1 /*
2 * Copyright (c) 2015-2025, Arm Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8 #include <string.h>
9
10 #include <libfdt.h>
11
12 #include <platform_def.h>
13
14 #include <arch_features.h>
15 #include <arch_helpers.h>
16 #include <common/bl_common.h>
17 #include <common/debug.h>
18 #include <common/desc_image_load.h>
19 #include <common/fdt_fixup.h>
20 #include <common/fdt_wrappers.h>
21 #include <lib/optee_utils.h>
22 #if TRANSFER_LIST
23 #include <transfer_list.h>
24 #endif
25 #include <lib/utils.h>
26 #include <plat/common/platform.h>
27
28 #include "qemu_private.h"
29
30 #define MAP_BL2_TOTAL MAP_REGION_FLAT( \
31 bl2_tzram_layout.total_base, \
32 bl2_tzram_layout.total_size, \
33 MT_MEMORY | MT_RW | EL3_PAS)
34
35 #define MAP_BL2_RO MAP_REGION_FLAT( \
36 BL_CODE_BASE, \
37 BL_CODE_END - BL_CODE_BASE, \
38 MT_CODE | EL3_PAS), \
39 MAP_REGION_FLAT( \
40 BL_RO_DATA_BASE, \
41 BL_RO_DATA_END \
42 - BL_RO_DATA_BASE, \
43 MT_RO_DATA | EL3_PAS)
44
45 #if USE_COHERENT_MEM
46 #define MAP_BL_COHERENT_RAM MAP_REGION_FLAT( \
47 BL_COHERENT_RAM_BASE, \
48 BL_COHERENT_RAM_END \
49 - BL_COHERENT_RAM_BASE, \
50 MT_DEVICE | MT_RW | EL3_PAS)
51 #endif
52
53 /* Data structure which holds the extents of the trusted SRAM for BL2 */
54 static meminfo_t bl2_tzram_layout __aligned(CACHE_WRITEBACK_GRANULE);
55 static struct transfer_list_header __maybe_unused *bl2_tl;
56
bl2_early_platform_setup2(u_register_t arg0,u_register_t arg1,u_register_t arg2,u_register_t arg3)57 void bl2_early_platform_setup2(u_register_t arg0, u_register_t arg1,
58 u_register_t arg2, u_register_t arg3)
59 {
60 meminfo_t *mem_layout = (void *)arg1;
61
62 /* Initialize the console to provide early debug support */
63 qemu_console_init();
64
65 /* Setup the BL2 memory layout */
66 bl2_tzram_layout = *mem_layout;
67
68 plat_qemu_io_setup();
69 }
70
security_setup(void)71 static void security_setup(void)
72 {
73 /*
74 * This is where a TrustZone address space controller and other
75 * security related peripherals, would be configured.
76 */
77 }
78
update_dt(void)79 static void update_dt(void)
80 {
81 #if TRANSFER_LIST
82 struct transfer_list_entry *te;
83
84 #if defined(SPD_spmd)
85 bl_mem_params_node_t *bl_mem_params;
86 #endif
87
88 #endif
89 int ret;
90 void *fdt = (void *)(uintptr_t)ARM_PRELOADED_DTB_BASE;
91 void *dst = plat_qemu_dt_runtime_address();
92
93 ret = fdt_open_into(fdt, dst, PLAT_QEMU_DT_MAX_SIZE);
94 if (ret < 0) {
95 ERROR("Invalid Device Tree at %p: error %d\n", fdt, ret);
96 return;
97 }
98
99 if (dt_add_psci_node(fdt)) {
100 ERROR("Failed to add PSCI Device Tree node\n");
101 return;
102 }
103
104 if (dt_add_psci_cpu_enable_methods(fdt)) {
105 ERROR("Failed to add PSCI cpu enable methods in Device Tree\n");
106 return;
107 }
108
109 #if ENABLE_RMM
110 if (fdt_add_reserved_memory(fdt, "rmm", REALM_DRAM_BASE,
111 REALM_DRAM_SIZE)) {
112 ERROR("Failed to reserve RMM memory in Device Tree\n");
