1 /*
2 * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #include <assert.h>
8 #include <string.h>
9
10 #include <libfdt.h>
11
12 #include <platform_def.h>
13
14 #include <arch_helpers.h>
15 #include <common/bl_common.h>
16 #include <common/debug.h>
17 #include <common/desc_image_load.h>
18 #include <common/fdt_fixup.h>
19 #include <common/fdt_wrappers.h>
20 #include <lib/optee_utils.h>
21 #if TRANSFER_LIST
22 #include <lib/transfer_list.h>
23 #endif
24 #include <lib/utils.h>
25 #include <plat/common/platform.h>
26
27 #include "qemu_private.h"
28
29 #define MAP_BL2_TOTAL MAP_REGION_FLAT( \
30 bl2_tzram_layout.total_base, \
31 bl2_tzram_layout.total_size, \
32 MT_MEMORY | MT_RW | MT_SECURE)
33
34 #define MAP_BL2_RO MAP_REGION_FLAT( \
35 BL_CODE_BASE, \
36 BL_CODE_END - BL_CODE_BASE, \
37 MT_CODE | MT_SECURE), \
38 MAP_REGION_FLAT( \
39 BL_RO_DATA_BASE, \
40 BL_RO_DATA_END \
41 - BL_RO_DATA_BASE, \
42 MT_RO_DATA | MT_SECURE)
43
44 #if USE_COHERENT_MEM
45 #define MAP_BL_COHERENT_RAM MAP_REGION_FLAT( \
46 BL_COHERENT_RAM_BASE, \
47 BL_COHERENT_RAM_END \
48 - BL_COHERENT_RAM_BASE, \
49 MT_DEVICE | MT_RW | MT_SECURE)
50 #endif
51
52 /* Data structure which holds the extents of the trusted SRAM for BL2 */
53 static meminfo_t bl2_tzram_layout __aligned(CACHE_WRITEBACK_GRANULE);
54 #if TRANSFER_LIST
55 static struct transfer_list_header *bl2_tl;
56 #endif
57
bl2_early_platform_setup2(u_register_t arg0,u_register_t arg1,u_register_t arg2,u_register_t arg3)58 void bl2_early_platform_setup2(u_register_t arg0, u_register_t arg1,
59 u_register_t arg2, u_register_t arg3)
60 {
61 meminfo_t *mem_layout = (void *)arg1;
62
63 /* Initialize the console to provide early debug support */
64 qemu_console_init();
65
66 /* Setup the BL2 memory layout */
67 bl2_tzram_layout = *mem_layout;
68
69 plat_qemu_io_setup();
70 }
71
security_setup(void)72 static void security_setup(void)
73 {
74 /*
75 * This is where a TrustZone address space controller and other
76 * security related peripherals, would be configured.
77 */
78 }
79
80 #ifdef SPD_trusty
81
82 #define GIC_SPI 0
83 #define GIC_PPI 1
84
spd_add_dt_node(void * fdt)85 static int spd_add_dt_node(void *fdt)
86 {
87 int offs, trusty_offs, root_offs;
88 int gic, ipi;
89 int len;
90 const uint32_t *prop;
91
92 if (fdt_path_offset(fdt, "/trusty") >= 0) {
93 WARN("Trusty Device Tree node already exists!\n");
94 return 0;
95 }
96
97 offs = fdt_node_offset_by_compatible(fdt, -1, "arm,cortex-a15-gic");
98 if (offs < 0)
99 offs = fdt_node_offset_by_compatible(fdt, -1, "arm,gic-v3");
100
101 if (offs < 0)
102 return -1;
103 gic = fdt_get_phandle(fdt, offs);
104 if (!gic) {
105 WARN("Failed to get gic phandle\n");
106 return -1;
107 }
108 INFO("Found gic phandle 0x%x\n", gic);
109
110 offs = fdt_path_offset(fdt, "/");
111 if (offs < 0)
112 return -1;
113 root_offs = offs;
114
