Fork us on GitHub Follow us on Facebook Follow us on Twitter

Changeset 7e87436 in mainline


Ignore:
Timestamp:
2013-01-11T00:34:32Z (9 years ago)
Author:
Jan Vesely <jano.vesely@…>
Branches:
lfn, master
Children:
eb1d9c1
Parents:
b9f72b97
Message:

arm32: Add Security extensions basics.

No monitor call handling, just checks.

Location:
kernel/arch/arm32
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • kernel/arch/arm32/Makefile.inc

    rb9f72b97 r7e87436  
    3434
    3535GCC_CFLAGS += -fno-omit-frame-pointer -mapcs-frame -march=$(subst _,-,$(PROCESSOR)) -mno-unaligned-access
     36
     37ifeq ($(MACHINE),beagleboardxm)
     38GCC_CFLAGS += -mcpu=cortex-a8
     39endif
    3640
    3741ifeq ($(CONFIG_FPU),y)
  • kernel/arch/arm32/include/security_ext.h

    rb9f72b97 r7e87436  
    4949}
    5050
     51static inline bool sec_ext_is_monitor_mode()
     52{
     53        return (current_status_reg_read() & MODE_MASK) == MONITOR_MODE;
     54}
     55
    5156static inline bool sec_ext_is_secure()
    5257{
    5358        return sec_ext_is_implemented()
    54             && ((current_status_reg_read() & MODE_MASK) == MONITOR_MODE
    55                 || !(SCR_read() & SCR_NS_FLAG));
     59            && (sec_ext_is_monitor_mode() || !(SCR_read() & SCR_NS_FLAG));
    5660}
     61
     62typedef enum {
     63        SECURITY_CALL_ENABLE_CP10_11 = 0xaaaa
     64} sec_ext_call_t;
     65
     66static inline void sec_ext_call(sec_ext_call_t call)
     67{
     68        asm volatile ("mov r0, %0\nsmc #0" ::"r"(call));
     69}
     70
     71int sec_ext_handle_call(sec_ext_call_t call);
    5772
    5873#endif
  • kernel/arch/arm32/src/fpu_context.c

    rb9f72b97 r7e87436  
    3838#include <arch/types.h>
    3939#include <arch/security_ext.h>
     40#include <arch/cp15.h>
    4041#include <cpu.h>
    4142
     
    113114static void (*restore_context)(fpu_context_t *ctx);
    114115
     116int sec_ext_handle_call(sec_ext_call_t call)
     117{
     118        printf("Handling secure call %x in %s context (%s mode-%x)\n",
     119                call, sec_ext_is_secure() ? "secure" : "unsecure",
     120                sec_ext_is_monitor_mode() ? "monitor" : "other",
     121                current_status_reg_read());
     122        if (sec_ext_is_monitor_mode() && call == SECURITY_CALL_ENABLE_CP10_11)
     123                return 1;
     124        return 0;
     125}
     126
    115127static int fpu_have_coprocessor_access()
    116128{
     
    118130 * rely on user decision to use CONFIG_FPU.
    119131 */
    120 #ifndef PROCESSOR_armv7_a
    121         return 1;
    122 #endif
     132#ifdef PROCESSOR_armv7_a
    123133        const uint32_t cpacr = CPACR_read();
    124134        /* FPU needs access to coprocessor 10 and 11.
    125135         * Moreover they need to have same access enabledd */
    126         if (((cpacr & CPACR_CP_MASK(10)) == CPACR_CP_FULL_ACCESS(10)) &&
    127            ((cpacr & CPACR_CP_MASK(11)) == CPACR_CP_FULL_ACCESS(11)))
    128                 return 1;
    129         printf("No sccess to CP10 and CP11: %" PRIx32 "\n", cpacr);
    130         return 0;
     136        if (((cpacr & CPACR_CP_MASK(10)) != CPACR_CP_FULL_ACCESS(10)) &&
     137           ((cpacr & CPACR_CP_MASK(11)) != CPACR_CP_FULL_ACCESS(11))) {
     138                printf("No access to CP10 and CP11: %" PRIx32 "\n", cpacr);
     139                return 0;
     140        }
     141#endif
     142        return 1;
    131143}
    132144
     
    150162        return;
    151163#endif
    152 #if 0
    153         uint32_t cpr;
    154         asm volatile("MRC p15, 0, %0, c1, c1, 0" : "=r" (cpr)::);
    155         if (cpr & 1)
    156                 printf("We are in unsecure state, we can't change access\n");
    157 
    158         /* Allow non-secure access */
    159         uint32_t nsacr;
    160         asm volatile ("mrc p15, 0, %0, c1, c1, 2" :"=r" (nsacr)::);
    161         /* FPU needs access to coprocessor 10 and 11.
    162          * Moreover, they need to have same access enabled */
    163         nsacr |= NSACR_CP10_FLAG | NSACR_CP11_FLAG;
    164         asm volatile ("mcr p15, 0, %0, c1, c1, 2" :"=r" (nsacr)::);
    165 
    166 #ifdef MACHINE_beagleboardxm
    167         asm volatile ("isb" ::: "memory" );
    168 #endif
    169 #endif
     164        if (sec_ext_is_implemented()) {
     165                printf("Enabling FPU in %s context (%x)\n",
     166                        sec_ext_is_secure() ? "secure" : "unsecure",
     167                        SCR_read());
     168                if (!sec_ext_is_secure()) {
     169                        sec_ext_call(SECURITY_CALL_ENABLE_CP10_11);
     170                } else {
     171                        uint32_t nsacr = NSACR_read();
     172                        nsacr |= NSACR_CP_FLAG(10) | NSACR_CP_FLAG(11);
     173                        NSACR_write(nsacr);
     174                        printf("NSACR: %x => %x\n", nsacr, NSACR_read());
     175                        smc_coherence(0);
     176                }
     177        }
     178
    170179        /* Allow coprocessor access */
    171180        uint32_t cpacr = CPACR_read();
     
    184193void fpu_init(void)
    185194{
    186         /* Enable coprocessor access*/
    187         fpu_enable_coprocessor_access();
    188 
    189         /* Check if we succeeded */
     195        /* Check if we have access */
    190196        if (!fpu_have_coprocessor_access())
    191197                return;
     
    202208void fpu_setup(void)
    203209{
    204         /* Check if we have access */
     210        /* Enable coprocessor access*/
     211        fpu_enable_coprocessor_access();
     212
     213        /* Check if we succeeded */
    205214        if (!fpu_have_coprocessor_access())
    206215                return;
Note: See TracChangeset for help on using the changeset viewer.