| Message ID | 1466566259-33431-2-git-send-email-Zhiqiang.Hou@nxp.com |
|---|---|
| State | Superseded |
| Delegated to: | York Sun |
| Headers | show |
On 06/21/2016 08:42 PM, Zhiqiang Hou wrote: > From: Hou Zhiqiang <Zhiqiang.Hou@nxp.com> > > This framework is introduced for ARMv8 secure monitor mode firmware. > The main functions of the framework are, on EL3, verify the firmware, > load it to the secure memory and jump into it, and while it returned > to U-Boot, do some necessary setups at the 'target exception level' > that is determined by the respective secure firmware. > > So far, the framework support only FIT format image, and need to define > the name of which config node should be used in 'configurations' and > the name of property for the raw secure firmware image in that config. > The FIT image should be stored in Byte accessing memory, such as NOR > Flash, or else it should be copied to main memory to use this framework. > > Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com> > --- > V6: > - Abstracted more code from PPA to this framework. > - Introduced gd->sec_firmware to hold the load address. > - Refactor the func sec_firmware_support_psci_version(). A lot of change in this version. > > V5: > - Added c file sec_firmware.c. > - Added declaration of sec_firmware_init(). > - Renamed the func sec_firmware_validate(). > > V4: > - Reordered this patch. > - Removed the FSL PPA related items. > > arch/arm/cpu/armv8/Makefile | 1 + > arch/arm/cpu/armv8/sec_firmware.c | 262 ++++++++++++++++++++++++++++++ > arch/arm/cpu/armv8/sec_firmware_asm.S | 53 ++++++ > arch/arm/include/asm/armv8/sec_firmware.h | 18 ++ > include/asm-generic/global_data.h | 11 ++ > 5 files changed, 346 insertions(+) > create mode 100644 arch/arm/cpu/armv8/sec_firmware.c > create mode 100644 arch/arm/cpu/armv8/sec_firmware_asm.S > create mode 100644 arch/arm/include/asm/armv8/sec_firmware.h > > diff --git a/arch/arm/cpu/armv8/Makefile b/arch/arm/cpu/armv8/Makefile > index bf8644c..ee9e009 100644 > --- a/arch/arm/cpu/armv8/Makefile > +++ b/arch/arm/cpu/armv8/Makefile > @@ -15,6 +15,7 @@ obj-y += cache.o > obj-y += tlb.o > obj-y += transition.o > obj-y += fwcall.o > +obj-$(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT) += sec_firmware.o sec_firmware_asm.o > > obj-$(CONFIG_FSL_LAYERSCAPE) += fsl-layerscape/ > obj-$(CONFIG_S32V234) += s32v234/ > diff --git a/arch/arm/cpu/armv8/sec_firmware.c b/arch/arm/cpu/armv8/sec_firmware.c > new file mode 100644 > index 0000000..986df48 > --- /dev/null > +++ b/arch/arm/cpu/armv8/sec_firmware.c > @@ -0,0 +1,266 @@ > +/* > + * Copyright 2016 NXP Semiconductor, Inc. > + * > + * SPDX-License-Identifier: GPL-2.0+ > + */ > + > +#include <common.h> > +#include <errno.h> > +#include <linux/kernel.h> > +#include <asm/io.h> > +#include <asm/system.h> > +#include <asm/types.h> > +#include <asm/macro.h> > +#include <asm/armv8/sec_firmware.h> > + > +DECLARE_GLOBAL_DATA_PTR; > + > +extern void c_runtime_cpu_setup(void); > + > +static int sec_firmware_get_data(void *sec_firmware_img, > + const void **data, size_t *size) Throughout this patch, sec_firmware_img is used as read-only. How about add "const" to it? > +{ > + void *fit_hdr; Variable fit_hdr doesn't serve more purpose. You can use sec_firmware_img directly. > + int conf_node_off, fw_node_off; > + char *conf_node_name = NULL; > + char *desc; > + int ret; > + > + fit_hdr = sec_firmware_img; > + conf_node_name = SEC_FIRMEWARE_FIT_CNF_NAME; > + > + conf_node_off = fit_conf_get_node(fit_hdr, conf_node_name); > + if (conf_node_off < 0) { > + printf("SEC Firmware: %s: no such config\n", conf_node_name); > + return -ENOENT; > + } > + > + fw_node_off = fit_conf_get_prop_node(fit_hdr, conf_node_off, > + SEC_FIRMWARE_FIT_IMAGE); > + if (fw_node_off < 0) { > + printf("SEC Firmware: No '%s' in config\n", > + SEC_FIRMWARE_FIT_IMAGE); You have many of this alignment issues throughout this patch. <snip> York
