xref: /rk3399_ARM-atf/bl1/bl1_main.c (revision 354ab57dba7f81bfa2f2878a3864c39e1839bd06) 
1 /*
2  * Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions are met:
6  *
7  * Redistributions of source code must retain the above copyright notice, this
8  * list of conditions and the following disclaimer.
9  *
10  * Redistributions in binary form must reproduce the above copyright notice,
11  * this list of conditions and the following disclaimer in the documentation
12  * and/or other materials provided with the distribution.
13  *
14  * Neither the name of ARM nor the names of its contributors may be used
15  * to endorse or promote products derived from this software without specific
16  * prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28  * POSSIBILITY OF SUCH DAMAGE.
29  */
30 
31 #include <arch.h>
32 #include <arch_helpers.h>
33 #include <assert.h>
34 #include <auth.h>
35 #include <bl_common.h>
36 #include <debug.h>
37 #include <platform.h>
38 #include <platform_def.h>
39 #include "bl1_private.h"
40 
41 /*******************************************************************************
42  * Runs BL2 from the given entry point. It results in dropping the
43  * exception level
44  ******************************************************************************/
45 static void __dead2 bl1_run_bl2(entry_point_info_t *bl2_ep)
46 {
47 	bl1_arch_next_el_setup();
48 
49 	/* Tell next EL what we want done */
50 	bl2_ep->args.arg0 = RUN_IMAGE;
51 
52 	if (GET_SECURITY_STATE(bl2_ep->h.attr) == NON_SECURE)
53 		change_security_state(GET_SECURITY_STATE(bl2_ep->h.attr));
54 
55 	write_spsr_el3(bl2_ep->spsr);
56 	write_elr_el3(bl2_ep->pc);
57 
58 	eret(bl2_ep->args.arg0,
59 		bl2_ep->args.arg1,
60 		bl2_ep->args.arg2,
61 		bl2_ep->args.arg3,
62 		bl2_ep->args.arg4,
63 		bl2_ep->args.arg5,
64 		bl2_ep->args.arg6,
65 		bl2_ep->args.arg7);
66 }
67 
68 /*******************************************************************************
69  * The next function has a weak definition. Platform specific code can override
70  * it if it wishes to.
71  ******************************************************************************/
72 #pragma weak bl1_init_bl2_mem_layout
73 
74 /*******************************************************************************
75  * Function that takes a memory layout into which BL2 has been loaded and
76  * populates a new memory layout for BL2 that ensures that BL1's data sections
77  * resident in secure RAM are not visible to BL2.
78  ******************************************************************************/
79 void bl1_init_bl2_mem_layout(const meminfo_t *bl1_mem_layout,
80 			     meminfo_t *bl2_mem_layout)
81 {
82 	const size_t bl1_size = BL1_RAM_LIMIT - BL1_RAM_BASE;
83 
84 	assert(bl1_mem_layout != NULL);
85 	assert(bl2_mem_layout != NULL);
86 
87 	/* Check that BL1's memory is lying outside of the free memory */
88 	assert((BL1_RAM_LIMIT <= bl1_mem_layout->free_base) ||
89 	       (BL1_RAM_BASE >= bl1_mem_layout->free_base + bl1_mem_layout->free_size));
90 
91 	/* Remove BL1 RW data from the scope of memory visible to BL2 */
92 	*bl2_mem_layout = *bl1_mem_layout;
93 	reserve_mem(&bl2_mem_layout->total_base,
94 		    &bl2_mem_layout->total_size,
95 		    BL1_RAM_BASE,
96 		    bl1_size);
97 
98 	flush_dcache_range((unsigned long)bl2_mem_layout, sizeof(meminfo_t));
99 }
100 
101 /*******************************************************************************
102  * Function to perform late architectural and platform specific initialization.
103  * It also locates and loads the BL2 raw binary image in the trusted DRAM. Only
104  * called by the primary cpu after a cold boot.
105  * TODO: Add support for alternative image load mechanism e.g using virtio/elf
106  * loader etc.
107   ******************************************************************************/
108 void bl1_main(void)
109 {
110 	/* Announce our arrival */
111 	NOTICE(FIRMWARE_WELCOME_STR);
112 	NOTICE("BL1: %s\n", version_string);
113 	NOTICE("BL1: %s\n", build_message);
114 
115 	INFO("BL1: RAM 0x%lx - 0x%lx\n", BL1_RAM_BASE, BL1_RAM_LIMIT);
116 
117 	image_info_t bl2_image_info = { {0} };
118 	entry_point_info_t bl2_ep = { {0} };
119 	meminfo_t *bl1_tzram_layout;
120 	meminfo_t *bl2_tzram_layout = 0x0;
121 	int err;
122 
123 #if DEBUG
124 	unsigned long val;
125 	/*
126 	 * Ensure that MMU/Caches and coherency are turned on
127 	 */
128 	val = read_sctlr_el3();
129 	assert(val & SCTLR_M_BIT);
130 	assert(val & SCTLR_C_BIT);
131 	assert(val & SCTLR_I_BIT);
132 	/*
133 	 * Check that Cache Writeback Granule (CWG) in CTR_EL0 matches the
134 	 * provided platform value
135 	 */
136 	val = (read_ctr_el0() >> CTR_CWG_SHIFT) & CTR_CWG_MASK;
137 	/*
138 	 * If CWG is zero, then no CWG information is available but we can
139 	 * at least check the platform value is less than the architectural
140 	 * maximum.
