Commit 5647d32f authored by Will Deacon's avatar Will Deacon
Browse files

Merge branch 'for-next/cca' into for-next/core 

* for-next/cca:
  arm64: acpi: Enable ACPI CCEL support
  arm64: Enable EFI secret area Securityfs support
  arm64: realm: ioremap: Allow mapping memory as encrypted
parents 57f13e3d d02c2e45

arch/arm64/include/asm/io.h

+5 −1
Original line number Diff line number Diff line
@@ -274,6 +274,10 @@ int arm64_ioremap_prot_hook_register(const ioremap_prot_hook_t hook); 
#define ioremap_np(addr, size)	\

	ioremap_prot((addr), (size), __pgprot(PROT_DEVICE_nGnRnE))





#define ioremap_encrypted(addr, size)	\

	ioremap_prot((addr), (size), PAGE_KERNEL)



/*

 * io{read,write}{16,32,64}be() macros

 */
@@ -311,7 +315,7 @@ extern bool arch_memremap_can_ram_remap(resource_size_t offset, size_t size, 
static inline bool arm64_is_protected_mmio(phys_addr_t phys_addr, size_t size)

{

	if (unlikely(is_realm_world()))

		return __arm64_is_protected_mmio(phys_addr, size);

		return arm64_rsi_is_protected(phys_addr, size);

	return false;

}

arch/arm64/include/asm/rsi.h

+1 −1
Original line number Diff line number Diff line
@@ -16,7 +16,7 @@ DECLARE_STATIC_KEY_FALSE(rsi_present); 


void __init arm64_rsi_init(void);



bool __arm64_is_protected_mmio(phys_addr_t base, size_t size);

bool arm64_rsi_is_protected(phys_addr_t base, size_t size);



static inline bool is_realm_world(void)

{

arch/arm64/kernel/acpi.c

+10 −0
Original line number Diff line number Diff line
@@ -357,6 +357,16 @@ void __iomem *acpi_os_ioremap(acpi_physical_address phys, acpi_size size) 
			 * as long as we take care not to create a writable

			 * mapping for executable code.

			 */

			fallthrough;



		case EFI_ACPI_MEMORY_NVS:

			/*

			 * ACPI NVS marks an area reserved for use by the

			 * firmware, even after exiting the boot service.

			 * This may be used by the firmware for sharing dynamic

			 * tables/data (e.g., ACPI CCEL) with the OS. Map it

			 * as read-only.

			 */

			prot = PAGE_KERNEL_RO;

			break;

arch/arm64/kernel/rsi.c

+22 −4
Original line number Diff line number Diff line
@@ -84,7 +84,25 @@ static void __init arm64_rsi_setup_memory(void) 
	}

}



bool __arm64_is_protected_mmio(phys_addr_t base, size_t size)

/*

 * Check if a given PA range is Trusted (e.g., Protected memory, a Trusted Device

 * mapping, or an MMIO emulated in the Realm world).

 *

 * We can rely on the RIPAS value of the region to detect if a given region is

 * protected.

 *

 *  RIPAS_DEV - A trusted device memory or a trusted emulated MMIO (in the Realm

 *		world

 *  RIPAS_RAM - Memory (RAM), protected by the RMM guarantees. (e.g., Firmware

 *		reserved regions for data sharing).

 *

 *  RIPAS_DESTROYED is a special case of one of the above, where the host did

 *  something without our permission and as such we can't do anything about it.

 *

 * The only case where something is emulated by the untrusted hypervisor or is

 * backed by shared memory is indicated by RSI_RIPAS_EMPTY.

 */

bool arm64_rsi_is_protected(phys_addr_t base, size_t size)

{

	enum ripas ripas;

	phys_addr_t end, top;
@@ -101,18 +119,18 @@ bool __arm64_is_protected_mmio(phys_addr_t base, size_t size) 
			break;

		if (WARN_ON(top <= base))

			break;

		if (ripas != RSI_RIPAS_DEV)

		if (ripas == RSI_RIPAS_EMPTY)

			break;

		base = top;

	}



	return base >= end;

}

EXPORT_SYMBOL(__arm64_is_protected_mmio);

EXPORT_SYMBOL(arm64_rsi_is_protected);



static int realm_ioremap_hook(phys_addr_t phys, size_t size, pgprot_t *prot)

{

	if (__arm64_is_protected_mmio(phys, size))

	if (arm64_rsi_is_protected(phys, size))

		*prot = pgprot_encrypted(*prot);

	else

		*prot = pgprot_decrypted(*prot);

drivers/virt/coco/efi_secret/Kconfig

+1 −1
Original line number Diff line number Diff line 
# SPDX-License-Identifier: GPL-2.0-only

config EFI_SECRET

	tristate "EFI secret area securityfs support"

	depends on EFI && X86_64

	depends on EFI && (X86_64 || ARM64)

	select EFI_COCO_SECRET

	select SECURITYFS

	help