1// SPDX-License-Identifier: GPL-2.0+ 2/* 3 * (C) Copyright 2013 4 * Andre Przywara, Linaro <andre.przywara@linaro.org> 5 * 6 * Routines to transition ARMv7 processors from secure into non-secure state 7 * and from non-secure SVC into HYP mode 8 * needed to enable ARMv7 virtualization for current hypervisors 9 */ 10 11#include <common.h> 12#include <cpu_func.h> 13#include <asm/armv7.h> 14#include <asm/cache.h> 15#include <asm/gic.h> 16#include <asm/io.h> 17#include <asm/secure.h> 18 19static unsigned int read_id_pfr1(void) 20{ 21 unsigned int reg; 22 23 asm("mrc p15, 0, %0, c0, c1, 1\n" : "=r"(reg)); 24 return reg; 25} 26 27static unsigned long get_gicd_base_address(void) 28{ 29#ifdef CONFIG_ARM_GIC_BASE_ADDRESS 30 return CONFIG_ARM_GIC_BASE_ADDRESS + GIC_DIST_OFFSET; 31#else 32 unsigned periphbase; 33 34 /* get the GIC base address from the CBAR register */ 35 asm("mrc p15, 4, %0, c15, c0, 0\n" : "=r" (periphbase)); 36 37 /* the PERIPHBASE can be mapped above 4 GB (lower 8 bits used to 38 * encode this). Bail out here since we cannot access this without 39 * enabling paging. 40 */ 41 if ((periphbase & 0xff) != 0) { 42 printf("nonsec: PERIPHBASE is above 4 GB, no access.\n"); 43 return -1; 44 } 45 46 return (periphbase & CBAR_MASK) + GIC_DIST_OFFSET; 47#endif 48} 49 50/* Define a specific version of this function to enable any available 51 * hardware protections for the reserved region */ 52void __weak protect_secure_section(void) {} 53 54static void relocate_secure_section(void) 55{ 56#ifdef CONFIG_ARMV7_SECURE_BASE 57 size_t sz = __secure_end - __secure_start; 58 unsigned long szflush = ALIGN(sz + 1, CONFIG_SYS_CACHELINE_SIZE); 59 60 memcpy((void *)CONFIG_ARMV7_SECURE_BASE, __secure_start, sz); 61 62 flush_dcache_range(CONFIG_ARMV7_SECURE_BASE, 63 CONFIG_ARMV7_SECURE_BASE + szflush); 64 protect_secure_section(); 65 invalidate_icache_all(); 66#endif 67} 68 69static void kick_secondary_cpus_gic(unsigned long gicdaddr) 70{ 71 /* kick all CPUs (except this one) by writing to GICD_SGIR */ 72 writel(1U << 24, gicdaddr + GICD_SGIR); 73} 74 75void __weak smp_kick_all_cpus(void) 76{ 77 unsigned long gic_dist_addr; 78 79 gic_dist_addr = get_gicd_base_address(); 80 if (gic_dist_addr == -1) 81 return; 82 83 kick_secondary_cpus_gic(gic_dist_addr); 84} 85 86__weak void psci_board_init(void) 87{ 88} 89 90int armv7_init_nonsec(void) 91{ 92 unsigned int reg; 93 unsigned itlinesnr, i; 94 unsigned long gic_dist_addr; 95 96 /* check whether the CPU supports the security extensions */ 97 reg = read_id_pfr1(); 98 if ((reg & 0xF0) == 0) { 99 printf("nonsec: Security extensions not implemented.\n"); 100 return -1; 101 } 102 103 /* the SCR register will be set directly in the monitor mode handler, 104 * according to the spec one should not tinker with it in secure state 105 * in SVC mode. Do not try to read it once in non-secure state, 106 * any access to it will trap. 107 */ 108 109 gic_dist_addr = get_gicd_base_address(); 110 if (gic_dist_addr == -1) 111 return -1; 112 113 /* enable the GIC distributor */ 114 writel(readl(gic_dist_addr + GICD_CTLR) | 0x03, 115 gic_dist_addr + GICD_CTLR); 116 117 /* TYPER[4:0] contains an encoded number of available interrupts */ 118 itlinesnr = readl(gic_dist_addr + GICD_TYPER) & 0x1f; 119 120 /* set all bits in the GIC group registers to one to allow access 121 * from non-secure state. The first 32 interrupts are private per 122 * CPU and will be set later when enabling the GIC for each core 123 */ 124 for (i = 1; i <= itlinesnr; i++) 125 writel((unsigned)-1, gic_dist_addr + GICD_IGROUPRn + 4 * i); 126 127 psci_board_init(); 128 129 /* 130 * Relocate secure section before any cpu runs in secure ram. 131 * smp_kick_all_cpus may enable other cores and runs into secure 132 * ram, so need to relocate secure section before enabling other 133 * cores. 134 */ 135 relocate_secure_section(); 136 137#ifndef CONFIG_ARMV7_PSCI 138 smp_set_core_boot_addr((unsigned long)secure_ram_addr(_smp_pen), -1); 139 smp_kick_all_cpus(); 140#endif 141 142 /* call the non-sec switching code on this CPU also */ 143 secure_ram_addr(_nonsec_init)(); 144 return 0; 145} 146