arm_bl31_setup.c 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573
  1. /*
  2. * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
  3. *
  4. * SPDX-License-Identifier: BSD-3-Clause
  5. */
  6. #include <assert.h>
  7. #include <arch.h>
  8. #include <arch_features.h>
  9. #include <arch_helpers.h>
  10. #include <common/bl_common.h>
  11. #include <common/debug.h>
  12. #include <drivers/console.h>
  13. #include <lib/debugfs.h>
  14. #include <lib/extensions/ras.h>
  15. #include <lib/fconf/fconf.h>
  16. #include <lib/gpt_rme/gpt_rme.h>
  17. #include <lib/mmio.h>
  18. #if TRANSFER_LIST
  19. #include <lib/transfer_list.h>
  20. #endif
  21. #include <lib/xlat_tables/xlat_tables_compat.h>
  22. #include <plat/arm/common/plat_arm.h>
  23. #include <plat/common/platform.h>
  24. #include <platform_def.h>
  25. struct transfer_list_header *secure_tl;
  26. struct transfer_list_header *ns_tl __unused;
  27. /*
  28. * Placeholder variables for copying the arguments that have been passed to
  29. * BL31 from BL2.
  30. */
  31. static entry_point_info_t bl32_image_ep_info;
  32. static entry_point_info_t bl33_image_ep_info;
  33. #if ENABLE_RME
  34. static entry_point_info_t rmm_image_ep_info;
  35. #endif
  36. #if !RESET_TO_BL31
  37. /*
  38. * Check that BL31_BASE is above ARM_FW_CONFIG_LIMIT. The reserved page
  39. * is required for SOC_FW_CONFIG/TOS_FW_CONFIG passed from BL2.
  40. */
  41. #if TRANSFER_LIST
  42. CASSERT(BL31_BASE >= PLAT_ARM_EL3_FW_HANDOFF_LIMIT, assert_bl31_base_overflows);
  43. #else
  44. CASSERT(BL31_BASE >= ARM_FW_CONFIG_LIMIT, assert_bl31_base_overflows);
  45. #endif /* TRANSFER_LIST */
  46. #endif /* RESET_TO_BL31 */
  47. /* Weak definitions may be overridden in specific ARM standard platform */
  48. #pragma weak bl31_early_platform_setup2
  49. #pragma weak bl31_platform_setup
  50. #pragma weak bl31_plat_arch_setup
  51. #pragma weak bl31_plat_get_next_image_ep_info
  52. #pragma weak bl31_plat_runtime_setup
  53. #define MAP_BL31_TOTAL MAP_REGION_FLAT( \
  54. BL31_START, \
  55. BL31_END - BL31_START, \
  56. MT_MEMORY | MT_RW | EL3_PAS)
  57. #if RECLAIM_INIT_CODE
  58. IMPORT_SYM(unsigned long, __INIT_CODE_START__, BL_INIT_CODE_BASE);
  59. IMPORT_SYM(unsigned long, __INIT_CODE_END__, BL_CODE_END_UNALIGNED);
  60. IMPORT_SYM(unsigned long, __STACKS_END__, BL_STACKS_END_UNALIGNED);
  61. #define BL_INIT_CODE_END ((BL_CODE_END_UNALIGNED + PAGE_SIZE - 1) & \
  62. ~(PAGE_SIZE - 1))
  63. #define BL_STACKS_END ((BL_STACKS_END_UNALIGNED + PAGE_SIZE - 1) & \
  64. ~(PAGE_SIZE - 1))
  65. #define MAP_BL_INIT_CODE MAP_REGION_FLAT( \
  66. BL_INIT_CODE_BASE, \
  67. BL_INIT_CODE_END \
  68. - BL_INIT_CODE_BASE, \
  69. MT_CODE | EL3_PAS)
  70. #endif
  71. #if SEPARATE_NOBITS_REGION
  72. #define MAP_BL31_NOBITS MAP_REGION_FLAT( \
  73. BL31_NOBITS_BASE, \
  74. BL31_NOBITS_LIMIT \
  75. - BL31_NOBITS_BASE, \
  76. MT_MEMORY | MT_RW | EL3_PAS)
  77. #endif
  78. /*******************************************************************************
  79. * Return a pointer to the 'entry_point_info' structure of the next image for the
  80. * security state specified. BL33 corresponds to the non-secure image type
  81. * while BL32 corresponds to the secure image type. A NULL pointer is returned
  82. * if the image does not exist.
