/*******************************************************************************
* This function passes control to the Secure Payload image (BL32) for the first
* time on the primary cpu after a cold boot. It assumes that a valid secure
* context has already been created by tspd_setup() which can be directly used.
* It also assumes that a valid non-secure context has been initialised by PSCI
* so it does not need to save and restore any non-secure state. This function
* performs a synchronous entry into the Secure payload. The SP passes control
* back to this routine through a SMC.
******************************************************************************/
int32_t tspd_init(void)
{
uint32_t linear_id = plat_my_core_pos();
tsp_context_t *tsp_ctx = &tspd_sp_context[linear_id];
entry_point_info_t *tsp_entry_point;
uint64_t rc;
/*
* Get information about the Secure Payload (BL32) image. Its
* absence is a critical failure.
*/
tsp_entry_point = bl31_plat_get_next_image_ep_info(SECURE);
assert(tsp_entry_point);
cm_init_my_context(tsp_entry_point);
/*
* Arrange for an entry into the test secure payload. It will be
* returned via TSP_ENTRY_DONE case
*/
rc = tspd_synchronous_sp_entry(tsp_ctx);
assert(rc != 0);
return rc;
}
/*******************************************************************************
* This function passes control to the XILSP image (BL32) for the first
* time on the primary cpu after a cold boot. It assumes that a valid secure
* context has already been created by xilspd_setup() which can be directly
* used. It also assumes that a valid non-secure context has been initialised
* by PSCI so it does not need to save and restore any non-secure state. This
* function performs a synchronous entry into the Secure payload. The SP passes
* control back to this routine through a SMC.
******************************************************************************/
int32_t xilspd_init(void)
{
uint32_t linear_id = plat_my_core_pos();
xilsp_context_t *xilsp_ctx = &xilspd_sp_context[linear_id];
entry_point_info_t *xilsp_entry_point;
uint64_t rc;
/*
* Get information about the XILSP (BL32) image. Its absence
* is a critical failure.
*/
xilsp_entry_point = bl31_plat_get_next_image_ep_info(SECURE);
assert(xilsp_entry_point);
cm_init_my_context(xilsp_entry_point);
/*
* Arrange for an entry into the XILSP. It will be returned via
* XILSP_ENTRY_DONE case
*/
rc = xilspd_synchronous_sp_entry(xilsp_ctx);
assert(rc != 0);
return rc;
}
/*******************************************************************************
* This function passes control to the OPTEE image (BL32) for the first time
* on the primary cpu after a cold boot. It assumes that a valid secure
* context has already been created by opteed_setup() which can be directly
* used. It also assumes that a valid non-secure context has been
* initialised by PSCI so it does not need to save and restore any
* non-secure state. This function performs a synchronous entry into
* OPTEE. OPTEE passes control back to this routine through a SMC.
******************************************************************************/
static int32_t opteed_init(void)
{
uint64_t mpidr = read_mpidr();
uint32_t linear_id = platform_get_core_pos(mpidr);
optee_context_t *optee_ctx = &opteed_sp_context[linear_id];
entry_point_info_t *optee_entry_point;
uint64_t rc;
/*
* Get information about the OPTEE (BL32) image. Its
* absence is a critical failure.
*/
optee_entry_point = bl31_plat_get_next_image_ep_info(SECURE);
assert(optee_entry_point);
cm_init_context(mpidr, optee_entry_point);
/*
* Arrange for an entry into OPTEE. It will be returned via
* OPTEE_ENTRY_DONE case
*/
rc = opteed_synchronous_sp_entry(optee_ctx);
assert(rc != 0);
return rc;
}
/*******************************************************************************
* Secure Payload Dispatcher setup. The SPD finds out the SP entrypoint and type
* (aarch32/aarch64) if not already known and initialises the context for entry
* into the SP for its initialisation.
