arm64: Add support for loading secure os

Add support for loading secure os and pass its entrypoint as bl32 params to bl31 stage. BUG=chrome-os-partner:40713 BRANCH=None TEST=Compiles successfully and loads secure os Change-Id: I1409ccb7344c1d1b1ddc2b321fdae1beea2f823d Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Original-Commit-Id: d3dc19025ff11c1e0590306230df7654ef9ad086 Original-Change-Id: Iafd540bf2906d10b5ee009e96179121fecbf5e11 Original-Signed-off-by: Furquan Shaikh <furquan@google.com> Original-Reviewed-on: https://chromium-review.googlesource.com/273719 Original-Reviewed-by: Julius Werner <jwerner@chromium.org> Original-Commit-Queue: Furquan Shaikh <furquan@chromium.org> Original-Trybot-Ready: Furquan Shaikh <furquan@chromium.org> Original-Tested-by: Furquan Shaikh <furquan@chromium.org> Reviewed-on: http://review.coreboot.org/10693 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
2015-05-28 12:13:51 -07:00 · 2015-05-28 12:13:51 -07:00 · a384c2899d
parent add740ac28
commit a384c2899d
4 changed files with 40 additions and 1 deletions
--- a/src/arch/arm64/Kconfig
+++ b/src/arch/arm64/Kconfig
@ -44,3 +44,13 @@ config ARM64_USE_ARM_TRUSTED_FIRMWARE
 	bool
 	default n
 	depends on ARCH_RAMSTAGE_ARM64
 config ARM64_USE_SECURE_OS
 	bool
 	default n
 	depends on ARM64_USE_ARM_TRUSTED_FIRMWARE
 config ARM64_SECURE_OS_FILE
 	string "Secure OS binary file"
 	help
 	  Secure OS binary file.
--- a/src/arch/arm64/Makefile.inc
+++ b/src/arch/arm64/Makefile.inc
@ -217,6 +217,16 @@ $(BL31_CBFS)-type := stage
 $(BL31_CBFS)-compression := $(CBFS_COMPRESS_FLAG)
 cbfs-files-y += $(BL31_CBFS)
 ifeq ($(CONFIG_ARM64_USE_SECURE_OS),y)
 SECURE_OS_FILE := $(CONFIG_ARM64_SECURE_OS_FILE)
 SECURE_OS_FILE_CBFS := $(call strip_quotes,$(CONFIG_CBFS_PREFIX))/secure_os
 $(SECURE_OS_FILE_CBFS)-file := $(SECURE_OS_FILE)
 $(SECURE_OS_FILE_CBFS)-type := stage
 cbfs-files-y += $(SECURE_OS_FILE_CBFS)
 endif # CONFIG_ARM64_USE_SECURE_OS
 endif # CONFIG_ARM64_USE_ARM_TRUSTED_FIRMWARE
 endif # CONFIG_ARCH_RAMSTAGE_ARM64
--- a/src/arch/arm64/arm_tf.c
+++ b/src/arch/arm64/arm_tf.c
@ -18,6 +18,8 @@
 */
 #include <arch/cache.h>
 #include <arch/lib_helpers.h>
 #include <arch/transition.h>
 #include <arm_tf.h>
 #include <assert.h>
 #include <cbfs.h>
@ -32,8 +34,8 @@
 static image_info_t bl31_image_info;
 static image_info_t bl32_image_info;
 static image_info_t bl33_image_info;
 static entry_point_info_t bl32_ep_info;
 */
 static entry_point_info_t bl32_ep_info;
 static entry_point_info_t bl33_ep_info;
 static bl31_params_t bl31_params;
@ -57,6 +59,22 @@ void arm_tf_run_bl31(u64 payload_entry, u64 payload_arg0, u64 payload_spsr)
 	bl31_entry = prog_entry(&bl31);
 	SET_PARAM_HEAD(&bl31_params, PARAM_BL31, VERSION_1, 0);
 	if (IS_ENABLED(CONFIG_ARM64_USE_SECURE_OS)) {
 		struct prog bl32 = PROG_INIT(ASSET_BL32, CONFIG_CBFS_PREFIX"/secure_os");
 		if (prog_locate(&bl32))
 			die("BL31 not found");
 		if (cbfs_prog_stage_load(&bl32))
 			die("BL31 load failed");
 		SET_PARAM_HEAD(&bl32_ep_info, PARAM_EP, VERSION_1, PARAM_EP_SECURE);
 		bl32_ep_info.pc = (uintptr_t)prog_entry(&bl32);
 		bl32_ep_info.spsr = SPSR_EXCEPTION_MASK | get_eret_el(EL1, SPSR_USE_L);
 		bl31_params.bl32_ep_info = &bl32_ep_info;
 	}
 	bl31_params.bl33_ep_info = &bl33_ep_info;
 	SET_PARAM_HEAD(&bl33_ep_info, PARAM_EP, VERSION_1, PARAM_EP_NON_SECURE);
--- a/src/include/assets.h
+++ b/src/include/assets.h
@ -33,6 +33,7 @@ enum asset_type {
 	ASSET_REFCODE,
 	ASSET_PAYLOAD,
 	ASSET_BL31,
 	ASSET_BL32,
 };
 struct asset {