Update git submodules
* Update trusty/external/trusted-firmware-a from branch 'master'
to b89e5144aee5f2f348357d3989163dc459694fe4
- spd: trusty: Fix TRUSTY_SPD_WITH_GENERIC_SERVICES
The recent change to allow clients to retrieve service UUID expanded the
range registerted for trusty_smc_handler so that it overlaps with the
range used by trusty_generic_platform_smc. Register a separate range to
cover the get uuid calls instead.
Change-Id: Ib2d3f172e1aa6281aeef7be40d10894a6ee887de
- Merge Trusted Firmware-A v2.4 release
Change-Id: I0dd560e971ff89ca12f08544337db53560502412
- Merge "Makefile: Update the minor version to indicate 2.4 release" into integration
- Makefile: Update the minor version to indicate 2.4 release
Updated the minor version to '4' to indicate 2.4 release
Change-Id: Ib142fa15baeb43025fae371c7649199b8121c18f
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- Merge "docs: Update changelog for v2.4 release" into integration
- docs: Update changelog for v2.4 release
Change-Id: I67c9db2fc6d4b83fec2d001745b9305102d4a2ae
Signed-off-by: Chris Kay <chris.kay@arm.com>
- Merge "make_helpers: tbbr: Fix FWU certificate generation" into integration
- make_helpers: tbbr: Fix FWU certificate generation
Provide missed command line parameters such as KEY_ALG, HASH_ALG
and KEY_SIZE while generating the FWU certificate.
Signed-off-by: Gilad Ben Yossef <Gilad.BenYossef@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I017fa3fff844f4262ae2441cbc9fee909d357fb3
- Merge "Use constant stack size with RECLAIM_INIT_CODE" into integration
- Merge changes from topic "mbox-patches" into integration
* changes:
intel: common: Fix non-MISRA compliant code v2
intel: mailbox: Fix non-MISRA compliant code
intel: mailbox: Mailbox error recovery handling
intel: mailbox: Enable sending large mailbox command
intel: mailbox: Use retry count in mailbox poll
intel: mailbox: Ensure time out duration is predictive
intel: mailbox: Read mailbox response even there is an error
intel: mailbox: Driver now handles larger response
intel: common: Change how mailbox handles job id & buffer
intel: common: Improve readability of mailbox read response
intel: SIP: increase FPGA_CONFIG_SIZE to 32 MB
intel: common: Remove urgent from mailbox async
intel: common: Improve mailbox driver readability
- Use constant stack size with RECLAIM_INIT_CODE
Currently, when RECLAIM_INIT_CODE is set, the
stacks are scaled to ensure that the entirety
of the init section can be reclaimed as stack.
This causes an issue in lib/psci/aarch64/psci_helpers.S,
where the stack size is used for cache operations in
psci_do_pwrdown_cache_maintenance(). If the stacks
are scaled, then the PSCI code may fail to invalidate
some of the stack memory before power down.
Resizing stacks is also not good for stability in general,
since code that works with a small number of cores may
overflow the stack when the number of cores is increased.
Change to make every stack be PLATFORM_STACK_SIZE big,
and allow the total stack to be smaller than the
init section.
Any pages of the init section not reclaimed as
stack will be set to read-only and execute-never,
for security.
Change-Id: I10b3884981006431f2fcbec3864c81d4a8c246e8
Signed-off-by: David Horstmann <david.horstmann@arm.com>
- Merge "aarch64/arm: Add compiler barrier to barrier instructions" into integration
- Merge changes from topic "mbox-patches" into integration
* changes:
intel: common: Clean up mailbox and sip header
intel: clear 'PLAT_SEC_ENTRY' in early platform setup
- Merge changes I07448d85,If85be70b,Ie6802d6d,I67a9abef into integration
* changes:
mediatek: mt8192: add timer support
mediatek: mt8192: Add reboot function for PSCI
mediatek: mt8192: add sys_cirq driver
mediatek: mt8192: add GPIO driver support
- mediatek: mt8192: add timer support
add timer driver.
Signed-off-by: Dehui Sun <dehui.sun@mediatek.com>
Change-Id: I07448d85a15bb14577b05e4f302860d609420ba7
- mediatek: mt8192: Add reboot function for PSCI
Add system_reset function in psci ops
Change-Id: If85be70b8ae9d6487e02626356f0ff1e78b76de9
Signed-off-by: Nina Wu <nina-cm.wu@mediatek.com>
- mediatek: mt8192: add sys_cirq driver
1.add sys_cirq driver
2.add gic api for cirq
Change-Id: Ie6802d6ddcf7dde3412a050736dfdc85f97cb51b
Signed-off-by: gtk_pangao <gtk_pangao@mediatek.com>
- aarch64/arm: Add compiler barrier to barrier instructions
When issuing barrier instructions like DSB or DMB, we must make sure
that the compiler does not undermine out efforts to fence off
instructions. Currently the compiler is free to move the barrier
instruction around, in respect to former or later memory access
statements, which is not what we want.
Add a compiler barrier to the inline assembly statement in our
DEFINE_SYSOP_TYPE_FUNC macro, to make sure memory accesses are not
reordered by the compiler.
This is in line with Linux' definition:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/include/asm/barrier.h
Since those instructions share a definition, apart from DSB and DMB this
now also covers some TLBI instructions. Having a compiler barrier there
also is useful, although we probably have stronger barriers in place
already.
Change-Id: If6fe97b13a562643a643efc507cb4aad29daa5b6
Reported-by: Alexandru Elisei <alexandru.elisei@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- Merge "plat: marvell: armada: Fix dependences for target fip" into integration
- intel: common: Fix non-MISRA compliant code v2
This patch is used to fix remaining non compliant code for Intel
SoCFPGA's mailbox and sip driver. These changes include:
- Change non-interface required uint32_t into unsigned int
- Change non-negative variable to unsigned int
- Remove obsolete variable initialization to 0
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I3a16c7621a5fc75eb614d97d72e44c86e7d53bf5
- intel: mailbox: Fix non-MISRA compliant code
This patch is used to fix remaining non compliant code for Intel
SocFPGA's mailbox driver. These changes include:
- adding integer literal for unsigned constant
- fix non-boolean controlling expression
- add braces even on conditional single statement bodies
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I0f8fd96a3540f35ee102fd2f2369b76fa73e39e1
- intel: mailbox: Mailbox error recovery handling
Attempt to restart the mailbox if the mailbox driver not able
to write any data into the mailbox command buffer.
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Change-Id: Ia45291c985844dec9da82839cac701347534d32b
- intel: mailbox: Enable sending large mailbox command
Allow mailbox command that is larger than mailbox command FIFO buffer
size to be sent to SDM in multiple chunks.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I683d5f1d04c4fdf57d11ecae6232b7ed3fc49e26
- intel: mailbox: Use retry count in mailbox poll
Change the main loop inside mailbox poll function from while(1) to a
retry counter named sdm_loop. This is to limit the maximum possible
looping of the function and prevent unexpected behaviour.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I63afad958fe5f656f6333b60d5a8b4c0ada3b23d
- intel: mailbox: Ensure time out duration is predictive
For each count down of time out counter, wait for number of
miliseconds to ensure the time out duration is predictive.
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Change-Id: I0e92dd1ef1da0ef504ec86472cf0d3c88528930b
- intel: mailbox: Read mailbox response even there is an error
Mailbox driver should read the response data if the response length
in the response header is non-zero even the response header indicates
error (non-zero).
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Change-Id: I928f705f43c0f46ac74b84428b830276cc4c9640
- intel: mailbox: Driver now handles larger response
This patch factorizes mailbox read response from SDM into a function.
Also fix the logic to support reading larger than 16 words response from
SDM.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ie035ecffbbc42e12dd68061c403904c28c3b70e5
- intel: common: Change how mailbox handles job id & buffer
This patch modifies several basic mailbox driver features to prepare for
FCS enablement:
- Job id management for asynchronous response
- SDM command buffer full
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I78168dfb6c521d70d9cba187356b7a3c8e9b62d2
- Merge "SPMC: adjust device region for first secure partition" into integration
- mediatek: mt8192: add GPIO driver support
add GPIO driver
Change-Id: I67a9abef078e7a62b34dfbd366b45c03892800cd
Signed-off-by: Po Xu <jg_poxu@mediatek.com>
- intel: common: Improve readability of mailbox read response
Rename variables to improve readability of mailbox read response and
mailbox poll response flow.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Icd33ff1d2abb28eeead15e4eb9c7f9629f8cb402
- intel: SIP: increase FPGA_CONFIG_SIZE to 32 MB
Increase INTEL_SIP_SMC_FPGA_CONFIG_SIZE from 16 to 32MB. We need higher
pre-reserved memory size between Intel service layer and secure monitor
software so we can handle JIC file authorization.
Signed-off-by: Richard Gong <richard.gong@intel.com>
Change-Id: Ibab4e42e4b7b93a4cf741e60ec9439359ba0a64c
- intel: common: Remove urgent from mailbox async
Remove urgent argument from asynchrounous mailbox command as any urgent
command should always be synchronous
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Iaa64335db24df3a562470d0d1c3d6a3a71493319
- intel: common: Improve mailbox driver readability
Use pre-defined macros for return values and common mailbox arguments
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I5d549ee5358aebadf909f79fda55e83ee9844a0e
- intel: common: Clean up mailbox and sip header
Sort and rearrange definitions in both mailbox and sip header to
increase readability and maintainability.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I5544c2f17efdf3174757c55afd8cc1062fbae856
- intel: clear 'PLAT_SEC_ENTRY' in early platform setup
Ensure 'PLAT_SEC_ENTRY' is cleared during early platform
setup. This is to prevent the slave CPU cores jump to the stale
entry point after warm reset when using U-Boot SPL as first
stage boot loader.
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Change-Id: I3294ce2f74aa691d0cf311fa30f27f9d4fb8800a
- Merge "docs: marvell: update ddr3 build instructions" into integration
- Merge changes I5ae9d08b,I5cbbd7eb,Idb389223 into integration
* changes:
plat: marvell: armada: Building ${DOIMAGETOOL} is only for a8k
plat: marvell: armada: Fix including plat/marvell/marvell.mk file
plat: marvell: armada: a3k: When WTP is empty do not define variables and targets which depends on it
- Merge "plat/qemu_sbsa: Remove cortex_a53 and aem_generic" into integration
- SPMC: adjust device region for first secure partition
For the first partition, mark first 2GB as device memory excluding
the Trusted DRAM region reserved for the SPMC.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I3ff110b3facf5b6d41ac2519ff6ca5e30a0a502b
- Merge changes from topic "tc0_sel2_spmc" into integration
* changes:
plat: tc0: Configure TZC with secure world regions
plat: tc0: Enable SPMC execution at S-EL2
plat: tc0: Add TZC DRAM1 region for SPMC and trusted OS
plat: arm: Make BL32_BASE platform dependent when SPD_spmd is enabled
plat: tc0: Disable SPE
- Merge changes from topic "tc0_sel2_spmc" into integration
* changes:
lib: el3_runtime: Fix SPE system registers in el2_sysregs_context
lib: el3_runtime: Conditionally save/restore EL2 NEVE registers
lib: el3_runtime: Fix aarch32 system registers in el2_sysregs_context
- plat/qemu_sbsa: Remove cortex_a53 and aem_generic
The qemu_sbsa platform uses 42bit address size but
the cortex-a53 only supports 40bit addressing, the
cpu is incompatible with the platform.
The aem_generic is also not used with qemu_sbsa, in
fact, the platform currently only properly supports
the cortex-a57 cpu.
Change-Id: I91c92533116f1c3451d01ca99824e91d3d58df14
Signed-off-by: Tomas Pilar <tomas@nuviateam.com>
- plat: marvell: armada: Building ${DOIMAGETOOL} is only for a8k
Currently a3k target is misusing ${DOIMAGETOOL} target for building flash
and UART images. It is not used for building image tool.
So move ${DOIMAGETOOL} target from common marvell include file into a8k
include file and add correct invocation of ${MAKE} into a3k for building
flash and UART images.
Part of this change is also checks that MV_DDR_PATH for a3k was specified
by user as this option is required for building a3k flash and UART images.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I5ae9d08b8505460933f17836c9b6435fd6e51bb6
- Merge "docs: code review guidelines" into integration
- plat: tc0: Configure TZC with secure world regions
This includes configuration for SPMC and trusted OS.
Change-Id: Ie24df200f446b3f5b23f5f764b115c7191e6ada3
Signed-off-by: Usama Arif <usama.arif@arm.com>
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
- plat: tc0: Enable SPMC execution at S-EL2
This patch enables SPMC execution at S-EL2 by adding below changes
- Map TC0_MAP_TZC_DRAM1 for loading SPMC
- Add details of cactus test secure partitions
- Adds tc0 spmc manifest file with details on secure partitions
- Inlcude TOS_FW_CONFIG when SPM is spmd
- Increases bl2 image size
SPMC at S-EL2 is only enabled when build with SPD=spmd.
Change-Id: I4c5f70911903c232ee8ecca57f1e288d6b1cd647
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
- plat: tc0: Add TZC DRAM1 region for SPMC and trusted OS
- Reserve 32MB below ARM_AP_TZC_DRAM1_BASE for TC0_TZC_DRAM1
- Add TC0_NS_DRAM1 base and mapping
- Reserve memory region in tc0.dts
Change-Id: If2431f7f68e4255e28c86a0e89637dab7c424a13
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
- plat: arm: Make BL32_BASE platform dependent when SPD_spmd is enabled
To support platforms without Trusted DRAM this patch defines
PLAT_ARM_SPMC_BASE and enables platform to use either Trusted DRAM or
DRAM region behind TZC.
Change-Id: Icaa5c7d33334258ff27e8e0bfd0812c304e68ae4
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
- plat: tc0: Disable SPE
Statistical Profiling Extension is not supported by Matterhorn core
Change-Id: Iec652f1c6d6b6a9bf118ba682276a7c70a6abc0d
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
- lib: el3_runtime: Fix SPE system registers in el2_sysregs_context
Include EL2 registers related to SPE in EL2 context save/restore
routines if architecture supports it and platform wants to use these
features in Secure world.
Change-Id: Ie01a2c38fa5f6c907276eddec120fdfb222561a6
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
- lib: el3_runtime: Conditionally save/restore EL2 NEVE registers
Include EL2 registers related to Nested Virtualization in EL2 context
save/restore routines if architecture supports it and platform wants to
use these features in Secure world.
Change-Id: If006ab83bbc2576488686f5ffdff88b91adced5c
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
- lib: el3_runtime: Fix aarch32 system registers in el2_sysregs_context
AArch64-only platforms do not implement AArch32 at EL1 and higher ELs.
In such cases the build option CTX_INCLUDE_AARCH32_REGS is set to 0.
So don't save/restore aarch32 system registers in el2_sysregs_context
save/restore routines if CTX_INCLUDE_AARCH32_REGS is set to 0.
