xref: /rk3399_ARM-atf/plat/arm/common/arm_bl31_setup.c (revision 6c2e5bf68955cdcce18fbd32697692e352e3c34c) 
1 /*
2  * Copyright (c) 2015-2025, Arm Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include <assert.h>
8 
9 #include <arch.h>
10 #include <arch_features.h>
11 #include <arch_helpers.h>
12 #include <common/bl_common.h>
13 #include <common/debug.h>
14 #include <drivers/console.h>
15 #include <lib/debugfs.h>
16 #include <lib/extensions/ras.h>
17 #include <lib/fconf/fconf.h>
18 #include <lib/gpt_rme/gpt_rme.h>
19 #include <lib/mmio.h>
20 #if TRANSFER_LIST
21 #include <transfer_list.h>
22 #endif
23 #include <lib/xlat_tables/xlat_tables_compat.h>
24 #include <plat/arm/common/plat_arm.h>
25 #include <plat/common/platform.h>
26 #include <platform_def.h>
27 
28 struct transfer_list_header *secure_tl;
29 struct transfer_list_header *ns_tl __unused;
30 
31 #if USE_GIC_DRIVER == 3
32 uintptr_t arm_gicr_base_addrs[2] = {
33 	PLAT_ARM_GICR_BASE,	/* GICR Base address of the primary CPU */
34 	0U			/* Zero Termination */
35 };
36 #endif
37 
38 /*
39  * Placeholder variables for copying the arguments that have been passed to
40  * BL31 from BL2.
41  */
42 static entry_point_info_t bl32_image_ep_info;
43 static entry_point_info_t bl33_image_ep_info;
44 
45 #if ENABLE_RME
46 static entry_point_info_t rmm_image_ep_info;
47 #if (RME_GPT_BITLOCK_BLOCK == 0)
48 #define BITLOCK_BASE	UL(0)
49 #define BITLOCK_SIZE	UL(0)
50 #else
51 /*
52  * Number of bitlock_t entries in bitlocks array for PLAT_ARM_PPS
53  * with RME_GPT_BITLOCK_BLOCK * 512MB per bitlock.
54  */
55 #if (PLAT_ARM_PPS > (RME_GPT_BITLOCK_BLOCK * SZ_512M * UL(8)))
56 #define BITLOCKS_NUM	(PLAT_ARM_PPS) /	\
57 			(RME_GPT_BITLOCK_BLOCK * SZ_512M * UL(8))
58 #else
59 #define BITLOCKS_NUM	U(1)
60 #endif
61 /*
62  * Bitlocks array
63  */
64 static bitlock_t gpt_bitlock[BITLOCKS_NUM];
65 #define BITLOCK_BASE	(uintptr_t)gpt_bitlock
66 #define BITLOCK_SIZE	sizeof(gpt_bitlock)
67 #endif /* RME_GPT_BITLOCK_BLOCK */
68 #endif /* ENABLE_RME */
69 
70 #if !RESET_TO_BL31
71 /*
72  * Check that BL31_BASE is above ARM_FW_CONFIG_LIMIT. The reserved page
73  * is required for SOC_FW_CONFIG/TOS_FW_CONFIG passed from BL2.