On 06/21/2016 08:42 PM, Zhiqiang Hou wrote: <snip> > + > +#ifdef CONFIG_ARMV8_PSCI > +/* > + * The PSCI_VERSION function is added from PSCI v0.2. When the PSCI > + * v0.1 received this function, the NOT_SUPPORTED (0xffff_ffff) error > + * number will be returned according to SMC Calling Conventions. But > + * when getting the NOT_SUPPORTED error number, we cannot ensure if > + * the PSCI version is v0.1 or other error occurred. So, PSCI v0.1 > + * won't be supported by this framework. > + * And if the secure firmware isn't running, return NOT_SUPPORTED. > + * > + * The return value on success is PSCI version in format > + * major[31:16]:minor[15:0]. > + */ > +unsigned int sec_firmware_support_psci_version(void) > +{ > + if (gd->sec_firmware & SEC_FIRMWARE_RUNNING) > + return _sec_firmware_support_psci_version(); > + > + return 0xffffffff; > +} > +#endif Does _sec_firmware_support_psci_version() always return version numbers? Any chance it returns an error code? York
Hi York, Thanks for your comments! > -----Original Message----- > From: york sun > Sent: 2016年6月23日 0:11 > To: Zhiqiang Hou <zhiqiang.hou@nxp.com>; u-boot@lists.denx.de; > albert.u.boot@aribaud.net; scottwood@freescale.com; > Mingkai.hu@freescale.com; yorksun@freescale.com; leoli@freescale.com; > prabhakar@freescale.com; bhupesh.sharma@freescale.com > Subject: Re: [PATCHv6 2/6] ARMv8: add the secure monitor firmware framework > > On 06/21/2016 08:42 PM, Zhiqiang Hou wrote: > > From: Hou Zhiqiang <Zhiqiang.Hou@nxp.com> > > > > This framework is introduced for ARMv8 secure monitor mode firmware. > > The main functions of the framework are, on EL3, verify the firmware, > > load it to the secure memory and jump into it, and while it returned > > to U-Boot, do some necessary setups at the 'target exception level' > > that is determined by the respective secure firmware. > > > > So far, the framework support only FIT format image, and need to > > define the name of which config node should be used in > > 'configurations' and the name of property for the raw secure firmware image in > that config. > > The FIT image should be stored in Byte accessing memory, such as NOR > > Flash, or else it should be copied to main memory to use this framework. > > > > Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com> > > --- > > V6: > > - Abstracted more code from PPA to this framework. > > - Introduced gd->sec_firmware to hold the load address. > > - Refactor the func sec_firmware_support_psci_version(). > > A lot of change in this version. Yes, take a lot time to refactor the code, just hope more code can be reused. > > > > V5: > > - Added c file sec_firmware.c. > > - Added declaration of sec_firmware_init(). > > - Renamed the func sec_firmware_validate(). > > > > V4: > > - Reordered this patch. > > - Removed the FSL PPA related items. > > > > arch/arm/cpu/armv8/Makefile | 1 + > > arch/arm/cpu/armv8/sec_firmware.c | 262 > ++++++++++++++++++++++++++++++ > > arch/arm/cpu/armv8/sec_firmware_asm.S | 53 ++++++ > > arch/arm/include/asm/armv8/sec_firmware.h | 18 ++ > > include/asm-generic/global_data.h | 11 ++ > > 5 files changed, 346 insertions(+) > > create mode 100644 