[coreboot-gerrit] New patch to review for coreboot: 668f194 arm64: Add support for using ARM Trusted Firmware as secure monitor
Patrick Georgi (pgeorgi@google.com)
gerrit at coreboot.org
Tue May 19 13:43:49 CEST 2015
Patrick Georgi (pgeorgi at google.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/10249
-gerrit
commit 668f1948953e7cdd1fcf5f1f997f65edb667c938
Author: Julius Werner <jwerner at chromium.org>
Date: Mon May 11 16:45:56 2015 -0700
arm64: Add support for using ARM Trusted Firmware as secure monitor
This patch adds support for integrating the runtime-resident component
of ARM Trusted Firmware (github.com/ARM-software/arm-trusted-firmware)
called BL31. It expects the ARM TF source tree to be checked out under
$(top)/3rdparty/arm-trusted-firmware, which will be set up in a later
patch.
Also include optional support for VBOOT2 verification (pretty hacky for
now, since CBFSv1 is just around the corner and will make all this so
much better).
BRANCH=None
BUG=None
TEST=Booted Oak with ARM TF and working PSCI (with additional platform
patches).
Change-Id: I8c923226135bdf88a9a30a7f5ff163510c35608d
Signed-off-by: Patrick Georgi <pgeorgi at chromium.org>
Original-Commit-Id: a1b3b2d56b25bfc1f3b2d19bf7876205075a987a
Original-Change-Id: I0714cc10b5b10779af53ecbe711ceeb89fb30da2
Original-Signed-off-by: Julius Werner <jwerner at chromium.org>
Original-Reviewed-on: https://chromium-review.googlesource.com/270784
Original-Reviewed-by: Aaron Durbin <adurbin at chromium.org>
---
src/arch/arm64/Kconfig | 6 ++
src/arch/arm64/Makefile.inc | 43 ++++++++++++++
src/arch/arm64/arm_tf.c | 98 ++++++++++++++++++++++++++++++++
src/arch/arm64/boot.c | 9 ++-
src/arch/arm64/include/arm_tf.h | 34 +++++++++++
src/arch/arm64/include/arm_tf_temp.h | 107 +++++++++++++++++++++++++++++++++++
6 files changed, 295 insertions(+), 2 deletions(-)
diff --git a/src/arch/arm64/Kconfig b/src/arch/arm64/Kconfig
index fd53972..8ebf76e 100644
--- a/src/arch/arm64/Kconfig
+++ b/src/arch/arm64/Kconfig
@@ -33,8 +33,14 @@ config ARM64_USE_SECURE_MONITOR
default n
select RELOCATABLE_MODULES
depends on ARCH_RAMSTAGE_ARM64
+ depends on !ARM64_USE_ARM_TRUSTED_FIRMWARE
config ARM64_USE_SPINTABLE
bool
default n
depends on ARCH_RAMSTAGE_ARM64
+
+config ARM64_USE_ARM_TRUSTED_FIRMWARE
+ bool
+ default n
+ depends on ARCH_RAMSTAGE_ARM64
diff --git a/src/arch/arm64/Makefile.inc b/src/arch/arm64/Makefile.inc
index 4a09190..b14e69e 100644
--- a/src/arch/arm64/Makefile.inc
+++ b/src/arch/arm64/Makefile.inc
@@ -154,6 +154,7 @@ ramstage-y += ../../lib/memmove.c
