void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1, u_register_t arg2, u_register_t arg3) { /* Initialize the debug console as soon as possible */ console_16550_register(SUNXI_UART0_BASE, SUNXI_UART0_CLK_IN_HZ, SUNXI_UART0_BAUDRATE, &console); #ifdef BL32_BASE /* Populate entry point information for BL32 */ SET_PARAM_HEAD(&bl32_image_ep_info, PARAM_EP, VERSION_1, 0); SET_SECURITY_STATE(bl32_image_ep_info.h.attr, SECURE); bl32_image_ep_info.pc = BL32_BASE; #endif /* Populate entry point information for BL33 */ SET_PARAM_HEAD(&bl33_image_ep_info, PARAM_EP, VERSION_1, 0); /* * Tell BL31 where the non-trusted software image * is located and the entry state information */ bl33_image_ep_info.pc = plat_get_ns_image_entrypoint(); bl33_image_ep_info.spsr = SPSR_64(MODE_EL2, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS); SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE); /* Turn off all secondary CPUs */ sunxi_disable_secondary_cpus(plat_my_core_pos()); }
/******************************************************************************* * Utility function to perform early platform setup. ******************************************************************************/ void arm_sp_min_early_platform_setup(void *from_bl2, uintptr_t tos_fw_config, uintptr_t hw_config, void *plat_params_from_bl2) { /* Initialize the console to provide early debug support */ console_init(PLAT_ARM_BOOT_UART_BASE, PLAT_ARM_BOOT_UART_CLK_IN_HZ, ARM_CONSOLE_BAUDRATE); #if RESET_TO_SP_MIN /* There are no parameters from BL2 if SP_MIN is a reset vector */ assert(from_bl2 == NULL); assert(plat_params_from_bl2 == NULL); /* Populate entry point information for BL33 */ SET_PARAM_HEAD(&bl33_image_ep_info, PARAM_EP, VERSION_1, 0); /* * Tell SP_MIN where the non-trusted software image * is located and the entry state information */ bl33_image_ep_info.pc = plat_get_ns_image_entrypoint(); bl33_image_ep_info.spsr = arm_get_spsr_for_bl33_entry(); SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE); #else /* RESET_TO_SP_MIN */ /* * Check params passed from BL2 should not be NULL, */ bl_params_t *params_from_bl2 = (bl_params_t *)from_bl2; assert(params_from_bl2 != NULL); assert(params_from_bl2->h.type == PARAM_BL_PARAMS); assert(params_from_bl2->h.version >= VERSION_2); bl_params_node_t *bl_params = params_from_bl2->head; /* * Copy BL33 entry point information. * They are stored in Secure RAM, in BL2's address space. */ while (bl_params) { if (bl_params->image_id == BL33_IMAGE_ID) { bl33_image_ep_info = *bl_params->ep_info; break; } bl_params = bl_params->next_params_info; } if (bl33_image_ep_info.pc == 0) panic(); #endif /* RESET_TO_SP_MIN */ }
/******************************************************************************* * Perform any BL3-1 early platform setup common to ARM standard platforms. * Here is an opportunity to copy parameters passed by the calling EL (S-EL1 * in BL2 & S-EL3 in BL1) before they are lost (potentially). This needs to be * done before the MMU is initialized so that the memory layout can be used * while creating page tables. BL2 has flushed this information to memory, so * we are guaranteed to pick up good data. ******************************************************************************/ void arm_bl31_early_platform_setup(bl31_params_t *from_bl2, void *plat_params_from_bl2) { /* Initialize the console to provide early debug support */ console_init(PLAT_ARM_BOOT_UART_BASE, PLAT_ARM_BOOT_UART_CLK_IN_HZ, ARM_CONSOLE_BAUDRATE); #if RESET_TO_BL31 /* There are no parameters from BL2 if BL3-1 is a reset vector */ assert(from_bl2 == NULL); assert(plat_params_from_bl2 == NULL); /* Populate entry point information for BL3-2 and BL3-3 */ SET_PARAM_HEAD(&bl32_image_ep_info, PARAM_EP, VERSION_1, 0); SET_SECURITY_STATE(bl32_image_ep_info.h.attr, SECURE); bl32_image_ep_info.pc = BL32_BASE; bl32_image_ep_info.spsr = arm_get_spsr_for_bl32_entry(); SET_PARAM_HEAD(&bl33_image_ep_info, PARAM_EP, VERSION_1, 0); /* * Tell BL3-1 where the non-trusted software image * is located and the entry state information */ bl33_image_ep_info.pc = plat_get_ns_image_entrypoint(); bl33_image_ep_info.spsr = arm_get_spsr_for_bl33_entry(); SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE); #else /* * Check params passed from BL2 should not be NULL, */ assert(from_bl2 != NULL); assert(from_bl2->h.type == PARAM_BL31); assert(from_bl2->h.version >= VERSION_1); /* * In debug builds, we pass a special value in 'plat_params_from_bl2' * to verify platform parameters from BL2 to BL3-1. * In release builds, it's not used. */ assert(((unsigned long long)plat_params_from_bl2) == ARM_BL31_PLAT_PARAM_VAL); /* * Copy BL3-2 and BL3-3 entry point information. * They are stored in Secure RAM, in BL2's address space. */ bl32_image_ep_info = *from_bl2->bl32_ep_info; bl33_image_ep_info = *from_bl2->bl33_ep_info; #endif }
uint32_t hikey_get_spsr_for_bl33_entry(void) { unsigned int hyp_status, mode, spsr; hyp_status = GET_VIRT_EXT(read_id_pfr1()); mode = (hyp_status) ? MODE32_hyp : MODE32_svc; /* * TODO: Consider the possibility of specifying the SPSR in * the FIP ToC and allowing the platform to have a say as * well. */ spsr = SPSR_MODE32(mode, plat_get_ns_image_entrypoint() & 0x1, SPSR_E_LITTLE, DISABLE_ALL_EXCEPTIONS); return spsr; }
/******************************************************************************* * Perform any BL31 specific platform actions. Here is an opportunity to copy * parameters passed by the calling EL (S-EL1 in BL2 & S-EL3 in BL1) before they * are lost (potentially). This needs to be done before the MMU is initialized * so that the memory layout can be used while creating page tables. On the ZYNQMP * we know that BL2 has populated the parameters in secure DRAM. So we just use * the reference passed in 'from_bl2' instead of copying. The 'data' parameter * is not used since all the information is contained in 'from_bl2'. Also, BL2 * has flushed this information to memory, so we are guaranteed to pick up good * data ******************************************************************************/ void bl31_early_platform_setup(bl31_params_t *from_bl2, void *plat_params_from_bl2) { /* Initialize the console to provide early debug support */ console_init(RDO_UART0_BASE, zynqmp_get_uart_clk(), CADENCE_UART_BAUDRATE); /* Initialize the platform config for future decision making */ zynqmp_config_setup(); /* There are no parameters from BL2 if BL31 is a reset vector */ assert(from_bl2 == NULL); assert(plat_params_from_bl2 == NULL); /* * Do initial security configuration to allow DRAM/device access. On * Base ZYNQMP only DRAM security is programmable (via TrustZone), but * other platforms might have more programmable security devices * present. */ /* Populate entry point information for BL32 and BL33 */ SET_PARAM_HEAD(&bl32_image_ep_info, PARAM_EP, VERSION_1, 0); SET_SECURITY_STATE(bl32_image_ep_info.h.attr, SECURE); bl32_image_ep_info.pc = BL32_BASE; bl32_image_ep_info.spsr = arm_get_spsr_for_bl32_entry(); NOTICE("BL31: Secure code at 0x%lx\n", bl32_image_ep_info.pc); SET_PARAM_HEAD(&bl33_image_ep_info, PARAM_EP, VERSION_1, 0); /* * Tell BL31 where the non-trusted software image * is located and the entry state information */ bl33_image_ep_info.pc = plat_get_ns_image_entrypoint(); bl33_image_ep_info.spsr = SPSR_64(MODE_EL2, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS); SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE); NOTICE("BL31: Non secure code at 0x%lx\n", bl33_image_ep_info.pc); }
