1 /*
2 * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8
9 #include <arch.h>
10 #include <arch_helpers.h>
11 #include <common/bl_common.h>
12 #include <common/debug.h>
13 #include <drivers/console.h>
14 #include <lib/debugfs.h>
15 #include <lib/extensions/ras.h>
16 #include <lib/gpt_rme/gpt_rme.h>
17 #include <lib/mmio.h>
18 #include <lib/xlat_tables/xlat_tables_compat.h>
19 #include <plat/arm/common/plat_arm.h>
20 #include <plat/common/platform.h>
21 #include <platform_def.h>
22
23 /*
24 * Placeholder variables for copying the arguments that have been passed to
25 * BL31 from BL2.
26 */
27 static entry_point_info_t bl32_image_ep_info;
28 static entry_point_info_t bl33_image_ep_info;
29 #if ENABLE_RME
30 static entry_point_info_t rmm_image_ep_info;
31 #endif
32
33 #if !RESET_TO_BL31
34 /*
35 * Check that BL31_BASE is above ARM_FW_CONFIG_LIMIT. The reserved page
36 * is required for SOC_FW_CONFIG/TOS_FW_CONFIG passed from BL2.
37 */
38 CASSERT(BL31_BASE >= ARM_FW_CONFIG_LIMIT, assert_bl31_base_overflows);
39 #endif
40
41 /* Weak definitions may be overridden in specific ARM standard platform */
42 #pragma weak bl31_early_platform_setup2
43 #pragma weak bl31_platform_setup
44 #pragma weak bl31_plat_arch_setup
45 #pragma weak bl31_plat_get_next_image_ep_info
46 #pragma weak bl31_plat_runtime_setup
47
48 #define MAP_BL31_TOTAL MAP_REGION_FLAT( \
49 BL31_START, \
50 BL31_END - BL31_START, \
51 MT_MEMORY | MT_RW | EL3_PAS)
52 #if RECLAIM_INIT_CODE
53 IMPORT_SYM(unsigned long, __INIT_CODE_START__, BL_INIT_CODE_BASE);
54 IMPORT_SYM(unsigned long, __INIT_CODE_END__, BL_CODE_END_UNALIGNED);
55 IMPORT_SYM(unsigned long, __STACKS_END__, BL_STACKS_END_UNALIGNED);
56
57 #define BL_INIT_CODE_END ((BL_CODE_END_UNALIGNED + PAGE_SIZE - 1) & \
58 ~(PAGE_SIZE - 1))
59 #define BL_STACKS_END ((BL_STACKS_END_UNALIGNED + PAGE_SIZE - 1) & \
60 ~(PAGE_SIZE - 1))
61
62 #define MAP_BL_INIT_CODE MAP_REGION_FLAT( \
63 BL_INIT_CODE_BASE, \
64 BL_INIT_CODE_END \
65 - BL_INIT_CODE_BASE, \
66 MT_CODE | EL3_PAS)
67 #endif
68
69 #if SEPARATE_NOBITS_REGION
70 #define MAP_BL31_NOBITS MAP_REGION_FLAT( \
71 BL31_NOBITS_BASE, \
72 BL31_NOBITS_LIMIT \
73 - BL31_NOBITS_BASE, \
74 MT_MEMORY | MT_RW | EL3_PAS)
75
76 #endif
77 /*******************************************************************************
78 * Return a pointer to the 'entry_point_info' structure of the next image for the
79 * security state specified. BL33 corresponds to the non-secure image type
80 * while BL32 corresponds to the secure image type. A NULL pointer is returned
81 * if the image does not exist.
82 ******************************************************************************/
bl31_plat_get_next_image_ep_info(uint32_t type)83 struct entry_point_info *bl31_plat_get_next_image_ep_info(uint32_t type)
84 {
85 entry_point_info_t *next_image_info;
86
87 assert(sec_state_is_valid(type));
88 if (type == NON_SECURE) {
89 next_image_info = &bl33_image_ep_info;
90 }
91 #if ENABLE_RME
92 else if (type == REALM) {
93 next_image_info = &rmm_image_ep_info;
94 }
95 #endif
96 else {
97 next_image_info = &bl32_image_ep_info;
98 }
99
100 /*
101 * None of the images on the ARM development platforms can have 0x0
102 * as the entrypoint
103 */
104 if (next_image_info->pc)
105 return next_image_info;
106 else
107 return NULL;
108 }
109
110 /*******************************************************************************
111 * Perform any BL31 early platform setup common to ARM standard platforms.
