xref: /rk3399_ARM-atf/plat/arm/common/arm_bl31_setup.c (revision b67e984664a8644d6cfd1812cabaa02cf24f09c9) 
1 /*
2  * Copyright (c) 2015-2025, Arm Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include <assert.h>
8 
9 #include <arch.h>
10 #include <arch_features.h>
11 #include <arch_helpers.h>
12 #include <common/bl_common.h>
13 #include <common/debug.h>
14 #include <drivers/console.h>
15 #include <lib/debugfs.h>
16 #include <lib/extensions/ras.h>
17 #include <lib/fconf/fconf.h>
18 #include <lib/gpt_rme/gpt_rme.h>
19 #include <lib/mmio.h>
20 #if TRANSFER_LIST
21 #include <transfer_list.h>
22 #endif
23 #include <lib/xlat_tables/xlat_tables_compat.h>
24 #include <plat/arm/common/plat_arm.h>
25 #include <plat/common/platform.h>
26 #include <platform_def.h>
27 
28 struct transfer_list_header *secure_tl;
29 struct transfer_list_header *ns_tl __unused;
30 
31 #if USE_GIC_DRIVER == 3
32 const uintptr_t gicr_base_addrs[2] = {
33 	PLAT_ARM_GICR_BASE,	/* GICR Base address of the primary CPU */
34 	0U			/* Zero Termination */
35 };
36 #endif
37 
38 /*
39  * Placeholder variables for copying the arguments that have been passed to
40  * BL31 from BL2.
41  */
42 static entry_point_info_t bl32_image_ep_info;
43 static entry_point_info_t bl33_image_ep_info;
44 
45 #if ENABLE_RME
46 static entry_point_info_t rmm_image_ep_info;
47 #if (RME_GPT_BITLOCK_BLOCK == 0)
48 #define BITLOCK_BASE	UL(0)
49 #define BITLOCK_SIZE	UL(0)
50 #else
51 /*
52  * Number of bitlock_t entries in bitlocks array for PLAT_ARM_PPS
53  * with RME_GPT_BITLOCK_BLOCK * 512MB per bitlock.
54  */
55 #if (PLAT_ARM_PPS > (RME_GPT_BITLOCK_BLOCK * SZ_512M * UL(8)))
56 #define BITLOCKS_NUM	(PLAT_ARM_PPS) /	\
57 			(RME_GPT_BITLOCK_BLOCK * SZ_512M * UL(8))
58 #else
59 #define BITLOCKS_NUM	U(1)
60 #endif
61 /*
62  * Bitlocks array
63  */
64 static bitlock_t gpt_bitlock[BITLOCKS_NUM];
65 #define BITLOCK_BASE	(uintptr_t)gpt_bitlock
66 #define BITLOCK_SIZE	sizeof(gpt_bitlock)
67 #endif /* RME_GPT_BITLOCK_BLOCK */
68 #endif /* ENABLE_RME */
69 
70 #if !RESET_TO_BL31
71 /*
72  * Check that BL31_BASE is above ARM_FW_CONFIG_LIMIT. The reserved page
73  * is required for SOC_FW_CONFIG/TOS_FW_CONFIG passed from BL2.
