1 /* 2 * Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * Redistributions of source code must retain the above copyright notice, this 8 * list of conditions and the following disclaimer. 9 * 10 * Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 14 * Neither the name of ARM nor the names of its contributors may be used 15 * to endorse or promote products derived from this software without specific 16 * prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28 * POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #include <arch.h> 32 #include <arch_helpers.h> 33 #include <assert.h> 34 #include <bl_common.h> 35 #include <debug.h> 36 #include <io_storage.h> 37 #include <platform.h> 38 #include <stdio.h> 39 40 unsigned long page_align(unsigned long value, unsigned dir) 41 { 42 unsigned long page_size = 1 << FOUR_KB_SHIFT; 43 44 /* Round up the limit to the next page boundary */ 45 if (value & (page_size - 1)) { 46 value &= ~(page_size - 1); 47 if (dir == UP) 48 value += page_size; 49 } 50 51 return value; 52 } 53 54 static inline unsigned int is_page_aligned (unsigned long addr) { 55 const unsigned long page_size = 1 << FOUR_KB_SHIFT; 56 57 return (addr & (page_size - 1)) == 0; 58 } 59 60 void change_security_state(unsigned int target_security_state) 61 { 62 unsigned long scr = read_scr(); 63 64 if (target_security_state == SECURE) 65 scr &= ~SCR_NS_BIT; 66 else if (target_security_state == NON_SECURE) 67 scr |= SCR_NS_BIT; 68 else 69 assert(0); 70 71 write_scr(scr); 72 } 73 74 75 /******************************************************************************* 76 * The next two functions are the weak definitions. Platform specific 77 * code can override them if it wishes to. 78 ******************************************************************************/ 79 80 /******************************************************************************* 81 * Function that takes a memory layout into which BL31 has been either top or 82 * bottom loaded. Using this information, it populates bl31_mem_layout to tell 83 * BL31 how much memory it has access to and how much is available for use. It 84 * does not need the address where BL31 has been loaded as BL31 will reclaim 85 * all the memory used by BL2. 86 * TODO: Revisit if this and init_bl2_mem_layout can be replaced by a single 87 * routine. 88 ******************************************************************************/ 89 void init_bl31_mem_layout(const meminfo_t *bl2_mem_layout, 90 meminfo_t *bl31_mem_layout, 91 unsigned int load_type) 92 { 93 if (load_type == BOT_LOAD) { 94 /* 95 * ------------ ^ 96 * | BL2 | | 97 * |----------| ^ | BL2 98 * | | | BL2 free | total 99 * | | | size | size 100 * |----------| BL2 free base v | 101 * | BL31 | | 102 * ------------ BL2 total base v 103 */ 104 unsigned long bl31_size; 105 106 bl31_mem_layout->free_base = bl2_mem_layout->free_base; 107 108 bl31_size = bl2_mem_layout->free_base - bl2_mem_layout->total_base; 109 bl31_mem_layout->free_size = bl2_mem_layout->total_size - bl31_size; 110 } else { 111 /* 112 * ------------ ^ 113 * | BL31 | | 114 * |----------| ^ | BL2 115 * | | | BL2 free | total 116 * | | | size | size 117 * |----------| BL2 free base v | 118 * | BL2 | | 119 * ------------ BL2 total base v 120 */ 121 unsigned long bl2_size; 122 123 bl31_mem_layout->free_base = bl2_mem_layout->total_base; 124 125 bl2_size = bl2_mem_layout->free_base - bl2_mem_layout->total_base; 126 bl31_mem_layout->free_size = bl2_mem_layout->free_size + bl2_size; 127 } 128 129 bl31_mem_layout->total_base = bl2_mem_layout->total_base; 130 bl31_mem_layout->total_size = bl2_mem_layout->total_size; 131 bl31_mem_layout->attr = load_type; 132 133 flush_dcache_range((unsigned