From: Heinrich Schuchardt Date: Tue, 8 Jan 2019 17:13:06 +0000 (+0100) Subject: efi_loader: refactor switch to non-secure mode X-Git-Tag: v2025.01-rc5-pxa1908~3125^2~27 X-Git-Url: http://git.dujemihanovic.xyz/html/%7B%7B%20%24style.Permalink%20%7D%7D?a=commitdiff_plain;h=f6c6df7ebc12fdaab252c5869732cef6fa48d864;p=u-boot.git efi_loader: refactor switch to non-secure mode Refactor the switch from supervisor to hypervisor to a new function called at the beginning of do_bootefi(). Signed-off-by: Heinrich Schuchardt Signed-off-by: Alexander Graf --- diff --git a/arch/arm/cpu/armv7/Makefile b/arch/arm/cpu/armv7/Makefile index 4f4647c90a..8c955d0d52 100644 --- a/arch/arm/cpu/armv7/Makefile +++ b/arch/arm/cpu/armv7/Makefile @@ -14,6 +14,7 @@ obj-$(CONFIG_SYS_ARM_MPU) += mpu_v7r.o ifneq ($(CONFIG_SPL_BUILD),y) obj-$(CONFIG_EFI_LOADER) += sctlr.o +obj-$(CONFIG_ARMV7_NONSEC) += exception_level.o endif ifneq ($(CONFIG_SKIP_LOWLEVEL_INIT),y) diff --git a/arch/arm/cpu/armv7/exception_level.c b/arch/arm/cpu/armv7/exception_level.c new file mode 100644 index 0000000000..274f03d8bb --- /dev/null +++ b/arch/arm/cpu/armv7/exception_level.c @@ -0,0 +1,56 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Switch to non-secure mode + * + * Copyright (c) 2018 Heinrich Schuchardt + * + * This module contains the ARMv7 specific code required for leaving the + * secure mode before booting an operating system. + */ + +#include +#include +#include +#include +#include + +/** + * entry_non_secure() - entry point when switching to non-secure mode + * + * When switching to non-secure mode switch_to_non_secure_mode() calls this + * function passing a jump buffer. We use this jump buffer to restore the + * original stack and register state. + * + * @non_secure_jmp: jump buffer for restoring stack and registers + */ +static void entry_non_secure(struct jmp_buf_data *non_secure_jmp) +{ + dcache_enable(); + debug("Reached non-secure mode\n"); + + /* Restore stack and registers saved in switch_to_non_secure_mode() */ + longjmp(non_secure_jmp, 1); +} + +/** + * switch_to_non_secure_mode() - switch to non-secure mode + * + * Operating systems may expect to run in non-secure mode. Here we check if + * we are running in secure mode and switch to non-secure mode if necessary. + */ +void switch_to_non_secure_mode(void) +{ + static bool is_nonsec; + struct jmp_buf_data non_secure_jmp; + + if (armv7_boot_nonsec() && !is_nonsec) { + if (setjmp(&non_secure_jmp)) + return; + dcache_disable(); /* flush cache before switch to HYP */ + armv7_init_nonsec(); + is_nonsec = true; + secure_ram_addr(_do_nonsec_entry)(entry_non_secure, + (uintptr_t)&non_secure_jmp, + 0, 0); + } +} diff --git a/arch/arm/cpu/armv8/Makefile b/arch/arm/cpu/armv8/Makefile index 4c4b13c9e7..a5f54330e3 100644 --- a/arch/arm/cpu/armv8/Makefile +++ b/arch/arm/cpu/armv8/Makefile @@ -14,6 +14,7 @@ ifdef CONFIG_SPL_BUILD obj-$(CONFIG_ARMV8_SPL_EXCEPTION_VECTORS) += exceptions.o else obj-y += exceptions.o +obj-y += exception_level.o endif obj-y += cache.o obj-y += tlb.o diff --git a/arch/arm/cpu/armv8/exception_level.c b/arch/arm/cpu/armv8/exception_level.c new file mode 100644 index 0000000000..57824eb2ac --- /dev/null +++ b/arch/arm/cpu/armv8/exception_level.c @@ -0,0 +1,55 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Switch to non-secure mode + * + * Copyright (c) 2018 Heinrich Schuchardt + * + * This module contains the ARMv8 specific code required to adjust the exception + * level before booting an operating system. + */ + +#include +#include +#include + +/** + * entry_non_secure() - entry point when switching to non-secure mode + * + * When switching to non-secure mode switch_to_non_secure_mode() calls this + * function passing a jump buffer. We use this jump buffer to restore the + * original stack and register state. + * + * @non_secure_jmp: jump buffer for restoring stack and registers + */ +static void entry_non_secure(struct jmp_buf_data *non_secure_jmp) +{ + dcache_enable(); + debug("Reached non-secure mode\n"); + + /* Restore stack and registers saved in switch_to_non_secure_mode() */ + longjmp(non_secure_jmp, 