X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=ArmPlatformPkg%2FSec%2FSec.c;h=a32cd3857e3975b56771cdb21c65f21f95455cb5;hp=508f418ce33cef4a65bc5bbfcab8ef6b4ff554a9;hb=fab5507a04b5d6f716708cb390d98e1e1a7078e8;hpb=bf7d7a673b1d18829aa2d638be6f2ce84fb91ead diff --git a/ArmPlatformPkg/Sec/Sec.c b/ArmPlatformPkg/Sec/Sec.c index 508f418ce3..a32cd3857e 100644 --- a/ArmPlatformPkg/Sec/Sec.c +++ b/ArmPlatformPkg/Sec/Sec.c @@ -1,5 +1,5 @@ /** @file -* Main file supporting the SEC Phase for Versatile Express +* Main file supporting the SEC Phase on ARM Platforms * * Copyright (c) 2011, ARM Limited. All rights reserved. * @@ -13,68 +13,49 @@ * **/ -#include -#include +#include #include -#include #include -#include #include -#include +#include +#include -#include -#include +#include "SecInternal.h" -#define ARM_PRIMARY_CORE 0 - -#define SerialPrint(txt) SerialPortWrite (txt, AsciiStrLen(txt)+1); +#define SerialPrint(txt) SerialPortWrite ((UINT8*)txt, AsciiStrLen(txt)+1); extern VOID *monitor_vector_table; -VOID -ArmSetupGicNonSecure ( - IN INTN GicDistributorBase, - IN INTN GicInterruptInterfaceBase -); - -// Vector Table for Sec Phase -VOID -SecVectorTable ( - VOID - ); - -VOID -NonSecureWaitForFirmware ( - VOID - ); - -VOID -enter_monitor_mode( - IN VOID* Stack - ); - -VOID -return_from_exception ( - IN UINTN NonSecureBase - ); - -VOID -copy_cpsr_into_spsr ( - VOID - ); - VOID CEntryPoint ( - IN UINTN CoreId + IN UINTN MpId ) { CHAR8 Buffer[100]; UINTN CharCount; + UINTN JumpAddress; + // Invalidate the data cache. Doesn't have to do the Data cache clean. + ArmInvalidateDataCache(); + + // Invalidate Instruction Cache + ArmInvalidateInstructionCache(); + + // Invalidate I & D TLBs + ArmInvalidateInstructionAndDataTlb(); + + // CPU specific settings + ArmCpuSetup (MpId); + + // Enable Floating Point Coprocessor if supported by the platform + if (FixedPcdGet32 (PcdVFPEnabled)) { + ArmEnableVFP(); + } + // Primary CPU clears out the SCU tag RAMs, secondaries wait - if (CoreId == ARM_PRIMARY_CORE) { - if (FixedPcdGet32(PcdMPCoreSupport)) { - ArmInvalidScu(); + if (IS_PRIMARY_CORE(MpId)) { + if (ArmIsMpCore()) { + ArmCpuSynchronizeSignal (ARM_CPU_EVENT_BOOT_MEM_INIT); } // SEC phase needs to run library constructors by hand. This assumes we are linked against the SerialLib @@ -85,177 +66,102 @@ CEntryPoint ( CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"UEFI firmware built at %a on %a\n\r",__TIME__, __DATE__); SerialPortWrite ((UINT8 *) Buffer, CharCount); + // Initialize the Debug Agent for Source Level Debugging + InitializeDebugAgent (DEBUG_AGENT_INIT_PREMEM_SEC, NULL, NULL); + SaveAndSetDebugTimerInterrupt (TRUE); + // Now we've got UART, make the check: // - The Vector table must be 32-byte aligned ASSERT(((UINT32)SecVectorTable & ((1 << 5)-1)) == 0); - } - // Invalidate the data cache. Doesn't have to do the Data cache clean. - ArmInvalidateDataCache(); - - //Invalidate Instruction Cache - ArmInvalidateInstructionCache(); - - //Invalidate I & D TLBs - ArmInvalidateInstructionAndDataTlb(); + // Enable the GIC distributor and CPU Interface + // - no other Interrupts are enabled, doesn't have to worry about the priority. + // - all the cores are in secure state, use secure SGI's + ArmGicEnableDistributor (PcdGet32(PcdGicDistributorBase)); + ArmGicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase)); + } else { + // Enable the GIC CPU Interface + ArmGicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase)); + } // Enable Full Access to CoProcessors ArmWriteCPACR (CPACR_CP_FULL_ACCESS); - // Enable SWP instructions - ArmEnableSWPInstruction(); - - // Enable program flow prediction, if supported. - ArmEnableBranchPrediction(); - - if (FixedPcdGet32(PcdVFPEnabled)) { - ArmEnableVFP(); - } - - if (CoreId == ARM_PRIMARY_CORE) { + if (IS_PRIMARY_CORE(MpId)) { // Initialize peripherals