diff --git a/docs/user-guide.md b/docs/user-guide.md index 25f884e..9f9d0a5 100644 --- a/docs/user-guide.md +++ b/docs/user-guide.md @@ -428,6 +428,14 @@ in which case the platform is configured to expect NULL in the State-ID field of power-state parameter. +* `ARM_DISABLE_TRUSTED_WDOG`: boolean option to disable the Trusted Watchdog. + By default, ARM platforms use a watchdog to trigger a system reset in case + an error is encountered during the boot process (for example, when an image + could not be loaded or authenticated). The watchdog is enabled in the early + platform setup hook at BL1 and disabled in the BL1 prepare exit hook. The + Trusted Watchdog may be disabled at build time for testing or development + purposes. + #### ARM CSS platform specific build options * `CSS_DETECT_PRE_1_7_0_SCP`: Boolean flag to detect SCP version diff --git a/include/plat/arm/board/common/v2m_def.h b/include/plat/arm/board/common/v2m_def.h index 7a4ef5a..7ed0af6 100644 --- a/include/plat/arm/board/common/v2m_def.h +++ b/include/plat/arm/board/common/v2m_def.h @@ -38,6 +38,9 @@ #define V2M_SYS_ID 0x0 #define V2M_SYS_SWITCH 0x4 #define V2M_SYS_LED 0x8 +#define V2M_SYS_NVFLAGS 0x38 +#define V2M_SYS_NVFLAGSSET 0x38 +#define V2M_SYS_NVFLAGSCLR 0x3c #define V2M_SYS_CFGDATA 0xa0 #define V2M_SYS_CFGCTRL 0xa4 #define V2M_SYS_CFGSTATUS 0xa8 @@ -109,7 +112,11 @@ #define V2M_SP804_TIMER0_BASE 0x1C110000 #define V2M_SP804_TIMER1_BASE 0x1C120000 -#define V2M_MAP_FLASH0 MAP_REGION_FLAT(V2M_FLASH0_BASE,\ +#define V2M_MAP_FLASH0_RW MAP_REGION_FLAT(V2M_FLASH0_BASE,\ + V2M_FLASH0_SIZE, \ + MT_DEVICE | MT_RW | MT_SECURE) + +#define V2M_MAP_FLASH0_RO MAP_REGION_FLAT(V2M_FLASH0_BASE,\ V2M_FLASH0_SIZE, \ MT_MEMORY | MT_RO | MT_SECURE) diff --git a/include/plat/arm/common/arm_def.h b/include/plat/arm/common/arm_def.h index 452c385..4726d5e 100644 --- a/include/plat/arm/common/arm_def.h +++ b/include/plat/arm/common/arm_def.h @@ -175,6 +175,15 @@ #define ARM_CONSOLE_BAUDRATE 115200 +/* Trusted Watchdog constants */ +#define ARM_SP805_TWDG_BASE 0x2a490000 +#define ARM_SP805_TWDG_CLK_HZ 32768 +/* The TBBR document specifies a watchdog timeout of 256 seconds. SP805 + * asserts reset after two consecutive countdowns (2 x 128 = 256 sec) */ +#define ARM_TWDG_TIMEOUT_SEC 128 +#define ARM_TWDG_LOAD_VAL (ARM_SP805_TWDG_CLK_HZ * \ + ARM_TWDG_TIMEOUT_SEC) + /****************************************************************************** * Required platform porting definitions common to all ARM standard platforms *****************************************************************************/ diff --git a/plat/arm/board/common/board_common.mk b/plat/arm/board/common/board_common.mk index bec49ed..9e0c848 100644 --- a/plat/arm/board/common/board_common.mk +++ b/plat/arm/board/common/board_common.mk @@ -28,14 +28,15 @@ # POSSIBILITY OF SUCH DAMAGE. # -PLAT_INCLUDES += -Iinclude/plat/arm/board/common/ +PLAT_INCLUDES += -Iinclude/plat/arm/board/common/ \ + -Iinclude/plat/arm/board/common/drivers PLAT_BL_COMMON_SOURCES += drivers/arm/pl011/pl011_console.S \ plat/arm/board/common/aarch64/board_arm_helpers.S -#BL1_SOURCES += +BL1_SOURCES += plat/arm/board/common/drivers/norflash/norflash.c -#BL2_SOURCES += +BL2_SOURCES += plat/arm/board/common/drivers/norflash/norflash.c #BL31_SOURCES += diff --git a/plat/arm/board/common/board_css_common.c b/plat/arm/board/common/board_css_common.c index 3bb3dd6..7bf0273 100644 --- a/plat/arm/board/common/board_css_common.c +++ b/plat/arm/board/common/board_css_common.c @@ -38,7 +38,7 @@ #if IMAGE_BL1 const mmap_region_t plat_arm_mmap[] = { ARM_MAP_SHARED_RAM, - V2M_MAP_FLASH0, + V2M_MAP_FLASH0_RO, V2M_MAP_IOFPGA, CSS_MAP_DEVICE, SOC_CSS_MAP_DEVICE, @@ -48,7 +48,7 @@ #if IMAGE_BL2 const mmap_region_t plat_arm_mmap[] = { ARM_MAP_SHARED_RAM, - V2M_MAP_FLASH0, + V2M_MAP_FLASH0_RO, V2M_MAP_IOFPGA, CSS_MAP_DEVICE, SOC_CSS_MAP_DEVICE, diff --git a/plat/arm/board/fvp/aarch64/fvp_common.c b/plat/arm/board/fvp/aarch64/fvp_common.c index 58b646a..8771e5b 100644 --- a/plat/arm/board/fvp/aarch64/fvp_common.c +++ b/plat/arm/board/fvp/aarch64/fvp_common.c @@ -68,7 +68,7 @@ #if IMAGE_BL1 const mmap_region_t plat_arm_mmap[] = { ARM_MAP_SHARED_RAM, - V2M_MAP_FLASH0, + V2M_MAP_FLASH0_RW, V2M_MAP_IOFPGA, MAP_DEVICE0, MAP_DEVICE1, @@ -79,7 +79,7 @@ #if IMAGE_BL2 const mmap_region_t plat_arm_mmap[] = { ARM_MAP_SHARED_RAM, - V2M_MAP_FLASH0, + V2M_MAP_FLASH0_RW, V2M_MAP_IOFPGA, MAP_DEVICE0, MAP_DEVICE1, diff --git a/plat/arm/board/fvp/fvp_err.c b/plat/arm/board/fvp/fvp_err.c new file mode 100644 index 0000000..7867e49 --- /dev/null +++ b/plat/arm/board/fvp/fvp_err.c @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of ARM nor the names of its contributors may be used + * to endorse or promote products derived from this software without specific + * prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include + +/* + * FVP error handler + */ +void plat_error_handler(int err) +{ + int ret; + + switch (err) { + case -ENOENT: + case -EAUTH: + /* Image load or authentication error. Erase the ToC */ + INFO("Erasing FIP ToC from flash...\n"); + nor_unlock(PLAT_ARM_FIP_BASE); + ret = nor_word_program(PLAT_ARM_FIP_BASE, 0); + if (ret) { + ERROR("Cannot erase ToC\n"); + } else { + INFO("Done\n"); + } + break; + default: + /* Unexpected error */ + break; + } + + /* Loop until the watchdog resets the system */ + for (;;) + ; +} diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk index 51b718e..c46d3b7 100644 --- a/plat/arm/board/fvp/platform.mk +++ b/plat/arm/board/fvp/platform.mk @@ -41,6 +41,7 @@ lib/semihosting/aarch64/semihosting_call.S \ plat/arm/board/fvp/aarch64/fvp_helpers.S \ plat/arm/board/fvp/fvp_bl1_setup.c \ + plat/arm/board/fvp/fvp_err.c \ plat/arm/board/fvp/fvp_io_storage.c BL2_SOURCES += drivers/arm/sp804/sp804_delay_timer.c \ @@ -49,6 +50,7 @@ lib/semihosting/semihosting.c \ lib/semihosting/aarch64/semihosting_call.S \ plat/arm/board/fvp/fvp_bl2_setup.c \ + plat/arm/board/fvp/fvp_err.c \ plat/arm/board/fvp/fvp_io_storage.c \ plat/arm/board/fvp/fvp_security.c diff --git a/plat/arm/board/juno/juno_err.c b/plat/arm/board/juno/juno_err.c new