arch/arm/cpu/armv8/sec_firmware.c > > create mode 100644 arch/arm/cpu/armv8/sec_firmware_asm.S > > create mode 100644 arch/arm/include/asm/armv8/sec_firmware.h > > > > diff --git a/arch/arm/cpu/armv8/Makefile b/arch/arm/cpu/armv8/Makefile > > index bf8644c..ee9e009 100644 > > --- a/arch/arm/cpu/armv8/Makefile > > +++ b/arch/arm/cpu/armv8/Makefile > > @@ -15,6 +15,7 @@ obj-y += cache.o > > obj-y += tlb.o > > obj-y += transition.o > > obj-y += fwcall.o > > +obj-$(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT) += sec_firmware.o > > +sec_firmware_asm.o > > > > obj-$(CONFIG_FSL_LAYERSCAPE) += fsl-layerscape/ > > obj-$(CONFIG_S32V234) += s32v234/ > > diff --git a/arch/arm/cpu/armv8/sec_firmware.c > > b/arch/arm/cpu/armv8/sec_firmware.c > > new file mode 100644 > > index 0000000..986df48 > > --- /dev/null > > +++ b/arch/arm/cpu/armv8/sec_firmware.c > > @@ -0,0 +1,266 @@ > > +/* > > + * Copyright 2016 NXP Semiconductor, Inc. > > + * > > + * SPDX-License-Identifier: GPL-2.0+ > > + */ > > + > > +#include <common.h> > > +#include <errno.h> > > +#include <linux/kernel.h> > > +#include <asm/io.h> > > +#include <asm/system.h> > > +#include <asm/types.h> > > +#include <asm/macro.h> > > +#include <asm/armv8/sec_firmware.h> > > + > > +DECLARE_GLOBAL_DATA_PTR; > > + > > +extern void c_runtime_cpu_setup(void); > > + > > +static int sec_firmware_get_data(void *sec_firmware_img, > > + const void **data, size_t *size) > > Throughout this patch, sec_firmware_img is used as read-only. How about add > "const" to it? Yes, will add it next version. > > > +{ > > + void *fit_hdr; > > Variable fit_hdr doesn't serve more purpose. You can use sec_firmware_img > directly. Yes, will fix it next version. > > > + int conf_node_off, fw_node_off; > > + char *conf_node_name = NULL; > > + char *desc; > > + int ret; > > + > > + fit_hdr = sec_firmware_img; > > + conf_node_name = SEC_FIRMEWARE_FIT_CNF_NAME; > > + > > + conf_node_off = fit_conf_get_node(fit_hdr, conf_node_name); > > + if (conf_node_off < 0) { > > + printf("SEC Firmware: %s: no such config\n", conf_node_name); > > + return -ENOENT; > > + } > > + > > + fw_node_off = fit_conf_get_prop_node(fit_hdr, conf_node_off, > > + SEC_FIRMWARE_FIT_IMAGE); > > + if (fw_node_off < 0) { > > + printf("SEC Firmware: No '%s' in config\n", > > + SEC_FIRMWARE_FIT_IMAGE); > > You have many of this alignment issues throughout this patch. > Will fix the alignment issues next version. Thanks, Zhiqiang
Hi York, Thanks for your comments! > -----Original Message----- > From: york sun > Sent: 2016年6月23日 0:20 > To: Zhiqiang Hou <zhiqiang.hou@nxp.com>; u-boot@lists.denx.de; > albert.u.boot@aribaud.net; scottwood@freescale.com; > Mingkai.hu@freescale.com; yorksun@freescale.com; leoli@freescale.com; > prabhakar@freescale.com; bhupesh.sharma@freescale.com > Subject: Re: [PATCHv6 2/6] ARMv8: add the secure monitor firmware framework > > On 06/21/2016 08:42 PM, Zhiqiang Hou wrote: > > <snip> > > > + > > +#ifdef CONFIG_ARMV8_PSCI > > +/* > > + * The PSCI_VERSION function is added from PSCI v0.2. When the PSCI > > + * v0.1 received this function, the NOT_SUPPORTED (0xffff_ffff) error > > + * number will be returned according to SMC Calling Conventions. But > > + * when getting the NOT_SUPPORTED error number, we cannot ensure if > > + * the PSCI version is v0.1 or other error occurred. So, PSCI v0.1 > > + * won't be supported by this framework. > > + * And if the secure firmware isn't running, return NOT_SUPPORTED. > > + * > > + * The return value on success is PSCI version in format > > + * major[31:16]:minor[15:0]. > > + */ > > +unsigned int sec_firmware_support_psci_version(void) > > +{ > > + if (gd->sec_firmware & SEC_FIRMWARE_RUNNING) > > + return _sec_firmware_support_psci_version(); > > + > > + return 0xffffffff; > > +} > > +#endif > > Does _sec_firmware_support_psci_version() always return version numbers? > Any chance it returns an error code? If the PSCI_VERSION was supported in current PSCI version, it will return the version, otherwise, the SMC will return the value 0xffff_ffff to indicate the PSCI_VERSION isn't supported. There isn't any description for returning error code in the PSCI spec. Thanks, Zhiqiang
diff --git a/arch/arm/cpu/armv8/Makefile b/arch/arm/cpu/armv8/Makefile index bf8644c..ee9e009 100644 --- a/arch/arm/cpu/armv8/Makefile +++ b/arch/arm/cpu/armv8/Makefile @@ -15,6 +15,7 @@ obj-y += cache.o obj-y += tlb.o obj-y += transition.o obj-y += fwcall.o +obj-$(CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT) += sec_firmware.o sec_firmware_asm.o obj-$(CONFIG_FSL_LAYERSCAPE) += fsl-layerscape/ obj-$(CONFIG_S32V234) += s32v234/ diff --git a/arch/arm/cpu/armv8/sec_firmware.c b/arch/arm/cpu/armv8/sec_firmware.c new file mode 100644 index 0000000..986df48 --- /dev/null +++ b/arch/arm/cpu/armv8/sec_firmware.c @@ -0,0 +1,266 @@ +/* + * Copyright 2016 NXP Semiconductor, Inc. + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include <common.h> +#include <errno.h> +#include <linux/kernel.h> +#include <asm/io.h> +#include <asm/system.h> +#include <asm/types.h> +#include <asm/macro.h> +#include <asm/armv8/sec_firmware.h> + +DECLARE_GLOBAL_DATA_PTR; + +extern void c_runtime_cpu_setup(void); + +static int sec_firmware_get_data(void *sec_firmware_img, + const void **data, size_t *size) +{ + void *fit_hdr; + int conf_node_off, fw_node_off; + char *conf_node_name = NULL; + char *desc; + int ret; + + fit_hdr = sec_firmware_img; + conf_node_name = SEC_FIRMEWARE_FIT_CNF_NAME; + + conf_node_off = fit_conf_get_node(fit_hdr, conf_node_name); + if (conf_node_off < 0) { + printf("SEC Firmware: %s: no such config\n", conf_node_name); + return -ENOENT; + } + + fw_node_off = fit_conf_get_prop_node(fit_hdr, conf_node_off, + SEC_FIRMWARE_FIT_IMAGE); + if (fw_node_off < 0) { + printf("SEC Firmware: No '%s' in config\n", + SEC_FIRMWARE_FIT_IMAGE); + return -ENOLINK; + } + + /* Verify secure firmware image */ + if (!(fit_image_verify(fit_hdr, fw_node_off))) { + printf("SEC Firmware: Bad firmware image (bad CRC)\n"); + return -EINVAL; + } + + if (fit_image_get_data(fit_hdr, fw_node_off, data, size)) { + printf("SEC Firmware: Can't get %s subimage data/size", + SEC_FIRMWARE_FIT_IMAGE); + return -ENOENT; + } + + ret = fit_get_desc(fit_hdr, fw_node_off, &desc); + if (ret) + printf("SEC Firmware: Can't get description\n"); + else + printf("%s\n", desc); + + return ret; +} + +/* + * SEC Firmware FIT image parser checks if the image is in FIT + * format, verifies integrity of the image and calculates raw + * image address and size values. + * + * Returns 0 on success and a negative errno on error task fail. + */ +static int sec_firmware_parse_image(void *sec_firmware_img, + const void **raw_image_addr, + size_t *raw_image_size) +{ + int ret; + + ret = sec_firmware_get_data(sec_firmware_img, raw_image_addr, + raw_image_size); + if (ret) + return ret; + + debug("SEC Firmware: raw_image_addr = 0x%p, raw_image_size = 0x%lx\n", + *raw_image_addr, *raw_image_size); + + return 0; +} + +static int sec_firmware_copy_image(const char *title, + u64 image_addr, u32 image_size, u64 sec_firmware) +{ + debug("%s copied to address 0x%p\n", title, (void *)sec_firmware); + memcpy((void *)sec_firmware, (void *)image_addr, image_size); + flush_dcache_range(sec_firmware, sec_firmware + image_size); + + return 0; +} + +/* + * This function will parse the SEC Firmware image, and then load it + * to secure memory. + */ +static int sec_firmware_load_image(void *sec_firmware_img) +{ + const void *raw_image_addr; + size_t raw_image_size = 0; + int ret; + + /* + * The Excetpion Level must be EL3 to load and initialize + * the SEC Firmware. + */ + if (current_el() != 3) { + ret = -EACCES; + goto out; + } + +#ifdef CONFIG_SYS_MEM_RESERVE_SECURE + /* + * The SEC Firmware must be stored in secure memory. + * Append SEC Firmware to secure mmu table. + */ + if (!(gd->secure_ram & MEM_RESERVE_SECURE_MAINTAINED)) { + ret = -ENXIO; + goto out; + } + + gd->sec_firmware = (gd->secure_ram & MEM_RESERVE_SECURE_ADDR_MASK) + + gd->arch.tlb_size; +#else +#error "The CONFIG_SYS_MEM_RESERVE_SECURE must be defined when enabled SEC Firmware support" +#endif + + /* Align SEC Firmware base address to 4K */ + gd->sec_firmware = (gd->sec_firmware + 0xfff) & ~0xfff; + debug("SEC Firmware: Load address: 0x%llx\n", + gd->sec_firmware & SEC_FIRMWARE_ADDR_MASK); + + ret = sec_firmware_parse_image(sec_firmware_img, &raw_image_addr, + &raw_image_size); + if (ret) + goto out; + + /* TODO: + * Check if the end addr of SEC Firmware has been extend the secure + * memory. + */ + + /* Copy the secure firmware to secure memory */ + ret = sec_firmware_copy_image("SEC Firmware", (u64)raw_image_addr, + raw_image_size, gd->sec_firmware & + SEC_FIRMWARE_ADDR_MASK); + if (ret) + goto out; + + gd->sec_firmware |= SEC_FIRMWARE_LOADED; + debug("SEC Firmware: Entry point: 0x%llx\n", + gd->sec_firmware & SEC_FIRMWARE_ADDR_MASK); + + return 0; + +out: + printf("SEC Firmware: error (%d)\n", ret); + gd->sec_firmware = 0; + + return ret; +} + +static int sec_firmware_entry(u32 *eret_hold_l, u32 *eret_hold_h) +{ + void *entry = (void *)(gd->sec_firmware & SEC_FIRMWARE_ADDR_MASK); + + return _sec_firmware_entry(entry, eret_hold_l, eret_hold_h); +} + +/* Check the secure firmware FIT image */ +__weak bool sec_firmware_is_valid(void *sec_firmware_img) +{ + void *fit_hdr; + + fit_hdr = sec_firmware_img; + + if (fdt_check_header(fit_hdr)) { + printf("SEC Firmware: Bad firmware image (not a FIT image)\n"); + return false; + } + + if (!fit_check_format(fit_hdr)) { + printf("SEC Firmware: Bad firmware image (bad FIT header)\n"); + return false; + } + + return true; +} + +#ifdef CONFIG_ARMV8_PSCI +/* + * The PSCI_VERSION function is added from PSCI v0.2. When the PSCI + * v0.1 received this function, the NOT_SUPPORTED (0xffff_ffff) error + * number will be returned according to SMC Calling Conventions. But + * when getting the NOT_SUPPORTED error number, we cannot ensure if + * the PSCI version is v0.1 or other error occurred. So, PSCI v0.1 + * won't be supported by this framework. + * And if the secure firmware isn't running, return NOT_SUPPORTED. + * + * The return value on success is PSCI version in format + * major[31:16]:minor[15:0]. + */ +unsigned int sec_firmware_support_psci_version(void) +{ + if (gd->sec_firmware & SEC_FIRMWARE_RUNNING) + return _sec_firmware_support_psci_version(); + + return 0xffffffff; +} +#endif + +/* + * sec_firmware_init - Initialize the SEC Firmware + * @sec_firmware_img: the SEC Firmware image address + * @eret_hold_l: the address to hold exception return address low + * @eret_hold_h: the address to hold exception return