74  */
75 #if TRANSFER_LIST
76 CASSERT(BL31_BASE >= PLAT_ARM_EL3_FW_HANDOFF_LIMIT, assert_bl31_base_overflows);
77 #else
78 CASSERT(BL31_BASE >= ARM_FW_CONFIG_LIMIT, assert_bl31_base_overflows);
79 #endif /* TRANSFER_LIST */
80 #endif /* RESET_TO_BL31 */
81 
82 /* Weak definitions may be overridden in specific ARM standard platform */
83 #pragma weak bl31_early_platform_setup2
84 #pragma weak bl31_platform_setup
85 #pragma weak bl31_plat_arch_setup
86 #pragma weak bl31_plat_get_next_image_ep_info
87 #pragma weak bl31_plat_runtime_setup
88 
89 #define MAP_BL31_TOTAL		MAP_REGION_FLAT(			\
90 					BL31_START,			\
91 					BL31_END - BL31_START,		\
92 					MT_MEMORY | MT_RW | EL3_PAS)
93 #if RECLAIM_INIT_CODE
94 IMPORT_SYM(unsigned long, __INIT_CODE_START__, BL_INIT_CODE_BASE);
95 IMPORT_SYM(unsigned long, __INIT_CODE_END__, BL_CODE_END_UNALIGNED);
96 IMPORT_SYM(unsigned long, __STACKS_END__, BL_STACKS_END_UNALIGNED);
97 
98 #define	BL_INIT_CODE_END	((BL_CODE_END_UNALIGNED + PAGE_SIZE - 1) & \
99 					~(PAGE_SIZE - 1))
100 #define	BL_STACKS_END		((BL_STACKS_END_UNALIGNED + PAGE_SIZE - 1) & \
101 					~(PAGE_SIZE - 1))
102 
103 #define MAP_BL_INIT_CODE	MAP_REGION_FLAT(			\
104 					BL_INIT_CODE_BASE,		\
105 					BL_INIT_CODE_END		\
106 						- BL_INIT_CODE_BASE,	\
107 					MT_CODE | EL3_PAS)
108 #endif
109 
110 #if SEPARATE_NOBITS_REGION
111 #define MAP_BL31_NOBITS		MAP_REGION_FLAT(			\
112 					BL31_NOBITS_BASE,		\
113 					BL31_NOBITS_LIMIT 		\
114 						- BL31_NOBITS_BASE,	\
115 					MT_MEMORY | MT_RW | EL3_PAS)
116 
117 #endif
118 /*******************************************************************************
119  * Return a pointer to the 'entry_point_info' structure of the next image for the
120  * security state specified. BL33 corresponds to the non-secure image type
121  * while BL32 corresponds to the secure image type. A NULL pointer is returned
122  * if the image does not exist.
123  ******************************************************************************/
124 struct entry_point_info *bl31_plat_get_next_image_ep_info(uint32_t type)
125 {
126 	entry_point_info_t *next_image_info;
127 
128 	assert(sec_state_is_valid(type));
129 	if (type == NON_SECURE) {
130 #if TRANSFER_LIST && !RESET_TO_BL31
131 		next_image_info = transfer_list_set_handoff_args(
132 			ns_tl, &bl33_image_ep_info);
133 #else
134 		next_image_info = &bl33_image_ep_info;
135 #endif
136 	}
137 #if ENABLE_RME
138 	else if (type == REALM) {
139 		next_image_info = &rmm_image_ep_info;
140 	}
141 #endif
142 	else {
143 #if TRANSFER_LIST && !RESET_TO_BL31
144 		next_image_info = transfer_list_set_handoff_args(
145 			secure_tl, &bl32_image_ep_info);
146 #else
147 		next_image_info = &bl32_image_ep_info;
148 #endif
149 	}
150 
151 	/*
152 	 * None of the images on the ARM development platforms can have 0x0
153 	 * as the entrypoint
154 	 */
155 	if (next_image_info->pc)
156 		return next_image_info;
157 	else
158 		return NULL;
159 }
160 
161 /*******************************************************************************
162  * Perform any BL31 early platform setup common to ARM standard platforms.
163  * Here is an opportunity to copy parameters passed by the calling EL (S-EL1
164  * in BL2 & EL3 in BL1) before they are lost (potentially). This needs to be
165  * done before the MMU is initialized so that the memory layout can be used
166  * while creating page tables. BL2 has flushed this information to memory, so
167  * we are guaranteed to pick up good data.
168  ******************************************************************************/
169 void __init arm_bl31_early_platform_setup(u_register_t arg0, u_register_t arg1,
170 					  u_register_t arg2, u_register_t arg3)
171 {
172 #if TRANSFER_LIST
173 #if RESET_TO_BL31
174 	/* Populate entry point information for BL33 */
175 	SET_PARAM_HEAD(&bl33_image_ep_info, PARAM_EP, VERSION_1, 0);
176 	/*
177 	 * Tell BL31 where the non-trusted software image
178 	 * is located and the entry state information
179 	 */
180 	bl33_image_ep_info.pc = plat_get_ns_image_entrypoint();
181 
182 	bl33_image_ep_info.spsr = arm_get_spsr(BL33_IMAGE_ID);
183 	SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE);
184 
185 	bl33_image_ep_info.args.arg0 = PLAT_ARM_TRANSFER_LIST_DTB_OFFSET;
186 	bl33_image_ep_info.args.arg1 =
187 		TRANSFER_LIST_HANDOFF_X1_VALUE(REGISTER_CONVENTION_VERSION);
188 	bl33_image_ep_info.args.arg3 = FW_NS_HANDOFF_BASE;
189 #else
190 	struct transfer_list_entry *te = NULL;
191 	struct entry_point_info *ep;
192 
193 	secure_tl = (struct transfer_list_header *)arg3;
194 
195 	/*
196 	 * Populate the global entry point structures used to execute subsequent
197 	 * images.