file mode 100644 index 0000000..497cc7f --- /dev/null +++ b/plat/arm/board/juno/juno_err.c @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of ARM nor the names of its contributors may be used + * to endorse or promote products derived from this software without specific + * prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include + +#define V2M_SYS_NVFLAGS_ADDR (V2M_SYSREGS_BASE + V2M_SYS_NVFLAGS) + +/* + * Juno error handler + */ +void plat_error_handler(int err) +{ + uint32_t *flags_ptr = (uint32_t *)V2M_SYS_NVFLAGS_ADDR; + + /* Propagate the err code in the NV-flags register */ + *flags_ptr = err; + + /* Loop until the watchdog resets the system */ + for (;;) + ; +} diff --git a/plat/arm/board/juno/platform.mk b/plat/arm/board/juno/platform.mk index b711f3d..127dcbe 100644 --- a/plat/arm/board/juno/platform.mk +++ b/plat/arm/board/juno/platform.mk @@ -34,9 +34,11 @@ BL1_SOURCES += lib/cpus/aarch64/cortex_a53.S \ lib/cpus/aarch64/cortex_a57.S \ - lib/cpus/aarch64/cortex_a72.S + lib/cpus/aarch64/cortex_a72.S \ + plat/arm/board/juno/juno_err.c BL2_SOURCES += plat/arm/board/juno/juno_security.c \ + plat/arm/board/juno/juno_err.c BL31_SOURCES += lib/cpus/aarch64/cortex_a53.S \ lib/cpus/aarch64/cortex_a57.S \ diff --git a/plat/arm/common/arm_bl1_setup.c b/plat/arm/common/arm_bl1_setup.c index 887223c..79c7d94 100644 --- a/plat/arm/common/arm_bl1_setup.c +++ b/plat/arm/common/arm_bl1_setup.c @@ -35,6 +35,7 @@ #include #include #include +#include #include "../../../bl1/bl1_private.h" @@ -74,6 +75,11 @@ { const size_t bl1_size = BL1_RAM_LIMIT - BL1_RAM_BASE; +#if !ARM_DISABLE_TRUSTED_WDOG + /* Enable watchdog */ + sp805_start(ARM_SP805_TWDG_BASE, ARM_TWDG_LOAD_VAL); +#endif + /* Initialize the console to provide early debug support */ console_init(PLAT_ARM_BOOT_UART_BASE, PLAT_ARM_BOOT_UART_CLK_IN_HZ, ARM_CONSOLE_BAUDRATE); @@ -147,6 +153,11 @@ void bl1_plat_prepare_exit(entry_point_info_t *ep_info) { +#if !ARM_DISABLE_TRUSTED_WDOG + /* Disable watchdog before leaving BL1 */ + sp805_stop(ARM_SP805_TWDG_BASE); +#endif + #ifdef EL3_PAYLOAD_BASE /* * Program the EL3 payload's entry point address into the CPUs mailbox diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk index 7b23527..1290cef 100644 --- a/plat/arm/common/arm_common.mk +++ b/plat/arm/common/arm_common.mk @@ -63,6 +63,15 @@ $(eval $(call assert_boolean,ARM_RECOM_STATE_ID_ENC)) $(eval $(call add_define,ARM_RECOM_STATE_ID_ENC)) +# Process ARM_DISABLE_TRUSTED_WDOG flag +# By default, Trusted Watchdog is always enabled unless SPIN_ON_BL1_EXIT is set +ARM_DISABLE_TRUSTED_WDOG := 0 +ifeq (${SPIN_ON_BL1_EXIT}, 1) +ARM_DISABLE_TRUSTED_WDOG := 1 +endif +$(eval $(call assert_boolean,ARM_DISABLE_TRUSTED_WDOG)) +$(eval $(call add_define,ARM_DISABLE_TRUSTED_WDOG)) + PLAT_INCLUDES += -Iinclude/common/tbbr \ -Iinclude/plat/arm/common \ -Iinclude/plat/arm/common/aarch64 @@ -75,6 +84,7 @@ BL1_SOURCES += drivers/arm/cci/cci.c \ drivers/arm/ccn/ccn.c \ + drivers/arm/sp805/sp805.c \ drivers/io/io_fip.c \ drivers/io/io_memmap.c \ drivers/io/io_storage.c \