From nobody Fri Oct 10 13:49:44 2025 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9B61A2D879C for ; Fri, 13 Jun 2025 11:12:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749813150; cv=none; b=XYU8F9b1865TTB40nygSsH93qLn01g0Qw4FBbImseTzLMgZnJsc/Wclr6/v32+Xbcj00kZoz4wSIm8CcyRV8+ve5uuodHAW313q7Ferz/0q2p2zBU1JhDA8+QUDWePHANnmbVMqAD4u4ccC28ZGO1Zbsfd5okiu59+yCPcZCw68= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749813150; c=relaxed/simple; bh=0REG/zbLfQM6oL3as2H+NdQ8dWf2KHS+uwkIi/jVwfM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KJCFZJxBrDc+3oWL9wmbjHd9YKxQfTXor/JHE8Jw2XV1S8l2lUCUqCuiE7EosQo6xMpKcwWOIDxFIP8xLk9QsJEKTqJn8rdygKaZM7ZWfqVLhnZpA+uxy8qTqEEy63zxtjKWIOiYyKtFSd6vZN5SgnL8Gkb+yVx6v99GhyAqOzU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id ECA9E1D14; Fri, 13 Jun 2025 04:12:01 -0700 (PDT) Received: from ewhatever.cambridge.arm.com (ewhatever.cambridge.arm.com [10.1.197.1]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 284E63F59E; Fri, 13 Jun 2025 04:12:21 -0700 (PDT) From: Suzuki K Poulose To: linux-arm-kernel@lists.infradead.org Cc: will@kernel.org, catalin.marinas@arm.com, sami.mujawar@arm.com, aneesh.kumar@kernel.org, steven.price@arm.com, linux-kernel@vger.kernel.org, sudeep.holla@arm.com, Suzuki K Poulose Subject: [PATCH 1/3] arm64: realm: ioremap: Allow mapping memory as encrypted Date: Fri, 13 Jun 2025 12:11:51 +0100 Message-ID: <20250613111153.1548928-2-suzuki.poulose@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250613111153.1548928-1-suzuki.poulose@arm.com> References: <20250613111153.1548928-1-suzuki.poulose@arm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" For ioremap(), so far we only checked if it was a device (RIPAS_DEV) to cho= ose an encrypted vs decrypted mapping. However, we may have firmware reserved m= emory regions exposed to the OS (e.g., EFI Coco Secret Securityfs, ACPI CCEL). We need to make sure that anything that is RIPAS_RAM (i.e., Guest protected memory with RMM guarantees) are also mapped as encrypted. Rephrasing the above, anything that is not RIPAS_EMPTY is guaranteed to be protected by the RMM. Thus we choose encrypted mapping for anything that is= not RIPAS_EMPTY. While at it, rename the helper function __arm64_is_protected_mmio =3D> arm64_rsi_is_protected to clearly indicate that this not an arm64 generic helper, but something to= do with Realms. Cc: Sami Mujawar Cc: Will Deacon Cc: Catalin Marinas Cc: "Aneesh Kumar K.V" Cc: Steven Price Signed-off-by: Suzuki K Poulose Reviewed-by: Gavin Shan Reviewed-by: Steven Price Tested-by: Sami Mujawar --- arch/arm64/include/asm/io.h | 2 +- arch/arm64/include/asm/rsi.h | 2 +- arch/arm64/kernel/rsi.c | 26 ++++++++++++++++++++++---- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/arch/arm64/include/asm/io.h b/arch/arm64/include/asm/io.h index 9b96840fb979..82276282a3c7 100644 --- a/arch/arm64/include/asm/io.h +++ b/arch/arm64/include/asm/io.h @@ -311,7 +311,7 @@ extern bool arch_memremap_can_ram_remap(resource_size_t= offset, size_t size, static inline bool arm64_is_protected_mmio(phys_addr_t phys_addr, size_t s= ize) { if (unlikely(is_realm_world())) - return __arm64_is_protected_mmio(phys_addr, size); + return arm64_rsi_is_protected(phys_addr, size); return false; } =20 diff --git a/arch/arm64/include/asm/rsi.h b/arch/arm64/include/asm/rsi.h index b42aeac05340..88b50d660e85 100644 --- a/arch/arm64/include/asm/rsi.h +++ b/arch/arm64/include/asm/rsi.h @@ -16,7 +16,7 @@ DECLARE_STATIC_KEY_FALSE(rsi_present); =20 void __init arm64_rsi_init(void); =20 -bool __arm64_is_protected_mmio(phys_addr_t base, size_t size); +bool arm64_rsi_is_protected(phys_addr_t base, size_t size); =20 static inline bool