ArmPlatformPkg/Sec: Replaced hardcode SCR and NSACR values by PCDs to enable CPU and Platform Specific settings

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@12637 6f19259b-4bc3-4df7-8a09-765794883524
2011-11-01 23:41:20 +00:00 · 2011-11-01 23:41:20 +00:00 · 513aa3497a
parent 504d14603d
commit 513aa3497a
6 changed files with 76 additions and 9 deletions
--- a/ArmPkg/ArmPkg.dec
+++ b/ArmPkg/ArmPkg.dec
@ -101,6 +101,34 @@
  gArmTokenSpaceGuid.PcdFdSize|0|UINT32|0x0000002C
  gArmTokenSpaceGuid.PcdFvBaseAddress|0|UINT32|0x0000002D
  gArmTokenSpaceGuid.PcdFvSize|0|UINT32|0x0000002E
+  
+  #
+  # ARM Security Extension
+  #
+  
+  # Secure Configuration Register
+  # - BIT0 : NS - Non Secure bit 
+  # - BIT1 : IRQ Handler
+  # - BIT2 : FIQ Handler
+  # - BIT3 : EA - External Abort
+  # - BIT4 : FW - F bit writable
+  # - BIT5 : AW - A bit writable
+  # - BIT6 : nET - Not Early Termination
+  # - BIT7 : SCD - Secure Monitor Call Disable
+  # - BIT8 : HCE - Hyp Call enable
+  # - BIT9 : SIF - Secure Instruction Fetch
+  # 0x31 = NS | EA | FW
+  gArmTokenSpaceGuid.PcdArmScr|0x31|UINT32|0x00000038
+  
+  # Non Secure Access Control Register
+  # - BIT15 : NSASEDIS - Disable Non-secure Advanced SIMD functionality
+  # - BIT14 : NSD32DIS - Disable Non-secure use of D16-D31 
+  # - BIT11 : cp11 - Non-secure access to coprocessor 11 enable
+  # - BIT10 : cp10 - Non-secure access to coprocessor 10 enable
+  # 0xC00 = cp10 | cp11
+  gArmTokenSpaceGuid.PcdArmNsacr|0xC00|UINT32|0x00000039
+  
+  gArmTokenSpaceGuid.PcdArmNonSecModeTransition|0x0|UINT32|0x0000003E

  # System Memory (DRAM): These PCDs define the region of in-built system memory
  # Some platforms can get DRAM extensions, these additional regions will be declared
--- a/ArmPlatformPkg/Sec/Helper.S
+++ b/ArmPlatformPkg/Sec/Helper.S
@ -19,6 +19,7 @@ GCC_ASM_EXPORT(monitor_vector_table)
 GCC_ASM_EXPORT(return_from_exception)
 GCC_ASM_EXPORT(enter_monitor_mode)
 GCC_ASM_EXPORT(copy_cpsr_into_spsr)
+GCC_ASM_EXPORT(set_non_secure_mode)

 ASM_PFX(monitor_vector_table):
    ldr pc, dead
@ -68,6 +69,18 @@ ASM_PFX(copy_cpsr_into_spsr):
    msr     spsr_cxsf, r0
    bx      lr

+# Set the Non Secure Mode
+ASM_PFX(set_non_secure_mode):
+    push    { r1 }
+    and	    r0, r0, #0x1f     @ Keep only the mode bits
+    mrs     r1, spsr          @ Read the spsr
+    bic     r1, r1, #0x1f     @ Clear all mode bits
+    orr	    r1, r1, r0
+    msr     spsr_cxsf, r1     @ write back spsr (may have caused a mode switch)
+    isb
+    pop     { r1 }
+    bx      lr                @ return (hopefully thumb-safe!)
+
 dead:
    b       dead
    
--- a/ArmPlatformPkg/Sec/Helper.asm
+++ b/ArmPlatformPkg/Sec/Helper.asm
@ -15,6 +15,7 @@
    EXPORT  return_from_exception
    EXPORT  enter_monitor_mode
    EXPORT  copy_cpsr_into_spsr
+    EXPORT  set_non_secure_mode
    