Change-Id: I229cdd46136c4b4bc9623b02eb444d904e09ce5a
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
- plat: marvell: armada: Fix including plat/marvell/marvell.mk file
Include file plat/marvell/marvell.mk for platform A3700 was included two
times. Once from file plat/marvell/armada/a3k/common/a3700_common.mk and
second time from common file plat/marvell/armada/common/marvell_common.mk.
It caused following warning every time was make called:
plat/marvell/marvell.mk:51: warning: overriding recipe for target 'mrvl_clean'
plat/marvell/marvell.mk:51: warning: ignoring old recipe for target 'mrvl_clean'
Change in this commit removes inclusion of plat/marvell/marvell.mk file in
common file plat/marvell/armada/common/marvell_common.mk. As a80x0 platform
needs this include file, add it also into a80x0 platform specific include
file lat/marvell/armada/a8k/common/a8k_common.mk.
Also moves inclusion of plat/marvell/marvell.mk file in a3700 platform file
plat/marvell/armada/a3k/common/a3700_common.mk at correct place. Global
plat/marvell/marvell.mk expects that variables DOIMAGEPATH and DOIMAGETOOL
are already defined, but it defines MARVELL_SECURE_BOOT variable which is
needed by plat/marvell/armada/a3k/common/a3700_common.mk.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I5cbbd7eb8a3376924419f9850516b2a4924be5aa
- Merge "fdts: add missing hash node in STM32MP157C-ED1 board DT" into integration
- Merge "Increase type widths to satisfy width requirements" into integration
- Merge changes Iba51bff1,I3f563cff into integration
* changes:
plat:qti Mandate SMC implementaion and bug fix
Update in coreboot_get_memory_type API to include size as well
- Merge "docs: Remove deprecated information" into integration
- Merge "docs: Update Release information for v2.5" into integration
- Merge "docs: Update code freeze and release target date for v2.4" into integration
- docs: Remove deprecated information
There are no references to AARCH32, AARCH64 and
__ASSEMBLY__ macros in the TF-A code hence
removed the deprecated information mentioning about
these macros in the document.
Change-Id: I472ab985ca2e4173bae23ff7b4465a9b60bc82eb
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- docs: Update Release information for v2.5
Updated tentative code freeze and release target date
for v2.5 release.
Change-Id: Idcfd9a127e9210846370dfa0685badac5b1c25c7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- docs: Update code freeze and release target date for v2.4
Updated code freeze and release information date for v2.4
release.
Change-Id: I76d5d04d0ee062a350f6a693eb04c29017d8b2e0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- plat: marvell: armada: Fix dependences for target fip
For building fip image it is not needed to build target mrvl_flash. This
fip image contains only bl2, bl31 and bl33 (u-boot.bin) images and
therefore it does not depend on Marvell wtmi and wtp A3700-utils.
So remove mrvl_flash dependency for fip target to allow building fip image
without need to build mrvl_flash and therefore specify and provide Marvell
wmi and wtp A3700-utils.
This changes fixes compilation of fip image for A3700 platform by command:
make CROSS_COMPILE=aarch64-linux-gnu- BL33=/path/u-boot/u-boot.bin \
DEBUG=0 LOG_LEVEL=0 USE_COHERENT_MEM=0 PLAT=a3700 fip
Marvell boot image can be still build by 'mrvl_flash' target.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Iba9a9da5be6fd1da23407fc2d490aedcb1a292c9
- Merge changes I0005959b,I2ea59edb into integration
* changes:
bl32: add an assert on BL32_SIZE in sp_min.ld.S
bl32: use SORT_BY_ALIGNMENT macro in sp_min.ld.S
- plat:qti Mandate SMC implementaion and bug fix
implementation of SMC call SMCCC_ARCH_SOC_ID
adding debugging logs in mem assign call.
Checking range of param in mem_assign call is from CB_MEM_RAM
or CB_MEM_RESERVED.
Change-Id: Iba51bff154df01e02dcb7715582ffaff7beba26e
Signed-off-by: Saurabh Gorecha <sgorecha@codeaurora.org>
- Update in coreboot_get_memory_type API to include size as well
Change-Id: I3f563cffd58b0591b433c85c0ff6b71e486eb2c8
Signed-off-by: Saurabh Gorecha <sgorecha@codeaurora.org>
- plat: marvell: armada: a3k: When WTP is empty do not define variables and targets which depends on it
Some of targets (e.g. mrvl_flash) depends on WTP build option. Other
targets (e.g. fip) can be build also without WTP build option as they do
not depend on it.
This change put all A3720 variables and targets which depends on WTP into
conditional if-endif section, so they are not defined when user has not
supplied WTP build option.
Target mrvl_flash is defined also when WTP was not specified and in this
case it just print error message to help user.
Variables which do not depend on WTP are moved to the top of
a3700_common.mk file.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Idb3892233586a0afca3e0e6564279641d2e4b960
- Merge "Don't return error information from console_flush" into integration
- Merge "stm32mp1: use %u in NOTICE message for board info" into integration
- fdts: add missing hash node in STM32MP157C-ED1 board DT
Without this node, the board fails to boot and panics in the function
stm32mp_init_auth().
Change-Id: Ia54924410dac2a8c94dd6e45d7e93977fe7d87e2
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- stm32mp1: use %u in NOTICE message for board info
The board information values, read in an OTP are never negative,
%u is then used instead of %d.
Change-Id: I3bc22401fb4d54666ddf56411f75b79aca738492
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- Merge changes from topic "stm32mp1_plat_updates" into integration
* changes:
docs: update STM32MP1 with versions details
stm32mp1: get peripheral base address from a define
stm32mp1: add finished good variant in board identifier
- Merge "stm32mp1: add asserts in get_cpu_package() and get_part_number()" into integration
- Merge "stm32mp1: add support for new SoC profiles" into integration
- Merge "stm32mp1: support of STM32MP15x Rev.Z" into integration
- Merge changes from topic "st/fmc2" into integration
* changes:
drivers: stm32_fmc2_nand: fix boundary check for chip select
drivers: stm32_fmc2_nand: move to new bindings
- docs: update STM32MP1 with versions details
After introducing the new STM32MP1 SoC versions in patch [1], the
document describing STM32MP1 platform is updated with the information
given in the patch commit message.
[1]: stm32mp1: add support for new SoC profiles
Change-Id: I6d7ce1a3c29678ddac78a6685f5d5daf28c3c3a1
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- stm32mp1: get peripheral base address from a define
Retrieve peripheral base address from a define instead of
parsing the device tree. The goal is to improve execution time.
Signed-off-by: Pascal Paillet <p.paillet@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I2588c53ad3d4abcc3d7fe156458434a7940dd72b
- stm32mp1: add finished good variant in board identifier
Update the board info with the new coding including the finished good
variant:
Board: MBxxxx Var<CPN>.<FG> Rev.<Rev>-<BOM>
The OTP 59 coding is:
bit [31:16] (hex) => MBxxxx
bit [15:12] (dec) => Variant CPN (1....15)
bit [11:8] (dec) => Revision board (index with A = 1, Z = 26)
bit [7:4] (dec) => Variant FG : finished good (NEW)
bit [3:0] (dec) => BOM (01, .... 255)
Change-Id: I4fbc0c84596419d1bc30d166311444ece1d9123f
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- stm32mp1: add asserts in get_cpu_package() and get_part_number()
Change-Id: I2b702698d6be93da5ac86da1cbc98b3838315a5a
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- stm32mp1: add support for new SoC profiles
Update to support new part numbers.
Add new STM32 MPUs Part = STM32MP151F, STM32MP153F, STM32MP157F,
STM32MP151D, STM32MP153D, STM32MP157D
The STM32MP1 series is available in 3 different lines which are pin-to-pin
compatible:
- STM32MP157: Dual Cortex-A7 cores, Cortex-M4 core @ 209 MHz,
3D GPU, DSI display interface and CAN FD
- STM32MP153: Dual Cortex-A7 cores, Cortex-M4 core @ 209 MHz
and CAN FD
- STM32MP151: Single Cortex-A7 core, Cortex-M4 core @ 209 MHz
Each line comes with a security option (cryptography & secure boot)
& a Cortex-A frequency option :
- A Basic + Cortex-A7 @ 650 MHz
- C Secure Boot + HW Crypto + Cortex-A7 @ 650 MHz
- D Basic + Cortex-A7 @ 800 MHz
- F Secure Boot + HW Crypto + Cortex-A7 @ 800 MHz
Remove useless variable in stm32mp_is_single_core().
Change-Id: Id30c836af986c6340c91efa8a7ae9480a2827089
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- stm32mp1: support of STM32MP15x Rev.Z
Add a new revision of STM32MP15x CPU (Rev.Z).
Change-Id: I227dd6d9b3fcc43270015cfb21f60aeb0a8ab658
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- Merge "Fix casting bug in gicv2_main.c" into integration
- Increase type widths to satisfy width requirements
Usually, C has no problem up-converting types to larger bit sizes. MISRA
rule 10.7 requires that you not do this, or be very explicit about this.
This resolves the following required rule:
bl1/aarch64/bl1_context_mgmt.c:81:[MISRA C-2012 Rule 10.7 (required)]<None>
The width of the composite expression "0U | ((mode & 3U) << 2U) | 1U |
0x3c0U" (32 bits) is less that the right hand operand
"18446744073709547519ULL" (64 bits).
This also resolves MISRA defects such as:
bl2/aarch64/bl2arch_setup.c:18:[MISRA C-2012 Rule 12.2 (required)]
In the expression "3U << 20", shifting more than 7 bits, the number
of bits in the essential type of the left expression, "3U", is
not allowed.
Further, MISRA requires that all shifts don't overflow. The definition of
PAGE_SIZE was (1U << 12), and 1U is 8 bits. This caused about 50 issues.
This fixes the violation by changing the definition to 1UL << 12. Since
this uses 32bits, it should not create any issues for aarch32.
This patch also contains a fix for a build failure in the sun50i_a64
platform. Specifically, these misra fixes removed a single and
instruction,
92407e73 and x19, x19, #0xffffffff
from the cm_setup_context function caused a relocation in
psci_cpus_on_start to require a linker-generated stub. This increased the
size of the .text section and caused an alignment later on to go over a
page boundary and round up to the end of RAM before placing the .data
section. This sectionn is of non-zero size and therefore causes a link
error.
The fix included in this reorders the functions during link time
without changing their ording with respect to alignment.
Change-Id: I76b4b662c3d262296728a8b9aab7a33b02087f16
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
- Merge changes from topic "deprecated-macro" into integration
* changes:
Makefile: Remove unused macro
plat: brcm: Remove 'AARCH32' deprecated macro
Remove deprecated macro from TF-A code
- drivers: stm32_fmc2_nand: fix boundary check for chip select
Chip select is retrieved from device tree and check
must be done regarding the MAX_CS defined.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Reviewed-by: Christophe KERELLO <christophe.kerello@st.com>
Change-Id: I03144b133bd51a845a4794f0f6bbd9402fc04936
- drivers: stm32_fmc2_nand: move to new bindings
FMC node bindings are modified to add EBI controller node.
FMC driver and associated device tree files are modified
to support these new bindings.
Change-Id: I4bf201e96a1aca20957e0dac3a3b87caadd05bdc
Signed-off-by: Christophe Kerello <christophe.kerello@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
- Merge "intel: platform: Include GICv2 makefile" into integration
- Makefile: Remove unused macro
Removed unused macro AARCH32 and AARCH64 from makefile
Change-Id: I6729e300f18d66dd7c6978d3bbd5a88937839c31
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- plat: brcm: Remove 'AARCH32' deprecated macro
Removed 'AARCH32' deprecated macro from 'stingray'
Broadcom platform code.
Change-Id: If8d9e785b7980fefd39df06547fcf71b899fd735
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- Remove deprecated macro from TF-A code
Removed '__ASSEMBLY__' deprecated macro from TF-A code
Change-Id: I9082a568b695acb5b903f509db11c8672b62d9d0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- Merge "TF-A: Add HASH_ALG default value to defaults.mk" into integration
- Merge "mediatek: mt8192: add GIC600 support" into integration
- TF-A: Add HASH_ALG default value to defaults.mk
This patch adds default value of 'sha256' for HASH_ALG
build flag to 'make_helpers\defaults.mk', according to
'docs\getting_started\build-options.rst'.
This fixes Measured Boot driver error when TF-A uses
default HASH_ALG value and TPM_HASH_ALG is set to
sha384 or sha512.
Change-Id: Id0aa34b54807de0adaf88e5f7d7032577c22f365
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- docs: marvell: update ddr3 build instructions
Add information about 2GB variant of EspressoBin V5 and use Marvell git
branches which contain required fixes for EspressoBin.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I1db510f1576f4762259ad7b0c10024b8ab434a59
- Fix casting bug in gicv2_main.c
In the function gicv2_set_spi_routing, the signed value proc_num is cast
to unsigned int before being compared to other unsigned values in two
assert calls. The value proc_num can be a negative value, and once the
negative value is cast to unsigned it becomes a very large number which
will trigger the assert. This patch changes the assert cast so that the
unsigned values are cast to signed instead, keeping the same functionality
but allowing proc_num to be negative.
This bug can be seen when running the SDEI RM_ANY routing mode test in
TFTF on the Juno platform.
This patch also makes the usage of the proc_num variable in other gicv2
functions more clear.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: If1b98eebb00bd9b73862e5e995e5e68c168170a6
- Merge "Workaround for Cortex A77 erratum 1925769" into integration
- Don't return error information from console_flush
And from crash_console_flush.
We ignore the error information return by console_flush in _every_
place where we call it, and casting the return type to void does not
work around the MISRA violation that this causes. Instead, we collect
the error information from the driver (to avoid changing that API), and
don't return it to the caller.
Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
- Merge "drivers: stm32_fmc2_nand: fix incorrect error detection" into integration
- Merge changes I99a5d96f,I89b950f0 into integration
* changes:
lib/cpus: update MIDR value for rainier cpu
fdts: enable virtio-rng component for morello fvp platform
- lib/cpus: update MIDR value for rainier cpu
This patch updates the MIDR value for rainier cpu.
Change-Id: I99a5d96f757239cf65b2688095c4ec66cd991cf9
Signed-off-by: Jagadeesh Ujja <jagadeesh.ujja@arm.com>
- Merge changes from topic "stm32mp1_platform_mk" into integration
* changes:
stm32mp1: cosmetics in platform.mk
stm32mp1: update rules for stm32image tool
stm32mp1: add macros to define PLAT_PARTITION_MAX_ENTRIES
stm32mp1: sort platform.mk
stm32mp1: use ASFLAGS for binary paths
stm32mp1: use internal MAKE_LD macro to generate stm32 linker files
- stm32mp1: cosmetics in platform.mk
Remove some useless extra tabs or spaces.
Replace some spaces with tabs.
Change-Id: I0e8e2a1a1be7a1109ba7f3e3ae35e3fe1b5b4552
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- stm32mp1: update rules for stm32image tool
In heavy parallel builds, it has sometimes been seen issues with the
tool not generated before it was needed. Change some rules order and
dependency to solve that.
Change-Id: I8f4b4f46a2ea0fe496bc66bca47c66d1c81d3c99
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- stm32mp1: add macros to define PLAT_PARTITION_MAX_ENTRIES
There were fixed values when computing PLAT_PARTITION_MAX_ENTRIES.
