[people/ms/u-boot.git] / arch / arm / cpu / armv8 / sec_firmware.c

/*
 * Copyright 2016 NXP Semiconductor, Inc.
 *
 * SPDX-License-Identifier:	GPL-2.0+
 */

#include <common.h>
#include <errno.h>
#include <linux/kernel.h>
#include <asm/io.h>
#include <asm/system.h>
#include <asm/types.h>
#include <asm/macro.h>
#include <asm/armv8/sec_firmware.h>

DECLARE_GLOBAL_DATA_PTR;
extern void c_runtime_cpu_setup(void);

#define SEC_FIRMWARE_LOADED	0x1
#define SEC_FIRMWARE_RUNNING	0x2
#define SEC_FIRMWARE_ADDR_MASK	(~0x3)
/*
 * Secure firmware load addr
 * Flags used: 0x1 secure firmware has been loaded to secure memory
 *             0x2 secure firmware is running
 */
phys_addr_t sec_firmware_addr;

#ifndef SEC_FIRMWARE_FIT_IMAGE
#define SEC_FIRMWARE_FIT_IMAGE		"firmware"
#endif
#ifndef SEC_FIRMEWARE_FIT_CNF_NAME
#define SEC_FIRMEWARE_FIT_CNF_NAME	"config@1"
#endif
#ifndef SEC_FIRMWARE_TARGET_EL
#define SEC_FIRMWARE_TARGET_EL		2
#endif

static int sec_firmware_get_data(const void *sec_firmware_img,
				const void **data, size_t *size)
{
	int conf_node_off, fw_node_off;
	char *conf_node_name = NULL;
	char *desc;
	int ret;

	conf_node_name = SEC_FIRMEWARE_FIT_CNF_NAME;

	conf_node_off = fit_conf_get_node(sec_firmware_img, conf_node_name);
	if (conf_node_off < 0) {
		printf("SEC Firmware: %s: no such config\n", conf_node_name);
		return -ENOENT;
	}

	fw_node_off = fit_conf_get_prop_node(sec_firmware_img, conf_node_off,
			SEC_FIRMWARE_FIT_IMAGE);
	if (fw_node_off < 0) {
		printf("SEC Firmware: No '%s' in config\n",
		       SEC_FIRMWARE_FIT_IMAGE);
		return -ENOLINK;
	}

	/* Verify secure firmware image */
	if (!(fit_image_verify(sec_firmware_img, fw_node_off))) {
		printf("SEC Firmware: Bad firmware image (bad CRC)\n");
		return -EINVAL;
	}

	if (fit_image_get_data(sec_firmware_img, fw_node_off, data, size)) {
		printf("SEC Firmware: Can't get %s subimage data/size",
		       SEC_FIRMWARE_FIT_IMAGE);
		return -ENOENT;
	}

	ret = fit_get_desc(sec_firmware_img, fw_node_off, &desc);
	if (ret)
		printf("SEC Firmware: Can't get description\n");
	else
		printf("%s\n", desc);

	return ret;
}

/*
 * SEC Firmware FIT image parser checks if the image is in FIT
 * format, verifies integrity of the image and calculates raw
 * image address and size values.
 *
 * Returns 0 on success and a negative errno on error task fail.
 */
static int sec_firmware_parse_image(const void *sec_firmware_img,
					const void **raw_image_addr,
					size_t *raw_image_size)
{
	int ret;

	ret = sec_firmware_get_data(sec_firmware_img, raw_image_addr,
					raw_image_size);
	if (ret)
		return ret;

	debug("SEC Firmware: raw_image_addr = 0x%p, raw_image_size = 0x%lx\n",
	      *raw_image_addr, *raw_image_size);

	return 0;
}

static int sec_firmware_copy_image(const char *title,
			 u64 image_addr, u32 image_size, u64 sec_firmware)
{
	debug("%s copied to address 0x%p\n", title, (void *)sec_firmware);
	memcpy((void *)sec_firmware, (void *)image_addr, image_size);
	flush_dcache_range(sec_firmware, sec_firmware + image_size);

	return 0;
}

/*
 * This function will parse the SEC Firmware image, and then load it
 * to secure memory.
 */
static int sec_firmware_load_image(const void *sec_firmware_img)
{
	const void *raw_image_addr;
	size_t raw_image_size = 0;
	int ret;

