diff options
Diffstat (limited to 'docs/porting-guide.md')
-rw-r--r-- | docs/porting-guide.md | 1569 |
1 files changed, 0 insertions, 1569 deletions
diff --git a/docs/porting-guide.md b/docs/porting-guide.md deleted file mode 100644 index 5e85023a..00000000 --- a/docs/porting-guide.md +++ /dev/null @@ -1,1569 +0,0 @@ -ARM Trusted Firmware Porting Guide -================================== - -Contents --------- - -1. [Introduction](#1--introduction) -2. [Common Modifications](#2--common-modifications) - * [Common mandatory modifications](#21-common-mandatory-modifications) - * [Handling reset](#22-handling-reset) - * [Common optional modifications](#23-common-optional-modifications) -3. [Boot Loader stage specific modifications](#3--modifications-specific-to-a-boot-loader-stage) - * [Boot Loader stage 1 (BL1)](#31-boot-loader-stage-1-bl1) - * [Boot Loader stage 2 (BL2)](#32-boot-loader-stage-2-bl2) - * [Boot Loader stage 3-1 (BL3-1)](#32-boot-loader-stage-3-1-bl3-1) - * [PSCI implementation (in BL3-1)](#33-power-state-coordination-interface-in-bl3-1) - * [Interrupt Management framework (in BL3-1)](#34--interrupt-management-framework-in-bl3-1) - * [Crash Reporting mechanism (in BL3-1)](#35--crash-reporting-mechanism-in-bl3-1) -4. [Build flags](#4--build-flags) -5. [C Library](#5--c-library) -6. [Storage abstraction layer](#6--storage-abstraction-layer) - -- - - - - - - - - - - - - - - - - - - -1. Introduction ----------------- - -Porting the ARM Trusted Firmware to a new platform involves making some -mandatory and optional modifications for both the cold and warm boot paths. -Modifications consist of: - -* Implementing a platform-specific function or variable, -* Setting up the execution context in a certain way, or -* Defining certain constants (for example #defines). - -The platform-specific functions and variables are all declared in -[include/plat/common/platform.h]. The firmware provides a default implementation -of variables and functions to fulfill the optional requirements. These -implementations are all weakly defined; they are provided to ease the porting -effort. Each platform port can override them with its own implementation if the -default implementation is inadequate. - -Some modifications are common to all Boot Loader (BL) stages. Section 2 -discusses these in detail. The subsequent sections discuss the remaining -modifications for each BL stage in detail. - -This document should be read in conjunction with the ARM Trusted Firmware -[User Guide]. - - -2. Common modifications ------------------------- - -This section covers the modifications that should be made by the platform for -each BL stage to correctly port the firmware stack. They are categorized as -either mandatory or optional. - - -2.1 Common mandatory modifications ----------------------------------- -A platform port must enable the Memory Management Unit (MMU) with identity -mapped page tables, and enable both the instruction and data caches for each BL -stage. In the ARM FVP port, each BL stage configures the MMU in its platform- -specific architecture setup function, for example `blX_plat_arch_setup()`. - -If the build option `USE_COHERENT_MEM` is enabled, each platform must allocate a -block of identity mapped secure memory with Device-nGnRE attributes aligned to -page boundary (4K) for each BL stage. This memory is identified by the section -name `tzfw_coherent_mem` so that its possible for the firmware to place -variables in it using the following C code directive: - - __attribute__ ((section("tzfw_coherent_mem"))) - -Or alternatively the following assembler code directive: - - .section tzfw_coherent_mem - -The `tzfw_coherent_mem` section is used to allocate any data structures that are -accessed both when a CPU is executing with its MMU and caches enabled, and when -it's running with its MMU and caches disabled. Examples are given below. - -The following variables, functions and constants must be defined by the platform -for the firmware to work correctly. - - -### File : platform_def.h [mandatory] - -Each platform must ensure that a header file of this name is in the system -include path with the following constants defined. This may require updating the -list of `PLAT_INCLUDES` in the `platform.mk` file. In the ARM FVP port, this -file is found in [plat/fvp/include/platform_def.h]. - -* **#define : PLATFORM_LINKER_FORMAT** - - Defines the linker format used by the platform, for example - `elf64-littleaarch64` used by the FVP. - -* **#define : PLATFORM_LINKER_ARCH** - - Defines the processor architecture for the linker by the platform, for - example `aarch64` used by the FVP. - -* **#define : PLATFORM_STACK_SIZE** - - Defines the normal stack memory available to each CPU. This constant is used - by [plat/common/aarch64/platform_mp_stack.S] and - [plat/common/aarch64/platform_up_stack.S]. - -* **#define : FIRMWARE_WELCOME_STR** - - Defines the character string printed by BL1 upon entry into the `bl1_main()` - function. - -* **#define : BL2_IMAGE_NAME** - - Name of the BL2 binary image on the host file-system. This name is used by - BL1 to load BL2 into secure memory from non-volatile storage. - -* **#define : BL31_IMAGE_NAME** - - Name of the BL3-1 binary image on the host file-system. This name is used by - BL2 to load BL3-1 into secure memory from platform storage. - -* **#define : BL33_IMAGE_NAME** - - Name of the BL3-3 binary image on the host file-system. This name is used by - BL2 to load BL3-3 into non-secure memory from platform storage. - -* **#define : BL2_CERT_NAME** - - Name of the BL2 content certificate on the host file-system (mandatory when - Trusted Board Boot is enabled). - -* **#define : TRUSTED_KEY_CERT_NAME** - - Name of the Trusted Key certificate on the host file-system (mandatory when - Trusted Board Boot is enabled). - -* **#define : BL31_KEY_CERT_NAME** - - Name of the BL3-1 Key certificate on the host file-system (mandatory when - Trusted Board Boot is enabled). - -* **#define : BL31_CERT_NAME** - - Name of the BL3-1 Content certificate on the host file-system (mandatory - when Trusted Board Boot is enabled). - -* **#define : BL33_KEY_CERT_NAME** - - Name of the BL3-3 Key certificate on the host file-system (mandatory when - Trusted Board Boot is enabled). - -* **#define : BL33_CERT_NAME** - - Name of the BL3-3 Content certificate on the host file-system (mandatory - when Trusted Board Boot is enabled). - -* **#define : PLATFORM_CACHE_LINE_SIZE** - - Defines the size (in bytes) of the largest cache line across all the cache - levels in the platform. - -* **#define : PLATFORM_CLUSTER_COUNT** - - Defines the total number of clusters implemented by the platform in the - system. - -* **#define : PLATFORM_CORE_COUNT** - - Defines the total number of CPUs implemented by the platform across all - clusters in the system. - -* **#define : PLATFORM_MAX_CPUS_PER_CLUSTER** - - Defines the maximum number of CPUs that can be implemented within a cluster - on the platform. - -* **#define : PLATFORM_NUM_AFFS** - - Defines the total number of nodes in the affinity heirarchy at all affinity - levels used by the platform. - -* **#define : BL1_RO_BASE** - - Defines the base address in secure ROM where BL1 originally lives. Must be - aligned on a page-size boundary. - -* **#define : BL1_RO_LIMIT** - - Defines the maximum address in secure ROM that BL1's actual content (i.e. - excluding any data section allocated at runtime) can occupy. - -* **#define : BL1_RW_BASE** - - Defines the base address in secure RAM where BL1's read-write data will live - at runtime. Must be aligned on a page-size boundary. - -* **#define : BL1_RW_LIMIT** - - Defines the maximum address in secure RAM that BL1's read-write data can - occupy at runtime. - -* **#define : BL2_BASE** - - Defines the base address in secure RAM where BL1 loads the BL2 binary image. - Must be aligned on a page-size boundary. - -* **#define : BL2_LIMIT** - - Defines the maximum address in secure RAM that the BL2 image can occupy. - -* **#define : BL31_BASE** - - Defines the base address in secure RAM where BL2 loads the BL3-1 binary - image. Must be aligned on a page-size boundary. - -* **#define : BL31_LIMIT** - - Defines the maximum