198 	 */
199 	while ((te = transfer_list_next(secure_tl, te)) != NULL) {
200 		ep = transfer_list_entry_data(te);
201 
202 		if (te->tag_id == TL_TAG_EXEC_EP_INFO64) {
203 			switch (GET_SECURITY_STATE(ep->h.attr)) {
204 			case NON_SECURE:
205 				bl33_image_ep_info = *ep;
206 				break;
207 #if ENABLE_RME
208 			case REALM:
209 				rmm_image_ep_info = *ep;
210 				break;
211 #endif
212 			case SECURE:
213 				bl32_image_ep_info = *ep;
214 				break;
215 			default:
216 				ERROR("Unrecognized Image Security State %lu\n",
217 				      GET_SECURITY_STATE(ep->h.attr));
218 				panic();
219 			}
220 		}
221 	}
222 #endif /* RESET_TO_BL31 */
223 #else /* (!TRANSFER_LIST) */
224 #if RESET_TO_BL31
225 	/* If BL31 is a reset vector, the parameters must be ignored */
226 	(void)arg0;
227 	(void)arg1;
228 	(void)arg2;
229 	(void)arg3;
230 
231 # ifdef BL32_BASE
232 	/* Populate entry point information for BL32 */
233 	SET_PARAM_HEAD(&bl32_image_ep_info,
234 				PARAM_EP,
235 				VERSION_1,
236 				0);
237 	SET_SECURITY_STATE(bl32_image_ep_info.h.attr, SECURE);
238 	bl32_image_ep_info.pc = BL32_BASE;
239 	bl32_image_ep_info.spsr = arm_get_spsr(BL32_IMAGE_ID);
240 
241 #if defined(SPD_spmd)
242 	bl32_image_ep_info.args.arg0 = ARM_SPMC_MANIFEST_BASE;
243 #endif
244 
245 # endif /* BL32_BASE */
246 
247 	/* Populate entry point information for BL33 */
248 	SET_PARAM_HEAD(&bl33_image_ep_info,
249 				PARAM_EP,
250 				VERSION_1,
251 				0);
252 	/*
253 	 * Tell BL31 where the non-trusted software image
254 	 * is located and the entry state information
255 	 */
256 	bl33_image_ep_info.pc = plat_get_ns_image_entrypoint();
257 	bl33_image_ep_info.spsr = arm_get_spsr(BL33_IMAGE_ID);
258 	SET_SECURITY_STATE(bl33_image_ep_info.h.attr, NON_SECURE);
259 
260 #if ENABLE_RME
261 	/*
262 	 * Populate entry point information for RMM.
263 	 * Only PC needs to be set as other fields are determined by RMMD.
264 	 */
265 	rmm_image_ep_info.pc = RMM_BASE;
266 #endif /* ENABLE_RME */
267 #else /* RESET_TO_BL31 */
268 	/*
269 	 * In debug builds, we pass a special value in 'arg3'
270 	 * to verify platform parameters from BL2 to BL31.
271 	 * In release builds, it's not used.
272 	 */
273 #if DEBUG
274 	assert(((uintptr_t)arg3) == ARM_BL31_PLAT_PARAM_VAL);
275 #endif
276 
277 	/*
278 	 * Check params passed from BL2 should not be NULL,
279 	 */
280 	bl_params_t *params_from_bl2 = (bl_params_t *)(uintptr_t)arg0;
281 	assert(params_from_bl2 != NULL);
282 	assert(params_from_bl2->h.type == PARAM_BL_PARAMS);
283 	assert(params_from_bl2->h.version >= VERSION_2);
284 
285 	bl_params_node_t *bl_params = params_from_bl2->head;
286 
287 	/*
288 	 * Copy BL33, BL32 and RMM (if present), entry point information.
