[mirror_edk2.git] / ArmPlatformPkg / Sec / Sec.c

/** @file
*  Main file supporting the SEC Phase on ARM Platforms
*
*  Copyright (c) 2011-2012, ARM Limited. All rights reserved.
*  
*  This program and the accompanying materials                          
*  are licensed and made available under the terms and conditions of the BSD License         
*  which accompanies this distribution.  The full text of the license may be found at        
*  http://opensource.org/licenses/bsd-license.php                                            
*
*  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,                     
*  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.             
*
**/

#include <Library/ArmTrustedMonitorLib.h>
#include <Library/DebugAgentLib.h>
#include <Library/PrintLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/SerialPortLib.h>
#include <Library/ArmGicLib.h>

#include "SecInternal.h"

#define SerialPrint(txt)  SerialPortWrite ((UINT8*)txt, AsciiStrLen(txt)+1);

VOID
CEntryPoint (
  IN  UINTN                     MpId,
  IN  UINTN                     SecBootMode
  )
{
  CHAR8           Buffer[100];
  UINTN           CharCount;
  UINTN           JumpAddress;

  // Invalidate the data cache. Doesn't have to do the Data cache clean.
  ArmInvalidateDataCache();

  // Invalidate Instruction Cache
  ArmInvalidateInstructionCache();

  // Invalidate I & D TLBs
  ArmInvalidateInstructionAndDataTlb();

  // CPU specific settings
  ArmCpuSetup (MpId);

  // Enable Floating Point Coprocessor if supported by the platform
  if (FixedPcdGet32 (PcdVFPEnabled)) {
    ArmEnableVFP();
  }

  // Initialize peripherals that must be done at the early stage
  // Example: Some L2 controller, interconnect, clock, DMC, etc
  ArmPlatformSecInitialize (MpId);

  // Primary CPU clears out the SCU tag RAMs, secondaries wait
  if (IS_PRIMARY_CORE(MpId) && (SecBootMode == ARM_SEC_COLD_BOOT)) {
    if (ArmIsMpCore()) {
      // Signal for the initial memory is configured (event: BOOT_MEM_INIT)
      ArmCallSEV ();
    }

    // SEC phase needs to run library constructors by hand. This assumes we are linked against the SerialLib
    // In non SEC modules the init call is in autogenerated code.
    SerialPortInitialize ();

    // Start talking
    if (FixedPcdGetBool (PcdTrustzoneSupport)) {
      CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Secure firmware (version %s built at %a on %a)\n\r",
          (CHAR16*)PcdGetPtr(PcdFirmwareVersionString), __TIME__, __DATE__);
    } else {
      CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Boot firmware (version %s built at %a on %a)\n\r",
          (CHAR16*)PcdGetPtr(PcdFirmwareVersionString), __TIME__, __DATE__);
    }
    SerialPortWrite ((UINT8 *) Buffer, CharCount);

    // Initialize the Debug Agent for Source Level Debugging
    InitializeDebugAgent (DEBUG_AGENT_INIT_PREMEM_SEC, NULL, NULL);
    SaveAndSetDebugTimerInterrupt (TRUE);

    // Now we've got UART, make the check:
    // - The Vector table must be 32-byte aligned
    ASSERT(((UINT32)SecVectorTable & ((1 << 5)-1)) == 0);

    // Enable the GIC distributor and CPU Interface
    // - no other Interrupts are enabled,  doesn't have to worry about the priority.
    // - all the cores are in secure state, use secure SGI's
    ArmGicEnableDistributor (PcdGet32(PcdGicDistributorBase));
    ArmGicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase));
  } else {
    // Enable the GIC CPU Interface
    ArmGicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase));
  }

  // Enable Full Access to CoProcessors
  ArmWriteCpacr (CPACR_CP_FULL_ACCESS);

  // Test if Trustzone is supported on this platform
  if (FixedPcdGetBool (PcdTrustzoneSupport)) {
    if (ArmIsMpCore()) {
      // Setup SMP in Non Secure world
      ArmCpuSetupSmpNonSecure (GET_CORE_ID(MpId));
    }

    // Either we use the Secure Stacks for Secure Monitor (in this case (Base == 0) && (Size == 0))
    // Or we use separate Secure Monitor stacks (but (Base != 0) && (Size != 0))
    ASSERT (((PcdGet32(PcdCPUCoresSecMonStackBase) == 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) == 0)) ||
            ((PcdGet32(PcdCPUCoresSecMonStackBase) != 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) != 0)));

