mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2026-07-02 06:52:42 +00:00
The current R-Car Gen5 SCP firmware up to v4.32 uses hard-coded TFA BL31 entrypoints, primary at 0x8c200000 and secondary at 0x8c200230. The primary entrypoint has no problems, but the secondary entrypoint might be located in the middle of bl31_entrypoint function, either because bl31_entrypoint function grew in length past 0x230 Bytes, or because the TFA was configured with e.g. PAuth enabled. Introduce a linker generated trampoline code before TFA BL31 to mitigate the issue. The trampoline works around the SCP limitation by placing a 4 kiB page with immediate jump instructions before the start of BL31 text, immediately before the BL31 primary entrypoint. All jumps into TFA BL31, both to primary and secondary entrypoints, land in the trampoline code page, and immediately jump into TFA BL31 primary or secondary entry points at the 4 kiB offset. The primary entry point jump is a simple jump to offset + 4 kiB . The secondary entry point jump is a more calculated jump to offset + 4 kiB - 0x230 + offset of plat_secondary_reset in TFA BL31 binary. The rest of the page is padded with safety jump instructions, which always lead to a jump to TFA BL31 primary entrypoint. Signed-off-by: Hieu Nguyen <hieu.nguyen.dn@renesas.com> Signed-off-by: Dien Pham <dien.pham.ry@renesas.com> Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org> Change-Id: Iba3fd071f28e0a3bbd2802204d45101576f03d6d