141 	 */
142 	if (val != 0)
143 		assert(CACHE_WRITEBACK_GRANULE == SIZE_FROM_LOG2_WORDS(val));
144 	else
145 		assert(CACHE_WRITEBACK_GRANULE <= MAX_CACHE_LINE_SIZE);
146 #endif
147 
148 	/* Perform remaining generic architectural setup from EL3 */
149 	bl1_arch_setup();
150 
151 	/* Perform platform setup in BL1. */
152 	bl1_platform_setup();
153 
154 	SET_PARAM_HEAD(&bl2_image_info, PARAM_IMAGE_BINARY, VERSION_1, 0);
155 	SET_PARAM_HEAD(&bl2_ep, PARAM_EP, VERSION_1, 0);
156 
157 	/* Find out how much free trusted ram remains after BL1 load */
158 	bl1_tzram_layout = bl1_plat_sec_mem_layout();
159 
160 #if TRUSTED_BOARD_BOOT
161 	/* Initialize authentication module */
162 	auth_init();
163 
164 	/*
165 	 * Load the BL2 certificate into the BL2 region. This region will be
166 	 * overwritten by the image, so the authentication module is responsible
167 	 * for storing the relevant data from the certificate (keys, hashes,
168 	 * etc.) so it can be used later.
169 	 */
170 	err = load_image(bl1_tzram_layout,
171 			 BL2_CERT_NAME,
172 			 BL2_BASE,
173 			 &bl2_image_info,
174 			 NULL);
175 	if (err) {
176 		ERROR("Failed to load BL2 certificate.\n");
177 		panic();
178 	}
179 
180 	err = auth_verify_obj(AUTH_BL2_IMG_CERT, bl2_image_info.image_base,
181 			bl2_image_info.image_size);
182 	if (err) {
183 		ERROR("Failed to validate BL2 certificate.\n");
184 		panic();
185 	}
186 #endif /* TRUSTED_BOARD_BOOT */
187 
188 	/* Load the BL2 image */
189 	err = load_image(bl1_tzram_layout,
190 			 BL2_IMAGE_NAME,
191 			 BL2_BASE,
192 			 &bl2_image_info,
193 			 &bl2_ep);
194 	if (err) {
195 		/*
196 		 * TODO: print failure to load BL2 but also add a tzwdog timer
197 		 * which will reset the system eventually.
198 		 */
199 		ERROR("Failed to load BL2 firmware.\n");
200 		panic();
201 	}
202 
203 #if TRUSTED_BOARD_BOOT
204 	err = auth_verify_obj(AUTH_BL2_IMG, bl2_image_info.image_base,
205 				bl2_image_info.image_size);
206 	if (err) {
207 		ERROR("Failed to validate BL2 image.\n");
208 		panic();
209 	}
210 
211 	/* After working with data, invalidate the data cache */
212 	inv_dcache_range(bl2_image_info.image_base,
213 			(size_t)bl2_image_info.image_size);
214 #endif /* TRUSTED_BOARD_BOOT */
215 
216 	/*
217 	 * Create a new layout of memory for BL2 as seen by BL1 i.e.
218 	 * tell it the amount of total and free memory available.
219 	 * This layout is created at the first free address visible
220 	 * to BL2. BL2 will read the memory layout before using its
221 	 * memory for other purposes.
222 	 */
223 	bl2_tzram_layout = (meminfo_t *) bl1_tzram_layout->free_base;
224 	bl1_init_bl2_mem_layout(bl1_tzram_layout, bl2_tzram_layout);
225 
226 	bl1_plat_set_bl2_ep_info(&bl2_image_info, &bl2_ep);
227 	bl2_ep.args.arg1 = (unsigned long)bl2_tzram_layout;
228 	NOTICE("BL1: Booting BL2\n");
229 	INFO("BL1: BL2 address = 0x%llx\n",
230 		(unsigned long long) bl2_ep.pc);
231 	INFO("BL1: BL2 spsr = 0x%x\n", bl2_ep.spsr);
232 	VERBOSE("BL1: BL2 memory layout address = 0x%llx\n",
233 		(unsigned long long) bl2_tzram_layout);
234 
235 	bl1_run_bl2(&bl2_ep);
236 
237 	return;
238 }
239 
240 /*******************************************************************************
241  * Temporary function to print the fact that BL2 has done its job and BL31 is
242  * about to be loaded. This is needed as long as printfs cannot be used
243  ******************************************************************************/
244 void display_boot_progress(entry_point_info_t *bl31_ep_info)
245 {
246 	NOTICE("BL1: Booting BL3-1\n");
247 	INFO("BL1: BL3-1 address = 0x%llx\n",
248 		(unsigned long long)bl31_ep_info->pc);
249 	INFO("BL1: BL3-1 spsr = 0x%llx\n",
250 		(unsigned long long)bl31_ep_info->spsr);
251 	INFO("BL1: BL3-1 params address = 0x%llx\n",
252 		(unsigned long long)bl31_ep_info->args.arg0);
253 	INFO("BL1: BL3-1 plat params address = 0x%llx\n",
254 		(unsigned long long)bl31_ep_info->args.arg1);
255 }
256