Merge branch 'aosp/upstream-master' into HEAD am: faa476c0caHEADandroid-s-beta-5android-s-beta-4android-s-beta-3android-s-beta-2android-s-beta-1mastermain-cg-testing-releaseandroid-s-beta-5android-s-beta-4

Original change: https://android-review.googlesource.com/c/platform/external/arm-trusted-firmware/+/1589611

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I3a25534ceed4f8e188510641080d8b8ed49b8f62

7 files changed, 246 insertions, 18 deletions

diff --git a/plat/qemu/common/aarch32/plat_helpers.S b/plat/qemu/common/aarch32/plat_helpers.S
index 15e860b42..5e346d585 100644
--- a/plat/qemu/common/aarch32/plat_helpers.S
+++ b/plat/qemu/common/aarch32/plat_helpers.S
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -125,10 +125,10 @@ func plat_crash_console_putc
 endfunc plat_crash_console_putc
 
 	/* ---------------------------------------------
-	 * int plat_crash_console_flush(int c)
+	 * void plat_crash_console_flush(int c)
 	 * Function to force a write of all buffered
 	 * data that hasn't been output.
-	 * Out : return -1 on error else return 0.
+	 * Out : void.
 	 * Clobber list : x0, x1
 	 * ---------------------------------------------
 	 */
diff --git a/plat/qemu/common/aarch64/plat_helpers.S b/plat/qemu/common/aarch64/plat_helpers.S
index dbcdc2d39..08b281735 100644
--- a/plat/qemu/common/aarch64/plat_helpers.S
+++ b/plat/qemu/common/aarch64/plat_helpers.S
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -32,7 +32,8 @@ endfunc plat_my_core_pos
 func plat_qemu_calc_core_pos
 	and	x1, x0, #MPIDR_CPU_MASK
 	and	x0, x0, #MPIDR_CLUSTER_MASK
-	add	x0, x1, x0, LSR #6
+	add	x0, x1, x0, LSR #(MPIDR_AFFINITY_BITS -\
+				  PLATFORM_CPU_PER_CLUSTER_SHIFT)
 	ret
 endfunc plat_qemu_calc_core_pos
 
@@ -121,10 +122,10 @@ func plat_crash_console_putc
 endfunc plat_crash_console_putc
 
 	/* ---------------------------------------------
-	 * int plat_crash_console_flush(int c)
+	 * void plat_crash_console_flush(int c)
 	 * Function to force a write of all buffered
 	 * data that hasn't been output.
-	 * Out : return -1 on error else return 0.
+	 * Out : void.
 	 * Clobber list : x0, x1
 	 * ---------------------------------------------
 	 */
diff --git a/plat/qemu/common/qemu_common.c b/plat/qemu/common/qemu_common.c
index 365cfb7f0..47ec79114 100644
--- a/plat/qemu/common/qemu_common.c
+++ b/plat/qemu/common/qemu_common.c
@@ -1,5 +1,6 @@
+
 /*
- * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -25,7 +26,7 @@
 #ifdef DEVICE2_BASE
 #define MAP_DEVICE2	MAP_REGION_FLAT(DEVICE2_BASE,			\
 					DEVICE2_SIZE,			\
-					MT_DEVICE | MT_RO | MT_SECURE)
+					MT_DEVICE | MT_RW | MT_SECURE)
 #endif
 
