diff options
author | Michel Jaouen <michel.jaouen@st.com> | 2020-06-17 19:38:48 +0200 |
---|---|---|
committer | Máté Tóth-Pál <Mate.Toth-Pal@arm.com> | 2020-06-22 07:03:53 +0000 |
commit | 528aca21c9cfeca7e9ee6b4d99a878ab77902516 (patch) | |
tree | 2866c6388fc5687469e443b409c6e124e7270489 | |
parent | 3ecd6221ccecfb0279c1a7ddb94ab917e3e0dc09 (diff) | |
download | trusted-firmware-m-528aca21c9cfeca7e9ee6b4d99a878ab77902516.tar.gz |
Platform: stm32l5xx: overload boot_platform_quit
This enables stm32l5xx to use :
- hide protection of mcuboot flash area before
executing the secure application
- MPU protection in mcuboot.
Change-Id: I6de12c2aefadac6552e0b65f3cacacfc73735fd2
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
3 files changed, 67 insertions, 4 deletions
diff --git a/platform/ext/target/stm/stm32l5xx/bl2/boot_hal.c b/platform/ext/target/stm/stm32l5xx/bl2/boot_hal.c index 818c717bd1..f14008adb6 100644 --- a/platform/ext/target/stm/stm32l5xx/bl2/boot_hal.c +++ b/platform/ext/target/stm/stm32l5xx/bl2/boot_hal.c @@ -29,6 +29,69 @@ #include "region_defs.h" extern ARM_DRIVER_FLASH FLASH_DEV_NAME; +/* Place code in a specific section */ +#if defined(__GNUC__) +__attribute__((section(".BL2_NoHdp_Code"))) +#endif /* __GNUC__ */ +__attribute__((naked)) void boot_jump_to_next_image(uint32_t reset_handler_addr) +{ + __ASM volatile( +#if !defined(__ICCARM__) + ".syntax unified \n" +#endif + "mov r7, r0 \n" + "bl boot_clear_bl2_ram_area \n" /* Clear RAM before jump */ + "movs r0, #0 \n" /* Clear registers: R0-R12, */ + "mov r1, r0 \n" /* except R7 */ + "mov r2, r0 \n" + "mov r3, r0 \n" + "mov r4, r0 \n" + "mov r5, r0 \n" + "mov r6, r0 \n" + "mov r8, r0 \n" + "mov r9, r0 \n" + "mov r10, r0 \n" + "mov r11, r0 \n" + "mov r12, r0 \n" + "mov lr, r0 \n" + "bx r7 \n" /* Jump to Reset_handler */ + ); +} +/* Place code in a specific section */ +#if defined(__GNUC__) +__attribute__((section(".BL2_NoHdp_Code"))) +#endif /* __GNUC__ */ +/** + * @brief This function is called to clear all RAM area before jumping in + * in Secure application . + * @note + * @retval void + */ +void boot_platform_quit(struct boot_arm_vector_table *vt) +{ + /* Clang at O0, stores variables on the stack with SP relative addressing. + * When manually set the SP then the place of reset vector is lost. + * Static variables are stored in 'data' or 'bss' section, change of SP has + * no effect on them. + */ + static struct boot_arm_vector_table *vt_cpy; + + vt_cpy=vt; + /* activate protection before jumping in secure image */ + TFM_LL_SECU_UpdateRunTimeProtections(); +#if defined(__ARM_ARCH_8M_MAIN__) || defined(__ARM_ARCH_8M_BASE__) + /* Restore the Main Stack Pointer Limit register's reset value + * before passing execution to runtime firmware to make the + * bootloader transparent to it. + */ + __set_MSPLIM(0); +#endif + __set_MSP(vt->msp); + __DSB(); + __ISB(); + + boot_jump_to_next_image(vt_cpy->reset); +} /* Place