  83. ******************************************************************************/
  84. struct entry_point_info *bl31_plat_get_next_image_ep_info(uint32_t type)
  85. {
  86. entry_point_info_t *next_image_info;
  87. assert(sec_state_is_valid(type));
  88. if (type == NON_SECURE) {
  89. #if TRANSFER_LIST && !RESET_TO_BL31
  90. next_image_info = transfer_list_set_handoff_args(
  91. ns_tl, &bl33_image_ep_info);
  92. #else
  93. next_image_info = &bl33_image_ep_info;
  94. #endif
  95. }
  96. #if ENABLE_RME
  97. else if (type == REALM) {
  98. next_image_info = &rmm_image_ep_info;
  99. }
  100. #endif
  101. else {
  102. next_image_info = &bl32_image_ep_info;
  103. }
  104. /*
  105. * None of the images on the ARM development platforms can have 0x0
  106. * as the entrypoint
  107. */
  108. if (next_image_info->pc)
  109. return next_image_info;
  110. else
  111. return NULL;
  112. }
  113. /*******************************************************************************
  114. * Perform any BL31 early platform setup common to ARM standard platforms.
  115. * Here is an opportunity to copy parameters passed by the calling EL (S-EL1
  116. * in BL2 & EL3 in BL1) before they are lost (potentially). This needs to be
  117. * done before the MMU is initialized so that the memory layout can be used
  118. * while creating page tables. BL2 has flushed this information to memory, so
  119. * we are guaranteed to pick up good data.
  120. ******************************************************************************/
  121. #if TRANSFER_LIST
  122. void __init arm_bl31_early_platform_setup(u_register_t arg0, u_register_t arg1,
  123. u_register_t arg2, u_register_t arg3)
  124. {
  125. #if RESET_TO_BL31
  126. /* Populate entry point information for BL33 */
  127. SET_PARAM_HEAD(&bl33_image_ep_info, PARAM_EP, VERSION_1, 0);
  128. /*
  129. * Tell BL31 where the non-trusted software image
  130. * is located and the entry state information
  131. */
  132. bl33_image_ep_info.pc = plat_get_ns_image_entrypoint();
  133. bl33_image_ep_info.spsr = arm_get_spsr_for_bl33_entry();
  134. SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE);
  135. bl33_image_ep_info.args.arg0 = PLAT_ARM_TRANSFER_LIST_DTB_OFFSET;
  136. bl33_image_ep_info.args.arg1 =
  137. TRANSFER_LIST_HANDOFF_X1_VALUE(REGISTER_CONVENTION_VERSION);
  138. bl33_image_ep_info.args.arg3 = FW_NS_HANDOFF_BASE;
  139. #else
  140. struct transfer_list_entry *te = NULL;
  141. struct entry_point_info *ep;
  142. secure_tl = (struct transfer_list_header *)arg3;
  143. /*
  144. * Populate the global entry point structures used to execute subsequent
  145. * images.
