Головна сторінка Огляд Довідка
Увійти
OWEALs
/
arm-trusted-firmware
дзеркало https://github.com/ARM-software/arm-trusted-firmware
2
0
Відгалуження 0
Файли Проблеми 1 Wiki
Дерево: dddded1414
Гілки Теги
arm-trusted-fir...
/
docs
/
design_documents
/
context_mgmt_rework.rst

context_mgmt_rework.rst 10 KB
Історія Запис

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197 
  1. Enhance Context Management library for EL3 firmware
    2. 

  2. ===================================================
    3. 

  3. 

  4. :Authors: Soby Mathew & Zelalem Aweke
    5. 

  5. :Organization: Arm Limited
    6. 

  6. :Contact: Soby Mathew <soby.mathew@arm.com> & Zelalem Aweke <zelalem.aweke@arm.com>
    7. 

  7. :Status: Implementation is ongoing. Refer to :ref:`Context Management Library` for more details.
    8. 

  8. 

  9. .. contents:: Table of Contents
    10. 

  10. 

  11. Introduction
    12. 

  12. ------------
    13. 

  13. The context management library in TF-A provides the basic CPU context
    14. 

  14. initialization and management routines for use by different components
    15. 

  15. in EL3 firmware. The original design of the library was done keeping in
    16. 

  16. mind the 2 world switch and hence this design pattern has been extended to
    17. 

  17. keep up with growing requirements of EL3 firmware. With the introduction
    18. 

  18. of a new Realm world and a separate Root world for EL3 firmware, it is clear
    19. 

  19. that this library needs to be refactored to cater for future enhancements and
    20. 

  20. reduce chances of introducing error in code. This also aligns with the overall
    21. 

  21. goal of reducing EL3 firmware complexity and footprint.
    22. 

  22. 

  23. It is expected that the suggestions below could have legacy implications and
    24. 

  24. hence we are mainly targeting SPM/RMM based systems. It is expected that these
    25. 

  25. legacy issues will need to be sorted out as part of implementation on a case
    26. 

  26. by case basis.
    27. 

  27. 

  28. Design Principles
    29. 

  29. -----------------
    30. 

  30. The below section lays down the design principles for re-factoring the context
    31. 

  31. management library :
    32. 

  32. 

  33. (1) **Decentralized model for context mgmt**
    34. 

  34. 

  35.     Both the Secure and Realm worlds have associated dispatcher component in
    36. 

  36.     EL3 firmware to allow management of their respective worlds. Allowing the
    37. 

  37.     dispatcher to own the context for their respective world and moving away
    38. 

  38.     from a centralized policy management by context management library will
    39. 

  39.     remove the world differentiation code in the library. This also means that
    40. 

  40.     the library will not be responsible for CPU feature enablement for
    41. 

  41.     Secure and Realm worlds. See point 3 and 4 for more details.
    42. 

  42. 

  43.     The Non Secure world does not have a dispatcher component and hence EL3
    44. 

  44.     firmware (BL31)/context management library needs to have routines to help
    45. 

  45.     initialize the Non Secure world context.
    46. 

  46. 

  47. (2) **EL3 should only initialize immediate used lower EL**
    48. 

  48. 

  49.     Due to the way TF-A evolved, from EL3 interacting with an S-EL1 payload to
    50. 

  50.     SPM in S-EL2, there is some code initializing S-EL1 registers which is
    51. 

  51.     probably redundant when SPM is present in S-EL2. As a principle, EL3
    52. 

  52.     firmware should only initialize the next immediate lower EL in use.
    53. 

  53.     If EL2 needs to be skipped and is not to be used at runtime, then
    54. 

  54.     EL3 can do the bare minimal EL2 init and init EL1 to prepare for EL3 exit.
    55. 

  55.     It is expected that this skip EL2 configuration is only needed for NS
    56. 

  56.     world to support legacy Android deployments. It is worth removing this
    57. 

  57.     `skip EL2 for Non Secure` config support if this is no longer used.
    58. 

  58. 

  59. (3) **Maintain EL3 sysregs which affect lower EL within CPU context**
    60. 

  60. 

  61.     The CPU context contains some EL3 sysregs and gets applied on a per-world
    62. 

  62.     basis (eg: cptr_el3, scr_el3, zcr_el3 is part of the context
    63. 

