css_bom_bootloader.c 4.89 KB
Newer Older
1
/*
2
 * Copyright (c) 2014-2017, ARM Limited and Contributors. All rights reserved.
3
 *
dp-arm's avatar
dp-arm committed
4
 * SPDX-License-Identifier: BSD-3-Clause
5
6
7
 */

#include <arch_helpers.h>
8
#include <assert.h>
9
#include <cassert.h>
10
#include <css_def.h>
11
#include <debug.h>
12
#include <platform.h>
13
#include <stdint.h>
14
#include "../scpi/css_mhu.h"
15

16
17
/* ID of the MHU slot used for the BOM protocol */
#define BOM_MHU_SLOT_ID		0
18

19
20
21
/* Boot commands sent from AP -> SCP */
#define BOOT_CMD_INFO	0x00
#define BOOT_CMD_DATA	0x01
22

23
/* BOM command header */
24
typedef struct {
25
26
27
	uint32_t id : 8;
	uint32_t reserved : 24;
} bom_cmd_t;
28
29

typedef struct {
30
31
32
	uint32_t image_size;
	uint32_t checksum;
} cmd_info_payload_t;
33
34

/*
35
 * Unlike the SCPI protocol, the boot protocol uses the same memory region
36
37
 * for both AP -> SCP and SCP -> AP transfers; define the address of this...
 */
38
#define BOM_SHARED_MEM		PLAT_CSS_SCP_COM_SHARED_MEM_BASE
39
40
#define BOM_CMD_HEADER		((bom_cmd_t *) BOM_SHARED_MEM)
#define BOM_CMD_PAYLOAD		((void *) (BOM_SHARED_MEM + sizeof(bom_cmd_t)))
41

42
43
44
45
46
typedef struct {
	/* Offset from the base address of the Trusted RAM */
	uint32_t offset;
	uint32_t block_size;
} cmd_data_payload_t;
47

48
49
50
51
52
53
54
55
56
57
58
59
/*
 * All CSS platforms load SCP_BL2/SCP_BL2U just below BL rw-data and above
 * BL2/BL2U (this is where BL31 usually resides except when ARM_BL31_IN_DRAM is
 * set. Ensure that SCP_BL2/SCP_BL2U do not overflow into BL1 rw-data nor
 * BL2/BL2U.
 */
CASSERT(SCP_BL2_LIMIT <= BL1_RW_BASE, assert_scp_bl2_overwrite_bl1);
CASSERT(SCP_BL2U_LIMIT <= BL1_RW_BASE, assert_scp_bl2u_overwrite_bl1);

CASSERT(SCP_BL2_BASE >= BL2_LIMIT, assert_scp_bl2_overwrite_bl2);
CASSERT(SCP_BL2U_BASE >= BL2U_LIMIT, assert_scp_bl2u_overwrite_bl2u);

60
61
62
static void scp_boot_message_start(void)
{
	mhu_secure_message_start(BOM_MHU_SLOT_ID);
63
64
}

65
static void scp_boot_message_send(size_t payload_size)
66
{
67
68
69
70
	/* Ensure that any write to the BOM payload area is seen by SCP before
	 * we write to the MHU register. If these 2 writes were reordered by
	 * the CPU then SCP would read stale payload data */
	dmbst();
71
72

	/* Send command to SCP */
73
	mhu_secure_message_send(BOM_MHU_SLOT_ID);
74
75
76
77
}

static uint32_t scp_boot_message_wait(size_t size)
{
78
79
80
81
82
83
84
85
86
87
	uint32_t mhu_status;

	mhu_status = mhu_secure_message_wait();

	/* Expect an SCP Boot Protocol message, reject any other protocol */
	if (mhu_status != (1 << BOM_MHU_SLOT_ID)) {
		ERROR("MHU: Unexpected protocol (MHU status: 0x%x)\n",
			mhu_status);
		panic();
	}
88

89
90
91
92
	/* Ensure that any read to the BOM payload area is done after reading
	 * the MHU register. If these 2 reads were reordered then the CPU would
	 * read invalid payload data */
	dmbld();
93

94
	return *(uint32_t *) BOM_SHARED_MEM;
95
96
97
98
}

static void scp_boot_message_end(void)
{
99
	mhu_secure_message_end(BOM_MHU_SLOT_ID);
100
101
}

102
int css_scp_boot_image_xfer(void *image, unsigned int image_size)
103
{
104
105
106
107
	uint32_t response;
	uint32_t checksum;
	cmd_info_payload_t *cmd_info_payload;
	cmd_data_payload_t *cmd_data_payload;
108

109
	assert((uintptr_t) image == SCP_BL2_BASE);
110

111
	if ((image_size == 0) || (image_size % 4 != 0)) {
112
		ERROR("Invalid size for the SCP_BL2 image. Must be a multiple of "
113
114
115
116
			"4 bytes and not zero (current size = 0x%x)\n",
			image_size);
		return -1;
	}
117

118
119
120
121
	/* Extract the checksum from the image */
	checksum = *(uint32_t *) image;
	image = (char *) image + sizeof(checksum);
	image_size -= sizeof(checksum);
122

123
	mhu_secure_init();
124

125
	VERBOSE("Send info about the SCP_BL2 image to be transferred to SCP\n");
126

127
128
129
130
131
132
133
134
135
136
137
138
	/*
	 * Send information about the SCP firmware image about to be transferred
	 * to SCP
	 */
	scp_boot_message_start();

	BOM_CMD_HEADER->id = BOOT_CMD_INFO;
	cmd_info_payload = BOM_CMD_PAYLOAD;
	cmd_info_payload->image_size = image_size;
	cmd_info_payload->checksum = checksum;

	scp_boot_message_send(sizeof(*cmd_info_payload));
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
#if CSS_DETECT_PRE_1_7_0_SCP
	{
		const uint32_t deprecated_scp_nack_cmd = 0x404;
		uint32_t mhu_status;

		VERBOSE("Detecting SCP version incompatibility\n");

		mhu_status = mhu_secure_message_wait();
		if (mhu_status == deprecated_scp_nack_cmd) {
			ERROR("Detected an incompatible version of the SCP firmware.\n");
			ERROR("Only versions from v1.7.0 onwards are supported.\n");
			ERROR("Please update the SCP firmware.\n");
			return -1;
		}

		VERBOSE("SCP version looks OK\n");
	}
#endif /* CSS_DETECT_PRE_1_7_0_SCP */
157
158
	response = scp_boot_message_wait(sizeof(response));
	scp_boot_message_end();
159

160
161
162
163
164
	if (response != 0) {
		ERROR("SCP BOOT_CMD_INFO returned error %u\n", response);
		return -1;
	}

165
	VERBOSE("Transferring SCP_BL2 image to SCP\n");
166

167
	/* Transfer SCP_BL2 image to SCP */
168
	scp_boot_message_start();
169

170
171
	BOM_CMD_HEADER->id = BOOT_CMD_DATA;
	cmd_data_payload = BOM_CMD_PAYLOAD;
172
	cmd_data_payload->offset = (uintptr_t) image - ARM_TRUSTED_SRAM_BASE;
173
	cmd_data_payload->block_size = image_size;
174

175
176
177
	scp_boot_message_send(sizeof(*cmd_data_payload));
	response = scp_boot_message_wait(sizeof(response));
	scp_boot_message_end();
178

179
180
181
	if (response != 0) {
		ERROR("SCP BOOT_CMD_DATA returned error %u\n", response);
		return -1;
182
183
	}

184
	return 0;
185
}