	/*
	 * The Excetpion Level must be EL3 to load and initialize
	 * the SEC Firmware.
	 */
	if (current_el() != 3) {
		ret = -EACCES;
		goto out;
	}

#ifdef CONFIG_SYS_MEM_RESERVE_SECURE
	/*
	 * The SEC Firmware must be stored in secure memory.
	 * Append SEC Firmware to secure mmu table.
	 */
	if (!(gd->arch.secure_ram & MEM_RESERVE_SECURE_MAINTAINED)) {
		ret = -ENXIO;
		goto out;
	}

	sec_firmware_addr = (gd->arch.secure_ram & MEM_RESERVE_SECURE_ADDR_MASK) +
			gd->arch.tlb_size;
#else
#error "The CONFIG_SYS_MEM_RESERVE_SECURE must be defined when enabled SEC Firmware support"
#endif

	/* Align SEC Firmware base address to 4K */
	sec_firmware_addr = (sec_firmware_addr + 0xfff) & ~0xfff;
	debug("SEC Firmware: Load address: 0x%llx\n",
	      sec_firmware_addr & SEC_FIRMWARE_ADDR_MASK);

	ret = sec_firmware_parse_image(sec_firmware_img, &raw_image_addr,
			&raw_image_size);
	if (ret)
		goto out;

	/* TODO:
	 * Check if the end addr of SEC Firmware has been extend the secure
	 * memory.
	 */

	/* Copy the secure firmware to secure memory */
	ret = sec_firmware_copy_image("SEC Firmware", (u64)raw_image_addr,
			raw_image_size, sec_firmware_addr &
			SEC_FIRMWARE_ADDR_MASK);
	if (ret)
		goto out;

	sec_firmware_addr |= SEC_FIRMWARE_LOADED;
	debug("SEC Firmware: Entry point: 0x%llx\n",
	      sec_firmware_addr & SEC_FIRMWARE_ADDR_MASK);

	return 0;

out:
	printf("SEC Firmware: error (%d)\n", ret);
	sec_firmware_addr = 0;

	return ret;
}

static int sec_firmware_entry(u32 *eret_hold_l, u32 *eret_hold_h)
{
	const void *entry = (void *)(sec_firmware_addr &
				SEC_FIRMWARE_ADDR_MASK);

	return _sec_firmware_entry(entry, eret_hold_l, eret_hold_h);
}

/* Check the secure firmware FIT image */
__weak bool sec_firmware_is_valid(const void *sec_firmware_img)
{
	if (fdt_check_header(sec_firmware_img)) {
		printf("SEC Firmware: Bad firmware image (not a FIT image)\n");
		return false;
	}

	if (!fit_check_format(sec_firmware_img)) {
		printf("SEC Firmware: Bad firmware image (bad FIT header)\n");
		return false;
	}

	return true;
}

#ifdef CONFIG_SEC_FIRMWARE_ARMV8_PSCI
/*
 * The PSCI_VERSION function is added from PSCI v0.2. When the PSCI
 * v0.1 received this function, the NOT_SUPPORTED (0xffff_ffff) error
 * number will be returned according to SMC Calling Conventions. But
 * when getting the NOT_SUPPORTED error number, we cannot ensure if
 * the PSCI version is v0.1 or other error occurred. So, PSCI v0.1
 * won't be supported by this framework.
 * And if the secure firmware isn't running, return NOT_SUPPORTED.
 *
 * The return value on success is PSCI version in format
 * major[31:16]:minor[15:0].
 */
unsigned int sec_firmware_support_psci_version(void)
{
	if (sec_firmware_addr & SEC_FIRMWARE_RUNNING)
		return _sec_firmware_support_psci_version();

