Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2228255/?format=api
{ "id": 2228255, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2228255/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/patch/20260424173151.371134-4-harsimransingh.tungal@arm.com/", "project": { "id": 18, "url": "http://patchwork.ozlabs.org/api/1.1/projects/18/?format=api", "name": "U-Boot", "link_name": "uboot", "list_id": "u-boot.lists.denx.de", "list_email": "u-boot@lists.denx.de", "web_url": null, "scm_url": null, "webscm_url": null }, "msgid": "<20260424173151.371134-4-harsimransingh.tungal@arm.com>", "date": "2026-04-24T17:31:42", "name": "[03/12] efi_loader: add FF-A runtime support in EFI variable TEE driver", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "a526e1bfb273e262d2ad40cb85694bc4c2bee0df", "submitter": { "id": 88701, "url": "http://patchwork.ozlabs.org/api/1.1/people/88701/?format=api", "name": "Harsimran Singh Tungal", "email": "harsimransingh.tungal@arm.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/uboot/patch/20260424173151.371134-4-harsimransingh.tungal@arm.com/mbox/", "series": [ { "id": 501471, "url": "http://patchwork.ozlabs.org/api/1.1/series/501471/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/list/?series=501471", "date": "2026-04-24T17:31:50", "name": "arm64: FF-A runtime transport for EFI variables", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/501471/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2228255/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2228255/checks/", "tags": {}, "headers": { "Return-Path": "<u-boot-bounces@lists.denx.de>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n unprotected) header.d=arm.com header.i=@arm.com header.a=rsa-sha256\n header.s=foss header.b=Lg2RaUHI;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=85.214.62.61; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)", "phobos.denx.de;\n dmarc=fail (p=none dis=none) header.from=arm.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de", "phobos.denx.de;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n unprotected) header.d=arm.com header.i=@arm.com header.b=\"Lg2RaUHI\";\n\tdkim-atps=neutral", "phobos.denx.de;\n dmarc=pass (p=none dis=none) header.from=arm.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=harsimransingh.tungal@arm.com" ], "Received": [ "from phobos.denx.de (phobos.denx.de [85.214.62.61])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g2yQw5rbrz1yHS\n\tfor <incoming@patchwork.ozlabs.org>; Sun, 26 Apr 2026 04:04:56 +1000 (AEST)", "from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 60F8D844D3;\n\tSat, 25 Apr 2026 20:02:48 +0200 (CEST)", "by phobos.denx.de (Postfix, from userid 109)\n id 6DFF180087; Sat, 25 Apr 2026 19:01:53 +0200 (CEST)", "from foss.arm.com (foss.arm.com [217.140.110.172])\n by phobos.denx.de (Postfix) with ESMTP id C3CBF843E3\n for <u-boot@lists.denx.de>; Sat, 25 Apr 2026 19:01:46 +0200 (CEST)", "from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])\n by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 