void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1, u_register_t arg2, u_register_t arg3) { /* Initialize the debug console as soon as possible */ console_16550_register(SUNXI_UART0_BASE, SUNXI_UART0_CLK_IN_HZ, SUNXI_UART0_BAUDRATE, &console); #ifdef BL32_BASE /* Populate entry point information for BL32 */ SET_PARAM_HEAD(&bl32_image_ep_info, PARAM_EP, VERSION_1, 0); SET_SECURITY_STATE(bl32_image_ep_info.h.attr, SECURE); bl32_image_ep_info.pc = BL32_BASE; #endif /* Populate entry point information for BL33 */ SET_PARAM_HEAD(&bl33_image_ep_info, PARAM_EP, VERSION_1, 0); /* * Tell BL31 where the non-trusted software image * is located and the entry state information */ bl33_image_ep_info.pc = plat_get_ns_image_entrypoint(); bl33_image_ep_info.spsr = SPSR_64(MODE_EL2, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS); SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE); /* Turn off all secondary CPUs */ sunxi_disable_secondary_cpus(plat_my_core_pos()); }
/******************************************************************************* * Perform any BL3-1 early platform setup. Here is an opportunity to copy * parameters passed by the calling EL (S-EL1 in BL2 & S-EL3 in BL1) before they * are lost (potentially). This needs to be done before the MMU is initialized * so that the memory layout can be used while creating page tables. * BL2 has flushed this information to memory, so we are guaranteed to pick up * good data. ******************************************************************************/ void bl31_early_platform_setup(bl31_params_t *from_bl2, void *plat_params_from_bl2) { struct mtk_bl_param_t *pmtk_bl_param = (struct mtk_bl_param_t *)from_bl2; struct atf_arg_t *teearg; unsigned long long normal_base; unsigned long long atf_base; assert(from_bl2 != NULL); /* * Mediatek preloader(i.e, BL2) is in 32 bit state, high 32bits * of 64 bit GP registers are UNKNOWN if CPU warm reset from 32 bit * to 64 bit state. So we need to clear high 32bit, * which may be random value. */ pmtk_bl_param = (struct mtk_bl_param_t *)((uint64_t)pmtk_bl_param & 0x00000000ffffffff); plat_params_from_bl2 = (void *)((uint64_t)plat_params_from_bl2 & 0x00000000ffffffff); teearg = (struct atf_arg_t *)pmtk_bl_param->tee_info_addr; console_init(teearg->atf_log_port, UART_CLOCK, UART_BAUDRATE); memcpy((void *)>eearg, (void *)teearg, sizeof(struct atf_arg_t)); normal_base = 0; /* in ATF boot time, timer for cntpct_el0 is not initialized * so it will not count now. */ atf_base = read_cntpct_el0(); sched_clock_init(normal_base, atf_base); VERBOSE("bl31_setup\n"); /* Populate entry point information for BL3-2 and BL3-3 */ SET_PARAM_HEAD(&bl32_image_ep_info, PARAM_EP, VERSION_1, 0); SET_SECURITY_STATE(bl32_image_ep_info.h.attr, SECURE); bl32_image_ep_info.pc = BL32_BASE; SET_PARAM_HEAD(&bl33_image_ep_info, PARAM_EP, VERSION_1, 0); /* * Tell BL3-1 where the non-trusted software image * is located and the entry state information */ /* BL33_START_ADDRESS */ bl33_image_ep_info.pc = pmtk_bl_param->bl33_start_addr; bl33_image_ep_info.spsr = plat_get_spsr_for_bl33_entry(); bl33_image_ep_info.args.arg4 = pmtk_bl_param->bootarg_loc; bl33_image_ep_info.args.arg5 = pmtk_bl_param->bootarg_size; SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE); }
/******************************************************************************* * Perform any BL3-1 early platform setup common to ARM standard platforms. * Here is an opportunity to copy parameters passed by the calling EL (S-EL1 * in BL2 & S-EL3 in BL1) before they are lost (potentially). This needs to be * done before the MMU is initialized so that the memory layout can be used * while creating page tables. BL2 has flushed this information to memory, so * we are guaranteed to pick up good data. ******************************************************************************/ void arm_bl31_early_platform_setup(bl31_params_t *from_bl2, void *plat_params_from_bl2) { /* Initialize the console to provide early debug support */ console_init(PLAT_ARM_BOOT_UART_BASE, PLAT_ARM_BOOT_UART_CLK_IN_HZ, ARM_CONSOLE_BAUDRATE); #if RESET_TO_BL31 /* There are no parameters from BL2 if BL3-1 is a reset vector */ assert(from_bl2 == NULL); assert(plat_params_from_bl2 == NULL); /* Populate entry point information for BL3-2 and BL3-3 */ SET_PARAM_HEAD(&bl32_image_ep_info, PARAM_EP, VERSION_1, 0); SET_SECURITY_STATE(bl32_image_ep_info.h.attr, SECURE); bl32_image_ep_info.pc = BL32_BASE; bl32_image_ep_info.spsr = arm_get_spsr_for_bl32_entry(); SET_PARAM_HEAD(&bl33_image_ep_info, PARAM_EP, VERSION_1, 0); /* * Tell BL3-1 where the non-trusted software image * is located and the entry state information */ bl33_image_ep_info.pc = plat_get_ns_image_entrypoint(); bl33_image_ep_info.spsr = arm_get_spsr_for_bl33_entry(); SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE); #else /* * Check params passed from BL2 should not be NULL, */ assert(from_bl2 != NULL); assert(from_bl2->h.type == PARAM_BL31); assert(from_bl2->h.version >= VERSION_1); /* * In debug builds, we pass a special value in 'plat_params_from_bl2' * to verify platform parameters from BL2 to BL3-1. * In release builds, it's not used. */ assert(((unsigned long long)plat_params_from_bl2) == ARM_BL31_PLAT_PARAM_VAL); /* * Copy BL3-2 and BL3-3 entry point information. * They are stored in Secure RAM, in BL2's address space. */ bl32_image_ep_info = *from_bl2->bl32_ep_info; bl33_image_ep_info = *from_bl2->bl33_ep_info; #endif }
void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1, u_register_t arg2, u_register_t arg3) { /* Initialize the console to provide early debug support */ (void)console_pl011_register(PLAT_SQ_BOOT_UART_BASE, PLAT_SQ_BOOT_UART_CLK_IN_HZ, SQ_CONSOLE_BAUDRATE, &console); console_set_scope(&console.console, CONSOLE_FLAG_BOOT | CONSOLE_FLAG_RUNTIME); /* There are no parameters from BL2 if BL31 is a reset vector */ assert(arg0 == 0U); assert(arg1 == 0U); /* Initialize power controller before setting up topology */ plat_sq_pwrc_setup(); #ifdef SPD_opteed struct draminfo di = {0}; sq_scp_get_draminfo(&di); /* * Check if OP-TEE has been loaded in Secure RAM allocated * from DRAM1 region */ if ((di.base1 + di.size1) <= BL32_BASE) { NOTICE("OP-TEE has been loaded by SCP firmware\n"); /* Populate entry point information for BL32 */ SET_PARAM_HEAD(&bl32_image_ep_info, PARAM_EP, VERSION_1, 0); SET_SECURITY_STATE(bl32_image_ep_info.h.attr, SECURE); bl32_image_ep_info.pc = BL32_BASE; bl32_image_ep_info.spsr = sq_get_spsr_for_bl32_entry(); } else { NOTICE("OP-TEE has not been loaded by SCP firmware\n"); } #endif /* SPD_opteed */ /* Populate entry point information for BL33 */ SET_PARAM_HEAD(&bl33_image_ep_info, PARAM_EP, VERSION_1, 0); /* * Tell BL31 where the non-trusted software image * is located and the entry state information */ bl33_image_ep_info.pc = PRELOADED_BL33_BASE; bl33_image_ep_info.spsr = sq_get_spsr_for_bl33_entry(); SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE); }
void arm_tf_run_bl31(u64 payload_entry, u64 payload_arg0, u64 payload_spsr) { struct prog bl31 = PROG_INIT(PROG_BL31, CONFIG_CBFS_PREFIX"/bl31"); void (*bl31_entry)(bl31_params_t *params, void *plat_params) = NULL; if (prog_locate(&bl31)) die("BL31 not found"); bl31_entry = selfload(&bl31, false); if (!bl31_entry) die("BL31 load failed"); SET_PARAM_HEAD(&bl31_params, PARAM_BL31, VERSION_1, 0); if (IS_ENABLED(CONFIG_ARM64_USE_SECURE_OS)) { struct prog bl32 = PROG_INIT(PROG_BL32, CONFIG_CBFS_PREFIX"/secure_os"); if (prog_locate(&bl32)) die("BL32 not found"); if (cbfs_prog_stage_load(&bl32)) die("BL32 load failed"); SET_PARAM_HEAD(&bl32_ep_info, PARAM_EP, VERSION_1, PARAM_EP_SECURE); bl32_ep_info.pc = (uintptr_t)prog_entry(&bl32); bl32_ep_info.spsr = SPSR_EXCEPTION_MASK | get_eret_el(EL1, SPSR_USE_L); bl31_params.bl32_ep_info = &bl32_ep_info; } bl31_params.bl33_ep_info = &bl33_ep_info; SET_PARAM_HEAD(&bl33_ep_info, PARAM_EP, VERSION_1, PARAM_EP_NON_SECURE); bl33_ep_info.pc = payload_entry; bl33_ep_info.spsr = payload_spsr; bl33_ep_info.args.arg0 = payload_arg0; /* May update bl31_params if necessary. Must flush all added structs. */ void *bl31_plat_params = soc_get_bl31_plat_params(&bl31_params); dcache_clean_by_mva(&bl31_params, sizeof(bl31_params)); dcache_clean_by_mva(&bl33_ep_info, sizeof(bl33_ep_info)); raw_write_daif(SPSR_EXCEPTION_MASK); mmu_disable(); bl31_entry(&bl31_params, bl31_plat_params); die("BL31 returned!"); }
