Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-18 10:34:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge "fix(plat): remove fvp_r" into integration

Browse source
This commit is contained in:
Olivier Deprez 2025-04-08 16:22:13 +02:00 committed by TrustedFirmware Code Review
commit 4181ebb96a
27 changed files with 16 additions and 2625 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
changelog.yaml
View file

@ -170,12 +170,6 @@ subsections:
- plat/fvp
- fvp/tsp_manifest
- title: FVP-R
scope: fvp-r
deprecated:
- fvp_r
- title: FVP Versatile Express
scope: fvp_ve

46
docs/plat/arm/fvp_r/index.rst
View file

@ -1,46 +0,0 @@
ARM V8-R64 Fixed Virtual Platform (FVP)
=======================================
Some of the features of Armv8-R AArch64 FVP platform referenced in Trusted
Boot R-class include:
- Secure World Support Only
- EL2 as Maximum EL support (No EL3)
- MPU Support only at EL2
- MPU or MMU Support at EL0/EL1
- AArch64 Support Only
- Trusted Board Boot
Further information on v8-R64 FVP is available at `info <https://developer.arm.com/documentation/ddi0600/latest/>`_
Boot Sequence
-------------
BL1 > BL33
The execution begins from BL1 which loads the BL33 image, a boot-wrapped (bootloader + Operating System)
Operating System, from FIP to DRAM.
Build Procedure
~~~~~~~~~~~~~~~
- Obtain arm `toolchain <https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-a/downloads>`_.
Set the CROSS_COMPILE environment variable to point to the toolchain folder.
- Build TF-A:
.. code:: shell
make PLAT=fvp_r BL33=<path_to_os.bin> all fip
Enable TBBR by adding the following options to the make command:
.. code:: shell
MBEDTLS_DIR=<path_to_mbedtls_directory> \
TRUSTED_BOARD_BOOT=1 \
GENERATE_COT=1 \
ARM_ROTPK_LOCATION=devel_rsa \
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem
*Copyright (c) 2021, Arm Limited. All rights reserved.*

3
docs/plat/arm/index.rst
View file

@ -7,7 +7,6 @@ Arm Development Platforms
juno/index
fvp/index
fvp_r/index
fvp-ve/index
tc/index
arm_fpga/index
@ -22,4 +21,4 @@ such as Juno.
--------------
*Copyright (c) 2019-2024, Arm Limited. All rights reserved.*
*Copyright (c) 2019-2025, Arm Limited. All rights reserved.*

3
docs/threat_model/firmware_threat_model/index.rst
View file

@ -29,13 +29,12 @@ data flow diagram, as well as a list of threats we have identified using the
threat_model
threat_model_el3_spm
threat_model_fvp_r
threat_model_rse_interface
threat_model_arm_cca
threat_model_fw_update_and_recovery
--------------
*Copyright (c) 2021-2024, Arm Limited and Contributors. All rights reserved.*
*Copyright (c) 2021-2025, Arm Limited and Contributors. All rights reserved.*
.. _STRIDE threat modeling technique: https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats#stride-model

99
docs/threat_model/firmware_threat_model/threat_model_fvp_r.rst
View file

@ -1,99 +0,0 @@
fvp_r-Platform Threat Model
***************************
************************
Introduction
************************
This document provides a threat model for TF-A fvp_r platform.
************************
Target of Evaluation
************************
In this threat model, the target of evaluation is the fvp_r platform of Trusted
Firmware for A-class Processors (TF-A). The fvp_r platform provides limited
support of AArch64 R-class Processors (v8-R64).
This is a delta document, only pointing out differences from the general TF-A
threat-model document, :ref:`Generic Threat Model`
BL1 Only
========
The most fundamental difference between the threat model for the current fvp_r
implementation compared to the general TF-A threat model, is that fvp_r is
currently limited to BL1 only. Any threats from the general TF-A threat model
unrelated to BL1 are therefore not relevant to the fvp_r implementation.
The fvp_r BL1 implementation directly loads a customer/partner-defined runtime
system. The threat model for that runtime system, being partner-defined, is
out-of-scope for this threat-model.
Relatedly, all exceptions, synchronous and asynchronous, are disabled during BL1
execution. So, any references to exceptions are not relevant.
EL3 is Unsupported and All Secure
=================================
v8-R64 cores do not support EL3, and (essentially) all operation is defined as
Secure-mode. Therefore:
- Any threats regarding NS operation are not relevant.
- Any mentions of SMCs are also not relevant.
- Anything otherwise-relevant code running in EL3 is instead run in EL2.
MPU instead of MMU
==================
v8-R64 cores, running in EL2, use an MPU for memory management, rather than an
MMU. The MPU in the fvp_r implementation is configured to function effectively
identically with the MMU for the usual BL1 implementation. There are
memory-map differences, but the MPU configuration is functionally equivalent.
No AArch32 Support
==================
Another substantial difference between v8-A and v8-R64 cores is that v8-R64 does
not support AArch32. However, this is not believed to have any threat-modeling
ramifications.
Threat Assessment
=================
For this section, please reference the Threat Assessment under the general TF-A
threat-model document, :ref:`Generic Threat Model`
The following threats from that document are still relevant to the fvp_r
implementation:
- ID 01: An attacker can mangle firmware images to execute arbitrary code.
- ID 03: An attacker can use Time-of-Check-Time-of-Use (TOCTOU) attack to
bypass image authentication during the boot process.
- ID 04: An attacker with physical access can execute arbitrary image by
bypassing the signature verification stage using clock- or power-glitching
techniques.
- ID 05: Information leak via UART logs such as crashes
- ID 06: An attacker can read sensitive data and execute arbitrary code
through the external debug and trace interface.
- ID 08: Memory corruption due to memory overflows and lack of boundary
checking when accessing resources could allow an attacker to execute
arbitrary code, modify some state variable to change the normal flow of
the program, or leak sensitive.
- ID 11: Misconfiguration of the Memory Protection Unit (MPU) may allow
normal world software to access sensitive data or execute arbitrary code.
Arguably, MPUs having fewer memory regions, there may be a temptation to
share memory regions, making this a greater threat. However, since the
fvp_r implementation is limited to BL1, since BL1's regions are fixed,
and since the MPU configuration is equivalent with that for the fvp
platform and others, this is not expected to be a concern.
- ID 15: Improper handling of input data received over a UART interface may
allow an attacker to tamper with TF-A execution environment.
--------------
*Copyright (c) 2021-2024, Arm Limited. All rights reserved.*

418
include/arch/aarch64/el2_common_macros.S
View file

@ -1,418 +0,0 @@
/*
* Copyright (c) 2021-2025, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef EL2_COMMON_MACROS_S
#define EL2_COMMON_MACROS_S
#include <arch.h>
#include <asm_macros.S>
#include <context.h>
#include <lib/xlat_tables/xlat_tables_defs.h>
#include <platform_def.h>
/*
* Helper macro to initialise system registers at EL2.
*/
.macro el2_arch_init_common
/* ---------------------------------------------------------------------
* SCTLR_EL2 has already been initialised - read current value before
* modifying.
*
* SCTLR_EL2.I: Enable the instruction cache.
*
* SCTLR_EL2.SA: Enable Stack Alignment check. A SP alignment fault
* exception is generated if a load or store instruction executed at
* EL2 uses the SP as the base address and the SP is not aligned to a
* 16-byte boundary.
*
* SCTLR_EL2.A: Enable Alignment fault checking. All instructions that
* load or store one or more registers have an alignment check that the
* address being accessed is aligned to the size of the data element(s)
* being accessed.
* ---------------------------------------------------------------------
*/
mov x1, #(SCTLR_I_BIT | SCTLR_A_BIT | SCTLR_SA_BIT)
mrs x0, sctlr_el2
orr x0, x0, x1
msr sctlr_el2, x0
isb
/* ---------------------------------------------------------------------
* Initialise HCR_EL2, setting all fields rather than relying on HW.
* All fields are architecturally UNKNOWN on reset. The following fields
* do not change during the TF lifetime. The remaining fields are set to
* zero here but are updated ahead of transitioning to a lower EL in the
* function cm_init_context_common().
*
* HCR_EL2.TWE: Set to zero so that execution of WFE instructions at
* EL2, EL1 and EL0 are not trapped to EL2.
*
* HCR_EL2.TWI: Set to zero so that execution of WFI instructions at
* EL2, EL1 and EL0 are not trapped to EL2.
*
* HCR_EL2.HCD: Set to zero to enable HVC calls at EL1 and above,
* from both Security states and both Execution states.
*
* HCR_EL2.TEA: Set to one to route External Aborts and SError
* Interrupts to EL2 when executing at any EL.
*
* HCR_EL2.{API,APK}: For Armv8.3 pointer authentication feature,
* disable traps to EL2 when accessing key registers or using
* pointer authentication instructions from lower ELs.
* ---------------------------------------------------------------------
*/
mov_imm x0, ((HCR_RESET_VAL | HCR_TEA_BIT) \
& ~(HCR_TWE_BIT | HCR_TWI_BIT | HCR_HCD_BIT))
#if CTX_INCLUDE_PAUTH_REGS
/*
* If the pointer authentication registers are saved during world
* switches, enable pointer authentication everywhere, as it is safe to
* do so.
*/
orr x0, x0, #(HCR_API_BIT | HCR_APK_BIT)
#endif /* CTX_INCLUDE_PAUTH_REGS */
msr hcr_el2, x0
/* ---------------------------------------------------------------------
* Initialise MDCR_EL2, setting all fields rather than relying on
* hw. Some fields are architecturally UNKNOWN on reset.
*
* MDCR_EL2.TDOSA: Set to zero so that EL2 and EL2 System register
* access to the powerdown debug registers do not trap to EL2.
*
* MDCR_EL2.TDA: Set to zero to allow EL0, EL1 and EL2 access to the
* debug registers, other than those registers that are controlled by
* MDCR_EL2.TDOSA.
*
* MDCR_EL2.TPM: Set to zero so that EL0, EL1, and EL2 System
* register accesses to all Performance Monitors registers do not trap
* to EL2.
*
* MDCR_EL2.HPMD: Set to zero so that event counting by the program-
* mable counters PMEVCNTR<n>_EL0 is prohibited in Secure state. If
* ARMv8.2 Debug is not implemented this bit does not have any effect
* on the counters unless there is support for the implementation
* defined authentication interface
* ExternalSecureNoninvasiveDebugEnabled().
* ---------------------------------------------------------------------
*/
mov_imm x0, ((MDCR_EL2_RESET_VAL | \
MDCR_SPD32(MDCR_SPD32_DISABLE)) \
& ~(MDCR_EL2_HPMD_BIT | MDCR_TDOSA_BIT | \
MDCR_TDA_BIT | MDCR_TPM_BIT))
msr mdcr_el2, x0
/* ---------------------------------------------------------------------
* Initialise PMCR_EL0 setting all fields rather than relying
* on hw. Some fields are architecturally UNKNOWN on reset.
*
* PMCR_EL0.DP: Set to one so that the cycle counter,
* PMCCNTR_EL0 does not count when event counting is prohibited.
*
* PMCR_EL0.X: Set to zero to disable export of events.
*
* PMCR_EL0.D: Set to zero so that, when enabled, PMCCNTR_EL0
* counts on every clock cycle.
* ---------------------------------------------------------------------
*/
mov_imm x0, ((PMCR_EL0_RESET_VAL | PMCR_EL0_DP_BIT) & \
~(PMCR_EL0_X_BIT | PMCR_EL0_D_BIT))
msr pmcr_el0, x0
/* ---------------------------------------------------------------------
* Enable External Aborts and SError Interrupts now that the exception
* vectors have been setup.