Use STM32_BL33_PARTS_NUM and STM32_RUNTIME_PARTS_NUM. The first one is
for the number of copies of BL33. The second one depends on the use case
SP_min or OP-TEE. For OP-TEE, there are 3 partitions. For SP_min, as it
is in the same binary as BL2, it is set to 0. It will be set to 1 if
BL32 is in a separate binary.
Change-Id: Iba4d8ec5fbc713bebfbdcd9f9426c3fded20d3ad
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- stm32mp1: sort platform.mk
First put Makefile variables definition, then definitions for each feature,
then C flags, then source files, then compilation rules.
Change-Id: I238115ea2fe4ebafccd2135979814c27932c34e2
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- stm32mp1: use ASFLAGS for binary paths
To simplify the rule that creates the concatenated binary, use ASFLAGS
instead of adding all paths in the AS command line. This allows a better
management if a binary is not present.
Change-Id: Ic8b4566e7dedc6f55be355a92e3b214cef138d9b
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- stm32mp1: use internal MAKE_LD macro to generate stm32 linker files
The previous proprietary version was not correctly handling dependencies.
Using MAKE_LD from make_helpers files now correctly handles that.
The generated linker script is the same as before.
Change-Id: Iccfd8dc3fffa7a33e73b184b72e0dfd5d26bc9c9
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- fdts: enable virtio-rng component for morello fvp platform
enable virtio-rng component for morello fvp platform
Change-Id: I89b950f067a4d14dfa418de3859c88c8f91cf7c5
Signed-off-by: Jagadeesh Ujja <jagadeesh.ujja@arm.com>
- drivers: stm32_fmc2_nand: fix incorrect error detection
Clear interrupt flag register after each sector read to avoid
issue when checking the register status.
Without clearing the interrupt, the status read doesn't wait
properly the ready bit.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: If290e3f165b986f0e736bb1b5e4d3dad4b749d74
- Workaround for Cortex A77 erratum 1925769
Cortex A77 erratum 1925769 is a Cat B erratum, present in older
revisions of the Cortex A77 processor core. The workaround is to
set bit 8 in the ECTLR_EL1 register, there is a small performance cost
(<0.5%) for setting this bit.
SDEN can be found here:
https://documentation-service.arm.com/static/5f7c35d0d3be967f7be46d33
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I9cf0e0b5dc1e3e32e24279d2632c759cc7bd7ce9
- Merge "fdt: Fix coverity complaint about 32-bit multiplication" into integration
- fdt: Fix coverity complaint about 32-bit multiplication
Coverity raised an eyebrow over our GICR frame size calculation:
========
CID 362942: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
Potentially overflowing expression "nr_cores * gicr_frame_size" with type
"unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic,
and then used in a context that expects an expression of type "uint64_t"
(64 bits, unsigned).
========
Even with a GICv4 (256KB frame size) we need 16384 cores to overflow
32-bit, so it's not a practical issue.
But it's also easy to fix, so let's just do that: cast gicr_frame_size
to an unsigned 64-bit integer, so that the multiplication is done in the
64-bit realm.
Change-Id: Iad10e19b9e58d5fbf9d13205fbcef0aac5ae48af
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- Merge changes from topics "rename-herculesae-a78ae", "rename-zeus-v1" into integration
* changes:
Rename Neoverse Zeus to Neoverse V1
Rename Cortex Hercules AE to Cortex 78 AE
- Merge "plat/arm: common: add guard for arm_get_rotpk_info_regs" into integration
- Merge "doc: Update list of supported FVP platforms" into integration
- plat/arm: common: add guard for arm_get_rotpk_info_regs
Only define arm_get_rotpk_info_regs if ROTPK is in registers,
i.e. (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID). This will
allow platform build without definition of TZ_PUB_KEY_HASH_BASE
if dedicated registers for ROTPK are not available on the platform.
Change-Id: I74ee2d5007f5d876a031a1efca20ebee2dede0c7
Signed-off-by: Usama Arif <usama.arif@arm.com>
- Merge changes I959d1343,I6992df1a,I687e35cb,Ia5f2ee31,Ifd0bc6aa, ... into integration
* changes:
docs: marvell: update mv_ddr branch
plat: marvell: armada: a3k: rename the UART images archive
plat: marvell: armada: a3k: allow image load to RAM address 0
marvell: comphy: cp110: add support for USB comphy polarity invert
marvell: comphy: cp110: add support for SATA comphy polarity invert
marvell: comphy: cp110: implement erratum IPCE_COMPHY-1353
drivers: marvell: mochi: Update AP incoming masters secure level
plat: marvell: armada: add ccu window for workaround errata-id 3033912
plat: marvell: ap806: implement workaround for errata-id FE-4265711
- Merge "Workaround for Cortex A76 erratum 1868343" into integration
- Rename Neoverse Zeus to Neoverse V1
Change-Id: Ieb411e2f8092fa82062e619305b680673a8f184f
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
- Rename Cortex Hercules AE to Cortex 78 AE
Change-Id: Ic0ca51a855660509264ff0d084c068e1421ad09a
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
- docs: code review guidelines
Document the code review process in TF-A.
Specifically:
* Give an overview of code review and best practices.
* Give guidelines for the participants in code review.
* Outline responsibilities of each type of participant.
* Explain the Gerrit labels used in the review process.
Change-Id: I519ca4b2859601a7b897706e310f149a0c92e390
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: David Horstmann <david.horstmann@arm.com>
- bl32: add an assert on BL32_SIZE in sp_min.ld.S
This assert is present in all other linker scripts. This checks the
size of BL32 doesn't exceed its defined limit.
Change-Id: I0005959b5591d3eebd870045adafe437108bc9e1
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- bl32: use SORT_BY_ALIGNMENT macro in sp_min.ld.S
The macro SORT_BY_ALIGNMENT is used for .text* and .rodata*. This allows
reducing the space lost to object alignment. This is an alignment with
the following patch:
ebd6efae67c6a086bc97d807a638bde324d936dc
Some comments are also aligned with other linker scripts.
Change-Id: I2ea59edb445af0ed8c08fd883ffbf56852570d0c
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- Merge "doc: stm32mp1: Improve OP-TEE related documentation" into integration
- docs: marvell: update mv_ddr branch
Now that the BLE image sources (mv_ddr) are updated, reflect
the proper branch in the Armada build howto.
Change-Id: I959d1343d0dfdd681c7e39bdcaed9b36aaddfca1
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
- plat: marvell: armada: a3k: rename the UART images archive
Add *.bin extension to UART recovery images archive name.
Such naming will cause the UART recovery images to be copied to the
Buildroot output folder upon flash image build.
Change-Id: I6992df1ab2ded725bed58e5baf245ae92c4cb289
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
- plat: marvell: armada: a3k: allow image load to RAM address 0
Marvell uses RAM address 0x0 for loading BL33 stage images.
When ATF is built with DEBUG=1, its IO subsystem fails on
assert checking the destination RAM address != 0.
This patch adds PLAT_ALLOW_ZERO_ADDR_COPY to A3K platform
allowing to bypass the above check in debug mode.
Change-Id: I687e35cb2e9dc3166bdaa81b3904c20b784c5c6a
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
- marvell: comphy: cp110: add support for USB comphy polarity invert
The polarity inversion for USB was not tested due to lack of hw design
which requires it. Currently all supported boards doesn't require USB
phy polarity inversion, therefore COMPHY_POLARITY_NO_INVERT is set for
all boards. Enable the option for the ones that need it.
Change-Id: Ia5f2ee313a93962e94963e2dd8a759ef6d9da369
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
- marvell: comphy: cp110: add support for SATA comphy polarity invert
The cp110 comphy has ability to invert RX and/or TX polarity. Polarity
depends on board design. Currently all supported boards doesn't require
SATA phy polarity invert, therefore COMPHY_POLARITY_NO_INVERT is set for
all boards.
Change-Id: Ifd0bc6aaf8a76a0928132b197422f3193cf020d5
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
- marvell: comphy: cp110: implement erratum IPCE_COMPHY-1353
According to erratum IPCE_COMPHY-1353 the TX_IDLE bit should
be toggled in addition to the XFI/SFI PHY reset.
Change-Id: Idd2c2abfcb2f960caa01e6d69db524c2e4734f50
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
- drivers: marvell: mochi: Update AP incoming masters secure level
Do not force non-secure access level for PIDI masters when LLC_SRAM
is enabled. The EIP197 is located on CP0 and need to access secure
SRAM in AP LLC. This requires EIP197 DMA to have AXPROT[1]=0 and not
changed when forwarded to address decoding tables.
Change-Id: I8962db94a124350c14220ba6d0364d294ae4664a
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
- plat: marvell: armada: add ccu window for workaround errata-id 3033912
Added ccu window to allow access to addresses
in the range [0xf100_0000, 0xf1ff_ffff].
Change-Id: I63ee68338d674114d01cd627198dc907653493e8
Signed-off-by: Alex Leibovich <alexl@marvell.com>
- plat: marvell: ap806: implement workaround for errata-id FE-4265711
ERRATA ID: FE-4265711 - Incorrect CNTVAL reading
CNTVAL reflects the global system counter value in binary format.
Due to this erratum, the CNTVAL value presented to the processor
may be incorrect for several clock cycles.
Workaround: Override the default value of AP Register Device General
control 20 [19:16] and AP Register Device General Control 21 [11:8]
to the value of 0x3.
Change-Id: I1705608d08acd9631ab98d6f7ceada34d6b8336f
Signed-off-by: Stefan Chulski <stefanc@marvell.com>
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
- Merge "libfdt: Upgrade libfdt source files" into integration
- Merge "spmd: Fix signedness comparison warning" into integration
- Workaround for Cortex A76 erratum 1868343
Cortex A76 erratum 1868343 is a Cat B erratum, present in older
revisions of the Cortex A76 processor core. The workaround is to
set a bit in the CPUACTLR_EL1 system register, which delays instruction
fetch after branch misprediction. This workaround will have a small
impact on performance.
This workaround is the same as workarounds for errata 1262606 and
1275112, so all 3 have been combined into one function call.
SDEN can be found here:
https://documentation-service.arm.com/static/5f2bed6d60a93e65927bc8e7
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I7f2f9965f495540a1f84bb7dcc28aff45d6cee5d
- Merge "morello: Add Morello platform documentation" into integration
- Merge "fdts: stm32mp1: realign device tree with kernel" into integration
- libfdt: Upgrade libfdt source files
Update the libfdt source files, the upstream commit is 73e0f143b73d
("libfdt: fdt_strerror(): Fix comparison warning").
This brings us the fixes for the signed/unsigned comparison warnings,
so platforms can enable -Wsign-compare now.
Change-Id: I303d891c82ffea0acefdde27289339db5ac5a289
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- spmd: Fix signedness comparison warning
With -Wsign-compare, compilers issue a warning in the SPMD code:
====================
services/std_svc/spmd/spmd_pm.c:35:22: error: comparison of integer
expressions of different signedness: 'int' and 'unsigned int'
[-Werror=sign-compare]
35 | if ((id < 0) || (id >= PLATFORM_CORE_COUNT)) {
| ^~
cc1: all warnings being treated as errors
====================
Since we just established that "id" is positive, we can safely cast it
to an unsigned type to make the comparison have matching types.
Change-Id: I6ef24804c88136d7e3f15de008e4fea854f10ffe
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- Merge "morello: Add changes to fix build of Morello Platform" into integration
- morello: Add Morello platform documentation
Morello platform has a SCP which brings the primary Rainier CPU
out of reset which starts executing at BL31.
This patch provides documentation support for Morello platform.
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Change-Id: I38f596668e2b14862d543fabc04549ff34bfb8a2
- doc: Update list of supported FVP platforms
Updated the list of supported FVP platform as per latest
FVP platform release.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I45ef79aff147ed598a3a92ab6f6b277f7f70604a
- doc: stm32mp1: Improve OP-TEE related documentation
stm32mp15_optee_defconfig has been dropped from U-Boot as it became
identical to stm32mp15_trusted_defconfig.
Furthermore give a hint how OP-TEE is supposed to be installed.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Change-Id: Id8f0bd84a87e3a62072dd4405aadddcdd3511213
- morello: Add changes to fix build of Morello Platform
This patch makes changes required to get the morello
platform working with the tip of TF-A.
Change-Id: I095006615c9959bba49fcc75b52e1de7d7486309
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
- Merge "Measured Boot Driver: Fix MISRA-C 2012 defects" into integration
- Merge "Crypto library: Migrate support to MbedTLS v2.24.0" into integration
- Crypto library: Migrate support to MbedTLS v2.24.0
This patch migrates the mbedcrypto dependency for TF-A
to mbedTLS repo v2.24.0 which is the latest release tag.
The relevant documentation is updated to reflect the
use of new version.
Change-Id: I116f44242e8c98e856416ea871d11abd3234dac1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- Merge changes from topic "stm32_exceptions" into integration
* changes:
stm32mp1: correct crash console GPIO alternate configuration
stm32mp1: add plat_panic_handler function
stm32mp1: update plat_report_exception
Align AARCH32 version of debug.S with AARCH64
- Merge changes from topic "fpga_generic" into integration
* changes:
arm_fpga: Add platform documentation
arm_fpga: Add post-build linker script
arm_fpga: Add ROM trampoline
arm_fpga: Add devicetree file
arm_fpga: Remove SPE PMU DT node if SPE is not available
arm_fpga: Adjust GICR size in DT to match number of cores
fdt: Add function to adjust GICv3 redistributor size
drivers: arm: gicv3: Allow detecting number of cores
- Merge "Workaround for Cortex A77 erratum 1508412" into integration
- arm_fpga: Add platform documentation
As the Arm Ltd. FPGA port is now working for all existing images, add
some documentation file.
Change-Id: I9e2c532ed15bbc121bb54b3dfc1bdfee8f1443a6
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- arm_fpga: Add post-build linker script
For the Arm Ltd. FPGAs to run, we need to load several payloads into the
FPGA's memory:
- Some trampoline code at address 0x0, to jump to BL31's entry point.
- The actual BL31 binary at the beginning of DRAM.
- The (generic) DTB image to describe the hardware.
- The actual non-secure payloads (kernel, ramdisks, ...)
The latter is application specific, but the first three blobs are rather
generic.
Since the uploader tool supports ELF binaries, it seems helpful to
combine these three images into one .axf file, as this also simplifies
the command line.
Add a post-build linker script, that combines those three bits into one
ELF file, together with their specific load addresses.
Include a call to "ld" with this linker script in the platform Makefile,
so it will be build automatically. The result will be called "bl31.axf".
Change-Id: I4a90da16fa1e0e83b51d19e5b1daf61f5a0bbfca
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- arm_fpga: Add ROM trampoline
The application cores of the FPGAs used in Arm Ltd. start execution at
address 0x0. This is the location of some (emulated) ROM area (which can
be written to by the uploading tool).
Since the arm_fpga port is configured to run from DRAM, we load BL31 to
the beginning of DRAM (mapped at 2GB). This requires some small
trampoline code in the "ROM" to jump to the BL31 entry point.