address in secure RAM that the BL3-1 image can occupy. - -* **#define : NS_IMAGE_OFFSET** - - Defines the base address in non-secure DRAM where BL2 loads the BL3-3 binary - image. Must be aligned on a page-size boundary. - -If a BL3-0 image is supported by the platform, the following constants must -also be defined: - -* **#define : BL30_IMAGE_NAME** - - Name of the BL3-0 binary image on the host file-system. This name is used by - BL2 to load BL3-0 into secure memory from platform storage before being - transfered to the SCP. - -* **#define : BL30_KEY_CERT_NAME** - - Name of the BL3-0 Key certificate on the host file-system (mandatory when - Trusted Board Boot is enabled). - -* **#define : BL30_CERT_NAME** - - Name of the BL3-0 Content certificate on the host file-system (mandatory - when Trusted Board Boot is enabled). - -If a BL3-2 image is supported by the platform, the following constants must -also be defined: - -* **#define : BL32_IMAGE_NAME** - - Name of the BL3-2 binary image on the host file-system. This name is used by - BL2 to load BL3-2 into secure memory from platform storage. - -* **#define : BL32_KEY_CERT_NAME** - - Name of the BL3-2 Key certificate on the host file-system (mandatory when - Trusted Board Boot is enabled). - -* **#define : BL32_CERT_NAME** - - Name of the BL3-2 Content certificate on the host file-system (mandatory - when Trusted Board Boot is enabled). - -* **#define : BL32_BASE** - - Defines the base address in secure memory where BL2 loads the BL3-2 binary - image. Must be aligned on a page-size boundary. - -* **#define : BL32_LIMIT** - - Defines the maximum address that the BL3-2 image can occupy. - -If the Test Secure-EL1 Payload (TSP) instantiation of BL3-2 is supported by the -platform, the following constants must also be defined: - -* **#define : TSP_SEC_MEM_BASE** - - Defines the base address of the secure memory used by the TSP image on the - platform. This must be at the same address or below `BL32_BASE`. - -* **#define : TSP_SEC_MEM_SIZE** - - Defines the size of the secure memory used by the BL3-2 image on the - platform. `TSP_SEC_MEM_BASE` and `TSP_SEC_MEM_SIZE` must fully accomodate - the memory required by the BL3-2 image, defined by `BL32_BASE` and - `BL32_LIMIT`. - -* **#define : TSP_IRQ_SEC_PHY_TIMER** - - Defines the ID of the secure physical generic timer interrupt used by the - TSP's interrupt handling code. - -If the platform port uses the IO storage framework, the following constants -must also be defined: - -* **#define : MAX_IO_DEVICES** - - Defines the maximum number of registered IO devices. Attempting to register - more devices than this value using `io_register_device()` will fail with - IO_RESOURCES_EXHAUSTED. - -* **#define : MAX_IO_HANDLES** - - Defines the maximum number of open IO handles. Attempting to open more IO - entities than this value using `io_open()` will fail with - IO_RESOURCES_EXHAUSTED. - -If the platform needs to allocate data within the per-cpu data framework in -BL3-1, it should define the following macro. Currently this is only required if -the platform decides not to use the coherent memory section by undefining the -USE_COHERENT_MEM build flag. In this case, the framework allocates the required -memory within the the per-cpu data to minimize wastage. - -* **#define : PLAT_PCPU_DATA_SIZE** - - Defines the memory (in bytes) to be reserved within the per-cpu data - structure for use by the platform layer. - -The following constants are optional. They should be defined when the platform -memory layout implies some image overlaying like on FVP. - -* **#define : BL31_PROGBITS_LIMIT** - - Defines the maximum address in secure RAM that the BL3-1's progbits sections - can occupy. - -* **#define : TSP_PROGBITS_LIMIT** - - Defines the maximum address that the TSP's progbits sections can occupy. - -### File : plat_macros.S [mandatory] - -Each platform must ensure a file of this name is in the system include path with -the following macro defined. In the ARM FVP port, this file is found in -[plat/fvp/include/plat_macros.S]. - -* **Macro : plat_print_gic_regs** - - This macro allows the crash reporting routine to print GIC registers - in case of an unhandled exception in BL3-1. This aids in debugging and - this macro can be defined to be empty in case GIC register reporting is - not desired. - -* **Macro : plat_print_interconnect_regs** - - This macro allows the crash reporting routine to print interconnect registers - in case of an unhandled exception in BL3-1. This aids in debugging and - this macro can be defined to be empty in case interconnect register reporting - is not desired. In the ARM FVP port, the CCI snoop control registers are - reported. - -### Other mandatory modifications - -The following mandatory modifications may be implemented in any file -the implementer chooses. In the ARM FVP port, they are implemented in -[plat/fvp/aarch64/plat_common.c]. - -* **Function : uint64_t plat_get_syscnt_freq(void)** - - This function is used by the architecture setup code to retrieve the - counter frequency for the CPU's generic timer. This value will be - programmed into the `CNTFRQ_EL0` register. - In the ARM FVP port, it returns the base frequency of the system counter, - which is retrieved from the first entry in the frequency modes table. - - -2.2 Handling Reset ------------------- - -BL1 by default implements the reset vector where execution starts from a cold -or warm boot. BL3-1 can be optionally set as a reset vector using the -RESET_TO_BL31 make variable. - -For each CPU, the reset vector code is responsible for the following tasks: - -1. Distinguishing between a cold boot and a warm boot. - -2. In the case of a cold boot and the CPU being a secondary CPU, ensuring that - the CPU is placed in a platform-specific state until the primary CPU - performs the necessary steps to remove it from this state. - -3. In the case of a warm boot, ensuring that the CPU jumps to a platform- - specific address in the BL3-1 image in the same processor mode as it was - when released from reset. - -The following functions need to be implemented by the platform port to enable -reset vector code to perform the above tasks. - - -### Function : platform_get_entrypoint() [mandatory] - - Argument : unsigned long - Return : unsigned int - -This function is called with the `SCTLR.M` and `SCTLR.C` bits disabled. The CPU -is identified by its `MPIDR`, which is passed as the argument. The function is -responsible for distinguishing between a warm and cold reset using platform- -specific means. If it's a warm reset then it returns the entrypoint into the -BL3-1 image that the CPU must jump to. If it's a cold reset then this function -must return zero. - -This function is also responsible for implementing a platform-specific mechanism -to handle the condition where the CPU has been warm reset but there is no -entrypoint to jump to. - -This function does not follow the Procedure Call Standard used by the -Application Binary Interface for the ARM 64-bit architecture. The caller should -not assume that callee saved registers are preserved across a call to this -function. - -This function fulfills requirement 1 and 3 listed above. - - -### Function : plat_secondary_cold_boot_setup() [mandatory] - - Argument : void - Return : void - -This function is called with the MMU and data caches disabled. It is responsible -for placing the executing secondary CPU in a platform-specific state until the -primary CPU performs the necessary actions to bring it out of that state and -allow entry into the OS. - -In the ARM FVP port, each secondary CPU powers itself off. The primary CPU is -responsible for powering up the secondary CPU when normal world software -requires them. - -This function fulfills requirement 2 above. - - -### Function : platform_is_primary_cpu() [mandatory] - - Argument : unsigned long - Return : unsigned int - -This function identifies a CPU by its `MPIDR`, which is passed as the argument, -to determine whether this CPU is the primary CPU or a secondary CPU. A return -value of zero indicates that the CPU is not the primary CPU, while a non-zero -return value indicates that the CPU is the primary CPU. - - -### Function : platform_mem_init() [mandatory] - - Argument : void - Return : void - -This function is called before any access to data is made by the firmware, in -order to carry out any essential memory initialization. - -The ARM FVP port uses this function to initialize the mailbox memory used for -providing the warm-boot entry-point addresses. - - -### Function: plat_match_rotpk() - - Argument : const unsigned char *, unsigned int - Return : int - -This function is mandatory when Trusted Board Boot is enabled. It receives a -pointer to a buffer containing a signing key and its size as parameters and -returns 0 (success) if that key matches the ROT (Root Of Trust) key stored in -the platform. Any other return value means a mismatch. - - - -2.3 Common optional modifications ---------------------------------- - -The following are helper functions implemented by the firmware that perform -common platform-specific tasks. A platform may choose to override these -definitions. - - -### Function : platform_get_core_pos() - - Argument : unsigned long - Return : int - -A platform may need to convert the `MPIDR` of a CPU to an absolute number, which -can be used as a CPU-specific linear index into blocks of memory (for example -while allocating per-CPU stacks). This routine contains a simple mechanism -to perform this conversion, using the assumption that each cluster contains a -maximum of 4 CPUs: - - linear index = cpu_id + (cluster_id * 4) - - cpu_id = 8-bit value in MPIDR at affinity level 0 - cluster_id = 8-bit value in MPIDR at affinity level 1 - - -### Function : platform_set_stack() - - Argument : unsigned long - Return : void - -This function sets the current stack pointer to the normal memory stack that -has been allocated for the CPU specificed by MPIDR. For BL images that only -require a stack for the primary CPU the parameter is ignored. The size of -the stack allocated to each CPU is specified by the platform defined constant -`PLATFORM_STACK_SIZE`. - -Common implementations of this function for the UP and MP BL images are -provided in [plat/common/aarch64/platform_up_stack.S] and -[plat/common/aarch64/platform_mp_stack.S] - - -### Function : platform_get_stack() - - Argument : unsigned long - Return : unsigned long - -This function returns the base address of the normal memory stack that -has been allocated for the CPU specificed by MPIDR. For BL images that only -require a stack for the primary CPU the parameter is ignored. The size of -the stack allocated to each CPU is specified by the platform defined constant -`PLATFORM_STACK_SIZE`. - -Common implementations of this function for the UP and MP BL images are -provided in [plat/common/aarch64/platform_up_stack.S] and -[plat/common/aarch64/platform_mp_stack.S] - - -### Function : plat_report_exception() - - Argument : unsigned int - Return : void - -A platform may need to report various information about its status when an -exception is taken, for example the current exception level, the CPU security -state (secure/non-secure), the exception type, and so on. This function is -called in the following circumstances: - -* In BL1, whenever an exception is taken. -* In BL2, whenever an exception is taken. - -The default implementation doesn't do anything, to avoid making assumptions -about the way the platform displays its status information. - -This function receives the exception type as its argument. Possible values for -exceptions types are listed in the [include/runtime_svc.h] header file. Note -that these constants are not related to any architectural exception code; they -are just an ARM Trusted Firmware convention. - - -### Function : plat_reset_handler() - - Argument : void - Return : void - -A platform may need to do additional initialization after reset. This function -allows the platform to do the platform specific intializations. Platform -specific errata workarounds could also be implemented here. The api should -preserve the values of callee saved registers x19 to x29. - -The default implementation doesn't do anything. If a platform needs to override -the default implementation, refer to the [Firmware Design Guide] for general -guidelines regarding placement of code in a reset handler. - -### Function : plat_disable_acp() - - Argument : void - Return : void - -This api allows a platform to disable the Accelerator Coherency Port (if -present) during a cluster power down sequence. The default weak implementation -doesn't do anything. Since this api is called during the power down sequence, -it has restrictions for stack usage and it can use the registers x0 - x17 as -scratch registers. It should preserve the value in x18 register as it is used -by the caller to store the return address. - - -3. Modifications specific to a Boot Loader stage -------------------------------------------------- - -3.1 Boot Loader Stage 1 (BL1) ------------------------------ - -BL1 implements the reset vector where execution starts from after a cold or -warm boot. For each CPU, BL1 is responsible for the following tasks: - -1. Handling the reset as described in section 2.2 - -2. In the case of a cold boot and the CPU being the primary CPU, ensuring that - only this CPU executes the remaining BL1 code, including loading and passing - control to the BL2 stage. - -3. Loading the BL2 image from non-volatile storage into secure memory at the - address specified by the platform defined constant `BL2_BASE`. - -4. Populating a `meminfo` structure with the following information in memory, - accessible by BL2 immediately upon entry. - - meminfo.total_base = Base address of secure RAM visible to BL2 - meminfo.total_size = Size of secure RAM visible to BL2 - meminfo.free_base = Base address of secure RAM available for - allocation to BL2 - meminfo.free_size = Size of secure RAM available for allocation to BL2 - - BL1 places this `meminfo` structure at the beginning of the free memory - available for its use. Since BL1 cannot allocate memory dynamically at the - moment, its free memory will be available for BL2's use as-is. However, this - means that BL2 must read the `meminfo` structure before it starts using its - free memory (this is discussed in Section 3.2). - - In future releases of the ARM Trusted Firmware it will be possible for - the platform to decide where it wants to place the `meminfo` structure for - BL2. - - BL1 implements the `bl1_init_bl2_mem_layout()` function to populate the - BL2 `meminfo` structure. The platform may override this implementation, for - example if the platform wants to restrict the amount of memory visible to - BL2. Details of how to do this are given below. - -The following functions need to be implemented by the platform port to enable -BL1 to perform the above tasks. - - -### Function : bl1_plat_arch_setup() [mandatory] - - Argument : void - Return : void - -This function performs any platform-specific and architectural setup that the -platform requires. Platform-specific setup might include configuration of -memory controllers, configuration of the interconnect to allow the cluster -to service cache snoop requests from another cluster, and so on. - -In the ARM FVP port, this function enables CCI snoops into the cluster that the -primary CPU is part of. It also enables the MMU. - -This function helps fulfill requirement 2 above. - - -### Function : bl1_platform_setup() [mandatory] - - Argument : void - Return : void - -This function executes with the MMU and data caches enabled. It is responsible -for performing any remaining platform-specific setup that can occur after the -MMU and data cache have been enabled. - -This function is also responsible for initializing the storage abstraction layer -which is used to load further bootloader images. - -This function helps fulfill requirement 3 above. - - -### Function : bl1_plat_sec_mem_layout() [mandatory] - - Argument : void - Return : meminfo * - -This function should only be called on the cold boot path. It executes with the -MMU and data caches enabled. The pointer returned by this function must point to -a `meminfo` structure containing the extents and availability of secure RAM for -the BL1 stage. - - meminfo.total_base = Base address of secure RAM visible to BL1 - meminfo.total_size = Size of secure RAM visible to BL1 - meminfo.free_base = Base address of secure RAM available for allocation - to BL1 - meminfo.free_size = Size of secure RAM available for allocation to BL1 - -This information is used by BL1 to load the BL2 image in secure RAM. BL1 also -populates a similar structure to tell BL2 the extents of memory available for -its own use. - -This function helps fulfill requirement 3 above. - - -### Function : bl1_init_bl2_mem_layout() [optional] - - Argument : meminfo *, meminfo *, unsigned int, unsigned long - Return : void - -BL1 needs to tell the next stage the amount of secure RAM available -for it to use. This information is populated in a `meminfo` -structure. - -Depending upon where BL2 has been loaded in secure RAM (determined by -`BL2_BASE`), BL1 calculates the amount of free memory available for BL2 to use. -BL1 also ensures that its data sections resident in secure RAM are not visible -to BL2. An illustration of how this is done in the ARM FVP port is given in the -[User Guide], in the Section "Memory layout on Base FVP". - - -### Function : bl1_plat_set_bl2_ep_info() [mandatory] - - Argument : image_info *, entry_point_info * - Return : void - -This function is called after loading BL2 image and it can be used to overwrite -the entry point set by loader and also set the security state and SPSR which -represents the entry point system state for BL2. - -On FVP, we are setting the security state and the SPSR for the BL2 entrypoint - - -3.2 Boot Loader Stage 2 (BL2) ------------------------------ - -The BL2 stage is executed only by the primary CPU, which is determined in BL1 -using the `platform_is_primary_cpu()` function. BL1 passed control to BL2 at -`BL2_BASE`. BL2 executes in Secure EL1 and is responsible for: - -1. (Optional) Loading the BL3-0 binary image (if present) from platform - provided non-volatile storage. To load the BL3-0 image, BL2 makes use of - the `meminfo` returned by the `bl2_plat_get_bl30_meminfo()` function. - The platform also defines the address in memory where BL3-0 is loaded - through the optional constant `BL30_BASE`. BL2 uses this information - to determine if there is enough memory to load the BL3-0 image. - Subsequent handling of the BL3-0 image is platform-specific and is - implemented in the `bl2_plat_handle_bl30()` function. - If `BL30_BASE` is not defined then this step is not performed. - -2. Loading the BL3-1 binary image into secure RAM from non-volatile storage. To - load the BL3-1 image, BL2 makes use of the `meminfo` structure passed to it - by BL1. This structure allows BL2 to calculate how much secure RAM is - available for its use. The platform also defines the address in secure RAM - where BL3-1 is loaded through the constant `BL31_BASE`. BL2 uses this - information to determine if there is enough memory to load the BL3-1 image. - -3. (Optional) Loading the BL3-2 binary image (if present) from platform - provided non-volatile storage. To load the BL3-2 image, BL2 makes use of - the `meminfo` returned by the `bl2_plat_get_bl32_meminfo()` function. - The platform also defines the address in memory where BL3-2 is loaded - through the optional constant `BL32_BASE`. BL2 uses this information - to determine if there is enough memory to load the BL3-2 image. - If `BL32_BASE` is not defined then this and the next step is not performed. - -4. (Optional) Arranging to pass control to the BL3-2 image (if present) that - has been pre-loaded at `BL32_BASE`. BL2 populates an `entry_point_info` - structure in memory provided by the platform with information about how - BL3-1 should pass control to the BL3-2 image. - -5. Loading the normal world BL3-3 binary image into non-secure DRAM from - platform storage and arranging for BL3-1 to pass control to this image. This - address is determined using the `plat_get_ns_image_entrypoint()` function - described below. - -6. BL2 populates an `entry_point_info` structure in memory provided by the - platform with information about how BL3-1 should pass control to the - other BL images. - -The following functions must be implemented by the platform port to enable BL2 -to perform the above tasks. - - -### Function : bl2_early_platform_setup() [mandatory] - - Argument : meminfo * - Return : void - -This function executes with the MMU and data caches disabled. It is only called -by the primary CPU. The arguments to this function is the address of the -`meminfo` structure populated by BL1. - -The platform must copy the contents of the `meminfo` structure into a private -variable as the original memory may be subsequently overwritten by BL2. The -copied structure is made available to all BL2 code through the -`bl2_plat_sec_mem_layout()` function. - - -### Function : bl2_plat_arch_setup() [mandatory] - - Argument : void - Return : void - -This function executes with the MMU and data caches disabled. It is only called -by the primary CPU. - -The purpose of this function is to perform any architectural initialization -that varies across platforms, for example enabling the MMU (since the memory -map differs across platforms). - - -### Function : bl2_platform_setup() [mandatory] - - Argument : void - Return : void - -This function may execute with the MMU and data caches enabled if the platform -port does the necessary initialization in `bl2_plat_arch_setup()`. It is only -called by the primary CPU. - -The purpose of this function is to perform any platform initialization -specific to BL2. Platform security components are configured if required. -For the Base FVP the TZC-400 TrustZone controller is configured to only -grant non-secure access to DRAM. This avoids aliasing between secure and -non-secure accesses in the TLB and cache - secure execution states can use -the NS attributes in the MMU translation tables to access the DRAM. - -This function is also responsible for initializing the storage abstraction layer -which is used to load further bootloader images. - - -### Function : bl2_plat_sec_mem_layout() [mandatory] - - Argument : void - Return : meminfo * - -This function should only be called on the cold boot path. It may execute with -the MMU and data caches enabled if the platform port does the necessary -initialization in `bl2_plat_arch_setup()`. It is only called by the primary CPU. - -The purpose of this function is to return a pointer to a `meminfo` structure -populated with the extents of secure RAM available for BL2 to use. See -`bl2_early_platform_setup()` above. - - -### Function : bl2_plat_get_bl30_meminfo() [mandatory] - - Argument : meminfo * - Return : void - -This function is used to get the memory limits where BL2 can load the -BL3-0 image. The meminfo provided by this is used by load_image() to -validate whether the BL3-0 image can be loaded within the given -memory from the given base. - - -### Function : bl2_plat_handle_bl30() [mandatory] - - Argument : image_info * - Return : int - -This function is called after loading BL3-0 image and it is used to perform any -platform-specific actions required to handle the SCP firmware. Typically it -transfers the image into SCP memory using a platform-specific protocol and waits -until SCP executes it and signals to the Application Processor (AP) for BL2 -execution to continue. - -This function returns 0 on success, a negative error code otherwise. - - -### Function : bl2_plat_get_bl31_params() [mandatory] - - Argument : void - Return : bl31_params * - -BL2 platform code needs to return a pointer to a `bl31_params` structure it -will use for passing information to BL3-1. The `bl31_params` structure carries -the following information. - - Header describing the version information for interpreting the bl31_param - structure - - Information about executing the BL3-3 image in the `bl33_ep_info` field - - Information about executing the BL3-2 image in the `bl32_ep_info` field - - Information about the type and extents of BL3-1 image in the - `bl31_image_info` field - - Information about the type and extents of BL3-2 image in the - `bl32_image_info` field - - Information about the type and extents of BL3-3 image in the - `bl33_image_info` field - -The memory pointed by this structure and its sub-structures should