8ddc654c24a4e245c44d954a98f219c494de476a
[mirror_edk2.git] / ArmPlatformPkg / Sec / Sec.c
1 /** @file
2 * Main file supporting the SEC Phase for Versatile Express
3 *
4 * Copyright (c) 2011, ARM Limited. All rights reserved.
5 *
6 * This program and the accompanying materials
7 * are licensed and made available under the terms and conditions of the BSD License
8 * which accompanies this distribution. The full text of the license may be found at
9 * http://opensource.org/licenses/bsd-license.php
10 *
11 * THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
13 *
14 **/
15
16 #include <Library/DebugLib.h>
17 #include <Library/PcdLib.h>
18 #include <Library/PrintLib.h>
19 #include <Library/BaseLib.h>
20 #include <Library/BaseMemoryLib.h>
21 #include <Library/ArmLib.h>
22 #include <Library/SerialPortLib.h>
23 #include <Library/ArmPlatformLib.h>
24
25 #include <Chipset/ArmV7.h>
26 #include <Drivers/PL390Gic.h>
27
28 #define ARM_PRIMARY_CORE 0
29
30 #define SerialPrint(txt) SerialPortWrite ((UINT8*)txt, AsciiStrLen(txt)+1);
31
32 extern VOID *monitor_vector_table;
33
34 VOID
35 ArmSetupGicNonSecure (
36 IN INTN GicDistributorBase,
37 IN INTN GicInterruptInterfaceBase
38 );
39
40 // Vector Table for Sec Phase
41 VOID
42 SecVectorTable (
43 VOID
44 );
45
46 VOID
47 NonSecureWaitForFirmware (
48 VOID
49 );
50
51 VOID
52 enter_monitor_mode(
53 IN VOID* Stack
54 );
55
56 VOID
57 return_from_exception (
58 IN UINTN NonSecureBase
59 );
60
61 VOID
62 copy_cpsr_into_spsr (
63 VOID
64 );
65
66 VOID
67 CEntryPoint (
68 IN UINTN CoreId
69 )
70 {
71 CHAR8 Buffer[100];
72 UINTN CharCount;
73
74 // Primary CPU clears out the SCU tag RAMs, secondaries wait
75 if (CoreId == ARM_PRIMARY_CORE) {
76 if (FixedPcdGet32(PcdMPCoreSupport)) {
77 ArmInvalidScu();
78 }
79
80 // SEC phase needs to run library constructors by hand. This assumes we are linked against the SerialLib
81 // In non SEC modules the init call is in autogenerated code.
82 SerialPortInitialize ();
83
84 // Start talking
85 CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"UEFI firmware built at %a on %a\n\r",__TIME__, __DATE__);
86 SerialPortWrite ((UINT8 *) Buffer, CharCount);
87
88 // Now we've got UART, make the check:
89 // - The Vector table must be 32-byte aligned
90 ASSERT(((UINT32)SecVectorTable & ((1 << 5)-1)) == 0);
91 }
92
93 // Invalidate the data cache. Doesn't have to do the Data cache clean.
94 ArmInvalidateDataCache();
95
96 //Invalidate Instruction Cache
97 ArmInvalidateInstructionCache();
98
99 //Invalidate I & D TLBs
100 ArmInvalidateInstructionAndDataTlb();
101
102 // Enable Full Access to CoProcessors
103 ArmWriteCPACR (CPACR_CP_FULL_ACCESS);
104
105 // Enable SWP instructions
106 ArmEnableSWPInstruction();
107
108 // Enable program flow prediction, if supported.
109 ArmEnableBranchPrediction();
110
111 if (FixedPcdGet32(PcdVFPEnabled)) {
112 ArmEnableVFP();
113 }
114
115 if (CoreId == ARM_PRIMARY_CORE) {
116 // Initialize peripherals that must be done at the early stage
117 // Example: Some L2x0 controllers must be initialized in Secure World
118 ArmPlatformSecInitialize ();
119
120 // If we skip the PEI Core we could want to initialize the DRAM in the SEC phase.