address high + */ +int sec_firmware_init(void *sec_firmware_img, + u32 *eret_hold_l, + u32 *eret_hold_h) +{ + int ret; + + if (!sec_firmware_is_valid(sec_firmware_img)) + return -EINVAL; + + ret = sec_firmware_load_image(sec_firmware_img); + if (ret) { + printf("SEC Firmware: Failed to load image\n"); + return ret; + } else if (gd->sec_firmware & SEC_FIRMWARE_LOADED) { + ret = sec_firmware_entry(eret_hold_l, eret_hold_h); + if (ret) { + printf("SEC Firmware: Failed to initialize\n"); + return ret; + } + } + + debug("SEC Firmware: Return from SEC Firmware: current_el = %d\n", + current_el()); + + /* + * The PE will be turned into target EL when returned from + * SEC Firmware. + */ + if (current_el() != SEC_FIRMWARE_TARGET_EL) + return -EACCES; + + gd->sec_firmware |= SEC_FIRMWARE_RUNNING; + + /* Set exception table and enable caches if it isn't EL3 */ + if (current_el() != 3) { + c_runtime_cpu_setup(); + enable_caches(); + } + + return 0; +} diff --git a/arch/arm/cpu/armv8/sec_firmware_asm.S b/arch/arm/cpu/armv8/sec_firmware_asm.S new file mode 100644 index 0000000..7fa2290 --- /dev/null +++ b/arch/arm/cpu/armv8/sec_firmware_asm.S @@ -0,0 +1,53 @@ +/* + * Copyright 2016 NXP Semiconductor, Inc. + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include <config.h> +#include <linux/linkage.h> +#include <asm/system.h> +#include <asm/macro.h> + +WEAK(_sec_firmware_entry) + /* + * x0: Secure Firmware entry point + * x1: Exception return address Low + * x2: Exception return address High + */ + + /* Save stack pointer for EL2 */ + mov x3, sp + msr sp_el2, x3 + + /* Set exception return address hold pointer */ + adr x4, 1f + mov x3, x4 +#ifdef SEC_FIRMWARE_ERET_ADDR_REVERT + rev w3, w3 +#endif + str w3, [x1] + lsr x3, x4, #32 +#ifdef SEC_FIRMWARE_ERET_ADDR_REVERT + rev w3, w3 +#endif + str w3, [x2] + +/* Call SEC monitor */ + br x0 + +1: + mov x0, #0 + ret +ENDPROC(_sec_firmware_entry) + +#ifdef CONFIG_ARMV8_PSCI +ENTRY(_sec_firmware_support_psci_version) + mov x0, 0x84000000 + mov x1, 0x0 + mov x2, 0x0 + mov x3, 0x0 + smc #0 + ret +ENDPROC(_sec_firmware_support_psci_version) +#endif diff --git a/arch/arm/include/asm/armv8/sec_firmware.h b/arch/arm/include/asm/armv8/sec_firmware.h new file mode 100644 index 0000000..041fd4e --- /dev/null +++ b/arch/arm/include/asm/armv8/sec_firmware.h @@ -0,0 +1,18 @@ +/* + * Copyright 2016 NXP Semiconductor, Inc. + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#ifndef __SEC_FIRMWARE_H_ +#define __SEC_FIRMWARE_H_ + +int sec_firmware_init(void *, u32 *, u32 *); +int _sec_firmware_entry(void *, u32 *, u32 *); +bool sec_firmware_is_valid(void *); +#ifdef CONFIG_ARMV8_PSCI +unsigned int sec_firmware_support_psci_version(void); +unsigned int _sec_firmware_support_psci_version(void); +#endif + +#endif /* __SEC_FIRMWARE_H_ */ diff --git a/include/asm-generic/global_data.h b/include/asm-generic/global_data.h index 0abcbe4..cd69ef9 100644 --- a/include/asm-generic/global_data.h +++ b/include/asm-generic/global_data.h @@ -69,6 +69,17 @@ typedef struct global_data { */ phys_addr_t secure_ram; #endif +#ifdef CONFIG_ARMV8_SEC_FIRMWARE_SUPPORT +#define SEC_FIRMWARE_LOADED 0x1 +#define SEC_FIRMWARE_RUNNING 0x2 +#define SEC_FIRMWARE_ADDR_MASK (~0x3) + /* + * Secure firmware load addr + * Flags used: 0x1 secure firmware has been loaded to secure memory + * 0x2 secure firmware is running + */ + phys_addr_t sec_firmware; +#endif unsigned long mon_len; /* monitor len */ unsigned long irq_sp; /* irq stack pointer */ unsigned long start_addr_sp; /* start_addr_stackpointer */