1 /*
2 * Copyright (c) 2013-2025, Arm Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8 #include <string.h>
9
10 #include <arch.h>
11 #include <arch_features.h>
12 #include <arch_helpers.h>
13 #include <bl31/bl31.h>
14 #include <bl31/ehf.h>
15 #include <common/bl_common.h>
16 #include <common/build_message.h>
17 #include <common/debug.h>
18 #include <common/feat_detect.h>
19 #include <common/runtime_svc.h>
20 #include <drivers/arm/dsu.h>
21 #include <drivers/arm/gic.h>
22 #include <drivers/console.h>
23 #include <lib/bootmarker_capture.h>
24 #include <lib/el3_runtime/context_debug.h>
25 #include <lib/el3_runtime/context_mgmt.h>
26 #include <lib/extensions/pauth.h>
27 #include <lib/gpt_rme/gpt_rme.h>
28 #include <lib/pmf/pmf.h>
29 #include <lib/runtime_instr.h>
30 #include <lib/xlat_tables/xlat_mmu_helpers.h>
31 #include <plat/common/platform.h>
32 #include <services/std_svc.h>
33
34 #if ENABLE_RUNTIME_INSTRUMENTATION
35 PMF_REGISTER_SERVICE_SMC(rt_instr_svc, PMF_RT_INSTR_SVC_ID,
36 RT_INSTR_TOTAL_IDS, PMF_STORE_ENABLE)
37 #endif
38
39 #if ENABLE_RUNTIME_INSTRUMENTATION
40 PMF_REGISTER_SERVICE(bl_svc, PMF_RT_INSTR_SVC_ID,
41 BL_TOTAL_IDS, PMF_DUMP_ENABLE)
42 #endif
43
44 /*******************************************************************************
45 * This function pointer is used to initialise the BL32 image. It's initialized
46 * by SPD calling bl31_register_bl32_init after setting up all things necessary
47 * for SP execution. In cases where both SPD and SP are absent, or when SPD
48 * finds it impossible to execute SP, this pointer is left as NULL
49 ******************************************************************************/
50 static int32_t (*bl32_init)(void);
51
52 /*****************************************************************************
53 * Function used to initialise RMM if RME is enabled
54 *****************************************************************************/
55 #if ENABLE_RME
56 static int32_t (*rmm_init)(void);
57 #endif
58
59 /*******************************************************************************
60 * Variable to indicate whether next image to execute after BL31 is BL33
61 * (non-secure & default) or BL32 (secure).
62 ******************************************************************************/
63 static uint32_t next_image_type = (uint32_t)NON_SECURE;
64
65 #ifdef SUPPORT_UNKNOWN_MPID
66 /*
67 * Flag to know whether an unsupported MPID has been detected. To avoid having it
68 * landing on the .bss section, it is initialized to a non-zero value, this way
69 * we avoid potential WAW hazards during system bring up.
70 * */
71 volatile uint32_t unsupported_mpid_flag = 1;
72 #endif
73
74 /*
75 * Implement the ARM Standard Service function to get arguments for a
76 * particular service.
77 */
get_arm_std_svc_args(unsigned int svc_mask)78 uintptr_t get_arm_std_svc_args(unsigned int svc_mask)
79 {
80 /* Setup the arguments for PSCI Library */
81 DEFINE_STATIC_PSCI_LIB_ARGS_V1(psci_args, bl31_warm_entrypoint);
82
83 /* PSCI is the only ARM Standard Service implemented */
84 assert(svc_mask == PSCI_FID_MASK);
85
86 return (uintptr_t)&psci_args;
87 }
88
89 /*******************************************************************************
90 * Simple function to initialise all BL31 helper libraries.
91 ******************************************************************************/
bl31_lib_init(void)92 static void __init bl31_lib_init(void)
93 {
94 cm_init();
95 }
96
97 /*******************************************************************************
98 * BL31 is responsible for setting up the runtime services for the primary cpu
99 * before passing control to the bootloader or an Operating System. This
100 * function calls runtime_svc_init() which initializes all registered runtime
101 * services. The run time services would setup enough context for the core to
102 * switch to the next exception level. When this function returns, the core will
103 * switch to the programmed exception level via an ERET.