ramstage-y += stage_entry.S
ramstage-y += cpu-stubs.c
ramstage-$(CONFIG_ARM64_USE_SPINTABLE) += spintable.c spintable_asm.S
+ramstage-$(CONFIG_ARM64_USE_ARM_TRUSTED_FIRMWARE) += arm_tf.c
ramstage-y += transition.c transition_asm.S
rmodules_arm64-y += ../../lib/memset.c
@@ -179,4 +180,46 @@ $(objcbfs)/ramstage.debug: $$(ramstage-objs)
@printf " CC $(subst $(obj)/,,$(@))\n"
$(LD_ramstage) -nostdlib --gc-sections -o $@ -L$(obj) --start-group $(filter-out %.ld,$(ramstage-objs)) --end-group -T $(obj)/mainboard/$(MAINBOARDDIR)/memlayout.ramstage.ld
+# Build ARM Trusted Firmware (BL31)
+
+ifeq ($(CONFIG_ARM64_USE_ARM_TRUSTED_FIRMWARE),y)
+
+BL31_SOURCE := $(top)/3rdparty/arm-trusted-firmware
+
+BL31_MAKEARGS := PLAT=$(call strip_quotes,$(CONFIG_ARM_TF_PLATFORM_NAME))
+
+ifeq ($(V),1)
+BL31_MAKEARGS += V=1
+endif
+
+# Build ARM TF in debug mode (with serial output) if coreboot uses serial
+ifeq ($(CONFIG_CONSOLE_SERIAL),y)
+BL31_MAKEARGS += DEBUG=1
+endif # CONFIG_CONSOLE_SERIAL
+
+# Avoid build/release|build/debug distinction by overriding BUILD_PLAT directly
+BL31_MAKEARGS += BUILD_PLAT="$(top)/$(obj)/3rdparty/arm-trusted-firmware"
+
+BL31_CFLAGS := -fno-pic -fno-stack-protector
+BL31_LDFLAGS := --emit-relocs
+
+BL31 := $(obj)/3rdparty/arm-trusted-firmware/bl31/bl31.elf
+
+$(BL31):
+ @printf " MAKE $(subst $(obj)/,,$(@))\n"
+ CROSS_COMPILE="$(CROSS_COMPILE)" \
+ CFLAGS="$(BL31_CFLAGS)" \
+ LDFLAGS="$(BL31_LDFLAGS)" \
+ $(MAKE) -C $(BL31_SOURCE) $(BL31_MAKEARGS) bl31
+
+.PHONY: $(BL31)
+
+BL31_CBFS := $(call strip_quotes,$(CONFIG_CBFS_PREFIX))/bl31
+$(BL31_CBFS)-file := $(BL31)
+$(BL31_CBFS)-type := stage
+$(BL31_CBFS)-compression := $(CBFS_COMPRESS_FLAG)
+cbfs-files-y += $(BL31_CBFS)
+
+endif # CONFIG_ARM64_USE_ARM_TRUSTED_FIRMWARE
+
endif # CONFIG_ARCH_RAMSTAGE_ARM64
diff --git a/src/arch/arm64/arm_tf.c b/src/arch/arm64/arm_tf.c
new file mode 100644
index 0000000..c193fa7
--- /dev/null
+++ b/src/arch/arm64/arm_tf.c
@@ -0,0 +1,98 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright 2015 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA, 02110-1301 USA
+ */
+
+#include <arch/cache.h>
+#include <arm_tf.h>
+#include <assert.h>
+#include <cbfs.h>
+#include <cbmem.h>
+#include <vendorcode/google/chromeos/vboot_handoff.h>
+
+/*
+ * TODO: Many of these structures are currently unused. Better not fill them out
+ * to make future changes fail fast, rather than try to come up with content
+ * that might turn out to not make sense. Implement later as required.
