u-boot/arch/arm/mach-socfpga/include/mach/boot0.h

25 lines
438 B
C
Raw Normal View History

ARM: socfpga: Add boot0 hook to prevent SPL corruption Valid Altera SoCFPGA preloader image must contain special data at offsets 0x40, 0x44, 0x48 and valid instructions at address 0x4c or 0x50. These addresses are by default used by U-Boot's vector table and a piece of reset handler, thus a valid preloader corrupts those addresses slightly. While this works most of the time, this can and does prevent the board from rebooting sometimes and triggering this issue may even depend on compiler. The problem is that when SoCFPGA performs warm reset, it checks the addresses 0x40..0x4b in SRAM for a valid preloader signature and header checksum. If those are found, it jumps to address 0x4c or 0x50 (this is unclear). These addresses are populated by the first few instructions of arch/arm/cpu/armv7/start.S: ffff0040 <data_abort>: ffff0040: ebfffffe bl ffff0040 <data_abort> ffff0044 <reset>: ffff0044: ea000012 b ffff0094 <save_boot_params> ffff0048 <save_boot_params_ret>: ffff0048: e10f0000 mrs r0, CPSR ffff004c: e200101f and r1, r0, #31 ffff0050: e331001a teq r1, #26 Without this patch, the CPU will enter the code at 0xffff004c or 0xffff0050 , at which point the value of r0 and r1 registers is undefined. Moreover, jumping directly to the preloader entry point at address 0xffff0000 will also fail, because address 0xffff004. is invalid and contains the preloader magic. Add BOOT0 hook which reserves the area at offset 0x40..0x5f and populates offset 0x50 with jump to the entry point. This way, the preloader signature is stored in reserved space and can not corrupt the SPL code. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Chin Liang See <clsee@altera.com> Cc: Dinh Nguyen <dinguyen@opensource.altera.com> Cc: Stefan Roese <sr@denx.de> Tested-by: Dinh Nguyen <dinguyen@opensource.altera.com>
2016-11-16 16:20:23 +00:00
/*
* Specialty padding for the Altera SoCFPGA preloader image
*
* SPDX-License-Identifier: GPL-2.0+
*/
#ifndef __BOOT0_H
#define __BOOT0_H
#ifdef CONFIG_SPL_BUILD
.balignl 64,0xf33db33f;
.word 0x1337c0d3; /* SoCFPGA preloader validation word */
.word 0xc01df00d; /* Version, flags, length */
.word 0xcafec0d3; /* Checksum, zero-pad */
ARM: socfpga: Add boot0 hook to prevent SPL corruption Valid Altera SoCFPGA preloader image must contain special data at offsets 0x40, 0x44, 0x48 and valid instructions at address 0x4c or 0x50. These addresses are by default used by U-Boot's vector table and a piece of reset handler, thus a valid preloader corrupts those addresses slightly. While this works most of the time, this can and does prevent the board from rebooting sometimes and triggering this issue may even depend on compiler. The problem is that when SoCFPGA performs warm reset, it checks the addresses 0x40..0x4b in SRAM for a valid preloader signature and header checksum. If those are found, it jumps to address 0x4c or 0x50 (this is unclear). These addresses are populated by the first few instructions of arch/arm/cpu/armv7/start.S: ffff0040 <data_abort>: ffff0040: ebfffffe bl ffff0040 <data_abort> ffff0044 <reset>: ffff0044: ea000012 b ffff0094 <save_boot_params> ffff0048 <save_boot_params_ret>: ffff0048: e10f0000 mrs r0, CPSR ffff004c: e200101f and r1, r0, #31 ffff0050: e331001a teq r1, #26 Without this patch, the CPU will enter the code at 0xffff004c or 0xffff0050 , at which point the value of r0 and r1 registers is undefined. Moreover, jumping directly to the preloader entry point at address 0xffff0000 will also fail, because address 0xffff004. is invalid and contains the preloader magic. Add BOOT0 hook which reserves the area at offset 0x40..0x5f and populates offset 0x50 with jump to the entry point. This way, the preloader signature is stored in reserved space and can not corrupt the SPL code. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Chin Liang See <clsee@altera.com> Cc: Dinh Nguyen <dinguyen@opensource.altera.com> Cc: Stefan Roese <sr@denx.de> Tested-by: Dinh Nguyen <dinguyen@opensource.altera.com>
2016-11-16 16:20:23 +00:00
nop;
b reset; /* SoCFPGA jumps here */
nop;
nop;
nop;
#endif
ARM: socfpga: Add boot0 hook to prevent SPL corruption Valid Altera SoCFPGA preloader image must contain special data at offsets 0x40, 0x44, 0x48 and valid instructions at address 0x4c or 0x50. These addresses are by default used by U-Boot's vector table and a piece of reset handler, thus a valid preloader corrupts those addresses slightly. While this works most of the time, this can and does prevent the board from rebooting sometimes and triggering this issue may even depend on compiler. The problem is that when SoCFPGA performs warm reset, it checks the addresses 0x40..0x4b in SRAM for a valid preloader signature and header checksum. If those are found, it jumps to address 0x4c or 0x50 (this is unclear). These addresses are populated by the first few instructions of arch/arm/cpu/armv7/start.S: ffff0040 <data_abort>: ffff0040: ebfffffe bl ffff0040 <data_abort> ffff0044 <reset>: ffff0044: ea000012 b ffff0094 <save_boot_params> ffff0048 <save_boot_params_ret>: ffff0048: e10f0000 mrs r0, CPSR ffff004c: e200101f and r1, r0, #31 ffff0050: e331001a teq r1, #26 Without this patch, the CPU will enter the code at 0xffff004c or 0xffff0050 , at which point the value of r0 and r1 registers is undefined. Moreover, jumping directly to the preloader entry point at address 0xffff0000 will also fail, because address 0xffff004. is invalid and contains the preloader magic. Add BOOT0 hook which reserves the area at offset 0x40..0x5f and populates offset 0x50 with jump to the entry point. This way, the preloader signature is stored in reserved space and can not corrupt the SPL code. Signed-off-by: Marek Vasut <marex@denx.de> Cc: Chin Liang See <clsee@altera.com> Cc: Dinh Nguyen <dinguyen@opensource.altera.com> Cc: Stefan Roese <sr@denx.de> Tested-by: Dinh Nguyen <dinguyen@opensource.altera.com>
2016-11-16 16:20:23 +00:00
#endif /* __BOOT0_H */