    // Enter Monitor Mode
    enter_monitor_mode ((UINTN)TrustedWorldInitialization, MpId, SecBootMode, (VOID*)(PcdGet32(PcdCPUCoresSecMonStackBase) + (PcdGet32(PcdCPUCoreSecMonStackSize) * (GET_CORE_POS(MpId) + 1))));
  } else {
    if (IS_PRIMARY_CORE(MpId)) {
      SerialPrint ("Trust Zone Configuration is disabled\n\r");
    }

    // With Trustzone support the transition from Sec to Normal world is done by return_from_exception().
    // If we want to keep this function call we need to ensure the SVC's SPSR point to the same Program
    // Status Register as the the current one (CPSR).
    copy_cpsr_into_spsr ();

    // Call the Platform specific function to execute additional actions if required
    JumpAddress = PcdGet32 (PcdFvBaseAddress);
    ArmPlatformSecExtraAction (MpId, &JumpAddress);

    NonTrustedWorldTransition (MpId, JumpAddress);
  }
  ASSERT (0); // We must never return from the above function
}

VOID
TrustedWorldInitialization (
  IN  UINTN                     MpId,
  IN  UINTN                     SecBootMode
  )
{
  UINTN   JumpAddress;

  //-------------------- Monitor Mode ---------------------

  // Set up Monitor World (Vector Table, etc)
  ArmSecureMonitorWorldInitialize ();

  // Transfer the interrupt to Non-secure World
  ArmGicSetupNonSecure (MpId, PcdGet32(PcdGicDistributorBase), PcdGet32(PcdGicInterruptInterfaceBase));

  // Initialize platform specific security policy
  ArmPlatformSecTrustzoneInit (MpId);

  // Setup the Trustzone Chipsets
  if (SecBootMode == ARM_SEC_COLD_BOOT) {
    if (IS_PRIMARY_CORE(MpId)) {
      if (ArmIsMpCore()) {
        // Signal the secondary core the Security settings is done (event: EVENT_SECURE_INIT)
        ArmCallSEV ();
      }
    } else {
      // The secondary cores need to wait until the Trustzone chipsets configuration is done
      // before switching to Non Secure World

      // Wait for the Primary Core to finish the initialization of the Secure World (event: EVENT_SECURE_INIT)
      ArmCallWFE ();
    }
  }

  // Call the Platform specific function to execute additional actions if required
  JumpAddress = PcdGet32 (PcdFvBaseAddress);
  ArmPlatformSecExtraAction (MpId, &JumpAddress);

  // Write to CP15 Non-secure Access Control Register
  ArmWriteNsacr (PcdGet32 (PcdArmNsacr));

  // CP15 Secure Configuration Register
  ArmWriteScr (PcdGet32 (PcdArmScr));

  NonTrustedWorldTransition (MpId, JumpAddress);
}

VOID
NonTrustedWorldTransition (
  IN  UINTN                     MpId,
  IN  UINTN                     JumpAddress
  )
{
  // If PcdArmNonSecModeTransition is defined then set this specific mode to CPSR before the transition
  // By not set, the mode for Non Secure World is SVC
  if (PcdGet32 (PcdArmNonSecModeTransition) != 0) {
    set_non_secure_mode ((ARM_PROCESSOR_MODE)PcdGet32 (PcdArmNonSecModeTransition));
  }

  return_from_exception (JumpAddress);
  //-------------------- Non Secure Mode ---------------------

  // PEI Core should always load and never return
  ASSERT (FALSE);
}

VOID
SecCommonExceptionEntry (
  IN UINT32 Entry,
  IN UINT32 LR
  )
{
  CHAR8           Buffer[100];
  UINTN           CharCount;

