Re: [staging/cadence-aarch64 PATCH v3 4/6] CadencePkg: Add SEC phase implementation for Cadence CSP platform.

[Ard Biesheuvel <ard.biesheuvel@linaro.org>]

On 22 June 2017 at 15:21, Leif Lindholm <leif.lindholm@linaro.org> wrote:
> On Thu, Jun 22, 2017 at 10:31:59AM +0100, Scott Telford wrote:
>> Add SEC phase implementation for Cadence CSP platform configured with
>> a single Cortex-A53 processor and GIC-500.
>>
>> Based on ArmPlatformPkg/Sec, with required parts of
>> ArmPkg/Drivers/ArmCpuLib/ArmCortexA5xLib integrated (both now deleted
>> from edk2 master).
>>
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Scott Telford <stelford@cadence.com>
>
> Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
>

Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

>> ---
>>  CadencePkg/Sec/AArch64/Arch.c               |  25 +++
>>  CadencePkg/Sec/AArch64/ArmCortexA5xHelper.S |  27 +++
>>  CadencePkg/Sec/AArch64/Helper.S             |  93 ++++++++
>>  CadencePkg/Sec/AArch64/SecEntryPoint.S      | 139 ++++++++++++
>>  CadencePkg/Sec/Sec.c                        | 335 ++++++++++++++++++++++++++++
>>  CadencePkg/Sec/Sec.inf                      |  85 +++++++
>>  CadencePkg/Sec/SecInternal.h                | 105 +++++++++
>>  7 files changed, 809 insertions(+)
>>  create mode 100644 CadencePkg/Sec/AArch64/Arch.c
>>  create mode 100644 CadencePkg/Sec/AArch64/ArmCortexA5xHelper.S
>>  create mode 100644 CadencePkg/Sec/AArch64/Helper.S
>>  create mode 100644 CadencePkg/Sec/AArch64/SecEntryPoint.S
>>  create mode 100644 CadencePkg/Sec/Sec.c
>>  create mode 100644 CadencePkg/Sec/Sec.inf
>>  create mode 100644 CadencePkg/Sec/SecInternal.h
>>
>> diff --git a/CadencePkg/Sec/AArch64/Arch.c b/CadencePkg/Sec/AArch64/Arch.c
>> new file mode 100644
>> index 0000000..6e7d58e
>> --- /dev/null
>> +++ b/CadencePkg/Sec/AArch64/Arch.c
>> @@ -0,0 +1,25 @@
>> +/** @file
>> +*
>> +*  Copyright (c) 2013, ARM Limited. All rights reserved.
>> +*
>> +*  This program and the accompanying materials
>> +*  are licensed and made available under the terms and conditions of the BSD License
>> +*  which accompanies this distribution.  The full text of the license may be found at
>> +*  http://opensource.org/licenses/bsd-license.php
>> +*
>> +*  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
>> +*  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
>> +*
>> +**/
>> +
>> +#include <Chipset/AArch64.h>
>> +
>> +VOID
>> +EFIAPI
>> +ArmSecArchTrustzoneInit (
>> +  VOID
>> +  )
>> +{
>> +  // Do not trap any access to Floating Point and Advanced SIMD in EL3.
>> +  ArmWriteCptr (0);
>> +}
>> diff --git a/CadencePkg/Sec/AArch64/ArmCortexA5xHelper.S b/CadencePkg/Sec/AArch64/ArmCortexA5xHelper.S
>> new file mode 100644
>> index 0000000..531de63
>> --- /dev/null
>> +++ b/CadencePkg/Sec/AArch64/ArmCortexA5xHelper.S
>> @@ -0,0 +1,27 @@
>> +#------------------------------------------------------------------------------
>> +#
>> +# Copyright (c) 2013 - 2014, ARM Limited. All rights reserved.
>> +#
>> +# This program and the accompanying materials
>> +# are licensed and made available under the terms and conditions of the BSD Licese
>> +# which accompanies this distribution.  The full text of the license may be foun at
>> +# http://opensource.org/licenses/bsd-license.php
>> +#
>> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
>> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
>> +#
>> +#------------------------------------------------------------------------------
>> +
>> +#include <AsmMacroIoLibV8.h>
>> +
>> +ASM_FUNC(ArmReadCpuExCr)
>> +  mrs   x0, S3_1_c15_c2_1
>> +  ret
>> +
>> +ASM_FUNC(ArmWriteCpuExCr)
>> +  msr   S3_1_c15_c2_1, x0
>> +  dsb   sy
>> +  isb
>> +  ret
>> +
>> +ASM_FUNCTION_REMOVE_IF_UNREFERENCED
>> diff --git a/CadencePkg/Sec/AArch64/Helper.S b/CadencePkg/Sec/AArch64/Helper.S
>> new file mode 100644
>> index 0000000..3b58e12
>> --- /dev/null
>> +++ b/CadencePkg/Sec/AArch64/Helper.S
>> @@ -0,0 +1,93 @@
>> +#========================================================================================
>> +#  Copyright (c) 2011-2014, ARM Limited. All rights reserved.
