[PATCH 3/3] aarch64: always boot into EL1NS

Gedare Bloom gedare at rtems.org
Thu Jan 6 22:13:52 UTC 2022


Always start the executive in Exception Level 1, Non-Secure mode.
If we boot in EL3 Secure with GICv3 then we have to initialize
the distributor and redistributor to set up G1NS interrupts
early in the boot sequence before stepping down from EL3S to EL1NS.

Now there is no need to distinguish between secure and non-secure
world execution after the primary core boots, so get rid of the
AARCH64_IS_NONSECURE configuration option.
---
 bsps/aarch64/shared/start/start.S             | 46 +++++++++++--------
 .../xilinx-versal/start/bspstarthooks.c       |  3 +-
 bsps/shared/dev/irq/arm-gicv3.c               | 15 ++----
 spec/build/bsps/aarch64/a53/grp.yml           |  2 -
 spec/build/bsps/aarch64/a72/grp.yml           |  2 -
 spec/build/bsps/aarch64/optisns.yml           | 20 --------
 spec/build/bsps/aarch64/xilinx-versal/grp.yml |  2 -
 spec/build/bsps/aarch64/xilinx-zynqmp/grp.yml |  2 -
 8 files changed, 32 insertions(+), 60 deletions(-)
 delete mode 100644 spec/build/bsps/aarch64/optisns.yml

diff --git a/bsps/aarch64/shared/start/start.S b/bsps/aarch64/shared/start/start.S
index d5c7bdc3d5..8bd4f86f4e 100644
--- a/bsps/aarch64/shared/start/start.S
+++ b/bsps/aarch64/shared/start/start.S
@@ -144,6 +144,33 @@ _start:
   b.eq _el2_start
 
 _el3_start:
+  /*
+   * Before leaving the Secure World, we need to initialize the GIC. We
+   * do that here in an early stack context in EL3. This will NOT work
+   * on secondary core boot! We assume only the primary boot core will
+   * start in EL3 if any. Usually on real hardware, we should be running
+   * on top of trusted firmware and will not boot in EL3. Qemu fakes it
+   * for us and will start the primary core in EL3 and secondary cores
+   * will be brought up in EL1NS as expected.
+   */
+  #ifdef AARCH64_MULTILIB_ARCH_V8_ILP32
+    ldr w1, =_ISR_Stack_size
+    ldr w2, =_ISR_Stack_area_begin
+  #else
+    ldr x1, =_ISR_Stack_size
+    ldr x2, =_ISR_Stack_area_begin
+  #endif
+  add x3, x1, x2
+  /* using SP0 for the early init stack context at EL3 */
+  msr spsel, #0
+  mov sp, x3
+
+  /*
+   * Invoke the start hook 0.
+   * We don't set up exception handling, so this hook better behave.
+   */
+  bl bsp_start_hook_0
+
   /* Drop from EL3 to EL2 */
 
   /* Initialize HCR_EL2 and SCTLR_EL2 */
@@ -153,27 +180,16 @@ _el3_start:
   mrs x0, SCR_EL3
   /* Set EL2 to AArch64 */
   orr x0, x0, #(1<<10)
-#ifdef AARCH64_IS_NONSECURE
   /* Set EL1 to NS */
   orr x0, x0, #1
-#endif
   msr SCR_EL3, x0
 
   /* set EL2h mode for eret */
-#ifdef AARCH64_IS_NONSECURE
   mov x0, #0b01001
-#else
-  mov x0, #0b00101
-#endif
-
   msr SPSR_EL3, x0
 
   /* Set EL2 entry point */
-#ifdef AARCH64_IS_NONSECURE
   adr x0, _el2_start
-#else
-  adr x0, _el1_start
-#endif
   msr ELR_EL3, x0
   eret
 
@@ -293,14 +309,6 @@ _el1_start:
 
 #endif /* AARCH64_MULTILIB_VFP */
 
-  /*
-   * Invoke the start hook 0.
-   *
-   */
-
-  mov x1, x5    /* machine type number or ~0 for DT boot */
-  bl bsp_start_hook_0
-
   /* Branch to start hook 1 */
   bl bsp_start_hook_1
 
diff --git a/bsps/aarch64/xilinx-versal/start/bspstarthooks.c b/bsps/aarch64/xilinx-versal/start/bspstarthooks.c
index be98675a24..71d161125b 100644
--- a/bsps/aarch64/xilinx-versal/start/bspstarthooks.c
+++ b/bsps/aarch64/xilinx-versal/start/bspstarthooks.c
@@ -35,11 +35,12 @@
  */
 
 #include <bsp.h>
+#include <bsp/irq-generic.h>
 #include <bsp/start.h>
 
 BSP_START_TEXT_SECTION void bsp_start_hook_0(void)
 {
-  /* Do nothing */
+  bsp_interrupt_facility_initialize();
 }
 
 BSP_START_TEXT_SECTION void bsp_start_hook_1(void)
diff --git a/bsps/shared/dev/irq/arm-gicv3.c b/bsps/shared/dev/irq/arm-gicv3.c
index b2bd947dd4..afe21a8e15 100644
--- a/bsps/shared/dev/irq/arm-gicv3.c
+++ b/bsps/shared/dev/irq/arm-gicv3.c
@@ -312,14 +312,10 @@ rtems_status_code bsp_interrupt_vector_enable(rtems_vector_number vector)
     volatile gic_sgi_ppi *sgi_ppi =
       gicv3_get_sgi_ppi(_SMP_Get_current_processor());
 