* ---------------------------------------------------------------------
*/
msr daifclr, #DAIF_ABT_BIT
/* ---------------------------------------------------------------------
* Initialise CPTR_EL2, setting all fields rather than relying on hw.
* All fields are architecturally UNKNOWN on reset.
*
* CPTR_EL2.TCPAC: Set to zero so that any accesses to CPACR_EL1 do
* not trap to EL2.
*
* CPTR_EL2.TTA: Set to zero so that System register accesses to the
* trace registers do not trap to EL2.
*
* CPTR_EL2.TFP: Set to zero so that accesses to the V- or Z- registers
* by Advanced SIMD, floating-point or SVE instructions (if implemented)
* do not trap to EL2.
*/
mov_imm x0, (CPTR_EL2_RESET_VAL & ~(TCPAC_BIT | TTA_BIT | TFP_BIT))
msr cptr_el2, x0
/*
* If Data Independent Timing (DIT) functionality is implemented,
* always enable DIT in EL2
*/
mrs x0, id_aa64pfr0_el1
ubfx x0, x0, #ID_AA64PFR0_DIT_SHIFT, #ID_AA64PFR0_DIT_LENGTH
cmp x0, #DIT_IMPLEMENTED
bne 1f
mov x0, #DIT_BIT
msr DIT, x0
1:
.endm
/* -----------------------------------------------------------------------------
* This is the super set of actions that need to be performed during a cold boot
* or a warm boot in EL2. This code is shared by BL1 and BL31.
*
* This macro will always perform reset handling, architectural initialisations
* and stack setup. The rest of the actions are optional because they might not
* be needed, depending on the context in which this macro is called. This is
* why this macro is parameterised ; each parameter allows to enable/disable
* some actions.
*
* _init_sctlr:
* Whether the macro needs to initialise SCTLR_EL2, including configuring
* the endianness of data accesses.
*
* _warm_boot_mailbox:
* Whether the macro needs to detect the type of boot (cold/warm). The
* detection is based on the platform entrypoint address : if it is zero
* then it is a cold boot, otherwise it is a warm boot. In the latter case,
* this macro jumps on the platform entrypoint address.
*
* _secondary_cold_boot:
* Whether the macro needs to identify the CPU that is calling it: primary
* CPU or secondary CPU. The primary CPU will be allowed to carry on with
* the platform initialisations, while the secondaries will be put in a
* platform-specific state in the meantime.
*
* If the caller knows this macro will only be called by the primary CPU
* then this parameter can be defined to 0 to skip this step.
*
* _init_memory:
* Whether the macro needs to initialise the memory.
*
* _init_c_runtime:
* Whether the macro needs to initialise the C runtime environment.
*
* _exception_vectors:
* Address of the exception vectors to program in the VBAR_EL2 register.
*
* _pie_fixup_size:
* Size of memory region to fixup Global Descriptor Table (GDT).
*
* A non-zero value is expected when firmware needs GDT to be fixed-up.
*
* -----------------------------------------------------------------------------
*/
.macro el2_entrypoint_common \
_init_sctlr, _warm_boot_mailbox, _secondary_cold_boot, \
_init_memory, _init_c_runtime, _exception_vectors, \
_pie_fixup_size
.if \_init_sctlr
/* -------------------------------------------------------------
* This is the initialisation of SCTLR_EL2 and so must ensure
* that all fields are explicitly set rather than relying on hw.
* Some fields reset to an IMPLEMENTATION DEFINED value and
* others are architecturally UNKNOWN on reset.
*
* SCTLR.EE: Set the CPU endianness before doing anything that
* might involve memory reads or writes. Set to zero to select
* Little Endian.
*
* SCTLR_EL2.WXN: For the EL2 translation regime, this field can
* force all memory regions that are writeable to be treated as
* XN (Execute-never). Set to zero so that this control has no
* effect on memory access permissions.
*
* SCTLR_EL2.SA: Set to zero to disable Stack Alignment check.
*
* SCTLR_EL2.A: Set to zero to disable Alignment fault checking.
*
* SCTLR.DSSBS: Set to zero to disable speculation store bypass
* safe behaviour upon exception entry to EL2.
* -------------------------------------------------------------
*/
mov_imm x0, (SCTLR_RESET_VAL & ~(SCTLR_EE_BIT | SCTLR_WXN_BIT \
| SCTLR_SA_BIT | SCTLR_A_BIT | SCTLR_DSSBS_BIT))
msr sctlr_el2, x0
isb
.endif /* _init_sctlr */
.if \_warm_boot_mailbox
/* -------------------------------------------------------------
* This code will be executed for both warm and cold resets.
* Now is the time to distinguish between the two.
* Query the platform entrypoint address and if it is not zero
* then it means it is a warm boot so jump to this address.
* -------------------------------------------------------------
*/
bl plat_get_my_entrypoint
cbz x0, do_cold_boot
br x0
do_cold_boot:
.endif /* _warm_boot_mailbox */
.if \_pie_fixup_size
#if ENABLE_PIE
/*
* ------------------------------------------------------------
* If PIE is enabled fixup the Global descriptor Table only
* once during primary core cold boot path.
*
* Compile time base address, required for fixup, is calculated
* using "pie_fixup" label present within first page.
* ------------------------------------------------------------
*/
pie_fixup:
ldr x0, =pie_fixup
and x0, x0, #~(PAGE_SIZE_MASK)
mov_imm x1, \_pie_fixup_size
add x1, x1, x0
bl fixup_gdt_reloc
#endif /* ENABLE_PIE */
.endif /* _pie_fixup_size */
/* ---------------------------------------------------------------------
* Set the exception vectors.
* ---------------------------------------------------------------------
*/
adr x0, \_exception_vectors
msr vbar_el2, x0
isb
/* ---------------------------------------------------------------------
* It is a cold boot.
* Perform any processor specific actions upon reset e.g. cache, TLB
* invalidations etc.
* ---------------------------------------------------------------------
*/
call_reset_handler
el2_arch_init_common
.if \_secondary_cold_boot
/* -------------------------------------------------------------
* Check if this is a primary or secondary CPU cold boot.
* The primary CPU will set up the platform while the
* secondaries are placed in a platform-specific state until the
* primary CPU performs the necessary actions to bring them out
* of that state and allows entry into the OS.
* -------------------------------------------------------------
*/
bl plat_is_my_cpu_primary
cbnz w0, do_primary_cold_boot
/* This is a cold boot on a secondary CPU */
bl plat_secondary_cold_boot_setup
/* plat_secondary_cold_boot_setup() is not supposed to return */
bl el2_panic
do_primary_cold_boot:
.endif /* _secondary_cold_boot */
/* ---------------------------------------------------------------------
* Initialize memory now. Secondary CPU initialization won't get to this
* point.
* ---------------------------------------------------------------------
*/
.if \_init_memory
bl platform_mem_init
.endif /* _init_memory */
/* ---------------------------------------------------------------------
* Init C runtime environment:
* - Zero-initialise the NOBITS sections. There are 2 of them:
* - the .bss section;
* - the coherent memory section (if any).
* - Relocate the data section from ROM to RAM, if required.
* ---------------------------------------------------------------------
*/
.if \_init_c_runtime
adrp x0, __BSS_START__
add x0, x0, :lo12:__BSS_START__
adrp x1, __BSS_END__
add x1, x1, :lo12:__BSS_END__
sub x1, x1, x0
bl zeromem
#if defined(IMAGE_BL1) || (defined(IMAGE_BL2) && \
RESET_TO_BL2 && BL2_IN_XIP_MEM)
adrp x0, __DATA_RAM_START__
add x0, x0, :lo12:__DATA_RAM_START__
adrp x1, __DATA_ROM_START__
add x1, x1, :lo12:__DATA_ROM_START__
adrp x2, __DATA_RAM_END__
add x2, x2, :lo12:__DATA_RAM_END__
sub x2, x2, x0
bl memcpy16
#endif
.endif /* _init_c_runtime */
/* ---------------------------------------------------------------------
* Use SP_EL0 for the C runtime stack.
* ---------------------------------------------------------------------
*/
msr spsel, #0
/* ---------------------------------------------------------------------
* Allocate a stack whose memory will be marked as Normal-IS-WBWA when
* the MMU is enabled. There is no risk of reading stale stack memory
* after enabling the MMU as only the primary CPU is running at the
* moment.
* ---------------------------------------------------------------------
*/
bl plat_set_my_stack
#if STACK_PROTECTOR_ENABLED
.if \_init_c_runtime
bl update_stack_protector_canary
.endif /* _init_c_runtime */
#endif
.endm
.macro apply_at_speculative_wa
#if ERRATA_SPECULATIVE_AT
/*
* This function expects x30 has been saved.
* Also, save x29 which will be used in the called function.
*/
str x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29]
bl save_and_update_ptw_el1_sys_regs
ldr x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29]
#endif
.endm
.macro restore_ptw_el1_sys_regs
#if ERRATA_SPECULATIVE_AT
/* -----------------------------------------------------------
* In case of ERRATA_SPECULATIVE_AT, must follow below order
* to ensure that page table walk is not enabled until
* restoration of all EL1 system registers. TCR_EL1 register
* should be updated at the end which restores previous page
* table walk setting of stage1 i.e.(TCR_EL1.EPDx) bits. ISB
* ensures that CPU does below steps in order.
*
* 1. Ensure all other system registers are written before
* updating SCTLR_EL1 using ISB.
* 2. Restore SCTLR_EL1 register.
* 3. Ensure SCTLR_EL1 written successfully using ISB.
* 4. Restore TCR_EL1 register.
* -----------------------------------------------------------
*/
isb
ldp x28, x29, [sp, #CTX_ERRATA_SPEC_AT_OFFSET + CTX_ERRATA_SPEC_AT_SCTLR_EL1]
msr sctlr_el1, x28
isb
msr tcr_el1, x29
#endif
.endm
#endif /* EL2_COMMON_MACROS_S */

13
include/plat/arm/board/fvp_r/fvp_r_bl1.h
View file

@ -1,13 +0,0 @@
/*
* Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef FVP_R_BL1_H
#define FVP_R_BL1_H
void bl1_load_bl33(void);
void bl1_transfer_bl33(void);
#endif /* FVP_R_BL1_H */

15
lib/xlat_mpu/xlat_mpu_private.h
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
* Copyright (c) 2021-2025, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@ -59,6 +59,19 @@ uint32_t region_attr(uint64_t prbar_attr, uint64_t prlar_attr);
#define MT_EXECUTE_MASK UL(0x3)
#define MT_TYPE_SHIFT UL(0)
#define MPUIR_EL2 S3_4_C0_C0_4
#define PRBAR_EL2 S3_4_C6_C8_0
#define PRLAR_EL2 S3_4_C6_C8_1
#define PRSELR_EL2 S3_4_C6_C2_1
#define PRENR_EL2 S3_4_C6_C1_1
/* v8-R64 MPU registers */
DEFINE_RENAME_SYSREG_RW_FUNCS(mpuir_el2, MPUIR_EL2)
DEFINE_RENAME_SYSREG_RW_FUNCS(prenr_el2, PRENR_EL2)
DEFINE_RENAME_SYSREG_RW_FUNCS(prselr_el2, PRSELR_EL2)
DEFINE_RENAME_SYSREG_RW_FUNCS(prbar_el2, PRBAR_EL2)
DEFINE_RENAME_SYSREG_RW_FUNCS(prlar_el2, PRLAR_EL2)
extern uint64_t mmu_cfg_params[MMU_CFG_PARAM_MAX];
/*

19
plat/arm/board/fvp_r/fvp_r_bl1_arch_setup.c
View file

@ -1,19 +0,0 @@
/*
* Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include "../../../../bl1/bl1_private.h"
#include <arch.h>
#include <fvp_r_arch_helpers.h>
/*******************************************************************************
* Function that does the first bit of architectural setup that affects
* execution in the non-secure address space.
