Commit graph

11 commits

Author SHA1 Message Date
Stefan Agner
da91cfed54 ARM: non-sec: flush code cacheline aligned
Flush operations need to be cacheline aligned to take effect, make
sure to flush always complete cachelines. This avoids messages such
as:
CACHE: Misaligned operation at range [00900000, 009004d9]

Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Tested-by: Fabio Estevam <fabio.estevam@nxp.com>
2016-08-12 09:22:15 -04:00
Ian Campbell
73169874a2 tegra124: Reserve secure RAM using MC_SECURITY_CFG{0, 1}_0
These registers can be used to prevent non-secure world from accessing a
megabyte aligned region of RAM, use them to protect the u-boot secure monitor
code.

At first I tried to do this from s_init(), however this inexplicably causes
u-boot's networking (e.g. DHCP) to fail, while networking under Linux was fine.

So instead I have added a new weak arch function protect_secure_section()
called from relocate_secure_section() and reserved the region there. This is
better overall since it defers the reservation until after the sec vs. non-sec
decision (which can be influenced by an envvar) has been made when booting the
os.

Signed-off-by: Ian Campbell <ijc@hellion.org.uk>
[Jan: tiny style adjustment]
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Thierry Reding <treding@nvidia.com>
Tested-by: Thierry Reding <treding@nvidia.com>
Tested-by: Ian Campbell <ijc@hellion.org.uk>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2015-05-13 09:24:15 -07:00
Jan Kiszka
ce416fac38 ARM: Add board-specific initialization hook for PSCI
Tegra boards will have to initialize power management for the PSCI
support this way.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Tom Warren <twarren@nvidia.com>
2015-05-13 09:24:15 -07:00
Peng Fan
02251eefc9 ARM: HYP/non-sec: relocation before enable secondary cores
If CONFIG_ARMV7_PSCI is not defined and CONFIG_ARMV7_SECURE_BASE is defined,
smp_kicl_all_cpus may enable secondary cores and runs into secure_ram_addr(
_smp_pen), before code is relocated to secure ram.
So need relocation to secure ram before enable secondary cores.

Signed-off-by: Peng Fan <Peng.Fan@freescale.com>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
2015-03-01 16:33:21 +01:00
tang yuantian
5699274373 ARM: HYP/non-sec: Make variable gic_dist_addr as a local one
Defining variable gic_dist_addr as a globe one prevents some
functions, which use it, from being used before relocation
which is the case in the deep sleep resume process on Freescale
SoC platforms.
Besides, we can always get the GIC base address by calling
get_gicd_base_address() without referring gic_dist_addr.

Signed-off-by: Tang Yuantian <Yuantian.Tang@freescale.com>
Reviewed-by: York Sun <yorksun@freescale.com>
2015-01-23 22:29:14 -06:00
Marc Zyngier
9d195a5461 ARM: HYP/non-sec: remove MIDR check to validate CBAR
Having a form of whitelist to check if we know of a CPU core
and and obtain CBAR is a bit silly.

It doesn't scale (how about A12, A17, as well as other I don't know
about?), and is actually a property of the SoC, not the core.

So either it works and everybody is happy, or it doesn't and
the u-boot port to this SoC is providing the real address via
a configuration option.

The result of the above is that this code doesn't need to exist,
is thus forcefully removed.

Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Acked-by: Ian Campbell <ijc@hellion.org.uk>
2014-07-28 17:19:55 +02:00
Marc Zyngier
f510aeae68 ARM: HYP/non-sec: allow relocation to secure RAM
The current non-sec switching code suffers from one major issue:
it cannot run in secure RAM, as a large part of u-boot still needs
to be run while we're switched to non-secure.

This patch reworks the whole HYP/non-secure strategy by:
- making sure the secure code is the *last* thing u-boot executes
  before entering the payload
- performing an exception return from secure mode directly into
  the payload
- allowing the code to be dynamically relocated to secure RAM
  before switching to non-secure.

This involves quite a bit of horrible code, specially as u-boot
relocation is quite primitive.

Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Acked-by: Ian Campbell <ijc@hellion.org.uk>
2014-07-28 17:19:09 +02:00
Andre Przywara
f833e790b4 ARM: virtualization: replace verbose license with SPDX identifier
The original creation of arch/arm/cpu/armv7/{virt-v7.c,nonsec_virt.S}
predates the SPDX conversion, so the original elaborate license
statements sneaked in.
Fix this by replacing them with the proper abbreviation.

Signed-off-by: Andre Przywara <andre.przywara@linaro.org>
2013-10-07 08:21:13 -04:00
Andre Przywara
d429688754 ARM: extend non-secure switch to also go into HYP mode
For the KVM and XEN hypervisors to be usable, we need to enter the
kernel in HYP mode. Now that we already are in non-secure state,
HYP mode switching is within short reach.

While doing the non-secure switch, we have to enable the HVC
instruction and setup the HYP mode HVBAR (while still secure).

The actual switch is done by dropping back from a HYP mode handler
without actually leaving HYP mode, so we introduce a new handler
routine in our new secure exception vector table.

In the assembly switching routine we save and restore the banked LR
and SP registers around the hypercall to do the actual HYP mode
switch.

The C routine first checks whether we are in HYP mode already and
also whether the virtualization extensions are available. It also
checks whether the HYP mode switch was finally successful.
The bootm command part only calls the new function after the
non-secure switch.

Signed-off-by: Andre Przywara <andre.przywara@linaro.org>
2013-10-03 21:28:55 +02:00
Andre Przywara
ba6a169811 ARM: add SMP support for non-secure switch
Currently the non-secure switch is only done for the boot processor.
To enable full SMP support, we have to switch all secondary cores
into non-secure state also.

So we add an entry point for secondary CPUs coming out of low-power
state and make sure we put them into WFI again after having switched
to non-secure state.
For this we acknowledge and EOI the wake-up IPI, then go into WFI.
Once being kicked out of it later, we sanity check that the start
address has actually been changed (since another attempt to switch
to non-secure would block the core) and jump to the new address.

The actual CPU kick is done by sending an inter-processor interrupt
via the GIC to all CPU interfaces except the requesting processor.
The secondary cores will then setup their respective GIC CPU
interface.
While this approach is pretty universal across several ARMv7 boards,
we make this function weak in case someone needs to tweak this for
a specific board.

The way of setting the secondary's start address is board specific,
but mostly different only in the actual SMP pen address, so we also
provide a weak default implementation and just depend on the proper
address to be set in the config file.

Signed-off-by: Andre Przywara <andre.przywara@linaro.org>
2013-10-03 21:28:51 +02:00
Andre Przywara
1ef923851a ARM: add C function to switch to non-secure state
The core specific part of the work is done in the assembly routine
in nonsec_virt.S, introduced with the previous patch, but for the full
glory we need to setup the GIC distributor interface once for the
whole system, which is done in C here.
The routine is placed in arch/arm/cpu/armv7 to allow easy access from
other ARMv7 boards.

We check the availability of the security extensions first.

Since we need a safe way to access the GIC, we use the PERIPHBASE
registers on Cortex-A15 and A7 CPUs and do some sanity checks.
Boards not implementing the CBAR can override this value via a
configuration file variable.

Then we actually do the GIC enablement:
a) enable the GIC distributor, both for non-secure and secure state
   (GICD_CTLR[1:0] = 11b)
b) allow all interrupts to be handled from non-secure state
   (GICD_IGROUPRn = 0xFFFFFFFF)

The core specific GIC setup is then done in the assembly routine.

Signed-off-by: Andre Przywara <andre.przywara@linaro.org>
2013-10-03 21:28:43 +02:00