Gary Morrison | 3d7f654 | 2021-01-27 13:08:47 -0600 | [diff] [blame] | 1 | /* |
johpow01 | 0033b25 | 2021-10-11 14:51:11 -0500 | [diff] [blame] | 2 | * Copyright (c) 2021, ARM Limited and Contributors. All rights reserved. |
Gary Morrison | 3d7f654 | 2021-01-27 13:08:47 -0600 | [diff] [blame] | 3 | * |
| 4 | * SPDX-License-Identifier: BSD-3-Clause |
| 5 | */ |
| 6 | |
| 7 | #ifndef EL2_COMMON_MACROS_S |
| 8 | #define EL2_COMMON_MACROS_S |
| 9 | |
| 10 | #include <arch.h> |
| 11 | #include <asm_macros.S> |
| 12 | #include <context.h> |
| 13 | #include <lib/xlat_tables/xlat_tables_defs.h> |
| 14 | |
| 15 | #include <platform_def.h> |
| 16 | |
| 17 | /* |
| 18 | * Helper macro to initialise system registers at EL2. |
| 19 | */ |
| 20 | .macro el2_arch_init_common |
| 21 | |
| 22 | /* --------------------------------------------------------------------- |
| 23 | * SCTLR_EL2 has already been initialised - read current value before |
| 24 | * modifying. |
| 25 | * |
| 26 | * SCTLR_EL2.I: Enable the instruction cache. |
| 27 | * |
| 28 | * SCTLR_EL2.SA: Enable Stack Alignment check. A SP alignment fault |
| 29 | * exception is generated if a load or store instruction executed at |
| 30 | * EL2 uses the SP as the base address and the SP is not aligned to a |
| 31 | * 16-byte boundary. |
| 32 | * |
| 33 | * SCTLR_EL2.A: Enable Alignment fault checking. All instructions that |
| 34 | * load or store one or more registers have an alignment check that the |
| 35 | * address being accessed is aligned to the size of the data element(s) |
| 36 | * being accessed. |
| 37 | * --------------------------------------------------------------------- |
| 38 | */ |
| 39 | mov x1, #(SCTLR_I_BIT | SCTLR_A_BIT | SCTLR_SA_BIT) |
| 40 | mrs x0, sctlr_el2 |
| 41 | orr x0, x0, x1 |
| 42 | msr sctlr_el2, x0 |
| 43 | isb |
| 44 | |
| 45 | /* --------------------------------------------------------------------- |
| 46 | * Initialise HCR_EL2, setting all fields rather than relying on HW. |
| 47 | * All fields are architecturally UNKNOWN on reset. The following fields |
| 48 | * do not change during the TF lifetime. The remaining fields are set to |
| 49 | * zero here but are updated ahead of transitioning to a lower EL in the |
| 50 | * function cm_init_context_common(). |
| 51 | * |
| 52 | * HCR_EL2.TWE: Set to zero so that execution of WFE instructions at |
| 53 | * EL2, EL1 and EL0 are not trapped to EL2. |
| 54 | * |
| 55 | * HCR_EL2.TWI: Set to zero so that execution of WFI instructions at |
| 56 | * EL2, EL1 and EL0 are not trapped to EL2. |
| 57 | * |
| 58 | * HCR_EL2.HCD: Set to zero to enable HVC calls at EL1 and above, |
| 59 | * from both Security states and both Execution states. |
| 60 | * |
| 61 | * HCR_EL2.TEA: Set to one to route External Aborts and SError |
| 62 | * Interrupts to EL2 when executing at any EL. |
| 63 | * |
| 64 | * HCR_EL2.{API,APK}: For Armv8.3 pointer authentication feature, |
| 65 | * disable traps to EL2 when accessing key registers or using |
| 66 | * pointer authentication instructions from lower ELs. |
| 67 | * --------------------------------------------------------------------- |
| 68 | */ |
| 69 | mov_imm x0, ((HCR_RESET_VAL | HCR_TEA_BIT) \ |
| 70 | & ~(HCR_TWE_BIT | HCR_TWI_BIT | HCR_HCD_BIT)) |