112 * Here is an opportunity to copy parameters passed by the calling EL (S-EL1
113 * in BL2 & EL3 in BL1) before they are lost (potentially). This needs to be
114 * done before the MMU is initialized so that the memory layout can be used
115 * while creating page tables. BL2 has flushed this information to memory, so
116 * we are guaranteed to pick up good data.
117 ******************************************************************************/
arm_bl31_early_platform_setup(void * from_bl2,uintptr_t soc_fw_config,uintptr_t hw_config,void * plat_params_from_bl2)118 void __init arm_bl31_early_platform_setup(void *from_bl2, uintptr_t soc_fw_config,
119 uintptr_t hw_config, void *plat_params_from_bl2)
120 {
121 /* Initialize the console to provide early debug support */
122 arm_console_boot_init();
123
124 #if RESET_TO_BL31
125 /* There are no parameters from BL2 if BL31 is a reset vector */
126 assert(from_bl2 == NULL);
127 assert(plat_params_from_bl2 == NULL);
128
129 # ifdef BL32_BASE
130 /* Populate entry point information for BL32 */
131 SET_PARAM_HEAD(&bl32_image_ep_info,
132 PARAM_EP,
133 VERSION_1,
134 0);
135 SET_SECURITY_STATE(bl32_image_ep_info.h.attr, SECURE);
136 bl32_image_ep_info.pc = BL32_BASE;
137 bl32_image_ep_info.spsr = arm_get_spsr_for_bl32_entry();
138
139 #if defined(SPD_spmd)
140 /* SPM (hafnium in secure world) expects SPM Core manifest base address
141 * in x0, which in !RESET_TO_BL31 case loaded after base of non shared
142 * SRAM(after 4KB offset of SRAM). But in RESET_TO_BL31 case all non
143 * shared SRAM is allocated to BL31, so to avoid overwriting of manifest
144 * keep it in the last page.
145 */
146 bl32_image_ep_info.args.arg0 = ARM_TRUSTED_SRAM_BASE +
147 PLAT_ARM_TRUSTED_SRAM_SIZE - PAGE_SIZE;
148 #endif
149
150 # endif /* BL32_BASE */
151
152 /* Populate entry point information for BL33 */
153 SET_PARAM_HEAD(&bl33_image_ep_info,
154 PARAM_EP,
155 VERSION_1,
156 0);
157 /*
158 * Tell BL31 where the non-trusted software image
159 * is located and the entry state information
160 */
161 bl33_image_ep_info.pc = plat_get_ns_image_entrypoint();
162
163 bl33_image_ep_info.spsr = arm_get_spsr_for_bl33_entry();
164 SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE);
165
166 #if ENABLE_RME
167 /*
168 * Populate entry point information for RMM.
169 * Only PC needs to be set as other fields are determined by RMMD.
170 */
171 rmm_image_ep_info.pc = RMM_BASE;
172 #endif /* ENABLE_RME */
173
174 #else /* RESET_TO_BL31 */
175
176 /*
177 * In debug builds, we pass a special value in 'plat_params_from_bl2'
178 * to verify platform parameters from BL2 to BL31.
179 * In release builds, it's not used.
180 */
181 assert(((unsigned long long)plat_params_from_bl2) ==
182 ARM_BL31_PLAT_PARAM_VAL);
183
184 /*
185 * Check params passed from BL2 should not be NULL,
186 */
187 bl_params_t *params_from_bl2 = (bl_params_t *)from_bl2;
188 assert(params_from_bl2 != NULL);
189 assert(params_from_bl2->h.type == PARAM_BL_PARAMS);
190 assert(params_from_bl2->h.version >= VERSION_2);
191
192 bl_params_node_t *bl_params = params_from_bl2->head;
193
194 /*
195 * Copy BL33, BL32 and RMM (if present), entry point information.
196 * They are stored in Secure RAM, in BL2's address space.
197 */
198 while (bl_params != NULL) {
199 if (bl_params->image_id == BL32_IMAGE_ID) {
200 bl32_image_ep_info = *bl_params->ep_info;
201 #if SPMC_AT_EL3
202 /*
203 * Populate the BL32 image base, size and max limit in
204 * the entry point information, since there is no
205 * platform function to retrieve them in generic
206 * code. We choose arg2, arg3 and arg4 since the generic
207 * code uses arg1 for stashing the SP manifest size. The
208 * SPMC setup uses these arguments to update SP manifest
209 * with actual SP's base address and it size.
