From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR05-VI1-obe.outbound.protection.outlook.com (EUR05-VI1-obe.outbound.protection.outlook.com [40.107.21.55]) by mx.groups.io with SMTP id smtpd.web10.83981.1682438715427432005 for ; Tue, 25 Apr 2023 09:05:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=ehamQRrX; spf=pass (domain: arm.com, ip: 40.107.21.55, mailfrom: sami.mujawar@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XGKhiPM28kQmNQZ53DXXjOTV+7RMJgsllUU9E4pgz0Q=; b=ehamQRrXdgv9hdJ5eK5OGqqrSxq8DZpD7QrAV/9aBnXnonFU5d6lUH2NSu8s7GEsKNAqAsAQLqlc00sNnAmC/TBcpZ5mpphcdeeXSTWiKIXoLy4i76tuiDfDkE5Z4CwMFgdEdAPa86wtE2e+SL053oK6j87ro+Jp9PR43pnxNW4= Received: from AS9P194CA0010.EURP194.PROD.OUTLOOK.COM (2603:10a6:20b:46d::10) by VE1PR08MB5599.eurprd08.prod.outlook.com (2603:10a6:800:1a1::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.33; Tue, 25 Apr 2023 16:05:10 +0000 Received: from AM7EUR03FT023.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:46d:cafe::4b) by AS9P194CA0010.outlook.office365.com (2603:10a6:20b:46d::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.34 via Frontend Transport; Tue, 25 Apr 2023 16:05:10 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM7EUR03FT023.mail.protection.outlook.com (100.127.140.73) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6340.20 via Frontend Transport; Tue, 25 Apr 2023 16:05:09 +0000 Received: ("Tessian outbound 5bb4c51d5a1f:v136"); Tue, 25 Apr 2023 16:05:09 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 206fe9afc39f0bae X-CR-MTA-TID: 64aa7808 Received: from 14d279b19fbc.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 3584204F-8AA4-420A-BB0F-A43DC9C6F228.1; Tue, 25 Apr 2023 16:05:03 +0000 Received: from EUR03-AM7-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 14d279b19fbc.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 25 Apr 2023 16:05:02 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WRQ29gjyC/trZN05MnqUaOrhG6w+PHXAOnujWeKb2XRtjRNoLPOm78/BDU9tAMGOQ/kz888FaY4R/VlkfxUHAnwvxqH0rSn0p7Vc4C3ZT0FBRshAGKfNvwxP8qXim9x3786EjrhjrKqNTUSH8ZAhYhCZPmXLQbEvHjxzOTyqbTnfDN/QRTSSIT/z80jQ47cGp0oxqNpcWX9anFr2idqDydsBmQjDawByXEDyhgIXb0YWSiw6HXSS63QqDN5rqPglA3AkzmG4zzxYsj7iFbLmI9jFl0FbD1y/ooP95L2Q8q4XIgKUPjdwJU4SUR5b0ox3H5vilxuNXJmi39OMRgZNFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XGKhiPM28kQmNQZ53DXXjOTV+7RMJgsllUU9E4pgz0Q=; b=iJi2zhrMdztmfcyvQGMvVIJ2srN3LEkasZFKE1ebFKUdOhH3WFPn81jGygVxwzPPuARpWabPA9pdwBTWcPDn5S1GpnsXT4KYNG5QNjnYAnMTYjidAvjftrAD8NpOGiLGtaitNc72FDiuC0Lp19dFDIKpx4x9xK2BuBE/u9lbl0e90fUFCwQ7oR7qD9j0chs/BSP7J9d4wv8dwSVxngdKxJOvlE5qGY+vsn4gtsMrHY16DPtylqxZIFaVgrFYk2G+4g6w/ULyJO0THUXyS0Wm0a0TiycviEU1hFt8rz68Zt9hZdwgJDF0CdFs2FK0arbpz0wgqE2lcwyD+M5tadF+yA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 40.67.248.234) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XGKhiPM28kQmNQZ53DXXjOTV+7RMJgsllUU9E4pgz0Q=; b=ehamQRrXdgv9hdJ5eK5OGqqrSxq8DZpD7QrAV/9aBnXnonFU5d6lUH2NSu8s7GEsKNAqAsAQLqlc00sNnAmC/TBcpZ5mpphcdeeXSTWiKIXoLy4i76tuiDfDkE5Z4CwMFgdEdAPa86wtE2e+SL053oK6j87ro+Jp9PR43pnxNW4= Received: from DUZPR01CA0177.eurprd01.prod.exchangelabs.com (2603:10a6:10:4b3::26) by DB9PR08MB7673.eurprd08.prod.outlook.com (2603:10a6:10:37c::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.33; Tue, 25 Apr 2023 16:04:59 +0000 Received: from DBAEUR03FT024.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:4b3:cafe::24) by DUZPR01CA0177.outlook.office365.com (2603:10a6:10:4b3::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.34 via Frontend Transport; Tue, 25 Apr 2023 16:04:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 40.67.248.234 as permitted sender) receiver=protection.outlook.com; client-ip=40.67.248.234; helo=nebula.arm.com; pr=C Received: from nebula.arm.com (40.67.248.234) by DBAEUR03FT024.mail.protection.outlook.com (100.127.142.163) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6340.20 via Frontend Transport; Tue, 25 Apr 2023 16:04:59 +0000 Received: from AZ-NEU-EX02.Emea.Arm.com (10.251.26.5) by AZ-NEU-EX03.Arm.com (10.251.24.