SPM: FVP: Introduce port of SPM

This initial port of the Secure Partitions Manager to FVP supports BL31
in both SRAM and Trusted DRAM.

A document with instructions to build the SPM has been added.

Change-Id: I4ea83ff0a659be77f2cd72eaf2302cdf8ba98b32
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Achin Gupta <achin.gupta@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

include/plat/arm/board/common/board_arm_def.h

@@ -52,7 +52,17 @@
  * They are also used for the dynamically mapped regions in the images that
  * enable dynamic memory mapping.
  */
-#if defined(IMAGE_BL31) || defined(IMAGE_BL32)
+#if defined(IMAGE_BL31)
+# if ENABLE_SPM
+#  define PLAT_ARM_MMAP_ENTRIES		9
+#  define MAX_XLAT_TABLES		7
+#  define PLAT_SP_IMAGE_MMAP_REGIONS	7
+#  define PLAT_SP_IMAGE_MAX_XLAT_TABLES	10
+# else
+#  define PLAT_ARM_MMAP_ENTRIES		7
+#  define MAX_XLAT_TABLES		5
+# endif
+#elif defined(IMAGE_BL32)
 # define PLAT_ARM_MMAP_ENTRIES		7
 # define MAX_XLAT_TABLES		5
 #else
@@ -80,7 +90,11 @@
  * PLAT_ARM_MAX_BL31_SIZE is calculated using the current BL31 debug size plus a
  * little space for growth.
  */
+#if ENABLE_SPM
+#define PLAT_ARM_MAX_BL31_SIZE		0x28000
+#else
 #define PLAT_ARM_MAX_BL31_SIZE		0x1D000
+#endif
 
 #endif /* ARM_BOARD_OPTIMISE_MEM */
 

include/plat/arm/board/common/v2m_def.h

@@ -121,6 +121,11 @@
 						V2M_IOFPGA_SIZE,		\
 						MT_DEVICE | MT_RW | MT_SECURE)
 
+/* Region equivalent to V2M_MAP_IOFPGA suitable for mapping at EL0 */
+#define V2M_MAP_IOFPGA_EL0		MAP_REGION_FLAT(		\
+						V2M_IOFPGA_BASE,	\
+						V2M_IOFPGA_SIZE,	\
+						MT_DEVICE | MT_RW | MT_SECURE | MT_USER)
 
 
 #endif /* __V2M_DEF_H__ */

include/plat/arm/common/arm_def.h

@@ -378,7 +378,13 @@
  * Trusted DRAM (if available) or the DRAM region secured by the TrustZone
  * controller.
  */
-#if ARM_BL31_IN_DRAM
+#if ENABLE_SPM
+# define TSP_SEC_MEM_BASE		(ARM_AP_TZC_DRAM1_BASE + ULL(0x200000))
+# define TSP_SEC_MEM_SIZE		(ARM_AP_TZC_DRAM1_SIZE - ULL(0x200000))
+# define BL32_BASE			(ARM_AP_TZC_DRAM1_BASE + ULL(0x200000))
+# define BL32_LIMIT			(ARM_AP_TZC_DRAM1_BASE +	\
+						ARM_AP_TZC_DRAM1_SIZE)
+#elif ARM_BL31_IN_DRAM
 # define TSP_SEC_MEM_BASE		(ARM_AP_TZC_DRAM1_BASE +	\
 						PLAT_ARM_MAX_BL31_SIZE)
 # define TSP_SEC_MEM_SIZE		(ARM_AP_TZC_DRAM1_SIZE -	\
@@ -409,11 +415,14 @@
 # error "Unsupported ARM_TSP_RAM_LOCATION_ID value"
 #endif
 
-/* BL32 is mandatory in AArch32 */
+/*
+ * BL32 is mandatory in AArch32. In AArch64, undefine BL32_BASE if there is no
+ * SPD and no SPM, as they are the only ones that can be used as BL32.
+ */
 #ifndef AARCH32
-#ifdef SPD_none
-#undef BL32_BASE
-#endif /* SPD_none */
+# if defined(SPD_none) && !ENABLE_SPM
+#  undef BL32_BASE
+# endif
 #endif
 
