ATF源码篇（六）：docs文件夹-Components组件（5）EL3

5、EL3安全分区管理器-EL3 Secure Partition Manager

1、前言

本文件描述了基于FF-A规范的EL3 SPMC的设计。（Secure Partition Manager）

EL3 SPMC在不支持S-EL2虚拟化的情况下提供了符合FF-A的参考实施，以帮助尽早采用和迁移到FF-A。TF-A中的EL3 SPMC实施：（ Firmware Framework for Arm A-profile-Arm A配置文件的固件框架）

管理单个S-EL1安全分区
为FF-A端点之间的通信和内存共享提供标准协议。
提供对EL3逻辑分区的支持，以支持从EL3到S-EL1的轻松迁移。

2、示例参考

下图说明了未实现FEAT_SEL2架构扩展时的可能配置，显示了EL3处的SPMD和SPMC，一个S-EL1安全分区，带有可选的Hypervisor：

（就是说你实现不了虚拟化，也可以使用这个框架）

3、TF-A构建选项

本节解释了构建基于FF-A的SPM所涉及的TF-A构建选项，其中SPMD和SPMC位于EL3：

SPD=spmd：此选项选择spmd组件，以将FF-A协议从NWd来回中继到SWd。当选择此选项时，无法启用另一个安全有效负载调度器。
SPMC_AT_EL3：此选项将SPMC异常级别调整为EL3。
ARM_SPMC_MANIFEST_DTS：此选项指定提供SP描述的清单文件。当启用SPMC_AT_EL3时，需要BL2为SPMC加载安全分区。

Notes:

BL32选项用于指定S-EL1 TEE或SP映像。如果使用TF-A测试安全有效载荷作为SP，则可以省略BL32选项。
BL33选项可以指定TFTF二进制或普通世界加载程序，如U-Boot或UEFI框架有效载荷。

SPMC位于EL3时的TF-A构建命令行示例：

make \
CROSS_COMPILE=aarch64-none-elf- \
SPD=spmd \
SPMD_SPM_AT_SEL2=0 \
SPMC_AT_EL3=1 \
BL32=<path-to-tee-binary> (opt for TSP) \
BL33=<path-to-bl33-binary> \
PLAT=fvp \
all fip

4、FVP模型调用-固定虚拟平台

FVP命令行调用示例：

<path-to-fvp-model>/FVP_Base_RevC-2xAEMvA -C pctl.startup=0.0.0.0 \
-C cluster0.NUM_CORES=4 -C cluster1.NUM_CORES=4 -C bp.secure_memory=1 \
-C bp.secureflashloader.fname=trusted-firmware-a/build/fvp/debug/bl1.bin \
-C bp.flashloader0.fname=trusted-firmware-a/build/fvp/debug/fip.bin \
-C bp.pl011_uart0.out_file=fvp-uart0.log -C bp.pl011_uart1.out_file=fvp-uart1.log \
-C bp.pl011_uart2.out_file=fvp-uart2.log -C bp.vis.disable_visualisation=1

5、平台指南

平台的钩子函数：

plat_spmc_shmem_begin
plat_spmc_shmem_reclaim

SPMC提供了与内存管理接口相关的平台挂钩。这些挂钩可用于特定于平台的实现，如管理访问控制、编程TZ控制器或MPU。SPMC在初始共享请求完成之前和最终回收完成之后调用这些挂钩。（这个使用时间是因为这个hook是拿来初始化相关的吗？）
(现在SPMC在我脑子中的形象就是一个媒婆，把服务号与handle一一链接起来)

数据存储区

plat_spmc_shmem_datastore_get

EL3 SPMC使用数据存储来跟踪内存事务描述符。在FVP平台上，数据存储从TZC DRAM部分分配。其他平台需要分配一个类似的安全内存区域，用作共享内存数据存储。
访问器函数在SPMC初始化期间用于获取数据存储的地址和大小。SPMC还将使所提供的存储区域归零。

平台定义请参见

SECURE_PARTITION_COUNT支持的安全分区数：必须为1。
NS_PARTITION_COUNT支持的NWd分区数。
MAX_EL3_LP_DESCS_COUNT支持的逻辑分区数。

5、逻辑安全分区-Logical Secure Partition (LSP)

SPMC根据FF-A v1.1规范为静态分配的EL3逻辑安全分区提供支持。
DECLARE_LOGICAL_PARTION宏可用于添加LSP。
参考实施见-[2]

