1 /*
2 * Copyright (c) 2013-2026, Arm Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8 #include <string.h>
9
10 #include <arch.h>
11 #include <arch_features.h>
12 #include <arch_helpers.h>
13 #include <bl31/bl31.h>
14 #include <bl31/ehf.h>
15 #include <common/bl_common.h>
16 #include <common/build_message.h>
17 #include <common/debug.h>
18 #include <common/feat_detect.h>
19 #include <common/runtime_svc.h>
20 #include <drivers/arm/dsu.h>
21 #include <drivers/arm/gic.h>
22 #include <drivers/console.h>
23 #include <lib/bootmarker_capture.h>
24 #include <lib/el3_runtime/context_debug.h>
25 #include <lib/el3_runtime/context_mgmt.h>
26 #include <lib/extensions/pauth.h>
27 #include <lib/gpt_rme/gpt_rme.h>
28 #include <lib/pmf/pmf.h>
29 #include <lib/runtime_instr.h>
30 #include <lib/xlat_tables/xlat_mmu_helpers.h>
31 #include <plat/common/platform.h>
32 #include <services/std_svc.h>
33
34 #if ENABLE_RUNTIME_INSTRUMENTATION
35 PMF_REGISTER_SERVICE_SMC(rt_instr_svc, PMF_RT_INSTR_SVC_ID,
36 RT_INSTR_TOTAL_IDS, PMF_STORE_ENABLE)
37 #endif
38
39 #if ENABLE_RUNTIME_INSTRUMENTATION
40 PMF_REGISTER_SERVICE(bl_svc, PMF_RT_INSTR_SVC_ID,
41 BL_TOTAL_IDS, PMF_DUMP_ENABLE)
42 #endif
43
44 /*******************************************************************************
45 * This function pointer is used to initialise the BL32 image. It's initialized
46 * by SPD calling bl31_register_bl32_init after setting up all things necessary
47 * for SP execution. In cases where both SPD and SP are absent, or when SPD
48 * finds it impossible to execute SP, this pointer is left as NULL
49 ******************************************************************************/
50 static int32_t (*bl32_init)(void);
51
52 /*****************************************************************************
53 * Function used to initialise RMM if RME is enabled
54 *****************************************************************************/
55 #if ENABLE_RMM
56 static int32_t (*rmm_init)(void);
57 #endif
58
59 /*******************************************************************************
60 * Variable to indicate whether next image to execute after BL31 is BL33
61 * (non-secure & default) or BL32 (secure).
62 ******************************************************************************/
63 static uint32_t next_image_type = (uint32_t)NON_SECURE;
64
65 #ifdef SUPPORT_UNKNOWN_MPID
66 /*
67 * Flag to know whether an unsupported MPID has been detected. To avoid having it
68 * landing on the .bss section, it is initialized to a non-zero value, this way
69 * we avoid potential WAW hazards during system bring up.
70 * */
71 volatile uint32_t unsupported_mpid_flag = 1;
72 #endif
73
74 /*
75 * Implement the ARM Standard Service function to get arguments for a
76 * particular service.
77 */
get_arm_std_svc_args(unsigned int svc_mask)78 uintptr_t get_arm_std_svc_args(unsigned int svc_mask)
79 {
80 /* Setup the arguments for PSCI Library */
81 DEFINE_STATIC_PSCI_LIB_ARGS_V1(psci_args, bl31_warm_entrypoint);
82
83 /* PSCI is the only ARM Standard Service implemented */
84 assert(svc_mask == PSCI_FID_MASK);
85
86 return (uintptr_t)&psci_args;
87 }
88
89 /*******************************************************************************
90 * Simple function to initialise all BL31 helper libraries.
91 ******************************************************************************/
bl31_lib_init(void)92 static void __init bl31_lib_init(void)
93 {
94 cm_init();
95 }
96
97 /*******************************************************************************
98 * BL31 is responsible for setting up the runtime services for the primary cpu
99 * before passing control to the bootloader or an Operating System. This
100 * function calls runtime_svc_init() which initializes all registered runtime
101 * services. The run time services would setup enough context for the core to
102 * switch to the next exception level. When this function returns, the core will
103 * switch to the programmed exception level via an ERET.
