diff options
| -rw-r--r-- | Makefile.inc | 2 | ||||
| -rw-r--r-- | src/arch/arm64/Kconfig | 5 | ||||
| -rw-r--r-- | src/arch/arm64/Makefile.inc | 6 | ||||
| -rw-r--r-- | src/arch/arm64/armv8/Makefile.inc | 4 | ||||
| -rw-r--r-- | src/arch/arm64/armv8/lib/Makefile.inc | 5 | ||||
| -rw-r--r-- | src/arch/arm64/armv8/secmon/Makefile.inc | 49 | ||||
| -rw-r--r-- | src/arch/arm64/armv8/secmon/secmon_init.c | 83 | ||||
| -rw-r--r-- | src/arch/arm64/armv8/secmon_loader.c | 111 | ||||
| -rw-r--r-- | src/arch/arm64/boot.c | 8 | ||||
| -rw-r--r-- | src/arch/arm64/include/armv8/arch/secmon.h | 43 | ||||
| -rw-r--r-- | src/console/Makefile.inc | 4 | ||||
| -rw-r--r-- | src/include/console/console.h | 1 | ||||
| -rw-r--r-- | src/include/rules.h | 13 | ||||
| -rw-r--r-- | src/lib/Makefile.inc | 1 |
14 files changed, 331 insertions, 4 deletions
diff --git a/Makefile.inc b/Makefile.inc index 2877a62c6cc1..838a680e4112 100644 --- a/Makefile.inc +++ b/Makefile.inc @@ -63,7 +63,7 @@ subdirs-y += site-local ####################################################################### # Add source classes and their build options -classes-y := ramstage romstage bootblock smm smmstub cpu_microcode verstage +classes-y := ramstage romstage bootblock smm smmstub cpu_microcode verstage secmon # Add dynamic classes for rmodules $(foreach supported_arch,$(ARCH_SUPPORTED), \ diff --git a/src/arch/arm64/Kconfig b/src/arch/arm64/Kconfig index 186dd4481e10..a070b9081664 100644 --- a/src/arch/arm64/Kconfig +++ b/src/arch/arm64/Kconfig @@ -15,4 +15,9 @@ config ARCH_RAMSTAGE_ARM64 bool default n +config ARCH_USE_SECURE_MONITOR + bool + default n + select RELOCATABLE_MODULES + source src/arch/arm64/armv8/Kconfig diff --git a/src/arch/arm64/Makefile.inc b/src/arch/arm64/Makefile.inc index 12f936e8c885..1dfaa9607bcf 100644 --- a/src/arch/arm64/Makefile.inc +++ b/src/arch/arm64/Makefile.inc @@ -129,6 +129,12 @@ rmodules_arm64-y += ../../lib/memset.c rmodules_arm64-y += ../../lib/memcpy.c rmodules_arm64-y += ../../lib/memmove.c rmodules_arm64-y += eabi_compat.c + +secmon-$(CONFIG_ARCH_USE_SECURE_MONITOR) += stage_entry.S +secmon-$(CONFIG_ARCH_USE_SECURE_MONITOR) += ../../lib/memset.c +secmon-$(CONFIG_ARCH_USE_SECURE_MONITOR) += ../../lib/memcmp.c +secmon-$(CONFIG_ARCH_USE_SECURE_MONITOR) += ../../lib/memcpy.c + ramstage-$(CONFIG_COLLECT_TIMESTAMPS) += timestamp.c ramstage-srcs += $(wildcard src/mainboard/$(MAINBOARDDIR)/mainboard.c) diff --git a/src/arch/arm64/armv8/Makefile.inc b/src/arch/arm64/armv8/Makefile.inc index 52663b85c506..955ca67602d7 100644 --- a/src/arch/arm64/armv8/Makefile.inc +++ b/src/arch/arm64/armv8/Makefile.inc @@ -21,6 +21,8 @@ subdirs-y += lib/ +subdirs-$(CONFIG_ARCH_USE_SECURE_MONITOR) += secmon/ + armv8_flags = -march=armv8-a -I$(src)/arch/arm64/include/armv8/ -D__COREBOOT_ARM_ARCH__=8 armv8_asm_flags = $(armv8_flags) @@ -71,6 +73,8 @@ ramstage-y += cpu.S ramstage-y += exception.c ramstage-y += mmu.c +ramstage-$(CONFIG_ARCH_USE_SECURE_MONITOR) += secmon_loader.c + ramstage-c-ccopts += $(armv8_flags) ramstage-S-ccopts += $(armv8_asm_flags) diff --git a/src/arch/arm64/armv8/lib/Makefile.inc b/src/arch/arm64/armv8/lib/Makefile.inc index fe086628412b..0622593e4f2d 100644 --- a/src/arch/arm64/armv8/lib/Makefile.inc +++ b/src/arch/arm64/armv8/lib/Makefile.inc @@ -32,4 +32,9 @@ endif ifeq ($(CONFIG_ARCH_RAMSTAGE_ARMV8_64),y) ramstage-y += $(lib_access) + +ifeq ($(CONFIG_ARCH_USE_SECURE_MONITOR),y) +secmon-y += $(lib_access) +endif + endif diff --git a/src/arch/arm64/armv8/secmon/Makefile.inc b/src/arch/arm64/armv8/secmon/Makefile.inc new file mode 100644 index 000000000000..b140941e8b1a --- /dev/null +++ b/src/arch/arm64/armv8/secmon/Makefile.inc @@ -0,0 +1,49 @@ +################################################################################ +## +## This file is part of the coreboot project. +## +## Copyright (C) 2014 Google Inc. +## +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; version 2 of the License. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +## +################################################################################ + +$(eval $(call create_class_compiler,secmon,arm64)) + +SECMON_DIR=$(obj)/arch/arm64/armv8/secmon +SECMON_SRC=$(SECMON_DIR)/secmon +SECMON_OBJ=$(SECMON_DIR)/secmon.o +SECMON_ELF=$(SECMON_DIR)/secmon.elf +SECMON_RMOD=$(SECMON_DIR)/secmon.elf.rmod +SECMON_RAMSTAGE=$(SECMON_DIR)/secmon.ramstage.o + +secmon-c-ccopts += -I$(src)/arch/arm64/include/armv8/ -include $(src)/include/kconfig.h -D__SECMON__ +secmon-S-ccopts += -I$(src)/arch/arm64/include/armv8/ -include $(src)/include/kconfig.h -D__SECMON__ + +secmon-y += secmon_init.c +secmon-y += ../../transition_asm.S ../../transition.c + +ramstage-srcs += $(SECMON_SRC) + +$(SECMON_OBJ): $$(secmon-objs) + $(CC_secmon) $(LDFLAGS) -nostdlib -r -o $@ $^ + +$(eval $(call rmodule_link,$(SECMON_ELF), $(SECMON_OBJ), 0,arm64)) + +$(SECMON_SRC): $(SECMON_RMOD) + $(OBJCOPY_secmon) -O binary $< $@ + +$(SECMON_RAMSTAGE): $(SECMON_SRC) + @printf " OBJCOPY $(subst $(obj)/,,$(@))\n" + cd $(dir $@); $(OBJCOPY_secmon) -I binary $(notdir $<) -O elf64-littleaarch64 -B aarch64 $(notdir $@)
\ No newline at end of file diff --git a/src/arch/arm64/armv8/secmon/secmon_init.c b/src/arch/arm64/armv8/secmon/secmon_init.c new file mode 100644 index 000000000000..e8bdd82d2983 --- /dev/null +++ b/src/arch/arm64/armv8/secmon/secmon_init.c @@ -0,0 +1,83 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2014 Google Inc + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; version 2 of + * the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include <arch/barrier.h> +#include <arch/io.h> +#include <arch/lib_helpers.h> +#include <arch/secmon.h> +#include <arch/transition.h> +#include <console/console.h> +#include <rmodule.h> +#include <stddef.h> + +static void secmon_wait(void) +{ + /* + * TODO(furquan): This should be a point of no-return. Once we have PSCI + * support we need to respond to kernel calls + */ + while (1) + wfe(); +} + +static void secmon_el3_init(void) +{ + uint32_t scr; + + scr = raw_read_scr_el3(); + + /* Enable SMC */ + scr &= ~(SCR_SMC_MASK); + scr |= SCR_SMC_ENABLE; + + raw_write_scr_el3(scr); + isb(); +} + +static void secmon_init(void *arg) +{ + struct exc_state exc_state; + struct secmon_params *params = arg; + + printk(BIOS_DEBUG, "ARM64: secmon in %s\n", __func__); + + secmon_el3_init(); + + /* + * Check if the arg is non-NULL + * 1) If yes, we make an EL2 transition to that entry point + * 2) If no, we just wait + */ + if (params == NULL) { + secmon_wait(); + } + + memset(&exc_state, 0, sizeof(exc_state)); + exc_state.elx.spsr = get_eret_el(params->elx_el, params->elx_mode); + + transition_with_entry(params->entry, params->arg, &exc_state); +} + +/* + * This variable holds entry point for secmon init code. Once the stacks are + * setup by the stage_entry.S, it jumps to c_entry. + */ +void (*c_entry)(void*) = &secmon_init; diff --git a/src/arch/arm64/armv8/secmon_loader.c b/src/arch/arm64/armv8/secmon_loader.c new file mode 100644 index 000000000000..066f1c18a846 --- /dev/null +++ b/src/arch/arm64/armv8/secmon_loader.c @@ -0,0 +1,111 @@ +/* + * This file is part of the coreboot project. + * + * Copyright (C) 2014 Google Inc + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; version 2 of + * the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + * MA 02110-1301 USA + * + * secmon_loader.c: Responsible for loading the rmodule, providing entry point + * and parameter location for the rmodule. + */ + +#include <arch/lib_helpers.h> +#include <arch/secmon.h> +#include <console/console.h> +#include <rmodule.h> +#include <string.h> + +/* SECMON entry point encoded as an rmodule */ +extern unsigned char _binary_secmon_start[]; + +typedef void (*secmon_entry_t)(struct secmon_params *); + +void __attribute__((weak)) soc_get_secmon_base_size(uint64_t *secmon_base, size_t *secmon_size) +{ + /* Default weak implementation initializes to 0 */ + *secmon_base = 0; + *secmon_size = 0; +} + +static secmon_entry_t secmon_load_rmodule(void) +{ + struct rmodule secmon_mod; + uint64_t secmon_base; + size_t secmon_size; + + /* Get base address and size of the area available for secure monitor + * rmodule. + */ + soc_get_secmon_base_size(&secmon_base, &secmon_size); + + if ((secmon_base == 0) || (secmon_size == 0)) { + printk(BIOS_ERR, "ARM64: secmon_base / secmon_size invalid\n"); + return NULL; + } + + printk(BIOS_DEBUG,"secmon_base:%lx,secmon_size:%lx\n", + (unsigned long)secmon_base, (unsigned long)secmon_size); + + /* Fail if can't parse secmon module */ + if (rmodule_parse(&_binary_secmon_start, &secmon_mod)) { + printk(BIOS_ERR, "ARM64: secmon_mod not found\n"); + return NULL; + } + + /* Load rmodule at secmon_base */ + if (rmodule_load((void *)secmon_base, &secmon_mod)) { + printk(BIOS_ERR, "ARM64:secmon_mod cannot load\n"); + return NULL; + } + + /* Identify the entry point for secure monitor */ + return rmodule_entry(&secmon_mod); +} + +void secmon_run(void (*entry)(void *), void *cb_tables) +{ + struct secmon_params params; + uint32_t scr; + + printk(BIOS_SPEW, "payload jump @ %p\n", entry); + + if (get_current_el() != EL3) { + printk(BIOS_DEBUG, "Secmon Error: Can only be loaded in EL3\n"); + return; + } + + secmon_entry_t doit = secmon_load_rmodule(); + + if (doit == NULL) + die("ARM64 Error: secmon load error"); + + printk(BIOS_DEBUG, "ARM64: Loaded the el3 monitor...jumping to %p\n", + doit); + + params.entry = entry; + params.arg = cb_tables; + params.elx_el = EL2; + params.elx_mode = SPSR_USE_L; + + /* We want to enforce the following policies: + * NS bit is set for lower EL + */ + scr = raw_read_scr_el3(); + scr |= SCR_NS; + raw_write_scr_el3(scr); + + doit(¶ms); +} diff --git a/src/arch/arm64/boot.c b/src/arch/arm64/boot.c index 91980fbf19d4..6307e6005b42 100644 --- a/src/arch/arm64/boot.c +++ b/src/arch/arm64/boot.c @@ -19,6 +19,7 @@ #include <arch/cache.h> #include <arch/lib_helpers.h> +#include <arch/secmon.h> #include <arch/stages.h> #include <arch/transition.h> #include <cbmem.h> @@ -28,17 +29,20 @@ void arch_payload_run(const struct payload *payload) { - void (*doit)(void *) = payload->entry; + void (*payload_entry)(void *) = payload->entry; + void *cb_tables = cbmem_find(CBMEM_ID_CBTABLE); uint8_t current_el = get_current_el(); printk(BIOS_SPEW, "entry = %p\n", payload->entry); + secmon_run(payload_entry, cb_tables); + /* If current EL is not EL3, jump to payload at same EL. */ if (current_el != EL3) { cache_sync_instructions(); /* Point of no-return */ - doit(cb_tables); + payload_entry(cb_tables); } /* If current EL is EL3, we transition to payload in EL2. */ diff --git a/src/arch/arm64/include/armv8/arch/secmon.h b/src/arch/arm64/include/armv8/arch/secmon.h new file mode 100644 index 000000000000..5245e31760e5 --- /dev/null +++ b/src/arch/arm64/include/armv8/arch/secmon.h @@ -0,0 +1,43 @@ +/* + * This file is part of the coreboot project. + * + * Copyright 2014 Google Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#ifndef __ARCH_ARM64_ARMV8_SECMON__ +#define __ARCH_ARM64_ARMV8_SECMON__ + +#include <arch/cpu.h> + +#if IS_ENABLED(CONFIG_ARCH_USE_SECURE_MONITOR) + +struct secmon_params { + void (*entry)(void *); + void *arg; + uint8_t elx_el; + uint8_t elx_mode; +}; + +void secmon_run(void (*entry)(void *), void *arg); +void soc_get_secmon_base_size(uint64_t *secmon_base, size_t *secmon_size); + +#else + +static inline void secmon_run(void (*entry)(void *), void *arg) {} + +#endif /* IS_ENABLED(CONFIG_ARCH_USE_SECURE_MONITOR) */ + +#endif /*__ARCH_ARM64_ARMV8_SECMON__ */ diff --git a/src/console/Makefile.inc b/src/console/Makefile.inc index 64d980bb43e3..75a75eb32efe 100644 --- a/src/console/Makefile.inc +++ b/src/console/Makefile.inc @@ -18,3 +18,7 @@ romstage-y += die.c bootblock-$(CONFIG_BOOTBLOCK_CONSOLE) += vtxprintf.c printk.c bootblock-$(CONFIG_BOOTBLOCK_CONSOLE) += init.c console.c bootblock-$(CONFIG_BOOTBLOCK_CONSOLE) += die.c + +secmon-$(CONFIG_ARCH_USE_SECURE_MONITOR) += vtxprintf.c printk.c +secmon-$(CONFIG_ARCH_USE_SECURE_MONITOR) += init.c console.c +secmon-$(CONFIG_ARCH_USE_SECURE_MONITOR) += die.c diff --git a/src/include/console/console.h b/src/include/console/console.h index 38e05b3fb1c7..b5de7d7f441a 100644 --- a/src/include/console/console.h +++ b/src/include/console/console.h @@ -43,6 +43,7 @@ void __attribute__ ((noreturn)) die(const char *msg); #define __CONSOLE_ENABLE__ \ ((ENV_BOOTBLOCK && CONFIG_BOOTBLOCK_CONSOLE) || \ + ENV_SECMON || \ ENV_ROMSTAGE || ENV_RAMSTAGE || (ENV_SMM && CONFIG_DEBUG_SMI)) #if __CONSOLE_ENABLE__ diff --git a/src/include/rules.h b/src/include/rules.h index 22111e8dfb27..5740b77a4a82 100644 --- a/src/include/rules.h +++ b/src/include/rules.h @@ -28,24 +28,35 @@ #define ENV_ROMSTAGE 0 #define ENV_RAMSTAGE 0 #define ENV_SMM 0 +#define ENV_SECMON 0 #elif defined(__PRE_RAM__) #define ENV_BOOTBLOCK 0 #define ENV_ROMSTAGE 1 #define ENV_RAMSTAGE 0 #define ENV_SMM 0 +#define ENV_SECMON 0 #elif defined(__SMM__) #define ENV_BOOTBLOCK 0 #define ENV_ROMSTAGE 0 #define ENV_RAMSTAGE 0 #define ENV_SMM 1 -#else +#define ENV_SECMON 0 +#elif defined(__SECMON__) +#define ENV_BOOTBLOCK 0 +#define ENV_ROMSTAGE 0 +#define ENV_RAMSTAGE 0 +#define ENV_SMM 0 +#define ENV_SECMON 1 + +#else #define ENV_BOOTBLOCK 0 #define ENV_ROMSTAGE 0 #define ENV_RAMSTAGE 1 #define ENV_SMM 0 +#define ENV_SECMON 0 #endif /* For romstage and ramstage always build with simple device model, ie. diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc index 3d92617584f1..67cf577a523f 100644 --- a/src/lib/Makefile.inc +++ b/src/lib/Makefile.inc @@ -120,6 +120,7 @@ bootblock-y += halt.c romstage-y += halt.c ramstage-y += halt.c smm-y += halt.c +secmon-y += halt.c ifeq ($(CONFIG_RELOCATABLE_MODULES),y) ramstage-y += rmodule.c |