Rework handover interface between BL stages
This patch reworks the handover interface from: BL1 to BL2 and
BL2 to BL3-1. It removes the raise_el(), change_el(), drop_el()
and run_image() functions as they catered for code paths that were
never exercised.
BL1 calls bl1_run_bl2() to jump into BL2 instead of doing the same
by calling run_image(). Similarly, BL2 issues the SMC to transfer
execution to BL3-1 through BL1 directly. Only x0 and x1 are used
to pass arguments to BL31. These arguments and parameters for
running BL3-1 are passed through a reference to a
'el_change_info_t' structure. They were being passed value in
general purpose registers earlier.
Change-Id: Id4fd019a19a9595de063766d4a66295a2c9307e1
diff --git a/bl1/aarch64/bl1_exceptions.S b/bl1/aarch64/bl1_exceptions.S
index a87b20f..3613b9f 100644
--- a/bl1/aarch64/bl1_exceptions.S
+++ b/bl1/aarch64/bl1_exceptions.S
@@ -112,13 +112,51 @@
*/
.align 7
SynchronousExceptionA64:
- /* ---------------------------------------------
+ /* ------------------------------------------------
* Only a single SMC exception from BL2 to ask
* BL1 to pass EL3 control to BL31 is expected
* here.
- * ---------------------------------------------
+ * It expects X0 with RUN_IMAGE SMC function id
+ * X1 with address of a el_change_info_t structure
+ * describing the BL3-1 entrypoint
+ * ------------------------------------------------
*/
- b process_exception
+ mov x19, x0
+ mov x20, x1
+
+ mrs x0, esr_el3
+ ubfx x1, x0, #ESR_EC_SHIFT, #ESR_EC_LENGTH
+ cmp x1, #EC_AARCH64_SMC
+ b.ne panic
+
+ mov x0, #RUN_IMAGE
+ cmp x19, x0
+ b.ne panic
+
+ mov x0, x20
+ bl display_boot_progress
+
+ ldp x0, x1, [x20, #EL_CHANGE_INFO_PC_OFFSET]
+ msr elr_el3, x0
+ msr spsr_el3, x1
+ ubfx x0, x1, #MODE_EL_SHIFT, #2
+ cmp x0, #MODE_EL3
+ b.ne panic
+
+ bl disable_mmu_icache_el3
+ tlbi alle3
+
+ ldp x6, x7, [x20, #(EL_CHANGE_INFO_ARGS_OFFSET + 0x30)]
+ ldp x4, x5, [x20, #(EL_CHANGE_INFO_ARGS_OFFSET + 0x20)]
+ ldp x2, x3, [x20, #(EL_CHANGE_INFO_ARGS_OFFSET + 0x10)]
+ ldp x0, x1, [x20, #(EL_CHANGE_INFO_ARGS_OFFSET + 0x0)]
+ eret
+panic:
+ mov x0, #SYNC_EXCEPTION_AARCH64
+ bl plat_report_exception
+
+ wfi
+ b panic
check_vector_size SynchronousExceptionA64
.align 7
@@ -173,56 +211,3 @@
bl plat_report_exception
b SErrorA32
check_vector_size SErrorA32
-
- .align 7
-
-func process_exception
- sub sp, sp, #0x40
- stp x0, x1, [sp, #0x0]
- stp x2, x3, [sp, #0x10]
- stp x4, x5, [sp, #0x20]
- stp x6, x7, [sp, #0x30]
-
- mov x19, x0
- mov x20, x1
- mov x21, x2
- mov x0, #SYNC_EXCEPTION_AARCH64
- bl plat_report_exception
-
- mrs x0, esr_el3
- ubfx x1, x0, #ESR_EC_SHIFT, #ESR_EC_LENGTH
- cmp x1, #EC_AARCH64_SMC
- b.ne panic
- mov x1, #RUN_IMAGE
- cmp x19, x1
- b.ne panic
- mov x0, x20
- mov x1, x21
- mov x2, x3
- mov x3, x4
- bl display_boot_progress
- msr elr_el3, x20
- msr spsr_el3, x21
- ubfx x0, x21, #MODE_EL_SHIFT, #2
- cmp x0, #MODE_EL3
- b.ne skip_mmu_teardown
-
- /* ---------------------------------------------
- * If BL31 is to be executed in EL3 as well
- * then turn off the MMU so that it can perform
- * its own setup.