1A5B935A3;\n Fri, 24 Apr 2026 10:32:35 -0700 (PDT)", "from e132995.arm.com (unknown [10.57.64.144])\n by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id E38FA3F7B4;\n Fri, 24 Apr 2026 10:32:38 -0700 (PDT)" ], "X-Spam-Checker-Version": "SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de", "X-Spam-Level": "", "X-Spam-Status": "No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,\n SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2", "DKIM-Signature": "v=1; a=rsa-sha256; c=simple/simple; d=arm.com; s=foss;\n t=1777051960; bh=OfeXytju7nRN/6+GjreQDr1QfLp3Q5YSOuQRT7NEwx0=;\n h=From:To:Cc:Subject:Date:In-Reply-To:References:From;\n b=Lg2RaUHIfJ1LiryyH27sTlQe9L65XtvUDwwMFmekKC5VwbaWL6IHj3/57CEXIXAY2\n blitmbrXVk/q33LnP1hZJmfkkfpY0opRtCKIZBWPogHVSD+K5av0hUX0vx3FNSAXCq\n ShTWHdyOKopmHy+J7nmmPT8hpn5xylIqvUzHwrOk=", "From": "Harsimran Singh Tungal <harsimransingh.tungal@arm.com>", "To": "u-boot@lists.denx.de", "Cc": "Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>,\n Tom Rini <trini@konsulko.com>,\n Ilias Apalodimas <ilias.apalodimas@linaro.org>,\n Heinrich Schuchardt <xypron.glpk@gmx.de>,\n Hugues Kamba Mpiana <hugues.kambampiana@arm.com>,\n Simon Glass <sjg@chromium.org>,\n Harsimran Singh Tungal <harsimransingh.tungal@arm.com>", "Subject": "[PATCH 03/12] efi_loader: add FF-A runtime support in EFI variable\n TEE driver", "Date": "Fri, 24 Apr 2026 18:31:42 +0100", "Message-Id": "<20260424173151.371134-4-harsimransingh.tungal@arm.com>", "X-Mailer": "git-send-email 2.34.1", "In-Reply-To": "<20260424173151.371134-1-harsimransingh.tungal@arm.com>", "References": "<20260424173151.371134-1-harsimransingh.tungal@arm.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "X-Mailman-Approved-At": "Sat, 25 Apr 2026 20:02:44 +0200", "X-BeenThere": "u-boot@lists.denx.de", "X-Mailman-Version": "2.1.39", "Precedence": "list", "List-Id": "U-Boot discussion <u-boot.lists.denx.de>", "List-Unsubscribe": "<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>", "List-Archive": "<https://lists.denx.de/pipermail/u-boot/>", "List-Post": "<mailto:u-boot@lists.denx.de>", "List-Help": "<mailto:u-boot-request@lists.denx.de?subject=help>", "List-Subscribe": "<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>", "Errors-To": "u-boot-bounces@lists.denx.de", "Sender": "\"U-Boot\" <u-boot-bounces@lists.denx.de>", "X-Virus-Scanned": "clamav-milter 0.103.8 at phobos.denx.de", "X-Virus-Status": "Clean" }, "content": "Enable MM variable services over FF-A after ExitBootServices\n\nThis patch extends lib/efi_loader/efi_variable_tee.c to support FF-A\ncommunication with the secure world during EFI runtime. It enables EFI\nruntime variable access and MM communication using FF-A transport when\nExitBootServices() has already been called.\n\nKey changes:\n ------------\n - Introduce runtime-safe implementations for MM communication,\n notification, and variable access using FF-A driver.\n - Introduce communication-buffer helper (get_comm_buf()) that switches\n between dynamic allocation (boot phase) and the fixed FF-A shared\n buffer (runtime phase).