From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B52EC21959CA0 for ; Tue, 6 Jun 2017 03:50:58 -0700 (PDT) Received: by mail-wm0-x229.google.com with SMTP id x70so34201632wme.0 for ; Tue, 06 Jun 2017 03:52:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=jM2+CMU2936pKdV+87ncXHIdmEQNuNGjCRs6zlN5ivg=; b=QpZlEa3o/VIQy96m0nQD8Yel9EtSaScZgBKcUT2aKZVRCALJmfQrZgEaFeBTUEfPTT ebiQuqDND+SJBXgK+JMZAswlReu0kGsxdD1qLurn35u2uBThzqtiHbyfWtXrMA+KZDiT UpxbHXqdUAazLj6FoFeaLHMQViwi+PBe14wOg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=jM2+CMU2936pKdV+87ncXHIdmEQNuNGjCRs6zlN5ivg=; b=VdrxcB/hk0T6F35b1WU6CIGP5PIkUUk7vUr0lR24QTVqA11NKBR/N3Ctcg8ADYqvVx nTC2FwP6BK//2aemq8ySe37l6GgxbzWym4cVUCGVvPVzuT53eGiNUyfQa1/I6GFec14T xtqwjOZzJnr6U3cKL+UYZzcnKcGupwm3eGaCEfiWl2sqOCYGWQRi5KcDWM6uNXv/ei46 sGytKhzSUeFrsnJDGlT9NBBH0hMHsR1vyFlUS7gxSRYEkVmgAO2sPY3lCYlV0w24Ndxy tWAncFVBGUKyio9sQNw9yUbwPGtwvKPRFsi/CbARLwHKtJU4RQfXwrhn8TdU0X1tH8+l 0gcA== X-Gm-Message-State: AODbwcAf4FLofpKqffmPBb87SCiGgfAiZ8E/jbz2YPcsTE8Goe7stID6 PjTjnz5SFxPniNlW X-Received: by 10.28.105.21 with SMTP id e21mr10796543wmc.4.1496746323558; Tue, 06 Jun 2017 03:52:03 -0700 (PDT) Received: from bivouac.eciton.net (bivouac.eciton.net. [2a00:1098:0:86:1000:23:0:2]) by smtp.gmail.com with ESMTPSA id 4sm40338521wry.31.2017.06.06.03.52.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Jun 2017 03:52:03 -0700 (PDT) Date: Tue, 6 Jun 2017 11:52:01 +0100 From: Leif Lindholm To: Scott Telford Cc: edk2-devel@ml01.01.org, ard.biesheuvel@linaro.org, graeme.gregory@linaro.org, afish@apple.com, michael.d.kinney@intel.com Message-ID: <20170606105201.GW7556@bivouac.eciton.net> References: <1496659828-28702-1-git-send-email-stelford@cadence.com> <1496659828-28702-5-git-send-email-stelford@cadence.com> MIME-Version: 1.0 In-Reply-To: <1496659828-28702-5-git-send-email-stelford@cadence.com> User-Agent: Mutt/1.5.23 (2014-03-12) Subject: Re: [staging/cadence-aarch64 PATCH v2 4/6] CadencePkg: Add SEC phase implementation for Cadence CSP platform. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jun 2017 10:50:59 -0000 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Jun 05, 2017 at 11:50:26AM +0100, Scott Telford wrote: > Add SEC phase implementation for Cadence CSP platform configured with > a single Cortex-A53 processor and GIC-500. This appears to be a localised reinstatement of ArmPlatformPkg/Sec/, which was deleted by 9a8f6fb40712938ad562e9a9095dc06dff9c1fce, with bits of ArmCortexA5xLib merged into it. Firstly, this is probably fine for your use-case, although if this is a permanenent solution (you will never port ARM Trusted Firmware, and we expect this platform to be supported upstream indefinitely), it could be worth considering reintroducing the library. Secondly, is there a strong reason why ArmCortexA5xLib cannot be used as is, rather than copied across? Thirdly, it would be nice if the commit message described explicitly where this code came from. / Leif > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Scott Telford > --- > CadencePkg/Sec/AArch64/Arch.c | 25 +++ > CadencePkg/Sec/AArch64/ArmCortexA5xHelper.S | 27 +++ > CadencePkg/Sec/AArch64/Helper.S | 93 ++++++++ > CadencePkg/Sec/AArch64/SecEntryPoint.S | 139 ++++++++++++ > CadencePkg/Sec/Sec.c | 335 ++++++++++++++++++++++++++++ > CadencePkg/Sec/Sec.inf | 85 +++++++ > CadencePkg/Sec/SecInternal.h | 105 +++++++++ > 7 files changed, 809 insertions(+) > create mode 100644 CadencePkg/Sec/AArch64/Arch.c > create mode 100644 CadencePkg/Sec/AArch64/ArmCortexA5xHelper.S > create mode 100644 CadencePkg/Sec/AArch64/Helper.S > create mode 100644 CadencePkg/Sec/AArch64/SecEntryPoint.S > create mode 100644 CadencePkg/Sec/Sec.c > create mode 100644 CadencePkg/Sec/Sec.inf > create mode 100644 CadencePkg/Sec/SecInternal.h > > diff --git a/CadencePkg/Sec/AArch64/Arch.c b/CadencePkg/Sec/AArch64/Arch.c > new file mode 100644 > index 0000000..6e7d58e > --- /dev/null > +++ b/CadencePkg/Sec/AArch64/Arch.c > @@ -0,0 +1,25 @@ > +/** @file > +* > +* Copyright (c) 2013, ARM Limited. All rights reserved. > +* > +* This program and the accompanying materials > +* are licensed and made available under the terms and conditions of the BSD License > +* which accompanies this distribution. The full text of the license may be found at > +* http://opensource.org/licenses/bsd-license.php > +* > +* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > +* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > +* > +**/ > + > +#include > + > +VOID > +EFIAPI > +ArmSecArchTrustzoneInit ( > + VOID > + ) > +{ > + // Do not trap any access to Floating Point and Advanced SIMD in EL3. > + ArmWriteCptr (0); > +} > diff --git a/CadencePkg/Sec/AArch64/ArmCortexA5xHelper.S b/CadencePkg/Sec/AArch64/ArmCortexA5xHelper.S > new file mode 100644 > index 0000000..531de63 > --- /dev/null > +++ b/CadencePkg/Sec/AArch64/ArmCortexA5xHelper.S > @@ -0,0 +1,27 @@ > +#------------------------------------------------------------------------------ > +# > +# Copyright (c) 2013 - 2014, ARM Limited. All rights reserved. > +# > +# This program and the accompanying materials > +# are licensed and made available under the terms and conditions of the BSD Licese > +# which accompanies this distribution. The full text of the license may be foun at > +# http://opensource.org/licenses/bsd-license.php > +# > +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > +# > +#------------------------------------------------------------------------------ > + > +#include > + > +ASM_FUNC(ArmReadCpuExCr) > + mrs x0, S3_1_c15_c2_1 > + ret > + > +ASM_FUNC(ArmWriteCpuExCr) > + msr S3_1_c15_c2_1, x0 > + dsb sy > + isb > + ret > + > +ASM_FUNCTION_REMOVE_IF_UNREFERENCED > diff --git a/CadencePkg/Sec/AArch64/Helper.S b/CadencePkg/Sec/AArch64/Helper.S > new file mode 100644 > index 0000000..3b58e12 > --- /dev/null > +++ b/CadencePkg/Sec/AArch64/Helper.S > @@ -0,0 +1,93 @@ > +#======================================================================================== > +# Copyright (c) 2011-2014, ARM Limited. All rights reserved. > +# > +# This program and the accompanying materials > +# are licensed and made available under the terms and conditions of the BSD License > +# which accompanies this distribution. The full text of the license may be found at > +# http:#opensource.org/licenses/bsd-license.php > +# > +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > +# > +#======================================================================================= > + > +#include > +#include > + > +#start of the code section > +.text > +.align 3 > + > +GCC_ASM_EXPORT(SwitchToNSExceptionLevel1) > +GCC_ASM_EXPORT(enter_monitor_mode) > +GCC_ASM_EXPORT(return_from_exception) > +GCC_ASM_EXPORT(copy_cpsr_into_spsr) > +GCC_ASM_EXPORT(set_non_secure_mode) > + > +// Switch from EL3 to NS-EL1 > +ASM_PFX(SwitchToNSExceptionLevel1): > + // Now setup our EL1. Controlled by EL2 config on Model > + mrs x0, hcr_el2 // Read EL2 Hypervisor configuration Register > + orr x0, x0, #(1 << 31) // Set EL1 to be 64bit > + > + // Send all interrupts to their respective Exception levels for EL2 > + and x0, x0, #~(ARM_HCR_FMO | ARM_HCR_IMO | ARM_HCR_AMO) // Disable virtual FIQ, IRQ, SError and Abort > + msr hcr_el2, x0 // Write back our settings > + > + msr cptr_el2, xzr // Disable copro traps to EL2 > + > + msr sctlr_el2, xzr > + > + // Enable architected timer access > + mrs x0, cnthctl_el2 > + orr x0, x0, #3 // Enable EL1 access to timers > + msr cnthctl_el2, x0 > + > + mrs x0, cntkctl_el1 > + orr x0, x0, #3 // EL0 access to counters > + msr cntkctl_el1, x0 > + > + // Set ID regs > + mrs x0, midr_el1 > + mrs x1, mpidr_el1 > + msr vpidr_el2, x0 > + msr vmpidr_el2, x1 > + > + ret > + > + > +// EL3 on AArch64 is Secure/monitor so this funtion is reduced vs ARMv7 > +// we don't need a mode switch, just setup the Arguments and jump. > +// x0: Monitor World EntryPoint > +// x1: MpId > +// x2: SecBootMode > +// x3: Secure Monitor mode stack > +ASM_PFX(enter_monitor_mode): > + mov x4, x0 // Swap EntryPoint and MpId registers > + mov x0, x1 > + mov x1, x2 > + mov x2, x3 > + br x4 > + > +// Put the address in correct ELR_ELx and do a eret. > +// We may need to do some config before we change to another Mode. > +ASM_PFX(return_from_exception): > + msr elr_el3, x0 > + eret > + > +// For AArch64 we need to construct the spsr we want from individual bits and pieces. > +ASM_PFX(copy_cpsr_into_spsr): > + mrs x0, CurrentEl // Get the current exception level we are running at. > + mrs x1, SPSel // Which Stack are we using > + orr x0, x0, x1 > + mrs x1, daif // Which interrupts are enabled > + orr x0, x0, x1 > + msr spsr_el3, x0 // Write to spsr > + ret > + > +// Get this from platform file. > +ASM_PFX(set_non_secure_mode): > + msr spsr_el3, x0 > + ret > + > +ASM_FUNCTION_REMOVE_IF_UNREFERENCED > diff --git a/CadencePkg/Sec/AArch64/SecEntryPoint.S b/CadencePkg/Sec/AArch64/SecEntryPoint.S > new file mode 100644 > index 0000000..06bea3c > --- /dev/null > +++ b/CadencePkg/Sec/AArch64/SecEntryPoint.S > @@ -0,0 +1,139 @@ > +// > +// Copyright (c) 2011-2014, ARM Limited. All rights reserved. > +// > +// This program and the accompanying materials > +// are licensed and made available under the terms and conditions of the BSD License > +// which accompanies this distribution. The full text of the license may be found at > +// http://opensource.org/licenses/bsd-license.php > +// > +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > +// > +// > + > +#include > +#include > +#include "SecInternal.h" > + > +.text > +.align 3 > + > +GCC_ASM_IMPORT(CEntryPoint) > +GCC_ASM_IMPORT(ArmPlatformIsPrimaryCore) > +GCC_ASM_IMPORT(ArmPlatformGetCorePosition) > +GCC_ASM_IMPORT(ArmPlatformSecBootAction) > +GCC_ASM_IMPORT(ArmPlatformSecBootMemoryInit) > +GCC_ASM_IMPORT(ArmDisableInterrupts) > +GCC_ASM_IMPORT(ArmDisableCachesAndMmu) > +GCC_ASM_IMPORT(ArmReadMpidr) > +GCC_ASM_IMPORT(ArmCallWFE) > +GCC_ASM_EXPORT(_ModuleEntryPoint) > + > +StartupAddr: .8byte ASM_PFX(CEntryPoint) > + > +ASM_PFX(_ModuleEntryPoint): > + > +// NOTE: We could be booting from EL3, EL2 or EL1. Need to correctly detect > +// and configure the system accordingly. EL2 is default if possible. > +// If we started in EL3 we need to switch and run at EL2. > +// If we are running at EL2 stay in EL2 > +// If we are starting at EL1 stay in EL1. > + > +// Sec only runs in EL3. Othewise we jump to PEI without changing anything. > +// If Sec runs we change to EL2 before switching to PEI. > + > +// Which EL are we running at? Every EL needs some level of setup... > + EL1_OR_EL2_OR_EL3(x0) > +1:// If we are at EL1 or EL2 leave SEC for PEI. > +2:b ASM_PFX(JumpToPEI) > + // If we are at EL3 we need to configure it and switch to EL2 > +3:b ASM_PFX(MainEntryPoint) > + > +ASM_PFX(MainEntryPoint): > + // First ensure all interrupts are disabled > + bl ASM_PFX(ArmDisableInterrupts) > + > + // Ensure that the MMU and caches are off > + bl ASM_PFX(ArmDisableCachesAndMmu) > + > + // By default, we are doing a cold boot > + mov x10, #ARM_SEC_COLD_BOOT > + > + // Jump to Platform Specific Boot Action function > + bl ASM_PFX(ArmPlatformSecBootAction) > + > +_IdentifyCpu: > + // Identify CPU ID > + bl ASM_PFX(ArmReadMpidr) > + // Keep a copy of the MpId register value > + mov x5, x0 > + > + // Is it the Primary Core ? > + bl ASM_PFX(ArmPlatformIsPrimaryCore) > + cmp x0, #1 > + // Only the primary core initialize the memory (SMC) > + b.eq _InitMem > + > +_WaitInitMem: > + // If we are not doing a cold boot in this case we should assume the Initial Memory to be already initialized > + // Otherwise we have to wait the Primary Core to finish the initialization > + cmp x10, #ARM_SEC_COLD_BOOT > + b.ne _SetupSecondaryCoreStack > + > + // Wait for the primary core to initialize the initial memory (event: BOOT_MEM_INIT) > + bl ASM_PFX(ArmCallWFE) > + // Now the Init Mem is initialized, we setup the secondary core stacks > + b _SetupSecondaryCoreStack > + > +_InitMem: > + // If we are not doing a cold boot in this case we should assume the Initial Memory to be already initialized > + cmp x10, #ARM_SEC_COLD_BOOT > + b.ne _SetupPrimaryCoreStack > + > + // Initialize Init Boot Memory > + bl ASM_PFX(ArmPlatformSecBootMemoryInit) > + > +_SetupPrimaryCoreStack: > + // Get the top of the primary stacks (and the base of the secondary stacks) > + MOV32 (x1, FixedPcdGet32(PcdCPUCoresSecStackBase)) > + MOV32 (x2, FixedPcdGet32(PcdCPUCoreSecPrimaryStackSize)) > + add x1, x1, x2 > + > + mov sp, x1 > + b _PrepareArguments > + > +_SetupSecondaryCoreStack: > + // Get the top of the primary stacks (and the base of the secondary stacks) > + MOV32 (x1, FixedPcdGet32(PcdCPUCoresSecStackBase)) > + MOV32 (x2, FixedPcdGet32(PcdCPUCoreSecPrimaryStackSize)) > + add x6, x1, x2 > + > + // Get the Core Position > + mov x0, x5 > + bl ASM_PFX(ArmPlatformGetCorePosition) > + // The stack starts at the top of the stack region. Add '1' to the Core Position to get the top of the stack > + add x0, x0, #1 > + > + // StackOffset = CorePos * StackSize > + MOV32 (x2, FixedPcdGet32(PcdCPUCoreSecSecondaryStackSize)) > + mul x0, x0, x2 > + // SP = StackBase + StackOffset > + add sp, x6, x0 > + > +_PrepareArguments: > + // Move sec startup address into a data register > + // Ensure we're jumping to FV version of the code (not boot remapped alias) > + ldr x3, StartupAddr > + > + // Jump to SEC C code > + // r0 = mp_id > + // r1 = Boot Mode > + mov x0, x5 > + mov x1, x10 > + blr x3 > + > + ret > + > +ASM_PFX(JumpToPEI): > + MOV32 (x0, FixedPcdGet32(PcdFvBaseAddress)) > + blr x0 > diff --git a/CadencePkg/Sec/Sec.c b/CadencePkg/Sec/Sec.c > new file mode 100644 > index 0000000..5b0244e > --- /dev/null > +++ b/CadencePkg/Sec/Sec.c > @@ -0,0 +1,335 @@ > +/** @file > +* Main file supporting the SEC Phase on ARM Platforms > +* > +* Copyright (c) 2011-2014, ARM Limited. All rights reserved. > +* Copyright (c) 2017, Cadence Design Systems, Inc. All rights reserved. > +* > +* This program and the accompanying materials > +* are licensed and made available under the terms and conditions of the BSD License > +* which accompanies this distribution. The full text of the license may be found at > +* http://opensource.org/licenses/bsd-license.php > +* > +* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > +* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > +* > +**/ > + > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +#include "SecInternal.h" > + > +#define SerialPrint(txt) SerialPortWrite ((UINT8*)txt, AsciiStrLen(txt)+1); > + > +#define ARM_GICR_WAKER 0x0014 // GIC Redistributor Wake Register > +#define ARM_GICR_IGROUPR0 0x0080 // GIC Redistributor Int Group Reg 0 > +#define ARM_GICR_IGRPMODR0 0x0d00 // GIC Redistributor Int Group Mod Reg 0 > +#define ARM_GICR_ICFGR1 0x0c04 // GIC Redistributor Int Config Reg 0 > + > + > +VOID > +CEntryPoint ( > + IN UINTN MpId, > + IN UINTN SecBootMode > + ) > +{ > + CHAR8 Buffer[100]; > + UINTN CharCount; > + UINTN JumpAddress; > + > + // Invalidate the data cache. Doesn't have to do the Data cache clean. > + ArmInvalidateDataCache (); > + > + // Invalidate Instruction Cache > + ArmInvalidateInstructionCache (); > + > + // Invalidate I & D TLBs > + ArmInvalidateTlb (); > + > + // CPU specific settings > + ArmCpuSetup (MpId); > + > + // Enable Floating Point Coprocessor if supported by the platform > + if (FixedPcdGet32 (PcdVFPEnabled)) { > + ArmEnableVFP (); > + } > + > + // Initialize peripherals that must be done at the early stage > + // Example: Some L2 controller, interconnect, clock, DMC, etc > + ArmPlatformSecInitialize (MpId); > + > + // Primary CPU clears out the SCU tag RAMs, secondaries wait > + if (ArmPlatformIsPrimaryCore (MpId) && (SecBootMode == ARM_SEC_COLD_BOOT)) { > + if (ArmIsMpCore()) { > + // Signal for the initial memory is configured (event: BOOT_MEM_INIT) > + ArmCallSEV (); > + } > + > + // SEC phase needs to run library constructors by hand. This assumes we are linked against the SerialLib > + // In non SEC modules the init call is in autogenerated code. > + SerialPortInitialize (); > + > + // Start talking > + if (FixedPcdGetBool (PcdTrustzoneSupport)) { > + CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Secure firmware (version %s built at %a on %a)\n\r", > + (CHAR16*)PcdGetPtr(PcdFirmwareVersionString), __TIME__, __DATE__); > + } else { > + CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Boot firmware (version %s built at %a on %a)\n\r", > + (CHAR16*)PcdGetPtr(PcdFirmwareVersionString), __TIME__, __DATE__); > + } > + SerialPortWrite ((UINT8 *) Buffer, CharCount); > + > + // Initialize the Debug Agent for Source Level Debugging > + InitializeDebugAgent (DEBUG_AGENT_INIT_PREMEM_SEC, NULL, NULL); > + SaveAndSetDebugTimerInterrupt (TRUE); > + > + // Enable the GIC distributor and CPU Interface > + // - no other Interrupts are enabled, doesn't have to worry about the priority. > + // - all the cores are in secure state, use secure SGI's > + ArmGicEnableDistributor (PcdGet64(PcdGicDistributorBase)); > + ArmGicEnableInterruptInterface (PcdGet64(PcdGicInterruptInterfaceBase)); > + } else { > + // Enable the GIC CPU Interface > + ArmGicEnableInterruptInterface (PcdGet64(PcdGicInterruptInterfaceBase)); > + } > + > + // Enable Full Access to CoProcessors > + ArmWriteCpacr (CPACR_CP_FULL_ACCESS); > + > + // Test if Trustzone is supported on this platform > + if (FixedPcdGetBool (PcdTrustzoneSupport)) { > + if (ArmIsMpCore ()) { > + // Setup SMP in Non Secure world > + ArmCpuSetupSmpNonSecure (GET_CORE_ID(MpId)); > + } > + > + // Either we use the Secure Stacks for Secure Monitor (in this case (Base == 0) && (Size == 0)) > + // Or we use separate Secure Monitor stacks (but (Base != 0) && (Size != 0)) > + ASSERT (((PcdGet64(PcdCPUCoresSecMonStackBase) == 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) == 0)) || > + ((PcdGet64(PcdCPUCoresSecMonStackBase) != 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) != 0))); > + > + // Enter Monitor Mode > + enter_monitor_mode ( > + (UINTN)TrustedWorldInitialization, MpId, SecBootMode, > + (VOID*) (PcdGet64 (PcdCPUCoresSecMonStackBase) + > + (PcdGet32 (PcdCPUCoreSecMonStackSize) * (ArmPlatformGetCorePosition (MpId) + 