/******************************************************************************* * This function creates the list of loadable images, by populating and * linking each `bl_load_info_node_t` type node, using the internal array * of image descriptor provided by bl_mem_params_desc_ptr. It also populates * and returns `bl_load_info_t` type structure that contains head of the list * of loadable images. ******************************************************************************/ bl_load_info_t *get_bl_load_info_from_mem_params_desc(void) { int index = 0; /* If there is no image to start with, return NULL */ if (!bl_mem_params_desc_num) return NULL; /* Assign initial data structures */ bl_load_info_node_t *bl_node_info = &bl_mem_params_desc_ptr[index].load_node_mem; bl_load_info.head = bl_node_info; SET_PARAM_HEAD(&bl_load_info, PARAM_BL_LOAD_INFO, VERSION_2, 0); /* Go through the image descriptor array and create the list */ for (; index < bl_mem_params_desc_num; index++) { /* Populate the image information */ bl_node_info->image_id = bl_mem_params_desc_ptr[index].image_id; bl_node_info->image_info = &bl_mem_params_desc_ptr[index].image_info; /* Link next image if present */ if ((index + 1) < bl_mem_params_desc_num) { /* Get the memory and link the next node */ bl_node_info->next_load_info = &bl_mem_params_desc_ptr[index + 1].load_node_mem; bl_node_info = bl_node_info->next_load_info; } } return &bl_load_info; }
/******************************************************************************* * Given a secure payload entrypoint, register width, cpu id & pointer to a * context data structure, this function will create a secure context ready for * programming an entry into the secure payload. ******************************************************************************/ void tlkd_init_tlk_ep_state(struct entry_point_info *tlk_entry_point, uint32_t rw, uint64_t pc, tlk_context_t *tlk_ctx) { uint32_t ep_attr, spsr; /* Passing a NULL context is a critical programming error */ assert(tlk_ctx); assert(tlk_entry_point); assert(pc); /* Associate this context with the cpu specified */ tlk_ctx->mpidr = read_mpidr_el1(); clr_std_smc_active_flag(tlk_ctx->state); cm_set_context(&tlk_ctx->cpu_ctx, SECURE); if (rw == SP_AARCH64) spsr = SPSR_64(MODE_EL1, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS); else spsr = SPSR_MODE32(MODE32_svc, SPSR_T_ARM, read_sctlr_el3() & SCTLR_EE_BIT, DISABLE_ALL_EXCEPTIONS); /* initialise an entrypoint to set up the CPU context */ ep_attr = SECURE | EP_ST_ENABLE; if (read_sctlr_el3() & SCTLR_EE_BIT) ep_attr |= EP_EE_BIG; SET_PARAM_HEAD(tlk_entry_point, PARAM_EP, VERSION_1, ep_attr); tlk_entry_point->pc = pc; tlk_entry_point->spsr = spsr; }
/******************************************************************************* * Perform any BL31 specific platform actions. Here is an opportunity to copy * parameters passed by the calling EL (S-EL1 in BL2 & S-EL3 in BL1) before they * are lost (potentially). This needs to be done before the MMU is initialized * so that the memory layout can be used while creating page tables. On the ZYNQMP * we know that BL2 has populated the parameters in secure DRAM. So we just use * the reference passed in 'from_bl2' instead of copying. The 'data' parameter * is not used since all the information is contained in 'from_bl2'. Also, BL2 * has flushed this information to memory, so we are guaranteed to pick up good * data ******************************************************************************/ void bl31_early_platform_setup(bl31_params_t *from_bl2, void *plat_params_from_bl2) { /* Initialize the console to provide early debug support */ console_init(RDO_UART0_BASE, zynqmp_get_uart_clk(), CADENCE_UART_BAUDRATE); /* Initialize the platform config for future decision making */ zynqmp_config_setup(); /* There are no parameters from BL2 if BL31 is a reset vector */ assert(from_bl2 == NULL); assert(plat_params_from_bl2 == NULL); /* * Do initial security configuration to allow DRAM/device access. On * Base ZYNQMP only DRAM security is programmable (via TrustZone), but * other platforms might have more programmable security devices * present. */ /* Populate entry point information for BL32 and BL33 */ SET_PARAM_HEAD(&bl32_image_ep_info, PARAM_EP, VERSION_1, 0); SET_SECURITY_STATE(bl32_image_ep_info.h.attr, SECURE); bl32_image_ep_info.pc = BL32_BASE; bl32_image_ep_info.spsr = arm_get_spsr_for_bl32_entry(); NOTICE("BL31: Secure code at 0x%lx\n", bl32_image_ep_info.pc); SET_PARAM_HEAD(&bl33_image_ep_info, PARAM_EP, VERSION_1, 0); /* * Tell BL31 where the non-trusted software image * is located and the entry state information */ bl33_image_ep_info.pc = plat_get_ns_image_entrypoint(); bl33_image_ep_info.spsr = SPSR_64(MODE_EL2, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS); SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE); NOTICE("BL31: Non secure code at 0x%lx\n", bl33_image_ep_info.pc); }
