public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [RFC PATCH edk2-non-osi] Platform/DeveloperBox: add prebuilt binary containing stage 2 page tables
@ 2018-02-23 13:28 Ard Biesheuvel
  2018-02-27 10:37 ` Leif Lindholm
  0 siblings, 1 reply; 2+ messages in thread
From: Ard Biesheuvel @ 2018-02-23 13:28 UTC (permalink / raw)
  To: edk2-devel; +Cc: leif.lindholm, Ard Biesheuvel

Now that the secure firmware image BL31 has been moved back into secure
memory where it belongs, we can no longer keep the stage2 translation
tables in the same image, given that EL2 is non-secure.

So instead, let's put those tables in the NOR flash, at the end of the
ARM-TF region. This is difficult to integrate into the build sequence
of either ARM-TF or UEFI, so let's just generate the binary and put it
at the correct offset using the .fdf description of the platform.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
I am not sure where to put this and how to integrate this into the build,
hence the RFC.

 Platform/Socionext/DeveloperBox/README            |   2 +
 Platform/Socionext/DeveloperBox/stage2_tables.S   |  95 ++++++++++++++++++++
 Platform/Socionext/DeveloperBox/stage2_tables.bin | Bin 0 -> 20480 bytes
 3 files changed, 97 insertions(+)

diff --git a/Platform/Socionext/DeveloperBox/README b/Platform/Socionext/DeveloperBox/README
index 8f079011e153..5728bf0ef88a 100644
--- a/Platform/Socionext/DeveloperBox/README
+++ b/Platform/Socionext/DeveloperBox/README
@@ -6,3 +6,5 @@ fip_all_arm_tf.bin - prebuilt ARM Trusted Firmware RELEASE binary
 Repo: https://git.linaro.org/leg/noupstream/arm-trusted-firmware.git
 Commit: cd3de9253d90f5ab6eed046fb7bb9f4e9f87ae5a
 