/* * Perform any BL31 specific platform actions. Here is an opportunity to copy * parameters passed by the calling EL (S-EL1 in BL2 & S-EL3 in BL1) before they * are lost (potentially). This needs to be done before the MMU is initialized * so that the memory layout can be used while creating page tables. */ void bl31_early_platform_setup(bl31_params_t *from_bl2, void *plat_params_from_bl2) { /* Initialize the console to provide early debug support */ console_init(ZYNQMP_UART_BASE, zynqmp_get_uart_clk(), ZYNQMP_UART_BAUDRATE); /* Initialize the platform config for future decision making */ zynqmp_config_setup(); /* There are no parameters from BL2 if BL31 is a reset vector */ assert(from_bl2 == NULL); assert(plat_params_from_bl2 == NULL); /* * Do initial security configuration to allow DRAM/device access. On * Base ZYNQMP only DRAM security is programmable (via TrustZone), but * other platforms might have more programmable security devices * present. */ /* Populate common information for BL32 and BL33 */ SET_PARAM_HEAD(&bl32_image_ep_info, PARAM_EP, VERSION_1, 0); SET_SECURITY_STATE(bl32_image_ep_info.h.attr, SECURE); SET_PARAM_HEAD(&bl33_image_ep_info, PARAM_EP, VERSION_1, 0); SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE); if (zynqmp_get_bootmode() == ZYNQMP_BOOTMODE_JTAG) { /* use build time defaults in JTAG boot mode */ bl32_image_ep_info.pc = BL32_BASE; bl32_image_ep_info.spsr = arm_get_spsr_for_bl32_entry(); bl33_image_ep_info.pc = plat_get_ns_image_entrypoint(); bl33_image_ep_info.spsr = SPSR_64(MODE_EL2, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS); } else { /* use parameters from FSBL */ fsbl_atf_handover(&bl32_image_ep_info, &bl33_image_ep_info); } NOTICE("BL31: Secure code at 0x%lx\n", bl32_image_ep_info.pc); NOTICE("BL31: Non secure code at 0x%lx\n", bl33_image_ep_info.pc); }
/******************************************************************************* * Generate the entry point info for Non Secure and Secure images * for transferring control from BL31 ******************************************************************************/ void mt_get_entry_point_info(unsigned long target_security, entry_point_info_t *target_entry_info) { atf_arg_t_ptr teearg = (atf_arg_t_ptr)(uintptr_t)TEE_BOOT_INFO_ADDR; if (target_security == NON_SECURE) { SET_PARAM_HEAD(target_entry_info, PARAM_EP, VERSION_1, 0); /* * Tell BL31 where the non-trusted software image * is located and the entry state information */ target_entry_info->pc = plat_get_ns_image_entrypoint(); mt_set_bl33_ep_info(target_entry_info); } else { SET_PARAM_HEAD(target_entry_info, PARAM_EP, VERSION_1, 0); if (teearg->tee_support) { target_entry_info->pc = teearg->tee_entry; mt_set_bl32_ep_info(target_entry_info); } else { if (BL32_BASE != 0) { /* Hard coding entry point to the base of the BL32 */ target_entry_info->pc = BL32_BASE; mt_set_bl32_ep_info(target_entry_info); } } } }
