summaryrefslogtreecommitdiff
path: root/arch/arm/cpu/armv7/nonsec_virt.S
AgeCommit message (Collapse)Author
2014-07-28ARM: HYP/non-sec: add the option for a second-stage monitorMarc Zyngier
Allow the switch to a second stage secure monitor just before switching to non-secure. This allows a resident piece of firmware to be active once the kernel has been entered (the u-boot monitor is dead anyway, its pages being reused). Signed-off-by: Marc Zyngier <marc.zyngier@arm.com> Acked-by: Ian Campbell <ijc@hellion.org.uk>
2014-07-28ARM: HYP/non-sec: allow relocation to secure RAMMarc Zyngier
The current non-sec switching code suffers from one major issue: it cannot run in secure RAM, as a large part of u-boot still needs to be run while we're switched to non-secure. This patch reworks the whole HYP/non-secure strategy by: - making sure the secure code is the *last* thing u-boot executes before entering the payload - performing an exception return from secure mode directly into the payload - allowing the code to be dynamically relocated to secure RAM before switching to non-secure. This involves quite a bit of horrible code, specially as u-boot relocation is quite primitive. Signed-off-by: Marc Zyngier <marc.zyngier@arm.com> Acked-by: Ian Campbell <ijc@hellion.org.uk>
2014-07-28ARM: non-sec: reset CNTVOFF to zeroMarc Zyngier
Before switching to non-secure, make sure that CNTVOFF is set to zero on all CPUs. Otherwise, kernel running in non-secure without HYP enabled (hence using virtual timers) may observe timers that are not synchronized, effectively seeing time going backward... Signed-off-by: Marc Zyngier <marc.zyngier@arm.com> Acked-by: Ian Campbell <ijc@hellion.org.uk>
2014-07-28ARM: HYP/non-sec: add a barrier after setting SCR.NS==1Marc Zyngier
A CP15 instruction execution can be reordered, requiring an isb to be sure it is executed in program order. Signed-off-by: Marc Zyngier <marc.zyngier@arm.com> Acked-by: Ian Campbell <ijc@hellion.org.uk>
2013-12-06ARM: align MVBAR on 32 byte boundaryMasahiro Yamada
The lower 5 bit of MVBAR is UNK/SBZP. So, Monitor Vector Base Address must be 32-byte aligned. On the other hand, the secure monitor handler does not need 32-byte alignment. This commit moves ".algin 5" directive to the correct place. Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com> Cc: Andre Przywara <andre.przywara@linaro.org> Acked-by: Andre Przywara <andre.przywara@linaro.org>
2013-10-07ARM: virtualization: replace verbose license with SPDX identifierAndre Przywara
The original creation of arch/arm/cpu/armv7/{virt-v7.c,nonsec_virt.S} predates the SPDX conversion, so the original elaborate license statements sneaked in. Fix this by replacing them with the proper abbreviation. Signed-off-by: Andre Przywara <andre.przywara@linaro.org>
2013-10-03ARM: extend non-secure switch to also go into HYP modeAndre Przywara
For the KVM and XEN hypervisors to be usable, we need to enter the kernel in HYP mode. Now that we already are in non-secure state, HYP mode switching is within short reach. While doing the non-secure switch, we have to enable the HVC instruction and setup the HYP mode HVBAR (while still secure). The actual switch is done by dropping back from a HYP mode handler without actually leaving HYP mode, so we introduce a new handler routine in our new secure exception vector table. In the assembly switching routine we save and restore the banked LR and SP registers around the hypercall to do the actual HYP mode switch. The C routine first checks whether we are in HYP mode already and also whether the virtualization extensions are available. It also checks whether the HYP mode switch was finally successful. The bootm command part only calls the new function after the non-secure switch. Signed-off-by: Andre Przywara <andre.przywara@linaro.org>
2013-10-03ARM: add SMP support for non-secure switchAndre Przywara
Currently the non-secure switch is only done for the boot processor. To enable full SMP support, we have to switch all secondary cores into non-secure state also. So we add an entry point for secondary CPUs coming out of low-power state and make sure we put them into WFI again after having switched to non-secure state. For this we acknowledge and EOI the wake-up IPI, then go into WFI. Once being kicked out of it later, we sanity check that the start address has actually been changed (since another attempt to switch to non-secure would block the core) and jump to the new address. The actual CPU kick is done by sending an inter-processor interrupt via the GIC to all CPU interfaces except the requesting processor. The secondary cores will then setup their respective GIC CPU interface. While this approach is pretty universal across several ARMv7 boards, we make this function weak in case someone needs to tweak this for a specific board. The way of setting the secondary's start address is board specific, but mostly different only in the actual SMP pen address, so we also provide a weak default implementation and just depend on the proper address to be set in the config file. Signed-off-by: Andre Przywara <andre.przywara@linaro.org>
2013-10-03ARM: add assembly routine to switch to non-secure stateAndre Przywara
While actually switching to non-secure state is one thing, another part of this process is to make sure that we still have full access to the interrupt controller (GIC). The GIC is fully aware of secure vs. non-secure state, some registers are banked, others may be configured to be accessible from secure state only. To be as generic as possible, we get the GIC memory mapped address based on the PERIPHBASE value in the CBAR register. Since this register is not architecturally defined, we check the MIDR before to be from an A15 or A7. For CPUs not having the CBAR or boards with wrong information herein we allow providing the base address as a configuration variable. Now that we know the GIC address, we: a) allow private interrupts to be delivered to the core (GICD_IGROUPR0 = 0xFFFFFFFF) b) enable the CPU interface (GICC_CTLR[0] = 1) c) set the priority filter to allow non-secure interrupts (GICC_PMR = 0xFF) Also we allow access to all coprocessor interfaces from non-secure state by writing the appropriate bits in the NSACR register. The generic timer base frequency register is only accessible from secure state, so we have to program it now. Actually this should be done from primary firmware before, but some boards seems to omit this, so if needed we do this here with a board specific value. The Versatile Express board does not need this, so we remove the frequency from the configuration file here. After having switched to non-secure state, we also enable the non-secure GIC CPU interface, since this register is banked. Since we need to call this routine also directly from the smp_pen later (where we don't have any stack), we can only use caller saved registers r0-r3 and r12 to not mess with the compiler. Signed-off-by: Andre Przywara <andre.przywara@linaro.org>
2013-10-03ARM: add secure monitor handler to switch to non-secure stateAndre Przywara
A prerequisite for using virtualization is to be in HYP mode, which requires the CPU to be in non-secure state first. Add a new file in arch/arm/cpu/armv7 to hold a monitor handler routine which switches the CPU to non-secure state by setting the NS and associated bits. According to the ARM architecture reference manual this should not be done in SVC mode, so we have to setup a SMC handler for this. We create a new vector table to avoid interference with other boards. The MVBAR register will be programmed later just before the smc call. Signed-off-by: Andre Przywara <andre.przywara@linaro.org>