Patchwork [U-Boot,v3,2/7] ARM: add secure monitor handler to switch to non-secure state

login
register
mail settings
Submitter Andre Przywara
Date July 9, 2013, 11:54 p.m.
Message ID <1373414059-22779-3-git-send-email-andre.przywara@linaro.org>
Download mbox | patch
Permalink /patch/257919/
State Superseded
Delegated to: Albert ARIBAUD
Headers show

Comments

Andre Przywara - July 9, 2013, 11:54 p.m.
A prerequisite for using virtualization is to be in HYP mode, which
requires the CPU to be in non-secure state first.
Add new file in arch/arm/cpu/armv7 to hold a monitor handler routine
which switches the CPU to non-secure state by setting the NS and
associated bits.
According to the ARM architecture reference manual this should not be
done in SVC mode, so we have to setup a SMC handler for this.
We create a new vector table to avoid interference with other boards.
The MVBAR register will be programmed later just before the smc call.

Signed-off-by: Andre Przywara <andre.przywara@linaro.org>
---
 arch/arm/cpu/armv7/Makefile      |  4 +++
 arch/arm/cpu/armv7/nonsec_virt.S | 54 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+)
 create mode 100644 arch/arm/cpu/armv7/nonsec_virt.S
Christoffer Dall - July 29, 2013, 10:02 p.m.
n Wed, Jul 10, 2013 at 01:54:14AM +0200, Andre Przywara wrote:
> A prerequisite for using virtualization is to be in HYP mode, which
> requires the CPU to be in non-secure state first.
> Add new file in arch/arm/cpu/armv7 to hold a monitor handler routine
> which switches the CPU to non-secure state by setting the NS and
> associated bits.
> According to the ARM architecture reference manual this should not be
> done in SVC mode, so we have to setup a SMC handler for this.
> We create a new vector table to avoid interference with other boards.
> The MVBAR register will be programmed later just before the smc call.
> 
> Signed-off-by: Andre Przywara <andre.przywara@linaro.org>
> ---
>  arch/arm/cpu/armv7/Makefile      |  4 +++
>  arch/arm/cpu/armv7/nonsec_virt.S | 54 ++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 58 insertions(+)
>  create mode 100644 arch/arm/cpu/armv7/nonsec_virt.S
> 
> diff --git a/arch/arm/cpu/armv7/Makefile b/arch/arm/cpu/armv7/Makefile
> index 7a8c2d0..5d75077 100644
> --- a/arch/arm/cpu/armv7/Makefile
> +++ b/arch/arm/cpu/armv7/Makefile
> @@ -36,6 +36,10 @@ ifneq ($(CONFIG_AM33XX)$(CONFIG_OMAP44XX)$(CONFIG_OMAP54XX)$(CONFIG_TEGRA)$(CONF
>  SOBJS	+= lowlevel_init.o
>  endif
>  
> +ifneq ($(CONFIG_ARMV7_NONSEC),)
> +SOBJS   += nonsec_virt.o
> +endif
> +
>  SRCS	:= $(START:.o=.S) $(COBJS:.o=.c)
>  OBJS	:= $(addprefix $(obj),$(COBJS) $(SOBJS))
>  START	:= $(addprefix $(obj),$(START))
> diff --git a/arch/arm/cpu/armv7/nonsec_virt.S b/arch/arm/cpu/armv7/nonsec_virt.S
> new file mode 100644
> index 0000000..68a6b38
> --- /dev/null
> +++ b/arch/arm/cpu/armv7/nonsec_virt.S
> @@ -0,0 +1,54 @@
> +/*
> + * code for switching cores into non-secure state
> + *
> + * Copyright (c) 2013	Andre Przywara <andre.przywara@linaro.org>
> + *
> + * See file CREDITS for list of people who contributed to this
> + * project.
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU General Public License as
> + * published by the Free Software Foundation; either version 2 of
> + * the License, or (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, write to the Free Software
> + * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
> + * MA 02111-1307 USA
> + */
> +
> +#include <config.h>
> +
> +/* the vector table for secure state */
> +_monitor_vectors:
> +	.word 0	/* reset */
> +	.word 0 /* undef */
> +	adr pc, _secure_monitor
> +	.word 0
> +	.word 0
> +	.word 0
> +	.word 0
> +	.word 0
> +	.word 0	/* pad */
> +
> +/*
> + * software interrupt aka. secure monitor handler

a software interrupt is not aka. a secure monitor handler, this is
misleading, it's just the smc handler.