+ *
+static image_info_t bl31_image_info;
+static image_info_t bl32_image_info;
+static image_info_t bl33_image_info;
+static entry_point_info_t bl32_ep_info;
+ */
+static entry_point_info_t bl33_ep_info;
+static bl31_params_t bl31_params;
+
+/* TODO: Replace with glorious new CBFSv1 solution when it's available. */
+static void *vboot_get_bl31(void)
+{
+ void *bl31_entry;
+ struct cbfs_media *media;
+ struct firmware_component *component;
+ struct vboot_handoff *handoff = cbmem_find(CBMEM_ID_VBOOT_HANDOFF);
+
+ if (!handoff)
+ return NULL;
+
+ assert(CONFIG_VBOOT_BL31_INDEX < MAX_PARSED_FW_COMPONENTS);
+ component = &handoff->components[CONFIG_VBOOT_BL31_INDEX];
+
+ /* components[] is zeroed out before filling, so size == 0 -> missing */
+ if (!component->size)
+ return NULL;
+
+ init_default_cbfs_media(media);
+ bl31_entry = cbfs_load_stage_by_offset(media, component->address);
+ if (bl31_entry == CBFS_LOAD_ERROR)
+ return NULL;
+
+ printk(BIOS_INFO, "Loaded %u bytes verified BL31 from %#.8x to EP %p\n",
+ component->size, component->address, bl31_entry);
+ return bl31_entry;
+}
+
+void arm_tf_run_bl31(u64 payload_entry, u64 payload_arg0, u64 payload_spsr)
+{
+ const char *bl31_filename = CONFIG_CBFS_PREFIX"/bl31";
+ void (*bl31_entry)(bl31_params_t *params, void *plat_params) = NULL;
+
+ if (IS_ENABLED(CONFIG_VBOOT2_VERIFY_FIRMWARE))
+ bl31_entry = vboot_get_bl31();
+
+ if (!bl31_entry) {
+ bl31_entry = cbfs_load_stage(CBFS_DEFAULT_MEDIA, bl31_filename);
+ if (bl31_entry == CBFS_LOAD_ERROR)
+ die("BL31 not found in CBFS");
+ }
+
+ SET_PARAM_HEAD(&bl31_params, PARAM_BL31, VERSION_1, 0);
+ bl31_params.bl33_ep_info = &bl33_ep_info;
+
+ SET_PARAM_HEAD(&bl33_ep_info, PARAM_EP, VERSION_1, PARAM_EP_NON_SECURE);
+ bl33_ep_info.pc = payload_entry;
+ bl33_ep_info.spsr = payload_spsr;
+ bl33_ep_info.args.arg0 = payload_arg0;
+
+ /* May update bl31_params if necessary. Must flush all added structs. */
+ void *bl31_plat_params = soc_get_bl31_plat_params(&bl31_params);
+
+ dcache_clean_by_mva(&bl31_params, sizeof(bl31_params));
+ dcache_clean_by_mva(&bl33_ep_info, sizeof(bl33_ep_info));
+ dcache_mmu_disable();
+ bl31_entry(&bl31_params, bl31_plat_params);
+ die("BL31 returned!");
+}
diff --git a/src/arch/arm64/boot.c b/src/arch/arm64/boot.c
index 1d9987a..f67f825 100644
--- a/src/arch/arm64/boot.c
+++ b/src/arch/arm64/boot.c
@@ -23,6 +23,8 @@
#include <arch/stages.h>
#include <arch/spintable.h>
#include <arch/transition.h>
+#include <arm_tf.h>
+#include <cbmem.h>
#include <console/console.h>
#include <program_loading.h>
#include <rules.h>
@@ -35,8 +37,11 @@ static void run_payload(struct prog *prog)
doit = prog_entry(prog);
arg = prog_entry_arg(prog);
+ u64 payload_spsr = get_eret_el(EL2, SPSR_USE_L);
- if (IS_ENABLED(CONFIG_ARM64_USE_SECURE_MONITOR))
+ if (IS_ENABLED(CONFIG_ARM64_USE_ARM_TRUSTED_FIRMWARE))
+ arm_tf_run_bl31((u64)doit, (u64)arg, payload_spsr);
+ else if (IS_ENABLED(CONFIG_ARM64_USE_SECURE_MONITOR))
secmon_run(doit, arg);
else {
uint8_t current_el = get_current_el();
@@ -56,7 +61,7 @@ static void run_payload(struct prog *prog)
/* If current EL is EL3, we transition to payload in EL2. */
struct exc_state exc_state;
memset(&exc_state, 0, sizeof(exc_state));
- exc_state.elx.spsr = get_eret_el(EL2, SPSR_USE_L);
+ exc_state.elx.spsr = payload_spsr;
transition_with_entry(doit, arg, &exc_state);
}
diff --git a/src/arch/arm64/include/arm_tf.h b/src/arch/arm64/include/arm_tf.h
new file mode 100644
index 0000000..af74c81
--- /dev/null
+++ b/src/arch/arm64/include/arm_tf.h
@@ -0,0 +1,34 @@
+/*
+ * This file is part of the coreboot project.
