xref: /rk3399_ARM-atf/bl1/bl1_main.c (revision 16948ae1d9e14190229f0fd8602f8cc0f25d57d2) 
1 /*
2  * Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are met:
6  *
7  * Redistributions of source code must retain the above copyright notice, this
8  * list of conditions and the following disclaimer.
9  *
10  * Redistributions in binary form must reproduce the above copyright notice,
11  * this list of conditions and the following disclaimer in the documentation
12  * and/or other materials provided with the distribution.
13  *
14  * Neither the name of ARM nor the names of its contributors may be used
15  * to endorse or promote products derived from this software without specific
16  * prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28  * POSSIBILITY OF SUCH DAMAGE.
29  */
30 
31 #include <arch.h>
32 #include <arch_helpers.h>
33 #include <assert.h>
34 #include <auth.h>
35 #include <bl_common.h>
36 #include <debug.h>
37 #include <platform.h>
38 #include <platform_def.h>
39 #include "bl1_private.h"
40 
41 /*******************************************************************************
42  * Runs BL2 from the given entry point. It results in dropping the
43  * exception level
44  ******************************************************************************/
45 static void __dead2 bl1_run_bl2(entry_point_info_t *bl2_ep)
46 {
47 	bl1_arch_next_el_setup();
48 
49 	/* Tell next EL what we want done */
50 	bl2_ep->args.arg0 = RUN_IMAGE;
51 
52 	if (GET_SECURITY_STATE(bl2_ep->h.attr) == NON_SECURE)
53 		change_security_state(GET_SECURITY_STATE(bl2_ep->h.attr));
54 
55 	write_spsr_el3(bl2_ep->spsr);
56 	write_elr_el3(bl2_ep->pc);
57 
58 	eret(bl2_ep->args.arg0,
59 		bl2_ep->args.arg1,
60 		bl2_ep->args.arg2,
61 		bl2_ep->args.arg3,
62 		bl2_ep->args.arg4,
63 		bl2_ep->args.arg5,
64 		bl2_ep->args.arg6,
65 		bl2_ep->args.arg7);
66 }
67 
68 /*******************************************************************************
69  * The next function has a weak definition. Platform specific code can override
70  * it if it wishes to.
71  ******************************************************************************/
72 #pragma weak bl1_init_bl2_mem_layout
73 
74 /*******************************************************************************
75  * Function that takes a memory layout into which BL2 has been loaded and
76  * populates a new memory layout for BL2 that ensures that BL1's data sections
77  * resident in secure RAM are not visible to BL2.
78  ******************************************************************************/
79 void bl1_init_bl2_mem_layout(const meminfo_t *bl1_mem_layout,
80 			     meminfo_t *bl2_mem_layout)
81 {
82 	const size_t bl1_size = BL1_RAM_LIMIT - BL1_RAM_BASE;
83 
84 	assert(bl1_mem_layout != NULL);
85 	assert(bl2_mem_layout != NULL);
86 
87 	/* Check that BL1's memory is lying outside of the free memory */
88 	assert((BL1_RAM_LIMIT <= bl1_mem_layout->free_base) ||
89 	       (BL1_RAM_BASE >= bl1_mem_layout->free_base + bl1_mem_layout->free_size));
90 
91 	/* Remove BL1 RW data from the scope of memory visible to BL2 */
92 	*bl2_mem_layout = *bl1_mem_layout;
93 	reserve_mem(&bl2_mem_layout->total_base,
94 		    &bl2_mem_layout->total_size,
95 		    BL1_RAM_BASE,
96 		    bl1_size);
97 
98 	flush_dcache_range((unsigned long)bl2_mem_layout, sizeof(meminfo_t));
99 }
100 
101 /*******************************************************************************
102  * Function to perform late architectural and platform specific initialization.
103  * It also locates and loads the BL2 raw binary image in the trusted DRAM. Only
104  * called by the primary cpu after a cold boot.
105  * TODO: Add support for alternative image load mechanism e.g using virtio/elf
106  * loader etc.
107   ******************************************************************************/
108 void bl1_main(void)
109 {
110 	/* Announce our arrival */
111 	NOTICE(FIRMWARE_WELCOME_STR);
112 	NOTICE("BL1: %s\n", version_string);
113 	NOTICE("BL1: %s\n", build_message);
114 
115 	INFO("BL1: RAM 0x%lx - 0x%lx\n", BL1_RAM_BASE, BL1_RAM_LIMIT);
116 
117 	image_info_t bl2_image_info = { {0} };
118 	entry_point_info_t bl2_ep = { {0} };
119 	meminfo_t *bl1_tzram_layout;
120 	meminfo_t *bl2_tzram_layout = 0x0;
121 	int err;
122 
123 #if DEBUG
124 	unsigned long val;
125 	/*
126 	 * Ensure that MMU/Caches and coherency are turned on
127 	 */
128 	val = read_sctlr_el3();
129 	assert(val & SCTLR_M_BIT);
130 	assert(val & SCTLR_C_BIT);
131 	assert(val & SCTLR_I_BIT);
132 	/*
133 	 * Check that Cache Writeback Granule (CWG) in CTR_EL0 matches the
134 	 * provided platform value
135 	 */
136 	val = (read_ctr_el0() >> CTR_CWG_SHIFT) & CTR_CWG_MASK;
137 	/*
138 	 * If CWG is zero, then no CWG information is available but we can
139 	 * at least check the platform value is less than the architectural
140 	 * maximum.
