As the processor currently runs inĮ元, SCR_E元 (EL0 and EL1 run as non secure code, FIQ and IRQ at anyĮxception level are trapped), VBAR_E元 and CPTR_E元 (SIMD and FP Level and by setting up several system registers. reset's code starts by determining the current exception This is great because it will save us a lot of time and effort trying to Normal world, let's see where the bl33_ep_reset can lead.Įarly instructions in bl33_ep_reset() are the same as u-boot's reset code forĪrmv8 processors (see arch/arm/cpu/armv8/start.S). As the next piece of code to be executed is the World entrypoint, bl33_ep_reset is located at 0x2134000 and contains This address only contains nullīytes as the firmware is loaded at this address at a later time. Retrieve the structure entry_point_info_t defined for the SECURE andĪccording to the structure, the entrypoint for the secure worldīl32_ep_reset is located at 0x2125000. Fortunately,īl31_param_ptr is initialized only once at 0x2104200. Parameter - SECURE or NON_SECURE - passed to the function, it returnsĮither the bl32_ep_info or the bl33_ep_info member. Variable that points to a structure bl31_params. The assembly code is easy to read and explicit. ![]() We can retrieve this piece of information fromīl31_plat_get_next_image_ep_info()'s assembly code: Location in memory is to determine which entry_point_info_t is returned byīl31_plat_get_next_image_ep_info() in the SECURE and NON_SECUREĬases. The key to find the firmware image that is going to be executed and its ![]() $ mkdir -pv $HOME/.config/binwalk/ entry_point_info_t
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |