[mirror_edk2.git] / ArmPlatformPkg / Sec / Sec.c

/** @file
*  Main file supporting the SEC Phase on ARM Platforms
*
*  Copyright (c) 2011-2012, ARM Limited. All rights reserved.
*  
*  This program and the accompanying materials                          
*  are licensed and made available under the terms and conditions of the BSD License         
*  which accompanies this distribution.  The full text of the license may be found at        
*  http://opensource.org/licenses/bsd-license.php                                            
*
*  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,                     
*  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.             
*
**/

#include <Library/ArmTrustedMonitorLib.h>
#include <Library/DebugAgentLib.h>
#include <Library/PrintLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/SerialPortLib.h>
#include <Library/ArmGicLib.h>

#include "SecInternal.h"

#define SerialPrint(txt)  SerialPortWrite ((UINT8*)txt, AsciiStrLen(txt)+1);

VOID
CEntryPoint (
  IN  UINTN                     MpId
  )
{
  CHAR8           Buffer[100];
  UINTN           CharCount;
  UINTN           JumpAddress;

  // Invalidate the data cache. Doesn't have to do the Data cache clean.
  ArmInvalidateDataCache();

  // Invalidate Instruction Cache
  ArmInvalidateInstructionCache();

  // Invalidate I & D TLBs
  ArmInvalidateInstructionAndDataTlb();

  // CPU specific settings
  ArmCpuSetup (MpId);

  // Enable Floating Point Coprocessor if supported by the platform
  if (FixedPcdGet32 (PcdVFPEnabled)) {
    ArmEnableVFP();
  }

  // Initialize peripherals that must be done at the early stage
  // Example: Some L2 controller, interconnect, clock, DMC, etc
  ArmPlatformSecInitialize (MpId);

  // Primary CPU clears out the SCU tag RAMs, secondaries wait
  if (IS_PRIMARY_CORE(MpId)) {
    if (ArmIsMpCore()) {
      // Signal for the initial memory is configured (event: BOOT_MEM_INIT)
      ArmCallSEV ();
    }

    // SEC phase needs to run library constructors by hand. This assumes we are linked against the SerialLib
    // In non SEC modules the init call is in autogenerated code.
    SerialPortInitialize ();

    // Start talking
    if (FixedPcdGetBool (PcdTrustzoneSupport)) {
      CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Secure firmware (version %s built at %a on %a)\n\r",
          (CHAR16*)PcdGetPtr(PcdFirmwareVersionString), __TIME__, __DATE__);
    } else {
      CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Boot firmware (version %s built at %a on %a)\n\r",
          (CHAR16*)PcdGetPtr(PcdFirmwareVersionString), __TIME__, __DATE__);
    }
    SerialPortWrite ((UINT8 *) Buffer, CharCount);

    // Initialize the Debug Agent for Source Level Debugging
    InitializeDebugAgent (DEBUG_AGENT_INIT_PREMEM_SEC, NULL, NULL);
    SaveAndSetDebugTimerInterrupt (TRUE);

    // Now we've got UART, make the check:
    // - The Vector table must be 32-byte aligned
    ASSERT(((UINT32)SecVectorTable & ((1 << 5)-1)) == 0);

    // Enable the GIC distributor and CPU Interface
    // - no other Interrupts are enabled,  doesn't have to worry about the priority.
    // - all the cores are in secure state, use secure SGI's
    ArmGicEnableDistributor (PcdGet32(PcdGicDistributorBase));
    ArmGicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase));
  } else {
    // Enable the GIC CPU Interface
    ArmGicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase));
  }

  // Enable Full Access to CoProcessors
  ArmWriteCpacr (CPACR_CP_FULL_ACCESS);

  // Test if Trustzone is supported on this platform
  if (FixedPcdGetBool (PcdTrustzoneSupport)) {
    if (ArmIsMpCore()) {
      // Setup SMP in Non Secure world
      ArmCpuSetupSmpNonSecure (GET_CORE_ID(MpId));
    }

    // Either we use the Secure Stacks for Secure Monitor (in this case (Base == 0) && (Size == 0))
    // Or we use separate Secure Monitor stacks (but (Base != 0) && (Size != 0))
    ASSERT (((PcdGet32(PcdCPUCoresSecMonStackBase) == 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) == 0)) ||
            ((PcdGet32(PcdCPUCoresSecMonStackBase) != 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) != 0)));

    // Enter Monitor Mode
    enter_monitor_mode ((UINTN)TrustedWorldInitialization, MpId, (VOID*)(PcdGet32(PcdCPUCoresSecMonStackBase) + (PcdGet32(PcdCPUCoreSecMonStackSize) * (GET_CORE_POS(MpId) + 1))));
  } else {
    if (IS_PRIMARY_CORE(MpId)) {
      SerialPrint ("Trust Zone Configuration is disabled\n\r");
    }

    // With Trustzone support the transition from Sec to Normal world is done by return_from_exception().
    // If we want to keep this function call we need to ensure the SVC's SPSR point to the same Program
    // Status Register as the the current one (CPSR).
    copy_cpsr_into_spsr ();

    // Call the Platform specific function to execute additional actions if required
    JumpAddress = PcdGet32 (PcdFvBaseAddress);
    ArmPlatformSecExtraAction (MpId, &JumpAddress);

    NonTrustedWorldTransition (MpId, JumpAddress);
  }
  ASSERT (0); // We must never return from the above function
}

VOID
TrustedWorldInitialization (
  IN  UINTN                     MpId
  )
{
  UINTN   JumpAddress;

  //-------------------- Monitor Mode ---------------------

  // Set up Monitor World (Vector Table, etc)
  ArmSecureMonitorWorldInitialize ();

  // Transfer the interrupt to Non-secure World
  ArmGicSetupNonSecure (MpId, PcdGet32(PcdGicDistributorBase), PcdGet32(PcdGicInterruptInterfaceBase));

  // Initialize platform specific security policy
  ArmPlatformSecTrustzoneInit (MpId);

  // Setup the Trustzone Chipsets
  if (IS_PRIMARY_CORE(MpId)) {
    if (ArmIsMpCore()) {
      // Signal the secondary core the Security settings is done (event: EVENT_SECURE_INIT)
      ArmCallSEV ();
    }
  } else {
    // The secondary cores need to wait until the Trustzone chipsets configuration is done
    // before switching to Non Secure World

    // Wait for the Primary Core to finish the initialization of the Secure World (event: EVENT_SECURE_INIT)
    ArmCallWFE ();
  }

  // Call the Platform specific function to execute additional actions if required
  JumpAddress = PcdGet32 (PcdFvBaseAddress);
  ArmPlatformSecExtraAction (MpId, &JumpAddress);

  // Write to CP15 Non-secure Access Control Register
  ArmWriteNsacr (PcdGet32 (PcdArmNsacr));

  // CP15 Secure Configuration Register
  ArmWriteScr (PcdGet32 (PcdArmScr));

  NonTrustedWorldTransition (MpId, JumpAddress);
}

VOID
NonTrustedWorldTransition (
  IN  UINTN                     MpId,
  IN  UINTN                     JumpAddress
  )
{
  // If PcdArmNonSecModeTransition is defined then set this specific mode to CPSR before the transition
  // By not set, the mode for Non Secure World is SVC
  if (PcdGet32 (PcdArmNonSecModeTransition) != 0) {
    set_non_secure_mode ((ARM_PROCESSOR_MODE)PcdGet32 (PcdArmNonSecModeTransition));
  }

  return_from_exception (JumpAddress);
  //-------------------- Non Secure Mode ---------------------

  // PEI Core should always load and never return
  ASSERT (FALSE);
}

VOID
SecCommonExceptionEntry (
  IN UINT32 Entry,
  IN UINT32 LR
  )
{
  CHAR8           Buffer[100];
  UINTN           CharCount;

  switch (Entry) {
  case 0:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Reset Exception at 0x%X\n\r",LR);
    break;
  case 1:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Undefined Exception at 0x%X\n\r",LR);
    break;
  case 2:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"SWI Exception at 0x%X\n\r",LR);
    break;
  case 3:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"PrefetchAbort Exception at 0x%X\n\r",LR);
    break;
  case 4:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"DataAbort Exception at 0x%X\n\r",LR);
    break;
  case 5:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Reserved Exception at 0x%X\n\r",LR);
    break;
  case 6:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"IRQ Exception at 0x%X\n\r",LR);
    break;
  case 7:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"FIQ Exception at 0x%X\n\r",LR);
    break;
  default:
    CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Unknown Exception at 0x%X\n\r",LR);
    break;
  }
  SerialPortWrite ((UINT8 *) Buffer, CharCount);
  while(1);
}
Commit	Line	Data
1d5d0ae9	1	/** @file
009f583f	2	* Main file supporting the SEC Phase on ARM Platforms
1d5d0ae9	3	*
8cc852f7	4	* Copyright (c) 2011-2012, ARM Limited. All rights reserved.
1d5d0ae9	5	*
	6	* This program and the accompanying materials
	7	* are licensed and made available under the terms and conditions of the BSD License
	8	* which accompanies this distribution. The full text of the license may be found at
	9	* http://opensource.org/licenses/bsd-license.php
	10	*
	11	* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
	12	* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
	13	*
	14	**/
	15
8cc852f7	16	#include <Library/ArmTrustedMonitorLib.h>
a6caee65	17	#include <Library/DebugAgentLib.h>
2637d1ef	18	#include <Library/PrintLib.h>
1d5d0ae9	19	#include <Library/BaseMemoryLib.h>
1d5d0ae9	20	#include <Library/SerialPortLib.h>
55a0d64b	21	#include <Library/ArmGicLib.h>
0620eec9	22
009f583f	23	#include "SecInternal.h"
009f583f	24
e862cd50	25	#define SerialPrint(txt) SerialPortWrite ((UINT8*)txt, AsciiStrLen(txt)+1);
2637d1ef	26
1d5d0ae9	27	VOID
1d5d0ae9	28	CEntryPoint (
0787bc61	29	IN UINTN MpId
1d5d0ae9	30	)
1d5d0ae9	31	{
2637d1ef	32	CHAR8 Buffer[100];
2637d1ef	33	UINTN CharCount;
3d93aeae	34	UINTN JumpAddress;
2637d1ef	35
710b8acb	36	// Invalidate the data cache. Doesn't have to do the Data cache clean.
	37	ArmInvalidateDataCache();
	38
	39	// Invalidate Instruction Cache
	40	ArmInvalidateInstructionCache();
	41
	42	// Invalidate I & D TLBs
	43	ArmInvalidateInstructionAndDataTlb();
	44
	45	// CPU specific settings
	46	ArmCpuSetup (MpId);
	47
82344416	48	// Enable Floating Point Coprocessor if supported by the platform
	49	if (FixedPcdGet32 (PcdVFPEnabled)) {
	50	ArmEnableVFP();
	51	}
e314d564	52
	53	// Initialize peripherals that must be done at the early stage
	54	// Example: Some L2 controller, interconnect, clock, DMC, etc
	55	ArmPlatformSecInitialize (MpId);
	56
1d5d0ae9	57	// Primary CPU clears out the SCU tag RAMs, secondaries wait
0787bc61	58	if (IS_PRIMARY_CORE(MpId)) {
90d6a1bb	59	if (ArmIsMpCore()) {
b1d41be7	60	// Signal for the initial memory is configured (event: BOOT_MEM_INIT)
b1d41be7	61	ArmCallSEV ();
1d5d0ae9	62	}
	63
	64	// SEC phase needs to run library constructors by hand. This assumes we are linked against the SerialLib
	65	// In non SEC modules the init call is in autogenerated code.
	66	SerialPortInitialize ();
2637d1ef	67
1d5d0ae9	68	// Start talking
99744d52	69	if (FixedPcdGetBool (PcdTrustzoneSupport)) {