******************************************************************************/
int32_t fiqd_setup(void)
{
entry_point_info_t *tsp_ep_info;
uint64_t mpidr = read_mpidr();
uint32_t linear_id;
linear_id = platform_get_core_pos(mpidr);
/*
* Get information about the Secure Payload (BL32) image. Its
* absence is a critical failure. TODO: Add support to
* conditionally include the SPD service
*/
tsp_ep_info = bl31_plat_get_next_image_ep_info(SECURE);
if (!tsp_ep_info) {
WARN("No TSP provided by BL2 boot loader, Booting device"
" without TSP initialization. SMC`s destined for TSP"
" will return SMC_UNK\n");
return 1;
}
#if 0
/*
* If there's no valid entry point for SP, we return a non-zero value
* signalling failure initializing the service. We bail out without
* registering any handlers
*/
if (!tsp_ep_info->pc)
return 1;
#endif
/*
* We could inspect the SP image and determine it's execution
* state i.e whether AArch32 or AArch64. Assuming it's AArch64
* for the time being.
*/
fiqd_init_tsp_ep_state(tsp_ep_info,
TSP_AARCH64,
tsp_ep_info->pc,
&fiqd_sp_context[linear_id]);
#if TSP_INIT_ASYNC
bl31_set_next_image_type(SECURE);
#else
/*
* All FIQD initialization done. Now register our init function with
* BL31 for deferred invocation
*/
bl31_register_bl32_init(&fiqd_init);
#endif
return 0;
}
/*******************************************************************************
* OPTEE Dispatcher setup. The OPTEED finds out the OPTEE entrypoint and type
* (aarch32/aarch64) if not already known and initialises the context for entry
* into OPTEE for its initialization.
******************************************************************************/
int32_t opteed_setup(void)
{
entry_point_info_t *optee_ep_info;
uint64_t mpidr = read_mpidr();
uint32_t linear_id;
linear_id = platform_get_core_pos(mpidr);
/*
* Get information about the Secure Payload (BL32) image. Its
* absence is a critical failure. TODO: Add support to
* conditionally include the SPD service
*/
optee_ep_info = bl31_plat_get_next_image_ep_info(SECURE);
if (!optee_ep_info) {
WARN("No OPTEE provided by BL2 boot loader, Booting device"
" without OPTEE initialization. SMC`s destined for OPTEE"
" will return SMC_UNK\n");
return 1;
}
/*
* If there's no valid entry point for SP, we return a non-zero value
* signalling failure initializing the service. We bail out without
* registering any handlers
*/
if (!optee_ep_info->pc)
return 1;
/*
* We could inspect the SP image and determine it's execution
* state i.e whether AArch32 or AArch64. Assuming it's AArch32
* for the time being.
*/
opteed_rw = OPTEE_AARCH32;
opteed_init_optee_ep_state(optee_ep_info,
opteed_rw,
optee_ep_info->pc,
&opteed_sp_context[linear_id]);
/*
* All OPTEED initialization done. Now register our init function with
* BL31 for deferred invocation
*/
bl31_register_bl32_init(&opteed_init);
return 0;
}
int32_t tbase_fastcall_setup(void)
{
entry_point_info_t *image_info;
image_info = bl31_plat_get_next_image_ep_info(SECURE);
assert(image_info);
uint32_t linear_id = platform_get_core_pos(read_mpidr());
// TODO: We do not need this anymore, if PM is in use
tbase_init_secure_context(&secure_context[linear_id]);
tbase_init_eret(image_info->pc,TBASE_AARCH32);
bl31_register_bl32_init(&tbase_init_entry);
return 0;
}
/*******************************************************************************
* This function passes control to the Secure Payload image (BL32) for the first
* time on the primary cpu after a cold boot. It assumes that a valid secure
* context has already been created by tlkd_setup() which can be directly
* used. This function performs a synchronous entry into the Secure payload.
* The SP passes control back to this routine through a SMC.
******************************************************************************/
int32_t tlkd_init(void)
{
entry_point_info_t *tlk_entry_point;
/*
* Get information about the Secure Payload (BL32) image. Its
* absence is a critical failure.
*/
tlk_entry_point = bl31_plat_get_next_image_ep_info(SECURE);
assert(tlk_entry_point);
cm_init_my_context(tlk_entry_point);
/*
* Arrange for an entry into the test secure payload.
