feat(arm): support FW handoff b/w BL2 & BL31
Add support for the firmware handoff framework between BL2 and BL31.
Create a transfer list in trusted SRAM, leveraging the larger SRAM sizes
in recent models. Load the HW_CONFIG as a TE along with entry point
parameters for BL31 execution.
Change-Id: I7c4c6e8353ca978a13520fb3e15fb2803f0f1d0e
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c
index 30d0647..85c0a16 100644
--- a/plat/arm/common/arm_bl2_setup.c
+++ b/plat/arm/common/arm_bl2_setup.c
@@ -19,6 +19,9 @@
#include <lib/fconf/fconf.h>
#include <lib/fconf/fconf_dyn_cfg_getter.h>
#include <lib/gpt_rme/gpt_rme.h>
+#if TRANSFER_LIST
+#include <lib/transfer_list.h>
+#endif
#ifdef SPD_opteed
#include <lib/optee_utils.h>
#endif
@@ -58,6 +61,9 @@
#pragma weak arm_bl2_plat_handle_post_image_load
+static struct transfer_list_header *secure_tl __unused;
+static struct transfer_list_header *ns_tl __unused;
+
/*******************************************************************************
* BL1 has passed the extents of the trusted SRAM that should be visible to BL2
* in x0. This memory layout is sitting at the base of the free trusted SRAM.
@@ -103,7 +109,18 @@
*/
void bl2_plat_preload_setup(void)
{
+#if TRANSFER_LIST
+ secure_tl = transfer_list_init((void *)PLAT_ARM_EL3_FW_HANDOFF_BASE,
+ PLAT_ARM_FW_HANDOFF_SIZE);
+ if (secure_tl == NULL) {
+ ERROR("Initialisation of secure transfer list failed!\n");
+ panic();
+ }
+
+ arm_transfer_list_dyn_cfg_init(secure_tl);
+#else
arm_bl2_dyn_cfg_init();
+#endif
#if ARM_GPT_SUPPORT && !PSA_FWU_SUPPORT
/* Always use the FIP from bank 0 */
@@ -124,6 +141,16 @@
#if defined(PLAT_ARM_MEM_PROT_ADDR)
arm_nor_psci_do_static_mem_protect();
#endif
+
+#if TRANSFER_LIST
+ ns_tl = transfer_list_init((void *)FW_NS_HANDOFF_BASE,
+ PLAT_ARM_FW_HANDOFF_SIZE);
+
+ if (ns_tl == NULL) {
+ ERROR("Non-secure transfer list initialisation failed!");
+ panic();
+ }
+#endif
}
void bl2_platform_setup(void)
@@ -265,5 +292,20 @@
return 0;
}
#endif
+
+#if TRANSFER_LIST
+ if (image_id == HW_CONFIG_ID) {
+ arm_transfer_list_copy_hw_config(secure_tl, ns_tl);
+ }
+#endif /* TRANSFER_LIST */
+
return arm_bl2_handle_post_image_load(image_id);
}
+
+void arm_bl2_setup_next_ep_info(bl_mem_params_node_t *next_param_node)
+{
+ assert(transfer_list_set_handoff_args(
+ secure_tl, &next_param_node->ep_info) != NULL);
+
+ arm_transfer_list_populate_ep_info(next_param_node, secure_tl, ns_tl);
+}
diff --git a/plat/arm/common/arm_bl31_setup.c b/plat/arm/common/arm_bl31_setup.c
index 33043b7..206f4a5 100644
--- a/plat/arm/common/arm_bl31_setup.c
+++ b/plat/arm/common/arm_bl31_setup.c
@@ -13,13 +13,18 @@
#include <drivers/console.h>
#include <lib/debugfs.h>
#include <lib/extensions/ras.h>
+#include <lib/fconf/fconf.h>
#include <lib/gpt_rme/gpt_rme.h>
#include <lib/mmio.h>
+#if TRANSFER_LIST
+#include <lib/transfer_list.h>
+#endif
#include <lib/xlat_tables/xlat_tables_compat.h>
#include <plat/arm/common/plat_arm.h>
#include <plat/common/platform.h>
#include <platform_def.h>
+static struct transfer_list_header *secure_tl __unused;
/*
* Placeholder variables for copying the arguments that have been passed to
* BL31 from BL2.
@@ -35,8 +40,12 @@
* Check that BL31_BASE is above ARM_FW_CONFIG_LIMIT. The reserved page
* is required for SOC_FW_CONFIG/TOS_FW_CONFIG passed from BL2.
