]>
Commit | Line | Data |
---|---|---|
b45db3b5 HZ |
1 | /* |
2 | * Copyright 2016 NXP Semiconductor, Inc. | |
3 | * | |
4 | * SPDX-License-Identifier: GPL-2.0+ | |
5 | */ | |
6 | ||
7 | #include <common.h> | |
8 | #include <errno.h> | |
9 | #include <linux/kernel.h> | |
10 | #include <asm/io.h> | |
11 | #include <asm/system.h> | |
12 | #include <asm/types.h> | |
13 | #include <asm/macro.h> | |
14 | #include <asm/armv8/sec_firmware.h> | |
15 | ||
16 | DECLARE_GLOBAL_DATA_PTR; | |
17 | extern void c_runtime_cpu_setup(void); | |
18 | ||
19 | #define SEC_FIRMWARE_LOADED 0x1 | |
20 | #define SEC_FIRMWARE_RUNNING 0x2 | |
21 | #define SEC_FIRMWARE_ADDR_MASK (~0x3) | |
81049ba8 HZ |
22 | /* |
23 | * Secure firmware load addr | |
24 | * Flags used: 0x1 secure firmware has been loaded to secure memory | |
25 | * 0x2 secure firmware is running | |
26 | */ | |
27 | phys_addr_t sec_firmware_addr; | |
28 | ||
29 | #ifndef SEC_FIRMWARE_FIT_IMAGE | |
30 | #define SEC_FIRMWARE_FIT_IMAGE "firmware" | |
31 | #endif | |
32 | #ifndef SEC_FIRMEWARE_FIT_CNF_NAME | |
33 | #define SEC_FIRMEWARE_FIT_CNF_NAME "config@1" | |
34 | #endif | |
35 | #ifndef SEC_FIRMWARE_TARGET_EL | |
36 | #define SEC_FIRMWARE_TARGET_EL 2 | |
37 | #endif | |
b45db3b5 HZ |
38 | |
39 | static int sec_firmware_get_data(const void *sec_firmware_img, | |
40 | const void **data, size_t *size) | |
41 | { | |
42 | int conf_node_off, fw_node_off; | |
43 | char *conf_node_name = NULL; | |
44 | char *desc; | |
45 | int ret; | |
46 | ||
47 | conf_node_name = SEC_FIRMEWARE_FIT_CNF_NAME; | |
48 | ||
49 | conf_node_off = fit_conf_get_node(sec_firmware_img, conf_node_name); | |
50 | if (conf_node_off < 0) { | |
51 | printf("SEC Firmware: %s: no such config\n", conf_node_name); | |
52 | return -ENOENT; | |
53 | } | |
54 | ||
55 | fw_node_off = fit_conf_get_prop_node(sec_firmware_img, conf_node_off, | |
56 | SEC_FIRMWARE_FIT_IMAGE); | |
57 | if (fw_node_off < 0) { | |
58 | printf("SEC Firmware: No '%s' in config\n", | |
59 | SEC_FIRMWARE_FIT_IMAGE); | |
60 | return -ENOLINK; | |
61 | } | |
62 | ||
63 | /* Verify secure firmware image */ | |
64 | if (!(fit_image_verify(sec_firmware_img, fw_node_off))) { | |
65 | printf("SEC Firmware: Bad firmware image (bad CRC)\n"); | |
66 | return -EINVAL; | |
67 | } | |
68 | ||
69 | if (fit_image_get_data(sec_firmware_img, fw_node_off, data, size)) { | |
70 | printf("SEC Firmware: Can't get %s subimage data/size", | |
71 | SEC_FIRMWARE_FIT_IMAGE); | |
72 | return -ENOENT; | |
73 | } | |
74 | ||
75 | ret = fit_get_desc(sec_firmware_img, fw_node_off, &desc); | |
76 | if (ret) | |
77 | printf("SEC Firmware: Can't get description\n"); | |
78 | else | |
79 | printf("%s\n", desc); | |
80 | ||
81 | return ret; | |
82 | } | |
83 | ||
84 | /* | |
85 | * SEC Firmware FIT image parser checks if the image is in FIT | |
86 | * format, verifies integrity of the image and calculates raw | |
87 | * image address and size values. | |
88 | * | |
89 | * Returns 0 on success and a negative errno on error task fail. | |
90 | */ | |
91 | static int sec_firmware_parse_image(const void *sec_firmware_img, | |
92 | const void **raw_image_addr, | |
93 | size_t *raw_image_size) | |
94 | { | |
95 | int ret; | |