	return PSCI_INVALID_VER;
}
#endif

/*
 * sec_firmware_init - Initialize the SEC Firmware
 * @sec_firmware_img:	the SEC Firmware image address
 * @eret_hold_l:	the address to hold exception return address low
 * @eret_hold_h:	the address to hold exception return address high
 */
int sec_firmware_init(const void *sec_firmware_img,
			u32 *eret_hold_l,
			u32 *eret_hold_h)
{
	int ret;

	if (!sec_firmware_is_valid(sec_firmware_img))
		return -EINVAL;

	ret = sec_firmware_load_image(sec_firmware_img);
	if (ret) {
		printf("SEC Firmware: Failed to load image\n");
		return ret;
	} else if (sec_firmware_addr & SEC_FIRMWARE_LOADED) {
		ret = sec_firmware_entry(eret_hold_l, eret_hold_h);
		if (ret) {
			printf("SEC Firmware: Failed to initialize\n");
			return ret;
		}
	}

	debug("SEC Firmware: Return from SEC Firmware: current_el = %d\n",
	      current_el());

	/*
	 * The PE will be turned into target EL when returned from
	 * SEC Firmware.
	 */
	if (current_el() != SEC_FIRMWARE_TARGET_EL)
		return -EACCES;

	sec_firmware_addr |= SEC_FIRMWARE_RUNNING;

	/* Set exception table and enable caches if it isn't EL3 */
	if (current_el() != 3) {
		c_runtime_cpu_setup();
		enable_caches();
	}