>> +#
>> +#  This program and the accompanying materials
>> +#  are licensed and made available under the terms and conditions of the BSD License
>> +#  which accompanies this distribution.  The full text of the license may be found at
>> +#  http:#opensource.org/licenses/bsd-license.php
>> +#
>> +#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
>> +#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
>> +#
>> +#=======================================================================================
>> +
>> +#include <AsmMacroIoLibV8.h>
>> +#include <Chipset/AArch64.h>
>> +
>> +#start of the code section
>> +.text
>> +.align 3
>> +
>> +GCC_ASM_EXPORT(SwitchToNSExceptionLevel1)
>> +GCC_ASM_EXPORT(enter_monitor_mode)
>> +GCC_ASM_EXPORT(return_from_exception)
>> +GCC_ASM_EXPORT(copy_cpsr_into_spsr)
>> +GCC_ASM_EXPORT(set_non_secure_mode)
>> +
>> +// Switch from EL3 to NS-EL1
>> +ASM_PFX(SwitchToNSExceptionLevel1):
>> +   // Now setup our EL1. Controlled by EL2 config on Model
>> +   mrs     x0, hcr_el2            // Read EL2 Hypervisor configuration Register
>> +   orr     x0, x0, #(1 << 31)     // Set EL1 to be 64bit
>> +
>> +   // Send all interrupts to their respective Exception levels for EL2
>> +   and     x0, x0, #~(ARM_HCR_FMO | ARM_HCR_IMO | ARM_HCR_AMO) // Disable virtual FIQ, IRQ, SError and Abort
>> +   msr     hcr_el2, x0            // Write back our settings
>> +
>> +   msr     cptr_el2, xzr          // Disable copro traps to EL2
>> +
>> +   msr     sctlr_el2, xzr
>> +
>> +   // Enable architected timer access
>> +   mrs     x0, cnthctl_el2
>> +   orr     x0, x0, #3             // Enable EL1 access to timers
>> +   msr     cnthctl_el2, x0
>> +
>> +   mrs     x0, cntkctl_el1
>> +   orr     x0, x0, #3             // EL0 access to counters
>> +   msr     cntkctl_el1, x0
>> +
>> +   // Set ID regs
>> +   mrs     x0, midr_el1
>> +   mrs     x1, mpidr_el1
>> +   msr     vpidr_el2, x0
>> +   msr     vmpidr_el2, x1
>> +
>> +   ret
>> +
>> +
>> +// EL3 on AArch64 is Secure/monitor so this funtion is reduced vs ARMv7
>> +// we don't need a mode switch, just setup the Arguments and jump.
>> +// x0: Monitor World EntryPoint
>> +// x1: MpId
>> +// x2: SecBootMode
>> +// x3: Secure Monitor mode stack
>> +ASM_PFX(enter_monitor_mode):
>> +   mov     x4, x0                 // Swap EntryPoint and MpId registers
>> +   mov     x0, x1
>> +   mov     x1, x2
>> +   mov     x2, x3
>> +   br      x4
>> +
>> +// Put the address in correct ELR_ELx and do a eret.
>> +// We may need to do some config before we change to another Mode.
>> +ASM_PFX(return_from_exception):
>> +   msr     elr_el3, x0
>> +   eret
>> +
>> +// For AArch64 we need to construct the spsr we want from individual bits and pieces.
>> +ASM_PFX(copy_cpsr_into_spsr):
>> +   mrs     x0, CurrentEl  // Get the current exception level we  are running at.
>> +   mrs     x1, SPSel      // Which Stack are we using
>> +   orr     x0, x0, x1
>> +   mrs     x1, daif       // Which interrupts are enabled
>> +   orr     x0, x0, x1
>> +   msr     spsr_el3, x0   // Write to spsr
>> +   ret
>> +
>> +// Get this from platform file.
>> +ASM_PFX(set_non_secure_mode):
>> +   msr     spsr_el3, x0
>> +   ret
>> +
>> +ASM_FUNCTION_REMOVE_IF_UNREFERENCED
>> diff --git a/CadencePkg/Sec/AArch64/SecEntryPoint.S b/CadencePkg/Sec/AArch64/SecEntryPoint.S
>> new file mode 100644
>> index 0000000..06bea3c
>> --- /dev/null
>> +++ b/CadencePkg/Sec/AArch64/SecEntryPoint.S
>> @@ -0,0 +1,139 @@
>> +//
>> +//  Copyright (c) 2011-2014, ARM Limited. All rights reserved.
