From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR03-DBA-obe.outbound.protection.outlook.com (EUR03-DBA-obe.outbound.protection.outlook.com [40.107.104.89]) by mx.groups.io with SMTP id smtpd.web11.83461.1682438706139470385 for ; Tue, 25 Apr 2023 09:05:06 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=DcXB1x+Z; spf=pass (domain: arm.com, ip: 40.107.104.89, mailfrom: sami.mujawar@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LKn0thTE6oU75BE7SJHPd/6Jqw3NgakTracWKqwwDIc=; b=DcXB1x+ZsnOvNOHYCxr4sr6efW66TDL4nh81thcjpsXW3fl4HZMjgGXfsTF9wBHqYWrh+UrYjbokrJPRUSbJ7t3VSW8sHbbbgXIVvRULCOP0sKmOFis9hMqV7YHLJu++gzOP5qr8lVZy0DDDRKW7+4UMmT8Ml9zG0MkvqVxlDHw= Received: from DB6PR0501CA0002.eurprd05.prod.outlook.com (2603:10a6:4:8f::12) by GV2PR08MB8727.eurprd08.prod.outlook.com (2603:10a6:150:b6::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.33; Tue, 25 Apr 2023 16:04:59 +0000 Received: from DBAEUR03FT014.eop-EUR03.prod.protection.outlook.com (2603:10a6:4:8f:cafe::7f) by DB6PR0501CA0002.outlook.office365.com (2603:10a6:4:8f::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.33 via Frontend Transport; Tue, 25 Apr 2023 16:04:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DBAEUR03FT014.mail.protection.outlook.com (100.127.143.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6340.20 via Frontend Transport; Tue, 25 Apr 2023 16:04:59 +0000 Received: ("Tessian outbound 99a3040377ca:v136"); Tue, 25 Apr 2023 16:04:59 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 24c5d39d245a50bd X-CR-MTA-TID: 64aa7808 Received: from e05294ede9ca.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id F2C99CBD-3332-41B0-9630-314B1B8602A8.1; Tue, 25 Apr 2023 16:04:52 +0000 Received: from EUR05-AM6-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id e05294ede9ca.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 25 Apr 2023 16:04:52 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cBfZRZC23enVgHsWlbQ47nRzGoxJLLvPpNu9nAbQMm89ebLGfYmVmjKRwVkKYWb/tZqGA7J3a4UJaOUcWfB+hmtAib/oCxLFbhomskloIeksxlMkPNahk6JVkpy/Chux0PMyBz8oraL5YZNH9H3Z0pvsSNMWzFjy9fAB1Bwy7XJ4d241gh9p8uUktt5wc64zaYL075HbtlJ5ucKuDTsPHRnLq4n12Qw3IgrDIiak0sVSeD1PjkXUTCHeLcrelV2f5GmgKVFkCIIlSnQhTYKfGt+jfp9T84+W7EIvxfpk3lkwi74RVqbFsE9GgjGOHq8WJaFvOu0YuVgAQLKwtL6Ujg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LKn0thTE6oU75BE7SJHPd/6Jqw3NgakTracWKqwwDIc=; b=IM+cvcdSUD55wfLPzazufkBqFnpTDv9UBKSY1ecaOxapfVrE9I0e+MUvXQgSGn1oKZmqmzosAnPuju4g1H3ZBp0Jt9XkJiINLndjikvMMuQUjoosj26Y98BLRZjQ8bRmoyhcxD/xoI4czy8wchExqRE+EPKiGm4NIuXJKS8J1zdAS3tFWRwjvIFZ2ScdJ+/Xwe3UxMOqOfOorznDcRxLSVnL2Pa7XOGfnfbBJ+7Z5J+fvy1aiDpIskMb/ZQqm0vTqoLs4tzz/3EL3MzmdQGocl4RWzOH7tAfrgYDoJeGtGPpo99AtZ9FSGhEQapLIF8Sey12LayxIhMh6x7hYVgwRw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 40.67.248.234) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LKn0thTE6oU75BE7SJHPd/6Jqw3NgakTracWKqwwDIc=; b=DcXB1x+ZsnOvNOHYCxr4sr6efW66TDL4nh81thcjpsXW3fl4HZMjgGXfsTF9wBHqYWrh+UrYjbokrJPRUSbJ7t3VSW8sHbbbgXIVvRULCOP0sKmOFis9hMqV7YHLJu++gzOP5qr8lVZy0DDDRKW7+4UMmT8Ml9zG0MkvqVxlDHw= Received: from DB6PR0601CA0036.eurprd06.prod.outlook.com (2603:10a6:4:17::22) by GV2PR08MB9399.eurprd08.prod.outlook.com (2603:10a6:150:df::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.33; Tue, 25 Apr 2023 16:04:45 +0000 Received: from DBAEUR03FT052.eop-EUR03.prod.protection.outlook.com (2603:10a6:4:17:cafe::ae) by DB6PR0601CA0036.outlook.office365.com (2603:10a6:4:17::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.34 via Frontend Transport; Tue, 25 Apr 2023 16:04:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 40.67.248.234 as permitted sender) receiver=protection.outlook.com; client-ip=40.67.248.234; helo=nebula.arm.com; pr=C Received: from nebula.arm.com (40.67.248.234) by DBAEUR03FT052.mail.protection.outlook.com (100.127.142.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6340.20 via Frontend Transport; Tue, 25 Apr 2023 16:04:45 +0000 Received: from AZ-NEU-EX04.Arm.com (10.251.24.32) by AZ-NEU-EX03.Arm.com (10.251.24.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Tue, 25 Apr 2023 16:04:44 +0000 Received: from E114225.Arm.com (10.1.196.36) by mail.arm.com (10.251.24.32) with Microsoft SMTP Server id 15.1.2507.23 via Frontend Transport; Tue, 25 Apr 2023 16:04:43 +0000 From: "Sami Mujawar" To: CC: Sami Mujawar , , , , , , , , , , Subject: [RFC PATCH v1 14/30] ArmVirtPkg: Add library for Arm CCA helper functions Date: Tue, 25 Apr 2023 17:04:12 +0100 Message-ID: <20230425160428.27980-15-sami.mujawar@arm.com> X-Mailer: git-send-email 2.16.2.windows.1 In-Reply-To: <20230425160428.27980-1-sami.mujawar@arm.com> References: <20230425160428.27980-1-sami.mujawar@arm.com> MIME-Version: 1.0 X-EOPAttributedMessage: 1 X-MS-TrafficTypeDiagnostic: DBAEUR03FT052:EE_|GV2PR08MB9399:EE_|DBAEUR03FT014:EE_|GV2PR08MB8727:EE_ X-MS-Office365-Filtering-Correlation-Id: bc382d02-c2ec-4806-6129-08db45a6d204 x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: RdEH3FezpWjup1WgTNfM0F0ZnKIYCjKCYpctP2WRMlQXDCu/7jQGM+EgLi75juBTUTXKE74Ly8DJ7LuLbFkkdJ/xT+iG+yrbnbk1SJHXeevYl/HPn25XrROQetHqsEgwD1nuZRiVAK30ARDwANMuFgaYR7jnXF3nz/2pHPu2XWlnm0974xupMNj0rNVq66/FSgIKbRbHef7cbWWqxwjty0bqb9Ebq9HzYIigO3wIrs23nzx105/byX0ixaeGbwvq5nCIS7oV6ZLV4hSJEWYXNRD+JAsVhRaAmrjC00vUhJU0OzHN55pZdDUM5EYRazhJGzNfkj8Tk+G/ntWGmM+xrXPSh/ynwQD8VAig2YjHYF/RFE/v3n3GYey+Sr/3WP9O/2k9RveelP6ivFz1uMiXGTLspuALDm2zHJUUBAAf/EDaKMqADZwGySez1aQCudOZl+7uHWvHayKMR92EwRTwOMuOCAX5HWPBVvQ2PW/MEx9mDa0ZKgU2E6p45MsudzNiR0I7AttF6Uneukzj57pLgQUtLGNpmN3QMxvDdkxen4D+cKtT7XeEqUHfmU23fzmQmPZ3vKFXdQeo9mcOfbRsOmWZsB6IjXO+eCCHpvUjeAemW+RD6rv42d59Rq04H2dXVBm3tf4VyIDnMb7DVPOCWUuKnYn7TQj1B/Ud0d9cYYu8zgjZzKS2kSBZiqyynL26sflmGYLznjUxEOKm/JdYwpDyQdRyZr7YkxXakkMud4Q= X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:nebula.arm.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(346002)(396003)(136003)(39860400002)(376002)(451199021)(46966006)(36840700001)(54906003)(86362001)(478600001)(36756003)(186003)(34070700002)(7696005)(26005)(8936002)(40480700001)(82310400005)(1076003)(6666004)(82740400003)(316002)(356005)(336012)(426003)(81166007)(41300700001)(36860700001)(6916009)(4326008)(70206006)(70586007)(83380400001)(44832011)(8676002)(5660300002)(47076005)(30864003)(2906002)(2616005)(36900700001);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV2PR08MB9399 Return-Path: Sami.Mujawar@arm.com X-MS-Exchange-Transport-CrossTenantHeadersStripped: DBAEUR03FT014.