xref: /optee_os/core/arch/arm/kernel/entry_a64.S (revision 19a31ec40245ae01a9adcd206eec2a4bb4479fc9) 
1/* SPDX-License-Identifier: BSD-2-Clause */
2/*
3 * Copyright (c) 2015-2022, Linaro Limited
4 * Copyright (c) 2021-2023, Arm Limited
5 */
6
7#include <platform_config.h>
8
9#include <arm64_macros.S>
10#include <arm.h>
11#include <asm.S>
12#include <generated/asm-defines.h>
13#include <keep.h>
14#include <kernel/thread_private.h>
15#include <mm/core_mmu.h>
16#include <sm/optee_smc.h>
17#include <sm/teesmc_opteed.h>
18#include <sm/teesmc_opteed_macros.h>
19
20	/*
21	 * Setup SP_EL0 and SPEL1, SP will be set to SP_EL0.
22	 * SP_EL0 is assigned:
23	 *   stack_tmp + (cpu_id + 1) * stack_tmp_stride - STACK_TMP_GUARD
24	 * SP_EL1 is assigned thread_core_local[cpu_id]
25	 */
26	.macro set_sp
27		bl	__get_core_pos
28		cmp	x0, #CFG_TEE_CORE_NB_CORE
29		/* Unsupported CPU, park it before it breaks something */
30		bge	unhandled_cpu
31		add	x0, x0, #1
32		adr_l	x1, stack_tmp_stride
33		ldr	w1, [x1]
34		mul	x1, x0, x1
35
36		/* x0 = stack_tmp - STACK_TMP_GUARD */
37		adr_l	x2, stack_tmp_rel
38		ldr	w0, [x2]
39		add	x0, x0, x2
40
41		msr	spsel, #0
42		add	sp, x1, x0
43		bl	thread_get_core_local
44		msr	spsel, #1
45		mov	sp, x0
46		msr	spsel, #0
47	.endm
48
49	.macro read_feat_mte reg
50		mrs	\reg, id_aa64pfr1_el1
51		ubfx	\reg, \reg, #ID_AA64PFR1_EL1_MTE_SHIFT, #4
52	.endm
53
54	.macro read_feat_pan reg
55		mrs	\reg, id_mmfr3_el1
56		ubfx	\reg, \reg, #ID_MMFR3_EL1_PAN_SHIFT, #4
57	.endm
58
59	.macro set_sctlr_el1
60		mrs	x0, sctlr_el1
61		orr	x0, x0, #SCTLR_I
62		orr	x0, x0, #SCTLR_SA
63		orr	x0, x0, #SCTLR_SPAN
64#if defined(CFG_CORE_RWDATA_NOEXEC)
65		orr	x0, x0, #SCTLR_WXN
66#endif
67#if defined(CFG_SCTLR_ALIGNMENT_CHECK)
68		orr	x0, x0, #SCTLR_A
69#else
70		bic	x0, x0, #SCTLR_A
71#endif
72#ifdef CFG_MEMTAG
73		read_feat_mte x1
74		cmp	w1, #1
75		b.ls	111f
76		orr	x0, x0, #(SCTLR_ATA | SCTLR_ATA0)
77		bic	x0, x0, #SCTLR_TCF_MASK
78		bic	x0, x0, #SCTLR_TCF0_MASK
79111:
80#endif
81#if defined(CFG_TA_PAUTH) && defined(CFG_TA_BTI)
82		orr	x0, x0, #SCTLR_BT0
83#endif
84#if defined(CFG_CORE_PAUTH) && defined(CFG_CORE_BTI)
85		orr	x0, x0, #SCTLR_BT1
86#endif
87		msr	sctlr_el1, x0
88	.endm
89
90	.macro init_memtag_per_cpu
91		read_feat_mte x0
92		cmp	w0, #1
93		b.ls	11f
94
95#ifdef CFG_TEE_CORE_DEBUG
96		/*
97		 * This together with GCR_EL1.RRND = 0 will make the tags
98		 * acquired with the irg instruction deterministic.
