-/** @file
-* Main file supporting the SEC Phase on ARM Platforms
-*
-* Copyright (c) 2011-2012, ARM Limited. All rights reserved.
-*
-* This program and the accompanying materials
-* are licensed and made available under the terms and conditions of the BSD License
-* which accompanies this distribution. The full text of the license may be found at
-* http://opensource.org/licenses/bsd-license.php
-*
-* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-*
-**/
-
-#include <Library/ArmTrustedMonitorLib.h>
-#include <Library/DebugAgentLib.h>
-#include <Library/PrintLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/SerialPortLib.h>
-#include <Library/ArmGicLib.h>
-#include <Library/ArmCpuLib.h>
-
-#include "SecInternal.h"
-
-#define SerialPrint(txt) SerialPortWrite ((UINT8*)txt, AsciiStrLen(txt)+1);
-
-VOID
-CEntryPoint (
- IN UINTN MpId
- )
-{
- CHAR8 Buffer[100];
- UINTN CharCount;
- UINTN JumpAddress;
-
- // Invalidate the data cache. Doesn't have to do the Data cache clean.
- ArmInvalidateDataCache();
-
- // Invalidate Instruction Cache
- ArmInvalidateInstructionCache();
-
- // Invalidate I & D TLBs
- ArmInvalidateInstructionAndDataTlb();
-
- // CPU specific settings
- ArmCpuSetup (MpId);
-
- // Enable Floating Point Coprocessor if supported by the platform
- if (FixedPcdGet32 (PcdVFPEnabled)) {
- ArmEnableVFP();
- }
-
- // Primary CPU clears out the SCU tag RAMs, secondaries wait
- if (IS_PRIMARY_CORE(MpId)) {
- if (ArmIsMpCore()) {
- ArmCpuSynchronizeSignal (ARM_CPU_EVENT_BOOT_MEM_INIT);
- }
-
- // SEC phase needs to run library constructors by hand. This assumes we are linked against the SerialLib
- // In non SEC modules the init call is in autogenerated code.
- SerialPortInitialize ();
-
- // Start talking
- CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"UEFI firmware built at %a on %a\n\r",__TIME__, __DATE__);
- SerialPortWrite ((UINT8 *) Buffer, CharCount);
-
- // Initialize the Debug Agent for Source Level Debugging
- InitializeDebugAgent (DEBUG_AGENT_INIT_PREMEM_SEC, NULL, NULL);
- SaveAndSetDebugTimerInterrupt (TRUE);
-
- // Now we've got UART, make the check:
- // - The Vector table must be 32-byte aligned
- ASSERT(((UINT32)SecVectorTable & ((1 << 5)-1)) == 0);
-
- // Enable the GIC distributor and CPU Interface
- // - no other Interrupts are enabled, doesn't have to worry about the priority.
- // - all the cores are in secure state, use secure SGI's
- ArmGicEnableDistributor (PcdGet32(PcdGicDistributorBase));
- ArmGicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase));
- } else {
- // Enable the GIC CPU Interface
- ArmGicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase));
- }
-
- // Enable Full Access to CoProcessors
- ArmWriteCPACR (CPACR_CP_FULL_ACCESS);
-
- if (IS_PRIMARY_CORE(MpId)) {
- // Initialize peripherals that must be done at the early stage
- // Example: Some L2x0 controllers must be initialized in Secure World
- ArmPlatformSecInitialize ();
-
- // If we skip the PEI Core we could want to initialize the DRAM in the SEC phase.
- // If we are in standalone, we need the initialization to copy the UEFI firmware into DRAM
- if (FeaturePcdGet (PcdSystemMemoryInitializeInSec)) {
- // Initialize system memory (DRAM)
- ArmPlatformInitializeSystemMemory ();
- }
- }
-
- // Test if Trustzone is supported on this platform
- if (FixedPcdGetBool (PcdTrustzoneSupport)) {
- if (ArmIsMpCore()) {
- // Setup SMP in Non Secure world
- ArmCpuSetupSmpNonSecure (GET_CORE_ID(MpId));
- }
-
- // Enter Monitor Mode
- enter_monitor_mode ((UINTN)TrustedWorldInitialization, MpId, (VOID*)(PcdGet32(PcdCPUCoresSecMonStackBase) + (PcdGet32(PcdCPUCoreSecMonStackSize) * (GET_CORE_POS(MpId) + 1))));
- } else {
- if (IS_PRIMARY_CORE(MpId)) {
- SerialPrint ("Trust Zone Configuration is disabled\n\r");
- }
-
- // With Trustzone support the transition from Sec to Normal world is done by return_from_exception().