+stage2_tables.bin - prebuilt stage 2 translation tables
+Built from stage2_tables.S in the same directory
diff --git a/Platform/Socionext/DeveloperBox/stage2_tables.S b/Platform/Socionext/DeveloperBox/stage2_tables.S
new file mode 100644
index 000000000000..44da21e7e467
--- /dev/null
+++ b/Platform/Socionext/DeveloperBox/stage2_tables.S
@@ -0,0 +1,95 @@
+/** @file
+  Copyright (c) 2018, Linaro, Ltd. All rights reserved.<BR>
+
+  This program and the accompanying materials are licensed and made available
+  under the terms and conditions of the BSD License which accompanies this
+  distribution.  The full text of the license may be found at
+  http://opensource.org/licenses/bsd-license.php
+
+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+**/
+
+/*
+ * This file contains the assembler code to instantiate a set of stage 2
+ * translation tables that make the ECAM space of the Synopsys DesignWare
+ * PCIe root complexes appear sane to the OS.
+ * - ECAM 'shadows' caused by non TLP filtering root ports are eliminated
+ * - MMIO region are mapped with device attributes that supersede write combine
+     attributes that the OS may attempt to use, and which is not supported by
+     the SoC.
+ *
+ * Build using:
+ *
+ * gcc -o stage2_tables.elf stage2_tables.S \
+ *            -Wl,-e,0x81f8000 -Wl,--section-start=.rodata=0x81f8000 -nostdlib
+ *
+ * objcopy -O binary -j .rodata stage2_tables.elf stage2_tables.bin
+ */
+
+#define	TT_S2_CONT_SHIFT		52
+#define	TT_S2_AF			(0x1 << 10)
+#define	TT_S2_SH_NON_SHAREABLE		(0x0 << 8)
+#define	TT_S2_AP_RW			(0x3 << 6)
+#define	TT_S2_MEMATTR_DEVICE_nGRE	(0x2 << 2)
+#define	TT_S2_MEMATTR_MEMORY_WB		(0xf << 2)
+#define	TT_S2_TABLE			(0x3 << 0)
+#define	TT_S2_L3_PAGE			(0x1 << 1)
+#define	TT_S2_VALID			(0x1 << 0)
+
+	.altmacro
+	.macro		for, start, count, do, arg2, arg3, arg4
+	.if		\count == 1
+	\do		\start, \arg2, \arg3, \arg4
+	.elseif		\count > 1
+	for		\start, %(\count / 2), \do, \arg2, \arg3, \arg4
+	for		%(\start + \count / 2), %((\count + 1) / 2), \do, \arg2, \arg3, \arg4
+	.endif
+	.endm
+
+	.macro		s2_dev_entry, base, shift=30, offset=0, cont=0
+	.quad		((\base << \shift) + \offset) | TT_S2_AF | TT_S2_AP_RW | \
+			TT_S2_SH_NON_SHAREABLE | TT_S2_MEMATTR_DEVICE_nGRE | \
+			TT_S2_VALID | (\cont << TT_S2_CONT_SHIFT)
+	.endm
+
+	.macro		s2_mem_entry, base, shift=30, offset=0, cont=0
+	.quad		((\base << \shift) + \offset) | TT_S2_AF | TT_S2_AP_RW | \
+			TT_S2_SH_NON_SHAREABLE | TT_S2_MEMATTR_MEMORY_WB | \
+			TT_S2_VALID | (\cont << TT_S2_CONT_SHIFT)
+	.endm
+
+	.macro		s2_l3_entry, base, offset=0, cont=0
+	.quad		((\base << 12) + \offset) | TT_S2_AF | TT_S2_AP_RW | \
+			TT_S2_SH_NON_SHAREABLE | TT_S2_MEMATTR_MEMORY_WB | \
+			TT_S2_L3_PAGE | TT_S2_VALID | (\cont << TT_S2_CONT_SHIFT)
+	.endm
+
+	.section	".rodata", "a", %progbits
+	/* level 1 */
+	s2_mem_entry	0			/* 0x0000_0000 - 0x3fff_ffff */
+	.quad		1f + TT_S2_TABLE	/* 0x4000_0000 - 0x7fff_ffff */
+	for		  2, 246, s2_mem_entry	/* 0x8000_0000 - 0x3d_ffff_ffff */
+	for		248,   8, s2_dev_entry	/* PCIe MMIO64 */
+	for		256, 768, s2_mem_entry	/* 0x40_0000_0000 - 0xff_ffff_ffff */
+
+	/* level 2 */
+1:	for		0, 256, s2_mem_entry, 21, 0x40000000, 1
+
+	.quad		2f + TT_S2_TABLE	/* 0x6000_0000 -> RC #0 bus 0 */
+	for		1, 15, s2_mem_entry, 21, 0x60000000
+	for		0, 48, s2_mem_entry, 21, 0x62000000, 1
+	for		0, 64, s2_dev_entry, 21, 0x68000000, 1 /* PCIe MMIO32 */
+
+	.quad		3f + TT_S2_TABLE	/* 0x7000_0000 -> RC #1 bus 0 */
+	for		1, 15, s2_mem_entry, 21, 0x70000000
+	for		0, 48, s2_mem_entry, 21, 0x72000000, 1
+	for		0, 64, s2_dev_entry, 21, 0x78000000, 1 /* PCIe MMIO32 */
+
+	/* level 3 */
+2:	for		0,   8, s2_l3_entry, 0x60000000
+	for		0,   8, s2_l3_entry, 0x60010000	/* hide device #1 */
+	for		0, 496, s2_l3_entry, 0x60010000, 1
+3:	for		0,   8, s2_l3_entry, 0x70000000
+	for		0,   8, s2_l3_entry, 0x70010000	/* hide device #1 */
+	for		0, 496, s2_l3_entry, 0x70010000, 1
diff --git a/Platform/Socionext/DeveloperBox/stage2_tables.bin b/Platform/Socionext/DeveloperBox/stage2_tables.bin
new file mode 100644
index 000000000000..48369f00c022
Binary files /dev/null and b/Platform/Socionext/DeveloperBox/stage2_tables.bin differ
-- 
2.11.0



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [RFC PATCH edk2-non-osi] Platform/DeveloperBox: add prebuilt binary containing stage 2 page tables
  2018-02-23 13:28 [RFC PATCH edk2-non-osi] Platform/DeveloperBox: add prebuilt binary containing stage 2 page tables Ard Biesheuvel
@ 2018-02-27 10:37 ` Leif Lindholm
  0 siblings, 0 replies; 2+ messages in thread
From: Leif Lindholm @ 2018-02-27 10:37 UTC (permalink / raw)
  To: Ard Biesheuvel; +Cc: edk2-devel

On Fri, Feb 23, 2018 at 01:28:58PM +0000, Ard Biesheuvel wrote:
> Now that the secure firmware image BL31 has been moved back into secure
> memory where it belongs, we can no longer keep the stage2 translation
> tables in the same image, given that EL2 is non-secure.
> 
> So instead, let's put those tables in the NOR flash, at the end of the
> ARM-TF region. This is difficult to integrate into the build sequence
> of either ARM-TF or UEFI, so let's just generate the binary and put it
> at the correct offset using the .fdf description of the platform.
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
> I am not sure where to put this and how to integrate this into the build,
> hence the RFC.