6、SPMC引导

SPMD和SPMC与TF-A的运行时组件一起内置在BL31映像中。BL2加载BL31映像作为（安全）引导过程的一部分。

SPMC清单由BL2加载做为TOS_FW_CONFIG映像[9]。
BL2通过寄存器将SPMC清单地址传递给BL31。
在引导时，BL31中的SPMD从主核运行，初始化核上下文并启动SPMC，通过寄存器传递以下信息：
- X0保存SPMC清单blob地址。
- X4保持当前运行的核心线性id。

Parsing SP partition manifests - 分析SP分区清单

SPMC使用SP清单，如[7]中所定义。SP清单字段与铪SP清单对齐，便于移植。

compatible = "arm,ffa-manifest-1.0";ffa-version = <0x00010001>; /* 31:16 - Major, 15:0 - Minor */
id = <0x8001>;
uuid = <0x6b43b460 0x74a24b78 0xade24502 0x40682886>;
messaging-method = <0x3>; /* Direct Messaging Only */
exception-level = <0x2>;  /* S-EL1 */
execution-state = <0>;
execution-ctx-count = <8>;
gp-register-num = <0>;
power-management-messages = <0x7>;

将启动数据传递给SP

在[1]中，“引导信息协议”一节定义了在引导时向SP传递数据的方法。它指定了引导信息描述符和引导信息头结构的格式，这些结构描述了要在SPMC和SP之间交换的数据。该规范还定义了可以传递的数据类型。引导信息结构和数据本身的集合被指定为引导信息blob，并作为连续的内存区域传递给分区。
目前，SPM实现支持用于传递分区的DTB清单的FDT类型。
引导信息blob的区域由SPMC静态分配（4K）。BLOB包含Boot Info Header，后跟SP Manifest内容。
引导协议的配置在SP清单中完成。如规范所定义，清单字段“gp register num”配置gp寄存器，在引导分区时，该寄存器将用于将地址传递给分区引导信息blob。

7、支持的接口

以下接口仅对SP公开：

FFA_MSG_WAIT
FFA_MEM_RETRIEVE_REQ
FFA_MEM_RETRIEVE_RESP
FFA_MEM_RELINQUISH
FFA_SECONDARY_EP_REGISTER

以下接口对正常世界客户端与SP公开：

FFA_VERSION
FFA_FEATURES
FFA_RX_RELEASE
FFA_RXTX_MAP
FFA_RXTX_UNMAP
FFA_PARTITION_INFO_GET
FFA_ID_GET
FFA_MSG_SEND_DIRECT_REQ
FFA_MSG_SEND_DIRECT_RESP
FFA_MEM_FRAG_TX
FFA_SPM_ID_GET