\n - Mark persistent data and code with __efi_runtime and\n __efi_runtime_data attributes.\n - Use direct physical address mapping for shared buffers since\n U-Boot operates with 1:1 physical-to-virtual mapping.\n - Only per-buffer cache maintenance is performed at runtime,\n as whole D-cache invalidation would violate the OS coherency model\n after ExitBootServices().\n - Add runtime-phase tracking (efi_runtime_enabled).\n\nThe change reuses the statically reserved shared buffer, replaces\nallocations with __efi_runtime copies, and updates the runtime service\ntable so EFI variable runtime calls reach the secure partition via FF-A.\n\nSigned-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>\n---\n lib/efi_loader/efi_variable_tee.c | 331 ++++++++++++++++++++++++++++--\n 1 file changed, 319 insertions(+), 12 deletions(-)", "diff": "diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c\nindex 6a1fa39bb6f..e4d97dc55ab 100644\n--- a/lib/efi_loader/efi_variable_tee.c\n+++ b/lib/efi_loader/efi_variable_tee.c\n@@ -4,7 +4,7 @@\n *\n * Copyright (C) 2019 Linaro Ltd. <sughosh.ganu@linaro.org>\n * Copyright (C) 2019 Linaro Ltd. <ilias.apalodimas@linaro.org>\n- * Copyright 2022-2023 Arm Limited and/or its affiliates <open-source-office@arm.com>\n+ * Copyright 2022-2023, 2026 Arm Limited and/or its affiliates <open-source-office@arm.com>\n *\n * Authors:\n * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>\n@@ -14,6 +14,7 @@\n \n #if CONFIG_IS_ENABLED(ARM_FFA_TRANSPORT)\n #include <arm_ffa.h>\n+#include <arm_ffa_runtime.h>\n #endif\n #include <cpu_func.h>\n #include <dm.h>\n@@ -34,20 +35,47 @@\n #define MM_DENIED (-3)\n #define MM_NO_MEMORY (-5)\n \n+static const int __efi_runtime_rodata mm_sp_errmap[] = {\n+\t[-MM_NOT_SUPPORTED]\t = -EINVAL,\n+\t[-MM_INVALID_PARAMETER]\t = -EPERM,\n+\t[-MM_DENIED]\t\t = -EACCES,\n+\t[-MM_NO_MEMORY]\t\t = -EBUSY,\n+};\n+\n static const char *mm_sp_svc_uuid = MM_SP_UUID;\n-static u16 mm_sp_id;\n+static u16 __efi_runtime_data mm_sp_id;\n #endif\n \n+static void *__efi_runtime_data ffa_shared_buf;\n+static const efi_guid_t __efi_runtime_rodata mm_var_guid_runtime =\n+\tEFI_MM_VARIABLE_GUID;\n+\n extern struct efi_var_file __efi_runtime_data *efi_var_buf;\n-static efi_uintn_t max_buffer_size;\t/* comm + var + func + data */\n-static efi_uintn_t max_payload_size;\t/* func + data */\n+static efi_uintn_t __efi_runtime_data max_buffer_size;\t/* comm + var + func + data */\n+static efi_uintn_t __efi_runtime_data max_payload_size;\t/* func + data */\n static const u16 __efi_runtime_rodata pk[] = u\"PK\";\n+static bool __efi_runtime_data efi_runtime_enabled;\n \n struct mm_connection {\n \tstruct udevice *tee;\n \tu32 session;\n };\n \n+/**\n+ * efi_is_runtime_enabled() - Indicate whether the system is in the UEFI runtime phase\n+ *\n+ * This helper returns whether the firmware has transitioned into the\n+ * UEFI runtime phase, meaning that ExitBootServices() has been invoked.\n+ *\n+ * Return:\n+ * true - The system is operating in UEFI runtime mode.