	return 0;
}
Commit	Line	Data
b45db3b5 HZ	1	/*
	2	* Copyright 2016 NXP Semiconductor, Inc.
	3	*
	4	* SPDX-License-Identifier: GPL-2.0+
	5	*/
	6
	7	#include <common.h>
	8	#include <errno.h>
	9	#include <linux/kernel.h>
	10	#include <asm/io.h>
	11	#include <asm/system.h>
	12	#include <asm/types.h>
	13	#include <asm/macro.h>
	14	#include <asm/armv8/sec_firmware.h>
	15
	16	DECLARE_GLOBAL_DATA_PTR;
	17	extern void c_runtime_cpu_setup(void);
	18
	19	#define SEC_FIRMWARE_LOADED 0x1
	20	#define SEC_FIRMWARE_RUNNING 0x2
	21	#define SEC_FIRMWARE_ADDR_MASK (~0x3)
81049ba8 HZ	22	/*
	23	* Secure firmware load addr
	24	* Flags used: 0x1 secure firmware has been loaded to secure memory
	25	* 0x2 secure firmware is running
	26	*/
	27	phys_addr_t sec_firmware_addr;
	28
	29	#ifndef SEC_FIRMWARE_FIT_IMAGE
	30	#define SEC_FIRMWARE_FIT_IMAGE "firmware"
	31	#endif
	32	#ifndef SEC_FIRMEWARE_FIT_CNF_NAME
	33	#define SEC_FIRMEWARE_FIT_CNF_NAME "config@1"
	34	#endif
	35	#ifndef SEC_FIRMWARE_TARGET_EL
	36	#define SEC_FIRMWARE_TARGET_EL 2
	37	#endif
b45db3b5 HZ	38
	39	static int sec_firmware_get_data(const void *sec_firmware_img,
	40	const void *data, size_t size)
	41	{
	42	int conf_node_off, fw_node_off;
	43	char *conf_node_name = NULL;
	44	char *desc;
	45	int ret;
	46
	47	conf_node_name = SEC_FIRMEWARE_FIT_CNF_NAME;
	48
	49	conf_node_off = fit_conf_get_node(sec_firmware_img, conf_node_name);
	50	if (conf_node_off < 0) {
	51	printf("SEC Firmware: %s: no such config\n", conf_node_name);
	52	return -ENOENT;
	53	}
	54
	55	fw_node_off = fit_conf_get_prop_node(sec_firmware_img, conf_node_off,
	56	SEC_FIRMWARE_FIT_IMAGE);
	57	if (fw_node_off < 0) {
	58	printf("SEC Firmware: No '%s' in config\n",
	59	SEC_FIRMWARE_FIT_IMAGE);
	60	return -ENOLINK;
	61	}
	62
	63	/* Verify secure firmware image */
	64	if (!(fit_image_verify(sec_firmware_img, fw_node_off))) {
	65	printf("SEC Firmware: Bad firmware image (bad CRC)\n");
	66	return -EINVAL;
	67	}
	68
	69	if (fit_image_get_data(sec_firmware_img, fw_node_off, data, size)) {
	70	printf("SEC Firmware: Can't get %s subimage data/size",
	71	SEC_FIRMWARE_FIT_IMAGE);
	72	return -ENOENT;
	73	}
	74
	75	ret = fit_get_desc(sec_firmware_img, fw_node_off, &desc);
	76	if (ret)
	77	printf("SEC Firmware: Can't get description\n");
	78	else
	79	printf("%s\n", desc);
	80
	81	return ret;
	82	}
	83
	84	/*
	85	* SEC Firmware FIT image parser checks if the image is in FIT
	86	* format, verifies integrity of the image and calculates raw
	87	* image address and size values.
	88	*
	89	* Returns 0 on success and a negative errno on error task fail.
	90	*/
	91	static int sec_firmware_parse_image(const void *sec_firmware_img,
	92	const void **raw_image_addr,
	93	size_t *raw_image_size)
	94	{
	95	int ret;
	96
	97	ret = sec_firmware_get_data(sec_firmware_img, raw_image_addr,
	98	raw_image_size);
	99	if (ret)
	100	return ret;
	101
102	debug("SEC Firmware: raw_image_addr = 0x%p, raw_image_size = 0x%lx\n",
103	raw_image_addr, raw_image_size);
104
105	return 0;
106	}
107
108	static int sec_firmware_copy_image(const char *title,
109	u64 image_addr, u32 image_size, u64 sec_firmware)
110	{
111	debug("%s copied to address 0x%p\n", title, (void *)sec_firmware);
112	memcpy((void )sec_firmware, (void )image_addr, image_size);
113	flush_dcache_range(sec_firmware, sec_firmware + image_size);
114
115	return 0;
116	}
117
118	/*
119	* This function will parse the SEC Firmware image, and then load it
120	* to secure memory.
121	*/
122	static int sec_firmware_load_image(const void *sec_firmware_img)
123	{
124	const void *raw_image_addr;
125	size_t raw_image_size = 0;
126	int ret;
127
128	/*
129	* The Excetpion Level must be EL3 to load and initialize
130	* the SEC Firmware.
131	*/
132	if (current_el() != 3) {
133	ret = -EACCES;
134	goto out;
135	}
136
137	#ifdef CONFIG_SYS_MEM_RESERVE_SECURE
138	/*
139	* The SEC Firmware must be stored in secure memory.
140	* Append SEC Firmware to secure mmu table.
141	*/
142	if (!(gd->arch.secure_ram & MEM_RESERVE_SECURE_MAINTAINED)) {
143	ret = -ENXIO;
144	goto out;
145	}
146
