From edfda10a6b4ac7691746f1cd23e74a8dc3b70f0a Mon Sep 17 00:00:00 2001 From: Sandrine Bailleux Date: Thu, 17 Jul 2014 09:56:29 +0100 Subject: [PATCH] Juno: Add support for Test Secure-EL1 Payload This patch implements the TSP on Juno. It executes from on-chip Trusted SRAM. Also, the other bootloader images (i.e. BL1 R/W, BL2 and BL3-1) have been moved around. The reason is, although there was enough space overall to store the TSP in SRAM, there was no contiguous free chunk of SRAM big enough to hold it. This patch keeps the overall memory layout (i.e. keeping BL1 R/W at the bottom, BL2 at the top and BL3-1 in between) but moves the base addresses of all the bootloader images in such a way that: - memory fragmentation is reduced enough to fit BL3-2 in; - new base addresses are suitable for release builds as well as debug ones; - each image has a few extra kilobytes for future growth. BL3-1 and BL3-2 are the images which received the biggest allocations since they will most probably grow the most. This patch also adds instruction synchronization barriers around the code which handles the timer interrupt in the TSP. This ensures that the interrupt is not acknowledged after or EOIed before it is deactivated at the peripheral. Change-Id: I1c5b51858700027ee283ac85d18e06863a27c72e --- bl32/tsp/tsp_timer.c | 7 ++- plat/juno/include/platform_def.h | 5 +- plat/juno/juno_def.h | 1 + plat/juno/plat-tsp.ld.S | 31 ++++++++++ plat/juno/plat_io_storage.c | 10 ++++ plat/juno/tsp/tsp-juno.mk | 37 ++++++++++++ plat/juno/tsp/tsp_plat_setup.c | 97 ++++++++++++++++++++++++++++++++ 7 files changed, 185 insertions(+), 3 deletions(-) create mode 100644 plat/juno/plat-tsp.ld.S create mode 100644 plat/juno/tsp/tsp-juno.mk create mode 100644 plat/juno/tsp/tsp_plat_setup.c diff --git a/bl32/tsp/tsp_timer.c b/bl32/tsp/tsp_timer.c index d9460b69..f196021d 100644 --- a/bl32/tsp/tsp_timer.c +++ b/bl32/tsp/tsp_timer.c @@ -68,9 +68,14 @@ void tsp_generic_timer_handler(void) /* Ensure that the timer did assert the interrupt */ assert(get_cntp_ctl_istatus(read_cntps_ctl_el1())); - /* Disable the timer and reprogram it */ + /* + * Disable the timer and reprogram it. The barriers ensure that there is + * no reordering of instructions around the reprogramming code. + */ + isb(); write_cntps_ctl_el1(0); tsp_generic_timer_start(); + isb(); } /******************************************************************************* diff --git a/plat/juno/include/platform_def.h b/plat/juno/include/platform_def.h index 2678efc2..6d9d0fb0 100644 --- a/plat/juno/include/platform_def.h +++ b/plat/juno/include/platform_def.h @@ -32,6 +32,7 @@ #define __PLATFORM_DEF_H__ #include +#include "../juno_def.h" /******************************************************************************* * Platform binary types for linking @@ -142,9 +143,9 @@ #define MAX_MMAP_REGIONS 16 /******************************************************************************* - * ID of the secure physical generic timer interrupt. + * ID of the secure physical generic timer interrupt used by the TSP ******************************************************************************/ -#define IRQ_SEC_PHY_TIMER 29 +#define TSP_IRQ_SEC_PHY_TIMER IRQ_SEC_PHY_TIMER /******************************************************************************* * Declarations and constants to access the mailboxes safely. Each mailbox is diff --git a/plat/juno/juno_def.h b/plat/juno/juno_def.h index b099e976..b3099b71 100644 --- a/plat/juno/juno_def.h +++ b/plat/juno/juno_def.h @@ -113,6 +113,7 @@ #define IRQ_TZC400 80 #define IRQ_TZ_WDOG 86 +#define IRQ_SEC_PHY_TIMER 29 #define IRQ_SEC_SGI_0 8 #define IRQ_SEC_SGI_1 9 #define IRQ_SEC_SGI_2 10 diff --git a/plat/juno/plat-tsp.ld.S b/plat/juno/plat-tsp.ld.S new file mode 100644 index 00000000..16d6c171 --- /dev/null +++ b/plat/juno/plat-tsp.ld.S @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2014, ARM Limited and Contributors. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of ARM nor the names of its contributors may be used + * to endorse or promote products derived from this software without specific + * prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + + ASSERT(__BL32_END__ <= BL2_BASE, "BL3-2 image overlaps BL2 image.") diff --git a/plat/juno/plat_io_storage.c b/plat/juno/plat_io_storage.c index b2974007..83d7e43b 100644 --- a/plat/juno/plat_io_storage.c +++ b/plat/juno/plat_io_storage.c @@ -67,6 +67,11 @@ static const io_file_spec_t bl31_file_spec = { .mode = FOPEN_MODE_RB }; +static const io_file_spec_t bl32_file_spec = { + .path = BL32_IMAGE_NAME, + .mode = FOPEN_MODE_RB +}; + static const io_file_spec_t bl33_file_spec = { .path = BL33_IMAGE_NAME, .mode = FOPEN_MODE_RB @@ -103,6 +108,11 @@ static const struct plat_io_policy policies[] = { &fip_dev_handle, (uintptr_t)&bl31_file_spec, open_fip + }, { + BL32_IMAGE_NAME, + &fip_dev_handle, + (uintptr_t)&bl32_file_spec, + open_fip }, { BL33_IMAGE_NAME, &fip_dev_handle, diff --git a/plat/juno/tsp/tsp-juno.mk b/plat/juno/tsp/tsp-juno.mk new file mode 100644 index 00000000..d0d29d77 --- /dev/null +++ b/plat/juno/tsp/tsp-juno.mk @@ -0,0 +1,37 @@ +# +# Copyright (c) 2014, ARM Limited and Contributors. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. +# +# Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# Neither the name of ARM nor the names of its contributors may be used +# to endorse or promote products derived from this software without specific +# prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +# TSP source files specific to Juno platform +BL32_SOURCES += drivers/arm/gic/gic_v2.c \ + plat/common/aarch64/platform_mp_stack.S \ + plat/juno/aarch64/juno_common.c \ + plat/juno/aarch64/plat_helpers.S \ + plat/juno/tsp/tsp_plat_setup.c \ + plat/juno/plat_gic.c diff --git a/plat/juno/tsp/tsp_plat_setup.c b/plat/juno/tsp/tsp_plat_setup.c new file mode 100644 index 00000000..b999df1f --- /dev/null +++ b/plat/juno/tsp/tsp_plat_setup.c @@ -0,0 +1,97 @@ +/* + * Copyright (c) 2014, ARM Limited and Contributors. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of ARM nor the names of its contributors may be used + * to endorse or promote products derived from this software without specific + * prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include +#include "../juno_def.h" +#include "../juno_private.h" + +/******************************************************************************* + * Declarations of linker defined symbols which will help us find the layout + * of trusted SRAM + ******************************************************************************/ +extern unsigned long __RO_START__; +extern unsigned long __RO_END__; + +extern unsigned long __COHERENT_RAM_START__; +extern unsigned long __COHERENT_RAM_END__; + +/* + * The next 2 constants identify the extents of the code & RO data region. + * These addresses are used by the MMU setup code and therefore they must be + * page-aligned. It is the responsibility of the linker script to ensure that + * __RO_START__ and __RO_END__ linker symbols refer to page-aligned addresses. + */ +#define BL32_RO_BASE (unsigned long)(&__RO_START__) +#define BL32_RO_LIMIT (unsigned long)(&__RO_END__) + +/* + * The next 2 constants identify the extents of the coherent memory region. + * These addresses are used by the MMU setup code and therefore they must be + * page-aligned. It is the responsibility of the linker script to ensure that + * __COHERENT_RAM_START__ and __COHERENT_RAM_END__ linker symbols refer to + * page-aligned addresses. + */ +#define BL32_COHERENT_RAM_BASE (unsigned long)(&__COHERENT_RAM_START__) +#define BL32_COHERENT_RAM_LIMIT (unsigned long)(&__COHERENT_RAM_END__) + +/******************************************************************************* + * Initialize the UART + ******************************************************************************/ +void tsp_early_platform_setup(void) +{ + /* + * Initialize a different console than already in use to display + * messages from TSP + */ + console_init(PL011_UART1_BASE, PL011_UART1_CLK_IN_HZ, PL011_BAUDRATE); +} + +/******************************************************************************* + * Perform platform specific setup placeholder + ******************************************************************************/ +void tsp_platform_setup(void) +{ +} + +/******************************************************************************* + * Perform the very early platform specific architectural setup here. At the + * moment this only intializes the MMU + ******************************************************************************/ +void tsp_plat_arch_setup(void) +{ + configure_mmu_el1(BL32_RO_BASE, + BL32_COHERENT_RAM_LIMIT - BL32_RO_BASE, + BL32_RO_BASE, + BL32_RO_LIMIT, + BL32_COHERENT_RAM_BASE, + BL32_COHERENT_RAM_LIMIT); +} -- 2.30.2