******************************************************************************/
void bl1_arch_setup(void)
{
/* v8-R64 does not include SCRs. */
}

93
plat/arm/board/fvp_r/fvp_r_bl1_entrypoint.S
View file

@ -1,93 +0,0 @@
/*
* Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <arch.h>
#include <asm_macros.S>
#include <common/bl_common.h>
#include <el2_common_macros.S>
#include <lib/xlat_mpu/xlat_mpu.h>
.globl bl1_entrypoint
.globl bl1_run_next_image
/* -----------------------------------------------------
* bl1_entrypoint() is the entry point into the trusted
* firmware code when a cpu is released from warm or
* cold reset.
* -----------------------------------------------------
*/
func bl1_entrypoint
/* ---------------------------------------------------------------------
* If the reset address is programmable then bl1_entrypoint() is
* executed only on the cold boot path. Therefore, we can skip the warm
* boot mailbox mechanism.
* ---------------------------------------------------------------------
*/
el2_entrypoint_common \
_init_sctlr=1 \
_warm_boot_mailbox=!PROGRAMMABLE_RESET_ADDRESS \
_secondary_cold_boot=!COLD_BOOT_SINGLE_CPU \
_init_memory=1 \
_init_c_runtime=1 \
_exception_vectors=bl1_exceptions \
_pie_fixup_size=0
/* --------------------------------------------------------------------
* Perform BL1 setup
* --------------------------------------------------------------------
*/
bl bl1_setup
/* --------------------------------------------------------------------
* Initialize platform and jump to our c-entry point
* for this type of reset.
* --------------------------------------------------------------------
*/
bl bl1_main
/* ---------------------------------------------
* Should never reach this point.
* ---------------------------------------------
*/
no_ret plat_panic_handler
endfunc bl1_entrypoint
func bl1_run_next_image
mov x20,x0
/* ---------------------------------------------
* MPU needs to be disabled because both BL1 and BL33 execute
* in EL2, and therefore share the same address space.
* BL33 will initialize the address space according to its
* own requirement.
* ---------------------------------------------
*/
bl disable_mpu_icache_el2
/* ---------------------------------------------
* Wipe clean and disable all MPU regions. This function expects
* that the MPU has already been turned off, and caching concerns
* addressed, but it also explicitly turns off the MPU.
* ---------------------------------------------
*/
bl clear_all_mpu_regions
/* --------------------------------------------------
* Do the transition to next boot image.
* --------------------------------------------------
*/
ldp x0, x1, [x20, #ENTRY_POINT_INFO_PC_OFFSET]
msr elr_el2, x0
msr spsr_el2, x1
ldp x6, x7, [x20, #(ENTRY_POINT_INFO_ARGS_OFFSET + 0x30)]
ldp x4, x5, [x20, #(ENTRY_POINT_INFO_ARGS_OFFSET + 0x20)]
ldp x2, x3, [x20, #(ENTRY_POINT_INFO_ARGS_OFFSET + 0x10)]
ldp x0, x1, [x20, #(ENTRY_POINT_INFO_ARGS_OFFSET + 0x0)]
exception_return
endfunc bl1_run_next_image

120
plat/arm/board/fvp_r/fvp_r_bl1_exceptions.S
View file

@ -1,120 +0,0 @@
/*
* Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <arch.h>
#include <asm_macros.S>
#include <bl1/bl1.h>
#include <common/bl_common.h>
#include <context.h>
/* -----------------------------------------------------------------------------
* File contains an EL2 equivalent of the EL3 vector table from:
* .../bl1/aarch64/bl1_exceptions.S
* -----------------------------------------------------------------------------
*/
/* -----------------------------------------------------------------------------
* Very simple stackless exception handlers used by BL1.
* -----------------------------------------------------------------------------
*/
.globl bl1_exceptions
vector_base bl1_exceptions
/* -----------------------------------------------------
* Current EL with SP0 : 0x0 - 0x200
* -----------------------------------------------------
*/
vector_entry SynchronousExceptionSP0
mov x0, #SYNC_EXCEPTION_SP_EL0
bl plat_report_exception
no_ret plat_panic_handler
end_vector_entry SynchronousExceptionSP0
vector_entry IrqSP0
mov x0, #IRQ_SP_EL0
bl plat_report_exception
no_ret plat_panic_handler
end_vector_entry IrqSP0
vector_entry FiqSP0
mov x0, #FIQ_SP_EL0
bl plat_report_exception
no_ret plat_panic_handler
end_vector_entry FiqSP0
vector_entry SErrorSP0
mov x0, #SERROR_SP_EL0
bl plat_report_exception
no_ret plat_panic_handler
end_vector_entry SErrorSP0
/* -----------------------------------------------------
* Current EL with SPx: 0x200 - 0x400
* -----------------------------------------------------
*/
vector_entry SynchronousExceptionSPx
mov x0, #SYNC_EXCEPTION_SP_ELX
bl plat_report_exception
no_ret plat_panic_handler
end_vector_entry SynchronousExceptionSPx
vector_entry IrqSPx
mov x0, #IRQ_SP_ELX
bl plat_report_exception
no_ret plat_panic_handler
end_vector_entry IrqSPx
vector_entry FiqSPx
mov x0, #FIQ_SP_ELX
bl plat_report_exception
no_ret plat_panic_handler
end_vector_entry FiqSPx
vector_entry SErrorSPx
mov x0, #SERROR_SP_ELX
bl plat_report_exception
no_ret plat_panic_handler
end_vector_entry SErrorSPx
/* -----------------------------------------------------
* Lower EL using AArch64 : 0x400 - 0x600
* -----------------------------------------------------
*/
vector_entry SynchronousExceptionA64
/* The current v8-R64 implementation does not support conduit calls */
b el2_panic
end_vector_entry SynchronousExceptionA64
vector_entry IrqA64
mov x0, #IRQ_AARCH64
bl plat_report_exception
no_ret plat_panic_handler
end_vector_entry IrqA64
vector_entry FiqA64
mov x0, #FIQ_AARCH64
bl plat_report_exception
no_ret plat_panic_handler
end_vector_entry FiqA64
vector_entry SErrorA64
mov x0, #SERROR_AARCH64
bl plat_report_exception
no_ret plat_panic_handler
end_vector_entry SErrorA64
unexpected_sync_exception:
mov x0, #SYNC_EXCEPTION_AARCH64
bl plat_report_exception
no_ret plat_panic_handler
/* -----------------------------------------------------
* Save Secure/Normal world context and jump to
* BL1 SMC handler.
* -----------------------------------------------------
*/

247
plat/arm/board/fvp_r/fvp_r_bl1_main.c
View file

@ -1,247 +0,0 @@
/*
* Copyright (c) 2021-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
#include "../../../../bl1/bl1_private.h"
#include <arch.h>
#include <arch_features.h>
#include <arch_helpers.h>
#include <bl1/bl1.h>
#include <common/bl_common.h>
#include <common/build_message.h>
#include <common/debug.h>
#include <drivers/auth/auth_mod.h>
#include <drivers/console.h>
#include <lib/cpus/errata.h>
#include <lib/utils.h>
#include <smccc_helpers.h>
#include <tools_share/uuid.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
#include <platform_def.h>
void cm_prepare_el2_exit(void);
void bl1_run_next_image(const struct entry_point_info *bl_ep_info);
/*******************************************************************************
* Function to perform late architectural and platform specific initialization.
* It also queries the platform to load and run next BL image. Only called
* by the primary cpu after a cold boot.
******************************************************************************/
void bl1_transfer_bl33(void)
{
unsigned int image_id;
/* Get the image id of next image to load and run. */
image_id = bl1_plat_get_next_image_id();
#if !ARM_DISABLE_TRUSTED_WDOG
/* Disable watchdog before leaving BL1 */
plat_arm_secure_wdt_stop();
#endif
bl1_run_next_image(&bl1_plat_get_image_desc(image_id)->ep_info);
}
/*******************************************************************************
* This function locates and loads the BL33 raw binary image in the trusted SRAM.
* Called by the primary cpu after a cold boot.
* TODO: Add support for alternative image load mechanism e.g using virtio/elf
* loader etc.
******************************************************************************/
void bl1_load_bl33(void)
{
image_desc_t *desc;
image_info_t *info;
int err;
/* Get the image descriptor */
desc = bl1_plat_get_image_desc(BL33_IMAGE_ID);
assert(desc != NULL);
/* Get the image info */
info = &desc->image_info;
INFO("BL1: Loading BL33\n");
err = bl1_plat_handle_pre_image_load(BL33_IMAGE_ID);
if (err != 0) {
ERROR("Failure in pre image load handling of BL33 (%d)\n", err);
plat_error_handler(err);
}
err = load_auth_image(BL33_IMAGE_ID, info);
if (err != 0) {
ERROR("Failed to load BL33 firmware.\n");
plat_error_handler(err);
}
/* Allow platform to handle image information. */
err = bl1_plat_handle_post_image_load(BL33_IMAGE_ID);
if (err != 0) {
ERROR("Failure in post image load handling of BL33 (%d)\n", err);
plat_error_handler(err);
}
NOTICE("BL1: Booting BL33\n");
}
/*******************************************************************************
* This function prepares for entry to BL33
******************************************************************************/
void bl1_prepare_next_image(unsigned int image_id)
{
unsigned int mode = MODE_EL1;
image_desc_t *desc;
entry_point_info_t *next_bl_ep;
#if CTX_INCLUDE_AARCH32_REGS
/*
* Ensure that the build flag to save AArch32 system registers in CPU
* context is not set for AArch64-only platforms.
*/
if (el_implemented(1) == EL_IMPL_A64ONLY) {
ERROR("EL1 supports AArch64-only. Please set build flag %s",
"CTX_INCLUDE_AARCH32_REGS = 0\n");
panic();
}
#endif
/* Get the image descriptor. */
desc = bl1_plat_get_image_desc(image_id);
assert(desc != NULL);
/* Get the entry point info. */
next_bl_ep = &desc->ep_info;
/* FVP-R is only secure */
assert(GET_SECURITY_STATE(next_bl_ep->h.attr) == SECURE);
/* Prepare the SPSR for the next BL image. */
next_bl_ep->spsr = (uint32_t)SPSR_64((uint64_t) mode,
(uint64_t)MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS);
/* Allow platform to make change */
bl1_plat_set_ep_info(image_id, next_bl_ep);
/* Prepare context for the next EL */
cm_prepare_el2_exit();
/* Indicate that image is in execution state. */
desc->state = IMAGE_STATE_EXECUTED;
print_entry_point_info(next_bl_ep);
}
/*******************************************************************************
* Setup function for BL1.
******************************************************************************/
void bl1_setup(void)
{
/* Perform early platform-specific setup */
bl1_early_platform_setup();
/* Perform late platform-specific setup */
bl1_plat_arch_setup();
}
/*******************************************************************************
* Function to perform late architectural and platform specific initialization.
* It also queries the platform to load and run next BL image. Only called
* by the primary cpu after a cold boot.