*/
+#if TRANSFER_LIST
+CASSERT(BL31_BASE >= PLAT_ARM_EL3_FW_HANDOFF_LIMIT, assert_bl31_base_overflows);
+#else
CASSERT(BL31_BASE >= ARM_FW_CONFIG_LIMIT, assert_bl31_base_overflows);
-#endif
+#endif /* TRANSFER_LIST */
+#endif /* RESET_TO_BL31 */
/* Weak definitions may be overridden in specific ARM standard platform */
#pragma weak bl31_early_platform_setup2
@@ -115,6 +124,44 @@
* while creating page tables. BL2 has flushed this information to memory, so
* we are guaranteed to pick up good data.
******************************************************************************/
+#if TRANSFER_LIST
+void __init arm_bl31_early_platform_setup(u_register_t arg0, u_register_t arg1,
+ u_register_t arg2, u_register_t arg3)
+{
+ struct transfer_list_entry *te = NULL;
+ struct entry_point_info *ep;
+
+ secure_tl = (struct transfer_list_header *)arg3;
+
+ /*
+ * Populate the global entry point structures used to execute subsequent
+ * images.
+ */
+ while ((te = transfer_list_next(secure_tl, te)) != NULL) {
+ ep = transfer_list_entry_data(te);
+
+ if (te->tag_id == TL_TAG_EXEC_EP_INFO64) {
+ switch (GET_SECURITY_STATE(ep->h.attr)) {
+ case NON_SECURE:
+ bl33_image_ep_info = *ep;
+ break;
+#if ENABLE_RME
+ case REALM:
+ rmm_image_ep_info = *ep;
+ break;
+#endif
+ case SECURE:
+ bl32_image_ep_info = *ep;
+ break;
+ default:
+ ERROR("Unrecognized Image Security State %lu\n",
+ GET_SECURITY_STATE(ep->h.attr));
+ panic();
+ }
+ }
+ }
+}
+#else
void __init arm_bl31_early_platform_setup(void *from_bl2, uintptr_t soc_fw_config,
uintptr_t hw_config, void *plat_params_from_bl2)
{
@@ -258,11 +305,16 @@
bl33_image_ep_info.args.arg3 = 0U;
# endif
}
+#endif
void bl31_early_platform_setup2(u_register_t arg0, u_register_t arg1,
u_register_t arg2, u_register_t arg3)
{
+#if TRANSFER_LIST
+ arm_bl31_early_platform_setup(arg0, arg1, arg2, arg3);
+#else
arm_bl31_early_platform_setup((void *)arg0, arg1, arg2, (void *)arg3);
+#endif
/*
* Initialize Interconnect for this cluster during cold boot.
@@ -448,5 +500,15 @@
void __init bl31_plat_arch_setup(void)
{
+ struct transfer_list_entry *te __unused;
+
arm_bl31_plat_arch_setup();
+
+#if TRANSFER_LIST
+ te = transfer_list_find(secure_tl, TL_TAG_FDT);
+ assert(te != NULL);
+
+ /* Populate HW_CONFIG device tree with the mapped address */
+ fconf_populate("HW_CONFIG", (uintptr_t)transfer_list_entry_data(te));
+#endif
}
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index 5084ea9..7ab39eb 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -1,5 +1,5 @@
#
-# Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -299,6 +299,10 @@
plat/arm/common/arm_topology.c \
plat/common/plat_psci_common.c
+ifeq (${TRANSFER_LIST}, 1)
+ TRANSFER_LIST_SOURCES += plat/arm/common/arm_transfer_list.c
+endif
+
ifneq ($(filter 1,${ENABLE_PMF} ${ETHOSN_NPU_DRIVER}),)
ARM_SVC_HANDLER_SRCS :=
diff --git a/plat/arm/common/arm_image_load.c b/plat/arm/common/arm_image_load.c
index c411c6c..2525266 100644
--- a/plat/arm/common/arm_image_load.c
+++ b/plat/arm/common/arm_image_load.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2016-2021, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2016-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -17,7 +17,10 @@
#pragma weak plat_get_bl_image_load_info
#pragma weak plat_get_next_bl_params
-static bl_params_t *next_bl_params_cpy_ptr;
+#if TRANSFER_LIST
+static bl_params_t next_bl_params_cpy;
+#endif
+bl_params_t *next_bl_params_cpy_ptr;
/*******************************************************************************
* This function flushes the data structures so that they are visible
@@ -96,9 +99,15 @@
******************************************************************************/
struct bl_params *arm_get_next_bl_params(void)
{
- bl_mem_params_node_t *bl2_mem_params_descs_cpy
- = (bl_mem_params_node_t *)ARM_BL2_MEM_DESC_BASE;