\n+ * false - The system is still in the boot services phase.\n+ */\n+static bool __efi_runtime efi_is_runtime_enabled(void)\n+{\n+\treturn efi_runtime_enabled;\n+}\n+\n /**\n * get_connection() - Retrieve OP-TEE session for a specific UUID.\n *\n@@ -169,6 +197,28 @@ static efi_status_t optee_mm_communicate(void *comm_buf, ulong dsize)\n }\n \n #if CONFIG_IS_ENABLED(ARM_FFA_TRANSPORT)\n+/**\n+ * ffa_map_sp_event_runtime() - Map MM SP response to errno (runtime-safe)\n+ * @sp_event_ret: MM SP return code from ffa_notify_mm_sp_runtime()\n+ *\n+ * Convert the MM SP return code into a standard U-Boot errno. This helper\n+ * is marked __efi_runtime to ensure it is safe to call after\n+ * ExitBootServices().\n+ *\n+ * Return: 0 on success, negative errno on failure\n+ */\n+static __efi_runtime int ffa_map_sp_event_runtime(int sp_event_ret)\n+{\n+\tint idx = -sp_event_ret;\n+\n+\tif (sp_event_ret == MM_SUCCESS)\n+\t\treturn 0;\n+\tif (idx > 0 && idx < (int)ARRAY_SIZE(mm_sp_errmap) &&\n+\t mm_sp_errmap[idx])\n+\t\treturn mm_sp_errmap[idx];\n+\treturn -EACCES;\n+}\n+\n /**\n * ffa_notify_mm_sp() - Announce there is data in the shared buffer\n *\n@@ -225,6 +275,35 @@ static int ffa_notify_mm_sp(void)\n \treturn ret;\n }\n \n+/**\n+ * ffa_notify_mm_sp_runtime() - Runtime implementation of\n+ * ffa_notify_mm_sp()\n+ *\n+ * Notify the MM partition in the trusted world that\n+ * data is available in the shared buffer.\n+ * This is a blocking call during which trusted world has exclusive access\n+ * to the MM shared buffer.\n+ *\n+ * Return:\n+ *\n+ * 0 on success\n+ */\n+static int __efi_runtime ffa_notify_mm_sp_runtime(void)\n+{\n+\tstruct ffa_send_direct_data msg = {0};\n+\tint ret;\n+\tint sp_event_ret;\n+\n+\tmsg.data0 = CONFIG_FFA_SHARED_MM_BUF_OFFSET;\n+\n+\tret = ffa_sync_send_receive_runtime(mm_sp_id, &msg, 1);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\tret = ffa_map_sp_event_runtime(sp_event_ret);\n+\treturn ret;\n+}\n+\n /**\n * ffa_discover_mm_sp_id() - Query the MM partition ID\n *\n@@ -360,6 +439,116 @@ static efi_status_t ffa_mm_communicate(void *comm_buf, ulong comm_buf_size)\n \treturn efi_ret;\n }\n \n+/**\n+ * ffa_mm_communicate_runtime() - Runtime implementation of ffa_mm_communicate()\n+ * @comm_buf:\t\tlocally allocated communication buffer used for rx/tx\n+ * @comm_buf_size:\tcommunication buffer size\n+ *\n+ * Issue a door bell event to notify the MM partition (SP) running in OP-TEE\n+ * that there is data to read from the shared buffer.\n+ * Communication with the MM SP is performed using FF-A transport.\n+ * On the event, MM SP can read the data from the buffer and\n+ * update the MM shared buffer with response data.\n+ * The response data is copied back to the communication buffer.