1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
/*
* monitor.S - simple monitor code to switch to NS state before executing kernel
*
* Copyright (C) 2011 Columbia University. All rights reserved.
* Christoffer Dall <cdall@cs.columbia.edu>
*
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE.txt file.
*/
#.syntax unified
.section monitor, "x"
.word 0
.word 0
b 1f
.word 0
.word 0
.word 0
.word 0
.word 0
@
@ Secure Monitor Call
@
1:
ldr sp, =_monitor_stack
push {r10-r12}
cmp r7, #0xffffffff
beq _non_sec
@ Check smc number and VMID
bic r12, r7, #0xf
cmp r12, #0xfffffff0
movnes pc, lr
and r12, r7, #0xf
cmp r12, #0x0
popgt {r10-r12}
movgts pc, lr
@ Check the VMID is 0
mrc p15, 0, r10, c1, c1, 0 @ SCR
orr r11, r10, #1 @ SCR.NS = 1
mcr p15, 0, r11, c1, c1, 0
isb
mrrc p15, 6, r12, r11, c2
mcr p15, 0, r10, c1, c1, 0 @ Restore SCR
lsr r11, r11, #16
and r11, r11, #0xff
cmp r11, #0
popne {r10-r12}
movnes pc, lr
@ Jump to the right function
and r12, r7, #0xf
adr r11, _hyp_funcs
add r11, r11, r12, lsl #2
ldr pc, [r11]
@
@ Jump table for the SMC hypervisor API calls
@
_hyp_funcs:
.long _write_hvbar
@
@ Switch to non-secure mode
@
_non_sec:
mrc p15, 0, r12, c1, c1, 0 @ Secure configuration register
bic r12, r12, #0x07f
ldr r11, =0x131
orr r12, r12, r11
mcr p15, 0, r12, c1, c1, 0
pop {r10-r12}
movs pc, lr
@
@ Read/Write HVBAR
@
_write_hvbar:
orr r11, r10, #1 @ SCR.NS = 1 (r10 already = SCR)
mcr p15, 0, r11, c1, c1, 0
isb
mcr p15, 4, r0, c12, c0, 0
mcr p15, 0, r10, c1, c1, 0 @ Restore SCR
pop {r10-r12}
movs pc, lr
.ltorg
/* A bit of stack space for monitor mode */
.align 12
_monitor_stack:
|