/** @file
-* Main file supporting the SEC Phase for Versatile Express
+* Main file supporting the SEC Phase on ARM Platforms
*
-* Copyright (c) 2011, ARM Limited. All rights reserved.
+* Copyright (c) 2011-2012, ARM Limited. All rights reserved.
*
* This program and the accompanying materials
* are licensed and made available under the terms and conditions of the BSD License
*
**/
-#include <Library/DebugLib.h>
-#include <Library/PcdLib.h>
+#include <Library/ArmTrustedMonitorLib.h>
+#include <Library/DebugAgentLib.h>
#include <Library/PrintLib.h>
-#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
-#include <Library/ArmLib.h>
#include <Library/SerialPortLib.h>
-#include <Library/ArmPlatformLib.h>
+#include <Library/ArmGicLib.h>
+#include <Library/ArmCpuLib.h>
-#include <Chipset/ArmV7.h>
-#include <Drivers/PL390Gic.h>
+#include "SecInternal.h"
-#define ARM_PRIMARY_CORE 0
-
-#define SerialPrint(txt) SerialPortWrite (txt, AsciiStrLen(txt)+1);
-
-extern VOID *monitor_vector_table;
-
-VOID
-ArmSetupGicNonSecure (
- IN INTN GicDistributorBase,
- IN INTN GicInterruptInterfaceBase
-);
-
-// Vector Table for Sec Phase
-VOID
-SecVectorTable (
- VOID
- );
-
-VOID
-NonSecureWaitForFirmware (
- VOID
- );
-
-VOID
-enter_monitor_mode(
- IN VOID* Stack
- );
-
-VOID
-return_from_exception (
- IN UINTN NonSecureBase
- );
-
-VOID
-copy_cpsr_into_spsr (
- VOID
- );
+#define SerialPrint(txt) SerialPortWrite ((UINT8*)txt, AsciiStrLen(txt)+1);
VOID
CEntryPoint (
- IN UINTN CoreId
+ IN UINTN MpId
)
{
CHAR8 Buffer[100];
UINTN CharCount;
+ UINTN JumpAddress;
+
+ // Invalidate the data cache. Doesn't have to do the Data cache clean.
+ ArmInvalidateDataCache();
+ // Invalidate Instruction Cache
+ ArmInvalidateInstructionCache();
+
+ // Invalidate I & D TLBs
+ ArmInvalidateInstructionAndDataTlb();
+
+ // CPU specific settings
+ ArmCpuSetup (MpId);
+
+ // Enable Floating Point Coprocessor if supported by the platform
+ if (FixedPcdGet32 (PcdVFPEnabled)) {
+ ArmEnableVFP();
+ }
+
// Primary CPU clears out the SCU tag RAMs, secondaries wait
- if (CoreId == ARM_PRIMARY_CORE) {
- if (FixedPcdGet32(PcdMPCoreSupport)) {
- ArmInvalidScu();
+ if (IS_PRIMARY_CORE(MpId)) {
+ if (ArmIsMpCore()) {
+ // Signal for the initial memory is configured (event: BOOT_MEM_INIT)
+ ArmCallSEV ();
}
// SEC phase needs to run library constructors by hand. This assumes we are linked against the SerialLib
SerialPortInitialize ();
// Start talking
- CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"UEFI firmware built at %a on %a\n\r",__TIME__, __DATE__);
+ if (FixedPcdGetBool (PcdTrustzoneSupport)) {
+ CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Secure firmware (version %s built at %a on %a)\n\r",
+ (CHAR16*)PcdGetPtr(PcdFirmwareVersionString), __TIME__, __DATE__);
+ } else {
+ CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Boot firmware (version %s built at %a on %a)\n\r",
+ (CHAR16*)PcdGetPtr(PcdFirmwareVersionString), __TIME__, __DATE__);
+ }
SerialPortWrite ((UINT8 *) Buffer, CharCount);
+ // Initialize the Debug Agent for Source Level Debugging
+ InitializeDebugAgent (DEBUG_AGENT_INIT_PREMEM_SEC, NULL, NULL);
+ SaveAndSetDebugTimerInterrupt (TRUE);
+
// Now we've got UART, make the check:
// - The Vector table must be 32-byte aligned
ASSERT(((UINT32)SecVectorTable & ((1 << 5)-1)) == 0);
- }
- // Invalidate the data cache. Doesn't have to do the Data cache clean.