be -accessible from BL3-1 initialisation code. BL3-1 might choose to copy the -necessary content, or maintain the structures until BL3-3 is initialised. - - -### Funtion : bl2_plat_get_bl31_ep_info() [mandatory] - - Argument : void - Return : entry_point_info * - -BL2 platform code returns a pointer which is used to populate the entry point -information for BL3-1 entry point. The location pointed by it should be -accessible from BL1 while processing the synchronous exception to run to BL3-1. - -On FVP this is allocated inside an bl2_to_bl31_params_mem structure which -is allocated at an address pointed by PARAMS_BASE. - - -### Function : bl2_plat_set_bl31_ep_info() [mandatory] - - Argument : image_info *, entry_point_info * - Return : void - -This function is called after loading BL3-1 image and it can be used to -overwrite the entry point set by loader and also set the security state -and SPSR which represents the entry point system state for BL3-1. - -On FVP, we are setting the security state and the SPSR for the BL3-1 -entrypoint. - -### Function : bl2_plat_set_bl32_ep_info() [mandatory] - - Argument : image_info *, entry_point_info * - Return : void - -This function is called after loading BL3-2 image and it can be used to -overwrite the entry point set by loader and also set the security state -and SPSR which represents the entry point system state for BL3-2. - -On FVP, we are setting the security state and the SPSR for the BL3-2 -entrypoint - -### Function : bl2_plat_set_bl33_ep_info() [mandatory] - - Argument : image_info *, entry_point_info * - Return : void - -This function is called after loading BL3-3 image and it can be used to -overwrite the entry point set by loader and also set the security state -and SPSR which represents the entry point system state for BL3-3. - -On FVP, we are setting the security state and the SPSR for the BL3-3 -entrypoint - -### Function : bl2_plat_get_bl32_meminfo() [mandatory] - - Argument : meminfo * - Return : void - -This function is used to get the memory limits where BL2 can load the -BL3-2 image. The meminfo provided by this is used by load_image() to -validate whether the BL3-2 image can be loaded with in the given -memory from the given base. - -### Function : bl2_plat_get_bl33_meminfo() [mandatory] - - Argument : meminfo * - Return : void - -This function is used to get the memory limits where BL2 can load the -BL3-3 image. The meminfo provided by this is used by load_image() to -validate whether the BL3-3 image can be loaded with in the given -memory from the given base. - -### Function : bl2_plat_flush_bl31_params() [mandatory] - - Argument : void - Return : void - -Once BL2 has populated all the structures that needs to be read by BL1 -and BL3-1 including the bl31_params structures and its sub-structures, -the bl31_ep_info structure and any platform specific data. It flushes -all these data to the main memory so that it is available when we jump to -later Bootloader stages with MMU off - -### Function : plat_get_ns_image_entrypoint() [mandatory] - - Argument : void - Return : unsigned long - -As previously described, BL2 is responsible for arranging for control to be -passed to a normal world BL image through BL3-1. This function returns the -entrypoint of that image, which BL3-1 uses to jump to it. - -BL2 is responsible for loading the normal world BL3-3 image (e.g. UEFI). - - -3.2 Boot Loader Stage 3-1 (BL3-1) ---------------------------------- - -During cold boot, the BL3-1 stage is executed only by the primary CPU. This is -determined in BL1 using the `platform_is_primary_cpu()` function. BL1 passes -control to BL3-1 at `BL31_BASE`. During warm boot, BL3-1 is executed by all -CPUs. BL3-1 executes at EL3 and is responsible for: - -1. Re-initializing all architectural and platform state. Although BL1 performs - some of this initialization, BL3-1 remains resident in EL3 and must ensure - that EL3 architectural and platform state is completely initialized. It - should make no assumptions about the system state when it receives control. - -2. Passing control to a normal world BL image, pre-loaded at a platform- - specific address by BL2. BL3-1 uses the `entry_point_info` structure that BL2 - populated in memory to do this. - -3. Providing runtime firmware services. Currently, BL3-1 only implements a - subset of the Power State Coordination Interface (PSCI) API as a runtime - service. See Section 3.3 below for details of porting the PSCI - implementation. - -4. Optionally passing control to the BL3-2 image, pre-loaded at a platform- - specific address by BL2. BL3-1 exports a set of apis that allow runtime - services to specify the security state in which the next image should be - executed and run the corresponding image. BL3-1 uses the `entry_point_info` - structure populated by BL2 to do this. - -If BL3-1 is a reset vector, It also needs to handle the reset as specified in -section 2.2 before the tasks described above. - -The following functions must be implemented by the platform port to enable BL3-1 -to perform the above tasks. - - -### Function : bl31_early_platform_setup() [mandatory] - - Argument : bl31_params *, void * - Return : void - -This function executes with the MMU and data caches disabled. It is only called -by the primary CPU. The arguments to this function are: - -* The address of the `bl31_params` structure populated by BL2. -* An opaque pointer that the platform may use as needed. - -The platform can copy the contents of the `bl31_params` structure and its -sub-structures into private variables if the original memory may be -subsequently overwritten by BL3-1 and similarly the `void *` pointing -to the platform data also needs to be saved. - -On the ARM FVP port, BL2 passes a pointer to a `bl31_params` structure populated -in the secure DRAM at address `0x6000000` in the bl31_params * argument and it -does not use opaque pointer mentioned earlier. BL3-1 does not copy this -information to internal data structures as it guarantees that the secure -DRAM memory will not be overwritten. It maintains an internal reference to this -information in the `bl2_to_bl31_params` variable. - -### Function : bl31_plat_arch_setup() [mandatory] - - Argument : void - Return : void - -This function executes with the MMU and data caches disabled. It is only called -by the primary CPU. - -The purpose of this function is to perform any architectural initialization -that varies across platforms, for example enabling the MMU (since the memory -map differs across platforms). - - -### Function : bl31_platform_setup() [mandatory] - - Argument : void - Return : void - -This function may execute with the MMU and data caches enabled if the platform -port does the necessary initialization in `bl31_plat_arch_setup()`. It is only -called by the primary CPU. - -The purpose of this function is to complete platform initialization so that both -BL3-1 runtime services and normal world software can function correctly. - -The ARM FVP port does the following: -* Initializes the generic interrupt controller. -* Configures the CLCD controller. -* Enables system-level implementation of the generic timer counter. -* Grants access to the system counter timer module -* Initializes the FVP power controller device -* Detects the system topology. - - -### Function : bl31_get_next_image_info() [mandatory] - - Argument : unsigned int - Return : entry_point_info * - -This function may execute with the MMU and data caches enabled if the platform -port does the necessary initializations in `bl31_plat_arch_setup()`. - -This function is called by `bl31_main()` to retrieve information provided by -BL2 for the next image in the security state specified by the argument. BL3-1 -uses this information to pass control to that image in the specified security -state. This function must return a pointer to the `entry_point_info` structure -(that was copied during `bl31_early_platform_setup()`) if the image exists. It -should return NULL otherwise. - - -3.3 Power State Coordination Interface (in BL3-1) ------------------------------------------------- - -The ARM Trusted Firmware's implementation of the PSCI API is based around the -concept of an _affinity instance_. Each _affinity instance_ can be uniquely -identified in a system by a CPU ID (the processor `MPIDR` is used in the PSCI -interface) and an _affinity level_. A processing element (for example, a -CPU) is at level 0. If the CPUs in the system are described in a tree where the -node above a CPU is a logical grouping of CPUs that share some state, then -affinity level 1 is that group of CPUs (for example, a cluster), and affinity -level 2 is a group of clusters (for example, the system). The implementation -assumes that the affinity level 1 ID can be computed from the affinity level 0 -ID (for example, a unique cluster ID can be computed from the CPU ID). The -current implementation computes this on the basis of the recommended use of -`MPIDR` affinity fields in the ARM Architecture Reference Manual. - -BL3-1's platform initialization code exports a pointer to the platform-specific -power management operations required for the PSCI implementation to function -correctly. This information is populated in the `plat_pm_ops` structure. The -PSCI implementation calls members of the `plat_pm_ops` structure for performing -power management operations for each affinity instance. For example, the target -CPU is specified by its `MPIDR` in a PSCI `CPU_ON` call. The `affinst_on()` -handler (if present) is called for each affinity instance as the PSCI -implementation powers up each affinity level implemented in the `MPIDR` (for -example, CPU, cluster and system). - -The following functions must be implemented to initialize PSCI functionality in -the ARM Trusted Firmware. - - -### Function : plat_get_aff_count() [mandatory] - - Argument : unsigned int, unsigned long - Return : unsigned int - -This function may execute with the MMU and data caches enabled if the platform -port does the necessary initializations in `bl31_plat_arch_setup()`. It is only -called by the primary CPU. - -This function is called by the PSCI initialization code to detect the system -topology. Its purpose is to return the number of affinity instances implemented -at a given `affinity level` (specified by the first argument) and a given -`MPIDR` (specified by the second argument). For example, on a dual-cluster -system where first cluster implements 2 CPUs and the second cluster implements 4 -CPUs, a call to this function with an `MPIDR` corresponding to the first cluster -(`0x0`) and affinity level 0, would return 2. A call to this function with an -`MPIDR` corresponding to the second cluster (`0x100`) and affinity level 0, -would return 4. - - -### Function : plat_get_aff_state() [mandatory] - - Argument : unsigned int, unsigned long - Return : unsigned int - -This function may execute with the MMU and data caches enabled if the platform -port does the necessary initializations in `bl31_plat_arch_setup()`. It is only -called by the primary CPU. - -This function is called by the PSCI initialization code. Its purpose is to -return the state of an affinity instance. The affinity instance is determined by -the affinity ID at a given `affinity level` (specified by the first argument) -and an `MPIDR` (specified by the second argument). The state can be one of -`PSCI_AFF_PRESENT` or `PSCI_AFF_ABSENT`. The latter state is used to cater for -system topologies where certain affinity instances are unimplemented. For -example, consider a platform that implements a single cluster with 4 CPUs and -another CPU implemented directly on the interconnect with the cluster. The -`MPIDR`s of the cluster would range from `0x0-0x3`. The `MPIDR` of the single -CPU would be 0x100 to indicate that it does not belong to cluster 0. Cluster 1 -is missing but needs to be accounted for to reach this single CPU in the -topology tree. Hence it is marked as `PSCI_AFF_ABSENT`. - - -### Function : plat_get_max_afflvl() [mandatory] - - Argument : void - Return : int - -This function may execute with the MMU and data caches enabled if the platform -port does the necessary initializations in `bl31_plat_arch_setup()`. It is only -called by the primary CPU. - -This function is called by the PSCI implementation both during cold and warm -boot, to determine the maximum affinity level that the power management -operations should apply to. ARMv8-A has support for 4 affinity levels. It is -likely that hardware will implement fewer affinity levels. This function allows -the PSCI implementation to consider only those affinity levels in the system -that the platform implements. For example, the Base AEM FVP implements two -clusters with a configurable number of CPUs. It reports the maximum affinity -level as 1, resulting in PSCI power control up to the cluster level. - - -### Function : platform_setup_pm() [mandatory] - - Argument : const plat_pm_ops ** - Return : int - -This function may execute with the MMU and data caches enabled if the platform -port does the necessary initializations in `bl31_plat_arch_setup()`. It is only -called by the primary CPU. - -This function is called by PSCI initialization code. Its purpose is to export -handler routines for platform-specific power management actions by populating -the passed pointer with a pointer to BL3-1's private `plat_pm_ops` structure. - -A description of each member of this structure is given below. Please refer to -the ARM FVP specific implementation of these handlers in [plat/fvp/fvp_pm.c] -as an example. A platform port is expected to implement these handlers if the -corresponding PSCI operation is to be supported and these handlers are expected -to succeed if the return type is `void`. - -#### plat_pm_ops.affinst_standby() - -Perform the platform-specific setup to enter the standby state indicated by the -passed argument. The generic code expects the handler to succeed. - -#### plat_pm_ops.affinst_on() - -Perform the platform specific setup to power on an affinity instance, specified -by the `MPIDR` (first argument) and `affinity level` (third argument). The -`state` (fourth argument) contains the current state of that affinity instance -(ON or OFF). This is useful to determine whether any action must be taken. For -example, while powering on a CPU, the cluster that contains this CPU might -already be in the ON state. The platform decides what actions must be taken to -transition from the current state to the target state (indicated by the power -management operation). The generic code expects the platform to return -E_SUCCESS on success or E_INTERN_FAIL for any failure. - -#### plat_pm_ops.affinst_off() - -Perform the platform specific setup to power off an affinity instance of the -calling CPU. It is called by the PSCI `CPU_OFF` API implementation. - -The `affinity level` (first argument) and `state` (second argument) have -a similar meaning as described in the `affinst_on()` operation. They are -used to identify the affinity instance on which the call is made and its -current state. This gives the platform port an indication of the -state transition it must make to perform the requested action. For example, if -the calling CPU is the last powered on CPU in the cluster, after powering down -affinity level 0 (CPU), the platform port should power down affinity level 1 -(the cluster) as well. The generic code expects the handler to succeed. - -#### plat_pm_ops.affinst_suspend() - -Perform the platform specific setup to power off an affinity instance of the -calling CPU. It is called by the PSCI `CPU_SUSPEND` API and `SYSTEM_SUSPEND` -API implementation - -The `affinity level` (second argument) and `state` (third argument) have a -similar meaning as described in the `affinst_on()` operation. They are used to -identify the affinity instance on which the call is made and its current state. -This gives the platform port an indication of the state transition it must -make to perform the requested action. For example, if the calling CPU is the -last powered on CPU in the cluster, after powering down affinity level 0 (CPU), -the platform port should power down affinity level 1 (the cluster) as well. - -The difference between turning an affinity instance off versus suspending it -is that in the former case, the affinity instance is expected to re-initialize -its state when its next powered on (see `affinst_on_finish()`). In