Patrick Georgi (pgeorgi@google.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/10249
-gerrit
commit 668f1948953e7cdd1fcf5f1f997f65edb667c938 Author: Julius Werner jwerner@chromium.org Date: Mon May 11 16:45:56 2015 -0700
arm64: Add support for using ARM Trusted Firmware as secure monitor
This patch adds support for integrating the runtime-resident component of ARM Trusted Firmware (github.com/ARM-software/arm-trusted-firmware) called BL31. It expects the ARM TF source tree to be checked out under $(top)/3rdparty/arm-trusted-firmware, which will be set up in a later patch.
Also include optional support for VBOOT2 verification (pretty hacky for now, since CBFSv1 is just around the corner and will make all this so much better).
BRANCH=None BUG=None TEST=Booted Oak with ARM TF and working PSCI (with additional platform patches).
Change-Id: I8c923226135bdf88a9a30a7f5ff163510c35608d Signed-off-by: Patrick Georgi pgeorgi@chromium.org Original-Commit-Id: a1b3b2d56b25bfc1f3b2d19bf7876205075a987a Original-Change-Id: I0714cc10b5b10779af53ecbe711ceeb89fb30da2 Original-Signed-off-by: Julius Werner jwerner@chromium.org Original-Reviewed-on: https://chromium-review.googlesource.com/270784 Original-Reviewed-by: Aaron Durbin adurbin@chromium.org --- src/arch/arm64/Kconfig | 6 ++ src/arch/arm64/Makefile.inc | 43 ++++++++++++++ src/arch/arm64/arm_tf.c | 98 ++++++++++++++++++++++++++++++++ src/arch/arm64/boot.c | 9 ++- src/arch/arm64/include/arm_tf.h | 34 +++++++++++ src/arch/arm64/include/arm_tf_temp.h | 107 +++++++++++++++++++++++++++++++++++ 6 files changed, 295 insertions(+), 2 deletions(-)
diff --git a/src/arch/arm64/Kconfig b/src/arch/arm64/Kconfig index fd53972..8ebf76e 100644 --- a/src/arch/arm64/Kconfig +++ b/src/arch/arm64/Kconfig @@ -33,8 +33,14 @@ config ARM64_USE_SECURE_MONITOR default n select RELOCATABLE_MODULES depends on ARCH_RAMSTAGE_ARM64 + depends on !ARM64_USE_ARM_TRUSTED_FIRMWARE
config ARM64_USE_SPINTABLE bool default n depends on ARCH_RAMSTAGE_ARM64 + +config ARM64_USE_ARM_TRUSTED_FIRMWARE + bool + default n + depends on ARCH_RAMSTAGE_ARM64 diff --git a/src/arch/arm64/Makefile.inc b/src/arch/arm64/Makefile.inc index 4a09190..b14e69e 100644 --- a/src/arch/arm64/Makefile.inc +++ b/src/arch/arm64/Makefile.inc @@ -154,6 +154,7 @@ ramstage-y += ../../lib/memmove.c ramstage-y += stage_entry.S ramstage-y += cpu-stubs.c ramstage-$(CONFIG_ARM64_USE_SPINTABLE) += spintable.c spintable_asm.S +ramstage-$(CONFIG_ARM64_USE_ARM_TRUSTED_FIRMWARE) += arm_tf.c ramstage-y += transition.c transition_asm.S
rmodules_arm64-y += ../../lib/memset.c @@ -179,4 +180,46 @@ $(objcbfs)/ramstage.debug: $$(ramstage-objs) @printf " CC $(subst $(obj)/,,$(@))\n" $(LD_ramstage) -nostdlib --gc-sections -o $@ -L$(obj) --start-group $(filter-out %.ld,$(ramstage-objs)) --end-group -T $(obj)/mainboard/$(MAINBOARDDIR)/memlayout.ramstage.ld
+# Build ARM Trusted Firmware (BL31) + +ifeq ($(CONFIG_ARM64_USE_ARM_TRUSTED_FIRMWARE),y) + +BL31_SOURCE := $(top)/3rdparty/arm-trusted-firmware + +BL31_MAKEARGS := PLAT=$(call strip_quotes,$(CONFIG_ARM_TF_PLATFORM_NAME)) + +ifeq ($(V),1) +BL31_MAKEARGS += V=1 +endif + +# Build ARM TF in debug mode (with serial output) if coreboot uses serial +ifeq ($(CONFIG_CONSOLE_SERIAL),y) +BL31_MAKEARGS += DEBUG=1 +endif # CONFIG_CONSOLE_SERIAL + +# Avoid build/release|build/debug distinction by overriding BUILD_PLAT directly +BL31_MAKEARGS += BUILD_PLAT="$(top)/$(obj)/3rdparty/arm-trusted-firmware" + +BL31_CFLAGS := -fno-pic -fno-stack-protector +BL31_LDFLAGS := --emit-relocs + +BL31 := $(obj)/3rdparty/arm-trusted-firmware/bl31/bl31.elf + +$(BL31): + @printf " MAKE $(subst $(obj)/,,$(@))\n" + CROSS_COMPILE="$(CROSS_COMPILE)" \ + CFLAGS="$(BL31_CFLAGS)" \ + LDFLAGS="$(BL31_LDFLAGS)" \ + $(MAKE) -C $(BL31_SOURCE) $(BL31_MAKEARGS) bl31 + +.PHONY: $(BL31) + +BL31_CBFS := $(call