aboutsummaryrefslogtreecommitdiff
path: root/include/arch/aarch64/el3_common_macros.S
diff options
context:
space:
mode:
Diffstat (limited to 'include/arch/aarch64/el3_common_macros.S')
-rw-r--r--include/arch/aarch64/el3_common_macros.S177
1 files changed, 82 insertions, 95 deletions
diff --git a/include/arch/aarch64/el3_common_macros.S b/include/arch/aarch64/el3_common_macros.S
index f75998351b..26c7578929 100644
--- a/include/arch/aarch64/el3_common_macros.S
+++ b/include/arch/aarch64/el3_common_macros.S
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -9,6 +9,7 @@
#include <arch.h>
#include <asm_macros.S>
+#include <assert_macros.S>
#include <context.h>
#include <lib/xlat_tables/xlat_tables_defs.h>
@@ -58,36 +59,26 @@
* zero here but are updated ahead of transitioning to a lower EL in the
* function cm_init_context_common().
*
- * SCR_EL3.TWE: Set to zero so that execution of WFE instructions at
- * EL2, EL1 and EL0 are not trapped to EL3.
- *
- * SCR_EL3.TWI: Set to zero so that execution of WFI instructions at
- * EL2, EL1 and EL0 are not trapped to EL3.
- *
* SCR_EL3.SIF: Set to one to disable instruction fetches from
* Non-secure memory.
*
- * SCR_EL3.SMD: Set to zero to enable SMC calls at EL1 and above, from
- * both Security states and both Execution states.
- *
* SCR_EL3.EA: Set to one to route External Aborts and SError Interrupts
* to EL3 when executing at any EL.
*
- * SCR_EL3.{API,APK}: For Armv8.3 pointer authentication feature,
- * disable traps to EL3 when accessing key registers or using pointer
- * authentication instructions from lower ELs.
+ * SCR_EL3.EEL2: Set to one if S-EL2 is present and enabled.
+ *
+ * NOTE: Modifying EEL2 bit along with EA bit ensures that we mitigate
+ * against ERRATA_V2_3099206.
* ---------------------------------------------------------------------
*/
- mov_imm x0, ((SCR_RESET_VAL | SCR_EA_BIT | SCR_SIF_BIT) \
- & ~(SCR_TWE_BIT | SCR_TWI_BIT | SCR_SMD_BIT))
-#if CTX_INCLUDE_PAUTH_REGS
- /*
- * If the pointer authentication registers are saved during world
- * switches, enable pointer authentication everywhere, as it is safe to
- * do so.
- */
- orr x0, x0, #(SCR_API_BIT | SCR_APK_BIT)
+ mov_imm x0, (SCR_RESET_VAL | SCR_EA_BIT | SCR_SIF_BIT)
+#if IMAGE_BL31 && defined(SPD_spmd) && SPMD_SPM_AT_SEL2
+ mrs x1, id_aa64pfr0_el1
+ and x1, x1, #(ID_AA64PFR0_SEL2_MASK << ID_AA64PFR0_SEL2_SHIFT)
+ cbz x1, 1f
+ orr x0, x0, #SCR_EEL2_BIT
#endif
+1:
msr scr_el3, x0
/* ---------------------------------------------------------------------
@@ -107,60 +98,14 @@
* MDCR_EL3.TDA: Set to zero to allow EL0, EL1 and EL2 access to the
* debug registers, other than those registers that are controlled by
* MDCR_EL3.TDOSA.
- *
- * MDCR_EL3.TPM: Set to zero so that EL0, EL1, and EL2 System register
- * accesses to all Performance Monitors registers do not trap to EL3.
- *
- * MDCR_EL3.SCCD: Set to one so that cycle counting by PMCCNTR_EL0 is
- * prohibited in Secure state. This bit is RES0 in versions of the
- * architecture earlier than ARMv8.5, setting it to 1 doesn't have any
- * effect on them.
- *
- * MDCR_EL3.SPME: Set to zero so that event counting by the programmable
- * counters PMEVCNTR<n>_EL0 is prohibited in Secure state. If ARMv8.2
- * Debug is not implemented this bit does not have any effect on the
- * counters unless there is support for the implementation defined
- * authentication interface ExternalSecureNoninvasiveDebugEnabled().