 #define MAP_SHARED_RAM	MAP_REGION_FLAT(SHARED_RAM_BASE,		\
@@ -77,7 +78,11 @@ static const mmap_region_t plat_qemu_mmap[] = {
 	MAP_DEVICE2,
 #endif
 	MAP_NS_DRAM0,
+#if SPM_MM
+	QEMU_SP_IMAGE_MMAP,
+#else
 	MAP_BL32_MEM,
+#endif
 	{0}
 };
 #endif
@@ -88,7 +93,15 @@ static const mmap_region_t plat_qemu_mmap[] = {
 #ifdef MAP_DEVICE1
 	MAP_DEVICE1,
 #endif
+#ifdef MAP_DEVICE2
+	MAP_DEVICE2,
+#endif
+#if SPM_MM
+	MAP_NS_DRAM0,
+	QEMU_SPM_BUF_EL3_MMAP,
+#else
 	MAP_BL32_MEM,
+#endif
 	{0}
 };
 #endif
@@ -99,6 +112,9 @@ static const mmap_region_t plat_qemu_mmap[] = {
 #ifdef MAP_DEVICE1
 	MAP_DEVICE1,
 #endif
+#ifdef MAP_DEVICE2
+	MAP_DEVICE2,
+#endif
 	{0}
 };
 #endif
diff --git a/plat/qemu/common/qemu_console.c b/plat/qemu/common/qemu_console.c
index fec182892..1f00f8a72 100644
--- a/plat/qemu/common/qemu_console.c
+++ b/plat/qemu/common/qemu_console.c
@@ -9,7 +9,7 @@
 #include <drivers/console.h>
 #include <drivers/arm/pl011.h>
 
-static console_pl011_t console;
+static console_t console;
 
 void qemu_console_init(void)
 {
@@ -17,7 +17,7 @@ void qemu_console_init(void)
 			       PLAT_QEMU_BOOT_UART_CLK_IN_HZ,
 			       PLAT_QEMU_CONSOLE_BAUDRATE, &console);
 
-	console_set_scope(&console.console, CONSOLE_FLAG_BOOT |
+	console_set_scope(&console, CONSOLE_FLAG_BOOT |
 			  CONSOLE_FLAG_RUNTIME);
 }
 
diff --git a/plat/qemu/common/qemu_io_storage.c b/plat/qemu/common/qemu_io_storage.c
index 0e81cd199..1107e443f 100644
--- a/plat/qemu/common/qemu_io_storage.c
+++ b/plat/qemu/common/qemu_io_storage.c
@@ -12,6 +12,7 @@
 #include <common/bl_common.h>
 #include <common/debug.h>
 #include <drivers/io/io_driver.h>
+#include <drivers/io/io_encrypted.h>
 #include <drivers/io/io_fip.h>
 #include <drivers/io/io_memmap.h>
 #include <drivers/io/io_semihosting.h>
@@ -47,6 +48,10 @@ static const io_dev_connector_t *memmap_dev_con;
 static uintptr_t memmap_dev_handle;
 static const io_dev_connector_t *sh_dev_con;
 static uintptr_t sh_dev_handle;
+#ifndef DECRYPTION_SUPPORT_none
+static const io_dev_connector_t *enc_dev_con;
+static uintptr_t enc_dev_handle;
+#endif
 
 static const io_block_spec_t fip_block_spec = {
 	.offset = PLAT_QEMU_FIP_BASE,
@@ -172,10 +177,11 @@ static const io_file_spec_t sh_file_spec[] = {
 #endif /* TRUSTED_BOARD_BOOT */
 };
 
-
-
 static int open_fip(const uintptr_t spec);
 static int open_memmap(const uintptr_t spec);
+#ifndef DECRYPTION_SUPPORT_none
+static int open_enc_fip(const uintptr_t spec);
+#endif
 
