diff options
Diffstat (limited to 'include/arch/aarch64/el3_common_macros.S')
-rw-r--r-- | include/arch/aarch64/el3_common_macros.S | 177 |
1 files changed, 82 insertions, 95 deletions
diff --git a/include/arch/aarch64/el3_common_macros.S b/include/arch/aarch64/el3_common_macros.S index f75998351b..26c7578929 100644 --- a/include/arch/aarch64/el3_common_macros.S +++ b/include/arch/aarch64/el3_common_macros.S @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -9,6 +9,7 @@ #include <arch.h> #include <asm_macros.S> +#include <assert_macros.S> #include <context.h> #include <lib/xlat_tables/xlat_tables_defs.h> @@ -58,36 +59,26 @@ * zero here but are updated ahead of transitioning to a lower EL in the * function cm_init_context_common(). * - * SCR_EL3.TWE: Set to zero so that execution of WFE instructions at - * EL2, EL1 and EL0 are not trapped to EL3. - * - * SCR_EL3.TWI: Set to zero so that execution of WFI instructions at - * EL2, EL1 and EL0 are not trapped to EL3. - * * SCR_EL3.SIF: Set to one to disable instruction fetches from * Non-secure memory. * - * SCR_EL3.SMD: Set to zero to enable SMC calls at EL1 and above, from - * both Security states and both Execution states. - * * SCR_EL3.EA: Set to one to route External Aborts and SError Interrupts * to EL3 when executing at any EL. * - * SCR_EL3.{API,APK}: For Armv8.3 pointer authentication feature, - * disable traps to EL3 when accessing key registers or using pointer - * authentication instructions from lower ELs. + * SCR_EL3.EEL2: Set to one if S-EL2 is present and enabled. + * + * NOTE: Modifying EEL2 bit along with EA bit ensures that we mitigate + * against ERRATA_V2_3099206. * --------------------------------------------------------------------- */ - mov_imm x0, ((SCR_RESET_VAL | SCR_EA_BIT | SCR_SIF_BIT) \ - & ~(SCR_TWE_BIT | SCR_TWI_BIT | SCR_SMD_BIT)) -#if CTX_INCLUDE_PAUTH_REGS - /* - * If the pointer authentication registers are saved during world - * switches, enable pointer authentication everywhere, as it is safe to - * do so. - */ - orr x0, x0, #(SCR_API_BIT | SCR_APK_BIT) + mov_imm x0, (SCR_RESET_VAL | SCR_EA_BIT | SCR_SIF_BIT) +#if IMAGE_BL31 && defined(SPD_spmd) && SPMD_SPM_AT_SEL2 + mrs x1, id_aa64pfr0_el1 + and x1, x1, #(ID_AA64PFR0_SEL2_MASK << ID_AA64PFR0_SEL2_SHIFT) + cbz x1, 1f + orr x0, x0, #SCR_EEL2_BIT #endif +1: msr scr_el3, x0 /* --------------------------------------------------------------------- @@ -107,60 +98,14 @@ * MDCR_EL3.TDA: Set to zero to allow EL0, EL1 and EL2 access to the * debug registers, other than those registers that are controlled by * MDCR_EL3.TDOSA. - * - * MDCR_EL3.TPM: Set to zero so that EL0, EL1, and EL2 System register - * accesses to all Performance Monitors registers do not trap to EL3. - * - * MDCR_EL3.SCCD: Set to one so that cycle counting by PMCCNTR_EL0 is - * prohibited in Secure state. This bit is RES0 in versions of the - * architecture earlier than ARMv8.5, setting it to 1 doesn't have any - * effect on them. - * - * MDCR_EL3.SPME: Set to zero so that event counting by the programmable - * counters PMEVCNTR<n>_EL0 is prohibited in Secure state. If ARMv8.2 - * Debug is not implemented this bit does not have any effect on the - * counters unless there is support for the implementation defined - * authentication interface ExternalSecureNoninvasiveDebugEnabled(). - * --------------------------------------------------------------------- */ mov_imm x0, ((MDCR_EL3_RESET_VAL | MDCR_SDD_BIT | \ - MDCR_SPD32(MDCR_SPD32_DISABLE) | MDCR_SCCD_BIT) & \ - ~(MDCR_SPME_BIT | MDCR_TDOSA_BIT | MDCR_TDA_BIT | \ - MDCR_TPM_BIT)) + MDCR_SPD32(MDCR_SPD32_DISABLE)) & \ + ~(MDCR_TDOSA_BIT | MDCR_TDA_BIT)) msr mdcr_el3, x0 /* --------------------------------------------------------------------- - * Initialise PMCR_EL0 setting all fields rather than relying - * on hw. Some fields are architecturally UNKNOWN on reset. - * - * PMCR_EL0.LP: Set to one so that event counter overflow, that - * is recorded in PMOVSCLR_EL0[0-30], occurs on the increment - * that changes PMEVCNTR<n>_EL0[63] from 1 to 0, when ARMv8.5-PMU - * is implemented. This bit is RES0 in versions of the architecture - * earlier than ARMv8.5, setting it to 1 doesn't have any effect - * on them. - * - * PMCR_EL0.LC: Set to one so that cycle counter overflow, that - * is recorded in PMOVSCLR_EL0[31], occurs on the increment - * that changes PMCCNTR_EL0[63] from 1 to 0. - * - * PMCR_EL0.DP: Set to one so that the cycle counter, - * PMCCNTR_EL0 does not count when event counting is prohibited. - * - * PMCR_EL0.X: Set to zero to disable export of events. - * - * PMCR_EL0.D: Set to zero so that, when enabled, PMCCNTR_EL0 - * counts on every clock cycle. - * --------------------------------------------------------------------- - */ - mov_imm x0, ((PMCR_EL0_RESET_VAL | PMCR_EL0_LP_BIT | \ - PMCR_EL0_LC_BIT | PMCR_EL0_DP_BIT) & \ - ~(PMCR_EL0_X_BIT | PMCR_EL0_D_BIT)) - - msr pmcr_el0, x0 - - /* --------------------------------------------------------------------- * Enable External Aborts and SError Interrupts now that the exception * vectors have been setup. * --------------------------------------------------------------------- @@ -170,31 +115,33 @@ /* --------------------------------------------------------------------- * Initialise CPTR_EL3, setting all fields rather than relying on hw. * All fields are architecturally UNKNOWN on reset. - * - * CPTR_EL3.TCPAC: Set to zero so that any accesses to CPACR_EL1, - * CPTR_EL2, CPACR, or HCPTR do not trap to EL3. - * - * CPTR_EL3.TTA: Set to zero so that System register accesses to the - * trace registers do not trap to EL3. - * - * CPTR_EL3.TFP: Set to zero so that accesses to the V- or Z- registers - * by Advanced SIMD, floating-point or SVE instructions (if implemented) - * do not trap to EL3. + * --------------------------------------------------------------------- */ - mov_imm x0, (CPTR_EL3_RESET_VAL & ~(TCPAC_BIT | TTA_BIT | TFP_BIT)) + mov_imm x0, CPTR_EL3_RESET_VAL msr cptr_el3, x0 /* * If Data Independent Timing (DIT) functionality is implemented, - * always enable DIT in EL3 + * always enable DIT in EL3. + * First assert that the FEAT_DIT build flag matches the feature id + * register value for DIT. */ +#if ENABLE_FEAT_DIT +#if ENABLE_ASSERTIONS || ENABLE_FEAT_DIT > 1 mrs x0, id_aa64pfr0_el1 ubfx x0, x0, #ID_AA64PFR0_DIT_SHIFT, #ID_AA64PFR0_DIT_LENGTH +#if ENABLE_FEAT_DIT > 1 + cbz x0, 1f +#else cmp x0, #ID_AA64PFR0_DIT_SUPPORTED - bne 1f + ASM_ASSERT(eq) +#endif + +#endif /* ENABLE_ASSERTIONS */ mov x0, #DIT_BIT msr DIT, x0 1: +#endif .endm /* ----------------------------------------------------------------------------- @@ -273,14 +220,14 @@ */ mov_imm x0, (SCTLR_RESET_VAL & ~(SCTLR_EE_BIT | SCTLR_WXN_BIT \ | SCTLR_SA_BIT | SCTLR_A_BIT | SCTLR_DSSBS_BIT)) +#if ENABLE_FEAT_RAS + /* If FEAT_RAS is present assume FEAT_IESB is also present */ + orr x0, x0, #SCTLR_IESB_BIT +#endif msr sctlr_el3, x0 isb .endif /* _init_sctlr */ -#if DISABLE_MTPMU - bl mtpmu_disable -#endif - .if \_warm_boot_mailbox /* ------------------------------------------------------------- * This code will be executed for both warm and cold resets. @@ -324,6 +271,7 @@ msr vbar_el3, x0 isb +#if !