210 */
211 bl32_image_ep_info.args.arg2 =
212 bl_params->image_info->image_base;
213 bl32_image_ep_info.args.arg3 =
214 bl_params->image_info->image_size;
215 bl32_image_ep_info.args.arg4 =
216 bl_params->image_info->image_base +
217 bl_params->image_info->image_max_size;
218 #endif
219 }
220 #if ENABLE_RME
221 else if (bl_params->image_id == RMM_IMAGE_ID) {
222 rmm_image_ep_info = *bl_params->ep_info;
223 }
224 #endif
225 else if (bl_params->image_id == BL33_IMAGE_ID) {
226 bl33_image_ep_info = *bl_params->ep_info;
227 }
228
229 bl_params = bl_params->next_params_info;
230 }
231
232 if (bl33_image_ep_info.pc == 0U)
233 panic();
234 #if ENABLE_RME
235 if (rmm_image_ep_info.pc == 0U)
236 panic();
237 #endif
238 #endif /* RESET_TO_BL31 */
239
240 # if ARM_LINUX_KERNEL_AS_BL33
241 /*
242 * According to the file ``Documentation/arm64/booting.txt`` of the
243 * Linux kernel tree, Linux expects the physical address of the device
244 * tree blob (DTB) in x0, while x1-x3 are reserved for future use and
245 * must be 0.
246 * Repurpose the option to load Hafnium hypervisor in the normal world.
247 * It expects its manifest address in x0. This is essentially the linux
248 * dts (passed to the primary VM) by adding 'hypervisor' and chosen
249 * nodes specifying the Hypervisor configuration.
250 */
251 #if RESET_TO_BL31
252 bl33_image_ep_info.args.arg0 = (u_register_t)ARM_PRELOADED_DTB_BASE;
253 #else
254 bl33_image_ep_info.args.arg0 = (u_register_t)hw_config;
255 #endif
256 bl33_image_ep_info.args.arg1 = 0U;
257 bl33_image_ep_info.args.arg2 = 0U;
258 bl33_image_ep_info.args.arg3 = 0U;
259 # endif
260 }
261
bl31_early_platform_setup2(u_register_t arg0,u_register_t arg1,u_register_t arg2,u_register_t arg3)262 void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1,
263 u_register_t arg2, u_register_t arg3)
264 {
265 arm_bl31_early_platform_setup((void *)arg0, arg1, arg2, (void *)arg3);
266
267 /*
268 * Initialize Interconnect for this cluster during cold boot.
269 * No need for locks as no other CPU is active.
270 */
271 plat_arm_interconnect_init();
272
273 /*
274 * Enable Interconnect coherency for the primary CPU's cluster.
275 * Earlier bootloader stages might already do this (e.g. Trusted
276 * Firmware's BL1 does it) but we can't assume so. There is no harm in
277 * executing this code twice anyway.
278 * Platform specific PSCI code will enable coherency for other
279 * clusters.
280 */
281 plat_arm_interconnect_enter_coherency();
282 }
283
284 /*******************************************************************************
285 * Perform any BL31 platform setup common to ARM standard platforms
286 ******************************************************************************/
arm_bl31_platform_setup(void)287 void arm_bl31_platform_setup(void)
288 {
289 /* Initialize the GIC driver, cpu and distributor interfaces */
290 plat_arm_gic_driver_init();
291 plat_arm_gic_init();
292
293 #if RESET_TO_BL31
294 /*
295 * Do initial security configuration to allow DRAM/device access
296 * (if earlier BL has not already done so).