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Tue, 25 Apr 2023 16:04:57 +0000 Received: from AZ-NEU-EX04.Arm.com (10.251.24.32) by AZ-NEU-EX02.Emea.Arm.com (10.251.26.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Tue, 25 Apr 2023 16:04:55 +0000 Received: from E114225.Arm.com (10.1.196.36) by mail.arm.com (10.251.24.32) with Microsoft SMTP Server id 15.1.2507.23 via Frontend Transport; Tue, 25 Apr 2023 16:04:54 +0000 From: "Sami Mujawar" To: CC: Sami Mujawar , , , , , , , , , , Subject: [RFC PATCH v1 26/30] ArmVirtPkg: Introduce Realm Aperture Management Protocol Date: Tue, 25 Apr 2023 17:04:24 +0100 Message-ID: <20230425160428.27980-27-sami.mujawar@arm.com> X-Mailer: git-send-email 2.16.2.windows.1 In-Reply-To: <20230425160428.27980-1-sami.mujawar@arm.com> References: <20230425160428.27980-1-sami.mujawar@arm.com> MIME-Version: 1.0 X-EOPAttributedMessage: 1 X-MS-TrafficTypeDiagnostic: DBAEUR03FT024:EE_|DB9PR08MB7673:EE_|AM7EUR03FT023:EE_|VE1PR08MB5599:EE_ X-MS-Office365-Filtering-Correlation-Id: 89a95bb9-d3a6-415d-24f4-08db45a6d85c x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: ZaYG3JHxJvXgdqTEuqJ/Kboa9zPTtYUaCbLn8Trb211XD1FWR49/4A+48yKc+gwgk990Y72aFJ4cptR7go3WJoFLTQnuUVVAElT2XepIqmcLl2PLb3dZut75r0cP0h89Doo0mUFMlGhyj1UnF2iVHrj1uyINDE4sNi9UZIhoICbeseY+zbny8awHA1TKgYXYETh/BL5wzUxS52kjxdwEcgR7UwwIgtwj6ebPEg8wcl+B1PU1ydAL+T+ytAcke2UqE85vz4FjM5sYz20rKXXYgeubY7zPTmlqZpmBYd0YiUBiiVj8SOrhHcNY5Y9mGX986k4ur7HO0kV3S2i9nPRg/gEZAokbaklT4tzmteFGlpIyCXCQOBXBsfkkfyZmvJwqdM7pdcmJck9lCaSPcFYFE4eIgE5arbGOTrqHj9CcWaHG0Uk3qH/BkKuQnbmkNThOMPROfBV+G8rnuUdHj2M+x66v6ctrvANiJvWuVgSD77t0c3EBYc698+HnTLIFP37KivTJl0hXt/YzM9UG7HJV1hGyZx9i/L8ldpTV3WkcikZnU+hmqg4OsNp42jahFZObBZ8c2tIevri8XB0BES1GsNNt5qHnNWy04Xp9PcTNIPOhJmuPrHYHuuXmgKEqBj+yVvhDTgrnHyyk2PfnS5aoUA+IUiY/hO+OgqabFfpbVIowcDdYUkXKpmmjxnpIToVcT4MIaZG2U+19SYHC0ug6+J2DQoAFuZP8AYih2NWbUWalLK2Za0IwruCJW+sAssxDFRXSDRg9BZO+hxLWgub0hw== X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:nebula.arm.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(396003)(346002)(136003)(376002)(39860400002)(451199021)(46966006)(36840700001)(82740400003)(34070700002)(44832011)(7696005)(70586007)(6916009)(70206006)(2906002)(6666004)(30864003)(1076003)(8936002)(40480700001)(336012)(426003)(186003)(83380400001)(8676002)(2616005)(41300700001)(36860700001)(26005)(5660300002)(316002)(47076005)(86362001)(54906003)(36756003)(4326008)(81166007)(356005)(82310400005)(478600001)(36900700001)(44824005);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB7673 Return-Path: Sami.Mujawar@arm.com X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM7EUR03FT023.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: e24916ca-9e8b-47a0-0252-08db45a6d20f X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ZyrsBpTS0jbEpCc9Vxgl4fRub1EPgmlC53oi1/I5AIQOoAbD7zUvm5DHRGDRrSB3mw0ZSa8ZRXK5kZfWiVLccFh1tBQxyFa5+Y+vA5Faq6YD7FeLPzvYQrRjWC7E0YasWJTpZbRVwDi7sk+00/xfH9p4JXRg4C9BhzUg51VtyhrdQATvyfhimK/EN6gMARL10lfTzhif6ipeS6Wc21WXg6IOSg7wsZNkHny2ssiik8x37AoIKDGj5+ybnIDGi3HF4ZrpE7Dj0OfZrUttmN6vxJJWwLItd8wdZepoMfYPrKeIpClTfW+LhQRpuqdyRcns2Ma3SlO+0WslS5YIhzpIL/uMU3x/QHrKaqvYusdyKzTN5uXcVNtzfgXVl5SuFRh8jF4ckUOh9Ln6f56OOH4oxVjEPKlbSucKv2+sIiEhPHe+JND18xO7kAOWUhXlGPTWPob2uxUG4HXYg1SeoAcShhxCHyIfMuILFKGnpjeOw4l0NEXZ7HubtgaLckrI49AV1Wqibn5CcEKvIuGL3mYBLj5PpBDC+NZ4JmcS2sd8eqKO2pr3CO4hkfhAEE50bNkDQwpyVS6/zKSY3h15tZ0QUSg87Ifngqu15j8pRrgEcyMpA6Y6YNm4u67f/hym3gzY9Xy7f+NC6cozeWzafLufUDlkzzjaoIqJ4vURrzWQ7YttrCNIkRqzxzep0hzFfiN765mtmzXrcsS+73Yq4f+/UA0lA8bebj2rd1HbDJKIPX21nVUpaUaj/U+8ytqrWzarA8gqTQUc9q8AlreovTSrTQ== X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230028)(4636009)(396003)(39850400004)(346002)(136003)(376002)(451199021)(46966006)(36840700001)(40470700004)(30864003)(7696005)(2906002)(2616005)(6666004)(186003)(40480700001)(1076003)(70206006)(70586007)(8936002)(8676002)(41300700001)(6916009)(4326008)(316002)(26005)(478600001)(44832011)(5660300002)(54906003)(82740400003)(81166007)(82310400005)(36756003)(86362001)(40460700003)(36860700001)(47076005)(336012)(426003)(83380400001)(34070700002)(44824005);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Apr 2023 16:05:09.9081 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 89a95bb9-d3a6-415d-24f4-08db45a6d85c X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM7EUR03FT023.