meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-arm_ffa-introducing-MM-communication-with-FF-A.patch

From ee7c0aee66db53b2372a3b4245a8754dceee804d Mon Sep 17 00:00:00 2001
From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Date: Wed, 13 Oct 2021 17:51:44 +0100
Subject: [PATCH 08/24] arm_ffa: introducing MM communication with FF-A

This commit allows to perform MM communication using FF-A transport.

The MM SP (also called partition) can be StandAlonneMM or smm-gateway.
Both partitions run in OP-TEE.

When using the u-boot FF-A driver, StandAlonneMM and smm-gateway are
supported.

On EFI services such as GetVariable()/SetVariable(), the data
is copied from the communication buffer to the MM shared buffer.

Then, notifies the MM SP about data availability in the MM shared buffer.
Communication with the MM SP is performed using FF-A transport.

On such event, MM SP can read the data and updates the MM shared buffer
with response data.

The response data is copied back to the communication buffer.

Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
 lib/efi_loader/Kconfig            |  14 +-
 lib/efi_loader/efi_variable_tee.c | 265 +++++++++++++++++++++++++++++-
 2 files changed, 273 insertions(+), 6 deletions(-)

diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index e3f2402d0e8e..37131237af3f 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -60,13 +60,23 @@ config EFI_VARIABLE_FILE_STORE
 	  stored as file /ubootefi.var on the EFI system partition.
 
 config EFI_MM_COMM_TEE
-	bool "UEFI variables storage service via OP-TEE"
-	depends on OPTEE
+	bool "UEFI variables storage service via the trusted world"
+	depends on OPTEE || ARM_FFA_TRANSPORT
 	help
+         the MM SP (also called partition) can be StandAlonneMM or smm-gateway.
+	  When using the u-boot OP-TEE driver, StandAlonneMM is supported.
+	  When using the u-boot FF-A  driver, StandAlonneMM and smm-gateway are supported.
+
 	  If OP-TEE is present and running StandAloneMM, dispatch all UEFI
 	  variable related operations to that. The application will verify,
 	  authenticate and store the variables on an RPMB.
 
+	  When ARM_FFA_TRANSPORT is used, dispatch all UEFI variable related
+	  operations to the MM SP running under Optee in the trusted world.
+	  A door bell mechanism is used to notify the SP when there is data in the shared
+	  MM buffer. The data is copied by u-boot to thea shared buffer before issuing
+	  the door bell event.
+
 config EFI_VARIABLE_NO_STORE
 	bool "Don't persist non-volatile UEFI variables"
 	help
diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c
index dfef18435dfa..9cb8cfb9c779 100644
--- a/lib/efi_loader/efi_variable_tee.c
+++ b/lib/efi_loader/efi_variable_tee.c
@@ -15,6 +15,28 @@
 #include <malloc.h>
 #include <mm_communication.h>
 
+#if (IS_ENABLED(CONFIG_OPTEE))
+#define OPTEE_PAGE_SIZE BIT(12)
+#endif
+
+#if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT))
+
+#include <arm_ffa_helper.h>
+#include <mapmem.h>
+
+/* MM return codes */
+#define MM_SUCCESS (0)
+
+#define ARM_SVC_ID_SP_EVENT_COMPLETE_AARCH64 (0xC4000061)
+#define ARM_SVC_ID_SP_EVENT_COMPLETE ARM_SVC_ID_SP_EVENT_COMPLETE_AARCH64
+
+/* MM_SP_UUID_DATA defined by the platform */
+union ffa_partition_uuid mm_sp_svc_uuid = {.bytes = {MM_SP_UUID_DATA}};
+
+static u16 __efi_runtime_data mm_sp_id;
+
+#endif
+
 extern struct efi_var_file __efi_runtime_data *efi_var_buf;
 static efi_uintn_t max_buffer_size;	/* comm + var + func + data */
 static efi_uintn_t max_payload_size;	/* func + data */
@@ -24,6 +46,7 @@ struct mm_connection {
 	u32 session;
 };
 
+#if (IS_ENABLED(CONFIG_OPTEE))
 /**
  * get_connection() - Retrieve OP-TEE session for a specific UUID.
  *
@@ -143,16 +166,229 @@ static efi_status_t optee_mm_communicate(void *comm_buf, ulong dsize)
 