99		 */
100		mov_imm	x0, 0xcafe00
101		msr	rgsr_el1, x0
102		/* Avoid tag = 0x0 and 0xf */
103		mov	x0, #0
104#else
105		/*
106		 * Still avoid tag = 0x0 and 0xf as we use that tag for
107		 * everything which isn't explicitly tagged. Setting
108		 * GCR_EL1.RRND = 1 to allow an implementation specific
109		 * method of generating the tags.
110		 */
111		mov	x0, #GCR_EL1_RRND
112#endif
113		orr	x0, x0, #1
114		orr	x0, x0, #(1 << 15)
115		msr	gcr_el1, x0
116
117		/*
118		 * Enable the tag checks on the current CPU.
119		 *
120		 * Depends on boot_init_memtag() having cleared tags for
121		 * TEE core memory. Well, not really, addresses with the
122		 * tag value 0b0000 will use unchecked access due to
123		 * TCR_TCMA0.
124		 */
125		mrs	x0, tcr_el1
126		orr	x0, x0, #TCR_TBI0
127		orr	x0, x0, #TCR_TCMA0
128		msr	tcr_el1, x0
129
130		mrs	x0, sctlr_el1
131		orr	x0, x0, #SCTLR_TCF_SYNC
132		orr	x0, x0, #SCTLR_TCF0_SYNC
133		msr	sctlr_el1, x0
134
135		isb
13611:
137	.endm
138
139	.macro init_pauth_per_cpu
140		msr	spsel, #1
141		ldp	x0, x1, [sp, #THREAD_CORE_LOCAL_KEYS]
142		msr	spsel, #0
143		write_apiakeyhi x0
144		write_apiakeylo x1
145		mrs	x0, sctlr_el1
146		orr	x0, x0, #SCTLR_ENIA
147		msr	sctlr_el1, x0
148		isb
149	.endm
150
151	.macro init_pan
152		read_feat_pan x0
153		cmp	x0, #0
154		b.eq	1f
155		mrs	x0, sctlr_el1
156		bic	x0, x0, #SCTLR_SPAN
157		msr	sctlr_el1, x0
158		write_pan_enable
159	1:
160	.endm
161
162FUNC _start , :
163	/*
164	 * Temporary copy of boot argument registers, will be passed to
165	 * boot_save_args() further down.
166	 */
167	mov	x19, x0
168	mov	x20, x1
169	mov	x21, x2
170	mov	x22, x3
171
172	adr	x0, reset_vect_table
173	msr	vbar_el1, x0
174	isb
175
176#ifdef CFG_PAN
177	init_pan
178#endif
179
180	set_sctlr_el1
181	isb
182
183#ifdef CFG_WITH_PAGER
184	/*
185	 * Move init code into correct location and move hashes to a
186	 * temporary safe location until the heap is initialized.
187	 *
188	 * The binary is built as:
189	 * [Pager code, rodata and data] : In correct location
190	 * [Init code and rodata] : Should be copied to __init_start
191	 * [struct boot_embdata + data] : Should be saved before
192	 * initializing pager, first uint32_t tells the length of the data
193	 */
194	adr	x0, __init_start	/* dst */
195	adr	x1, __data_end		/* src */
196	adr	x2, __init_end
197	sub	x2, x2, x0		/* init len */
198	ldr	w4, [x1, x2]		/* length of hashes etc */
199	add	x2, x2, x4		/* length of init and hashes etc */
200	/* Copy backwards (as memmove) in case we're overlapping */
201	add	x0, x0, x2		/* __init_start + len */
202	add	x1, x1, x2		/* __data_end + len */
203	adr	x3, cached_mem_end
204	str	x0, [x3]
205	adr	x2, __init_start
206copy_init:
207	ldp	x3, x4, [x1, #-16]!
208	stp	x3, x4, [x0, #-16]!
209	cmp	x0, x2
210	b.gt	copy_init
211#else
212	/*
213	 * The binary is built as:
214	 * [Core, rodata and data] : In correct location
215	 * [struct boot_embdata + data] : Should be moved to __end, first
216	 * uint32_t tells the length of the struct + data
217	 */
218	adr_l	x0, __end		/* dst */
219	adr_l	x1, __data_end		/* src */
220	ldr	w2, [x1]		/* struct boot_embdata::total_len */
221	/* Copy backwards (as memmove) in case we're overlapping */
222	add	x0, x0, x2
223	add	x1, x1, x2
224	adr	x3, cached_mem_end
225	str	x0, [x3]
226	adr_l	x2, __end
227
228copy_init:
229	ldp	x3, x4, [x1, #-16]!