  146. */
  147. while ((te = transfer_list_next(secure_tl, te)) != NULL) {
  148. ep = transfer_list_entry_data(te);
  149. if (te->tag_id == TL_TAG_EXEC_EP_INFO64) {
  150. switch (GET_SECURITY_STATE(ep->h.attr)) {
  151. case NON_SECURE:
  152. bl33_image_ep_info = *ep;
  153. break;
  154. #if ENABLE_RME
  155. case REALM:
  156. rmm_image_ep_info = *ep;
  157. break;
  158. #endif
  159. case SECURE:
  160. bl32_image_ep_info = *ep;
  161. break;
  162. default:
  163. ERROR("Unrecognized Image Security State %lu\n",
  164. GET_SECURITY_STATE(ep->h.attr));
  165. panic();
  166. }
  167. }
  168. }
  169. #endif /* RESET_TO_BL31 */
  170. }
  171. #else
  172. void __init arm_bl31_early_platform_setup(void *from_bl2, uintptr_t soc_fw_config,
  173. uintptr_t hw_config, void *plat_params_from_bl2)
  174. {
  175. /* Initialize the console to provide early debug support */
  176. arm_console_boot_init();
  177. #if RESET_TO_BL31
  178. /* There are no parameters from BL2 if BL31 is a reset vector */
  179. assert(from_bl2 == NULL);
  180. assert(plat_params_from_bl2 == NULL);
  181. # ifdef BL32_BASE
  182. /* Populate entry point information for BL32 */
  183. SET_PARAM_HEAD(&bl32_image_ep_info,
  184. PARAM_EP,
  185. VERSION_1,
  186. 0);
  187. SET_SECURITY_STATE(bl32_image_ep_info.h.attr, SECURE);
  188. bl32_image_ep_info.pc = BL32_BASE;
  189. bl32_image_ep_info.spsr = arm_get_spsr_for_bl32_entry();
  190. #if defined(SPD_spmd)
  191. /* SPM (hafnium in secure world) expects SPM Core manifest base address
  192. * in x0, which in !RESET_TO_BL31 case loaded after base of non shared
  193. * SRAM(after 4KB offset of SRAM). But in RESET_TO_BL31 case all non
  194. * shared SRAM is allocated to BL31, so to avoid overwriting of manifest
  195. * keep it in the last page.
  196. */
  197. bl32_image_ep_info.args.arg0 = ARM_TRUSTED_SRAM_BASE +
  198. PLAT_ARM_TRUSTED_SRAM_SIZE - PAGE_SIZE;
  199. #endif
  200. # endif /* BL32_BASE */
  201. /* Populate entry point information for BL33 */
  202. SET_PARAM_HEAD(&bl33_image_ep_info,
  203. PARAM_EP,
  204. VERSION_1,
  205. 0);
  206. /*
  207. * Tell BL31 where the non-trusted software image
  208. * is located and the entry state information
  209. */
  210. bl33_image_ep_info.pc = plat_get_ns_image_entrypoint();
  211. bl33_image_ep_info.spsr = arm_get_spsr_for_bl33_entry();
  212. SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE);
  213. #if ENABLE_RME
  214. /*
  215. * Populate entry point information for RMM.
  216. * Only PC needs to be set as other fields are determined by RMMD.
  217. */
  218. rmm_image_ep_info.pc = RMM_BASE;
  219. #endif /* ENABLE_RME */
  220. #else /* RESET_TO_BL31 */
  221. /*
  222. * In debug builds, we pass a special value in 'plat_params_from_bl2'
  223. * to verify platform parameters from BL2 to BL31.
  224. * In release builds, it's not used.
  225. */
  226. assert(((unsigned long long)plat_params_from_bl2) ==
  227. ARM_BL31_PLAT_PARAM_VAL);
  228. /*
  229. * Check params passed from BL2 should not be NULL,
  230. */
  231. bl_params_t *params_from_bl2 = (bl_params_t *)from_bl2;
  232. assert(params_from_bl2 != NULL);
  233. assert(params_from_bl2->h.type == PARAM_BL_PARAMS);
  234. assert(params_from_bl2->h.version >= VERSION_2);
  235. bl_params_node_t *bl_params = params_from_bl2->head;
  236. /*
  237. * Copy BL33, BL32 and RMM (if present), entry point information.
  238. * They are stored in Secure RAM, in BL2's address space.