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR08MB5599 Content-Type: text/plain The Realm Aperture Management Protocol (RAMP) is used to manage the sharing of buffers between the Guest and Host. It configures the memory regions as Protected EMPTY or Protected RAM by calling RSI_IPA_STATE_SET command. The RAMP provides interfaces that device drivers can use to open/close apertures for sharing buffers. The RAMP also keeps track of the apertures that have been opened and closes them on ExitBootServices. It also registers for reset notification and closes all open apertures before the platform resets the system. Signed-off-by: Sami Mujawar --- ArmVirtPkg/ArmVirtPkg.dec | 3 + ArmVirtPkg/Include/Protocol/RealmApertureManagementProtocol.h | 103 +++ ArmVirtPkg/RealmApertureManagementProtocolDxe/RealmApertureManagementProtocolDxe.c | 656 ++++++++++++++++++++ ArmVirtPkg/RealmApertureManagementProtocolDxe/RealmApertureManagementProtocolDxe.inf | 48 ++ 4 files changed, 810 insertions(+) diff --git a/ArmVirtPkg/ArmVirtPkg.dec b/ArmVirtPkg/ArmVirtPkg.dec index c61ed9c492e97aa00ba9dbab1a5544354b6e7de7..5f5fb0f0d911f871ffdf0d8e7d1d181d31093679 100644 --- a/ArmVirtPkg/ArmVirtPkg.dec +++ b/ArmVirtPkg/ArmVirtPkg.dec @@ -44,6 +44,9 @@ [PcdsFeatureFlag] # gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|FALSE|BOOLEAN|0x00000004 +[Protocols] + gEfiRealmApertureManagementProtocolGuid = { 0x585c00be, 0xcf7c, 0x4db8, { 0x8a, 0xa2, 0x49, 0xd, 0x67, 0xf5, 0xf6, 0xe6 } } + [PcdsFixedAtBuild, PcdsPatchableInModule] # # This is the physical address where the device tree is expected to be stored diff --git a/ArmVirtPkg/Include/Protocol/RealmApertureManagementProtocol.h b/ArmVirtPkg/Include/Protocol/RealmApertureManagementProtocol.h new file mode 100644 index 0000000000000000000000000000000000000000..0f45fd296fd54ec536ed3d4bd7725350ab487295 --- /dev/null +++ b/ArmVirtPkg/Include/Protocol/RealmApertureManagementProtocol.h @@ -0,0 +1,103 @@ +/** @file + Realm Aperture Management Protocol (RAMP) + On Arm CCA Systems the Realm protects access and visibility of Guest memory + and code execution from software outside the realm. + + However, software executing in a Realm needs to interact with the external + world. This may be done using virtualised disk, network interfaces, etc. + The drivers for these virtualised devices need to share buffers with the host + OS to exchange information/data. + + Since the Guest memory is protected by the Realm, the host cannot access these + buffers unless the IPA state of the buffers is changed to Protected EMPTY by + the software executing in the Realm. + + By enabling the sharing of the buffers, we are essentially opening an + aperture so that the host OS can access the range of pages that are shared. + + The virtual firmware (Guest firmware) needs a mechanism to manage the sharing + of buffers. The Realm Aperture Management Protocol provides an interface that + UEFI drivers/modules can use to enable/disable the sharing of buffers with the + Host. The protocol also tracks open apertures and ensures they are shut on + ExitBootServices. + + Copyright (c) 2022 - 2023, ARM Ltd. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Glossary: + - RAMP - Realm Aperture Management Protocol +**/ + +#ifndef REALM_APERTURE_MANAGEMENT_PROTOCOL_H_ +#define REALM_APERTURE_MANAGEMENT_PROTOCOL_H_ + +/** This macro defines the Realm Aperture Management Protocol GUID. + + GUID: {585C00BE-CF7C-4DB8-8AA2-490D67F5F6E6} +*/ +#define EDKII_REALM_APERTURE_MANAGEMENT_PROTOCOL_GUID \ + { 0x585c00be, 0xcf7c, 0x4db8, \ + { 0x8a, 0xa2, 0x49, 0xd, 0x67, 0xf5, 0xf6, 0xe6 } \ + }; + +/** This macro defines the Realm Aperture Management Protocol Revision. +*/ +#define EDKII_REALM_APERTURE_MANAGEMENT_PROTOCOL_REVISION 0x00010000 + +#pragma pack(1) + +/** Enables sharing of the memory buffers with the host. + + @param [in] Memory Pointer to the page start address. + @param [in] Pages Number of pages to share. + @param [out] ApertureReference Reference to the opened aperture. + + @retval EFI_SUCCESS Success. + @retval EFI_INVALID_PARAMETER A parameter is invalid. + @retval EFI_OUT_OF_RESOURCES Memory allocation failed. + @retval EFI_ACCESS_DENIED Aperture already open over memory region. +**/ +typedef +EFI_STATUS +(EFIAPI *EDKII_REALM_APERTURE_MANAGEMENT_PROTOCOL_OPEN_APERTURE)( + IN CONST EFI_PHYSICAL_ADDRESS Memory, + IN CONST UINTN Pages, + OUT EFI_HANDLE *CONST ApertureReference + ); + +/** Disables the sharing of the buffers. + + @param [in] ApertureReference Reference to the aperture for closing. + + @retval EFI_SUCCESS The operation completed successfully. + @retval EFI_INVALID_PARAMETER A parameter is invalid. + @retval EFI_NOT_FOUND The required buffer information is not found. +**/ +typedef +EFI_STATUS +(EFIAPI *EDKII_REALM_APERTURE_MANAGEMENT_PROTOCOL_CLOSE_APERTURE)( + IN CONST EFI_HANDLE ApertureReference + ); + +/** A structure describing the interface provided by the Realm Aperture + Management Protocol. +*/ +typedef struct RealmApertureManagementProtocol { + /// The Realm Aperture Management Protocol revision. + UINT64 Revision; + + /// Shares Realm Pages(s) with the Host. + EDKII_REALM_APERTURE_MANAGEMENT_PROTOCOL_OPEN_APERTURE OpenAperture; + + /// Makes the Realm Pages(s) private to the Realm. + EDKII_REALM_APERTURE_MANAGEMENT_PROTOCOL_CLOSE_APERTURE CloseAperture; +} EDKII_REALM_APERTURE_MANAGEMENT_PROTOCOL; + +/** The Realm Aperture Management Protocol GUID. +*/ +extern EFI_GUID gEfiRealmApertureManagementProtocolGuid; + +#pragma pack() + +#endif // REALM_APERTURE_MANAGEMENT_PROTOCOL_H_ diff --git a/ArmVirtPkg/RealmApertureManagementProtocolDxe/RealmApertureManagementProtocolDxe.c b/ArmVirtPkg/RealmApertureManagementProtocolDxe/RealmApertureManagementProtocolDxe.c new file mode 100644 index 0000000000000000000000000000000000000000..f6c31125209468cfe24c4ea4b0eb74e08fe3e2f2 --- /dev/null +++ b/ArmVirtPkg/RealmApertureManagementProtocolDxe/RealmApertureManagementProtocolDxe.c @@ -0,0 +1,656 @@ +/** @file + Realm Aperture Management Protocol Dxe + + Copyright (c) 2022 - 2023, Arm Limited. All rights reserved. + + SPDX-License-Identifier: BSD-2-Clause-Patent + + @par Glossary: + - IPA - Intermediate Physical Address + - RAMP - Realm Aperture Management Protocol + - RIPAS - Realm IPA state + - RSI - Realm Service Interface +**/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/** + A macro defining the signature for the aperture information structure. +*/ +#define APERTURE_INFO_SIG SIGNATURE_64 ('A', 'P', 'E', 'R', 'T', 'U', 'R', 'E') + +/** + A structure describing the aperture. +*/ +typedef struct { + /// Signature for identifying this structure. + UINT64 Signature; + + /// The linked list entry. + LIST_ENTRY Link; + + /// The base address for the start of the aperture. + EFI_PHYSICAL_ADDRESS BaseAddress; + + /// The number of pages covered by the aperture. + UINTN Pages; + + /// The bit mask of attributes for the memory region. The + /// bit mask of available attributes is defined in GetMemoryMap(). + UINT64 MemoryAttributes; + + /// The RIPAS for the aperture. + RIPAS Ripas; +} APERTURE_INFO; + +/** + List of the APERTURE_INFO structures that have been set up by OpenAperture() + and not yet torn down by CloseAperture(). The list represents the full set + of open apertures currently in effect. +*/ +STATIC +LIST_ENTRY mApertureInfos = INITIALIZE_LIST_HEAD_VARIABLE (mApertureInfos); + +/** + A local variable to store the IPA width of the Realm. The IPA width + of the Realm is required to configure the protection attribute of + memory regions. +*/ +STATIC UINT64 mIpaWidth; + +/** Checks if an open aperture is overlapping the memory region. + + @param [in] Memory Pointer to the page start address. + @param [in] Pages Number of pages to share. + + @retval TRUE If memory region overlaps an open aperture. + @retval FALSE Memory region does not overlap any open apertures. +**/ +STATIC +BOOLEAN +EFIAPI +IsApertureOverlapping ( + IN CONST EFI_PHYSICAL_ADDRESS