| 71 | #if CTX_INCLUDE_PAUTH_REGS |
| 72 | /* |
| 73 | * If the pointer authentication registers are saved during world |
| 74 | * switches, enable pointer authentication everywhere, as it is safe to |
| 75 | * do so. |
| 76 | */ |
| 77 | orr x0, x0, #(HCR_API_BIT | HCR_APK_BIT) |
| 78 | #endif /* CTX_INCLUDE_PAUTH_REGS */ |
| 79 | msr hcr_el2, x0 |
| 80 | |
| 81 | /* --------------------------------------------------------------------- |
| 82 | * Initialise MDCR_EL2, setting all fields rather than relying on |
| 83 | * hw. Some fields are architecturally UNKNOWN on reset. |
| 84 | * |
Gary Morrison | 3d7f654 | 2021-01-27 13:08:47 -0600 | [diff] [blame] | 85 | * MDCR_EL2.TDOSA: Set to zero so that EL2 and EL2 System register |
| 86 | * access to the powerdown debug registers do not trap to EL2. |
| 87 | * |
| 88 | * MDCR_EL2.TDA: Set to zero to allow EL0, EL1 and EL2 access to the |
| 89 | * debug registers, other than those registers that are controlled by |
| 90 | * MDCR_EL2.TDOSA. |
| 91 | * |
| 92 | * MDCR_EL2.TPM: Set to zero so that EL0, EL1, and EL2 System |
| 93 | * register accesses to all Performance Monitors registers do not trap |
| 94 | * to EL2. |
| 95 | * |
johpow01 | 0033b25 | 2021-10-11 14:51:11 -0500 | [diff] [blame] | 96 | * MDCR_EL2.HPMD: Set to zero so that event counting by the program- |
Gary Morrison | 3d7f654 | 2021-01-27 13:08:47 -0600 | [diff] [blame] | 97 | * mable counters PMEVCNTR<n>_EL0 is prohibited in Secure state. If |
| 98 | * ARMv8.2 Debug is not implemented this bit does not have any effect |
| 99 | * on the counters unless there is support for the implementation |
| 100 | * defined authentication interface |
| 101 | * ExternalSecureNoninvasiveDebugEnabled(). |
| 102 | * --------------------------------------------------------------------- |
| 103 | */ |
johpow01 | 0033b25 | 2021-10-11 14:51:11 -0500 | [diff] [blame] | 104 | mov_imm x0, ((MDCR_EL2_RESET_VAL | \ |
| 105 | MDCR_SPD32(MDCR_SPD32_DISABLE)) \ |
| 106 | & ~(MDCR_EL2_HPMD | MDCR_TDOSA_BIT | \ |
Gary Morrison | 3d7f654 | 2021-01-27 13:08:47 -0600 | [diff] [blame] | 107 | MDCR_TDA_BIT | MDCR_TPM_BIT)) |
| 108 | |
| 109 | msr mdcr_el2, x0 |
| 110 | |
| 111 | /* --------------------------------------------------------------------- |
| 112 | * Initialise PMCR_EL0 setting all fields rather than relying |
| 113 | * on hw. Some fields are architecturally UNKNOWN on reset. |
| 114 | * |
Gary Morrison | 3d7f654 | 2021-01-27 13:08:47 -0600 | [diff] [blame] | 115 | * PMCR_EL0.DP: Set to one so that the cycle counter, |
| 116 | * PMCCNTR_EL0 does not count when event counting is prohibited. |
| 117 | * |
| 118 | * PMCR_EL0.X: Set to zero to disable export of events. |
| 119 | * |
| 120 | * PMCR_EL0.D: Set to zero so that, when enabled, PMCCNTR_EL0 |
| 121 | * counts on every clock cycle. |
| 122 | * --------------------------------------------------------------------- |
| 123 | */ |
johpow01 | 0033b25 | 2021-10-11 14:51:11 -0500 | [diff] [blame] | 124 | mov_imm x0, ((PMCR_EL0_RESET_VAL | PMCR_EL0_DP_BIT) & \ |
Gary Morrison | 3d7f654 | 2021-01-27 13:08:47 -0600 | [diff] [blame] | 125 | ~(PMCR_EL0_X_BIT | PMCR_EL0_D_BIT)) |
| 126 | |
| 127 | msr pmcr_el0, x0 |
| 128 | |
| 129 | /* --------------------------------------------------------------------- |