113 return;
114 }
115
116 INFO("Reserved RMM memory [0x%lx, 0x%lx] in Device tree\n",
117 (uintptr_t)REALM_DRAM_BASE,
118 (uintptr_t)REALM_DRAM_BASE + REALM_DRAM_SIZE - 1);
119 #endif
120
121 ret = fdt_pack(fdt);
122 if (ret < 0)
123 ERROR("Failed to pack Device Tree at %p: error %d\n", fdt, ret);
124
125 #if TRANSFER_LIST
126 /* create a TE */
127 te = transfer_list_add(bl2_tl, TL_TAG_FDT, fdt_totalsize(fdt), fdt);
128 if (!te) {
129 ERROR("Failed to add FDT entry to Transfer List\n");
130 return;
131 }
132
133 #if defined(SPD_spmd)
134 bl_mem_params = get_bl_mem_params_node(TOS_FW_CONFIG_ID);
135 if (bl_mem_params == NULL) {
136 ERROR("Failed to get TOS_FW_CONFIG_ID memory params node\n");
137 return;
138 }
139
140 #if SPMC_AT_EL3
141 te = transfer_list_add(bl2_tl, TL_TAG_DT_FFA_MANIFEST,
142 TOS_FW_CONFIG_SIZE, NULL);
143 #else
144 te = transfer_list_add(bl2_tl, TL_TAG_DT_SPMC_MANIFEST,
145 TOS_FW_CONFIG_SIZE, NULL);
146 #endif
147 assert(te != NULL);
148
149 bl_mem_params->image_info.h.attr &= ~IMAGE_ATTRIB_SKIP_LOADING;
150 bl_mem_params->image_info.image_max_size = TOS_FW_CONFIG_SIZE;
151 bl_mem_params->image_info.image_base =
152 (uintptr_t)transfer_list_entry_data(te);
153 #endif /* defined(SPD_spmd) */
154
155 #endif
156 }
157
bl2_platform_setup(void)158 void bl2_platform_setup(void)
159 {
160 #if TRANSFER_LIST
161 bl2_tl = transfer_list_init((void *)(uintptr_t)FW_HANDOFF_BASE,
162 FW_HANDOFF_SIZE);
163 if (!bl2_tl) {
164 ERROR("Failed to initialize Transfer List at 0x%lx\n",
165 (unsigned long)FW_HANDOFF_BASE);
166 }
167 #endif
168 security_setup();
169 update_dt();
170
171 /* TODO Initialize timer */
172 }
173
qemu_bl2_sync_transfer_list(void)174 void qemu_bl2_sync_transfer_list(void)
175 {
176 #if TRANSFER_LIST
177 transfer_list_update_checksum(bl2_tl);
178 #endif
179 }
180
bl2_plat_arch_setup(void)181 void bl2_plat_arch_setup(void)
182 {
183 const mmap_region_t bl_regions[] = {
184 MAP_BL2_TOTAL,
185 MAP_BL2_RO,
186 #if USE_COHERENT_MEM
187 MAP_BL_COHERENT_RAM,
188 #endif
189 #if ENABLE_RMM
190 MAP_RMM_DRAM,
191 #endif
192 #if ENABLE_FEAT_RME
193 MAP_GPT_L0_REGION,
194 MAP_GPT_L1_REGION,
195 #endif
196 {0}
197 };
198
199 setup_page_tables(bl_regions, plat_qemu_get_mmap());
200
201 #if BL2_RUNS_AT_EL3
202 enable_mmu_el3(0);
203 #else /* BL2_RUNS_AT_EL3 */
204
205 #ifdef __aarch64__
206 enable_mmu_el1(0);
207 #else
208 enable_mmu_svc_mon(0);
209 #endif
210 #endif /* BL2_RUNS_AT_EL3 */
211 }
212
213 /*******************************************************************************
214 * Gets SPSR for BL32 entry
215 ******************************************************************************/
qemu_get_spsr_for_bl32_entry(void)216 static uint32_t qemu_get_spsr_for_bl32_entry(void)
217 {
218 #ifdef __aarch64__
219 /*
220 * The Secure Payload Dispatcher service is responsible for
221 * setting the SPSR prior to entry into the BL3-2 image.