104 ******************************************************************************/
bl31_main(u_register_t arg0,u_register_t arg1,u_register_t arg2,u_register_t arg3)105 void __no_pauth bl31_main(u_register_t arg0, u_register_t arg1, u_register_t arg2,
106 u_register_t arg3)
107 {
108 unsigned int core_pos = plat_my_core_pos();
109
110 /* Enable early console if EARLY_CONSOLE flag is enabled */
111 plat_setup_early_console();
112
113 /* Perform early platform-specific setup */
114 bl31_early_platform_setup2(arg0, arg1, arg2, arg3);
115
116 /* Perform late platform-specific setup */
117 bl31_plat_arch_setup();
118
119 #if FEATURE_DETECTION
120 /* Detect if features enabled during compilation are supported by PE. */
121 detect_arch_features(core_pos);
122 #endif /* FEATURE_DETECTION */
123
124 /* Prints context_memory allocated for all the security states */
125 report_ctx_memory_usage();
126
127 /* Init registers that never change for the lifetime of the core. */
128 cm_manage_extensions_el3(core_pos);
129
130 /* Init per-world context registers */
131 cm_manage_extensions_per_world();
132
133 NOTICE("BL31: %s\n", build_version_string);
134 NOTICE("BL31: %s\n", build_message);
135
136 #if ENABLE_RUNTIME_INSTRUMENTATION
137 PMF_CAPTURE_TIMESTAMP(bl_svc, BL31_ENTRY, PMF_CACHE_MAINT);
138 #endif
139
140 #ifdef SUPPORT_UNKNOWN_MPID
141 if (unsupported_mpid_flag == 0) {
142 NOTICE("Unsupported MPID detected!\n");
143 }
144 #endif
145
146 /* Perform platform setup in BL31 */
147 bl31_platform_setup();
148
149 #if USE_DSU_DRIVER
150 dsu_driver_init(&plat_dsu_data);
151 #endif
152
153 #if USE_GIC_DRIVER
154 /*
155 * Initialize the GIC driver as well as per-cpu and global interfaces.
156 * Platform has had an opportunity to initialise specifics.
157 */
158 gic_init(core_pos);
159 gic_pcpu_init(core_pos);
160 gic_cpuif_enable(core_pos);
161 #endif /* USE_GIC_DRIVER */
162
163 /* Initialise helper libraries */
164 bl31_lib_init();
165
166 #if EL3_EXCEPTION_HANDLING
167 INFO("BL31: Initialising Exception Handling Framework\n");
168 ehf_init();
169 #endif
170
171 /* Initialize the runtime services e.g. psci. */
172 INFO("BL31: Initializing runtime services\n");
173 runtime_svc_init();
174
175 /*
176 * All the cold boot actions on the primary cpu are done. We now need to
177 * decide which is the next image and how to execute it.
178 * If the SPD runtime service is present, it would want to pass control
179 * to BL32 first in S-EL1. In that case, SPD would have registered a
180 * function to initialize bl32 where it takes responsibility of entering
181 * S-EL1 and returning control back to bl31_main. Similarly, if RME is
182 * enabled and a function is registered to initialize RMM, control is
183 * transferred to RMM in R-EL2. After RMM initialization, control is
184 * returned back to bl31_main. Once this is done we can prepare entry
185 * into BL33 as normal.
186 */
187
188 /*
189 * If SPD had registered an init hook, invoke it.
190 */
191 if (bl32_init != NULL) {
192 INFO("BL31: Initializing BL32\n");
193
194 console_flush();
195 int32_t rc = (*bl32_init)();
196
197 if (rc == 0) {
198 WARN("BL31: BL32 initialization failed\n");
199 }
200 }
201
202 /*
203 * If RME is enabled and init hook is registered, initialize RMM
204 * in R-EL2.
205 */
206 #if ENABLE_RME
207 if (rmm_init != NULL) {
208 INFO("BL31: Initializing RMM\n");
209
210 console_flush();
211 int32_t rc = (*rmm_init)();
212
213 if (rc == 0) {
214 WARN("BL31: RMM initialization failed\n");
215 }
216 }
217 #endif
218
219 /*
220 * We are ready to enter the next EL. Prepare entry into the image
221 * corresponding to the desired security state after the next ERET.
222 */
223 bl31_prepare_next_image_entry();
224
225 /*
226 * Perform any platform specific runtime setup prior to cold boot exit
227 * from BL31
228 */
229 bl31_plat_runtime_setup();
230
231 #if ENABLE_RUNTIME_INSTRUMENTATION
232 console_flush();
233 PMF_CAPTURE_TIMESTAMP(bl_svc, BL31_EXIT, PMF_CACHE_MAINT);
234 #endif
235
236 console_flush();
237 console_switch_state(CONSOLE_FLAG_RUNTIME);
238 }
239
bl31_warmboot(void)240 void __no_pauth bl31_warmboot(void)
241 {
242 unsigned int core_pos = plat_my_core_pos();
243
244 #if FEATURE_DETECTION
245 /* Detect if features enabled during compilation are supported by PE. */
246 detect_arch_features(core_pos);
247 #endif /* FEATURE_DETECTION */
248
249 /*
250 * We're about to enable MMU and participate in PSCI state coordination.