******************************************************************************/
void bl1_main(void)
{
unsigned int image_id;
/* Announce our arrival */
NOTICE(FIRMWARE_WELCOME_STR);
NOTICE("BL1: %s\n", build_version_string);
NOTICE("BL1: %s\n", build_message);
INFO("BL1: RAM %p - %p\n", (void *)BL1_RAM_BASE, (void *)BL1_RAM_LIMIT);
print_errata_status();
#if ENABLE_ASSERTIONS
u_register_t val;
/*
* Ensure that MMU/Caches and coherency are turned on
*/
val = read_sctlr_el2();
assert((val & SCTLR_M_BIT) != 0U);
assert((val & SCTLR_C_BIT) != 0U);
assert((val & SCTLR_I_BIT) != 0U);
/*
* Check that Cache Writeback Granule (CWG) in CTR_EL0 matches the
* provided platform value
*/
val = (read_ctr_el0() >> CTR_CWG_SHIFT) & CTR_CWG_MASK;
/*
* If CWG is zero, then no CWG information is available but we can
* at least check the platform value is less than the architectural
* maximum.
*/
if (val != 0) {
assert(SIZE_FROM_LOG2_WORDS(val) == CACHE_WRITEBACK_GRANULE);
} else {
assert(MAX_CACHE_LINE_SIZE >= CACHE_WRITEBACK_GRANULE);
}
#endif /* ENABLE_ASSERTIONS */
/* Perform remaining generic architectural setup from ELmax */
bl1_arch_setup();
#if TRUSTED_BOARD_BOOT
/* Initialize authentication module */
auth_mod_init();
#endif /* TRUSTED_BOARD_BOOT */
/* Perform platform setup in BL1. */
bl1_platform_setup();
/* Get the image id of next image to load and run. */
image_id = bl1_plat_get_next_image_id();
/*
* We currently interpret any image id other than
* BL2_IMAGE_ID as the start of firmware update.
*/
if (image_id == BL33_IMAGE_ID) {
bl1_load_bl33();
} else {
NOTICE("BL1-FWU: *******FWU Process Started*******\n");
}
bl1_prepare_next_image(image_id);
console_flush();
bl1_transfer_bl33();
}
/*******************************************************************************
* Function called just before handing over to the next BL to inform the user
* about the boot progress. In debug mode, also print details about the BL
* image's execution context.
******************************************************************************/
void bl1_print_next_bl_ep_info(const entry_point_info_t *bl_ep_info)
{
NOTICE("BL1: Booting BL31\n");
print_entry_point_info(bl_ep_info);
}
#if SPIN_ON_BL1_EXIT
void print_debug_loop_message(void)
{
NOTICE("BL1: Debug loop, spinning forever\n");
NOTICE("BL1: Please connect the debugger to continue\n");
}
#endif

245
plat/arm/board/fvp_r/fvp_r_bl1_setup.c
View file

@ -1,245 +0,0 @@
/*
* Copyright (c) 2021-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
/* Use the xlat_tables_v2 data structures: */
#define XLAT_TABLES_LIB_V2 1
#include <assert.h>
#include <bl1/bl1.h>
#include <common/tbbr/tbbr_img_def.h>
#include <drivers/arm/sp805.h>
#include <lib/fconf/fconf.h>
#include <lib/fconf/fconf_dyn_cfg_getter.h>
#include <lib/xlat_mpu/xlat_mpu.h>
#include "fvp_r_private.h"
#include <plat/arm/common/arm_config.h>
#include <plat/arm/common/arm_def.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
#include <platform_def.h>
#define MAP_BL1_TOTAL MAP_REGION_FLAT( \
bl1_tzram_layout.total_base, \
bl1_tzram_layout.total_size, \
MT_MEMORY | MT_RW | MT_SECURE)
/*
* If SEPARATE_CODE_AND_RODATA=1 we define a region for each section
* otherwise one region is defined containing both
*/
#if SEPARATE_CODE_AND_RODATA
#define MAP_BL1_RO MAP_REGION_FLAT( \
BL_CODE_BASE, \
BL1_CODE_END - BL_CODE_BASE, \
MT_CODE | MT_SECURE), \
MAP_REGION_FLAT( \
BL1_RO_DATA_BASE, \
BL1_RO_DATA_END \
- BL_RO_DATA_BASE, \
MT_RO_DATA | MT_SECURE)
#else
#define MAP_BL1_RO MAP_REGION_FLAT( \
BL_CODE_BASE, \
BL1_CODE_END - BL_CODE_BASE, \
MT_CODE | MT_SECURE)
#endif
/* Data structure which holds the extents of the trusted SRAM for BL1*/
static meminfo_t bl1_tzram_layout;
struct meminfo *bl1_plat_sec_mem_layout(void)
{
return &bl1_tzram_layout;
}
void arm_bl1_early_platform_setup(void)
{
#if !ARM_DISABLE_TRUSTED_WDOG
/* Enable watchdog */
plat_arm_secure_wdt_start();
#endif
/* Initialize the console to provide early debug support */
arm_console_boot_init();
/* Allow BL1 to see the whole Trusted RAM */
bl1_tzram_layout.total_base = ARM_BL_RAM_BASE;
bl1_tzram_layout.total_size = ARM_BL_RAM_SIZE;
}
/* Boolean variable to hold condition whether firmware update needed or not */
static bool is_fwu_needed;
/*******************************************************************************
* Perform any BL1 specific platform actions.
******************************************************************************/
void bl1_early_platform_setup(void)
{
arm_bl1_early_platform_setup();
/* Initialize the platform config for future decision making */
fvp_config_setup();
/*
* Initialize Interconnect for this cluster during cold boot.
* No need for locks as no other CPU is active.
*/
fvp_interconnect_init();
/*
* Enable coherency in Interconnect for the primary CPU's cluster.
*/
fvp_interconnect_enable();
}
void arm_bl1_plat_arch_setup(void)
{
const mmap_region_t bl_regions[] = {
MAP_BL1_TOTAL,
MAP_BL1_RO,
#if USE_ROMLIB
ARM_MAP_ROMLIB_CODE,
ARM_MAP_ROMLIB_DATA,
#endif
/* DRAM1_region: */
MAP_REGION_FLAT(
PLAT_ARM_DRAM1_BASE,
PLAT_ARM_DRAM1_SIZE,
MT_MEMORY | MT_SECURE | MT_EXECUTE
| MT_RW | MT_NON_CACHEABLE),
/* NULL terminator: */
{0}
};
setup_page_tables(bl_regions, plat_arm_get_mmap());
enable_mpu_el2(0);
arm_setup_romlib();
}
void plat_arm_secure_wdt_start(void)
{
sp805_start(ARM_SP805_TWDG_BASE, ARM_TWDG_LOAD_VAL);
}
void plat_arm_secure_wdt_stop(void)
{
sp805_stop(ARM_SP805_TWDG_BASE);
}
/*
* Perform the platform specific architecture setup shared between
* ARM standard platforms.
*/
void arm_bl1_platform_setup(void)
{
uint32_t fw_config_max_size;
/* Initialise the IO layer and register platform IO devices */
plat_arm_io_setup();
/* Check if we need FWU before further processing */
is_fwu_needed = plat_arm_bl1_fwu_needed();
if (is_fwu_needed) {
ERROR("Skip platform setup as FWU detected\n");
return;
}
/* Set global DTB info for fixed fw_config information */
fw_config_max_size = ARM_FW_CONFIG_LIMIT - ARM_FW_CONFIG_BASE;
set_config_info(ARM_FW_CONFIG_BASE, ~0UL, fw_config_max_size,
FW_CONFIG_ID);
assert(bl1_plat_get_image_desc(BL33_IMAGE_ID) != NULL);
/*
* Allow access to the System counter timer module and program
* counter frequency for non secure images during FWU
*/
#ifdef ARM_SYS_TIMCTL_BASE
arm_configure_sys_timer();
#endif
#if (ARM_ARCH_MAJOR > 7) || defined(ARMV7_SUPPORTS_GENERIC_TIMER)
write_cntfrq_el0(plat_get_syscnt_freq2());
#endif
}
void bl1_platform_setup(void)
{
arm_bl1_platform_setup();
/* Initialize System level generic or SP804 timer */
fvp_timer_init();
}
__dead2 void bl1_plat_fwu_done(void *client_cookie, void *reserved)
{
/* Setup the watchdog to reset the system as soon as possible */
sp805_refresh(ARM_SP805_TWDG_BASE, 1U);
while (true) {
wfi();
}
}
unsigned int bl1_plat_get_next_image_id(void)
{
return is_fwu_needed ? NS_BL1U_IMAGE_ID : BL33_IMAGE_ID;
}
/*
* Returns BL33 image details.
*/
struct image_desc *bl1_plat_get_image_desc(unsigned int image_id)
{
static image_desc_t bl33_img_desc = BL33_IMAGE_DESC;
return &bl33_img_desc;
}
/*
* This function populates the default arguments to BL33.
* The BL33 memory layout structure is allocated and the
* calculated layout is populated in arg1 to BL33.
*/
int bl1_plat_handle_post_image_load(unsigned int image_id)
{
meminfo_t *bl33_secram_layout;
meminfo_t *bl1_secram_layout;
image_desc_t *image_desc;
entry_point_info_t *ep_info;
if (image_id != BL33_IMAGE_ID) {
return 0;
}
/* Get the image descriptor */
image_desc = bl1_plat_get_image_desc(BL33_IMAGE_ID);
assert(image_desc != NULL);
/* Get the entry point info */
ep_info = &image_desc->ep_info;
/* Find out how much free trusted ram remains after BL1 load */
bl1_secram_layout = bl1_plat_sec_mem_layout();
/*
* Create a new layout of memory for BL33 as seen by BL1 i.e.
* tell it the amount of total and free memory available.
* This layout is created at the first free address visible
* to BL33. BL33 will read the memory layout before using its
* memory for other purposes.
*/
bl33_secram_layout = (meminfo_t *) bl1_secram_layout->total_base;
bl1_plat_calc_bl2_layout(bl1_secram_layout, bl33_secram_layout);
ep_info->args.arg1 = (uintptr_t)bl33_secram_layout;
VERBOSE("BL1: BL3 memory layout address = %p\n",
(void *) bl33_secram_layout);
return 0;
}

289
plat/arm/board/fvp_r/fvp_r_common.c
View file

@ -1,289 +0,0 @@
/*
* Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
/* This uses xlat_mpu, but tables are set up using V2 mmap_region_t */
#define XLAT_TABLES_LIB_V2 1
#include <assert.h>
#include <common/debug.h>
#include <drivers/arm/cci.h>
#include <drivers/arm/gicv2.h>
#include <drivers/arm/sp804_delay_timer.h>
#include <drivers/generic_delay_timer.h>
#include <lib/mmio.h>
#include <lib/smccc.h>
#include <lib/xlat_tables/xlat_tables_compat.h>
#include <services/arm_arch_svc.h>
#include "fvp_r_private.h"
#include <plat/arm/common/arm_config.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
#include <platform_def.h>
/* Defines for GIC Driver build time selection */
#define FVP_R_GICV3 2
/*******************************************************************************
* arm_config holds the characteristics of the differences between the FVP_R
* platforms. It will be populated during cold boot at each boot stage by the
* primary before enabling the MPU (to allow interconnect configuration) &
* used thereafter. Each BL will have its own copy to allow independent
* operation.
******************************************************************************/
arm_config_t arm_config;
#define MAP_DEVICE0 MAP_REGION_FLAT(DEVICE0_BASE, \
DEVICE0_SIZE, \
MT_DEVICE | MT_RW | MT_SECURE)
#define MAP_DEVICE1 MAP_REGION_FLAT(DEVICE1_BASE, \
DEVICE1_SIZE, \
MT_DEVICE | MT_RW | MT_SECURE)
/*
* Need to be mapped with write permissions in order to set a new non-volatile
* counter value.