 struct plat_io_policy {
 	uintptr_t *dev_handle;
@@ -190,16 +196,46 @@ static const struct plat_io_policy policies[] = {
 		(uintptr_t)&fip_block_spec,
 		open_memmap
 	},
+	[ENC_IMAGE_ID] = {
+		&fip_dev_handle,
+		(uintptr_t)NULL,
+		open_fip
+	},
 	[BL2_IMAGE_ID] = {
 		&fip_dev_handle,
 		(uintptr_t)&bl2_uuid_spec,
 		open_fip
 	},
+#if ENCRYPT_BL31 && !defined(DECRYPTION_SUPPORT_none)
+	[BL31_IMAGE_ID] = {
+		&enc_dev_handle,
+		(uintptr_t)&bl31_uuid_spec,
+		open_enc_fip
+	},
+#else
 	[BL31_IMAGE_ID] = {
 		&fip_dev_handle,
 		(uintptr_t)&bl31_uuid_spec,
 		open_fip
 	},
+#endif
+#if ENCRYPT_BL32 && !defined(DECRYPTION_SUPPORT_none)
+	[BL32_IMAGE_ID] = {
+		&enc_dev_handle,
+		(uintptr_t)&bl32_uuid_spec,
+		open_enc_fip
+	},
+	[BL32_EXTRA1_IMAGE_ID] = {
+		&enc_dev_handle,
+		(uintptr_t)&bl32_extra1_uuid_spec,
+		open_enc_fip
+	},
+	[BL32_EXTRA2_IMAGE_ID] = {
+		&enc_dev_handle,
+		(uintptr_t)&bl32_extra2_uuid_spec,
+		open_enc_fip
+	},
+#else
 	[BL32_IMAGE_ID] = {
 		&fip_dev_handle,
 		(uintptr_t)&bl32_uuid_spec,
@@ -215,6 +251,7 @@ static const struct plat_io_policy policies[] = {
 		(uintptr_t)&bl32_extra2_uuid_spec,
 		open_fip
 	},
+#endif
 	[BL33_IMAGE_ID] = {
 		&fip_dev_handle,
 		(uintptr_t)&bl33_uuid_spec,
@@ -271,7 +308,7 @@ static int open_fip(const uintptr_t spec)
 
 	/* See if a Firmware Image Package is available */
 	result = io_dev_init(fip_dev_handle, (uintptr_t)FIP_IMAGE_ID);
-	if (result == 0) {
+	if (result == 0 && spec != (uintptr_t)NULL) {
 		result = io_open(fip_dev_handle, spec, &local_image_handle);
 		if (result == 0) {
 			VERBOSE("Using FIP\n");
@@ -281,6 +318,25 @@ static int open_fip(const uintptr_t spec)
 	return result;
 }
 
+#ifndef DECRYPTION_SUPPORT_none
+static int open_enc_fip(const uintptr_t spec)
+{
+	int result;
+	uintptr_t local_image_handle;
+
+	/* See if an encrypted FIP is available */
+	result = io_dev_init(enc_dev_handle, (uintptr_t)ENC_IMAGE_ID);
+	if (result == 0) {
+		result = io_open(enc_dev_handle, spec, &local_image_handle);
+		if (result == 0) {
+			VERBOSE("Using encrypted FIP\n");
+			io_close(local_image_handle);
+		}
+	}
+	return result;
+}
+#endif
+
 static int open_memmap(const uintptr_t spec)
 {
 	int result;
@@ -333,6 +389,15 @@ void plat_qemu_io_setup(void)
 				&memmap_dev_handle);
 	assert(io_result == 0);
 