To avoid some extra magic binary, add a tiny assembly file with that
trivial jump instruction to the tree, so this binary can be created
alongside BL31.
Change-Id: I9e4439fc0f093fa24dd49a8377c9edb030fbb477
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- arm_fpga: Add devicetree file
The FPGA images used in Arm Ltd. focus on CPU cores, so they share a
common platform, with a minimal set of peripherals (interconnect, GIC,
UART).
This allows to support most platforms with a single devicetree file.
The topology and number of CPU cores differ, but those will added at
runtime, in BL31. Other adjustments (GICR size, SPE node, command line)
are also done at this point.
Add the common devicetree file to TF-A's build system, so it can be
build together with BL31. At runtime, the resulting .dtb file should be
uploaded to the address given with FPGA_PRELOADED_DTB_BASE at build time.
Change-Id: I3206d6131059502ec96896e95329865452c9d83e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- arm_fpga: Remove SPE PMU DT node if SPE is not available
The Statistical Profiling Extension (SPE) is an architectural feature we
can safely detect at runtime. However it still relies on one piece of
platform-specific information: the interrupt line it is connected
to. This requires SPE to be described in a devicetree node.
Since SPE support varies with the CPU cores found on an FPGA image, we
should detect the presence of SPE at runtime, and remove a potentially
existing SPE PMU node from the DT.
This allows to always have the SPE node in a generic devicetree file,
without risking exposing it on a CPU without this feature.
Change-Id: I73d83ea8509b03fe7bba20b9cce8d1335035fa31
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- arm_fpga: Adjust GICR size in DT to match number of cores
The size of a GICv3 redistributor region depends on the number of
cores in the system. For the ARM FPGA port, we detect the topology at
runtime, and adjust the CPU DT nodes accordingly.
Now the size of the GICR region must also be adjusted, or Linux will
fail to initialise the GICv3.
Use the newly introduced function to overwrite the GICR size entry in
the GICv3 reg property. We count the number of existing cores by
iterating over the GICR frames until we find the LAST bit set in TYPER.
Change-Id: Ib69565600859de9b1b15ceb8495172cd26d16fce
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- fdt: Add function to adjust GICv3 redistributor size
We now have code to detect the CPU topology at runtime, and can also
populate the CPU nodes in a devicetree accordingly. This is used by the
ARM FPGA port, for instance.
But also a GICv3 compatible interrupt controller provides MMIO frames
per core, so the size of this region needs to be adjusted in the DT,
to match the number of cores as well.
Provide a generic function to find the GICv3 interrupt controller in
the DT, then adjust the "reg" entry to match the number of detected
cores. Since the size of the GICR frame per cores differs between
GICv4 and GICv3, this size is supplied as a parameter to the function.
The caller should determine the applicable value by either hardcoding
it or by observing GICR_TYPER.VLPIS.
Change-Id: Ic2a6445c2c5381a36bf24263f52fcbefad378c05
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- drivers: arm: gicv3: Allow detecting number of cores
A GICv3 interrupt controller will be instantiated for a certain number
of cores. This will result in the respective number of GICR frames. The
last frame will have the "Last" bit set in its GICR_TYPER register.
For platforms with a topology unknown at build time (the Arm FPGAs, for
instance), we need to learn the number of used cores at runtime, to size
the GICR region in the devicetree accordingly.
Add a generic function that iterates over all GICR frames until it
encounters one with the "Last" bit set. It returns the number of cores
the GICv3 has been configured for.
Change-Id: I79f033c50dfc1c275aba7122725868811abcc4f8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- Merge changes I1ecbe5a1,Ib5945c37,Ic6b79648 into integration
* changes:
plat/arm: Add platform support for Morello
fdts: add device tree sources for morello platform
lib/cpus: add support for Morello Rainier CPUs
- Merge "arm_fpga: Add support for unknown MPIDs" into integration
- plat/arm: Add platform support for Morello
This patch adds support for Morello platform.
It is an initial port which includes only BL31 support
as the System Control Processor (SCP) is expected to take
the role of primary bootloader.
Change-Id: I1ecbe5a14a2d487b2ecea3c1ca227f08473ed2dd
Co-authored-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Signed-off-by: Anurag Koul <anurag.koul@arm.com>
- fdts: add device tree sources for morello platform
Change-Id: Ib5945c37983505f327a195bdb8b91ed1b7b90921
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
- lib/cpus: add support for Morello Rainier CPUs
This patch adds CPU support for the Rainier CPU which is
derived from Neoverse N1 r4p0 CPU and implements the
Morello capability architecture.
Change-Id: Ic6b796481da5a66504ecb0648879446edf4c69fb
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
- Measured Boot Driver: Fix MISRA-C 2012 defects
This patch fixes MISRA C-2012 Pointers and Arrays
Rule 18.4 defects reported by Coverity scan:
"misra_c_2012_rule_18_4_violation: Using arithmetic on pointer "
Change-Id: I06753b28467c473e346b9871c1657284fc43a3f3
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- Workaround for Cortex A77 erratum 1508412
Cortex A77 erratum 1508412 is a Cat B Errata present in r0p0 and r1p0.
The workaround is a write sequence to several implementation defined
registers based on A77 revision.
This errata is explained in this SDEN:
https://static.docs.arm.com/101992/0010/Arm_Cortex_A77_MP074_Software_Developer_Errata_Notice_v10.pdf
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I217993cffb3ac57c313db8490e7b8a7bb393379b
- arm_fpga: Add support for unknown MPIDs
This patch allows the system to fallback to a default CPU library
in case the MPID does not match with any of the supported ones.
This feature can be enabled by setting SUPPORT_UNKNOWN_MPID build
option to 1 (enabled by default only on arm_fpga platform).
This feature can be very dangerous on a production image and
therefore it MUST be disabled for Release images.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I0df7ef2b012d7d60a4fd5de44dea1fbbb46881ba
- Merge changes from topic "stm32_drivers_update" into integration
* changes:
clk: stm32mp1: fix rcc mckprot status
drivers: st: add missing includes in ETZPC header
mmc: st: clear some flags before sending a command
mmc: st: correct retries management
nand: raw_nand: fix timeout issue in nand_wait_ready
mtd: spi_nor: change message level on macronix detection
gpio: stm32_gpio: check GPIO node status after checking DT
crypto: stm32_hash: fix issue when restarting computation
- Merge changes from topic "tc0_architecture_change" into integration
* changes:
plat: tc0: enable TZC
fdts: tc0: update MHUv2 interrupt number
- mediatek: mt8192: add GIC600 support
1. Implement GIC600 driver support and init
2. Remove unused debug info
Signed-off-by: Greta Zhang <greta.zhang@mediatek.com>
Change-Id: I30c08c531e705debc029071e4e970048e261c386
- Merge "plat/arm/css/sgi: Map flash used for mem_protect" into integration
- Merge "plat/arm: Introduce and use libc_asm.mk makefile" into integration
- plat/arm/css/sgi: Map flash used for mem_protect
The SGI platform defines the macro PLAT_ARM_MEM_PROT_ADDR which
indicates that the platform has mitigation for cold reboot attacks.
However, the flash memory used for the mem_protect region was not
mapped. This results in a crash when an OS calls PSCI MEM_PROTECT.
To fix this map the flash region used for mem_protect.
Change-Id: Ia494f924ecfe2ce835c045689ba8f942bf0941f4
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
- Merge "Select the Log Level for the Event Log Dump on Measured Boot at build time." into integration
- plat: tc0: enable TZC
Change-Id: Ic2bb8482f0b602f6b7850d4fa553448bc4931edc
Signed-off-by: Usama Arif <usama.arif@arm.com>
- clk: stm32mp1: fix rcc mckprot status
MCKPROT hardening in RCC mandates that both bits RCC[TZEN] and
RCC[MCKPROT] are enabled. This change fixes stm32mp1_rcc_is_mckprot()
to check both bits, not RCC[MCKPROT] only.
This change also updates stm32mp1_rcc_is_secure() for consistency.
Change-Id: If1f07babdcb5677906ddbf974d9dc17255d4e174
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- drivers: st: add missing includes in ETZPC header
Depending on compiler, the issue about bool or uint*_t not defined can
appear.
Correct this by adding stdbool.h and stdint.h includes in etzpc.h.
Change-Id: If1419dc511efbe682459fa4a776481fa52a38aa3
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- mmc: st: clear some flags before sending a command
The ICR static flags are cleared before sending a command.
The SDMMC_DCTRLR register is set to 0 if no data is expected on a given
command or on the next command in case of CMD55.
Change-Id: I5ae172a484218f53160e98b3684967c6960475a6
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- mmc: st: correct retries management
The retries number should be 3.
A warning message is added in mmc_block_read(), and the code is refactored.
Change-Id: I577c7dd91c451c7580b1660042cb5fe26ee3fa12
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- nand: raw_nand: fix timeout issue in nand_wait_ready
nand_wait_ready is called with a millisecond delay
but the timeout used a micro second. Fixing the conversion
in the timeout call.
The prototype of the function is also changed to use an unsigned int
parameter.
Change-Id: Ia3281be7980477dfbfdb842308d35ecd8b926fb8
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- mtd: spi_nor: change message level on macronix detection
Change the detection message from WARN to INFO when macronix
NOR is detected.
Change-Id: I488696f1fb75b823e85decfcd6cd32e7b36a6c2e
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- gpio: stm32_gpio: check GPIO node status after checking DT
The call to fdt_get_status(node) has to be done after the DT is found
to be valid.
Fixes: 1fc2130c5 stm32mp1: update device tree and gpio functions
Change-Id: I70f803aae3dde128a9e740f54c8837b64cb1a244
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- crypto: stm32_hash: fix issue when restarting computation
While restarting a new hash computation, STR register
is not cleared. It needs to be written before each
computation.
Change-Id: If65902dd21f9c139ec5da3ca87721232f73710db
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- fdts: stm32mp1: realign device tree with kernel
There is one dtsi file per SoC version:
- STM32MP151: common part for all version, Single Cortex-A7
- STM32MP153: Dual Cortex-A7
- STM32MP157: + GPU and DSI, but not needed for TF-A
The STM32MP15xC include a cryptography peripheral, add it in a dedicated
file.
There are 4 packages available, for which the IOs number change. Have one
file for each package. The 2 packages AB and AD are added.
STM32157A-DK1 and STM32MP157C-DK2 share most of their features, a common
dkx file is then created.
Some reordering is done in other files, and realign with kernel DT files.
The DDR files are generated with our internal tool, no changes in the
registers values.
Change-Id: I9f2ef00306310abe34b94c2f10fc7a77a10493d1
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- Merge "libc: Import strtok_r from FreeBSD project" into integration
- fdts: tc0: update MHUv2 interrupt number
This is as part of the architecture change in TC0.
Change-Id: I470241f67938e7998941d26f0e8bc05073234152
Signed-off-by: Usama Arif <usama.arif@arm.com>
- Select the Log Level for the Event Log Dump on Measured Boot at build time.
Builds in Debug mode with Measured Boot enabled might run out of trusted
SRAM. This patch allows to change the Log Level at which the Measured Boot
driver will dump the event log, so the latter can be accessed even on
Release builds if necessary, saving space on RAM.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I133689e313776cb3f231b774c26cbca4760fa120
- Merge "plat: marvell: ap807: implement workaround for errata-id 3033912" into integration
- Merge "SPMC: adjust the number of EC context to max number of PEs" into integration
- stm32mp1: correct crash console GPIO alternate configuration
If GPIO port for UART TX is less than 8, the register GPIO_AFRL should
be used to set the alternate. GPIO_AFRH is used if GPIO port is greater
or equal to 8. The macro GPIO_TX_ALT_SHIFT is removed and the GPIO port
number is tested against GPIO_ALT_LOWER_LIMIT (=8) in
plat_crash_console_init() function.
Change-Id: Ibb62223ed6bce589bbcab59a5e986b2677e6d118
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- stm32mp1: add plat_panic_handler function
The STM32MP1 implementation of this function will call
plat_report_exception(). It displays more information about the panic
if DEBUG is enabled.
The LR register is also filled with R6 content, which hold the faulty
address. This allows debugger to reconstruct the backtrace.
Change-Id: I6710e8e2ab6658b05c5bbad2f3c545f07f355afb
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- stm32mp1: update plat_report_exception
In case DEBUG is enabled, plat_report_exception will now display extra
information of the cause of the exception.
Change-Id: I72cc9d180959cbf31c13821dd051eaf4462b733e
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- Align AARCH32 version of debug.S with AARCH64
Re-order code (put panic and report_exception at the end of the file).
Export asm_print_* functions.
Add asm_print_line_dec macro, and asm_print_newline func.
Align comments in both AARCH32 and AARCH64 files.
Add blank lines in AARCH64 files to align with AARCH32.
Change-Id: I8e299a27c1390f71f04e260cd4a0e59b2384eb19
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- Merge "n1sdp: add support for remote chip pcie." into integration
- Merge "build_macros.mk: include assert and define loop macros" into integration
- Merge "defaults.mk: default KEY_SIZE to 2048 in case of RSA algorithm" into integration
- libc: Import strtok_r from FreeBSD project
From commit: 21571b1d140ae7bb44e94c0afba2ec61456b275b
Made small changes to fit into TF-A project
Change-Id: I991f653a7ace04f9c84bcda78ad8d7114ea18e93
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
- Merge changes from topic "ehf_common" into integration
* changes:
plat: tegra: Use generic ehf defines
ehf: use common priority level enumuration
- Merge "spmd: remove assert for SPMC PC value" into integration
- Merge "doc: Recommend using C rather than assembly language" into integration
- n1sdp: add support for remote chip pcie.
Remote chip ITS, SMMU, PCIe nodes are added for enabling remote
chip PCIe hierarchy.
Change-Id: I5b3ca733715defa38e413588ccd13d0688cba271
Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com>
- Merge "SPE: Fix feature detection" into integration
- Merge changes from topic "cot-parser" into integration
* changes:
plat/arm: fvp: Increase BL2 maximum size
lib: fconf: Implement a parser to populate CoT
- Merge "doc: Correct CPACR.FPEN usage" into integration
- SPMC: adjust the number of EC context to max number of PEs
According to [1] and in context of FF-A v1.0 a secure partition must
have either one EC (migratable UP) or a number of ECs equal to the
number of PEs (pinned MP). Adjust the SPMC manifest such that the
number of ECs is equal to the number of PEs.
[1] https://trustedfirmware-a.readthedocs.io/en/latest/components/
secure-partition-manager.html#platform-topology
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ie8c7d96ae7107cb27f5b97882d8f476c18e026d4
- plat/arm: fvp: Increase BL2 maximum size
Increased BL2 maximum size when CoT descriptors are placed
in device tree.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I6466d2841e189e7f15eb4f1a8db070542893cb5b
- lib: fconf: Implement a parser to populate CoT
Implemented a parser which populates the properties of
the CoT descriptors as per the binding document [1].
'COT_DESC_IN_DTB' build option is disabled by default and can
be enabled in future for all Arm platforms by making necessary
changes in the memory map.