*/
#define MAP_DEVICE2 MAP_REGION_FLAT(DEVICE2_BASE, \
DEVICE2_SIZE, \
MT_DEVICE | MT_RW | MT_SECURE)
/*
* Table of memory regions for various BL stages to map using the MPU.
* This doesn't include Trusted SRAM as setup_page_tables() already takes care
* of mapping it.
*
* The flash needs to be mapped as writable in order to erase the FIP's Table of
* Contents in case of unrecoverable error (see plat_error_handler()).
*/
#ifdef IMAGE_BL1
const mmap_region_t plat_arm_mmap[] = {
ARM_MAP_SHARED_RAM,
V2M_MAP_FLASH0_RW,
V2M_MAP_IOFPGA,
MAP_DEVICE0,
MAP_DEVICE1,
#if TRUSTED_BOARD_BOOT
/* To access the Root of Trust Public Key registers. */
MAP_DEVICE2,
#endif
{0}
};
#endif
ARM_CASSERT_MMAP
static const int fvp_cci400_map[] = {
PLAT_FVP_R_CCI400_CLUS0_SL_PORT,
PLAT_FVP_R_CCI400_CLUS1_SL_PORT,
};
static const int fvp_cci5xx_map[] = {
PLAT_FVP_R_CCI5XX_CLUS0_SL_PORT,
PLAT_FVP_R_CCI5XX_CLUS1_SL_PORT,
};
static unsigned int get_interconnect_master(void)
{
unsigned int master;
u_register_t mpidr;
mpidr = read_mpidr_el1();
master = ((arm_config.flags & ARM_CONFIG_FVP_SHIFTED_AFF) != 0U) ?
MPIDR_AFFLVL2_VAL(mpidr) : MPIDR_AFFLVL1_VAL(mpidr);
assert(master < FVP_R_CLUSTER_COUNT);
return master;
}
/*******************************************************************************
* Initialize the platform config for future decision making
******************************************************************************/
void __init fvp_config_setup(void)
{
unsigned int rev, hbi, bld, arch, sys_id;
arm_config.flags |= ARM_CONFIG_BASE_MMAP;
sys_id = mmio_read_32(V2M_FVP_R_SYSREGS_BASE + V2M_SYS_ID);
rev = (sys_id >> V2M_SYS_ID_REV_SHIFT) & V2M_SYS_ID_REV_MASK;
hbi = (sys_id >> V2M_SYS_ID_HBI_SHIFT) & V2M_SYS_ID_HBI_MASK;
bld = (sys_id >> V2M_SYS_ID_BLD_SHIFT) & V2M_SYS_ID_BLD_MASK;
arch = (sys_id >> V2M_SYS_ID_ARCH_SHIFT) & V2M_SYS_ID_ARCH_MASK;
if (arch != ARCH_MODEL) {
ERROR("This firmware is for FVP_R models\n");
panic();
}
/*
* The build field in the SYS_ID tells which variant of the GIC
* memory is implemented by the model.
*/
switch (bld) {
case BLD_GIC_VE_MMAP:
ERROR("Legacy Versatile Express memory map for GIC %s",
"peripheral is not supported\n");
panic();
break;
case BLD_GIC_A53A57_MMAP:
break;
default:
ERROR("Unsupported board build %x\n", bld);
panic();
}
/*
* The hbi field in the SYS_ID is 0x020 for the Base FVP_R & 0x010
* for the Foundation FVP_R.
*/
switch (hbi) {
case HBI_FOUNDATION_FVP_R:
arm_config.flags = 0;
/*
* Check for supported revisions of Foundation FVP_R
* Allow future revisions to run but emit warning diagnostic
*/
switch (rev) {
case REV_FOUNDATION_FVP_R_V2_0:
case REV_FOUNDATION_FVP_R_V2_1:
case REV_FOUNDATION_FVP_R_v9_1:
case REV_FOUNDATION_FVP_R_v9_6:
break;
default:
WARN("Unrecognized Foundation FVP_R revision %x\n", rev);
break;
}
break;
case HBI_BASE_FVP_R:
arm_config.flags |= (ARM_CONFIG_BASE_MMAP | ARM_CONFIG_HAS_TZC);
/*
* Check for supported revisions
* Allow future revisions to run but emit warning diagnostic
*/
switch (rev) {
case REV_BASE_FVP_R_V0:
arm_config.flags |= ARM_CONFIG_FVP_HAS_CCI400;
break;
default:
WARN("Unrecognized Base FVP_R revision %x\n", rev);
break;
}
break;
default:
ERROR("Unsupported board HBI number 0x%x\n", hbi);
panic();
}
/*
* We assume that the presence of MT bit, and therefore shifted
* affinities, is uniform across the platform: either all CPUs, or no
* CPUs implement it.
*/
if ((read_mpidr_el1() & MPIDR_MT_MASK) != 0U) {
arm_config.flags |= ARM_CONFIG_FVP_SHIFTED_AFF;
}
}
void __init fvp_interconnect_init(void)
{
uintptr_t cci_base = 0U;
const int *cci_map = NULL;
unsigned int map_size = 0U;
/* Initialize the right interconnect */
if ((arm_config.flags & ARM_CONFIG_FVP_HAS_CCI5XX) != 0U) {
cci_base = PLAT_FVP_R_CCI5XX_BASE;
cci_map = fvp_cci5xx_map;
map_size = ARRAY_SIZE(fvp_cci5xx_map);
} else if ((arm_config.flags & ARM_CONFIG_FVP_HAS_CCI400) != 0U) {
cci_base = PLAT_FVP_R_CCI400_BASE;
cci_map = fvp_cci400_map;
map_size = ARRAY_SIZE(fvp_cci400_map);
} else {
return;
}
assert(cci_base != 0U);
assert(cci_map != NULL);
cci_init(cci_base, cci_map, map_size);
}
void fvp_interconnect_enable(void)
{
unsigned int master;
if ((arm_config.flags & (ARM_CONFIG_FVP_HAS_CCI400 |
ARM_CONFIG_FVP_HAS_CCI5XX)) != 0U) {
master = get_interconnect_master();
cci_enable_snoop_dvm_reqs(master);
}
}
void fvp_interconnect_disable(void)
{
unsigned int master;
if ((arm_config.flags & (ARM_CONFIG_FVP_HAS_CCI400 |
ARM_CONFIG_FVP_HAS_CCI5XX)) != 0U) {
master = get_interconnect_master();
cci_disable_snoop_dvm_reqs(master);
}
}
#if TRUSTED_BOARD_BOOT
int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size)
{
assert(heap_addr != NULL);
assert(heap_size != NULL);
return arm_get_mbedtls_heap(heap_addr, heap_size);
}
#endif
void fvp_timer_init(void)
{
#if USE_SP804_TIMER
/* Enable the clock override for SP804 timer 0, which means that no
* clock dividers are applied and the raw (35MHz) clock will be used.
*/
mmio_write_32(V2M_SP810_BASE, FVP_R_SP810_CTRL_TIM0_OV);
/* Initialize delay timer driver using SP804 dual timer 0 */
sp804_timer_init(V2M_SP804_TIMER0_BASE,
SP804_TIMER_CLKMULT, SP804_TIMER_CLKDIV);
#else
generic_delay_timer_init();
/* Enable System level generic timer */
mmio_write_32(ARM_SYS_CNTCTL_BASE + CNTCR_OFF,
CNTCR_FCREQ(0U) | CNTCR_EN);
#endif /* USE_SP804_TIMER */
}
/* Get SOC version */
int32_t plat_get_soc_version(void)
{
return (int32_t)
((ARM_SOC_IDENTIFICATION_CODE << ARM_SOC_IDENTIFICATION_SHIFT)
| (ARM_SOC_CONTINUATION_CODE << ARM_SOC_CONTINUATION_SHIFT)
| FVP_R_SOC_ID);
}
/* Get SOC revision */
int32_t plat_get_soc_revision(void)
{
unsigned int sys_id;
sys_id = mmio_read_32(V2M_SYSREGS_BASE + V2M_SYS_ID);
return (int32_t)((sys_id >> V2M_SYS_ID_REV_SHIFT) &
V2M_SYS_ID_REV_MASK);
}

53
plat/arm/board/fvp_r/fvp_r_context_mgmt.c
View file

@ -1,53 +0,0 @@
/*
* Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <arch_helpers.h>
/************************************************************
* For R-class everything is in secure world.
* Prepare the CPU system registers for first entry into EL1
************************************************************/
void cm_prepare_el2_exit(void)
{
uint64_t hcr_el2 = 0U;
/*
* The use of ARMv8.3 pointer authentication (PAuth) is governed
* by fields in HCR_EL2, which trigger a 'trap to EL2' if not
* enabled. This register initialized at boot up, update PAuth
* bits.
*
* HCR_API_BIT: Set to one to disable traps to EL2 if lower ELs
* access PAuth registers
*
* HCR_APK_BIT: Set to one to disable traps to EL2 if lower ELs
* access PAuth instructions
*/
hcr_el2 = read_hcr_el2();
write_hcr_el2(hcr_el2 | HCR_API_BIT | HCR_APK_BIT);
/*
* Initialise CNTHCTL_EL2. All fields are architecturally UNKNOWN
* on reset and are set to zero except for field(s) listed below.
*
* CNTHCTL_EL2.EL1PCEN: Set to one to disable traps to EL2
* if lower ELs accesses to the physical timer registers.
*
* CNTHCTL_EL2.EL1PCTEN: Set to one to disable traps to EL2
* if lower ELs access to the physical counter registers.
*/
write_cnthctl_el2(CNTHCTL_RESET_VAL | EL1PCEN_BIT | EL1PCTEN_BIT);
/*
* On Armv8-R, the EL1&0 memory system architecture is configurable
* as a VMSA or PMSA. All the fields architecturally UNKNOWN on reset
* and are set to zero except for field listed below.
*
* VCTR_EL2.MSA: Set to one to ensure the VMSA is enabled so that
* rich OS can boot.
*/
write_vtcr_el2(VTCR_RESET_VAL | VTCR_EL2_MSA);
}

47
plat/arm/board/fvp_r/fvp_r_debug.S
View file

@ -1,47 +0,0 @@
/*
* Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <arch.h>
#include <asm_macros.S>
#include <common/debug.h>
.globl el2_panic
/***********************************************************
* The common implementation of el3_panic for all BL stages
***********************************************************/
.section .rodata.panic_str, "aS"
panic_msg: .asciz "PANIC at PC : 0x"
/*
* el2_panic will be redefined by the
* crash reporting mechanism (if enabled)
*/
el2_panic:
mov x6, x30
bl plat_crash_console_init
/* Check if the console is initialized */
cbz x0, _panic_handler
/* The console is initialized */
adr x4, panic_msg
bl asm_print_str
mov x4, x6
/* The panic location is lr -4 */
sub x4, x4, #4
bl asm_print_hex
bl plat_crash_console_flush
_panic_handler:
/* Pass to plat_panic_handler the address from where el2_panic was
* called, not the address of the call from el2_panic.
*/
mov x30, x6
b plat_panic_handler

103
plat/arm/board/fvp_r/fvp_r_def.h
View file

@ -1,103 +0,0 @@
/*
* Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef FVP_R_DEF_H
#define FVP_R_DEF_H
#include <lib/utils_def.h>
/******************************************************************************
* FVP-R topology constants
*****************************************************************************/
#define FVP_R_CLUSTER_COUNT 2
#define FVP_R_MAX_CPUS_PER_CLUSTER 4
#define FVP_R_MAX_PE_PER_CPU 1
#define FVP_R_PRIMARY_CPU 0x0
/******************************************************************************
* Definition of platform soc id
*****************************************************************************/
#define FVP_R_SOC_ID 0
/*******************************************************************************
* FVP_R memory map related constants
******************************************************************************/
#define FLASH1_BASE UL(0x8c000000)
#define FLASH1_SIZE UL(0x04000000)
#define PSRAM_BASE UL(0x94000000)
#define PSRAM_SIZE UL(0x04000000)
#define VRAM_BASE UL(0x98000000)
#define VRAM_SIZE UL(0x02000000)
/* Aggregate of all devices in the first GB */
#define DEVICE0_BASE UL(0xa0000000)
#define DEVICE0_SIZE UL(0x0c200000)
/*
* In case of FVP_R models with CCN, the CCN register space overlaps into
* the NSRAM area.
*/
#define DEVICE1_BASE UL(0xae000000)
#define DEVICE1_SIZE UL(0x1A00000)
#define NSRAM_BASE UL(0xae000000)
#define NSRAM_SIZE UL(0x10000)
/* Devices in the second GB */
#define DEVICE2_BASE UL(0xffe00000)
#define DEVICE2_SIZE UL(0x00200000)
#define PCIE_EXP_BASE UL(0xc0000000)
#define TZRNG_BASE UL(0x7fe60000)
/* Non-volatile counters */
#define TRUSTED_NVCTR_BASE UL(0xffe70000)
#define TFW_NVCTR_BASE (TRUSTED_NVCTR_BASE + UL(0x0000))
#define TFW_NVCTR_SIZE UL(4)
#define NTFW_CTR_BASE (TRUSTED_NVCTR_BASE + UL(0x0004))
#define NTFW_CTR_SIZE UL(4)
/* Keys */
#define SOC_KEYS_BASE UL(0xffe80000)
#define TZ_PUB_KEY_HASH_BASE (SOC_KEYS_BASE + UL(0x0000))
#define TZ_PUB_KEY_HASH_SIZE UL(32)
#define HU_KEY_BASE (SOC_KEYS_BASE + UL(0x0020))
#define HU_KEY_SIZE UL(16)
#define END_KEY_BASE (SOC_KEYS_BASE + UL(0x0044))
#define END_KEY_SIZE UL(32)
/* Constants to distinguish FVP_R type */
#define HBI_BASE_FVP_R U(0x020)
#define REV_BASE_FVP_R_V0 U(0x0)
#define REV_BASE_FVP_R_REVC U(0x2)
#define HBI_FOUNDATION_FVP_R U(0x010)
#define REV_FOUNDATION_FVP_R_V2_0 U(0x0)
#define REV_FOUNDATION_FVP_R_V2_1 U(0x1)
#define REV_FOUNDATION_FVP_R_v9_1 U(0x2)
#define REV_FOUNDATION_FVP_R_v9_6 U(0x3)
#define BLD_GIC_VE_MMAP U(0x0)
#define BLD_GIC_A53A57_MMAP U(0x1)
#define ARCH_MODEL U(0x1)
/* FVP_R Power controller base address*/
#define PWRC_BASE UL(0x1c100000)
/* FVP_R SP804 timer frequency is 35 MHz*/
#define SP804_TIMER_CLKMULT 1
#define SP804_TIMER_CLKDIV 35
/* SP810 controller. FVP_R specific flags */
#define FVP_R_SP810_CTRL_TIM0_OV BIT_32(16)
#define FVP_R_SP810_CTRL_TIM1_OV BIT_32(18)
#define FVP_R_SP810_CTRL_TIM2_OV BIT_32(20)
#define FVP_R_SP810_CTRL_TIM3_OV BIT_32(22)
#endif /* FVP_R_DEF_H */

48
plat/arm/board/fvp_r/fvp_r_err.c
View file

@ -1,48 +0,0 @@
/*
* Copyright (c) 2021, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <errno.h>
#include <common/debug.h>
#include <drivers/arm/sp805.h>
#include <drivers/cfi/v2m_flash.h>
#include <plat/arm/common/plat_arm.h>
#include <platform_def.h>
/*
* FVP_R error handler
*/
__dead2 void plat_arm_error_handler(int err)
{
int ret;
switch (err) {
case -ENOENT:
case -EAUTH:
/* Image load or authentication error. Erase the ToC */
INFO("Erasing FIP ToC from flash...\n");
(void)nor_unlock(PLAT_ARM_FLASH_IMAGE_BASE);
ret = nor_word_program(PLAT_ARM_FLASH_IMAGE_BASE, 0);
if (ret != 0) {
ERROR("Cannot erase ToC\n");
} else {
INFO("Done\n");
}
break;
default:
/* Unexpected error */
break;
}
(void)console_flush();
/* Setup the watchdog to reset the system as soon as possible */
sp805_refresh(ARM_SP805_TWDG_BASE, 1U);
while (true) {
wfi();
}
}

128
plat/arm/board/fvp_r/fvp_r_helpers.S
View file

@ -1,128 +0,0 @@
/*
* Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <arch.h>
#include <asm_macros.S>
#include <drivers/arm/fvp/fvp_pwrc.h>
#include <drivers/arm/gicv2.h>
#include <drivers/arm/gicv3.h>
#include <platform_def.h>
.globl plat_secondary_cold_boot_setup
.globl plat_get_my_entrypoint
.globl plat_is_my_cpu_primary
/* -----------------------------------------------------
* void plat_secondary_cold_boot_setup (void);
*
* This function performs any platform specific actions
* needed for a secondary cpu after a cold reset e.g
* mark the cpu's presence, mechanism to place it in a
* holding pen etc.
* TODO: Should we read the PSYS register to make sure
* that the request has gone through.
* -----------------------------------------------------
*/
func plat_secondary_cold_boot_setup
/* ---------------------------------------------
* Power down this cpu.
* TODO: Do we need to worry about powering the
* cluster down as well here? That will need
* locks which we won't have unless an elf-
* loader zeroes out the zi section.
* ---------------------------------------------
*/
mrs x0, mpidr_el1
mov_imm x1, PWRC_BASE
str w0, [x1, #PPOFFR_OFF]
/* ---------------------------------------------
* There is no sane reason to come out of this
* wfi so panic if we do. This cpu will be pow-
* ered on and reset by the cpu_on pm api
* ---------------------------------------------
*/
dsb sy
wfi
no_ret plat_panic_handler
endfunc plat_secondary_cold_boot_setup
/* ---------------------------------------------------------------------
* uintptr_t plat_get_my_entrypoint (void);
*
* Main job of this routine is to distinguish between a cold and warm
* boot. On FVP_R, this information can be queried from the power
* controller. The Power Control SYS Status Register (PSYSR) indicates
* the wake-up reason for the CPU.
*
* For a cold boot, return 0.
* For a warm boot, read the mailbox and return the address it contains.
*
* TODO: PSYSR is a common register and should be
* accessed using locks. Since it is not possible
* to use locks immediately after a cold reset
* we are relying on the fact that after a cold
* reset all cpus will read the same WK field
* ---------------------------------------------------------------------
*/
func plat_get_my_entrypoint
/* ---------------------------------------------------------------------
* When bit PSYSR.WK indicates either "Wake by PPONR" or "Wake by GIC
* WakeRequest signal" then it is a warm boot.
* ---------------------------------------------------------------------
*/
mrs x2, mpidr_el1
mov_imm x1, PWRC_BASE
str w2, [x1, #PSYSR_OFF]
ldr w2, [x1, #PSYSR_OFF]
ubfx w2, w2, #PSYSR_WK_SHIFT, #PSYSR_WK_WIDTH
cmp w2, #WKUP_PPONR
beq warm_reset
cmp w2, #WKUP_GICREQ
beq warm_reset
/* Cold reset */
mov x0, #0
ret
warm_reset:
/* ---------------------------------------------------------------------
* A mailbox is maintained in the trusted SRAM. It is flushed out of the
* caches after every update using normal memory so it is safe to read
* it here with SO attributes.
* ---------------------------------------------------------------------
*/
mov_imm x0, PLAT_ARM_TRUSTED_MAILBOX_BASE
ldr x0, [x0]
cbz x0, _panic_handler
ret
/* ---------------------------------------------------------------------
* The power controller indicates this is a warm reset but the mailbox
* is empty. This should never happen!
* ---------------------------------------------------------------------
*/
_panic_handler:
no_ret plat_panic_handler
endfunc plat_get_my_entrypoint
/* -----------------------------------------------------
* unsigned int plat_is_my_cpu_primary (void);
*
* Find out whether the current cpu is the primary
* cpu.
* -----------------------------------------------------
*/
func plat_is_my_cpu_primary
mrs x0, mpidr_el1
mov_imm x1, MPIDR_AFFINITY_MASK
and x0, x0, x1
cmp x0, #FVP_R_PRIMARY_CPU
cset w0, eq
ret
endfunc plat_is_my_cpu_primary

105
plat/arm/board/fvp_r/fvp_r_io_storage.c
View file

@ -1,105 +0,0 @@
/*
* Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
#include <common/debug.h>
#include <drivers/io/io_driver.h>
#include <drivers/io/io_semihosting.h>
#include <drivers/io/io_storage.h>
#include <lib/semihosting.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/common_def.h>
/* Semihosting filenames */
#define BL33_IMAGE_NAME "bl33.bin"
#if TRUSTED_BOARD_BOOT
#define TRUSTED_KEY_CERT_NAME "trusted_key.crt"
#define NT_FW_KEY_CERT_NAME "nt_fw_key.crt"
#define NT_FW_CONTENT_CERT_NAME "nt_fw_content.crt"
#endif /* TRUSTED_BOARD_BOOT */
/* IO devices */
static const io_dev_connector_t *sh_dev_con;
static uintptr_t sh_dev_handle;
static const io_file_spec_t sh_file_spec[] = {
[BL33_IMAGE_ID] = {
.path = BL33_IMAGE_NAME,
.mode = FOPEN_MODE_RB
},
#if TRUSTED_BOARD_BOOT
[TRUSTED_KEY_CERT_ID] = {
.path = TRUSTED_KEY_CERT_NAME,
.mode = FOPEN_MODE_RB
},
[NON_TRUSTED_FW_KEY_CERT_ID] = {
.path = NT_FW_KEY_CERT_NAME,
.mode = FOPEN_MODE_RB
},
[NON_TRUSTED_FW_CONTENT_CERT_ID] = {
.path = NT_FW_CONTENT_CERT_NAME,
.mode = FOPEN_MODE_RB
},
#endif /* TRUSTED_BOARD_BOOT */
};
static int open_semihosting(const uintptr_t spec)
{
int result;
uintptr_t local_image_handle;
/* See if the file exists on semi-hosting.*/
result = io_dev_init(sh_dev_handle, (uintptr_t)NULL);
if (result == 0) {
result = io_open(sh_dev_handle, spec, &local_image_handle);
if (result == 0) {
VERBOSE("Using Semi-hosting IO\n");
io_close(local_image_handle);
}
}
return result;
}
void plat_arm_io_setup(void)
{
int io_result;
io_result = arm_io_setup();
if (io_result < 0) {
panic();
}
/* Register the additional IO devices on this platform */
io_result = register_io_dev_sh(&sh_dev_con);
if (io_result < 0) {
panic();
}
/* Open connections to devices and cache the handles */
io_result = io_dev_open(sh_dev_con, (uintptr_t)NULL, &sh_dev_handle);
if (io_result < 0) {
panic();
}
}
/*
* FVP_R provides semihosting as an alternative to load images
*/
int plat_arm_get_alt_image_source(unsigned int image_id, uintptr_t *dev_handle,
uintptr_t *image_spec)
{
int result = open_semihosting((const uintptr_t)&sh_file_spec[image_id]);
if (result == 0) {
*dev_handle = sh_dev_handle;
*image_spec = (uintptr_t)&sh_file_spec[image_id];
}
return result;
}

32
plat/arm/board/fvp_r/fvp_r_misc_helpers.S
View file

@ -1,32 +0,0 @@
/*
* Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <asm_macros.S>
.globl disable_mpu_el2
.globl disable_mpu_icache_el2
/* ---------------------------------------------------------------------------
* Disable the MPU at EL2.
* ---------------------------------------------------------------------------
*/
func disable_mpu_el2
mov x1, #(SCTLR_M_BIT | SCTLR_C_BIT)
do_disable_mpu_el2:
mrs x0, sctlr_el2
bic x0, x0, x1
msr sctlr_el2, x0
isb /* ensure MMU is off */
dsb sy
ret
endfunc disable_mpu_el2
func disable_mpu_icache_el2
mov x1, #(SCTLR_M_BIT | SCTLR_C_BIT | SCTLR_I_BIT)
b do_disable_mpu_el2
endfunc disable_mpu_icache_el2

23
plat/arm/board/fvp_r/fvp_r_private.h
View file

@ -1,23 +0,0 @@
/*
* Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef FVP_R_PRIVATE_H
#define FVP_R_PRIVATE_H
#include <plat/arm/common/plat_arm.h>
/*******************************************************************************
* Function and variable prototypes
******************************************************************************/
void fvp_config_setup(void);
void fvp_interconnect_init(void);
void fvp_interconnect_enable(void);
void fvp_interconnect_disable(void);
void fvp_timer_init(void);
#endif /* FVP_R_PRIVATE_H */

24
plat/arm/board/fvp_r/fvp_r_stack_protector.c
View file

@ -1,24 +0,0 @@
/*
* Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <stdint.h>
#include <fvp_r_arch_helpers.h>
#include <plat/common/platform.h>
#define RANDOM_CANARY_VALUE ((u_register_t) 8092347823957523895ULL)
u_register_t plat_get_stack_protector_canary(void)
{
/*
* Ideally, a random number should be returned instead of the
* combination of a timer's value and a compile-time constant. As the
* FVP_R does not have any random number generator, this is better than
* nothing but not necessarily really secure.
*/
return RANDOM_CANARY_VALUE ^ read_cntpct_el0();
}

73
plat/arm/board/fvp_r/fvp_r_trusted_boot.c
View file

@ -1,73 +0,0 @@
/*
* Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#include <assert.h>
#include <stdint.h>
#include <string.h>
#include <lib/fconf/fconf.h>
#include <lib/mmio.h>
#include <tools_share/tbbr_oid.h>
#include <plat/arm/common/fconf_nv_cntr_getter.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
#include <platform_def.h>
/*
* Return the ROTPK hash in the following ASN.1 structure in DER format:
*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL
* }
*
* DigestInfo ::= SEQUENCE {
* digestAlgorithm AlgorithmIdentifier,
* digest OCTET STRING
* }
*/
int plat_get_rotpk_info(void *cookie, void **key_ptr, unsigned int *key_len,
unsigned int *flags)
{
return arm_get_rotpk_info(cookie, key_ptr, key_len, flags);
}
/*
* Store a new non-volatile counter value.
*
* On some FVP_R versions, the non-volatile counters are read-only so this
* function will always fail.
*
* Return: 0 = success, Otherwise = error
*/
int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr)
{
const char *oid;
uintptr_t nv_ctr_addr;
assert(cookie != NULL);
oid = (const char *)cookie;
if (strcmp(oid, TRUSTED_FW_NVCOUNTER_OID) == 0) {
nv_ctr_addr = FCONF_GET_PROPERTY(cot, nv_cntr_addr,
TRUSTED_NV_CTR_ID);
} else if (strcmp(oid, NON_TRUSTED_FW_NVCOUNTER_OID) == 0) {
nv_ctr_addr = FCONF_GET_PROPERTY(cot, nv_cntr_addr,
NON_TRUSTED_NV_CTR_ID);
} else {
return 1;
}
mmio_write_32(nv_ctr_addr, nv_ctr);
/*
* If the FVP_R models a locked counter then its value cannot be updated
* and the above write operation has been silently ignored.
*/
return (mmio_read_32(nv_ctr_addr) == nv_ctr) ? 0 : 1;
}

28
plat/arm/board/fvp_r/include/fvp_r_arch_helpers.h
View file

@ -1,28 +0,0 @@
/*
* Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef FVP_R_ARCH_HELPERS_H
#define FVP_R_ARCH_HELPERS_H
#include <arch_helpers.h>
/*******************************************************************************
* MPU register definitions
******************************************************************************/
#define MPUIR_EL2 S3_4_C0_C0_4
#define PRBAR_EL2 S3_4_C6_C8_0
#define PRLAR_EL2 S3_4_C6_C8_1
#define PRSELR_EL2 S3_4_C6_C2_1
#define PRENR_EL2 S3_4_C6_C1_1
/* v8-R64 MPU registers */
DEFINE_RENAME_SYSREG_RW_FUNCS(mpuir_el2, MPUIR_EL2)
DEFINE_RENAME_SYSREG_RW_FUNCS(prenr_el2, PRENR_EL2)
DEFINE_RENAME_SYSREG_RW_FUNCS(prselr_el2, PRSELR_EL2)
DEFINE_RENAME_SYSREG_RW_FUNCS(prbar_el2, PRBAR_EL2)
DEFINE_RENAME_SYSREG_RW_FUNCS(prlar_el2, PRLAR_EL2)
#endif /* FVP_R_ARCH_HELPERS_H */

261
plat/arm/board/fvp_r/include/platform_def.h
View file

@ -1,261 +0,0 @@
/*
* Copyright (c) 2021-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef FVP_R_PLATFORM_DEF_H
#define FVP_R_PLATFORM_DEF_H
#define PLAT_V2M_OFFSET 0x80000000
#define BL33_IMAGE_DESC { \
.image_id = BL33_IMAGE_ID, \
SET_STATIC_PARAM_HEAD(image_info, PARAM_EP, \
VERSION_2, image_info_t, 0), \
.image_info.image_base = PLAT_ARM_DRAM1_BASE + 0x1000, \
.image_info.image_max_size = UL(0x3ffff000), \
SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP, \
VERSION_2, entry_point_info_t, SECURE | EXECUTABLE),\
.ep_info.pc = PLAT_ARM_DRAM1_BASE + 0x1000, \
.ep_info.spsr = SPSR_64(MODE_EL2, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS), \
}
#include "../fvp_r_def.h"
#include <drivers/arm/tzc400.h>
#include <lib/utils_def.h>
#include <plat/arm/board/common/v2m_def.h>
/* These are referenced by arm_def.h #included next, so #define first. */
#define PLAT_ARM_TRUSTED_ROM_BASE UL(0x80000000)
#define PLAT_ARM_TRUSTED_SRAM_BASE UL(0x84000000)
#define PLAT_ARM_TRUSTED_DRAM_BASE UL(0x86000000)
#define PLAT_ARM_DRAM1_BASE ULL(0x0)
#define PLAT_ARM_DRAM2_BASE ULL(0x080000000)
#define PLAT_HW_CONFIG_DTB_BASE ULL(0x12000000)
#define PLAT_ARM_SYS_CNTCTL_BASE UL(0xaa430000)
#define PLAT_ARM_SYS_CNTREAD_BASE UL(0xaa800000)
#define PLAT_ARM_SYS_TIMCTL_BASE UL(0xaa810000)
#define PLAT_ARM_SYS_CNT_BASE_S UL(0xaa820000)
#define PLAT_ARM_SYS_CNT_BASE_NS UL(0xaa830000)
#define PLAT_ARM_SP805_TWDG_BASE UL(0xaa490000)
#include <plat/arm/common/arm_def.h>
#include <plat/common/common_def.h>
/* Required to create plat_regions: */
#define MIN_LVL_BLOCK_DESC U(1)
/* Required platform porting definitions */
#define PLATFORM_CORE_COUNT (U(FVP_R_CLUSTER_COUNT) * \
U(FVP_R_MAX_CPUS_PER_CLUSTER) * \
U(FVP_R_MAX_PE_PER_CPU))
#define PLAT_NUM_PWR_DOMAINS (U(FVP_R_CLUSTER_COUNT) + \
PLATFORM_CORE_COUNT + U(1))
#define PLAT_MAX_PWR_LVL ARM_PWR_LVL2
/*
* Other platform porting definitions are provided by included headers
*/
/*
* Required ARM standard platform porting definitions
*/
#define PLAT_ARM_CLUSTER_COUNT U(FVP_R_CLUSTER_COUNT)
#define PLAT_ARM_DRAM1_SIZE ULL(0x7fffffff)
#define PLAT_ARM_TRUSTED_SRAM_SIZE UL(0x00040000) /* 256 KB */
#define PLAT_ARM_TRUSTED_ROM_SIZE UL(0x04000000) /* 64 MB */
#define PLAT_ARM_TRUSTED_DRAM_SIZE UL(0x02000000) /* 32 MB */
/* These two are defined thus in arm_def.h, but doesn't seem to see it... */
#define PLAT_BL1_RO_LIMIT (BL1_RO_BASE \
+ PLAT_ARM_TRUSTED_ROM_SIZE)
/* virtual address used by dynamic mem_protect for chunk_base */
#define PLAT_ARM_MEM_PROTEC_VA_FRAME UL(0xc0000000)
/* No SCP in FVP_R */
#define PLAT_ARM_SCP_TZC_DRAM1_SIZE UL(0x0)
#define PLAT_ARM_DRAM2_SIZE UL(0x80000000)
#define PLAT_ARM_HW_CONFIG_SIZE ULL(0x8000)
#define ARM_DTB_DRAM_NS MAP_REGION_FLAT( \
PLAT_HW_CONFIG_DTB_BASE, \
PLAT_ARM_HW_CONFIG_SIZE, \
MT_MEMORY | MT_RO | MT_NS)
#define V2M_FVP_R_SYSREGS_BASE UL(0x9c010000)
/*
* Load address of BL33 for this platform port,
* U-Boot specifically must be loaded at a 4K aligned address.
*/
#define PLAT_ARM_NS_IMAGE_BASE (PLAT_ARM_DRAM1_BASE + 0x1000)
/*
* PLAT_ARM_MMAP_ENTRIES depends on the number of entries in the
* plat_arm_mmap array defined for each BL stage.
*/
#if !USE_ROMLIB
# define PLAT_ARM_MMAP_ENTRIES 11
# define MAX_XLAT_TABLES 5
#else
# define PLAT_ARM_MMAP_ENTRIES 12
# define MAX_XLAT_TABLES 6
#endif
# define N_MPU_REGIONS 16 /* number of MPU regions */
# define ALL_MPU_EL2_REGIONS_USED 0xffffffff
/* this is the PRENR_EL2 value if all MPU regions are in use */
/*
* PLAT_ARM_MAX_BL1_RW_SIZE is calculated using the current BL1 RW debug size
* plus a little space for growth.