96 | ||
97 | ret = sec_firmware_get_data(sec_firmware_img, raw_image_addr, | |
98 | raw_image_size); | |
99 | if (ret) | |
100 | return ret; | |
101 | ||
102 | debug("SEC Firmware: raw_image_addr = 0x%p, raw_image_size = 0x%lx\n", | |
103 | *raw_image_addr, *raw_image_size); | |
104 | ||
105 | return 0; | |
106 | } | |
107 | ||
108 | static int sec_firmware_copy_image(const char *title, | |
109 | u64 image_addr, u32 image_size, u64 sec_firmware) | |
110 | { | |
111 | debug("%s copied to address 0x%p\n", title, (void *)sec_firmware); | |
112 | memcpy((void *)sec_firmware, (void *)image_addr, image_size); | |
113 | flush_dcache_range(sec_firmware, sec_firmware + image_size); | |
114 | ||
115 | return 0; | |
116 | } | |
117 | ||
118 | /* | |
119 | * This function will parse the SEC Firmware image, and then load it | |
120 | * to secure memory. | |
121 | */ | |
122 | static int sec_firmware_load_image(const void *sec_firmware_img) | |
123 | { | |
124 | const void *raw_image_addr; | |
125 | size_t raw_image_size = 0; | |
126 | int ret; | |
127 | ||
128 | /* | |
129 | * The Excetpion Level must be EL3 to load and initialize | |
130 | * the SEC Firmware. | |
131 | */ | |
132 | if (current_el() != 3) { | |
133 | ret = -EACCES; | |
134 | goto out; | |
135 | } | |
136 | ||
137 | #ifdef CONFIG_SYS_MEM_RESERVE_SECURE | |
138 | /* | |
139 | * The SEC Firmware must be stored in secure memory. | |
140 | * Append SEC Firmware to secure mmu table. | |
141 | */ | |
142 | if (!(gd->arch.secure_ram & MEM_RESERVE_SECURE_MAINTAINED)) { | |
143 | ret = -ENXIO; | |
144 | goto out; | |
145 | } | |
146 | ||
147 | sec_firmware_addr = (gd->arch.secure_ram & MEM_RESERVE_SECURE_ADDR_MASK) + | |
148 | gd->arch.tlb_size; | |
149 | #else | |
150 | #error "The CONFIG_SYS_MEM_RESERVE_SECURE must be defined when enabled SEC Firmware support" | |
151 | #endif | |
152 | ||
153 | /* Align SEC Firmware base address to 4K */ | |
154 | sec_firmware_addr = (sec_firmware_addr + 0xfff) & ~0xfff; | |
155 | debug("SEC Firmware: Load address: 0x%llx\n", | |
156 | sec_firmware_addr & SEC_FIRMWARE_ADDR_MASK); | |
157 | ||
158 | ret = sec_firmware_parse_image(sec_firmware_img, &raw_image_addr, | |
159 | &raw_image_size); | |
160 | if (ret) | |
161 | goto out; | |
162 | ||
163 | /* TODO: | |
164 | * Check if the end addr of SEC Firmware has been extend the secure | |
165 | * memory. | |
166 | */ | |
167 | ||
168 | /* Copy the secure firmware to secure memory */ | |
169 | ret = sec_firmware_copy_image("SEC Firmware", (u64)raw_image_addr, | |
170 | raw_image_size, sec_firmware_addr & | |
171 | SEC_FIRMWARE_ADDR_MASK); | |
172 | if (ret) | |
173 | goto out; | |
174 | ||
175 | sec_firmware_addr |= SEC_FIRMWARE_LOADED; | |
176 | debug("SEC Firmware: Entry point: 0x%llx\n", | |
177 | sec_firmware_addr & SEC_FIRMWARE_ADDR_MASK); | |
178 | ||
179 | return 0; | |
180 | ||
181 | out: | |
182 | printf("SEC Firmware: error (%d)\n", ret); | |
183 | sec_firmware_addr = 0; | |
184 | ||
185 | return ret; | |
186 | } | |
187 | ||
188 | static int sec_firmware_entry(u32 *eret_hold_l, u32 *eret_hold_h) | |
189 | { | |
190 | const void *entry = (void *)(sec_firmware_addr & | |
191 | SEC_FIRMWARE_ADDR_MASK); | |
