From a384c2899d5440a216eadbb6a144ba7d49e3674e Mon Sep 17 00:00:00 2001 From: Furquan Shaikh Date: Thu, 28 May 2015 12:13:51 -0700 Subject: arm64: Add support for loading secure os Add support for loading secure os and pass its entrypoint as bl32 params to bl31 stage. BUG=chrome-os-partner:40713 BRANCH=None TEST=Compiles successfully and loads secure os Change-Id: I1409ccb7344c1d1b1ddc2b321fdae1beea2f823d Signed-off-by: Patrick Georgi Original-Commit-Id: d3dc19025ff11c1e0590306230df7654ef9ad086 Original-Change-Id: Iafd540bf2906d10b5ee009e96179121fecbf5e11 Original-Signed-off-by: Furquan Shaikh Original-Reviewed-on: https://chromium-review.googlesource.com/273719 Original-Reviewed-by: Julius Werner Original-Commit-Queue: Furquan Shaikh Original-Trybot-Ready: Furquan Shaikh Original-Tested-by: Furquan Shaikh Reviewed-on: http://review.coreboot.org/10693 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer --- src/arch/arm64/Kconfig | 10 ++++++++++ src/arch/arm64/Makefile.inc | 10 ++++++++++ src/arch/arm64/arm_tf.c | 20 +++++++++++++++++++- src/include/assets.h | 1 + 4 files changed, 40 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/arch/arm64/Kconfig b/src/arch/arm64/Kconfig index 8ebf76edf3..8c16732034 100644 --- a/src/arch/arm64/Kconfig +++ b/src/arch/arm64/Kconfig @@ -44,3 +44,13 @@ config ARM64_USE_ARM_TRUSTED_FIRMWARE bool default n depends on ARCH_RAMSTAGE_ARM64 + +config ARM64_USE_SECURE_OS + bool + default n + depends on ARM64_USE_ARM_TRUSTED_FIRMWARE + +config ARM64_SECURE_OS_FILE + string "Secure OS binary file" + help + Secure OS binary file. diff --git a/src/arch/arm64/Makefile.inc b/src/arch/arm64/Makefile.inc index 1aeef7654c..86d6f7dce6 100644 --- a/src/arch/arm64/Makefile.inc +++ b/src/arch/arm64/Makefile.inc @@ -217,6 +217,16 @@ $(BL31_CBFS)-type := stage $(BL31_CBFS)-compression := $(CBFS_COMPRESS_FLAG) cbfs-files-y += $(BL31_CBFS) +ifeq ($(CONFIG_ARM64_USE_SECURE_OS),y) + +SECURE_OS_FILE := $(CONFIG_ARM64_SECURE_OS_FILE) +SECURE_OS_FILE_CBFS := $(call strip_quotes,$(CONFIG_CBFS_PREFIX))/secure_os +$(SECURE_OS_FILE_CBFS)-file := $(SECURE_OS_FILE) +$(SECURE_OS_FILE_CBFS)-type := stage +cbfs-files-y += $(SECURE_OS_FILE_CBFS) + +endif # CONFIG_ARM64_USE_SECURE_OS + endif # CONFIG_ARM64_USE_ARM_TRUSTED_FIRMWARE endif # CONFIG_ARCH_RAMSTAGE_ARM64 diff --git a/src/arch/arm64/arm_tf.c b/src/arch/arm64/arm_tf.c index 29dc7c344f..9b0f19fc63 100644 --- a/src/arch/arm64/arm_tf.c +++ b/src/arch/arm64/arm_tf.c @@ -18,6 +18,8 @@ */ #include +#include +#include #include #include #include @@ -32,8 +34,8 @@ static image_info_t bl31_image_info; static image_info_t bl32_image_info; static image_info_t bl33_image_info; -static entry_point_info_t bl32_ep_info; */ +static entry_point_info_t bl32_ep_info; static entry_point_info_t bl33_ep_info; static bl31_params_t bl31_params; @@ -57,6 +59,22 @@ void arm_tf_run_bl31(u64 payload_entry, u64 payload_arg0, u64 payload_spsr) bl31_entry = prog_entry(&bl31); SET_PARAM_HEAD(&bl31_params, PARAM_BL31, VERSION_1, 0); + + if (IS_ENABLED(CONFIG_ARM64_USE_SECURE_OS)) { + struct prog bl32 = PROG_INIT(ASSET_BL32, CONFIG_CBFS_PREFIX"/secure_os"); + + if (prog_locate(&bl32)) + die("BL31 not found"); + + if (cbfs_prog_stage_load(&bl32)) + die("BL31 load failed"); + + SET_PARAM_HEAD(&bl32_ep_info, PARAM_EP, VERSION_1, PARAM_EP_SECURE); + bl32_ep_info.pc = (uintptr_t)prog_entry(&bl32); + bl32_ep_info.spsr = SPSR_EXCEPTION_MASK | get_eret_el(EL1, SPSR_USE_L); + bl31_params.bl32_ep_info = &bl32_ep_info; + } + bl31_params.bl33_ep_info = &bl33_ep_info; SET_PARAM_HEAD(&bl33_ep_info, PARAM_EP, VERSION_1, PARAM_EP_NON_SECURE); diff --git a/src/include/assets.h b/src/include/assets.h index 9c757edc5e..2368508b02 100644 --- a/src/include/assets.h +++ b/src/include/assets.h @@ -33,6 +33,7 @@ enum asset_type { ASSET_REFCODE, ASSET_PAYLOAD, ASSET_BL31, + ASSET_BL32, }; struct asset { -- cgit v1.2.3