MemStart, + IN CONST UINTN Pages + ) +{ + LIST_ENTRY *Node; + LIST_ENTRY *NextNode; + APERTURE_INFO *ApertureInfo; + EFI_PHYSICAL_ADDRESS MemEnd; + EFI_PHYSICAL_ADDRESS ApertureStart; + EFI_PHYSICAL_ADDRESS ApertureEnd; + + MemEnd = MemStart + (EFI_PAGE_SIZE * Pages) - 1; + + // All drivers that had opened the apertures have halted their respective + // controllers by now; close all the apertures. + for ( + Node = GetFirstNode (&mApertureInfos); + Node != &mApertureInfos; + Node = NextNode + ) + { + NextNode = GetNextNode (&mApertureInfos, Node); + ApertureInfo = CR (Node, APERTURE_INFO, Link, APERTURE_INFO_SIG); + ApertureStart = ApertureInfo->BaseAddress; + ApertureEnd = ApertureStart + (EFI_PAGE_SIZE * ApertureInfo->Pages) - 1; + + if (((ApertureStart >= MemStart) && (ApertureStart <= MemEnd)) || + ((ApertureEnd >= MemStart) && (ApertureEnd <= MemEnd)) || + ((MemStart >= ApertureStart) && (MemStart <= ApertureEnd)) || + ((MemEnd >= ApertureStart) && (MemEnd <= ApertureEnd))) + { + return TRUE; + } + } + + return FALSE; +} + +/** Enables sharing of the memory buffers with the host. + + @param [in] Memory Pointer to the page start address. + @param [in] Pages Number of pages to share. + @param [out] ApertureReference Reference to the opened aperture. + + @retval EFI_SUCCESS Success. + @retval EFI_INVALID_PARAMETER A parameter is invalid. + @retval EFI_OUT_OF_RESOURCES Memory allocation failed. + @retval EFI_ACCESS_DENIED Aperture already open over memory region. +**/ +STATIC +EFI_STATUS +EFIAPI +RampOpenAperture ( + IN CONST EFI_PHYSICAL_ADDRESS Memory, + IN CONST UINTN Pages, + OUT EFI_HANDLE *CONST ApertureReference + ) +{ + EFI_STATUS Status; + EFI_STATUS Status1; + APERTURE_INFO *ApertInfo; + EFI_GCD_MEMORY_SPACE_DESCRIPTOR GcdDescriptor; + EFI_PHYSICAL_ADDRESS MemRangeAddr; + UINTN Index; + + if ((Memory == 0) || + (Pages == 0) || + (ApertureReference == NULL) || + ((Memory & (EFI_PAGE_SIZE - 1)) != 0)) + { + return EFI_INVALID_PARAMETER; + } + + // The pages size must be aligned to the Realm Granule size. + STATIC_ASSERT ((EFI_PAGE_SIZE & (REALM_GRANULE_SIZE - 1)) == 0); + + // Checks if we already have an open aperture that overlaps the + // memory region. If so return the request as invalid. + if (IsApertureOverlapping (Memory, Pages)) { + return EFI_INVALID_PARAMETER; + } + + MemRangeAddr = Memory; + for (Index = 0; Index < Pages; Index++) { + Status = gDS->GetMemorySpaceDescriptor (MemRangeAddr, &GcdDescriptor); + if (EFI_ERROR (Status)) { + return Status; + } + + DEBUG (( + DEBUG_INFO, + "%a: Memory = 0x%lx, MemType = %a\n", + __func__, + MemRangeAddr, + ((GcdDescriptor.Attributes & EFI_MEMORY_RUNTIME) == EFI_MEMORY_RUNTIME) ? + "Runtime Services Memory" : "Boot Services Memory" + )); + + // We currently do not have a usecase where we would want to open apertures + // for runtime services memory + if ((GcdDescriptor.Attributes & EFI_MEMORY_RUNTIME) == EFI_MEMORY_RUNTIME) { + return EFI_UNSUPPORTED; + } + + MemRangeAddr += EFI_PAGE_SIZE; + } // for + + Status = ArmCcaSetMemoryProtectAttribute ( + Memory, + EFI_PAGES_TO_SIZE (Pages), + mIpaWidth, + TRUE + ); + if (RETURN_ERROR (Status)) { + DEBUG (( + DEBUG_ERROR, + "ERROR: Failed to update page tables for Protected EMPTY page mapping, " + "Address = %p, Pages = 0x%lx, Status = %r\n", + Memory, + Pages, + Status + )); + return Status; + } + + // Allocate a APERTURE_INFO structure to remember the apertures opened. + ApertInfo = AllocateZeroPool (sizeof (APERTURE_INFO)); + if (ApertInfo == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto error_handler1; + } + + InitializeListHead (&ApertInfo->Link); + ApertInfo->Signature = APERTURE_INFO_SIG; + ApertInfo->BaseAddress = Memory; + ApertInfo->Pages = Pages; + ApertInfo->MemoryAttributes = GcdDescriptor.Attributes; + ApertInfo->Ripas = RIPAS_EMPTY; + + DEBUG (( + DEBUG_INFO, + "%a: ApertRef = 0x%p, Memory = 0x%lx, Pages = 0x%x, " + "MemoryAttributes = 0x%x, Ripas = 0x%x\n", + __func__, + ApertInfo, + ApertInfo->BaseAddress, + ApertInfo->Pages, + ApertInfo->MemoryAttributes, + ApertInfo->Ripas + )); + + // Set