long) bl31_mem_layout, sizeof(meminfo_t)); 134 return; 135 } 136 137 /******************************************************************************* 138 * Function that takes a memory layout into which BL2 has been either top or 139 * bottom loaded along with the address where BL2 has been loaded in it. Using 140 * this information, it populates bl2_mem_layout to tell BL2 how much memory 141 * it has access to and how much is available for use. 142 ******************************************************************************/ 143 void init_bl2_mem_layout(meminfo_t *bl1_mem_layout, 144 meminfo_t *bl2_mem_layout, 145 unsigned int load_type, 146 unsigned long bl2_base) 147 { 148 unsigned tmp; 149 150 if (load_type == BOT_LOAD) { 151 bl2_mem_layout->total_base = bl2_base; 152 tmp = bl1_mem_layout->free_base - bl2_base; 153 bl2_mem_layout->total_size = bl1_mem_layout->free_size + tmp; 154 155 } else { 156 bl2_mem_layout->total_base = bl1_mem_layout->free_base; 157 tmp = bl1_mem_layout->total_base + bl1_mem_layout->total_size; 158 bl2_mem_layout->total_size = tmp - bl1_mem_layout->free_base; 159 } 160 161 bl2_mem_layout->free_base = bl1_mem_layout->free_base; 162 bl2_mem_layout->free_size = bl1_mem_layout->free_size; 163 bl2_mem_layout->attr = load_type; 164 165 flush_dcache_range((unsigned long) bl2_mem_layout, sizeof(meminfo_t)); 166 return; 167 } 168 169 static void dump_load_info(unsigned long image_load_addr, 170 unsigned long image_size, 171 const meminfo_t *mem_layout) 172 { 173 #if DEBUG 174 printf("Trying to load image at address 0x%lx, size = 0x%lx\r\n", 175 image_load_addr, image_size); 176 printf("Current memory layout:\r\n"); 177 printf(" total region = [0x%lx, 0x%lx]\r\n", mem_layout->total_base, 178 mem_layout->total_base + mem_layout->total_size); 179 printf(" free region = [0x%lx, 0x%lx]\r\n", mem_layout->free_base, 180 mem_layout->free_base + mem_layout->free_size); 181 #endif 182 } 183 184 /* Generic function to return the size of an image */ 185 unsigned long image_size(const char *image_name) 186 { 187 uintptr_t dev_handle; 188 uintptr_t image_handle; 189 uintptr_t image_spec; 190 size_t image_size = 0; 191 int io_result = IO_FAIL; 192 193 assert(image_name != NULL); 194 195 /* Obtain a reference to the image by querying the platform layer */ 196 io_result = plat_get_image_source(image_name, &dev_handle, &image_spec); 197 if (io_result != IO_SUCCESS) { 198 WARN("Failed to obtain reference to image '%s' (%i)\n", 199 image_name, io_result); 200 return 0; 201 } 202 203 /* Attempt to access the image */ 204 io_result = io_open(dev_handle, image_spec, &image_handle); 205 if (io_result != IO_SUCCESS) { 206 WARN("Failed to access image '%s' (%i)\n", 207 image_name, io_result); 208 return 0; 209 } 210 211 /* Find the size of the image */ 212 io_result = io_size(image_handle, &image_size); 213 if ((io_result != IO_SUCCESS) || (image_size == 0)) { 214 WARN("Failed to determine the size of the image '%s' file (%i)\n", 215 image_name, io_result); 216 } 217 io_result = io_close(image_handle); 218 /* Ignore improbable/unrecoverable error in 'close' */ 219 220 /* TODO: Consider maintaining open device connection from this 221 * bootloader stage 222 */ 223 io_result = io_dev_close(dev_handle); 224 /* Ignore improbable/unrecoverable error in 'dev_close' */ 225 226 return image_size; 227 } 228 /******************************************************************************* 229 * Generic function to load an image into the trusted RAM, 230 * given a name, extents of free memory & whether the image should be loaded at 231 * the bottom or top of the free memory. It updates the memory layout if the 232 * load is successful. 