We guess that all things we have to do is replace the following implementation into smm client.
EFI_SMM_VARIABLE_PROTOCOL gSmmVariable = { VariableServiceGetVariable, VariableServiceGetNextVariableName, SmmVariableSetVariable, VariableServiceQueryVariableInfo };
EDKII_SMM_VAR_CHECK_PROTOCOL mSmmVarCheck = { VarCheckRegisterSetVariableCheckHandler, VarCheckVariablePropertySet, VarCheckVariablePropertyGet };
And I correct or something we miss? Do you have to document to integrate this feature into UEFI variable smm service?
Carlos
And one more question, what is the difference between OPTEE StMM and SMM-Gateway? Could we reuse the Standalone MM package on UEFI?
Carlos
Hi Carlos,
"And one more question, what is the difference between OPTEE StMM and SMM-Gateway?" I am aware of three UEFI Variable service implementations: OP-TEE has a prototype which was implemented before the OP-TEE SPMC. (core/arch/arm/kernel/stmm_sp.c). This solution was developed by Linaro, and it implements a "trampoline" which can receive FF-A Direct Message calls and can send a translated request to an StMM instance. For details, please see this link: https://static.linaro.org/connect/lvc20/presentations/LVC20-302-0.pdf. IMHO alternatives developed since then are more advanced, and I suggest to either deploy StMM as an S-EL0 SP over the OP-TEE, or to deploy the SmmGW SP.
FF-A enabled StMM running on top of an SPMC implementation. Changes implementing this are available here: EDK2 https://git.gitlab.arm.com/infra-solutions/reference-design/platsw/edk2/-/co... (as I mentioned in my previous email.) I do not know about any integration out in the wild which runs StMM on top of the OP-TEE SPMC, but the FF-A enables StMM should integrate easily with OP-TEE SPMC.
SmmGW SP is a low memory footprint UEFI Variable Storage implementation, targeting devices where other UEFI services are not needed. It is an SPMC agonistic FF-A SP which can be executed in E-EL0 over any FF-A compliant SPMC. For details about SmmGW please refer to our documentation https://trusted-services.readthedocs.io/en/integration/services/uefi-smm-ser... Variable Authentication support landed on the integration branch last week and will get merged to main soon.
"Could we reuse the Standalone MM package on UEFI?" Yes, it should be possible to run the FF-A enabled StMM as an S-EL0 SP over the OP-TEE SPMC. It should also be possible to use the NWd EDK2 components with SmmGW. AFAIK none of these two scenarios have been tested yet.
/George
-----Original Message----- From: Carlos Liu via Trusted-services trusted-services@lists.trustedfirmware.org Sent: Tuesday, January 23, 2024 10:39 AM To: trusted-services@lists.trustedfirmware.org Subject: [Trusted-services] Re: Any document to integrate smm-gateway into edk2 UEFI project?
And one more question, what is the difference between OPTEE StMM and SMM-Gateway? Could we reuse the Standalone MM package on UEFI?
Carlos
Hi Carlos,
This repo has changes enabling FF-A in EDK2 https://git.gitlab.arm.com/infra-solutions/reference-design/platsw/edk2/-/co.... This platform uses Hafnium SPMC which runs in S-EL2, but that should be transparent to NWd and S-EL0 components.
The only change FF-A enablement introduced in the MM comm protocol is the way the SWd component (StMM or SmmGW) is notified about new request data serialized into the carveout buffer. For this an SMCCC compatible FF-A direct message/response pair is used. Please find the FF-A ABI description here: https://trusted-services.readthedocs.io/en/integration/services/uefi-smm-ser... This ABI is currently up-stream in u-boot and Trusted Services.
/George
-----Original Message----- From: Carlos Liu via Trusted-services trusted-services@lists.trustedfirmware.org Sent: Tuesday, January 23, 2024 8:07 AM To: trusted-services@lists.trustedfirmware.org Subject: [Trusted-services] Any document to integrate smm-gateway into edk2 UEFI project?
We guess that all things we have to do is replace the following implementation into smm client.
EFI_SMM_VARIABLE_PROTOCOL gSmmVariable = { VariableServiceGetVariable, VariableServiceGetNextVariableName, SmmVariableSetVariable, VariableServiceQueryVariableInfo };
EDKII_SMM_VAR_CHECK_PROTOCOL mSmmVarCheck = { VarCheckRegisterSetVariableCheckHandler, VarCheckVariablePropertySet, VarCheckVariablePropertyGet };
And I correct or something we miss? Do you have to document to integrate this feature into UEFI variable smm service?
Carlos
trusted-services@lists.trustedfirmware.org
-
carlos.liu@mediatek.com -
Gyorgy Szing