/******************************************************************************* * Utility function to perform early platform setup. ******************************************************************************/ void arm_sp_min_early_platform_setup(void *from_bl2, uintptr_t tos_fw_config, uintptr_t hw_config, void *plat_params_from_bl2) { /* Initialize the console to provide early debug support */ console_init(PLAT_ARM_BOOT_UART_BASE, PLAT_ARM_BOOT_UART_CLK_IN_HZ, ARM_CONSOLE_BAUDRATE); #if RESET_TO_SP_MIN /* There are no parameters from BL2 if SP_MIN is a reset vector */ assert(from_bl2 == NULL); assert(plat_params_from_bl2 == NULL); /* Populate entry point information for BL33 */ SET_PARAM_HEAD(&bl33_image_ep_info, PARAM_EP, VERSION_1, 0); /* * Tell SP_MIN where the non-trusted software image * is located and the entry state information */ bl33_image_ep_info.pc = plat_get_ns_image_entrypoint(); bl33_image_ep_info.spsr = arm_get_spsr_for_bl33_entry(); SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE); #else /* RESET_TO_SP_MIN */ /* * Check params passed from BL2 should not be NULL, */ bl_params_t *params_from_bl2 = (bl_params_t *)from_bl2; assert(params_from_bl2 != NULL); assert(params_from_bl2->h.type == PARAM_BL_PARAMS); assert(params_from_bl2->h.version >= VERSION_2); bl_params_node_t *bl_params = params_from_bl2->head; /* * Copy BL33 entry point information. * They are stored in Secure RAM, in BL2's address space. */ while (bl_params) { if (bl_params->image_id == BL33_IMAGE_ID) { bl33_image_ep_info = *bl_params->ep_info; break; } bl_params = bl_params->next_params_info; } if (bl33_image_ep_info.pc == 0) panic(); #endif /* RESET_TO_SP_MIN */ }
/* * Perform any BL31 specific platform actions. Here is an opportunity to copy * parameters passed by the calling EL (S-EL1 in BL2 & S-EL3 in BL1) before they * are lost (potentially). This needs to be done before the MMU is initialized * so that the memory layout can be used while creating page tables. */ void bl31_early_platform_setup(bl31_params_t *from_bl2, void *plat_params_from_bl2) { /* Initialize the console to provide early debug support */ console_init(ZYNQMP_UART_BASE, zynqmp_get_uart_clk(), ZYNQMP_UART_BAUDRATE); /* Initialize the platform config for future decision making */ zynqmp_config_setup(); /* There are no parameters from BL2 if BL31 is a reset vector */ assert(from_bl2 == NULL); assert(plat_params_from_bl2 == NULL); /* * Do initial security configuration to allow DRAM/device access. On * Base ZYNQMP only DRAM security is programmable (via TrustZone), but * other platforms might have more programmable security devices * present. */ /* Populate common information for BL32 and BL33 */ SET_PARAM_HEAD(&bl32_image_ep_info, PARAM_EP, VERSION_1, 0); SET_SECURITY_STATE(bl32_image_ep_info.h.attr, SECURE); SET_PARAM_HEAD(&bl33_image_ep_info, PARAM_EP, VERSION_1, 0); SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE); if (zynqmp_get_bootmode() == ZYNQMP_BOOTMODE_JTAG) { /* use build time defaults in JTAG boot mode */ bl32_image_ep_info.pc = BL32_BASE; bl32_image_ep_info.spsr = arm_get_spsr_for_bl32_entry(); bl33_image_ep_info.pc = plat_get_ns_image_entrypoint(); bl33_image_ep_info.spsr = SPSR_64(MODE_EL2, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS); } else { /* use parameters from FSBL */ fsbl_atf_handover(&bl32_image_ep_info, &bl33_image_ep_info); } NOTICE("BL31: Secure code at 0x%lx\n", bl32_image_ep_info.pc); NOTICE("BL31: Non secure code at 0x%lx\n", bl33_image_ep_info.pc); }
/******************************************************************************* * This function determines the full entrypoint information for the requested * PSCI entrypoint on power on/resume and returns it. ******************************************************************************/ static int psci_get_ns_ep_info(entry_point_info_t *ep, uintptr_t entrypoint, u_register_t context_id) { unsigned long ep_attr, sctlr; unsigned int daif, ee, mode; unsigned long ns_scr_el3 = read_scr_el3(); unsigned long ns_sctlr_el1 = read_sctlr_el1(); sctlr = ns_scr_el3 & SCR_HCE_BIT ? read_sctlr_el2() : ns_sctlr_el1; ee = 0; ep_attr = NON_SECURE | EP_ST_DISABLE; if (sctlr & SCTLR_EE_BIT) { ep_attr |= EP_EE_BIG; ee = 1; } SET_PARAM_HEAD(ep, PARAM_EP, VERSION_1, ep_attr); ep->pc = entrypoint; memset(&ep->args, 0, sizeof(ep->args)); ep->args.arg0 = context_id; /* * Figure out whether the cpu enters the non-secure address space * in aarch32 or aarch64 */ if (ns_scr_el3 & SCR_RW_BIT) { /* * Check whether a Thumb entry point has been provided for an * aarch64 EL */ if (entrypoint & 0x1) return PSCI_E_INVALID_ADDRESS; mode = ns_scr_el3 & SCR_HCE_BIT ? MODE_EL2 : MODE_EL1; ep->spsr = SPSR_64(mode, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS); } else { mode = ns_scr_el3 & SCR_HCE_BIT ? MODE32_hyp : MODE32_svc; /* * TODO: Choose async. exception bits if HYP mode is not * implemented according to the values of SCR.{AW, FW} bits */ daif = DAIF_ABT_BIT | DAIF_IRQ_BIT | DAIF_FIQ_BIT; ep->spsr = SPSR_MODE32(mode, entrypoint & 0x1, ee, daif); } return PSCI_E_SUCCESS; }