  switch (Entry) {
  case 0:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Reset Exception at 0x%X\n\r",LR);
    break;
  case 1:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Undefined Exception at 0x%X\n\r",LR);
    break;
  case 2:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"SWI Exception at 0x%X\n\r",LR);
    break;
  case 3:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"PrefetchAbort Exception at 0x%X\n\r",LR);
    break;
  case 4:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"DataAbort Exception at 0x%X\n\r",LR);
    break;
  case 5:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Reserved Exception at 0x%X\n\r",LR);
    break;
  case 6:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"IRQ Exception at 0x%X\n\r",LR);
    break;
  case 7:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"FIQ Exception at 0x%X\n\r",LR);
    break;
  default:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Unknown Exception at 0x%X\n\r",LR);
    break;
  }
  SerialPortWrite ((UINT8 *) Buffer, CharCount);
  while(1);
}
Commit	Line	Data
1d5d0ae9	1	/** @file
009f583f	2	* Main file supporting the SEC Phase on ARM Platforms
1d5d0ae9	3	*
8cc852f7	4	* Copyright (c) 2011-2012, ARM Limited. All rights reserved.
1d5d0ae9	5	*
	6	* This program and the accompanying materials
	7	* are licensed and made available under the terms and conditions of the BSD License
	8	* which accompanies this distribution. The full text of the license may be found at
	9	* http://opensource.org/licenses/bsd-license.php
	10	*
	11	* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
	12	* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
	13	*
	14	**/
	15
8cc852f7	16	#include <Library/ArmTrustedMonitorLib.h>
a6caee65	17	#include <Library/DebugAgentLib.h>
2637d1ef	18	#include <Library/PrintLib.h>
1d5d0ae9	19	#include <Library/BaseMemoryLib.h>
1d5d0ae9	20	#include <Library/SerialPortLib.h>
55a0d64b	21	#include <Library/ArmGicLib.h>
0620eec9	22
009f583f	23	#include "SecInternal.h"
009f583f	24
e862cd50	25	#define SerialPrint(txt) SerialPortWrite ((UINT8*)txt, AsciiStrLen(txt)+1);
2637d1ef	26
1d5d0ae9	27	VOID
1d5d0ae9	28	CEntryPoint (
a75568e9	29	IN UINTN MpId,
a75568e9	30	IN UINTN SecBootMode
1d5d0ae9	31	)
1d5d0ae9	32	{
2637d1ef	33	CHAR8 Buffer[100];
2637d1ef	34	UINTN CharCount;
3d93aeae	35	UINTN JumpAddress;
2637d1ef	36
710b8acb	37	// Invalidate the data cache. Doesn't have to do the Data cache clean.
	38	ArmInvalidateDataCache();
	39
	40	// Invalidate Instruction Cache
	41	ArmInvalidateInstructionCache();
	42
	43	// Invalidate I & D TLBs
	44	ArmInvalidateInstructionAndDataTlb();
	45
	46	// CPU specific settings
	47	ArmCpuSetup (MpId);
	48
82344416	49	// Enable Floating Point Coprocessor if supported by the platform
	50	if (FixedPcdGet32 (PcdVFPEnabled)) {
	51	ArmEnableVFP();
	52	}
e314d564	53
	54	// Initialize peripherals that must be done at the early stage
	55	// Example: Some L2 controller, interconnect, clock, DMC, etc
	56	ArmPlatformSecInitialize (MpId);
	57
1d5d0ae9	58	// Primary CPU clears out the SCU tag RAMs, secondaries wait
8cfd2e24	59	if (IS_PRIMARY_CORE(MpId) && (SecBootMode == ARM_SEC_COLD_BOOT)) {
90d6a1bb	60	if (ArmIsMpCore()) {
b1d41be7	61	// Signal for the initial memory is configured (event: BOOT_MEM_INIT)
b1d41be7	62	ArmCallSEV ();
1d5d0ae9	63	}
	64
	65	// SEC phase needs to run library constructors by hand. This assumes we are linked against the SerialLib
	66	// In non SEC modules the init call is in autogenerated code.
	67	SerialPortInitialize ();
2637d1ef	68
1d5d0ae9	69	// Start talking
99744d52	70	if (FixedPcdGetBool (PcdTrustzoneSupport)) {