\n+ *\n+ * Return:\n+ *\n+ * EFI status code\n+ */\n+static efi_status_t __efi_runtime ffa_mm_communicate_runtime(void *comm_buf,\n+\t\t\t\t\t\t\t ulong comm_buf_size)\n+{\n+\tulong tx_data_size;\n+\tint ffa_ret;\n+\tefi_status_t efi_ret;\n+\tstruct efi_mm_communicate_header *mm_hdr;\n+\n+\tif (!comm_buf)\n+\t\treturn EFI_INVALID_PARAMETER;\n+\n+\t/* Discover MM partition ID at boot time */\n+\tif (!mm_sp_id)\n+\t\treturn EFI_UNSUPPORTED;\n+\n+\tmm_hdr = (struct efi_mm_communicate_header *)comm_buf;\n+\ttx_data_size = mm_hdr->message_len + sizeof(efi_guid_t) + sizeof(size_t);\n+\n+\tif (comm_buf_size != tx_data_size || tx_data_size > CONFIG_FFA_SHARED_MM_BUF_SIZE)\n+\t\treturn EFI_INVALID_PARAMETER;\n+\n+\t/*\n+\t * Shared buffer cache maintenance for FF-A / OP-TEE communication:\n+\t *\n+\t * NS -> S (request path):\n+\t *\n+\t * The non-secure side populates the shared buffer. If the buffer is cached\n+\t * in NS, the updated bytes may reside in dirty D-cache lines and not yet be\n+\t * visible in DDR. Since the secure world typically reads the shared buffer\n+\t * directly from DDR (e.g. with caches disabled / non-coherent mapping), we\n+\t * must clean the corresponding cache lines to the Point of Coherency (PoC)\n+\t * before entering secure world.\n+\t *\n+\t * S -> NS (response path):\n+\t *\n+\t * The secure world may update the same shared buffer in DDR. After returning\n+\t * to non-secure, any cached copies of that region in NS may be stale. We\n+\t * therefore invalidate the shared buffer range after the FF-A call to drop\n+\t * those lines and force subsequent reads to fetch the latest data from DDR.\n+\t *\n+\t * Note: Whole-cache invalidation must not be used in EFI runtime context.\n+\t * After ExitBootServices(), the OS owns the cache hierarchy; global invalidation\n+\t * could drop OS dirty lines and violate the OS coherency model. Always operate\n+\t * on the shared buffer range only.\n+\t */\n+\tif (IS_ENABLED(CONFIG_ARM64))\n+\t\tflush_dcache_range((unsigned long)comm_buf,\n+\t\t\t\t (unsigned long)((u8 *)comm_buf +\n+\t\t\t\t\t\t CONFIG_FFA_SHARED_MM_BUF_SIZE));\n+\n+\t/* Announce there is data in the shared buffer */\n+\n+\tffa_ret = ffa_notify_mm_sp_runtime();\n+\n+\tif (IS_ENABLED(CONFIG_ARM64))\n+\t\tinvalidate_dcache_range((unsigned long)comm_buf,\n+\t\t\t\t\t(unsigned long)((u8 *)comm_buf +\n+\t\t\t\t\t\t\tCONFIG_FFA_SHARED_MM_BUF_SIZE));\n+\n+\tswitch (ffa_ret) {\n+\tcase 0: {\n+\t\tulong rx_data_size;\n+\n+\t\trx_data_size = ((struct efi_mm_communicate_header *)comm_buf)->message_len +\n+\t\t\t\tsizeof(efi_guid_t) +\n+\t\t\t\tsizeof(size_t);\n+\n+\t\tif (rx_data_size > comm_buf_size) {\n+\t\t\tefi_ret = EFI_OUT_OF_RESOURCES;\n+\t\t\tbreak;\n+\t\t}\n+\n+\t\tefi_ret = EFI_SUCCESS;\n+\t\tbreak;\n+\t}\n+\tcase -EINVAL:\n+\t\tefi_ret = EFI_DEVICE_ERROR;\n+\t\tbreak;\n+\tcase -EPERM:\n+\t\tefi_ret = EFI_INVALID_PARAMETER;\n+\t\tbreak;\n+\tcase -EACCES:\n+\t\tefi_ret = EFI_ACCESS_DENIED;\n+\t\tbreak;\n+\tcase -EBUSY:\n+\t\tefi_ret = EFI_OUT_OF_RESOURCES;\n+\t\tbreak;\n+\tdefault:\n+\t\tefi_ret = EFI_ACCESS_DENIED;\n+\t}\n+\n+\treturn efi_ret;\n+}\n+\n /**\n * get_mm_comms() - detect the available MM transport\n *\n@@ -386,6 +575,27 @@ static enum mm_comms_select get_mm_comms(void)\n \n \treturn MM_COMMS_FFA;\n }\n+\n+/**\n+ * get_mm_comms_runtime() - detect the available MM transport at runtime\n+ *\n+ * Make sure the FF-A bus is available at runtime and ready\n+ * for use.