Add optional platform error handler API
This patch adds an optional API to the platform port:
void plat_error_handler(int err) __dead2;
The platform error handler is called when there is a specific error
condition after which Trusted Firmware cannot continue. While panic()
simply prints the crash report (if enabled) and spins, the platform
error handler can be used to hand control over to the platform port
so it can perform specific bookeeping or post-error actions (for
example, reset the system). This function must not return.
The parameter indicates the type of error using standard codes from
errno.h. Possible errors reported by the generic code are:
-EAUTH : a certificate or image could not be authenticated
(when Trusted Board Boot is enabled)
-ENOENT : the requested image or certificate could not be found
or an IO error was detected
-ENOMEM : resources exhausted. Trusted Firmware does not use
dynamic memory, so this error is usually an indication
of an incorrect array size
A default weak implementation of this function has been provided.
It simply implements an infinite loop.
Change-Id: Iffaf9eee82d037da6caa43b3aed51df555e597a3
diff --git a/bl1/bl1_main.c b/bl1/bl1_main.c
index dad64e2..50cf4e0 100644
--- a/bl1/bl1_main.c
+++ b/bl1/bl1_main.c
@@ -174,12 +174,8 @@
&bl2_ep);
if (err) {
- /*
- * TODO: print failure to load BL2 but also add a tzwdog timer
- * which will reset the system eventually.
- */
ERROR("Failed to load BL2 firmware.\n");
- panic();
+ plat_error_handler(err);
}
/*
diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c
index 404744b..f8a2372 100644
--- a/bl2/bl2_main.c
+++ b/bl2/bl2_main.c
@@ -219,7 +219,7 @@
e = load_bl30();
if (e) {
ERROR("Failed to load BL3-0 (%i)\n", e);
- panic();
+ plat_error_handler(e);
}
/* Perform platform setup in BL2 after loading BL3-0 */
@@ -235,14 +235,14 @@
e = load_bl31(bl2_to_bl31_params, bl31_ep_info);
if (e) {
ERROR("Failed to load BL3-1 (%i)\n", e);
- panic();
+ plat_error_handler(e);
}
e = load_bl32(bl2_to_bl31_params);
if (e) {
if (e == -EAUTH) {
ERROR("Failed to authenticate BL3-2\n");
- panic();
+ plat_error_handler(e);
} else {
WARN("Failed to load BL3-2 (%i)\n", e);
}
@@ -251,7 +251,7 @@
e = load_bl33(bl2_to_bl31_params);
if (e) {
ERROR("Failed to load BL3-3 (%i)\n", e);
- panic();
+ plat_error_handler(e);
}
/* Flush the params to be passed to memory */
diff --git a/docs/porting-guide.md b/docs/porting-guide.md
index db6038a..bf0ada7 100644
--- a/docs/porting-guide.md
+++ b/docs/porting-guide.md
@@ -650,6 +650,27 @@
scratch registers. It should preserve the value in x18 register as it is used
by the caller to store the return address.
+### Function : plat_error_handler()
+
+ Argument : int
+ Return : void
+
+This API is called when the generic code encounters an error situation from
+which it cannot continue. It allows the platform to perform error reporting or
+recovery actions (for example, reset the system). This function must not return.
+
+The parameter indicates the type of error using standard codes from `errno.h`.
+Possible errors reported by the generic code are:
+
+* `-EAUTH`: a certificate or image could not be authenticated (when Trusted
+ Board Boot is enabled)
+* `-ENOENT`: the requested image or certificate could not be found or an IO
+ error was detected
+* `-ENOMEM`: resources exhausted. Trusted Firmware does not use dynamic
+ memory, so this error is usually an indication of an incorrect array size
+
+The default implementation simply spins.
+
3. Modifications specific to a Boot Loader stage
-------------------------------------------------
diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h
index 8071f39..de9848b 100644
--- a/include/plat/common/platform.h
+++ b/include/plat/common/platform.h
@@ -81,6 +81,7 @@
void plat_report_exception(unsigned long);
int plat_crash_console_init(void);
int plat_crash_console_putc(int c);
+void plat_error_handler(int err) __dead2;
/*******************************************************************************
* Mandatory BL1 functions
diff --git a/plat/common/aarch64/platform_helpers.S b/plat/common/aarch64/platform_helpers.S
index f51d24e..56b88bc 100644
--- a/plat/common/aarch64/platform_helpers.S
+++ b/plat/common/aarch64/platform_helpers.S
@@ -38,6 +38,7 @@
.weak plat_reset_handler
.weak plat_disable_acp
.weak bl1_plat_prepare_exit
+ .weak plat_error_handler
#if !ENABLE_PLAT_COMPAT
.globl platform_get_core_pos
@@ -121,3 +122,12 @@
func bl1_plat_prepare_exit
ret
endfunc bl1_plat_prepare_exit
+
+ /* -----------------------------------------------------
+ * void plat_error_handler(int err) __dead2;
+ * Endless loop by default.
+ * -----------------------------------------------------
+ */
+func plat_error_handler
+ b plat_error_handler
+endfunc plat_error_handler