1))) > + ); > + } else { > + if (ArmPlatformIsPrimaryCore (MpId)) { > + SerialPrint ("Trust Zone Configuration is disabled\n\r"); > + } > + > + // With Trustzone support the transition from Sec to Normal world is done by return_from_exception(). > + // If we want to keep this function call we need to ensure the SVC's SPSR point to the same Program > + // Status Register as the the current one (CPSR). > + copy_cpsr_into_spsr (); > + > + // Call the Platform specific function to execute additional actions if required > + JumpAddress = PcdGet64 (PcdFvBaseAddress); > + > + ArmPlatformSecExtraAction (MpId, &JumpAddress); > + > + NonTrustedWorldTransition (MpId, JumpAddress); > + } > + ASSERT (0); // We must never return from the above function > +} > + > +VOID > +TrustedWorldInitialization ( > + IN UINTN MpId, > + IN UINTN SecBootMode > + ) > +{ > + UINTN JumpAddress; > + > + //-------------------- Monitor Mode --------------------- > + > + // Set up Monitor World (Vector Table, etc) > + ArmSecureMonitorWorldInitialize (); > + > + // Transfer the interrupt to Non-secure World > + ArmGicV3SetupNonSecure (MpId, PcdGet64(PcdGicDistributorBase), PcdGet64(PcdGicRedistributorsBase)); > + > + // Initialize platform specific security policy > + ArmPlatformSecTrustzoneInit (MpId); > + > + // Setup the Trustzone Chipsets > + if (SecBootMode == ARM_SEC_COLD_BOOT) { > + if (ArmPlatformIsPrimaryCore (MpId)) { > + if (ArmIsMpCore()) { > + // Signal the secondary core the Security settings is done (event: EVENT_SECURE_INIT) > + ArmCallSEV (); > + } > + } else { > + // The secondary cores need to wait until the Trustzone chipsets configuration is done > + // before switching to Non Secure World > + > + // Wait for the Primary Core to finish the initialization of the Secure World (event: EVENT_SECURE_INIT) > + ArmCallWFE (); > + } > + } > + > + // Call the Platform specific function to execute additional actions if required > + JumpAddress = PcdGet64 (PcdFvBaseAddress); > + > + ArmPlatformSecExtraAction (MpId, &JumpAddress); > + > + // Initialize architecture specific security policy > + ArmSecArchTrustzoneInit (); > + > + // CP15 Secure Configuration Register > + ArmWriteScr (PcdGet32 (PcdArmScr)); > + > + NonTrustedWorldTransition (MpId, JumpAddress); > +} > + > +VOID > +NonTrustedWorldTransition ( > + IN UINTN MpId, > + IN UINTN JumpAddress > + ) > +{ > + // If PcdArmNonSecModeTransition is defined then set this specific mode to CPSR before the transition > + // By not set, the mode for Non Secure World is SVC > + if (PcdGet32 (PcdArmNonSecModeTransition) != 0) { > + set_non_secure_mode ((ARM_PROCESSOR_MODE)PcdGet32 (PcdArmNonSecModeTransition)); > + } > + > + return_from_exception (JumpAddress); > + //-------------------- Non Secure Mode --------------------- > + > + // PEI Core should always load and never return > + ASSERT (FALSE); > +} > + > +/* > + * This function configures the all interrupts to be Non-secure. > + * > + */ > +VOID > +EFIAPI > +ArmGicV3SetupNonSecure ( > + IN UINTN MpId, > + IN INTN GicDistributorBase, > + IN INTN GicRedistributorsBase > + ) > +{ > + UINTN InterruptId; > + UINTN Index; > + UINTN MaxInterrupts; > + UINT32 WakeR; > + > + // Set priority Mask so that no interrupts get through to CPU > + ArmGicV3SetPriorityMask (0); > + > + // Clear ProcessorSleep bit in GICR_WAKER and wait for ChildrenAsleep to clear > + WakeR = MmioRead32 (GicRedistributorsBase + ARM_GICR_WAKER); > + WakeR &= ~(1 << 1); > + MmioWrite32 (GicRedistributorsBase + ARM_GICR_WAKER, WakeR); > + do { > + WakeR = MmioRead32 (GicRedistributorsBase + ARM_GICR_WAKER); > + } while ((WakeR & (1 << 2))); > + > + // Set PPIs to Non-secure Group 1 IRQ > + MmioWrite32 (GicRedistributorsBase + ARM_GICR_SGI_PPI_FRAME_SIZE + ARM_GICR_IGROUPR0, 0xffff0000); > + > + InterruptId = ArmGicV3AcknowledgeInterrupt(); > + MaxInterrupts = ArmGicGetMaxNumInterrupts (GicDistributorBase); > + > + // Only try to clear valid interrupts. Ignore spurious interrupts. > + while ((InterruptId & 0x3FF) < MaxInterrupts) { > + // Some of the SGI's are still pending, read Ack register and send End of Interrupt Signal > + ArmGicV3EndOfInterrupt (InterruptId); > + > + // Next > + InterruptId = ArmGicV3AcknowledgeInterrupt(); > + } > + > + // Only the primary core should set the Non Secure bit to the SPIs (Shared Peripheral Interrupt). > + if (ArmPlatformIsPrimaryCore (MpId)) { > + // Ensure all GIC interrupts are Non-Secure > + for (Index = 0; Index < (MaxInterrupts / 32); Index++) { > + MmioWrite32 (GicDistributorBase + ARM_GIC_ICDISR + (Index * 4), 0xffffffff); > + } > + } else { > + // The secondary cores only set the Non Secure bit to their banked PPIs > + MmioWrite32 (GicDistributorBase + ARM_GIC_ICDISR, 0xffffffff); > + } > + > + // Ensure all interrupts can get through the priority mask > + ArmGicV3SetPriorityMask (0xff); > +} > + > +// > +// Previously in ArmCpuLib: > +// > + > +VOID > +ArmCpuSetup ( > + IN UINTN MpId > + ) > +{ > + // Check if Architectural Timer frequency is valid number (should not be 0) > + ASSERT (PcdGet32 (PcdArmArchTimerFreqInHz)); > + ASSERT (ArmIsArchTimerImplemented () != 0); > + > + // Note: System Counter frequency can only be set in Secure privileged mode, > + // if security extensions are implemented. > + ArmGenericTimerSetTimerFreq (PcdGet32 (PcdArmArchTimerFreqInHz)); > + > + if (ArmIsMpCore ()) { > + // Turn on SMP coherency > + ArmSetCpuExCrBit (A5X_FEATURE_SMP); > + } > + > + // > + // If CPU is CortexA57 r0p0 apply Errata workarounds > + // > + if ((ArmReadMidr () & ((ARM_CPU_TYPE_MASK << 4) | ARM_CPU_REV_MASK)) == > + ((ARM_CPU_TYPE_A57 << 4) | ARM_CPU_REV(0,0))) { > + > + // Errata 806969: DisableLoadStoreWB (1ULL << 49) > + // Errata 813420: Execute Data Cache clean as Data Cache clean/invalidate (ULL << 44) > + // Errata 814670: disable DMB nullification (1ULL << 58) > + ArmSetCpuActlrBit ( (1ULL << 49) | (1ULL << 44) | (1ULL << 58) ); > + } > +} > + > +VOID > +ArmCpuSetupSmpNonSecure ( > + IN UINTN MpId > + ) > +{ > +} > + > +VOID > +EFIAPI > +ArmSetCpuExCrBit ( > + IN UINT64 Bits > + ) > +{ > + UINT64 Value; > + Value = ArmReadCpuExCr (); > + Value |= Bits; > + ArmWriteCpuExCr (Value); > +} > + > +VOID > +EFIAPI > +ArmUnsetCpuExCrBit ( > + IN UINT64 Bits > + ) > +{ > + UINT64 Value; > + Value = ArmReadCpuExCr (); > + Value &= ~Bits; > + ArmWriteCpuExCr (Value); > +} > diff --git a/CadencePkg/Sec/Sec.inf b/CadencePkg/Sec/Sec.inf > new file mode 100644 > index 0000000..cf32f34 > --- /dev/null > +++ b/CadencePkg/Sec/Sec.inf > @@ -0,0 +1,85 @@ > +#/** @file > +# SEC - Reset vector code that jumps to C and starts the PEI phase > +# > +# (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
> +# Copyright (c) 2011-2013, ARM Limited. All rights reserved. > +# Copyright (c) 2017, Cadence Design Systems, Inc. All rights reserved. > +# > +# This program and the accompanying materials > +# are licensed and made available under the terms and conditions of the BSD License > +# which accompanies this distribution. The full text of the license may be found at > +# http://opensource.org/licenses/bsd-license.php > +# > +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > +# > +#**/ > + > +[Defines] > + INF_VERSION = 1.25 > + BASE_NAME = ArmPlatformSec > + FILE_GUID = 