115 /* CustomIPI node for pre 5.10 linux driver */
116 offs = fdt_add_subnode(fdt, offs, "interrupt-controller");
117 if (offs < 0)
118 return -1;
119 ipi = fdt_get_max_phandle(fdt) + 1;
120 if (fdt_setprop_u32(fdt, offs, "phandle", 1))
121 return -1;
122 INFO("Found ipi phandle 0x%x\n", ipi);
123
124 ipi = fdt_get_phandle(fdt, offs);
125 if (!ipi) {
126 WARN("Failed to get ipi phandle\n");
127 return -1;
128 }
129
130 if (fdt_appendprop_string(fdt, offs, "compatible", "android,CustomIPI"))
131 return -1;
132 if (fdt_setprop_u32(fdt, offs, "#interrupt-cells", 1))
133 return -1;
134 if (fdt_setprop_u32(fdt, offs, "interrupt-controller", 0))
135 return -1;
136
137 offs = fdt_add_subnode(fdt, root_offs, "trusty");
138 if (offs < 0)
139 return -1;
140 trusty_offs = offs;
141
142 if (fdt_appendprop_string(fdt, offs, "compatible", "android,trusty-smc-v1"))
143 return -1;
144 if (fdt_setprop_u32(fdt, offs, "ranges", 0))
145 return -1;
146 if (fdt_setprop_u32(fdt, offs, "#address-cells", 2))
147 return -1;
148 if (fdt_setprop_u32(fdt, offs, "#size-cells", 2))
149 return -1;
150
151 offs = fdt_add_subnode(fdt, trusty_offs, "irq");
152 if (offs < 0)
153 return -1;
154 if (fdt_appendprop_string(fdt, offs, "compatible", "android,trusty-irq-v1"))
155 return -1;
156 if (fdt_appendprop_u32(fdt, offs, "interrupt-templates", ipi))
157 return -1;
158 if (fdt_appendprop_u32(fdt, offs, "interrupt-templates", 0))
159 return -1;
160 if (fdt_appendprop_u32(fdt, offs, "interrupt-templates", gic))
161 return -1;
162 if (fdt_appendprop_u32(fdt, offs, "interrupt-templates", 1))
163 return -1;
164 if (fdt_appendprop_u32(fdt, offs, "interrupt-templates", GIC_PPI))
165 return -1;
166 if (fdt_appendprop_u32(fdt, offs, "interrupt-templates", 4))
167 return -1;
168 if (fdt_appendprop_u32(fdt, offs, "interrupt-templates", gic))
169 return -1;
170 if (fdt_appendprop_u32(fdt, offs, "interrupt-templates", 1))
171 return -1;
172 if (fdt_appendprop_u32(fdt, offs, "interrupt-templates", GIC_SPI))
173 return -1;
174 if (fdt_appendprop_u32(fdt, offs, "interrupt-templates", 4))
175 return -1;
176
177 /* CustomIPI range for pre 5.10 linux driver */
178 if (fdt_appendprop_u32(fdt, offs, "interrupt-ranges", 0))
179 return -1;
180 if (fdt_appendprop_u32(fdt, offs, "interrupt-ranges", 15))
181 return -1;
182 if (fdt_appendprop_u32(fdt, offs, "interrupt-ranges", 0))
183 return -1;
184
185 if (fdt_appendprop_u32(fdt, offs, "interrupt-ranges", 16))
186 return -1;
187 if (fdt_appendprop_u32(fdt, offs, "interrupt-ranges", 31))
188 return -1;
189 if (fdt_appendprop_u32(fdt, offs, "interrupt-ranges", 1))
190 return -1;
191 if (fdt_appendprop_u32(fdt, offs, "interrupt-ranges", 32))
192 return -1;
193 if (fdt_appendprop_u32(fdt, offs, "interrupt-ranges", 63))
194 return -1;
195 if (fdt_appendprop_u32(fdt, offs, "interrupt-ranges", 2))
196 return -1;
197
198 if (fdt_appendprop_u32(fdt, offs, "ipi-range", 8)) /* beg */