| 130 | * Enable External Aborts and SError Interrupts now that the exception |
| 131 | * vectors have been setup. |
| 132 | * --------------------------------------------------------------------- |
| 133 | */ |
| 134 | msr daifclr, #DAIF_ABT_BIT |
| 135 | |
| 136 | /* --------------------------------------------------------------------- |
| 137 | * Initialise CPTR_EL2, setting all fields rather than relying on hw. |
| 138 | * All fields are architecturally UNKNOWN on reset. |
| 139 | * |
| 140 | * CPTR_EL2.TCPAC: Set to zero so that any accesses to CPACR_EL1 do |
| 141 | * not trap to EL2. |
| 142 | * |
| 143 | * CPTR_EL2.TTA: Set to zero so that System register accesses to the |
| 144 | * trace registers do not trap to EL2. |
| 145 | * |
| 146 | * CPTR_EL2.TFP: Set to zero so that accesses to the V- or Z- registers |
| 147 | * by Advanced SIMD, floating-point or SVE instructions (if implemented) |
| 148 | * do not trap to EL2. |
| 149 | */ |
| 150 | |
| 151 | mov_imm x0, (CPTR_EL2_RESET_VAL & ~(TCPAC_BIT | TTA_BIT | TFP_BIT)) |
| 152 | msr cptr_el2, x0 |
| 153 | |
| 154 | /* |
| 155 | * If Data Independent Timing (DIT) functionality is implemented, |
| 156 | * always enable DIT in EL2 |
| 157 | */ |
| 158 | mrs x0, id_aa64pfr0_el1 |
| 159 | ubfx x0, x0, #ID_AA64PFR0_DIT_SHIFT, #ID_AA64PFR0_DIT_LENGTH |
| 160 | cmp x0, #ID_AA64PFR0_DIT_SUPPORTED |
| 161 | bne 1f |
| 162 | mov x0, #DIT_BIT |
| 163 | msr DIT, x0 |
| 164 | 1: |
| 165 | .endm |
| 166 | |
| 167 | /* ----------------------------------------------------------------------------- |
| 168 | * This is the super set of actions that need to be performed during a cold boot |
| 169 | * or a warm boot in EL2. This code is shared by BL1 and BL31. |
| 170 | * |
| 171 | * This macro will always perform reset handling, architectural initialisations |
| 172 | * and stack setup. The rest of the actions are optional because they might not |
| 173 | * be needed, depending on the context in which this macro is called. This is |
| 174 | * why this macro is parameterised ; each parameter allows to enable/disable |
| 175 | * some actions. |
| 176 | * |
| 177 | * _init_sctlr: |
| 178 | * Whether the macro needs to initialise SCTLR_EL2, including configuring |
| 179 | * the endianness of data accesses. |
| 180 | * |
| 181 | * _warm_boot_mailbox: |
| 182 | * Whether the macro needs to detect the type of boot (cold/warm). The |
| 183 | * detection is based on the platform entrypoint address : if it is zero |
| 184 | * then it is a cold boot, otherwise it is a warm boot. In the latter case, |
| 185 | * this macro jumps on the platform entrypoint address. |
| 186 | * |
| 187 | * _secondary_cold_boot: |
| 188 | * Whether the macro needs to identify the CPU that is calling it: primary |
| 189 | * CPU or secondary CPU. The primary CPU will be allowed to carry on with |
| 190 | * the platform initialisations, while the secondaries will be put in a |
| 191 | * platform-specific state in the meantime. |
| 192 | * |
| 193 | * If the caller knows this macro will only be called by the primary CPU |
| 194 | * then this parameter can be defined to 0 to skip this step. |
| 195 | * |
| 196 | * _init_memory: |
| 197 | * Whether the macro needs to initialise the memory. |
