[mirror_edk2.git] / ArmPlatformPkg / Sec / Sec.c

/** @file
*  Main file supporting the SEC Phase on ARM Platforms
*
*  Copyright (c) 2011-2012, ARM Limited. All rights reserved.
*  
*  This program and the accompanying materials                          
*  are licensed and made available under the terms and conditions of the BSD License         
*  which accompanies this distribution.  The full text of the license may be found at        
*  http://opensource.org/licenses/bsd-license.php                                            
*
*  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,                     
*  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.             
*
**/

#include <Library/ArmTrustedMonitorLib.h>
#include <Library/DebugAgentLib.h>
#include <Library/PrintLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/SerialPortLib.h>
#include <Library/ArmGicLib.h>
#include <Library/ArmCpuLib.h>

#include "SecInternal.h"

#define SerialPrint(txt)  SerialPortWrite ((UINT8*)txt, AsciiStrLen(txt)+1);

VOID
CEntryPoint (
  IN  UINTN                     MpId
  )
{
  CHAR8           Buffer[100];
  UINTN           CharCount;
  UINTN           JumpAddress;

  // Invalidate the data cache. Doesn't have to do the Data cache clean.
  ArmInvalidateDataCache();

  // Invalidate Instruction Cache
  ArmInvalidateInstructionCache();

  // Invalidate I & D TLBs
  ArmInvalidateInstructionAndDataTlb();

  // CPU specific settings
  ArmCpuSetup (MpId);

  // Enable Floating Point Coprocessor if supported by the platform
  if (FixedPcdGet32 (PcdVFPEnabled)) {
    ArmEnableVFP();
  }
	
  // Primary CPU clears out the SCU tag RAMs, secondaries wait
  if (IS_PRIMARY_CORE(MpId)) {
    if (ArmIsMpCore()) {
      ArmCpuSynchronizeSignal (ARM_CPU_EVENT_BOOT_MEM_INIT);
    }

    // SEC phase needs to run library constructors by hand. This assumes we are linked against the SerialLib
    // In non SEC modules the init call is in autogenerated code.
    SerialPortInitialize ();

    // Start talking
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"UEFI firmware built at %a on %a\n\r",__TIME__, __DATE__);
    SerialPortWrite ((UINT8 *) Buffer, CharCount);

    // Initialize the Debug Agent for Source Level Debugging
    InitializeDebugAgent (DEBUG_AGENT_INIT_PREMEM_SEC, NULL, NULL);
    SaveAndSetDebugTimerInterrupt (TRUE);

    // Now we've got UART, make the check:
    // - The Vector table must be 32-byte aligned
    ASSERT(((UINT32)SecVectorTable & ((1 << 5)-1)) == 0);

    // Enable the GIC distributor and CPU Interface
    // - no other Interrupts are enabled,  doesn't have to worry about the priority.
    // - all the cores are in secure state, use secure SGI's
    ArmGicEnableDistributor (PcdGet32(PcdGicDistributorBase));
    ArmGicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase));
  } else {
    // Enable the GIC CPU Interface
    ArmGicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase));
  }

  // Enable Full Access to CoProcessors
  ArmWriteCPACR (CPACR_CP_FULL_ACCESS);

  if (IS_PRIMARY_CORE(MpId)) {
    // Initialize peripherals that must be done at the early stage
    // Example: Some L2x0 controllers must be initialized in Secure World
    ArmPlatformSecInitialize ();

    // If we skip the PEI Core we could want to initialize the DRAM in the SEC phase.
    // If we are in standalone, we need the initialization to copy the UEFI firmware into DRAM
    if (FeaturePcdGet (PcdSystemMemoryInitializeInSec)) {
      // Initialize system memory (DRAM)
      ArmPlatformInitializeSystemMemory ();
    }
  }

  // Test if Trustzone is supported on this platform
  if (FixedPcdGetBool (PcdTrustzoneSupport)) {
    if (ArmIsMpCore()) {
      // Setup SMP in Non Secure world
      ArmCpuSetupSmpNonSecure (GET_CORE_ID(MpId));
    }

    // Either we use the Secure Stacks for Secure Monitor (in this case (Base == 0) && (Size == 0))
    // Or we use separate Secure Monitor stacks (but (Base != 0) && (Size != 0))
    ASSERT (((PcdGet32(PcdCPUCoresSecMonStackBase) == 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) == 0)) ||
            ((PcdGet32(PcdCPUCoresSecMonStackBase) != 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) != 0)));