199 return -1;
200 if (fdt_appendprop_u32(fdt, offs, "ipi-range", 15)) /* end */
201 return -1;
202 if (fdt_appendprop_u32(fdt, offs, "ipi-range", 8)) /* ipi_base */
203 return -1;
204
205 offs = fdt_add_subnode(fdt, trusty_offs, "log");
206 if (offs < 0)
207 return -1;
208 if (fdt_appendprop_string(fdt, offs, "compatible", "android,trusty-log-v1"))
209 return -1;
210
211 offs = fdt_add_subnode(fdt, trusty_offs, "test");
212 if (offs < 0)
213 return -1;
214 if (fdt_appendprop_string(fdt, offs, "compatible", "android,trusty-test-v1"))
215 return -1;
216
217 offs = fdt_add_subnode(fdt, trusty_offs, "virtio");
218 if (offs < 0)
219 return -1;
220 if (fdt_appendprop_string(fdt, offs, "compatible", "android,trusty-virtio-v1"))
221 return -1;
222
223 offs = fdt_node_offset_by_compatible(fdt, -1, "arm,armv8-timer");
224 if (offs < 0)
225 offs = fdt_node_offset_by_compatible(fdt, -1, "arm,armv7-timer");
226 if (offs < 0)
227 return -1;
228
229 prop = fdt_getprop(fdt, offs, "interrupts", &len);
230 if (fdt_setprop_inplace_namelen_partial(fdt, offs, "interrupts",
231 strlen("interrupts"), 0,
232 prop + len / 4 / 2, len / 4))
233 return -1;
234
235 return 0;
236 }
237
238 #else
239
spd_add_dt_node(void * fdt)240 static int spd_add_dt_node(void *fdt)
241 {
242 return 0;
243 }
244
245 #endif
246
qemu_dt_fixup_securemem(void * fdt)247 static int qemu_dt_fixup_securemem(void *fdt)
248 {
249 /*
250 * QEMU adds a device tree node for secure memory. Linux fails to ignore
251 * it and will crash when it allocates memory out of this secure memory
252 * region. We currently don't use this node for anything, remove it.
253 */
254
255 int offs;
256 const char *prop;
257 const char memory_device_type[] = "memory";
258
259 offs = -1;
260 while (true) {
261 offs = fdt_node_offset_by_prop_value(fdt, offs, "device_type",
262 memory_device_type,
263 sizeof(memory_device_type)
264 );
265 if (offs < 0)
266 break;
267
268 prop = fdt_getprop(fdt, offs, "status", NULL);
269 if (prop == NULL)
270 continue;
271 if ((strcmp(prop, "disabled") != 0))
272 continue;
273 prop = fdt_getprop(fdt, offs, "secure-status", NULL);
274 if (prop == NULL)
275 continue;
276 if ((strcmp(prop, "okay") != 0))
277 continue;
278
279 if (fdt_del_node(fdt, offs)) {
280 return -1;
281 }
282 INFO("Removed secure memory node\n");
283 }
284
285 return 0;
286 }
287
update_dt(void)288 static void update_dt(void)
289 {
290 #if TRANSFER_LIST
291 struct transfer_list_entry *te;
292 #endif
293 int ret;
294 void *fdt = (void *)(uintptr_t)ARM_PRELOADED_DTB_BASE;
295
296 ret = fdt_open_into(fdt, fdt, PLAT_QEMU_DT_MAX_SIZE);
297 if (ret < 0) {
298 ERROR("Invalid Device Tree at %p: error %d\n", fdt, ret);
299 return;
300 }
301
302 if (qemu_dt_fixup_securemem(fdt)) {
303 ERROR("Failed to fixup secure-mem Device Tree node\n");
304 return;
305 }
306