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 3c4b74bf-d5ae-4c6a-f34a-08db45a6c9f4 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ejQezY1keAHkwNvgITEZBnjh5E/jQPRT1TC/P9g5h5iv4NXe4TQqunZeQBGw7aM+kybroVxqJsFlEY7X5GDmb/AOeyU1cJ2wDvjI+QJPDcyyhtN4fFpQ67vOiWnXKSZLOUby+CSuf3OQgdJE9WqEptKgX9mSX/zGIF4UxxKhq+sZIa+UCFQHumXLGkP/JRAWZT9aQf5cyvJgXnBDDsFhIPm1ALxf/C2QShkJ+Z97n4azmopHuMjYpo0DG0iQISRze0sOW3czaJH3F8Vw4qT9BGZle7Ljkdtyxi4a37gP4TT3WQsM2NKusdoJyKHBZ05sVtNVg+YpRJpKlACto7crL8A2WjoEgIbp0qiGx9es1ZZdS4zhFcQQf8/uYAqnRAD/a7CSmFyfFrbxnONuInR1AgymwWv8c8GldRrYUh+2MNIb19/vZ7XPs0IKjxhr40+p5u0k0yYsvZFy13/llbIpT0UulH2DlcTN+b516DEFhwBwN/PHLT/wGEqC2MAtGFIAFACTmrUjf5YEkyQw+UfmqWIq4LNC7Sbx3ddxtr8W0nX+Yif4BW49Yj93SQGKuc1uL0fqDUwJdDjzB3zaF+8VNBdJSTOP3IRQ72gzv//w7hK1q3S8dn2xYmR1KaBHWE0fPlrOiypjZU4G5W5f0L3rJhVt/6OL3DkJebtGcslvjRTD2/aXfl1TlpG+666WcIqzAH1TFkSavj8s5224lezFXvmRBVkYI3MZnDGVFCgo6RE= X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230028)(4636009)(346002)(39860400002)(136003)(396003)(376002)(451199021)(40470700004)(36840700001)(46966006)(36756003)(54906003)(40460700003)(34070700002)(478600001)(82740400003)(4326008)(70206006)(70586007)(40480700001)(316002)(6916009)(44832011)(81166007)(41300700001)(2906002)(8936002)(30864003)(8676002)(5660300002)(2616005)(426003)(336012)(1076003)(26005)(86362001)(186003)(6666004)(83380400001)(47076005)(7696005)(82310400005)(36860700001);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Apr 2023 16:04:59.3290 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bc382d02-c2ec-4806-6129-08db45a6d204 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DBAEUR03FT014.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV2PR08MB8727 Content-Type: text/plain Introduce ArmCcaLib library that implements helper functions to: - probe if the code is executing in a Realm context - configure the protection attribute in page tables for the memory regions shared with the host - get the IPA width of the Realm which was stored in the GUID HOB gArmCcaIpaWidthGuid. Signed-off-by: Sami Mujawar --- ArmVirtPkg/ArmVirtPkg.dec | 1 + ArmVirtPkg/Include/Library/ArmCcaLib.h | 114 ++++++++++++ ArmVirtPkg/Library/ArmCcaLib/ArmCcaLib.c | 190 ++++++++++++++++++++ ArmVirtPkg/Library/ArmCcaLib/ArmCcaLib.inf | 34 ++++ 4 files changed, 339 insertions(+) diff --git a/ArmVirtPkg/ArmVirtPkg.dec b/ArmVirtPkg/ArmVirtPkg.dec index c270d4a1ee268fb57a5338fd71487ed54699f496..c61ed9c492e97aa00ba9dbab1a5544354b6e7de7 100644 --- a/ArmVirtPkg/ArmVirtPkg.dec +++ b/ArmVirtPkg/ArmVirtPkg.dec @@ -27,6 +27,7 @@ [Includes.common] [LibraryClasses] ArmCcaInitPeiLib|Include/Library/ArmCcaInitPeiLib.h + ArmCcaLib|Include/Library/ArmCcaLib.h ArmCcaRsiLib|Include/Library/ArmCcaRsiLib.h ArmVirtMemInfoLib|Include/Library/ArmVirtMemInfoLib.h diff --git a/ArmVirtPkg/Include/Library/ArmCcaLib.h b/ArmVirtPkg/Include/Library/ArmCcaLib.h new file mode 100644 index 0000000000000000000000000000000000000000..a47e14b507f1bfd1feece636063eb2ba83357a5b --- /dev/null +++ b/ArmVirtPkg/Include/Library/ArmCcaLib.h @@ -0,0 +1,114 @@ +/** @file + Library that implements the Arm CCA helper functions. + + Copyright (c) 2022 - 2023, Arm Ltd. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + + - Rsi or RSI - Realm Service Interface + - IPA - Intermediate Physical Address + - RIPAS - Realm IPA state +**/ + +#ifndef ARM_CCA_LIB_ +#define ARM_CCA_LIB_ + +#include +#include + +/** + Check if running in a Realm. + + @retval TRUE The execution is within the context of a Realm. + @retval FALSE The execution is not within the context of a Realm. +**/ +BOOLEAN +EFIAPI +IsRealm ( + VOID + ); + +/** + Configure the protection attribute for the page tables + describing the memory region. + + The IPA space of a Realm is divided into two halves: + - Protected IPA space and + - Unprotected IPA space. + + Software in a Realm should treat the most significant bit of an + IPA as a protection attribute. + + A Protected IPA is an address in the lower half of a Realms IPA + space. The most significant bit of a Protected IPA is 0. + + An Unprotected IPA is an address in the upper half of a Realms + IPA space. The most significant bit of an Unprotected IPA is 1. + + Note: + - Configuring the memory region as Unprotected IPA enables the + Realm to share the memory region with the Host. + - This function updates the page table entries to reflect the + protection attribute. + - A separate call to transition the memory range using the Realm + Service Interface (RSI) RSI_IPA_STATE_SET command is additionally + required and is expected to be done outside this function. + + @param [in] BaseAddress Base address of the memory region. + @param [in] Length Length of the memory region. + @param [in] IpaWidth IPA width of the Realm. + @param [in] Share If TRUE, set the most significant + bit of the IPA to configure the memory + region as Unprotected IPA. + If FALSE, clear the most significant + bit of the IPA to configure the memory + region as Protected IPA. + + @retval RETURN_SUCCESS IPA protection attribute updated. + @retval RETURN_INVALID_PARAMETER A parameter is invalid. + @retval RETURN_UNSUPPORTED The request is not initiated in a + Realm. +**/ +RETURN_STATUS +EFIAPI +ArmCcaSetMemoryProtectAttribute ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length, + IN UINT64 IpaWidth, + IN BOOLEAN Share + ); + +/** + Return the IPA width of the Realm. + + The IPA width of the Realm is used to configure the protection attribute + for memory regions, see ArmCcaSetMemoryProtectAttribute(). + + The IPA width of the Realm is present in the Realm config which is read + when the ArmCcaInitPeiLib library hook function ArmCcaInitialize () is + called in the PrePi phase. ArmCcaInitialize () stores the IPA width of + the Realm in a GUID HOB gArmCcaIpaWidthGuid. + + This function searches the GUID HOB gArmCcaIpaWidthGuid and returns the + IPA width value stored therein. + + Note: + - This function must only be called after ArmCcaInitialize () has setup + the GUID HOB gArmCcaIpaWidthGuid. + + @param [out] IpaWidth IPA width of the