Hi
To understand the interrupt handling in TF-A, i recommend you go through https://trustedfirmware-a.readthedocs.io/en/latest/design/interrupt-framewor...
To debug your problem, you need to first check if the timer interrupt is generated as FIQ and check whether it indeed is trapped in EL3 (checking SCR_EL3.FIQ=1).
Regarding build errors while adding .S files and your assembly implementation, it will be better if you share your code (may be pushing a patch on https://review.trustedfirmware.org).
Thanks Manish
________________________________ From: TF-A tf-a-bounces@lists.trustedfirmware.org on behalf of Ian Burres via TF-A tf-a@lists.trustedfirmware.org Sent: 06 January 2021 17:56 To: tf-a@lists.trustedfirmware.org tf-a@lists.trustedfirmware.org Subject: [TF-A] Routing FIQ timer interrupts to EL3 on Raspberry Pi 4B
I am attempting to route FIQ timer interrupts using the ARM timers (not system timers) to EL3 in order to achieve introspection. I am running TF-A (cross compiled for AArch64/AArch32) on a Raspberry Pi 4B, which uses the Broadcom 2711 chipset. I have written some code, but I am not an embedded software engineer – I’m an IoT pentester. The ARM timers look like this:
RPI4_ARM_TIMER_LOAD 0x400
RPI4_ARM_TIMER_VALUE 0x404
…..
RPI4_ARM_TIMER_FREE_COUNTER 0x420
System timers are:
RPI4_SYS_TIMER_CLO, RPI4_SYS_TIMER_CS, etc…
I have successfully implement a Linux driver that allows me to dump kernel page tables and memory; however, I cannot see user page tables (even after running a CPU intensive program ). I believe the only way to view user page tables is to have interrupts routed to EL3 – a Linux driver is not sufficient. I have 3 UARTs attached with a debug log and screen setup. From what I have read, the Raspberry Pi 4B uses GICv2. TF-A supports EL3 routing when the build option GICV2_GO_FOR_EL3 is enabled, which I have done.
From what I have gathered, the FIQ interrupt has to be written in assembly. So far, I have created a vector table, loaded the vector table, and masked and unmasked interrupts using daifclr, #3 and daifset, #3 instructions, using inline assembly. The timer is initinitialized and handled using C functions. I am using inline assembly, because I am adding code to the TF-A base, and I have not discovered how to add .S files to the build without receiving make errors. I will gladly share the code I have if it helps, but what I am really looking for is if anyone believes I am on the right track or not. Obviously, I am not implementing something correctly since the interrupt is not being handled. Thanks.
Thomas
Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10
Hi Manish,
I have read the docs for TF-A, but it’s a bit of a challenge to piece everything together. For instance, the docs say only GICv3 can be used to route interrupts to EL3, but there is a build option for GICv2 to route to EL3. The Pi uses GICv2, so I am hoping the information about the build option is correct. However, I have managed to encounter an interesting issue since I posted to the mail group. When I install the vector table, the Pi hangs up when booting the Kernel. I have an HS_DEBUG command that prints a simple “This is a Test” statement on the log screen, so I know the fiqHandler() function is called from the inline assembly code; it simply hangs up at that point. When I removed the stack operations, I received an assertion error for EL3:
Starting Kernel …
ASSERT: s:d:s
BACKTRACE: START: assert
0: EL3: 0x77e4
1: EL3: 0xe0bc
2: EL3: 0x2404
BACKTRACE: END: assert
Is it possible I am generating an interrupt but not returning to the boot process when the stack operations are included, hence the hang up when starting the kernel?
From: Manish Pandey2 Manish.Pandey2@arm.com Sent: Friday, January 8, 2021 3:27 AM To: tf-a@lists.trustedfirmware.org; Ian Burres iburres@att.net Subject: Re: [TF-A] Routing FIQ timer interrupts to EL3 on Raspberry Pi 4B
Hi
To understand the interrupt handling in TF-A, i recommend you go through https://trustedfirmware-a.readthedocs.io/en/latest/design/interrupt-framewor...
To debug your problem, you need to first check if the timer interrupt is generated as FIQ and check whether it indeed is trapped in EL3 (checking SCR_EL3.FIQ=1).
Regarding build errors while adding .S files and your assembly implementation, it will be better if you share your code (may be pushing a patch on https://review.trustedfirmware.org).
Thanks
Manish
_____
From: TF-A <tf-a-bounces@lists.trustedfirmware.org mailto:tf-a-bounces@lists.trustedfirmware.org > on behalf of Ian Burres via TF-A <tf-a@lists.trustedfirmware.org mailto:tf-a@lists.trustedfirmware.org > Sent: 06 January 2021 17:56 To: tf-a@lists.trustedfirmware.org mailto:tf-a@lists.trustedfirmware.org <tf-a@lists.trustedfirmware.org mailto:tf-a@lists.trustedfirmware.org > Subject: [TF-A] Routing FIQ timer interrupts to EL3 on Raspberry Pi 4B
I am attempting to route FIQ timer interrupts using the ARM timers (not system timers) to EL3 in order to achieve introspection. I am running TF-A (cross compiled for AArch64/AArch32) on a Raspberry Pi 4B, which uses the Broadcom 2711 chipset. I have written some code, but I am not an embedded software engineer – I’m an IoT pentester. The ARM timers look like this:
RPI4_ARM_TIMER_LOAD 0x400
RPI4_ARM_TIMER_VALUE 0x404
…..
RPI4_ARM_TIMER_FREE_COUNTER 0x420
System timers are:
RPI4_SYS_TIMER_CLO, RPI4_SYS_TIMER_CS, etc…
I have successfully implement a Linux driver that allows me to dump kernel page tables and memory; however, I cannot see user page tables (even after running a CPU intensive program ). I believe the only way to view user page tables is to have interrupts routed to EL3 – a Linux driver is not sufficient. I have 3 UARTs attached with a debug log and screen setup. From what I have read, the Raspberry Pi 4B uses GICv2. TF-A supports EL3 routing when the build option GICV2_GO_FOR_EL3 is enabled, which I have done.
From what I have gathered, the FIQ interrupt has to be written in assembly. So far, I have created a vector table, loaded the vector table, and masked and unmasked interrupts using daifclr, #3 and daifset, #3 instructions, using inline assembly. The timer is initinitialized and handled using C functions. I am using inline assembly, because I am adding code to the TF-A base, and I have not discovered how to add .S files to the build without receiving make errors. I will gladly share the code I have if it helps, but what I am really looking for is if anyone believes I am on the right track or not. Obviously, I am not implementing something correctly since the interrupt is not being handled. Thanks.
Thomas
Sent from Mail https://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10
tf-a@lists.trustedfirmware.org
-
Ian Burres -
Manish Pandey2