diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0004-Update-mm-comm-buffer-region-in-dts-file.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0004-Update-mm-comm-buffer-region-in-dts-file.patch new file mode 100644 index 00000000..baed87c5 --- /dev/null +++ b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0004-Update-mm-comm-buffer-region-in-dts-file.patch @@ -0,0 +1,61 @@ +Upstream-Status: Pending [Not submitted to upstream yet] +Gowtham Suresh Kumar + +From 576b12ed88bd17338e28a62d0ea35aa49cf88170 Mon Sep 17 00:00:00 2001 +From: Gowtham Suresh Kumar +Date: Wed, 17 Nov 2021 15:31:09 +0000 +Subject: [PATCH 23/25] Update mm-comm-buffer region in dts file + +--- + .../opteesp/default_smm-gateway.dts.in | 35 ++++++++++--------- + 1 file changed, 18 insertions(+), 17 deletions(-) + +diff --git a/deployments/smm-gateway/opteesp/default_smm-gateway.dts.in b/deployments/smm-gateway/opteesp/default_smm-gateway.dts.in +index 0ad7878..183c38a 100644 +--- a/deployments/smm-gateway/opteesp/default_smm-gateway.dts.in ++++ b/deployments/smm-gateway/opteesp/default_smm-gateway.dts.in +@@ -7,23 +7,24 @@ + @DTS_TAG@ + + @DTS_NODE@ { +- compatible = "arm,ffa-manifest-1.0"; +- ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */ +- uuid = <@EXPORT_SP_UUID_DT@>; +- description = "SMM Gateway"; +- execution-ctx-count = <1>; +- exception-level = <1>; /* S-EL0 */ +- execution-state = <0>; /* AArch64 */ +- xlat-granule = <0>; /* 4KiB */ +- messaging-method = <0>; /* Direct messaging only */ +- +- memory-regions { +- compatible = "arm,ffa-manifest-memory-regions"; +- +- mm-comm-buffer { +- base-address = <@MM_COMM_BUFFER_ADDRESS@>; +- pages-count = <@MM_COMM_BUFFER_PAGE_COUNT@>; +- attributes = <0xb>; /* ns access-read-write */ ++ smm-gateway{ ++ compatible = "arm,ffa-manifest-1.0"; ++ ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */ ++ uuid = <@EXPORT_SP_UUID_DT@>; ++ description = "SMM Gateway"; ++ execution-ctx-count = <1>; ++ exception-level = <1>; /* S-EL0 */ ++ execution-state = <0>; /* AArch64 */ ++ xlat-granule = <0>; /* 4KiB */ ++ messaging-method = <0>; /* Direct messaging only */ ++ device-regions { ++ compatible = "arm,ffa-manifest-device-regions"; ++ mm-comm-buffer { ++ /* Armv8 A Foundation Platform values */ ++ base-address = <0x00000000 0x02000000>; ++ pages-count = <1>; ++ attributes = <0x3>; /* read-write */ ++ }; + }; + }; + }; +-- +2.17.1 + diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0005-Configure-NV-storage-macro.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0005-Configure-NV-storage-macro.patch new file mode 100644 index 00000000..f24f84d1 --- /dev/null +++ b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0005-Configure-NV-storage-macro.patch @@ -0,0 +1,28 @@ +Upstream-Status: Pending [Not submitted to upstream yet] +Gowtham Suresh Kumar + +From 95a00456f887f4be3b528ace9cd4cfd3403c935b Mon Sep 17 00:00:00 2001 +From: Gowtham Suresh Kumar +Date: Wed, 17 Nov 2021 15:32:04 +0000 +Subject: [PATCH 24/25] Configure NV storage macro + +--- + deployments/smm-gateway/smm_gateway.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/deployments/smm-gateway/smm_gateway.c b/deployments/smm-gateway/smm_gateway.c +index 4884a04..7828b3a 100644 +--- a/deployments/smm-gateway/smm_gateway.c ++++ b/deployments/smm-gateway/smm_gateway.c +@@ -13,6 +13,8 @@ + + /* Build-time default configuration */ + ++#define SMM_GATEWAY_NV_STORE_SN "sn:ffa:46bb39d1-b4d9-45b5-88ff-040027dab249:1" ++ + /* Default to using the Protected Storage SP */ + #ifndef SMM_GATEWAY_NV_STORE_SN + #define SMM_GATEWAY_NV_STORE_SN "sn:ffa:751bf801-3dde-4768-a514-0f10aeed1790:0" +-- +2.17.1 + diff --git