1 /* 2 * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 9 #include <arch.h> 10 #include <arch_helpers.h> 11 #include <common/bl_common.h> 12 #include <common/debug.h> 13 #include <drivers/console.h> 14 #include <lib/debugfs.h> 15 #include <lib/extensions/ras.h> 16 #include <lib/fconf/fconf.h> 17 #include <lib/gpt_rme/gpt_rme.h> 18 #include <lib/mmio.h> 19 #if TRANSFER_LIST 20 #include <lib/transfer_list.h> 21 #endif 22 #include <lib/xlat_tables/xlat_tables_compat.h> 23 #include <plat/arm/common/plat_arm.h> 24 #include <plat/common/platform.h> 25 #include <platform_def.h> 26 27 static struct transfer_list_header *secure_tl __unused; 28 /* 29 * Placeholder variables for copying the arguments that have been passed to 30 * BL31 from BL2. 31 */ 32 static entry_point_info_t bl32_image_ep_info; 33 static entry_point_info_t bl33_image_ep_info; 34 #if ENABLE_RME 35 static entry_point_info_t rmm_image_ep_info; 36 #endif 37 38 #if !RESET_TO_BL31 39 /* 40 * Check that BL31_BASE is above ARM_FW_CONFIG_LIMIT. The reserved page 41 * is required for SOC_FW_CONFIG/TOS_FW_CONFIG passed from BL2. 42 */ 43 #if TRANSFER_LIST 44 CASSERT(BL31_BASE >= PLAT_ARM_EL3_FW_HANDOFF_LIMIT, assert_bl31_base_overflows); 45 #else 46 CASSERT(BL31_BASE >= ARM_FW_CONFIG_LIMIT, assert_bl31_base_overflows); 47 #endif /* TRANSFER_LIST */ 48 #endif /* RESET_TO_BL31 */ 49 50 /* Weak definitions may be overridden in specific ARM standard platform */ 51 #pragma weak bl31_early_platform_setup2 52 #pragma weak bl31_platform_setup 53 #pragma weak bl31_plat_arch_setup 54 #pragma weak bl31_plat_get_next_image_ep_info 55 #pragma weak bl31_plat_runtime_setup 56 57 #define MAP_BL31_TOTAL MAP_REGION_FLAT( \ 58 BL31_START, \ 59 BL31_END - BL31_START, \ 60 MT_MEMORY | MT_RW | EL3_PAS) 61 #if RECLAIM_INIT_CODE 62 IMPORT_SYM(unsigned long, __INIT_CODE_START__, BL_INIT_CODE_BASE); 63 IMPORT_SYM(unsigned long, __INIT_CODE_END__, BL_CODE_END_UNALIGNED); 64 IMPORT_SYM(unsigned long, __STACKS_END__, BL_STACKS_END_UNALIGNED); 65 66 #define BL_INIT_CODE_END ((BL_CODE_END_UNALIGNED + PAGE_SIZE - 1) & \ 67 ~(PAGE_SIZE - 1)) 68 #define BL_STACKS_END ((BL_STACKS_END_UNALIGNED + PAGE_SIZE - 1) & \ 69 ~(PAGE_SIZE - 1)) 70 71 #define MAP_BL_INIT_CODE MAP_REGION_FLAT( \ 72 BL_INIT_CODE_BASE, \ 73 BL_INIT_CODE_END \ 74 - BL_INIT_CODE_BASE, \ 75 MT_CODE | EL3_PAS) 76 #endif 77 78 #if SEPARATE_NOBITS_REGION 79 #define MAP_BL31_NOBITS MAP_REGION_FLAT( \ 80 BL31_NOBITS_BASE, \ 81 BL31_NOBITS_LIMIT \ 82 - BL31_NOBITS_BASE, \ 83 MT_MEMORY | MT_RW | EL3_PAS) 84 85 #endif 86 /******************************************************************************* 87 * Return a pointer to the 'entry_point_info' structure of the next image for the 88 * security state specified. BL33 corresponds to the non-secure image type 89 * while BL32 corresponds to the secure image type. A NULL pointer is returned 90 * if the image does not exist. 