+#ifndef DECRYPTION_SUPPORT_none
+	io_result = register_io_dev_enc(&enc_dev_con);
+	assert(io_result == 0);
+
+	io_result = io_dev_open(enc_dev_con, (uintptr_t)NULL,
+				&enc_dev_handle);
+	assert(io_result == 0);
+#endif
+
 	/* Register the additional IO devices on this platform */
 	io_result = register_io_dev_sh(&sh_dev_con);
 	assert(io_result == 0);
diff --git a/plat/qemu/common/qemu_spm.c b/plat/qemu/common/qemu_spm.c
new file mode 100644
index 000000000..93dd2b37d
--- /dev/null
+++ b/plat/qemu/common/qemu_spm.c
@@ -0,0 +1,138 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ *
+ * Copyright (c) 2020, Linaro Limited and Contributors. All rights reserved.
+ */
+
+#include <libfdt.h>
+
+#include <bl31/ehf.h>
+#include <common/debug.h>
+#include <common/fdt_fixup.h>
+#include <common/fdt_wrappers.h>
+#include <lib/xlat_tables/xlat_tables_compat.h>
+#include <services/spm_mm_partition.h>
+
+#include <platform_def.h>
+
+/* Region equivalent to MAP_DEVICE1 suitable for mapping at EL0 */
+#define MAP_DEVICE1_EL0	MAP_REGION_FLAT(DEVICE1_BASE,			\
+					DEVICE1_SIZE,			\
+					MT_DEVICE | MT_RW | MT_SECURE | MT_USER)
+
+mmap_region_t plat_qemu_secure_partition_mmap[] = {
+	QEMU_SP_IMAGE_NS_BUF_MMAP,	/* must be placed at first entry */
+	MAP_DEVICE1_EL0,		/* for the UART */
+	QEMU_SP_IMAGE_MMAP,
+	QEMU_SPM_BUF_EL0_MMAP,
+	QEMU_SP_IMAGE_RW_MMAP,
+	MAP_SECURE_VARSTORE,
+	{0}
+};
+
+/*
+ * Boot information passed to a secure partition during initialisation.
+ * Linear indices in MP information will be filled at runtime.
+ */
+static spm_mm_mp_info_t sp_mp_info[] = {
+	[0] = {0x80000000, 0},
+	[1] = {0x80000001, 0},
+	[2] = {0x80000002, 0},
+	[3] = {0x80000003, 0},
+	[4] = {0x80000004, 0},
+	[5] = {0x80000005, 0},
+	[6] = {0x80000006, 0},
+	[7] = {0x80000007, 0}
+};
+
+spm_mm_boot_info_t plat_qemu_secure_partition_boot_info = {
+	.h.type              = PARAM_SP_IMAGE_BOOT_INFO,
+	.h.version           = VERSION_1,
+	.h.size              = sizeof(spm_mm_boot_info_t),
+	.h.attr              = 0,
+	.sp_mem_base         = PLAT_QEMU_SP_IMAGE_BASE,
+	.sp_mem_limit        = BL32_LIMIT,
+	.sp_image_base       = PLAT_QEMU_SP_IMAGE_BASE,
+	.sp_stack_base       = PLAT_SP_IMAGE_STACK_BASE,
+	.sp_heap_base        = PLAT_QEMU_SP_IMAGE_HEAP_BASE,
+	.sp_ns_comm_buf_base = PLAT_QEMU_SP_IMAGE_NS_BUF_BASE,
+	.sp_shared_buf_base  = PLAT_SPM_BUF_BASE,
+	.sp_image_size       = PLAT_QEMU_SP_IMAGE_SIZE,
+	.sp_pcpu_stack_size  = PLAT_SP_IMAGE_STACK_PCPU_SIZE,
+	.sp_heap_size        = PLAT_QEMU_SP_IMAGE_HEAP_SIZE,
+	.sp_ns_comm_buf_size = PLAT_QEMU_SP_IMAGE_NS_BUF_SIZE,
+	.sp_shared_buf_size  = PLAT_SPM_BUF_SIZE,
+	.num_sp_mem_regions  = PLAT_QEMU_SP_IMAGE_NUM_MEM_REGIONS,
+	.num_cpus            = PLATFORM_CORE_COUNT,
+	.mp_info             = sp_mp_info
+};
+
+/* Enumeration of priority levels on QEMU platforms. */
+ehf_pri_desc_t qemu_exceptions[] = {
+	EHF_PRI_DESC(QEMU_PRI_BITS, PLAT_SP_PRI)
+};
+
+int dt_add_ns_buf_node(uintptr_t *base)
+{