    // Enter Monitor Mode
    enter_monitor_mode ((UINTN)TrustedWorldInitialization, MpId, (VOID*)(PcdGet32(PcdCPUCoresSecMonStackBase) + (PcdGet32(PcdCPUCoreSecMonStackSize) * (GET_CORE_POS(MpId) + 1))));
  } else {
    if (IS_PRIMARY_CORE(MpId)) {
      SerialPrint ("Trust Zone Configuration is disabled\n\r");
    }

    // With Trustzone support the transition from Sec to Normal world is done by return_from_exception().
    // If we want to keep this function call we need to ensure the SVC's SPSR point to the same Program
    // Status Register as the the current one (CPSR).
    copy_cpsr_into_spsr ();

    // Call the Platform specific function to execute additional actions if required
    JumpAddress = PcdGet32 (PcdFvBaseAddress);
    ArmPlatformSecExtraAction (MpId, &JumpAddress);

    NonTrustedWorldTransition (MpId, JumpAddress);
  }
  ASSERT (0); // We must never return from the above function
}

VOID
TrustedWorldInitialization (
  IN  UINTN                     MpId
  )
{
  UINTN   JumpAddress;

  //-------------------- Monitor Mode ---------------------

  // Set up Monitor World (Vector Table, etc)
  ArmSecureMonitorWorldInitialize ();

  // Setup the Trustzone Chipsets
  if (IS_PRIMARY_CORE(MpId)) {
    // Transfer the interrupt to Non-secure World
    ArmGicSetupNonSecure (PcdGet32(PcdGicDistributorBase), PcdGet32(PcdGicInterruptInterfaceBase));

    // Initialize platform specific security policy
    ArmPlatformTrustzoneInit ();

    if (ArmIsMpCore()) {
      // Waiting for the Primary Core to have finished to initialize the Secure World
      ArmCpuSynchronizeSignal (ARM_CPU_EVENT_SECURE_INIT);
    }
  } else {
    // The secondary cores need to wait until the Trustzone chipsets configuration is done
    // before switching to Non Secure World

    // Waiting for the Primary Core to have finished to initialize the Secure World
    ArmCpuSynchronizeWait (ARM_CPU_EVENT_SECURE_INIT);
  }

  // Call the Platform specific fucntion to execute additional actions if required
  JumpAddress = PcdGet32 (PcdFvBaseAddress);
  ArmPlatformSecExtraAction (MpId, &JumpAddress);

  // Write to CP15 Non-secure Access Control Register
  ArmWriteNsacr (PcdGet32 (PcdArmNsacr));

  // CP15 Secure Configuration Register
  ArmWriteScr (PcdGet32 (PcdArmScr));

  NonTrustedWorldTransition (MpId, JumpAddress);
}

VOID
NonTrustedWorldTransition (
  IN  UINTN                     MpId,
  IN  UINTN                     JumpAddress
  )
{
  // If PcdArmNonSecModeTransition is defined then set this specific mode to CPSR before the transition
  // By not set, the mode for Non Secure World is SVC
  if (PcdGet32 (PcdArmNonSecModeTransition) != 0) {
    set_non_secure_mode ((ARM_PROCESSOR_MODE)PcdGet32 (PcdArmNonSecModeTransition));
  }

  return_from_exception (JumpAddress);
  //-------------------- Non Secure Mode ---------------------

  // PEI Core should always load and never return
  ASSERT (FALSE);
}

VOID
SecCommonExceptionEntry (
  IN UINT32 Entry,
  IN UINT32 LR
  )
{
  CHAR8           Buffer[100];
  UINTN           CharCount;