233 ******************************************************************************/ 234 unsigned long load_image(meminfo_t *mem_layout, 235 const char *image_name, 236 unsigned int load_type, 237 unsigned long fixed_addr) 238 { 239 uintptr_t dev_handle; 240 uintptr_t image_handle; 241 uintptr_t image_spec; 242 unsigned long temp_image_base = 0; 243 unsigned long image_base = 0; 244 long offset = 0; 245 size_t image_size = 0; 246 size_t bytes_read = 0; 247 int io_result = IO_FAIL; 248 249 assert(mem_layout != NULL); 250 assert(image_name != NULL); 251 252 /* Obtain a reference to the image by querying the platform layer */ 253 io_result = plat_get_image_source(image_name, &dev_handle, &image_spec); 254 if (io_result != IO_SUCCESS) { 255 WARN("Failed to obtain reference to image '%s' (%i)\n", 256 image_name, io_result); 257 return 0; 258 } 259 260 /* Attempt to access the image */ 261 io_result = io_open(dev_handle, image_spec, &image_handle); 262 if (io_result != IO_SUCCESS) { 263 WARN("Failed to access image '%s' (%i)\n", 264 image_name, io_result); 265 return 0; 266 } 267 268 /* Find the size of the image */ 269 io_result = io_size(image_handle, &image_size); 270 if ((io_result != IO_SUCCESS) || (image_size == 0)) { 271 WARN("Failed to determine the size of the image '%s' file (%i)\n", 272 image_name, io_result); 273 goto fail; 274 } 275 276 /* See if we have enough space */ 277 if (image_size > mem_layout->free_size) { 278 WARN("Cannot load '%s' file: Not enough space.\n", 279 image_name); 280 dump_load_info(0, image_size, mem_layout); 281 goto fail; 282 } 283 284 switch (load_type) { 285 286 case TOP_LOAD: 287 288 /* Load the image in the top of free memory */ 289 temp_image_base = mem_layout->free_base + mem_layout->free_size; 290 temp_image_base -= image_size; 291 292 /* Page align base address and check whether the image still fits */ 293 image_base = page_align(temp_image_base, DOWN); 294 assert(image_base <= temp_image_base); 295 296 if (image_base < mem_layout->free_base) { 297 WARN("Cannot load '%s' file: Not enough space.\n", 298 image_name); 299 dump_load_info(image_base, image_size, mem_layout); 300 goto fail; 301 } 302 303 /* Calculate the amount of extra memory used due to alignment */ 304 offset = temp_image_base - image_base; 305 306 break; 307 308 case BOT_LOAD: 309 310 /* Load the BL2 image in the bottom of free memory */ 311 temp_image_base = mem_layout->free_base; 312 image_base = page_align(temp_image_base, UP); 313 assert(image_base >= temp_image_base); 314 315 /* Page align base address and check whether the image still fits */ 316 if (image_base + image_size > 317 mem_layout->free_base + mem_layout->free_size) { 318 WARN("Cannot load '%s' file: Not enough space.\n", 319 image_name); 320 dump_load_info(image_base, image_size, mem_layout); 321 goto fail; 322 } 323 324 /* Calculate the amount of extra memory used due to alignment */ 325 offset = image_base - temp_image_base; 326 327 break; 328 329 default: 330 assert(0); 331 332 } 333 334 /* 335 * Some images must be loaded at a fixed address, not a dynamic one. 336 * 337 * This has been implemented as a hack on top of the existing dynamic 338 * loading mechanism, for the time being. If the 'fixed_addr' function 339 * argument is different from zero, then it will force the load address. 