that must be done at the early stage // Example: Some L2x0 controllers must be initialized in Secure World - ArmPlatformInitialize (); + ArmPlatformSecInitialize (); // If we skip the PEI Core we could want to initialize the DRAM in the SEC phase. // If we are in standalone, we need the initialization to copy the UEFI firmware into DRAM - if (FeaturePcdGet(PcdSkipPeiCore) || !FeaturePcdGet(PcdStandalone)) { + if (FeaturePcdGet (PcdSystemMemoryInitializeInSec)) { // Initialize system memory (DRAM) - ArmPlatformInitializeSystemMemory(); + ArmPlatformInitializeSystemMemory (); } - - // Some platform can change their physical memory mapping - ArmPlatformBootRemapping(); } // Test if Trustzone is supported on this platform - if (ArmPlatformTrustzoneSupported()) { - if (FixedPcdGet32(PcdMPCoreSupport)) { + if (FixedPcdGetBool (PcdTrustzoneSupport)) { + // Ensure the Monitor Stack Base & Size have been set + ASSERT(PcdGet32(PcdCPUCoresSecMonStackBase) != 0); + ASSERT(PcdGet32(PcdCPUCoreSecMonStackSize) != 0); + + if (ArmIsMpCore()) { // Setup SMP in Non Secure world - ArmSetupSmpNonSecure(CoreId); + ArmCpuSetupSmpNonSecure (GET_CORE_ID(MpId)); } // Enter Monitor Mode - enter_monitor_mode((VOID*)(PcdGet32(PcdCPUCoresSecMonStackBase) + (PcdGet32(PcdCPUCoreSecMonStackSize) * CoreId))); + enter_monitor_mode ((VOID*)(PcdGet32(PcdCPUCoresSecMonStackBase) + (PcdGet32(PcdCPUCoreSecMonStackSize) * (GET_CORE_POS(MpId) + 1)))); //Write the monitor mode vector table address ArmWriteVMBar((UINT32) &monitor_vector_table); //-------------------- Monitor Mode --------------------- // Setup the Trustzone Chipsets - if (CoreId == ARM_PRIMARY_CORE) { - ArmPlatformTrustzoneInit(); - - // Wake up the secondary cores by sending a interrupt to everyone else - // NOTE 1: The Software Generated Interrupts are always enabled on Cortex-A9 - // MPcore test chip on Versatile Express board, So the Software doesn't have to - // enable SGI's explicitly. - // 2: As no other Interrupts are enabled, doesn't have to worry about the priority. - // 3: As all the cores are in secure state, use secure SGI's - // - - PL390GicEnableDistributor (PcdGet32(PcdGicDistributorBase)); - PL390GicEnableInterruptInterface(PcdGet32(PcdGicInterruptInterfaceBase)); - - // Send SGI to all Secondary core to wake them up from WFI state. - PL390GicSendSgiTo (PcdGet32(PcdGicDistributorBase), GIC_ICDSGIR_FILTER_EVERYONEELSE, 0x0E); + if (IS_PRIMARY_CORE(MpId)) { + ArmPlatformTrustzoneInit (); + + // Waiting for the Primary Core to have finished to initialize the Secure World + ArmCpuSynchronizeSignal (ARM_CPU_EVENT_SECURE_INIT); } else { // The secondary cores need to wait until the Trustzone chipsets configuration is done // before switching to Non Secure World - // Enabled GIC CPU Interface - PL390GicEnableInterruptInterface (PcdGet32(PcdGicInterruptInterfaceBase)); - - // Waiting for the SGI from the primary core - ArmCallWFI(); - - // Acknowledge the interrupt and send End of Interrupt signal. - PL390GicAcknowledgeSgiFrom(PcdGet32(PcdGicInterruptInterfaceBase), ARM_PRIMARY_CORE); + // Waiting for the Primary Core to have finished to initialize the Secure World + ArmCpuSynchronizeWait (ARM_CPU_EVENT_SECURE_INIT); } // Transfer the interrupt to Non-secure World - PL390GicSetupNonSecure(PcdGet32(PcdGicDistributorBase),PcdGet32(PcdGicInterruptInterfaceBase)); - - // Write to CP15 Non-secure Access Control Register : - // - Enable CP10 and CP11 accesses in NS World - // - Enable Access to Preload Engine in NS World - // - Enable lockable TLB entries allocation in NS world - // - Enable R/W access to SMP bit of Auxiliary Control Register in NS world - ArmWriteNsacr(NSACR_NS_SMP | NSACR_TL | NSACR_PLE | NSACR_CP(10) | NSACR_CP(11)); - - // CP15 Secure Configuration Register with Non Secure bit (SCR_NS), CPSR.A modified in any - // security state (SCR_AW), CPSR.F