222 */
223 return 0;
224 #else
225 return SPSR_MODE32(MODE32_svc, SPSR_T_ARM, SPSR_E_LITTLE,
226 DISABLE_ALL_EXCEPTIONS);
227 #endif
228 }
229
230 /*******************************************************************************
231 * Gets SPSR for BL33 entry
232 ******************************************************************************/
qemu_get_spsr_for_bl33_entry(void)233 static uint32_t qemu_get_spsr_for_bl33_entry(void)
234 {
235 uint32_t spsr;
236 #ifdef __aarch64__
237 unsigned int mode;
238
239 /* Figure out what mode we enter the non-secure world in */
240 mode = (el_implemented(2) != EL_IMPL_NONE) ? MODE_EL2 : MODE_EL1;
241
242 /*
243 * TODO: Consider the possibility of specifying the SPSR in
244 * the FIP ToC and allowing the platform to have a say as
245 * well.
246 */
247 spsr = SPSR_64(mode, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS);
248 #else
249 spsr = SPSR_MODE32(MODE32_svc,
250 plat_get_ns_image_entrypoint() & 0x1,
251 SPSR_E_LITTLE, DISABLE_ALL_EXCEPTIONS);
252 #endif
253 return spsr;
254 }
255
256 #if defined(SPD_spmd) && SPMD_SPM_AT_SEL2
load_sps_from_tb_fw_config(struct image_info * image_info)257 static int load_sps_from_tb_fw_config(struct image_info *image_info)
258 {
259 void *dtb = (void *)image_info->image_base;
260 const char *compat_str = "arm,sp";
261 const struct fdt_property *uuid;
262 uint32_t load_addr;
263 const char *name;
264 int sp_node;
265 int node;
266
267 node = fdt_node_offset_by_compatible(dtb, -1, compat_str);
268 if (node < 0) {
269 ERROR("Can't find %s in TB_FW_CONFIG", compat_str);
270 return -1;
271 }
272
273 fdt_for_each_subnode(sp_node, dtb, node) {
274 name = fdt_get_name(dtb, sp_node, NULL);
275 if (name == NULL) {
276 ERROR("Can't get name of node in dtb\n");
277 return -1;
278 }
279 uuid = fdt_get_property(dtb, sp_node, "uuid", NULL);
280 if (uuid == NULL) {
281 ERROR("Can't find property uuid in node %s", name);
282 return -1;
283 }
284 if (fdt_read_uint32(dtb, sp_node, "load-address",
285 &load_addr) < 0) {
286 ERROR("Can't read load-address in node %s", name);
287 return -1;
288 }
289 if (qemu_io_register_sp_pkg(name, uuid->data, load_addr) < 0) {
290 return -1;
291 }
292 }
293
294 return 0;
295 }
296 #endif /*defined(SPD_spmd) && SPMD_SPM_AT_SEL2*/
297
298 #if defined(SPD_opteed) || defined(AARCH32_SP_OPTEE) || defined(SPMC_OPTEE)
handoff_pageable_part(uint64_t pagable_part)299 static int handoff_pageable_part(uint64_t pagable_part)
300 {
301 #if TRANSFER_LIST
302 struct transfer_list_entry *te;
303
304 te = transfer_list_add(bl2_tl, TL_TAG_OPTEE_PAGABLE_PART,
305 sizeof(pagable_part), &pagable_part);
306 if (!te) {
307 INFO("Cannot add TE for pageable part\n");
308 return -1;
309 }
310 #endif
311 return 0;
312 }
313 #endif
314
qemu_bl2_handle_post_image_load(unsigned int image_id)315 static int qemu_bl2_handle_post_image_load(unsigned int image_id)
