Home Explore Help
Sign In
OWEALs
/
arm-trusted-firmware
mirror of https://github.com/ARM-software/arm-trusted-firmware
2
0
Fork 0
Files Issues 1 Wiki
Branch: master
Branches Tags
arm-trusted-fir...
/
docs
/
components
/
debugfs-design.rst

debugfs-design.rst 4.3 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125 
  1. ========
    2. 

  2. Debug FS
    3. 

  3. ========
    4. 

  4. 

  5. .. contents::
    6. 

  6. 

  7. Overview
    8. 

  8. --------
    9. 

  9. 

  10. The *DebugFS* feature is primarily aimed at exposing firmware debug data to
    11. 

  11. higher SW layers such as a non-secure component. Such component can be the
    12. 

  12. TFTF test payload or a Linux kernel module.
    13. 

  13. 

  14. Virtual filesystem
    15. 

  15. ------------------
    16. 

  16. 

  17. The core functionality lies in a virtual file system based on a 9p file server
    18. 

  18. interface (`Notes on the Plan 9 Kernel Source`_ and
    19. 

  19. `Linux 9p remote filesystem protocol`_).
    20. 

  20. The implementation permits exposing virtual files, firmware drivers, and file blobs.
    21. 

  21. 

  22. Namespace
    23. 

  23. ~~~~~~~~~
    24. 

  24. 

  25. Two namespaces are exposed:
    26. 

  26. 

  27.   - # is used as root for drivers (e.g. #t0 is the first uart)
    28. 

  28.   - / is used as root for virtual "files" (e.g. /fip, or /dev/uart)
    29. 

  29. 

  30. 9p interface
    31. 

  31. ~~~~~~~~~~~~
    32. 

  32. 

  33. The associated primitives are:
    34. 

  34. 

  35. - Unix-like:
    36. 

  36. 

  37.   - open(): create a file descriptor that acts as a handle to the file passed as
    38. 

  38.     an argument.
    39. 

  39.   - close(): close the file descriptor created by open().
    40. 

  40.   - read(): read from a file to a buffer.
    41. 

  41.   - write(): write from a buffer to a file.
    42. 

  42.   - seek(): set the file position indicator of a file descriptor either to a
    43. 

  43.     relative or an absolute offset.
    44. 

  44.   - stat(): get information about a file (type, mode, size, ...).
    45. 

  45. 

  46. .. code:: c
    47. 

  47. 

  48.     int open(const char *name, int flags);
    49. 

  49.     int close(int fd);
    50. 

  50.     int read(int fd, void *buf, int n);
    51. 

  51.     int write(int fd, void *buf, int n);
    52. 

  52.     int seek(int fd, long off, int whence);
    53. 

  53.     int stat(char *path, dir_t *dir);
    54. 

  54. 

  55. - Specific primitives :
    56. 

  56. 

  57.   - mount(): create a link between a driver and spec.
    58. 

  58.   - create(): create a file in a specific location.
    59. 

  59.   - bind(): expose the content of a directory to another directory.
    60. 

  60. 

  61. .. code:: c
    62. 

  62. 

  63.     int mount(char *srv, char *mnt, char *spec);
    64. 

  64.     int create(const char *name, int flags);
    65. 

  65.     int bind(char *path, char *where);
    66. 

  66. 

  67. This interface is embedded into the BL31 run-time payload when selected by build
    68. 

  68. options. The interface multiplexes drivers or emulated "files":
    69. 

  69. 

  70. - Debug data can be partitioned into different virtual files e.g. expose PMF
    71. 

  71.   measurements through a file, and internal firmware state counters through
    72. 

  72.   another file.
    73. 

  73. - This permits direct access to a firmware driver, mainly for test purposes
    74. 

  74.   (e.g. a hardware device that may not be accessible to non-privileged/
    75. 

  75.   non-secure layers, or for which no support exists in the NS side).
    76. 

  76. 

  77. SMC interface
    78. 

  78. -------------
    79. 

  79. 

  80. The communication with the 9p layer in BL31 is made through an SMC conduit
    81. 

  81. (`SMC Calling Convention`_), using a specific SiP Function Id. An NS
    82. 

  82. shared buffer is used to pass path string parameters, or e.g. to exchange
    83. 

  83. data on a read operation. Refer to :ref:`ARM SiP Services <arm sip services>`
    84. 

  84. for a description of the SMC interface.
    85. 

  85. 

  86. Security considerations
    87. 

  87. -----------------------
    88. 

  88. 

  89. - Due to the nature of the exposed data, the feature is considered experimental
    90. 

  90.   and importantly **shall only be used in debug builds**.
    91. 

  91. - Several primitive imply string manipulations and usage of string formats.
    92. 

  92. - Special care is taken with the shared buffer to avoid TOCTOU attacks.
    93. 

  93. 

  94. Limitations
    95. 

  95. -----------
    96. 

  96. 

  97. - In order to setup the shared buffer, the component consuming the interface
    98. 

  98.   needs to allocate a physical page frame and transmit its address.
    99. 

  99. - In order to map the shared buffer, BL31 requires enabling the dynamic xlat
    100. 

  100.   table option.
    101. 

  101. - Data exchange is limited by the shared buffer length. A large read operation
    102. 

  102.   might be split into multiple read operations of smaller chunks.
    103. 

  103. - On concurrent access, a spinlock is implemented in the BL31 service to protect
    104. 

  104.   the internal work buffer, and re-entrancy into the filesystem layers.
    105. 

  105. - Notice, a physical device driver if exposed by the firmware may conflict with
    106. 

  106.   the higher level OS if the latter implements its own driver for the same
    107. 

  107.   physical device.
    108. 

  108. 

  109. Applications
    110. 

  110. ------------
    111. 

  111. 

  112. The SMC interface is accessible from an NS environment, that is:
    113. 

  113. 

  114. - a test payload, bootloader or hypervisor running at NS-EL2
    115. 

  115. - a Linux kernel driver running at NS-EL1
    116. 

  116. - a Linux userspace application through the kernel driver
    117. 

  117. 

  118. --------------
    119. 

  119. 

  120. *Copyright (c) 2019-2020, Arm Limited and Contributors. All rights reserved.*
    121. 

  121. 

  122. .. _SMC Calling Convention: https://developer.arm.com/docs/den0028/latest
    123. 

  123. .. _Notes on the Plan 9 Kernel Source: http://lsub.org/who/nemo/9.pdf
    124. 

  124. .. _Linux 9p remote filesystem protocol: https://www.kernel.org/doc/Documentation/filesystems/9p.txt
    125. 

  125. .. _ARM SiP Services: arm-sip-service.rst
    126.