modified in any security state (SCR_FW) - ArmWriteScr(SCR_NS | SCR_FW | SCR_AW); + ArmGicSetupNonSecure (PcdGet32(PcdGicDistributorBase), PcdGet32(PcdGicInterruptInterfaceBase)); + + // Write to CP15 Non-secure Access Control Register + ArmWriteNsacr (PcdGet32 (PcdArmNsacr)); + + // CP15 Secure Configuration Register + ArmWriteScr (PcdGet32 (PcdArmScr)); } else { - if (CoreId == ARM_PRIMARY_CORE) { + if (IS_PRIMARY_CORE(MpId)) { SerialPrint ("Trust Zone Configuration is disabled\n\r"); } - // Trustzone is not enabled, just enable the Distributor and CPU interface - if (CoreId == ARM_PRIMARY_CORE) { - PL390GicEnableDistributor (PcdGet32(PcdGicDistributorBase)); - } - PL390GicEnableInterruptInterface(PcdGet32(PcdGicInterruptInterfaceBase)); - // With Trustzone support the transition from Sec to Normal world is done by return_from_exception(). // If we want to keep this function call we need to ensure the SVC's SPSR point to the same Program // Status Register as the the current one (CPSR). - copy_cpsr_into_spsr(); + copy_cpsr_into_spsr (); } - // If ArmVe has not been built as Standalone then we need to patch the DRAM to add an infinite loop at the start address - if (FeaturePcdGet(PcdStandalone) == FALSE) { - if (CoreId == ARM_PRIMARY_CORE) { - UINTN* StartAddress = (UINTN*)PcdGet32(PcdNormalFdBaseAddress); - - // Patch the DRAM to make an infinite loop at the start address - *StartAddress = 0xEAFFFFFE; // opcode for while(1) - - CharCount = AsciiSPrint (Buffer,sizeof (Buffer),"Waiting for firmware at 0x%08X ...\n\r",StartAddress); - SerialPortWrite ((UINT8 *) Buffer, CharCount); + JumpAddress = PcdGet32 (PcdFvBaseAddress); + ArmPlatformSecExtraAction (MpId, &JumpAddress); - // To enter into Non Secure state, we need to make a return from exception - return_from_exception(PcdGet32(PcdNormalFdBaseAddress)); - } else { - // When the primary core is stopped by the hardware debugger to copy the firmware - // into DRAM. The secondary cores are still running. As soon as the first bytes of - // the firmware are written into DRAM, the secondary cores will start to execute the - // code even if the firmware is not entirely written into the memory. - // That's why the secondary cores need to be parked in WFI and wake up once the - // firmware is ready. - - // Enter Secondary Cores into non Secure State. To enter into Non Secure state, we need to make a return from exception - return_from_exception((UINTN)NonSecureWaitForFirmware); - } - } else { - // To enter into Non Secure state, we need to make a return from exception - return_from_exception(PcdGet32(PcdNormalFdBaseAddress)); + // If PcdArmNonSecModeTransition is defined then set this specific mode to CPSR before the transition + // By not set, the mode for Non Secure World is SVC + if (PcdGet32 (PcdArmNonSecModeTransition) != 0) { + set_non_secure_mode ((ARM_PROCESSOR_MODE)PcdGet32 (PcdArmNonSecModeTransition)); } - //-------------------- Non Secure Mode --------------------- - - // PEI Core should always load and never return - ASSERT (FALSE); -} -// When the firmware is built as not Standalone, the secondary cores need to wait the firmware -// entirely written into DRAM. It is the firmware from DRAM which will wake up the secondary cores. -VOID -NonSecureWaitForFirmware ( - VOID - ) -{ - VOID (*secondary_start)(VOID); - - // The secondary cores will execute the firmware once wake from WFI. - secondary_start = (VOID (*)())PcdGet32(PcdNormalFdBaseAddress); - - ArmCallWFI(); - - // Acknowledge the interrupt and send End of Interrupt signal. - PL390GicAcknowledgeSgiFrom(PcdGet32(PcdGicInterruptInterfaceBase),ARM_PRIMARY_CORE); - - // Jump to secondary core entry point. - secondary_start(); + return_from_exception (JumpAddress); + //-------------------- Non Secure Mode --------------------- // PEI Core should always load and never return ASSERT (FALSE);