Realm. + + @retval RETURN_SUCCESS Success. + @retval RETURN_INVALID_PARAMETER A parameter is invalid. + @retval RETURN_NOT_FOUND The GUID HOB gArmCcaIpaWidthGuid is not + found and could mean that this function + was called before ArmCcaInitialize () + has created and initialised the GUID + HOB gArmCcaIpaWidthGuid. +**/ +RETURN_STATUS +EFIAPI +GetIpaWidth ( + OUT UINT64 *IpaWidth + ); + +#endif // ARM_CCA_LIB_ diff --git a/ArmVirtPkg/Library/ArmCcaLib/ArmCcaLib.c b/ArmVirtPkg/Library/ArmCcaLib/ArmCcaLib.c new file mode 100644 index 0000000000000000000000000000000000000000..32cfcbcadea261d0fa616b0e0b75ede47bd0f747 --- /dev/null +++ b/ArmVirtPkg/Library/ArmCcaLib/ArmCcaLib.c @@ -0,0 +1,190 @@ +/** @file + Library that implements the Arm CCA helper functions. + + Copyright (c) 2022 - 2023, Arm Limited. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Glossary: + - Rsi or RSI - Realm Service Interface + - IPA - Intermediate Physical Address + - RIPAS - Realm IPA state +**/ +#include + +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +/** + Check if running in a Realm. + + @retval TRUE The execution is within the context of a Realm. + @retval FALSE The execution is not within the context of a Realm. +**/ +BOOLEAN +EFIAPI +IsRealm ( + VOID + ) +{ + RETURN_STATUS Status; + UINT16 Major; + UINT16 Minor; + + if (ArmHasRme ()) { + Status = RsiGetVersion (&Major, &Minor); + if (!RETURN_ERROR (Status)) { + return TRUE; + } + } + + return FALSE; +} + +/** + Configure the protection attribute for the page tables + describing the memory region. + + The IPA space of a Realm is divided into two halves: + - Protected IPA space and + - Unprotected IPA space. + + Software in a Realm should treat the most significant bit of an + IPA as a protection attribute. + + A Protected IPA is an address in the lower half of a Realms IPA + space. The most significant bit of a Protected IPA is 0. + + An Unprotected IPA is an address in the upper half of a Realms + IPA space. The most significant bit of an Unprotected IPA is 1. + + Note: + - Configuring the memory region as Unprotected IPA enables the + Realm to share the memory region with the Host. + - This function updates the page table entries to reflect the + protection attribute. + - A separate call to transition the memory range using the Realm + Service Interface (RSI) RSI_IPA_STATE_SET command is additionally + required and is expected to be done outside this function. + + @param [in] BaseAddress Base address of the memory region. + @param [in] Length Length of the memory region. + @param [in] IpaWidth IPA width of the Realm. + @param [in] Share If TRUE, set the most significant + bit of the IPA to configure the memory + region as Unprotected IPA. + If FALSE, clear the most significant + bit of the IPA to configure the memory + region as Protected IPA. + + @retval RETURN_SUCCESS IPA protection attribute updated. + @retval RETURN_INVALID_PARAMETER A parameter is invalid. + @retval RETURN_UNSUPPORTED The request is not initiated in a + Realm. +**/ +RETURN_STATUS +EFIAPI +ArmCcaSetMemoryProtectAttribute ( + IN EFI_PHYSICAL_ADDRESS