| 198 | * |
| 199 | * _init_c_runtime: |
| 200 | * Whether the macro needs to initialise the C runtime environment. |
| 201 | * |
| 202 | * _exception_vectors: |
| 203 | * Address of the exception vectors to program in the VBAR_EL2 register. |
| 204 | * |
| 205 | * _pie_fixup_size: |
| 206 | * Size of memory region to fixup Global Descriptor Table (GDT). |
| 207 | * |
| 208 | * A non-zero value is expected when firmware needs GDT to be fixed-up. |
| 209 | * |
| 210 | * ----------------------------------------------------------------------------- |
| 211 | */ |
| 212 | .macro el2_entrypoint_common \ |
| 213 | _init_sctlr, _warm_boot_mailbox, _secondary_cold_boot, \ |
| 214 | _init_memory, _init_c_runtime, _exception_vectors, \ |
| 215 | _pie_fixup_size |
| 216 | |
| 217 | .if \_init_sctlr |
| 218 | /* ------------------------------------------------------------- |
| 219 | * This is the initialisation of SCTLR_EL2 and so must ensure |
| 220 | * that all fields are explicitly set rather than relying on hw. |
| 221 | * Some fields reset to an IMPLEMENTATION DEFINED value and |
| 222 | * others are architecturally UNKNOWN on reset. |
| 223 | * |
| 224 | * SCTLR.EE: Set the CPU endianness before doing anything that |
| 225 | * might involve memory reads or writes. Set to zero to select |
| 226 | * Little Endian. |
| 227 | * |
| 228 | * SCTLR_EL2.WXN: For the EL2 translation regime, this field can |
| 229 | * force all memory regions that are writeable to be treated as |
| 230 | * XN (Execute-never). Set to zero so that this control has no |
| 231 | * effect on memory access permissions. |
| 232 | * |
| 233 | * SCTLR_EL2.SA: Set to zero to disable Stack Alignment check. |
| 234 | * |
| 235 | * SCTLR_EL2.A: Set to zero to disable Alignment fault checking. |
| 236 | * |
| 237 | * SCTLR.DSSBS: Set to zero to disable speculation store bypass |
| 238 | * safe behaviour upon exception entry to EL2. |
| 239 | * ------------------------------------------------------------- |
| 240 | */ |
| 241 | mov_imm x0, (SCTLR_RESET_VAL & ~(SCTLR_EE_BIT | SCTLR_WXN_BIT \ |
| 242 | | SCTLR_SA_BIT | SCTLR_A_BIT | SCTLR_DSSBS_BIT)) |
| 243 | msr sctlr_el2, x0 |
| 244 | isb |
| 245 | .endif /* _init_sctlr */ |
| 246 | |
| 247 | #if DISABLE_MTPMU |
| 248 | bl mtpmu_disable |
| 249 | #endif |
| 250 | |
| 251 | .if \_warm_boot_mailbox |
| 252 | /* ------------------------------------------------------------- |
| 253 | * This code will be executed for both warm and cold resets. |
| 254 | * Now is the time to distinguish between the two. |
| 255 | * Query the platform entrypoint address and if it is not zero |
| 256 | * then it means it is a warm boot so jump to this address. |
| 257 | * ------------------------------------------------------------- |
| 258 | */ |
| 259 | bl plat_get_my_entrypoint |
| 260 | cbz x0, do_cold_boot |
| 261 | br x0 |
| 262 | |
| 263 | do_cold_boot: |
| 264 | .endif /* _warm_boot_mailbox */ |
| 265 | |
| 266 | .if \_pie_fixup_size |
| 267 | #if ENABLE_PIE |
| 268 | /* |
| 269 | * ------------------------------------------------------------ |
| 270 | * If PIE is enabled fixup the Global descriptor Table only |
| 271 | * once during primary core cold boot path. |
| 272 | * |
| 273 | * Compile time base address, required for fixup, is calculated |