is_realm_world(void) { diff --git a/arch/arm64/kernel/rsi.c b/arch/arm64/kernel/rsi.c index ce4778141ec7..c64a06f58c0b 100644 --- a/arch/arm64/kernel/rsi.c +++ b/arch/arm64/kernel/rsi.c @@ -84,7 +84,25 @@ static void __init arm64_rsi_setup_memory(void) } } =20 -bool __arm64_is_protected_mmio(phys_addr_t base, size_t size) +/* + * Check if a given PA range is Trusted (e.g., Protected memory, a Trusted= Device + * mapping, or an MMIO emulated in the Realm world). + * + * We can rely on the RIPAS value of the region to detect if a given regio= n is + * protected. + * + * RIPAS_DEV - A trusted device memory or a trusted emulated MMIO (in the= Realm + * world + * RIPAS_RAM - Memory (RAM), protected by the RMM guarantees. (e.g., Firm= ware + * reserved regions for data sharing). + * + * RIPAS_DESTROYED is a special case of one of the above, where the host = did + * something without our permission and as such we can't do anything abou= t it. + * + * The only case where something is emulated by the untrusted hypervisor o= r is + * backed by shared memory is indicated by RSI_RIPAS_EMPTY. + */ +bool arm64_rsi_is_protected(phys_addr_t base, size_t size) { enum ripas ripas; phys_addr_t end, top; @@ -101,18 +119,18 @@ bool __arm64_is_protected_mmio(phys_addr_t base, size= _t size) break; if (WARN_ON(top <=3D base)) break; - if (ripas !=3D RSI_RIPAS_DEV) + if (ripas =3D=3D RSI_RIPAS_EMPTY) break; base =3D top; } =20 return base >=3D end; } -EXPORT_SYMBOL(__arm64_is_protected_mmio); +EXPORT_SYMBOL(arm64_rsi_is_protected); =20 static int realm_ioremap_hook(phys_addr_t phys, size_t size, pgprot_t *pro= t) { - if (__arm64_is_protected_mmio(phys, size)) + if (arm64_rsi_is_protected(phys, size)) *prot =3D pgprot_encrypted(*prot); else *prot =3D pgprot_decrypted(*prot); --=20 2.43.0 From nobody Fri Oct 10 13:49:44 2025 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 525902D320C for ; Fri, 13 Jun 2025 11:12:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749813145; cv=none; b=P7ePpLBsC9NwSMW1cwS9VWvIUTHUMkbPXovyES+ns5oL6Y0ClDWRFTiD9eCPT8KsMlse+MhRVpHqUHGL0nhC4dGj4/ABU1SlMi+rOd3yNlkGwisTXKZeIoA5FTrnjMV7BEP2UwZSmJsn9VWIlrEKX6nCzjzRI+5ECNGVfLq75p8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749813145; c=relaxed/simple; bh=w0v50HIU2Vj2JQBBTN8UA4VKSZwTuBf0d2cykfkU/iM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=W+QdNy75Mf9diRyTbsoaa+59v2A4UuCbGKkedpkdelHmAfPpOj7Kj4iqxahGIo89iWj9Qh5GrNjqCyMPqb6SGivr33OE166rCUlelYTlcnGd2LMNzT4mq7XZA24DCDD+KDJUIxI0bYdjqWE6Gs2RIWhBOC5sRIILi1K4YjuFfxM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 59C431D6F; Fri, 13 Jun 2025 04:12:03 -0700 (PDT) Received: from ewhatever.cambridge.arm.com (ewhatever.cambridge.arm.com [10.1.197.1]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 899263F59E; Fri, 13 Jun 2025 04:12:22 -0700 (PDT) From: Suzuki K Poulose To: linux-arm-kernel@lists.infradead.org Cc: will@kernel.org, catalin.marinas@arm.com, sami.mujawar@arm.com, aneesh.kumar@kernel.org, steven.price@arm.com, linux-kernel@vger.kernel.org, sudeep.holla@arm.com, Suzuki K Poulose Subject: [PATCH 2/3] arm64: Enable EFI secret area Securityfs support Date: Fri, 13 Jun 2025 12:11:52 +0100 Message-ID: <20250613111153.1548928-3-suzuki.poulose@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250613111153.1548928-1-suzuki.poulose@arm.com> References: <20250613111153.1548928-1-suzuki.poulose@arm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Enable EFI COCO secrets support. Provide the ioremap_encrypted() support re= quired by the driver. Cc: Sami Mujawar Cc: Will Deacon Cc: Catalin Marinas Cc: "Aneesh Kumar K.V" Cc: Steven Price Signed-off-by: Suzuki K Poulose Reviewed-by: Gavin Shan Tested-by: Sami