289 	 * They are stored in Secure RAM, in BL2's address space.
290 	 */
291 	while (bl_params != NULL) {
292 		if (bl_params->image_id == BL32_IMAGE_ID) {
293 			bl32_image_ep_info = *bl_params->ep_info;
294 #if SPMC_AT_EL3
295 			/*
296 			 * Populate the BL32 image base, size and max limit in
297 			 * the entry point information, since there is no
298 			 * platform function to retrieve them in generic
299 			 * code. We choose arg2, arg3 and arg4 since the generic
300 			 * code uses arg1 for stashing the SP manifest size. The
301 			 * SPMC setup uses these arguments to update SP manifest
302 			 * with actual SP's base address and it size.
303 			 */
304 			bl32_image_ep_info.args.arg2 =
305 				bl_params->image_info->image_base;
306 			bl32_image_ep_info.args.arg3 =
307 				bl_params->image_info->image_size;
308 			bl32_image_ep_info.args.arg4 =
309 				bl_params->image_info->image_base +
310 				bl_params->image_info->image_max_size;
311 #endif
312 		}
313 #if ENABLE_RME
314 		else if (bl_params->image_id == RMM_IMAGE_ID) {
315 			rmm_image_ep_info = *bl_params->ep_info;
316 		}
317 #endif
318 		else if (bl_params->image_id == BL33_IMAGE_ID) {
319 			bl33_image_ep_info = *bl_params->ep_info;
320 		}
321 
322 		bl_params = bl_params->next_params_info;
323 	}
324 
325 	if (bl33_image_ep_info.pc == 0U)
326 		panic();
327 #if ENABLE_RME
328 	if (rmm_image_ep_info.pc == 0U)
329 		panic();
330 #endif
331 #endif /* RESET_TO_BL31 */
332 
333 #if USE_KERNEL_DT_CONVENTION
334 	/*
335 	 * Only use the default DT base address if TF-A has not supplied one.
336 	 * This can occur when the DT is side-loaded and its memory location
337 	 * is unknown (e.g., RESET_TO_BL31).
338 	 */
339 
340 	if (bl33_image_ep_info.args.arg0 == 0U) {
341 		bl33_image_ep_info.args.arg0 = HW_CONFIG_BASE;
342 	}
343 
344 #if ARM_LINUX_KERNEL_AS_BL33
345 	bl33_image_ep_info.args.arg1 = 0U;
346 	bl33_image_ep_info.args.arg2 = 0U;
347 	bl33_image_ep_info.args.arg3 = 0U;
348 #endif
349 #endif
350 #endif /* TRANSFER_LIST */
351 }
352 
353 void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1,
354 		u_register_t arg2, u_register_t arg3)
355 {
356 	/* Initialize the console to provide early debug support */
357 	arm_console_boot_init();
358 
359 	arm_bl31_early_platform_setup(arg0, arg1, arg2, arg3);
360 
361 	/*
362 	 * Initialize Interconnect for this cluster during cold boot.
363 	 * No need for locks as no other CPU is active.
364 	 */
365 	plat_arm_interconnect_init();
366 
367 	/*
368 	 * Enable Interconnect coherency for the primary CPU's cluster.
369 	 * Earlier bootloader stages might already do this (e.g. Trusted
370 	 * Firmware's BL1 does it) but we can't assume so. There is no harm in
371 	 * executing this code twice anyway.
372 	 * Platform specific PSCI code will enable coherency for other
373 	 * clusters.