- * ---------------------------------------------------------------------
*/
mov_imm x0, ((MDCR_EL3_RESET_VAL | MDCR_SDD_BIT | \
- MDCR_SPD32(MDCR_SPD32_DISABLE) | MDCR_SCCD_BIT) & \
- ~(MDCR_SPME_BIT | MDCR_TDOSA_BIT | MDCR_TDA_BIT | \
- MDCR_TPM_BIT))
+ MDCR_SPD32(MDCR_SPD32_DISABLE)) & \
+ ~(MDCR_TDOSA_BIT | MDCR_TDA_BIT))
msr mdcr_el3, x0
/* ---------------------------------------------------------------------
- * Initialise PMCR_EL0 setting all fields rather than relying
- * on hw. Some fields are architecturally UNKNOWN on reset.
- *
- * PMCR_EL0.LP: Set to one so that event counter overflow, that
- * is recorded in PMOVSCLR_EL0[0-30], occurs on the increment
- * that changes PMEVCNTR<n>_EL0[63] from 1 to 0, when ARMv8.5-PMU
- * is implemented. This bit is RES0 in versions of the architecture
- * earlier than ARMv8.5, setting it to 1 doesn't have any effect
- * on them.
- *
- * PMCR_EL0.LC: Set to one so that cycle counter overflow, that
- * is recorded in PMOVSCLR_EL0[31], occurs on the increment
- * that changes PMCCNTR_EL0[63] from 1 to 0.
- *
- * PMCR_EL0.DP: Set to one so that the cycle counter,
- * PMCCNTR_EL0 does not count when event counting is prohibited.
- *
- * PMCR_EL0.X: Set to zero to disable export of events.
- *
- * PMCR_EL0.D: Set to zero so that, when enabled, PMCCNTR_EL0
- * counts on every clock cycle.
- * ---------------------------------------------------------------------
- */
- mov_imm x0, ((PMCR_EL0_RESET_VAL | PMCR_EL0_LP_BIT | \
- PMCR_EL0_LC_BIT | PMCR_EL0_DP_BIT) & \
- ~(PMCR_EL0_X_BIT | PMCR_EL0_D_BIT))
-
- msr pmcr_el0, x0
-
- /* ---------------------------------------------------------------------
* Enable External Aborts and SError Interrupts now that the exception
* vectors have been setup.
* ---------------------------------------------------------------------
@@ -170,31 +115,33 @@
/* ---------------------------------------------------------------------
* Initialise CPTR_EL3, setting all fields rather than relying on hw.
* All fields are architecturally UNKNOWN on reset.
- *
- * CPTR_EL3.TCPAC: Set to zero so that any accesses to CPACR_EL1,
- * CPTR_EL2, CPACR, or HCPTR do not trap to EL3.
- *
- * CPTR_EL3.TTA: Set to zero so that System register accesses to the
- * trace registers do not trap to EL3.
- *
- * CPTR_EL3.TFP: Set to zero so that accesses to the V- or Z- registers
- * by Advanced SIMD, floating-point or SVE instructions (if implemented)
- * do not trap to EL3.
+ * ---------------------------------------------------------------------
*/
- mov_imm x0, (CPTR_EL3_RESET_VAL & ~(TCPAC_BIT | TTA_BIT | TFP_BIT))
+ mov_imm x0, CPTR_EL3_RESET_VAL
msr cptr_el3, x0
/*
* If Data Independent Timing (DIT) functionality is implemented,
- * always enable DIT in EL3
+ * always enable DIT in EL3.
+ * First assert that the FEAT_DIT build flag matches the feature id
+ * register value for DIT.
*/
+#if ENABLE_FEAT_DIT
+#if ENABLE_ASSERTIONS || ENABLE_FEAT_DIT > 1
mrs x0, id_aa64pfr0_el1
ubfx x0, x0, #ID_AA64PFR0_DIT_SHIFT, #ID_AA64PFR0_DIT_LENGTH
+#if ENABLE_FEAT_DIT > 1
+ cbz x0, 1f
+#else
cmp x0, #ID_AA64PFR0_DIT_SUPPORTED
- bne 1f
+ ASM_ASSERT(eq)
+#endif
+
+#endif /* ENABLE_ASSERTIONS */
mov x0, #DIT_BIT
msr DIT, x0
1:
+#endif
.endm
/* -----------------------------------------------------------------------------
@@ -273,14 +220,14 @@
*/
mov_imm x0, (SCTLR_RESET_VAL & ~(SCTLR_EE_BIT | SCTLR_WXN_BIT \
| SCTLR_SA_BIT | SCTLR_A_BIT | SCTLR_DSSBS_BIT))
+#if ENABLE_FEAT_RAS
+ /* If FEAT_RAS is present assume FEAT_IESB is also present */
+ orr x0, x0, #SCTLR_IESB_BIT
+#endif
msr sctlr_el3, x0
isb
.endif /* _init_sctlr */
-#if DISABLE_MTPMU
- bl mtpmu_disable
-#endif
-
.if \_warm_boot_mailbox
/* -------------------------------------------------------------
* This code will be executed for both warm and cold resets.