 	return ret;
 }
+#endif
+
+#if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT))
+
+/**
+ * ffa_notify_mm_sp() - Announce there is data in the shared buffer
+ *
+ * Notifies the MM partition in the trusted world that
+ * data is available in the shared buffer.
+ * This is a blocking call during which trusted world has exclusive access
+ * to the MM shared buffer.
+ *
+ * Return:
+ *
+ * 0 on success
+ */
+static int __efi_runtime ffa_notify_mm_sp(void)
+{
+	struct ffa_interface_data func_data = {0};
+	struct ffa_send_direct_data msg = {0};
+	int ret;
+	u32 sp_event_complete;
+	int sp_event_ret;
+
+	func_data.data0_size = sizeof(mm_sp_id);
+	func_data.data0 = &mm_sp_id;
+
+	msg.a3 = FFA_SHARED_MM_BUFFER_ADDR;
+	msg.a4 = FFA_SHARED_MM_BUFFER_SIZE;
+	func_data.data1_size = sizeof(msg);
+	func_data.data1 = &msg;
+
+	ret = ffa_helper_msg_send_direct_req(&func_data);
+	if (ret != FFA_ERR_STAT_SUCCESS) {
+		log_err("EFI: Failure to notify the MM SP , FF-A  error (%d)\n", ret);
+		return ret;
+	}
+
+	sp_event_complete = msg.a3;
+	sp_event_ret = (int)msg.a4;
+
+	if (sp_event_complete == ARM_SVC_ID_SP_EVENT_COMPLETE && sp_event_ret == MM_SUCCESS)
+		return 0;
+
+	log_err("EFI: Failure to notify the MM SP (0x%x , %d)\n",
+		sp_event_complete,
+		sp_event_ret);
+
+	return -EACCES;
+}
+
+/**
+ * ffa_discover_mm_sp_id() - Query the MM partition ID
+ *
+ * Use the FF-A driver to get the MM partition ID.
+ * If multiple partitions are found, use the first one
+ *
+ * Return:
+ *
+ * 0 on success
+ */
+static int __efi_runtime ffa_discover_mm_sp_id(void)
+{
+	struct ffa_interface_data func_data = {0};
+	u32 count = 0;
+	int ret;
+	struct ffa_partition_info *parts_info;
+
+	/*
+	 * get from the driver the count of the SPs matching the UUID
+	 */
+	func_data.data0_size = sizeof(mm_sp_svc_uuid);
+	func_data.data0 = &mm_sp_svc_uuid;
+	func_data.data1_size = sizeof(count);
+	func_data.data1 = &count;
+
+	ret = ffa_helper_get_partitions_info(&func_data);
+	if (ret != FFA_ERR_STAT_SUCCESS) {
+		log_err("EFI: Failure in querying partitions count (error code: %d)\n", ret);
+		return ret;
+	}
+
+	if (!count) {
+		log_info("EFI: No MM partition found\n");
+		return ret;
+	}
+
+	/*
+	 * pre-allocate a buffer to be filled by the driver
+	 * with	 ffa_partition_info structs
+	 */
+
+	parts_info = calloc(count, sizeof(struct ffa_partition_info));
+	if (!parts_info)
+		return -EINVAL;
+
+	log_info("EFI: Pre-allocating %d partition(s) info structures\n", count);
+
+	func_data.data1_size = count *
+		sizeof(struct ffa_partition_info);
+	func_data.data1 = parts_info;
+
+	/*
+	 * ask the driver to fill the
+	 * buffer with the SPs info
+	 */
+	ret = ffa_helper_get_partitions_info(&func_data);
+	if (ret != FFA_ERR_STAT_SUCCESS) {
+		log_err("EFI: Failure in querying partition(s) info (error code: %d)\n", ret);
+		free(parts_info);
+		return ret;
+	}
+
+	/*
+	 * MM SPs found , use the first one
+	 */
+
+	mm_sp_id = parts_info[0].id;
+
+	log_info("EFI: MM partition ID 0x%x\n", mm_sp_id);
+
+	free(parts_info);
+
+	return 0;
+}
 
