1 /* 2 * Copyright (c) 2013-2025, Arm Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 #include <string.h> 9 10 #include <arch.h> 11 #include <arch_features.h> 12 #include <arch_helpers.h> 13 #include <bl31/bl31.h> 14 #include <bl31/ehf.h> 15 #include <common/bl_common.h> 16 #include <common/build_message.h> 17 #include <common/debug.h> 18 #include <common/feat_detect.h> 19 #include <common/runtime_svc.h> 20 #include <drivers/arm/dsu.h> 21 #include <drivers/arm/gic.h> 22 #include <drivers/console.h> 23 #include <lib/bootmarker_capture.h> 24 #include <lib/el3_runtime/context_debug.h> 25 #include <lib/el3_runtime/context_mgmt.h> 26 #include <lib/extensions/pauth.h> 27 #include <lib/gpt_rme/gpt_rme.h> 28 #include <lib/pmf/pmf.h> 29 #include <lib/runtime_instr.h> 30 #include <lib/xlat_tables/xlat_mmu_helpers.h> 31 #include <plat/common/platform.h> 32 #include <services/std_svc.h> 33 34 #if ENABLE_RUNTIME_INSTRUMENTATION 35 PMF_REGISTER_SERVICE_SMC(rt_instr_svc, PMF_RT_INSTR_SVC_ID, 36 RT_INSTR_TOTAL_IDS, PMF_STORE_ENABLE) 37 #endif 38 39 #if ENABLE_RUNTIME_INSTRUMENTATION 40 PMF_REGISTER_SERVICE(bl_svc, PMF_RT_INSTR_SVC_ID, 41 BL_TOTAL_IDS, PMF_DUMP_ENABLE) 42 #endif 43 44 /******************************************************************************* 45 * This function pointer is used to initialise the BL32 image. It's initialized 46 * by SPD calling bl31_register_bl32_init after setting up all things necessary 47 * for SP execution. In cases where both SPD and SP are absent, or when SPD 48 * finds it impossible to execute SP, this pointer is left as NULL 49 ******************************************************************************/ 50 static int32_t (*bl32_init)(void); 51 52 /***************************************************************************** 53 * Function used to initialise RMM if RME is enabled 54 *****************************************************************************/ 55 #if ENABLE_RME 56 static int32_t (*rmm_init)(void); 57 #endif 58 59 /******************************************************************************* 60 * Variable to indicate whether next image to execute after BL31 is BL33 61 * (non-secure & default) or BL32 (secure). 62 ******************************************************************************/ 63 static uint32_t next_image_type = (uint32_t)NON_SECURE; 64 65 #ifdef SUPPORT_UNKNOWN_MPID 66 /* 67 * Flag to know whether an unsupported MPID has been detected. To avoid having it 68 * landing on the .bss section, it is initialized to a non-zero value, this way 69 * we avoid potential WAW hazards during system bring up. 70 * */ 71 volatile uint32_t unsupported_mpid_flag = 1; 72 #endif 73 74 /* 75 * Implement the ARM Standard Service function to get arguments for a 76 * particular service. 77 */ 78 uintptr_t get_arm_std_svc_args(unsigned int svc_mask) 79 { 80 /* Setup the arguments for PSCI Library */ 81 DEFINE_STATIC_PSCI_LIB_ARGS_V1(psci_args, bl31_warm_entrypoint); 82 83 /* PSCI is the only ARM Standard Service implemented */ 84 assert(svc_mask == PSCI_FID_MASK); 85 86 return (uintptr_t)&psci_args; 87 } 88 89 /******************************************************************************* 90 * Simple function to initialise all BL31 helper libraries. 91 ******************************************************************************/ 92 static void __init bl31_lib_init(void) 93 { 94 cm_init(); 95 } 96 97 /******************************************************************************* 98 * BL31 is responsible for setting up the runtime services for the primary cpu 99 * before passing control to the bootloader or an Operating System. This 100 * function calls runtime_svc_init() which initializes all registered runtime 101 * services. The run time services would setup enough context for the core to 102 * switch to the next exception level. When this function returns, the core will 103 * switch to the programmed exception level via an ERET. 104 ******************************************************************************/ 105 void __no_pauth bl31_main(u_register_t arg0, u_register_t arg1, u_register_t arg2, 106 u_register_t arg3) 107 { 108 unsigned int core_pos = plat_my_core_pos(); 109 110 /* Enable early console if EARLY_CONSOLE flag is