[PATCH v11 06/10] arm_ffa: introduce sandbox FF-A support

Abdellatif El Khlifi abdellatif.elkhlifi at arm.com
Wed May 3 19:56:56 CEST 2023

Hi Simon,

> Hi Abdellatif,
> On Wed, 12 Apr 2023 at 03:43, Abdellatif El Khlifi
> <abdellatif.elkhlifi at arm.com> wrote:
> >
> > Emulate Secure World's FF-A ABIs and allow testing U-Boot FF-A support
> >
> > Features of the sandbox FF-A support:
> >
> > - Introduce an FF-A emulator
> > - Introduce an FF-A device driver for FF-A comms with emulated Secure World
> > - Provides test methods allowing to read the status of the inspected ABIs
> >
> > The sandbox FF-A emulator supports only 64-bit direct messaging.
> >
> > Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi at arm.com>
> > Cc: Tom Rini <trini at konsulko.com>
> > Cc: Simon Glass <sjg at chromium.org>
> > Cc: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> > Cc: Jens Wiklander <jens.wiklander at linaro.org>
> > Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
> >
> > ---
> > Changelog:
> > ===============
> >
> > v11:
> >
> > * rename ffa_try_discovery() to sandbox_ffa_discover()
> > * rename sandbox_ffa_query_core_state() to sandbox_query_ffa_emul_state()
> > * store the sandbox emulator pointer in the FF-A device uc_priv (struct ffa_priv)
> > * set the emulator as parent of the sandbox FF-A device
> This is close, but not quite what I expected.
> I suspect the emulator should be the child of the FF-A device, not the
> parent? You should update the devicetree to show that. You should not
> need to reparent anything.
> Then you put this in your FFA uclass so it binds the emulator:
> .post_bind = dm_scan_fdt_dev,

Thanks. Sorry for the late reply, I was in holidays.

I made few tweaks based on your suggestion and this will be in v12 patchset (work in progress).
In v12, reparenting will be removed and DT will be used to reflect the relationship between
the emulator and the FF-A device. Also, dm_scan_fdt_dev() is used to bind the child.

However, in case of FF-A the emulator should be the parent.

Please refer to the explanation below for more details.

DT nodes: (tested and works)

	arm-ffa-emul {
		compatible = "sandbox,arm-ffa-emul";

		sandbox-arm-ffa {
				compatible = "sandbox,arm-ffa";

In real HW, the secure side exists before the FF-A device is set up.
The FF-A device needs the secure side up and running so it can query the FF-A
framework version during FF-A discovery.

The same concept is followed in sandbox mode:

- The emulator device is the parent of the FF-A device. So, the emulator priv exists in memory before the FF-A device is bound.
   The emulator priv contains the secure side data (i.e: FF-A framework version)

- The FF-A device is the child, when bound it discovers FF-A framework by querying the version from the emulator

I hope this suggestion makes sense to you.


More information about the U-Boot mailing list