192 | ||
193 | return _sec_firmware_entry(entry, eret_hold_l, eret_hold_h); | |
194 | } | |
195 | ||
196 | /* Check the secure firmware FIT image */ | |
197 | __weak bool sec_firmware_is_valid(const void *sec_firmware_img) | |
198 | { | |
199 | if (fdt_check_header(sec_firmware_img)) { | |
200 | printf("SEC Firmware: Bad firmware image (not a FIT image)\n"); | |
201 | return false; | |
202 | } | |
203 | ||
204 | if (!fit_check_format(sec_firmware_img)) { | |
205 | printf("SEC Firmware: Bad firmware image (bad FIT header)\n"); | |
206 | return false; | |
207 | } | |
208 | ||
209 | return true; | |
210 | } | |
211 | ||
daa92644 | 212 | #ifdef CONFIG_SEC_FIRMWARE_ARMV8_PSCI |
b45db3b5 HZ |
213 | /* |
214 | * The PSCI_VERSION function is added from PSCI v0.2. When the PSCI | |
215 | * v0.1 received this function, the NOT_SUPPORTED (0xffff_ffff) error | |
216 | * number will be returned according to SMC Calling Conventions. But | |
217 | * when getting the NOT_SUPPORTED error number, we cannot ensure if | |
218 | * the PSCI version is v0.1 or other error occurred. So, PSCI v0.1 | |
219 | * won't be supported by this framework. | |
220 | * And if the secure firmware isn't running, return NOT_SUPPORTED. | |
221 | * | |
222 | * The return value on success is PSCI version in format | |
223 | * major[31:16]:minor[15:0]. | |
224 | */ | |
225 | unsigned int sec_firmware_support_psci_version(void) | |
226 | { | |
227 | if (sec_firmware_addr & SEC_FIRMWARE_RUNNING) | |
228 | return _sec_firmware_support_psci_version(); | |
229 | ||
026f30ec | 230 | return PSCI_INVALID_VER; |
b45db3b5 HZ |
231 | } |
232 | #endif | |
233 | ||
234 | /* | |
235 | * sec_firmware_init - Initialize the SEC Firmware | |
236 | * @sec_firmware_img: the SEC Firmware image address | |
237 | * @eret_hold_l: the address to hold exception return address low | |
238 | * @eret_hold_h: the address to hold exception return address high | |
239 | */ | |
240 | int sec_firmware_init(const void *sec_firmware_img, | |
241 | u32 *eret_hold_l, | |
242 | u32 *eret_hold_h) | |
243 | { | |
244 | int ret; | |
245 | ||
246 | if (!sec_firmware_is_valid(sec_firmware_img)) | |
247 | return -EINVAL; | |
248 | ||
249 | ret = sec_firmware_load_image(sec_firmware_img); | |
250 | if (ret) { | |
251 | printf("SEC Firmware: Failed to load image\n"); | |
252 | return ret; | |
253 | } else if (sec_firmware_addr & SEC_FIRMWARE_LOADED) { | |
254 | ret = sec_firmware_entry(eret_hold_l, eret_hold_h); | |
255 | if (ret) { | |
256 | printf("SEC Firmware: Failed to initialize\n"); | |
257 | return ret; | |
258 | } | |
259 | } | |
260 | ||
261 | debug("SEC Firmware: Return from SEC Firmware: current_el = %d\n", | |
262 | current_el()); | |
263 | ||
264 | /* | |
265 | * The PE will be turned into target EL when returned from | |
266 | * SEC Firmware. | |
267 | */ | |
268 | if (current_el() != SEC_FIRMWARE_TARGET_EL) | |
269 | return -EACCES; | |
270 | ||
271 | sec_firmware_addr |= SEC_FIRMWARE_RUNNING; | |
272 | ||
273 | /* Set exception table and enable caches if it isn't EL3 */ | |
274 | if (current_el() != 3) { | |
275 | c_runtime_cpu_setup(); | |
276 | enable_caches(); | |
277 | } | |
278 | ||
279 | return 0; | |
280 | } |