- // If we want to keep this function call we need to ensure the SVC's SPSR point to the same Program
- // Status Register as the the current one (CPSR).
- copy_cpsr_into_spsr ();
-
- // Call the Platform specific function to execute additional actions if required
- JumpAddress = PcdGet32 (PcdFvBaseAddress);
- ArmPlatformSecExtraAction (MpId, &JumpAddress);
-
- NonTrustedWorldTransition (MpId, JumpAddress);
- }
- ASSERT (0); // We must never return from the above function
-}
-
-VOID
-TrustedWorldInitialization (
- IN UINTN MpId
- )
-{
- UINTN JumpAddress;
-
- //-------------------- Monitor Mode ---------------------
-
- // Set up Monitor World (Vector Table, etc)
- ArmSecureMonitorWorldInitialize ();
-
- // Setup the Trustzone Chipsets
- if (IS_PRIMARY_CORE(MpId)) {
- ArmPlatformTrustzoneInit ();
-
- if (ArmIsMpCore()) {
- // Waiting for the Primary Core to have finished to initialize the Secure World
- ArmCpuSynchronizeSignal (ARM_CPU_EVENT_SECURE_INIT);
- }
- } else {
- // The secondary cores need to wait until the Trustzone chipsets configuration is done
- // before switching to Non Secure World
-
- // Waiting for the Primary Core to have finished to initialize the Secure World
- ArmCpuSynchronizeWait (ARM_CPU_EVENT_SECURE_INIT);
- }
-
- // Transfer the interrupt to Non-secure World
- ArmGicSetupNonSecure (PcdGet32(PcdGicDistributorBase), PcdGet32(PcdGicInterruptInterfaceBase));
-
- // Call the Platform specific fucntion to execute additional actions if required
- JumpAddress = PcdGet32 (PcdFvBaseAddress);
- ArmPlatformSecExtraAction (MpId, &JumpAddress);
-
- // Write to CP15 Non-secure Access Control Register
- ArmWriteNsacr (PcdGet32 (PcdArmNsacr));
-
- // CP15 Secure Configuration Register
- ArmWriteScr (PcdGet32 (PcdArmScr));
-
- NonTrustedWorldTransition (MpId, JumpAddress);
-}
-
-VOID
-NonTrustedWorldTransition (
- IN UINTN MpId,
- IN UINTN JumpAddress
- )
-{
- // If PcdArmNonSecModeTransition is defined then set this specific mode to CPSR before the transition
- // By not set, the mode for Non Secure World is SVC
- if (PcdGet32 (PcdArmNonSecModeTransition) != 0) {
- set_non_secure_mode ((ARM_PROCESSOR_MODE)PcdGet32 (PcdArmNonSecModeTransition));
- }
-
- return_from_exception (JumpAddress);
- //-------------------- Non Secure Mode ---------------------
-
- // PEI Core should always load and never return
- ASSERT (FALSE);
-}
-
-VOID
-SecCommonExceptionEntry (
- IN UINT32 Entry,
- IN UINT32 LR
- )
-{
- CHAR8 Buffer[100];
- UINTN CharCount;
-
- switch (Entry) {
- case 0:
- CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Reset Exception at 0x%X\n\r",LR);
- break;
- case 1:
- CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Undefined Exception at 0x%X\n\r",LR);
- break;
- case 2:
- CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"SWI Exception at 0x%X\n\r",LR);
- break;
- case 3:
- CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"PrefetchAbort Exception at 0x%X\n\r",LR);
- break;
- case 4:
- CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"DataAbort Exception at 0x%X\n\r",LR);
- break;
- case 5:
- CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Reserved Exception at 0x%X\n\r",LR);
- break;
- case 6:
- CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"IRQ Exception at 0x%X\n\r",LR);
- break;
- case 7:
- CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"FIQ Exception at 0x%X\n\r",LR);
- break;
- default:
- CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Unknown Exception at 0x%X\n\r",LR);
- break;
- }
- SerialPortWrite ((UINT8 *) Buffer, CharCount);
- while(1);
-}