74  */
75 #if TRANSFER_LIST
76 CASSERT(BL31_BASE >= PLAT_ARM_EL3_FW_HANDOFF_LIMIT, assert_bl31_base_overflows);
77 #else
78 CASSERT(BL31_BASE >= ARM_FW_CONFIG_LIMIT, assert_bl31_base_overflows);
79 #endif /* TRANSFER_LIST */
80 #endif /* RESET_TO_BL31 */
81 
82 /* Weak definitions may be overridden in specific ARM standard platform */
83 #pragma weak bl31_early_platform_setup2
84 #pragma weak bl31_platform_setup
85 #pragma weak bl31_plat_arch_setup
86 #pragma weak bl31_plat_get_next_image_ep_info
87 #pragma weak bl31_plat_runtime_setup
88 
89 #define MAP_BL31_TOTAL		MAP_REGION_FLAT(			\
90 					BL31_START,			\
91 					BL31_END - BL31_START,		\
92 					MT_MEMORY | MT_RW | EL3_PAS)
93 #if RECLAIM_INIT_CODE
94 IMPORT_SYM(unsigned long, __INIT_CODE_START__, BL_INIT_CODE_BASE);
95 IMPORT_SYM(unsigned long, __INIT_CODE_END__, BL_CODE_END_UNALIGNED);
96 IMPORT_SYM(unsigned long, __STACKS_END__, BL_STACKS_END_UNALIGNED);
97 
98 #define	BL_INIT_CODE_END	((BL_CODE_END_UNALIGNED + PAGE_SIZE - 1) & \
99 					~(PAGE_SIZE - 1))
100 #define	BL_STACKS_END		((BL_STACKS_END_UNALIGNED + PAGE_SIZE - 1) & \
101 					~(PAGE_SIZE - 1))
102 
103 #define MAP_BL_INIT_CODE	MAP_REGION_FLAT(			\
104 					BL_INIT_CODE_BASE,		\
105 					BL_INIT_CODE_END		\
106 						- BL_INIT_CODE_BASE,	\
107 					MT_CODE | EL3_PAS)
108 #endif
109 
110 #if SEPARATE_NOBITS_REGION
111 #define MAP_BL31_NOBITS		MAP_REGION_FLAT(			\
112 					BL31_NOBITS_BASE,		\
113 					BL31_NOBITS_LIMIT 		\
114 						- BL31_NOBITS_BASE,	\
115 					MT_MEMORY | MT_RW | EL3_PAS)
116 
117 #endif
118 /*******************************************************************************
119  * Return a pointer to the 'entry_point_info' structure of the next image for the
120  * security state specified. BL33 corresponds to the non-secure image type
121  * while BL32 corresponds to the secure image type. A NULL pointer is returned
122  * if the image does not exist.
123  ******************************************************************************/
124 struct entry_point_info *bl31_plat_get_next_image_ep_info(uint32_t type)
125 {
126 	entry_point_info_t *next_image_info;
127 
128 	assert(sec_state_is_valid(type));
129 	if (type == NON_SECURE) {
130 #if TRANSFER_LIST && !RESET_TO_BL31
131 		next_image_info = transfer_list_set_handoff_args(
132 			ns_tl, &bl33_image_ep_info);
133 #else
134 		next_image_info = &bl33_image_ep_info;
135 #endif
136 	}
137 #if ENABLE_RME
138 	else if (type == REALM) {
139 		next_image_info = &rmm_image_ep_info;
140 	}
141 #endif
142 	else {
143 #if TRANSFER_LIST && !RESET_TO_BL31
144 		next_image_info = transfer_list_set_handoff_args(
145 			secure_tl, &bl32_image_ep_info);
146 #else
147 		next_image_info = &bl32_image_ep_info;
148 #endif
149 	}
150 
151 	/*
152 	 * None of the images on the ARM development platforms can have 0x0
153 	 * as the entrypoint
154 	 */
155 	if (next_image_info->pc)
156 		return next_image_info;
157 	else
158 		return NULL;
159 }
160 
161 /*******************************************************************************
162  * Perform any BL31 early platform setup common to ARM standard platforms.
163  * Here is an opportunity to copy parameters passed by the calling EL (S-EL1
164  * in BL2 & EL3 in BL1) before they are lost (potentially). This needs to be
165  * done before the MMU is initialized so that the memory layout can be used
166  * while creating page tables. BL2 has flushed this information to memory, so
167  * we are guaranteed to pick up good data.
168  ******************************************************************************/
169 void __init arm_bl31_early_platform_setup(u_register_t arg0, u_register_t arg1,
170 					  u_register_t arg2, u_register_t arg3)
171 {
172 #if TRANSFER_LIST
173 #if RESET_TO_BL31
174 	/* Populate entry point information for BL33 */
175 	SET_PARAM_HEAD(&bl33_image_ep_info, PARAM_EP, VERSION_1, 0);
176 	/*
177 	 * Tell BL31 where the non-trusted software image
178 	 * is located and the entry state information
179 	 */
180 	bl33_image_ep_info.pc = plat_get_ns_image_entrypoint();
181 
182 	bl33_image_ep_info.spsr = arm_get_spsr(BL33_IMAGE_ID);
183 	SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE);
184 
185 	bl33_image_ep_info.args.arg0 = PLAT_ARM_TRANSFER_LIST_DTB_OFFSET;
186 	bl33_image_ep_info.args.arg1 =
187 		TRANSFER_LIST_HANDOFF_X1_VALUE(REGISTER_CONVENTION_VERSION);
188 	bl33_image_ep_info.args.arg3 = FW_NS_HANDOFF_BASE;
189 #else
190 	struct transfer_list_entry *te = NULL;
191 	struct entry_point_info *ep;
192 
193 	secure_tl = (struct transfer_list_header *)arg3;
194 
195 	/*
196 	 * Populate the global entry point structures used to execute subsequent
197 	 * images.