  63.     because different settings need to be applied between each world).
    64. 

  64.     But this design pattern is not enforced in TF-A. It is possible to directly
    65. 

  65.     modify EL3 sysreg dynamically during the transition between NS and Secure
    66. 

  66.     worlds. Having multiple ways of manipulating EL3 sysregs for different
    67. 

  67.     values between the worlds is flaky and error prone. The proposal is to
    68. 

  68.     enforce the rule that any EL3 sysreg which can be different between worlds
    69. 

  69.     is maintained in the CPU Context. Once the context is initialized the
    70. 

  70.     EL3 sysreg values corresponding to the world being entered will be restored.
    71. 

  71. 

  72. (4) **Allow more flexibility for Dispatchers to select feature set to save and restore**
    73. 

  73. 

  74.     The current functions for EL2 CPU context save and restore is a single
    75. 

  75.     function which takes care of saving and restoring all the registers for
    76. 

  76.     EL2. This method is inflexible and it does not allow to dynamically detect
    77. 

  77.     CPU features to select registers to save and restore. It also assumes that
    78. 

  78.     both Realm and Secure world will have the same feature set enabled from
    79. 

  79.     EL3 at runtime and makes it hard to enable different features for each
    80. 

  80.     world. The framework should cater for selective save and restore of CPU
    81. 

  81.     registers which can be controlled by the dispatcher.
    82. 

  82. 

  83.     For the implementation, this could mean that there is a separate assembly
    84. 

  84.     save and restore routine corresponding to Arch feature. The memory allocation
    85. 

  85.     within the CPU Context for each set of registers will be controlled by a
    86. 

  86.     FEAT_xxx build option. It is a valid configuration to have
    87. 

  87.     context memory allocated but not used at runtime based on feature detection
    88. 

  88.     at runtime or the platform owner has decided not to enable the feature
    89. 

  89.     for the particular world.
    90. 

  90. 

  91. Context Allocation and Initialization
    92. 

  92. -------------------------------------
    93. 

  93. 

  94. |context_mgmt_abs|
    95. 

  95. 

  96. .. |context_mgmt_abs| image::
    97. 

  97.    ../resources/diagrams/context_management_abs.png
    98. 

  98. 

  99. The above figure shows how the CPU context is allocated within TF-A. The
    100. 

  100. allocation for Secure and Realm world is by the respective dispatcher. In the case
    101. 

  101. of NS world, the context is allocated by the PSCI lib. This scheme allows TF-A
    102. 

  102. to be built in various configurations (with or without Secure/Realm worlds) and
    103. 

  103. will result in optimal memory footprint. The Secure and Realm world contexts are
    104. 

  104. initialized by invoking context management library APIs which then initialize
    105. 

  105. each world based on conditional evaluation of the security state of the
    106. 

  106. context. The proposal here is to move the conditional initialization
    107. 

  107. of context for Secure and Realm worlds to their respective dispatchers and
    108. 

  108. have the library do only the common init needed. The library can export
    109. 

  109. helpers to initialize registers corresponding to certain features but
    110. 

  110. should not try to do different initialization between the worlds. The library
    111. 

  111. can also export helpers for initialization of NS CPU Context since there is no
    112. 

  112. dispatcher for that world.
    113. 

  113. 

  114. This implies that any world specific code in context mgmt lib should now be
    115. 

  115. migrated to the respective "owners". To maintain compatibility with legacy, the
    116. 

  116. current functions can be retained in the lib and perhaps define new ones for
    117. 

  117. use by SPMD and RMMD. The details of this can be worked out during
    118. 

  118. implementation.
    119. 

  119. 

  120. Introducing Root Context
    121. 

  121. ------------------------
    122. 

  122. Till now, we have been ignoring the fact that Root world (or EL3) itself could
    123. 

  123. have some settings which are distinct from NS/S/Realm worlds. In this case,
    124. 

  124. Root world itself would need to maintain some sysregs settings for its own
    125. 

  125. execution and would need to use sysregs of lower EL (eg: PAuth, pmcr) to enable
    126. 

  126. some functionalities in EL3. The current sequence for context save and restore
    127. 

  127. in TF-A is as given below:
    128. 

  128. 

  129. |context_mgmt_existing|
    130. 

  130. 

