From patchwork Thu Jun 13 11:07:40 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andre Przywara X-Patchwork-Id: 17905 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-vc0-f199.google.com (mail-vc0-f199.google.com [209.85.220.199]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id B797E25DF1 for ; Thu, 13 Jun 2013 11:08:30 +0000 (UTC) Received: by mail-vc0-f199.google.com with SMTP id gf11sf3016995vcb.10 for ; Thu, 13 Jun 2013 04:08:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-beenthere:x-forwarded-to:x-forwarded-for :delivered-to:from:to:subject:date:message-id:x-mailer:in-reply-to :references:x-gm-message-state:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :x-google-group-id:list-post:list-help:list-archive:list-unsubscribe; bh=TQvjlLpQFCwWo1FM1xc1tKleue6IgDyNEk25P+/R+c0=; b=HxWbHzf3C/ge6fg8wG1tDfMyPj811lMLqnlyN/9g8XFwoFUpiYufTYN2aQhH3q/ve4 HLdsr0YchvKe1T1bDh+oNMFdf6JwYudgBaXU/LX3tKnMXmv5avMKCLE585w9lEkm7Iio l2QBM3rpJQ+r1lbtZBCbbhwUEMNSUh5jykjgTlZUMOr+M9C6e1F8CjRTlcFHA2V1cdCf KhlD9yV01lynM+lWNMnWQpafVCohZZMzVuT9o8d+ykB+p5T035r5VyPgMjOECgisuqle Z3Ld0M5GAC0eGUYvTzJa6CHG2mKOa8p1uFxLyvs7flMRYr9Ay7Xe7e0sDOmPBKyiYHTS xGJg== X-Received: by 10.224.205.138 with SMTP id fq10mr1325942qab.1.1371121710441; Thu, 13 Jun 2013 04:08:30 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.49.74.234 with SMTP id x10ls4007259qev.14.gmail; Thu, 13 Jun 2013 04:08:30 -0700 (PDT) X-Received: by 10.220.48.73 with SMTP id q9mr115755vcf.36.1371121710307; Thu, 13 Jun 2013 04:08:30 -0700 (PDT) Received: from mail-ve0-x234.google.com (mail-ve0-x234.google.com [2607:f8b0:400c:c01::234]) by mx.google.com with ESMTPS id tq4si10206125vdc.66.2013.06.13.04.08.30 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 13 Jun 2013 04:08:30 -0700 (PDT) Received-SPF: neutral (google.com: 2607:f8b0:400c:c01::234 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) client-ip=2607:f8b0:400c:c01::234; Received: by mail-ve0-f180.google.com with SMTP id pa12so7495112veb.39 for ; Thu, 13 Jun 2013 04:08:30 -0700 (PDT) X-Received: by 10.52.170.148 with SMTP id am20mr92826vdc.75.1371121710159; Thu, 13 Jun 2013 04:08:30 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patches@linaro.org Received: by 10.58.191.99 with SMTP id gx3csp17025vec; Thu, 13 Jun 2013 04:08:29 -0700 (PDT) X-Received: by 10.60.125.72 with SMTP id mo8mr321989oeb.11.1371121709488; Thu, 13 Jun 2013 04:08:29 -0700 (PDT) Received: from mail-ob0-x22b.google.com (mail-ob0-x22b.google.com [2607:f8b0:4003:c01::22b]) by mx.google.com with ESMTPS id r7si19602586oej.24.2013.06.13.04.08.29 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 13 Jun 2013 04:08:29 -0700 (PDT) Received-SPF: neutral (google.com: 2607:f8b0:4003:c01::22b is neither permitted nor denied by best guess record for domain of andre.przywara@linaro.org) client-ip=2607:f8b0:4003:c01::22b; Received: by mail-ob0-f171.google.com with SMTP id dn14so14719226obc.30 for ; Thu, 13 Jun 2013 04:08:29 -0700 (PDT) X-Received: by 10.182.66.97 with SMTP id e1mr248027obt.66.1371121709125; Thu, 13 Jun 2013 04:08:29 -0700 (PDT) Received: from slackpad.drs.calxeda.com (g224198135.adsl.alicedsl.de. [92.224.198.135]) by mx.google.com with ESMTPSA id eq4sm38120532obb.5.2013.06.13.04.08.27 for (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 13 Jun 2013 04:08:28 -0700 (PDT) From: Andre Przywara To: patches@linaro.org Subject: [PATCH v2 4/7] ARM: switch to non-secure state during bootm execution Date: Thu, 13 Jun 2013 13:07:40 +0200 Message-Id: <1371121663-18810-5-git-send-email-andre.przywara@linaro.org> X-Mailer: git-send-email 1.7.12.1 In-Reply-To: <1371121663-18810-1-git-send-email-andre.przywara@linaro.org> References: <1371121663-18810-1-git-send-email-andre.przywara@linaro.org> X-Gm-Message-State: ALoCoQkotApjtkKsKsS58R4Iqe+UJlNltuXwyQtrY2fENmjwrUd/f+8iOVcKWHu+iVXsaBw1yH76 X-Original-Sender: andre.przywara@linaro.org X-Original-Authentication-Results: mx.google.com; spf=neutral (google.com: 2607:f8b0:400c:c01::234 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Precedence: list Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org List-ID: X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , To actually trigger the non-secure switch we just implemented, call the switching routine from within the bootm command implementation. This way we automatically enable this feature without further user intervention. The core specific part of the work is done in the assembly routine in nonsec_virt.S, introduced with the previous patch, but for the full glory we need to setup the GIC distributor interface once for the whole system, which is done in C here. The routine is placed in arch/arm/lib to allow easy access from different boards or CPUs. We check the availability of the security extensions first. The generic timer base frequency register is only accessible from secure state, so we have to program it now. Actually this should be done from primary firmware before, but some boards seems to omit this, so if needed we do this here with a board specific value. The Versatile Express board does not need this, so we remove the frequency from the configuration file here. Since we need a safe way to access the GIC, we use the PERIPHBASE registers on Cortex-A15 and A7 CPUs and do some sanity checks. Board not implementing the CBAR can override this value via a configuration file variable. Then we actually do the GIC enablement: a) enable the GIC distributor, both for non-secure and secure state (GICD_CTLR[1:0] = 11b) b) allow all interrupts to be handled from non-secure state (GICD_IGROUPRn = 0xFFFFFFFF) The core specific GIC setup is then done in the assembly routine. The actual bootm trigger is pretty small: calling the routine and doing some error reporting. Signed-off-by: Andre Przywara --- arch/arm/include/asm/armv7.h | 7 ++ arch/arm/lib/Makefile | 2 + arch/arm/lib/bootm.c | 20 ++++++ arch/arm/lib/virt-v7.c | 137 ++++++++++++++++++++++++++++++++++++ include/configs/vexpress_ca15_tc2.h | 2 - 5 files changed, 166 insertions(+), 2 deletions(-) create mode 100644 arch/arm/lib/virt-v7.c diff --git a/arch/arm/include/asm/armv7.h b/arch/arm/include/asm/armv7.h index 989bb72..56d0dd0 100644 --- a/arch/arm/include/asm/armv7.h +++ b/arch/arm/include/asm/armv7.h @@ -88,6 +88,13 @@ void v7_outer_cache_flush_range(u32 start, u32 end); void v7_outer_cache_inval_range(u32 start, u32 end); #ifdef CONFIG_ARMV7_VIRT + +#define HYP_ERR_NO_SEC_EXT 2 +#define HYP_ERR_NO_GIC_ADDRESS 3 +#define HYP_ERR_GIC_ADDRESS_ABOVE_4GB 4 + +int armv7_switch_nonsec(void); + /* defined in cpu/armv7/nonsec_virt.S */ void _nonsec_init(void); #endif /* CONFIG_ARMV7_VIRT */ diff --git a/arch/arm/lib/Makefile b/arch/arm/lib/Makefile index 8ad9f66..1570ad5 100644 --- a/arch/arm/lib/Makefile +++ b/arch/arm/lib/Makefile @@ -60,6 +60,8 @@ COBJS-y += reset.o COBJS-y += cache.o COBJS-y += cache-cp15.o +COBJS-$(CONFIG_ARMV7_VIRT) += virt-v7.o + SRCS := $(GLSOBJS:.o=.S) $(GLCOBJS:.o=.c) \ $(SOBJS-y:.o=.S) $(COBJS-y:.o=.c) OBJS := $(addprefix $(obj),$(SOBJS-y) $(COBJS-y)) diff --git a/arch/arm/lib/bootm.c b/arch/arm/lib/bootm.c index 1b6e0ac..8251a89 100644 --- a/arch/arm/lib/bootm.c +++ b/arch/arm/lib/bootm.c @@ -34,6 +34,10 @@ #include #include +#ifdef CONFIG_ARMV7_VIRT +#include +#endif + DECLARE_GLOBAL_DATA_PTR; static struct tag *params; @@ -222,6 +226,22 @@ static void boot_prep_linux(bootm_headers_t *images) printf("FDT and ATAGS support not compiled in - hanging\n"); hang(); } +#ifdef CONFIG_ARMV7_VIRT + switch (armv7_switch_nonsec()) { + case 0: + debug("entered non-secure state\n"); + break; + case HYP_ERR_NO_SEC_EXT: + printf("HYP mode: Security extensions not implemented.\n"); + break; + case HYP_ERR_NO_GIC_ADDRESS: + printf("HYP mode: could not determine GIC address.\n"); + break; + case HYP_ERR_GIC_ADDRESS_ABOVE_4GB: + printf("HYP mode: PERIPHBASE is above 4 GB, cannot access this.