*/
#define PLAT_ARM_MAX_BL1_RW_SIZE UL(0xB000)
/*
* PLAT_ARM_MAX_ROMLIB_RW_SIZE is define to use a full page
*/
#if USE_ROMLIB
#define PLAT_ARM_MAX_ROMLIB_RW_SIZE UL(0x1000)
#define PLAT_ARM_MAX_ROMLIB_RO_SIZE UL(0xe000)
#define FVP_R_BL2_ROMLIB_OPTIMIZATION UL(0x6000)
#else
#define PLAT_ARM_MAX_ROMLIB_RW_SIZE UL(0)
#define PLAT_ARM_MAX_ROMLIB_RO_SIZE UL(0)
#define FVP_R_BL2_ROMLIB_OPTIMIZATION UL(0)
#endif
/*
* PLAT_ARM_MAX_BL2_SIZE is calculated using the current BL2 debug size plus a
* little space for growth.
*/
#if TRUSTED_BOARD_BOOT
#if COT_DESC_IN_DTB
# define PLAT_ARM_MAX_BL2_SIZE (UL(0x1E000) - FVP_R_BL2_ROMLIB_OPTIMIZATION)
#else
# define PLAT_ARM_MAX_BL2_SIZE (UL(0x1D000) - FVP_R_BL2_ROMLIB_OPTIMIZATION)
#endif
#else
# define PLAT_ARM_MAX_BL2_SIZE (UL(0x13000) - FVP_R_BL2_ROMLIB_OPTIMIZATION)
#endif
/*
* Since BL31 NOBITS overlays BL2 and BL1-RW, PLAT_ARM_MAX_BL31_SIZE is
* calculated using the current BL31 PROGBITS debug size plus the sizes of
* BL2 and BL1-RW
*/
#define PLAT_ARM_MAX_BL31_SIZE UL(0x3D000)
/*
* Size of cacheable stacks
*/
#if defined(IMAGE_BL1)
# if TRUSTED_BOARD_BOOT
# define PLATFORM_STACK_SIZE UL(0x1000)
# else
# define PLATFORM_STACK_SIZE UL(0x500)
# endif
#endif
#define MAX_IO_DEVICES 3
#define MAX_IO_HANDLES 4
/*
* These nominally reserve the last block of flash for PSCI MEM PROTECT flag,
* but no PSCI in FVP_R platform, so reserve nothing:
*/
#define PLAT_ARM_FLASH_IMAGE_BASE (PLAT_ARM_DRAM1_BASE + UL(0x40000000))
#define PLAT_ARM_FLASH_IMAGE_MAX_SIZE (PLAT_ARM_DRAM1_SIZE - UL(0x40000000))
#define PLAT_ARM_NVM_BASE V2M_FLASH0_BASE
#define PLAT_ARM_NVM_SIZE (V2M_FLASH0_SIZE - V2M_FLASH_BLOCK_SIZE)
/*
* PL011 related constants
*/
#define PLAT_ARM_BOOT_UART_BASE V2M_IOFPGA_UART0_BASE
#define PLAT_ARM_BOOT_UART_CLK_IN_HZ V2M_IOFPGA_UART0_CLK_IN_HZ
#define PLAT_ARM_RUN_UART_BASE V2M_IOFPGA_UART1_BASE
#define PLAT_ARM_RUN_UART_CLK_IN_HZ V2M_IOFPGA_UART1_CLK_IN_HZ
#define PLAT_ARM_CRASH_UART_BASE PLAT_ARM_RUN_UART_BASE
#define PLAT_ARM_CRASH_UART_CLK_IN_HZ PLAT_ARM_RUN_UART_CLK_IN_HZ
#define PLAT_ARM_TSP_UART_BASE V2M_IOFPGA_UART2_BASE
#define PLAT_ARM_TSP_UART_CLK_IN_HZ V2M_IOFPGA_UART2_CLK_IN_HZ
/* CCI related constants */
#define PLAT_FVP_R_CCI400_BASE UL(0xac090000)
#define PLAT_FVP_R_CCI400_CLUS0_SL_PORT 3
#define PLAT_FVP_R_CCI400_CLUS1_SL_PORT 4
/* CCI-500/CCI-550 on Base platform */
#define PLAT_FVP_R_CCI5XX_BASE UL(0xaa000000)
#define PLAT_FVP_R_CCI5XX_CLUS0_SL_PORT 5
#define PLAT_FVP_R_CCI5XX_CLUS1_SL_PORT 6
/* System timer related constants */
#define PLAT_ARM_NSTIMER_FRAME_ID U(1)
/* Mailbox base address */
#define PLAT_ARM_TRUSTED_MAILBOX_BASE ARM_TRUSTED_SRAM_BASE
/* TrustZone controller related constants
*
* Currently only filters 0 and 2 are connected on Base FVP_R.
* Filter 0 : CPU clusters (no access to DRAM by default)
* Filter 1 : not connected
* Filter 2 : LCDs (access to VRAM allowed by default)
* Filter 3 : not connected
* Programming unconnected filters will have no effect at the
* moment. These filter could, however, be connected in future.
* So care should be taken not to configure the unused filters.
*
* Allow only non-secure access to all DRAM to supported devices.
* Give access to the CPUs and Virtio. Some devices
* would normally use the default ID so allow that too.
*/
#define PLAT_ARM_TZC_BASE UL(0xaa4a0000)
#define PLAT_ARM_TZC_FILTERS TZC_400_REGION_ATTR_FILTER_BIT(0)
#define PLAT_ARM_TZC_NS_DEV_ACCESS ( \
TZC_REGION_ACCESS_RDWR(FVP_R_NSAID_DEFAULT) | \
TZC_REGION_ACCESS_RDWR(FVP_R_NSAID_PCI) | \
TZC_REGION_ACCESS_RDWR(FVP_R_NSAID_AP) | \
TZC_REGION_ACCESS_RDWR(FVP_R_NSAID_VIRTIO) | \
TZC_REGION_ACCESS_RDWR(FVP_R_NSAID_VIRTIO_OLD))
/*
* GIC related constants to cater for both GICv2 and GICv3 instances of an
* FVP_R. They could be overridden at runtime in case the FVP_R implements the
* legacy VE memory map.
*/
#define PLAT_ARM_GICD_BASE BASE_GICD_BASE
#define PLAT_ARM_GICR_BASE BASE_GICR_BASE
#define PLAT_ARM_GICC_BASE BASE_GICC_BASE
#define PLAT_ARM_SP_IMAGE_STACK_BASE (PLAT_SP_IMAGE_NS_BUF_BASE + \
PLAT_SP_IMAGE_NS_BUF_SIZE)
#define PLAT_SP_PRI PLAT_RAS_PRI
/*
* Physical and virtual address space limits for MPU in AARCH64 & AARCH32 modes
*/
#define PLAT_PHY_ADDR_SPACE_SIZE (1ULL << 36)
#define PLAT_VIRT_ADDR_SPACE_SIZE (1ULL << 36)
#define ARM_SOC_CONTINUATION_SHIFT U(24)
#define ARM_SOC_IDENTIFICATION_SHIFT U(16)
#endif /* FVP_R_PLATFORM_DEF_H */

100
plat/arm/board/fvp_r/platform.mk
View file

@ -1,100 +0,0 @@
#
# Copyright (c) 2021-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
# Only aarch64 ARCH supported for FVP_R
ARCH := aarch64
# Override to exclude BL2, BL2U, BL31, and BL33 for FVP_R
override NEED_BL2 := no
override NEED_BL2U := no
override NEED_BL31 := no
NEED_BL32 := no
override CTX_INCLUDE_AARCH32_REGS := 0
# Use MPU-based memory management:
XLAT_MPU_LIB_V1 := 1
# FVP R will not have more than 2 clusters so just use CCI interconnect
FVP_R_INTERCONNECT_SOURCES := drivers/arm/cci/cci.c
include plat/arm/board/common/board_common.mk
include plat/arm/common/arm_common.mk
PLAT_INCLUDES += -Iplat/arm/board/fvp_r/include
FVP_R_BL_COMMON_SOURCES := plat/arm/board/fvp_r/fvp_r_common.c \
plat/arm/board/fvp_r/fvp_r_context_mgmt.c \
plat/arm/board/fvp_r/fvp_r_debug.S \
plat/arm/board/fvp_r/fvp_r_err.c \
plat/arm/board/fvp_r/fvp_r_helpers.S \
plat/arm/board/fvp_r/fvp_r_misc_helpers.S
FVP_R_BL1_SOURCES := plat/arm/board/fvp_r/fvp_r_bl1_arch_setup.c \
plat/arm/board/fvp_r/fvp_r_bl1_setup.c \
plat/arm/board/fvp_r/fvp_r_io_storage.c \
plat/arm/board/fvp_r/fvp_r_bl1_entrypoint.S \
plat/arm/board/fvp_r/fvp_r_bl1_exceptions.S \
plat/arm/board/fvp_r/fvp_r_bl1_main.c
FVP_R_CPU_LIBS := lib/cpus/${ARCH}/aem_generic.S
FVP_R_DYNC_CFG_SOURCES := common/fdt_wrappers.c \
plat/arm/common/arm_dyn_cfg.c
ifeq (${TRUSTED_BOARD_BOOT},1)
FVP_R_AUTH_SOURCES := drivers/auth/auth_mod.c \
drivers/auth/crypto_mod.c \
drivers/auth/img_parser_mod.c \
lib/fconf/fconf_tbbr_getter.c \
plat/common/tbbr/plat_tbbr.c \
drivers/auth/tbbr/tbbr_cot_bl1_r64.c \
drivers/auth/tbbr/tbbr_cot_common.c \
plat/arm/board/common/board_arm_trusted_boot.c \
plat/arm/board/common/rotpk/arm_dev_rotpk.S \
plat/arm/board/fvp_r/fvp_r_trusted_boot.c
FVP_R_BL1_SOURCES += ${MBEDTLS_SOURCES} \
${FVP_R_AUTH_SOURCES}
endif
ifeq (${USE_SP804_TIMER},1)
FVP_R_BL_COMMON_SOURCES += drivers/arm/sp804/sp804_delay_timer.c
else
FVP_R_BL_COMMON_SOURCES += drivers/delay_timer/generic_delay_timer.c
endif
# Enable Activity Monitor Unit extensions by default
ENABLE_FEAT_AMU := 2
ifneq (${ENABLE_STACK_PROTECTOR},0)
FVP_R_BL_COMMON_SOURCES += plat/arm/board/fvp_r/fvp_r_stack_protector.c
endif
override BL1_SOURCES := drivers/arm/sp805/sp805.c \
drivers/cfi/v2m/v2m_flash.c \
drivers/delay_timer/delay_timer.c \
drivers/io/io_fip.c \
drivers/io/io_memmap.c \
drivers/io/io_storage.c \
drivers/io/io_semihosting.c \
lib/cpus/aarch64/cpu_helpers.S \
lib/cpus/errata_report.c \
lib/fconf/fconf_dyn_cfg_getter.c \
lib/semihosting/semihosting.c \
lib/semihosting/${ARCH}/semihosting_call.S \
plat/arm/common/arm_bl1_setup.c \
plat/arm/common/arm_err.c \
plat/arm/common/arm_io_storage.c \
plat/arm/common/fconf/arm_fconf_io.c \
plat/common/plat_bl1_common.c \
plat/common/aarch64/platform_up_stack.S \
${FVP_R_BL1_SOURCES} \
${FVP_R_BL_COMMON_SOURCES} \
${FVP_R_CPU_LIBS} \
${FVP_R_DYNC_CFG_SOURCES} \
${FVP_R_INTERCONNECT_SOURCES}