    AREA   Helper, CODE, READONLY

@ -60,6 +61,18 @@ copy_cpsr_into_spsr
    msr     spsr_cxsf, r0
    bx      lr

+// Set the Non Secure Mode
+set_non_secure_mode
+    push    { r1 }
+    and	r0, r0, #0x1f     // Keep only the mode bits
+    mrs     r1, spsr          // Read the spsr
+    bic     r1, r1, #0x1f     // Clear all mode bits
+    orr	    r1, r1, r0
+    msr     spsr_cxsf, r1     // write back spsr (may have caused a mode switch)
+    isb
+    pop     { r1 }
+    bx      lr                // return (hopefully thumb-safe!)
+
 dead
    B       dead
    
--- a/ArmPlatformPkg/Sec/Sec.c
+++ b/ArmPlatformPkg/Sec/Sec.c
@ -133,16 +133,11 @@ CEntryPoint (
    // Transfer the interrupt to Non-secure World
    ArmGicSetupNonSecure (PcdGet32(PcdGicDistributorBase), PcdGet32(PcdGicInterruptInterfaceBase));

-    // Write to CP15 Non-secure Access Control Register :
-    //   - Enable CP10 and CP11 accesses in NS World
-    //   - Enable Access to Preload Engine in NS World
-    //   - Enable lockable TLB entries allocation in NS world
-    //   - Enable R/W access to SMP bit of Auxiliary Control Register in NS world
-    ArmWriteNsacr (NSACR_NS_SMP | NSACR_TL | NSACR_PLE | NSACR_CP(10) | NSACR_CP(11));
+    // Write to CP15 Non-secure Access Control Register
+    ArmWriteNsacr (PcdGet32 (PcdArmNsacr));

-    // CP15 Secure Configuration Register with Non Secure bit (SCR_NS), CPSR.A modified in any
-    // security state (SCR_AW), CPSR.F modified in any security state (SCR_FW)
-    ArmWriteScr (SCR_NS | SCR_FW | SCR_AW);
+    // CP15 Secure Configuration Register
+    ArmWriteScr (PcdGet32 (PcdArmScr));
  } else {
    if (IS_PRIMARY_CORE(MpId)) {
      SerialPrint ("Trust Zone Configuration is disabled\n\r");
@ -157,6 +152,12 @@ CEntryPoint (
  JumpAddress = PcdGet32 (PcdFvBaseAddress);
  ArmPlatformSecExtraAction (MpId, &JumpAddress);

+  // If PcdArmNonSecModeTransition is defined then set this specific mode to CPSR before the transition
+  // By not set, the mode for Non Secure World is SVC
+  if (PcdGet32 (PcdArmNonSecModeTransition) != 0) {
+    set_non_secure_mode ((ARM_PROCESSOR_MODE)PcdGet32 (PcdArmNonSecModeTransition));
+  }
+
  return_from_exception (JumpAddress);
  //-------------------- Non Secure Mode ---------------------

--- a/ArmPlatformPkg/Sec/Sec.inf
+++ b/ArmPlatformPkg/Sec/Sec.inf
@ -54,9 +54,16 @@
  gArmTokenSpaceGuid.PcdTrustzoneSupport
  gArmTokenSpaceGuid.PcdVFPEnabled
  
+  gArmTokenSpaceGuid.PcdArmScr
+  gArmTokenSpaceGuid.PcdArmNsacr
+  gArmTokenSpaceGuid.PcdArmNonSecModeTransition
+  
  gArmTokenSpaceGuid.PcdArmPrimaryCoreMask
  gArmTokenSpaceGuid.PcdArmPrimaryCore
  
+  gArmTokenSpaceGuid.PcdSecureFvBaseAddress
+  gArmTokenSpaceGuid.PcdSecureFvSize
+  
  gArmTokenSpaceGuid.PcdFvBaseAddress
  
  gArmPlatformTokenSpaceGuid.PcdCPUCoresSecStackBase
--- a/ArmPlatformPkg/Sec/SecInternal.h
+++ b/ArmPlatformPkg/Sec/SecInternal.h
@ -58,6 +58,11 @@ copy_cpsr_into_spsr (
  VOID
  );

+VOID
+set_non_secure_mode (
+  IN ARM_PROCESSOR_MODE              Mode
+  );
+
 VOID
 SecCommonExceptionEntry (
  IN UINT32 Entry,