424b4f2e-ec82-4c57-a188-253060be8a69 > + MODULE_TYPE = SEC > + VERSION_STRING = 1.0 > + > +[Sources] > + Sec.c > + > +[Sources.AARCH64] > + AArch64/Arch.c > + AArch64/Helper.S > + AArch64/SecEntryPoint.S > + AArch64/ArmCortexA5xHelper.S | GCC > + > +[Packages] > + MdePkg/MdePkg.dec > + MdeModulePkg/MdeModulePkg.dec > + ArmPkg/ArmPkg.dec > + ArmPlatformPkg/ArmPlatformPkg.dec > + CadencePkg/CadenceCspPkg.dec > + > +[LibraryClasses] > + ArmLib > + ArmGenericTimerCounterLib > + ArmPlatformLib > + ArmPlatformSecLib > + ArmTrustedMonitorLib > + BaseLib > + DebugLib > + DebugAgentLib > + IoLib > + ArmGicLib > + PcdLib > + PrintLib > + SerialPortLib > + > +[Pcd] > + gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString > + > +[FixedPcd.common] > + > + gArmTokenSpaceGuid.PcdTrustzoneSupport > + gArmTokenSpaceGuid.PcdVFPEnabled > + > + gArmTokenSpaceGuid.PcdArmScr > + gArmTokenSpaceGuid.PcdArmNonSecModeTransition > + gArmTokenSpaceGuid.PcdArmArchTimerFreqInHz > + > + gArmTokenSpaceGuid.PcdSecureFvBaseAddress > + gArmTokenSpaceGuid.PcdSecureFvSize > + > + gArmTokenSpaceGuid.PcdFvBaseAddress > + > + gArmPlatformTokenSpaceGuid.PcdCPUCoresSecStackBase > + gArmPlatformTokenSpaceGuid.PcdCPUCoreSecPrimaryStackSize > + gArmPlatformTokenSpaceGuid.PcdCPUCoreSecSecondaryStackSize > + gArmPlatformTokenSpaceGuid.PcdCPUCoresSecMonStackBase > + gArmPlatformTokenSpaceGuid.PcdCPUCoreSecMonStackSize > + > + gArmTokenSpaceGuid.PcdGicInterruptInterfaceBase > + gArmTokenSpaceGuid.PcdGicDistributorBase > + gArmTokenSpaceGuid.PcdGicRedistributorsBase > + > +[FixedPcd.ARM] > + gArmTokenSpaceGuid.PcdArmNsacr > + > diff --git a/CadencePkg/Sec/SecInternal.h b/CadencePkg/Sec/SecInternal.h > new file mode 100644 > index 0000000..221eb57 > --- /dev/null > +++ b/CadencePkg/Sec/SecInternal.h > @@ -0,0 +1,105 @@ > +/** @file > +* Main file supporting the SEC Phase on ARM PLatforms > +* > +* Copyright (c) 2011-2013, ARM Limited. All rights reserved. > +* > +* This program and the accompanying materials > +* are licensed and made available under the terms and conditions of the BSD License > +* which accompanies this distribution. The full text of the license may be found at > +* http://opensource.org/licenses/bsd-license.php > +* > +* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, > +* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. > +* > +**/ > + > +#ifndef __SEC_H__ > +#define __SEC_H__ > + > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +#define IS_ALIGNED(Address, Align) (((UINTN)Address & (Align-1)) == 0) > + > +VOID > +TrustedWorldInitialization ( > + IN UINTN MpId, > + IN UINTN SecBootMode > + ); > + > +VOID > +NonTrustedWorldTransition ( > + IN UINTN MpId, > + IN UINTN JumpAddress > + ); > + > +VOID > +ArmGicV3SetupNonSecure ( > + IN UINTN MpId, > + IN INTN GicDistributorBase, > + IN INTN GicRedistributorsBase > +); > + > +VOID > +enter_monitor_mode ( > + IN UINTN MonitorEntryPoint, > + IN UINTN MpId, > + IN UINTN SecBootMode, > + IN VOID* MonitorStackBase > + ); > + > +VOID > +return_from_exception ( > + IN UINTN NonSecureBase > + ); > + > +VOID > +copy_cpsr_into_spsr ( > + VOID > + ); > + > +VOID > +set_non_secure_mode ( > + IN ARM_PROCESSOR_MODE Mode > + ); > + > +VOID > +SecCommonExceptionEntry ( > + IN UINT32 Entry, > + IN UINTN LR > + ); > + > +VOID > +EFIAPI > +ArmSecArchTrustzoneInit ( > + VOID > + ); > + > +VOID > +ArmCpuSetup ( > + IN UINTN MpId > + ); > + > +VOID > +ArmCpuSetupSmpNonSecure ( > + IN UINTN MpId > + ); > + > +VOID > +EFIAPI > +ArmSetCpuExCrBit ( > + IN UINT64 Bits > +); > + > +VOID > +EFIAPI > +ArmUnsetCpuExCrBit ( > + IN UINT64 Bits > +); > + > +#endif > -- > 2.2.2 >