> + * This is executed on a "smc" instruction, we use a "smc #0" to switch
> + * to non-secure state.
> + * We use only r0 and r1 here, due to constraints in the caller.
> + */
> +	.align	5
> +_secure_monitor:
> +	mrc	p15, 0, r1, c1, c1, 0		@ read SCR
> +	bic	r1, r1, #0x4e			@ clear IRQ, FIQ, EA, nET bits
> +	orr	r1, r1, #0x31			@ enable NS, AW, FW bits
> +
> +	mcr	p15, 0, r1, c1, c1, 0		@ write SCR (with NS bit set)
> +
> +	movs	pc, lr				@ return to non-secure SVC
> +
> -- 
> 1.7.12.1
>
Andre Przywara - July 30, 2013, 11:38 a.m.
On 07/30/2013 12:02 AM, Christoffer Dall wrote:
> n Wed, Jul 10, 2013 at 01:54:14AM +0200, Andre Przywara wrote:
>> A prerequisite for using virtualization is to be in HYP mode, which
>> requires the CPU to be in non-secure state first.
>> Add new file in arch/arm/cpu/armv7 to hold a monitor handler routine
>> which switches the CPU to non-secure state by setting the NS and
>> associated bits.
>> According to the ARM architecture reference manual this should not be
>> done in SVC mode, so we have to setup a SMC handler for this.
>> We create a new vector table to avoid interference with other boards.
>> The MVBAR register will be programmed later just before the smc call.
>>
>> Signed-off-by: Andre Przywara <andre.przywara@linaro.org>
>> ---
>>   arch/arm/cpu/armv7/Makefile      |  4 +++
>>   arch/arm/cpu/armv7/nonsec_virt.S | 54 ++++++++++++++++++++++++++++++++++++++++
>>   2 files changed, 58 insertions(+)
>>   create mode 100644 arch/arm/cpu/armv7/nonsec_virt.S
>>
>> diff --git a/arch/arm/cpu/armv7/Makefile b/arch/arm/cpu/armv7/Makefile
>> index 7a8c2d0..5d75077 100644
>> --- a/arch/arm/cpu/armv7/Makefile
>> +++ b/arch/arm/cpu/armv7/Makefile
>> @@ -36,6 +36,10 @@ ifneq ($(CONFIG_AM33XX)$(CONFIG_OMAP44XX)$(CONFIG_OMAP54XX)$(CONFIG_TEGRA)$(CONF
>>   SOBJS	+= lowlevel_init.o
>>   endif
>>
>> +ifneq ($(CONFIG_ARMV7_NONSEC),)
>> +SOBJS   += nonsec_virt.o
>> +endif
>> +
>>   SRCS	:= $(START:.o=.S) $(COBJS:.o=.c)
>>   OBJS	:= $(addprefix $(obj),$(COBJS) $(SOBJS))
>>   START	:= $(addprefix $(obj),$(START))
>> diff --git a/arch/arm/cpu/armv7/nonsec_virt.S b/arch/arm/cpu/armv7/nonsec_virt.S
>> new file mode 100644
>> index 0000000..68a6b38
>> --- /dev/null
>> +++ b/arch/arm/cpu/armv7/nonsec_virt.S
>> @@ -0,0 +1,54 @@
>> +/*
>> + * code for switching cores into non-secure state
>> + *
>> + * Copyright (c) 2013	Andre Przywara <andre.przywara@linaro.org>
>> + *
>> + * See file CREDITS for list of people who contributed to this
>> + * project.
>> + *
>> + * This program is free software; you can redistribute it and/or
>> + * modify it under the terms of the GNU General Public License as
>> + * published by the Free Software Foundation; either version 2 of
>> + * the License, or (at your option) any later version.
>> + *
>> + * This program is distributed in the hope that it will be useful,
>> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
>> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the
>> + * GNU General Public License for more details.
>> + *
>> + * You should have received a copy of the GNU General Public License
>> + * along with this program; if not, write to the Free Software
>> + * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
>> + * MA 02111-1307 USA
>> + */
>> +
>> +#include <config.h>
>> +
>> +/* the vector table for secure state */
>> +_monitor_vectors:
>> +	.word 0	/* reset */
>> +	.word 0 /* undef */
>> +	adr pc, _secure_monitor
>> +	.word 0
>> +	.word 0
>> +	.word 0
>> +	.word 0
>> +	.word 0
>> +	.word 0	/* pad */
>> +
>> +/*
>> + * software interrupt aka. secure monitor handler
>
> a software interrupt is not aka. a secure monitor handler, this is
> misleading, it's just the smc handler.