121 // If we are in standalone, we need the initialization to copy the UEFI firmware into DRAM
122 if (FeaturePcdGet(PcdSkipPeiCore) || !PcdGet32(PcdStandalone)) {
123 // Initialize system memory (DRAM)
124 ArmPlatformInitializeSystemMemory ();
125 }
126
127 // Some platform can change their physical memory mapping
128 ArmPlatformBootRemapping ();
129 }
130
131 // Test if Trustzone is supported on this platform
132 if (ArmPlatformTrustzoneSupported()) {
133 if (FixedPcdGet32(PcdMPCoreSupport)) {
134 // Setup SMP in Non Secure world
135 ArmSetupSmpNonSecure (CoreId);
136 }
137
138 // Enter Monitor Mode
139 enter_monitor_mode((VOID*)(PcdGet32(PcdCPUCoresSecMonStackBase) + (PcdGet32(PcdCPUCoreSecMonStackSize) * CoreId)));
140
141 //Write the monitor mode vector table address
142 ArmWriteVMBar((UINT32) &monitor_vector_table);
143
144 //-------------------- Monitor Mode ---------------------
145 // Setup the Trustzone Chipsets
146 if (CoreId == ARM_PRIMARY_CORE) {
147 ArmPlatformTrustzoneInit();
148
149 // Wake up the secondary cores by sending a interrupt to everyone else
150 // NOTE 1: The Software Generated Interrupts are always enabled on Cortex-A9
151 // MPcore test chip on Versatile Express board, So the Software doesn't have to
152 // enable SGI's explicitly.
153 // 2: As no other Interrupts are enabled, doesn't have to worry about the priority.
154 // 3: As all the cores are in secure state, use secure SGI's
155 //
156
157 PL390GicEnableDistributor (PcdGet32(PcdGicDistributorBase));
158 PL390GicEnableInterruptInterface(PcdGet32(PcdGicInterruptInterfaceBase));
159
160 // Send SGI to all Secondary core to wake them up from WFI state.
161 PL390GicSendSgiTo (PcdGet32(PcdGicDistributorBase), GIC_ICDSGIR_FILTER_EVERYONEELSE, 0x0E);
162 } else {
163 // The secondary cores need to wait until the Trustzone chipsets configuration is done
164 // before switching to Non Secure World
165
166 // Enabled GIC CPU Interface
167 PL390GicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase));
168
169 // Waiting for the SGI from the primary core
170 ArmCallWFI();
171
172 // Acknowledge the interrupt and send End of Interrupt signal.
173 PL390GicAcknowledgeSgiFrom(PcdGet32(PcdGicInterruptInterfaceBase), ARM_PRIMARY_CORE);
174 }
175
176 // Transfer the interrupt to Non-secure World
177 PL390GicSetupNonSecure(PcdGet32(PcdGicDistributorBase),PcdGet32(PcdGicInterruptInterfaceBase));
178
179 // Write to CP15 Non-secure Access Control Register :
180 // - Enable CP10 and CP11 accesses in NS World
181 // - Enable Access to Preload Engine in NS World
182 // - Enable lockable TLB entries allocation in NS world
183 // - Enable R/W access to SMP bit of Auxiliary Control Register in NS world
184 ArmWriteNsacr(NSACR_NS_SMP | NSACR_TL | NSACR_PLE | NSACR_CP(10) | NSACR_CP(11));
185
186 // CP15 Secure Configuration Register with Non Secure bit (SCR_NS), CPSR.A modified in any
187 // security state (SCR_AW), CPSR.F modified in any security state (SCR_FW)
188 ArmWriteScr(SCR_NS | SCR_FW | SCR_AW);
189 } else {
190 if (CoreId == ARM_PRIMARY_CORE) {
191 SerialPrint ("Trust Zone Configuration is disabled\n\r");
192 }
193
194 // Trustzone is not enabled, just enable the Distributor and CPU interface
195 if (CoreId == ARM_PRIMARY_CORE) {
196 PL390GicEnableDistributor (PcdGet32(PcdGicDistributorBase));
197 }
198 PL390GicEnableInterruptInterface(PcdGet32(PcdGicInterruptInterfaceBase));
199
200 // With Trustzone support the transition from Sec to Normal world is done by return_from_exception().
201 // If we want to keep this function call we need to ensure the SVC's SPSR point to the same Program
202 // Status Register as the the current one (CPSR).