/******************************************************************************* * Generate the entry point info for Non Secure and Secure images * for transferring control from BL31 ******************************************************************************/ void mt_get_entry_point_info(unsigned long target_security, entry_point_info_t *target_entry_info) { atf_arg_t_ptr teearg = (atf_arg_t_ptr)(uintptr_t)TEE_BOOT_INFO_ADDR; if (target_security == NON_SECURE) { SET_PARAM_HEAD(target_entry_info, PARAM_EP, VERSION_1, 0); /* * Tell BL31 where the non-trusted software image * is located and the entry state information */ target_entry_info->pc = plat_get_ns_image_entrypoint(); mt_set_bl33_ep_info(target_entry_info); } else { SET_PARAM_HEAD(target_entry_info, PARAM_EP, VERSION_1, 0); if (teearg->tee_support) { target_entry_info->pc = teearg->tee_entry; mt_set_bl32_ep_info(target_entry_info); } else { if (BL32_BASE != 0) { /* Hard coding entry point to the base of the BL32 */ target_entry_info->pc = BL32_BASE; mt_set_bl32_ep_info(target_entry_info); } } } }
/******************************************************************************* * Perform any BL3-1 early platform setup, such as console init and deciding on * memory layout. ******************************************************************************/ void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1, u_register_t arg2, u_register_t arg3) { /* There are no parameters from BL2 if BL31 is a reset vector */ assert(arg0 == 0U); assert(arg1 == 0U); bl31_console_setup(); #ifdef BL32_BASE /* Populate entry point information for BL32 */ SET_PARAM_HEAD(&bl32_image_ep_info, PARAM_EP, VERSION_1, 0); bl32_image_ep_info.pc = BL32_BASE; bl32_image_ep_info.spsr = SPSR_64(MODE_EL1, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS); SET_SECURITY_STATE(bl32_image_ep_info.h.attr, SECURE); #endif /* Populate entry point information for BL33 */ SET_PARAM_HEAD(&bl33_image_ep_info, PARAM_EP, VERSION_1, 0); bl33_image_ep_info.pc = PRELOADED_BL33_BASE; bl33_image_ep_info.spsr = k3_get_spsr_for_bl33_entry(); SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE); #ifdef K3_HW_CONFIG_BASE /* * According to the file ``Documentation/arm64/booting.txt`` of the * Linux kernel tree, Linux expects the physical address of the device * tree blob (DTB) in x0, while x1-x3 are reserved for future use and * must be 0. */ bl33_image_ep_info.args.arg0 = (u_register_t)K3_HW_CONFIG_BASE; bl33_image_ep_info.args.arg1 = 0U; bl33_image_ep_info.args.arg2 = 0U; bl33_image_ep_info.args.arg3 = 0U; #endif }
/******************************************************************************* * Given a secure payload entrypoint info pointer, entry point PC, register * width, cpu id & pointer to a context data structure, this function will * initialize tsp context and entry point info for the secure payload ******************************************************************************/ void tspd_init_tsp_ep_state(struct entry_point_info *tsp_entry_point, uint32_t rw, uint64_t pc, tsp_context_t *tsp_ctx) { uint32_t ep_attr; /* Passing a NULL context is a critical programming error */ assert(tsp_ctx); assert(tsp_entry_point); assert(pc); /* * We support AArch64 TSP for now. * TODO: Add support for AArch32 TSP */ assert(rw == TSP_AARCH64); /* Associate this context with the cpu specified */ tsp_ctx->mpidr = read_mpidr_el1(); tsp_ctx->state = 0; set_tsp_pstate(tsp_ctx->state, TSP_PSTATE_OFF); clr_yield_smc_active_flag(tsp_ctx->state); cm_set_context(&tsp_ctx->cpu_ctx, SECURE); /* initialise an entrypoint to set up the CPU context */ ep_attr = SECURE | EP_ST_ENABLE; if (read_sctlr_el3() & SCTLR_EE_BIT) ep_attr |= EP_EE_BIG; SET_PARAM_HEAD(tsp_entry_point, PARAM_EP, VERSION_1, ep_attr); tsp_entry_point->pc = pc; tsp_entry_point->spsr = SPSR_64(MODE_EL1, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS); zeromem(&tsp_entry_point->args, sizeof(tsp_entry_point->args)); }
