Re: [RFC PATCH v1 25/30] ArmVirtPkg: Add ArmCcaDxe for early DXE phase initialisation

["Ard Biesheuvel" <ardb@kernel.org>]

On Tue, 25 Apr 2023 at 18:05, Sami Mujawar <sami.mujawar@arm.com> wrote:
>
> Add ArmCcaDxe for early DXE phase initialisation like setting
> up the monitor call conduit for Realm code
>
> The Realm code should use SMC as the conduit for monitor calls.
> Therefore, set the PcdMonitorConduitHvc to FALSE if the code is
> running in a Realm.
>
> Note: ArmCcaDxe is configured as an APRIORI DXE so that the DXE
> dispatcher can schedule this to be loaded at the very beginning
> of the Dxe phase. The DevicePathDxe.inf and Pcd.inf modules have
> also been included to satisfy the required dependencies.
>

Please find a way to achieve this without relying on APRIORI - this is
fragile and defeats the dependency based dispatch model that DXE is
based on.

IIUC the issue you are addressing is that the PCD must be set
correctly before any library that [transitively] depends on it is
used, right?

That simply means that the SMC/HVC functionality must be exposed as a
protocol rather than a library I.e., the 'monitor call' abstraction
library should be backed by a protocol, that could be implemented in
two different ways: using HVCs or using SMCs. The abstraction library
will DEPEX on the protocol, and nothing gets dispatched until one of
the two protocols is installed.

That gets rid of the dynamic PCD as well.


> Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
> ---
>  ArmVirtPkg/ArmCcaDxe/ArmCcaDxe.c   | 50 ++++++++++++++++++++
>  ArmVirtPkg/ArmCcaDxe/ArmCcaDxe.inf | 39 +++++++++++++++
>  ArmVirtPkg/ArmVirtKvmTool.dsc      |  5 +-
>  ArmVirtPkg/ArmVirtKvmTool.fdf      | 10 ++++
>  4 files changed, 102 insertions(+), 2 deletions(-)
>
> diff --git a/ArmVirtPkg/ArmCcaDxe/ArmCcaDxe.c b/ArmVirtPkg/ArmCcaDxe/ArmCcaDxe.c
> new file mode 100644
> index 0000000000000000000000000000000000000000..36a74f2521d2d92d404c42e86d5d37dd31a1972d
> --- /dev/null
> +++ b/ArmVirtPkg/ArmCcaDxe/ArmCcaDxe.c
> @@ -0,0 +1,50 @@
> +/** @file
> +  ArmCcaDxe
> +
> +  Copyright (c) 2022 - 2023, ARM Ltd. All rights reserved.<BR>
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Base.h>
> +#include <Library/ArmCcaLib.h>
> +#include <Library/ArmCcaRsiLib.h>
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/HobLib.h>
> +#include <Library/MemoryAllocationLib.h>
> +#include <Library/PcdLib.h>
> +#include <Library/DebugLib.h>
> +
> +/** Entrypoint of Arm CCA Dxe.
> +
> +  @param [in] ImageHandle   Image handle of this driver.
> +  @param [in] SystemTable   Pointer to the EFI System Table.
> +
> +  @retval RETURN_SUCCESS               Success.
> +  @retval EFI_NOT_FOUND                Required HOB not found.
> +**/
> +EFI_STATUS
> +EFIAPI
> +ArmCcaDxe (
> +  IN EFI_HANDLE        ImageHandle,
> +  IN EFI_SYSTEM_TABLE  *SystemTable
> +  )
> +{
> +  EFI_STATUS  Status;
> +
> +  if (!IsRealm ()) {
> +    // Nothing to do here, return SUCCESS.
> +    return EFI_SUCCESS;
> +  }
> +
> +  // Setup the conduit to be used by Realm code to SMC.
> +  Status = PcdSetBoolS (PcdMonitorConduitHvc, FALSE);
> +  if (EFI_ERROR (Status)) {
> +    DEBUG ((DEBUG_ERROR, "ERROR - Failed to set PcdMonitorConduitHvc\n"));
> +    ASSERT (0);
> +    return Status;
> +  }
> +
> +  return Status;
> +}
> diff --git a/ArmVirtPkg/ArmCcaDxe/ArmCcaDxe.inf b/ArmVirtPkg/ArmCcaDxe/ArmCcaDxe.inf
> new file mode 100644
> index 0000000000000000000000000000000000000000..df110ae54ce54f792fe9cf9420334dd1e6a3fc2c
> --- /dev/null
> +++ b/ArmVirtPkg/ArmCcaDxe/ArmCcaDxe.inf
> @@ -0,0 +1,39 @@
> +## @file
> +#  ArmCcaDxe
> +#
> +#  Copyright (c) 2022 - 2023, Arm Limited. All rights reserved.<BR>
> +#
> +#  SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +##
> +
> +[Defines]
> +  INF_VERSION                    = 0x0001001B
> +  BASE_NAME                      = ArmCcaDxe
> +  FILE_GUID                      = 6E474F73-7D50-46A8-9AEB-996B71599FE9
> +  MODULE_TYPE                    = DXE_DRIVER
> +  VERSION_STRING                 = 1.0
> +  ENTRY_POINT                    = ArmCcaDxe
> +
> +[Sources]
> +  ArmCcaDxe.c
> +
> +[LibraryClasses]
> +  ArmCcaLib
> +  BaseLib
> +  DebugLib
> +  HobLib
> +  PcdLib
> +  UefiDriverEntryPoint
> +
> +[Packages]
> +  ArmPkg/ArmPkg.dec
> +  ArmVirtPkg/ArmVirtPkg.dec
> +  MdeModulePkg/MdeModulePkg.dec
> +  MdePkg/MdePkg.dec
> +
> +[Pcd]
> +  gArmTokenSpaceGuid.PcdMonitorConduitHvc
> +
> +[Depex]
> +  TRUE
> diff --git a/ArmVirtPkg/ArmVirtKvmTool.dsc b/ArmVirtPkg/ArmVirtKvmTool.dsc
> index 9bc857ea88d00431bf4223f588f908eab7561a19..acf4ede48da2d33d50b5593a857f3815f427707c 100644
> --- a/ArmVirtPkg/ArmVirtKvmTool.dsc
> +++ b/ArmVirtPkg/ArmVirtKvmTool.dsc
> @@ -404,9 +404,10 @@ [Components.common]
>    #
>    SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
>
> -!if $(ARCH) == AARCH64
> +[Components.AARCH64]
>    #
>    # ACPI Support
>    #
>    ArmVirtPkg/KvmtoolCfgMgrDxe/ConfigurationManagerDxe.inf
> -!endif
> +
> +  ArmVirtPkg/ArmCcaDxe/ArmCcaDxe.inf
> diff --git a/ArmVirtPkg/ArmVirtKvmTool.fdf b/ArmVirtPkg/ArmVirtKvmTool.fdf
> index 8ccbccd71e134e0ea97d49380293687aca43e8b9..68bd0e9d82dc83a337d8127a598018381888d894 100644
> --- a/ArmVirtPkg/ArmVirtKvmTool.fdf
> +++ b/ArmVirtPkg/ArmVirtKvmTool.fdf
> @@ -117,6 +117,16 @@ [FV.FvMain]
>  READ_LOCK_CAP      = TRUE
>  READ_LOCK_STATUS   = TRUE
>
> +!if $(ARCH) == AARCH64
> +  APRIORI DXE {
> +    INF  MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
> +    INF  MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
> +    INF  ArmVirtPkg/ArmCcaDxe/ArmCcaDxe.inf
> +  }
> +
> +  INF ArmVirtPkg/ArmCcaDxe/ArmCcaDxe.inf
> +!endif
> +
>    INF MdeModulePkg/Core/Dxe/DxeMain.inf
>    INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
>    INF OvmfPkg/Fdt/VirtioFdtDxe/VirtioFdtDxe.inf
> --
> 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'
>