diff options
| author | Heinrich Schuchardt <xypron.glpk@gmx.de> | 2019-01-08 18:13:06 +0100 |
|---|---|---|
| committer | Alexander Graf <agraf@suse.de> | 2019-02-13 09:40:06 +0100 |
| commit | f6c6df7ebc12fdaab252c5869732cef6fa48d864 (patch) | |
| tree | a9dd4b1d6b4a9304e17dc37042e63174d211cfc2 /arch/arm | |
| parent | b4f471f18e68b340e5b968e2d611b83f709a78ce (diff) | |
| download | u-boot-f6c6df7ebc12fdaab252c5869732cef6fa48d864.tar.gz u-boot-f6c6df7ebc12fdaab252c5869732cef6fa48d864.tar.xz u-boot-f6c6df7ebc12fdaab252c5869732cef6fa48d864.zip | |
efi_loader: refactor switch to non-secure mode
Refactor the switch from supervisor to hypervisor to a new function called
at the beginning of do_bootefi().
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Alexander Graf <agraf@suse.de>
Diffstat (limited to 'arch/arm')
| -rw-r--r-- | arch/arm/cpu/armv7/Makefile | 1 | ||||
| -rw-r--r-- | arch/arm/cpu/armv7/exception_level.c | 56 | ||||
| -rw-r--r-- | arch/arm/cpu/armv8/Makefile | 1 | ||||
| -rw-r--r-- | arch/arm/cpu/armv8/exception_level.c | 55 |
4 files changed, 113 insertions, 0 deletions
diff --git a/arch/arm/cpu/armv7/Makefile b/arch/arm/cpu/armv7/Makefile index 4f4647c90a..8c955d0d52 100644 --- a/arch/arm/cpu/armv7/Makefile +++ b/arch/arm/cpu/armv7/Makefile @@ -14,6 +14,7 @@ obj-$(CONFIG_SYS_ARM_MPU) += mpu_v7r.o ifneq ($(CONFIG_SPL_BUILD),y) obj-$(CONFIG_EFI_LOADER) += sctlr.o +obj-$(CONFIG_ARMV7_NONSEC) += exception_level.o endif ifneq ($(CONFIG_SKIP_LOWLEVEL_INIT),y) diff --git a/arch/arm/cpu/armv7/exception_level.c b/arch/arm/cpu/armv7/exception_level.c new file mode 100644 index 0000000000..274f03d8bb --- /dev/null +++ b/arch/arm/cpu/armv7/exception_level.c @@ -0,0 +1,56 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Switch to non-secure mode + * + * Copyright (c) 2018 Heinrich Schuchardt + * + * This module contains the ARMv7 specific code required for leaving the + * secure mode before booting an operating system. + */ + +#include <common.h> +#include <bootm.h> +#include <asm/armv7.h> +#include <asm/secure.h> +#include <asm/setjmp.h> + +/** + * entry_non_secure() - entry point when switching to non-secure mode + * + * When switching to non-secure mode switch_to_non_secure_mode() calls this + * function passing a jump buffer. We use this jump buffer to restore the + * original stack and register state. + * + * @non_secure_jmp: jump buffer for restoring stack and registers + */ +static void entry_non_secure(struct jmp_buf_data *non_secure_jmp) +{ + dcache_enable(); + debug("Reached non-secure mode\n"); + + /* Restore stack and registers saved in switch_to_non_secure_mode() */ + longjmp(non_secure_jmp, 1); +} + +/** + * switch_to_non_secure_mode() - switch to non-secure mode + * + * Operating systems may expect to run in non-secure mode. Here we check if + * we are running in secure mode and switch to non-secure mode if necessary. + */ +void switch_to_non_secure_mode(void) +{ + static bool is_nonsec; + struct jmp_buf_data non_secure_jmp; + + if (armv7_boot_nonsec() && !is_nonsec) { + if (setjmp(&non_secure_jmp)) + return; + dcache_disable(); /* flush cache before switch to HYP */ + armv7_init_nonsec(); + is_nonsec = true; + secure_ram_addr(_do_nonsec_entry)(entry_non_secure, + (uintptr_t)&non_secure_jmp, + 0, 0); + } +} diff --git a/arch/arm/cpu/armv8/Makefile b/arch/arm/cpu/armv8/Makefile index 4c4b13c9e7..a5f54330e3 100644 --- a/arch/arm/cpu/armv8/Makefile +++ b/arch/arm/cpu/armv8/Makefile @@ -14,6 +14,7 @@ ifdef CONFIG_SPL_BUILD obj-$(CONFIG_ARMV8_SPL_EXCEPTION_VECTORS) += exceptions.o else obj-y += exceptions.o +obj-y += exception_level.o endif obj-y += cache.o obj-y += tlb.o diff --git a/arch/arm/cpu/armv8/exception_level.c b/arch/arm/cpu/armv8/exception_level.c new file mode 100644 index 0000000000..57824eb2ac --- /dev/null +++ b/arch/arm/cpu/armv8/exception_level.c @@ -0,0 +1,55 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Switch to non-secure mode + * + * Copyright (c) 2018 Heinrich Schuchardt + * + * This module contains the ARMv8 specific code required to adjust the exception + * level before booting an operating system. + */ + +#include <common.h> +#include <bootm.h> +#include <asm/setjmp.h> + +/** + * entry_non_secure() - entry point when switching to non-secure mode + * + * When switching to non-secure mode switch_to_non_secure_mode() calls this + * function passing a jump buffer. We use this jump buffer to restore the + * original stack and register state. + * + * @non_secure_jmp: jump buffer for restoring stack and registers + */ +static void entry_non_secure(struct jmp_buf_data *non_secure_jmp) +{ + dcache_enable(); + debug("Reached non-secure mode\n"); + + /* Restore stack and registers saved in switch_to_non_secure_mode() */ + longjmp(non_secure_jmp, 1); +} + +/** + * switch_to_non_secure_mode() - switch to non-secure mode + * + * Exception level EL3 is meant to be used by the secure monitor only (ARM + * trusted firmware being one embodiment). The operating system shall be + * started at exception level EL2. So here we check the exception level + * and switch it if necessary. + */ +void switch_to_non_secure_mode(void) +{ + struct jmp_buf_data non_secure_jmp; + + /* On AArch64 we need to make sure we call our payload in < EL3 */ + if (current_el() == 3) { + if (setjmp(&non_secure_jmp)) + return; + dcache_disable(); /* flush cache before switch to EL2 */ + + /* Move into EL2 and keep running there */ + armv8_switch_to_el2((uintptr_t)&non_secure_jmp, 0, 0, 0, + (uintptr_t)entry_non_secure, ES_TO_AARCH64); + } +} |