+/** @file\r
+* Main file supporting the SEC Phase on ARM Platforms\r
+*\r
+* Copyright (c) 2011-2014, ARM Limited. All rights reserved.\r
+*\r
+* This program and the accompanying materials\r
+* are licensed and made available under the terms and conditions of the BSD License\r
+* which accompanies this distribution. The full text of the license may be found at\r
+* http://opensource.org/licenses/bsd-license.php\r
+*\r
+* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
+* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+*\r
+**/\r
+\r
+#include <Library/ArmTrustedMonitorLib.h>\r
+#include <Library/DebugAgentLib.h>\r
+#include <Library/PrintLib.h>\r
+#include <Library/BaseMemoryLib.h>\r
+#include <Library/SerialPortLib.h>\r
+#include <Library/ArmGicLib.h>\r
+#include <Library/ArmPlatformLib.h>\r
+\r
+#include "SecInternal.h"\r
+\r
+#define SerialPrint(txt) SerialPortWrite ((UINT8*)txt, AsciiStrLen(txt)+1);\r
+\r
+VOID\r
+CEntryPoint (\r
+ IN UINTN MpId,\r
+ IN UINTN SecBootMode\r
+ )\r
+{\r
+ CHAR8 Buffer[100];\r
+ UINTN CharCount;\r
+ UINTN JumpAddress;\r
+\r
+ // Invalidate the data cache. Doesn't have to do the Data cache clean.\r
+ ArmInvalidateDataCache ();\r
+\r
+ // Invalidate Instruction Cache\r
+ ArmInvalidateInstructionCache ();\r
+\r
+ // Invalidate I & D TLBs\r
+ ArmInvalidateTlb ();\r
+\r
+ // CPU specific settings\r
+ ArmCpuSetup (MpId);\r
+\r
+ // Enable Floating Point Coprocessor if supported by the platform\r
+ if (FixedPcdGet32 (PcdVFPEnabled)) {\r
+ ArmEnableVFP ();\r
+ }\r
+\r
+ // Initialize peripherals that must be done at the early stage\r
+ // Example: Some L2 controller, interconnect, clock, DMC, etc\r
+ ArmPlatformSecInitialize (MpId);\r
+\r
+ // Primary CPU clears out the SCU tag RAMs, secondaries wait\r
+ if (ArmPlatformIsPrimaryCore (MpId) && (SecBootMode == ARM_SEC_COLD_BOOT)) {\r
+ if (ArmIsMpCore()) {\r
+ // Signal for the initial memory is configured (event: BOOT_MEM_INIT)\r
+ ArmCallSEV ();\r
+ }\r
+\r
+ // SEC phase needs to run library constructors by hand. This assumes we are linked against the SerialLib\r
+ // In non SEC modules the init call is in autogenerated code.\r
+ SerialPortInitialize ();\r
+\r
+ // Start talking\r
+ if (FixedPcdGetBool (PcdTrustzoneSupport)) {\r
+ CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Secure firmware (version %s built at %a on %a)\n\r",\r
+ (CHAR16*)PcdGetPtr(PcdFirmwareVersionString), __TIME__, __DATE__);\r
+ } else {\r
+ CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Boot firmware (version %s built at %a on %a)\n\r",\r
+ (CHAR16*)PcdGetPtr(PcdFirmwareVersionString), __TIME__, __DATE__);\r
+ }\r
+ SerialPortWrite ((UINT8 *) Buffer, CharCount);\r
+\r
+ // Initialize the Debug Agent for Source Level Debugging\r
+ InitializeDebugAgent (DEBUG_AGENT_INIT_PREMEM_SEC, NULL, NULL);\r
+ SaveAndSetDebugTimerInterrupt (TRUE);\r
+\r
+ // Enable the GIC distributor and CPU Interface\r
+ // - no other Interrupts are enabled, doesn't have to worry about the priority.\r
+ // - all the cores are in secure state, use secure SGI's\r
+ ArmGicEnableDistributor (PcdGet32(PcdGicDistributorBase));\r
+ ArmGicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase));\r
+ } else {\r
+ // Enable the GIC CPU Interface\r
+ ArmGicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase));\r
+ }\r
+\r
+ // Enable Full Access to CoProcessors\r
+ ArmWriteCpacr (CPACR_CP_FULL_ACCESS);\r
+\r
+ // Test if Trustzone is supported on this platform\r
+ if (FixedPcdGetBool (PcdTrustzoneSupport)) {\r
+ if (ArmIsMpCore ()) {\r
+ // Setup SMP in Non Secure world\r