/******************************************************************************* * This function assigns a pointer to the memory that the platform has kept * aside to pass platform specific and trusted firmware related information * to BL31. This memory is allocated by allocating memory to * bl2_to_bl31_params_mem_t structure which is a superset of all the * structure whose information is passed to BL31 * NOTE: This function should be called only once and should be done * before generating params to BL31 ******************************************************************************/ bl31_params_t *bl2_plat_get_bl31_params(void) { bl2_to_bl31_params_mem_t *bl31_params_mem; /* * Allocate the memory for all the arguments that needs to * be passed to BL31 */ bl31_params_mem = (bl2_to_bl31_params_mem_t *)PARAMS_BASE; memset((void *)PARAMS_BASE, 0, sizeof(bl2_to_bl31_params_mem_t)); /* Assign memory for TF related information */ bl2_to_bl31_params = &bl31_params_mem->bl31_params; SET_PARAM_HEAD(bl2_to_bl31_params, PARAM_BL31, VERSION_1, 0); /* Fill BL31 related information */ bl31_ep_info = &bl31_params_mem->bl31_ep_info; bl2_to_bl31_params->bl31_image_info = &bl31_params_mem->bl31_image_info; SET_PARAM_HEAD(bl2_to_bl31_params->bl31_image_info, PARAM_IMAGE_BINARY, VERSION_1, 0); /* Fill BL32 related information if it exists */ if (BL32_BASE) { bl2_to_bl31_params->bl32_ep_info = &bl31_params_mem->bl32_ep_info; SET_PARAM_HEAD(bl2_to_bl31_params->bl32_ep_info, PARAM_EP, VERSION_1, 0); bl2_to_bl31_params->bl32_image_info = &bl31_params_mem->bl32_image_info; SET_PARAM_HEAD(bl2_to_bl31_params->bl32_image_info, PARAM_IMAGE_BINARY, VERSION_1, 0); } /* Fill BL33 related information */ bl2_to_bl31_params->bl33_ep_info = &bl31_params_mem->bl33_ep_info; SET_PARAM_HEAD(bl2_to_bl31_params->bl33_ep_info, PARAM_EP, VERSION_1, 0); bl2_to_bl31_params->bl33_image_info = &bl31_params_mem->bl33_image_info; SET_PARAM_HEAD(bl2_to_bl31_params->bl33_image_info, PARAM_IMAGE_BINARY, VERSION_1, 0); return bl2_to_bl31_params; }
/******************************************************************************* * This function assigns a pointer to the memory that the platform has kept * aside to pass platform specific and trusted firmware related information * to BL31. This memory is allocated by allocating memory to * bl2_to_bl31_params_mem_t structure which is a superset of all the * structure whose information is passed to BL31 * NOTE: This function should be called only once and should be done * before generating params to BL31 ******************************************************************************/ bl31_params_t *bl2_plat_get_bl31_params(void) { bl31_params_t *bl2_to_bl31_params; /* * Initialise the memory for all the arguments that needs to * be passed to BL31 */ memset(&bl31_params_mem, 0, sizeof(bl2_to_bl31_params_mem_t)); /* Assign memory for TF related information */ bl2_to_bl31_params = &bl31_params_mem.bl31_params; SET_PARAM_HEAD(bl2_to_bl31_params, PARAM_BL31, VERSION_1, 0); /* Fill BL31 related information */ bl2_to_bl31_params->bl31_image_info = &bl31_params_mem.bl31_image_info; SET_PARAM_HEAD(bl2_to_bl31_params->bl31_image_info, PARAM_IMAGE_BINARY, VERSION_1, 0); /* Fill BL32 related information if it exists */ #if BL32_BASE bl2_to_bl31_params->bl32_ep_info = &bl31_params_mem.bl32_ep_info; SET_PARAM_HEAD(bl2_to_bl31_params->bl32_ep_info, PARAM_EP, VERSION_1, 0); bl2_to_bl31_params->bl32_image_info = &bl31_params_mem.bl32_image_info; SET_PARAM_HEAD(bl2_to_bl31_params->bl32_image_info, PARAM_IMAGE_BINARY, VERSION_1, 0); #endif /* Fill BL33 related information */ bl2_to_bl31_params->bl33_ep_info = &bl31_params_mem.bl33_ep_info; SET_PARAM_HEAD(bl2_to_bl31_params->bl33_ep_info, PARAM_EP, VERSION_1, 0); /* BL33 expects to receive the primary CPU MPID (through x0) */ bl2_to_bl31_params->bl33_ep_info->args.arg0 = 0xffff & read_mpidr(); bl2_to_bl31_params->bl33_image_info = &bl31_params_mem.bl33_image_info; SET_PARAM_HEAD(bl2_to_bl31_params->bl33_image_info, PARAM_IMAGE_BINARY, VERSION_1, 0); return bl2_to_bl31_params; }