104 ******************************************************************************/
bl31_main(u_register_t arg0,u_register_t arg1,u_register_t arg2,u_register_t arg3)105 void __no_pauth bl31_main(u_register_t arg0, u_register_t arg1, u_register_t arg2,
106 u_register_t arg3)
107 {
108 unsigned int core_pos = plat_my_core_pos();
109
110 /* Enable early console if EARLY_CONSOLE flag is enabled */
111 plat_setup_early_console();
112
113 /* Perform early platform-specific setup */
114 bl31_early_platform_setup2(arg0, arg1, arg2, arg3);
115
116 /* Perform late platform-specific setup */
117 bl31_plat_arch_setup();
118
119 #if FEATURE_DETECTION
120 /* Detect if features enabled during compilation are supported by PE. */
121 detect_arch_features(core_pos);
122 #endif /* FEATURE_DETECTION */
123
124 /* Prints context_memory allocated for all the security states */
125 report_ctx_memory_usage();
126
127 /* Init registers that never change for the lifetime of the core. */
128 cm_manage_extensions_el3(core_pos);
129
130 /* Init per-world context registers */
131 cm_manage_extensions_per_world();
132
133 NOTICE("BL31: %s\n", build_version_string);
134 NOTICE("BL31: %s\n", build_message);
135
136 #if ENABLE_RUNTIME_INSTRUMENTATION
137 PMF_CAPTURE_TIMESTAMP(bl_svc, BL31_ENTRY, PMF_CACHE_MAINT);
138 #endif
139
140 #ifdef SUPPORT_UNKNOWN_MPID
141 if (unsupported_mpid_flag == 0) {
142 NOTICE("Unsupported MPID detected!\n");
143 }
144 #endif
145
146 #if USE_GIC_DRIVER
147 /*
148 * Initialize the GIC driver and this core's GIC interface before fully
149 * setting up the platform. This allows early platform setup to
150 * configure interrupts.
151 */
152 gic_init(core_pos);
153 gic_pcpu_init(core_pos);
154 gic_cpuif_enable(core_pos);
155 #endif /* USE_GIC_DRIVER */
156
157 /* Perform platform setup in BL31 */
158 bl31_platform_setup();
159
160 #if USE_DSU_DRIVER
161 dsu_driver_init(&plat_dsu_data);
162 #endif
163
164 /* Initialise helper libraries */
165 bl31_lib_init();
166
167 #if EL3_EXCEPTION_HANDLING
168 INFO("BL31: Initialising Exception Handling Framework\n");
169 ehf_init();
170 #endif
171
172 /* Initialize the runtime services e.g. psci. */
173 INFO("BL31: Initializing runtime services\n");
174 runtime_svc_init();
175
176 /*
177 * All the cold boot actions on the primary cpu are done. We now need to
178 * decide which is the next image and how to execute it.
179 * If the SPD runtime service is present, it would want to pass control
180 * to BL32 first in S-EL1. In that case, SPD would have registered a
181 * function to initialize bl32 where it takes responsibility of entering
182 * S-EL1 and returning control back to bl31_main. Similarly, if RME is
183 * enabled and a function is registered to initialize RMM, control is
184 * transferred to RMM in R-EL2. After RMM initialization, control is
185 * returned back to bl31_main. Once this is done we can prepare entry
186 * into BL33 as normal.
187 */
188
189 /*
190 * If SPD had registered an init hook, invoke it.
191 */
192 if (bl32_init != NULL) {
193 INFO("BL31: Initializing BL32\n");
194
195 console_flush();
196 int32_t rc = (*bl32_init)();
197
198 if (rc == 0) {
199 WARN("BL31: BL32 initialization failed\n");
200 }
201 }
202
203 /*
204 * If RME is enabled and init hook is registered, initialize RMM
205 * in R-EL2.
206 */
207 #if ENABLE_RMM
208 if (rmm_init != NULL) {
209 INFO("BL31: Initializing RMM\n");
210
211 console_flush();
212 int32_t rc = (*rmm_init)();
213
214 if (rc == 0) {
215 WARN("BL31: RMM initialization failed\n");
216 }
217 }
218 #endif
219
220 /*
221 * We are ready to enter the next EL. Prepare entry into the image
222 * corresponding to the desired security state after the next ERET.