- ArmInvalidateDataCache();
-
- //Invalidate Instruction Cache
- ArmInvalidateInstructionCache();
-
- //Invalidate I & D TLBs
- ArmInvalidateInstructionAndDataTlb();
+ // Enable the GIC distributor and CPU Interface
+ // - no other Interrupts are enabled, doesn't have to worry about the priority.
+ // - all the cores are in secure state, use secure SGI's
+ ArmGicEnableDistributor (PcdGet32(PcdGicDistributorBase));
+ ArmGicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase));
+ } else {
+ // Enable the GIC CPU Interface
+ ArmGicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase));
+ }
// Enable Full Access to CoProcessors
- ArmWriteCPACR (CPACR_CP_FULL_ACCESS);
-
- // Enable SWP instructions
- ArmEnableSWPInstruction();
-
- // Enable program flow prediction, if supported.
- ArmEnableBranchPrediction();
-
- if (FixedPcdGet32(PcdVFPEnabled)) {
- ArmEnableVFP();
- }
+ ArmWriteCpacr (CPACR_CP_FULL_ACCESS);
- if (CoreId == ARM_PRIMARY_CORE) {
+ if (IS_PRIMARY_CORE(MpId)) {
// Initialize peripherals that must be done at the early stage
// Example: Some L2x0 controllers must be initialized in Secure World
- ArmPlatformInitialize ();
+ ArmPlatformSecInitialize ();
// If we skip the PEI Core we could want to initialize the DRAM in the SEC phase.
// If we are in standalone, we need the initialization to copy the UEFI firmware into DRAM
- if (FeaturePcdGet(PcdSkipPeiCore) || !FeaturePcdGet(PcdStandalone)) {
+ if (FeaturePcdGet (PcdSystemMemoryInitializeInSec)) {
// Initialize system memory (DRAM)
- ArmPlatformInitializeSystemMemory();
+ ArmPlatformInitializeSystemMemory ();
}
-
- // Some platform can change their physical memory mapping
- ArmPlatformBootRemapping();
}
// Test if Trustzone is supported on this platform
- if (ArmPlatformTrustzoneSupported()) {
- if (FixedPcdGet32(PcdMPCoreSupport)) {
+ if (FixedPcdGetBool (PcdTrustzoneSupport)) {
+ if (ArmIsMpCore()) {
// Setup SMP in Non Secure world
- ArmSetupSmpNonSecure(CoreId);
- }
-
- // Enter Monitor Mode
- enter_monitor_mode((VOID*)(PcdGet32(PcdCPUCoresSecMonStackBase) + (PcdGet32(PcdCPUCoreSecMonStackSize) * CoreId)));
-
- //Write the monitor mode vector table address
- ArmWriteVMBar((UINT32) &monitor_vector_table);
-
- //-------------------- Monitor Mode ---------------------
- // Setup the Trustzone Chipsets
- if (CoreId == ARM_PRIMARY_CORE) {
- ArmPlatformTrustzoneInit();
-
- // Wake up the secondary cores by sending a interrupt to everyone else
- // NOTE 1: The Software Generated Interrupts are always enabled on Cortex-A9
- // MPcore test chip on Versatile Express board, So the Software doesn't have to
- // enable SGI's explicitly.
- // 2: As no other Interrupts are enabled, doesn't have to worry about the priority.
- // 3: As all the cores are in secure state, use secure SGI's
- //
-
- PL390GicEnableDistributor (PcdGet32(PcdGicDistributorBase));
- PL390GicEnableInterruptInterface(PcdGet32(PcdGicInterruptInterfaceBase));
-
- // Send SGI to all Secondary core to wake them up from WFI state.