BaseAddress, + IN UINT64 Length, + IN UINT64 IpaWidth, + IN BOOLEAN Share + ) +{ + UINT64 Val; + UINT64 Mask; + UINT64 ProtectionAttributeMask; + + if (!IsRealm ()) { + return RETURN_UNSUPPORTED; + } + + if (IpaWidth == 0) { + return RETURN_INVALID_PARAMETER; + } + + /* Software in a Realm should treat the most significant bit of an + IPA as a protection attribute. + */ + ProtectionAttributeMask = 1ULL << (IpaWidth - 1); + + if (Share) { + Val = ProtectionAttributeMask; + Mask = ~TT_ADDRESS_MASK_BLOCK_ENTRY; + } else { + Val = 0; + Mask = ~(TT_ADDRESS_MASK_BLOCK_ENTRY | ProtectionAttributeMask); + } + + return SetMemoryRegionAttribute ( + BaseAddress, + Length, + Val, + Mask + ); +} + +/** + Return the IPA width of the Realm. + + The IPA width of the Realm is used to configure the protection attribute + for memory regions, see ArmCcaSetMemoryProtectAttribute(). + + The IPA width of the Realm is present in the Realm config which is read + when the ArmCcaInitPeiLib library hook function ArmCcaInitialize () is + called in the PrePi phase. ArmCcaInitialize () stores the IPA width of + the Realm in a GUID HOB gArmCcaIpaWidthGuid. + + This function searches the GUID HOB gArmCcaIpaWidthGuid and returns the + IPA width value stored therein. + + Note: + - This function must only be called after ArmCcaInitialize () has setup + the GUID HOB gArmCcaIpaWidthGuid. + + @param [out] IpaWidth IPA width of the Realm. + + @retval RETURN_SUCCESS Success. + @retval RETURN_INVALID_PARAMETER A parameter is invalid. + @retval RETURN_NOT_FOUND The GUID HOB gArmCcaIpaWidthGuid is not + found and could mean that this function + was called before ArmCcaInitialize () + has created and initialised the GUID + HOB gArmCcaIpaWidthGuid. +**/ +RETURN_STATUS +EFIAPI +GetIpaWidth ( + OUT UINT64 *IpaWidth + ) +{ + VOID *Hob; + UINT64 *CcaIpaWidth; + + if (IpaWidth == NULL) { + return RETURN_INVALID_PARAMETER; + } + + Hob = GetFirstGuidHob (&gArmCcaIpaWidthGuid); + if ((Hob == NULL) || + (GET_GUID_HOB_DATA_SIZE (Hob) != sizeof (UINT64))) + { + return RETURN_NOT_FOUND; + } + + CcaIpaWidth = GET_GUID_HOB_DATA (Hob); + if ((UINT64)*CcaIpaWidth == 0) { + return RETURN_NOT_FOUND; + } + + *IpaWidth = *CcaIpaWidth; + + return RETURN_SUCCESS; +} diff --git a/ArmVirtPkg/Library/ArmCcaLib/ArmCcaLib.inf b/ArmVirtPkg/Library/ArmCcaLib/ArmCcaLib.inf new file mode 100644 index 0000000000000000000000000000000000000000..7d90b4535d69c12672af5de3d7cab63a3cd528a6 --- /dev/null +++ b/ArmVirtPkg/Library/ArmCcaLib/ArmCcaLib.inf @@ -0,0 +1,34 @@ +## @file +# Library that implements the Arm CCA helper functions. +# +# Copyright (c) 2022 - 2023, Arm Limited. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x0001001B + BASE_NAME = ArmCcaLib + FILE_GUID = 11C18743-52F9-405E-B35B-D7BE91A26F9F + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = ArmCcaLib + +[Sources] + ArmCcaLib.c + +[Packages] + ArmPkg/ArmPkg.dec + ArmVirtPkg/ArmVirtPkg.dec + MdePkg/MdePkg.dec + +[LibraryClasses] + ArmCcaRsiLib + ArmLib + ArmMmuLib + BaseLib + HobLib + +[Guids] + gArmCcaIpaWidthGuid -- 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'