307 if (dt_add_psci_node(fdt)) {
308 ERROR("Failed to add PSCI Device Tree node\n");
309 return;
310 }
311
312 if (dt_add_psci_cpu_enable_methods(fdt)) {
313 ERROR("Failed to add PSCI cpu enable methods in Device Tree\n");
314 return;
315 }
316
317 if (spd_add_dt_node(fdt)) {
318 ERROR("Failed to add SPD Device Tree node\n");
319 return;
320 }
321
322 ret = fdt_pack(fdt);
323 if (ret < 0)
324 ERROR("Failed to pack Device Tree at %p: error %d\n", fdt, ret);
325
326 #if TRANSFER_LIST
327 // create a TE
328 te = transfer_list_add(bl2_tl, TL_TAG_FDT, fdt_totalsize(fdt), fdt);
329 if (!te) {
330 ERROR("Failed to add FDT entry to Transfer List\n");
331 return;
332 }
333 #endif
334 }
335
bl2_platform_setup(void)336 void bl2_platform_setup(void)
337 {
338 #if TRANSFER_LIST
339 bl2_tl = transfer_list_init((void *)(uintptr_t)FW_HANDOFF_BASE,
340 FW_HANDOFF_SIZE);
341 if (!bl2_tl) {
342 ERROR("Failed to initialize Transfer List at 0x%lx\n",
343 (unsigned long)FW_HANDOFF_BASE);
344 }
345 #endif
346 security_setup();
347 update_dt();
348
349 /* TODO Initialize timer */
350 }
351
qemu_bl2_sync_transfer_list(void)352 void qemu_bl2_sync_transfer_list(void)
353 {
354 #if TRANSFER_LIST
355 transfer_list_update_checksum(bl2_tl);
356 #endif
357 }
358
bl2_plat_arch_setup(void)359 void bl2_plat_arch_setup(void)
360 {
361 const mmap_region_t bl_regions[] = {
362 MAP_BL2_TOTAL,
363 MAP_BL2_RO,
364 #if USE_COHERENT_MEM
365 MAP_BL_COHERENT_RAM,
366 #endif
367 {0}
368 };
369
370 setup_page_tables(bl_regions, plat_qemu_get_mmap());
371
372 #ifdef __aarch64__
373 enable_mmu_el1(0);
374 #else
375 enable_mmu_svc_mon(0);
376 #endif
377 }
378
379 /*******************************************************************************
380 * Gets SPSR for BL32 entry
381 ******************************************************************************/
qemu_get_spsr_for_bl32_entry(void)382 static uint32_t qemu_get_spsr_for_bl32_entry(void)
383 {
384 #ifdef __aarch64__
385 /*
386 * The Secure Payload Dispatcher service is responsible for
387 * setting the SPSR prior to entry into the BL3-2 image.
388 */
389 return 0;
390 #else
391 return SPSR_MODE32(MODE32_svc, SPSR_T_ARM, SPSR_E_LITTLE,
392 DISABLE_ALL_EXCEPTIONS);
393 #endif
394 }
395
396 /*******************************************************************************
397 * Gets SPSR for BL33 entry
398 ******************************************************************************/
qemu_get_spsr_for_bl33_entry(void)399 static uint32_t qemu_get_spsr_for_bl33_entry(void)
400 {
401 uint32_t spsr;
402 #ifdef __aarch64__
403 unsigned int mode;
404
405 /* Figure out what mode we enter the non-secure world in */
406 mode = (el_implemented(2) != EL_IMPL_NONE) ? MODE_EL2 : MODE_EL1;
407
408 /*
409 * TODO: Consider the possibility of specifying the SPSR in
410 * the FIP ToC and allowing the platform to have a say as
411 * well.