230	stp	x3, x4, [x0, #-16]!
231	cmp	x0, x2
232	b.gt	copy_init
233#endif
234
235	/*
236	 * Clear .bss, this code obviously depends on the linker keeping
237	 * start/end of .bss at least 8 byte aligned.
238	 */
239	adr_l	x0, __bss_start
240	adr_l	x1, __bss_end
241clear_bss:
242	str	xzr, [x0], #8
243	cmp	x0, x1
244	b.lt	clear_bss
245
246#ifdef CFG_NS_VIRTUALIZATION
247	/*
248	 * Clear .nex_bss, this code obviously depends on the linker keeping
249	 * start/end of .bss at least 8 byte aligned.
250	 */
251	adr_l	x0, __nex_bss_start
252	adr_l	x1, __nex_bss_end
253clear_nex_bss:
254	str	xzr, [x0], #8
255	cmp	x0, x1
256	b.lt	clear_nex_bss
257#endif
258
259
260#if defined(CFG_CORE_PHYS_RELOCATABLE)
261	/*
262	 * Save the base physical address, it will not change after this
263	 * point.
264	 */
265	adr_l	x2, core_mmu_tee_load_pa
266	adr	x1, _start		/* Load address */
267	str	x1, [x2]
268
269	mov_imm	x0, TEE_LOAD_ADDR	/* Compiled load address */
270	sub	x0, x1, x0		/* Relocatation offset */
271
272	cbz	x0, 1f
273	bl	relocate
2741:
275#endif
276
277	/* Setup SP_EL0 and SP_EL1, SP will be set to SP_EL0 */
278	set_sp
279
280	bl	thread_init_thread_core_local
281
282	/* Enable aborts now that we can receive exceptions */
283	msr	daifclr, #DAIFBIT_ABT
284
285	/*
286	 * Invalidate dcache for all memory used during initialization to
287	 * avoid nasty surprices when the cache is turned on. We must not
288	 * invalidate memory not used by OP-TEE since we may invalidate
289	 * entries used by for instance ARM Trusted Firmware.
290	 */
291	adr_l	x0, __text_start
292	ldr	x1, cached_mem_end
293	sub	x1, x1, x0
294	bl	dcache_cleaninv_range
295
296	/* Enable Console */
297	bl	console_init
298
299	mov	x0, x19
300	mov	x1, x20
301	mov	x2, x21
302	mov	x3, x22
303	mov	x4, xzr
304	bl	boot_save_args
305
306#ifdef CFG_MEMTAG
307	/*
308	 * If FEAT_MTE2 is available, initializes the memtag callbacks.
309	 * Tags for OP-TEE core memory are then cleared to make it safe to
310	 * enable MEMTAG below.
311	 */
312	bl	boot_init_memtag
313#endif
314
315#ifdef CFG_CORE_ASLR
316	bl	get_aslr_seed
317#else
318	mov	x0, #0
319#endif
320
321	adr	x1, boot_mmu_config
322	bl	core_init_mmu_map
323
324#ifdef CFG_CORE_ASLR
325	/*
326	 * Process relocation information again updating for the virtual
327	 * map offset. We're doing this now before MMU is enabled as some
328	 * of the memory will become write protected.
329	 */
330	ldr	x0, boot_mmu_config + CORE_MMU_CONFIG_MAP_OFFSET
331	cbz	x0, 1f
332	/*
333	 * Update cached_mem_end address with load offset since it was
334	 * calculated before relocation.
335	 */
336	adr	x5, cached_mem_end
337	ldr	x6, [x5]
338	add	x6, x6, x0
339	str	x6, [x5]
340	adr	x1, _start		/* Load address */
341	bl	relocate
3421:
343#endif
344
345	bl	__get_core_pos
346	bl	enable_mmu
347#ifdef CFG_CORE_ASLR
348	/*
349	 * Reinitialize console, since register_serial_console() has
350	 * previously registered a PA and with ASLR the VA is different
351	 * from the PA.
