From faaa2e7644ec6101de0e7d4f35b9dd2999f110a7 Mon Sep 17 00:00:00 2001 From: Vikram Kanigiri Date: Tue, 15 Jul 2014 16:49:22 +0100 Subject: [PATCH] Support asynchronous method for BL3-2 initialization This patch adds support for BL3-2 initialization by asynchronous method where BL3-1 transfers control to BL3-2 using world switch. After BL3-2 initialization, it transfers control to BL3-3 via SPD service handler. The SPD service handler initializes the CPU context to BL3-3 entrypoint depending on the return function indentifier from TSP initialization. Fixes ARM-software/TF-issues#184 Change-Id: I7b135c2ceeb356d3bb5b6a287932e96ac67c7a34 --- bl31/bl31_main.c | 5 +-- bl32/tsp/tsp.mk | 8 ++++ docs/firmware-design.md | 11 ++--- docs/user-guide.md | 7 ++++ services/spd/tspd/tspd_main.c | 78 +++++++++++++++++++++++------------ 5 files changed, 74 insertions(+), 35 deletions(-) diff --git a/bl31/bl31_main.c b/bl31/bl31_main.c index ff3c53b5..68bdd367 100644 --- a/bl31/bl31_main.c +++ b/bl31/bl31_main.c @@ -51,7 +51,7 @@ static int32_t (*bl32_init)(void); * Variable to indicate whether next image to execute after BL31 is BL33 * (non-secure & default) or BL32 (secure). ******************************************************************************/ -static uint32_t next_image_type; +static uint32_t next_image_type = NON_SECURE; /******************************************************************************* * Simple function to initialise all BL31 helper libraries. @@ -89,9 +89,6 @@ void bl31_main(void) /* Clean caches before re-entering normal world */ dcsw_op_all(DCCSW); - /* By default run the non-secure BL3-3 image next */ - next_image_type = NON_SECURE; - /* * All the cold boot actions on the primary cpu are done. We now need to * decide which is the next image (BL32 or BL33) and how to execute it. diff --git a/bl32/tsp/tsp.mk b/bl32/tsp/tsp.mk index b9084d54..02cc13d3 100644 --- a/bl32/tsp/tsp.mk +++ b/bl32/tsp/tsp.mk @@ -39,6 +39,14 @@ BL32_SOURCES += bl32/tsp/tsp_main.c \ BL32_LINKERFILE := bl32/tsp/tsp.ld.S +# This flag determines if the TSPD initializes BL3-2 in tspd_init() (synchronous +# method) or configures BL3-1 to pass control to BL3-2 instead of BL3-3 +# (asynchronous method). +TSP_INIT_ASYNC := 0 + +$(eval $(call assert_boolean,TSP_INIT_ASYNC)) +$(eval $(call add_define,TSP_INIT_ASYNC)) + # Include the platform-specific TSP Makefile # If no platform-specific TSP Makefile exists, it means TSP is not supported # on this platform. diff --git a/docs/firmware-design.md b/docs/firmware-design.md index 9bdfefb5..3203a524 100644 --- a/docs/firmware-design.md +++ b/docs/firmware-design.md @@ -811,10 +811,10 @@ and is registered using the `bl31_register_bl32_init()` function. Trusted Firmware supports two approaches for the SPD to pass control to BL3-2 before returning through EL3 and running the non-trusted firmware (BL3-3): -1. In the BL3-2 initialization function, set up a secure context (see below - for more details of CPU context support) for this CPU and use - `bl31_set_next_image_type()` to request that the exit from `bl31_main()` is - to the BL3-2 entrypoint in Secure-EL1. +1. In the BL3-2 setup function, use `bl31_set_next_image_type()` to + request that the exit from `bl31_main()` is to the BL3-2 entrypoint in + Secure-EL1. BL3-1 will exit to BL3-2 using the asynchronous method by + calling bl31_prepare_next_image_entry() and el3_exit(). When the BL3-2 has completed initialization at Secure-EL1, it returns to BL3-1 by issuing an SMC, using a Function ID allocated to the SPD. On @@ -824,7 +824,8 @@ before returning through EL3 and running the non-trusted firmware (BL3-3): the normal world firmware BL3-3. On return from the handler the framework will exit to EL2 and run BL3-3. -2. In the BL3-2 initialization function, use an SPD-defined mechanism to +2. The BL3-2 setup function registers a initialization function using + `bl31_register_bl32_init()` which provides a SPD-defined mechanism to invoke a 'world-switch synchronous call' to Secure-EL1 to run the BL3-2 entrypoint. NOTE: The Test SPD service included with the Trusted Firmware provides one diff --git a/docs/user-guide.md b/docs/user-guide.md index 41e76064..ef5de714 100644 --- a/docs/user-guide.md +++ b/docs/user-guide.md @@ -186,6 +186,13 @@ performed. value of `DEBUG` - i.e. by default this is only enabled for a debug build of the firmware. +* `TSP_INIT_ASYNC`: Choose BL3-2 initialization method as asynchronous or + synchronous, e.g. "(see "Initializing a BL3-2 Image" section in [Firmware + Design])". It can take the value 0 (BL3-2 is initialized using + synchronous method) or 1 (BL3-2 is initialized using asynchronous method). + Default is 0. + + ### Creating a Firmware Image Package FIPs are automatically created as part of the build instructions described in diff --git a/services/spd/tspd/tspd_main.c b/services/spd/tspd/tspd_main.c index b2c36152..22f302a2 100644 --- a/services/spd/tspd/tspd_main.c +++ b/services/spd/tspd/tspd_main.c @@ -181,12 +181,15 @@ int32_t tspd_setup(void) tsp_ep_info->pc, &tspd_sp_context[linear_id]); +#if TSP_INIT_ASYNC + bl31_set_next_image_type(SECURE); +#else /* * All TSPD initialization done. Now register our init function with * BL31 for deferred invocation */ bl31_register_bl32_init(&tspd_init); - +#endif return 0; } @@ -202,10 +205,10 @@ int32_t tspd_setup(void) int32_t tspd_init(void) { uint64_t mpidr = read_mpidr(); - uint32_t linear_id = platform_get_core_pos(mpidr), flags; - uint64_t rc; + uint32_t linear_id = platform_get_core_pos(mpidr); tsp_context_t *tsp_ctx = &tspd_sp_context[linear_id]; entry_point_info_t *tsp_entry_point; + uint64_t rc; /* * Get information about the Secure Payload (BL32) image. Its @@ -217,32 +220,11 @@ int32_t tspd_init(void) cm_init_context(mpidr, tsp_entry_point); /* - * Arrange for an entry into the test secure payload. We expect an array - * of vectors in return + * Arrange for an entry into the test secure payload. It will be + * returned via TSP_ENTRY_DONE case */ rc = tspd_synchronous_sp_entry(tsp_ctx); assert(rc != 0); - if (rc) { - set_tsp_pstate(tsp_ctx->state, TSP_PSTATE_ON); - - /* - * TSP has been successfully initialized. Register power - * managemnt hooks with PSCI - */ - psci_register_spd_pm_hook(&tspd_pm); - } - - /* - * Register an interrupt handler for S-EL1 interrupts when generated - * during code executing in the non-secure state. - */ - flags = 0; - set_interrupt_rm_flag(flags, NON_SECURE); - rc = register_interrupt_type_handler(INTR_TYPE_S_EL1, - tspd_sel1_interrupt_handler, - flags); - if (rc) - panic(); return rc; } @@ -269,6 +251,10 @@ uint64_t tspd_smc_handler(uint32_t smc_fid, unsigned long mpidr = read_mpidr(); uint32_t linear_id = platform_get_core_pos(mpidr), ns; tsp_context_t *tsp_ctx = &tspd_sp_context[linear_id]; + uint64_t rc; +#if TSP_INIT_ASYNC + entry_point_info_t *next_image_info; +#endif /* Determine which security state this SMC originated from */ ns = is_caller_non_secure(flags); @@ -382,6 +368,45 @@ uint64_t tspd_smc_handler(uint32_t smc_fid, assert(tsp_vectors == NULL); tsp_vectors = (tsp_vectors_t *) x1; + if (tsp_vectors) { + set_tsp_pstate(tsp_ctx->state, TSP_PSTATE_ON); + + /* + * TSP has been successfully initialized. Register power + * managemnt hooks with PSCI + */ + psci_register_spd_pm_hook(&tspd_pm); + + /* + * Register an interrupt handler for S-EL1 interrupts + * when generated during code executing in the + * non-secure state. + */ + flags = 0; + set_interrupt_rm_flag(flags, NON_SECURE); + rc = register_interrupt_type_handler(INTR_TYPE_S_EL1, + tspd_sel1_interrupt_handler, + flags); + if (rc) + panic(); + } + + +#if TSP_INIT_ASYNC + /* Save the Secure EL1 system register context */ + assert(cm_get_context(SECURE) == &tsp_ctx->cpu_ctx); + cm_el1_sysregs_context_save(SECURE); + + /* Program EL3 registers to enable entry into the next EL */ + next_image_info = bl31_plat_get_next_image_ep_info(NON_SECURE); + assert(next_image_info); + assert(NON_SECURE == + GET_SECURITY_STATE(next_image_info->h.attr)); + + cm_init_context(read_mpidr_el1(), next_image_info); + cm_prepare_el3_exit(NON_SECURE); + SMC_RET0(cm_get_context(NON_SECURE)); +#else /* * SP reports completion. The SPD must have initiated * the original request through a synchronous entry @@ -389,6 +414,7 @@ uint64_t tspd_smc_handler(uint32_t smc_fid, * context. */ tspd_synchronous_sp_exit(tsp_ctx, x1); +#endif /* * These function IDs is used only by the SP to indicate it has -- 2.30.2