141 	 */
142 	if (val != 0)
143 		assert(CACHE_WRITEBACK_GRANULE == SIZE_FROM_LOG2_WORDS(val));
144 	else
145 		assert(CACHE_WRITEBACK_GRANULE <= MAX_CACHE_LINE_SIZE);
146 #endif
147 
148 	/* Perform remaining generic architectural setup from EL3 */
149 	bl1_arch_setup();
150 
151 	/* Perform platform setup in BL1. */
152 	bl1_platform_setup();
153 
154 	SET_PARAM_HEAD(&bl2_image_info, PARAM_IMAGE_BINARY, VERSION_1, 0);
155 	SET_PARAM_HEAD(&bl2_ep, PARAM_EP, VERSION_1, 0);
156 
157 	/* Find out how much free trusted ram remains after BL1 load */
158 	bl1_tzram_layout = bl1_plat_sec_mem_layout();
159 
160 	INFO("BL1: Loading BL2\n");
161 
162 #if TRUSTED_BOARD_BOOT
163 	/* Initialize authentication module */
164 	auth_init();
165 
166 	/*
167 	 * Load the BL2 certificate into the BL2 region. This region will be
168 	 * overwritten by the image, so the authentication module is responsible
169 	 * for storing the relevant data from the certificate (keys, hashes,
170 	 * etc.) so it can be used later.
171 	 */
172 	err = load_image(bl1_tzram_layout,
173 			 BL2_CERT_ID,
174 			 BL2_BASE,
175 			 &bl2_image_info,
176 			 NULL);
177 	if (err) {
178 		ERROR("Failed to load BL2 certificate.\n");
179 		panic();
180 	}
181 
182 	err = auth_verify_obj(AUTH_BL2_IMG_CERT, bl2_image_info.image_base,
183 			bl2_image_info.image_size);
184 	if (err) {
185 		ERROR("Failed to validate BL2 certificate.\n");
186 		panic();
187 	}
188 #endif /* TRUSTED_BOARD_BOOT */
189 
190 	/* Load the BL2 image */
191 	err = load_image(bl1_tzram_layout,
192 			 BL2_IMAGE_ID,
193 			 BL2_BASE,
194 			 &bl2_image_info,
195 			 &bl2_ep);
196 	if (err) {
197 		/*
198 		 * TODO: print failure to load BL2 but also add a tzwdog timer
199 		 * which will reset the system eventually.
200 		 */
201 		ERROR("Failed to load BL2 firmware.\n");
202 		panic();
203 	}
204 
205 #if TRUSTED_BOARD_BOOT
206 	err = auth_verify_obj(AUTH_BL2_IMG, bl2_image_info.image_base,
207 				bl2_image_info.image_size);
208 	if (err) {
209 		ERROR("Failed to validate BL2 image.\n");
210 		panic();
211 	}
212 
213 	/* After working with data, invalidate the data cache */
214 	inv_dcache_range(bl2_image_info.image_base,
215 			(size_t)bl2_image_info.image_size);
216 #endif /* TRUSTED_BOARD_BOOT */
217 
218 	/*
219 	 * Create a new layout of memory for BL2 as seen by BL1 i.e.
220 	 * tell it the amount of total and free memory available.
221 	 * This layout is created at the first free address visible
222 	 * to BL2. BL2 will read the memory layout before using its
223 	 * memory for other purposes.
224 	 */
225 	bl2_tzram_layout = (meminfo_t *) bl1_tzram_layout->free_base;
226 	bl1_init_bl2_mem_layout(bl1_tzram_layout, bl2_tzram_layout);
227 
228 	bl1_plat_set_bl2_ep_info(&bl2_image_info, &bl2_ep);
229 	bl2_ep.args.arg1 = (unsigned long)bl2_tzram_layout;
230 	NOTICE("BL1: Booting BL2\n");
231 	INFO("BL1: BL2 address = 0x%llx\n",
232 		(unsigned long long) bl2_ep.pc);
233 	INFO("BL1: BL2 spsr = 0x%x\n", bl2_ep.spsr);
234 	VERBOSE("BL1: BL2 memory layout address = 0x%llx\n",
235 		(unsigned long long) bl2_tzram_layout);
236 
237 	bl1_run_bl2(&bl2_ep);
238 
239 	return;
240 }
241 
242 /*******************************************************************************
243  * Temporary function to print the fact that BL2 has done its job and BL31 is
244  * about to be loaded. This is needed as long as printfs cannot be used
245  ******************************************************************************/
246 void display_boot_progress(entry_point_info_t *bl31_ep_info)
247 {
248 	NOTICE("BL1: Booting BL3-1\n");
249 	INFO("BL1: BL3-1 address = 0x%llx\n",
250 		(unsigned long long)bl31_ep_info->pc);
251 	INFO("BL1: BL3-1 spsr = 0x%llx\n",
252 		(unsigned long long)bl31_ep_info->spsr);
253 	INFO("BL1: BL3-1 params address = 0x%llx\n",
254 		(unsigned long long)bl31_ep_info->args.arg0);
255 	INFO("BL1: BL3-1 plat params address = 0x%llx\n",
256 		(unsigned long long)bl31_ep_info->args.arg1);
257 }
258