[U-Boot] [PATCH 02/11] arm: Allow U-Boot Proper to run in normal world

Sat Jul 14 00:11:47 UTC 2018

From: Henry Beberman <henry.beberman at microsoft.com>

In order to minimize the surface area of secure world code, the i.MX
Windows 10 IoT Core boot flow uses SPL to jump into OP-TEE as soon as
possible. Once OP-TEE has locked down resources it returns into the
entry point U-Boot Proper in normal world.

The CONFIG_SYS_NORMAL_WORLD Kconfig option has been added so that
segments of code with a dependency on secure world are built into SPL
and selectively omitted from the U-Boot Proper built for normal world.
This is only enabled when the CONFIG_SPL_OPTEE_BOOT Kconfig option is
set. CONFIG_SPL_OPTEE_BOOT is added in the next patch in this series.

Signed-off-by: Henry Beberman <henry.beberman at microsoft.com>
Cc: Stefano Babic <sbabic at denx.de>
Cc: Fabio Estevam <fabio.estevam at nxp.com>
Cc: Tom Rini <trini at konsulko.com>
---
 arch/arm/cpu/armv7/Kconfig     |  7 +++++++
 arch/arm/cpu/armv7/start.S     | 11 ++++++-----
 arch/arm/mach-imx/mx7/soc.c    |  7 +++++--
 arch/arm/mach-imx/syscounter.c |  2 ++
 include/configs/mx6_common.h   |  5 +++++
 include/configs/mx7_common.h   |  5 +++++
 6 files changed, 30 insertions(+), 7 deletions(-)

diff --git a/arch/arm/cpu/armv7/Kconfig b/arch/arm/cpu/armv7/Kconfig
index 37a0be932e..21d68ccb67 100644
--- a/arch/arm/cpu/armv7/Kconfig
+++ b/arch/arm/cpu/armv7/Kconfig
@@ -58,4 +58,11 @@ config ARMV7_LPAE
 	Say Y here to use the long descriptor page table format. This is
 	required if U-Boot runs in HYP mode.
 
+config SYS_NORMAL_WORLD
+	bool "An internal build option that tells code that it is running in normal world"
+	default n
+	help
+	  This option is set internally by headers if the code being
+	  compiled must run in normal world.
+
 endif
diff --git a/arch/arm/cpu/armv7/start.S b/arch/arm/cpu/armv7/start.S
index c996525f86..14612fd0fe 100644
--- a/arch/arm/cpu/armv7/start.S
+++ b/arch/arm/cpu/armv7/start.S
@@ -168,30 +168,31 @@ ENTRY(cpu_init_cp15)
 	mcr	p15, 0, r0, c1, c0, 0	@ write system control register
 #endif
 
-#if (defined(CONFIG_ARM_ERRATA_742230) || defined(CONFIG_ARM_ERRATA_794072))
+#if (defined(CONFIG_ARM_ERRATA_742230) || defined(CONFIG_ARM_ERRATA_794072)) \
+	&& !defined(CONFIG_SYS_NORMAL_WORLD)
 	mrc	p15, 0, r0, c15, c0, 1	@ read diagnostic register
 	orr	r0, r0, #1 << 4		@ set bit #4
 	mcr	p15, 0, r0, c15, c0, 1	@ write diagnostic register
 #endif
 
-#ifdef CONFIG_ARM_ERRATA_743622
+#if defined(CONFIG_ARM_ERRATA_743622) && !defined(CONFIG_SYS_NORMAL_WORLD)
 	mrc	p15, 0, r0, c15, c0, 1	@ read diagnostic register
 	orr	r0, r0, #1 << 6		@ set bit #6
 	mcr	p15, 0, r0, c15, c0, 1	@ write diagnostic register
 #endif
 
-#ifdef CONFIG_ARM_ERRATA_751472
+#if defined(CONFIG_ARM_ERRATA_751472) && !defined(CONFIG_SYS_NORMAL_WORLD)
 	mrc	p15, 0, r0, c15, c0, 1	@ read diagnostic register
 	orr	r0, r0, #1 << 11	@ set bit #11
 	mcr	p15, 0, r0, c15, c0, 1	@ write diagnostic register
 #endif
-#ifdef CONFIG_ARM_ERRATA_761320
+#if defined(CONFIG_ARM_ERRATA_761320) && !defined(CONFIG_SYS_NORMAL_WORLD)
 	mrc	p15, 0, r0, c15, c0, 1	@ read diagnostic register
 	orr	r0, r0, #1 << 21	@ set bit #21
 	mcr	p15, 0, r0, c15, c0, 1	@ write diagnostic register
 #endif
 