>> +//
>> +//  This program and the accompanying materials
>> +//  are licensed and made available under the terms and conditions of the BSD License
>> +//  which accompanies this distribution.  The full text of the license may be found at
>> +//  http://opensource.org/licenses/bsd-license.php
>> +//
>> +//  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
>> +//  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
>> +//
>> +//
>> +
>> +#include <AutoGen.h>
>> +#include <AsmMacroIoLibV8.h>
>> +#include "SecInternal.h"
>> +
>> +.text
>> +.align 3
>> +
>> +GCC_ASM_IMPORT(CEntryPoint)
>> +GCC_ASM_IMPORT(ArmPlatformIsPrimaryCore)
>> +GCC_ASM_IMPORT(ArmPlatformGetCorePosition)
>> +GCC_ASM_IMPORT(ArmPlatformSecBootAction)
>> +GCC_ASM_IMPORT(ArmPlatformSecBootMemoryInit)
>> +GCC_ASM_IMPORT(ArmDisableInterrupts)
>> +GCC_ASM_IMPORT(ArmDisableCachesAndMmu)
>> +GCC_ASM_IMPORT(ArmReadMpidr)
>> +GCC_ASM_IMPORT(ArmCallWFE)
>> +GCC_ASM_EXPORT(_ModuleEntryPoint)
>> +
>> +StartupAddr:        .8byte       ASM_PFX(CEntryPoint)
>> +
>> +ASM_PFX(_ModuleEntryPoint):
>> +
>> +// NOTE: We could be booting from EL3, EL2 or EL1. Need to correctly detect
>> +//       and configure the system accordingly. EL2 is default if possible.
>> +// If we started in EL3 we need to switch and run at EL2.
>> +// If we are running at EL2 stay in EL2
>> +// If we are starting at EL1 stay in EL1.
>> +
>> +// Sec only runs in EL3. Othewise we jump to PEI without changing anything.
>> +// If Sec runs we change to EL2 before switching to PEI.
>> +
>> +// Which EL are we running at? Every EL needs some level of setup...
>> +  EL1_OR_EL2_OR_EL3(x0)
>> +1:// If we are at EL1 or EL2 leave SEC for PEI.
>> +2:b     ASM_PFX(JumpToPEI)
>> +  // If we are at EL3 we need to configure it and switch to EL2
>> +3:b     ASM_PFX(MainEntryPoint)
>> +
>> +ASM_PFX(MainEntryPoint):
>> +  // First ensure all interrupts are disabled
>> +  bl    ASM_PFX(ArmDisableInterrupts)
>> +
>> +  // Ensure that the MMU and caches are off
>> +  bl    ASM_PFX(ArmDisableCachesAndMmu)
>> +
>> +  // By default, we are doing a cold boot
>> +  mov   x10, #ARM_SEC_COLD_BOOT
>> +
>> +  // Jump to Platform Specific Boot Action function
>> +  bl    ASM_PFX(ArmPlatformSecBootAction)
>> +
>> +_IdentifyCpu:
>> +  // Identify CPU ID
>> +  bl    ASM_PFX(ArmReadMpidr)
>> +  // Keep a copy of the MpId register value
>> +  mov   x5, x0
>> +
>> +  // Is it the Primary Core ?
>> +  bl    ASM_PFX(ArmPlatformIsPrimaryCore)
>> +  cmp   x0, #1
>> +  // Only the primary core initialize the memory (SMC)
>> +  b.eq  _InitMem
>> +
>> +_WaitInitMem:
>> +  // If we are not doing a cold boot in this case we should assume the Initial Memory to be already initialized
>> +  // Otherwise we have to wait the Primary Core to finish the initialization
>> +  cmp   x10, #ARM_SEC_COLD_BOOT
>> +  b.ne  _SetupSecondaryCoreStack
>> +
>> +  // Wait for the primary core to initialize the initial memory (event: BOOT_MEM_INIT)
>> +  bl    ASM_PFX(ArmCallWFE)
>> +  // Now the Init Mem is initialized, we setup the secondary core stacks
>> +  b     _SetupSecondaryCoreStack
>> +
>> +_InitMem:
>> +  // If we are not doing a cold boot in this case we should assume the Initial Memory to be already initialized
>> +  cmp   x10, #ARM_SEC_COLD_BOOT
>> +  b.ne  _SetupPrimaryCoreStack
>> +
>> +  // Initialize Init Boot Memory
>> +  bl    ASM_PFX(ArmPlatformSecBootMemoryInit)
>> +
>> +_SetupPrimaryCoreStack:
>> +  // Get the top of the primary stacks (and the base of the secondary stacks)
>> +  MOV32 (x1, FixedPcdGet32(PcdCPUCoresSecStackBase))
>> +  MOV32 (x2, FixedPcdGet32(PcdCPUCoreSecPrimaryStackSize))
>> +  add   x1, x1, x2
>> +
>> +  mov   sp, x1
>> +  b     _PrepareArguments
>> +
>> +_SetupSecondaryCoreStack:
>> +  // Get the top of the primary stacks (and the base of the secondary stacks)
>> +  MOV32 (x1, FixedPcdGet32(PcdCPUCoresSecStackBase))
>> +  MOV32 (x2, FixedPcdGet32(PcdCPUCoreSecPrimaryStackSize))