Currently, this parser is tested only for FVP platform.
[1]:
https://trustedfirmware-a.readthedocs.io/en/latest/components/cot-binding.html
Change-Id: I2f911206087a1a2942aa728de151d2ac269d27cc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- Merge "doc: add description of "owner" field in SP layout file." into integration
- Merge changes from topic "sami/834_fiptool_pack_issue_win_v1" into integration
* changes:
Update makefile to build fiptool for Windows
Fix fiptool packaging issue on windows
- doc: add description of "owner" field in SP layout file.
Change-Id: Iedaa83ed546eb2476849a8d53f6e05b847a48b23
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
- Merge "fdts: corstone700: add NXP isp1763 node to device tree" into integration
- Merge "rockchip: don't crash if we get an FDT we can't parse" into integration
- SPE: Fix feature detection
Currently the feature test for the SPE extension requires the feature
bits in the ID_AA64DFR0 register to read exactly 0b0001.
However the architecture guarantees that any values greater than 0
indicate the presence of a feature, which is what we are after in
our spe_supported() function.
Change the comparison to include all values greater than 0.
This fixes SPE support in non-secure world on implementations which
include the Scalable Vector Extension (SVE), for instance on Zeus cores.
Change-Id: If6cbd1b72d6abb8a303e2c0a7839d508f071cdbe
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- build_macros.mk: include assert and define loop macros
Loop macros make it easier for developers to include new variables to
assert or define and also help code code readability on makefiles.
Change-Id: I0d21d6e67b3eca8976c4d856ac8ccc02c8bb5ffa
Signed-off-by: Leonardo Sandoval <leonardo.sandoval@linaro.org>
- Update makefile to build fiptool for Windows
Although support for building fiptool on a Windows host was present,
the binary was not built when the top level makefile was invoked.
This patch makes the necessary changes to the to support building of
fiptool on a Windows host PC from the main makefile.
Change-Id: I0c01ba237fa3010a027a1b324201131210cf4d7c
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
- Fix fiptool packaging issue on windows
Windows does not have a standard getopt implementation. To address
this an equivalent implementation has been provided in win_posix.c
However, the implementation has an issue with option processing as
described below.
Long option names may be abbreviated if the abbreviation is unique
or an exact match for some defined option.
Since some options can be substring of other options e.g. "scp-fw"
option is a substring of "scp-fwu-cfg", we need to identify if an
option is abbreviated and also check for uniqueness. Otherwise if
a user passes --scp-fw as an option, the "scp-fwu-cfg" option may
get selected, resulting in an incorrectly packaged FIP.
This issue has been be fixed by:
- First searching for an exact match.
- If exact match was not found search for a abbreviated match.
By doing this an incorrect option selection can be avoided.
Change-Id: I22f4e7a683f3df857f5b6f0783bf9b03a64a0bcc
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
- doc: Correct CPACR.FPEN usage
To avoid trapping from EL0/1, FPEN bits need to be set 0x3, not
clearing.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Change-Id: Ic34e9aeb876872883c5f040618ed6d50f21dacd0
- Merge "libc: Import strlcat from FreeBSD project" into integration
- Merge "libc: Add support for vsnprintf()" into integration
- libc: Add support for vsnprintf()
It uses the existing implementation of snprintf() function
Change-Id: Ie59418564c2e415222e819cf322c34e9a4d1f336
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
- Merge "Workaround for Neoverse N1 erratum 1868343" into integration
- Merge "tc0: increase SCP_BL2 size to 128 kB" into integration
- Merge "SPM: Get rid of uint32_t array representation of UUID" into integration
- Merge "tools: Set the tool's default binary name" into integration
- Workaround for Neoverse N1 erratum 1868343
Neoverse N1 erratum 1868343 is a Cat B erratum, present in older
revisions of the Neoverse N1 processor core. The workaround is to
set a bit in the CPUACTLR_EL1 system register, which delays instruction
fetch after branch misprediction. This workaround will have a small
impact on performance.
SDEN can be found here:
https://documentation-service.arm.com/static/5f2c130260a93e65927bc92f
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I37da2b3b2da697701b883bff9a1eff2772352844
- defaults.mk: default KEY_SIZE to 2048 in case of RSA algorithm
According to the documentation [1], KEY_SIZE defaults to 2048 when RSA
algorithm is chosen, so set this value on the make's defaults file.
[1] https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/build-options.html
Change-Id: I030f98363198a752bc0dd03528f748de527d48d8
Signed-off-by: Leonardo Sandoval <leonardo.sandoval@linaro.org>
- Merge "plat/arm: rdn1edge: Correct mismatched parenthesis in makefile" into integration
- Merge "Addition of standard APIs in qtiseclib interface" into integration
- tc0: increase SCP_BL2 size to 128 kB
The size of debug binaries of SCP has increased beyond the current
limit of 80kB set in platform. Hence, increase it to 128kB.
Change-Id: I5dbcf87f8fb35672b39abdb942c0691fb339444a
Signed-off-by: Usama Arif <usama.arif@arm.com>
- plat: tegra: Use generic ehf defines
Use common ehf file for generic frameworks like SDEI, RAS and
extend plat specific defines using 'PLAT_EHF_DESC'.
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Change-Id: I8a8161c6030f8d226a8bdf0301e7fe6139f019a4
- plat/arm: rdn1edge: Correct mismatched parenthesis in makefile
This fixes build errors for rdn1edge
Change-Id: I63f7ebff68679e1e859f8786d4def4960c0f2ddf
Signed-off-by: Anders Dellien <anders.dellien@arm.com>
- SPM: Get rid of uint32_t array representation of UUID
UUID's in the device tree files were stored in little endian. So
to keep all entries in these files RFC 4122 compliant, store them in
big endian then convert it to little endian when they are read so they
can be used in the UUID data structure.
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: I5674159b82b245104381df10a4e3291160d9b3b5
- libc: Import strlcat from FreeBSD project
From commit: 21571b1d140ae7bb44e94c0afba2ec61456b275b
Made small changes to fit into TF-A project
Change-Id: I07fd7fe1037857f6b299c35367c104fb51fa5cfa
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
- Merge "libc: memset: improve performance by avoiding single byte writes" into integration
- Merge "mediatek: Add jedec info" into integration
- Merge "plat/arm: Add dependencies to configuration files" into integration
- Merge "plat: Fix build issue for qemu and rpi3 platforms" into integration
- Merge "Fix: fixing coverity issue for SPM Core." into integration
- Addition of standard APIs in qtiseclib interface
Follwing APIs wrappers are exposed to qtiseclib
* strcmp
* memset
* memmove
Change-Id: I79d50f358239cfda607d5f1a53314aa3b8f430cb
Signed-off-by: Saurabh Gorecha <sgorecha@codeaurora.org>
- Merge "Enabling DPU in dts file for TC0" into integration
- Enabling DPU in dts file for TC0
This change replaces hdlcd with DPU in dts file for TC0
Change-Id: If25dfd3ddffc07279ab487f65e1bb82b27a26604
Signed-off-by: Avinash Mehta <avinash.mehta@arm.com>
- Merge "doc: Improve contribution guidelines" into integration
- Fix: fixing coverity issue for SPM Core.
spmd_get_context_by_mpidr was using potentially negative value as an
array index. plat_core_pos_by_mpidr could return -1 on failure which is
utilized by some platforms.
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: I7f8827e77f18da389c9cafdc1fc841aba9f03120
- fdts: corstone700: add NXP isp1763 node to device tree
Add USB IP node as the MPS3 board has the NXP isp1763 host controller.
Change-Id: I47c57e4c8345d244c46895b52fcaecc1c6f1b504
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: lakshmi Kailasanathan <lakshmi.Kailasanathan@arm.com>
- plat: Fix build issue for qemu and rpi3 platforms
Coverity build periodically throws below errors(non-consistently)
for 'QEMU' and 'RPI3' platforms.
/bin/sh: 1: cannot create build/qemu/debug/rot_key.pem: Directory
nonexistent
plat/qemu/qemu/platform.mk:86: recipe for target 'build/qemu/debug/
rot_key.pem' failed
make: *** [build/qemu/debug/rot_key.pem] Error 2
/bin/sh: 1: cannot create /work/workspace/workspace/tf-coverity/build
/rpi3/debug/rot_key.pem: Directory nonexistent
plat/rpi/rpi3/platform.mk:214: recipe for target '/work/workspace/
workspace/tf-coverity/build/rpi3/debug/rot_key.pem' failed
make: *** [/work/workspace/workspace/tf-coverity/build/rpi3/debug/
rot_key.pem] Error 2
Issue seems to be occurred when 'ROT key' is generated before creating
the platform build folder(for e.g.build/qemu/debug).
Changes are made to fix this issue by adding orderly dependancy of
the platform folder for the 'ROT key' creation which ensures that
platform folder is created before generating 'ROT key'.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I20c82172dde84e4c7f2373c0bd095d353f845d38
- tools: Set the tool's default binary name
This patch: fafd3ec9c assumes that tools must build from
the main makefile folder.
This assumption leads to the error when somebody wants to
build a tool from the tool's folder.
Hence changes are done to provide the default binary name
in the tool's makefile.
Change-Id: Iae570a7f8d322151376b6feb19e739300eecc3fc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- libc: memset: improve performance by avoiding single byte writes
Currently our memset() implementation is safe, but slow. The main reason
for that seems to be the single byte writes that it issues, which can
show horrible performance, depending on the implementation of the
load/store subsystem.
Improve the algorithm by trying to issue 64-bit writes. As this only
works with aligned pointers, have a head and a tail section which
covers unaligned pointers, and leave the bulk of the work to the middle
section that does use 64-bit writes.
Put through some unit tests, which exercise all combinations of nasty
input parameters (pointers with various alignments, various odd and even
sizes, corner cases of content to write (-1, 256)).
Change-Id: I28ddd3d388cc4989030f1a70447581985368d5bb
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- Merge "lib: cpu: Check SCU presence in DSU before accessing DSU registers" into integration
- Merge "psci: utility api to invoke stop for other cores" into integration
- Merge "Add Chris Kay as code owner for CMake Build Definitions." into integration
- Add Chris Kay as code owner for CMake Build Definitions.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I69365d4aed1160af41e291f6e4b1dd31cbd12e02
- psci: utility api to invoke stop for other cores
The API can be used to invoke a 'stop_func' callback for all
other cores from any initiating core. Optionally it can also
wait for other cores to power down. There may be various use
of such API by platform. Ex: Platform may use this to power
down all other cores from a crashed core.
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Change-Id: I4f9dc8a38d419f299c021535d5f1bcc6883106f9
- Merge "spd: trusty: allow clients to retrieve service UUID" into integration
- Merge "maintainers: step down as code owner of UniPhier platform" into integration
- plat/arm: Introduce and use libc_asm.mk makefile
Trace analysis of FVP_Base_AEMv8A 0.0/6063 model
running in Aarch32 mode with the build options
listed below:
TRUSTED_BOARD_BOOT=1 GENERATE_COT=1
ARM_ROTPK_LOCATION=devel_ecdsa KEY_ALG=ecdsa
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_ecdsa.pem
shows that when auth_signature() gets called
71.99% of CPU execution time is spent in memset() function
written in C using single byte write operations,
see lib\libc\memset.c.
This patch introduces new libc_asm.mk makefile which
replaces C memset() implementation with assembler
version giving the following results:
- for Aarch32 in auth_signature() call memset() CPU time
reduced to 20.56%.
The number of CPU instructions (Inst) executed during
TF-A boot stage before start of BL33 in RELEASE builds
for different versions is presented in the tables below,
where:
- C TF-A: existing TF-A C code;
- C musl: "lightweight code" C "implementation of the
standard library for Linux-based systems"
https://git.musl-libc.org/cgit/musl/tree/src/string/memset.c
- Asm Opt: assemler version from "Arm Optimized Routines"
project
https://github.com/ARM-software/optimized-routines/blob/
master/string/arm/memset.S
- Asm Linux: assembler version from Linux kernel
https://github.com/torvalds/linux/blob/master/arch/arm/lib/memset.S
- Asm TF-A: assembler version from this patch
Aarch32:
+-----------+------+------+--------------+----------+
| Variant | Set | Size | Inst | Ratio |
+-----------+------+------+--------------+----------+
| C TF-A | T32 | 16 | 2122110003 | 1.000000 |
| C musl | T32 | 156 | 1643917668 | 0.774662 |
| Asm Opt | T32 | 84 | 1604810003 | 0.756233 |
| Asm Linux | A32 | 168 | 1566255018 | 0.738065 |
| Asm TF-A | A32 | 160 | 1525865101 | 0.719032 |
+-----------+------+------+--------------+----------+
AArch64:
+-----------+------+------------+----------+
| Variant | Size | Inst | Ratio |
+-----------+------+------------+----------+
| C TF-A | 28 | 2732497518 | 1.000000 |
| C musl | 212 | 1802999999 | 0.659836 |
| Asm TF-A | 140 | 1680260003 | 0.614917 |
+-----------+------+------------+----------+
This patch modifies 'plat\arm\common\arm_common.mk'
by overriding libc.mk makefile with libc_asm.mk and
does not effect other platforms.
Change-Id: Ie89dd0b74ba1079420733a0d76b7366ad0157c2e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- Merge "arm_fpga: Add support to populate the CPU nodes in the DTB" into integration
- lib: cpu: Check SCU presence in DSU before accessing DSU registers
The DSU contains system control registers in the SCU and L3 logic to
control the functionality of the cluster. If "DIRECT CONNECT" L3
memory system variant is used, there won't be any L3 cache,
snoop filter, and SCU logic present hence no system control register
will be present. Hence check SCU presence before accessing DSU register
for DSU_936184 errata.
Signed-off-by: Pramod Kumar <pramod.kumar@broadcom.com>
Change-Id: I1ffa8afb0447ae3bd1032c9dd678d68021fe5a63
- Merge "Tegra: common: fixup the bl31 code size to be copied at reset" into integration
- arm_fpga: Add support to populate the CPU nodes in the DTB
At the moment BL31 dynamically discovers the CPU topology of an FPGA
system at runtime, but does not export it to the non-secure world.
Any BL33 user would typically looks at the devicetree to learn about
existing CPUs.
This patch exports a minimum /cpus node in a devicetree to satisfy
the binding. This means that no cpumaps or caches are described.
This could be added later if needed.
An existing /cpus node in the DT will make the code bail out with a
message.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I589a2b3412411a3660134bdcef3a65e8200e1d7e
- plat/arm: Add dependencies to configuration files
This patch adds dependencies to the generated configuration
files that are included in the FIP. This fixes occasional
build errors that occur when the FIP happens to be built first.
Change-Id: I5a2bf724ba3aee13954403b141f2f19b4fd51d1b
Signed-off-by: Anders Dellien <anders.dellien@arm.com>
- Merge "Move static vars into functions in bl1" into integration
- Merge "plat/arm: Get the base address of nv-counters from device tree" into integration
- Merge "dtsi: Update the nv-counter node in the device tree" into integration
- Merge changes from topic "tegra-downstream-08282020" into integration
* changes:
Tegra: common: disable GICC after domain off
cpus: denver: skip DCO enable/disable for recent SKUs
- Merge "Remove Jack Bond-Preston as CMake Build Definitions code owner" into integration
- spmd: remove assert for SPMC PC value
This patch removes the assert that expects the SPMC PC
value to be same as BL32_BASE. This assumption is not
true for all platforms e.g. Tegra, and so will be removed
from the SPMD.