- * ---------------------------------------------
- */
- bl disable_mmu_icache_el3
- tlbi alle3
-skip_mmu_teardown:
- ldp x6, x7, [sp, #0x30]
- ldp x4, x5, [sp, #0x20]
- ldp x2, x3, [sp, #0x10]
- ldp x0, x1, [sp, #0x0]
- add sp, sp, #0x40
- eret
-
-panic:
- wfi
- b panic
diff --git a/bl1/bl1_main.c b/bl1/bl1_main.c
index ecf2550..80e52ca 100644
--- a/bl1/bl1_main.c
+++ b/bl1/bl1_main.c
@@ -38,6 +38,34 @@
#include "bl1_private.h"
/*******************************************************************************
+ * Runs BL2 from the given entry point. It results in dropping the
+ * exception level
+ ******************************************************************************/
+static void __dead2 bl1_run_bl2(el_change_info_t *bl2_ep)
+{
+ bl1_arch_next_el_setup();
+
+ /* Tell next EL what we want done */
+ bl2_ep->args.arg0 = RUN_IMAGE;
+
+ if (bl2_ep->security_state == NON_SECURE)
+ change_security_state(bl2_ep->security_state);
+
+ write_spsr_el3(bl2_ep->spsr);
+ write_elr_el3(bl2_ep->entrypoint);
+
+ eret(bl2_ep->args.arg0,
+ bl2_ep->args.arg1,
+ bl2_ep->args.arg2,
+ bl2_ep->args.arg3,
+ bl2_ep->args.arg4,
+ bl2_ep->args.arg5,
+ bl2_ep->args.arg6,
+ bl2_ep->args.arg7);
+}
+
+
+/*******************************************************************************
* Function to perform late architectural and platform specific initialization.
* It also locates and loads the BL2 raw binary image in the trusted DRAM. Only
* called by the primary cpu after a cold boot.
@@ -50,9 +78,10 @@
unsigned long sctlr_el3 = read_sctlr_el3();
#endif
unsigned long bl2_base;
- unsigned int load_type = TOP_LOAD, spsr;
+ unsigned int load_type = TOP_LOAD;
meminfo_t *bl1_tzram_layout;
meminfo_t *bl2_tzram_layout = 0x0;
+ el_change_info_t bl2_ep = {0};
/*
* Ensure that MMU/Caches and coherency are turned on
@@ -94,20 +123,19 @@
bl2_base);
if (bl2_base) {
- bl1_arch_next_el_setup();
- spsr = SPSR_64(MODE_EL1, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS);
+ bl2_ep.spsr =
+ SPSR_64(MODE_EL1, MODE_SP_ELX, DISABLE_ALL_EXCEPTIONS);
+ bl2_ep.entrypoint = bl2_base;
+ bl2_ep.security_state = SECURE;
+ bl2_ep.args.arg1 = (unsigned long)bl2_tzram_layout;
printf("Booting trusted firmware boot loader stage 2\n\r");
#if DEBUG
printf("BL2 address = 0x%llx \n\r", (unsigned long long) bl2_base);
- printf("BL2 cpsr = 0x%x \n\r", spsr);
+ printf("BL2 cpsr = 0x%x \n\r", bl2_ep.spsr);
printf("BL2 memory layout address = 0x%llx \n\r",
(unsigned long long) bl2_tzram_layout);
#endif
- run_image(bl2_base,
- spsr,
- SECURE,
- (void *) bl2_tzram_layout,
- NULL);
+ bl1_run_bl2(&bl2_ep);
}
/*
@@ -122,17 +150,16 @@
* Temporary function to print the fact that BL2 has done its job and BL31 is
* about to be loaded. This is needed as long as printfs cannot be used
******************************************************************************/
-void display_boot_progress(unsigned long entrypoint,
- unsigned long spsr,
- unsigned long mem_layout,
- unsigned long ns_image_info)
+void display_boot_progress(el_change_info_t *bl31_ep_info)
{
printf("Booting trusted firmware boot loader stage 3\n\r");
#if DEBUG
- printf("BL31 address = 0x%llx \n\r", (unsigned long long) entrypoint);
- printf("BL31 cpsr = 0x%llx \n\r", (unsigned long long)spsr);
- printf("BL31 memory layout address = 0x%llx \n\r", (unsigned long long)mem_layout);
- printf("BL31 non-trusted image info address = 0x%llx\n\r", (unsigned long long)ns_image_info);
+ printf("BL31 address = 0x%llx\n",
+ (unsigned long long)bl31_ep_info->entrypoint);
+ printf("BL31 cpsr = 0x%llx\n",
+ (unsigned long long)bl31_ep_info->spsr);
+ printf("BL31 args address = 0x%llx\n",
+ (unsigned long long)bl31_ep_info->args.arg0);
#endif
return;
}