the Realm IPA state to Empty to open the Aperture + Status = RsiSetIpaState ( + (UINT64 *)Memory, + (Pages * EFI_PAGE_SIZE), + RIPAS_EMPTY + ); + if (RETURN_ERROR (Status)) { + DEBUG (( + DEBUG_ERROR, + "ERROR: RSI Set IPA State failed, Address = %p, Pages = 0x%lx, " + "Status = %r\n", + Memory, + Pages, + Status + )); + goto error_handler; + } + + DEBUG (( + DEBUG_INFO, + "SUCCESS: RSI Set IPA State complete, Address = %p, Pages = 0x%lx, " + "Status = %r\n", + Memory, + Pages, + Status + )); + + InsertHeadList (&mApertureInfos, &ApertInfo->Link); + *ApertureReference = (EFI_HANDLE *)&ApertInfo->Link; + + return Status; + +error_handler: + + FreePool (ApertInfo); + +error_handler1: + Status1 = ArmCcaSetMemoryProtectAttribute ( + Memory, + EFI_PAGES_TO_SIZE (Pages), + mIpaWidth, + TRUE + ); + if (RETURN_ERROR (Status1)) { + DEBUG (( + DEBUG_ERROR, + "ERROR: Failed to update page tables to Protected page mapping, " + "Address = %p, Pages = 0x%lx, Status = %r\n", + Memory, + Pages, + Status1 + )); + } + + *ApertureReference = NULL; + // return the first error code + return Status; +} + +/** Disables the sharing of the buffers. + + @param [in] ApertureReference Reference to the aperture for closing. + + @retval EFI_SUCCESS The operation completed successfully. + @retval EFI_INVALID_PARAMETER A parameter is invalid. + @retval EFI_NOT_FOUND The required buffer information is not found. +**/ +STATIC +EFI_STATUS +EFIAPI +RampCloseAperture ( + IN CONST EFI_HANDLE ApertureReference + ) +{ + EFI_STATUS Status; + APERTURE_INFO *ApertInfo = NULL; + + if (ApertureReference == NULL) { + return EFI_INVALID_PARAMETER; + } + + ApertInfo = CR (ApertureReference, APERTURE_INFO, Link, APERTURE_INFO_SIG); + if (ApertInfo == NULL) { + return EFI_NOT_FOUND; + } + + DEBUG (( + DEBUG_INFO, + "%a: ApertRef = 0x%p, Memory = 0x%lx, Pages = 0x%x, " + "MemoryAttributes = 0x%x, Ripas = 0x%x\n", + __func__, + ApertInfo, + ApertInfo->BaseAddress, + ApertInfo->Pages, + ApertInfo->MemoryAttributes, + ApertInfo->Ripas + )); + + // Set the Realm IPA state to RAM to close the Aperture + Status = RsiSetIpaState ( + (UINT64 *)ApertInfo->BaseAddress, + (ApertInfo->Pages * EFI_PAGE_SIZE), + RIPAS_RAM + ); + if (RETURN_ERROR (Status)) { + DEBUG (( + DEBUG_ERROR, + "ERROR: RSI Set IPA State failed, Address = %p, Pages = 0x%lx, " + "Status = %r\n", + ApertInfo->BaseAddress, + ApertInfo->Pages, + Status + )); + return Status; + } + + Status = ArmCcaSetMemoryProtectAttribute ( + ApertInfo->BaseAddress, + EFI_PAGES_TO_SIZE (ApertInfo->Pages), + mIpaWidth, + FALSE + ); + if (RETURN_ERROR (Status)) { + DEBUG (( + DEBUG_ERROR, + "ERROR: Failed to update page tables for Protected RAM page mapping," + "Address = %p, Pages = 0x%lx, Status = %r\n", + ApertInfo->BaseAddress, + ApertInfo->Pages, + Status + )); + } + + RemoveEntryList (&ApertInfo->Link); + FreePool (ApertInfo); + + return Status; +} + +/** Closes all open apertures. + +**/ +STATIC +VOID +EFIAPI +RampCloseAllApertures ( + VOID + ) +{ + LIST_ENTRY *Node; + LIST_ENTRY *NextNode; + APERTURE_INFO *ApertureInfo; + + // All drivers that had opened the apertures have halted their respective + // controllers by now; close all the apertures. + for ( + Node = GetFirstNode (&mApertureInfos); + Node != &mApertureInfos; + Node = NextNode + ) + { + NextNode = GetNextNode (&mApertureInfos, Node); + ApertureInfo = CR (Node, APERTURE_INFO, Link, APERTURE_INFO_SIG); + RampCloseAperture (&ApertureInfo->Link); + } +} + +/** + Notification function that is queued after the notification functions of all + events in the EFI_EVENT_GROUP_EXIT_BOOT_SERVICES event group. + + This function invokes the closing of all open apertures. + + @param[in] Event Event whose notification function is being invoked. Event + is permitted to request the queueing of this function + only at TPL_CALLBACK task priority level. + + @param[in] Context Ignored. +**/ +STATIC +VOID +EFIAPI +OnRampExitBootServicesEvent ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + RampCloseAllApertures (); +} + +/** + Notification function that is queued when