blob: 4ecdc31716a8c41f9895d96457cb07ccd2bc8003 [file] [log] [blame]
Abdellatif El Khlifi39d383b2023-08-04 14:33:40 +01001.. SPDX-License-Identifier: GPL-2.0+
2
3Arm FF-A Support
4================
5
6Summary
7-------
8
9FF-A stands for Firmware Framework for Arm A-profile processors.
10
11FF-A specifies interfaces that enable a pair of software execution environments aka partitions to
12communicate with each other. A partition could be a VM in the Normal or Secure world, an
13application in S-EL0, or a Trusted OS in S-EL1.
14
15The U-Boot FF-A support (the bus) implements the interfaces to communicate
16with partitions in the Secure world aka Secure partitions (SPs).
17
18The FF-A support specifically focuses on communicating with SPs that
19isolate portions of EFI runtime services that must run in a protected
20environment which is inaccessible by the Host OS or Hypervisor.
21Examples of such services are set/get variables.
22
23The FF-A support uses the SMC ABIs defined by the FF-A specification to:
24
25- Discover the presence of SPs of interest
26- Access an SP's service through communication protocols
27 e.g. EFI MM communication protocol
28
29At this stage of development only EFI boot-time services are supported.
30Runtime support will be added in future developments.
31
32The U-Boot FF-A support provides the following parts:
33
34- A Uclass driver providing generic FF-A methods.
35- An Arm FF-A device driver providing Arm-specific methods and reusing the Uclass methods.
Abdellatif El Khlifia09852d2023-08-04 14:33:41 +010036- A sandbox emulator for Arm FF-A, emulates the FF-A side of the Secure World and provides
37 FF-A ABIs inspection methods.
38- An FF-A sandbox device driver for FF-A communication with the emulated Secure World.
39 The driver leverages the FF-A Uclass to establish FF-A communication.
Abdellatif El Khlifia2f5c912023-08-04 14:33:42 +010040- Sandbox FF-A test cases.
Abdellatif El Khlifi39d383b2023-08-04 14:33:40 +010041
42FF-A and SMC specifications
43-------------------------------------------
44
45The current implementation of the U-Boot FF-A support relies on
46`FF-A v1.0 specification`_ and uses SMC32 calling convention which
47means using the first 32-bit data of the Xn registers.
48
49At this stage we only need the FF-A v1.0 features.
50
51The FF-A support has been tested with OP-TEE which supports SMC32 calling
52convention.
53
54Hypervisors are supported if they are configured to trap SMC calls.
55
56The FF-A support uses 64-bit registers as per `SMC Calling Convention v1.2 specification`_.
57
58Supported hardware
59--------------------------------
60
61Aarch64 plaforms
62
63Configuration
64----------------------
65
66CONFIG_ARM_FFA_TRANSPORT
67 Enables the FF-A support. Turn this on if you want to use FF-A
68 communication.
69 When using an Arm 64-bit platform, the Arm FF-A driver will be used.
Abdellatif El Khlifia09852d2023-08-04 14:33:41 +010070 When using sandbox, the sandbox FF-A emulator and FF-A sandbox driver will be used.
Abdellatif El Khlifi39d383b2023-08-04 14:33:40 +010071
72FF-A ABIs under the hood
73---------------------------------------
74
75Invoking an FF-A ABI involves providing to the secure world/hypervisor the
76expected arguments from the ABI.
77
78On an Arm 64-bit platform, the ABI arguments are stored in x0 to x7 registers.
79Then, an SMC instruction is executed.
80
81At the secure side level or hypervisor the ABI is handled at a higher exception
82level and the arguments are read and processed.
83
84The response is put back through x0 to x7 registers and control is given back
85to the U-Boot Arm FF-A driver (non-secure world).
86
87The driver reads the response and processes it accordingly.
88
89This methodology applies to all the FF-A ABIs.
90
91FF-A bus discovery on Arm 64-bit platforms
92---------------------------------------------
93
94When CONFIG_ARM_FFA_TRANSPORT is enabled, the FF-A bus is considered as
95an architecture feature and discovered using ARM_SMCCC_FEATURES mechanism.
96This discovery mechanism is performed by the PSCI driver.
97
98The PSCI driver comes with a PSCI device tree node which is the root node for all
99architecture features including FF-A bus.
100
101::
102
103 => dm tree
104
105 Class Index Probed Driver Name
106 -----------------------------------------------------------
Abdellatif El Khlifi39d383b2023-08-04 14:33:40 +0100107 firmware 0 [ + ] psci |-- psci
108 ffa 0 [ ] arm_ffa | `-- arm_ffa
Abdellatif El Khlifi39d383b2023-08-04 14:33:40 +0100109
110The PSCI driver is bound to the PSCI device and when probed it tries to discover
111the architecture features by calling a callback the features drivers provide.
112
113In case of FF-A, the callback is arm_ffa_is_supported() which tries to discover the
114FF-A framework by querying the FF-A framework version from secure world using
115FFA_VERSION ABI. When discovery is successful, the ARM_SMCCC_FEATURES
116mechanism creates a U-Boot device for the FF-A bus and binds the Arm FF-A driver
117with the device using device_bind_driver().
118
119At this stage the FF-A bus is registered with the DM and can be interacted with using
120the DM APIs.
121
122Clients are able to probe then use the FF-A bus by calling uclass_first_device().
Abdellatif El Khlifif16a48f2023-08-04 14:33:43 +0100123Please refer to the armffa command implementation as an example of how to probe
124and interact with the FF-A bus.
