feat(rme): run BL2 in root world when FEAT_RME is enabled
This patch enables BL2 to run in root world (EL3) which is
needed as per the security model of RME-enabled systems.
Using the existing BL2_AT_EL3 TF-A build option is not convenient
because that option assumes TF-A BL1 doesn't exist, which is not
the case for RME-enabled systems. For the purposes of RME, we use
a normal BL1 image but we also want to run BL2 in EL3 as normally as
possible, therefore rather than use the special bl2_entrypoint
function in bl2_el3_entrypoint.S, we use a new bl2_entrypoint
function (in bl2_rme_entrypoint.S) which doesn't need reset or
mailbox initialization code seen in the el3_entrypoint_common macro.
The patch also cleans up bl2_el3_entrypoint.S, moving the
bl2_run_next_image function to its own file to avoid duplicating
code.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I99821b4cd550cadcb701f4c0c4dc36da81c7ef55
diff --git a/lib/aarch64/misc_helpers.S b/lib/aarch64/misc_helpers.S
index cc5c575..6e4d1fc 100644
--- a/lib/aarch64/misc_helpers.S
+++ b/lib/aarch64/misc_helpers.S
@@ -163,7 +163,8 @@
* Check for M bit (MMU enabled) of the current SCTLR_EL(1|3)
* register value and panic if the MMU is disabled.
*/
-#if defined(IMAGE_BL1) || defined(IMAGE_BL31) || (defined(IMAGE_BL2) && BL2_AT_EL3)
+#if defined(IMAGE_BL1) || defined(IMAGE_BL31) || (defined(IMAGE_BL2) && \
+ (BL2_AT_EL3 || ENABLE_RME))
mrs tmp1, sctlr_el3
#else
mrs tmp1, sctlr_el1