- PL390GicSendSgiTo (PcdGet32(PcdGicDistributorBase), GIC_ICDSGIR_FILTER_EVERYONEELSE, 0x0E);
- } else {
- // The secondary cores need to wait until the Trustzone chipsets configuration is done
- // before switching to Non Secure World
-
- // Enabled GIC CPU Interface
- PL390GicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase));
-
- // Waiting for the SGI from the primary core
- ArmCallWFI();
-
- // Acknowledge the interrupt and send End of Interrupt signal.
- PL390GicAcknowledgeSgiFrom(PcdGet32(PcdGicInterruptInterfaceBase), ARM_PRIMARY_CORE);
+ ArmCpuSetupSmpNonSecure (GET_CORE_ID(MpId));
}
- // Transfer the interrupt to Non-secure World
- PL390GicSetupNonSecure(PcdGet32(PcdGicDistributorBase),PcdGet32(PcdGicInterruptInterfaceBase));
+ // Either we use the Secure Stacks for Secure Monitor (in this case (Base == 0) && (Size == 0))
+ // Or we use separate Secure Monitor stacks (but (Base != 0) && (Size != 0))
+ ASSERT (((PcdGet32(PcdCPUCoresSecMonStackBase) == 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) == 0)) ||
+ ((PcdGet32(PcdCPUCoresSecMonStackBase) != 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) != 0)));
- // Write to CP15 Non-secure Access Control Register :
- // - Enable CP10 and CP11 accesses in NS World
- // - Enable Access to Preload Engine in NS World
- // - Enable lockable TLB entries allocation in NS world
- // - Enable R/W access to SMP bit of Auxiliary Control Register in NS world
- ArmWriteNsacr(NSACR_NS_SMP | NSACR_TL | NSACR_PLE | NSACR_CP(10) | NSACR_CP(11));
-
- // CP15 Secure Configuration Register with Non Secure bit (SCR_NS), CPSR.A modified in any
- // security state (SCR_AW), CPSR.F modified in any security state (SCR_FW)
- ArmWriteScr(SCR_NS | SCR_FW | SCR_AW);
+ // Enter Monitor Mode
+ enter_monitor_mode ((UINTN)TrustedWorldInitialization, MpId, (VOID*)(PcdGet32(PcdCPUCoresSecMonStackBase) + (PcdGet32(PcdCPUCoreSecMonStackSize) * (GET_CORE_POS(MpId) + 1))));
} else {
- if (CoreId == ARM_PRIMARY_CORE) {
+ if (IS_PRIMARY_CORE(MpId)) {
SerialPrint ("Trust Zone Configuration is disabled\n\r");
}
- // Trustzone is not enabled, just enable the Distributor and CPU interface
- PL390GicEnableInterruptInterface(PcdGet32(PcdGicInterruptInterfaceBase));
-
// With Trustzone support the transition from Sec to Normal world is done by return_from_exception().
// If we want to keep this function call we need to ensure the SVC's SPSR point to the same Program
// Status Register as the the current one (CPSR).
- copy_cpsr_into_spsr();
+ copy_cpsr_into_spsr ();
+
+ // Call the Platform specific function to execute additional actions if required
+ JumpAddress = PcdGet32 (PcdFvBaseAddress);
+ ArmPlatformSecExtraAction (MpId, &JumpAddress);
+
+ NonTrustedWorldTransition (MpId, JumpAddress);
}
+ ASSERT (0); // We must never return from the above function
+}
- // If ArmVe has not been built as Standalone then we need to patch the DRAM to add an infinite loop at the start address
- if (FeaturePcdGet(PcdStandalone) == FALSE) {
- if (CoreId == ARM_PRIMARY_CORE) {
- UINTN* StartAddress = (UINTN*)PcdGet32(PcdNormalFdBaseAddress);
+VOID
+TrustedWorldInitialization (
+ IN UINTN MpId
+ )
+{
+ UINTN JumpAddress;
- // Patch the DRAM to make an infinite loop at the start address
- *StartAddress = 0xEAFFFFFE; // opcode for while(1)
+ //-------------------- Monitor Mode ---------------------
- CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Waiting for firmware at 0x%08X ...\n\r",StartAddress);
- SerialPortWrite ((UINT8 *) Buffer, CharCount);
+ // Set up Monitor World (Vector Table, etc)
+ ArmSecureMonitorWorldInitialize ();
- // To enter into Non Secure state, we need to make a return from exception
- return_from_exception(PcdGet32(PcdNormalFdBaseAddress));
- } else {
- // When the primary core is stopped by the hardware debugger to copy the firmware
- // into DRAM. The secondary cores are still running. As soon as the first bytes of
- // the firmware are written into DRAM, the secondary cores will start to execute the
- // code even if the firmware is not entirely written into the memory.