203 copy_cpsr_into_spsr();
204 }
205
206 // If ArmVe has not been built as Standalone then we need to patch the DRAM to add an infinite loop at the start address
207 if (!PcdGet32(PcdStandalone)) {
208 if (CoreId == ARM_PRIMARY_CORE) {
209 UINTN* StartAddress = (UINTN*)PcdGet32(PcdNormalFvBaseAddress);
210
211 // Patch the DRAM to make an infinite loop at the start address
212 *StartAddress = 0xEAFFFFFE; // opcode for while(1)
213
214 CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Waiting for firmware at 0x%08X ...\n\r",StartAddress);
215 SerialPortWrite ((UINT8 *) Buffer, CharCount);
216
217 // To enter into Non Secure state, we need to make a return from exception
218 return_from_exception(PcdGet32(PcdNormalFvBaseAddress));
219 } else {
220 // When the primary core is stopped by the hardware debugger to copy the firmware
221 // into DRAM. The secondary cores are still running. As soon as the first bytes of
222 // the firmware are written into DRAM, the secondary cores will start to execute the
223 // code even if the firmware is not entirely written into the memory.
224 // That's why the secondary cores need to be parked in WFI and wake up once the
225 // firmware is ready.
226
227 // Enter Secondary Cores into non Secure State. To enter into Non Secure state, we need to make a return from exception
228 return_from_exception((UINTN)NonSecureWaitForFirmware);
229 }
230 } else if (FeaturePcdGet(PcdSkipPeiCore)) {
231 if (CoreId == ARM_PRIMARY_CORE) {
232 // Signal the secondary cores they can jump to PEI phase
233 PL390GicSendSgiTo (PcdGet32(PcdGicDistributorBase), GIC_ICDSGIR_FILTER_EVERYONEELSE, 0x0E);
234
235 // To enter into Non Secure state, we need to make a return from exception
236 return_from_exception(PcdGet32(PcdNormalFvBaseAddress));
237 } else {
238 // We wait for the primary core to finish to initialize the System Memory. When we skip PEI Core, we could set the stack in DRAM
239 // Without this synchronization the secondary cores will complete the SEC before the primary core has finished to intitialize the DRAM.
240 return_from_exception((UINTN)NonSecureWaitForFirmware);
241 }
242 } else {
243 // To enter into Non Secure state, we need to make a return from exception
244 return_from_exception(PcdGet32(PcdNormalFvBaseAddress));
245 }
246 //-------------------- Non Secure Mode ---------------------
247
248 // PEI Core should always load and never return
249 ASSERT (FALSE);
250 }
251
252 // When the firmware is built as not Standalone, the secondary cores need to wait the firmware
253 // entirely written into DRAM. It is the firmware from DRAM which will wake up the secondary cores.
254 VOID
255 NonSecureWaitForFirmware (
256 VOID
257 )
258 {
259 VOID (*secondary_start)(VOID);
260
261 // The secondary cores will execute the firmware once wake from WFI.
262 secondary_start = (VOID (*)())PcdGet32(PcdNormalFvBaseAddress);
263
264 ArmCallWFI();
265
266 // Acknowledge the interrupt and send End of Interrupt signal.
267 PL390GicAcknowledgeSgiFrom(PcdGet32(PcdGicInterruptInterfaceBase),ARM_PRIMARY_CORE);
268
269 // Jump to secondary core entry point.
270 secondary_start();
271
272 // PEI Core should always load and never return
273 ASSERT (FALSE);
274 }
275
276 VOID
277 SecCommonExceptionEntry (
278 IN UINT32 Entry,
279 IN UINT32 LR
280 )
281 {
282 CHAR8 Buffer[100];
283 UINTN CharCount;
284
285 switch (Entry) {
286 case 0:
287 CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Reset Exception at 0x%X\n\r",LR);
288 break;
289 case 1:
290 CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Undefined Exception at 0x%X\n\r",LR);
291 break;
292 case 2:
293 CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"SWI Exception at 0x%X\n\r",LR);
294 break;
295 case 3:
296 CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"PrefetchAbort Exception at 0x%X\n\r",LR);
297 break;
298 case 4:
299 CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"DataAbort Exception at 0x%X\n\r",LR);
300 break;
301 case 5:
302 CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Reserved Exception at 0x%X\n\r",LR);
303 break;
304 case 6:
305 CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"IRQ Exception at 0x%X\n\r",LR);
306 break;
307 case 7:
308 CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"FIQ Exception at 0x%X\n\r",LR);
309 break;
310 default:
311 CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Unknown Exception at 0x%X\n\r",LR);
312 break;
313 }
314 SerialPortWrite ((UINT8 *) Buffer, CharCount);
315 while(1);
316 }