Skip to content

Commit ec56d59

Browse files
soby-mathewTrustedFirmware Code Review
soby-mathew
authored and
TrustedFirmware Code Review
committed
Merge changes from topic "sm/rpkm" into integration
* changes: docs(rmmd): document the EL3-RMM IDE KM Interface feat(trp): test el3-rmm ide km interface feat(rmmd): el3-rmm ide key management interface
2 parents 05c7767 + 0616bf0 commit ec56d59

File tree

20 files changed

+880
-18
lines changed

20 files changed

+880
-18
lines changed

Makefile

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1239,6 +1239,7 @@ $(eval $(call assert_booleans,\
12391239
DISCRETE_TPM \
12401240
DICE_PROTECTION_ENVIRONMENT \
12411241
RMMD_ENABLE_EL3_TOKEN_SIGN \
1242+
RMMD_ENABLE_IDE_KEY_PROG \
12421243
DRTM_SUPPORT \
12431244
NS_TIMER_SWITCH \
12441245
OVERRIDE_LIBC \
@@ -1405,6 +1406,7 @@ $(eval $(call add_defines,\
14051406
ENABLE_PSCI_STAT \
14061407
ENABLE_RME \
14071408
RMMD_ENABLE_EL3_TOKEN_SIGN \
1409+
RMMD_ENABLE_IDE_KEY_PROG \
14081410
ENABLE_RUNTIME_INSTRUMENTATION \
14091411
ENABLE_SME_FOR_NS \
14101412
ENABLE_SME2_FOR_NS \

docs/components/rmm-el3-comms-spec.rst

Lines changed: 242 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ are explained below:
5252
- ``RES0``: Bit 31 of the version number is reserved 0 as to maintain
5353
consistency with the versioning schemes used in other parts of RMM.
5454

55-
This document specifies the 0.5 version of Boot Interface ABI and RMM-EL3
55+
This document specifies the 0.6 version of Boot Interface ABI and RMM-EL3
5656
services specification and the 0.5 version of the Boot Manifest.
5757

5858
.. _rmm_el3_boot_interface:
@@ -719,6 +719,247 @@ a failure. The errors are ordered by condition check.
719719
``E_RMM_OK``,No errors detected
720720