  switch (Entry) {
  case 0:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Reset Exception at 0x%X\n\r",LR);
    break;
  case 1:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Undefined Exception at 0x%X\n\r",LR);
    break;
  case 2:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"SWI Exception at 0x%X\n\r",LR);
    break;
  case 3:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"PrefetchAbort Exception at 0x%X\n\r",LR);
    break;
  case 4:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"DataAbort Exception at 0x%X\n\r",LR);
    break;
  case 5:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Reserved Exception at 0x%X\n\r",LR);
    break;
  case 6:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"IRQ Exception at 0x%X\n\r",LR);
    break;
  case 7:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"FIQ Exception at 0x%X\n\r",LR);
    break;
  default:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Unknown Exception at 0x%X\n\r",LR);
    break;
  }
  SerialPortWrite ((UINT8 *) Buffer, CharCount);
  while(1);
}
Commit	Line	Data
1d5d0ae9	1	/** @file
009f583f	2	* Main file supporting the SEC Phase on ARM Platforms
1d5d0ae9	3	*
8cc852f7	4	* Copyright (c) 2011-2012, ARM Limited. All rights reserved.
1d5d0ae9	5	*
	6	* This program and the accompanying materials
	7	* are licensed and made available under the terms and conditions of the BSD License
	8	* which accompanies this distribution. The full text of the license may be found at
	9	* http://opensource.org/licenses/bsd-license.php
	10	*
	11	* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
	12	* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
	13	*
	14	**/
	15
8cc852f7	16	#include <Library/ArmTrustedMonitorLib.h>
a6caee65	17	#include <Library/DebugAgentLib.h>
2637d1ef	18	#include <Library/PrintLib.h>
1d5d0ae9	19	#include <Library/BaseMemoryLib.h>
1d5d0ae9	20	#include <Library/SerialPortLib.h>
55a0d64b	21	#include <Library/ArmGicLib.h>
90d6a1bb	22	#include <Library/ArmCpuLib.h>
0620eec9	23
009f583f	24	#include "SecInternal.h"
009f583f	25
e862cd50	26	#define SerialPrint(txt) SerialPortWrite ((UINT8*)txt, AsciiStrLen(txt)+1);
2637d1ef	27
1d5d0ae9	28	VOID
1d5d0ae9	29	CEntryPoint (
0787bc61	30	IN UINTN MpId
1d5d0ae9	31	)
1d5d0ae9	32	{
2637d1ef	33	CHAR8 Buffer[100];
2637d1ef	34	UINTN CharCount;
3d93aeae	35	UINTN JumpAddress;
2637d1ef	36
710b8acb	37	// Invalidate the data cache. Doesn't have to do the Data cache clean.
	38	ArmInvalidateDataCache();
	39
	40	// Invalidate Instruction Cache
	41	ArmInvalidateInstructionCache();
	42
	43	// Invalidate I & D TLBs
	44	ArmInvalidateInstructionAndDataTlb();
	45
	46	// CPU specific settings
	47	ArmCpuSetup (MpId);
	48
82344416	49	// Enable Floating Point Coprocessor if supported by the platform
	50	if (FixedPcdGet32 (PcdVFPEnabled)) {
	51	ArmEnableVFP();
	52	}
	53
1d5d0ae9	54	// Primary CPU clears out the SCU tag RAMs, secondaries wait
0787bc61	55	if (IS_PRIMARY_CORE(MpId)) {
90d6a1bb	56	if (ArmIsMpCore()) {
90d6a1bb	57	ArmCpuSynchronizeSignal (ARM_CPU_EVENT_BOOT_MEM_INIT);
1d5d0ae9	58	}
	59
	60	// SEC phase needs to run library constructors by hand. This assumes we are linked against the SerialLib
	61	// In non SEC modules the init call is in autogenerated code.
	62	SerialPortInitialize ();
2637d1ef	63
1d5d0ae9	64	// Start talking
2637d1ef	65	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"UEFI firmware built at %a on %a\n\r",__TIME__, __DATE__);
2637d1ef	66	SerialPortWrite ((UINT8 *) Buffer, CharCount);
1d5d0ae9	67
a6caee65	68	// Initialize the Debug Agent for Source Level Debugging