>> +  add   x6, x1, x2
>> +
>> +  // Get the Core Position
>> +  mov   x0, x5
>> +  bl    ASM_PFX(ArmPlatformGetCorePosition)
>> +  // The stack starts at the top of the stack region. Add '1' to the Core Position to get the top of the stack
>> +  add   x0, x0, #1
>> +
>> +  // StackOffset = CorePos * StackSize
>> +  MOV32 (x2, FixedPcdGet32(PcdCPUCoreSecSecondaryStackSize))
>> +  mul   x0, x0, x2
>> +  // SP = StackBase + StackOffset
>> +  add   sp, x6, x0
>> +
>> +_PrepareArguments:
>> +  // Move sec startup address into a data register
>> +  // Ensure we're jumping to FV version of the code (not boot remapped alias)
>> +  ldr   x3, StartupAddr
>> +
>> +  // Jump to SEC C code
>> +  //    r0 = mp_id
>> +  //    r1 = Boot Mode
>> +  mov   x0, x5
>> +  mov   x1, x10
>> +  blr   x3
>> +
>> +  ret
>> +
>> +ASM_PFX(JumpToPEI):
>> +  MOV32 (x0, FixedPcdGet32(PcdFvBaseAddress))
>> +  blr   x0
>> diff --git a/CadencePkg/Sec/Sec.c b/CadencePkg/Sec/Sec.c
>> new file mode 100644
>> index 0000000..5b0244e
>> --- /dev/null
>> +++ b/CadencePkg/Sec/Sec.c
>> @@ -0,0 +1,335 @@
>> +/** @file
>> +*  Main file supporting the SEC Phase on ARM Platforms
>> +*
>> +*  Copyright (c) 2011-2014, ARM Limited. All rights reserved.
>> +*  Copyright (c) 2017, Cadence Design Systems, Inc. All rights reserved.
>> +*
>> +*  This program and the accompanying materials
>> +*  are licensed and made available under the terms and conditions of the BSD License
>> +*  which accompanies this distribution.  The full text of the license may be found at
>> +*  http://opensource.org/licenses/bsd-license.php
>> +*
>> +*  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
>> +*  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
>> +*
>> +**/
>> +
>> +#include <Chipset/ArmCortexA5x.h>
>> +#include <Library/ArmTrustedMonitorLib.h>
>> +#include <Library/ArmGenericTimerCounterLib.h>
>> +#include <Library/DebugAgentLib.h>
>> +#include <Library/IoLib.h>
>> +#include <Library/PrintLib.h>
>> +#include <Library/BaseMemoryLib.h>
>> +#include <Library/SerialPortLib.h>
>> +#include <Library/ArmGicLib.h>
>> +#include <Library/ArmPlatformLib.h>
>> +
>> +#include "SecInternal.h"
>> +
>> +#define SerialPrint(txt)  SerialPortWrite ((UINT8*)txt, AsciiStrLen(txt)+1);
>> +
>> +#define ARM_GICR_WAKER          0x0014  // GIC Redistributor Wake Register
>> +#define ARM_GICR_IGROUPR0       0x0080  // GIC Redistributor Int Group Reg 0
>> +#define ARM_GICR_IGRPMODR0      0x0d00  // GIC Redistributor Int Group Mod Reg 0
>> +#define ARM_GICR_ICFGR1         0x0c04  // GIC Redistributor Int Config Reg 0
>> +
>> +
>> +VOID
>> +CEntryPoint (
>> +  IN  UINTN                     MpId,
>> +  IN  UINTN                     SecBootMode
>> +  )
>> +{
>> +  CHAR8           Buffer[100];
>> +  UINTN           CharCount;
>> +  UINTN           JumpAddress;
>> +
>> +  // Invalidate the data cache. Doesn't have to do the Data cache clean.
>> +  ArmInvalidateDataCache ();
>> +
>> +  // Invalidate Instruction Cache
>> +  ArmInvalidateInstructionCache ();
>> +
>> +  // Invalidate I & D TLBs
>> +  ArmInvalidateTlb ();
>> +
>> +  // CPU specific settings
>> +  ArmCpuSetup (MpId);
>> +
>> +  // Enable Floating Point Coprocessor if supported by the platform
>> +  if (FixedPcdGet32 (PcdVFPEnabled)) {
>> +    ArmEnableVFP ();
>> +  }
>> +
>> +  // Initialize peripherals that must be done at the early stage
>> +  // Example: Some L2 controller, interconnect, clock, DMC, etc
>> +  ArmPlatformSecInitialize (MpId);
>> +
>> +  // Primary CPU clears out the SCU tag RAMs, secondaries wait
>> +  if (ArmPlatformIsPrimaryCore (MpId) && (SecBootMode == ARM_SEC_COLD_BOOT)) {
>> +    if (ArmIsMpCore()) {
>> +      // Signal for the initial memory is configured (event: BOOT_MEM_INIT)
>> +      ArmCallSEV ();
>> +    }
>> +
>> +    // SEC phase needs to run library constructors by hand. This assumes we are linked against the SerialLib
>> +    // In non SEC modules the init call is in autogenerated code.
