From 85e93ba0933d8f2d3f832f8a64602eaabb520c1f Mon Sep 17 00:00:00 2001 From: dp-arm Date: Wed, 8 Feb 2017 11:51:50 +0000 Subject: [PATCH 1/2] Disable secure self-hosted debug via MDCR_EL3/SDCR Trusted Firmware currently has no support for secure self-hosted debug. To avoid unexpected exceptions, disable software debug exceptions, other than software breakpoint instruction exceptions, from all exception levels in secure state. This applies to both AArch32 and AArch64 EL3 initialization. Change-Id: Id097e54a6bbcd0ca6a2be930df5d860d8d09e777 Signed-off-by: dp-arm --- include/common/aarch32/el3_common_macros.S | 5 +++++ include/common/aarch64/el3_common_macros.S | 5 +++-- include/lib/aarch32/arch.h | 9 +++++++++ include/lib/aarch64/arch.h | 9 +++++++++ 4 files changed, 26 insertions(+), 2 deletions(-) diff --git a/include/common/aarch32/el3_common_macros.S b/include/common/aarch32/el3_common_macros.S index 463a0806cf..f6b7527e95 100644 --- a/include/common/aarch32/el3_common_macros.S +++ b/include/common/aarch32/el3_common_macros.S @@ -98,6 +98,11 @@ orr r0, r0, #FPEXC_EN_BIT vmsr FPEXC, r0 isb + + /* Disable secure self-hosted invasive debug. */ + ldr r0, =SDCR_DEF_VAL + stcopr r0, SDCR + .endm /* ----------------------------------------------------------------------------- diff --git a/include/common/aarch64/el3_common_macros.S b/include/common/aarch64/el3_common_macros.S index cbfa6eec76..d8fd62531c 100644 --- a/include/common/aarch64/el3_common_macros.S +++ b/include/common/aarch64/el3_common_macros.S @@ -79,10 +79,11 @@ msr scr_el3, x0 /* --------------------------------------------------------------------- - * Reset registers that may have architecturally unknown reset values + * Disable secure self-hosted invasive debug. * --------------------------------------------------------------------- */ - msr mdcr_el3, xzr + mov_imm x0, MDCR_DEF_VAL + msr mdcr_el3, x0 /* --------------------------------------------------------------------- * Enable External Aborts and SError Interrupts now that the exception diff --git a/include/lib/aarch32/arch.h b/include/lib/aarch32/arch.h index 170fa84108..8525c7babd 100644 --- a/include/lib/aarch32/arch.h +++ b/include/lib/aarch32/arch.h @@ -125,6 +125,14 @@ #define SCTLR_AFE_BIT (1 << 29) #define SCTLR_TE_BIT (1 << 30) +/* SDCR definitions */ +#define SDCR_SPD(x) ((x) << 14) +#define SDCR_SPD_LEGACY 0x0 +#define SDCR_SPD_DISABLE 0x2 +#define SDCR_SPD_ENABLE 0x3 + +#define SDCR_DEF_VAL SDCR_SPD(SDCR_SPD_DISABLE) + /* HSCTLR definitions */ #define HSCTLR_RES1 ((1 << 29) | (1 << 28) | (1 << 23) | (1 << 22) \ | (1 << 18) | (1 << 16) | (1 << 11) | (1 << 4) \ @@ -345,6 +353,7 @@ /* System register defines The format is: coproc, opt1, CRn, CRm, opt2 */ #define SCR p15, 0, c1, c1, 0 #define SCTLR p15, 0, c1, c0, 0 +#define SDCR p15, 0, c1, c3, 1 #define MPIDR p15, 0, c0, c0, 5 #define MIDR p15, 0, c0, c0, 0 #define VBAR p15, 0, c12, c0, 0 diff --git a/include/lib/aarch64/arch.h b/include/lib/aarch64/arch.h index 3f71824814..5876ce817d 100644 --- a/include/lib/aarch64/arch.h +++ b/include/lib/aarch64/arch.h @@ -195,6 +195,15 @@ #define SCR_NS_BIT (1 << 0) #define SCR_VALID_BIT_MASK 0x2f8f +/* MDCR definitions */ +#define MDCR_SPD32(x) ((x) << 14) +#define MDCR_SPD32_LEGACY 0x0 +#define MDCR_SPD32_DISABLE 0x2 +#define MDCR_SPD32_ENABLE 0x3 +#define MDCR_SDD_BIT (1 << 16) + +#define MDCR_DEF_VAL (MDCR_SDD_BIT | MDCR_SPD32(MDCR_SPD32_DISABLE)) + /* HCR definitions */ #define HCR_RW_BIT (1ull << 31) #define HCR_AMO_BIT (1 << 5) From 09fad4989ed8912e4831ed63b5e4482f7fab2531 Mon Sep 17 00:00:00 2001 From: dp-arm Date: Wed, 8 Feb 2017 12:16:42 +0000 Subject: [PATCH 2/2] Juno: Disable SPIDEN in release builds On Juno, the secure privileged invasive debug authentication signal (SPIDEN) is controlled by board SCC registers, which by default enable SPIDEN. Disable secure privileged external debug in release builds by programming the appropriate Juno SoC registers. Change-Id: I61045f09a47dc647bbe95e1b7a60e768f5499f49 Signed-off-by: dp-arm --- include/plat/arm/css/common/css_def.h | 7 +++++++ plat/arm/board/juno/juno_security.c | 20 +++++++++++++++++++- 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/include/plat/arm/css/common/css_def.h b/include/plat/arm/css/common/css_def.h index a2fe0d58b2..7cfaf59a5e 100644 --- a/include/plat/arm/css/common/css_def.h +++ b/include/plat/arm/css/common/css_def.h @@ -101,6 +101,13 @@ #define SSC_VERSION_DESIGNER_ID_MASK 0xff #define SSC_VERSION_PART_NUM_MASK 0xfff +/* SSC debug configuration registers */ +#define SSC_DBGCFG_SET 0x14 +#define SSC_DBGCFG_CLR 0x18 + +#define SPIDEN_INT_CLR_SHIFT 6 +#define SPIDEN_SEL_SET_SHIFT 7 + #ifndef __ASSEMBLY__ /* SSC_VERSION related accessors */ diff --git a/plat/arm/board/juno/juno_security.c b/plat/arm/board/juno/juno_security.c index 202342af70..70637d648c 100644 --- a/plat/arm/board/juno/juno_security.c +++ b/plat/arm/board/juno/juno_security.c @@ -59,17 +59,35 @@ static void css_init_nic400(void) ~0); } +/******************************************************************************* + * Initialize debug configuration. + ******************************************************************************/ +static void init_debug_cfg(void) +{ +#if !DEBUG + /* Set internal drive selection for SPIDEN. */ + mmio_write_32(SSC_REG_BASE + SSC_DBGCFG_SET, + 1U << SPIDEN_SEL_SET_SHIFT); + + /* Drive SPIDEN LOW to disable invasive debug of secure state. */ + mmio_write_32(SSC_REG_BASE + SSC_DBGCFG_CLR, + 1U << SPIDEN_INT_CLR_SHIFT); +#endif +} + /******************************************************************************* * Initialize the secure environment. ******************************************************************************/ void plat_arm_security_setup(void) { + /* Initialize debug configuration */ + init_debug_cfg(); /* Initialize the TrustZone Controller */ arm_tzc400_setup(); /* Do ARM CSS internal NIC setup */ css_init_nic400(); /* Do ARM CSS SoC security setup */ soc_css_security_setup(); - /* Initialize the SMMU SSD tables*/ + /* Initialize the SMMU SSD tables */ init_mmu401(); }