	70	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Secure firmware (version %s built at %a on %a)\n\r",
	71	(CHAR16*)PcdGetPtr(PcdFirmwareVersionString), __TIME__, __DATE__);
	72	} else {
	73	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Boot firmware (version %s built at %a on %a)\n\r",
	74	(CHAR16*)PcdGetPtr(PcdFirmwareVersionString), __TIME__, __DATE__);
	75	}
2637d1ef	76	SerialPortWrite ((UINT8 *) Buffer, CharCount);
1d5d0ae9	77
a6caee65	78	// Initialize the Debug Agent for Source Level Debugging
	79	InitializeDebugAgent (DEBUG_AGENT_INIT_PREMEM_SEC, NULL, NULL);
	80	SaveAndSetDebugTimerInterrupt (TRUE);
	81
1d5d0ae9	82	// Now we've got UART, make the check:
	83	// - The Vector table must be 32-byte aligned
	84	ASSERT(((UINT32)SecVectorTable & ((1 << 5)-1)) == 0);
90d6a1bb	85
	86	// Enable the GIC distributor and CPU Interface
	87	// - no other Interrupts are enabled, doesn't have to worry about the priority.
	88	// - all the cores are in secure state, use secure SGI's
	89	ArmGicEnableDistributor (PcdGet32(PcdGicDistributorBase));
	90	ArmGicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase));
	91	} else {
	92	// Enable the GIC CPU Interface
	93	ArmGicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase));
1d5d0ae9	94	}
1d5d0ae9	95
1d5d0ae9	96	// Enable Full Access to CoProcessors
836c3500	97	ArmWriteCpacr (CPACR_CP_FULL_ACCESS);
1d5d0ae9	98
1d5d0ae9	99	// Test if Trustzone is supported on this platform
12c5ae23	100	if (FixedPcdGetBool (PcdTrustzoneSupport)) {
90d6a1bb	101	if (ArmIsMpCore()) {
1d5d0ae9	102	// Setup SMP in Non Secure world
90d6a1bb	103	ArmCpuSetupSmpNonSecure (GET_CORE_ID(MpId));
1d5d0ae9	104	}
1d5d0ae9	105
d9c69d99	106	// Either we use the Secure Stacks for Secure Monitor (in this case (Base == 0) && (Size == 0))
	107	// Or we use separate Secure Monitor stacks (but (Base != 0) && (Size != 0))
	108	ASSERT (((PcdGet32(PcdCPUCoresSecMonStackBase) == 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) == 0)) \|\|
	109	((PcdGet32(PcdCPUCoresSecMonStackBase) != 0) && (PcdGet32(PcdCPUCoreSecMonStackSize) != 0)));
	110
1d5d0ae9	111	// Enter Monitor Mode
a8530889	112	enter_monitor_mode ((UINTN)TrustedWorldInitialization, MpId, (VOID)(PcdGet32(PcdCPUCoresSecMonStackBase) + (PcdGet32(PcdCPUCoreSecMonStackSize) (GET_CORE_POS(MpId) + 1))));
	113	} else {
	114	if (IS_PRIMARY_CORE(MpId)) {
	115	SerialPrint ("Trust Zone Configuration is disabled\n\r");
	116	}
1d5d0ae9	117
a8530889	118	// With Trustzone support the transition from Sec to Normal world is done by return_from_exception().
	119	// If we want to keep this function call we need to ensure the SVC's SPSR point to the same Program
	120	// Status Register as the the current one (CPSR).
	121	copy_cpsr_into_spsr ();
	122
3d93aeae	123	// Call the Platform specific function to execute additional actions if required
	124	JumpAddress = PcdGet32 (PcdFvBaseAddress);
	125	ArmPlatformSecExtraAction (MpId, &JumpAddress);
	126
	127	NonTrustedWorldTransition (MpId, JumpAddress);
a8530889	128	}
	129	ASSERT (0); // We must never return from the above function
	130	}
	131
	132	VOID
	133	TrustedWorldInitialization (
	134	IN UINTN MpId
	135	)
	136	{
3d93aeae	137	UINTN JumpAddress;
3d93aeae	138
8cc852f7	139	//-------------------- Monitor Mode ---------------------
	140
	141	// Set up Monitor World (Vector Table, etc)
	142	ArmSecureMonitorWorldInitialize ();
1d5d0ae9	143
5e773144	144	// Transfer the interrupt to Non-secure World
5e773144	145	ArmGicSetupNonSecure (MpId, PcdGet32(PcdGicDistributorBase), PcdGet32(PcdGicInterruptInterfaceBase));