412 */
413 spsr = SPSR_64(mode, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS);
414 #else
415 spsr = SPSR_MODE32(MODE32_svc,
416 plat_get_ns_image_entrypoint() & 0x1,
417 SPSR_E_LITTLE, DISABLE_ALL_EXCEPTIONS);
418 #endif
419 return spsr;
420 }
421
422 #if defined(SPD_spmd) && SPMD_SPM_AT_SEL2
load_sps_from_tb_fw_config(struct image_info * image_info)423 static int load_sps_from_tb_fw_config(struct image_info *image_info)
424 {
425 void *dtb = (void *)image_info->image_base;
426 const char *compat_str = "arm,sp";
427 const struct fdt_property *uuid;
428 uint32_t load_addr;
429 const char *name;
430 int sp_node;
431 int node;
432
433 node = fdt_node_offset_by_compatible(dtb, -1, compat_str);
434 if (node < 0) {
435 ERROR("Can't find %s in TB_FW_CONFIG", compat_str);
436 return -1;
437 }
438
439 fdt_for_each_subnode(sp_node, dtb, node) {
440 name = fdt_get_name(dtb, sp_node, NULL);
441 if (name == NULL) {
442 ERROR("Can't get name of node in dtb\n");
443 return -1;
444 }
445 uuid = fdt_get_property(dtb, sp_node, "uuid", NULL);
446 if (uuid == NULL) {
447 ERROR("Can't find property uuid in node %s", name);
448 return -1;
449 }
450 if (fdt_read_uint32(dtb, sp_node, "load-address",
451 &load_addr) < 0) {
452 ERROR("Can't read load-address in node %s", name);
453 return -1;
454 }
455 if (qemu_io_register_sp_pkg(name, uuid->data, load_addr) < 0) {
456 return -1;
457 }
458 }
459
460 return 0;
461 }
462 #endif /*defined(SPD_spmd) && SPMD_SPM_AT_SEL2*/
463
qemu_bl2_handle_post_image_load(unsigned int image_id)464 static int qemu_bl2_handle_post_image_load(unsigned int image_id)
465 {
466 int err = 0;
467 bl_mem_params_node_t *bl_mem_params = get_bl_mem_params_node(image_id);
468 #if defined(SPD_opteed) || defined(AARCH32_SP_OPTEE) || defined(SPMC_OPTEE)
469 bl_mem_params_node_t *pager_mem_params = NULL;
470 bl_mem_params_node_t *paged_mem_params = NULL;
471 #endif
472 #if defined(SPD_spmd)
473 bl_mem_params_node_t *bl32_mem_params = NULL;
474 #endif
475 #if TRANSFER_LIST
476 struct transfer_list_header *ns_tl = NULL;
477 struct transfer_list_entry *te = NULL;
478 #endif
479
480 assert(bl_mem_params);
481
482 switch (image_id) {
483 case BL32_IMAGE_ID:
484 #if defined(SPD_opteed) || defined(AARCH32_SP_OPTEE) || defined(SPMC_OPTEE)
485 pager_mem_params = get_bl_mem_params_node(BL32_EXTRA1_IMAGE_ID);
486 assert(pager_mem_params);
487
488 paged_mem_params = get_bl_mem_params_node(BL32_EXTRA2_IMAGE_ID);
489 assert(paged_mem_params);
490
491 err = parse_optee_header(&bl_mem_params->ep_info,
492 &pager_mem_params->image_info,
493 &paged_mem_params->image_info);
494 if (err != 0) {
495 WARN("OPTEE header parse error.\n");
496 }
497 #endif
498
499 #if defined(SPMC_OPTEE)
500 /*
501 * Explicit zeroes to unused registers since they may have
502 * been populated by parse_optee_header() above.
503 *
504 * OP-TEE expects system DTB in x2 and TOS_FW_CONFIG in x0,
505 * the latter is filled in below for TOS_FW_CONFIG_ID and
506 * applies to any other SPMC too.
507 */
508 bl_mem_params->ep_info.args.arg2 = ARM_PRELOADED_DTB_BASE;
509 #elif defined(SPD_opteed)
510 /*
511 * OP-TEE expect to receive DTB address in x2.
512 * This will be copied into x2 by dispatcher.
513 */
514 bl_mem_params->ep_info.args.arg3 = ARM_PRELOADED_DTB_BASE;
515 #elif defined(AARCH32_SP_OPTEE)
516 bl_mem_params->ep_info.args.arg0 =
517 bl_mem_params->ep_info.args.arg1;
518 bl_mem_params->ep_info.args.arg1 = 0;
519 bl_mem_params->ep_info.args.arg2 = ARM_PRELOADED_DTB_BASE;
520 bl_mem_params->ep_info.args.arg3 = 0;
521 #endif
522 bl_mem_params->ep_info.spsr = qemu_get_spsr_for_bl32_entry();
523 break;
524
525 case BL33_IMAGE_ID:
526 #ifdef AARCH32_SP_OPTEE
527 /* AArch32 only core: OP-TEE expects NSec EP in register LR */
528 pager_mem_params = get_bl_mem_params_node(BL32_IMAGE_ID);
529 assert(pager_mem_params);
530 pager_mem_params->ep_info.lr_svc = bl_mem_params->ep_info.pc;
531 #endif
532
533 bl_mem_params->ep_info.spsr = qemu_get_spsr_for_bl33_entry();
534
535 #if ARM_LINUX_KERNEL_AS_BL33
536 /*
537 * According to the file ``Documentation/arm64/booting.txt`` of
538 * the Linux kernel tree, Linux expects the physical address of
539 * the device tree blob (DTB) in x0, while x1-x3 are reserved
540 * for future use and must be 0.