 /*******************************************************************************

include/plat/arm/common/arm_spm_def.h

@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+#ifndef __ARM_SPM_DEF_H__
+#define __ARM_SPM_DEF_H__
+
+#include <arm_def.h>
+#include <platform_def.h>
+#include <utils_def.h>
+#include <xlat_tables_defs.h>
+
+/*
+ * If BL31 is placed in DRAM, place the Secure Partition in DRAM right after the
+ * region used by BL31. If BL31 it is placed in SRAM, put the Secure Partition
+ * at the base of DRAM.
+ */
+#define ARM_SP_IMAGE_BASE		BL32_BASE
+#define ARM_SP_IMAGE_LIMIT		BL32_LIMIT
+/* The maximum size of the S-EL0 payload can be 3MB */
+#define ARM_SP_IMAGE_SIZE		ULL(0x300000)
+
+#ifdef IMAGE_BL2
+/* SPM Payload memory. Mapped as RW in BL2. */
+#define ARM_SP_IMAGE_MMAP		MAP_REGION_FLAT(			\
+						ARM_SP_IMAGE_BASE,		\
+						ARM_SP_IMAGE_SIZE,		\
+						MT_MEMORY | MT_RW | MT_SECURE)
+#endif
+#ifdef IMAGE_BL31
+/* SPM Payload memory. Mapped as code in S-EL1 */
+#define ARM_SP_IMAGE_MMAP		MAP_REGION2(				\
+						ARM_SP_IMAGE_BASE,		\
+						ARM_SP_IMAGE_BASE,		\
+						ARM_SP_IMAGE_SIZE,		\
+						MT_CODE | MT_SECURE | MT_USER,	\
+						PAGE_SIZE)
+#endif
+
+/*
+ * Memory shared between EL3 and S-EL0. It is used by EL3 to push data into
+ * S-EL0, so it is mapped with RW permission from EL3 and with RO permission
+ * from S-EL0. Placed after SPM Payload memory.
+ */
+#define PLAT_SPM_BUF_BASE		(ARM_SP_IMAGE_BASE + ARM_SP_IMAGE_SIZE)
+#define PLAT_SPM_BUF_SIZE		ULL(0x100000)
+
+#define ARM_SPM_BUF_EL3_MMAP		MAP_REGION_FLAT(			\
+						PLAT_SPM_BUF_BASE,		\
+						PLAT_SPM_BUF_SIZE,		\
+						MT_RW_DATA | MT_SECURE)
+#define ARM_SPM_BUF_EL0_MMAP		MAP_REGION2(			\
+						PLAT_SPM_BUF_BASE,		\
+						PLAT_SPM_BUF_BASE,		\
+						PLAT_SPM_BUF_SIZE,		\
+						MT_RO_DATA | MT_SECURE | MT_USER,\
+						PAGE_SIZE)
+
+/*
+ * Memory shared between Normal world and S-EL0 for passing data during service
+ * requests. Mapped as RW and NS. Placed after the shared memory between EL3 and
+ * S-EL0.
+ */
+#define ARM_SP_IMAGE_NS_BUF_BASE	(PLAT_SPM_BUF_BASE + PLAT_SPM_BUF_SIZE)
+#define ARM_SP_IMAGE_NS_BUF_SIZE	ULL(0x10000)
+#define ARM_SP_IMAGE_NS_BUF_MMAP	MAP_REGION2(				\
+						ARM_SP_IMAGE_NS_BUF_BASE,	\
+						ARM_SP_IMAGE_NS_BUF_BASE,	\
+						ARM_SP_IMAGE_NS_BUF_SIZE,	\
+						MT_RW_DATA | MT_NS | MT_USER,	\
+						PAGE_SIZE)
+
+/*
+ * RW memory, which uses the remaining Trusted DRAM. Placed after the memory
+ * shared between Secure and Non-secure worlds. First there is the stack memory
+ * for all CPUs and then there is the common heap memory. Both are mapped with
+ * RW permissions.
+ */
+#define PLAT_SP_IMAGE_STACK_BASE	(ARM_SP_IMAGE_NS_BUF_BASE +		\
+						ARM_SP_IMAGE_NS_BUF_SIZE)
+#define PLAT_SP_IMAGE_STACK_PCPU_SIZE	ULL(0x2000)
+#define ARM_SP_IMAGE_STACK_TOTAL_SIZE	(PLATFORM_CORE_COUNT *			\
+					 PLAT_SP_IMAGE_STACK_PCPU_SIZE)
+
+#define ARM_SP_IMAGE_HEAP_BASE		(PLAT_SP_IMAGE_STACK_BASE +		\
+					 ARM_SP_IMAGE_STACK_TOTAL_SIZE)
+#define ARM_SP_IMAGE_HEAP_SIZE		(ARM_SP_IMAGE_LIMIT - ARM_SP_IMAGE_HEAP_BASE)
+
+#define ARM_SP_IMAGE_RW_MMAP		MAP_REGION2(				\
+						PLAT_SP_IMAGE_STACK_BASE,	\
+						PLAT_SP_IMAGE_STACK_BASE,	\
+						(ARM_SP_IMAGE_LIMIT -		\
+						 PLAT_SP_IMAGE_STACK_BASE),	\
+						MT_RW_DATA | MT_SECURE | MT_USER,\
+						PAGE_SIZE)
+
+/* Total number of memory regions with distinct properties */
+#define ARM_SP_IMAGE_NUM_MEM_REGIONS	6
+
+/* Cookies passed to the Secure Partition at boot. Not used by ARM platforms. */
+#define PLAT_SPM_COOKIE_0		ULL(0)
+#define PLAT_SPM_COOKIE_1		ULL(0)
+
+#endif /* __ARM_SPM_DEF_H__ */