From Linux Driver to ATF/ TZ
PranabNandy opened this issue · comments
[ Board ] ~~~~~~~~~~~~~~~~~~~~~~~~~ [ SD Card ]
ROM BL
- It has SD driver ~~~~~~~~~~~~~~~~~ atf.elf, kernel.uz, Rpi.dtb
- Other relevant driver initialization ~~~~~
- Very Minimal Initialization ~~~~~~~~~~~
---> } Here also cpu is in EL3 i.e highest exception level
} CPU0 will execute (Based on the entry point address of the elf file)
atf.elf :
From ATF
-
we hardcoded the dtb file name & location ( plat/monaco_plat_def.h)
-
we send kernel (dtb, MMU ON/OFF, ELx,--)
Then kernel has dtb module that knows how to purse the DTB
file
-
From dtb file , it abstract the hardcoded information
-
Like cpu-Idle driver collects the information store it in Global DT
ATF is nothing but bootloader (uses during booting) + Firmware (used to provide services during runtime)
Uboot is also like ATF
UEFI is also like ATF
Kernel --- SMC (fun1, , , ,)
=============================
ATF ---- smc_handler
--> psci_handler
--> core LPM
|| Now cluster LPM --> SCMI (CPUCP host)
=============================
CPUCP --> CPUCP target turns of Cluster as a response of SCMI
BE(Backend Sequencer) sends Hardware INT when entire system is waking up from the LPM mode
SysTick:
- Every time when timer count becomes 0, it will generate sysTick interrupt
Scheduler (Not a HW but a function)
will get INT, will lookup the cpu core health status and Assign some task
ROM BL can never be changed
- ---> This one is hard coded
- Qualcomm also has same
- PBL
- XBL
- TMU (for Secure Image Checking)
- CPCUP Image
- HW Random No Generator IP
- AOP Image
BE (Backend Sequencer)
- a HW IP
- with LPM sequence we prorgam
- In Auto, we did in ATF
- This HW IP only, sends signal to other sub-sys components to Manage LPM
- It can cut off the bridge to make entire sub-symtem down
Device Driver
- cpu-idle.c (
psci_cpu_suspend()
) - cpu-idle-psci.c
- driver/firmware/psci.c
{invoke_psci_fn(fn, state, 0,0)
}
This is just a function pointer
sometime point to (1) or (2)
(1)invoke_psci_fn_smc
(2)invoke_psci_fn_hvc
Arm stadard
- oh it is an exception, we need to handle it
- Check the offset first
- Oh, handle_sync_exception { smc_32 ~~~~ & ~~~~ smc_64 }
______________________atf/lib/psci/main.c & ~~~~~psci_handle
SMC
- maintaining a
Table of Handlers
,
Handler
--> Based on fid, it will trigger the same SMC handler
When ATF is doing something for User Program
-
It uses its
user stack
(EL3_t )
EL3_t ------------> EL0_h
EL3_h -------------> Here it will not store the unnecessary user information
-
When Kernel is calling the smc function, ------> Then function parameter is coming
via(X0, X1, X2,.....)
registers.
SMC
- It is nothing but an instr
- This instr represents an Exceptions
Device Driver
- Creating a Data Structure of Functions
- This function mostly { static / init } function
{ static }
--> It means we can not access from outside__psci_xyz
as an example
They can change the printk log level via Macro
- They don't want to print unnecessary log
- You can change the system log level via terminal
During booting
- We don't have any Exception/ INT
- So, we don't need to worry about that
Debugger
- It sets the
HW breakpoint
that hits only for TZ i.e Secure Side - Using some
Trace32/ JTAG
Script, we are initializing the RVBAR address of the CPU_0 - Rest of the secondary core RVBAR address is set in ATF
- Also where ATF, Linux, dtb will be be, is decided by t32 script {
some times it is hard coded
} - T32 debugger only loading the Image from hu-blr to DDR memory
- Normally boot loader loads the Firmware, kernel & dtb to the respective location
RVBAR
- Points to warm boot Entrypoints
- Secondary core needs it
- All cores coming from Deeper State (C4) needs it
CPU core in LPM first
Linux Kernel Internals
- 1 Scheduler
- n no of Governors
All the code related to HW management goes to Dirver
If you understand one driver, dts, sysfs
- same for
cpu-idle, cpu-freq
Bootloader
- PBL, XBL
TZ is a firmware
Fringer Print
- From User take the Finger Print in a buffer, send the kernel space
- Then encrypt it, & send to the TZ
- It will send to SEL1(
QTEE
) ---> SEL0 (Secure APPS
)
If interrupts came
- Kernel has GIC to service it for NS INT
- TZ has secure GIC for Secure INT in ATF
a/b ==~ 1/0
- If trap came then
- Hardfault Handler
- MemManage Handler
- Bus Fault Handler
- Usage fault Handler
- Secure Fault Handler } All present in Vector Table