-#ifdef CONFIG_ARM_ERRATA_845369
+#if defined(CONFIG_ARM_ERRATA_845369) && !defined(CONFIG_SYS_NORMAL_WORLD)
 	mrc     p15, 0, r0, c15, c0, 1	@ read diagnostic register
 	orr     r0, r0, #1 << 22	@ set bit #22
 	mcr     p15, 0, r0, c15, c0, 1	@ write diagnostic register
diff --git a/arch/arm/mach-imx/mx7/soc.c b/arch/arm/mach-imx/mx7/soc.c
index 2aca24bbb0..cc987f2599 100644
--- a/arch/arm/mach-imx/mx7/soc.c
+++ b/arch/arm/mach-imx/mx7/soc.c
@@ -135,7 +135,7 @@ u32 __weak get_board_rev(void)
 #endif
 
 /* enable all periherial can be accessed in nosec mode */
-static void init_csu(void)
+static void __maybe_unused init_csu(void)
 {
 	int i = 0;
 	for (i = 0; i < CSU_NUM_REGS; i++)
@@ -164,7 +164,10 @@ int arch_cpu_init(void)
 {
 	init_aips();
 
+#ifndef CONFIG_SYS_NORMAL_WORLD
 	init_csu();
+#endif
+
 	/* Disable PDE bit of WMCR register */
 	imx_wdog_disable_powerdown();
 
@@ -194,7 +197,7 @@ int arch_misc_init(void)
 		env_set("soc", "imx7s");
 #endif
 
-#ifdef CONFIG_FSL_CAAM
+#if defined(CONFIG_FSL_CAAM) && !defined(CONFIG_SYS_NORMAL_WORLD)
 	sec_init();
 #endif
 
diff --git a/arch/arm/mach-imx/syscounter.c b/arch/arm/mach-imx/syscounter.c
index 676bb3caa9..cfd82236f8 100644
--- a/arch/arm/mach-imx/syscounter.c
+++ b/arch/arm/mach-imx/syscounter.c
@@ -57,6 +57,7 @@ static inline unsigned long long us_to_tick(unsigned long long usec)
 
 int timer_init(void)
 {
+#if !defined(CONFIG_SYS_NORMAL_WORLD)
 	struct sctr_regs *sctr = (struct sctr_regs *)SCTR_BASE_ADDR;
 	unsigned long val, freq;
 
@@ -70,6 +71,7 @@ int timer_init(void)
 	val &= ~(SC_CNTCR_FREQ0 | SC_CNTCR_FREQ1);
 	val |= SC_CNTCR_FREQ0 | SC_CNTCR_ENABLE | SC_CNTCR_HDBG;
 	writel(val, &sctr->cntcr);
+#endif
 
 	gd->arch.tbl = 0;
 	gd->arch.tbu = 0;
diff --git a/include/configs/mx6_common.h b/include/configs/mx6_common.h
index 1b2961f68e..756db4da61 100644
--- a/include/configs/mx6_common.h
+++ b/include/configs/mx6_common.h
@@ -69,4 +69,9 @@
 #endif
 #endif
 
+/* If OPTEE boot is enabled, u-boot proper runs in normal world */
+#if !defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_OPTEE_BOOT)
+#define CONFIG_SYS_NORMAL_WORLD
+#endif
+
 #endif
diff --git a/include/configs/mx7_common.h b/include/configs/mx7_common.h
index b0b7e1edd4..4864df5108 100644
--- a/include/configs/mx7_common.h
+++ b/include/configs/mx7_common.h
@@ -58,4 +58,9 @@
 #endif
 #endif
 
+/* If OPTEE boot is enabled, u-boot proper runs in normal world */
+#if !defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_OPTEE_BOOT)
+#define CONFIG_SYS_NORMAL_WORLD
+#endif
+
 #endif
-- 
2.16.2.gvfs.1.33.gf5370f1