	71	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Secure firmware (version %s built at %a on %a)\n\r",
	72	(CHAR16*)PcdGetPtr(PcdFirmwareVersionString), __TIME__, __DATE__);
	73	} else {
	74	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Boot firmware (version %s built at %a on %a)\n\r",
	75	(CHAR16*)PcdGetPtr(PcdFirmwareVersionString), __TIME__, __DATE__);
	76	}
2637d1ef	77	SerialPortWrite ((UINT8 *) Buffer, CharCount);
1d5d0ae9	78
a6caee65	79	// Initialize the Debug Agent for Source Level Debugging
	80	InitializeDebugAgent (DEBUG_AGENT_INIT_PREMEM_SEC, NULL, NULL);
	81	SaveAndSetDebugTimerInterrupt (TRUE);
	82
1d5d0ae9	83	// Now we've got UART, make the check:
	84	// - The Vector table must be 32-byte aligned
	85	ASSERT(((UINT32)SecVectorTable & ((1 << 5)-1)) == 0);
90d6a1bb	86
	87	// Enable the GIC distributor and CPU Interface
	88	// - no other Interrupts are enabled, doesn't have to worry about the priority.
	89	// - all the cores are in secure state, use secure SGI's
	90	ArmGicEnableDistributor (PcdGet32(PcdGicDistributorBase));
	91	ArmGicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase));
	92	} else {
	93	// Enable the GIC CPU Interface
	94	ArmGicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase));
1d5d0ae9	95	}
1d5d0ae9	96
1d5d0ae9	97	// Enable Full Access to CoProcessors
836c3500	98	ArmWriteCpacr (CPACR_CP_FULL_ACCESS);
1d5d0ae9	99
1d5d0ae9	100	// Test if Trustzone is supported on this platform
12c5ae23	101	if (FixedPcdGetBool (PcdTrustzoneSupport)) {
90d6a1bb	102	if (ArmIsMpCore()) {
1d5d0ae9	103	// Setup SMP in Non Secure world
90d6a1bb	104	ArmCpuSetupSmpNonSecure (GET_CORE_ID(MpId));
1d5d0ae9	105	}
1d5d0ae9	106
d9c69d99	107	// Either we use the Secure Stacks for Secure Monitor (in this case (Base == 0) && (Size == 0))
	108	// Or we use separate Secure Monitor stacks (but (Base != 0) && (Size != 0))
	109	ASSERT (((PcdGet32(PcdCPUCoresSecMonStackBase) == 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) == 0)) \|\|
	110	((PcdGet32(PcdCPUCoresSecMonStackBase) != 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) != 0)));
	111
1d5d0ae9	112	// Enter Monitor Mode
a75568e9	113	enter_monitor_mode ((UINTN)TrustedWorldInitialization, MpId, SecBootMode, (VOID)(PcdGet32(PcdCPUCoresSecMonStackBase) + (PcdGet32(PcdCPUCoreSecMonStackSize) (GET_CORE_POS(MpId) + 1))));
a8530889	114	} else {
	115	if (IS_PRIMARY_CORE(MpId)) {
	116	SerialPrint ("Trust Zone Configuration is disabled\n\r");
	117	}
1d5d0ae9	118
a8530889	119	// With Trustzone support the transition from Sec to Normal world is done by return_from_exception().
	120	// If we want to keep this function call we need to ensure the SVC's SPSR point to the same Program
	121	// Status Register as the the current one (CPSR).
	122	copy_cpsr_into_spsr ();
	123
3d93aeae	124	// Call the Platform specific function to execute additional actions if required
	125	JumpAddress = PcdGet32 (PcdFvBaseAddress);
	126	ArmPlatformSecExtraAction (MpId, &JumpAddress);
	127
	128	NonTrustedWorldTransition (MpId, JumpAddress);
a8530889	129	}
	130	ASSERT (0); // We must never return from the above function
	131	}
	132
	133	VOID
	134	TrustedWorldInitialization (
a75568e9	135	IN UINTN MpId,
a75568e9	136	IN UINTN SecBootMode
a8530889	137	)
a8530889	138	{
3d93aeae	139	UINTN JumpAddress;
3d93aeae	140
8cc852f7	141	//-------------------- Monitor Mode ---------------------
	142
	143	// Set up Monitor World (Vector Table, etc)
	144	ArmSecureMonitorWorldInitialize ();
1d5d0ae9	145
5e773144	146	// Transfer the interrupt to Non-secure World
