1 /* 2 * Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are met: 6 * 7 * Redistributions of source code must retain the above copyright notice, this 8 * list of conditions and the following disclaimer. 9 * 10 * Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 14 * Neither the name of ARM nor the names of its contributors may be used 15 * to endorse or promote products derived from this software without specific 16 * prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28 * POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #include <arch.h> 32 #include <arch_helpers.h> 33 #include <assert.h> 34 #include <auth.h> 35 #include <bl_common.h> 36 #include <debug.h> 37 #include <platform.h> 38 #include <platform_def.h> 39 #include "bl1_private.h" 40 41 /******************************************************************************* 42 * Runs BL2 from the given entry point. It results in dropping the 43 * exception level 44 ******************************************************************************/ 45 static void __dead2 bl1_run_bl2(entry_point_info_t *bl2_ep) 46 { 47 bl1_arch_next_el_setup(); 48 49 /* Tell next EL what we want done */ 50 bl2_ep->args.arg0 = RUN_IMAGE; 51 52 if (GET_SECURITY_STATE(bl2_ep->h.attr) == NON_SECURE) 53 change_security_state(GET_SECURITY_STATE(bl2_ep->h.attr)); 54 55 write_spsr_el3(bl2_ep->spsr); 56 write_elr_el3(bl2_ep->pc); 57 58 eret(bl2_ep->args.arg0, 59 bl2_ep->args.arg1, 60 bl2_ep->args.arg2, 61 bl2_ep->args.arg3, 62 bl2_ep->args.arg4, 63 bl2_ep->args.arg5, 64 bl2_ep->args.arg6, 65 bl2_ep->args.arg7); 66 } 67 68 /******************************************************************************* 69 * The next function has a weak definition. Platform specific code can override 70 * it if it wishes to. 71 ******************************************************************************/ 72 #pragma weak bl1_init_bl2_mem_layout 73 74 /******************************************************************************* 75 * Function that takes a memory layout into which BL2 has been loaded and 76 * populates a new memory layout for BL2 that ensures that BL1's data sections 77 * resident in secure RAM are not visible to BL2. 78 ******************************************************************************/ 79 void bl1_init_bl2_mem_layout(const meminfo_t *bl1_mem_layout, 80 meminfo_t *bl2_mem_layout) 81 { 82 const size_t bl1_size = BL1_RAM_LIMIT - BL1_RAM_BASE; 83 84 assert(bl1_mem_layout != NULL); 85 assert(bl2_mem_layout != NULL); 86 87 /* Check that BL1's memory is lying outside of the free memory */ 88 assert((BL1_RAM_LIMIT <= bl1_mem_layout->free_base) || 89 (BL1_RAM_BASE >= bl1_mem_layout->free_base + bl1_mem_layout->free_size)); 90 91 /* Remove BL1 RW data from the scope of memory visible to BL2 */ 92 *bl2_mem_layout = *bl1_mem_layout; 93 reserve_mem(&bl2_mem_layout->total_base, 94 &bl2_mem_layout->total_size, 95 BL1_RAM_BASE, 96 bl1_size); 97 98 flush_dcache_range((unsigned long)bl2_mem_layout, sizeof(meminfo_t)); 99 } 100 101 /******************************************************************************* 102 * Function to perform late architectural and platform specific initialization. 103 * It also locates and loads the BL2 raw binary image in the trusted DRAM. Only 104 * called by the primary cpu after a cold boot. 105 * TODO: Add support for alternative image load mechanism e.g using virtio/elf 106 * loader etc. 107 ******************************************************************************/ 108 void bl1_main(void) 109 { 110 /* Announce our arrival */ 111 NOTICE(FIRMWARE_WELCOME_STR); 112 NOTICE("BL1: %s\n", version_string); 113 NOTICE("BL1: %s\n", build_message); 114 115 INFO("BL1: RAM 0x%lx - 0x%lx\n", BL1_RAM_BASE, BL1_RAM_LIMIT); 116 117 #if DEBUG 118 unsigned long sctlr_el3 = read_sctlr_el3(); 119 #endif 120 image_info_t bl2_image_info = { {0} }; 121 entry_point_info_t bl2_ep = { {0} }; 122 meminfo_t *bl1_tzram_layout; 123 meminfo_t *bl2_tzram_layout = 0x0; 124 int err; 125 126 /* 127 * Ensure that MMU/Caches and coherency are turned on 128 */ 129 assert(sctlr_el3 | SCTLR_M_BIT); 130 assert(sctlr_el3 | SCTLR_C_BIT); 131 assert(sctlr_el3 | SCTLR_I_BIT); 132 133 /* Perform remaining generic architectural setup from EL3 */ 134 bl1_arch_setup(); 135 136 /* Perform platform setup in BL1. */ 137 bl1_platform_setup(); 138 139 SET_PARAM_HEAD(&bl2_image_info, PARAM_IMAGE_BINARY, VERSION_1, 0); 140 SET_PARAM_HEAD(&bl2_ep, PARAM_EP, VERSION_1, 0); 141 142 /* Find out how much free trusted ram remains after BL1 load */ 143 bl1_tzram_layout = bl1_plat_sec_mem_layout(); 144 145 #if TRUSTED_BOARD_BOOT 146 /* Initialize authentication module */ 147 auth_init(); 148 149 /* 150 * Load the BL2 certificate into the BL2 region. This region will be 151 * overwritten by the image, so the authentication module is responsible 152 * for storing the relevant data from the certificate (keys, hashes, 153 * etc.) so it can be used later. 154 */ 155 err = load_image(bl1_tzram_layout, 156 BL2_CERT_NAME, 157 BL2_BASE, 158 &bl2_image_info, 159 NULL); 160 if (err) { 161 ERROR("Failed to load BL2 certificate.\n"); 162 panic(); 163 } 164 165 err = auth_verify_obj(AUTH_BL2_IMG_CERT, bl2_image_info.image_base, 166 bl2_image_info.image_size); 167 if (err) { 168 ERROR("Failed to validate BL2 certificate.\n"); 169 panic(); 170 } 171 #endif /* TRUSTED_BOARD_BOOT */ 172 173 /* Load the BL2 image */ 174 err = load_image(bl1_tzram_layout, 175 BL2_IMAGE_NAME, 176 BL2_BASE, 177 &bl2_image_info, 178 &bl2_ep); 179 if (err) { 180 /* 181 * TODO: print failure to load BL2 but also add a tzwdog timer 182 * which will reset the system eventually. 183 */ 184 ERROR("Failed to load BL2 firmware.\n"); 185 panic(); 186 } 187 188 #if TRUSTED_BOARD_BOOT 189 err = auth_verify_obj(AUTH_BL2_IMG, bl2_image_info.image_base, 190 bl2_image_info.image_size); 191 if (err) { 192 ERROR("Failed to validate BL2 image.\n"); 193 panic(); 194 } 195 196 /* After working with data, invalidate the data cache */ 197 inv_dcache_range(bl2_image_info.image_base, 198 (size_t)bl2_image_info.image_size); 199 #endif /* TRUSTED_BOARD_BOOT */ 200 201 /* 202 * Create a new layout of memory for BL2 as seen by BL1 i.e. 203 * tell it the amount of total and free memory available. 204 * This layout is created at the first free address visible 205 * to BL2. BL2 will read the memory layout before using its 206 * memory for other purposes. 207 */ 208 bl2_tzram_layout = (meminfo_t *) bl1_tzram_layout->free_base; 209 bl1_init_bl2_mem_layout(bl1_tzram_layout, bl2_tzram_layout); 210 211 bl1_plat_set_bl2_ep_info(&bl2_image_info, &bl2_ep); 212 bl2_ep.args.arg1 = (unsigned long)bl2_tzram_layout; 213 NOTICE("BL1: Booting BL2\n"); 214 INFO("BL1: BL2 address = 0x%llx\n", 215 (unsigned long long) bl2_ep.pc); 216 INFO("BL1: BL2 spsr = 0x%x\n", bl2_ep.spsr); 217 VERBOSE("BL1: BL2 memory layout address = 0x%llx\n", 218 (unsigned long long) bl2_tzram_layout); 219 220 bl1_run_bl2(&bl2_ep); 221 222 return; 223 } 224 225 /******************************************************************************* 226 * Temporary function to print the fact that BL2 has done its job and BL31 is 227 * about to be loaded. This is needed as long as printfs cannot be used 228 ******************************************************************************/ 229 void display_boot_progress(entry_point_info_t *bl31_ep_info) 230 { 231 NOTICE("BL1: Booting BL3-1\n"); 232 INFO("BL1: BL3-1 address = 0x%llx\n", 233 (unsigned long long)bl31_ep_info->pc); 234 INFO("BL1: BL3-1 spsr = 0x%llx\n", 235 (unsigned long long)bl31_ep_info->spsr); 236 INFO("BL1: BL3-1 params address = 0x%llx\n", 237 (unsigned long long)bl31_ep_info->args.arg0); 238 INFO("BL1: BL3-1 plat params address = 0x%llx\n", 239 (unsigned long long)bl31_ep_info->args.arg1); 240 } 241