Abdellatif El Khlifi39d383b2023-08-04 14:33:40 +0100125
126When calling uclass_first_device(), the FF-A driver is probed and ends up calling
127ffa_do_probe() provided by the Uclass which does the following:
128
129 - saving the FF-A framework version in uc_priv
130 - querying from secure world the u-boot endpoint ID
131 - querying from secure world the supported features of FFA_RXTX_MAP
132 - mapping the RX/TX buffers
133 - querying from secure world all the partitions information
134
135When one of the above actions fails, probing fails and the driver stays not active
136and can be probed again if needed.
137
138Requirements for clients
139-------------------------------------
140
141When using the FF-A bus with EFI, clients must query the SPs they are looking for
142during EFI boot-time mode using the service UUID.
143
144The RX/TX buffers are only available at EFI boot-time. Querying partitions is
145done at boot time and data is cached for future use.
146
147RX/TX buffers should be unmapped before EFI runtime mode starts.
148The driver provides a bus operation for that called ffa_rxtx_unmap().
149
150The user should call ffa_rxtx_unmap() to unmap the RX/TX buffers when required
151(e.g: at efi_exit_boot_services()).
152
153The Linux kernel allocates its own RX/TX buffers. To be able to register these kernel buffers
154with secure world, the U-Boot's RX/TX buffers should be unmapped before EFI runtime starts.
155
156When invoking FF-A direct messaging, clients should specify which ABI protocol
157they want to use (32-bit vs 64-bit). Selecting the protocol means using
158the 32-bit or 64-bit version of FFA_MSG_SEND_DIRECT_{REQ, RESP}.
159The calling convention between U-Boot and the secure world stays the same: SMC32.
160
161Requirements for user drivers
162-------------------------------------
163
164Users who want to implement their custom FF-A device driver while reusing the FF-A Uclass can do so
165by implementing their own invoke_ffa_fn() in the user driver.
166
167The bus driver layer
168------------------------------
169
170FF-A support comes on top of the SMCCC layer and is implemented by the FF-A Uclass drivers/firmware/arm-ffa/arm-ffa-uclass.c
171
172The following features are provided:
173
174- Support for the 32-bit version of the following ABIs:
175
176 - FFA_VERSION
177 - FFA_ID_GET
178 - FFA_FEATURES
179 - FFA_PARTITION_INFO_GET
180 - FFA_RXTX_UNMAP
181 - FFA_RX_RELEASE
182 - FFA_RUN
183 - FFA_ERROR
184 - FFA_SUCCESS
185 - FFA_INTERRUPT
186 - FFA_MSG_SEND_DIRECT_REQ
187 - FFA_MSG_SEND_DIRECT_RESP
188
189- Support for the 64-bit version of the following ABIs:
190
191 - FFA_RXTX_MAP
192 - FFA_MSG_SEND_DIRECT_REQ
193 - FFA_MSG_SEND_DIRECT_RESP
194
195- Processing the received data from the secure world/hypervisor and caching it
196
197- Hiding from upper layers the FF-A protocol and registers details. Upper
198 layers focus on exchanged data, FF-A support takes care of how to transport
199 that to the secure world/hypervisor using FF-A
200
201- FF-A support provides driver operations to be used by upper layers:
202
203 - ffa_partition_info_get
204 - ffa_sync_send_receive
205 - ffa_rxtx_unmap
206
207- FF-A bus discovery makes sure FF-A framework is responsive and compatible
208 with the driver
209
210- FF-A bus can be compiled and used without EFI
211
Abdellatif El Khlifia09852d2023-08-04 14:33:41 +0100212Relationship between the sandbox emulator and the FF-A device
213---------------------------------------------------------------
214
215::
216
217 => dm tree
218
219 Class Index Probed Driver Name
220 -----------------------------------------------------------
221 ffa_emul 0 [ + ] sandbox_ffa_emul `-- arm-ffa-emul
222 ffa 0 [ ] sandbox_arm_ffa `-- sandbox-arm-ffa
223
Abdellatif El Khlifif16a48f2023-08-04 14:33:43 +0100224The armffa command
225-----------------------------------
226
227armffa is a command showcasing how to use the FF-A bus and how to invoke the driver operations.
228
229Please refer the command documentation at :doc:`../usage/cmd/armffa`
230
Abdellatif El Khlifi39d383b2023-08-04 14:33:40 +0100231Example of boot logs with FF-A enabled
232--------------------------------------
233
Abdellatif El Khlifi67969512023-08-09 12:47:30 +0100234For example, when using FF-A with Corstone-1000, debug logs enabled, the output is as follows:
Abdellatif El Khlifi39d383b2023-08-04 14:33:40 +0100235
236::
237
238 U-Boot 2023.01 (May 10 2023 - 11:08:07 +0000) corstone1000 aarch64
239
240 DRAM: 2 GiB
241 Arm FF-A framework discovery
242 FF-A driver 1.0
243 FF-A framework 1.0
244 FF-A versions are compatible
245 ...
246 FF-A driver 1.0
247 FF-A framework 1.0
248 FF-A versions are compatible
249 EFI: MM partition ID 0x8003
250 ...
251 EFI stub: Booting Linux Kernel...
252 ...
253 Linux version 6.1.9-yocto-standard (oe-user@oe-host) (aarch64-poky-linux-musl-gcc (GCC) 12.2.0, GNU ld (GNU Binutils) 2.40.202301193
254 Machine model: ARM Corstone1000 FPGA MPS3 board
255
256Contributors
257------------
258 * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
259
260.. _`FF-A v1.0 specification`: https://documentation-service.arm.com/static/5fb7e8a6ca04df4095c1d65e
261.. _`SMC Calling Convention v1.2 specification`: https://documentation-service.arm.com/static/5f8edaeff86e16515cdbe4c6