从SPMD转发以下附加接口以支持NS客户端：

FFA_RUN
FFA_MEM_LEND
FFA_MEM_SHARE
FFA_MEM_FRAG_RX
FFA_MEM_RECLAIM

FFA_VERSION
FFA_VERSION requires a requested_version parameter from the caller. SPMD forwards call to SPMC, the SPMC returns its own implemented version. SPMC asserts SP and SPMC are at same FF-A Version.FFA_FEATURES
FF-A features supported by the SPMC may be discovered by secure partitions at boot (that is prior to NWd is booted) or run-time.The SPMC calling FFA_FEATURES at secure physical FF-A instance always get FFA_SUCCESS from the SPMD.The request made by an Hypervisor or OS kernel is forwarded to the SPMC and the response relayed back to the NWd.FFA_RXTX_MAP
FFA_RXTX_UNMAP
When invoked from a secure partition FFA_RXTX_MAP maps the provided send and receive buffers described by their PAs to the EL3 translation regime as secure buffers in the MMU descriptors.When invoked from the Hypervisor or OS kernel, the buffers are mapped into the SPMC EL3 translation regime and marked as NS buffers in the MMU descriptors.The FFA_RXTX_UNMAP unmaps the RX/TX pair from the translation regime of the caller, either it being the Hypervisor or OS kernel, as well as a secure partition.FFA_PARTITION_INFO_GET
Partition info get call can originate:from SP to SPMC
from Hypervisor or OS kernel to SPMC. The request is relayed by the SPMD.
The format (v1.0 or v1.1) of the populated data structure returned is based upon the FFA version of the calling entity.EL3 SPMC also supports returning only the count of partitions deployed.All LSPs and SP are discoverable from FFA_PARTITION_INFO_GET call made by either SP or NWd entities.FFA_ID_GET
The FF-A ID space is split into a non-secure space and secure space:FF-A ID with bit 15 clear relates to VMs.
FF-A ID with bit 15 set related to SPs or LSPs.
FF-A IDs 0, 0xffff, 0x8000 are assigned respectively to the Hypervisor (or OS Kernel if Hyp is absent), SPMD and SPMC.
This convention helps the SPM to determine the origin and destination worlds in an FF-A ABI invocation. In particular the SPM shall filter unauthorized transactions in its world switch routine. It must not be permitted for a VM to use a secure FF-A ID as origin world by spoofing:A VM-to-SP direct request/response shall set the origin world to be non-secure (FF-A ID bit 15 clear) and destination world to be secure (FF-A ID bit 15 set).
Similarly, an SP-to-LSP direct request/response shall set the FF-A ID bit 15 for both origin and destination IDs.
An incoming direct message request arriving at SPMD from NWd is forwarded to SPMC without a specific check. The SPMC is resumed through eret and "knows" the message is coming from normal world in this specific code path. Thus the origin endpoint ID must be checked by SPMC for being a normal world ID.An SP sending a direct message request must have bit 15 set in its origin endpoint ID and this can be checked by the SPMC when the SP invokes the ABI.The SPMC shall reject the direct message if the claimed world in origin endpoint ID is not consistent:It is either forwarded by SPMD and thus origin endpoint ID must be a "normal world ID",
or initiated by an SP and thus origin endpoint ID must be a "secure world ID".
FFA_MSG_SEND_DIRECT_REQ
FFA_MSG_SEND_DIRECT_RESP
This is a mandatory interface for secure partitions participating in direct request and responses with the following rules:An SP can send a direct request to LSP.
An LSP can send a direct response to SP.
An SP cannot send a direct request to an Hypervisor or OS kernel.
An Hypervisor or OS kernel can send a direct request to an SP or LSP.
An SP and LSP can send a direct response to an Hypervisor or OS kernel.
SPMD can send direct request to SPMC.
FFA_SPM_ID_GET
Returns the FF-A ID allocated to an SPM component which can be one of SPMD or SPMC.At initialization, the SPMC queries the SPMD for the SPMC ID, using the FFA_ID_GET interface, and records it. The SPMC can also query the SPMD ID using the FFA_SPM_ID_GET interface at the secure physical FF-A instance.Secure partitions call this interface at the virtual FF-A instance, to which the SPMC returns the SPMC ID.The Hypervisor or OS kernel can issue the FFA_SPM_ID_GET call handled by the SPMD, which returns the SPMC ID.FFA_ID_GET
Returns the FF-A ID of the calling endpoint.FFA_MEM_SHARE
FFA_MEM_LEND
If SP is borrower in the memory transaction, these calls are forwarded to SPMC. SPMC performs Relayer responsibilities, caches the memory descriptors in the datastore, and allocates FF-A memory handle.
If format of descriptor was v1.0, SPMC converts the descriptor to v1.1 before caching. In case of fragmented sharing, conversion of memory descriptors happens after last fragment has been received.
Multiple borrowers (including NWd endpoint) and fragmented memory sharing are supported.
FFA_MEM_RETRIEVE_REQ
FFA_MEM_RETRIEVE_RESP
Memory retrieve is supported only from SP.
SPMC fetches the cached memory descriptor from the datastore,
Performs Relayer responsiilities and sends FFA_MEM_RETRIEVE_RESP back to SP.
If descriptor size is more than RX buffer size, SPMC will send the descriptor in fragments.
SPMC will set NS Bit to 1 in memory descriptor response.
FFA_MEM_FRAG_RX
FFA_MEM_FRAG_TX
FFA_MEM_FRAG_RX is to be used by:SP if FFA_MEM_RETRIEVE_RESP returned descriptor with fragment length less than total length.
or by SPMC if FFA_MEM_SHARE/FFA_MEM_LEND is called with fragment length less than total length.
SPMC validates handle and Endpoint ID and returns response with FFA_MEM_FRAG_TX.FFA_SECONDARY_EP_REGISTER
When the SPMC boots, secure partition is initialized on its primary Execution Context.The FFA_SECONDARY_EP_REGISTER interface is to be used by a secure partition from its first execution context, to provide the entry point address for secondary execution contexts.A secondary EC is first resumed either upon invocation of PSCI_CPU_ON from the NWd or by invocation of FFA_RUN.