91 ******************************************************************************/ 92 struct entry_point_info *bl31_plat_get_next_image_ep_info(uint32_t type) 93 { 94 entry_point_info_t *next_image_info; 95 96 assert(sec_state_is_valid(type)); 97 if (type == NON_SECURE) { 98 next_image_info = &bl33_image_ep_info; 99 } 100 #if ENABLE_RME 101 else if (type == REALM) { 102 next_image_info = &rmm_image_ep_info; 103 } 104 #endif 105 else { 106 next_image_info = &bl32_image_ep_info; 107 } 108 109 /* 110 * None of the images on the ARM development platforms can have 0x0 111 * as the entrypoint 112 */ 113 if (next_image_info->pc) 114 return next_image_info; 115 else 116 return NULL; 117 } 118 119 /******************************************************************************* 120 * Perform any BL31 early platform setup common to ARM standard platforms. 121 * Here is an opportunity to copy parameters passed by the calling EL (S-EL1 122 * in BL2 & EL3 in BL1) before they are lost (potentially). This needs to be 123 * done before the MMU is initialized so that the memory layout can be used 124 * while creating page tables. BL2 has flushed this information to memory, so 125 * we are guaranteed to pick up good data. 126 ******************************************************************************/ 127 #if TRANSFER_LIST 128 void __init arm_bl31_early_platform_setup(u_register_t arg0, u_register_t arg1, 129 u_register_t arg2, u_register_t arg3) 130 { 131 struct transfer_list_entry *te = NULL; 132 struct entry_point_info *ep; 133 134 secure_tl = (struct transfer_list_header *)arg3; 135 136 /* 137 * Populate the global entry point structures used to execute subsequent 138 * images. 139 */ 140 while ((te = transfer_list_next(secure_tl, te)) != NULL) { 141 ep = transfer_list_entry_data(te); 142 143 if (te->tag_id == TL_TAG_EXEC_EP_INFO64) { 144 switch (GET_SECURITY_STATE(ep->h.attr)) { 145 case NON_SECURE: 146 bl33_image_ep_info = *ep; 147 break; 148 #if ENABLE_RME 149 case REALM: 150 rmm_image_ep_info = *ep; 151 break; 152 #endif 153 case SECURE: 154 bl32_image_ep_info = *ep; 155 break; 156 default: 157 ERROR("Unrecognized Image Security State %lu\n", 158 GET_SECURITY_STATE(ep->h.attr)); 159 panic(); 160 } 161 } 162 } 163 } 164 #else 165 void __init arm_bl31_early_platform_setup(void *from_bl2, uintptr_t soc_fw_config, 166 uintptr_t hw_config, void *plat_params_from_bl2) 167 { 168 /* Initialize the console to provide early debug support */ 169 arm_console_boot_init(); 170 171 #if RESET_TO_BL31 172 /* There are no parameters from BL2 if BL31 is a reset vector */ 173 assert(from_bl2 == NULL); 174 assert(plat_params_from_bl2 == NULL); 175 176 # ifdef BL32_BASE 177 /* Populate entry point information for BL32 */ 178 SET_PARAM_HEAD(&bl32_image_ep_info, 179 PARAM_EP, 180 VERSION_1, 181 0); 182 SET_SECURITY_STATE(bl32_image_ep_info.h.attr, SECURE); 183 bl32_image_ep_info.pc = BL32_BASE; 184 bl32_image_ep_info.spsr = arm_get_spsr_for_bl32_entry(); 185 186 #if defined(SPD_spmd) 187 /* SPM (hafnium in secure world) expects SPM Core manifest base address 188 * in x0, which in !RESET_TO_BL31 case loaded after base of non shared 189 * SRAM(after 4KB offset of SRAM). But in RESET_TO_BL31 case all non 190 * shared SRAM is allocated to BL31, so to avoid overwriting of manifest 191 * keep it in the last page. 192 */ 193 bl32_image_ep_info.args.arg0 = ARM_TRUSTED_SRAM_BASE + 194 PLAT_ARM_TRUSTED_SRAM_SIZE - PAGE_SIZE; 195 #endif 196 197 # endif /* BL32_BASE */ 198 199 /* Populate entry point information for BL33 */ 200 SET_PARAM_HEAD(&bl33_image_ep_info, 201 PARAM_EP, 202 VERSION_1, 203 0); 204 /* 205 * Tell BL31 where the non-trusted software image 206 * is located and the entry state information 207 */ 208 bl33_image_ep_info.pc = plat_get_ns_image_entrypoint(); 209 210 bl33_image_ep_info.spsr = arm_get_spsr_for_bl33_entry(); 211 SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE); 212 213 #if ENABLE_RME 214 /* 215 * Populate entry point information for RMM. 216 * Only PC needs to be set as other fields are determined by RMMD. 217 */ 218 rmm_image_ep_info.pc = RMM_BASE; 219 #endif /* ENABLE_RME */ 220 221 #else /* RESET_TO_BL31 */ 222 223 /* 224 * In debug builds, we pass a special value in 'plat_params_from_bl2' 225 * to verify platform parameters from BL2 to BL31. 226 * In release builds, it's not used. 227 */ 228 assert(((unsigned long long)plat_params_from_bl2) == 229 ARM_BL31_PLAT_PARAM_VAL); 230 231 /* 232 * Check params passed from BL2 should not be NULL, 233 */ 234 bl_params_t *params_from_bl2 = (bl_params_t *)from_bl2; 235 assert(params_from_bl2 != NULL); 236 assert(params_from_bl2->h.type == PARAM_BL_PARAMS); 237 assert(params_from_bl2->h.version >= VERSION_2); 238 239 bl_params_node_t *bl_params = params_from_bl2->head; 240 241 /* 242 * Copy BL33, BL32 and RMM (if present), entry point information. 243 * They are stored in Secure RAM, in BL2's address space. 244 */ 245 while (bl_params != NULL) { 246 if (bl_params->image_id == BL32_IMAGE_ID) { 247 bl32_image_ep_info = *bl_params->ep_info; 248 #if SPMC_AT_EL3 249 /* 250 * Populate the BL32 image base, size and max limit in 251 * the entry point information, since there is no 252 * platform function to retrieve them in generic 253 * code. We choose arg2, arg3 and arg4 since the generic 254 * code uses arg1 for stashing the SP manifest size. The 255 * SPMC setup uses these arguments to update SP manifest 256 * with actual SP's base address and it size. 257 */ 258 bl32_image_ep_info.args.arg2 = 259 bl_params->image_info->image_base; 260 bl32_image_ep_info.args.arg3 = 261 bl_params->image_info->image_size; 262 bl32_image_ep_info.args.arg4 = 263 bl_params->image_info->image_base + 264 bl_params->image_info->image_max_size; 265 #endif 266 } 267 #if ENABLE_RME 268 else if (bl_params->image_id == RMM_IMAGE_ID) { 269 rmm_image_ep_info = *bl_params->ep_info; 270 } 271 #endif 272 else if (bl_params->image_id == BL33_IMAGE_ID) { 273 bl33_image_ep_info = *bl_params->ep_info; 274 } 275 276 bl_params = bl_params->next_params_info; 277 } 278 279 if (bl33_image_ep_info.pc == 0U) 280 panic(); 281 #if ENABLE_RME 282 if (rmm_image_ep_info.pc == 0U) 283 panic(); 284 #endif 285 #endif /* RESET_TO_BL31 */ 286 287 # if ARM_LINUX_KERNEL_AS_BL33 288 /* 289 * According to the file ``Documentation/arm64/booting.txt`` of the 290 * Linux kernel tree, Linux expects the physical address of the device 291 * tree blob (DTB) in x0, while x1-x3 are reserved for future use and 292 * must be 0. 293 * Repurpose the option to load Hafnium hypervisor in the normal world. 294 * It expects its manifest address in x0. This is essentially the linux 295 * dts (passed to the primary VM) by adding 'hypervisor' and chosen 296 * nodes specifying the Hypervisor configuration. 