gBS->ExitBootServices() signals the + EFI_EVENT_GROUP_EXIT_BOOT_SERVICES event group. This function signals another + event, received as Context, and returns. + + Signaling an event in this context is safe. The UEFI spec allows + gBS->SignalEvent() to return EFI_SUCCESS only; EFI_OUT_OF_RESOURCES is not + listed, hence memory is not allocated. + + @param[in] Event Event whose notification function is being invoked. + Event is permitted to request the queueing of this + function at TPL_CALLBACK or TPL_NOTIFY task + priority level. + + @param[in] EventToSignal Identifies the EFI_EVENT to signal. EventToSignal + is permitted to request the queueing of its + notification function only at TPL_CALLBACK level. +**/ +STATIC +VOID +EFIAPI +RampExitBootServices ( + IN EFI_EVENT Event, + IN VOID *EventToSignal + ) +{ + // (1) The NotifyFunctions of all the events in + // EFI_EVENT_GROUP_EXIT_BOOT_SERVICES will have been queued before + // RampExitBootServices() is entered. + // + // (2) RampExitBootServices() is executing minimally at TPL_CALLBACK. + // + // (3) RampExitBootServices() has been queued in unspecified order relative + // to the NotifyFunctions of all the other events in + // EFI_EVENT_GROUP_EXIT_BOOT_SERVICES whose NotifyTpl is the same as + // Event's. + // + // Consequences: + // + // - If Event's NotifyTpl is TPL_CALLBACK, then some other NotifyFunctions + // queued at TPL_CALLBACK may be invoked after RampExitBootServices() + // returns. + // + // - If Event's NotifyTpl is TPL_NOTIFY, then some other NotifyFunctions + // queued at TPL_NOTIFY may be invoked after RampExitBootServices() + // returns; plus *all* NotifyFunctions queued at TPL_CALLBACK will be + // invoked strictly after all NotifyFunctions queued at TPL_NOTIFY, + // including RampExitBootServices(), have been invoked. + // + // - By signaling EventToSignal here, whose NotifyTpl is TPL_CALLBACK, we + // queue EventToSignal's NotifyFunction after the NotifyFunctions of *all* + // events in EFI_EVENT_GROUP_EXIT_BOOT_SERVICES. + gBS->SignalEvent (EventToSignal); +} + +/** A structure describing the Realm Aperture Management protocol. +*/ +STATIC +CONST +EDKII_REALM_APERTURE_MANAGEMENT_PROTOCOL Ramp = { + EDKII_REALM_APERTURE_MANAGEMENT_PROTOCOL_REVISION, + RampOpenAperture, + RampCloseAperture +}; + +/** + This routine is called to close all apertures before system reset. + + @param[in] ResetType The type of reset to perform. + @param[in] ResetStatus The status code for the reset. + @param[in] DataSize The size, in bytes, of ResetData. + @param[in] ResetData For a ResetType of EfiResetCold, EfiResetWarm, or + EfiResetShutdown the data buffer starts with a Null- + terminated string, optionally followed by additional + binary data. The string is a description that the + caller may use to further indicate the reason for + the system reset. ResetData is only valid if + ResetStatus is something other than EFI_SUCCESS + unless the ResetType is EfiResetPlatformSpecific + where a minimum amount of ResetData is always + required. + For a ResetType of EfiResetPlatformSpecific the data + buffer also starts with a Null-terminated string + that is followed by an EFI_GUID that describes the + specific type of reset to perform. +**/ +VOID +EFIAPI +OnResetEvent ( + IN EFI_RESET_TYPE ResetType, + IN EFI_STATUS ResetStatus, + IN UINTN DataSize, + IN VOID *ResetData OPTIONAL + ) +{ + RampCloseAllApertures (); +} + +/** + Hook the system reset to close all apertures. + + @param[in] Event Event whose notification function is being invoked + @param[in] Context Pointer to the notification function's context +**/ +VOID +EFIAPI +OnResetNotificationInstall ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_STATUS Status; + EFI_RESET_NOTIFICATION_PROTOCOL *ResetNotify; + + Status = gBS->LocateProtocol ( + &gEfiResetNotificationProtocolGuid, + NULL, + (VOID **)&ResetNotify + ); + if (!EFI_ERROR (Status)) { + Status = ResetNotify->RegisterResetNotify (ResetNotify, OnResetEvent); + ASSERT_EFI_ERROR (Status); + DEBUG ((DEBUG_INFO, "RAMP: Hook system reset to close all apertures.