enabled */ 111 plat_setup_early_console(); 112 113 /* Perform early platform-specific setup */ 114 bl31_early_platform_setup2(arg0, arg1, arg2, arg3); 115 116 /* Perform late platform-specific setup */ 117 bl31_plat_arch_setup(); 118 119 #if FEATURE_DETECTION 120 /* Detect if features enabled during compilation are supported by PE. */ 121 detect_arch_features(core_pos); 122 #endif /* FEATURE_DETECTION */ 123 124 /* Prints context_memory allocated for all the security states */ 125 report_ctx_memory_usage(); 126 127 if (is_feat_pauth_supported()) { 128 pauth_init_enable_el3(); 129 } 130 131 /* Init registers that never change for the lifetime of TF-A */ 132 cm_manage_extensions_el3(core_pos); 133 134 /* Init per-world context registers */ 135 cm_manage_extensions_per_world(); 136 137 NOTICE("BL31: %s\n", build_version_string); 138 NOTICE("BL31: %s\n", build_message); 139 140 #if ENABLE_RUNTIME_INSTRUMENTATION 141 PMF_CAPTURE_TIMESTAMP(bl_svc, BL31_ENTRY, PMF_CACHE_MAINT); 142 #endif 143 144 #ifdef SUPPORT_UNKNOWN_MPID 145 if (unsupported_mpid_flag == 0) { 146 NOTICE("Unsupported MPID detected!\n"); 147 } 148 #endif 149 150 /* Perform platform setup in BL31 */ 151 bl31_platform_setup(); 152 153 #if USE_DSU_DRIVER 154 dsu_driver_init(&plat_dsu_data); 155 #endif 156 157 #if USE_GIC_DRIVER 158 /* 159 * Initialize the GIC driver as well as per-cpu and global interfaces. 160 * Platform has had an opportunity to initialise specifics. 161 */ 162 gic_init(core_pos); 163 gic_pcpu_init(core_pos); 164 gic_cpuif_enable(core_pos); 165 #endif /* USE_GIC_DRIVER */ 166 167 /* Initialise helper libraries */ 168 bl31_lib_init(); 169 170 #if EL3_EXCEPTION_HANDLING 171 INFO("BL31: Initialising Exception Handling Framework\n"); 172 ehf_init(); 173 #endif 174 175 /* Initialize the runtime services e.g. psci. */ 176 INFO("BL31: Initializing runtime services\n"); 177 runtime_svc_init(); 178 179 /* 180 * All the cold boot actions on the primary cpu are done. We now need to 181 * decide which is the next image and how to execute it. 182 * If the SPD runtime service is present, it would want to pass control 183 * to BL32 first in S-EL1. In that case, SPD would have registered a 184 * function to initialize bl32 where it takes responsibility of entering 185 * S-EL1 and returning control back to bl31_main. Similarly, if RME is 186 * enabled and a function is registered to initialize RMM, control is 187 * transferred to RMM in R-EL2. After RMM initialization, control is 188 * returned back to bl31_main. Once this is done we can prepare entry 189 * into BL33 as normal. 190 */ 191 192 /* 193 * If SPD had registered an init hook, invoke it. 194 */ 195 if (bl32_init != NULL) { 196 INFO("BL31: Initializing BL32\n"); 197 198 console_flush(); 199 int32_t rc = (*bl32_init)(); 200 201 if (rc == 0) { 202 WARN("BL31: BL32 initialization failed\n"); 203 } 204 } 205 206 /* 207 * If RME is enabled and init hook is registered, initialize RMM 208 * in R-EL2. 209 */ 210 #if ENABLE_RME 211 if (rmm_init != NULL) { 212 INFO("BL31: Initializing RMM\n"); 213 214 console_flush(); 215 int32_t rc = (*rmm_init)(); 216 217 if (rc == 0) { 218 WARN("BL31: RMM initialization failed\n"); 219 } 220 } 221 #endif 222 223 /* 224 * We are ready to enter the next EL. Prepare entry into the image 225 * corresponding to the desired security state after the next ERET. 226 */ 227 bl31_prepare_next_image_entry(); 228 229 /* 230 * Perform any platform specific runtime setup prior to cold boot exit 231 * from BL31 232 */ 233 bl31_plat_runtime_setup(); 234 235 #if ENABLE_RUNTIME_INSTRUMENTATION 236 console_flush(); 237 PMF_CAPTURE_TIMESTAMP(bl_svc, BL31_EXIT, PMF_CACHE_MAINT); 238 #endif 239 240 console_flush(); 241 console_switch_state(CONSOLE_FLAG_RUNTIME); 242 } 243 244 void __no_pauth bl31_warmboot(void) 245 { 246 /* 247 * We're about to enable MMU and participate in PSCI state coordination. 248 * 249 * The PSCI implementation invokes platform routines that enable CPUs to 250 * participate in coherency. On a system where CPUs are not 251 * cache-coherent without appropriate platform specific programming, 252 * having caches enabled until such time might lead to coherency issues 253 * (resulting from stale data getting speculatively fetched, among 254 * others). Therefore we keep data caches disabled even after enabling 255 * the MMU for such platforms. 