297 */
298 plat_arm_security_setup();
299
300 #if defined(PLAT_ARM_MEM_PROT_ADDR)
301 arm_nor_psci_do_dyn_mem_protect();
302 #endif /* PLAT_ARM_MEM_PROT_ADDR */
303
304 #endif /* RESET_TO_BL31 */
305
306 /* Enable and initialize the System level generic timer */
307 mmio_write_32(ARM_SYS_CNTCTL_BASE + CNTCR_OFF,
308 CNTCR_FCREQ(0U) | CNTCR_EN);
309
310 /* Allow access to the System counter timer module */
311 arm_configure_sys_timer();
312
313 /* Initialize power controller before setting up topology */
314 plat_arm_pwrc_setup();
315
316 #if ENABLE_FEAT_RAS && FFH_SUPPORT
317 ras_init();
318 #endif
319
320 #if USE_DEBUGFS
321 debugfs_init();
322 #endif /* USE_DEBUGFS */
323 }
324
325 /*******************************************************************************
326 * Perform any BL31 platform runtime setup prior to BL31 exit common to ARM
327 * standard platforms
328 * Perform BL31 platform setup
329 ******************************************************************************/
arm_bl31_plat_runtime_setup(void)330 void arm_bl31_plat_runtime_setup(void)
331 {
332 console_switch_state(CONSOLE_FLAG_RUNTIME);
333
334 /* Initialize the runtime console */
335 arm_console_runtime_init();
336
337 #if RECLAIM_INIT_CODE
338 arm_free_init_memory();
339 #endif
340
341 #if PLAT_RO_XLAT_TABLES
342 arm_xlat_make_tables_readonly();
343 #endif
344 }
345
346 #if RECLAIM_INIT_CODE
347 /*
348 * Make memory for image boot time code RW to reclaim it as stack for the
349 * secondary cores, or RO where it cannot be reclaimed:
350 *
351 * |-------- INIT SECTION --------|
352 * -----------------------------------------
353 * | CORE 0 | CORE 1 | CORE 2 | EXTRA |
354 * | STACK | STACK | STACK | SPACE |
355 * -----------------------------------------
356 * <-------------------> <------>
357 * MAKE RW AND XN MAKE
358 * FOR STACKS RO AND XN
359 */
arm_free_init_memory(void)360 void arm_free_init_memory(void)
361 {
362 int ret = 0;
363
364 if (BL_STACKS_END < BL_INIT_CODE_END) {
365 /* Reclaim some of the init section as stack if possible. */
366 if (BL_INIT_CODE_BASE < BL_STACKS_END) {
367 ret |= xlat_change_mem_attributes(BL_INIT_CODE_BASE,
368 BL_STACKS_END - BL_INIT_CODE_BASE,
369 MT_RW_DATA);
370 }
371 /* Make the rest of the init section read-only. */
372 ret |= xlat_change_mem_attributes(BL_STACKS_END,
373 BL_INIT_CODE_END - BL_STACKS_END,
374 MT_RO_DATA);
375 } else {
376 /* The stacks cover the init section, so reclaim it all. */
377 ret |= xlat_change_mem_attributes(BL_INIT_CODE_BASE,
378 BL_INIT_CODE_END - BL_INIT_CODE_BASE,
379 MT_RW_DATA);
380 }
381
382 if (ret != 0) {
383 ERROR("Could not reclaim initialization code");
384 panic();
385 }
386 }
387 #endif
388
bl31_platform_setup(void)389 void __init bl31_platform_setup(void)
390 {
391 arm_bl31_platform_setup();
392 }
393
bl31_plat_runtime_setup(void)394 void bl31_plat_runtime_setup(void)
395 {
396 arm_bl31_plat_runtime_setup();
397 }
398
399 /*******************************************************************************
400 * Perform the very early platform specific architectural setup shared between
401 * ARM standard platforms. This only does basic initialization. Later
402 * architectural setup (bl31_arch_setup()) does not do anything platform
403 * specific.
404 ******************************************************************************/
arm_bl31_plat_arch_setup(void)405 void __init arm_bl31_plat_arch_setup(void)
406 {
407 const mmap_region_t bl_regions[] = {
408 MAP_BL31_TOTAL,
409 #if ENABLE_RME
410 ARM_MAP_L0_GPT_REGION,
411 #endif
412 #if RECLAIM_INIT_CODE
413 MAP_BL_INIT_CODE,
414 #endif
415 #if SEPARATE_NOBITS_REGION
416 MAP_BL31_NOBITS,
417 #endif
418 ARM_MAP_BL_RO,
419 #if USE_ROMLIB
420 ARM_MAP_ROMLIB_CODE,
421 ARM_MAP_ROMLIB_DATA,
422 #endif
423 #if USE_COHERENT_MEM
424 ARM_MAP_BL_COHERENT_RAM,
425 #endif
426 {0}
427 };
428
429 setup_page_tables(bl_regions, plat_arm_get_mmap());
430
431 enable_mmu_el3(0);
432
433 #if ENABLE_RME
434 /*
435 * Initialise Granule Protection library and enable GPC for the primary
436 * processor. The tables have already been initialized by a previous BL
437 * stage, so there is no need to provide any PAS here. This function
438 * sets up pointers to those tables.
439 */
440 if (gpt_runtime_init() < 0) {
441 ERROR("gpt_runtime_init() failed!\n");
442 panic();
443 }
444 #endif /* ENABLE_RME */
445
446 arm_setup_romlib();
447 }
448
bl31_plat_arch_setup(void)449 void __init bl31_plat_arch_setup(void)
450 {
451 arm_bl31_plat_arch_setup();
452 }
453