\n+ *\n+ * Return:\n+ *\n+ * MM_COMMS_FFA or MM_COMMS_UNDEFINED\n+ */\n+static enum mm_comms_select __efi_runtime get_mm_comms_runtime(void)\n+{\n+\tbool ret;\n+\n+\tret = efi_is_runtime_enabled();\n+\tif (!ret)\n+\t\treturn MM_COMMS_UNDEFINED;\n+\n+\treturn MM_COMMS_FFA;\n+}\n #endif\n \n /**\n@@ -433,9 +643,86 @@ static efi_status_t mm_communicate(u8 *comm_buf, efi_uintn_t dsize)\n \treturn var_hdr->ret_status;\n }\n \n+/**\n+ * mm_communicate_runtime() - Runtime implementation of mm_communicate()\n+ *\n+ * @comm_buf:\tlocally allocated communication buffer\n+ * @dsize:\t\tbuffer size\n+ *\n+ * The SP (also called partition) can be any MM SP such as StandAlonneMM or smm-gateway.\n+ * The comm_buf format is the same for both partitions.\n+ * When using the u-boot OP-TEE driver, StandAlonneMM is supported.\n+ * When using the u-boot FF-A driver, any MM SP is supported.\n+ *\n+ * Return:\t\tstatus code\n+ */\n+static efi_status_t __efi_runtime mm_communicate_runtime(u8 *comm_buf, efi_uintn_t dsize)\n+{\n+\tefi_status_t ret = EFI_UNSUPPORTED;\n+\tstruct efi_mm_communicate_header *mm_hdr;\n+\tstruct smm_variable_communicate_header *var_hdr;\n+\tenum mm_comms_select mm_comms;\n+\n+\tdsize += MM_COMMUNICATE_HEADER_SIZE + MM_VARIABLE_COMMUNICATE_SIZE;\n+\tmm_hdr = (struct efi_mm_communicate_header *)comm_buf;\n+\tvar_hdr = (struct smm_variable_communicate_header *)mm_hdr->data;\n+\n+\tif (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT)) {\n+\t\tmm_comms = get_mm_comms_runtime();\n+\t\tif (mm_comms == MM_COMMS_FFA)\n+\t\t\tret = ffa_mm_communicate_runtime(comm_buf, dsize);\n+\t}\n+\n+\tif (ret != EFI_SUCCESS)\n+\t\treturn ret;\n+\n+\treturn var_hdr->ret_status;\n+}\n+\n+/**\n+ * get_comm_buf() - Obtain a communication buffer for MM/FF-A exchange\n+ * @payload_size: size of the payload that will be appended to the\n+ * MM communication header\n+ * This helper returns a buffer suitable for constructing an\n+ * EFI_MM_COMMUNICATE message. During the boot phase a new buffer is\n+ * dynamically allocated. After ExitBootServices(), dynamic\n+ * allocation is no longer permitted, and all runtime communication must\n+ * use the statically reserved FF-A shared buffer.\n+ *\n+ * Return:\n+ * Pointer to a valid communication buffer on success,\n+ * NULL if allocation fails during the boot phase.\n+ */\n+static __efi_runtime u8 *get_comm_buf(efi_uintn_t payload_size)\n+{\n+\tu8 *comm_buf;\n+\n+\t/* After ExitBootServices(), dynamic allocation is no longer permitted.\n+\t * Use the predefined FF-A shared buffer at runtime; otherwise allocate\n+\t * a fresh buffer during the boot phase.\n+\t */\n+\tif (efi_is_runtime_enabled()) {\n+\t\tif (IS_ENABLED(CONFIG_ARM_FFA_RT_MODE)) {\n+\t\t\tcomm_buf = ffa_shared_buf;\n+\t\t\tif (!comm_buf)\n+\t\t\t\treturn NULL;\n+\t\t\tefi_memset_runtime(comm_buf, 0, CONFIG_FFA_SHARED_MM_BUF_SIZE);\n+\t\t} else {\n+\t\t\treturn NULL;\n+\t\t}\n+\t} else {\n+\t\tcomm_buf = calloc(1, MM_COMMUNICATE_HEADER_SIZE +\n+\t\t\t\tMM_VARIABLE_COMMUNICATE_SIZE +\n+\t\t\t\tpayload_size);\n+\t\tif (!comm_buf)\n+\t\t\treturn NULL;\n+\t}\n+\treturn comm_buf;\n+}\n+\n /**\n * setup_mm_hdr() -\tAllocate a buffer for StandAloneMM and initialize the\n- *\t\t\theader data.