316 {
317 int err = 0;
318 bl_mem_params_node_t *bl_mem_params = get_bl_mem_params_node(image_id);
319 #if defined(SPD_opteed) || defined(AARCH32_SP_OPTEE) || defined(SPMC_OPTEE)
320 bl_mem_params_node_t *pager_mem_params = NULL;
321 bl_mem_params_node_t *paged_mem_params = NULL;
322 image_info_t *paged_image_info = NULL;
323 #endif
324 #if defined(SPD_spmd)
325 bl_mem_params_node_t *bl32_mem_params = NULL;
326 #endif
327 #if TRANSFER_LIST
328 struct transfer_list_header *ns_tl = NULL;
329 #endif
330
331 assert(bl_mem_params);
332
333 switch (image_id) {
334 #if TRANSFER_LIST
335 case BL31_IMAGE_ID:
336 /*
337 * arg0 is a bl_params_t reserved for bl31_early_platform_setup2
338 * we just need arg1 and arg3 for BL31 to update the TL from S
339 * to NS memory before it exits
340 */
341 #ifdef __aarch64__
342 if (GET_RW(bl_mem_params->ep_info.spsr) == MODE_RW_64) {
343 bl_mem_params->ep_info.args.arg1 =
344 TRANSFER_LIST_HANDOFF_X1_VALUE(REGISTER_CONVENTION_VERSION);
345 } else
346 #endif
347 {
348 bl_mem_params->ep_info.args.arg1 =
349 TRANSFER_LIST_HANDOFF_R1_VALUE(REGISTER_CONVENTION_VERSION);
350 }
351
352 bl_mem_params->ep_info.args.arg3 = (uintptr_t)bl2_tl;
353 break;
354 #endif
355 case BL32_IMAGE_ID:
356 #if defined(SPD_opteed) || defined(AARCH32_SP_OPTEE) || defined(SPMC_OPTEE)
357 pager_mem_params = get_bl_mem_params_node(BL32_EXTRA1_IMAGE_ID);
358 assert(pager_mem_params);
359
360 #if !defined(SPMC_OPTEE)
361 paged_mem_params = get_bl_mem_params_node(BL32_EXTRA2_IMAGE_ID);
362 assert(paged_mem_params);
363 #endif
364 if (paged_mem_params)
365 paged_image_info = &paged_mem_params->image_info;
366
367 err = parse_optee_header(&bl_mem_params->ep_info,
368 &pager_mem_params->image_info,
369 paged_image_info);
370 if (err != 0) {
371 WARN("OPTEE header parse error.\n");
372 }
373
374 /*
375 * Only add TL_TAG_OPTEE_PAGABLE_PART entry to the TL if
376 * the paged image has a size.
377 */
378 if (paged_image_info && paged_image_info->image_size &&
379 handoff_pageable_part(paged_image_info->image_base)) {
380 return -1;
381 }
382 #endif
383
384 INFO("Handoff to BL32\n");
385 bl_mem_params->ep_info.spsr = qemu_get_spsr_for_bl32_entry();
386 #if TRANSFER_LIST
387 if (transfer_list_set_handoff_args(bl2_tl,
388 &bl_mem_params->ep_info))
389 break;
390 #endif
391 INFO("Using default arguments\n");
392 #if defined(SPMC_OPTEE)
393 /*
394 * Explicit zeroes to unused registers since they may have
395 * been populated by parse_optee_header() above.
396 *
397 * OP-TEE expects system DTB in x2 and TOS_FW_CONFIG in x0,
398 * the latter is filled in below for TOS_FW_CONFIG_ID and
399 * applies to any other SPMC too.
400 */
401 bl_mem_params->ep_info.args.arg2 = ARM_PRELOADED_DTB_BASE;
402 #elif defined(SPD_opteed)
403 /*
404 * OP-TEE expect to receive DTB address in x2.
405 * This will be copied into x2 by dispatcher.