| 274 | * using "pie_fixup" label present within first page. |
| 275 | * ------------------------------------------------------------ |
| 276 | */ |
| 277 | pie_fixup: |
| 278 | ldr x0, =pie_fixup |
| 279 | and x0, x0, #~(PAGE_SIZE_MASK) |
| 280 | mov_imm x1, \_pie_fixup_size |
| 281 | add x1, x1, x0 |
| 282 | bl fixup_gdt_reloc |
| 283 | #endif /* ENABLE_PIE */ |
| 284 | .endif /* _pie_fixup_size */ |
| 285 | |
| 286 | /* --------------------------------------------------------------------- |
| 287 | * Set the exception vectors. |
| 288 | * --------------------------------------------------------------------- |
| 289 | */ |
| 290 | adr x0, \_exception_vectors |
| 291 | msr vbar_el2, x0 |
| 292 | isb |
| 293 | |
| 294 | /* --------------------------------------------------------------------- |
| 295 | * It is a cold boot. |
| 296 | * Perform any processor specific actions upon reset e.g. cache, TLB |
| 297 | * invalidations etc. |
| 298 | * --------------------------------------------------------------------- |
| 299 | */ |
| 300 | bl reset_handler |
| 301 | |
| 302 | el2_arch_init_common |
| 303 | |
| 304 | .if \_secondary_cold_boot |
| 305 | /* ------------------------------------------------------------- |
| 306 | * Check if this is a primary or secondary CPU cold boot. |
| 307 | * The primary CPU will set up the platform while the |
| 308 | * secondaries are placed in a platform-specific state until the |
| 309 | * primary CPU performs the necessary actions to bring them out |
| 310 | * of that state and allows entry into the OS. |
| 311 | * ------------------------------------------------------------- |
| 312 | */ |
| 313 | bl plat_is_my_cpu_primary |
| 314 | cbnz w0, do_primary_cold_boot |
| 315 | |
| 316 | /* This is a cold boot on a secondary CPU */ |
| 317 | bl plat_secondary_cold_boot_setup |
| 318 | /* plat_secondary_cold_boot_setup() is not supposed to return */ |
| 319 | bl el2_panic |
| 320 | do_primary_cold_boot: |
| 321 | .endif /* _secondary_cold_boot */ |
| 322 | |
| 323 | /* --------------------------------------------------------------------- |
| 324 | * Initialize memory now. Secondary CPU initialization won't get to this |
| 325 | * point. |
| 326 | * --------------------------------------------------------------------- |
| 327 | */ |
| 328 | |
| 329 | .if \_init_memory |
| 330 | bl platform_mem_init |
| 331 | .endif /* _init_memory */ |
| 332 | |
| 333 | /* --------------------------------------------------------------------- |
| 334 | * Init C runtime environment: |
| 335 | * - Zero-initialise the NOBITS sections. There are 2 of them: |
| 336 | * - the .bss section; |
| 337 | * - the coherent memory section (if any). |
| 338 | * - Relocate the data section from ROM to RAM, if required. |
| 339 | * --------------------------------------------------------------------- |
| 340 | */ |
| 341 | .if \_init_c_runtime |
| 342 | adrp x0, __BSS_START__ |
| 343 | add x0, x0, :lo12:__BSS_START__ |
| 344 | |
| 345 | adrp x1, __BSS_END__ |
| 346 | add x1, x1, :lo12:__BSS_END__ |
| 347 | sub x1, x1, x0 |
| 348 | bl zeromem |
| 349 | |
| 350 | #if defined(IMAGE_BL1) || (defined(IMAGE_BL2) && BL2_AT_EL3 && BL2_IN_XIP_MEM) |
| 351 | adrp x0, __DATA_RAM_START__ |