251 *
252 * The PSCI implementation invokes platform routines that enable CPUs to
253 * participate in coherency. On a system where CPUs are not
254 * cache-coherent without appropriate platform specific programming,
255 * having caches enabled until such time might lead to coherency issues
256 * (resulting from stale data getting speculatively fetched, among
257 * others). Therefore we keep data caches disabled even after enabling
258 * the MMU for such platforms.
259 *
260 * On systems with hardware-assisted coherency, or on single cluster
261 * platforms, such platform specific programming is not required to
262 * enter coherency (as CPUs already are); and there's no reason to have
263 * caches disabled either.
264 */
265 #if HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY
266 bl31_plat_enable_mmu(0);
267 #else
268 bl31_plat_enable_mmu(DISABLE_DCACHE);
269 #endif
270
271 /* Init registers that never change for the lifetime of the core. */
272 cm_manage_extensions_el3(core_pos);
273
274 #if ENABLE_RME
275 /*
276 * At warm boot GPT data structures have already been initialized in RAM
277 * but the sysregs for this CPU need to be initialized. Note that the GPT
278 * accesses are controlled attributes in GPCCR and do not depend on the
279 * SCR_EL3.C bit.
280 */
281 if (gpt_enable() != 0) {
282 panic();
283 }
284 #endif
285
286 /* Enable DSU driver for each booting core */
287 #if USE_DSU_DRIVER
288 dsu_driver_init(&plat_dsu_data);
289 #endif
290
291 psci_warmboot_entrypoint(core_pos);
292 }
293
294 /*******************************************************************************
295 * Accessor functions to help runtime services decide which image should be
296 * executed after BL31. This is BL33 or the non-secure bootloader image by
297 * default but the Secure payload dispatcher could override this by requesting
298 * an entry into BL32 (Secure payload) first. If it does so then it should use
299 * the same API to program an entry into BL33 once BL32 initialisation is
300 * complete.
301 ******************************************************************************/
bl31_set_next_image_type(uint32_t security_state)302 void bl31_set_next_image_type(uint32_t security_state)
303 {
304 assert(sec_state_is_valid(security_state));
305 next_image_type = security_state;
306 }
307
bl31_get_next_image_type(void)308 static uint32_t bl31_get_next_image_type(void)
309 {
310 return next_image_type;
311 }
312
313 /*******************************************************************************
314 * This function programs EL3 registers and performs other setup to enable entry
315 * into the next image after BL31 at the next ERET.
316 ******************************************************************************/
bl31_prepare_next_image_entry(void)317 void __init bl31_prepare_next_image_entry(void)
318 {
319 const entry_point_info_t *next_image_info;
320 uint32_t image_type;
321
322 #if CTX_INCLUDE_AARCH32_REGS
323 /*
324 * Ensure that the build flag to save AArch32 system registers in CPU
325 * context is not set for AArch64-only platforms.
326 */
327 if (el_implemented(1) == EL_IMPL_A64ONLY) {
328 ERROR("EL1 supports AArch64-only. Please set build flag "
329 "CTX_INCLUDE_AARCH32_REGS = 0\n");
330 panic();
331 }
332 #endif
333
334 /* Determine which image to execute next */
335 image_type = bl31_get_next_image_type();
336
337 /* Program EL3 registers to enable entry into the next EL */
338 next_image_info = bl31_plat_get_next_image_ep_info(image_type);
339 assert(next_image_info != NULL);
340 assert(image_type == GET_SECURITY_STATE(next_image_info->h.attr));
341
342 INFO("BL31: Preparing for EL3 exit to %s world\n",
343 (image_type == SECURE) ? "secure" : "normal");
344 print_entry_point_info(next_image_info);
345 cm_init_my_context(next_image_info);
346
347 /*
348 * If we are entering the Non-secure world, use
349 * 'cm_prepare_el3_exit_ns' to exit.
350 */
351 if (image_type == NON_SECURE) {
352 cm_prepare_el3_exit_ns();
353 } else {
354 cm_prepare_el3_exit(image_type);
355 }
356 }
357
358 /*******************************************************************************
359 * This function initializes the pointer to BL32 init function. This is expected
360 * to be called by the SPD after it finishes all its initialization
361 ******************************************************************************/
bl31_register_bl32_init(int32_t (* func)(void))362 void bl31_register_bl32_init(int32_t (*func)(void))
363 {
364 bl32_init = func;
365 }
366
367 #if ENABLE_RME
368 /*******************************************************************************
369 * This function initializes the pointer to RMM init function. This is expected
370 * to be called by the RMMD after it finishes all its initialization
371 ******************************************************************************/
bl31_register_rmm_init(int32_t (* func)(void))372 void bl31_register_rmm_init(int32_t (*func)(void))
373 {
374 rmm_init = func;
375 }
376 #endif
377