340 * So we still have this principle of top/bottom loading but the code 341 * determining the load address is bypassed and the load address is 342 * forced to the fixed one. 343 * 344 * This can result in quite a lot of wasted space because we still use 345 * 1 sole meminfo structure to represent the extents of free memory, 346 * where we should use some sort of linked list. 347 * 348 * E.g. we want to load BL2 at address 0x04020000, the resulting memory 349 * layout should look as follows: 350 * ------------ 0x04040000 351 * | | <- Free space (1) 352 * |----------| 353 * | BL2 | 354 * |----------| 0x04020000 355 * | | <- Free space (2) 356 * |----------| 357 * | BL1 | 358 * ------------ 0x04000000 359 * 360 * But in the current hacky implementation, we'll need to specify 361 * whether BL2 is loaded at the top or bottom of the free memory. 362 * E.g. if BL2 is considered as top-loaded, the meminfo structure 363 * will give the following view of the memory, hiding the chunk of 364 * free memory above BL2: 365 * ------------ 0x04040000 366 * | | 367 * | | 368 * | BL2 | 369 * |----------| 0x04020000 370 * | | <- Free space (2) 371 * |----------| 372 * | BL1 | 373 * ------------ 0x04000000 374 */ 375 if (fixed_addr != 0) { 376 /* Load the image at the given address. */ 377 image_base = fixed_addr; 378 379 /* Check whether the image fits. */ 380 if ((image_base < mem_layout->free_base) || 381 (image_base + image_size > 382 mem_layout->free_base + mem_layout->free_size)) { 383 WARN("Cannot load '%s' file: Not enough space.\n", 384 image_name); 385 dump_load_info(image_base, image_size, mem_layout); 386 goto fail; 387 } 388 389 /* Check whether the fixed load address is page-aligned. */ 390 if (!is_page_aligned(image_base)) { 391 WARN("Cannot load '%s' file at unaligned address 0x%lx\n", 392 image_name, fixed_addr); 393 goto fail; 394 } 395 396 /* 397 * Calculate the amount of extra memory used due to fixed 398 * loading. 399 */ 400 if (load_type == TOP_LOAD) { 401 unsigned long max_addr, space_used; 402 /* 403 * ------------ max_addr 404 * | /wasted/ | | offset 405 * |..........|.............................. 406 * | image | | image_flen 407 * |----------| fixed_addr 408 * | | 409 * | | 410 * ------------ total_base 411 */ 412 max_addr = mem_layout->total_base + mem_layout->total_size; 413 /* 414 * Compute the amount of memory used by the image. 415 * Corresponds to all space above the image load 416 * address. 417 */ 418 space_used = max_addr - fixed_addr; 419 /* 420 * Calculate the amount of wasted memory within the 421 * amount of memory used by the image. 422 */ 423 offset = space_used - image_size; 424 } else /* BOT_LOAD */ 425 /* 426 * ------------ 427 * | | 428 * | | 429 * |----------| 430 * | image | 431 * |..........| fixed_addr 432 * | /wasted/ | | offset 433 * ------------ total_base 434 */ 435 offset = fixed_addr - mem_layout->total_base; 436 } 437 438 /* We have enough space so load the image now */ 439 /* TODO: Consider whether to try to recover/retry a partially successful read */ 440 io_result = io_read(image_handle, image_base, image_size, &bytes_read); 441 if ((io_result != IO_SUCCESS) || (bytes_read < image_size)) { 442 WARN("Failed to load '%s' file (%i)\n", image_name, io_result); 443 goto fail; 444 } 445 446 /* 447 * File has been successfully loaded. Update the free memory 448 * data structure & flush the contents of the TZRAM so that 449 * the next EL can see it. 450 */ 451 /* Update the memory contents */ 452 flush_dcache_range(image_base, image_size); 453 454 mem_layout->free_size -= image_size + offset; 455 456 /* Update the base of free memory since its moved up */ 457 if (load_type == BOT_LOAD) 458 mem_layout->free_base += offset + image_size; 459 460 exit: 461 io_result = io_close(image_handle); 462 /* Ignore improbable/unrecoverable error in 'close' */ 463 464 /* TODO: Consider maintaining open device connection from this bootloader stage */ 465 io_result = io_dev_close(dev_handle); 466 /* Ignore improbable/unrecoverable error in 'dev_close' */ 467 468 return image_base; 469 470 fail: image_base = 0; 471 goto exit; 472 } 473