| 352 | add x0, x0, :lo12:__DATA_RAM_START__ |
| 353 | adrp x1, __DATA_ROM_START__ |
| 354 | add x1, x1, :lo12:__DATA_ROM_START__ |
| 355 | adrp x2, __DATA_RAM_END__ |
| 356 | add x2, x2, :lo12:__DATA_RAM_END__ |
| 357 | sub x2, x2, x0 |
| 358 | bl memcpy16 |
| 359 | #endif |
| 360 | .endif /* _init_c_runtime */ |
| 361 | |
| 362 | /* --------------------------------------------------------------------- |
| 363 | * Use SP_EL0 for the C runtime stack. |
| 364 | * --------------------------------------------------------------------- |
| 365 | */ |
| 366 | msr spsel, #0 |
| 367 | |
| 368 | /* --------------------------------------------------------------------- |
| 369 | * Allocate a stack whose memory will be marked as Normal-IS-WBWA when |
| 370 | * the MMU is enabled. There is no risk of reading stale stack memory |
| 371 | * after enabling the MMU as only the primary CPU is running at the |
| 372 | * moment. |
| 373 | * --------------------------------------------------------------------- |
| 374 | */ |
| 375 | bl plat_set_my_stack |
| 376 | |
| 377 | #if STACK_PROTECTOR_ENABLED |
| 378 | .if \_init_c_runtime |
| 379 | bl update_stack_protector_canary |
| 380 | .endif /* _init_c_runtime */ |
| 381 | #endif |
| 382 | .endm |
| 383 | |
| 384 | .macro apply_at_speculative_wa |
| 385 | #if ERRATA_SPECULATIVE_AT |
| 386 | /* |
Manish Pandey | 66a056e | 2023-01-11 21:41:07 +0000 | [diff] [blame] | 387 | * This function expects x30 has been saved. |
| 388 | * Also, save x29 which will be used in the called function. |
Gary Morrison | 3d7f654 | 2021-01-27 13:08:47 -0600 | [diff] [blame] | 389 | */ |
Manish Pandey | 66a056e | 2023-01-11 21:41:07 +0000 | [diff] [blame] | 390 | str x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29] |
Gary Morrison | 3d7f654 | 2021-01-27 13:08:47 -0600 | [diff] [blame] | 391 | bl save_and_update_ptw_el1_sys_regs |
Manish Pandey | 66a056e | 2023-01-11 21:41:07 +0000 | [diff] [blame] | 392 | ldr x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29] |
Gary Morrison | 3d7f654 | 2021-01-27 13:08:47 -0600 | [diff] [blame] | 393 | #endif |
| 394 | .endm |
| 395 | |
| 396 | .macro restore_ptw_el1_sys_regs |
| 397 | #if ERRATA_SPECULATIVE_AT |
| 398 | /* ----------------------------------------------------------- |
| 399 | * In case of ERRATA_SPECULATIVE_AT, must follow below order |
| 400 | * to ensure that page table walk is not enabled until |
| 401 | * restoration of all EL1 system registers. TCR_EL1 register |
| 402 | * should be updated at the end which restores previous page |
| 403 | * table walk setting of stage1 i.e.(TCR_EL1.EPDx) bits. ISB |
| 404 | * ensures that CPU does below steps in order. |
| 405 | * |
| 406 | * 1. Ensure all other system registers are written before |
| 407 | * updating SCTLR_EL1 using ISB. |
| 408 | * 2. Restore SCTLR_EL1 register. |
| 409 | * 3. Ensure SCTLR_EL1 written successfully using ISB. |
| 410 | * 4. Restore TCR_EL1 register. |
| 411 | * ----------------------------------------------------------- |
| 412 | */ |
| 413 | isb |
| 414 | ldp x28, x29, [sp, #CTX_EL1_SYSREGS_OFFSET + CTX_SCTLR_EL1] |
| 415 | msr sctlr_el1, x28 |
| 416 | isb |
| 417 | msr tcr_el1, x29 |
| 418 | #endif |
| 419 | .endm |
| 420 | |
| 421 | #endif /* EL2_COMMON_MACROS_S */ |