Would it be feasible to generate this as part of the build (and hence
make it possible to keep the source in edk2-platforms)? Feels like it
could come in handy.

There is already a [Nasm-to-Binary-Code-File] rule in
build_rule.template, so I'd say there's precedent.

>  Platform/Socionext/DeveloperBox/README            |   2 +
>  Platform/Socionext/DeveloperBox/stage2_tables.S   |  95 ++++++++++++++++++++
>  Platform/Socionext/DeveloperBox/stage2_tables.bin | Bin 0 -> 20480 bytes
>  3 files changed, 97 insertions(+)
> 
> diff --git a/Platform/Socionext/DeveloperBox/README b/Platform/Socionext/DeveloperBox/README
> index 8f079011e153..5728bf0ef88a 100644
> --- a/Platform/Socionext/DeveloperBox/README
> +++ b/Platform/Socionext/DeveloperBox/README
> @@ -6,3 +6,5 @@ fip_all_arm_tf.bin - prebuilt ARM Trusted Firmware RELEASE binary
>  Repo: https://git.linaro.org/leg/noupstream/arm-trusted-firmware.git
>  Commit: cd3de9253d90f5ab6eed046fb7bb9f4e9f87ae5a
>  
> +stage2_tables.bin - prebuilt stage 2 translation tables
> +Built from stage2_tables.S in the same directory

If not possible to integrate in build, add the exact command line used
to generate file (and preferably toolchain version)?

