From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-it0-x235.google.com (mail-it0-x235.google.com [IPv6:2607:f8b0:4001:c0b::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 7DC5421A16ED1 for ; Fri, 23 Jun 2017 11:42:18 -0700 (PDT) Received: by mail-it0-x235.google.com with SMTP id m62so12636373itc.0 for ; Fri, 23 Jun 2017 11:43:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=aBFtzwdClxslaKxB+wwXcepawgPVXE2Itg4zIc8Ah94=; b=hU4Q3sUhCzD/J5huJaPc9/4IyBptjk20zWKfQhFs/C29v6WdgwaHy9FWh71OEEKqTu xf9vU+wBG2c5dkgicxR+caH8b51jT3oloWVtBdSGxgpkVxmCstFOaILiSYf5K3XcteJY NArgVw54QvPzMkw++xMe7jh3VEhbTowMycOFw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=aBFtzwdClxslaKxB+wwXcepawgPVXE2Itg4zIc8Ah94=; b=eXyGWG7VUO85t/w+99J6g3/xp4q3DrsPZC1fdviWet8Ii2UtVOG9YL8TixM/Hhxj5t bL/jm3HxZt5Jb3bDZha3VAIWJrIIcGNAp4JxNTPABSClbhcYqUc6F/YcIP9kbNlWLauC DxDeg8o3icH+a8AtrwnfPbtnOWVx+moVjPqcjZc5cyflti3TJ1xv+hBE7CkyFWvjeMvd CzYjFAbnqbt6yL0p2p9kh8sa/VhbXbIRaTdLYcHGqyWB77zjvpt2mHg/8KsxQopdYkBb AzC5d7GB9WnnjGaW+CX2pVOJIIqbClvaoyJoxxH5+P7QzSFjWL6r2R43vUBrSsSt02R2 TuWA== X-Gm-Message-State: AKS2vOyyou83EQat3pbrVCC0GaBs4DaWakkyKUSb7UChNuSPJ+5n7yoe 2Ec65Sz2NY2im96B7tqStCgqd++cvC2i X-Received: by 10.36.9.144 with SMTP id 138mr8815449itm.98.1498243423434; Fri, 23 Jun 2017 11:43:43 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.134.134 with HTTP; Fri, 23 Jun 2017 11:43:42 -0700 (PDT) In-Reply-To: <20170622152154.GN26676@bivouac.eciton.net> References: <1498123921-4638-1-git-send-email-stelford@cadence.com> <1498123921-4638-5-git-send-email-stelford@cadence.com> <20170622152154.GN26676@bivouac.eciton.net> From: Ard Biesheuvel Date: Fri, 23 Jun 2017 18:43:42 +0000 Message-ID: To: Leif Lindholm Cc: Scott Telford , "edk2-devel@lists.01.org" , Graeme Gregory , "afish@apple.com" , "Kinney, Michael D" Subject: Re: [staging/cadence-aarch64 PATCH v3 4/6] CadencePkg: Add SEC phase implementation for Cadence CSP platform. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jun 2017 18:42:18 -0000 Content-Type: text/plain; charset="UTF-8" On 22 June 2017 at 15:21, Leif Lindholm wrote: > On Thu, Jun 22, 2017 at 10:31:59AM +0100, Scott Telford wrote: >> Add SEC phase implementation for Cadence CSP platform configured with >> a single Cortex-A53 processor and GIC-500. >> >> Based on ArmPlatformPkg/Sec, with required parts of >> ArmPkg/Drivers/ArmCpuLib/ArmCortexA5xLib integrated (both now deleted >> from edk2 master). >> >> Contributed-under: TianoCore Contribution Agreement 1.0 >> Signed-off-by: Scott Telford > > Reviewed-by: Leif Lindholm > Reviewed-by: Ard Biesheuvel >> --- >> CadencePkg/Sec/AArch64/Arch.c | 25 +++ >> CadencePkg/Sec/AArch64/ArmCortexA5xHelper.S | 27 +++ >> CadencePkg/Sec/AArch64/Helper.S | 93 ++++++++ >> CadencePkg/Sec/AArch64/SecEntryPoint.S | 139 ++++++++++++ >> CadencePkg/Sec/Sec.c | 335 ++++++++++++++++++++++++++++ >> CadencePkg/Sec/Sec.inf | 85 +++++++ >> CadencePkg/Sec/SecInternal.h | 105 +++++++++ >> 7 files changed, 809 insertions(+) >> create mode 100644 CadencePkg/Sec/AArch64/Arch.c >> create mode 100644 CadencePkg/Sec/AArch64/ArmCortexA5xHelper.S >> create mode 100644 CadencePkg/Sec/AArch64/Helper.S >> create mode 100644 CadencePkg/Sec/AArch64/SecEntryPoint.S >> create mode 100644 CadencePkg/Sec/Sec.c >> create mode 100644 CadencePkg/Sec/Sec.inf >> create mode 100644 CadencePkg/Sec/SecInternal.h >> >> diff --git a/CadencePkg/Sec/AArch64/Arch.c b/CadencePkg/Sec/AArch64/Arch.c >> new file mode 100644 >> index 0000000..6e7d58e >> --- /dev/null >> +++ b/CadencePkg/Sec/AArch64/Arch.c >> @@ -0,0 +1,25 @@ >> +/** @file >> +* >> +* Copyright (c) 2013, ARM Limited. All rights reserved. >> +* >> +* This program and the accompanying materials >> +* are licensed and made