352	 */
353	bl	console_init
354#endif
355
356#ifdef CFG_MEMTAG
357	bl	boot_clear_memtag
358#endif
359
360#ifdef CFG_NS_VIRTUALIZATION
361	/*
362	 * Initialize partition tables for each partition to
363	 * default_partition which has been relocated now to a different VA
364	 */
365	bl	core_mmu_set_default_prtn_tbl
366#endif
367
368	bl	boot_init_primary_early
369
370#ifdef CFG_MEMTAG
371	init_memtag_per_cpu
372#endif
373
374#ifndef CFG_NS_VIRTUALIZATION
375	mov	x23, sp
376	adr_l	x0, threads
377	ldr	x0, [x0, #THREAD_CTX_STACK_VA_END]
378	mov	sp, x0
379	bl	thread_get_core_local
380	mov	x24, x0
381	str	wzr, [x24, #THREAD_CORE_LOCAL_FLAGS]
382#endif
383	bl	boot_init_primary_late
384#ifdef CFG_CORE_PAUTH
385	init_pauth_per_cpu
386#endif
387
388#ifndef CFG_NS_VIRTUALIZATION
389	mov	x0, #THREAD_CLF_TMP
390	str     w0, [x24, #THREAD_CORE_LOCAL_FLAGS]
391	mov	sp, x23
392#endif
393
394#ifdef _CFG_CORE_STACK_PROTECTOR
395	/* Update stack canary value */
396	sub	sp, sp, #0x10
397	mov	x0, sp
398	mov	x1, #1
399	mov	x2, #0x8
400	bl	plat_get_random_stack_canaries
401	ldr	x0, [sp]
402	adr_l	x5, __stack_chk_guard
403	str	x0, [x5]
404	add	sp, sp, #0x10
405#endif
406
407	/*
408	 * In case we've touched memory that secondary CPUs will use before
409	 * they have turned on their D-cache, clean and invalidate the
410	 * D-cache before exiting to normal world.
411	 */
412	adr_l	x0, __text_start
413	ldr	x1, cached_mem_end
414	sub	x1, x1, x0
415	bl	dcache_cleaninv_range
416
417
418	/*
419	 * Clear current thread id now to allow the thread to be reused on
420	 * next entry. Matches the thread_init_boot_thread in
421	 * boot.c.
422	 */
423#ifndef CFG_NS_VIRTUALIZATION
424	bl 	thread_clr_boot_thread
425#endif
426
427#ifdef CFG_CORE_FFA
428	adr	x0, cpu_on_handler
429	/*
430	 * Compensate for the virtual map offset since cpu_on_handler() is
431	 * called with MMU off.
432	 */
433	ldr	x1, boot_mmu_config + CORE_MMU_CONFIG_MAP_OFFSET
434	sub	x0, x0, x1
435	bl	thread_spmc_register_secondary_ep
436	b	thread_ffa_msg_wait
437#else
438	/*
439	 * Pass the vector address returned from main_init Compensate for
440	 * the virtual map offset since cpu_on_handler() is called with MMU
441	 * off.
442	 */
443	ldr	x0, boot_mmu_config + CORE_MMU_CONFIG_MAP_OFFSET
444	adr	x1, thread_vector_table
445	sub	x1, x1, x0
446	mov	x0, #TEESMC_OPTEED_RETURN_ENTRY_DONE
447	smc	#0
448	/* SMC should not return */
449	panic_at_smc_return
450#endif
451END_FUNC _start
452DECLARE_KEEP_INIT _start
453
454	.section .identity_map.data
455	.balign	8
456LOCAL_DATA cached_mem_end , :
457	.skip	8
458END_DATA cached_mem_end
459
460#if defined(CFG_CORE_ASLR) || defined(CFG_CORE_PHYS_RELOCATABLE)
461LOCAL_FUNC relocate , :
462	/*
463	 * x0 holds relocate offset
464	 * x1 holds load address
465	 */
466#ifdef CFG_WITH_PAGER
467	adr_l	x6, __init_end
468#else
469	adr_l	x6, __end
470#endif
471	ldp	w2, w3, [x6, #BOOT_EMBDATA_RELOC_OFFSET]
472
473	add	x2, x2, x6	/* start of relocations */
474	add	x3, x3, x2	/* end of relocations */
475
476	/*
477	 * Relocations are not formatted as Rela64, instead they are in a
478	 * compressed format created by get_reloc_bin() in
479	 * scripts/gen_tee_bin.py
480	 *
481	 * All the R_AARCH64_RELATIVE relocations are translated into a
482	 * list of 32-bit offsets from TEE_LOAD_ADDR. At each address a
483	 * 64-bit value pointed out which increased with the load offset.