*/
return tlkd_synchronous_sp_entry(&tlk_ctx);
}
//*******************************************************************************
// Configure tbase and EL3 registers for intial entry
static void tbase_init_eret( uint64_t entrypoint, uint32_t rw ) {
uint32_t scr = read_scr();
uint32_t spsr = TBASE_INIT_SPSR;
assert(rw == TBASE_AARCH32);
// Set the right security state and register width for the SP
scr &= ~SCR_NS_BIT;
scr &= ~SCR_RW_BIT;
// Also IRQ and FIQ handled in secure state
scr &= ~(SCR_FIQ_BIT|SCR_IRQ_BIT);
// No execution from Non-secure memory
scr |= SCR_SIF_BIT;
cm_set_el3_eret_context(SECURE, entrypoint, spsr, scr);
entry_point_info_t *image_info = bl31_plat_get_next_image_ep_info(SECURE);
assert(image_info);
image_info->spsr = spsr;
}
/*******************************************************************************
* Secure Payload Dispatcher setup. The SPD finds out the SP entrypoint and type
* (aarch32/aarch64) if not already known and initialises the context for entry
* into the SP for its initialisation.
******************************************************************************/
int32_t tlkd_setup(void)
{
entry_point_info_t *tlk_ep_info;
/*
* Get information about the Secure Payload (BL32) image. Its
* absence is a critical failure.
*/
tlk_ep_info = bl31_plat_get_next_image_ep_info(SECURE);
if (!tlk_ep_info) {
WARN("No SP provided. Booting device without SP"
" initialization. SMC`s destined for SP"
" will return SMC_UNK\n");
return 1;
}
/*
* If there's no valid entry point for SP, we return a non-zero value
* signalling failure initializing the service. We bail out without
* registering any handlers
*/
if (!tlk_ep_info->pc)
return 1;
/*
* Inspect the SP image's SPSR and determine it's execution state
* i.e whether AArch32 or AArch64.
*/
tlkd_init_tlk_ep_state(tlk_ep_info,
(tlk_ep_info->spsr >> MODE_RW_SHIFT) & MODE_RW_MASK,
tlk_ep_info->pc,
&tlk_ctx);
/*
* All TLK SPD initialization done. Now register our init function
* with BL31 for deferred invocation
*/
bl31_register_bl32_init(&tlkd_init);
return 0;
}
/*******************************************************************************
* This function programs EL3 registers and performs other setup to enable entry
* into the next image after BL31 at the next ERET.
******************************************************************************/
void bl31_prepare_next_image_entry(void)
{
entry_point_info_t *next_image_info;
uint32_t image_type;
/* Determine which image to execute next */
image_type = bl31_get_next_image_type();
/* Program EL3 registers to enable entry into the next EL */
next_image_info = bl31_plat_get_next_image_ep_info(image_type);
assert(next_image_info);
assert(image_type == GET_SECURITY_STATE(next_image_info->h.attr));
INFO("BL3-1: Preparing for EL3 exit to %s world\n",
(image_type == SECURE) ? "secure" : "normal");
INFO("BL3-1: Next image address = 0x%llx\n",
(unsigned long long) next_image_info->pc);
INFO("BL3-1: Next image spsr = 0x%x\n", next_image_info->spsr);
cm_init_context(read_mpidr_el1(), next_image_info);
cm_prepare_el3_exit(image_type);
}
/*******************************************************************************
* Secure Payload Dispatcher setup. The SPD finds out the SP entrypoint and
* type (aarch32/aarch64) if not already known and initialises the context for
* entry into the SP for its initialisation.
******************************************************************************/
int32_t xilspd_setup(void)
{
entry_point_info_t *xilsp_ep_info;
uint32_t linear_id;
linear_id = plat_my_core_pos();
/*
* Get information about the XILSP (BL32) image. Its absence is a
* critical failure. TODO: Add support to conditionally include
* the SPD service
*/
xilsp_ep_info = bl31_plat_get_next_image_ep_info(SECURE);
if (!xilsp_ep_info) {
WARN("No XILSP provided by BL2 boot loader, Booting device without XILSP initialization. SMC's destined for XILSP will return SMC_UNK\n");
return 1;
}
/*
* If there's no valid entry point for SP, we return a non-zero value
* signalling failure initializing the service. We bail out without
* registering any handlers
*/
if (!xilsp_ep_info->pc)
return 1;
xilspd_init_xilsp_ep_state(xilsp_ep_info,
(xilsp_ep_info->spsr >> MODE_RW_SHIFT) & MODE_RW_MASK,
xilsp_ep_info->pc,
&xilspd_sp_context[linear_id]);
/*
* All XILSPD initialization done. Now register our init function with
* BL31 for deferred invocation
*/
bl31_register_bl32_init(&xilspd_init);
return 0;
}
/*******************************************************************************
* This function is responsible for handling all SMCs in the Trusted OS/App
* range from the non-secure state as defined in the SMC Calling Convention
* Document. It is also responsible for communicating with the Secure payload
* to delegate work and return results back to the non-secure state. Lastly it
* will also return any information that the secure payload needs to do the
* work assigned to it.