/******************************************************************************* * Load the BL3-3 image. * The bl2_to_bl31_params param will be updated with the relevant BL3-3 * information. * Return 0 on success, a negative error code otherwise. ******************************************************************************/ static int load_bl33(bl31_params_t *bl2_to_bl31_params) { meminfo_t bl33_mem_info; int e; INFO("BL2: Loading BL3-3\n"); assert(bl2_to_bl31_params != NULL); bl2_plat_get_bl33_meminfo(&bl33_mem_info); /* Load the BL3-3 image in non-secure memory provided by the platform */ e = load_auth_image(&bl33_mem_info, BL33_IMAGE_ID, plat_get_ns_image_entrypoint(), bl2_to_bl31_params->bl33_image_info, bl2_to_bl31_params->bl33_ep_info); if (e == 0) { bl2_plat_set_bl33_ep_info(bl2_to_bl31_params->bl33_image_info, bl2_to_bl31_params->bl33_ep_info); } return e; }
void arm_bl31_early_platform_setup(bl31_params_t *from_bl2, void *plat_params_from_bl2) #endif { /* Initialize the console to provide early debug support */ console_init(PLAT_ARM_BOOT_UART_BASE, PLAT_ARM_BOOT_UART_CLK_IN_HZ, ARM_CONSOLE_BAUDRATE); #if RESET_TO_BL31 /* There are no parameters from BL2 if BL31 is a reset vector */ assert(from_bl2 == NULL); assert(plat_params_from_bl2 == NULL); #ifdef BL32_BASE /* Populate entry point information for BL32 */ SET_PARAM_HEAD(&bl32_image_ep_info, PARAM_EP, VERSION_1, 0); SET_SECURITY_STATE(bl32_image_ep_info.h.attr, SECURE); bl32_image_ep_info.pc = BL32_BASE; bl32_image_ep_info.spsr = arm_get_spsr_for_bl32_entry(); #endif /* BL32_BASE */ /* Populate entry point information for BL33 */ SET_PARAM_HEAD(&bl33_image_ep_info, PARAM_EP, VERSION_1, 0); /* * Tell BL31 where the non-trusted software image * is located and the entry state information */ bl33_image_ep_info.pc = plat_get_ns_image_entrypoint(); bl33_image_ep_info.spsr = arm_get_spsr_for_bl33_entry(); SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE); #else /* RESET_TO_BL31 */ /* * In debug builds, we pass a special value in 'plat_params_from_bl2' * to verify platform parameters from BL2 to BL31. * In release builds, it's not used. */ assert(((unsigned long long)plat_params_from_bl2) == ARM_BL31_PLAT_PARAM_VAL); # if LOAD_IMAGE_V2 /* * Check params passed from BL2 should not be NULL, */ bl_params_t *params_from_bl2 = (bl_params_t *)from_bl2; assert(params_from_bl2 != NULL); assert(params_from_bl2->h.type == PARAM_BL_PARAMS); assert(params_from_bl2->h.version >= VERSION_2); bl_params_node_t *bl_params = params_from_bl2->head; /* * Copy BL33 and BL32 (if present), entry point information. * They are stored in Secure RAM, in BL2's address space. */ while (bl_params) { if (bl_params->image_id == BL32_IMAGE_ID) bl32_image_ep_info = *bl_params->ep_info; if (bl_params->image_id == BL33_IMAGE_ID) bl33_image_ep_info = *bl_params->ep_info; bl_params = bl_params->next_params_info; } if (bl33_image_ep_info.pc == 0) panic(); # else /* LOAD_IMAGE_V2 */ /* * Check params passed from BL2 should not be NULL, */ assert(from_bl2 != NULL); assert(from_bl2->h.type == PARAM_BL31); assert(from_bl2->h.version >= VERSION_1); /* * Copy BL32 (if populated by BL2) and BL33 entry point information. * They are stored in Secure RAM, in BL2's address space. */ if (from_bl2->bl32_ep_info) bl32_image_ep_info = *from_bl2->bl32_ep_info; bl33_image_ep_info = *from_bl2->bl33_ep_info; # endif /* LOAD_IMAGE_V2 */ #endif /* RESET_TO_BL31 */ }