297 */ 298 #if RESET_TO_BL31 299 bl33_image_ep_info.args.arg0 = (u_register_t)ARM_PRELOADED_DTB_BASE; 300 #else 301 bl33_image_ep_info.args.arg0 = (u_register_t)hw_config; 302 #endif 303 bl33_image_ep_info.args.arg1 = 0U; 304 bl33_image_ep_info.args.arg2 = 0U; 305 bl33_image_ep_info.args.arg3 = 0U; 306 # endif 307 } 308 #endif 309 310 void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1, 311 u_register_t arg2, u_register_t arg3) 312 { 313 #if TRANSFER_LIST 314 arm_bl31_early_platform_setup(arg0, arg1, arg2, arg3); 315 #else 316 arm_bl31_early_platform_setup((void *)arg0, arg1, arg2, (void *)arg3); 317 #endif 318 319 /* 320 * Initialize Interconnect for this cluster during cold boot. 321 * No need for locks as no other CPU is active. 322 */ 323 plat_arm_interconnect_init(); 324 325 /* 326 * Enable Interconnect coherency for the primary CPU's cluster. 327 * Earlier bootloader stages might already do this (e.g. Trusted 328 * Firmware's BL1 does it) but we can't assume so. There is no harm in 329 * executing this code twice anyway. 330 * Platform specific PSCI code will enable coherency for other 331 * clusters. 332 */ 333 plat_arm_interconnect_enter_coherency(); 334 } 335 336 /******************************************************************************* 337 * Perform any BL31 platform setup common to ARM standard platforms 338 ******************************************************************************/ 339 void arm_bl31_platform_setup(void) 340 { 341 /* Initialize the GIC driver, cpu and distributor interfaces */ 342 plat_arm_gic_driver_init(); 343 plat_arm_gic_init(); 344 345 #if RESET_TO_BL31 346 /* 347 * Do initial security configuration to allow DRAM/device access 348 * (if earlier BL has not already done so). 349 */ 350 plat_arm_security_setup(); 351 352 #if defined(PLAT_ARM_MEM_PROT_ADDR) 353 arm_nor_psci_do_dyn_mem_protect(); 354 #endif /* PLAT_ARM_MEM_PROT_ADDR */ 355 356 #endif /* RESET_TO_BL31 */ 357 358 /* Enable and initialize the System level generic timer */ 359 mmio_write_32(ARM_SYS_CNTCTL_BASE + CNTCR_OFF, 360 CNTCR_FCREQ(0U) | CNTCR_EN); 361 362 /* Allow access to the System counter timer module */ 363 arm_configure_sys_timer(); 364 365 /* Initialize power controller before setting up topology */ 366 plat_arm_pwrc_setup(); 367 368 #if ENABLE_FEAT_RAS && FFH_SUPPORT 369 ras_init(); 370 #endif 371 372 #if USE_DEBUGFS 373 debugfs_init(); 374 #endif /* USE_DEBUGFS */ 375 } 376 377 /******************************************************************************* 378 * Perform any BL31 platform runtime setup prior to BL31 exit common to ARM 379 * standard platforms 380 ******************************************************************************/ 381 void arm_bl31_plat_runtime_setup(void) 382 { 383 /* Initialize the runtime console */ 384 arm_console_runtime_init(); 385 386 #if RECLAIM_INIT_CODE 387 arm_free_init_memory(); 388 #endif 389 390 #if PLAT_RO_XLAT_TABLES 391 arm_xlat_make_tables_readonly(); 392 #endif 393 } 394 395 #if RECLAIM_INIT_CODE 396 /* 397 * Make memory for image boot time code RW to reclaim it as stack for the 398 * secondary