721721

722+
RMM_IDE_KEY_PROG command
723+
=========================
724+
725+
Set the key/IV info at Root port for an IDE stream as part of Device Assignment flow. This
726+
command is available from v0.6 of the RMM-EL3 interface.
727+
728+
Please refer to `IDE-KM RFC <https://github.com/TF-RMM/tf-rmm/wiki/RFC:-EL3-RMM-IDE-KM-Interface>`_
729+
for description of the IDE setup sequence and how this will be invoked by RMM.
730+
731+
The key is 256 bits and IV is 96 bits. The caller needs
732+
to call this SMC to program this key to the Rx, Tx ports and for each sub-stream
733+
corresponding to a single keyset.
734+
735+
FID
736+
---
737+
738+
``0xC40001B7``
739+
740+
Input values
741+
------------
742+
743+
.. csv-table:: Input values for RMM_IDE_KEY_PROG
744+
:header: "Name", "Register", "Field", "Type", "Description"
745+
:widths: 1 1 1 1 5
746+
747+
fid,x0,[63:0],UInt64,Command FID
748+
ecam_address,x1,[63:0],UInt64,Used to identify the root complex(RC)
749+
rp_id,x2,[63:0],UInt64,Used to identify the root port within the root complex(RC)
750+
Keyset[12]:Dir[11]:Substream[10:8]:StreamID[7:0],x3,[63:0],UInt64,IDE selective stream informationKey set: can be 0 or 1unused bits MBZ.
751+
KeqQW0,x4,[63:0],UInt64,Quad word of key [63:0]
752+
KeqQW1,x5,[63:0],UInt64,Quad word of key [127:64]
753+
KeqQW2,x6,[63:0],UInt64,Quad word of key [191:128]
754+
KeqQW3,x7,[63:0],UInt64,Quad word of key [255:192]
755+
IFVQW0,x8,[63:0],UInt64,Quad word of IV [63:0]
756+
IFVQW1,x9,[63:0],UInt64,Quad word of IV [95:64]
757+
request_id,x10,[63:0],UInt64,Used only in non-blocking mode. Ignored in blocking mode.
758+
cookie,x11,[63:0],UInt64,Used only in non-blocking mode. Ignored in blocking mode.
759+
760+
761+
Output values
762+
-------------
763+
764+
.. csv-table:: Output values for RMM_IDE_KEY_PROG
765+
:header: "Name", "Register", "Field", "Type", "Description"
766+
:widths: 1 1 1 2 4
767+
768+
Result,x0,[63:0],Error Code,Command return status
769+
770+
Failure conditions
771+
------------------
772+
773+
The table below shows all the possible error codes returned in ``Result`` upon
774+
a failure. The errors are ordered by condition check.
775+
776+
.. csv-table:: Failure conditions for RMM_IDE_KEY_PROG
777+
:header: "ID", "Condition"
778+
:widths: 1 5
779+
780+
``E_RMM_OK``,Key programming is successful.
781+
``E_RMM_FAULT``,Key programming is not successful.
782+
``E_RMM_INVAL``,Key programming arguments are incorrect.
783+
``E_RMM_UNK``,Unknown error or the SMC is not present if the version is < 0.6
784+
``E_RMM_AGAIN``,Returned only for non-blocking mode. IDE-KM interface is busy or request is full. Retry required.
785+
``E_RMM_INPROGRESS``,Returned only for non-blocking mode. The caller must issue RMM_IDE_KM_PULL_RESPONSE SMC to pull the response.
786+
787+
788+
RMM_IDE_KEY_SET_GO command
789+
==========================
790+
791+
Activate the IDE stream at Root Port once the keys have been programmed as part of
792+
Device Assignment flow. This command is available from v0.6 of the RMM-EL3 interface.
793+
794+
Please refer to `IDE-KM RFC <https://github.com/TF-RMM/tf-rmm/wiki/RFC:-EL3-RMM-IDE-KM-Interface>`_
795+
for description of the IDE setup sequence and info on how this will be invoked by RMM.
796+
797+
The caller(RMM) needs to ensure the EL3_IDE_KEY_PROG() call had succeeded prior to this call.
798+
799+
FID
800+
---
801+
802+
``0xC40001B8``
803+
804+
Input values
805+
------------
806+
807+
.. csv-table:: Input values for RMM_IDE_KEY_SET_GO
808+
:header: "Name", "Register", "Field", "Type", "Description"
809+
:widths: 1 1 1 1 5
810+
811+
fid,x0,[63:0],UInt64,Command FID
812+
ecam_address,x1,[63:0],UInt64,Used to identify the root complex(RC)
813+
rp_id,x2,[63:0],UInt64,Used to identify the root port within the root complex(RC)
814+
Keyset[12]:Dir[11]:Substream[10:8]:StreamID[7:0],x3,[63:0],UInt64,IDE selective stream information. Key set can be 0 or 1. Unused bits MBZ.
815+
request_id,x4,[63:0],UInt64,Used only in non-blocking mode. Ignored in blocking mode.
816+
cookie,x5,[63:0],UInt64,Used only in non-blocking mode. Ignored in blocking mode.
817+
818+
819+
Output values
820+
-------------
821+
822+
.. csv-table:: Output values for RMM_IDE_KEY_SET_GO
823+
:header: "Name", "Register", "Field", "Type", "Description"
824+
:widths: 1 1 1 2 4
825+
826+
Result,x0,[63:0],Error Code,Command return status
827+
828+
Failure conditions
829+
------------------
830+
831+
The table below shows all the possible error codes returned in ``Result`` upon
832+
a failure. The errors are ordered by condition check.
833+
834+
.. csv-table:: Failure conditions for RMM_IDE_KEY_SET_GO
835+
:header: "ID", "Condition"
836+
:widths: 1 5
837+
838+
``E_RMM_OK``,Key set go is successful.
839+
``E_RMM_FAULT``,Key set go is not successful.
840+
``E_RMM_INVAL``,incorrect arguments.
841+
``E_RMM_UNK``,Unknown error or the SMC is not present if the version is < 0.6.
842+
