@ -71,77 +71,104 @@ static void cm_init_context_common(cpu_context_t *ctx, const entry_point_info_t
zeromem ( ctx , sizeof ( * ctx ) ) ;
/*
* Base the context SCR on the current value , adjust for entry point
* specific requirements and set trap bits from the IMF
* TODO : provide the base / global SCR bits using another mechanism ?
* SCR_EL3 was initialised during reset sequence in macro
* el3_arch_init_common . This code modifies the SCR_EL3 fields that
* affect the next EL .
*
* The following fields are initially set to zero and then updated to
* the required value depending on the state of the SPSR_EL3 and the
* Security state and entrypoint attributes of the next EL .
*/
scr_el3 = read_scr ( ) ;
scr_el3 & = ~ ( SCR_NS_BIT | SCR_RW_BIT | SCR_FIQ_BIT | SCR_IRQ_BIT |
SCR_ST_BIT | SCR_HCE_BIT ) ;
/*
* SCR_NS : Set the security state of the next EL .
*/
if ( security_state ! = SECURE )
scr_el3 | = SCR_NS_BIT ;
/*
* SCR_EL3 . RW : Set the execution state , AArch32 or AArch64 , for next
* Exception level as specified by SPSR .
*/
if ( GET_RW ( ep - > spsr ) = = MODE_RW_64 )
scr_el3 | = SCR_RW_BIT ;
/*
* SCR_EL3 . ST : Traps Secure EL1 accesses to the Counter - timer Physical
* Secure timer registers to EL3 , from AArch64 state only , if specified
* by the entrypoint attributes .
*/
if ( EP_GET_ST ( ep - > h . attr ) )
scr_el3 | = SCR_ST_BIT ;
# ifndef HANDLE_EA_EL3_FIRST
/* Explicitly stop to trap aborts from lower exception levels. */
/*
* SCR_EL3 . EA : Do not route External Abort and SError Interrupt External
* to EL3 when executing at a lower EL . When executing at EL3 , External
* Aborts are taken to EL3 .
*/
scr_el3 & = ~ SCR_EA_BIT ;
# endif
# ifdef IMAGE_BL31
/*
* IRQ / FIQ bits only need setting if interrupt routing
* model has been set up for BL31 .
* SCR_EL3 . IRQ , SCR_EL3 . FIQ : Enable the physical FIQ and IRQ rounting as
* indicated by the interrupt routing model for BL31 .
*/
scr_el3 | = get_scr_el3_from_routing_model ( security_state ) ;
# endif
/*
* Set up SCTLR_ELx for the target exception level :
* EE bit is taken from the entrypoint attributes
* M , C and I bits must be zero ( as required by PSCI specification )
*
* The target exception level is based on the spsr mode requested .
* If execution is requested to EL2 or hyp mode , HVC is enabled
* via SCR_EL3 . HCE .
* SCR_EL3 . HCE : Enable HVC instructions if next execution state is
* AArch64 and next EL is EL2 , or if next execution state is AArch32 and
* next mode is Hyp .
*/
if ( ( GET_RW ( ep - > spsr ) = = MODE_RW_64
& & GET_EL ( ep - > spsr ) = = MODE_EL2 )
| | ( GET_RW ( ep - > spsr ) ! = MODE_RW_64
& & GET_M32 ( ep - > spsr ) = = MODE32_hyp ) ) {
scr_el3 | = SCR_HCE_BIT ;
}
/*
* Initialise SCTLR_EL1 to the reset value corresponding to the target
* execution state setting all fields rather than relying of the hw .
* Some fields have architecturally UNKNOWN reset values and these are
* set to zero .
*
* Always compute the SCTLR_EL1 value and save in the cpu_context
* - the EL2 registers are set up by cm_preapre_ns_entry ( ) as they
* are not part of the stored cpu_context
* SCTLR . EE : Endianness is taken from the entrypoint attributes .
*
* TODO : In debug builds the spsr should be validated and checked
* against the CPU support , security state , endianess and pc
* SCTLR . M , SCTLR . C and SCTLR . I : These fields must be zero ( as
* required by PSCI specification )
*/
sctlr_elx = EP_GET_EE ( ep - > h . attr ) ? SCTLR_EE_BIT : 0 ;
if ( GET_RW ( ep - > spsr ) = = MODE_RW_64 )
sctlr_elx | = SCTLR_EL1_RES1 ;
else {
sctlr_elx | = SCTLR_AARCH32_EL1_RES1 ;
/*
* If lower non - secure EL is AArch32 , enable the CP15BEN , nTWI
* & nTWI bits . This aligns with SCTLR initialization on
* systems with an AArch32 EL3 , where these bits
* architecturally reset to 1.
* If the target execution state is AArch32 then the following
* fields need to be set .
*
* SCTRL_EL1 . nTWE : Set to one so that EL0 execution of WFE
* instructions are not trapped to EL1 .
*
* SCTLR_EL1 . nTWI : Set to one so that EL0 execution of WFI
* instructions are not trapped to EL1 .
