate this register.
Any secure/non-secure interrupt triggered while running SEL1/SEL0 is trapped first by the S-EL2 firmware (or the so-called SPMC). This translates into SCR_EL3.FIQ/IRQ=0 in the secure world.
Group1NS interrupts are redirected to SPMD for routing to NWd.
A Group0 interrupt is possibly redirected to a platform driver into an S-EL1 secure partition (e.g. a RAS handling service).
Hence it does no longer hold true that Group0 interrupts are necessarily qualified as "EL3 interrupts".
It is still possible to redirect Group0 interrupts from S-EL2 to EL3 and be handled there, but as said, this is a less preferred approach.
Either way when NWd runs (with SCR_EL3.FIQ=1/IRQ=0), a Group1S/Group0 secure interrupt is trapped at EL3 and routed to SPMD then SPMC.
The SPMC can take the decision to resume the secure partition which registered the corresponding secure INTID.
This design does mean that SDEI interrupt handling would need SPMC and BL31 collaboration and this is something we are working on.
Hope this helps.
Regards,
Olivier.
________________________________________
From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of Olivier Deprez via TF-A <tf-a(a)lists.trustedfirmware.org>
Sent: 28 September 2020 14:01
To: Sandeep Tripathy; Soby Mathew
Cc: tf-a(a)lists.trustedfirmware.org; nd
Subject: Re: [TF-A] Query SPD/SPMD behavior with EHF
Hi Sandeep,
Your question is very valid and we're discussing options internally.
We will come back to you with a consolidated answer shortly.
Regards,
Olivier.
________________________________________
From: Sandeep Tripathy
Sent: Monday, September 28, 2020 05:28
To: Soby Mathew
Cc: Dan Handley; tf-a(a)lists.trustedfirmware.org; nd; Olivier Deprez
Subject: Re: [TF-A] Query SPD/SPMD behavior with EHF
Thanks Soby and Dan for confirmation on TSPD. I can see a few more gaps
in the related area.
"The EL3 interrupts (G0 interrupts) should be able to pre-empt Fast
SMC i.e. any execution context for that matter ".
This should apply to all SPDs including SPMD. However I learned from
@Oliver that SPMD/SPMC design traps FIQs to S_EL2.
In that case a RAS interrupt can be masked by S_EL2 software (eg:
Hafnium). Probably by design it will be ensured that S_EL2 will never
mask the physical FIQ ?
S_EL2 FIQ handler will exit to EL3/SPMD by SMC call. And depending on
the pending interrupt type either it can exit to NWd OR invoke el3 fiq
vector handler synchronously ?
Are there limitations if we trap fiq to EL3 instead ?
Thanks
Sandeep
On Fri, Sep 18, 2020 at 6:26 PM Soby Mathew <Soby.Mathew(a)arm.com> wrote:
>
> Hi Sandeep
>
> > Except during yielding SMC ‘disable_intr_rm_local(INTR_TYPE_NS, SECUE);’ is in effect. Intention is to avoid NS interrupt preempt secure execution (Fast SMC).
> > But I think that will also disable G0 interrupt as both NS interrupt and G0 interrupt are on FIQ.
> > EHF already ensures this by GIC PMR adjustment. So disabling routing model seems unnecessary in this case.
> > This is my understanding from the code please confirm if this is correct.
>
> The EL3 interrupts (G0 interrupts) should be able to pre-empt Fast SMC. Hence the usage of GIC PMR to mask the NS interrupts. As Dan says, the TSP_NS_INTR_ASYNC_PREEMPT predates the EHF design and it seems there is a problem as you describe.
>
> > EHF already ensures this by GIC PMR adjustment. So disabling routing model seems unnecessary in this case.
> > This is my understanding from the code please confirm if this is correct.
>
> You are right. Routing model manipulation is not required when EL3 interrupts are present as GIC PMR manipulation should take care of the required behaviour for yielding vs atomic SMC. You also need to ensure it works as expected when EL3 interrupts are not enabled and when EHF is disabled.
>
> Best Regards
> Soby Mathew
>
> > -----Original Message-----
> > From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Sandeep
> > Tripathy via TF-A
> > Sent: 17 September 2020 16:53
> > To: Dan Handley <Dan.Handley(a)arm.com>
> > Cc: tf-a(a)lists.trustedfirmware.org
> > Subject: Re: [TF-A] Query TSPD behavior with EHF
> >
> > Hi Dan,
> > I am not sure if this is mentioned anywhere in any documents but I think
> > EHF handlers should be able to preempt all execution contexts at lower ELs
> > and lower ELs should never be able to mask such interrupts.
> > If the behavioral expectation is set the implementation can be fixed.
> >
> > Thanks
> > Sandeep
> >
> > On Thu, Sep 17, 2020 at 7:57 PM Dan Handley via TF-A <tf-
> > a(a)lists.trustedfirmware.org> wrote:
> > >
> > > A correction...
> > >
> > > > -----Original Message-----
> > > > From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Dan
> > > > Handley via TF-A
> > > > Sent: 17 September 2020 15:14
> > > > > >
> > > > > > I want to handle something similar in OP-TEED along with EHF
> > > > > > depending on
> > > > > what is the expected behavior.
> > > > > >
> > > > Hmm, I thought OP-TEED was more like the
> > TSP_NS_INTR_ASYNC_PREEMPT=0
> > > > case, where NS interrupts are routed to S-EL1 while processing a
> > > > yielding SMC in S- EL1? Perhaps that's a better TSPD config for you to
> > follow?
> > > >
> > > Sorry, if EL3_EXCEPTION_HANDLING=1 then obviously NS interrupts are
> > routed to EL3 first, but the TSPD re-enables NS interrupts before handing
> > over to the TSP to handle yielding calls, via a call to
> > ehf_allow_ns_preemption.
> > >
> >
> > Right, that is the case for yielding SMC handling where both NS interrupts
> > and EL3/G0 interrupts can preempt the S_EL1/S_EL2 context.
> > But I would expect the same routing model even for 'Fast SMC' unlike what is
> > happening in TSPD.
> >
> > > Dan.
> > >
> > > --
> > > TF-A mailing list
> > > TF-A(a)lists.trustedfirmware.org
> > > https://lists.trustedfirmware.org/mailman/listinfo/tf-a
> > --
> > TF-A mailing list
> > TF-A(a)lists.trustedfirmware.org
> > https://lists.trustedfirmware.org/mailman/listinfo/tf-a
--
TF-A mailing list
TF-A(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-a