the latter -case, the affinity instance is expected to save enough state so that it can -resume execution by restoring this state when its powered on (see -`affinst_suspend_finish()`).The generic code expects the handler to succeed. - -#### plat_pm_ops.affinst_on_finish() - -This function is called by the PSCI implementation after the calling CPU is -powered on and released from reset in response to an earlier PSCI `CPU_ON` call. -It performs the platform-specific setup required to initialize enough state for -this CPU to enter the normal world and also provide secure runtime firmware -services. - -The `affinity level` (first argument) and `state` (second argument) have a -similar meaning as described in the previous operations. The generic code -expects the handler to succeed. - -#### plat_pm_ops.affinst_suspend_finish() - -This function is called by the PSCI implementation after the calling CPU is -powered on and released from reset in response to an asynchronous wakeup -event, for example a timer interrupt that was programmed by the CPU during the -`CPU_SUSPEND` call or `SYSTEM_SUSPEND` call. It performs the platform-specific -setup required to restore the saved state for this CPU to resume execution -in the normal world and also provide secure runtime firmware services. - -The `affinity level` (first argument) and `state` (second argument) have a -similar meaning as described in the previous operations. The generic code -expects the platform to succeed. - -#### plat_pm_ops.validate_power_state() - -This function is called by the PSCI implementation during the `CPU_SUSPEND` -call to validate the `power_state` parameter of the PSCI API. If the -`power_state` is known to be invalid, the platform must return -PSCI_E_INVALID_PARAMS as error, which is propagated back to the normal -world PSCI client. - -#### plat_pm_ops.validate_ns_entrypoint() - -This function is called by the PSCI implementation during the `CPU_SUSPEND`, -`SYSTEM_SUSPEND` and `CPU_ON` calls to validate the non-secure `entry_point` -parameter passed by the normal world. If the `entry_point` is known to be -invalid, the platform must return PSCI_E_INVALID_PARAMS as error, which is -propagated back to the normal world PSCI client. - -#### plat_pm_ops.get_sys_suspend_power_state() - -This function is called by the PSCI implementation during the `SYSTEM_SUSPEND` -call to return the `power_state` parameter. This allows the platform to encode -the appropriate State-ID field within the `power_state` parameter which can be -utilized in `affinst_suspend()` to suspend to system affinity level. The -`power_state` parameter should be in the same format as specified by the -PSCI specification for the CPU_SUSPEND API. - -BL3-1 platform initialization code must also detect the system topology and -the state of each affinity instance in the topology. This information is -critical for the PSCI runtime service to function correctly. More details are -provided in the description of the `plat_get_aff_count()` and -`plat_get_aff_state()` functions above. - -3.4 Interrupt Management framework (in BL3-1) ----------------------------------------------- -BL3-1 implements an Interrupt Management Framework (IMF) to manage interrupts -generated in either security state and targeted to EL1 or EL2 in the non-secure -state or EL3/S-EL1 in the secure state. The design of this framework is -described in the [IMF Design Guide] - -A platform should export the following APIs to support the IMF. The following -text briefly describes each api and its implementation on the FVP port. The API -implementation depends upon the type of interrupt controller present in the -platform. The FVP implements an ARM Generic Interrupt Controller (ARM GIC) as -per the version 2.0 of the [ARM GIC Architecture Specification] - -### Function : plat_interrupt_type_to_line() [mandatory] - - Argument : uint32_t, uint32_t - Return : uint32_t - -The ARM processor signals an interrupt exception either through the IRQ or FIQ -interrupt line. The specific line that is signaled depends on how the interrupt -controller (IC) reports different interrupt types from an execution context in -either security state. The IMF uses this API to determine which interrupt line -the platform IC uses to signal each type of interrupt supported by the framework -from a given security state. - -The first parameter will be one of the `INTR_TYPE_*` values (see [IMF Design -Guide]) indicating the target type of the interrupt, the second parameter is the -security state of the originating execution context. The return result is the -bit position in the `SCR_EL3` register of the respective interrupt trap: IRQ=1, -FIQ=2. - -The FVP port configures the ARM GIC to signal S-EL1 interrupts as FIQs and -Non-secure interrupts as IRQs from either security state. - - -### Function : plat_ic_get_pending_interrupt_type() [mandatory] - - Argument : void - Return : uint32_t - -This API returns the type of the highest priority pending interrupt at the -platform IC. The IMF uses the interrupt type to retrieve the corresponding -handler function. `INTR_TYPE_INVAL` is returned when there is no interrupt -pending. The valid interrupt types that can be returned are `INTR_TYPE_EL3`, -`INTR_TYPE_S_EL1` and `INTR_TYPE_NS`. - -The FVP port reads the _Highest Priority Pending Interrupt Register_ -(`GICC_HPPIR`) to determine the id of the pending interrupt. The type of interrupt -depends upon the id value as follows. - -1. id < 1022 is reported as a S-EL1 interrupt -2. id = 1022 is reported as a Non-secure interrupt. -3. id = 1023 is reported as an invalid interrupt type. - - -### Function : plat_ic_get_pending_interrupt_id() [mandatory] - - Argument : void - Return : uint32_t - -This API returns the id of the highest priority pending interrupt at the -platform IC. The IMF passes the id returned by this API to the registered -handler for the pending interrupt if the `IMF_READ_INTERRUPT_ID` build time flag -is set. INTR_ID_UNAVAILABLE is returned when there is no interrupt pending. - -The FVP port reads the _Highest Priority Pending Interrupt Register_ -(`GICC_HPPIR`) to determine the id of the pending interrupt. The id that is -returned by API depends upon the value of the id read from the interrupt -controller as follows. - -1. id < 1022. id is returned as is. -2. id = 1022. The _Aliased Highest Priority Pending Interrupt Register_ - (`GICC_AHPPIR`) is read to determine the id of the non-secure interrupt. This - id is returned by the API. -3. id = 1023. `INTR_ID_UNAVAILABLE` is returned. - - -### Function : plat_ic_acknowledge_interrupt() [mandatory] - - Argument : void - Return : uint32_t - -This API is used by the CPU to indicate to the platform IC that processing of -the highest pending interrupt has begun. It should return the id of the -interrupt which is being processed. - -The FVP port reads the _Interrupt Acknowledge Register_ (`GICC_IAR`). This -changes the state of the highest priority pending interrupt from pending to -active in the interrupt controller. It returns the value read from the -`GICC_IAR`. This value is the id of the interrupt whose state has been changed. - -The TSP uses this API to start processing of the secure physical timer -interrupt. - - -### Function : plat_ic_end_of_interrupt() [mandatory] - - Argument : uint32_t - Return : void - -This API is used by the CPU to indicate to the platform IC that processing of -the interrupt corresponding to the id (passed as the parameter) has -finished. The id should be the same as the id returned by the -`plat_ic_acknowledge_interrupt()` API. - -The FVP port writes the id to the _End of Interrupt Register_ -(`GICC_EOIR`). This deactivates the corresponding interrupt in the interrupt -controller. - -The TSP uses this API to finish processing of the secure physical timer -interrupt. - - -### Function : plat_ic_get_interrupt_type() [mandatory] - - Argument : uint32_t - Return : uint32_t - -This API returns the type of the interrupt id passed as the parameter. -`INTR_TYPE_INVAL` is returned if the id is invalid. If the id is valid, a valid -interrupt type (one of `INTR_TYPE_EL3`, `INTR_TYPE_S_EL1` and `INTR_TYPE_NS`) is -returned depending upon how the