374 	 */
375 	plat_arm_interconnect_enter_coherency();
376 }
377 
378 /*******************************************************************************
379  * Perform any BL31 platform setup common to ARM standard platforms
380  ******************************************************************************/
381 void arm_bl31_platform_setup(void)
382 {
383 	struct transfer_list_entry *te __unused;
384 
385 #if TRANSFER_LIST && !RESET_TO_BL31
386 	ns_tl = transfer_list_init((void *)FW_NS_HANDOFF_BASE,
387 				   PLAT_ARM_FW_HANDOFF_SIZE);
388 	if (ns_tl == NULL) {
389 		ERROR("Non-secure transfer list initialisation failed!\n");
390 		panic();
391 	}
392 	/* BL31 may modify the HW_CONFIG so defer copying it until later. */
393 	te = transfer_list_find(secure_tl, TL_TAG_FDT);
394 	assert(te != NULL);
395 
396 	/*
397 	 * A pre-existing assumption is that FCONF is unsupported w/ RESET_TO_BL2 and
398 	 * RESET_TO_BL31. In the case of RESET_TO_BL31 this makes sense because there
399 	 * isn't a prior stage to load the device tree, but the reasoning for RESET_TO_BL2 is
400 	 * less clear. For the moment hardware properties that would normally be
401 	 * derived from the DT are statically defined.
402 	 */
403 #if !RESET_TO_BL2
404 	fconf_populate("HW_CONFIG", (uintptr_t)transfer_list_entry_data(te));
405 #endif
406 
407 	te = transfer_list_add(ns_tl, TL_TAG_FDT, te->data_size,
408 			       transfer_list_entry_data(te));
409 	assert(te != NULL);
410 
411 	te = transfer_list_find(secure_tl, TL_TAG_TPM_EVLOG);
412 	if (te != NULL) {
413 		te = transfer_list_add(ns_tl, TL_TAG_TPM_EVLOG, te->data_size,
414 				  transfer_list_entry_data(te));
415 		if (te == NULL) {
416 			ERROR("Failed to load event log in Non-Secure transfer list\n");
417 			panic();
418 		}
419 	}
420 #endif /* TRANSFER_LIST && !RESET_TO_BL31 */
421 
422 #if RESET_TO_BL31
423 	/*
424 	 * Do initial security configuration to allow DRAM/device access
425 	 * (if earlier BL has not already done so).
426 	 */
427 	plat_arm_security_setup();
428 
429 #if defined(PLAT_ARM_MEM_PROT_ADDR)
430 	arm_nor_psci_do_dyn_mem_protect();
431 #endif /* PLAT_ARM_MEM_PROT_ADDR */
432 
433 #endif /* RESET_TO_BL31 */
434 
435 	/* Enable and initialize the System level generic timer */
436 	mmio_write_32(ARM_SYS_CNTCTL_BASE + CNTCR_OFF,
437 			CNTCR_FCREQ(0U) | CNTCR_EN);
438 
439 	/* Allow access to the System counter timer module */
440 	arm_configure_sys_timer();
441 
442 	/* Initialize power controller before setting up topology */
443 	plat_arm_pwrc_setup();
444 
445 #if ENABLE_FEAT_RAS && FFH_SUPPORT
446 	ras_init();
447 #endif
448 
449 #if USE_DEBUGFS
450 	debugfs_init();
451 #endif /* USE_DEBUGFS */
452 
453 #if USE_GIC_DRIVER == 3
454 	gic_set_gicr_frames(gicr_base_addrs);
455 #endif
456 }
457 
458 /*******************************************************************************
459  * Perform any BL31 platform runtime setup prior to BL31 exit common to ARM
460  * standard platforms
461  ******************************************************************************/
462 void arm_bl31_plat_runtime_setup(void)
463 {
464 	struct transfer_list_entry *te __unused;
465 	/* Initialize the runtime console */
466 	arm_console_runtime_init();
467 
468 #if TRANSFER_LIST && !RESET_TO_BL31
469 	/*
470 	 * We assume BL31 has added all TE's required by BL33 at this stage, ensure
471 	 * that data is visible to all observers by performing a flush operation, so
472 	 * they can access the updated data even if caching is not enabled.