541 */
542 bl_mem_params->ep_info.args.arg0 =
543 (u_register_t)ARM_PRELOADED_DTB_BASE;
544 bl_mem_params->ep_info.args.arg1 = 0U;
545 bl_mem_params->ep_info.args.arg2 = 0U;
546 bl_mem_params->ep_info.args.arg3 = 0U;
547 #elif TRANSFER_LIST
548 if (bl2_tl) {
549 // relocate the tl to pre-allocate NS memory
550 ns_tl = transfer_list_relocate(bl2_tl,
551 (void *)(uintptr_t)FW_NS_HANDOFF_BASE,
552 bl2_tl->max_size);
553 if (!ns_tl) {
554 ERROR("Relocate TL to 0x%lx failed\n",
555 (unsigned long)FW_NS_HANDOFF_BASE);
556 return -1;
557 }
558 NOTICE("Transfer list handoff to BL33\n");
559 transfer_list_dump(ns_tl);
560
561 te = transfer_list_find(ns_tl, TL_TAG_FDT);
562
563 bl_mem_params->ep_info.args.arg1 =
564 TRANSFER_LIST_SIGNATURE |
565 REGISTER_CONVENTION_VERSION_MASK;
566 bl_mem_params->ep_info.args.arg3 = (uintptr_t)ns_tl;
567
568 if (GET_RW(bl_mem_params->ep_info.spsr) == MODE_RW_32) {
569 // aarch32
570 bl_mem_params->ep_info.args.arg0 = 0;
571 bl_mem_params->ep_info.args.arg2 = te ?
572 (uintptr_t)transfer_list_entry_data(te)
573 : 0;
574 } else {
575 // aarch64
576 bl_mem_params->ep_info.args.arg0 = te ?
577 (uintptr_t)transfer_list_entry_data(te)
578 : 0;
579 bl_mem_params->ep_info.args.arg2 = 0;
580 }
581 } else {
582 // Legacy handoff
583 bl_mem_params->ep_info.args.arg0 = 0xffff & read_mpidr();
584 }
585 #else
586 /* BL33 expects to receive the primary CPU MPID (through r0) */
587 bl_mem_params->ep_info.args.arg0 = 0xffff & read_mpidr();
588 #endif // ARM_LINUX_KERNEL_AS_BL33
589
590 break;
591 #ifdef SPD_spmd
592 #if SPMD_SPM_AT_SEL2
593 case TB_FW_CONFIG_ID:
594 err = load_sps_from_tb_fw_config(&bl_mem_params->image_info);
595 break;
596 #endif
597 case TOS_FW_CONFIG_ID:
598 /* An SPMC expects TOS_FW_CONFIG in x0/r0 */
599 bl32_mem_params = get_bl_mem_params_node(BL32_IMAGE_ID);
600 bl32_mem_params->ep_info.args.arg0 =
601 bl_mem_params->image_info.image_base;
602 break;
603 #endif
604 default:
605 /* Do nothing in default case */
606 break;
607 }
608
609 return err;
610 }
611
612 /*******************************************************************************
613 * This function can be used by the platforms to update/use image
614 * information for given `image_id`.
615 ******************************************************************************/
bl2_plat_handle_post_image_load(unsigned int image_id)616 int bl2_plat_handle_post_image_load(unsigned int image_id)
617 {
618 return qemu_bl2_handle_post_image_load(image_id);
619 }
620
plat_get_ns_image_entrypoint(void)621 uintptr_t plat_get_ns_image_entrypoint(void)
622 {
623 return NS_IMAGE_OFFSET;
624 }
625