>> +    SerialPortInitialize ();
>> +
>> +    // Start talking
>> +    if (FixedPcdGetBool (PcdTrustzoneSupport)) {
>> +      CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Secure firmware (version %s built at %a on %a)\n\r",
>> +          (CHAR16*)PcdGetPtr(PcdFirmwareVersionString), __TIME__, __DATE__);
>> +    } else {
>> +      CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Boot firmware (version %s built at %a on %a)\n\r",
>> +          (CHAR16*)PcdGetPtr(PcdFirmwareVersionString), __TIME__, __DATE__);
>> +    }
>> +    SerialPortWrite ((UINT8 *) Buffer, CharCount);
>> +
>> +    // Initialize the Debug Agent for Source Level Debugging
>> +    InitializeDebugAgent (DEBUG_AGENT_INIT_PREMEM_SEC, NULL, NULL);
>> +    SaveAndSetDebugTimerInterrupt (TRUE);
>> +
>> +    // Enable the GIC distributor and CPU Interface
>> +    // - no other Interrupts are enabled,  doesn't have to worry about the priority.
>> +    // - all the cores are in secure state, use secure SGI's
>> +    ArmGicEnableDistributor (PcdGet64(PcdGicDistributorBase));
>> +    ArmGicEnableInterruptInterface (PcdGet64(PcdGicInterruptInterfaceBase));
>> +  } else {
>> +    // Enable the GIC CPU Interface
>> +    ArmGicEnableInterruptInterface (PcdGet64(PcdGicInterruptInterfaceBase));
>> +  }
>> +
>> +  // Enable Full Access to CoProcessors
>> +  ArmWriteCpacr (CPACR_CP_FULL_ACCESS);
>> +
>> +  // Test if Trustzone is supported on this platform
>> +  if (FixedPcdGetBool (PcdTrustzoneSupport)) {
>> +    if (ArmIsMpCore ()) {
>> +      // Setup SMP in Non Secure world
>> +      ArmCpuSetupSmpNonSecure (GET_CORE_ID(MpId));
>> +    }
>> +
>> +    // Either we use the Secure Stacks for Secure Monitor (in this case (Base == 0) && (Size == 0))
>> +    // Or we use separate Secure Monitor stacks (but (Base != 0) && (Size != 0))
>> +    ASSERT (((PcdGet64(PcdCPUCoresSecMonStackBase) == 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) == 0)) ||
>> +            ((PcdGet64(PcdCPUCoresSecMonStackBase) != 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) != 0)));
>> +
>> +    // Enter Monitor Mode
>> +    enter_monitor_mode (
>> +      (UINTN)TrustedWorldInitialization, MpId, SecBootMode,
>> +      (VOID*) (PcdGet64 (PcdCPUCoresSecMonStackBase) +
>> +          (PcdGet32 (PcdCPUCoreSecMonStackSize) * (ArmPlatformGetCorePosition (MpId) + 1)))
>> +      );
>> +  } else {
>> +    if (ArmPlatformIsPrimaryCore (MpId)) {
>> +      SerialPrint ("Trust Zone Configuration is disabled\n\r");
>> +    }
>> +
>> +    // With Trustzone support the transition from Sec to Normal world is done by return_from_exception().
>> +    // If we want to keep this function call we need to ensure the SVC's SPSR point to the same Program
>> +    // Status Register as the the current one (CPSR).
>> +    copy_cpsr_into_spsr ();
>> +
>> +    // Call the Platform specific function to execute additional actions if required
>> +    JumpAddress = PcdGet64 (PcdFvBaseAddress);
>> +
>> +    ArmPlatformSecExtraAction (MpId, &JumpAddress);
>> +
>> +    NonTrustedWorldTransition (MpId, JumpAddress);
>> +  }
>> +  ASSERT (0); // We must never return from the above function
>> +}
>> +
>> +VOID
>> +TrustedWorldInitialization (
>> +  IN  UINTN                     MpId,
>> +  IN  UINTN                     SecBootMode
>> +  )
>> +{
>> +  UINTN   JumpAddress;
>> +
>> +  //-------------------- Monitor Mode ---------------------
>> +
>> +  // Set up Monitor World (Vector Table, etc)
>> +  ArmSecureMonitorWorldInitialize ();
>> +
>> +  // Transfer the interrupt to Non-secure World
>> +  ArmGicV3SetupNonSecure (MpId, PcdGet64(PcdGicDistributorBase), PcdGet64(PcdGicRedistributorsBase));
>> +
>> +  // Initialize platform specific security policy
>> +  ArmPlatformSecTrustzoneInit (MpId);
>> +
>> +  // Setup the Trustzone Chipsets
>> +  if (SecBootMode == ARM_SEC_COLD_BOOT) {
>> +    if (ArmPlatformIsPrimaryCore (MpId)) {
>> +      if (ArmIsMpCore()) {
>> +        // Signal the secondary core the Security settings is done (event: EVENT_SECURE_INIT)
>> +        ArmCallSEV ();