  239. */
  240. while (bl_params != NULL) {
  241. if (bl_params->image_id == BL32_IMAGE_ID) {
  242. bl32_image_ep_info = *bl_params->ep_info;
  243. #if SPMC_AT_EL3
  244. /*
  245. * Populate the BL32 image base, size and max limit in
  246. * the entry point information, since there is no
  247. * platform function to retrieve them in generic
  248. * code. We choose arg2, arg3 and arg4 since the generic
  249. * code uses arg1 for stashing the SP manifest size. The
  250. * SPMC setup uses these arguments to update SP manifest
  251. * with actual SP's base address and it size.
  252. */
  253. bl32_image_ep_info.args.arg2 =
  254. bl_params->image_info->image_base;
  255. bl32_image_ep_info.args.arg3 =
  256. bl_params->image_info->image_size;
  257. bl32_image_ep_info.args.arg4 =
  258. bl_params->image_info->image_base +
  259. bl_params->image_info->image_max_size;
  260. #endif
  261. }
  262. #if ENABLE_RME
  263. else if (bl_params->image_id == RMM_IMAGE_ID) {
  264. rmm_image_ep_info = *bl_params->ep_info;
  265. }
  266. #endif
  267. else if (bl_params->image_id == BL33_IMAGE_ID) {
  268. bl33_image_ep_info = *bl_params->ep_info;
  269. }
  270. bl_params = bl_params->next_params_info;
  271. }
  272. if (bl33_image_ep_info.pc == 0U)
  273. panic();
  274. #if ENABLE_RME
  275. if (rmm_image_ep_info.pc == 0U)
  276. panic();
  277. #endif
  278. #endif /* RESET_TO_BL31 */
  279. # if ARM_LINUX_KERNEL_AS_BL33
  280. /*
  281. * According to the file ``Documentation/arm64/booting.txt`` of the
  282. * Linux kernel tree, Linux expects the physical address of the device
  283. * tree blob (DTB) in x0, while x1-x3 are reserved for future use and
  284. * must be 0.
  285. * Repurpose the option to load Hafnium hypervisor in the normal world.
  286. * It expects its manifest address in x0. This is essentially the linux
  287. * dts (passed to the primary VM) by adding 'hypervisor' and chosen
  288. * nodes specifying the Hypervisor configuration.
  289. */
  290. #if RESET_TO_BL31
  291. bl33_image_ep_info.args.arg0 = (u_register_t)ARM_PRELOADED_DTB_BASE;
  292. #else
  293. bl33_image_ep_info.args.arg0 = (u_register_t)hw_config;
  294. #endif
  295. bl33_image_ep_info.args.arg1 = 0U;
  296. bl33_image_ep_info.args.arg2 = 0U;
  297. bl33_image_ep_info.args.arg3 = 0U;
  298. # endif
  299. }
  300. #endif
  301. void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1,
  302. u_register_t arg2, u_register_t arg3)
  303. {
  304. #if TRANSFER_LIST
  305. arm_bl31_early_platform_setup(arg0, arg1, arg2, arg3);
  306. #else
  307. arm_bl31_early_platform_setup((void *)arg0, arg1, arg2, (void *)arg3);
  308. #endif
  309. /*
  310. * Initialize Interconnect for this cluster during cold boot.
  311. * No need for locks as no other CPU is active.
  312. */
  313. plat_arm_interconnect_init();
  314. /*
  315. * Enable Interconnect coherency for the primary CPU's cluster.
  316. * Earlier bootloader stages might already do this (e.g. Trusted
  317. * Firmware's BL1 does it) but we can't assume so. There is no harm in
  318. * executing this code twice anyway.
  319. * Platform specific PSCI code will enable coherency for other
  320. * clusters.