	69	InitializeDebugAgent (DEBUG_AGENT_INIT_PREMEM_SEC, NULL, NULL);
	70	SaveAndSetDebugTimerInterrupt (TRUE);
	71
1d5d0ae9	72	// Now we've got UART, make the check:
	73	// - The Vector table must be 32-byte aligned
	74	ASSERT(((UINT32)SecVectorTable & ((1 << 5)-1)) == 0);
90d6a1bb	75
	76	// Enable the GIC distributor and CPU Interface
	77	// - no other Interrupts are enabled, doesn't have to worry about the priority.
	78	// - all the cores are in secure state, use secure SGI's
	79	ArmGicEnableDistributor (PcdGet32(PcdGicDistributorBase));
	80	ArmGicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase));
	81	} else {
	82	// Enable the GIC CPU Interface
	83	ArmGicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase));
1d5d0ae9	84	}
1d5d0ae9	85
1d5d0ae9	86	// Enable Full Access to CoProcessors
	87	ArmWriteCPACR (CPACR_CP_FULL_ACCESS);
	88
0787bc61	89	if (IS_PRIMARY_CORE(MpId)) {
8e06b586	90	// Initialize peripherals that must be done at the early stage
8e06b586	91	// Example: Some L2x0 controllers must be initialized in Secure World
aa01abaa	92	ArmPlatformSecInitialize ();
1d5d0ae9	93
	94	// If we skip the PEI Core we could want to initialize the DRAM in the SEC phase.
	95	// If we are in standalone, we need the initialization to copy the UEFI firmware into DRAM
90d6a1bb	96	if (FeaturePcdGet (PcdSystemMemoryInitializeInSec)) {
1d5d0ae9	97	// Initialize system memory (DRAM)
1ad14bc8	98	ArmPlatformInitializeSystemMemory ();
1d5d0ae9	99	}
1d5d0ae9	100	}
	101
	102	// Test if Trustzone is supported on this platform
12c5ae23	103	if (FixedPcdGetBool (PcdTrustzoneSupport)) {
90d6a1bb	104	if (ArmIsMpCore()) {
1d5d0ae9	105	// Setup SMP in Non Secure world
90d6a1bb	106	ArmCpuSetupSmpNonSecure (GET_CORE_ID(MpId));
1d5d0ae9	107	}
1d5d0ae9	108
d9c69d99	109	// Either we use the Secure Stacks for Secure Monitor (in this case (Base == 0) && (Size == 0))
	110	// Or we use separate Secure Monitor stacks (but (Base != 0) && (Size != 0))
	111	ASSERT (((PcdGet32(PcdCPUCoresSecMonStackBase) == 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) == 0)) \|\|
	112	((PcdGet32(PcdCPUCoresSecMonStackBase) != 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) != 0)));
	113
1d5d0ae9	114	// Enter Monitor Mode
a8530889	115	enter_monitor_mode ((UINTN)TrustedWorldInitialization, MpId, (VOID)(PcdGet32(PcdCPUCoresSecMonStackBase) + (PcdGet32(PcdCPUCoreSecMonStackSize) (GET_CORE_POS(MpId) + 1))));
	116	} else {
	117	if (IS_PRIMARY_CORE(MpId)) {
	118	SerialPrint ("Trust Zone Configuration is disabled\n\r");
	119	}
1d5d0ae9	120
a8530889	121	// With Trustzone support the transition from Sec to Normal world is done by return_from_exception().
	122	// If we want to keep this function call we need to ensure the SVC's SPSR point to the same Program
	123	// Status Register as the the current one (CPSR).
	124	copy_cpsr_into_spsr ();
	125
3d93aeae	126	// Call the Platform specific function to execute additional actions if required
	127	JumpAddress = PcdGet32 (PcdFvBaseAddress);
	128	ArmPlatformSecExtraAction (MpId, &JumpAddress);
	129
	130	NonTrustedWorldTransition (MpId, JumpAddress);
a8530889	131	}
	132	ASSERT (0); // We must never return from the above function
	133	}
	134
	135	VOID
	136	TrustedWorldInitialization (
	137	IN UINTN MpId
	138	)
	139	{
3d93aeae	140	UINTN JumpAddress;
3d93aeae	141
8cc852f7	142	//-------------------- Monitor Mode ---------------------
	143
	144	// Set up Monitor World (Vector Table, etc)
	145	ArmSecureMonitorWorldInitialize ();
1d5d0ae9	146
a8530889	147	// Setup the Trustzone Chipsets
a8530889	148	if (IS_PRIMARY_CORE(MpId)) {