*
* SCTLR_EL1 . CP15BEN : Set to one to enable EL0 execution of the
* CP15DMB , CP15DSB , and CP15ISB instructions .
*/
if ( security_state ! = SECURE )
sctlr_elx | = SCTLR_CP15BEN_BIT | SCTLR_NTWI_BIT
| SCTLR_NTWE_BIT ;
sctlr_elx | = SCTLR_AARCH32_EL1_RES1 | SCTLR_CP15BEN_BIT
| SCTLR_NTWI_BIT | SCTLR_NTWE_BIT ;
}
/*
* Store the initialised SCTLR_EL1 value in the cpu_context - SCTLR_EL2
* and other EL2 resgisters are set up by cm_preapre_ns_entry ( ) as they
* are not part of the stored cpu_context .
*/
write_ctx_reg ( get_sysregs_ctx ( ctx ) , CTX_SCTLR_EL1 , sctlr_elx ) ;
if ( ( GET_RW ( ep - > spsr ) = = MODE_RW_64
& & GET_EL ( ep - > spsr ) = = MODE_EL2 )
| | ( GET_RW ( ep - > spsr ) ! = MODE_RW_64
& & GET_M32 ( ep - > spsr ) = = MODE32_hyp ) ) {
scr_el3 | = SCR_HCE_BIT ;
}
/* Populate EL3 state so that we've the right context before doing ERET */
state = get_el3state_ctx ( ctx ) ;
write_ctx_reg ( state , CTX_SCR_EL3 , scr_el3 ) ;
@ -191,7 +218,7 @@ void cm_init_my_context(const entry_point_info_t *ep)
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
void cm_prepare_el3_exit ( uint32_t security_state )
{
uint32_t sctlr_elx , scr_el3 , cptr_el2 ;
uint32_t sctlr_elx , scr_el3 ;
cpu_context_t * ctx = cm_get_context ( security_state ) ;
assert ( ctx ) ;
@ -206,57 +233,141 @@ void cm_prepare_el3_exit(uint32_t security_state)
sctlr_elx | = SCTLR_EL2_RES1 ;
write_sctlr_el2 ( sctlr_elx ) ;
} else if ( EL_IMPLEMENTED ( 2 ) ) {
/* EL2 present but unused, need to disable safely */
/* HCR_EL2 = 0, except RW bit set to match SCR_EL3 */
/*
* EL2 present but unused , need to disable safely .
* SCTLR_EL2 can be ignored in this case .
*
* Initialise all fields in HCR_EL2 , except HCR_EL2 . RW ,
* to zero so that Non - secure operations do not trap to
* EL2 .
*
* HCR_EL2 . RW : Set this field to match SCR_EL3 . RW
*/
write_hcr_el2 ( ( scr_el3 & SCR_RW_BIT ) ? HCR_RW_BIT : 0 ) ;
/* SCTLR_EL2 : can be ignored when bypassing */
/* CPTR_EL2 : disable all traps TCPAC, TTA, TFP */
cptr_el2 = read_cptr_el2 ( ) ;
cptr_el2 & = ~ ( TCPAC_BIT | TTA_BIT | TFP_BIT ) ;
write_cptr_el2 ( cptr_el2 ) ;
/*
* Initialise CPTR_EL2 setting all fields rather than
* relying on the hw . All fields have architecturally
* UNKNOWN reset values .
*
* CPTR_EL2 . TCPAC : Set to zero so that Non - secure EL1
* accesses to the CPACR_EL1 or CPACR from both
* Execution states do not trap to EL2 .
*
* CPTR_EL2 . TTA : Set to zero so that Non - secure System
* register accesses to the trace registers from both
* Execution states do not trap to EL2 .
*
* CPTR_EL2 . TFP : Set to zero so that Non - secure accesses
* to SIMD and floating - point functionality from both
* Execution states do not trap to EL2 .
*/
write_cptr_el2 ( CPTR_EL2_RESET_VAL &
~ ( CPTR_EL2_TCPAC_BIT | CPTR_EL2_TTA_BIT
| CPTR_EL2_TFP_BIT ) ) ;
/* Enable EL1 access to timer */
write_cnthctl_el2 ( EL1PCEN_BIT | EL1PCTEN_BIT ) ;
/*
* Initiliase CNTHCTL_EL2 . All fields are
* architecturally UNKNOWN on reset and are set to zero
* except for field ( s ) listed below .
*
* CNTHCTL_EL2 . EL1PCEN : Set to one to disable traps to
* Hyp mode of Non - secure EL0 and EL1 accesses to the
* physical timer registers .
*
* CNTHCTL_EL2 . EL1PCTEN : Set to one to disable traps to
* Hyp mode of Non - secure EL0 and EL1 accesses to the
* physical counter registers .
*/
write_cnthctl_el2 ( CNTHCTL_RESET_VAL |
EL1PCEN_BIT | EL1PCTEN_BIT ) ;
/* Reset CNTVOFF_EL2 */
/*
* Initialise CNTVOFF_EL2 to zero as it resets to an
* architecturally UNKNOWN value .