I agree, but I wanted to stick to the u-boot nomenclature which uses 
"software interrupt" for that exception in arch/arm/cpu/armv7/start.S.
So I used both names to make it more clear to the u-boot reader.
If I make a newer version, I will fix it in there.

Regards,
Andre.

>
>> + * This is executed on a "smc" instruction, we use a "smc #0" to switch
>> + * to non-secure state.
>> + * We use only r0 and r1 here, due to constraints in the caller.
>> + */
>> +	.align	5
>> +_secure_monitor:
>> +	mrc	p15, 0, r1, c1, c1, 0		@ read SCR
>> +	bic	r1, r1, #0x4e			@ clear IRQ, FIQ, EA, nET bits
>> +	orr	r1, r1, #0x31			@ enable NS, AW, FW bits
>> +
>> +	mcr	p15, 0, r1, c1, c1, 0		@ write SCR (with NS bit set)
>> +
>> +	movs	pc, lr				@ return to non-secure SVC
>> +
>> --
>> 1.7.12.1
>>

Patch

diff --git a/arch/arm/cpu/armv7/Makefile b/arch/arm/cpu/armv7/Makefile
index 7a8c2d0..5d75077 100644
--- a/arch/arm/cpu/armv7/Makefile
+++ b/arch/arm/cpu/armv7/Makefile
@@ -36,6 +36,10 @@  ifneq ($(CONFIG_AM33XX)$(CONFIG_OMAP44XX)$(CONFIG_OMAP54XX)$(CONFIG_TEGRA)$(CONF
 SOBJS	+= lowlevel_init.o
 endif
 
+ifneq ($(CONFIG_ARMV7_NONSEC),)
+SOBJS   += nonsec_virt.o
+endif
+
 SRCS	:= $(START:.o=.S) $(COBJS:.o=.c)
 OBJS	:= $(addprefix $(obj),$(COBJS) $(SOBJS))
 START	:= $(addprefix $(obj),$(START))
diff --git a/arch/arm/cpu/armv7/nonsec_virt.S b/arch/arm/cpu/armv7/nonsec_virt.S
new file mode 100644
index 0000000..68a6b38
--- /dev/null
+++ b/arch/arm/cpu/armv7/nonsec_virt.S
@@ -0,0 +1,54 @@ 
+/*
+ * code for switching cores into non-secure state
+ *
+ * Copyright (c) 2013	Andre Przywara <andre.przywara@linaro.org>
+ *
+ * See file CREDITS for list of people who contributed to this
+ * project.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
+ * MA 02111-1307 USA
+ */
+
+#include <config.h>
+
+/* the vector table for secure state */
+_monitor_vectors:
+	.word 0	/* reset */
+	.word 0 /* undef */
+	adr pc, _secure_monitor
+	.word 0
+	.word 0
+	.word 0
+	.word 0
+	.word 0
+	.word 0	/* pad */
+
+/*
+ * software interrupt aka. secure monitor handler
+ * This is executed on a "smc" instruction, we use a "smc #0" to switch
+ * to non-secure state.
+ * We use only r0 and r1 here, due to constraints in the caller.
+ */
+	.align	5
+_secure_monitor:
+	mrc	p15, 0, r1, c1, c1, 0		@ read SCR
+	bic	r1, r1, #0x4e			@ clear IRQ, FIQ, EA, nET bits
+	orr	r1, r1, #0x31			@ enable NS, AW, FW bits
+
+	mcr	p15, 0, r1, c1, c1, 0		@ write SCR (with NS bit set)
+
+	movs	pc, lr				@ return to non-secure SVC
+