(defined(IMAGE_BL2) && ENABLE_RME) /* --------------------------------------------------------------------- * It is a cold boot. * Perform any processor specific actions upon reset e.g. cache, TLB @@ -331,6 +279,7 @@ * --------------------------------------------------------------------- */ bl reset_handler +#endif el3_arch_init_common @@ -373,17 +322,31 @@ * --------------------------------------------------------------------- */ .if \_init_c_runtime -#if defined(IMAGE_BL31) || (defined(IMAGE_BL2) && BL2_AT_EL3 && BL2_INV_DCACHE) +#if defined(IMAGE_BL31) || (defined(IMAGE_BL2) && \ + ((RESET_TO_BL2 && BL2_INV_DCACHE) || ENABLE_RME)) /* ------------------------------------------------------------- * Invalidate the RW memory used by the BL31 image. This * includes the data and NOBITS sections. This is done to * safeguard against possible corruption of this memory by * dirty cache lines in a system cache as a result of use by - * an earlier boot loader stage. + * an earlier boot loader stage. If PIE is enabled however, + * RO sections including the GOT may be modified during + * pie fixup. Therefore, to be on the safe side, invalidate + * the entire image region if PIE is enabled. * ------------------------------------------------------------- */ +#if ENABLE_PIE +#if SEPARATE_CODE_AND_RODATA + adrp x0, __TEXT_START__ + add x0, x0, :lo12:__TEXT_START__ +#else + adrp x0, __RO_START__ + add x0, x0, :lo12:__RO_START__ +#endif /* SEPARATE_CODE_AND_RODATA */ +#else adrp x0, __RW_START__ add x0, x0, :lo12:__RW_START__ +#endif /* ENABLE_PIE */ adrp x1, __RW_END__ add x1, x1, :lo12:__RW_END__ sub x1, x1, x0 @@ -396,6 +359,14 @@ sub x1, x1, x0 bl inv_dcache_range #endif +#if defined(IMAGE_BL2) && SEPARATE_BL2_NOLOAD_REGION + adrp x0, __BL2_NOLOAD_START__ + add x0, x0, :lo12:__BL2_NOLOAD_START__ + adrp x1, __BL2_NOLOAD_END__ + add x1, x1, :lo12:__BL2_NOLOAD_END__ + sub x1, x1, x0 + bl inv_dcache_range +#endif #endif adrp x0, __BSS_START__ add x0, x0, :lo12:__BSS_START__ @@ -414,7 +385,8 @@ bl zeromem #endif -#if defined(IMAGE_BL1) || (defined(IMAGE_BL2) && BL2_AT_EL3 && BL2_IN_XIP_MEM) +#if defined(IMAGE_BL1) || \ + (defined(IMAGE_BL2) && RESET_TO_BL2 && BL2_IN_XIP_MEM) adrp x0, __DATA_RAM_START__ add x0, x0, :lo12:__DATA_RAM_START__ adrp x1, __DATA_ROM_START__ @@ -451,13 +423,12 @@ .macro apply_at_speculative_wa #if ERRATA_SPECULATIVE_AT /* - * Explicitly save x30 so as to free up a register and to enable - * branching and also, save x29 which will be used in the called - * function + * This function expects x30 has been saved. + * Also, save x29 which will be used in the called function. */ - stp x29, x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29] + str x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29] bl save_and_update_ptw_el1_sys_regs - ldp x29, x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29] + ldr x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29] #endif .endm @@ -486,4 +457,20 @@ #endif .endm +/* ----------------------------------------------------------------- + * The below macro reads SCR_EL3 from the context structure to + * determine the security state of the context upon ERET. + * ------------------------------------------------------------------ + */ + .macro get_security_state _ret:req, _scr_reg:req + ubfx \_ret, \_scr_reg, #SCR_NSE_SHIFT, #1 + cmp \_ret, #1 + beq realm_state + bfi \_ret, \_scr_reg, #0, #1 + b end + realm_state: + mov \_ret, #2 + end: + .endm + #endif /* EL3_COMMON_MACROS_S */ |