-    /* Set interrupt group to 1 in the current security mode */
-#if defined(ARM_MULTILIB_ARCH_V4) || defined(AARCH64_IS_NONSECURE)
+    /* Set G1NS */
     sgi_ppi->icspigrpr[0] |= 1U << vector;
     sgi_ppi->icspigrpmodr[0] &= ~(1U << vector);
-#else
-    sgi_ppi->icspigrpr[0] &= ~(1U << vector);
-    sgi_ppi->icspigrpmodr[0] |= 1U << vector;
-#endif
+
     /* Set enable */
     sgi_ppi->icspiser[0] = 1U << vector;
   }
@@ -398,14 +394,9 @@ static void gicv3_init_cpu_interface(void)
   redist->icrwaker = waker;
 
   volatile gic_sgi_ppi *sgi_ppi = gicv3_get_sgi_ppi(cpu_index);
-  /* Set interrupt group to 1 in the current security mode */
-#if defined(ARM_MULTILIB_ARCH_V4) || defined(AARCH64_IS_NONSECURE)
+  /* Set G1NS */
   sgi_ppi->icspigrpr[0] = 0xffffffff;
   sgi_ppi->icspigrpmodr[0] = 0;
-#else
-  sgi_ppi->icspigrpr[0] = 0x0;
-  sgi_ppi->icspigrpmodr[0] = 0xffffffff;
-#endif
   for (int id = 0; id < 32; id++) {
     sgi_ppi->icspiprior[id] = PRIORITY_DEFAULT;
   }
diff --git a/spec/build/bsps/aarch64/a53/grp.yml b/spec/build/bsps/aarch64/a53/grp.yml
index 98ce7049f6..cc6418da75 100644
--- a/spec/build/bsps/aarch64/a53/grp.yml
+++ b/spec/build/bsps/aarch64/a53/grp.yml
@@ -11,8 +11,6 @@ links:
   uid: ../grp
 - role: build-dependency
   uid: ../start
-- role: build-dependency
-  uid: ../optisns
 - role: build-dependency
   uid: abi
 - role: build-dependency
diff --git a/spec/build/bsps/aarch64/a72/grp.yml b/spec/build/bsps/aarch64/a72/grp.yml
index 575acf68bc..3dbf7cca33 100644
--- a/spec/build/bsps/aarch64/a72/grp.yml
+++ b/spec/build/bsps/aarch64/a72/grp.yml
@@ -11,8 +11,6 @@ links:
   uid: ../grp
 - role: build-dependency
   uid: ../start
-- role: build-dependency
-  uid: ../optisns
 - role: build-dependency
   uid: abi
 - role: build-dependency
diff --git a/spec/build/bsps/aarch64/optisns.yml b/spec/build/bsps/aarch64/optisns.yml
deleted file mode 100644
index 8db901604b..0000000000
--- a/spec/build/bsps/aarch64/optisns.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-SPDX-License-Identifier: CC-BY-SA-4.0 OR BSD-2-Clause
-actions:
-- get-boolean: null
-- define-condition: null
-build-type: option
-copyrights:
-- Copyright (C) 2021 Gedare Bloom <gedare at rtems.org>
-default: true
-default-by-variant:
-- value: false
-  variants:
-  - aarch64/xilinx_versal_lp64_qemu
-  - aarch64/xilinx_versal_ilp32_qemu
-description: |
-  If set to true, then the processor starts and stays in the non-secure mode,
-  otherwise it will be in the secure mode.
-enabled-by: true
-links: []
-name: AARCH64_IS_NONSECURE
-type: build
diff --git a/spec/build/bsps/aarch64/xilinx-versal/grp.yml b/spec/build/bsps/aarch64/xilinx-versal/grp.yml
index 68e350c78d..f135f48a32 100644
--- a/spec/build/bsps/aarch64/xilinx-versal/grp.yml
+++ b/spec/build/bsps/aarch64/xilinx-versal/grp.yml
@@ -13,8 +13,6 @@ links:
   uid: ../start
 - role: build-dependency
   uid: ../optmmupages
-- role: build-dependency
-  uid: ../optisns
 - role: build-dependency
   uid: ../optgtusevirt
 - role: build-dependency
diff --git a/spec/build/bsps/aarch64/xilinx-zynqmp/grp.yml b/spec/build/bsps/aarch64/xilinx-zynqmp/grp.yml
index 5ff80f3392..0e89981af5 100644
--- a/spec/build/bsps/aarch64/xilinx-zynqmp/grp.yml
+++ b/spec/build/bsps/aarch64/xilinx-zynqmp/grp.yml
@@ -13,8 +13,6 @@ links:
   uid: ../start
 - role: build-dependency
   uid: ../optmmupages
-- role: build-dependency
-  uid: ../optisns
 - role: build-dependency
   uid: abi
 - role: build-dependency
-- 
2.25.1



More information about the devel mailing list