From c2c1d0d3ffcf0f5a0b39f73c73f6d6f527825035 Mon Sep 17 00:00:00 2001 From: Olivier Deprez Date: Mon, 15 Jan 2024 17:12:53 +0000 Subject: fix: 4 worlds configuration FEAT_MTE/FEAT_MTE2 is an optional architecture option, remove it from default arch configs. Enable FEAT_MTE in the 4 worlds config as Hafnium requires it for the build configration consumed by shrinkwrap. Disable FEAT_SME/FEAT_SME2 from the 4 worlds config as Hafnium does not support it yet. Signed-off-by: Olivier Deprez --- config/FVP_Base_RevC-2xAEMvA-base.yaml | 1 - config/arch/v8.5.yaml | 2 -- config/arch/v8.9.yaml | 2 -- config/arch/v9.4.yaml | 2 -- config/cca-3world.yaml | 4 ---- config/cca-4world.yaml | 6 ++++++ config/hafnium-base.yaml | 3 +++ 7 files changed, 9 insertions(+), 11 deletions(-) diff --git a/config/FVP_Base_RevC-2xAEMvA-base.yaml b/config/FVP_Base_RevC-2xAEMvA-base.yaml index a8761f7..89328eb 100644 --- a/config/FVP_Base_RevC-2xAEMvA-base.yaml +++ b/config/FVP_Base_RevC-2xAEMvA-base.yaml @@ -28,7 +28,6 @@ run: # Misc FVP controls. --stat: null -C bp.vis.disable_visualisation: 1 - -C bp.dram_metadata.is_enabled: 1 # If false, disables the MetaData controller functionality, and makes the component invisible to passing transactions. -C bp.refcounter.non_arch_start_at_default: 1 # Firmware is expected to enable the timer at boot time. However, turning this parameter on is a model-specific way of enabling the counter module out of reset. -C bp.refcounter.use_real_time: 0 # Update the Generic Timer counter at a real-time base frequency instead of simulator time -C bp.secure_memory: 1 # enable security checking by TZC-400 diff --git a/config/arch/v8.5.yaml b/config/arch/v8.5.yaml index 11d8855..a179717 100644 --- a/config/arch/v8.5.yaml +++ b/config/arch/v8.5.yaml @@ -27,5 +27,3 @@ run: -C cluster1.has_branch_target_exception: 1 -C cluster0.has_rndr: 1 # Implement random number instructions to read from RNDR and RNDRSS random number registers from ARMv8.5 (FEAT_RNG). 1:feature is implemented if ARMv8.5 is enabled. -C cluster1.has_rndr: 1 - -C cluster0.memory_tagging_support_level: 3 # Specify the memory tagging extension support level: 0, not implemented. 1, instructions and registers only are implemented (FEAT_MTE). 2, implemented (FEAT_MTE2). 3, implemented with asymmetric handling of exceptions - -C cluster1.memory_tagging_support_level: 3 diff --git a/config/arch/v8.9.yaml b/config/arch/v8.9.yaml index 82838e2..d425207 100644 --- a/config/arch/v8.9.yaml +++ b/config/arch/v8.9.yaml @@ -30,5 +30,3 @@ run: -C cluster1.has_permission_overlay_s1: 1 -C cluster0.has_permission_overlay_s2: 1 -C cluster1.has_permission_overlay_s2: 1 - -C cluster0.memory_tagging_support_level: 4 # FEAT_MTE4 is mandatory from Armv8.9 when FEAT_MTE2 is implemented. - -C cluster1.memory_tagging_support_level: 4 diff --git a/config/arch/v9.4.yaml b/config/arch/v9.4.yaml index 1b0baed..c29d4e4 100644 --- a/config/arch/v9.4.yaml +++ b/config/arch/v9.4.yaml @@ -19,5 +19,3 @@ run: -C cluster1.has_arm_v9-4: 1 -C cluster0.has_gcs: 1 -C cluster1.has_gcs: 1 - -C cluster0.memory_tagging_support_level: 4 # FEAT_MTE4 is mandatory from Armv8.9 when FEAT_MTE2 is implemented. Due to the layers, 8.8 ends up on top of 8.9 so we have to override again. - -C cluster1.memory_tagging_support_level: 4 diff --git a/config/cca-3world.yaml b/config/cca-3world.yaml index 713ffe5..1329257 100644 --- a/config/cca-3world.yaml +++ b/config/cca-3world.yaml @@ -223,10 +223,6 @@ run: -C cluster0.output_attributes: ExtendedID[62:55]=MPAM_PMG,ExtendedID[54:39]=MPAM_PARTID,ExtendedID[38:37]=MPAM_SP -C cluster1.output_attributes: ExtendedID[62:55]=MPAM_PMG,ExtendedID[54:39]=MPAM_PARTID,ExtendedID[38:37]=MPAM_SP - # MTE is not supported by RMM yet. - -C cluster0.memory_tagging_support_level: 0 - -C cluster1.memory_tagging_support_level: 0 - # CCA-specific SMMU settings. -C pci.pci_smmuv3.mmu.SMMU_ROOT_IDR0: 3 -C pci.pci_smmuv3.mmu.SMMU_ROOT_IIDR: 0x43B diff --git