484	 */
485
486#ifdef CFG_WITH_PAGER
487	/*
488	 * With pager enabled we can only relocate the pager and init
489	 * parts, the rest has to be done when a page is populated.
490	 */
491	sub	x6, x6, x1
492#endif
493
494	b	2f
495	/* Loop over the relocation addresses and process all entries */
4961:	ldr	w4, [x2], #4
497#ifdef CFG_WITH_PAGER
498	/* Skip too large addresses */
499	cmp	x4, x6
500	b.ge	2f
501#endif
502	add	x4, x4, x1
503	ldr	x5, [x4]
504	add	x5, x5, x0
505	str	x5, [x4]
506
5072:	cmp	x2, x3
508	b.ne	1b
509
510	ret
511END_FUNC relocate
512#endif
513
514/*
515 * void enable_mmu(unsigned long core_pos);
516 *
517 * This function depends on being mapped with in the identity map where
518 * physical address and virtual address is the same. After MMU has been
519 * enabled the instruction pointer will be updated to execute as the new
520 * offset instead. Stack pointers and the return address are updated.
521 */
522LOCAL_FUNC enable_mmu , : , .identity_map
523	adr	x1, boot_mmu_config
524	load_xregs x1, 0, 2, 6
525	/*
526	 * x0 = core_pos
527	 * x2 = tcr_el1
528	 * x3 = mair_el1
529	 * x4 = ttbr0_el1_base
530	 * x5 = ttbr0_core_offset
531	 * x6 = load_offset
532	 */
533	msr	tcr_el1, x2
534	msr	mair_el1, x3
535
536	/*
537	 * ttbr0_el1 = ttbr0_el1_base + ttbr0_core_offset * core_pos
538	 */
539	madd	x1, x5, x0, x4
540	msr	ttbr0_el1, x1
541	msr	ttbr1_el1, xzr
542	isb
543
544	/* Invalidate TLB */
545	tlbi	vmalle1
546
547	/*
548	 * Make sure translation table writes have drained into memory and
549	 * the TLB invalidation is complete.
550	 */
551	dsb	sy
552	isb
553
554	/* Enable the MMU */
555	mrs	x1, sctlr_el1
556	orr	x1, x1, #SCTLR_M
557	msr	sctlr_el1, x1
558	isb
559
560	/* Update vbar */
561	mrs	x1, vbar_el1
562	add	x1, x1, x6
563	msr	vbar_el1, x1
564	isb
565
566	/* Invalidate instruction cache and branch predictor */
567	ic	iallu
568	isb
569
570	/* Enable I and D cache */
571	mrs	x1, sctlr_el1
572	orr	x1, x1, #SCTLR_I
573	orr	x1, x1, #SCTLR_C
574	msr	sctlr_el1, x1
575	isb
576
577	/* Adjust stack pointers and return address */
578	msr	spsel, #1
579	add	sp, sp, x6
580	msr	spsel, #0
581	add	sp, sp, x6
582	add	x30, x30, x6
583
584	ret
585END_FUNC enable_mmu
586
587	.section .identity_map.data
588	.balign	8
589DATA boot_mmu_config , : /* struct core_mmu_config */
590	.skip	CORE_MMU_CONFIG_SIZE
591END_DATA boot_mmu_config
592
593FUNC cpu_on_handler , :
594	mov	x19, x0
595	mov	x20, x1
596	mov	x21, x30
597
598	adr	x0, reset_vect_table
599	msr	vbar_el1, x0
600	isb
601
602	set_sctlr_el1
603	isb
604
605#ifdef CFG_PAN
606	init_pan
607#endif
608
609	/* Enable aborts now that we can receive exceptions */
610	msr	daifclr, #DAIFBIT_ABT
611
612	bl	__get_core_pos
613	bl	enable_mmu
614
615	/* Setup SP_EL0 and SP_EL1, SP will be set to SP_EL0 */
616	set_sp
617
618#ifdef CFG_MEMTAG
619	init_memtag_per_cpu
620#endif
621#ifdef CFG_CORE_PAUTH
622	init_pauth_per_cpu
623#endif
624
625	mov	x0, x19
626	mov	x1, x20
627#ifdef CFG_CORE_FFA
628	bl	boot_cpu_on_handler
629	b	thread_ffa_msg_wait