198 	 */
199 	while ((te = transfer_list_next(secure_tl, te)) != NULL) {
200 		ep = transfer_list_entry_data(te);
201 
202 		if (te->tag_id == TL_TAG_EXEC_EP_INFO64) {
203 			switch (GET_SECURITY_STATE(ep->h.attr)) {
204 			case NON_SECURE:
205 				bl33_image_ep_info = *ep;
206 				break;
207 #if ENABLE_RME
208 			case REALM:
209 				rmm_image_ep_info = *ep;
210 				break;
211 #endif
212 			case SECURE:
213 				bl32_image_ep_info = *ep;
214 				break;
215 			default:
216 				ERROR("Unrecognized Image Security State %lu\n",
217 				      GET_SECURITY_STATE(ep->h.attr));
218 				panic();
219 			}
220 		}
221 	}
222 #endif /* RESET_TO_BL31 */
223 #else /* (!TRANSFER_LIST) */
224 #if RESET_TO_BL31
225 	/* If BL31 is a reset vector, the parameters must be ignored */
226 	(void)arg0;
227 	(void)arg1;
228 	(void)arg2;
229 	(void)arg3;
230 
231 # ifdef BL32_BASE
232 	/* Populate entry point information for BL32 */
233 	SET_PARAM_HEAD(&bl32_image_ep_info,
234 				PARAM_EP,
235 				VERSION_1,
236 				0);
237 	SET_SECURITY_STATE(bl32_image_ep_info.h.attr, SECURE);
238 	bl32_image_ep_info.pc = BL32_BASE;
239 	bl32_image_ep_info.spsr = arm_get_spsr(BL32_IMAGE_ID);
240 
241 #if defined(SPD_spmd)
242 	bl32_image_ep_info.args.arg0 = ARM_SPMC_MANIFEST_BASE;
243 #endif
244 
245 # endif /* BL32_BASE */
246 
247 	/* Populate entry point information for BL33 */
248 	SET_PARAM_HEAD(&bl33_image_ep_info,
249 				PARAM_EP,
250 				VERSION_1,
251 				0);
252 	/*
253 	 * Tell BL31 where the non-trusted software image
254 	 * is located and the entry state information
255 	 */
256 	bl33_image_ep_info.pc = plat_get_ns_image_entrypoint();
257 	bl33_image_ep_info.spsr = arm_get_spsr(BL33_IMAGE_ID);
258 	SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE);
259 
260 #if ENABLE_RME
261 	/*
262 	 * Populate entry point information for RMM.
263 	 * Only PC needs to be set as other fields are determined by RMMD.
264 	 */
265 	rmm_image_ep_info.pc = RMM_BASE;
266 #endif /* ENABLE_RME */
267 #else /* RESET_TO_BL31 */
268 	/*
269 	 * In debug builds, we pass a special value in 'arg3'
270 	 * to verify platform parameters from BL2 to BL31.
271 	 * In release builds, it's not used.
272 	 */
273 #if DEBUG
274 	assert(((uintptr_t)arg3) == ARM_BL31_PLAT_PARAM_VAL);
275 #endif
276 
277 	/*
278 	 * Check params passed from BL2 should not be NULL,
279 	 */
280 	bl_params_t *params_from_bl2 = (bl_params_t *)(uintptr_t)arg0;
281 	assert(params_from_bl2 != NULL);
282 	assert(params_from_bl2->h.type == PARAM_BL_PARAMS);
283 	assert(params_from_bl2->h.version >= VERSION_2);
284 
285 	bl_params_node_t *bl_params = params_from_bl2->head;
286 
287 	/*
288 	 * Copy BL33, BL32 and RMM (if present), entry point information.