strip_quotes,$(CONFIG_CBFS_PREFIX))/bl31 +$(BL31_CBFS)-file := $(BL31) +$(BL31_CBFS)-type := stage +$(BL31_CBFS)-compression := $(CBFS_COMPRESS_FLAG) +cbfs-files-y += $(BL31_CBFS) + +endif # CONFIG_ARM64_USE_ARM_TRUSTED_FIRMWARE + endif # CONFIG_ARCH_RAMSTAGE_ARM64 diff --git a/src/arch/arm64/arm_tf.c b/src/arch/arm64/arm_tf.c new file mode 100644 index 0000000..c193fa7 --- /dev/null +++ b/src/arch/arm64/arm_tf.c @@ -0,0 +1,98 @@ +/* + * This file is part of the coreboot project. + * + * Copyright 2015 Google Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA, 02110-1301 USA + */ + +#include <arch/cache.h> +#include <arm_tf.h> +#include <assert.h> +#include <cbfs.h> +#include <cbmem.h> +#include <vendorcode/google/chromeos/vboot_handoff.h> + +/* + * TODO: Many of these structures are currently unused. Better not fill them out + * to make future changes fail fast, rather than try to come up with content + * that might turn out to not make sense. Implement later as required. + * +static image_info_t bl31_image_info; +static image_info_t bl32_image_info; +static image_info_t bl33_image_info; +static entry_point_info_t bl32_ep_info; + */ +static entry_point_info_t bl33_ep_info; +static bl31_params_t bl31_params; + +/* TODO: Replace with glorious new CBFSv1 solution when it's available. */ +static void *vboot_get_bl31(void) +{ + void *bl31_entry; + struct cbfs_media *media; + struct firmware_component *component; + struct vboot_handoff *handoff = cbmem_find(CBMEM_ID_VBOOT_HANDOFF); + + if (!handoff) + return NULL; + + assert(CONFIG_VBOOT_BL31_INDEX < MAX_PARSED_FW_COMPONENTS); + component = &handoff->components[CONFIG_VBOOT_BL31_INDEX]; + + /* components[] is zeroed out before filling, so size == 0 -> missing */ + if (!component->size) + return NULL; + + init_default_cbfs_media(media); + bl31_entry = cbfs_load_stage_by_offset(media, component->address); + if (bl31_entry == CBFS_LOAD_ERROR) + return NULL; + + printk(BIOS_INFO, "Loaded %u bytes verified BL31 from %#.8x to EP %p\n", + component->size, component->address, bl31_entry); + return bl31_entry; +} + +void arm_tf_run_bl31(u64 payload_entry, u64 payload_arg0, u64 payload_spsr) +{ + const char *bl31_filename = CONFIG_CBFS_PREFIX"/bl31"; + void (*bl31_entry)(bl31_params_t *params, void *plat_params) = NULL; + + if (IS_ENABLED(CONFIG_VBOOT2_VERIFY_FIRMWARE)) + bl31_entry = vboot_get_bl31(); + + if (!bl31_entry) { + bl31_entry = cbfs_load_stage(CBFS_DEFAULT_MEDIA, bl31_filename); + if (bl31_entry == CBFS_LOAD_ERROR) + die("BL31 not found in CBFS"); + } + + SET_PARAM_HEAD(&bl31_params, PARAM_BL31, VERSION_1, 0); + bl31_params.bl33_ep_info = &bl33_ep_info; + + SET_PARAM_HEAD(&bl33_ep_info, PARAM_EP, VERSION_1, PARAM_EP_NON_SECURE); + bl33_ep_info.pc = payload_entry; + bl33_ep_info.spsr = payload_spsr; + bl33_ep_info.args.arg0 = payload_arg0; + + /* May update bl31_params if necessary. Must flush all added structs. */ + void *bl31_plat_params = soc_get_bl31_plat_params(&bl31_params); + + dcache_clean_by_mva(&bl31_params, sizeof(bl31_params)); + dcache_clean_by_mva(&bl33_ep_info, sizeof(bl33_ep_info)); + dcache_mmu_disable(); + bl31_entry(&bl31_params, bl31_plat_params); + die("BL31 returned!"); +} diff --git a/src/arch/arm64/boot.c b/src/arch/arm64/boot.c index 1d9987a..f67f825 100644 --- a/src/arch/arm64/boot.c +++ b/src/arch/arm64/boot.c @@ -23,6 +23,8 @@ #include <arch/stages.h> #include <arch/spintable.h> #include <arch/transition.h> +#include <arm_tf.h> +#include <cbmem.h> #include <console/console.h> #include <program_loading.h> #include <rules.h> @@ -35,8 +37,11 @@ static void run_payload(struct prog *prog)
doit = prog_entry(prog); arg = prog_entry_arg(prog); + u64 payload_spsr = get_eret_el(EL2, SPSR_USE_L);