******************************************************************************/
uint64_t tspd_smc_handler(uint32_t smc_fid,
uint64_t x1,
uint64_t x2,
uint64_t x3,
uint64_t x4,
void *cookie,
void *handle,
uint64_t flags)
{
cpu_context_t *ns_cpu_context;
uint32_t linear_id = plat_my_core_pos(), ns;
tsp_context_t *tsp_ctx = &tspd_sp_context[linear_id];
uint64_t rc;
#if TSP_INIT_ASYNC
entry_point_info_t *next_image_info;
#endif
/* Determine which security state this SMC originated from */
ns = is_caller_non_secure(flags);
switch (smc_fid) {
/*
* This function ID is used by TSP to indicate that it was
* preempted by a normal world IRQ.
*
*/
case TSP_PREEMPTED:
if (ns)
SMC_RET1(handle, SMC_UNK);
return tspd_handle_sp_preemption(handle);
/*
* This function ID is used only by the TSP to indicate that it has
* finished handling a S-EL1 FIQ interrupt. Execution should resume
* in the normal world.
*/
case TSP_HANDLED_S_EL1_FIQ:
if (ns)
SMC_RET1(handle, SMC_UNK);
assert(handle == cm_get_context(SECURE));
/*
* Restore the relevant EL3 state which saved to service
* this SMC.
*/
if (get_std_smc_active_flag(tsp_ctx->state)) {
SMC_SET_EL3(&tsp_ctx->cpu_ctx,
CTX_SPSR_EL3,
tsp_ctx->saved_spsr_el3);
SMC_SET_EL3(&tsp_ctx->cpu_ctx,
CTX_ELR_EL3,
tsp_ctx->saved_elr_el3);
#if TSPD_ROUTE_IRQ_TO_EL3
/*
* Need to restore the previously interrupted
* secure context.
*/
memcpy(&tsp_ctx->cpu_ctx, &tsp_ctx->sp_ctx,
TSPD_SP_CTX_SIZE);
#endif
}
/* Get a reference to the non-secure context */
ns_cpu_context = cm_get_context(NON_SECURE);
assert(ns_cpu_context);
/*
* Restore non-secure state. There is no need to save the
* secure system register context since the TSP was supposed
* to preserve it during S-EL1 interrupt handling.
*/
cm_el1_sysregs_context_restore(NON_SECURE);
cm_set_next_eret_context(NON_SECURE);
SMC_RET0((uint64_t) ns_cpu_context);
/*
* This function ID is used only by the TSP to indicate that it was
* interrupted due to a EL3 FIQ interrupt. Execution should resume
* in the normal world.
*/
case TSP_EL3_FIQ:
if (ns)
SMC_RET1(handle, SMC_UNK);
assert(handle == cm_get_context(SECURE));
/* Assert that standard SMC execution has been preempted */
assert(get_std_smc_active_flag(tsp_ctx->state));
/* Save the secure system register state */
cm_el1_sysregs_context_save(SECURE);
/* Get a reference to the non-secure context */
ns_cpu_context = cm_get_context(NON_SECURE);
assert(ns_cpu_context);
/* Restore non-secure state */
cm_el1_sysregs_context_restore(NON_SECURE);
cm_set_next_eret_context(NON_SECURE);
SMC_RET1(ns_cpu_context, TSP_EL3_FIQ);
/*
* This function ID is used only by the SP to indicate it has
* finished initialising itself after a cold boot
*/
case TSP_ENTRY_DONE:
if (ns)
SMC_RET1(handle, SMC_UNK);
/*
* Stash the SP entry points information. This is done
* only once on the primary cpu
*/
assert(tsp_vectors == NULL);
tsp_vectors = (tsp_vectors_t *) x1;
if (tsp_vectors) {
set_tsp_pstate(tsp_ctx->state, TSP_PSTATE_ON);
/*
* TSP has been successfully initialized. Register power
* managemnt hooks with PSCI
*/
psci_register_spd_pm_hook(&tspd_pm);
/*
* Register an interrupt handler for S-EL1 interrupts
* when generated during code executing in the
* non-secure state.