@@ -324,6 +271,7 @@
msr vbar_el3, x0
isb
+#if !(defined(IMAGE_BL2) && ENABLE_RME)
/* ---------------------------------------------------------------------
* It is a cold boot.
* Perform any processor specific actions upon reset e.g. cache, TLB
@@ -331,6 +279,7 @@
* ---------------------------------------------------------------------
*/
bl reset_handler
+#endif
el3_arch_init_common
@@ -373,17 +322,31 @@
* ---------------------------------------------------------------------
*/
.if \_init_c_runtime
-#if defined(IMAGE_BL31) || (defined(IMAGE_BL2) && BL2_AT_EL3 && BL2_INV_DCACHE)
+#if defined(IMAGE_BL31) || (defined(IMAGE_BL2) && \
+ ((RESET_TO_BL2 && BL2_INV_DCACHE) || ENABLE_RME))
/* -------------------------------------------------------------
* Invalidate the RW memory used by the BL31 image. This
* includes the data and NOBITS sections. This is done to
* safeguard against possible corruption of this memory by
* dirty cache lines in a system cache as a result of use by
- * an earlier boot loader stage.
+ * an earlier boot loader stage. If PIE is enabled however,
+ * RO sections including the GOT may be modified during
+ * pie fixup. Therefore, to be on the safe side, invalidate
+ * the entire image region if PIE is enabled.
* -------------------------------------------------------------
*/
+#if ENABLE_PIE
+#if SEPARATE_CODE_AND_RODATA
+ adrp x0, __TEXT_START__
+ add x0, x0, :lo12:__TEXT_START__
+#else
+ adrp x0, __RO_START__
+ add x0, x0, :lo12:__RO_START__
+#endif /* SEPARATE_CODE_AND_RODATA */
+#else
adrp x0, __RW_START__
add x0, x0, :lo12:__RW_START__
+#endif /* ENABLE_PIE */
adrp x1, __RW_END__
add x1, x1, :lo12:__RW_END__
sub x1, x1, x0
@@ -396,6 +359,14 @@
sub x1, x1, x0
bl inv_dcache_range
#endif
+#if defined(IMAGE_BL2) && SEPARATE_BL2_NOLOAD_REGION
+ adrp x0, __BL2_NOLOAD_START__
+ add x0, x0, :lo12:__BL2_NOLOAD_START__
+ adrp x1, __BL2_NOLOAD_END__
+ add x1, x1, :lo12:__BL2_NOLOAD_END__
+ sub x1, x1, x0
+ bl inv_dcache_range
+#endif
#endif
adrp x0, __BSS_START__
add x0, x0, :lo12:__BSS_START__
@@ -414,7 +385,8 @@
bl zeromem
#endif
-#if defined(IMAGE_BL1) || (defined(IMAGE_BL2) && BL2_AT_EL3 && BL2_IN_XIP_MEM)
+#if defined(IMAGE_BL1) || \
+ (defined(IMAGE_BL2) && RESET_TO_BL2 && BL2_IN_XIP_MEM)
adrp x0, __DATA_RAM_START__
add x0, x0, :lo12:__DATA_RAM_START__
adrp x1, __DATA_ROM_START__
@@ -451,13 +423,12 @@
.macro apply_at_speculative_wa
#if ERRATA_SPECULATIVE_AT
/*
- * Explicitly save x30 so as to free up a register and to enable
- * branching and also, save x29 which will be used in the called
- * function
+ * This function expects x30 has been saved.
+ * Also, save x29 which will be used in the called function.
*/
- stp x29, x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29]
+ str x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29]
bl save_and_update_ptw_el1_sys_regs
- ldp x29, x30, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29]
+ ldr x29, [sp, #CTX_GPREGS_OFFSET + CTX_GPREG_X29]
#endif
.endm
@@ -486,4 +457,20 @@
#endif
.endm
+/* -----------------------------------------------------------------
+ * The below macro reads SCR_EL3 from the context structure to
+ * determine the security state of the context upon ERET.
+ * ------------------------------------------------------------------
+ */
+ .macro get_security_state _ret:req, _scr_reg:req
+ ubfx \_ret, \_scr_reg, #SCR_NSE_SHIFT, #1
+ cmp \_ret, #1
+ beq realm_state
+ bfi \_ret, \_scr_reg, #0, #1
+ b end
+ realm_state:
+ mov \_ret, #2
+ end:
+ .endm
+
#endif /* EL3_COMMON_MACROS_S */