void arm_bl31_early_platform_setup(bl31_params_t *from_bl2, void *plat_params_from_bl2) #endif { /* Initialize the console to provide early debug support */ console_init(PLAT_ARM_BOOT_UART_BASE, PLAT_ARM_BOOT_UART_CLK_IN_HZ, ARM_CONSOLE_BAUDRATE); #if RESET_TO_BL31 /* There are no parameters from BL2 if BL31 is a reset vector */ assert(from_bl2 == NULL); assert(plat_params_from_bl2 == NULL); #ifdef BL32_BASE /* Populate entry point information for BL32 */ SET_PARAM_HEAD(&bl32_image_ep_info, PARAM_EP, VERSION_1, 0); SET_SECURITY_STATE(bl32_image_ep_info.h.attr, SECURE); bl32_image_ep_info.pc = BL32_BASE; bl32_image_ep_info.spsr = arm_get_spsr_for_bl32_entry(); #endif /* BL32_BASE */ /* Populate entry point information for BL33 */ SET_PARAM_HEAD(&bl33_image_ep_info, PARAM_EP, VERSION_1, 0); /* * Tell BL31 where the non-trusted software image * is located and the entry state information */ bl33_image_ep_info.pc = plat_get_ns_image_entrypoint(); bl33_image_ep_info.spsr = arm_get_spsr_for_bl33_entry(); SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE); #else /* RESET_TO_BL31 */ /* * In debug builds, we pass a special value in 'plat_params_from_bl2' * to verify platform parameters from BL2 to BL31. * In release builds, it's not used. */ assert(((unsigned long long)plat_params_from_bl2) == ARM_BL31_PLAT_PARAM_VAL); # if LOAD_IMAGE_V2 /* * Check params passed from BL2 should not be NULL, */ bl_params_t *params_from_bl2 = (bl_params_t *)from_bl2; assert(params_from_bl2 != NULL); assert(params_from_bl2->h.type == PARAM_BL_PARAMS); assert(params_from_bl2->h.version >= VERSION_2); bl_params_node_t *bl_params = params_from_bl2->head; /* * Copy BL33 and BL32 (if present), entry point information. * They are stored in Secure RAM, in BL2's address space. */ while (bl_params) { if (bl_params->image_id == BL32_IMAGE_ID) bl32_image_ep_info = *bl_params->ep_info; if (bl_params->image_id == BL33_IMAGE_ID) bl33_image_ep_info = *bl_params->ep_info; bl_params = bl_params->next_params_info; } if (bl33_image_ep_info.pc == 0) panic(); # else /* LOAD_IMAGE_V2 */ /* * Check params passed from BL2 should not be NULL, */ assert(from_bl2 != NULL); assert(from_bl2->h.type == PARAM_BL31); assert(from_bl2->h.version >= VERSION_1); /* * Copy BL32 (if populated by BL2) and BL33 entry point information. * They are stored in Secure RAM, in BL2's address space. */ if (from_bl2->bl32_ep_info) bl32_image_ep_info = *from_bl2->bl32_ep_info; bl33_image_ep_info = *from_bl2->bl33_ep_info; # endif /* LOAD_IMAGE_V2 */ #endif /* RESET_TO_BL31 */ }
/* * Handle SMC from a lower exception level to switch its execution state * (either from AArch64 to AArch32, or vice versa). * * smc_fid: * SMC function ID - either ARM_SIP_SVC_STATE_SWITCH_64 or * ARM_SIP_SVC_STATE_SWITCH_32. * pc_hi, pc_lo: * PC upon re-entry to the calling exception level; width dependent on the * calling exception level. * cookie_hi, cookie_lo: * Opaque pointer pairs received from the caller to pass it back, upon * re-entry. * handle: * Handle to saved context. */ int arm_execution_state_switch(unsigned int smc_fid, uint32_t pc_hi, uint32_t pc_lo, uint32_t cookie_hi, uint32_t cookie_lo, void *handle) { /* Execution state can be switched only if EL3 is AArch64 */ #ifdef AARCH64 int caller_64, from_el2, el, endianness, thumb = 0; u_register_t spsr, pc, scr, sctlr; entry_point_info_t ep; cpu_context_t *ctx = (cpu_context_t *) handle; el3_state_t *el3_ctx = get_el3state_ctx(ctx); /* That the SMC originated from NS is already validated by the caller */ /* * Disallow state switch if any of the secondaries have been brought up. */ if (psci_secondaries_brought_up()) goto exec_denied; spsr = read_ctx_reg(el3_ctx, CTX_SPSR_EL3); caller_64 = (GET_RW(spsr) == MODE_RW_64); if (caller_64) { /* * If the call originated from AArch64, expect 32-bit pointers when * switching to AArch32. */ if ((pc_hi != 0) || (cookie_hi != 0)) goto invalid_param; pc = pc_lo; /* Instruction state when entering AArch32 */ thumb = pc & 1; } else { /* Construct AArch64 PC */ pc = (((u_register_t) pc_hi) << 32) | pc_lo; } /* Make sure PC is 4-byte aligned, except for Thumb */ if ((pc & 0x3) && !thumb) goto invalid_param; /* * EL3 controls register width of the immediate lower EL only. Expect * this request from EL2/Hyp unless: * * - EL2 is not implemented; * - EL2 is implemented, but was disabled. This can be inferred from * SCR_EL3.HCE. */ from_el2 = caller_64 ? (GET_EL(spsr) == MODE_EL2) : (GET_M32(spsr) == MODE32_hyp); scr = read_ctx_reg(el3_ctx, CTX_SCR_EL3); if (!from_el2) { /* The call is from NS privilege level other than HYP */ /* * Disallow switching state if there's a Hypervisor in place; * this request must be taken up with the Hypervisor instead. */ if (scr & SCR_HCE_BIT) goto exec_denied; } /* * Return to the caller using the same endianness. Extract * endianness bit from the respective system control register * directly. */ sctlr = from_el2 ? read_sctlr_el2() : read_sctlr_el1(); endianness = !!