- if (IS_ENABLED(CONFIG_ARM64_USE_SECURE_MONITOR)) + if (IS_ENABLED(CONFIG_ARM64_USE_ARM_TRUSTED_FIRMWARE)) + arm_tf_run_bl31((u64)doit, (u64)arg, payload_spsr); + else if (IS_ENABLED(CONFIG_ARM64_USE_SECURE_MONITOR)) secmon_run(doit, arg); else { uint8_t current_el = get_current_el(); @@ -56,7 +61,7 @@ static void run_payload(struct prog *prog) /* If current EL is EL3, we transition to payload in EL2. */ struct exc_state exc_state; memset(&exc_state, 0, sizeof(exc_state)); - exc_state.elx.spsr = get_eret_el(EL2, SPSR_USE_L); + exc_state.elx.spsr = payload_spsr;
transition_with_entry(doit, arg, &exc_state); } diff --git a/src/arch/arm64/include/arm_tf.h b/src/arch/arm64/include/arm_tf.h new file mode 100644 index 0000000..af74c81 --- /dev/null +++ b/src/arch/arm64/include/arm_tf.h @@ -0,0 +1,34 @@ +/* + * This file is part of the coreboot project. + * + * Copyright 2015 Google Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA, 02110-1301 USA + */ + +#ifndef __ARM_TF_H__ +#define __ARM_TF_H__ + +#include <types.h> + +/* TODO: Pull in directly from ARM TF once its headers have been reorganized. */ +#include <arm_tf_temp.h> + +/* Load and enter BL31, set it up to exit to payload according to arguments. */ +void arm_tf_run_bl31(u64 payload_entry, u64 payload_arg0, u64 payload_spsr); + +/* Return platform-specific bl31_plat_params. May update bl31_params. */ +void *soc_get_bl31_plat_params(bl31_params_t *bl31_params); + +#endif /* __ARM_TF_H__ */ diff --git a/src/arch/arm64/include/arm_tf_temp.h b/src/arch/arm64/include/arm_tf_temp.h new file mode 100644 index 0000000..c9fe8c1 --- /dev/null +++ b/src/arch/arm64/include/arm_tf_temp.h @@ -0,0 +1,107 @@ +/* + * Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of ARM nor the names of its contributors may be used + * to endorse or promote products derived from this software without specific + * prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __ARM_TF_TEMP_H__ +#define __ARM_TF_TEMP_H__ + +#include <types.h> + +/* + * Code temporarily copied from arm-trusted-firmware/include/common/bl_common.h, + * since it tries to pull in a few too many standard C headers and needs to be + * cleaned up a bit before we can include it directly. + */ + +#define PARAM_EP_SECURE 0x0 +#define PARAM_EP_NON_SECURE 0x1 +#define PARAM_EP_SECURITY_MASK 0x1 + +#define PARAM_EP_EE_MASK 0x2 +#define PARAM_EP_EE_LITTLE 0x0 +#define PARAM_EP_EE_BIG 0x2 + +#define PARAM_EP_ST_MASK 0x4 +#define PARAM_EP_ST_DISABLE 0x0 +#define PARAM_EP_ST_ENABLE 0x4 + +#define PARAM_EP 0x01 +#define PARAM_IMAGE_BINARY 0x02 +#define PARAM_BL31 0x03 + +#define VERSION_1 0x01 + +#define SET_PARAM_HEAD(_p, _type, _ver, _attr) do { \ + (_p)->h.type = (uint8_t)(_type); \ + (_p)->h.version = (uint8_t)(_ver); \ + (_p)->h.size = (uint16_t)sizeof(*_p); \ + (_p)->h.attr = (uint32_t)(_attr) ; \ + } while (0) + +typedef struct aapcs64_params { + unsigned long arg0; + unsigned long arg1; + unsigned long arg2; + unsigned long arg3; + unsigned long arg4; + unsigned long arg5; + unsigned long arg6; + unsigned long arg7; +} aapcs64_params_t; + +typedef struct param_header { + uint8_t type; /* type of the structure */ + uint8_t version; /* version of this structure */ + uint16_t size; /* size of this structure in bytes */ + uint32_t attr; /* attributes: unused bits SBZ */ +} param_header_t; + +typedef struct entry_point_info { + param_header_t h; + uintptr_t pc; + uint32_t spsr; + aapcs64_params_t args; +} entry_point_info_t; + +typedef struct image_info { + param_header_t h; + uintptr_t image_base; /* physical address of base of image */ + uint32_t image_size; /* bytes read from image file */ +} image_info_t; + +typedef struct bl31_params { + param_header_t h; + image_info_t *bl31_image_info; + entry_point_info_t *bl32_ep_info; + image_info_t *bl32_image_info; + entry_point_info_t *bl33_ep_info; + image_info_t *bl33_image_info; +} bl31_params_t; + +#endif /* __ARM_TF_H__ */