available under the terms and conditions of the BSD License >> +* which accompanies this distribution. The full text of the license may be found at >> +* http://opensource.org/licenses/bsd-license.php >> +* >> +* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >> +* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. >> +* >> +**/ >> + >> +#include >> + >> +VOID >> +EFIAPI >> +ArmSecArchTrustzoneInit ( >> + VOID >> + ) >> +{ >> + // Do not trap any access to Floating Point and Advanced SIMD in EL3. >> + ArmWriteCptr (0); >> +} >> diff --git a/CadencePkg/Sec/AArch64/ArmCortexA5xHelper.S b/CadencePkg/Sec/AArch64/ArmCortexA5xHelper.S >> new file mode 100644 >> index 0000000..531de63 >> --- /dev/null >> +++ b/CadencePkg/Sec/AArch64/ArmCortexA5xHelper.S >> @@ -0,0 +1,27 @@ >> +#------------------------------------------------------------------------------ >> +# >> +# Copyright (c) 2013 - 2014, ARM Limited. All rights reserved. >> +# >> +# This program and the accompanying materials >> +# are licensed and made available under the terms and conditions of the BSD Licese >> +# which accompanies this distribution. The full text of the license may be foun at >> +# http://opensource.org/licenses/bsd-license.php >> +# >> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. >> +# >> +#------------------------------------------------------------------------------ >> + >> +#include >> + >> +ASM_FUNC(ArmReadCpuExCr) >> + mrs x0, S3_1_c15_c2_1 >> + ret >> + >> +ASM_FUNC(ArmWriteCpuExCr) >> + msr S3_1_c15_c2_1, x0 >> + dsb sy >> + isb >> + ret >> + >> +ASM_FUNCTION_REMOVE_IF_UNREFERENCED >> diff --git a/CadencePkg/Sec/AArch64/Helper.S b/CadencePkg/Sec/AArch64/Helper.S >> new file mode 100644 >> index 0000000..3b58e12 >> --- /dev/null >> +++ b/CadencePkg/Sec/AArch64/Helper.S >> @@ -0,0 +1,93 @@ >> +#======================================================================================== >> +# Copyright (c) 2011-2014, ARM Limited. All rights reserved. >> +# >> +# This program and the accompanying materials >> +# are licensed and made available under the terms and conditions of the BSD License >> +# which accompanies this distribution. The full text of the license may be found at >> +# http:#opensource.org/licenses/bsd-license.php >> +# >> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. >> +# >> +#======================================================================================= >> + >> +#include >> +#include >> + >> +#start of the code section >> +.text >> +.align 3 >> + >> +GCC_ASM_EXPORT(SwitchToNSExceptionLevel1) >> +GCC_ASM_EXPORT(enter_monitor_mode) >> +GCC_ASM_EXPORT(return_from_exception) >> +GCC_ASM_EXPORT(copy_cpsr_into_spsr) >> +GCC_ASM_EXPORT(set_non_secure_mode) >> + >> +// Switch from EL3 to NS-EL1 >> +ASM_PFX(SwitchToNSExceptionLevel1): >> + // Now setup our EL1. Controlled by EL2 config on Model >> + mrs x0, hcr_el2 // Read EL2 Hypervisor configuration Register >> + orr x0, x0, #(1 << 31) // Set EL1 to be 64bit >> + >> + // Send all interrupts to their respective Exception levels for EL2 >> + and x0, x0, #~(ARM_HCR_FMO | ARM_HCR_IMO | ARM_HCR_AMO) // Disable virtual FIQ, IRQ, SError and Abort >> + msr hcr_el2, x0 // Write back our settings >> + >> + msr cptr_el2, xzr // Disable copro traps to EL2 >> + >> + msr sctlr_el2, xzr >> + >> + // Enable architected timer access >> + mrs x0, cnthctl_el2 >> + orr x0, x0, #3 // Enable EL1 access to timers >> + msr cnthctl_el2, x0 >> + >> + mrs x0, cntkctl_el1 >> + orr x0, x0, #3 // EL0 access to counters >> + msr cntkctl_el1, x0 >> + >> + // Set ID regs >> + mrs x0, midr_el1 >> + mrs x1, mpidr_el1 >> + msr vpidr_el2, x0 >> + msr vmpidr_el2, x1 >> + >> + ret >> + >> + >> +// EL3 on AArch64 is Secure/monitor