/******************************************************************************* * The only thing to do in BL2 is to load further images and pass control to * BL31. The memory occupied by BL2 will be reclaimed by BL3_x stages. BL2 runs * entirely in S-EL1. Since arm standard c libraries are not PIC, printf et al * are not available. We rely on assertions to signal error conditions ******************************************************************************/ void bl2_main(void) { meminfo *bl2_tzram_layout; bl31_args *bl2_to_bl31_args; unsigned long bl31_base, bl32_base = 0, bl33_base, el_status; unsigned int bl2_load, bl31_load, mode; /* Perform remaining generic architectural setup in S-El1 */ bl2_arch_setup(); /* Perform platform setup in BL1 */ bl2_platform_setup(); printf("BL2 %s\n\r", build_message); /* Find out how much free trusted ram remains after BL2 load */ bl2_tzram_layout = bl2_plat_sec_mem_layout(); /* * Load BL31. BL1 tells BL2 whether it has been TOP or BOTTOM loaded. * To avoid fragmentation of trusted SRAM memory, BL31 is always * loaded opposite to BL2. This allows BL31 to reclaim BL2 memory * while maintaining its free space in one contiguous chunk. */ bl2_load = bl2_tzram_layout->attr & LOAD_MASK; assert((bl2_load == TOP_LOAD) || (bl2_load == BOT_LOAD)); bl31_load = (bl2_load == TOP_LOAD) ? BOT_LOAD : TOP_LOAD; bl31_base = load_image(bl2_tzram_layout, BL31_IMAGE_NAME, bl31_load, BL31_BASE); /* Assert if it has not been possible to load BL31 */ if (bl31_base == 0) { ERROR("Failed to load BL3-1.\n"); panic(); } /* * Get a pointer to the memory the platform has set aside to pass * information to BL31. */ bl2_to_bl31_args = bl2_get_bl31_args_ptr(); /* * Load the BL32 image if there's one. It is upto to platform * to specify where BL32 should be loaded if it exists. It * could create space in the secure sram or point to a * completely different memory. A zero size indicates that the * platform does not want to load a BL32 image. */ if (bl2_to_bl31_args->bl32_meminfo.total_size) bl32_base = load_image(&bl2_to_bl31_args->bl32_meminfo, BL32_IMAGE_NAME, bl2_to_bl31_args->bl32_meminfo.attr & LOAD_MASK, BL32_BASE); /* * Create a new layout of memory for BL31 as seen by BL2. This * will gobble up all the BL2 memory. */ init_bl31_mem_layout(bl2_tzram_layout, &bl2_to_bl31_args->bl31_meminfo, bl31_load); /* Load the BL33 image in non-secure memory provided by the platform */ bl33_base = load_image(&bl2_to_bl31_args->bl33_meminfo, BL33_IMAGE_NAME, BOT_LOAD, plat_get_ns_image_entrypoint()); /* Halt if failed to load normal world firmware. */ if (bl33_base == 0) { ERROR("Failed to load BL3-3.\n"); panic(); } /* * BL2 also needs to tell BL31 where the non-trusted software image * is located. */ bl2_to_bl31_args->bl33_image_info.entrypoint = bl33_base; /* Figure out what mode we enter the non-secure world in */ el_status = read_id_aa64pfr0_el1() >> ID_AA64PFR0_EL2_SHIFT; el_status &= ID_AA64PFR0_ELX_MASK; if (el_status) mode = MODE_EL2; else mode = MODE_EL1; /* * TODO: Consider the possibility of specifying the SPSR in * the FIP ToC and allowing the platform to have a say as * well. */ bl2_to_bl31_args->bl33_image_info.spsr = make_spsr(mode, MODE_SP_ELX, MODE_RW_64); bl2_to_bl31_args->bl33_image_info.security_state = NON_SECURE; if (bl32_base) { /* Fill BL32 image info */ bl2_to_bl31_args->bl32_image_info.entrypoint = bl32_base; bl2_to_bl31_args->bl32_image_info.security_state = SECURE; /* * The Secure Payload Dispatcher service is responsible for * setting the SPSR prior to entry into the BL32 image. */ bl2_to_bl31_args->bl32_image_info.spsr = 0; } /* Flush the entire BL31 args buffer */ flush_dcache_range((unsigned long) bl2_to_bl31_args, sizeof(*bl2_to_bl31_args)); /* * Run BL31 via an SMC to BL1. Information on how to pass control to * the BL32 (if present) and BL33 software images will be passed to * BL31 as an argument. */ run_image(bl31_base, make_spsr(MODE_EL3, MODE_SP_ELX, MODE_RW_64), SECURE, (void *) bl2_to_bl31_args, NULL); }