Hi Manish,

 

   I have read the docs for TF-A, but it’s a bit of a challenge to piece everything together.  For instance, the docs say only GICv3 can be used to route interrupts to EL3, but there is a build option for GICv2 to route to EL3.  The Pi uses GICv2, so I am hoping the information about the build option is correct.  However, I have managed to encounter an interesting issue since I posted to the mail group.  When I install the vector table, the Pi hangs up when booting the Kernel.  I have an HS_DEBUG command that prints a simple “This is a Test” statement on the log screen, so I know the fiqHandler() function is called from the inline assembly code; it simply hangs up at that point.  When I removed the stack operations, I received an assertion error for EL3:

 

Starting Kernel …

 

ASSERT:  s:d:s

BACKTRACE:  START:  assert

0:  EL3:  0x77e4

1: EL3: 0xe0bc

2: EL3: 0x2404

BACKTRACE:  END:  assert

  

Is it possible I am generating an interrupt but not returning to the boot process when the stack operations are included, hence the hang up when starting the kernel? 

 

From: Manish Pandey2 <Manish.Pandey2@arm.com>
Sent: Friday, January 8, 2021 3:27 AM
To: tf-a@lists.trustedfirmware.org; Ian Burres <iburres@att.net>
Subject: Re: [TF-A] Routing FIQ timer interrupts to EL3 on Raspberry Pi 4B

 

Hi

 

To understand the interrupt handling in TF-A, i recommend you go through https://trustedfirmware-a.readthedocs.io/en/latest/design/interrupt-framework-design.html#concepts

 

To debug your problem, you need to first check if the timer interrupt is generated as FIQ and check whether it indeed is trapped in EL3 (checking SCR_EL3.FIQ=1).

 

Regarding build errors while adding .S files and your assembly implementation, it will be better if you share your code (may be pushing a patch on https://review.trustedfirmware.org).

 

Thanks

Manish

 


From: TF-A <tf-a-bounces@lists.trustedfirmware.org> on behalf of Ian Burres via TF-A <tf-a@lists.trustedfirmware.org>
Sent: 06 January 2021 17:56
To: tf-a@lists.trustedfirmware.org <tf-a@lists.trustedfirmware.org>
Subject: [TF-A] Routing FIQ timer interrupts to EL3 on Raspberry Pi 4B

 

I am attempting to route FIQ timer interrupts using the ARM timers (not system timers) to EL3 in order to achieve introspection.  I am running TF-A (cross compiled for AArch64/AArch32) on a Raspberry Pi 4B, which uses the Broadcom 2711 chipset.  I have written some code, but I am not an embedded software engineer – I’m an IoT pentester.  The ARM timers look like this:

 

RPI4_ARM_TIMER_LOAD         0x400

RPI4_ARM_TIMER_VALUE       0x404

…..

RPI4_ARM_TIMER_FREE_COUNTER   0x420

 

System timers are:

 

RPI4_SYS_TIMER_CLO, RPI4_SYS_TIMER_CS, etc…

 

I have successfully implement a Linux driver that allows me to dump kernel page tables and memory; however, I cannot see user page tables (even after running a CPU intensive program ).  I believe the only way to view user page tables is to have interrupts routed to EL3 – a Linux driver is not sufficient.  I have 3 UARTs attached with a debug log and screen setup.  From what I have read, the Raspberry Pi 4B uses GICv2.  TF-A supports EL3 routing when the build option GICV2_GO_FOR_EL3 is enabled, which I have done. 

 

From what I have gathered, the FIQ interrupt has to be written in assembly.  So far, I have created a vector table, loaded the vector table, and masked and unmasked interrupts using daifclr, #3 and daifset, #3 instructions, using inline assembly.  The timer is initinitialized and handled using C functions.  I am using inline assembly, because I am adding code to the TF-A base, and I have not discovered how to add .S files to the build without receiving make errors.  I will gladly share the code I have if it helps, but what I am really looking for is if anyone believes I am on the right track or not.  Obviously, I am not implementing something correctly since the interrupt is not being handled.  Thanks.

 

Thomas

 

Sent from Mail for Windows 10