- const bl_params_t *next_bl_params;
+ bl_mem_params_node_t *bl2_mem_params_descs_cpy __unused;
+ const bl_params_t *next_bl_params __unused;
+
+#if TRANSFER_LIST
+ next_bl_params_cpy_ptr = &next_bl_params_cpy;
+ SET_PARAM_HEAD(next_bl_params_cpy_ptr, PARAM_BL_PARAMS, VERSION_2, 0U);
+#else
+ bl2_mem_params_descs_cpy =
+ (bl_mem_params_node_t *)ARM_BL2_MEM_DESC_BASE;
next_bl_params_cpy_ptr =
(bl_params_t *)(ARM_BL2_MEM_DESC_BASE +
@@ -127,6 +136,7 @@
(sizeof(bl_params_t)));
populate_next_bl_params_config(next_bl_params_cpy_ptr);
+#endif /* TRANSFER_LIST */
return next_bl_params_cpy_ptr;
}
diff --git a/plat/arm/common/arm_transfer_list.c b/plat/arm/common/arm_transfer_list.c
new file mode 100644
index 0000000..d144bbb
--- /dev/null
+++ b/plat/arm/common/arm_transfer_list.c
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <plat/arm/common/plat_arm.h>
+#include <platform_def.h>
+
+void arm_transfer_list_dyn_cfg_init(struct transfer_list_header *secure_tl)
+{
+ struct transfer_list_entry *te;
+ bl_mem_params_node_t *next_param_node =
+ get_bl_mem_params_node(HW_CONFIG_ID);
+ assert(next_param_node != NULL);
+
+ /*
+ * The HW_CONFIG needs to be authenticated via the normal loading
+ * mechanism. Pre-allocate a TE for the configuration and update the
+ * load information so the configuration is loaded directly into the TE.
+ */
+ te = transfer_list_add(secure_tl, TL_TAG_FDT, PLAT_ARM_HW_CONFIG_SIZE,
+ NULL);
+ assert(te != NULL);
+
+ next_param_node->image_info.h.attr &= ~IMAGE_ATTRIB_SKIP_LOADING;
+ next_param_node->image_info.image_max_size = PLAT_ARM_HW_CONFIG_SIZE;
+ next_param_node->image_info.image_base =
+ (uintptr_t)transfer_list_entry_data(te);
+}
+
+void arm_transfer_list_populate_ep_info(bl_mem_params_node_t *next_param_node,
+ struct transfer_list_header *secure_tl,
+ struct transfer_list_header *ns_tl)
+{
+ uint32_t next_exe_img_id;
+ entry_point_info_t *ep;
+ struct transfer_list_entry *te;
+
+ assert(next_param_node != NULL);
+
+ while ((next_exe_img_id = next_param_node->next_handoff_image_id) !=
+ INVALID_IMAGE_ID) {
+ next_param_node =
+ &bl_mem_params_desc_ptr[get_bl_params_node_index(
+ next_exe_img_id)];
+ assert(next_param_node != NULL);
+
+ te = transfer_list_add(secure_tl, TL_TAG_EXEC_EP_INFO64,
+ sizeof(entry_point_info_t),
+ &next_param_node->ep_info);
+ assert(te != NULL);
+
+ ep = transfer_list_entry_data(te);
+
+ if (next_exe_img_id == BL33_IMAGE_ID) {
+ ep = transfer_list_set_handoff_args(ns_tl, ep);
+ assert(ep != NULL);
+ } else if ((next_exe_img_id == BL32_IMAGE_ID) && SPMC_AT_EL3) {
+ /*
+ * Populate the BL32 image base, size and max limit in
+ * the entry point information, since there is no
+ * platform function to retrieve them in generic
+ * code. We choose arg2, arg3 and arg4 since the generic
+ * code uses arg1 for stashing the SP manifest size. The
+ * SPMC setup uses these arguments to update SP manifest
+ * with actual SP's base address and it size.
+ */
+ ep->args.arg2 = next_param_node->image_info.image_base;
+ ep->args.arg3 = next_param_node->image_info.image_size;
+ ep->args.arg4 =
+ next_param_node->image_info.image_base +
+ next_param_node->image_info.image_max_size;
+ }
+
+ next_exe_img_id = next_param_node->next_handoff_image_id;
+ }
+
+ flush_dcache_range((uintptr_t)secure_tl, secure_tl->size);
+}
+
+void arm_transfer_list_copy_hw_config(struct transfer_list_header *secure_tl,
+ struct transfer_list_header *ns_tl)
+{
+ struct transfer_list_entry *te =
+ transfer_list_find(secure_tl, TL_TAG_FDT);
+ assert(te != NULL);
+
+ /* Refresh the now stale checksum following loading of HW_CONFIG into the TL. */
+ transfer_list_update_checksum(secure_tl);
+
+ /* Copy the hardware configuration to the non-secure TL. */
+ te = transfer_list_add(ns_tl, TL_TAG_FDT, te->data_size,
+ transfer_list_entry_data(te));
+ assert(te != NULL);
+}