summaryrefslogtreecommitdiff
path: root/arch/arm/cpu/armv7/virt-v7.c
AgeCommit message (Collapse)Author
2015-05-13tegra124: Reserve secure RAM using MC_SECURITY_CFG{0, 1}_0Ian Campbell
These registers can be used to prevent non-secure world from accessing a megabyte aligned region of RAM, use them to protect the u-boot secure monitor code. At first I tried to do this from s_init(), however this inexplicably causes u-boot's networking (e.g. DHCP) to fail, while networking under Linux was fine. So instead I have added a new weak arch function protect_secure_section() called from relocate_secure_section() and reserved the region there. This is better overall since it defers the reservation until after the sec vs. non-sec decision (which can be influenced by an envvar) has been made when booting the os. Signed-off-by: Ian Campbell <ijc@hellion.org.uk> [Jan: tiny style adjustment] Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Tom Rini <trini@konsulko.com> Reviewed-by: Thierry Reding <treding@nvidia.com> Tested-by: Thierry Reding <treding@nvidia.com> Tested-by: Ian Campbell <ijc@hellion.org.uk> Signed-off-by: Tom Warren <twarren@nvidia.com>
2015-05-13ARM: Add board-specific initialization hook for PSCIJan Kiszka
Tegra boards will have to initialize power management for the PSCI support this way. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Tom Warren <twarren@nvidia.com>
2015-03-01ARM: HYP/non-sec: relocation before enable secondary coresPeng Fan
If CONFIG_ARMV7_PSCI is not defined and CONFIG_ARMV7_SECURE_BASE is defined, smp_kicl_all_cpus may enable secondary cores and runs into secure_ram_addr( _smp_pen), before code is relocated to secure ram. So need relocation to secure ram before enable secondary cores. Signed-off-by: Peng Fan <Peng.Fan@freescale.com> Acked-by: Marc Zyngier <marc.zyngier@arm.com>
2015-01-23ARM: HYP/non-sec: Make variable gic_dist_addr as a local onetang yuantian
Defining variable gic_dist_addr as a globe one prevents some functions, which use it, from being used before relocation which is the case in the deep sleep resume process on Freescale SoC platforms. Besides, we can always get the GIC base address by calling get_gicd_base_address() without referring gic_dist_addr. Signed-off-by: Tang Yuantian <Yuantian.Tang@freescale.com> Reviewed-by: York Sun <yorksun@freescale.com>
2014-07-28ARM: HYP/non-sec: remove MIDR check to validate CBARMarc Zyngier
Having a form of whitelist to check if we know of a CPU core and and obtain CBAR is a bit silly. It doesn't scale (how about A12, A17, as well as other I don't know about?), and is actually a property of the SoC, not the core. So either it works and everybody is happy, or it doesn't and the u-boot port to this SoC is providing the real address via a configuration option. The result of the above is that this code doesn't need to exist, is thus forcefully removed. Signed-off-by: Marc Zyngier <marc.zyngier@arm.com> Acked-by: Ian Campbell <ijc@hellion.org.uk>
2014-07-28ARM: HYP/non-sec: allow relocation to secure RAMMarc Zyngier
The current non-sec switching code suffers from one major issue: it cannot run in secure RAM, as a large part of u-boot still needs to be run while we're switched to non-secure. This patch reworks the whole HYP/non-secure strategy by: - making sure the secure code is the *last* thing u-boot executes before entering the payload - performing an exception return from secure mode directly into the payload - allowing the code to be dynamically relocated to secure RAM before switching to non-secure. This involves quite a bit of horrible code, specially as u-boot relocation is quite primitive. Signed-off-by: Marc Zyngier <marc.zyngier@arm.com> Acked-by: Ian Campbell <ijc@hellion.org.uk>
2013-10-07ARM: virtualization: replace verbose license with SPDX identifierAndre Przywara
The original creation of arch/arm/cpu/armv7/{virt-v7.c,nonsec_virt.S} predates the SPDX conversion, so the original elaborate license statements sneaked in. Fix this by replacing them with the proper abbreviation. Signed-off-by: Andre Przywara <andre.przywara@linaro.org>
2013-10-03ARM: extend non-secure switch to also go into HYP modeAndre Przywara
For the KVM and XEN hypervisors to be usable, we need to enter the kernel in HYP mode. Now that we already are in non-secure state, HYP mode switching is within short reach. While doing the non-secure switch, we have to enable the HVC instruction and setup the HYP mode HVBAR (while still secure). The actual switch is done by dropping back from a HYP mode handler without actually leaving HYP mode, so we introduce a new handler routine in our new secure exception vector table. In the assembly switching routine we save and restore the banked LR and SP registers around the hypercall to do the actual HYP mode switch. The C routine first checks whether we are in HYP mode already and also whether the virtualization extensions are available. It also checks whether the HYP mode switch was finally successful. The bootm command part only calls the new function after the non-secure switch. Signed-off-by: Andre Przywara <andre.przywara@linaro.org>
2013-10-03ARM: add SMP support for non-secure switchAndre Przywara
Currently the non-secure switch is only done for the boot processor. To enable full SMP support, we have to switch all secondary cores into non-secure state also. So we add an entry point for secondary CPUs coming out of low-power state and make sure we put them into WFI again after having switched to non-secure state. For this we acknowledge and EOI the wake-up IPI, then go into WFI. Once being kicked out of it later, we sanity check that the start address has actually been changed (since another attempt to switch to non-secure would block the core) and jump to the new address. The actual CPU kick is done by sending an inter-processor interrupt via the GIC to all CPU interfaces except the requesting processor. The secondary cores will then setup their respective GIC CPU interface. While this approach is pretty universal across several ARMv7 boards, we make this function weak in case someone needs to tweak this for a specific board. The way of setting the secondary's start address is board specific, but mostly different only in the actual SMP pen address, so we also provide a weak default implementation and just depend on the proper address to be set in the config file. Signed-off-by: Andre Przywara <andre.przywara@linaro.org>
2013-10-03ARM: add C function to switch to non-secure stateAndre Przywara
The core specific part of the work is done in the assembly routine in nonsec_virt.S, introduced with the previous patch, but for the full glory we need to setup the GIC distributor interface once for the whole system, which is done in C here. The routine is placed in arch/arm/cpu/armv7 to allow easy access from other ARMv7 boards. We check the availability of the security extensions first. Since we need a safe way to access the GIC, we use the PERIPHBASE registers on Cortex-A15 and A7 CPUs and do some sanity checks. Boards not implementing the CBAR can override this value via a configuration file variable. Then we actually do the GIC enablement: a) enable the GIC distributor, both for non-secure and secure state (GICD_CTLR[1:0] = 11b) b) allow all interrupts to be handled from non-secure state (GICD_IGROUPRn = 0xFFFFFFFF) The core specific GIC setup is then done in the assembly routine. Signed-off-by: Andre Przywara <andre.przywara@linaro.org>