a/config/cca-4world.yaml b/config/cca-4world.yaml index 9e3e506..15d8cb6 100644 --- a/config/cca-4world.yaml +++ b/config/cca-4world.yaml @@ -27,3 +27,9 @@ run: terminals: bp.terminal_2: friendly: hafnium + + # SPMD doesn't permit use of SME options: + # https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/plat/arm/board/fvp/platform.mk?h=v2.10#n60 + # This is mainly because Hafnium/S-EL2 doesn't support (yet) saving/restoring the NS SME state across SMC calls. + params: + -C SVE.ScalableVectorExtension.has_sme: 0 diff --git a/config/hafnium-base.yaml b/config/hafnium-base.yaml index 3f98e6b..2b40273 100644 --- a/config/hafnium-base.yaml +++ b/config/hafnium-base.yaml @@ -43,3 +43,6 @@ run: -C gic_distributor.extended-spi-count: 1024 -C cluster0.gicv3.extended-interrupt-range-support: 1 -C cluster1.gicv3.extended-interrupt-range-support: 1 + -C cluster0.memory_tagging_support_level: 2 + -C cluster1.memory_tagging_support_level: 2 + -C bp.dram_metadata.is_enabled: 1 -- cgit v1.2.3 From a2e41799abc1e447179bf09889c256212ab7d0c8 Mon Sep 17 00:00:00 2001 From: Olivier Deprez Date: Mon, 15 Jan 2024 17:12:54 +0000 Subject: config: add linux FF-A driver to cca-4worlds The kernel FF-A driver initializes the FF-A transport: [ 0.285553] ARM FF-A: Driver version 1.1 [ 0.285623] ARM FF-A: Firmware version 1.1 found And probes (sample) secure partitions that were booted through Hafnium: $ cat /sys/devices/arm-ffa-*/uuid b4b5671e-4a90-4fe1-b81f-fb13dae1dacb d1582309-f023-47b9-827c-4464f5578fc8 79b55c73-1d8c-44b9-8593-61e1770ad8d2 eaba83d8-baaf-4eaf-8144-f7fdcbe544a7 Signed-off-by: Olivier Deprez --- config/cca-4world.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/cca-4world.yaml b/config/cca-4world.yaml index 15d8cb6..32482ff 100644 --- a/config/cca-4world.yaml +++ b/config/cca-4world.yaml @@ -23,6 +23,10 @@ build: SP_LAYOUT_FILE: ${artifact:SP_LAYOUT} BL32: ${artifact:HAFNIUM} + linux: + prebuild: + - ./scripts/config --file ${param:builddir}/.config --enable CONFIG_ARM_FFA_TRANSPORT + run: terminals: bp.terminal_2: -- cgit v1.2.3 From 8d029a3ab30762348bc632605819a9e3109dd8e6 Mon Sep 17 00:00:00 2001 From: Olivier Deprez Date: Mon, 15 Jan 2024 17:12:55 +0000 Subject: docs: add instruction for cca-4worlds config Signed-off-by: Olivier Deprez --- config/cca-4world.yaml | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/config/cca-4world.yaml b/config/cca-4world.yaml index 32482ff..d732314 100644 --- a/config/cca-4world.yaml +++ b/config/cca-4world.yaml @@ -4,8 +4,33 @@ %YAML 1.2 --- description: >- - Builds on cca-3world.yaml, but adds support for running Hafnium along with - some secure partitions in Secure World. + Builds on cca-3world.yaml, and adds support for running Hafnium along with some + secure partitions in Secure World. + Build with: + + .. code-block:: shell + $ shrinkwrap --image shrinkwraptool/base-full build cca-4world.yaml --overlay buildroot.yaml --btvar GUEST_ROOTFS='${artifact:BUILDROOT}' + + Then run the model with: + + .. code-block:: shell + $ cd ~/.shrinkwrap/package/cca-4world + $ shrinkwrap run cca-4world.yaml --rtvar ROOTFS=rootfs.ext2 --rtvar SHARE=. + + Once the host has booted, log in as "root" (no password). + + Secure partitions can be enumerated by: + + .. code-block:: shell + # cat /sys/devices/arm-ffa-*/uuid + + b4b5671e-4a90-4fe1-b81f-fb13dae1dacb + d1582309-f023-47b9-827c-4464f5578fc8 + 79b55c73-1d8c-44b9-8593-61e1770ad8d2 + eaba83d8-baaf-4eaf-8144-f7fdcbe544a7 + + See cca-3worlds.yaml config :ref:`userguide/configstore/cca-3world:description` + if willing to launch a realm using kvmtool. concrete: true -- cgit v1.2.3 From c2ba71a3099d86dbc2d4dcb8b8b02209cd3b2cfb Mon Sep 17 00:00:00 2001 From: Olivier Deprez Date: Mon, 15 Jan 2024 17:12:56 +0000 Subject: docs: fix cca-3worlds documentation Fixed missing rtvar statement. Signed-off-by: Olivier Deprez --- config/cca-3world.