code in a specific section */ #if defined(__GNUC__) diff --git a/platform/ext/target/stm/stm32l5xx/boards/nucleo_l552ze_q/boot_hal_cfg.h b/platform/ext/target/stm/stm32l5xx/boards/nucleo_l552ze_q/boot_hal_cfg.h index 8bdbe664f5..9fc92e2efc 100644 --- a/platform/ext/target/stm/stm32l5xx/boards/nucleo_l552ze_q/boot_hal_cfg.h +++ b/platform/ext/target/stm/stm32l5xx/boards/nucleo_l552ze_q/boot_hal_cfg.h @@ -35,13 +35,13 @@ /* Static protection checking Flag */ /* #define TFM_OB_RDP_LEVEL_VALUE OB_RDP_LEVEL_1 */ /*!< RDP level */ -/*#define TFM_WRP_PROTECT_ENABLE */ /*!< Write Protection */ +/* #define TFM_WRP_PROTECT_ENABLE */ /*!< Write Protection */ #define TFM_HDP_PROTECT_ENABLE /*!< HDP protection */ #define TFM_SECURE_USER_SRAM2_ERASE_AT_RESET /*!< SRAM2 clear at Reset */ #define TFM_OB_BOOT_LOCK 0 /*!< BOOT Lock expected value */ /* run time protection */ #define TFM_FLASH_PRIVONLY_ENABLE /*!< Flash Command in Privileged only */ -/*#define TFM_BOOT_MPU_PROTECTION */ /*!< TFM_SBSFU_Boot uses MPU to prevent execution outside of TFM_SBSFU_Boot code */ +#define TFM_BOOT_MPU_PROTECTION /*!< TFM_SBSFU_Boot uses MPU to prevent execution outside of TFM_SBSFU_Boot code */ #define TFM_ENABLE_SET_OB /*!< Option bytes are set by TFM_SBSFU_Boot when not correctly set */ #define TFM_ERROR_HANDLER_NON_SECURE /*!< Error handler is in Non Secure , this allows regression without jumping */ /* Exported types ------------------------------------------------------------*/ diff --git a/platform/ext/target/stm/stm32l5xx/boards/stm32l562e_dk/boot_hal_cfg.h b/platform/ext/target/stm/stm32l5xx/boards/stm32l562e_dk/boot_hal_cfg.h index 8bdbe664f5..9fc92e2efc 100644 --- a/platform/ext/target/stm/stm32l5xx/boards/stm32l562e_dk/boot_hal_cfg.h +++ b/platform/ext/target/stm/stm32l5xx/boards/stm32l562e_dk/boot_hal_cfg.h @@ -35,13 +35,13 @@ /* Static protection checking Flag */ /* #define TFM_OB_RDP_LEVEL_VALUE OB_RDP_LEVEL_1 */ /*!< RDP level */ -/*#define TFM_WRP_PROTECT_ENABLE */ /*!< Write Protection */ +/* #define TFM_WRP_PROTECT_ENABLE */ /*!< Write Protection */ #define TFM_HDP_PROTECT_ENABLE /*!< HDP protection */ #define TFM_SECURE_USER_SRAM2_ERASE_AT_RESET /*!< SRAM2 clear at Reset */ #define TFM_OB_BOOT_LOCK 0 /*!< BOOT Lock expected value */ /* run time protection */ #define TFM_FLASH_PRIVONLY_ENABLE /*!< Flash Command in Privileged only */ -/*#define TFM_BOOT_MPU_PROTECTION */ /*!< TFM_SBSFU_Boot uses MPU to prevent execution outside of TFM_SBSFU_Boot code */ +#define TFM_BOOT_MPU_PROTECTION /*!< TFM_SBSFU_Boot uses MPU to prevent execution outside of TFM_SBSFU_Boot code */ #define TFM_ENABLE_SET_OB /*!< Option bytes are set by TFM_SBSFU_Boot when not correctly set */ #define TFM_ERROR_HANDLER_NON_SECURE /*!< Error handler is in Non Secure , this allows regression without jumping */ /* Exported types ------------------------------------------------------------*/ |