256 * 257 * On systems with hardware-assisted coherency, or on single cluster 258 * platforms, such platform specific programming is not required to 259 * enter coherency (as CPUs already are); and there's no reason to have 260 * caches disabled either. 261 */ 262 #if HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY 263 bl31_plat_enable_mmu(0); 264 #else 265 bl31_plat_enable_mmu(DISABLE_DCACHE); 266 #endif 267 268 #if ENABLE_RME 269 /* 270 * At warm boot GPT data structures have already been initialized in RAM 271 * but the sysregs for this CPU need to be initialized. Note that the GPT 272 * accesses are controlled attributes in GPCCR and do not depend on the 273 * SCR_EL3.C bit. 274 */ 275 if (gpt_enable() != 0) { 276 panic(); 277 } 278 #endif 279 280 if (is_feat_pauth_supported()) { 281 pauth_init_enable_el3(); 282 } 283 284 psci_warmboot_entrypoint(); 285 } 286 287 /******************************************************************************* 288 * Accessor functions to help runtime services decide which image should be 289 * executed after BL31. This is BL33 or the non-secure bootloader image by 290 * default but the Secure payload dispatcher could override this by requesting 291 * an entry into BL32 (Secure payload) first. If it does so then it should use 292 * the same API to program an entry into BL33 once BL32 initialisation is 293 * complete. 294 ******************************************************************************/ 295 void bl31_set_next_image_type(uint32_t security_state) 296 { 297 assert(sec_state_is_valid(security_state)); 298 next_image_type = security_state; 299 } 300 301 static uint32_t bl31_get_next_image_type(void) 302 { 303 return next_image_type; 304 } 305 306 /******************************************************************************* 307 * This function programs EL3 registers and performs other setup to enable entry 308 * into the next image after BL31 at the next ERET. 309 ******************************************************************************/ 310 void __init bl31_prepare_next_image_entry(void) 311 { 312 const entry_point_info_t *next_image_info; 313 uint32_t image_type; 314 315 #if CTX_INCLUDE_AARCH32_REGS 316 /* 317 * Ensure that the build flag to save AArch32 system registers in CPU 318 * context is not set for AArch64-only platforms. 319 */ 320 if (el_implemented(1) == EL_IMPL_A64ONLY) { 321 ERROR("EL1 supports AArch64-only. Please set build flag " 322 "CTX_INCLUDE_AARCH32_REGS = 0\n"); 323 panic(); 324 } 325 #endif 326 327 /* Determine which image to execute next */ 328 image_type = bl31_get_next_image_type(); 329 330 /* Program EL3 registers to enable entry into the next EL */ 331 next_image_info = bl31_plat_get_next_image_ep_info(image_type); 332 assert(next_image_info != NULL); 333 assert(image_type == GET_SECURITY_STATE(next_image_info->h.attr)); 334 335 INFO("BL31: Preparing for EL3 exit to %s world\n", 336 (image_type == SECURE) ? "secure" : "normal"); 337 print_entry_point_info(next_image_info); 338 cm_init_my_context(next_image_info); 339 340 /* 341 * If we are entering the Non-secure world, use 342 * 'cm_prepare_el3_exit_ns' to exit. 343 */ 344 if (image_type == NON_SECURE) { 345 cm_prepare_el3_exit_ns(); 346 } else { 347 cm_prepare_el3_exit(image_type); 348 } 349 } 350 351 /******************************************************************************* 352 * This function initializes the pointer to BL32 init function. This is expected 353 * to be called by the SPD after it finishes all its initialization 354 ******************************************************************************/ 355 void bl31_register_bl32_init(int32_t (*func)(void)) 356 { 357 bl32_init = func; 358 } 359 360 #if ENABLE_RME 361 /******************************************************************************* 362 * This function initializes the pointer to RMM init function. This is expected 363 * to be called by the RMMD after it finishes all its initialization 364 ******************************************************************************/ 365 void bl31_register_rmm_init(int32_t (*func)(void)) 366 { 367 rmm_init = func; 368 } 369 #endif 370