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/cca-3world.yaml b/config/cca-3world.yaml index 1329257..ef58fe8 100644 --- a/config/cca-3world.yaml +++ b/config/cca-3world.yaml @@ -55,7 +55,7 @@ description: >- .. code-block:: shell $ cd ~/.shrinkwrap/package/cca-3world - $ shrinkwrap run cca-3world.yaml --rtvar ROOTFS=rootfs.ext2 SHARE=. + $ shrinkwrap run cca-3world.yaml --rtvar ROOTFS=rootfs.ext2 --rtvar SHARE=. Finally, once the host has booted, log in as "root" (no password), and launch a realm using kvmtool. Note the mount command is only required if sharing a -- cgit v1.2.3 From 2db4fc827255c00f27a1e20f3282861e1d0eeaaf Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Mon, 15 Jan 2024 17:44:27 +0000 Subject: docs: re-autogenerate config store rst files Signed-off-by: Ryan Roberts --- documentation/userguide/configstore/cca-3world.rst | 2 +- documentation/userguide/configstore/cca-4world.rst | 30 +++++++++++++++++++++- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/documentation/userguide/configstore/cca-3world.rst b/documentation/userguide/configstore/cca-3world.rst index 3c947b9..0049cef 100644 --- a/documentation/userguide/configstore/cca-3world.rst +++ b/documentation/userguide/configstore/cca-3world.rst @@ -57,7 +57,7 @@ Or if taking the shared directory approach, simply boot the host with the SHARE .. code-block:: shell $ cd ~/.shrinkwrap/package/cca-3world - $ shrinkwrap run cca-3world.yaml --rtvar ROOTFS=rootfs.ext2 SHARE=. + $ shrinkwrap run cca-3world.yaml --rtvar ROOTFS=rootfs.ext2 --rtvar SHARE=. Finally, once the host has booted, log in as "root" (no password), and launch a realm using kvmtool. Note the mount command is only required if sharing a directory: diff --git a/documentation/userguide/configstore/cca-4world.rst b/documentation/userguide/configstore/cca-4world.rst index 81e9247..70d4be8 100644 --- a/documentation/userguide/configstore/cca-4world.rst +++ b/documentation/userguide/configstore/cca-4world.rst @@ -10,7 +10,35 @@ cca-4world.yaml Description ########### -Builds on cca-3world.yaml, but adds support for running Hafnium along with some secure partitions in Secure World. +Builds on cca-3world.yaml, and adds support for running Hafnium along with some secure partitions in Secure World. Build with: + +.. code-block:: shell + + $ shrinkwrap --image shrinkwraptool/base-full build cca-4world.yaml --overlay buildroot.yaml --btvar GUEST_ROOTFS='${artifact:BUILDROOT}' + + +Then run the model with: + +.. code-block:: shell + + $ cd ~/.shrinkwrap/package/cca-4world + $ shrinkwrap run cca-4world.yaml --rtvar ROOTFS=rootfs.ext2 --rtvar SHARE=. + + +Once the host has booted, log in as "root" (no password). + +Secure partitions can be enumerated by: + +.. code-block:: shell + + # cat /sys/devices/arm-ffa-*/uuid + b4b5671e-4a90-4fe1-b81f-fb13dae1dacb + d1582309-f023-47b9-827c-4464f5578fc8 + 79b55c73-1d8c-44b9-8593-61e1770ad8d2 + eaba83d8-baaf-4eaf-8144-f7fdcbe544a7 + + +See cca-3worlds.yaml config :ref:`userguide/configstore/cca-3world:description` if willing to launch a realm using kvmtool. Concrete ######## -- cgit v1.2.3 From 736b1d2ab55c060fe8e0f84db92f7bffd46312cf Mon Sep 17 00:00:00 2001 From: Ryan Roberts Date: Mon, 15 Jan 2024 17:45:31 +0000 Subject: test: Re-enable cca-4world boot test Now that cca-4world has been fixed enough to boot, re-enable its boot test. Signed-off-by: Ryan Roberts --- test/test.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/test/test.py b/test/test.py index a55d322..8d7c8e3 100755 --- a/test/test.py +++ b/test/test.py @@ -259,9 +259,7 @@ def do_main(smoke_test): {'GUEST_ROOTFS': ROOTFS} ]) run_config('cca-3world.yaml', None, make_rtcmds({'KERNEL': KERNEL, 'ROOTFS': ROOTFS})) - # TODO: Disabled due to Hafnium requiring MTE but RMM does not support - # it. Reenable when Hafnium fixed to remove dependency. - # run_config('cca-4world.yaml', None, make_rtcmds({'KERNEL': KERNEL, 'ROOTFS': ROOTFS})) + run_config('cca-4world.yaml', None, make_rtcmds({'KERNEL': KERNEL, 'ROOTFS': ROOTFS})) print_results() -- cgit v1.2.3