*/
flags = 0;
set_interrupt_rm_flag(flags, NON_SECURE);
rc = register_interrupt_type_handler(INTR_TYPE_S_EL1,
tspd_sel1_interrupt_handler,
flags);
if (rc)
panic();
#if TSPD_ROUTE_IRQ_TO_EL3
/*
* Register an interrupt handler for NS interrupts when
* generated during code executing in secure state are
* routed to EL3.
*/
flags = 0;
set_interrupt_rm_flag(flags, SECURE);
rc = register_interrupt_type_handler(INTR_TYPE_NS,
tspd_ns_interrupt_handler,
flags);
if (rc)
panic();
/*
* Disable the interrupt NS locally since it will be enabled globally
* within cm_init_my_context.
*/
disable_intr_rm_local(INTR_TYPE_NS, SECURE);
#endif
}
#if TSP_INIT_ASYNC
/* Save the Secure EL1 system register context */
assert(cm_get_context(SECURE) == &tsp_ctx->cpu_ctx);
cm_el1_sysregs_context_save(SECURE);
/* Program EL3 registers to enable entry into the next EL */
next_image_info = bl31_plat_get_next_image_ep_info(NON_SECURE);
assert(next_image_info);
assert(NON_SECURE ==
GET_SECURITY_STATE(next_image_info->h.attr));
cm_init_my_context(next_image_info);
cm_prepare_el3_exit(NON_SECURE);
SMC_RET0(cm_get_context(NON_SECURE));
#else
/*
* SP reports completion. The SPD must have initiated
* the original request through a synchronous entry
* into the SP. Jump back to the original C runtime
* context.
*/
tspd_synchronous_sp_exit(tsp_ctx, x1);
#endif
/*
* These function IDs is used only by the SP to indicate it has
* finished:
* 1. turning itself on in response to an earlier psci
* cpu_on request
* 2. resuming itself after an earlier psci cpu_suspend
* request.
*/
case TSP_ON_DONE:
case TSP_RESUME_DONE:
/*
* These function IDs is used only by the SP to indicate it has
* finished:
* 1. suspending itself after an earlier psci cpu_suspend
* request.
* 2. turning itself off in response to an earlier psci
* cpu_off request.
*/
case TSP_OFF_DONE:
case TSP_SUSPEND_DONE:
case TSP_SYSTEM_OFF_DONE:
case TSP_SYSTEM_RESET_DONE:
if (ns)
SMC_RET1(handle, SMC_UNK);
/*
* SP reports completion. The SPD must have initiated the
* original request through a synchronous entry into the SP.
* Jump back to the original C runtime context, and pass x1 as
* return value to the caller
*/
tspd_synchronous_sp_exit(tsp_ctx, x1);
/*
* Request from non-secure client to perform an
* arithmetic operation or response from secure
* payload to an earlier request.
*/
case TSP_FAST_FID(TSP_ADD):
case TSP_FAST_FID(TSP_SUB):
case TSP_FAST_FID(TSP_MUL):
case TSP_FAST_FID(TSP_DIV):
case TSP_STD_FID(TSP_ADD):
case TSP_STD_FID(TSP_SUB):
case TSP_STD_FID(TSP_MUL):
case TSP_STD_FID(TSP_DIV):
if (ns) {
/*
* This is a fresh request from the non-secure client.
* The parameters are in x1 and x2. Figure out which
* registers need to be preserved, save the non-secure
* state and send the request to the secure payload.