  321. */
  322. plat_arm_interconnect_enter_coherency();
  323. }
  324. /*******************************************************************************
  325. * Perform any BL31 platform setup common to ARM standard platforms
  326. ******************************************************************************/
  327. void arm_bl31_platform_setup(void)
  328. {
  329. struct transfer_list_entry *te __unused;
  330. #if TRANSFER_LIST && !RESET_TO_BL31
  331. ns_tl = transfer_list_ensure((void *)FW_NS_HANDOFF_BASE,
  332. PLAT_ARM_FW_HANDOFF_SIZE);
  333. if (ns_tl == NULL) {
  334. ERROR("Non-secure transfer list initialisation failed!\n");
  335. panic();
  336. }
  337. /* BL31 may modify the HW_CONFIG so defer copying it until later. */
  338. te = transfer_list_find(secure_tl, TL_TAG_FDT);
  339. assert(te != NULL);
  340. /*
  341. * A pre-existing assumption is that FCONF is unsupported w/ RESET_TO_BL2 and
  342. * RESET_TO_BL31. In the case of RESET_TO_BL31 this makes sense because there
  343. * isn't a prior stage to load the device tree, but the reasoning for RESET_TO_BL2 is
  344. * less clear. For the moment hardware properties that would normally be
  345. * derived from the DT are statically defined.
  346. */
  347. #if !RESET_TO_BL2
  348. fconf_populate("HW_CONFIG", (uintptr_t)transfer_list_entry_data(te));
  349. #endif
  350. te = transfer_list_add(ns_tl, TL_TAG_FDT, te->data_size,
  351. transfer_list_entry_data(te));
  352. assert(te != NULL);
  353. #endif /* TRANSFER_LIST && !RESET_TO_BL31 */
  354. /* Initialize the GIC driver, cpu and distributor interfaces */
  355. plat_arm_gic_driver_init();
  356. plat_arm_gic_init();
  357. #if RESET_TO_BL31
  358. /*
  359. * Do initial security configuration to allow DRAM/device access
  360. * (if earlier BL has not already done so).
  361. */
  362. plat_arm_security_setup();
  363. #if defined(PLAT_ARM_MEM_PROT_ADDR)
  364. arm_nor_psci_do_dyn_mem_protect();
  365. #endif /* PLAT_ARM_MEM_PROT_ADDR */
  366. #endif /* RESET_TO_BL31 */
  367. /* Enable and initialize the System level generic timer */
  368. mmio_write_32(ARM_SYS_CNTCTL_BASE + CNTCR_OFF,
  369. CNTCR_FCREQ(0U) | CNTCR_EN);
  370. /* Allow access to the System counter timer module */
  371. arm_configure_sys_timer();
  372. /* Initialize power controller before setting up topology */
  373. plat_arm_pwrc_setup();
  374. #if ENABLE_FEAT_RAS && FFH_SUPPORT
  375. ras_init();
  376. #endif
  377. #if USE_DEBUGFS
  378. debugfs_init();
  379. #endif /* USE_DEBUGFS */
  380. }
  381. /*******************************************************************************
  382. * Perform any BL31 platform runtime setup prior to BL31 exit common to ARM
  383. * standard platforms
  384. ******************************************************************************/
  385. void arm_bl31_plat_runtime_setup(void)
  386. {
  387. struct transfer_list_entry *te __unused;
  388. /* Initialize the runtime console */
  389. arm_console_runtime_init();
  390. #if TRANSFER_LIST && !RESET_TO_BL31
  391. /*
  392. * We assume BL31 has added all TE's required by BL33 at this stage, ensure
  393. * that data is visible to all observers by performing a flush operation, so
  394. * they can access the updated data even if caching is not enabled.