406 */
407 bl_mem_params->ep_info.args.arg3 = ARM_PRELOADED_DTB_BASE;
408 #elif defined(AARCH32_SP_OPTEE)
409 bl_mem_params->ep_info.args.arg0 =
410 bl_mem_params->ep_info.args.arg1;
411 bl_mem_params->ep_info.args.arg1 = 0;
412 bl_mem_params->ep_info.args.arg2 = ARM_PRELOADED_DTB_BASE;
413 bl_mem_params->ep_info.args.arg3 = 0;
414 #endif
415 break;
416
417 case BL33_IMAGE_ID:
418 #ifdef AARCH32_SP_OPTEE
419 /* AArch32 only core: OP-TEE expects NSec EP in register LR */
420 pager_mem_params = get_bl_mem_params_node(BL32_IMAGE_ID);
421 assert(pager_mem_params);
422 pager_mem_params->ep_info.lr_svc = bl_mem_params->ep_info.pc;
423 #endif
424
425 bl_mem_params->ep_info.spsr = qemu_get_spsr_for_bl33_entry();
426
427 #if ARM_LINUX_KERNEL_AS_BL33
428 /*
429 * According to the file ``Documentation/arm64/booting.txt`` of
430 * the Linux kernel tree, Linux expects the physical address of
431 * the device tree blob (DTB) in x0, while x1-x3 are reserved
432 * for future use and must be 0.
433 */
434 bl_mem_params->ep_info.args.arg0 =
435 (u_register_t)ARM_PRELOADED_DTB_BASE;
436 bl_mem_params->ep_info.args.arg1 = 0U;
437 bl_mem_params->ep_info.args.arg2 = 0U;
438 bl_mem_params->ep_info.args.arg3 = 0U;
439 #elif TRANSFER_LIST
440 if (bl2_tl) {
441 /* relocate the tl to pre-allocate NS memory */
442 ns_tl = transfer_list_relocate(bl2_tl,
443 (void *)(uintptr_t)FW_NS_HANDOFF_BASE,
444 bl2_tl->max_size);
445 if (!ns_tl) {
446 ERROR("Relocate TL to 0x%lx failed\n",
447 (unsigned long)FW_NS_HANDOFF_BASE);
448 return -1;
449 }
450 }
451
452 INFO("Handoff to BL33\n");
453 if (!transfer_list_set_handoff_args(ns_tl,
454 &bl_mem_params->ep_info)) {
455 INFO("Invalid TL, fallback to default arguments\n");
456 bl_mem_params->ep_info.args.arg0 = 0xffff & read_mpidr();
457 }
458 #else
459 /* BL33 expects to receive the primary CPU MPID (through r0) */
460 bl_mem_params->ep_info.args.arg0 = 0xffff & read_mpidr();
461 #endif /* ARM_LINUX_KERNEL_AS_BL33 */
462
463 break;
464 #ifdef SPD_spmd
465 #if SPMD_SPM_AT_SEL2
466 case TB_FW_CONFIG_ID:
467 err = load_sps_from_tb_fw_config(&bl_mem_params->image_info);
468 break;
469 #endif
470 case TOS_FW_CONFIG_ID:
471 /* An SPMC expects TOS_FW_CONFIG in x0/r0 */
472 bl32_mem_params = get_bl_mem_params_node(BL32_IMAGE_ID);
473 bl32_mem_params->ep_info.args.arg0 =
474 bl_mem_params->image_info.image_base;
475 break;
476 #endif
477 default:
478 /* Do nothing in default case */
479 break;
480 }
481
482 return err;
483 }
484
485 /*******************************************************************************
486 * This function can be used by the platforms to update/use image
487 * information for given `image_id`.
488 ******************************************************************************/
bl2_plat_handle_post_image_load(unsigned int image_id)489 int bl2_plat_handle_post_image_load(unsigned int image_id)
490 {
491 return qemu_bl2_handle_post_image_load(image_id);
492 }
493
plat_get_ns_image_entrypoint(void)494 uintptr_t plat_get_ns_image_entrypoint(void)
495 {
496 return NS_IMAGE_OFFSET;
497 }
498