 /**
- * mm_communicate() - Adjust the cmonnucation buffer to StandAlonneMM and send
+ * ffa_mm_communicate() - Exchange EFI services data with  the MM partition using FF-A
+ * @comm_buf:		locally allocated communication buffer used for for rx/tx
+ * @dsize:				communication buffer size
+ *
+ * Issues a door bell event to notify the MM partition (SP) running in OP-TEE
+ * that there is data to read from the shared buffer.
+ * Communication with the MM SP is performed using FF-A transport.
+ * On the event, MM SP can read the data from the buffer and
+ * update the MM shared buffer with response data.
+ * The response data is copied back to the communication buffer.
+ *
+ * Return:
+ *
+ * EFI status code
+ */
+static efi_status_t __efi_runtime ffa_mm_communicate(void *comm_buf, ulong comm_buf_size)
+{
+	ulong tx_data_size;
+	int ffa_ret;
+	struct efi_mm_communicate_header *mm_hdr;
+	void *virt_shared_buf;
+
+	if (!comm_buf)
+		return EFI_INVALID_PARAMETER;
+
+	/* Discover MM partition ID */
+	if (!mm_sp_id && ffa_discover_mm_sp_id()  != FFA_ERR_STAT_SUCCESS) {
+		log_err("EFI: Failure to discover MM partition ID\n");
+		return EFI_UNSUPPORTED;
+	}
+
+	mm_hdr = (struct efi_mm_communicate_header *)comm_buf;
+	tx_data_size = mm_hdr->message_len + sizeof(efi_guid_t) + sizeof(size_t);
+
+	if (comm_buf_size != tx_data_size || tx_data_size > FFA_SHARED_MM_BUFFER_SIZE)
+		return EFI_INVALID_PARAMETER;
+
+	/* Copy the data to the shared buffer */
+
+	virt_shared_buf = (void *)map_sysmem((phys_addr_t)FFA_SHARED_MM_BUFFER_ADDR, 0);
+	efi_memcpy_runtime(virt_shared_buf, comm_buf, tx_data_size);
+
+	/* Announce there is data in the shared buffer */
+
+	ffa_ret = ffa_notify_mm_sp();
+	if (ffa_ret)
+		unmap_sysmem(virt_shared_buf);
+
+	switch (ffa_ret) {
+	case 0:
+	{
+		ulong rx_data_size;
+		/* Copy the MM SP response from the shared buffer to the communication buffer */
+		rx_data_size = ((struct efi_mm_communicate_header *)virt_shared_buf)->message_len +
+			sizeof(efi_guid_t) +
+			sizeof(size_t);
+
+		if (rx_data_size > comm_buf_size) {
+			unmap_sysmem(virt_shared_buf);
+			return EFI_OUT_OF_RESOURCES;
+		}
+
+		efi_memcpy_runtime(comm_buf, virt_shared_buf, rx_data_size);
+		unmap_sysmem(virt_shared_buf);
+
+		return EFI_SUCCESS;
+	}
+	case -EINVAL:
+		return EFI_DEVICE_ERROR;
+	case -EPERM:
+		return EFI_INVALID_PARAMETER;
+	case -EACCES:
+		return EFI_ACCESS_DENIED;
+	case -EBUSY:
+		return EFI_OUT_OF_RESOURCES;
+	default:
+		return EFI_ACCESS_DENIED;
+	}
+}
+#endif
+
+/**
+ * mm_communicate() - Adjust the communication buffer to the MM SP and send
  * it to OP-TEE
  *
- * @comm_buf:		locally allocted communcation buffer
+ * @comm_buf:		locally allocted communication buffer
  * @dsize:		buffer size
+ *
+ * The MM SP (also called partition) can be StandAlonneMM or smm-gateway.
+ * The comm_buf format is the same for both partitions.
+ * When using the u-boot OP-TEE driver, StandAlonneMM is supported.
+ * When using the u-boot FF-A  driver, StandAlonneMM and smm-gateway are supported.
+ *
  * Return:		status code
  */
-static efi_status_t mm_communicate(u8 *comm_buf, efi_uintn_t dsize)
+static efi_status_t __efi_runtime mm_communicate(u8 *comm_buf, efi_uintn_t dsize)
 {
 	efi_status_t ret;
 	struct efi_mm_communicate_header *mm_hdr;
@@ -162,7 +398,11 @@ static efi_status_t mm_communicate(u8 *comm_buf, efi_uintn_t dsize)
 	mm_hdr = (struct efi_mm_communicate_header *)comm_buf;
 	var_hdr = (struct smm_variable_communicate_header *)mm_hdr->data;
 
+	#if (IS_ENABLED(CONFIG_OPTEE))
 	ret = optee_mm_communicate(comm_buf, dsize);
+	#elif (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT))
+	ret = ffa_mm_communicate(comm_buf, dsize);
+	#endif
 	if (ret != EFI_SUCCESS) {
 		log_err("%s failed!\n", __func__);
 		return ret;
@@ -258,6 +498,23 @@ efi_status_t EFIAPI get_max_payload(efi_uintn_t *size)
 		goto out;
 	}
 	*size = var_payload->size;
+
+	#if (IS_ENABLED(CONFIG_OPTEE))
+	/*
+	 * Although the max payload is configurable on StMM, we only share a
+	 * single page from OP-TEE for the non-secure buffer used to communicate
+	 * with StMM. Since OP-TEE will reject to map anything bigger than that,
+	 * make sure we are in bounds.
+	 */
+	if (*size > OPTEE_PAGE_SIZE)
+		*size = OPTEE_PAGE_SIZE - MM_COMMUNICATE_HEADER_SIZE  -
+			MM_VARIABLE_COMMUNICATE_SIZE;
+	#elif (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT))
+		if (*size > FFA_SHARED_MM_BUFFER_SIZE)
+			*size = FFA_SHARED_MM_BUFFER_SIZE - MM_COMMUNICATE_HEADER_SIZE  -
+				MM_VARIABLE_COMMUNICATE_SIZE;
+	#endif
+
 	/*
 	 * There seems to be a bug in EDK2 miscalculating the boundaries and
 	 * size checks, so deduct 2 more bytes to fulfill this requirement. Fix
@@ -697,7 +954,7 @@ void efi_variables_boot_exit_notify(void)
 		ret = EFI_NOT_FOUND;
 
 	if (ret != EFI_SUCCESS)
-		log_err("Unable to notify StMM for ExitBootServices\n");
+		log_err("Unable to notify the MM partition for ExitBootServices\n");
 	free(comm_buf);
 
 	/*
-- 
2.37.1