+ *
+ * Copyright 2015 Google Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA, 02110-1301 USA
+ */
+
+#ifndef __ARM_TF_H__
+#define __ARM_TF_H__
+
+#include <types.h>
+
+/* TODO: Pull in directly from ARM TF once its headers have been reorganized. */
+#include <arm_tf_temp.h>
+
+/* Load and enter BL31, set it up to exit to payload according to arguments. */
+void arm_tf_run_bl31(u64 payload_entry, u64 payload_arg0, u64 payload_spsr);
+
+/* Return platform-specific bl31_plat_params. May update bl31_params. */
+void *soc_get_bl31_plat_params(bl31_params_t *bl31_params);
+
+#endif /* __ARM_TF_H__ */
diff --git a/src/arch/arm64/include/arm_tf_temp.h b/src/arch/arm64/include/arm_tf_temp.h
new file mode 100644
index 0000000..c9fe8c1
--- /dev/null
+++ b/src/arch/arm64/include/arm_tf_temp.h
@@ -0,0 +1,107 @@
+/*
+ * Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __ARM_TF_TEMP_H__
+#define __ARM_TF_TEMP_H__
+
+#include <types.h>
+
+/*
+ * Code temporarily copied from arm-trusted-firmware/include/common/bl_common.h,
+ * since it tries to pull in a few too many standard C headers and needs to be
+ * cleaned up a bit before we can include it directly.
+ */
+
+#define PARAM_EP_SECURE 0x0
+#define PARAM_EP_NON_SECURE 0x1
+#define PARAM_EP_SECURITY_MASK 0x1
+
+#define PARAM_EP_EE_MASK 0x2
+#define PARAM_EP_EE_LITTLE 0x0
+#define PARAM_EP_EE_BIG 0x2
+
+#define PARAM_EP_ST_MASK 0x4
+#define PARAM_EP_ST_DISABLE 0x0
+#define PARAM_EP_ST_ENABLE 0x4
+
+#define PARAM_EP 0x01
+#define PARAM_IMAGE_BINARY 0x02
+#define PARAM_BL31 0x03
+
+#define VERSION_1 0x01
+
+#define SET_PARAM_HEAD(_p, _type, _ver, _attr) do { \
+ (_p)->h.type = (uint8_t)(_type); \
+ (_p)->h.version = (uint8_t)(_ver); \
+ (_p)->h.size = (uint16_t)sizeof(*_p); \
+ (_p)->h.attr = (uint32_t)(_attr) ; \
+ } while (0)
+
+typedef struct aapcs64_params {
+ unsigned long arg0;
+ unsigned long arg1;
+ unsigned long arg2;
+ unsigned long arg3;
+ unsigned long arg4;
+ unsigned long arg5;
+ unsigned long arg6;
+ unsigned long arg7;
+} aapcs64_params_t;
+
+typedef struct param_header {
+ uint8_t type; /* type of the structure */
+ uint8_t version; /* version of this structure */
+ uint16_t size; /* size of this structure in bytes */
+ uint32_t attr; /* attributes: unused bits SBZ */
+} param_header_t;
+
+typedef struct entry_point_info {
+ param_header_t h;
+ uintptr_t pc;
+ uint32_t spsr;
+ aapcs64_params_t args;
+} entry_point_info_t;
+
+typedef struct image_info {
+ param_header_t h;
+ uintptr_t image_base; /* physical address of base of image */
+ uint32_t image_size; /* bytes read from image file */
+} image_info_t;
+
+typedef struct bl31_params {
+ param_header_t h;
+ image_info_t *bl31_image_info;
+ entry_point_info_t *bl32_ep_info;
+ image_info_t *bl32_image_info;
+ entry_point_info_t *bl33_ep_info;
+ image_info_t *bl33_image_info;
+} bl31_params_t;
+
+#endif /* __ARM_TF_H__ */
More information about the coreboot-gerrit
mailing list