``E_RMM_AGAIN``,Returned only for non-blocking mode. IDE-KM interface is busy or request is full. Retry required.
843+
``E_RMM_INPROGRESS``,Returned only for non-blocking mode. The caller must issue RMM_IDE_KM_PULL_RESPONSE SMC to pull the response.
844+
845+
846+
RMM_IDE_KEY_SET_STOP command
847+
============================
848+
849+
Deactivate the IDE stream at Root Port as part of Device Assignment flow. This command is
850+
available from v0.6 of the RMM-EL3 interface.
851+
852+
Please refer to `IDE-KM RFC <https://github.com/TF-RMM/tf-rmm/wiki/RFC:-EL3-RMM-IDE-KM-Interface>`_
853+
for description of the IDE setup sequence and info on how this will be invoked by RMM.
854+
855+
This SMC is used to tear down an IDE Stream.
856+
857+
FID
858+
---
859+
860+
``0xC40001B9``
861+
862+
Input values
863+
------------
864+
865+
.. csv-table:: Input values for RMM_IDE_KEY_SET_STOP
866+
:header: "Name", "Register", "Field", "Type", "Description"
867+
:widths: 1 1 1 1 5
868+
869+
fid,x0,[63:0],UInt64,Command FID
870+
ecam_address,x1,[63:0],UInt64,Used to identify the root complex(RC)
871+
rp_id,x2,[63:0],UInt64,Used to identify the root port within the root complex(RC)
872+
Keyset[12]:Dir[11]:Substream[10:8]:StreamID[7:0],x3,[63:0],UInt64,IDE selective stream information. Key set can be 0 or 1. Unused bits MBZ.
873+
request_id,x4,[63:0],UInt64,Used only in non-blocking mode. Ignored in blocking mode.
874+
cookie,x5,[63:0],UInt64,Used only in non-blocking mode. Ignored in blocking mode.
875+
876+
877+
Output values
878+
-------------
879+
880+
.. csv-table:: Output values for RMM_IDE_KEY_SET_STOP
881+
:header: "Name", "Register", "Field", "Type", "Description"
882+
:widths: 1 1 1 2 4
883+
884+
Result,x0,[63:0],Error Code,Command return status
885+
886+
Failure conditions
887+
------------------
888+
889+
The table below shows all the possible error codes returned in ``Result`` upon
890+
a failure. The errors are ordered by condition check.
891+
892+
.. csv-table:: Failure conditions for RMM_IDE_KEY_SET_STOP
893+
:header: "ID", "Condition"
894+
:widths: 1 5
895+
896+
``E_RMM_OK``,Key set go is successful.
897+
``E_RMM_FAULT``,Key set go is not successful.
898+
``E_RMM_INVAL``,incorrect arguments.
899+
``E_RMM_UNK``,Unknown error or the SMC is not present if the version is < 0.6.
900+
``E_RMM_AGAIN``,Returned only for non-blocking mode. IDE-KM interface is busy or request is full. Retry required.
901+
``E_RMM_INPROGRESS``,Returned only for non-blocking mode. The caller must issue RMM_IDE_KM_PULL_RESPONSE SMC to pull the response.
902+
903+
904+
RMM_IDE_KM_PULL_RESPONSE command
905+
================================
906+
907+
Retrieve the response from Root Port to a previous non-blocking IDE-KM SMC request as part of
908+
Device Assignment flow. This command is available from v0.6 of the RMM-EL3 interface.
909+
910+
Please refer to `IDE-KM RFC <https://github.com/TF-RMM/tf-rmm/wiki/RFC:-EL3-RMM-IDE-KM-Interface>`_
911+
for description of the IDE setup sequence and info on how this will be invoked by RMM.
912+
913+
The response from this call could correspond to any of the last pending requests and the
914+
RMM needs to identify the request and populate the response. For blocking calls, this SMC
915+
always returns E_RMM_UNK.
916+
917+
FID
918+
---
919+
920+
``0xC40001BA``
921+
922+
Input values
923+
------------
924+
925+
.. csv-table:: Input values for RMM_IDE_KM_PULL_RESPONSE
926+
:header: "Name", "Register", "Field", "Type", "Description"
927+
:widths: 1 1 1 1 5
928+
929+
fid,x0,[63:0],UInt64,Command FID
930+
ecam_address,x1,[63:0],UInt64,Used to identify the root complex(RC)
931+
rp_id,x2,[63:0],UInt64,Used to identify the root port within the root complex(RC)
932+
933+
934+
Output values
935+
-------------
936+
937+
.. csv-table:: Output values for RMM_IDE_KM_PULL_RESPONSE
938+
:header: "Name", "Register", "Field", "Type", "Description"
939+
:widths: 1 1 1 2 4
940+
941+
Result,x0,[63:0],Error Code,Command return status
942+
Result,x1,[63:0],Error Code,Retrieved response corresponding to previous IDE_KM requests.
943+
Result,x2,[63:0],value,passthrough from requested SMC
944+
Result,x3,[63:0],value,passthrough from requested SMC
945+
946+
Failure conditions
947+
------------------
948+
949+
The table below shows all the possible error codes returned in ``Result`` upon
950+
a failure. The errors are ordered by condition check.
951+
952+
.. csv-table:: Failure conditions for RMM_IDE_KM_PULL_RESPONSE
953+
:header: "ID", "Condition"
954+
:widths: 1 5
955+
956+
``E_RMM_OK``,Key set go is successful.
957+
``E_RMM_FAULT``,Key set go is not successful.
958+
``E_RMM_INVAL``,incorrect arguments.
959+
``E_RMM_UNK``,Unknown error or the SMC is not present if the version is < 0.6.
960+
``E_RMM_AGAIN``,KM request is empty and no response if available.
961+
962+
722963
RMM-EL3 world switch register save restore convention
723964
_____________________________________________________
724965

0 commit comments

Comments
 (0)