1 /*
2 * Copyright (c) 2017-2023, Arm Limited. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8 #include "build_config_check.h"
9 #include "internal_status_code.h"
10 #include "fih.h"
11 #include "tfm_boot_data.h"
12 #include "memory_symbols.h"
13 #include "spm.h"
14 #include "tfm_hal_isolation.h"
15 #include "tfm_hal_platform.h"
16 #include "tfm_spm_log.h"
17 #include "tfm_version.h"
18 #include "tfm_plat_otp.h"
19 #include "tfm_plat_provisioning.h"
20 #include "ffm/backend.h"
21
22 #ifdef CONFIG_TFM_ENABLE_PROFILING
23 #include "prof_intf_s.h"
24 #endif
25
26 uintptr_t spm_boundary = (uintptr_t)NULL;
27
tfm_core_init(void)28 static fih_int tfm_core_init(void)
29 {
30 enum tfm_plat_err_t plat_err = TFM_PLAT_ERR_SYSTEM_ERR;
31 fih_int fih_rc = FIH_FAILURE;
32
33 /*
34 * Access to any peripheral should be performed after programming
35 * the necessary security components such as PPC/SAU.
36 */
37 FIH_CALL(tfm_hal_set_up_static_boundaries, fih_rc, &spm_boundary);
38 if (fih_not_eq(fih_rc, fih_int_encode(TFM_HAL_SUCCESS))) {
39 FIH_RET(fih_int_encode(SPM_ERROR_GENERIC));
40 }
41 #ifdef TFM_FIH_PROFILE_ON
42 FIH_CALL(tfm_hal_verify_static_boundaries, fih_rc);
43 if (fih_not_eq(fih_rc, fih_int_encode(TFM_HAL_SUCCESS))) {
44 tfm_core_panic();
45 }
46 #endif
47
48 FIH_CALL(tfm_hal_platform_init, fih_rc);
49 if (fih_not_eq(fih_rc, fih_int_encode(TFM_HAL_SUCCESS))) {
50 FIH_RET(fih_int_encode(SPM_ERROR_GENERIC));
51 }
52
53 /*
54 * Print the TF-M version now that the platform has initialized
55 * the logging backend.
56 */
57 SPMLOG_INFMSG("\033[1;34mBooting TF-M "VERSION_FULLSTR"\033[0m\r\n");
58
59 plat_err = tfm_plat_otp_init();
60 if (plat_err != TFM_PLAT_ERR_SUCCESS) {
61 FIH_RET(fih_int_encode(SPM_ERROR_GENERIC));
62 }
63
64 /* Perform provisioning. */
65 if (tfm_plat_provisioning_is_required()) {
66 plat_err = tfm_plat_provisioning_perform();
67 if (plat_err != TFM_PLAT_ERR_SUCCESS) {
68 FIH_RET(fih_int_encode(SPM_ERROR_GENERIC));
69 }
70 }
71
72 tfm_plat_provisioning_check_for_dummy_keys();
73
74 /* Configures architecture */
75 tfm_arch_config_extensions();
76
77 SPMLOG_INFMSG("\033[1;34m[Sec Thread] Secure image initializing!\033[0m\r\n");
78
79 SPMLOG_DBGMSGVAL("TF-M isolation level is: ", TFM_ISOLATION_LEVEL);
80
81 #if (CONFIG_TFM_FLOAT_ABI == 2)
82 SPMLOG_INFMSG("TF-M Float ABI: Hard\r\n");
83 #ifdef CONFIG_TFM_LAZY_STACKING
84 SPMLOG_INFMSG("Lazy stacking enabled\r\n");
85 #else
86 SPMLOG_INFMSG("Lazy stacking disabled\r\n");
87 #endif
88 #endif
89
90 tfm_core_validate_boot_data();
91
92 FIH_RET(fih_int_encode(SPM_SUCCESS));
93 }
94
main(void)95 int main(void)
96 {
97 #ifdef CONFIG_TFM_ENABLE_PROFILING
98 PROFILING_INIT();
99 #endif
100
101 fih_int fih_rc = FIH_FAILURE;
102
103 /* set Main Stack Pointer limit */
104 tfm_arch_set_msplim(SPM_BOOT_STACK_TOP);
105
106 fih_delay_init();
107
108 FIH_CALL(tfm_core_init, fih_rc);
109 if (fih_not_eq(fih_rc, fih_int_encode(SPM_SUCCESS))) {
110 tfm_core_panic();
111 }
112
113 /* All isolation should have been set up at this point */
114 FIH_LABEL_CRITICAL_POINT();
115
116 /*
117 * Prioritise secure exceptions to avoid NS being able to pre-empt
118 * secure SVC or SecureFault. Do it before PSA API initialization.
119 */
120 tfm_arch_set_secure_exception_priorities();
121
122 #ifdef TFM_FIH_PROFILE_ON
123 /* Check secure exception priority */
124 FIH_CALL(tfm_arch_verify_secure_exception_priorities, fih_rc);
125 if (fih_not_eq(fih_rc, FIH_SUCCESS)) {
126 tfm_core_panic();
127 }
128 #endif
129
130 /* Further SPM initialization. */
131 BACKEND_SPM_INIT();
132
133 return 0;
134 }
135