223 */
224 bl31_prepare_next_image_entry();
225
226 /*
227 * Perform any platform specific runtime setup prior to cold boot exit
228 * from BL31
229 */
230 bl31_plat_runtime_setup();
231
232 #if ENABLE_RUNTIME_INSTRUMENTATION
233 console_flush();
234 PMF_CAPTURE_TIMESTAMP(bl_svc, BL31_EXIT, PMF_CACHE_MAINT);
235 #endif
236
237 console_flush();
238 console_switch_state(CONSOLE_FLAG_RUNTIME);
239 }
240
bl31_warmboot(void)241 void __no_pauth bl31_warmboot(void)
242 {
243 unsigned int core_pos = plat_my_core_pos();
244
245 #if FEATURE_DETECTION
246 /* Detect if features enabled during compilation are supported by PE. */
247 detect_arch_features(core_pos);
248 #endif /* FEATURE_DETECTION */
249
250 /* Init registers that never change for the lifetime of the core. */
251 cm_manage_extensions_el3(core_pos);
252
253 /*
254 * At warm boot GPT data structures have already been initialized in RAM
255 * but the sysregs for this CPU need to be initialized. Note that the GPT
256 * accesses are controlled attributes in GPCCR and do not depend on the
257 * SCR_EL3.C bit.
258 */
259 #if ENABLE_FEAT_RME
260 if (is_feat_rme_supported()) {
261 if (gpt_enable() != 0) {
262 panic();
263 }
264 }
265 #endif
266
267 /* Enable DSU driver for each booting core */
268 #if USE_DSU_DRIVER
269 dsu_driver_init(&plat_dsu_data);
270 #endif
271
272 psci_warmboot_entrypoint(core_pos);
273 }
274
275 /*******************************************************************************
276 * Accessor functions to help runtime services decide which image should be
277 * executed after BL31. This is BL33 or the non-secure bootloader image by
278 * default but the Secure payload dispatcher could override this by requesting
279 * an entry into BL32 (Secure payload) first. If it does so then it should use
280 * the same API to program an entry into BL33 once BL32 initialisation is
281 * complete.
282 ******************************************************************************/
bl31_set_next_image_type(uint32_t security_state)283 void bl31_set_next_image_type(uint32_t security_state)
284 {
285 assert(sec_state_is_valid(security_state));
286 next_image_type = security_state;
287 }
288
bl31_get_next_image_type(void)289 static uint32_t bl31_get_next_image_type(void)
290 {
291 return next_image_type;
292 }
293
294 /*******************************************************************************
295 * This function programs EL3 registers and performs other setup to enable entry
296 * into the next image after BL31 at the next ERET.
297 ******************************************************************************/
bl31_prepare_next_image_entry(void)298 void __init bl31_prepare_next_image_entry(void)
299 {
300 const entry_point_info_t *next_image_info;
301 uint32_t image_type;
302
303 #if CTX_INCLUDE_AARCH32_REGS
304 /*
305 * Ensure that the build flag to save AArch32 system registers in CPU
306 * context is not set for AArch64-only platforms.
307 */
308 if (el_implemented(1) == EL_IMPL_A64ONLY) {
309 ERROR("EL1 supports AArch64-only. Please set build flag "
310 "CTX_INCLUDE_AARCH32_REGS = 0\n");
311 panic();
312 }
313 #endif
314
315 /* Determine which image to execute next */
316 image_type = bl31_get_next_image_type();
317
318 /* Program EL3 registers to enable entry into the next EL */
319 next_image_info = bl31_plat_get_next_image_ep_info(image_type);
320 assert(next_image_info != NULL);
321 assert(image_type == GET_SECURITY_STATE(next_image_info->h.attr));
322
323 INFO("BL31: Preparing for EL3 exit to %s world\n",
324 (image_type == SECURE) ? "secure" : "normal");
325 print_entry_point_info(next_image_info);
326 cm_init_my_context(next_image_info);
327
328 /*
329 * If we are entering the Non-secure world, use
330 * 'cm_prepare_el3_exit_ns' to exit.
331 */
332 if (image_type == NON_SECURE) {
333 cm_prepare_el3_exit_ns();
334 } else {
335 cm_prepare_el3_exit(image_type);
336 }
337 }
338
339 /*******************************************************************************
340 * This function initializes the pointer to BL32 init function. This is expected
341 * to be called by the SPD after it finishes all its initialization
342 ******************************************************************************/
bl31_register_bl32_init(int32_t (* func)(void))343 void bl31_register_bl32_init(int32_t (*func)(void))
344 {
345 bl32_init = func;
346 }
347
348 #if ENABLE_RMM
349 /*******************************************************************************
350 * This function initializes the pointer to RMM init function. This is expected
351 * to be called by the RMMD after it finishes all its initialization
352 ******************************************************************************/
bl31_register_rmm_init(int32_t (* func)(void))353 void bl31_register_rmm_init(int32_t (*func)(void))
354 {
355 rmm_init = func;
356 }
357 #endif
358