289 	 * They are stored in Secure RAM, in BL2's address space.
290 	 */
291 	while (bl_params != NULL) {
292 		if (bl_params->image_id == BL32_IMAGE_ID) {
293 			bl32_image_ep_info = *bl_params->ep_info;
294 #if SPMC_AT_EL3
295 			/*
296 			 * Populate the BL32 image base, size and max limit in
297 			 * the entry point information, since there is no
298 			 * platform function to retrieve them in generic
299 			 * code. We choose arg2, arg3 and arg4 since the generic
300 			 * code uses arg1 for stashing the SP manifest size. The
301 			 * SPMC setup uses these arguments to update SP manifest
302 			 * with actual SP's base address and it size.
303 			 */
304 			bl32_image_ep_info.args.arg2 =
305 				bl_params->image_info->image_base;
306 			bl32_image_ep_info.args.arg3 =
307 				bl_params->image_info->image_size;
308 			bl32_image_ep_info.args.arg4 =
309 				bl_params->image_info->image_base +
310 				bl_params->image_info->image_max_size;
311 #endif
312 		}
313 #if ENABLE_RME
314 		else if (bl_params->image_id == RMM_IMAGE_ID) {
315 			rmm_image_ep_info = *bl_params->ep_info;
316 		}
317 #endif
318 		else if (bl_params->image_id == BL33_IMAGE_ID) {
319 			bl33_image_ep_info = *bl_params->ep_info;
320 		}
321 
322 		bl_params = bl_params->next_params_info;
323 	}
324 
325 	if (bl33_image_ep_info.pc == 0U)
326 		panic();
327 #if ENABLE_RME
328 	if (rmm_image_ep_info.pc == 0U)
329 		panic();
330 #endif
331 #endif /* RESET_TO_BL31 */
332 
333 #if USE_KERNEL_DT_CONVENTION
334 	/*
335 	 * Only use the default DT base address if TF-A has not supplied one.
336 	 * This can occur when the DT is side-loaded and its memory location
337 	 * is unknown (e.g., RESET_TO_BL31).
338 	 */
339 
340 	if (bl33_image_ep_info.args.arg0 == 0U) {
341 		bl33_image_ep_info.args.arg0 = HW_CONFIG_BASE;
342 	}
343 
344 #if ARM_LINUX_KERNEL_AS_BL33
345 	bl33_image_ep_info.args.arg1 = 0U;
346 	bl33_image_ep_info.args.arg2 = 0U;
347 	bl33_image_ep_info.args.arg3 = 0U;
348 #endif
349 #endif
350 #endif /* TRANSFER_LIST */
351 }
352 
353 void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1,
354 		u_register_t arg2, u_register_t arg3)
355 {
356 	/* Initialize the console to provide early debug support */
357 	arm_console_boot_init();
358 
359 	arm_bl31_early_platform_setup(arg0, arg1, arg2, arg3);
360 
361 #if !HW_ASSISTED_COHERENCY
362 	/*
363 	 * Initialize Interconnect for this cluster during cold boot.
364 	 * No need for locks as no other CPU is active.
365 	 */
366 	plat_arm_interconnect_init();
367 
368 	/*
369 	 * Enable Interconnect coherency for the primary CPU's cluster.
370 	 * Earlier bootloader stages might already do this (e.g. Trusted
371 	 * Firmware's BL1 does it) but we can't assume so. There is no harm in
372 	 * executing this code twice anyway.
373 	 * Platform specific PSCI code will enable coherency for other
374 	 * clusters.