  131. .. |context_mgmt_existing| image::
    132. 

  132.    ../resources/diagrams/context_mgmt_existing.png
    133. 

  133. 

  134. Note1: The EL3 CPU context is not a homogenous collection of EL3 sysregs but
    135. 

  135. a collection of EL3 and some other lower EL registers. The save and restore
    136. 

  136. is also not done homogenously but based on the objective of using the
    137. 

  137. particular register.
    138. 

  138. 

  139. Note2: The EL1 context save and restore can possibly be removed when switching
    140. 

  140. to S-EL2 as SPM can take care of saving the incoming NS EL1 context.
    141. 

  141. 

  142. It can be seen that the EL3 sysreg values applied while the execution is in Root
    143. 

  143. world corresponds to the world it came from (eg: if entering EL3 from NS world,
    144. 

  144. the sysregs correspond to the values in NS context). There is a case that EL3
    145. 

  145. itself may have some settings to apply for various reasons. A good example for
    146. 

  146. this is the cptr_el3 regsiter. Although FPU traps need to be disabled for
    147. 

  147. Non Secure, Secure and Realm worlds, the EL3 execution itself may keep the trap
    148. 

  148. enabled for the sake of robustness. Another example is, if the MTE feature
    149. 

  149. is enabled for a particular world, this feature will be enabled for Root world
    150. 

  150. as well when entering EL3 from that world. The firmware at EL3 may not
    151. 

  151. be expecting this feature to be enabled and may cause unwanted side-effects
    152. 

  152. which could be problematic. Thus it would be more robust if Root world is not
    153. 

  153. subject to EL3 sysreg values from other worlds but maintains its own values
    154. 

  154. which is stable and predictable throughout root world execution.
    155. 

  155. 

  156. There is also the case that when EL3 would like to make use of some
    157. 

  157. Architectural feature(s) or do some security hardening, it might need
    158. 

  158. programming of some lower EL sysregs. For example, if EL3 needs to make
    159. 

  159. use of Pointer Authentication (PAuth) feature, it needs to program
    160. 

  160. its own PAuth Keys during execution at EL3. Hence EL3 needs its
    161. 

  161. own copy of PAuth registers which needs to be restored on every
    162. 

  162. entry to EL3. A similar case can be made for DIT bit in PSTATE,
    163. 

  163. or use of SP_EL0 for C Runtime Stack at EL3.
    164. 

  164. 

  165. The proposal here is to maintain a separate root world CPU context
    166. 

  166. which gets applied for Root world execution. This is not the full
    167. 

  167. CPU_Context, but subset of EL3 sysregs (`el3_sysreg`) and lower EL
    168. 

  168. sysregs (`root_exc_context`) used by EL3. The save and restore
    169. 

  169. sequence for this Root context would need to be done in
    170. 

  170. an optimal way. The `el3_sysreg` does not need to be saved
    171. 

  171. on EL3 Exit and possibly only some registers in `root_exc_context`
    172. 

  172. of Root world context would need to be saved on EL3 exit (eg: SP_EL0).
    173. 

  173. 

  174. The new sequence for world switch including Root world context would
    175. 

  175. be as given below :
    176. 

  176. 

  177. |context_mgmt_proposed|
    178. 

  178. 

  179. .. |context_mgmt_proposed| image::
    180. 

  180.    ../resources/diagrams/context_mgmt_proposed.png
    181. 

  181. 

  182. Having this framework in place will allow Root world to make use of lower EL
    183. 

  183. registers easily for its own purposes and also have a fixed EL3 sysreg setting
    184. 

  184. which is not affected by the settings of other worlds. This will unify the
    185. 

  185. Root world register usage pattern for its own execution and remove some
    186. 

  186. of the adhoc usages in code.
    187. 

  187. 

  188. Conclusion
    189. 

  189. ----------
    190. 

  190. Of all the proposals, the introduction of Root world context would likely need
    191. 

  191. further prototyping to confirm the design and we will need to measure the
    192. 

  192. performance and memory impact of this change. Other changes are incremental
    193. 

  193. improvements which are thought to have negligible impact on EL3 performance.
    194. 

  194. 

  195. --------------
    196. 

  196. 

  197. *Copyright (c) 2022-2024, Arm Limited and Contributors. All rights reserved.*
    198.