*/
assert(handle == cm_get_context(NON_SECURE));
/* Check if we are already preempted */
if (get_std_smc_active_flag(tsp_ctx->state))
SMC_RET1(handle, SMC_UNK);
cm_el1_sysregs_context_save(NON_SECURE);
/* Save x1 and x2 for use by TSP_GET_ARGS call below */
store_tsp_args(tsp_ctx, x1, x2);
/*
* We are done stashing the non-secure context. Ask the
* secure payload to do the work now.
*/
/*
* Verify if there is a valid context to use, copy the
* operation type and parameters to the secure context
* and jump to the fast smc entry point in the secure
* payload. Entry into S-EL1 will take place upon exit
* from this function.
*/
assert(&tsp_ctx->cpu_ctx == cm_get_context(SECURE));
/* Set appropriate entry for SMC.
* We expect the TSP to manage the PSTATE.I and PSTATE.F
* flags as appropriate.
*/
if (GET_SMC_TYPE(smc_fid) == SMC_TYPE_FAST) {
cm_set_elr_el3(SECURE, (uint64_t)
&tsp_vectors->fast_smc_entry);
} else {
set_std_smc_active_flag(tsp_ctx->state);
cm_set_elr_el3(SECURE, (uint64_t)
&tsp_vectors->std_smc_entry);
#if TSPD_ROUTE_IRQ_TO_EL3
/*
* Enable the routing of NS interrupts to EL3
* during STD SMC processing on this core.
*/
enable_intr_rm_local(INTR_TYPE_NS, SECURE);
#endif
}
cm_el1_sysregs_context_restore(SECURE);
cm_set_next_eret_context(SECURE);
SMC_RET3(&tsp_ctx->cpu_ctx, smc_fid, x1, x2);
} else {
/*
* This is the result from the secure client of an
* earlier request. The results are in x1-x3. Copy it
* into the non-secure context, save the secure state
* and return to the non-secure state.
*/
assert(handle == cm_get_context(SECURE));
cm_el1_sysregs_context_save(SECURE);
/* Get a reference to the non-secure context */
ns_cpu_context = cm_get_context(NON_SECURE);
assert(ns_cpu_context);
/* Restore non-secure state */
cm_el1_sysregs_context_restore(NON_SECURE);
cm_set_next_eret_context(NON_SECURE);
if (GET_SMC_TYPE(smc_fid) == SMC_TYPE_STD) {
clr_std_smc_active_flag(tsp_ctx->state);
#if TSPD_ROUTE_IRQ_TO_EL3
/*
* Disable the routing of NS interrupts to EL3
* after STD SMC processing is finished on this
* core.
*/
disable_intr_rm_local(INTR_TYPE_NS, SECURE);
#endif
}
SMC_RET3(ns_cpu_context, x1, x2, x3);
}
break;
/*
* Request from non secure world to resume the preempted
* Standard SMC call.
*/
case TSP_FID_RESUME:
/* RESUME should be invoked only by normal world */
if (!ns) {
assert(0);
break;
}
/*
* This is a resume request from the non-secure client.
* save the non-secure state and send the request to
* the secure payload.
*/
assert(handle == cm_get_context(NON_SECURE));
/* Check if we are already preempted before resume */
if (!get_std_smc_active_flag(tsp_ctx->state))
SMC_RET1(handle, SMC_UNK);
cm_el1_sysregs_context_save(NON_SECURE);
/*
* We are done stashing the non-secure context. Ask the
* secure payload to do the work now.
*/
#if TSPD_ROUTE_IRQ_TO_EL3
/*
* Enable the routing of NS interrupts to EL3 during resumption
* of STD SMC call on this core.
*/
enable_intr_rm_local(INTR_TYPE_NS, SECURE);
#endif
/* We just need to return to the preempted point in
* TSP and the execution will resume as normal.
*/
cm_el1_sysregs_context_restore(SECURE);
cm_set_next_eret_context(SECURE);
SMC_RET0(&tsp_ctx->cpu_ctx);
/*
* This is a request from the secure payload for more arguments
* for an ongoing arithmetic operation requested by the
* non-secure world. Simply return the arguments from the non-
* secure client in the original call.