+	uintptr_t addr;
+	size_t size;
+	uintptr_t ns_buf_addr;
+	int node;
+	int err;
+	void *fdt = (void *)ARM_PRELOADED_DTB_BASE;
+
+	err = fdt_open_into(fdt, fdt, PLAT_QEMU_DT_MAX_SIZE);
+	if (err < 0) {
+		ERROR("Invalid Device Tree at %p: error %d\n", fdt, err);
+		return err;
+	}
+
+	/*
+	 * reserved-memory for standaloneMM non-secure buffer
+	 * is allocated at the top of the first system memory region.
+	 */
+	node = fdt_path_offset(fdt, "/memory");
+
+	err = fdt_get_reg_props_by_index(fdt, node, 0, &addr, &size);
+	if (err < 0) {
+		ERROR("Failed to get the memory node information\n");
+		return err;
+	}
+	INFO("System RAM @ 0x%lx - 0x%lx\n", addr, addr + size - 1);
+
+	ns_buf_addr = addr + (size - PLAT_QEMU_SP_IMAGE_NS_BUF_SIZE);
+	INFO("reserved-memory for spm-mm @ 0x%lx - 0x%llx\n", ns_buf_addr,
+	     ns_buf_addr + PLAT_QEMU_SP_IMAGE_NS_BUF_SIZE - 1);
+
+	err = fdt_add_reserved_memory(fdt, "ns-buf-spm-mm", ns_buf_addr,
+				      PLAT_QEMU_SP_IMAGE_NS_BUF_SIZE);
+	if (err < 0) {
+		ERROR("Failed to add the reserved-memory node\n");
+		return err;
+	}
+
+	*base = ns_buf_addr;
+	return 0;
+}
+
+/* Plug in QEMU exceptions to Exception Handling Framework. */
+EHF_REGISTER_PRIORITIES(qemu_exceptions, ARRAY_SIZE(qemu_exceptions),
+			QEMU_PRI_BITS);
+
+const mmap_region_t *plat_get_secure_partition_mmap(void *cookie)
+{
+	uintptr_t ns_buf_base;
+
+	dt_add_ns_buf_node(&ns_buf_base);
+
+	plat_qemu_secure_partition_mmap[0].base_pa = ns_buf_base;
+	plat_qemu_secure_partition_mmap[0].base_va = ns_buf_base;
+	plat_qemu_secure_partition_boot_info.sp_ns_comm_buf_base = ns_buf_base;
+
+	return plat_qemu_secure_partition_mmap;
+}
+
+const spm_mm_boot_info_t *
+plat_get_secure_partition_boot_info(void *cookie)
+{
+	return &plat_qemu_secure_partition_boot_info;
+}
diff --git a/plat/qemu/common/qemu_stack_protector.c b/plat/qemu/common/qemu_stack_protector.c
index c226158ad..15ce3d6d2 100644
--- a/plat/qemu/common/qemu_stack_protector.c
+++ b/plat/qemu/common/qemu_stack_protector.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -7,17 +7,25 @@
 #include <stdint.h>
 
 #include <arch_helpers.h>
+#include <arch_features.h>
 #include <plat/common/platform.h>
 
 #define RANDOM_CANARY_VALUE ((u_register_t) 3288484550995823360ULL)
 
 u_register_t plat_get_stack_protector_canary(void)
 {
+#if ENABLE_FEAT_RNG
+	/* Use the RNDR instruction if the CPU supports it */
+	if (is_armv8_5_rng_present()) {
+		return read_rndr();
+	}
+#endif
+
 	/*
-	 * Ideally, a random number should be returned instead of the
+	 * Ideally, a random number should be returned above. If a random
+	 * number generator is not supported, return instead a
 	 * combination of a timer's value and a compile-time constant.
-	 * As the virt platform does not have any random number generator,
-	 * this is better than nothing but not necessarily really secure.
+	 * This is better than nothing but not necessarily really secure.
 	 */
 	return RANDOM_CANARY_VALUE ^ read_cntpct_el0();
 }