/
    Leif

> diff --git a/Platform/Socionext/DeveloperBox/stage2_tables.S b/Platform/Socionext/DeveloperBox/stage2_tables.S
> new file mode 100644
> index 000000000000..44da21e7e467
> --- /dev/null
> +++ b/Platform/Socionext/DeveloperBox/stage2_tables.S
> @@ -0,0 +1,95 @@
> +/** @file
> +  Copyright (c) 2018, Linaro, Ltd. All rights reserved.<BR>
> +
> +  This program and the accompanying materials are licensed and made available
> +  under the terms and conditions of the BSD License which accompanies this
> +  distribution.  The full text of the license may be found at
> +  http://opensource.org/licenses/bsd-license.php
> +
> +  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> +  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
> +**/
> +
> +/*
> + * This file contains the assembler code to instantiate a set of stage 2
> + * translation tables that make the ECAM space of the Synopsys DesignWare
> + * PCIe root complexes appear sane to the OS.
> + * - ECAM 'shadows' caused by non TLP filtering root ports are eliminated
> + * - MMIO region are mapped with device attributes that supersede write combine
> +     attributes that the OS may attempt to use, and which is not supported by
> +     the SoC.
> + *
> + * Build using:
> + *
> + * gcc -o stage2_tables.elf stage2_tables.S \
> + *            -Wl,-e,0x81f8000 -Wl,--section-start=.rodata=0x81f8000 -nostdlib
> + *
> + * objcopy -O binary -j .rodata stage2_tables.elf stage2_tables.bin
> + */
> +
> +#define	TT_S2_CONT_SHIFT		52
> +#define	TT_S2_AF			(0x1 << 10)
> +#define	TT_S2_SH_NON_SHAREABLE		(0x0 << 8)
> +#define	TT_S2_AP_RW			(0x3 << 6)
> +#define	TT_S2_MEMATTR_DEVICE_nGRE	(0x2 << 2)
> +#define	TT_S2_MEMATTR_MEMORY_WB		(0xf << 2)
> +#define	TT_S2_TABLE			(0x3 << 0)
> +#define	TT_S2_L3_PAGE			(0x1 << 1)
> +#define	TT_S2_VALID			(0x1 << 0)
> +
> +	.altmacro
> +	.macro		for, start, count, do, arg2, arg3, arg4
> +	.if		\count == 1
> +	\do		\start, \arg2, \arg3, \arg4
> +	.elseif		\count > 1
> +	for		\start, %(\count / 2), \do, \arg2, \arg3, \arg4
> +	for		%(\start + \count / 2), %((\count + 1) / 2), \do, \arg2, \arg3, \arg4
> +	.endif
> +	.endm
> +
> +	.macro		s2_dev_entry, base, shift=30, offset=0, cont=0
> +	.quad		((\base << \shift) + \offset) | TT_S2_AF | TT_S2_AP_RW | \
> +			TT_S2_SH_NON_SHAREABLE | TT_S2_MEMATTR_DEVICE_nGRE | \
> +			TT_S2_VALID | (\cont << TT_S2_CONT_SHIFT)
> +	.endm
> +
> +	.macro		s2_mem_entry, base, shift=30, offset=0, cont=0
> +	.quad		((\base << \shift) + \offset) | TT_S2_AF | TT_S2_AP_RW | \
> +			TT_S2_SH_NON_SHAREABLE | TT_S2_MEMATTR_MEMORY_WB | \
> +			TT_S2_VALID | (\cont << TT_S2_CONT_SHIFT)
> +	.endm
> +
> +	.macro		s2_l3_entry, base, offset=0, cont=0
> +	.quad		((\base << 12) + \offset) | TT_S2_AF | TT_S2_AP_RW | \
> +			TT_S2_SH_NON_SHAREABLE | TT_S2_MEMATTR_MEMORY_WB | \
> +			TT_S2_L3_PAGE | TT_S2_VALID | (\cont << TT_S2_CONT_SHIFT)
> +	.endm
> +
> +	.section	".rodata", "a", %progbits
> +	/* level 1 */
> +	s2_mem_entry	0			/* 0x0000_0000 - 0x3fff_ffff */
> +	.quad		1f + TT_S2_TABLE	/* 0x4000_0000 - 0x7fff_ffff */
> +	for		  2, 246, s2_mem_entry	/* 0x8000_0000 - 0x3d_ffff_ffff */
> +	for		248,   8, s2_dev_entry	/* PCIe MMIO64 */
> +	for		256, 768, s2_mem_entry	/* 0x40_0000_0000 - 0xff_ffff_ffff */
> +
> +	/* level 2 */
> +1:	for		0, 256, s2_mem_entry, 21, 0x40000000, 1
> +
> +	.quad		2f + TT_S2_TABLE	/* 0x6000_0000 -> RC #0 bus 0 */
> +	for		1, 15, s2_mem_entry, 21, 0x60000000
> +	for		0, 48, s2_mem_entry, 21, 0x62000000, 1
> +	for		0, 64, s2_dev_entry, 21, 0x68000000, 1 /* PCIe MMIO32 */
> +
> +	.quad		3f + TT_S2_TABLE	/* 0x7000_0000 -> RC #1 bus 0 */
> +	for		1, 15, s2_mem_entry, 21, 0x70000000
> +	for		0, 48, s2_mem_entry, 21, 0x72000000, 1
> +	for		0, 64, s2_dev_entry, 21, 0x78000000, 1 /* PCIe MMIO32 */
> +
> +	/* level 3 */
> +2:	for		0,   8, s2_l3_entry, 0x60000000
> +	for		0,   8, s2_l3_entry, 0x60010000	/* hide device #1 */
> +	for		0, 496, s2_l3_entry, 0x60010000, 1
> +3:	for		0,   8, s2_l3_entry, 0x70000000
> +	for		0,   8, s2_l3_entry, 0x70010000	/* hide device #1 */
> +	for		0, 496, s2_l3_entry, 0x70010000, 1
> diff --git a/Platform/Socionext/DeveloperBox/stage2_tables.bin b/Platform/Socionext/DeveloperBox/stage2_tables.bin
> new file mode 100644
> index 000000000000..48369f00c022
> Binary files /dev/null and b/Platform/Socionext/DeveloperBox/stage2_tables.bin differ
> -- 
> 2.11.0
> 


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2018-02-27 10:31 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-02-23 13:28 [RFC PATCH edk2-non-osi] Platform/DeveloperBox: add prebuilt binary containing stage 2 page tables Ard Biesheuvel
2018-02-27 10:37 ` Leif Lindholm

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox