mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-04-16 01:24:27 +00:00
ed108b5605
This patch provides the following features and makes modifications listed below: - Individual APIAKey key generation for each CPU. - New key generation on every BL31 warm boot and TSP CPU On event. - Per-CPU storage of APIAKey added in percpu_data[] of cpu_data structure. - `plat_init_apiakey()` function replaced with `plat_init_apkey()` which returns 128-bit value and uses Generic timer physical counter value to increase the randomness of the generated key. The new function can be used for generation of all ARMv8.3-PAuth keys - ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`. - New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively; pauth_disable_el1()` and `pauth_disable_el3()` functions disable PAuth for EL1 and EL3 respectively; `pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from cpu-data structure. - Combined `save_gp_pauth_registers()` function replaces calls to `save_gp_registers()` and `pauth_context_save()`; `restore_gp_pauth_registers()` replaces `pauth_context_restore()` and `restore_gp_registers()` calls. - `restore_gp_registers_eret()` function removed with corresponding code placed in `el3_exit()`. - Fixed the issue when `pauth_t pauth_ctx` structure allocated space for 12 uint64_t PAuth registers instead of 10 by removal of macro CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h` and assigning its value to CTX_PAUTH_REGS_END. - Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions in `msr spsel` instruction instead of hard-coded values. - Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI. Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
231 lines
7.4 KiB
ArmAsm
231 lines
7.4 KiB
ArmAsm
/*
|
|
* Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*/
|
|
|
|
#include <platform_def.h>
|
|
|
|
#include <arch.h>
|
|
#include <common/bl_common.h>
|
|
#include <el3_common_macros.S>
|
|
#include <lib/pmf/pmf_asm_macros.S>
|
|
#include <lib/runtime_instr.h>
|
|
#include <lib/xlat_tables/xlat_mmu_helpers.h>
|
|
|
|
.globl bl31_entrypoint
|
|
.globl bl31_warm_entrypoint
|
|
|
|
/* -----------------------------------------------------
|
|
* bl31_entrypoint() is the cold boot entrypoint,
|
|
* executed only by the primary cpu.
|
|
* -----------------------------------------------------
|
|
*/
|
|
|
|
func bl31_entrypoint
|
|
/* ---------------------------------------------------------------
|
|
* Stash the previous bootloader arguments x0 - x3 for later use.
|
|
* ---------------------------------------------------------------
|
|
*/
|
|
mov x20, x0
|
|
mov x21, x1
|
|
mov x22, x2
|
|
mov x23, x3
|
|
|
|
/* --------------------------------------------------------------------
|
|
* If PIE is enabled, fixup the Global descriptor Table and dynamic
|
|
* relocations
|
|
* --------------------------------------------------------------------
|
|
*/
|
|
#if ENABLE_PIE
|
|
mov_imm x0, BL31_BASE
|
|
mov_imm x1, BL31_LIMIT
|
|
bl fixup_gdt_reloc
|
|
#endif /* ENABLE_PIE */
|
|
|
|
#if !RESET_TO_BL31
|
|
/* ---------------------------------------------------------------------
|
|
* For !RESET_TO_BL31 systems, only the primary CPU ever reaches
|
|
* bl31_entrypoint() during the cold boot flow, so the cold/warm boot
|
|
* and primary/secondary CPU logic should not be executed in this case.
|
|
*
|
|
* Also, assume that the previous bootloader has already initialised the
|
|
* SCTLR_EL3, including the endianness, and has initialised the memory.
|
|
* ---------------------------------------------------------------------
|
|
*/
|
|
el3_entrypoint_common \
|
|
_init_sctlr=0 \
|
|
_warm_boot_mailbox=0 \
|
|
_secondary_cold_boot=0 \
|
|
_init_memory=0 \
|
|
_init_c_runtime=1 \
|
|
_exception_vectors=runtime_exceptions
|
|
#else
|
|
|
|
/* ---------------------------------------------------------------------
|
|
* For RESET_TO_BL31 systems which have a programmable reset address,
|
|
* bl31_entrypoint() is executed only on the cold boot path so we can
|
|
* skip the warm boot mailbox mechanism.
|
|
* ---------------------------------------------------------------------
|
|
*/
|
|
el3_entrypoint_common \
|
|
_init_sctlr=1 \
|
|
_warm_boot_mailbox=!PROGRAMMABLE_RESET_ADDRESS \
|
|
_secondary_cold_boot=!COLD_BOOT_SINGLE_CPU \
|
|
_init_memory=1 \
|
|
_init_c_runtime=1 \
|
|
_exception_vectors=runtime_exceptions
|
|
|
|
/* ---------------------------------------------------------------------
|
|
* For RESET_TO_BL31 systems, BL31 is the first bootloader to run so
|
|
* there's no argument to relay from a previous bootloader. Zero the
|
|
* arguments passed to the platform layer to reflect that.
|
|
* ---------------------------------------------------------------------
|
|
*/
|
|
mov x20, 0
|
|
mov x21, 0
|
|
mov x22, 0
|
|
mov x23, 0
|
|
#endif /* RESET_TO_BL31 */
|
|
|
|
/* --------------------------------------------------------------------
|
|
* Perform BL31 setup
|
|
* --------------------------------------------------------------------
|
|
*/
|
|
mov x0, x20
|
|
mov x1, x21
|
|
mov x2, x22
|
|
mov x3, x23
|
|
bl bl31_setup
|
|
|
|
#if ENABLE_PAUTH
|
|
/* --------------------------------------------------------------------
|
|
* Program APIAKey_EL1 and enable pointer authentication
|
|
* --------------------------------------------------------------------
|
|
*/
|
|
bl pauth_init_enable_el3
|
|
#endif /* ENABLE_PAUTH */
|
|
|
|
/* --------------------------------------------------------------------
|
|
* Jump to main function
|
|
* --------------------------------------------------------------------
|
|
*/
|
|
bl bl31_main
|
|
|
|
/* --------------------------------------------------------------------
|
|
* Clean the .data & .bss sections to main memory. This ensures
|
|
* that any global data which was initialised by the primary CPU
|
|
* is visible to secondary CPUs before they enable their data
|
|
* caches and participate in coherency.
|
|
* --------------------------------------------------------------------
|
|
*/
|
|
adr x0, __DATA_START__
|
|
adr x1, __DATA_END__
|
|
sub x1, x1, x0
|
|
bl clean_dcache_range
|
|
|
|
adr x0, __BSS_START__
|
|
adr x1, __BSS_END__
|
|
sub x1, x1, x0
|
|
bl clean_dcache_range
|
|
|
|
b el3_exit
|
|
endfunc bl31_entrypoint
|
|
|
|
/* --------------------------------------------------------------------
|
|
* This CPU has been physically powered up. It is either resuming from
|
|
* suspend or has simply been turned on. In both cases, call the BL31
|
|
* warmboot entrypoint
|
|
* --------------------------------------------------------------------
|
|
*/
|
|
func bl31_warm_entrypoint
|
|
#if ENABLE_RUNTIME_INSTRUMENTATION
|
|
|
|
/*
|
|
* This timestamp update happens with cache off. The next
|
|
* timestamp collection will need to do cache maintenance prior
|
|
* to timestamp update.
|
|
*/
|
|
pmf_calc_timestamp_addr rt_instr_svc, RT_INSTR_EXIT_HW_LOW_PWR
|
|
mrs x1, cntpct_el0
|
|
str x1, [x0]
|
|
#endif
|
|
|
|
/*
|
|
* On the warm boot path, most of the EL3 initialisations performed by
|
|
* 'el3_entrypoint_common' must be skipped:
|
|
*
|
|
* - Only when the platform bypasses the BL1/BL31 entrypoint by
|
|
* programming the reset address do we need to initialise SCTLR_EL3.
|
|
* In other cases, we assume this has been taken care by the
|
|
* entrypoint code.
|
|
*
|
|
* - No need to determine the type of boot, we know it is a warm boot.
|
|
*
|
|
* - Do not try to distinguish between primary and secondary CPUs, this
|
|
* notion only exists for a cold boot.
|
|
*
|
|
* - No need to initialise the memory or the C runtime environment,
|
|
* it has been done once and for all on the cold boot path.
|
|
*/
|
|
el3_entrypoint_common \
|
|
_init_sctlr=PROGRAMMABLE_RESET_ADDRESS \
|
|
_warm_boot_mailbox=0 \
|
|
_secondary_cold_boot=0 \
|
|
_init_memory=0 \
|
|
_init_c_runtime=0 \
|
|
_exception_vectors=runtime_exceptions
|
|
|
|
/*
|
|
* We're about to enable MMU and participate in PSCI state coordination.
|
|
*
|
|
* The PSCI implementation invokes platform routines that enable CPUs to
|
|
* participate in coherency. On a system where CPUs are not
|
|
* cache-coherent without appropriate platform specific programming,
|
|
* having caches enabled until such time might lead to coherency issues
|
|
* (resulting from stale data getting speculatively fetched, among
|
|
* others). Therefore we keep data caches disabled even after enabling
|
|
* the MMU for such platforms.
|
|
*
|
|
* On systems with hardware-assisted coherency, or on single cluster
|
|
* platforms, such platform specific programming is not required to
|
|
* enter coherency (as CPUs already are); and there's no reason to have
|
|
* caches disabled either.
|
|
*/
|
|
#if HW_ASSISTED_COHERENCY || WARMBOOT_ENABLE_DCACHE_EARLY
|
|
mov x0, xzr
|
|
#else
|
|
mov x0, #DISABLE_DCACHE
|
|
#endif
|
|
bl bl31_plat_enable_mmu
|
|
|
|
#if ENABLE_PAUTH
|
|
/* --------------------------------------------------------------------
|
|
* Program APIAKey_EL1 and enable pointer authentication
|
|
* --------------------------------------------------------------------
|
|
*/
|
|
bl pauth_init_enable_el3
|
|
#endif /* ENABLE_PAUTH */
|
|
|
|
bl psci_warmboot_entrypoint
|
|
|
|
#if ENABLE_RUNTIME_INSTRUMENTATION
|
|
pmf_calc_timestamp_addr rt_instr_svc, RT_INSTR_EXIT_PSCI
|
|
mov x19, x0
|
|
|
|
/*
|
|
* Invalidate before updating timestamp to ensure previous timestamp
|
|
* updates on the same cache line with caches disabled are properly
|
|
* seen by the same core. Without the cache invalidate, the core might
|
|
* write into a stale cache line.
|
|
*/
|
|
mov x1, #PMF_TS_SIZE
|
|
mov x20, x30
|
|
bl inv_dcache_range
|
|
mov x30, x20
|
|
|
|
mrs x0, cntpct_el0
|
|
str x0, [x19]
|
|
#endif
|
|
b el3_exit
|
|
endfunc bl31_warm_entrypoint
|