Platforms can always add this check to the platform files,
if required.
Change-Id: Ic40620b43d160feb4f72f4af18e6d01861d4bf37
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- Merge "Add support to export a /cpus node to the device tree." into integration
- Add support to export a /cpus node to the device tree.
This patch creates and populates the /cpus node in a device tree
based on the existing topology. It uses the minimum required nodes
and properties to satisfy the binding as specified in
https://www.kernel.org/doc/Documentation/devicetree/bindings/arm/cpus.txt
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I03bf4e9a6427da0a3b8ed013f93d7bc43b5c4df0
- Merge "sp_min: Avoid platform security reconfiguration" into integration
- Merge "doc: Update the cot-binding for nv-counter node" into integration
- mediatek: Add jedec info
Add jedec info for mt8173, mt8183, and mt8192.
[1] http://www.softnology.biz/pdf/JEP106AV.pdf
Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
Change-Id: Iab36fd580131f0b09b27223fba0e9d1e187d9196
- Merge changes from topic "tegra-downstream-08282020" into integration
* changes:
Tegra: platform specific BL31_SIZE
Tegra186: sanity check power state type
Tegra: fixup CNTPS_TVAL_EL1 delay timer reads
Tegra: add platform specific 'runtime_setup' handler
Tegra: remove ENABLE_SVE_FOR_NS = 0
lib: cpus: denver: add MIDR PN9 variant
cpus: denver: introduce macro to declare cpu_ops
- spd: trusty: allow clients to retrieve service UUID
This patch implements support for the 64-bit and 32-bit versions of
0xBF00FF01 SMC function ID, as documented by the SMCCC, to allow
non-secure world clients to query SPD's UUID.
In order to service this FID, the Trusty SPD now increases the range
of SMCs that it services. To restrict Trusty from receiving the extra
SMC FIDs, this patch drops any unsupported FID.
Verified with TFTF tests for UID query and internal gtest for Trusty.
Change-Id: If96fe4993f7e641595cfe67cc6b4210a0d52403f
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- Tegra: common: fixup the bl31 code size to be copied at reset
If the CPU doesn't run from BL31_BASE, the firmware needs to be
copied from load address to BL31_BASE during cold boot. The size
should be the actual size of the code, which is indicated by the
__RELA_END__ linker variable.
This patch updates the copy routine to use this variable as a
result.
Signed-off-by: anzhou <anzhou@nvidia.com>
Change-Id: Ie3a48dd54cda1dc152204903d609da3117a0ced9
- Tegra: common: disable GICC after domain off
The the GIC CPU interface should be disabled after cpu off. The
Tegra power management code should mark the connected core as asleep
as part of the CPU off sequence.
This patch disables the GICC after CPU off as a result.
Signed-off-by: anzhou <anzhou@nvidia.com>
Change-Id: Ib1a3d8903f5e6d55bd2ee0c16134dbe2562235ea
- cpus: denver: skip DCO enable/disable for recent SKUs
DCO is not supported by the SKUs released after MIDR_PN4. This
patch skips enabling or disabling the DCO on these SKUs.
Change-Id: Ic31a829de3ae560314d0fb5c5e867689d4ba243b
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- Tegra: platform specific BL31_SIZE
This patch moves the BL31_SIZE to the Tegra SoC specific
tegra_def.h. This helps newer platforms configure the size of
the memory available for BL31.
Signed-off-by: anzhou <anzhou@nvidia.com>
Change-Id: I43c60b82fa7e43d5b05d87fbe7d673d729380d82
- Tegra186: sanity check power state type
This patch sanity checks the power state type before use,
from the platform's PSCI handler.
Verified with TFTF Standard Test Suite.
Change-Id: Icd45faac6c023d4ce7f3597b698d01b91a218124
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- Tegra: fixup CNTPS_TVAL_EL1 delay timer reads
The delay_timer driver for Tegra uses the CNTPS_TVAL_EL1 secure, physical,
decrementing timer as the source. The current logic incorrectly marks this
as an incrementing timer, by negating the timer value.
This patch fixes the anomaly and updates the driver to remove this logic.
Signed-off-by: anzhou <anzhou@nvidia.com>
Change-Id: I60490bdcaf0b66bf4553a6de3f4e4e32109017f4
- Tegra: add platform specific 'runtime_setup' handler
Tegra SoCs would like the flexibility to perform chip specific actions
before we complete cold boot. This patch introduces a platform specific
'runtime_setup' handler to provide that flexibility.
Change-Id: I13b2489f631f775cae6f92acf51a240cd036ef11
Signed-off-by: Kalyani Chidambaram Vaidyanathan <kalyanic@nvidia.com>
- Tegra: remove ENABLE_SVE_FOR_NS = 0
The SVE CPU extension library reads the id_aa64pfr0_el1 register to
check if SVE is enabled. Tegra platforms disabled ENABLE_SVE_FOR_NS for
pre-8.2 platforms, but this flag can safely be enabled now that the
library can enable the feature at runtime.
This patch updates the makefile to remove "ENABLE_SVE_FOR_NS = 0"
as a result.
Change-Id: Ia2a89ac90644f8c0d39b41d321e04458ff6be6e1
Signed-off-by: Kalyani Chidambaram Vaidyanathan <kalyanic@nvidia.com>
- lib: cpus: denver: add MIDR PN9 variant
This patch introduces support for PN9 variant for some
Denver based platforms.
Original change by: Hemant Nigam <hnigam@nvidia.com>
Signed-off-by: Kalyani Chidambaram Vaidyanathan <kalyanic@nvidia.com>
Change-Id: I331cd3a083721fd1cd1b03f4a11b32fd306a21f3
- cpus: denver: introduce macro to declare cpu_ops
This patch introduces a macro to declare cpu_op for all Denver
SKUs.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ibcf88c3256fc5dcaa1be855749ebd2c5c396c977
- Merge "qti: spmi_arb: Fix coverity integer conversion warnings" into integration
- Move static vars into functions in bl1
This reduces the scope of these variables and resolves Misra violations
such as:
bl1/aarch64/bl1_context_mgmt.c:21:[MISRA C-2012 Rule 8.9 (advisory)]
"bl1_cpu_context" should be defined at block scope.
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Change-Id: I9b0b26395bce07e10e61d10158c67f9c22ecce44
- maintainers: step down as code owner of UniPhier platform
I am leaving Socionext. Orphan the UniPhier platform until somebody
takes the role.
Change-Id: I54d3da6d49c1ccaaa475431654db578b683db88a
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
- Merge changes from topic "tegra-downstream-08252020" into integration
* changes:
Tegra194: remove unused tegra_mc_defs header
Tegra: memctrl: platform setup handler functions
Tegra194: memctrl: remove streamid security cfg registers
Tegra194: memctrl: remove streamid override cfg registers
Tegra: debug prints indicating SC7 entry sequence completion
Tegra194: add strict checking mode verification
Tegra194: memctrl: update TZDRAM base at 1MB granularity
Tegra194: ras: split up RAS error clear SMC call.
Tegra: platform specific GIC sources
Tegra194: add memory barriers during DRAM to SysRAM copy
Tegra: sip: add VPR resize enabled check
Tegra194: add redundancy checks for MMIO writes
Tegra: remove unused cortex_a53.h
Tegra194: report failure to enable dual execution
Tegra194: verify firewall settings before resource use
- Merge changes from topic "tc0/dts" into integration
* changes:
fdts: tc0: add support for cpu-idle-states
fdts: tc0: Add node for mmc
- Remove Jack Bond-Preston as CMake Build Definitions code owner
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I542ec3cf1bb929a5656dda6dbad816b69837c646
- sp_min: Avoid platform security reconfiguration
In the case of Juno AArch32, platform security configuration
gets done from both BL2 and SP_MIN(BL32) components when
JUNO_AARCH32_EL3_RUNTIME and RESET_TO_SP_MIN build options
are set.
Fix is provided to avoid Platform security configuration from
SP_MIN when it is already done in BL2.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I702e91dacb4cdd2d10e339ddeaea91289bef3229
- plat/arm: Get the base address of nv-counters from device tree
Using the Fconf, register base address of the various nv-counters
(currently, trusted, non-trusted nv-counters) are moved to the
device tree and retrieved during run-time. This feature is
enabled using the build option COT_DESC_IN_DTB.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I236f532e63cea63b179f60892cb406fc05cd5830
- dtsi: Update the nv-counter node in the device tree
Created a header file defining the id of the various nv-counters
used in the system.
Also, updated the device tree to add 'id' property for the trusted
and non-trusted nv-counters.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ia41a557f7e56ad4ed536aee11c7a59e078ae07c0
- doc: Update the cot-binding for nv-counter node
Updated the cot-binding documentation to add 'id'
property for the trusted and non-trusted nv-counters.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: If1c628c5b90fe403dd96c7cd0cd04f37288c965c
- Tegra194: remove unused tegra_mc_defs header
This patch removes the unused header from the Tegra194
platform files. As a result, the TSA MMIO would be
removed from the memory map too.
Change-Id: I2d38b3da7a119f5dfd6cfd429e481f4e6ad3481e
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- Tegra: memctrl: platform setup handler functions
The driver initially contained the setup steps to help Tegra186
and Tegra194 SoCs. In order to support future SoCs and make sure
that the driver remains generic enough, some code should be moved
to SoC.
This patch creates a setup handler for a platform to implement its
initialization sequence.
Change-Id: I8bab7fd07f25e0457ead8e2d2713efe54782a59b
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- Tegra194: memctrl: remove streamid security cfg registers
The stream ID security configuration settings shall be done by the
previous level bootloader. This change removes the same settings
from the Tegra194 platform code as a result.
Change-Id: Ia170ca4c2119db8f1d0251f1c193add006f81004
Signed-off-by: Pritesh Raithatha <praithatha@nvidia.com>
- Tegra194: memctrl: remove streamid override cfg registers
The stream ID override configuration is saved during System Suspend
as part MB1 bct. This change removes the same support from the Tegra194
platform code as a result.
Change-Id: I4c19dc0d8b29190908673fb5ed7ed892af8906ab
Signed-off-by: Pritesh Raithatha <praithatha@nvidia.com>
- Tegra: debug prints indicating SC7 entry sequence completion
This patch adds prints to display the completion of System Suspend
programming sequence for Tegra platforms. The console needs to
be kept alive until the very end of the System Suspend sequence as
a result.
Change-Id: I8e0e2054a272665d0a067bb894dda1605a9d2eb7
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- Tegra194: add strict checking mode verification
After enabling the strict checking mode, verify that
the strict mode has really been enabled by querying
the MCE.
If the mode is found to be disabled, the code should
assert.
Change-Id: I113ec8decb737f8208059a2a3ba3076fad77890e
Signed-off-by: Anthony Zhou <anzhou@nvidia.com>
- Tegra194: memctrl: update TZDRAM base at 1MB granularity
The Memory controller expects the TZDRAM base value at 1MB granularity
and the current driver does not respect that limitation. This patch
fixes that anomaly.
Change-Id: I6b72270f331ba5081e19811df4a78623e457341a
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- Tegra194: ras: split up RAS error clear SMC call.
In order to make sure SMC call is within 25us, this patch reduces number of RAS
errors accessed to 8 at most for each SMC call and takes a input/output
parameter to specify in progress RAS error record index.
The measured SMC call latency is about 20us under Linux test kernel driver.
Change-Id: Ia1b57c8673e0193dc341a36af0b5c09fb48f965f
Signed-off-by: David Pu <dpu@nvidia.com>
- Tegra: platform specific GIC sources
The TEGRA_GICv2_SOURCES contains the list of GIC sources required
to compile the GICv2 support for platforms.
This patch includes the TEGRA_GICv2_SOURCES macro from individual
makefiles to allow future platforms to use suport for GICv3.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I429b1a0c7764ab370675f873a50cecda871110cb
- Tegra194: add memory barriers during DRAM to SysRAM copy
This patch adds memory barriers to the trampoline code copying TZDRAM
contents to SysRAM during exit from System Suspend. These barriers
make sure that all the copies go through before we start executing in
SysRAM.
Reported by: Nathan Tuck <ntuck@nvidia.com>
Change-Id: I3fd2964086b6c0e044cc4165051a4801440db9cd
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- Tegra: sip: add VPR resize enabled check
The Memory Controller provides a control register to check
if the video memory can be resized. The previous bootloader
might have locked this feature, which will be reflected by
this register.
This patch reads the control register before processing
a video memory resize request. An error code, -ENOTSUP,
is returned if the feature is locked.
Change-Id: Ia1d67f7a94aa15c6b18ff5c9b9b952e179596ae3
Signed-off-by: Anthony Zhou <anzhou@nvidia.com>
- Tegra194: add redundancy checks for MMIO writes
MMIO writes should verify that the writes actually went through.
Read the value back after the write operation, perform assert
if the read back value is not same as the write value.
Change-Id: Id2ceb014116f3aa6a9e86505ca1ae9911470a679
Signed-off-by: Anthony Zhou <anzhou@nvidia.com>
- Tegra: remove unused cortex_a53.h
This patch removes the unused cortex_a53.h header file from
common Tegra files.
This change fixes the violation of CERTC Rule: DCL23.
Change-Id: Iaf7c34cc6323b78028258e188c00724c52afba85
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- Tegra194: report failure to enable dual execution
During boot the platform enables dual execution for Xavier CPUs.
This patch reads back the ACTLR_ELx register to verify that the bit
is actually set. It asserts if the bit is not set.
Change-Id: I5ba9491ced86285d307b95efa647a427ff77c79e
Signed-off-by: Kalyani Chidambaram Vaidyanathan <kalyanic@nvidia.com>
- Tegra194: verify firewall settings before resource use
The firewall settings for the hardware resources are present in the
Security Configuration Registers. The firewall settings are programmed
by other software components and so must be verified for correctness
before touching the hardware resources they protect.
This patch reads the firewall settings during early boot and asserts
if the settings mismatch.
Change-Id: I53cc9aeadad32e54e460db0fa2c38e46bcc92066
Signed-off-by: Kalyani Chidambaram Vaidyanathan <kalyanic@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- qti: spmi_arb: Fix coverity integer conversion warnings
Coverity warns about the risk of unintended sign-exension in some of the
calculations in spmi_arb.c. While the actual numbers used are small
enough that this cannot happen in practice, it's still a good idea to
clean them up by explicitly making the constants used unsigned.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Ia169e0f7c6b01b8041e8029e8c8d30ee596ba30d
- Merge "n1sdp: remote chip SPI numbering for multichip GIC routing" into integration
- Merge "Add support for hexadecimal and pointer format specifiers to snprintf()" into integration
- fdts: tc0: add support for cpu-idle-states
This includes both cpu and cluster sleep parameters.