5e773144	147	ArmGicSetupNonSecure (MpId, PcdGet32(PcdGicDistributorBase), PcdGet32(PcdGicInterruptInterfaceBase));
80dfbc11	148
5e773144	149	// Initialize platform specific security policy
e314d564	150	ArmPlatformSecTrustzoneInit (MpId);
1d5d0ae9	151
5e773144	152	// Setup the Trustzone Chipsets
8cfd2e24	153	if (SecBootMode == ARM_SEC_COLD_BOOT) {
	154	if (IS_PRIMARY_CORE(MpId)) {
	155	if (ArmIsMpCore()) {
	156	// Signal the secondary core the Security settings is done (event: EVENT_SECURE_INIT)
	157	ArmCallSEV ();
	158	}
	159	} else {
	160	// The secondary cores need to wait until the Trustzone chipsets configuration is done
	161	// before switching to Non Secure World
1d5d0ae9	162
8cfd2e24	163	// Wait for the Primary Core to finish the initialization of the Secure World (event: EVENT_SECURE_INIT)
	164	ArmCallWFE ();
	165	}
a8530889	166	}
1d5d0ae9	167
b1d41be7	168	// Call the Platform specific function to execute additional actions if required
3d93aeae	169	JumpAddress = PcdGet32 (PcdFvBaseAddress);
	170	ArmPlatformSecExtraAction (MpId, &JumpAddress);
	171
a8530889	172	// Write to CP15 Non-secure Access Control Register
a8530889	173	ArmWriteNsacr (PcdGet32 (PcdArmNsacr));
1d5d0ae9	174
a8530889	175	// CP15 Secure Configuration Register
	176	ArmWriteScr (PcdGet32 (PcdArmScr));
	177
3d93aeae	178	NonTrustedWorldTransition (MpId, JumpAddress);
a8530889	179	}
	180
	181	VOID
	182	NonTrustedWorldTransition (
3d93aeae	183	IN UINTN MpId,
3d93aeae	184	IN UINTN JumpAddress
a8530889	185	)
a8530889	186	{
513aa349	187	// If PcdArmNonSecModeTransition is defined then set this specific mode to CPSR before the transition
	188	// By not set, the mode for Non Secure World is SVC
	189	if (PcdGet32 (PcdArmNonSecModeTransition) != 0) {
	190	set_non_secure_mode ((ARM_PROCESSOR_MODE)PcdGet32 (PcdArmNonSecModeTransition));
	191	}
	192
a6caee65	193	return_from_exception (JumpAddress);
1d5d0ae9	194	//-------------------- Non Secure Mode ---------------------
	195
	196	// PEI Core should always load and never return
	197	ASSERT (FALSE);
	198	}
	199
2637d1ef	200	VOID
	201	SecCommonExceptionEntry (
	202	IN UINT32 Entry,
	203	IN UINT32 LR
	204	)
	205	{
	206	CHAR8 Buffer[100];
	207	UINTN CharCount;
	208
1d5d0ae9	209	switch (Entry) {
1d5d0ae9	210	case 0:
2637d1ef	211	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Reset Exception at 0x%X\n\r",LR);
1d5d0ae9	212	break;
1d5d0ae9	213	case 1:
2637d1ef	214	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Undefined Exception at 0x%X\n\r",LR);
1d5d0ae9	215	break;
1d5d0ae9	216	case 2:
2637d1ef	217	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"SWI Exception at 0x%X\n\r",LR);
1d5d0ae9	218	break;
1d5d0ae9	219	case 3:
2637d1ef	220	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"PrefetchAbort Exception at 0x%X\n\r",LR);
1d5d0ae9	221	break;
1d5d0ae9	222	case 4:
2637d1ef	223	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"DataAbort Exception at 0x%X\n\r",LR);
1d5d0ae9	224	break;
1d5d0ae9	225	case 5:
2637d1ef	226	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Reserved Exception at 0x%X\n\r",LR);
1d5d0ae9	227	break;
1d5d0ae9	228	case 6:
2637d1ef	229	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"IRQ Exception at 0x%X\n\r",LR);
1d5d0ae9	230	break;
1d5d0ae9	231	case 7:
2637d1ef	232	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"FIQ Exception at 0x%X\n\r",LR);
1d5d0ae9	233	break;
1d5d0ae9	234	default:
2637d1ef	235	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Unknown Exception at 0x%X\n\r",LR);
1d5d0ae9	236	break;
1d5d0ae9	237	}
2637d1ef	238	SerialPortWrite ((UINT8 *) Buffer, CharCount);
1d5d0ae9	239	while(1);
1d5d0ae9	240	}