interrupt has been configured by the platform -IC. - -The FVP port configures S-EL1 interrupts as Group0 interrupts and Non-secure -interrupts as Group1 interrupts. It reads the group value corresponding to the -interrupt id from the relevant _Interrupt Group Register_ (`GICD_IGROUPRn`). It -uses the group value to determine the type of interrupt. - -3.5 Crash Reporting mechanism (in BL3-1) ----------------------------------------------- -BL3-1 implements a crash reporting mechanism which prints the various registers -of the CPU to enable quick crash analysis and debugging. It requires that a -console is designated as the crash console by the platform which will be used to -print the register dump. - -The following functions must be implemented by the platform if it wants crash -reporting mechanism in BL3-1. The functions are implemented in assembly so that -they can be invoked without a C Runtime stack. - -### Function : plat_crash_console_init - - Argument : void - Return : int - -This API is used by the crash reporting mechanism to initialize the crash -console. It should only use the general purpose registers x0 to x2 to do the -initialization and returns 1 on success. - -The FVP port designates the `PL011_UART0` as the crash console and calls the -console_core_init() to initialize the console. - -### Function : plat_crash_console_putc - - Argument : int - Return : int - -This API is used by the crash reporting mechanism to print a character on the -designated crash console. It should only use general purpose registers x1 and -x2 to do its work. The parameter and the return value are in general purpose -register x0. - -The FVP port designates the `PL011_UART0` as the crash console and calls the -console_core_putc() to print the character on the console. - -4. Build flags ---------------- - -There are some build flags which can be defined by the platform to control -inclusion or exclusion of certain BL stages from the FIP image. These flags -need to be defined in the platform makefile which will get included by the -build system. - -* **NEED_BL30** - This flag if defined by the platform mandates that a BL3-0 binary should - be included in the FIP image. The path to the BL3-0 binary can be specified - by the `BL30` build option (see build options in the [User Guide]). - -* **NEED_BL33** - By default, this flag is defined `yes` by the build system and `BL33` - build option should be supplied as a build option. The platform has the option - of excluding the BL3-3 image in the `fip` image by defining this flag to - `no`. - -5. C Library -------------- - -To avoid subtle toolchain behavioral dependencies, the header files provided -by the compiler are not used. The software is built with the `-nostdinc` flag -to ensure no headers are included from the toolchain inadvertently. Instead the -required headers are included in the ARM Trusted Firmware source tree. The -library only contains those C library definitions required by the local -implementation. If more functionality is required, the needed library functions -will need to be added to the local implementation. - -Versions of [FreeBSD] headers can be found in `include/stdlib`. Some of these -headers have been cut down in order to simplify the implementation. In order to -minimize changes to the header files, the [FreeBSD] layout has been maintained. -The generic C library definitions can be found in `include/stdlib` with more -system and machine specific declarations in `include/stdlib/sys` and -`include/stdlib/machine`. - -The local C library implementations can be found in `lib/stdlib`. In order to -extend the C library these files may need to be modified. It is recommended to -use a release version of [FreeBSD] as a starting point. - -The C library header files in the [FreeBSD] source tree are located in the -`include` and `sys/sys` directories. [FreeBSD] machine specific definitions -can be found in the `sys/<machine-type>` directories. These files define things -like 'the size of a pointer' and 'the range of an integer'. Since an AArch64 -port for [FreeBSD] does not yet exist, the machine specific definitions are -based on existing machine types with similar properties (for example SPARC64). - -Where possible, C library function implementations were taken from [FreeBSD] -as found in the `lib/libc` directory. - -A copy of the [FreeBSD] sources can be downloaded with `git`. - - git clone git://github.com/freebsd/freebsd.git -b origin/release/9.2.0 - - -6. Storage abstraction layer ------------------------------ - -In order to improve platform independence and portability an storage abstraction -layer is used to load data from non-volatile platform storage. - -Each platform should register devices and their drivers via the Storage layer. -These drivers then need to be initialized by bootloader phases as -required in their respective `blx_platform_setup()` functions. Currently -storage access is only required by BL1 and BL2 phases. The `load_image()` -function uses the storage layer to access non-volatile platform storage. - -It is mandatory to implement at least one storage driver. For the FVP the -Firmware Image Package(FIP) driver is provided as the default means to load data -from storage (see the "Firmware Image Package" section in the [User Guide]). -The storage layer is described in the header file -`include/drivers/io/io_storage.h`. The implementation of the common library -is in `drivers/io/io_storage.c` and the driver files are located in -`drivers/io/`. - -Each IO driver must provide `io_dev_*` structures, as described in -`drivers/io/io_driver.h`. These are returned via a mandatory registration -function that is called on platform initialization. The semi-hosting driver -implementation in `io_semihosting.c` can be used as an example. - -The Storage layer provides mechanisms to initialize storage devices before -IO operations are called. The basic operations supported by the layer -include `open()`, `close()`, `read()`, `write()`, `size()` and `seek()`. -Drivers do not have to implement all operations, but each platform must -provide at least one driver for a device capable of supporting generic -operations such as loading a bootloader image. - -The current implementation only allows for known images to be loaded by the -firmware. These images are specified by using their names, as defined in -[include/plat/common/platform.h]. The platform layer (`plat_get_image_source()`) -then returns a reference to a device and a driver-specific `spec` which will be -understood by the driver to allow access to the image data. - -The layer is designed in such a way that is it possible to chain drivers with -other drivers. For example, file-system drivers may be implemented on top of -physical block devices, both represented by IO devices with corresponding -drivers. In such a case, the file-system "binding" with the block device may -be deferred until the file-system device is initialised. - -The abstraction currently depends on structures being statically allocated -by the drivers and callers, as the system does not yet provide a means of -dynamically allocating memory. This may also have the affect of limiting the -amount of open resources per driver. - - -- - - - - - - - - - - - - - - - - - - - - - - - - - - -_Copyright (c) 2013-2014, ARM Limited and Contributors. All rights reserved._ - - -[ARM GIC Architecture Specification]: http://arminfo.emea.arm.com/help/topic/com.arm.doc.ihi0048b/IHI0048B_gic_architecture_specification.pdf -[IMF Design Guide]: interrupt-framework-design.md -[User Guide]: user-guide.md -[FreeBSD]: http://www.freebsd.org -[Firmware Design Guide]: firmware-design.md - -[plat/common/aarch64/platform_mp_stack.S]: ../plat/common/aarch64/platform_mp_stack.S -[plat/common/aarch64/platform_up_stack.S]: ../plat/common/aarch64/platform_up_stack.S -[plat/fvp/include/platform_def.h]: ../plat/fvp/include/platform_def.h -[plat/fvp/include/plat_macros.S]: ../plat/fvp/include/plat_macros.S -[plat/fvp/aarch64/plat_common.c]: ../plat/fvp/aarch64/plat_common.c -[plat/fvp/plat_pm.c]: ../plat/fvp/plat_pm.c -[include/runtime_svc.h]: ../include/runtime_svc.h -[include/plat/common/platform.h]: ../include/plat/common/platform.h |