[edk2-devel] [PATCH v2 02/45] ArmPkg: Introduce SetMemoryProtectionAttribute() for Realms

Sami Mujawar Fri, 12 Apr 2024 07:33:47 -0700

Arm CCA requires the software in a Realm to treat the most
significant bit of an IPA as a protection attribute. To
enable/disable sharing of memory regions with the host, the
protection attribute needs to be set/cleared accordingly.


Therefore, introduce SetMemoryProtectionAttribute() so that
the memory regions can be shared/unshared with the host.

Cc: Ard Biesheuvel <ardb+tianoc...@kernel.org>
Cc: Leif Lindholm <quic_llind...@quicinc.com>
Signed-off-by: Sami Mujawar <sami.muja...@arm.com>
---
 ArmPkg/Include/Library/ArmMmuLib.h               | 55 ++++++++++++
 ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 90 ++++++++++++++++++++
 2 files changed, 145 insertions(+)

diff --git a/ArmPkg/Include/Library/ArmMmuLib.h 
b/ArmPkg/Include/Library/ArmMmuLib.h
index 
2ce948e8db1d34e5ba0228de3dc347e186f31c11..1cea71ee6e88d351a3c57c4b97fe229305bfc1af
 100644
--- a/ArmPkg/Include/Library/ArmMmuLib.h
+++ b/ArmPkg/Include/Library/ArmMmuLib.h
@@ -71,4 +71,59 @@ ArmSetMemoryAttributes (
   IN UINT64                AttributeMask
   );
 
+#ifdef MDE_CPU_AARCH64
+
+/**
+  Configure the protection attribute for the page tables
+  describing the memory region.
+
+  The IPA space of a Realm is divided into two halves:
+    - Protected IPA space and
+    - Unprotected IPA space.
+
+  Software in a Realm should treat the most significant bit of an
+  IPA as a protection attribute.
+
+  A Protected IPA is an address in the lower half of a Realms IPA
+  space. The most significant bit of a Protected IPA is 0.
+
+  An Unprotected IPA is an address in the upper half of a Realms
+  IPA space. The most significant bit of an Unprotected IPA is 1.
+
+  Note:
+  - Configuring the memory region as Unprotected IPA enables the
+    Realm to share the memory region with the Host.
+  - This function updates the page table entries to reflect the
+    protection attribute.
+  - A separate call to transition the memory range using the Realm
+    Service Interface (RSI) RSI_IPA_STATE_SET command is additionally
+    required and is expected to be done outside this function.
+  - The caller must ensure that this function call is invoked by code
+    executing within the Realm.
+
+    @param [in]  BaseAddress  Base address of the memory region.
+    @param [in]  Length       Length of the memory region.
+    @param [in]  IpaWidth     IPA width of the Realm.
+    @param [in]  Share        If TRUE, set the most significant
+                              bit of the IPA to configure the memory
+                              region as Unprotected IPA.
+                              If FALSE, clear the most significant
+                              bit of the IPA to configure the memory
+                              region as Protected IPA.
+
+    @retval EFI_SUCCESS            IPA protection attribute updated.
+    @retval EFI_INVALID_PARAMETER  A parameter is invalid.
+    @retval EFI_UNSUPPORTED        RME is not supported.
+**/
+EFI_STATUS
+EFIAPI
+SetMemoryProtectionAttribute (
+  IN  EFI_PHYSICAL_ADDRESS  BaseAddress,
+  IN  UINT64                Length,
+  IN  UINT64                IpaWidth,
+  IN  BOOLEAN               Share
+  );
+
+#endif
+
 #endif // ARM_MMU_LIB_H_
diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c 
b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c
index 
9d9c623581fe0010e35cb33c0c8ef4061720a6f7..25d32cceb61e1f0fd62d878202cf8ead05cfd9e2
 100644
--- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c
+++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c
@@ -7,6 +7,10 @@
 *
 *  SPDX-License-Identifier: BSD-2-Clause-Patent
 *
+*  @par Glossary:
+*    - Rsi or RSI   - Realm Service Interface
+*    - IPA          - Intermediate Physical Address
+*    - RIPAS        - Realm IPA state
 **/
 
 #include <Uefi.h>
@@ -749,3 +753,89 @@ ArmMmuBaseLibConstructor (
 
   return RETURN_SUCCESS;
 }
+
+/**
+  Configure the protection attribute for the page tables
+  describing the memory region.
+
+  The IPA space of a Realm is divided into two halves:
+    - Protected IPA space and
+    - Unprotected IPA space.
+
+  Software in a Realm should treat the most significant bit of an
+  IPA as a protection attribute.
+
+  A Protected IPA is an address in the lower half of a Realms IPA
+  space. The most significant bit of a Protected IPA is 0.
+
+  An Unprotected IPA is an address in the upper half of a Realms
+  IPA space. The most significant bit of an Unprotected IPA is 1.
+
+  Note:
+  - Configuring the memory region as Unprotected IPA enables the
+    Realm to share the memory region with the Host.
+  - This function updates the page table entries to reflect the
+    protection attribute.
+  - A separate call to transition the memory range using the Realm
+    Service Interface (RSI) RSI_IPA_STATE_SET command is additionally
+    required and is expected to be done outside this function.
+  - The caller must ensure that this function call is invoked by code
+    executing within the Realm.
+
+    @param [in]  BaseAddress  Base address of the memory region.
+    @param [in]  Length       Length of the memory region.
+    @param [in]  IpaWidth     IPA width of the Realm.
+    @param [in]  Share        If TRUE, set the most significant
+                              bit of the IPA to configure the memory
+                              region as Unprotected IPA.
+                              If FALSE, clear the most significant
+                              bit of the IPA to configure the memory
+                              region as Protected IPA.
+
+    @retval EFI_SUCCESS            IPA protection attribute updated.
+    @retval EFI_INVALID_PARAMETER  A parameter is invalid.
+    @retval EFI_UNSUPPORTED        RME is not supported.
+**/
+EFI_STATUS
+EFIAPI
+SetMemoryProtectionAttribute (
+  IN  EFI_PHYSICAL_ADDRESS  BaseAddress,
+  IN  UINT64                Length,
+  IN  UINT64                IpaWidth,
+  IN  BOOLEAN               Share
+  )
+{
+  UINT64  Attributes;
+  UINT64  Mask;
+  UINT64  ProtectionAttributeMask;
+
+  if ((Length == 0) || (IpaWidth == 0)) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  if (!ArmHasRme ()) {
+    return EFI_UNSUPPORTED;
+  }
+
+  /* Software in a Realm should treat the most significant bit of an
+     IPA as a protection attribute.
+  */
+  ProtectionAttributeMask = 1ULL << (IpaWidth - 1);
+
+  if (Share) {
+    Attributes = ProtectionAttributeMask;
+    Mask       = ~TT_ADDRESS_MASK_BLOCK_ENTRY;
+  } else {
+    Attributes = 0;
+    Mask       = ~(TT_ADDRESS_MASK_BLOCK_ENTRY | ProtectionAttributeMask);
+  }
+
+  return UpdateRegionMapping (
+           BaseAddress,
+           Length,
+           Attributes,
+           Mask,
+           ArmGetTTBR0BaseAddress (),
+           TRUE
+           );
+}
-- 
'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117669): https://edk2.groups.io/g/devel/message/117669
Mute This Topic: https://groups.io/mt/105483407/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH v2 02/45] ArmPkg: Introduce SetMemoryProtectionAttribute() for Realms

Reply via email to