8、电源管理

在有或没有安全虚拟化的平台中：

NWd拥有平台PM策略。

+ Hypervisor或OS内核是启动PSCI服务调用的组件。

+ EL3 PSCI库负责PM协调和控制（最终写入平台寄存器）。

+ 在协调PM事件时，PSCI库会将后者静态注册到的事件回调到安全有效负载调度器。

9、安全分区调度-Secure partitions scheduling

FF-A规范[1]提供了两种重新分配CPU时间以保护分区的方法。

为此，VM（Hypervisor或OS内核）或SP调用以下之一：

SEND_DIRECT_REQ接口。
FFA_ RUN接口。
```
此外，安全中断可以通过转换到EL3来抢先正常世界的执行并给CPU周期。### 10、分区运行时状态和模型
EL3 SPMC实现分区运行时状态，如v1.1 FF-A规范[1]所述SP可以处于以下状态之一:（这个sp觉得抽象的话可以对接到teeos）```
RT_STATE_WAITING
RT_STATE_RUNNING
RT_STATE_PREEMPTED
RT_STATE_BLOCKED
```
SP在不处于等待状态时将转换到以下运行时模型之一：
```
RT_MODEL_DIR_REQ
RT_MODEL_RUN
RT_MODEL_INIT
RT_MODEL_INTR
```### 11、平台拓扑结构
**SPMC仅支持单个固定MP S-EL1 SP**。执行ctx计数SP清单字段应与物理PE的数量匹配。### 12、中断处理-Interrupt handling
#### 安全中断处理
SPMC能够将安全中断转发到S-EL1 SP，后者抢占了正常世界的先机。
使用FFA_Interrupt接口将中断转发给SP。
未传递中断号，S-EL1 SP可以直接访问GIC寄存器。
中断处理完成后，SP应使用FFA_MSG_WAIT接口返回SPMC。
中断处理完成后，SPMC返回正常状态。
在安全分区运行时发生安全中断的情况下，不涉及SPMC，处理是在TOS中定义的实现。#### 非安侧中断处理
“管理退出”方案由TOS负责，SPMC不参与。### 12、测试安全有效载荷（TSP）-Test Secure Payload (TSP)
+ TSP提供了FF-A编程模型的参考实现。+ TSP具有以下支持：
```
所有CPU上的SP初始化。
耗电消息，包括CPU_ON、CPU_OFF、CPU_SUSPEND、CPU_SUSPEND_RESUME。
接收直接请求的事件循环。
发送直接响应。
内存共享帮助程序库。
能够处理安全中断（定时器）。
```TSP Tests in CITSP测试在TF-A CI中使用NWd中预先构建的FF-A Linux测试驱动程序进行。
预期输出：
```
#ioctl 255
Test: Echo Message to SP.
Status: Completed Test Case: 1
Test Executed SuccessfullyTest: Message Relay vis SP to EL3 LSP.
Status: Completed Test Case: 2
Test Executed SuccessfullyTest: Memory Send.
Verified 1 constituents successfully
Status: Completed Test Case: 3
Test Executed SuccessfullyTest: Memory Send in Fragments.
Verified 256 constituents successfully
Status: Completed Test Case: 4
Test Executed SuccessfullyTest: Memory Lend.
Verified 1 constituents successfully
Status: Completed Test Case: 5
Test Executed SuccessfullyTest: Memory Lend in Fragments.
Verified 256 constituents successfully
Status: Completed Test Case: 6
Test Executed SuccessfullyTest: Memory Send with Multiple Endpoints.
random: fast init done
Verified 256 constituents successfully
Status: Completed Test Case: 7
Test Executed SuccessfullyTest: Memory Lend with Multiple Endpoints.
Verified 256 constituents successfully
Status: Completed Test Case: 8
Test Executed SuccessfullyTest: Ensure Duplicate Memory Send Requests are Rejected.
Status: Completed Test Case: 9
Test Executed SuccessfullyTest: Ensure Duplicate Memory Lend Requests are Rejected.
Status: Completed Test Case: 10
Test Executed Successfully0 Tests FailedExiting Test Application -  Total Failures: 0
```### 参考文档
References
[1] Arm Firmware Framework for Arm A-profile[2] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/plat/arm/board/fvp/fvp_el3_spmc_logical_sp.c[3] Trusted Boot Board Requirements Client[4] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/plat/arm/board/fvp/fvp_el3_spmc.c[5] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/plat/arm/board/fvp/include/platform_def.h[6] https://trustedfirmware-a.readthedocs.io/en/latest/components/ffa-manifest-binding.html[7] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/plat/arm/board/fvp/fdts/fvp_tsp_sp_manifest.dts[8] https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/CFQFGU6H2D5GZYMUYGTGUSXIU3OYZP6U/[9] https://trustedfirmware-a.readthedocs.io/en/latest/design/firmware-design.html#dynamic-configuration-during-cold-boot## 6、异常处理-Exception Handling Framework## 7、fconf/索引
固件更新-firmware-update
measured_boot/index
每毫米英里
平台中断控制器API
ras公司
romlib设计
sdei公司
安全分区管理器
安全分区管理器mm
xlat-tables-lib-v2-设计
胶布装订
领域管理扩展
颗粒保护台设计