473 	 */
474 	flush_dcache_range((uintptr_t)ns_tl, ns_tl->size);
475 #endif /* TRANSFER_LIST && !RESET_TO_BL31 */
476 
477 #if RECLAIM_INIT_CODE
478 	arm_free_init_memory();
479 #endif
480 
481 #if PLAT_RO_XLAT_TABLES
482 	arm_xlat_make_tables_readonly();
483 #endif
484 }
485 
486 #if RECLAIM_INIT_CODE
487 /*
488  * Make memory for image boot time code RW to reclaim it as stack for the
489  * secondary cores, or RO where it cannot be reclaimed:
490  *
491  *            |-------- INIT SECTION --------|
492  *  -----------------------------------------
493  * |  CORE 0  |  CORE 1  |  CORE 2  | EXTRA  |
494  * |  STACK   |  STACK   |  STACK   | SPACE  |
495  *  -----------------------------------------
496  *             <-------------------> <------>
497  *                MAKE RW AND XN       MAKE
498  *                  FOR STACKS       RO AND XN
499  */
500 void arm_free_init_memory(void)
501 {
502 	int ret = 0;
503 
504 	if (BL_STACKS_END < BL_INIT_CODE_END) {
505 		/* Reclaim some of the init section as stack if possible. */
506 		if (BL_INIT_CODE_BASE < BL_STACKS_END) {
507 			ret |= xlat_change_mem_attributes(BL_INIT_CODE_BASE,
508 					BL_STACKS_END - BL_INIT_CODE_BASE,
509 					MT_RW_DATA);
510 		}
511 		/* Make the rest of the init section read-only. */
512 		ret |= xlat_change_mem_attributes(BL_STACKS_END,
513 				BL_INIT_CODE_END - BL_STACKS_END,
514 				MT_RO_DATA);
515 	} else {
516 		/* The stacks cover the init section, so reclaim it all. */
517 		ret |= xlat_change_mem_attributes(BL_INIT_CODE_BASE,
518 				BL_INIT_CODE_END - BL_INIT_CODE_BASE,
519 				MT_RW_DATA);
520 	}
521 
522 	if (ret != 0) {
523 		ERROR("Could not reclaim initialization code");
524 		panic();
525 	}
526 }
527 #endif
528 
529 void __init bl31_platform_setup(void)
530 {
531 	arm_bl31_platform_setup();
532 }
533 
534 void bl31_plat_runtime_setup(void)
535 {
536 	arm_bl31_plat_runtime_setup();
537 }
538 
539 /*******************************************************************************
540  * Perform the very early platform specific architectural setup shared between
541  * ARM standard platforms. This only does basic initialization. Later
542  * architectural setup (bl31_arch_setup()) does not do anything platform
543  * specific.
544  ******************************************************************************/
545 void __init arm_bl31_plat_arch_setup(void)
546 {
547 	const mmap_region_t bl_regions[] = {
548 		MAP_BL31_TOTAL,
549 #if ENABLE_RME
550 		ARM_MAP_L0_GPT_REGION,
551 #endif
552 #if RECLAIM_INIT_CODE
553 		MAP_BL_INIT_CODE,
554 #endif
555 #if SEPARATE_NOBITS_REGION
556 		MAP_BL31_NOBITS,
557 #endif
558 		ARM_MAP_BL_RO,
559 #if USE_ROMLIB
560 		ARM_MAP_ROMLIB_CODE,
561 		ARM_MAP_ROMLIB_DATA,
562 #endif
563 #if USE_COHERENT_MEM
564 		ARM_MAP_BL_COHERENT_RAM,
565 #endif
566 		{0}
567 	};
568 
569 	setup_page_tables(bl_regions, plat_arm_get_mmap());
570 
571 	enable_mmu_el3(0);
572 
573 #if ENABLE_RME
574 #if RESET_TO_BL31
575 	/*  initialize GPT only when RME is enabled. */
576 	assert(is_feat_rme_present());
577 
578 	/* Initialise and enable granule protection after MMU. */
579 	arm_gpt_setup();
580 #endif /* RESET_TO_BL31 */
581 	/*
582 	 * Initialise Granule Protection library and enable GPC for the primary
583 	 * processor. The tables have already been initialized by a previous BL
584 	 * stage, so there is no need to provide any PAS here. This function
585 	 * sets up pointers to those tables.
586 	 */
587 	if (gpt_runtime_init(BITLOCK_BASE, BITLOCK_SIZE) < 0) {
588 		ERROR("gpt_runtime_init() failed!\n");
589 		panic();
590 	}
591 #endif /* ENABLE_RME */
592 
593 	arm_setup_romlib();
594 }
595 
596 void __init bl31_plat_arch_setup(void)
597 {
598 	arm_bl31_plat_arch_setup();
599 }
600