147	sec_firmware_addr = (gd->arch.secure_ram & MEM_RESERVE_SECURE_ADDR_MASK) +
148	gd->arch.tlb_size;
149	#else
150	#error "The CONFIG_SYS_MEM_RESERVE_SECURE must be defined when enabled SEC Firmware support"
151	#endif
152
153	/* Align SEC Firmware base address to 4K */
154	sec_firmware_addr = (sec_firmware_addr + 0xfff) & ~0xfff;
155	debug("SEC Firmware: Load address: 0x%llx\n",
156	sec_firmware_addr & SEC_FIRMWARE_ADDR_MASK);
157
158	ret = sec_firmware_parse_image(sec_firmware_img, &raw_image_addr,
159	&raw_image_size);
160	if (ret)
161	goto out;
162
163	/* TODO:
164	* Check if the end addr of SEC Firmware has been extend the secure
165	* memory.
166	*/
167
168	/* Copy the secure firmware to secure memory */
169	ret = sec_firmware_copy_image("SEC Firmware", (u64)raw_image_addr,
170	raw_image_size, sec_firmware_addr &
171	SEC_FIRMWARE_ADDR_MASK);
172	if (ret)
173	goto out;
174
175	sec_firmware_addr \|= SEC_FIRMWARE_LOADED;
176	debug("SEC Firmware: Entry point: 0x%llx\n",
177	sec_firmware_addr & SEC_FIRMWARE_ADDR_MASK);
178
179	return 0;
180
181	out:
182	printf("SEC Firmware: error (%d)\n", ret);
183	sec_firmware_addr = 0;
184
185	return ret;
186	}
187
188	static int sec_firmware_entry(u32 eret_hold_l, u32 eret_hold_h)
189	{
190	const void entry = (void )(sec_firmware_addr &
191	SEC_FIRMWARE_ADDR_MASK);
192
193	return _sec_firmware_entry(entry, eret_hold_l, eret_hold_h);
194	}
195
196	/* Check the secure firmware FIT image */
197	__weak bool sec_firmware_is_valid(const void *sec_firmware_img)
198	{
199	if (fdt_check_header(sec_firmware_img)) {
200	printf("SEC Firmware: Bad firmware image (not a FIT image)\n");
201	return false;
202	}
203
204	if (!fit_check_format(sec_firmware_img)) {
205	printf("SEC Firmware: Bad firmware image (bad FIT header)\n");
206	return false;
207	}
208
209	return true;
210	}
211
daa92644	212	#ifdef CONFIG_SEC_FIRMWARE_ARMV8_PSCI
b45db3b5 HZ	213	/*
	214	* The PSCI_VERSION function is added from PSCI v0.2. When the PSCI
	215	* v0.1 received this function, the NOT_SUPPORTED (0xffff_ffff) error
	216	* number will be returned according to SMC Calling Conventions. But
	217	* when getting the NOT_SUPPORTED error number, we cannot ensure if
	218	* the PSCI version is v0.1 or other error occurred. So, PSCI v0.1
	219	* won't be supported by this framework.
	220	* And if the secure firmware isn't running, return NOT_SUPPORTED.
	221	*
	222	* The return value on success is PSCI version in format
	223	* major[31:16]:minor[15:0].
	224	*/
	225	unsigned int sec_firmware_support_psci_version(void)
	226	{
	227	if (sec_firmware_addr & SEC_FIRMWARE_RUNNING)
	228	return _sec_firmware_support_psci_version();
	229
026f30ec	230	return PSCI_INVALID_VER;
b45db3b5 HZ	231	}
	232	#endif
	233
	234	/*
	235	* sec_firmware_init - Initialize the SEC Firmware
	236	* @sec_firmware_img: the SEC Firmware image address
	237	* @eret_hold_l: the address to hold exception return address low
	238	* @eret_hold_h: the address to hold exception return address high
	239	*/
	240	int sec_firmware_init(const void *sec_firmware_img,
	241	u32 *eret_hold_l,
	242	u32 *eret_hold_h)
	243	{
	244	int ret;
	245
	246	if (!sec_firmware_is_valid(sec_firmware_img))
	247	return -EINVAL;
	248
	249	ret = sec_firmware_load_image(sec_firmware_img);
	250	if (ret) {
	251	printf("SEC Firmware: Failed to load image\n");
	252	return ret;
	253	} else if (sec_firmware_addr & SEC_FIRMWARE_LOADED) {
	254	ret = sec_firmware_entry(eret_hold_l, eret_hold_h);
	255	if (ret) {
	256	printf("SEC Firmware: Failed to initialize\n");
	257	return ret;
	258	}
	259	}
	260
	261	debug("SEC Firmware: Return from SEC Firmware: current_el = %d\n",
	262	current_el());
	263
	264	/*
	265	* The PE will be turned into target EL when returned from
	266	* SEC Firmware.
	267	*/
	268	if (current_el() != SEC_FIRMWARE_TARGET_EL)
	269	return -EACCES;
	270
	271	sec_firmware_addr \|= SEC_FIRMWARE_RUNNING;
	272
	273	/* Set exception table and enable caches if it isn't EL3 */
	274	if (current_el() != 3) {
	275	c_runtime_cpu_setup();
	276	enable_caches();
	277	}
	278
	279	return 0;
	280	}