so this funtion is reduced vs ARMv7 >> +// we don't need a mode switch, just setup the Arguments and jump. >> +// x0: Monitor World EntryPoint >> +// x1: MpId >> +// x2: SecBootMode >> +// x3: Secure Monitor mode stack >> +ASM_PFX(enter_monitor_mode): >> + mov x4, x0 // Swap EntryPoint and MpId registers >> + mov x0, x1 >> + mov x1, x2 >> + mov x2, x3 >> + br x4 >> + >> +// Put the address in correct ELR_ELx and do a eret. >> +// We may need to do some config before we change to another Mode. >> +ASM_PFX(return_from_exception): >> + msr elr_el3, x0 >> + eret >> + >> +// For AArch64 we need to construct the spsr we want from individual bits and pieces. >> +ASM_PFX(copy_cpsr_into_spsr): >> + mrs x0, CurrentEl // Get the current exception level we are running at. >> + mrs x1, SPSel // Which Stack are we using >> + orr x0, x0, x1 >> + mrs x1, daif // Which interrupts are enabled >> + orr x0, x0, x1 >> + msr spsr_el3, x0 // Write to spsr >> + ret >> + >> +// Get this from platform file. >> +ASM_PFX(set_non_secure_mode): >> + msr spsr_el3, x0 >> + ret >> + >> +ASM_FUNCTION_REMOVE_IF_UNREFERENCED >> diff --git a/CadencePkg/Sec/AArch64/SecEntryPoint.S b/CadencePkg/Sec/AArch64/SecEntryPoint.S >> new file mode 100644 >> index 0000000..06bea3c >> --- /dev/null >> +++ b/CadencePkg/Sec/AArch64/SecEntryPoint.S >> @@ -0,0 +1,139 @@ >> +// >> +// Copyright (c) 2011-2014, ARM Limited. All rights reserved. >> +// >> +// This program and the accompanying materials >> +// are licensed and made available under the terms and conditions of the BSD License >> +// which accompanies this distribution. The full text of the license may be found at >> +// http://opensource.org/licenses/bsd-license.php >> +// >> +// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >> +// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. >> +// >> +// >> + >> +#include >> +#include >> +#include "SecInternal.h" >> + >> +.text >> +.align 3 >> + >> +GCC_ASM_IMPORT(CEntryPoint) >> +GCC_ASM_IMPORT(ArmPlatformIsPrimaryCore) >> +GCC_ASM_IMPORT(ArmPlatformGetCorePosition) >> +GCC_ASM_IMPORT(ArmPlatformSecBootAction) >> +GCC_ASM_IMPORT(ArmPlatformSecBootMemoryInit) >> +GCC_ASM_IMPORT(ArmDisableInterrupts) >> +GCC_ASM_IMPORT(ArmDisableCachesAndMmu) >> +GCC_ASM_IMPORT(ArmReadMpidr) >> +GCC_ASM_IMPORT(ArmCallWFE) >> +GCC_ASM_EXPORT(_ModuleEntryPoint) >> + >> +StartupAddr: .8byte ASM_PFX(CEntryPoint) >> + >> +ASM_PFX(_ModuleEntryPoint): >> + >> +// NOTE: We could be booting from EL3, EL2 or EL1. Need to correctly detect >> +// and configure the system accordingly. EL2 is default if possible. >> +// If we started in EL3 we need to switch and run at EL2. >> +// If we are running at EL2 stay in EL2 >> +// If we are starting at EL1 stay in EL1. >> + >> +// Sec only runs in EL3. Othewise we jump to PEI without changing anything. >> +// If Sec runs we change to EL2 before switching to PEI. >> + >> +// Which EL are we running at? Every EL needs some level of setup... >> + EL1_OR_EL2_OR_EL3(x0) >> +1:// If we are at EL1 or EL2 leave SEC for PEI. >> +2:b ASM_PFX(JumpToPEI) >> + // If we are at EL3 we need to configure it and switch to EL2 >> +3:b ASM_PFX(MainEntryPoint) >> + >> +ASM_PFX(MainEntryPoint): >> + // First ensure all interrupts are disabled >> + bl ASM_PFX(ArmDisableInterrupts) >> + >> + // Ensure that the MMU and caches are off >> + bl ASM_PFX(ArmDisableCachesAndMmu) >> + >> + // By default, we are doing a cold boot >> + mov x10, #ARM_SEC_COLD_BOOT >> + >> + // Jump to Platform Specific Boot Action function >> + bl ASM_PFX(ArmPlatformSecBootAction) >> + >> +_IdentifyCpu: >> + // Identify CPU ID >> + bl ASM_PFX(ArmReadMpidr) >> + // Keep a copy of the MpId register value >> + mov x5, x0 >> + >> + // Is it