Change-Id: I6a9e90b88508d6d2acd2538007cbbdd1cf976442
Signed-off-by: Usama Arif <usama.arif@arm.com>
- fdts: tc0: Add node for mmc
The pl180 mmc uses 3.3V fixed regulator and vexpress
sysreg for card detection and write protect.
Change-Id: I2513cfcb97217e282a081a700f3a9f723e8207ff
Signed-off-by: Usama Arif <usama.arif@arm.com>
- doc: Improve contribution guidelines
- Add some guidance about the type of information a patch author should
provide to facilitate the review (and for future reference).
- Make a number of implicit expectations explicit:
- Every patch must compile.
- All CI tests must pass.
- Mention that the patch author is expected to add reviewers and explain
how to choose them.
- Explain the patch submission rules in terms of Gerrit labels.
Also do some cosmetic changes, like adding empty lines, shuffling some
paragraphs around.
Change-Id: I6dac486684310b5a35aac7353e10fe5474a81ec5
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
- ehf: use common priority level enumuration
'EHF' is used by RAS, SDEI, SPM_MM common frameworks.
If platform needs to plug-in specific handlers then
'PLAT_EHF_DESC' can be used to populate platform specific
priority levels.
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Change-Id: I37af7e0e48111f87b6982604bf5c15db3e05755d
- Merge changes I6bf1db15,I8631c34a,Id76ada14 into integration
* changes:
qti/sc7180: Do shutdown handling outside qtiseclib
qti: Add SPMI PMIC arbitrator driver
qti/sc7180: Fix GIC-600 support setting
- Add support for hexadecimal and pointer format specifiers to snprintf()
The current implementation of snprintf() does not support pointer and
hexadecimal format specifiers, which can be needed, for instance, for
DTB manipulations.
This patch adds that functionality by borrowing some code from the
printf() implementation.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I2076ea46693a73a04890982bf20e3c633c2767fb
- qti/sc7180: Do shutdown handling outside qtiseclib
With an open source SPMI driver we can now remove qtiseclib involvement
in reset and shutdown handling by setting the required registers
directly.
Change-Id: I6bf1db15734048df583daa2a4ee98701c6ece621
Signed-off-by: Julius Werner <jwerner@chromium.org>
- Merge changes from topic "tegra194-spmd" into integration
* changes:
Tegra194: introduce support for `SPD=spmd`
Tegra: introduce backend support to compile libfdt
Tegra: disable signed comparison
plat: common: include "bl_common.h" from plat_spmd_manifest.c
- Merge changes from topic "tegra-downstream-07092020" into integration
* changes:
Tegra194: remove AON_WDT IRQ mapping
Tegra: smmu: add smmu_verify function
Tegra: TZDRAM setup from soc specific early_boot handlers
Tegra: remove "platform_get_core_pos" function
Tegra: print GICC registers conditionally
lib: cpus: sanity check pointers before use
Tegra: spe: do not flush console in console_putc
Tegra: verify platform compatibility
- qti: Add SPMI PMIC arbitrator driver
This patch adds a very rudimentary driver for the SPMI arbitrator used
to access the PMIC. It doesn't support all the controller's actual
arbitration features, so it should probably not be used concurrently
with a running kernel (and it's also not optimized for performance). But
it can be used to set a few registers during boot or on shutdown to
control reset handling, which is all we need it for.
Change-Id: I8631c34a2a89ac71aa1ec9b8266e818c922fe34a
Signed-off-by: Julius Werner <jwerner@chromium.org>
- qti/sc7180: Fix GIC-600 support setting
The patch adding platform support for sc7180 landed around roughly the
same time as the patch that changed GICV3_IMPL to GICV3_SUPPORT_GIC600.
Thus the sc7180 Makefile is still using the old variable name which now
no longer does anything, and it hangs on boot due to the lacking GIC-600
support. This patch fixes the issue.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Id76ada1445c3c5ac9a5a3697b4e749088b89d796
- Tegra194: introduce support for `SPD=spmd`
This patch introduces the following changes to enable
compilation for `SPD=spmd` command line option.
* compile plat_spmd_manifest.c
* compile libfdt source files
Verified with the `SPD=spmd` command line option for
Tegra194 platforms.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I7f57aa4f1756b19f78d87415bb80794417174bc8
- Tegra: introduce backend support to compile libfdt
This patch includes the following files from libc to
compile libfdt:
* memchr.c
* memcmp.c
* strrchr.c
The BUILD_PLAT macro is evaluated earlier to allow libfdt
installation to the right directory.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ie43fcf701dc051670e6372e21b3a84a6416c1735
- Tegra: disable signed comparison
libfdt does not support the -Wsign-compare compiler option
and the right patch will eventually be pushed upstream.
This patch disables the -Wsign-compare compiler option
to allow libfdt compilation for Tegra platforms until
the actual issue is fixed.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ib7a93946cad1ea9ec1b46751edb79a74c08ed0ac
- plat: common: include "bl_common.h" from plat_spmd_manifest.c
This patch includes the bl_common.h from plat_spmd_manifest.c to
fix the following compilation errors
<snip>
plat/common/plat_spmd_manifest.c: In function 'plat_spm_core_manifest_load':
plat/common/plat_spmd_manifest.c:130:18: error: implicit declaration of function 'page_align' [-Werror=implicit-function-declaration]
130 | pm_base_align = page_align(pm_base, UP);
| ^~~~~~~~~~
plat/common/plat_spmd_manifest.c:130:38: error: 'UP' undeclared (first use in this function); did you mean 'UL'?
130 | pm_base_align = page_align(pm_base, UP);
| ^~
| UL
plat/common/plat_spmd_manifest.c:130:38: note: each undeclared identifier is reported only once for each function it appears in
plat/common/plat_spmd_manifest.c:146:38: error: 'DOWN' undeclared (first use in this function)
146 | pm_base_align = page_align(pm_base, DOWN);
| ^~~~
cc1: all warnings being treated as errors
<snip>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ib8edb36c6a80a23df2462e708c513c966aab1fef
- Tegra194: remove AON_WDT IRQ mapping
This patch removes the unused interrupt mapping for AON_WDT
for all Tegra194 platforms.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I475a1e83f809c740e62464b5b4e93cb0a2e33d6b
- Tegra: smmu: add smmu_verify function
The SMMU configuration can get corrupted or updated by
external clients during boot without our knowledge.
This patch introduces a "verify" function for the SMMU
driver, to check that the boot configuration settings are
intact. Usually, this function should be called at the
end of the boot cycle.
This function only calls panic() on silicon platforms.
Change-Id: I2ab45a7f228781e71c73ba1f4ffc49353effe146
Signed-off-by: George Bauernschmidt <georgeb@nvidia.com>
- Tegra: TZDRAM setup from soc specific early_boot handlers
TZDRAM setup is not required for all Tegra SoCs. The previous bootloader
can enable the TZDRAM fence due to architectural improvements in the
newer chips.
This patch moves the TZDRAM setup to early_boot handlers for SoCs to
handle this scenario.
Change-Id: I6481b4f848a4dadc20cb83852cd8e19a242b3a34
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- Tegra: remove "platform_get_core_pos" function
This patch removes the deprecated 'plat_core_pos_by_mpidr' function
from the Tegra platform port.
Change-Id: I32e06cb7269e4fbfaf9ad6c26d0722201f982f9e
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- Tegra: print GICC registers conditionally
The GICC interface exists only on the interrupt controllers following
the GICv2 specification.
This patch prints the GICC register contents from the platform's macro,
plat_crash_print_regs' only when TEGRA_GICC_BASE is defined. This
allows platforms using future versions of the GIC specification to
still use this macro.
Change-Id: Ia5762d0a1ae28c832664d69362a7776e46a22ad1
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- lib: cpus: sanity check pointers before use
The cpu_ops structure contains a lot of function pointers. It
is a good idea to verify that the function pointer is not NULL
before executing it.
This patch sanity checks each pointer before use to prevent any
unforeseen crashes. These checks have been enabled for debug
builds only.
Change-Id: Ib208331c20e60f0c7c582a20eb3d8cc40fb99d21
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- Tegra: spe: do not flush console in console_putc
SPE no longer requires the flush bit to be set to start transmitting
characters over the physical uart. Therefore, the flush bit is no
longer required when calling console_core_putc. However, flushing the
console still requires the flush bit.
This patch removes the flush bit from the mailbox messages in
console_core_putc to improve ACK latency.
Original change by: Mustafa Bilgen <mbilgen@nvidia.com>
Change-Id: I5b7d1f3ea69ea2ce308566dbaae222b04e4c373d
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- Tegra: verify platform compatibility
This patch verifies that the binary image is compatible with
chip ID of the platform.
Change-Id: I28db221b4442aa8827a092faadf32f110d7c5cb4
Signed-off-by: kalyanic <kalyanic@nvidia.com>
- Merge "tools: Get the tool's binary name from the main makefile" into integration
- Merge "SPMD: Dont forward PARTITION_INFO_GET from secure FF-A instance" into integration
- n1sdp: remote chip SPI numbering for multichip GIC routing
Allocated 512-959 SPI numbers for remote n1sdp chip and same has been
referenced for GIC routing table.
Change-Id: Id79ea493fd665ed93fe9644a59e363ec10441098
Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
- tools: Get the tool's binary name from the main makefile
Currently, the tool's makefile override the tool's binary name
which is already been defined in the main makefile.
Hence fix is provided so that the tool's makefile get the tool's
binary name from the main makefile instead of overriding it.
Change-Id: I8af2bd391a96bba2dbcddef711338a94ebf5f038
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- Merge "Revert "libc/memset: Implement function in assembler"" into integration
- Revert "libc/memset: Implement function in assembler"
This reverts commit e7d344de01ad11b856233634717aafe9312697e4.
This reverts the patch https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/5313 due to a timing issue with the merge. The merge occurred at the same time as the additional comments and thusly were were not seen until the merge was done. This reverts the change and additional patches from Alexei will follow to address the concerns expressed in the orignal patch.
Change-Id: Iae5f6403c93ac13ceeda29463883fcd4c437f2b7
- SPMD: Dont forward PARTITION_INFO_GET from secure FF-A instance
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: I4e9fbfcfda4ed4b87d5ece1c609c57c73d617d4c
- Merge changes from topic "spm-secondary-cores" into integration
* changes:
SPMC: embed secondary core ep info into to SPMC context
SPMC: manifest changes to support multicore boot
SPMD: secondary cores PM on and off SPD hooks relayed to SPMC
SPMD: handle SPMC message to register secondary core entry point
SPMD: introduce SPMC to SPMD messages
SPMD: register the SPD PM hooks
SPMD: add generic SPD PM handlers
SPMD: enhance SPMC internal boot states
SPMD: entry point info get helper
- Merge "doc: Minor formatting improvement in the coding guidelines document" into integration
- SPMC: embed secondary core ep info into to SPMC context
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: Icdb15b8664fb3467ffd55b44d1f0660457192586
- SPMC: manifest changes to support multicore boot
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: Icf90c2ccce75257908ba3d4703926041d64b1dd3
- SPMD: secondary cores PM on and off SPD hooks relayed to SPMC
Define SPMD PM hooks for warm boot and off events. svc_on_finish handler
enters the SPMC at the entry point defined by the secondary EP register
service. The svc_off handler notifies the SPMC that a physical core is
being turned off through a notification message.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I2609a75a0c6ffb9f6313fc09553be2b29a41de59
- SPMD: handle SPMC message to register secondary core entry point
Upon booting, the SPMC running on the primary core shall register the
secondary core entry points to which a given secondary core being woken
up shall jump to into the SPMC . The current implementation assumes the
SPMC calls a registering service implemented in the SPMD for each core
identified by its MPIDR. This can typically happen in a simple loop
implemented in the early SPMC initialization routines by passing each
core identifier associated with an entry point address and context
information.
This service is implemented on top of a more generic SPMC<=>SPMD
interface using direct request/response message passing as defined by
the FF-A specification.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: I1f70163b6b5cee0880bd2004e1fec41e3780ba35
- SPMD: introduce SPMC to SPMD messages
FF-A interface to handle SPMC to SPMD direct messages requests.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: Ia707a308c55561a31dcfa86e554ea1c9e23f862a
- SPMD: register the SPD PM hooks
Change-Id: If88d64c0e3d60accd2638a55f9f3299ec700a8c8
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
- SPMD: add generic SPD PM handlers
This patch defines and registers the SPMD PM handler hooks.
This is intended to relay boot and PM events to the SPMC.
Change-Id: If5a758d22b8d2152cbbb83a0cad563b5e1c6bd49
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
- SPMD: enhance SPMC internal boot states
This patch adds SPMC states used by the SPMD to track SPMC boot phases
specifically on secondary cores.
Change-Id: If97af7352dda7f04a8e46a56892a2aeddcfab91b
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
- SPMD: entry point info get helper
This patch provides a helper to get the entry_point_info
structure used by the boot CPU as it is used to initialise
the SPMC context on secondary CPUs.
Change-Id: I99087dc7a86a7258e545d24a2ff06aa25170f00c
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
- doc: Recommend using C rather than assembly language
Add a section for that in the coding guidelines.
Change-Id: Ie6819c4df5889a861460eb96acf2bc9c0cfb494e
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
- Merge "plat: imx8m: Fix the race condition during cpu hotplug" into integration
- Merge changes from topic "at_errata_fix" into integration
* changes:
doc: Update description for AT speculative workaround
lib/cpus: Report AT speculative erratum workaround
Add wrapper for AT instruction
- plat: imx8m: Fix the race condition during cpu hotplug
CPU hotplug & cpuidle have some race condition when doing CPU hotplug
stress test. different CPU cores have the chance to access the same
GPC register(A53_AD), so lock is necessary to do exlusive access.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I1296592e05fa78429c3f0fac066951521db755e3
- Merge "SPM: Add third cactus partition to manifests" into integration
- doc: Minor formatting improvement in the coding guidelines document
Change-Id: I5362780db422772fd547dc8e68e459109edccdd0
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
- Merge changes from topic "aw_drivevbus" into integration
* changes:
plat/allwinner: Only enable DRIVEVBUS if really needed
plat/allwinner: Use common gicv2.mk
- Merge "libc/memset: Implement function in assembler" into integration
- libc/memset: Implement function in assembler
Trace analysis of FVP_Base_AEMv8A model running in
Aarch32 mode with the build options listed below:
TRUSTED_BOARD_BOOT=1 GENERATE_COT=1
ARM_ROTPK_LOCATION=devel_ecdsa KEY_ALG=ecdsa
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_ecdsa.pem
shows that when auth_signature() gets called
71.84% of CPU execution time is spent in memset() function
written in C using single byte write operations,
see lib\libc\memset.c.
This patch replaces C memset() implementation with assembler
version giving the following results:
- for Aarch32 in auth_signature() call memset() CPU time
reduced to 24.84%.
- Number of CPU instructions executed during TF-A
boot stage before start of BL33 in RELEASE builds:
----------------------------------------------
| Arch | C | assembler | % |
----------------------------------------------
| Aarch32 | 2073275460 | 1487400003 | -28.25 |
| Aarch64 | 2056807158 | 1244898303 | -39.47 |
----------------------------------------------
The patch also replaces memset.c with aarch64/memset.S
in plat\nvidia\tegra\platform.mk.