\n")); + gBS->CloseEvent (Event); + } +} + +/** Entry point for Realm Aperture Management Protocol Dxe + + @param [in] ImageHandle Handle for this image. + @param [in] SystemTable Pointer to the EFI system table. + + @retval EFI_SUCCESS When executing in a Realm the RAMP was + installed successfully. + When execution context is not a Realm, this + function returns success indicating nothing + needs to be done and allow other modules to + run. + @retval EFI_OUT_OF_RESOURCES There was not enough memory to install the + protocols. + @retval EFI_INVALID_PARAMETER A parameter is invalid. + +**/ +EFI_STATUS +EFIAPI +RealmApertureManagementProtocolDxeInitialize ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_HANDLE Handle = NULL; + EFI_EVENT CloseAllAperturesEvent; + EFI_EVENT ExitBootEvent; + VOID *Registration; + + // When the execution context is a Realm, install the Realm Aperture + // Management protocol otherwise return success so that other modules + // can run. + if (!IsRealm ()) { + return EFI_SUCCESS; + } + + // Retrieve the IPA Width of the Realm for subsequent use to configure + // the protection attribute of memory regions. + Status = GetIpaWidth (&mIpaWidth); + if (EFI_ERROR (Status)) { + DEBUG (( + DEBUG_ERROR, + "ERROR: Failed to get Ipa Width, Status = %r\n", + Status + )); + ASSERT (0); + return Status; + } + + /* + Create the "late" event whose notification function will close all + apertures. + */ + Status = gBS->CreateEvent ( + EVT_NOTIFY_SIGNAL, // Type + TPL_CALLBACK, // NotifyTpl + OnRampExitBootServicesEvent, // NotifyFunction + NULL, // NotifyContext + &CloseAllAperturesEvent // Event + ); + if (EFI_ERROR (Status)) { + return Status; + } + + /* + Create the event whose notification function will be queued by + gBS->ExitBootServices() and will signal the event created above. + */ + Status = gBS->CreateEvent ( + EVT_SIGNAL_EXIT_BOOT_SERVICES, // Type + TPL_CALLBACK, // NotifyTpl + RampExitBootServices, // NotifyFunction + CloseAllAperturesEvent, // NotifyContext + &ExitBootEvent // Event + ); + if (EFI_ERROR (Status)) { + goto error_handler1; + } + + Status = gBS->InstallMultipleProtocolInterfaces ( + &Handle, + &gEfiRealmApertureManagementProtocolGuid, + &Ramp, + NULL + ); + if (!EFI_ERROR (Status)) { + // RAMP Protocol installed successfully + // Hook the system reset to close all apertures. + EfiCreateProtocolNotifyEvent ( + &gEfiResetNotificationProtocolGuid, + TPL_CALLBACK, + OnResetNotificationInstall, + NULL, + &Registration + ); + return Status; + } + + // cleanup on error + gBS->CloseEvent (ExitBootEvent); + +error_handler1: + gBS->CloseEvent (CloseAllAperturesEvent); + return Status; +} diff --git a/ArmVirtPkg/RealmApertureManagementProtocolDxe/RealmApertureManagementProtocolDxe.inf b/ArmVirtPkg/RealmApertureManagementProtocolDxe/RealmApertureManagementProtocolDxe.inf new file mode 100644 index 0000000000000000000000000000000000000000..2e3021b82bd75b7f41dc9427117a8394dfde2e68 --- /dev/null +++ b/ArmVirtPkg/RealmApertureManagementProtocolDxe/RealmApertureManagementProtocolDxe.inf @@ -0,0 +1,48 @@ +## @file +# Module to manage the sharing of buffers in a Realm with the Host. +# +# Copyright (c) 2022 - 2023, Arm Limited. All rights reserved. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x0001001B + BASE_NAME = RealmApertureManagementProtocolDxe + FILE_GUID = CEC2F7D5-2564-46D4-A23F-501623F7F56A + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = RealmApertureManagementProtocolDxeInitialize + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = AARCH64 +# + +[Sources] + RealmApertureManagementProtocolDxe.c + +[Packages] + ArmVirtPkg/ArmVirtPkg.dec + MdeModulePkg/MdeModulePkg.dec + MdePkg/MdePkg.dec + +[LibraryClasses] + ArmCcaLib + ArmCcaRsiLib + BaseLib + DxeServicesTableLib + MemoryAllocationLib + PrintLib + UefiBootServicesTableLib + UefiDriverEntryPoint + UefiLib + +[Protocols] + gEfiRealmApertureManagementProtocolGuid ## SOMETIME_PRODUCES + gEfiResetNotificationProtocolGuid ## CONSUMES + +[Depex] + TRUE -- 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'