a/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0006-Use-device-region.patch b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0006-Use-device-region.patch new file mode 100644 index 00000000..60022d8d --- /dev/null +++ b/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/0006-Use-device-region.patch @@ -0,0 +1,55 @@ +Upstream-Status: Pending [Not submitted to upstream yet] +Gowtham Suresh Kumar + +From 7320daabc82dc787f2fe017eb176df2ec8e804a0 Mon Sep 17 00:00:00 2001 +From: Gowtham Suresh Kumar +Date: Wed, 17 Nov 2021 15:32:46 +0000 +Subject: [PATCH 25/25] Use device region + +--- + deployments/smm-gateway/opteesp/smm_gateway_sp.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/deployments/smm-gateway/opteesp/smm_gateway_sp.c b/deployments/smm-gateway/opteesp/smm_gateway_sp.c +index 6f13885..0bc0902 100644 +--- a/deployments/smm-gateway/opteesp/smm_gateway_sp.c ++++ b/deployments/smm-gateway/opteesp/smm_gateway_sp.c +@@ -10,7 +10,7 @@ + #include + #include "components/rpc/mm_communicate/endpoint/sp/mm_communicate_call_ep.h" + #include "components/service/smm_variable/frontend/mm_communicate/smm_variable_mm_service.h" +-#include "platform/interface/memory_region.h" ++#include "platform/interface/device_region.h" + #include + #include + #include +@@ -25,7 +25,7 @@ static int sp_init(uint16_t *own_sp_id); + + void __noreturn sp_main(struct ffa_init_info *init_info) + { +- struct memory_region mm_comm_buffer_region = { 0 }; ++ struct device_region mm_comm_buffer_region = { 0 }; + struct rpc_interface *gateway_iface = NULL; + struct smm_variable_mm_service smm_var_service = { 0 }; + struct mm_service_interface *smm_var_service_interface = NULL; +@@ -42,7 +42,7 @@ void __noreturn sp_main(struct ffa_init_info *init_info) + config_ramstore_init(); + sp_config_load(init_info); + +- if (!config_store_query(CONFIG_CLASSIFIER_MEMORY_REGION, CONFIG_NAME_MM_COMM_BUFFER_REGION, ++ if (!config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, CONFIG_NAME_MM_COMM_BUFFER_REGION, + 0, &mm_comm_buffer_region, sizeof(mm_comm_buffer_region))) { + EMSG(CONFIG_NAME_MM_COMM_BUFFER_REGION " is not set in SP configuration"); + goto fatal_error; +@@ -57,7 +57,7 @@ void __noreturn sp_main(struct ffa_init_info *init_info) + /* Initialize MM communication layer */ + if (!mm_communicate_call_ep_init(&mm_communicate_call_ep, + (void *)mm_comm_buffer_region.base_addr, +- mm_comm_buffer_region.region_size)) ++ mm_comm_buffer_region.io_region_size)) + goto fatal_error; + + /* Attach SMM variable service to MM communication layer */ +-- +2.17.1 + diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc b/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc index d574fbeb..3fcdf82d 100644 --- a/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc +++ b/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc @@ -2,9 +2,13 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/secure-partitions:" COMPATIBLE_MACHINE = "corstone1000" +SRCREV_ts = "882a2db4f9181fc6ddb505b82262f82e5a0c2fd5" SRC_URI:append = " file://0001-tools-cmake-common-applying-lowercase-project-convention.patch \ file://0002-fix-EARLY_TA_PATHS-env-variable.patch \ file://0003-se-proxy-dts-add-se-proxy-as-child-node.patch \ + file://0004-Update-mm-comm-buffer-region-in-dts-file.patch \ + file://0005-Configure-NV-storage-macro.patch \ + file://0006-Use-device-region.patch \ " TS_PLATFORM = "arm/fvp/fvp_base_revc-2xaemv8a" @@ -15,3 +19,6 @@ EXTRA_OEMAKE += "TS_PLATFORM=${TS_PLATFORM}" # Secure Enclave proxy secure partition TS_DEPLOYMENTS += "'deployments/se-proxy/${TS_ENVIRONMENT}'" + +# smm-gateway secure partition +TS_DEPLOYMENTS += "'deployments/smm-gateway/${TS_ENVIRONMENT}'"