(sctlr & SCTLR_EE_BIT); /* Construct SPSR for the exception state we're about to switch to */ if (caller_64) { int impl; /* * Switching from AArch64 to AArch32. Ensure this CPU implements * the target EL in AArch32. */ impl = from_el2 ? EL_IMPLEMENTED(2) : EL_IMPLEMENTED(1); if (impl != EL_IMPL_A64_A32) goto exec_denied; /* Return to the equivalent AArch32 privilege level */ el = from_el2 ? MODE32_hyp : MODE32_svc; spsr = SPSR_MODE32(el, thumb ? SPSR_T_THUMB : SPSR_T_ARM, endianness, DISABLE_ALL_EXCEPTIONS); } else { /* * Switching from AArch32 to AArch64. Since it's not possible to * implement an EL as AArch32-only (from which this call was * raised), it's safe to assume AArch64 is also implemented. */ el = from_el2 ? MODE_EL2 : MODE_EL1; spsr = SPSR_64(el, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS); } /* * Use the context management library to re-initialize the existing * context with the execution state flipped. Since the library takes * entry_point_info_t pointer as the argument, construct a dummy one * with PC, state width, endianness, security etc. appropriately set. * Other entries in the entry point structure are irrelevant for * purpose. */ zeromem(&ep, sizeof(ep)); ep.pc = pc; ep.spsr = spsr; SET_PARAM_HEAD(&ep, PARAM_EP, VERSION_1, ((endianness ? EP_EE_BIG : EP_EE_LITTLE) | NON_SECURE | EP_ST_DISABLE)); /* * Re-initialize the system register context, and exit EL3 as if for the * first time. State switch is effectively a soft reset of the * calling EL. */ cm_init_my_context(&ep); cm_prepare_el3_exit(NON_SECURE); /* * State switch success. The caller of SMC wouldn't see the SMC * returning. Instead, execution starts at the supplied entry point, * with context pointers populated in registers 0 and 1. */ SMC_RET2(handle, cookie_hi, cookie_lo); invalid_param: SMC_RET1(handle, STATE_SW_E_PARAM); exec_denied: #endif /* State switch denied */ SMC_RET1(handle, STATE_SW_E_DENIED); }
/******************************************************************************* * This function creates the list of executable images, by populating and * linking each `bl_params_node_t` type node, using the internal array of * image descriptor provided by bl_mem_params_desc_ptr. It also populates * and returns `bl_params_t` type structure that contains head of the list * of executable images. ******************************************************************************/ bl_params_t *get_next_bl_params_from_mem_params_desc(void) { int count; unsigned int img_id = 0; int link_index = 0; bl_params_node_t *bl_current_exec_node = NULL; bl_params_node_t *bl_last_exec_node = NULL; bl_mem_params_node_t *desc_ptr; /* If there is no image to start with, return NULL */ if (!bl_mem_params_desc_num) return NULL; /* Get the list HEAD */ for (count = 0; count < bl_mem_params_desc_num; count++) { desc_ptr = &bl_mem_params_desc_ptr[count]; if ((EP_GET_EXE(desc_ptr->ep_info.h.attr) == EXECUTABLE) && (EP_GET_FIRST_EXE(desc_ptr->ep_info.h.attr) == EP_FIRST_EXE)) { next_bl_params.head = &desc_ptr->params_node_mem; link_index = count; break; } } /* Make sure we have a HEAD node */ assert(next_bl_params.head != NULL); /* Populate the HEAD information */ SET_PARAM_HEAD(&next_bl_params, PARAM_BL_PARAMS, VERSION_2, 0); /* * Go through the image descriptor array and create the list. * This bounded loop is to make sure that we are not looping forever. */ for (count = 0 ; count < bl_mem_params_desc_num; count++) { desc_ptr = &bl_mem_params_desc_ptr[link_index]; /* Make sure the image is executable */ assert(EP_GET_EXE(desc_ptr->ep_info.h.attr) == EXECUTABLE); /* Get the memory for current node */ bl_current_exec_node = &desc_ptr->params_node_mem; /* Populate the image information */ bl_current_exec_node->image_id = desc_ptr->image_id; bl_current_exec_node->image_info = &desc_ptr->image_info; bl_current_exec_node->ep_info = &desc_ptr->ep_info; if (bl_last_exec_node) { /* Assert if loop detected */ assert(bl_last_exec_node->next_params_info == NULL); /* Link the previous node to the current one */ bl_last_exec_node->next_params_info = bl_current_exec_node; } /* Update the last node */ bl_last_exec_node = bl_current_exec_node; /* If no next hand-off image then break out */ img_id = desc_ptr->next_handoff_image_id; if (img_id == INVALID_IMAGE_ID) break; /* Get the index for the next hand-off image */ link_index = get_bl_params_node_index(img_id); assert((link_index > 0) && (link_index < bl_mem_params_desc_num)); } /* Invalid image is expected to terminate the loop */ assert(img_id == INVALID_IMAGE_ID); return &next_bl_params; }