the Primary Core ? >> + bl ASM_PFX(ArmPlatformIsPrimaryCore) >> + cmp x0, #1 >> + // Only the primary core initialize the memory (SMC) >> + b.eq _InitMem >> + >> +_WaitInitMem: >> + // If we are not doing a cold boot in this case we should assume the Initial Memory to be already initialized >> + // Otherwise we have to wait the Primary Core to finish the initialization >> + cmp x10, #ARM_SEC_COLD_BOOT >> + b.ne _SetupSecondaryCoreStack >> + >> + // Wait for the primary core to initialize the initial memory (event: BOOT_MEM_INIT) >> + bl ASM_PFX(ArmCallWFE) >> + // Now the Init Mem is initialized, we setup the secondary core stacks >> + b _SetupSecondaryCoreStack >> + >> +_InitMem: >> + // If we are not doing a cold boot in this case we should assume the Initial Memory to be already initialized >> + cmp x10, #ARM_SEC_COLD_BOOT >> + b.ne _SetupPrimaryCoreStack >> + >> + // Initialize Init Boot Memory >> + bl ASM_PFX(ArmPlatformSecBootMemoryInit) >> + >> +_SetupPrimaryCoreStack: >> + // Get the top of the primary stacks (and the base of the secondary stacks) >> + MOV32 (x1, FixedPcdGet32(PcdCPUCoresSecStackBase)) >> + MOV32 (x2, FixedPcdGet32(PcdCPUCoreSecPrimaryStackSize)) >> + add x1, x1, x2 >> + >> + mov sp, x1 >> + b _PrepareArguments >> + >> +_SetupSecondaryCoreStack: >> + // Get the top of the primary stacks (and the base of the secondary stacks) >> + MOV32 (x1, FixedPcdGet32(PcdCPUCoresSecStackBase)) >> + MOV32 (x2, FixedPcdGet32(PcdCPUCoreSecPrimaryStackSize)) >> + add x6, x1, x2 >> + >> + // Get the Core Position >> + mov x0, x5 >> + bl ASM_PFX(ArmPlatformGetCorePosition) >> + // The stack starts at the top of the stack region. Add '1' to the Core Position to get the top of the stack >> + add x0, x0, #1 >> + >> + // StackOffset = CorePos * StackSize >> + MOV32 (x2, FixedPcdGet32(PcdCPUCoreSecSecondaryStackSize)) >> + mul x0, x0, x2 >> + // SP = StackBase + StackOffset >> + add sp, x6, x0 >> + >> +_PrepareArguments: >> + // Move sec startup address into a data register >> + // Ensure we're jumping to FV version of the code (not boot remapped alias) >> + ldr x3, StartupAddr >> + >> + // Jump to SEC C code >> + // r0 = mp_id >> + // r1 = Boot Mode >> + mov x0, x5 >> + mov x1, x10 >> + blr x3 >> + >> + ret >> + >> +ASM_PFX(JumpToPEI): >> + MOV32 (x0, FixedPcdGet32(PcdFvBaseAddress)) >> + blr x0 >> diff --git a/CadencePkg/Sec/Sec.c b/CadencePkg/Sec/Sec.c >> new file mode 100644 >> index 0000000..5b0244e >> --- /dev/null >> +++ b/CadencePkg/Sec/Sec.c >> @@ -0,0 +1,335 @@ >> +/** @file >> +* Main file supporting the SEC Phase on ARM Platforms >> +* >> +* Copyright (c) 2011-2014, ARM Limited. All rights reserved. >> +* Copyright (c) 2017, Cadence Design Systems, Inc. All rights reserved. >> +* >> +* This program and the accompanying materials >> +* are licensed and made available under the terms and conditions of the BSD License >> +* which accompanies this distribution. The full text of the license may be found at >> +* http://opensource.org/licenses/bsd-license.php >> +* >> +* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >> +* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. >> +* >> +**/ >> + >> +#include >> +#include >> +#include >> +#include >> +#include >> +#include >> +#include >> +#include >> +#include >> +#include >> + >> +#include "SecInternal.h" >> + >> +#define SerialPrint(txt) SerialPortWrite ((UINT8*)txt, AsciiStrLen(txt)+1); >> + >> +#define ARM_GICR_WAKER 0x0014 // GIC Redistributor Wake Register >> +#define ARM_GICR_IGROUPR0 0x0080 // GIC Redistributor Int Group Reg 0 >> +#define ARM_GICR_IGRPMODR0 0x0d00 // GIC Redistributor Int Group Mod Reg 0 >> +#define ARM_GICR_ICFGR1 0x0c04 // GIC Redistributor Int Config Reg 0 >> + >> + >> +VOID >> +CEntryPoint ( >> + IN UINTN MpId, >> + IN UINTN SecBootMode >> + ) >> +{ >> + CHAR8 Buffer[100]; >> + UINTN CharCount; >> + UINTN JumpAddress; >> + >> + // Invalidate the data cache. Doesn't have to do the Data cache clean. >> + ArmInvalidateDataCache (); >> + >> + // Invalidate Instruction Cache >> + ArmInvalidateInstructionCache (); >> + >> + // Invalidate I & D TLBs >> + ArmInvalidateTlb (); >> + >> + // CPU specific settings >> + ArmCpuSetup (MpId); >> + >> + // Enable Floating Point Coprocessor if supported by the platform >> + if (FixedPcdGet32 (PcdVFPEnabled)) { >> + ArmEnableVFP (); >> + } >> + >> + // Initialize peripherals that must be done at the early stage >> + // Example: Some L2 controller, interconnect, clock, DMC, etc >> + ArmPlatformSecInitialize (MpId); >> + >> + // Primary CPU clears out the SCU tag RAMs, secondaries wait >> + if (ArmPlatformIsPrimaryCore (MpId) && (SecBootMode == ARM_SEC_COLD_BOOT)) { >> + if (ArmIsMpCore()) { >> + // Signal for the initial memory is configured (event: BOOT_MEM_INIT) >> + ArmCallSEV (); >> + } >> + >> + // SEC phase needs to run library constructors by hand. This assumes we are linked against the SerialLib >> + // In non SEC modules the init call is in autogenerated code. >> + SerialPortInitialize (); >> + >> + // Start talking >> + if (FixedPcdGetBool (PcdTrustzoneSupport)) { >> + CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Secure firmware (version %s built at %a on %a)\n\r", >> + (CHAR16*)PcdGetPtr(PcdFirmwareVersionString), __TIME__, __DATE__); >> + } else { >> + CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Boot firmware (version %s built at %a on %a)\n\r", >> + (CHAR16*)PcdGetPtr(PcdFirmwareVersionString), __TIME__, __DATE__); >> + } >> + SerialPortWrite ((UINT8 *) Buffer, CharCount); >> + >> + // Initialize the Debug Agent for Source Level Debugging >> + InitializeDebugAgent (DEBUG_AGENT_INIT_PREMEM_SEC, NULL, NULL); >> + SaveAndSetDebugTimerInterrupt (TRUE); >> + >> + // Enable the GIC distributor and CPU Interface >> + // - no other Interrupts are enabled, doesn't have to worry about the priority. >> + // - all the cores are in secure state, use secure SGI's >> + ArmGicEnableDistributor (PcdGet64(PcdGicDistributorBase)); >> + ArmGicEnableInterruptInterface (PcdGet64(PcdGicInterruptInterfaceBase)); >> + } else { >> + // Enable the GIC CPU Interface >> + ArmGicEnableInterruptInterface (PcdGet64(PcdGicInterruptInterfaceBase)); >> + } >> + >> + // Enable Full Access to CoProcessors >> + ArmWriteCpacr (CPACR_CP_FULL_ACCESS); >> + >> + // Test if Trustzone is supported on this platform >> + if (FixedPcdGetBool (PcdTrustzoneSupport)) { >> + if (ArmIsMpCore ()) { >> + // Setup SMP in Non Secure world >> + ArmCpuSetupSmpNonSecure (GET_CORE_ID(MpId)); >> + } >> + >> + // Either we use the Secure Stacks for Secure Monitor (in this case (Base == 0) && (Size == 0)) >> + // Or we use separate Secure Monitor stacks (but (Base != 0) && (Size != 0)) >> + ASSERT (((PcdGet64(PcdCPUCoresSecMonStackBase) == 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) == 0)) || >> + ((PcdGet64(PcdCPUCoresSecMonStackBase) != 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) != 0))); >> + >> + // Enter Monitor Mode >> + enter_monitor_mode ( >> + (UINTN)TrustedWorldInitialization, MpId, SecBootMode, >> + (VOID*) (PcdGet64 (PcdCPUCoresSecMonStackBase) + >> + (PcdGet32 (PcdCPUCoreSecMonStackSize) * (ArmPlatformGetCorePosition (MpId) + 1))) >> + ); >> + } else { >> + if (ArmPlatformIsPrimaryCore (MpId)) { >> + SerialPrint ("Trust Zone Configuration is disabled\n\r"); >> + } >> + >> + // With Trustzone support the transition from Sec to Normal world is done by return_from_exception(). >> + // If we