cores, or RO where it cannot be reclaimed: 399 * 400 * |-------- INIT SECTION --------| 401 * ----------------------------------------- 402 * | CORE 0 | CORE 1 | CORE 2 | EXTRA | 403 * | STACK | STACK | STACK | SPACE | 404 * ----------------------------------------- 405 * <-------------------> <------> 406 * MAKE RW AND XN MAKE 407 * FOR STACKS RO AND XN 408 */ 409 void arm_free_init_memory(void) 410 { 411 int ret = 0; 412 413 if (BL_STACKS_END < BL_INIT_CODE_END) { 414 /* Reclaim some of the init section as stack if possible. */ 415 if (BL_INIT_CODE_BASE < BL_STACKS_END) { 416 ret |= xlat_change_mem_attributes(BL_INIT_CODE_BASE, 417 BL_STACKS_END - BL_INIT_CODE_BASE, 418 MT_RW_DATA); 419 } 420 /* Make the rest of the init section read-only. */ 421 ret |= xlat_change_mem_attributes(BL_STACKS_END, 422 BL_INIT_CODE_END - BL_STACKS_END, 423 MT_RO_DATA); 424 } else { 425 /* The stacks cover the init section, so reclaim it all. */ 426 ret |= xlat_change_mem_attributes(BL_INIT_CODE_BASE, 427 BL_INIT_CODE_END - BL_INIT_CODE_BASE, 428 MT_RW_DATA); 429 } 430 431 if (ret != 0) { 432 ERROR("Could not reclaim initialization code"); 433 panic(); 434 } 435 } 436 #endif 437 438 void __init bl31_platform_setup(void) 439 { 440 arm_bl31_platform_setup(); 441 } 442 443 void bl31_plat_runtime_setup(void) 444 { 445 arm_bl31_plat_runtime_setup(); 446 } 447 448 /******************************************************************************* 449 * Perform the very early platform specific architectural setup shared between 450 * ARM standard platforms. This only does basic initialization. Later 451 * architectural setup (bl31_arch_setup()) does not do anything platform 452 * specific. 453 ******************************************************************************/ 454 void __init arm_bl31_plat_arch_setup(void) 455 { 456 const mmap_region_t bl_regions[] = { 457 MAP_BL31_TOTAL, 458 #if ENABLE_RME 459 ARM_MAP_L0_GPT_REGION, 460 #endif 461 #if RECLAIM_INIT_CODE 462 MAP_BL_INIT_CODE, 463 #endif 464 #if SEPARATE_NOBITS_REGION 465 MAP_BL31_NOBITS, 466 #endif 467 ARM_MAP_BL_RO, 468 #if USE_ROMLIB 469 ARM_MAP_ROMLIB_CODE, 470 ARM_MAP_ROMLIB_DATA, 471 #endif 472 #if USE_COHERENT_MEM 473 ARM_MAP_BL_COHERENT_RAM, 474 #endif 475 {0} 476 }; 477 478 setup_page_tables(bl_regions, plat_arm_get_mmap()); 479 480 enable_mmu_el3(0); 481 482 #if ENABLE_RME 483 /* 484 * Initialise Granule Protection library and enable GPC for the primary 485 * processor. The tables have already been initialized by a previous BL 486 * stage, so there is no need to provide any PAS here. This function 487 * sets up pointers to those tables. 488 */ 489 if (gpt_runtime_init() < 0) { 490 ERROR("gpt_runtime_init() failed!\n"); 491 panic(); 492 } 493 #endif /* ENABLE_RME */ 494 495 arm_setup_romlib(); 496 } 497 498 void __init bl31_plat_arch_setup(void) 499 { 500 struct transfer_list_entry *te __unused; 501 502 arm_bl31_plat_arch_setup(); 503 504 #if TRANSFER_LIST && !RESET_TO_BL2 505 te = transfer_list_find(secure_tl, TL_TAG_FDT); 506 assert(te != NULL); 507 508 /* Populate HW_CONFIG device tree with the mapped address */ 509 fconf_populate("HW_CONFIG", (uintptr_t)transfer_list_entry_data(te)); 510 #endif 511 } 512