*/
case TSP_GET_ARGS:
if (ns)
SMC_RET1(handle, SMC_UNK);
get_tsp_args(tsp_ctx, x1, x2);
SMC_RET2(handle, x1, x2);
case TOS_CALL_COUNT:
/*
* Return the number of service function IDs implemented to
* provide service to non-secure
*/
SMC_RET1(handle, TSP_NUM_FID);
case TOS_UID:
/* Return TSP UID to the caller */
SMC_UUID_RET(handle, tsp_uuid);
case TOS_CALL_VERSION:
/* Return the version of current implementation */
SMC_RET2(handle, TSP_VERSION_MAJOR, TSP_VERSION_MINOR);
default:
break;
}
SMC_RET1(handle, SMC_UNK);
}
/*******************************************************************************
* OPTEE Dispatcher setup. The OPTEED finds out the OPTEE entrypoint and type
* (aarch32/aarch64) if not already known and initialises the context for entry
* into OPTEE for its initialization.
******************************************************************************/
int32_t opteed_setup(void)
{
entry_point_info_t *ep_info;
struct optee_header *header;
uint64_t mpidr = read_mpidr();
uint32_t linear_id;
uintptr_t init_load_addr;
size_t init_size;
size_t init_mem_usage;
uintptr_t payload_addr;
uintptr_t mem_limit;
uintptr_t paged_part;
uintptr_t paged_size;
linear_id = platform_get_core_pos(mpidr);
/*
* Get information about the Secure Payload (BL32) image. Its
* absence is a critical failure. TODO: Add support to
* conditionally include the SPD service
*/
ep_info = bl31_plat_get_next_image_ep_info(SECURE);
if (!ep_info) {
WARN("No OPTEE provided by BL2 boot loader.\n");
goto err;
}
header = (struct optee_header *)ep_info->pc;
if (header->magic != OPTEE_MAGIC || header->version != OPTEE_VERSION) {
WARN("Invalid OPTEE header.\n");
goto err;
}
if (header->arch == OPTEE_ARCH_ARM32)
opteed_rw = OPTEE_AARCH32;
else if (header->arch == OPTEE_ARCH_ARM64)
opteed_rw = OPTEE_AARCH64;
else {
WARN("Invalid OPTEE architecture (%d)\n", header->arch);
goto err;
}
init_load_addr = ((uint64_t)header->init_load_addr_hi << 32) |
header->init_load_addr_lo;
init_size = header->init_size;
init_mem_usage = header->init_mem_usage;
payload_addr = (uintptr_t)(header + 1);
paged_size = header->paged_size;
/*
* Move OPTEE binary to the required location in memory.
*
* There's two ways OPTEE can be running in memory:
* 1. A memory large enough to keep the entire OPTEE binary
* (DRAM currently)
* 2. A part of OPTEE in a smaller (and more secure) memory
* (SRAM currently). This is achieved with demand paging
* of read-only data/code against a backing store in some
* larger memory (DRAM currently).
*
* In either case dictates init_load_addr in the OPTEE
* header the address where what's after the header
* (payload) should be residing when started. init_size in
* the header tells how much of the payload that need to be
* copied. init_mem_usage tells how much runtime memory in
* total is needed by OPTEE.
*
* In alternative 2 there's additional data after
* init_size, this is the rest of OPTEE which is demand
* paged into memory. A pointer to that data is supplied
* to OPTEE when initializing.
*
* Alternative 1 only uses DRAM when executing OPTEE while
* alternative 2 uses both SRAM and DRAM to execute.
*
* All data written which is later read by OPTEE must be flushed
* out to memory since OPTEE starts with MMU turned off and caches
* disabled.
*/
if (is_mem_free(BL32_SRAM_BASE,
BL32_SRAM_LIMIT - BL32_SRAM_BASE,
init_load_addr, init_mem_usage)) {
/* Running in SRAM, paging some code against DRAM */
memcpy((void *)init_load_addr, (void *)payload_addr,
init_size);
flush_dcache_range(init_load_addr, init_size);
paged_part = payload_addr + init_size;
mem_limit = BL32_SRAM_LIMIT;
} else if (is_mem_free(BL32_DRAM_BASE,
BL32_DRAM_LIMIT - BL32_DRAM_BASE,
init_load_addr, init_mem_usage)) {
/*
* Running in DRAM.