1); +} + +/** + * switch_to_non_secure_mode() - switch to non-secure mode + * + * Exception level EL3 is meant to be used by the secure monitor only (ARM + * trusted firmware being one embodiment). The operating system shall be + * started at exception level EL2. So here we check the exception level + * and switch it if necessary. + */ +void switch_to_non_secure_mode(void) +{ + struct jmp_buf_data non_secure_jmp; + + /* On AArch64 we need to make sure we call our payload in < EL3 */ + if (current_el() == 3) { + if (setjmp(&non_secure_jmp)) + return; + dcache_disable(); /* flush cache before switch to EL2 */ + + /* Move into EL2 and keep running there */ + armv8_switch_to_el2((uintptr_t)&non_secure_jmp, 0, 0, 0, + (uintptr_t)entry_non_secure, ES_TO_AARCH64); + } +} diff --git a/cmd/bootefi.c b/cmd/bootefi.c index bcdd29ebed..ee685d8644 100644 --- a/cmd/bootefi.c +++ b/cmd/bootefi.c @@ -5,8 +5,9 @@ * Copyright (c) 2016 Alexander Graf */ -#include #include +#include +#include #include #include #include @@ -21,11 +22,6 @@ #include #include -#ifdef CONFIG_ARMV7_NONSEC -#include -#include -#endif - DECLARE_GLOBAL_DATA_PTR; static struct efi_device_path *bootefi_image_path; @@ -151,34 +147,6 @@ static efi_status_t efi_do_enter( return ret; } -#ifdef CONFIG_ARM64 -static efi_status_t efi_run_in_el2(EFIAPI efi_status_t (*entry)( - efi_handle_t image_handle, struct efi_system_table *st), - efi_handle_t image_handle, struct efi_system_table *st) -{ - /* Enable caches again */ - dcache_enable(); - - return efi_do_enter(image_handle, st, entry); -} -#endif - -#ifdef CONFIG_ARMV7_NONSEC -static bool is_nonsec; - -static efi_status_t efi_run_in_hyp(EFIAPI efi_status_t (*entry)( - efi_handle_t image_handle, struct efi_system_table *st), - efi_handle_t image_handle, struct efi_system_table *st) -{ - /* Enable caches again */ - dcache_enable(); - - is_nonsec = true; - - return efi_do_enter(image_handle, st, entry); -} -#endif - /* * efi_carve_out_dt_rsv() - Carve out DT reserved memory ranges * @@ -358,39 +326,6 @@ static efi_status_t do_bootefi_exec(void *efi, goto err_prepare; } -#ifdef CONFIG_ARM64 - /* On AArch64 we need to make sure we call our payload in < EL3 */ - if (current_el() == 3) { - smp_kick_all_cpus(); - dcache_disable(); /* flush cache before switch to EL2 */ - - /* Move into EL2 and keep running there */ - armv8_switch_to_el2((ulong)entry, - (ulong)&image_obj->header, - (ulong)&systab, 0, (ulong)efi_run_in_el2, - ES_TO_AARCH64); - - /* Should never reach here, efi exits with longjmp */ - while (1) { } - } -#endif - -#ifdef CONFIG_ARMV7_NONSEC - if (armv7_boot_nonsec() && !is_nonsec) { - dcache_disable(); /* flush cache before switch to HYP */ - - armv7_init_nonsec(); - secure_ram_addr(_do_nonsec_entry)( - efi_run_in_hyp, - (uintptr_t)entry, - (uintptr_t)&image_obj->header, - (uintptr_t)&systab); - - /* Should never reach here, efi exits with longjmp */ - while (1) { } - } -#endif - ret = efi_do_enter(&image_obj->header, &systab, entry); err_prepare: @@ -476,6 +411,8 @@ static int do_bootefi(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) /* Allow unaligned memory access */ allow_unaligned(); + switch_to_non_secure_mode(); + /* Initialize EFI drivers */ r = efi_init_obj_list(); if (r != EFI_SUCCESS) { diff --git a/common/bootm.c b/common/bootm.c index 7c7505f092..3adbceaa38 100644 --- a/common/bootm.c +++ b/common/bootm.c @@ -912,6 +912,16 @@ static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc, return buf; } + +/** + * switch_to_non_secure_mode() - switch to non-secure mode + * + * This routine is overridden by architectures requiring this feature. + */ +void __weak switch_to_non_secure_mode(void) +{ +} + #else /* USE_HOSTCC */ void memmove_wd(void *to, void *from, size_t len, ulong chunksz) diff --git a/include/bootm.h b/include/bootm.h index dbd6f49c2d..e2cc6d4b99 100644 --- a/include/bootm.h +++ b/include/bootm.h @@ -82,4 +82,9 @@ int bootm_decomp_image(int comp, ulong load, ulong image_start, int type, */ void board_quiesce_devices(void); +/** + * switch_to_non_secure_mode() - switch to non-secure mode + */ +void switch_to_non_secure_mode(void); + #endif