Mujawar --- arch/arm64/include/asm/io.h | 4 ++++ drivers/virt/coco/efi_secret/Kconfig | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/arm64/include/asm/io.h b/arch/arm64/include/asm/io.h index 82276282a3c7..83e03abbb2ca 100644 --- a/arch/arm64/include/asm/io.h +++ b/arch/arm64/include/asm/io.h @@ -274,6 +274,10 @@ int arm64_ioremap_prot_hook_register(const ioremap_pro= t_hook_t hook); #define ioremap_np(addr, size) \ ioremap_prot((addr), (size), __pgprot(PROT_DEVICE_nGnRnE)) =20 + +#define ioremap_encrypted(addr, size) \ + ioremap_prot((addr), (size), PAGE_KERNEL) + /* * io{read,write}{16,32,64}be() macros */ diff --git a/drivers/virt/coco/efi_secret/Kconfig b/drivers/virt/coco/efi_s= ecret/Kconfig index 4404d198f3b2..94d88e5da707 100644 --- a/drivers/virt/coco/efi_secret/Kconfig +++ b/drivers/virt/coco/efi_secret/Kconfig @@ -1,7 +1,7 @@ # SPDX-License-Identifier: GPL-2.0-only config EFI_SECRET tristate "EFI secret area securityfs support" - depends on EFI && X86_64 + depends on EFI && (X86_64 || ARM64) select EFI_COCO_SECRET select SECURITYFS help --=20 2.43.0 From nobody Fri Oct 10 13:49:44 2025 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C3CC52D4B78 for ; Fri, 13 Jun 2025 11:12:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749813147; cv=none; b=A+E7g1e1SBeycCv3a6H16VI7v6akXn9+ybj6eMLM0oitXW2JrRgTSYJXKOVp6VoJeo8ImYV6X1HKHPBUA8HzAp/092sRo3B91+xmBAQFPYowFoO+cFjXaUDDgUxh5juFfEFMOm4eCgWsNIiHeGP80/cr/TVymeRZlaM2gsc9YOU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1749813147; c=relaxed/simple; bh=dRxBMxxhLreYClrZY8rUIKdfpH7BRzMk7Jy/+D1IEdM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=H+1S1v2QKjwNAc+zxxbJV/GGLNWQp5DYT287Ap/2EwF2gLwklvtSFmtQ92k7qNVPwKpcYwDPgA0B9aWfnKxVewDEUvN4kS1YGG8LnFNB3/cn++MsWN5rRWDL6i+Zlsa0kgGrHK2GhTZvrU6pC6bTqUoEFwLf0OmSHF73euf+pHg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com; spf=pass smtp.mailfrom=arm.com; arc=none smtp.client-ip=217.140.110.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C59661D70; Fri, 13 Jun 2025 04:12:04 -0700 (PDT) Received: from ewhatever.cambridge.arm.com (ewhatever.cambridge.arm.com [10.1.197.1]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id EC6F63F59E; Fri, 13 Jun 2025 04:12:23 -0700 (PDT) From: Suzuki K Poulose To: linux-arm-kernel@lists.infradead.org Cc: will@kernel.org, catalin.marinas@arm.com, sami.mujawar@arm.com, aneesh.kumar@kernel.org, steven.price@arm.com, linux-kernel@vger.kernel.org, sudeep.holla@arm.com, Suzuki K Poulose Subject: [PATCH 3/3] arm64: acpi: Enable ACPI CCEL support Date: Fri, 13 Jun 2025 12:11:53 +0100 Message-ID: <20250613111153.1548928-4-suzuki.poulose@arm.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250613111153.1548928-1-suzuki.poulose@arm.com> References: <20250613111153.1548928-1-suzuki.poulose@arm.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" ACPI CCEL memory area is reported as Non-Volatile storage area. Map it as PAGE_KERNEL. Cc: Sami Mujawar Cc: Will Deacon Cc: Catalin Marinas Cc: "Aneesh Kumar K.V" Cc: Steven Price Cc: Sudeep Holla Signed-off-by: Suzuki K Poulose Reviewed-by: Gavin Shan Tested-by: Sami Mujawar --- arch/arm64/kernel/acpi.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/arm64/kernel/acpi.c b/arch/arm64/kernel/acpi.c index b9a66fc146c9..f52439d411a0 100644 --- a/arch/arm64/kernel/acpi.c +++ b/arch/arm64/kernel/acpi.c @@ -356,6 +356,11 @@ void __iomem *acpi_os_ioremap(acpi_physical_address ph= ys, acpi_size size) prot =3D PAGE_KERNEL_RO; break; =20 + case EFI_ACPI_MEMORY_NVS: + /* Non-volatile storage, required for CCEL */ + prot =3D PAGE_KERNEL; + break; + case EFI_ACPI_RECLAIM_MEMORY: /* * ACPI reclaim memory is used to pass firmware tables --=20 2.43.0