*/
write_cntvoff_el2 ( 0 ) ;
/* Set VPIDR, VMPIDR to match MIDR, MPIDR */
/*
* Set VPIDR_EL2 and VMPIDR_EL2 to match MIDR_EL1 and
* MPIDR_EL1 respectively .
*/
write_vpidr_el2 ( read_midr_el1 ( ) ) ;
write_vmpidr_el2 ( read_mpidr_el1 ( ) ) ;
/*
* Reset VTTBR_EL2 .
* Needed because cache maintenance operations depend on
* the VMID even when non - secure EL1 & 0 stage 2 address
* translation are disabled .
* Initialise VTTBR_EL2 . All fields are architecturally
* UNKNOWN on reset .
*
* VTTBR_EL2 . VMID : Set to zero . Even though EL1 & 0 stage
* 2 address translation is disabled , cache maintenance
* operations depend on the VMID .
*
* VTTBR_EL2 . BADDR : Set to zero as EL1 & 0 stage 2 address
* translation is disabled .
*/
write_vttbr_el2 ( 0 ) ;
write_vttbr_el2 ( VTTBR_RESET_VAL &
~ ( ( VTTBR_VMID_MASK < < VTTBR_VMID_SHIFT )
| ( VTTBR_BADDR_MASK < < VTTBR_BADDR_SHIFT ) ) ) ;
/*
* Avoid unexpected debug traps in case where MDCR_EL2
* is not completely reset by the hardware - set
* MDCR_EL2 . HPMN to PMCR_EL0 . N and zero the remaining
* bits .
* MDCR_EL2 . HPMN and PMCR_EL0 . N fields are the same size
* ( 5 bits ) and HPMN is at offset zero within MDCR_EL2 .
* Initialise MDCR_EL2 , setting all fields rather than
* relying on hw . Some fields are architecturally
* UNKNOWN on reset .
*
* MDCR_EL2 . TDRA : Set to zero so that Non - secure EL0 and
* EL1 System register accesses to the Debug ROM
* registers are not trapped to EL2 .
*
* MDCR_EL2 . TDOSA : Set to zero so that Non - secure EL1
* System register accesses to the powerdown debug
* registers are not trapped to EL2 .
*
* MDCR_EL2 . TDA : Set to zero so that System register
* accesses to the debug registers do not trap to EL2 .
*
* MDCR_EL2 . TDE : Set to zero so that debug exceptions
* are not routed to EL2 .
*
* MDCR_EL2 . HPME : Set to zero to disable EL2 Performance
* Monitors .
*
* MDCR_EL2 . TPM : Set to zero so that Non - secure EL0 and
* EL1 accesses to all Performance Monitors registers
* are not trapped to EL2 .
*
* MDCR_EL2 . TPMCR : Set to zero so that Non - secure EL0
* and EL1 accesses to the PMCR_EL0 or PMCR are not
* trapped to EL2 .
*
* MDCR_EL2 . HPMN : Set to value of PMCR_EL0 . N which is the
* architecturally - defined reset value .
*/
write_mdcr_el2 ( ( read_pmcr_el0 ( ) & PMCR_EL0_N_BITS )
> > PMCR_EL0_N_SHIFT ) ;
write_mdcr_el2 ( ( MDCR_EL2_RESET_VAL |
( ( read_pmcr_el0 ( ) & PMCR_EL0_N_BITS )
> > PMCR_EL0_N_SHIFT ) ) &
~ ( MDCR_EL2_TDRA_BIT | MDCR_EL2_TDOSA_BIT
| MDCR_EL2_TDA_BIT | MDCR_EL2_TDE_BIT
| MDCR_EL2_HPME_BIT | MDCR_EL2_TPM_BIT
| MDCR_EL2_TPMCR_BIT ) ) ;
/*
* Avoid unexpected traps of non - secure access to
* certain system registers at EL1 or lower where
* HSTR_EL2 is not completely reset to zero by the
* hardware - zero the entire register .
* Initialise HSTR_EL2 . All fields are architecturally
* UNKNOWN on reset .
*
* HSTR_EL2 . T < n > : Set all these fields to zero so that
* Non - secure EL0 or EL1 accesses to System registers
* do not trap to EL2 .
*/
write_hstr_el2 ( 0 ) ;
write_hstr_el2 ( HSTR_EL2_RESET_VAL & ~ ( HSTR_EL2_T_MASK ) ) ;
/*
* Reset CNTHP_CTL_EL2 to disable the EL2 physical timer
* and therefore prevent timer interrupts .
* Initialise CNTHP_CTL_EL2 . All fields are
* architecturally UNKNOWN on reset .
*
* CNTHP_CTL_EL2 : ENABLE : Set to zero to disable the EL2
* physical timer and prevent timer interrupts .
*/
write_cnthp_ctl_el2 ( 0 ) ;
write_cnthp_ctl_el2 ( CNTHP_CTL_RESET_VAL &
~ ( CNTHP_CTL_ENABLE_BIT ) ) ;
}
}
David Cunado
8 years ago