375 	 */
376 	plat_arm_interconnect_enter_coherency();
377 #endif
378 }
379 
380 /*******************************************************************************
381  * Perform any BL31 platform setup common to ARM standard platforms
382  ******************************************************************************/
383 void arm_bl31_platform_setup(void)
384 {
385 	struct transfer_list_entry *te __unused;
386 
387 #if TRANSFER_LIST && !RESET_TO_BL31
388 	ns_tl = transfer_list_init((void *)FW_NS_HANDOFF_BASE,
389 				   PLAT_ARM_FW_HANDOFF_SIZE);
390 	if (ns_tl == NULL) {
391 		ERROR("Non-secure transfer list initialisation failed!\n");
392 		panic();
393 	}
394 	/* BL31 may modify the HW_CONFIG so defer copying it until later. */
395 	te = transfer_list_find(secure_tl, TL_TAG_FDT);
396 	assert(te != NULL);
397 
398 	/*
399 	 * A pre-existing assumption is that FCONF is unsupported w/ RESET_TO_BL2 and
400 	 * RESET_TO_BL31. In the case of RESET_TO_BL31 this makes sense because there
401 	 * isn't a prior stage to load the device tree, but the reasoning for RESET_TO_BL2 is
402 	 * less clear. For the moment hardware properties that would normally be
403 	 * derived from the DT are statically defined.
404 	 */
405 #if !RESET_TO_BL2
406 	fconf_populate("HW_CONFIG", (uintptr_t)transfer_list_entry_data(te));
407 #endif
408 
409 	te = transfer_list_add(ns_tl, TL_TAG_FDT, te->data_size,
410 			       transfer_list_entry_data(te));
411 	assert(te != NULL);
412 
413 	te = transfer_list_find(secure_tl, TL_TAG_TPM_EVLOG);
414 	if (te != NULL) {
415 		te = transfer_list_add(ns_tl, TL_TAG_TPM_EVLOG, te->data_size,
416 				  transfer_list_entry_data(te));
417 		if (te == NULL) {
418 			ERROR("Failed to load event log in Non-Secure transfer list\n");
419 			panic();
420 		}
421 	}
422 #endif /* TRANSFER_LIST && !RESET_TO_BL31 */
423 
424 #if RESET_TO_BL31
425 	/*
426 	 * Do initial security configuration to allow DRAM/device access
427 	 * (if earlier BL has not already done so).
428 	 */
429 	plat_arm_security_setup();
430 
431 #if defined(PLAT_ARM_MEM_PROT_ADDR)
432 	arm_nor_psci_do_dyn_mem_protect();
433 #endif /* PLAT_ARM_MEM_PROT_ADDR */
434 
435 #endif /* RESET_TO_BL31 */
436 
437 	/* Enable and initialize the System level generic timer */
438 	mmio_write_32(ARM_SYS_CNTCTL_BASE + CNTCR_OFF,
439 			CNTCR_FCREQ(0U) | CNTCR_EN);
440 
441 	/* Allow access to the System counter timer module */
442 	arm_configure_sys_timer();
443 
444 	/* Initialize power controller before setting up topology */
445 	plat_arm_pwrc_setup();
446 
447 #if ENABLE_FEAT_RAS && FFH_SUPPORT
448 	ras_init();
449 #endif
450 
451 #if USE_DEBUGFS
452 	debugfs_init();
453 #endif /* USE_DEBUGFS */
454 }
455 
456 /*******************************************************************************
457  * Perform any BL31 platform runtime setup prior to BL31 exit common to ARM
458  * standard platforms
459  ******************************************************************************/
460 void arm_bl31_plat_runtime_setup(void)
461 {
462 	struct transfer_list_entry *te __unused;
463 	/* Initialize the runtime console */
464 	arm_console_runtime_init();
465 
466 #if TRANSFER_LIST && !RESET_TO_BL31
467 	/*
468 	 * We assume BL31 has added all TE's required by BL33 at this stage, ensure
469 	 * that data is visible to all observers by performing a flush operation, so
470 	 * they can access the updated data even if caching is not enabled.