80dfbc11	146
5e773144	147	// Initialize platform specific security policy
e314d564	148	ArmPlatformSecTrustzoneInit (MpId);
1d5d0ae9	149
5e773144	150	// Setup the Trustzone Chipsets
5e773144	151	if (IS_PRIMARY_CORE(MpId)) {
a8530889	152	if (ArmIsMpCore()) {
b1d41be7	153	// Signal the secondary core the Security settings is done (event: EVENT_SECURE_INIT)
b1d41be7	154	ArmCallSEV ();
1d5d0ae9	155	}
a8530889	156	} else {
	157	// The secondary cores need to wait until the Trustzone chipsets configuration is done
	158	// before switching to Non Secure World
1d5d0ae9	159
b1d41be7	160	// Wait for the Primary Core to finish the initialization of the Secure World (event: EVENT_SECURE_INIT)
b1d41be7	161	ArmCallWFE ();
a8530889	162	}
1d5d0ae9	163
b1d41be7	164	// Call the Platform specific function to execute additional actions if required
3d93aeae	165	JumpAddress = PcdGet32 (PcdFvBaseAddress);
	166	ArmPlatformSecExtraAction (MpId, &JumpAddress);
	167
a8530889	168	// Write to CP15 Non-secure Access Control Register
a8530889	169	ArmWriteNsacr (PcdGet32 (PcdArmNsacr));
1d5d0ae9	170
a8530889	171	// CP15 Secure Configuration Register
	172	ArmWriteScr (PcdGet32 (PcdArmScr));
	173
3d93aeae	174	NonTrustedWorldTransition (MpId, JumpAddress);
a8530889	175	}
	176
	177	VOID
	178	NonTrustedWorldTransition (
3d93aeae	179	IN UINTN MpId,
3d93aeae	180	IN UINTN JumpAddress
a8530889	181	)
a8530889	182	{
513aa349	183	// If PcdArmNonSecModeTransition is defined then set this specific mode to CPSR before the transition
	184	// By not set, the mode for Non Secure World is SVC
	185	if (PcdGet32 (PcdArmNonSecModeTransition) != 0) {
	186	set_non_secure_mode ((ARM_PROCESSOR_MODE)PcdGet32 (PcdArmNonSecModeTransition));
	187	}
	188
a6caee65	189	return_from_exception (JumpAddress);
1d5d0ae9	190	//-------------------- Non Secure Mode ---------------------
	191
	192	// PEI Core should always load and never return
	193	ASSERT (FALSE);
	194	}
	195
2637d1ef	196	VOID
	197	SecCommonExceptionEntry (
	198	IN UINT32 Entry,
	199	IN UINT32 LR
	200	)
	201	{
	202	CHAR8 Buffer[100];
	203	UINTN CharCount;
	204
1d5d0ae9	205	switch (Entry) {
1d5d0ae9	206	case 0:
2637d1ef	207	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Reset Exception at 0x%X\n\r",LR);
1d5d0ae9	208	break;
1d5d0ae9	209	case 1:
2637d1ef	210	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Undefined Exception at 0x%X\n\r",LR);
1d5d0ae9	211	break;
1d5d0ae9	212	case 2:
2637d1ef	213	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"SWI Exception at 0x%X\n\r",LR);
1d5d0ae9	214	break;
1d5d0ae9	215	case 3:
2637d1ef	216	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"PrefetchAbort Exception at 0x%X\n\r",LR);
1d5d0ae9	217	break;
1d5d0ae9	218	case 4:
2637d1ef	219	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"DataAbort Exception at 0x%X\n\r",LR);
1d5d0ae9	220	break;
1d5d0ae9	221	case 5:
2637d1ef	222	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Reserved Exception at 0x%X\n\r",LR);
1d5d0ae9	223	break;
1d5d0ae9	224	case 6:
2637d1ef	225	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"IRQ Exception at 0x%X\n\r",LR);
1d5d0ae9	226	break;
1d5d0ae9	227	case 7:
2637d1ef	228	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"FIQ Exception at 0x%X\n\r",LR);
1d5d0ae9	229	break;
1d5d0ae9	230	default:
2637d1ef	231	CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Unknown Exception at 0x%X\n\r",LR);
1d5d0ae9	232	break;
1d5d0ae9	233	}
2637d1ef	234	SerialPortWrite ((UINT8 *) Buffer, CharCount);
1d5d0ae9	235	while(1);
1d5d0ae9	236	}