/* * Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this * list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * Neither the name of ARM nor the names of its contributors may be used * to endorse or promote products derived from this software without specific * prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include <arch.h> #include <arch_helpers.h> #include <assert.h> #include <auth.h> #include <bl_common.h> #include <debug.h> #include <platform.h> #include <platform_def.h> #include "bl1_private.h" /******************************************************************************* * Runs BL2 from the given entry point. It results in dropping the * exception level ******************************************************************************/ static void __dead2 bl1_run_bl2(entry_point_info_t *bl2_ep) { bl1_arch_next_el_setup(); /* Tell next EL what we want done */ bl2_ep->args.arg0 = RUN_IMAGE; if (GET_SECURITY_STATE(bl2_ep->h.attr) == NON_SECURE) change_security_state(GET_SECURITY_STATE(bl2_ep->h.attr)); write_spsr_el3(bl2_ep->spsr); write_elr_el3(bl2_ep->pc); eret(bl2_ep->args.arg0, bl2_ep->args.arg1, bl2_ep->args.arg2, bl2_ep->args.arg3, bl2_ep->args.arg4, bl2_ep->args.arg5, bl2_ep->args.arg6, bl2_ep->args.arg7); } /******************************************************************************* * The next function has a weak definition. Platform specific code can override * it if it wishes to. ******************************************************************************/ #pragma weak bl1_init_bl2_mem_layout /******************************************************************************* * Function that takes a memory layout into which BL2 has been loaded and * populates a new memory layout for BL2 that ensures that BL1's data sections * resident in secure RAM are not visible to BL2. ******************************************************************************/ void bl1_init_bl2_mem_layout(const meminfo_t *bl1_mem_layout, meminfo_t *bl2_mem_layout) { const size_t bl1_size = BL1_RAM_LIMIT - BL1_RAM_BASE; assert(bl1_mem_layout != NULL); assert(bl2_mem_layout != NULL); /* Check that BL1's memory is lying outside of the free memory */ assert((BL1_RAM_LIMIT <= bl1_mem_layout->free_base) || (BL1_RAM_BASE >= bl1_mem_layout->free_base + bl1_mem_layout->free_size)); /* Remove BL1 RW data from the scope of memory visible to BL2 */ *bl2_mem_layout = *bl1_mem_layout; reserve_mem(&bl2_mem_layout->total_base, &bl2_mem_layout->total_size, BL1_RAM_BASE, bl1_size); flush_dcache_range((unsigned long)bl2_mem_layout, sizeof(meminfo_t)); } /******************************************************************************* * Function to perform late architectural and platform specific initialization. * It also locates and loads the BL2 raw binary image in the trusted DRAM. Only * called by the primary cpu after a cold boot. * TODO: Add support for alternative image load mechanism e.g using virtio/elf * loader etc. ******************************************************************************/ void bl1_main(void) { /* Announce our arrival */ NOTICE(FIRMWARE_WELCOME_STR); NOTICE("BL1: %s\n", version_string); NOTICE("BL1: %s\n", build_message); INFO("BL1: RAM 0x%lx - 0x%lx\n", BL1_RAM_BASE, BL1_RAM_LIMIT); #if DEBUG unsigned long sctlr_el3 = read_sctlr_el3(); #endif image_info_t bl2_image_info = { {0} }; entry_point_info_t bl2_ep = { {0} }; meminfo_t *bl1_tzram_layout; meminfo_t *bl2_tzram_layout = 0x0; int err; /* * Ensure that MMU/Caches and coherency are turned on */ assert(sctlr_el3 | SCTLR_M_BIT); assert(sctlr_el3 | SCTLR_C_BIT); assert(sctlr_el3 | SCTLR_I_BIT); /* Perform remaining generic architectural setup from EL3 */ bl1_arch_setup(); /* Perform platform setup in BL1. */ bl1_platform_setup(); SET_PARAM_HEAD(&bl2_image_info, PARAM_IMAGE_BINARY, VERSION_1, 0); SET_PARAM_HEAD(&bl2_ep, PARAM_EP, VERSION_1, 0); /* Find out how much free trusted ram remains after BL1 load */ bl1_tzram_layout = bl1_plat_sec_mem_layout(); #if TRUSTED_BOARD_BOOT /* Initialize authentication module */ auth_init(); /* * Load the BL2 certificate into the BL2 region. This region will be * overwritten by the image, so the authentication module is responsible * for storing the relevant data from the certificate (keys, hashes, * etc.) so it can be used later. */ err = load_image(bl1_tzram_layout, BL2_CERT_NAME, BL2_BASE, &bl2_image_info, NULL); if (err) { ERROR("Failed to load BL2 certificate.\n"); panic(); } err = auth_verify_obj(AUTH_BL2_IMG_CERT, bl2_image_info.image_base, bl2_image_info.image_size); if (err) { ERROR("Failed to validate BL2 certificate.\n"); panic(); } #endif /* TRUSTED_BOARD_BOOT */ /* Load the BL2 image */ err = load_image(bl1_tzram_layout, BL2_IMAGE_NAME, BL2_BASE, &bl2_image_info, &bl2_ep); if (err) { /* * TODO: print failure to load BL2 but also add a tzwdog timer * which will reset the system eventually. */ ERROR("Failed to load BL2 firmware.\n"); panic(); } #if TRUSTED_BOARD_BOOT err = auth_verify_obj(AUTH_BL2_IMG, bl2_image_info.image_base, bl2_image_info.image_size); if (err) { ERROR("Failed to validate BL2 image.\n"); panic(); } /* After working with data, invalidate the data cache */ inv_dcache_range(bl2_image_info.image_base, (size_t)bl2_image_info.image_size); #endif /* TRUSTED_BOARD_BOOT */ /* * Create a new layout of memory for BL2 as seen by BL1 i.e. * tell it the amount of total and free memory available. * This layout is created at the first free address visible * to BL2. BL2 will read the memory layout before using its * memory for other purposes. */ bl2_tzram_layout = (meminfo_t *) bl1_tzram_layout->free_base; bl1_init_bl2_mem_layout(bl1_tzram_layout, bl2_tzram_layout); bl1_plat_set_bl2_ep_info(&bl2_image_info, &bl2_ep); bl2_ep.args.arg1 = (unsigned long)bl2_tzram_layout; NOTICE("BL1: Booting BL2\n"); INFO("BL1: BL2 address = 0x%llx\n", (unsigned long long) bl2_ep.pc); INFO("BL1: BL2 spsr = 0x%x\n", bl2_ep.spsr); VERBOSE("BL1: BL2 memory layout address = 0x%llx\n", (unsigned long long) bl2_tzram_layout); bl1_run_bl2(&bl2_ep); return; } /******************************************************************************* * Temporary function to print the fact that BL2 has done its job and BL31 is * about to be loaded. This is needed as long as printfs cannot be used ******************************************************************************/ void display_boot_progress(entry_point_info_t *bl31_ep_info) { NOTICE("BL1: Booting BL3-1\n"); INFO("BL1: BL3-1 address = 0x%llx\n", (unsigned long long)bl31_ep_info->pc); INFO("BL1: BL3-1 spsr = 0x%llx\n", (unsigned long long)bl31_ep_info->spsr); INFO("BL1: BL3-1 params address = 0x%llx\n", (unsigned long long)bl31_ep_info->args.arg0); INFO("BL1: BL3-1 plat params address = 0x%llx\n", (unsigned long long)bl31_ep_info->args.arg1); }