- // That's why the secondary cores need to be parked in WFI and wake up once the
- // firmware is ready.
-
- // Enter Secondary Cores into non Secure State. To enter into Non Secure state, we need to make a return from exception
- return_from_exception((UINTN)NonSecureWaitForFirmware);
+ // Transfer the interrupt to Non-secure World
+ ArmGicSetupNonSecure (MpId, PcdGet32(PcdGicDistributorBase), PcdGet32(PcdGicInterruptInterfaceBase));
+
+ // Initialize platform specific security policy
+ ArmPlatformTrustzoneInit (MpId);
+
+ // Setup the Trustzone Chipsets
+ if (IS_PRIMARY_CORE(MpId)) {
+ if (ArmIsMpCore()) {
+ // Signal the secondary core the Security settings is done (event: EVENT_SECURE_INIT)
+ ArmCallSEV ();
}
} else {
- // To enter into Non Secure state, we need to make a return from exception
- return_from_exception(PcdGet32(PcdNormalFdBaseAddress));
+ // The secondary cores need to wait until the Trustzone chipsets configuration is done
+ // before switching to Non Secure World
+
+ // Wait for the Primary Core to finish the initialization of the Secure World (event: EVENT_SECURE_INIT)
+ ArmCallWFE ();
}
- //-------------------- Non Secure Mode ---------------------
- // PEI Core should always load and never return
- ASSERT (FALSE);
+ // Call the Platform specific function to execute additional actions if required
+ JumpAddress = PcdGet32 (PcdFvBaseAddress);
+ ArmPlatformSecExtraAction (MpId, &JumpAddress);
+
+ // Write to CP15 Non-secure Access Control Register
+ ArmWriteNsacr (PcdGet32 (PcdArmNsacr));
+
+ // CP15 Secure Configuration Register
+ ArmWriteScr (PcdGet32 (PcdArmScr));
+
+ NonTrustedWorldTransition (MpId, JumpAddress);
}
-// When the firmware is built as not Standalone, the secondary cores need to wait the firmware
-// entirely written into DRAM. It is the firmware from DRAM which will wake up the secondary cores.
VOID
-NonSecureWaitForFirmware (
- VOID
+NonTrustedWorldTransition (
+ IN UINTN MpId,
+ IN UINTN JumpAddress
)
{
- VOID (*secondary_start)(VOID);
-
- // The secondary cores will execute the firmware once wake from WFI.
- secondary_start = (VOID (*)())PcdGet32(PcdNormalFdBaseAddress);
-
- ArmCallWFI();
-
- // Acknowledge the interrupt and send End of Interrupt signal.
- PL390GicAcknowledgeSgiFrom(PcdGet32(PcdGicInterruptInterfaceBase),ARM_PRIMARY_CORE);
+ // If PcdArmNonSecModeTransition is defined then set this specific mode to CPSR before the transition
+ // By not set, the mode for Non Secure World is SVC
+ if (PcdGet32 (PcdArmNonSecModeTransition) != 0) {
+ set_non_secure_mode ((ARM_PROCESSOR_MODE)PcdGet32 (PcdArmNonSecModeTransition));
+ }
- // Jump to secondary core entry point.
- secondary_start();
+ return_from_exception (JumpAddress);
+ //-------------------- Non Secure Mode ---------------------
// PEI Core should always load and never return
ASSERT (FALSE);