From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7E706ECAAD8 for ; Thu, 22 Sep 2022 00:04:31 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 0AEE8840FB; Thu, 22 Sep 2022 02:04:29 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=arm.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id D332784B44; Thu, 22 Sep 2022 02:04:27 +0200 (CEST) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 9EB0E83E13 for ; Thu, 22 Sep 2022 02:04:24 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=andre.przywara@arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 43B6B143D; Wed, 21 Sep 2022 17:04:30 -0700 (PDT) Received: from slackpad.lan (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 2BE523F73B; Wed, 21 Sep 2022 17:04:22 -0700 (PDT) Date: Thu, 22 Sep 2022 01:03:04 +0100 From: Andre Przywara To: Tom Rini Cc: David Feng , Simon Glass , Liviu Dudau , Linus Walleij , Ross Burton , Peter Hoyes , u-boot@lists.denx.de Subject: Re: [PATCH] vexpress64: also consider DTB pointer in x1 Message-ID: <20220922010225.03b4bc8a@slackpad.lan> In-Reply-To: <20220921175644.GW3044094@bill-the-cat> References: <20220921170946.1363372-1-andre.przywara@arm.com> <20220921175644.GW3044094@bill-the-cat> Organization: Arm Ltd. X-Mailer: Claws Mail 4.1.0 (GTK 3.24.31; x86_64-slackware-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de X-Virus-Status: Clean On Wed, 21 Sep 2022 13:56:44 -0400 Tom Rini wrote: Hi Tom, > On Wed, Sep 21, 2022 at 06:09:46PM +0100, Andre Przywara wrote: > > Commit c0fce929564f("vexpress64: fvp: enable OF_CONTROL") added code to > > consider a potential DTB address being passed in the x0 register, or > > revert to the built-in DTB otherwise. > > The former case was used when using the boot-wrapper, to which we sell > > U-Boot as a Linux kernel. The latter was meant for TF-A, for which we > > couldn't find an easy way to use the DTB it uses itself. We have some > > quirk to filter for a valid DTB, as TF-A happens to pass a pointer to > > some special devicetree blob in x0 as well. > > > > Now the TF-A case is broken, when enabling proper emulation of secure > > memory (-C bp.secure_memory=1). TF-A carves out some memory at the top > > of the first DRAM bank for its own purposes, and configures the > > TrustZone DRAM controller to make this region secure-only. U-Boot will > > then hang when it tries to relocate itself exactly to the end of DRAM. > > TF-A announces this by carving out that region of the /memory node, in > > the DT it passes on to BL33 in x1, but we miss that so far. > > > > Instead of repeating this carveout in our DT copy, let's try to look for > > a DTB at the address x1 points to as well. This will let U-Boot pick up > > the DTB provided by TF-A, which has the correct carveout in place, > > avoiding the hang. > > While we are at it, make the detection more robust: the length test (is > > the DT larger than 256 bytes?) is too fragile, in fact the TF-A port for > > a new FVP model already exceeds this. So we test x1 first, consider 0 > > an invalid address, and also require a /memory node to detect a valid DTB. > > > > And for the records: > > Some asking around revealed what is really going on with TF-A and that > > ominous DTB pointer in x0: TF-A expects EDK-2 as its non-secure payload > > (BL33), and there apparently was some long-standing ad-hoc boot protocol > > defined just between the two: x0 would carry the MPIDR register value of > > the boot CPU, and the hardware DTB address would be stored in x1. > > Now the MPIDR of CPU 0 is typically 0, plus bit 31 set, which is defined > > as RES1 in the ARMv7 and ARMv8 architectures. This gives 0x80000000, > > which is the same value as the address of the beginning of DRAM (2GB). > > And coincidentally TF-A put some DTB structure exactly there, for its > > own purposes (passing it between stages). So U-Boot was trying to use > > this DTB, which requires the quirk to check for its validity. > > So, follow-up question. Why don't we just always look at x1 and never x0 > for the DTB? That would seem to be a bugfix and should work on older > TF-A releases too, yes? There is a use case where the boot-wrapper[1] runs U-Boot, as a kind of poor-man's TF-A replacement. As the boot-wrapper normally just runs kernels, it follows the arm64 Linux kernel boot protocol, which puts the DTB address in x0. So to stay flexible, we look at both registers. The kernel boot protocol says x1 must be 0, so we check for that first, to sort that out. Thanks, Andre [1] https://git.kernel.org/pub/scm/linux/kernel/git/mark/boot-wrapper-aarch64.git/