+ ArmCpuSetupSmpNonSecure (GET_CORE_ID(MpId));\r
+ }\r
+\r
+ // Either we use the Secure Stacks for Secure Monitor (in this case (Base == 0) && (Size == 0))\r
+ // Or we use separate Secure Monitor stacks (but (Base != 0) && (Size != 0))\r
+ ASSERT (((PcdGet32(PcdCPUCoresSecMonStackBase) == 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) == 0)) ||\r
+ ((PcdGet32(PcdCPUCoresSecMonStackBase) != 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) != 0)));\r
+\r
+ // Enter Monitor Mode\r
+ enter_monitor_mode (\r
+ (UINTN)TrustedWorldInitialization, MpId, SecBootMode,\r
+ (VOID*) (PcdGet32 (PcdCPUCoresSecMonStackBase) +\r
+ (PcdGet32 (PcdCPUCoreSecMonStackSize) * (ArmPlatformGetCorePosition (MpId) + 1)))\r
+ );\r
+ } else {\r
+ if (ArmPlatformIsPrimaryCore (MpId)) {\r
+ SerialPrint ("Trust Zone Configuration is disabled\n\r");\r
+ }\r
+\r
+ // With Trustzone support the transition from Sec to Normal world is done by return_from_exception().\r
+ // If we want to keep this function call we need to ensure the SVC's SPSR point to the same Program\r
+ // Status Register as the the current one (CPSR).\r
+ copy_cpsr_into_spsr ();\r
+\r
+ // Call the Platform specific function to execute additional actions if required\r
+ JumpAddress = PcdGet64 (PcdFvBaseAddress);\r
+ ArmPlatformSecExtraAction (MpId, &JumpAddress);\r
+\r
+ NonTrustedWorldTransition (MpId, JumpAddress);\r
+ }\r
+ ASSERT (0); // We must never return from the above function\r
+}\r
+\r
+VOID\r
+TrustedWorldInitialization (\r
+ IN UINTN MpId,\r
+ IN UINTN SecBootMode\r
+ )\r
+{\r
+ UINTN JumpAddress;\r
+\r
+ //-------------------- Monitor Mode ---------------------\r
+\r
+ // Set up Monitor World (Vector Table, etc)\r
+ ArmSecureMonitorWorldInitialize ();\r
+\r
+ // Transfer the interrupt to Non-secure World\r
+ ArmGicSetupNonSecure (MpId, PcdGet32(PcdGicDistributorBase), PcdGet32(PcdGicInterruptInterfaceBase));\r
+\r
+ // Initialize platform specific security policy\r
+ ArmPlatformSecTrustzoneInit (MpId);\r
+\r
+ // Setup the Trustzone Chipsets\r
+ if (SecBootMode == ARM_SEC_COLD_BOOT) {\r
+ if (ArmPlatformIsPrimaryCore (MpId)) {\r
+ if (ArmIsMpCore()) {\r
+ // Signal the secondary core the Security settings is done (event: EVENT_SECURE_INIT)\r
+ ArmCallSEV ();\r
+ }\r
+ } else {\r
+ // The secondary cores need to wait until the Trustzone chipsets configuration is done\r
+ // before switching to Non Secure World\r
+\r
+ // Wait for the Primary Core to finish the initialization of the Secure World (event: EVENT_SECURE_INIT)\r
+ ArmCallWFE ();\r
+ }\r
+ }\r
+\r
+ // Call the Platform specific function to execute additional actions if required\r
+ JumpAddress = PcdGet64 (PcdFvBaseAddress);\r
+ ArmPlatformSecExtraAction (MpId, &JumpAddress);\r
+\r
+ // Initialize architecture specific security policy\r
+ ArmSecArchTrustzoneInit ();\r
+\r
+ // CP15 Secure Configuration Register\r
+ ArmWriteScr (PcdGet32 (PcdArmScr));\r
+\r
+ NonTrustedWorldTransition (MpId, JumpAddress);\r
+}\r
+\r
+VOID\r
+NonTrustedWorldTransition (\r
+ IN UINTN MpId,\r
+ IN UINTN JumpAddress\r
+ )\r
+{\r
+ // If PcdArmNonSecModeTransition is defined then set this specific mode to CPSR before the transition\r
+ // By not set, the mode for Non Secure World is SVC\r
+ if (PcdGet32 (PcdArmNonSecModeTransition) != 0) {\r
+ set_non_secure_mode ((ARM_PROCESSOR_MODE)PcdGet32 (PcdArmNonSecModeTransition));\r
+ }\r
+\r
+ return_from_exception (JumpAddress);\r
+ //-------------------- Non Secure Mode ---------------------\r
+\r
+ // PEI Core should always load and never return\r
+ ASSERT (FALSE);\r
+}\r
+\r