want to keep this function call we need to ensure the SVC's SPSR point to the same Program >> + // Status Register as the the current one (CPSR). >> + copy_cpsr_into_spsr (); >> + >> + // Call the Platform specific function to execute additional actions if required >> + JumpAddress = PcdGet64 (PcdFvBaseAddress); >> + >> + ArmPlatformSecExtraAction (MpId, &JumpAddress); >> + >> + NonTrustedWorldTransition (MpId, JumpAddress); >> + } >> + ASSERT (0); // We must never return from the above function >> +} >> + >> +VOID >> +TrustedWorldInitialization ( >> + IN UINTN MpId, >> + IN UINTN SecBootMode >> + ) >> +{ >> + UINTN JumpAddress; >> + >> + //-------------------- Monitor Mode --------------------- >> + >> + // Set up Monitor World (Vector Table, etc) >> + ArmSecureMonitorWorldInitialize (); >> + >> + // Transfer the interrupt to Non-secure World >> + ArmGicV3SetupNonSecure (MpId, PcdGet64(PcdGicDistributorBase), PcdGet64(PcdGicRedistributorsBase)); >> + >> + // Initialize platform specific security policy >> + ArmPlatformSecTrustzoneInit (MpId); >> + >> + // Setup the Trustzone Chipsets >> + if (SecBootMode == ARM_SEC_COLD_BOOT) { >> + if (ArmPlatformIsPrimaryCore (MpId)) { >> + if (ArmIsMpCore()) { >> + // Signal the secondary core the Security settings is done (event: EVENT_SECURE_INIT) >> + ArmCallSEV (); >> + } >> + } else { >> + // The secondary cores need to wait until the Trustzone chipsets configuration is done >> + // before switching to Non Secure World >> + >> + // Wait for the Primary Core to finish the initialization of the Secure World (event: EVENT_SECURE_INIT) >> + ArmCallWFE (); >> + } >> + } >> + >> + // Call the Platform specific function to execute additional actions if required >> + JumpAddress = PcdGet64 (PcdFvBaseAddress); >> + >> + ArmPlatformSecExtraAction (MpId, &JumpAddress); >> + >> + // Initialize architecture specific security policy >> + ArmSecArchTrustzoneInit (); >> + >> + // CP15 Secure Configuration Register >> + ArmWriteScr (PcdGet32 (PcdArmScr)); >> + >> + NonTrustedWorldTransition (MpId, JumpAddress); >> +} >> + >> +VOID >> +NonTrustedWorldTransition ( >> + IN UINTN MpId, >> + IN UINTN JumpAddress >> + ) >> +{ >> + // If PcdArmNonSecModeTransition is defined then set this specific mode to CPSR before the transition >> + // By not set, the mode for Non Secure World is SVC >> + if (PcdGet32 (PcdArmNonSecModeTransition) != 0) { >> + set_non_secure_mode ((ARM_PROCESSOR_MODE)PcdGet32 (PcdArmNonSecModeTransition)); >> + } >> + >> + return_from_exception (JumpAddress); >> + //-------------------- Non Secure Mode --------------------- >> + >> + // PEI Core should always load and never return >> + ASSERT (FALSE); >> +} >> + >> +/* >> + * This function configures the all interrupts to be Non-secure. >> + * >> + */ >> +VOID >> +EFIAPI >> +ArmGicV3SetupNonSecure ( >> + IN UINTN MpId, >> + IN INTN GicDistributorBase, >> + IN INTN GicRedistributorsBase >> + ) >> +{ >> + UINTN InterruptId; >> + UINTN Index; >> + UINTN MaxInterrupts; >> + UINT32 WakeR; >> + >> + // Set priority Mask so that no interrupts get through to CPU >> + ArmGicV3SetPriorityMask (0); >> + >> + // Clear ProcessorSleep bit in GICR_WAKER and wait for ChildrenAsleep to clear >> + WakeR = MmioRead32 (GicRedistributorsBase + ARM_GICR_WAKER); >> + WakeR &= ~(1 << 1); >> + MmioWrite32 (GicRedistributorsBase + ARM_GICR_WAKER, WakeR); >> + do { >> + WakeR = MmioRead32 (GicRedistributorsBase + ARM_GICR_WAKER); >> + } while ((WakeR & (1 << 2))); >> + >> + // Set PPIs to Non-secure Group 1 IRQ >> + MmioWrite32 (GicRedistributorsBase + ARM_GICR_SGI_PPI_FRAME_SIZE + ARM_GICR_IGROUPR0, 0xffff0000); >> + >> + InterruptId = ArmGicV3AcknowledgeInterrupt(); >> + MaxInterrupts = ArmGicGetMaxNumInterrupts (GicDistributorBase); >> + >> + // Only try to clear valid interrupts. Ignore spurious interrupts. >> + while ((InterruptId & 0x3FF) < MaxInterrupts) { >> + // Some of the SGI's are still pending, read Ack register and send End of Interrupt Signal >> + ArmGicV3EndOfInterrupt (InterruptId); >> + >> + // Next >> + InterruptId = ArmGicV3AcknowledgeInterrupt(); >> + } >> + >> + // Only the primary core should set the Non Secure bit to the SPIs (Shared Peripheral Interrupt). >> + if (ArmPlatformIsPrimaryCore (MpId)) { >> + // Ensure all GIC interrupts are Non-Secure >> + for (Index = 0; Index < (MaxInterrupts / 32); Index++) { >> + MmioWrite32 (GicDistributorBase + ARM_GIC_ICDISR + (Index * 4), 0xffffffff); >> + } >> + } else { >> + // The secondary cores only set the Non Secure bit to their banked PPIs >> + MmioWrite32 (GicDistributorBase + ARM_GIC_ICDISR, 0xffffffff); >> + } >> + >> + // Ensure all interrupts can get through the priority mask >> + ArmGicV3SetPriorityMask (0xff); >> +} >> + >> +// >> +// Previously in ArmCpuLib: >> +// >> + >> +VOID >> +ArmCpuSetup ( >> + IN UINTN MpId >> + ) >> +{ >> + // Check if Architectural Timer frequency is valid number (should not be 0) >> + ASSERT (PcdGet32 (PcdArmArchTimerFreqInHz)); >> + ASSERT (ArmIsArchTimerImplemented () != 0); >> + >> + // Note: System Counter frequency can only be set in Secure privileged mode, >> + // if security extensions are implemented. >> + ArmGenericTimerSetTimerFreq (PcdGet32 (PcdArmArchTimerFreqInHz)); >> + >> + if (ArmIsMpCore ()) { >> + // Turn on SMP coherency >> + ArmSetCpuExCrBit (A5X_FEATURE_SMP); >> + } >> + >> + // >> + // If CPU is CortexA57 r0p0 apply Errata workarounds >> + // >> + if ((ArmReadMidr () & ((ARM_CPU_TYPE_MASK << 4) | ARM_CPU_REV_MASK)) == >> + ((ARM_CPU_TYPE_A57 << 4) | ARM_CPU_REV(0,0))) { >> + >> + // Errata 806969: DisableLoadStoreWB (1ULL << 49) >> + // Errata 813420: Execute Data Cache clean as Data Cache clean/invalidate (ULL << 44) >> + // Errata 814670: disable DMB nullification (1ULL << 58) >> + ArmSetCpuActlrBit ( (1ULL << 49) | (1ULL << 44) | (1ULL << 58) ); >> + } >> +} >> + >> +VOID >> +ArmCpuSetupSmpNonSecure ( >> + IN UINTN MpId >> + ) >> +{ >> +} >> + >> +VOID >> +EFIAPI >> +ArmSetCpuExCrBit ( >> + IN UINT64 Bits >> + ) >> +{ >> + UINT64 Value; >> + Value = ArmReadCpuExCr (); >> + Value |= Bits; >> + ArmWriteCpuExCr (Value); >> +} >> + >> +VOID >> +EFIAPI >> +ArmUnsetCpuExCrBit ( >> + IN UINT64 Bits >> + ) >> +{ >> + UINT64 Value; >> + Value = ArmReadCpuExCr (); >> + Value &= ~Bits; >> + ArmWriteCpuExCr (Value); >> +} >> diff --git a/CadencePkg/Sec/Sec.inf b/CadencePkg/Sec/Sec.inf >> new file mode 100644 >> index 0000000..cf32f34 >> --- /dev/null >> +++ b/CadencePkg/Sec/Sec.inf >> @@ -0,0 +1,85 @@ >> +#/** @file >> +# SEC - Reset vector code that jumps to C and starts the PEI phase >> +# >> +# (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
>> +# Copyright (c) 2011-2013, ARM Limited. All rights reserved. >> +# Copyright (c) 2017, Cadence Design Systems, Inc. All rights reserved. >> +# >> +# This program and the accompanying materials >> +# are licensed and made available under the terms and conditions of the BSD License >> +# which accompanies this distribution. The full text of the license may be found at >> +# http://opensource.org/licenses/bsd-license.php >> +# >> +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >> +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. >> +# >> +#**/ >> + >> +[Defines] >> + INF_VERSION = 1.25 >> + BASE_NAME = ArmPlatformSec >> + FILE_GUID = 424b4f2e-ec82-4c57-a188-253060be8a69 >> + MODULE_TYPE = SEC >> + VERSION_STRING = 1.0 >> + >> +[Sources] >> + Sec.c >> + >> +[Sources.AARCH64] >> + AArch64/Arch.c >> + AArch64/Helper.S >> + AArch64/SecEntryPoint.S >> + AArch64/ArmCortexA5xHelper.S | GCC >> + >> +[Packages] >> + MdePkg/MdePkg.dec >> + MdeModulePkg/MdeModulePkg.dec >> + ArmPkg/ArmPkg.dec >> + ArmPlatformPkg/ArmPlatformPkg.dec >> + CadencePkg/CadenceCspPkg.dec >> + >> +[LibraryClasses] >> + ArmLib >> + ArmGenericTimerCounterLib >> + ArmPlatformLib >> + ArmPlatformSecLib >> + ArmTrustedMonitorLib >> + BaseLib >> + DebugLib >> + DebugAgentLib >> + IoLib >> + ArmGicLib >> + PcdLib >> + PrintLib >> + SerialPortLib >> + >> +[Pcd] >> + gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString >> + >> +[FixedPcd.common] >> + >> + gArmTokenSpaceGuid.PcdTrustzoneSupport >> + gArmTokenSpaceGuid.PcdVFPEnabled >> + >> + gArmTokenSpaceGuid.PcdArmScr >> + gArmTokenSpaceGuid.PcdArmNonSecModeTransition >> + gArmTokenSpaceGuid.PcdArmArchTimerFreqInHz >> + >> + gArmTokenSpaceGuid.PcdSecureFvBaseAddress >> + gArmTokenSpaceGuid.PcdSecureFvSize >> + >> + gArmTokenSpaceGuid.PcdFvBaseAddress >> + >> + gArmPlatformTokenSpaceGuid.PcdCPUCoresSecStackBase >> + gArmPlatformTokenSpaceGuid.PcdCPUCoreSecPrimaryStackSize >> + gArmPlatformTokenSpaceGuid.PcdCPUCoreSecSecondaryStackSize >> + gArmPlatformTokenSpaceGuid.PcdCPUCoresSecMonStackBase >> + gArmPlatformTokenSpaceGuid.PcdCPUCoreSecMonStackSize >> + >> + gArmTokenSpaceGuid.PcdGicInterruptInterfaceBase >> + gArmTokenSpaceGuid.PcdGicDistributorBase >> + gArmTokenSpaceGuid.PcdGicRedistributorsBase >> + >> +[FixedPcd.ARM] >> + gArmTokenSpaceGuid.PcdArmNsacr >> + >> diff --git a/CadencePkg/Sec/SecInternal.h b/CadencePkg/Sec/SecInternal.h >> new file mode 100644 >> index 0000000..221eb57 >> --- /dev/null >> +++ b/CadencePkg/Sec/SecInternal.h >> @@ -0,0 +1,105 @@ >> +/** @file >> +* Main file supporting the SEC Phase on ARM PLatforms >> +* >> +* Copyright (c) 2011-2013, ARM Limited. All rights reserved. >> +* >> +* This program and the accompanying materials >> +* are licensed and made available under the terms and conditions of the BSD License >> +* which accompanies this distribution. The full text of the license may be found at >> +* http://opensource.org/licenses/bsd-license.php >> +* >> +* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, >> +* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. >> +* >> +**/ >> + >> +#ifndef __SEC_H__ >> +#define __SEC_H__ >> + >> +#include >> +#include >> +#include >> +#include >> +#include >> +#include >> +#include >> + >> +#define IS_ALIGNED(Address, Align) (((UINTN)Address & (Align-1)) == 0) >> + >> +VOID >> +TrustedWorldInitialization ( >> + IN UINTN MpId, >> + IN UINTN SecBootMode >> + ); >> + >> +VOID >> +NonTrustedWorldTransition ( >> + IN UINTN MpId, >> + IN UINTN JumpAddress >> + ); >> + >> +VOID >> +ArmGicV3SetupNonSecure ( >> + IN UINTN MpId, >> + IN INTN GicDistributorBase, >> + IN INTN GicRedistributorsBase >> +); >> + >> +VOID >> +enter_monitor_mode ( >> + IN UINTN MonitorEntryPoint, >> + IN UINTN MpId, >> + IN UINTN SecBootMode, >> + IN VOID* MonitorStackBase >> + ); >> + >> +VOID >> +return_from_exception ( >> + IN UINTN NonSecureBase >> + ); >> + >> +VOID >> +copy_cpsr_into_spsr ( >> + VOID >> + ); >> + >> +VOID >> +set_non_secure_mode ( >> + IN ARM_PROCESSOR_MODE Mode >> + ); >> + >> +VOID >> +SecCommonExceptionEntry ( >> + IN UINT32 Entry, >> + IN UINTN LR >> + ); >> + >> +VOID >> +EFIAPI >> +ArmSecArchTrustzoneInit ( >> + VOID >> + ); >> + >> +VOID >> +ArmCpuSetup ( >> + IN UINTN MpId >> + ); >> + >> +VOID >> +ArmCpuSetupSmpNonSecure ( >> + IN UINTN MpId >> + ); >> + >> +VOID >> +EFIAPI >> +ArmSetCpuExCrBit ( >> + IN UINT64 Bits >> +); >> + >> +VOID >> +EFIAPI >> +ArmUnsetCpuExCrBit ( >> + IN UINT64 Bits >> +); >> + >> +#endif >> -- >> 2.2.2 >>