>> +      }
>> +    } else {
>> +      // The secondary cores need to wait until the Trustzone chipsets configuration is done
>> +      // before switching to Non Secure World
>> +
>> +      // Wait for the Primary Core to finish the initialization of the Secure World (event: EVENT_SECURE_INIT)
>> +      ArmCallWFE ();
>> +    }
>> +  }
>> +
>> +  // Call the Platform specific function to execute additional actions if required
>> +  JumpAddress = PcdGet64 (PcdFvBaseAddress);
>> +
>> +  ArmPlatformSecExtraAction (MpId, &JumpAddress);
>> +
>> +  // Initialize architecture specific security policy
>> +  ArmSecArchTrustzoneInit ();
>> +
>> +  // CP15 Secure Configuration Register
>> +  ArmWriteScr (PcdGet32 (PcdArmScr));
>> +
>> +  NonTrustedWorldTransition (MpId, JumpAddress);
>> +}
>> +
>> +VOID
>> +NonTrustedWorldTransition (
>> +  IN  UINTN                     MpId,
>> +  IN  UINTN                     JumpAddress
>> +  )
>> +{
>> +  // If PcdArmNonSecModeTransition is defined then set this specific mode to CPSR before the transition
>> +  // By not set, the mode for Non Secure World is SVC
>> +  if (PcdGet32 (PcdArmNonSecModeTransition) != 0) {
>> +    set_non_secure_mode ((ARM_PROCESSOR_MODE)PcdGet32 (PcdArmNonSecModeTransition));
>> +  }
>> +
>> +  return_from_exception (JumpAddress);
>> +  //-------------------- Non Secure Mode ---------------------
>> +
>> +  // PEI Core should always load and never return
>> +  ASSERT (FALSE);
>> +}
>> +
>> +/*
>> + * This function configures the all interrupts to be Non-secure.
>> + *
>> + */
>> +VOID
>> +EFIAPI
>> +ArmGicV3SetupNonSecure (
>> +  IN  UINTN         MpId,
>> +  IN  INTN          GicDistributorBase,
>> +  IN  INTN          GicRedistributorsBase
>> +  )
>> +{
>> +  UINTN InterruptId;
>> +  UINTN Index;
>> +  UINTN MaxInterrupts;
>> +  UINT32 WakeR;
>> +
>> +  // Set priority Mask so that no interrupts get through to CPU
>> +  ArmGicV3SetPriorityMask (0);
>> +
>> +  // Clear ProcessorSleep bit in GICR_WAKER and wait for ChildrenAsleep to clear
>> +  WakeR = MmioRead32 (GicRedistributorsBase + ARM_GICR_WAKER);
>> +  WakeR &= ~(1 << 1);
>> +  MmioWrite32 (GicRedistributorsBase + ARM_GICR_WAKER, WakeR);
>> +  do {
>> +          WakeR = MmioRead32 (GicRedistributorsBase + ARM_GICR_WAKER);
>> +  } while ((WakeR & (1 << 2)));
>> +
>> +  // Set PPIs to Non-secure Group 1 IRQ
>> +  MmioWrite32 (GicRedistributorsBase + ARM_GICR_SGI_PPI_FRAME_SIZE + ARM_GICR_IGROUPR0, 0xffff0000);
>> +
>> +  InterruptId = ArmGicV3AcknowledgeInterrupt();
>> +  MaxInterrupts = ArmGicGetMaxNumInterrupts (GicDistributorBase);
>> +
>> +  // Only try to clear valid interrupts. Ignore spurious interrupts.
>> +  while ((InterruptId & 0x3FF) < MaxInterrupts) {
>> +    // Some of the SGI's are still pending, read Ack register and send End of Interrupt Signal
>> +    ArmGicV3EndOfInterrupt (InterruptId);
>> +
>> +    // Next
>> +    InterruptId = ArmGicV3AcknowledgeInterrupt();
>> +  }
>> +
>> +  // Only the primary core should set the Non Secure bit to the SPIs (Shared Peripheral Interrupt).
>> +  if (ArmPlatformIsPrimaryCore (MpId)) {
>> +    // Ensure all GIC interrupts are Non-Secure
>> +    for (Index = 0; Index < (MaxInterrupts / 32); Index++) {
>> +      MmioWrite32 (GicDistributorBase + ARM_GIC_ICDISR + (Index * 4), 0xffffffff);
>> +    }
>> +  } else {
>> +    // The secondary cores only set the Non Secure bit to their banked PPIs
>> +    MmioWrite32 (GicDistributorBase + ARM_GIC_ICDISR, 0xffffffff);
>> +  }
>> +
>> +  // Ensure all interrupts can get through the priority mask
>> +  ArmGicV3SetPriorityMask (0xff);
>> +}
>> +
>> +//
>> +// Previously in ArmCpuLib:
>> +//
>> +
>> +VOID
>> +ArmCpuSetup (
>> +  IN  UINTN         MpId
>> +  )
>> +{
>> +  // Check if Architectural Timer frequency is valid number (should not be 0)
>> +  ASSERT (PcdGet32 (PcdArmArchTimerFreqInHz));
>> +  ASSERT (ArmIsArchTimerImplemented () != 0);
>> +
>> +  // Note: System Counter frequency can only be set in Secure privileged mode,
>> +  // if security extensions are implemented.