630#else
631	mov	x30, x21
632	b	boot_cpu_on_handler
633#endif
634END_FUNC cpu_on_handler
635DECLARE_KEEP_PAGER cpu_on_handler
636
637LOCAL_FUNC unhandled_cpu , :
638	wfi
639	b	unhandled_cpu
640END_FUNC unhandled_cpu
641
642LOCAL_DATA stack_tmp_rel , :
643	.word	stack_tmp - stack_tmp_rel - STACK_TMP_GUARD
644END_DATA stack_tmp_rel
645
646	/*
647	 * This macro verifies that the a given vector doesn't exceed the
648	 * architectural limit of 32 instructions. This is meant to be placed
649	 * immedately after the last instruction in the vector. It takes the
650	 * vector entry as the parameter
651	 */
652	.macro check_vector_size since
653	  .if (. - \since) > (32 * 4)
654	    .error "Vector exceeds 32 instructions"
655	  .endif
656	.endm
657
658	.section .identity_map, "ax", %progbits
659	.align	11
660LOCAL_FUNC reset_vect_table , :, .identity_map, , nobti
661	/* -----------------------------------------------------
662	 * Current EL with SP0 : 0x0 - 0x180
663	 * -----------------------------------------------------
664	 */
665SynchronousExceptionSP0:
666	b	SynchronousExceptionSP0
667	check_vector_size SynchronousExceptionSP0
668
669	.align	7
670IrqSP0:
671	b	IrqSP0
672	check_vector_size IrqSP0
673
674	.align	7
675FiqSP0:
676	b	FiqSP0
677	check_vector_size FiqSP0
678
679	.align	7
680SErrorSP0:
681	b	SErrorSP0
682	check_vector_size SErrorSP0
683
684	/* -----------------------------------------------------
685	 * Current EL with SPx: 0x200 - 0x380
686	 * -----------------------------------------------------
687	 */
688	.align	7
689SynchronousExceptionSPx:
690	b	SynchronousExceptionSPx
691	check_vector_size SynchronousExceptionSPx
692
693	.align	7
694IrqSPx:
695	b	IrqSPx
696	check_vector_size IrqSPx
697
698	.align	7
699FiqSPx:
700	b	FiqSPx
701	check_vector_size FiqSPx
702
703	.align	7
704SErrorSPx:
705	b	SErrorSPx
706	check_vector_size SErrorSPx
707
708	/* -----------------------------------------------------
709	 * Lower EL using AArch64 : 0x400 - 0x580
710	 * -----------------------------------------------------
711	 */
712	.align	7
713SynchronousExceptionA64:
714	b	SynchronousExceptionA64
715	check_vector_size SynchronousExceptionA64
716
717	.align	7
718IrqA64:
719	b	IrqA64
720	check_vector_size IrqA64
721
722	.align	7
723FiqA64:
724	b	FiqA64
725	check_vector_size FiqA64
726
727	.align	7
728SErrorA64:
729	b   	SErrorA64
730	check_vector_size SErrorA64
731
732	/* -----------------------------------------------------
733	 * Lower EL using AArch32 : 0x0 - 0x180
734	 * -----------------------------------------------------
735	 */
736	.align	7
737SynchronousExceptionA32:
738	b	SynchronousExceptionA32
739	check_vector_size SynchronousExceptionA32
740
741	.align	7
742IrqA32:
743	b	IrqA32
744	check_vector_size IrqA32
745
746	.align	7
747FiqA32:
748	b	FiqA32
749	check_vector_size FiqA32
750
751	.align	7
752SErrorA32:
753	b	SErrorA32
754	check_vector_size SErrorA32
755
756END_FUNC reset_vect_table
757
758BTI(emit_aarch64_feature_1_and     GNU_PROPERTY_AARCH64_FEATURE_1_BTI)
759