From 2fccb228045696b98f83b1d865bac3c65d96b980 Mon Sep 17 00:00:00 2001 From: Antonio Nino Diaz Date: Tue, 24 Oct 2017 10:07:35 +0100 Subject: SPM: Introduce Secure Partition Manager A Secure Partition is a software execution environment instantiated in S-EL0 that can be used to implement simple management and security services. Since S-EL0 is an unprivileged exception level, a Secure Partition relies on privileged firmware e.g. ARM Trusted Firmware to be granted access to system and processor resources. Essentially, it is a software sandbox that runs under the control of privileged software in the Secure World and accesses the following system resources: - Memory and device regions in the system address map. - PE system registers. - A range of asynchronous exceptions e.g. interrupts. - A range of synchronous exceptions e.g. SMC function identifiers. A Secure Partition enables privileged firmware to implement only the absolutely essential secure services in EL3 and instantiate the rest in a partition. Since the partition executes in S-EL0, its implementation cannot be overly complex. The component in ARM Trusted Firmware responsible for managing a Secure Partition is called the Secure Partition Manager (SPM). The SPM is responsible for the following: - Validating and allocating resources requested by a Secure Partition. - Implementing a well defined interface that is used for initialising a Secure Partition. - Implementing a well defined interface that is used by the normal world and other secure services for accessing the services exported by a Secure Partition. - Implementing a well defined interface that is used by a Secure Partition to fulfil service requests. - Instantiating the software execution environment required by a Secure Partition to fulfil a service request. Change-Id: I6f7862d6bba8732db5b73f54e789d717a35e802f Co-authored-by: Douglas Raillard Co-authored-by: Sandrine Bailleux Co-authored-by: Achin Gupta Co-authored-by: Antonio Nino Diaz Signed-off-by: Antonio Nino Diaz --- include/plat/common/platform.h | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'include/plat/common/platform.h') diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h index e2bfa505..068d7aab 100644 --- a/include/plat/common/platform.h +++ b/include/plat/common/platform.h @@ -23,6 +23,8 @@ struct bl31_params; struct image_desc; struct bl_load_info; struct bl_params; +struct mmap_region; +struct secure_partition_boot_info; /******************************************************************************* * plat_get_rotpk_info() flags @@ -293,6 +295,13 @@ int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr); int plat_set_nv_ctr2(void *cookie, const struct auth_img_desc_s *img_desc, unsigned int nv_ctr); +/******************************************************************************* + * Secure Partitions functions + ******************************************************************************/ +const struct mmap_region *plat_get_secure_partition_mmap(void *cookie); +const struct secure_partition_boot_info *plat_get_secure_partition_boot_info( + void *cookie); + #if LOAD_IMAGE_V2 /******************************************************************************* * Mandatory BL image load functions(may be overridden). -- cgit v1.2.3