[PATCH v13 09/10] arm_ffa: efi: introduce FF-A MM communication

Ilias Apalodimas ilias.apalodimas at linaro.org
Wed Jun 21 08:21:54 CEST 2023 

Hi Abdellatif,

On Fri, Jun 16, 2023 at 04:28:16PM +0100, Abdellatif El Khlifi wrote:
> Add MM communication support using FF-A transport
>
> This feature allows accessing MM partitions services through
> EFI MM communication protocol. MM partitions such as StandAlonneMM
> or smm-gateway secure partitions which reside in secure world.
>
> An MM shared buffer and a door bell event are used to exchange
> the data.
>
> The data is used by EFI services such as GetVariable()/SetVariable()
> and copied from the communication buffer to the MM shared buffer.
>
> The secure partition is notified about availability of data in the
> MM shared buffer by an FF-A message (door bell).
>
> On such event, MM SP can read the data and updates the MM shared
> buffer with the response data.
>
> The response data is copied back to the communication buffer and
> consumed by the EFI subsystem.
>
> MM communication protocol supports FF-A 64-bit direct messaging.
>
> Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi at arm.com>
> Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar at arm.com>
> Cc: Tom Rini <trini at konsulko.com>
> Cc: Simon Glass <sjg at chromium.org>
> Cc: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> Cc: Jens Wiklander <jens.wiklander at linaro.org>
>
> ---
>
> Changelog:
> ===============
>
> v13:
>
> * remove FF-A and Optee ifdefs

Thanks this looks a lot saner now.  I got one last nit and I think this
patch is ready

> + * Return:
> + *
> + * 0 on success
> + */
> +static int ffa_notify_mm_sp(void)
> +{
> +	struct ffa_send_direct_data msg = {0};
> +	int ret;
> +	int sp_event_ret = -1;
> +	struct udevice *dev;
> +
> +	ret = uclass_first_device_err(UCLASS_FFA, &dev);
> +	if (ret) {
> +		log_err("EFI: Cannot find FF-A bus device, notify MM SP failure\n");
> +		return ret;
> +	}
> +
> +	msg.data0 = FFA_SHARED_MM_BUFFER_OFFSET; /* x3 */
> +
> +	ret = ffa_sync_send_receive(dev, mm_sp_id, &msg, 1);
> +	if (ret)
> +		return ret;
> +
> +	sp_event_ret = msg.data0; /* x3 */
> +
> +	if (sp_event_ret == MM_SUCCESS)
> +		return 0;
> +
> +	/* Failure to notify the MM SP */
> +
> +	return -EACCES;

Doesn't FFA and the SMM_GATEWAY have discrete returns results that would
make more sense?  Your other patches only define MM_SUCCESS but in
ffa_mm_communicate() you are trying to map ernnos to EFI return codes.
I think we should map errnos to ffa errors as well in a similar fashion.

You can look at optee_mm_communicate() which already does that.

> +}
> +
> +/**
> + * ffa_discover_mm_sp_id() - Query the MM partition ID
> + *
> +/**
> + * get_mm_comms() - detect the available MM transport
> + *
> + * Make sure the FF-A bus is probed successfully
> + * which means FF-A communication with secure world works and ready
> + * for use.
> + *
> + * If FF-A bus is not ready, use OPTEE comms.
> + *
> + * Return:
> + *
> + * MM_COMMS_FFA or MM_COMMS_OPTEE
> + */
> +static enum mm_comms_select get_mm_comms(void)
> +{
> +	struct udevice *dev;
> +	int ret;
> +
> +	ret = uclass_first_device_err(UCLASS_FFA, &dev);
> +	if (ret) {
> +		log_err("EFI: Cannot find FF-A bus device, trying Optee comms\n");
> +		return MM_COMMS_OPTEE;
> +	}
> +
> +	return MM_COMMS_FFA;
> +}
> +
> +/**
> + * mm_communicate() - Adjust the communication buffer to the MM SP and send
>   * it to OP-TEE
>   *
> - * @comm_buf:		locally allocted communcation buffer
> + * @comm_buf:		locally allocated communication buffer
>   * @dsize:		buffer size
> + *
> + * The SP (also called partition) can be any MM SP such as  StandAlonneMM or smm-gateway.
> + * The comm_buf format is the same for both partitions.
> + * When using the u-boot OP-TEE driver, StandAlonneMM is supported.
> + * When using the u-boot FF-A  driver, any MM SP is supported.
> + *
>   * Return:		status code
>   */
>  static efi_status_t mm_communicate(u8 *comm_buf, efi_uintn_t dsize)
>  {
>  	efi_status_t ret;
> +	enum mm_comms_select mm_comms;
>  	struct efi_mm_communicate_header *mm_hdr;
>  	struct smm_variable_communicate_header *var_hdr;
>
> @@ -162,7 +400,12 @@ static efi_status_t mm_communicate(u8 *comm_buf, efi_uintn_t dsize)
>  	mm_hdr = (struct efi_mm_communicate_header *)comm_buf;
>  	var_hdr = (struct smm_variable_communicate_header *)mm_hdr->data;
>
> -	ret = optee_mm_communicate(comm_buf, dsize);
> +	mm_comms = get_mm_comms();
> +	if (mm_comms == MM_COMMS_FFA)
> +		ret = ffa_mm_communicate(comm_buf, dsize);
> +	else
> +		ret = optee_mm_communicate(comm_buf, dsize);
> +
>  	if (ret != EFI_SUCCESS) {
>  		log_err("%s failed!\n", __func__);
>  		return ret;
> @@ -232,6 +475,7 @@ static u8 *setup_mm_hdr(void **dptr, efi_uintn_t payload_size,
>   */
>  efi_status_t EFIAPI get_max_payload(efi_uintn_t *size)
>  {
> +	enum mm_comms_select mm_comms;
>  	struct smm_variable_payload_size *var_payload = NULL;
>  	efi_uintn_t payload_size;
>  	u8 *comm_buf = NULL;
> @@ -258,6 +502,12 @@ efi_status_t EFIAPI get_max_payload(efi_uintn_t *size)
>  		goto out;
>  	}
>  	*size = var_payload->size;
> +
> +	mm_comms = get_mm_comms();
> +	if (mm_comms == MM_COMMS_FFA && *size > FFA_SHARED_MM_BUFFER_SIZE)
> +		*size = FFA_SHARED_MM_BUFFER_SIZE - MM_COMMUNICATE_HEADER_SIZE	-
> +			MM_VARIABLE_COMMUNICATE_SIZE;
> +

Can you please move this check?  The check preceding this is generic -- it
tries to make sure there's space for at least a variable.  This is ffa
specific, so is there any reason ffa_mm_communicate() doesn't return the
corrected size?

>  	/*
>  	 * There seems to be a bug in EDK2 miscalculating the boundaries and
>  	 * size checks, so deduct 2 more bytes to fulfill this requirement. Fix
> @@ -697,7 +947,7 @@ void efi_variables_boot_exit_notify(void)
>  		ret = EFI_NOT_FOUND;
>
>  	if (ret != EFI_SUCCESS)
> -		log_err("Unable to notify StMM for ExitBootServices\n");
> +		log_err("Unable to notify the MM partition for ExitBootServices\n");
>  	free(comm_buf);
>
>  	/*
> --
> 2.25.1
>


Thanks
/Ilias

More information about the U-Boot mailing list