471 	 */
472 	flush_dcache_range((uintptr_t)ns_tl, ns_tl->size);
473 #endif /* TRANSFER_LIST && !RESET_TO_BL31 */
474 
475 #if RECLAIM_INIT_CODE
476 	arm_free_init_memory();
477 #endif
478 
479 #if PLAT_RO_XLAT_TABLES
480 	arm_xlat_make_tables_readonly();
481 #endif
482 }
483 
484 #if RECLAIM_INIT_CODE
485 /*
486  * Make memory for image boot time code RW to reclaim it as stack for the
487  * secondary cores, or RO where it cannot be reclaimed:
488  *
489  *            |-------- INIT SECTION --------|
490  *  -----------------------------------------
491  * |  CORE 0  |  CORE 1  |  CORE 2  | EXTRA  |
492  * |  STACK   |  STACK   |  STACK   | SPACE  |
493  *  -----------------------------------------
494  *             <-------------------> <------>
495  *                MAKE RW AND XN       MAKE
496  *                  FOR STACKS       RO AND XN
497  */
498 void arm_free_init_memory(void)
499 {
500 	int ret = 0;
501 
502 	if (BL_STACKS_END < BL_INIT_CODE_END) {
503 		/* Reclaim some of the init section as stack if possible. */
504 		if (BL_INIT_CODE_BASE < BL_STACKS_END) {
505 			ret |= xlat_change_mem_attributes(BL_INIT_CODE_BASE,
506 					BL_STACKS_END - BL_INIT_CODE_BASE,
507 					MT_RW_DATA);
508 		}
509 		/* Make the rest of the init section read-only. */
510 		ret |= xlat_change_mem_attributes(BL_STACKS_END,
511 				BL_INIT_CODE_END - BL_STACKS_END,
512 				MT_RO_DATA);
513 	} else {
514 		/* The stacks cover the init section, so reclaim it all. */
515 		ret |= xlat_change_mem_attributes(BL_INIT_CODE_BASE,
516 				BL_INIT_CODE_END - BL_INIT_CODE_BASE,
517 				MT_RW_DATA);
518 	}
519 
520 	if (ret != 0) {
521 		ERROR("Could not reclaim initialization code");
522 		panic();
523 	}
524 }
525 #endif
526 
527 void __init bl31_platform_setup(void)
528 {
529 	arm_bl31_platform_setup();
530 
531 #if USE_GIC_DRIVER == 3
532 	gic_set_gicr_frames(arm_gicr_base_addrs);
533 #endif
534 }
535 
536 void bl31_plat_runtime_setup(void)
537 {
538 	arm_bl31_plat_runtime_setup();
539 }
540 
541 /*******************************************************************************
542  * Perform the very early platform specific architectural setup shared between
543  * ARM standard platforms. This only does basic initialization. Later
544  * architectural setup (bl31_arch_setup()) does not do anything platform
545  * specific.
546  ******************************************************************************/
547 void __init arm_bl31_plat_arch_setup(void)
548 {
549 	const mmap_region_t bl_regions[] = {
550 		MAP_BL31_TOTAL,
551 #if ENABLE_RME
552 		ARM_MAP_L0_GPT_REGION,
553 #endif
554 #if RECLAIM_INIT_CODE
555 		MAP_BL_INIT_CODE,
556 #endif
557 #if SEPARATE_NOBITS_REGION
558 		MAP_BL31_NOBITS,
559 #endif
560 		ARM_MAP_BL_RO,
561 #if USE_ROMLIB
562 		ARM_MAP_ROMLIB_CODE,
563 		ARM_MAP_ROMLIB_DATA,
564 #endif
565 #if USE_COHERENT_MEM
566 		ARM_MAP_BL_COHERENT_RAM,
567 #endif
568 		{0}
569 	};
570 
571 	setup_page_tables(bl_regions, plat_arm_get_mmap());
572 
573 	enable_mmu_el3(0);
574 
575 #if ENABLE_RME
576 #if RESET_TO_BL31
577 	/*  initialize GPT only when RME is enabled. */
578 	assert(is_feat_rme_present());
579 
580 	/* Initialise and enable granule protection after MMU. */
581 	arm_gpt_setup();
582 #endif /* RESET_TO_BL31 */
583 	/*
584 	 * Initialise Granule Protection library and enable GPC for the primary
585 	 * processor. The tables have already been initialized by a previous BL
586 	 * stage, so there is no need to provide any PAS here. This function
587 	 * sets up pointers to those tables.
588 	 */
589 	if (gpt_runtime_init(BITLOCK_BASE, BITLOCK_SIZE) < 0) {
590 		ERROR("gpt_runtime_init() failed!\n");
591 		panic();
592 	}
593 #endif /* ENABLE_RME */
594 
595 	arm_setup_romlib();
596 }
597 
598 void __init bl31_plat_arch_setup(void)
599 {
600 	arm_bl31_plat_arch_setup();
601 }
602