*
* The paged part normally empty, but if it isn't,
* move it to the end of DRAM before moving the
* init part in place.
*/
paged_part = BL32_DRAM_LIMIT - paged_size;
if (paged_size) {
if (!is_mem_free(BL32_DRAM_BASE,
BL32_DRAM_LIMIT - BL32_DRAM_BASE,
init_load_addr,
init_mem_usage + paged_size)) {
WARN("Failed to reserve memory 0x%lx - 0x%lx\n",
init_load_addr,
init_load_addr + init_mem_usage +
paged_size);
goto err;
}
memcpy((void *)paged_part,
(void *)(payload_addr + init_size),
paged_size);
flush_dcache_range(paged_part, paged_size);
}
memmove((void *)init_load_addr, (void *)payload_addr,
init_size);
flush_dcache_range(init_load_addr, init_size);
mem_limit = BL32_DRAM_LIMIT;
} else {
WARN("Failed to reserve memory 0x%lx - 0x%lx\n",
init_load_addr, init_load_addr + init_mem_usage);
goto err;
}
opteed_init_optee_ep_state(ep_info, opteed_rw, init_load_addr,
paged_part, mem_limit,
&opteed_sp_context[linear_id]);
/*
* All OPTEED initialization done. Now register our init function with
* BL31 for deferred invocation
*/
bl31_register_bl32_init(&opteed_init);
return 0;
err:
WARN("Booting device without OPTEE initialization.\n");
WARN("SMC`s destined for OPTEE will return SMC_UNK\n");
return 1;
}
/*******************************************************************************
* This function programs EL3 registers and performs other setup to enable entry
* into the next image after BL31 at the next ERET.
******************************************************************************/
void bl31_prepare_next_image_entry()
{
entry_point_info_t *next_image_info;
uint32_t scr, image_type;
cpu_context_t *ctx;
gp_regs_t *gp_regs;
/* Determine which image to execute next */
image_type = bl31_get_next_image_type();
/*
* Setup minimal architectural state of the next highest EL to
* allow execution in it immediately upon entering it.
*/
bl31_next_el_arch_setup(image_type);
/* Program EL3 registers to enable entry into the next EL */
next_image_info = bl31_plat_get_next_image_ep_info(image_type);
assert(next_image_info);
assert(image_type == GET_SECURITY_STATE(next_image_info->h.attr));
scr = read_scr();
scr &= ~SCR_NS_BIT;
if (image_type == NON_SECURE)
scr |= SCR_NS_BIT;
scr &= ~SCR_RW_BIT;
if ((next_image_info->spsr & (1 << MODE_RW_SHIFT)) ==
(MODE_RW_64 << MODE_RW_SHIFT))
{
scr |= SCR_RW_BIT;
scr |= SCR_HCE_BIT;
}
else
{
scr &= ~(SCR_HCE_BIT);
}
/*
* FIXME: Need a configurable flag when we have hypervisor installed
* This is for PSCI CPU_UP api to work correctly
* PSCI uses scr.hce to determine the target CPU of CPU_UP
* returns to NS world with HYP mode(HCE is set) or SVC mode(HCE is not set)
* (refer to psci_set_ns_entry_info() in psci_common.c)
* since we don't have hypervisor installed for now, we need to
* enter linux with SVC mode.
*/
// FIXME: For 64bit kernel, we need return to normal world with EL2
// Temporary comment out this to enable 64bit kernel smp.
// Need a method to configure this for 32bit/64bit kernel
//scr &= ~(SCR_HCE_BIT);
/*
* Tell the context mgmt. library to ensure that SP_EL3 points to
* the right context to exit from EL3 correctly.
*/
cm_set_el3_eret_context(image_type,
next_image_info->pc,
next_image_info->spsr,
scr);
/*
* Save the args generated in BL2 for the image in the right context
* used on its entry
*/
ctx = cm_get_context(read_mpidr(), image_type);
gp_regs = get_gpregs_ctx(ctx);
memcpy(gp_regs, (void *)&next_image_info->args, sizeof(aapcs64_params_t));
/* Finally set the next context */
cm_set_next_eret_context(image_type);
}
