Why does the firmware memory region have no permissions?

Anup Patel Anup.Patel at wdc.com
Fri May 14 12:52:29 BST 2021 


> -----Original Message-----
> From: opensbi <opensbi-bounces at lists.infradead.org> On Behalf Of Daniel
> Schaefer
> Sent: 13 May 2021 10:26
> To: Anup Patel <Anup.Patel at wdc.com>
> Cc: opensbi at lists.infradead.org; Chang, Abner (HPS SW/FW Technologist)
> <abner.chang at hpe.com>
> Subject: Why does the firmware memory region have no permissions?
> 
> Whoops, put CC as subject...
> 
> On 5/12/21 6:20 PM, Daniel Schaefer wrote:
> > Hi Anup,
> >
> > I'm in the process of upgrading EDKII to OpenSBI 0.9 and using the Generic
> Platform.
> >
> > Previously we were doing sbi_init with M-Mode, adding our SBI
> > extension and then calling sbi_switch_mode to switch to S-Mode. Now
> > sbi_init disallows initializing to M-Mode, so I'm directly switching
> > to S-Mode. It seems that even from S-Mode I can register our SBI
> extension with sbi_ecall_register_extension.
> > Is that correct?

The OpenSBI sources are meant to run only from M-mode so we
cannot register SBI extension using sbi_ecall_register_extension().

The  sbi_switch_mode() is not stricter due to OpenSBI domain support.

Next booting stage has to run from lower privilege mode (S-mode or U-mode)
otherwise OpenSBI cannot protect itself from next booting stage if it
starts in M-mode.

> >
> > However, sbi_init when directly initializing to S-Mode checks that the
> start_address is executable.
> > So I'm wondering why the FW region isn't set as executable in OpenSBI?
> > How do other FWs like U-Boot get around this?
> >
> >
> https://github.com/riscv/opensbi/commit/b1678af210dc4b4e6d586d6d96617
> e
> > 9641618994#diff-
> 6e8e352a8a90ba5a7adbb58a806ed9b6404c2c67db416332f9c05a
> > 6b322eecd6R346
> >
> > If I try to set my own regions by adding .domains_root_regions I get
> > another error because OpenSBI checks that I have a region that is the
> > same as the FW region added by OpenSBI. If I duplicate the FW region
> > and mark the first one as executable I can pass the executable check
> > and also the check that there's an FW region.
> > Additionally we have to manually call pmp_set in our custom platform
> > to make the FW region RWX.
> >
> > That seems like a workaround, however. Do you have any suggestion to
> properly fix it?
> > I'm sure we're misunderstand something.

I suggest two things:
1) Register your custom SBI extension from M-mode only before switching
to S-mode
2) Make sure that fw_start and fw_size set in the sbi_scratch for each HART
only point to the M-mode code and data. Preferably have S-mode code
and data not linked in the same binary as M-mode code and data.

> >
> > For context: We're writing the start addr and size of our FW image
> > into the scratch space before OpenSBI is initialized. Therefore we're
> > expecting it to set the PMP settings correctly.
> >
> > Please check out my workaround commit:
> > https://github.com/riscv/riscv-edk2-platforms/commit/a5ac63096ca5da795
> > 042baf650170643fe219cab
> >
> > Thanks,
> > Daniel

Regards
Anup

More information about the opensbi mailing list