\n"); + break; + } +#endif } /* Subcommand: GO */ diff --git a/arch/arm/lib/virt-v7.c b/arch/arm/lib/virt-v7.c new file mode 100644 index 0000000..7876a77 --- /dev/null +++ b/arch/arm/lib/virt-v7.c @@ -0,0 +1,137 @@ +/* + * (C) Copyright 2013 + * Andre Przywara, Linaro + * + * Routines to transition ARMv7 processors from secure into non-secure state + * needed to enable ARMv7 virtualization for current hypervisors + * + * See file CREDITS for list of people who contributed to this + * project. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of + * the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, + * MA 02111-1307 USA + */ + +#include +#include +#include +#include + +static unsigned int read_id_pfr1(void) +{ + unsigned int reg; + + asm("mrc p15, 0, %0, c0, c1, 1\n" : "=r"(reg)); + return reg; +} + +/* The timer frequency for the generic timer needs to be + * programmed in secure state. Some primary bootloaders / firmware + * omit this, so if the frequency is provided in the configuration, + * we do this here instead. + * But first check if we have the generic timer. + */ +static void set_generic_timer_frequency(void) +{ +#ifdef CONFIG_SYS_CLK_FREQ + unsigned int reg; + + reg = read_id_pfr1(); + if ((reg & CPUID_ARM_TIMER_MASK) == 1U << CPUID_ARM_TIMER_SHIFT) + asm("mcr p15, 0, %0, c14, c0, 0\n" + : : "r"(CONFIG_SYS_CLK_FREQ)); +#endif +} + +static int get_gic_base_address(char **gicdptr) +{ +#ifdef CONFIG_ARM_GIC_BASE_ADDRESS + *gicdptr = (void *)(CONFIG_ARM_GIC_BASE_ADDRESS + GIC_DIST_OFFSET); + return 0; +#else + unsigned midr; + unsigned periphbase; + + /* check whether we are an Cortex-A15 or A7. + * The actual HYP switch should work with all CPUs supporting + * the virtualization extension, but we need the GIC address, + * which we know only for sure for those two CPUs. + */ + asm("mrc p15, 0, %0, c0, c0, 0\n" : "=r"(midr)); + switch (midr & MIDR_PRIMARY_PART_MASK) { + case MIDR_CORTEX_A9_R0P1: + case MIDR_CORTEX_A15_R0P0: + case MIDR_CORTEX_A7_R0P0: + break; + default: + return HYP_ERR_NO_GIC_ADDRESS; + } + + /* get the GIC base address from the CBAR register */ + asm("mrc p15, 4, %0, c15, c0, 0\n" : "=r" (periphbase)); + + /* the PERIPHBASE can be mapped above 4 GB (lower 8 bits used to + * encode this). Bail out here since we cannot access this without + * enabling paging. + */ + if ((periphbase & 0xff) != 0) + return HYP_ERR_GIC_ADDRESS_ABOVE_4GB; + + *gicdptr = (void *)(periphbase + GIC_DIST_OFFSET); + + return 0; +#endif +} + +int armv7_switch_nonsec(void) +{ + unsigned int reg, ret; + char *gicdptr; + unsigned itlinesnr, i; + + /* check whether the CPU supports the security extensions */ + reg = read_id_pfr1(); + if ((reg & 0xF0) == 0) + return HYP_ERR_NO_SEC_EXT; + + set_generic_timer_frequency(); + + /* the SCR register will be set directly in the monitor mode handler, + * according to the spec one should not tinker with it in secure state + * in SVC mode. Do not try to read it once in non-secure state, + * any access to it will trap. + */ + + ret = get_gic_base_address(&gicdptr); + if (ret != 0) + return ret; + + /* enable the GIC distributor */ + writel(readl(&gicdptr[GICD_CTLR]) | 0x03, &gicdptr[GICD_CTLR]); + + /* TYPER[4:0] contains an encoded number of all interrupts */ + itlinesnr = readl(&gicdptr[GICD_TYPER]) & 0x1f; + + /* set all bits in the GIC group registers to one to allow access + * from non-secure state + */ + for (i = 0; i <= itlinesnr; i++) + writel((unsigned)-1, &gicdptr[GICD_IGROUPRn + 4 * i]); + + /* call the non-sec switching code on this CPU */ + _nonsec_init(); + + return 0; +} diff --git a/include/configs/vexpress_ca15_tc2.h b/include/configs/vexpress_ca15_tc2.h index 9e230ad..4f425ac 100644 --- a/include/configs/vexpress_ca15_tc2.h +++ b/include/configs/vexpress_ca15_tc2.h @@ -31,6 +31,4 @@ #include "vexpress_common.h" #define CONFIG_BOOTP_VCI_STRING "U-boot.armv7.vexpress_ca15x2_tc2" -#define CONFIG_SYS_CLK_FREQ 24000000 - #endif