  395. */
  396. flush_dcache_range((uintptr_t)ns_tl, ns_tl->size);
  397. #endif /* TRANSFER_LIST && !RESET_TO_BL31 */
  398. #if RECLAIM_INIT_CODE
  399. arm_free_init_memory();
  400. #endif
  401. #if PLAT_RO_XLAT_TABLES
  402. arm_xlat_make_tables_readonly();
  403. #endif
  404. }
  405. #if RECLAIM_INIT_CODE
  406. /*
  407. * Make memory for image boot time code RW to reclaim it as stack for the
  408. * secondary cores, or RO where it cannot be reclaimed:
  409. *
  410. * |-------- INIT SECTION --------|
  411. * -----------------------------------------
  412. * | CORE 0 | CORE 1 | CORE 2 | EXTRA |
  413. * | STACK | STACK | STACK | SPACE |
  414. * -----------------------------------------
  415. * <-------------------> <------>
  416. * MAKE RW AND XN MAKE
  417. * FOR STACKS RO AND XN
  418. */
  419. void arm_free_init_memory(void)
  420. {
  421. int ret = 0;
  422. if (BL_STACKS_END < BL_INIT_CODE_END) {
  423. /* Reclaim some of the init section as stack if possible. */
  424. if (BL_INIT_CODE_BASE < BL_STACKS_END) {
  425. ret |= xlat_change_mem_attributes(BL_INIT_CODE_BASE,
  426. BL_STACKS_END - BL_INIT_CODE_BASE,
  427. MT_RW_DATA);
  428. }
  429. /* Make the rest of the init section read-only. */
  430. ret |= xlat_change_mem_attributes(BL_STACKS_END,
  431. BL_INIT_CODE_END - BL_STACKS_END,
  432. MT_RO_DATA);
  433. } else {
  434. /* The stacks cover the init section, so reclaim it all. */
  435. ret |= xlat_change_mem_attributes(BL_INIT_CODE_BASE,
  436. BL_INIT_CODE_END - BL_INIT_CODE_BASE,
  437. MT_RW_DATA);
  438. }
  439. if (ret != 0) {
  440. ERROR("Could not reclaim initialization code");
  441. panic();
  442. }
  443. }
  444. #endif
  445. void __init bl31_platform_setup(void)
  446. {
  447. arm_bl31_platform_setup();
  448. }
  449. void bl31_plat_runtime_setup(void)
  450. {
  451. arm_bl31_plat_runtime_setup();
  452. }
  453. /*******************************************************************************
  454. * Perform the very early platform specific architectural setup shared between
  455. * ARM standard platforms. This only does basic initialization. Later
  456. * architectural setup (bl31_arch_setup()) does not do anything platform
  457. * specific.
  458. ******************************************************************************/
  459. void __init arm_bl31_plat_arch_setup(void)
  460. {
  461. const mmap_region_t bl_regions[] = {
  462. MAP_BL31_TOTAL,
  463. #if ENABLE_RME
  464. ARM_MAP_L0_GPT_REGION,
  465. #endif
  466. #if RECLAIM_INIT_CODE
  467. MAP_BL_INIT_CODE,
  468. #endif
  469. #if SEPARATE_NOBITS_REGION
  470. MAP_BL31_NOBITS,
  471. #endif
  472. ARM_MAP_BL_RO,
  473. #if USE_ROMLIB
  474. ARM_MAP_ROMLIB_CODE,
  475. ARM_MAP_ROMLIB_DATA,
  476. #endif
  477. #if USE_COHERENT_MEM
  478. ARM_MAP_BL_COHERENT_RAM,
  479. #endif
  480. {0}
  481. };
  482. setup_page_tables(bl_regions, plat_arm_get_mmap());
  483. enable_mmu_el3(0);
  484. #if ENABLE_RME
  485. #if RESET_TO_BL31
  486. /* initialize GPT only when RME is enabled. */
  487. assert(is_feat_rme_present());
  488. /* Initialise and enable granule protection after MMU. */
  489. arm_gpt_setup();
  490. #endif /* RESET_TO_BL31 */
  491. /*
  492. * Initialise Granule Protection library and enable GPC for the primary
  493. * processor. The tables have already been initialized by a previous BL
  494. * stage, so there is no need to provide any PAS here. This function
  495. * sets up pointers to those tables.
  496. */
  497. if (gpt_runtime_init() < 0) {
  498. ERROR("gpt_runtime_init() failed!\n");
  499. panic();
  500. }
  501. #endif /* ENABLE_RME */
  502. arm_setup_romlib();
  503. }
  504. void __init bl31_plat_arch_setup(void)
  505. {
  506. arm_bl31_plat_arch_setup();
  507. }