>> +  ArmGenericTimerSetTimerFreq (PcdGet32 (PcdArmArchTimerFreqInHz));
>> +
>> +  if (ArmIsMpCore ()) {
>> +    // Turn on SMP coherency
>> +    ArmSetCpuExCrBit (A5X_FEATURE_SMP);
>> +  }
>> +
>> +  //
>> +  // If CPU is CortexA57 r0p0 apply Errata workarounds
>> +  //
>> +  if ((ArmReadMidr () & ((ARM_CPU_TYPE_MASK << 4) | ARM_CPU_REV_MASK)) ==
>> +                         ((ARM_CPU_TYPE_A57 << 4) | ARM_CPU_REV(0,0))) {
>> +
>> +    // Errata 806969: DisableLoadStoreWB (1ULL << 49)
>> +    // Errata 813420: Execute Data Cache clean as Data Cache clean/invalidate  (ULL << 44)
>> +    // Errata 814670: disable DMB nullification (1ULL << 58)
>> +    ArmSetCpuActlrBit ( (1ULL << 49) | (1ULL << 44) | (1ULL << 58) );
>> +  }
>> +}
>> +
>> +VOID
>> +ArmCpuSetupSmpNonSecure (
>> +  IN  UINTN         MpId
>> +  )
>> +{
>> +}
>> +
>> +VOID
>> +EFIAPI
>> +ArmSetCpuExCrBit (
>> +  IN  UINT64    Bits
>> +  )
>> +{
>> +  UINT64 Value;
>> +  Value =  ArmReadCpuExCr ();
>> +  Value |= Bits;
>> +  ArmWriteCpuExCr (Value);
>> +}
>> +
>> +VOID
>> +EFIAPI
>> +ArmUnsetCpuExCrBit (
>> +  IN  UINT64    Bits
>> +  )
>> +{
>> +  UINT64 Value;
>> +  Value = ArmReadCpuExCr ();
>> +  Value &= ~Bits;
>> +  ArmWriteCpuExCr (Value);
>> +}
>> diff --git a/CadencePkg/Sec/Sec.inf b/CadencePkg/Sec/Sec.inf
>> new file mode 100644
>> index 0000000..cf32f34
>> --- /dev/null
>> +++ b/CadencePkg/Sec/Sec.inf
>> @@ -0,0 +1,85 @@
>> +#/** @file
>> +#  SEC - Reset vector code that jumps to C and starts the PEI phase
>> +#
>> +#  (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
>> +#  Copyright (c) 2011-2013, ARM Limited. All rights reserved.
>> +#  Copyright (c) 2017, Cadence Design Systems, Inc. All rights reserved.
>> +#
>> +#  This program and the accompanying materials
>> +#  are licensed and made available under the terms and conditions of the BSD License
>> +#  which accompanies this distribution.  The full text of the license may be found at
>> +#  http://opensource.org/licenses/bsd-license.php
>> +#
>> +#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
>> +#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
>> +#
>> +#**/
>> +
>> +[Defines]
>> +  INF_VERSION                    = 1.25
>> +  BASE_NAME                      = ArmPlatformSec
>> +  FILE_GUID                      = 424b4f2e-ec82-4c57-a188-253060be8a69
>> +  MODULE_TYPE                    = SEC
>> +  VERSION_STRING                 = 1.0
>> +
>> +[Sources]
>> +  Sec.c
>> +
>> +[Sources.AARCH64]
>> +  AArch64/Arch.c
>> +  AArch64/Helper.S
>> +  AArch64/SecEntryPoint.S
>> +  AArch64/ArmCortexA5xHelper.S | GCC
>> +
>> +[Packages]
>> +  MdePkg/MdePkg.dec
>> +  MdeModulePkg/MdeModulePkg.dec
>> +  ArmPkg/ArmPkg.dec
>> +  ArmPlatformPkg/ArmPlatformPkg.dec
>> +  CadencePkg/CadenceCspPkg.dec
>> +
>> +[LibraryClasses]
>> +  ArmLib
>> +  ArmGenericTimerCounterLib
>> +  ArmPlatformLib
>> +  ArmPlatformSecLib
>> +  ArmTrustedMonitorLib
>> +  BaseLib
>> +  DebugLib
>> +  DebugAgentLib
>> +  IoLib
>> +  ArmGicLib
>> +  PcdLib
>> +  PrintLib
>> +  SerialPortLib
>> +
>> +[Pcd]
>> +  gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString
>> +
>> +[FixedPcd.common]
>> +
>> +  gArmTokenSpaceGuid.PcdTrustzoneSupport
>> +  gArmTokenSpaceGuid.PcdVFPEnabled
>> +
>> +  gArmTokenSpaceGuid.PcdArmScr
>> +  gArmTokenSpaceGuid.PcdArmNonSecModeTransition