80dfbc11	149	// Transfer the interrupt to Non-secure World
	150	ArmGicSetupNonSecure (PcdGet32(PcdGicDistributorBase), PcdGet32(PcdGicInterruptInterfaceBase));
	151
	152	// Initialize platform specific security policy
a8530889	153	ArmPlatformTrustzoneInit ();
1d5d0ae9	154
a8530889	155	if (ArmIsMpCore()) {
90d6a1bb	156	// Waiting for the Primary Core to have finished to initialize the Secure World
90d6a1bb	157	ArmCpuSynchronizeSignal (ARM_CPU_EVENT_SECURE_INIT);
1d5d0ae9	158	}
a8530889	159	} else {
	160	// The secondary cores need to wait until the Trustzone chipsets configuration is done
	161	// before switching to Non Secure World
1d5d0ae9	162
a8530889	163	// Waiting for the Primary Core to have finished to initialize the Secure World
	164	ArmCpuSynchronizeWait (ARM_CPU_EVENT_SECURE_INIT);
	165	}
1d5d0ae9	166
3d93aeae	167	// Call the Platform specific fucntion to execute additional actions if required
	168	JumpAddress = PcdGet32 (PcdFvBaseAddress);
	169	ArmPlatformSecExtraAction (MpId, &JumpAddress);
	170
a8530889	171	// Write to CP15 Non-secure Access Control Register
a8530889	172	ArmWriteNsacr (PcdGet32 (PcdArmNsacr));
1d5d0ae9	173
a8530889	174	// CP15 Secure Configuration Register
	175	ArmWriteScr (PcdGet32 (PcdArmScr));
	176
3d93aeae	177	NonTrustedWorldTransition (MpId, JumpAddress);
a8530889	178	}
	179
	180	VOID
	181	NonTrustedWorldTransition (
3d93aeae	182	IN UINTN MpId,
3d93aeae	183	IN UINTN JumpAddress
a8530889	184	)
a8530889	185	{
513aa349	186	// If PcdArmNonSecModeTransition is defined then set this specific mode to CPSR before the transition
	187	// By not set, the mode for Non Secure World is SVC
	188	if (PcdGet32 (PcdArmNonSecModeTransition) != 0) {
	189	set_non_secure_mode ((ARM_PROCESSOR_MODE)PcdGet32 (PcdArmNonSecModeTransition));
	190	}
	191
a6caee65	192	return_from_exception (JumpAddress);
1d5d0ae9	193	//-------------------- Non Secure Mode ---------------------
	194
	195	// PEI Core should always load and never return
	196	ASSERT (FALSE);
	197	}
	198
2637d1ef	199	VOID
	200	SecCommonExceptionEntry (
	201	IN UINT32 Entry,
	202	IN UINT32 LR
	203	)
	204	{
	205	CHAR8 Buffer[100];
	206	UINTN CharCount;
	207
1d5d0ae9	208	switch (Entry) {
1d5d0ae9	209	case 0:
2637d1ef	210	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Reset Exception at 0x%X\n\r",LR);
1d5d0ae9	211	break;
1d5d0ae9	212	case 1:
2637d1ef	213	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Undefined Exception at 0x%X\n\r",LR);
1d5d0ae9	214	break;
1d5d0ae9	215	case 2:
2637d1ef	216	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"SWI Exception at 0x%X\n\r",LR);
1d5d0ae9	217	break;
1d5d0ae9	218	case 3:
2637d1ef	219	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"PrefetchAbort Exception at 0x%X\n\r",LR);
1d5d0ae9	220	break;
1d5d0ae9	221	case 4:
2637d1ef	222	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"DataAbort Exception at 0x%X\n\r",LR);
1d5d0ae9	223	break;
1d5d0ae9	224	case 5:
2637d1ef	225	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Reserved Exception at 0x%X\n\r",LR);
1d5d0ae9	226	break;
1d5d0ae9	227	case 6:
2637d1ef	228	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"IRQ Exception at 0x%X\n\r",LR);
1d5d0ae9	229	break;
1d5d0ae9	230	case 7:
2637d1ef	231	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"FIQ Exception at 0x%X\n\r",LR);
1d5d0ae9	232	break;
1d5d0ae9	233	default:
2637d1ef	234	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Unknown Exception at 0x%X\n\r",LR);
1d5d0ae9	235	break;
1d5d0ae9	236	}
2637d1ef	237	SerialPortWrite ((UINT8 *) Buffer, CharCount);
1d5d0ae9	238	while(1);
1d5d0ae9	239	}