\n+ *\t\t\theader data. It is runtime safe.\n *\n * @dptr:\t\tpointer address of the corresponding StandAloneMM\n *\t\t\tfunction\n@@ -444,10 +731,9 @@ static efi_status_t mm_communicate(u8 *comm_buf, efi_uintn_t dsize)\n * @ret:\t\tEFI return code\n * Return:\t\tbuffer or NULL\n */\n-static u8 *setup_mm_hdr(void **dptr, efi_uintn_t payload_size,\n-\t\t\tefi_uintn_t func, efi_status_t *ret)\n+static __efi_runtime u8 *setup_mm_hdr(void **dptr, efi_uintn_t payload_size,\n+\t\t\t\t efi_uintn_t func, efi_status_t *ret)\n {\n-\tconst efi_guid_t mm_var_guid = EFI_MM_VARIABLE_GUID;\n \tstruct efi_mm_communicate_header *mm_hdr;\n \tstruct smm_variable_communicate_header *var_hdr;\n \tu8 *comm_buf;\n@@ -465,16 +751,15 @@ static u8 *setup_mm_hdr(void **dptr, efi_uintn_t payload_size,\n \t\treturn NULL;\n \t}\n \n-\tcomm_buf = calloc(1, MM_COMMUNICATE_HEADER_SIZE +\n-\t\t\t MM_VARIABLE_COMMUNICATE_SIZE +\n-\t\t\t payload_size);\n+\tcomm_buf = get_comm_buf(payload_size);\n \tif (!comm_buf) {\n \t\t*ret = EFI_OUT_OF_RESOURCES;\n \t\treturn NULL;\n \t}\n \n \tmm_hdr = (struct efi_mm_communicate_header *)comm_buf;\n-\tguidcpy(&mm_hdr->header_guid, &mm_var_guid);\n+\tefi_memcpy_runtime(&mm_hdr->header_guid, &mm_var_guid_runtime,\n+\t\t\t sizeof(mm_hdr->header_guid));\n \tmm_hdr->message_len = MM_VARIABLE_COMMUNICATE_SIZE + payload_size;\n \n \tvar_hdr = (struct smm_variable_communicate_header *)mm_hdr->data;\n@@ -982,6 +1267,9 @@ void efi_variables_boot_exit_notify(void)\n \t\t\tefi_get_next_variable_name_runtime;\n \tefi_runtime_services.set_variable = efi_set_variable_runtime;\n \tefi_update_table_header_crc32(&efi_runtime_services.hdr);\n+\n+\t/* Set efi_runtime_enabled as true after ExitBootServices */\n+\tefi_runtime_enabled = true;\n }\n \n /**\n@@ -993,6 +1281,25 @@ efi_status_t efi_init_variables(void)\n {\n \tefi_status_t ret;\n \n+\tif (IS_ENABLED(CONFIG_ARM_FFA_RT_MODE)) {\n+\t\t/*\n+\t\t * The FF-A shared buffer is accessed by EFI runtime services, so it must\n+\t\t * be marked as runtime memory in the EFI memory map.\n+\t\t */\n+\t\tffa_shared_buf = (void *)CONFIG_FFA_SHARED_MM_BUF_ADDR;\n+\t\tret = efi_add_memory_map(CONFIG_FFA_SHARED_MM_BUF_ADDR,\n+\t\t\t\t\t CONFIG_FFA_SHARED_MM_BUF_SIZE,\n+\t\t\t\t\t EFI_RUNTIME_SERVICES_DATA);\n+\t\tif (ret != EFI_SUCCESS) {\n+\t\t\tlog_err(\"EFI: failed to add FF-A shared buffer to runtime map (%lu)\\n\",\n+\t\t\t\tret);\n+\t\t\treturn ret;\n+\t\t}\n+\t\tlog_info(\"EFI: FF-A shared buffer runtime map: addr=0x%lx size=0x%lx\\n\",\n+\t\t\t (ulong)CONFIG_FFA_SHARED_MM_BUF_ADDR,\n+\t\t\t (ulong)CONFIG_FFA_SHARED_MM_BUF_SIZE);\n+\t}\n+\n \t/* Create a cached copy of the variables that will be enabled on ExitBootServices() */\n \tret = efi_var_mem_init();\n \tif (ret != EFI_SUCCESS)\n", "prefixes": [ "03/12" ] }