>> +  gArmTokenSpaceGuid.PcdArmArchTimerFreqInHz
>> +
>> +  gArmTokenSpaceGuid.PcdSecureFvBaseAddress
>> +  gArmTokenSpaceGuid.PcdSecureFvSize
>> +
>> +  gArmTokenSpaceGuid.PcdFvBaseAddress
>> +
>> +  gArmPlatformTokenSpaceGuid.PcdCPUCoresSecStackBase
>> +  gArmPlatformTokenSpaceGuid.PcdCPUCoreSecPrimaryStackSize
>> +  gArmPlatformTokenSpaceGuid.PcdCPUCoreSecSecondaryStackSize
>> +  gArmPlatformTokenSpaceGuid.PcdCPUCoresSecMonStackBase
>> +  gArmPlatformTokenSpaceGuid.PcdCPUCoreSecMonStackSize
>> +
>> +  gArmTokenSpaceGuid.PcdGicInterruptInterfaceBase
>> +  gArmTokenSpaceGuid.PcdGicDistributorBase
>> +  gArmTokenSpaceGuid.PcdGicRedistributorsBase
>> +
>> +[FixedPcd.ARM]
>> +  gArmTokenSpaceGuid.PcdArmNsacr
>> +
>> diff --git a/CadencePkg/Sec/SecInternal.h b/CadencePkg/Sec/SecInternal.h
>> new file mode 100644
>> index 0000000..221eb57
>> --- /dev/null
>> +++ b/CadencePkg/Sec/SecInternal.h
>> @@ -0,0 +1,105 @@
>> +/** @file
>> +*  Main file supporting the SEC Phase on ARM PLatforms
>> +*
>> +*  Copyright (c) 2011-2013, ARM Limited. All rights reserved.
>> +*
>> +*  This program and the accompanying materials
>> +*  are licensed and made available under the terms and conditions of the BSD License
>> +*  which accompanies this distribution.  The full text of the license may be found at
>> +*  http://opensource.org/licenses/bsd-license.php
>> +*
>> +*  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
>> +*  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
>> +*
>> +**/
>> +
>> +#ifndef __SEC_H__
>> +#define __SEC_H__
>> +
>> +#include <Base.h>
>> +#include <Library/ArmLib.h>
>> +#include <Library/ArmPlatformLib.h>
>> +#include <Library/ArmPlatformSecLib.h>
>> +#include <Library/BaseLib.h>
>> +#include <Library/DebugLib.h>
>> +#include <Library/PcdLib.h>
>> +
>> +#define IS_ALIGNED(Address, Align) (((UINTN)Address & (Align-1)) == 0)
>> +
>> +VOID
>> +TrustedWorldInitialization (
>> +  IN  UINTN                     MpId,
>> +  IN  UINTN                     SecBootMode
>> +  );
>> +
>> +VOID
>> +NonTrustedWorldTransition (
>> +  IN  UINTN                     MpId,
>> +  IN  UINTN                     JumpAddress
>> +  );
>> +
>> +VOID
>> +ArmGicV3SetupNonSecure (
>> +  IN  UINTN         MpId,
>> +  IN  INTN          GicDistributorBase,
>> +  IN  INTN          GicRedistributorsBase
>> +);
>> +
>> +VOID
>> +enter_monitor_mode (
>> +  IN UINTN                  MonitorEntryPoint,
>> +  IN UINTN                  MpId,
>> +  IN UINTN                  SecBootMode,
>> +  IN VOID*                  MonitorStackBase
>> +  );
>> +
>> +VOID
>> +return_from_exception (
>> +  IN UINTN                  NonSecureBase
>> +  );
>> +
>> +VOID
>> +copy_cpsr_into_spsr (
>> +  VOID
>> +  );
>> +
>> +VOID
>> +set_non_secure_mode (
>> +  IN ARM_PROCESSOR_MODE     Mode
>> +  );
>> +
>> +VOID
>> +SecCommonExceptionEntry (
>> +  IN UINT32 Entry,
>> +  IN UINTN  LR
>> +  );
>> +
>> +VOID
>> +EFIAPI
>> +ArmSecArchTrustzoneInit (
>> +  VOID
>> +  );
>> +
>> +VOID
>> +ArmCpuSetup (
>> +  IN  UINTN         MpId
>> +  );
>> +
>> +VOID
>> +ArmCpuSetupSmpNonSecure (
>> +  IN  UINTN         MpId
>> +  );
>> +
>> +VOID
>> +EFIAPI
>> +ArmSetCpuExCrBit (
>> +  IN  UINT64    Bits
>> +);
>> +
>> +VOID
>> +EFIAPI
>> +ArmUnsetCpuExCrBit (
>> +  IN  UINT64    Bits
>> +);
>> +
>> +#endif
>> --
>> 2.2.2
>>