Change-Id: Ifbf085a2f577a25491e2d28446ee95a4ac891597
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- Merge "SPM: Change condition on saving/restoring EL2 registers" into integration
- SPM: Add third cactus partition to manifests
Add information about the third partition so it can be loaded into SPM
when running the tests
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: I5544e88df391ef294ddf6b5750d468d3e74892b1
- SPM: Change condition on saving/restoring EL2 registers
Make this more scalable by explicitly checking internal and hardware
states at run_time
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: I1c6ed1c1badb3538a93bff3ac5b5189b59cccfa1
- Merge "plat: qti: Fix build failure" into integration
- Merge changes Ic701675c,Ie55e25c8 into integration
* changes:
plat: imx8m: Correct the imr mask reg offset
plat: imx8m: Keep A53 PLAT on in wait mode(ret)
- plat: imx8m: Correct the imr mask reg offset
The number of gpc imr mask reg & the offset is different
on some SOC, so correct it & replace the magic number with
macro define.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: Ic701675cdd92e043dcd7f06722f2e871068aec74
- plat: imx8m: Keep A53 PLAT on in wait mode(ret)
Keep A53 PLAT(SCU) power domain on in wait mode(ret).
RBC count only need to be set in PLAT OFF mode, so
change it accordingly.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: Ie55e25c8210d298506fc4dca7a9653583db45e0c
- Merge "qemu/qemu_sbsa: enable SPM support" into integration
- Merge changes from topic "tegra-downstream-07092020" into integration
* changes:
Tegra: platform: add function to check t194 chip
Tegra: common: make plat_psci_ops routines static
- intel: platform: Include GICv2 makefile
This patch update each Intel's platform makefiles to include GICv2
makefile instead of manually sourcing individual c files. This aligns
with latest changes from commit #1322dc94f7.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ib1f446a6fc578f73a9ef86f9708ddf12d7d75f48
- Tegra: platform: add function to check t194 chip
This patch adds tegra_chipid_is_t194() function to check if it is a
Tegra 194 chip.
Change-Id: I6da6d3a2c9676b748931e42fde1b174cbcb4fd40
Signed-off-by: David Pu <dpu@nvidia.com>
- Tegra: common: make plat_psci_ops routines static
This patch makes Tegra platform psci ops routines to static. These
routines are called by PSCI framework and no external linkage is
necessary. This patch also fixes MISRA C-2012 Rule 8.6 violations.
Change-Id: Idd2381809f76dc0fd578c1c92c0f8eea124f2e88
Signed-off-by: David Pu <dpu@nvidia.com>
- qemu/qemu_sbsa: enable SPM support
Enable the spm_mm framework for the qemu_sbsa platform.
Memory layout required for spm_mm is created in secure SRAM.
Co-developed-by: Fu Wei <fu.wei@linaro.org>
Signed-off-by: Fu Wei <fu.wei@linaro.org>
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Change-Id: I104a623e8bc1e44d035b95f014a13b3f8b33a62a
- Merge "runtime_exceptions: Update AT speculative workaround" into integration
- Merge "el3_runtime: Rearrange context offset of EL1 sys registers" into integration
- Merge "el3_runtime: Update context save and restore routines for EL1 and EL2" into integration
- Merge changes from topic "soc-id" into integration
* changes:
plat/arm: juno: Implement methods to retrieve soc-id information
plat/arm: fvp: Implement methods to retrieve soc-id information
plat/arm: remove common code for soc-id feature
- doc: Update description for AT speculative workaround
Documented the CPU specific build macros created for AT
speculative workaround.
Updated the description of 'ERRATA_SPECULATIVE_AT' errata
workaround option.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ie46a80d4e8183c1d5c8b153f08742a04d41a2af2
- lib/cpus: Report AT speculative erratum workaround
Reported the status (applies, missing) of AT speculative workaround
which is applicable for below CPUs.
+---------+--------------+
| Errata | CPU |
+=========+==============+
| 1165522 | Cortex-A76 |
+---------+--------------+
| 1319367 | Cortex-A72 |
+---------+--------------+
| 1319537 | Cortex-A57 |
+---------+--------------+
| 1530923 | Cortex-A55 |
+---------+--------------+
| 1530924 | Cortex-A53 |
+---------+--------------+
Also, changes are done to enable common macro 'ERRATA_SPECULATIVE_AT'
if AT speculative errata workaround is enabled for any of the above
CPUs using 'ERRATA_*' CPU specific build macro.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I3e6a5316a2564071f3920c3ce9ae9a29adbe435b
- Add wrapper for AT instruction
In case of AT speculative workaround applied, page table walk
is disabled for lower ELs (EL1 and EL0) in EL3.
Hence added a wrapper function which temporarily enables page
table walk to execute AT instruction for lower ELs and then
disables page table walk.
Execute AT instructions directly for lower ELs (EL1 and EL0)
assuming page table walk is enabled always when AT speculative
workaround is not applied.
Change-Id: I4ad4c0bcbb761448af257e9f72ae979473c0dde8
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- runtime_exceptions: Update AT speculative workaround
As per latest mailing communication [1], we decided to
update AT speculative workaround implementation in order to
disable page table walk for lower ELs(EL1 or EL0) immediately
after context switching to EL3 from lower ELs.
Previous implementation of AT speculative workaround is available
here: 45aecff00
AT speculative workaround is updated as below:
1. Avoid saving and restoring of SCTLR and TCR registers for EL1
in context save and restore routine respectively.
2. On EL3 entry, save SCTLR and TCR registers for EL1.
3. On EL3 entry, update EL1 system registers to disable stage 1
page table walk for lower ELs (EL1 and EL0) and enable EL1
MMU.
4. On EL3 exit, restore SCTLR and TCR registers for EL1 which
are saved in step 2.
[1]:
https://lists.trustedfirmware.org/pipermail/tf-a/2020-July/000586.html
Change-Id: Iee8de16f81dc970a8f492726f2ddd57e7bd9ffb5
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- el3_runtime: Rearrange context offset of EL1 sys registers
SCTLR and TCR registers of EL1 plays role in enabling/disabling of
page table walk for lower ELs (EL0 and EL1).
Hence re-arranged EL1 context offsets to have SCTLR and TCR registers
values one after another in the stack so that these registers values
can be saved and restored using stp and ldp instruction respectively.
Change-Id: Iaa28fd9eba82a60932b6b6d85ec8857a9acd5f8b
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- el3_runtime: Update context save and restore routines for EL1 and EL2
As per latest mailing communication [1], we decided
not to update SCTLR and TCR registers in EL1 and EL2 context
restore routine when AT speculative workaround is enabled
hence reverted the changes done as part of this commit: 45aecff00.
[1]:
https://lists.trustedfirmware.org/pipermail/tf-a/2020-July/000586.html
Change-Id: I8c5f31d81fcd53770a610e302a5005d98772b71f
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- plat/arm: juno: Implement methods to retrieve soc-id information
Implemented platform functions to retrieve the soc-id information
for juno platform
Change-Id: Ie677120710b45e202a2d63a954459ece8a64b353
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- plat/arm: fvp: Implement methods to retrieve soc-id information
Implemented platform functions to retrieve the soc-id information
for FVP platform.
Change-Id: Id3df02ab290a210310e8d34ec9d706a59d817517
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- plat/arm: remove common code for soc-id feature
Removed common code for soc-id feature which is applicable
for all arm platforms.
In subsequent patches, added a platform based functions
for FVP and Juno to retrieve the soc-id information.
Change-Id: Idb632a935758a6caff2ca03a6eab8f663da8a93a
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- plat: qti: Fix build failure
Fixed build failure due to the commit:905f93c77 by removing
the inclusion of non-existent 'stdinit.h' file.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I8e3ca69c016b7a2354c58c4d384a492631c36286
- Merge "plat/arm: Use common build flag for using generic sp804 driver" into integration
- plat/arm: Use common build flag for using generic sp804 driver
SP804 TIMER is not platform specific, and current code base adds
multiple defines to use this driver. Like FVP_USE_SP804_TIMER and
FVP_VE_USE_SP804_TIMER.
This patch removes platform specific build flag and adds generic
flag `USE_SP804_TIMER` to be set to 1 by platform if needed.
Change-Id: I5ab792c189885fd1b98ddd187f3a38ebdd0baba2
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
- plat/allwinner: Only enable DRIVEVBUS if really needed
The DRIVEVBUS power rail of the AXP803 PMIC is mostly used to supply
the USB bus power on micro USB sockets, when used in host mode. As this
is a dynamic operation, and mostly we want micro USB sockets to act in
client mode initially, BL31 should not actually enable this power line.
However, on some boards DRIVEVBUS is used to supply power to normal
USB-A sockets. Failing to activate this line there results in
non-functional USB in U-Boot on those boards.
For that reason we were enabling DRIVEVBUS so far, as it did not seem to
cause any harm to the other boards. However it turns out that on the
Pinephone (and other systems with a battery), actually enabling DRIVEVBUS
unconditionally causes serious problems (reboot loop).
To accommodate both use cases, without reverting to a build time option,
check the default OTG configuration in the devicetree. For boards with
USB-A sockets this is set to "host", on boards with micro-B sockets to
"otg". Depending on this setting, we either enable DRIVEVBUS or leave it
alone.
This fixes TF-A on the Pinephone and potentially other battery powered
devices.
Change-Id: Iec0e07f218b2b4393bf4e05c3386261f8ed19e9f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- plat/allwinner: Use common gicv2.mk
Compiling BL31 for the Allwinner platform now produces a message about
the deprecation of gic_common.c.
Follow the advice and use include gicv2.mk instead.
Collect all includes at the beginning of the file on the way.
Change-Id: Iee46e21a630bfa831d28059f09aa7b049eb554bb
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- Merge "doc: Refactor the contribution guidelines" into integration
- Merge "stm32mp1: use newly introduced GICv2 makefile" into integration
- Merge "lib: cpus: denver: add some MIDR values" into integration
- Merge changes from topic "sb/contribution-guidelines" into integration
* changes:
doc: Mention the TF-A Tech Forum as a way to contact developers
doc: Emphasize that security issues must not be reported as normal bugs
- Merge "doc: Stop advising the creation of Phabricator issues" into integration
- Merge changes from topic "tegra-downstream-07092020" into integration
* changes:
Tegra: memctrl: remove unused TZRAM setup function
Tegra: reorganize drivers and lib folders
- stm32mp1: use newly introduced GICv2 makefile
Include the GICv2 makefile in STM32MP1 SP_min makefile, and use
${GICV2_SOURCES} instead of taking drivers/arm/gic files directly.
Change-Id: Ibcaed5b0bd17f6d8cf200e208c11cc10cd6d2ee5
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- Merge changes from topic "sp_dual_signing" into integration
* changes:
SPM: Add owner field to cactus secure partitions
SPM: Alter sp_gen.mk entry depending on owner of partition
plat/arm: enable support for Plat owned SPs
- SPM: Add owner field to cactus secure partitions
For supporting dualroot CoT for Secure Partitions a new optional field
"owner" is introduced which will be used to sign the SP with
corresponding signing domain. To demonstrate its usage, this patch adds
owners to cactus Secure Partitions.
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: I7b760580355fc92edf5402cecc38c38125dc1cae
- SPM: Alter sp_gen.mk entry depending on owner of partition
With recently introduced dualroot CoT for SPs where they are owned
either by SiP or by Platform. SiP owned SPs index starts at SP_PKG1_ID
while Plat owned SPs index starts at SP_PKG5_ID.
This patch modifies SP makefile generator script to take CoT as an
argument and if it is "dualroot" then generates SP_PKG in order
mentioned above, otherwise generates it sequentially.
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: Iffad1131787be650a9462f6f8cc09b603cddb3b8
- plat/arm: enable support for Plat owned SPs
For Arm platforms SPs are loaded by parsing tb_fw_config.dts and
adding them to SP structure sequentially, which in-turn is appended to
loadable image list.
With recently introduced dualroot CoT for SPs where they are owned
either by SiP or by Platform. SiP owned SPs index starts at SP_PKG1_ID
and Plat owned SPs index starts at SP_PKG5_ID. As the start index of SP
depends on the owner, there should be a mechanism to parse owner of a SP
and put it at the correct index in SP structure.
This patch adds support for parsing a new optional field "owner" and
based on it put SP details(UUID & Load-address) at the correct index in
SP structure.
Change-Id: Ibd255b60d5c45023cc7fdb10971bef6626cb560b
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
- doc: Refactor the contribution guidelines
Ensuring that each file changed by a patch has the correct copyright and
license information does not only apply to documentation files but to
all files within the source tree.
Move the guidance for copyright and license headers out of the paragraph
about updating the documentation to avoid any confusion.
Also do some cosmetic changes (adding empty lines, fitting in longer
lines in the 80-column limit, ...) to improve the readability of the RST
file.
Change-Id: I241a2089ca9db70f5a9f26b7070b947674b43265
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
- doc: Mention the TF-A Tech Forum as a way to contact developers
Change-Id: Ib4ad853ebb6e28adcf9ed14714d43799f9370343
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
- doc: Emphasize that security issues must not be reported as normal bugs
Change-Id: I43e452c9993a8608b20ec029562982f5dcf8e6b2
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
- doc: Stop advising the creation of Phabricator issues
We have noticed that Phabricator (the ticketing system on tf.org [1])
has far less visibility within the community than the mailing list [2].
For this reason, let's drop usage of Phabricator for anything else than
bug reports. For the rest, advise contributors to start a discussion on
the mailing list, where they are more likely to get feedback.
[1] https://developer.trustedfirmware.org/project/board/1/
[2] https://lists.trustedfirmware.org/mailman/listinfo/tf-a
Change-Id: I7d2d3d305ad0a0f8aacc2a2f25eb5ff429853a3f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
- Merge changes from topic "sp_dual_signing" into integration
* changes:
dualroot: add chain of trust for Platform owned SPs
cert_create: add Platform owned secure partitions support
- Merge "Use true instead of 1 in while" into integration
- Merge changes from topic "bl1-misra" into integration
* changes:
Specify signed-ness of constants
Prevent colliding identifiers
- Use true instead of 1 in while
This resolves MISRA defects such as:
plat/common/plat_bl1_common.c:63:[MISRA C-2012 Rule 14.4 (required)]
The condition expression "1" does not have an essentially boolean type.
Change-Id: I679411980ad661191fbc834a44a5eca5494fd0e2
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
- Specify signed-ness of constants
We relyed on the default signed-ness of constants, which is usually
signed. This can create MISRA violations, such as:
bl1/bl1_main.c:257:[MISRA C-2012 10.8 (required)] Cast of composite
expression off essential type signed to essential type unsigned
These constants were only used as unsigned, so this patch makes them
explicitly unsigned.
Change-Id: I5f1310c881e936077035fbb1d5ffb449b45de3ad
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
- Prevent colliding identifiers
There was a collision between the name of the typedef in the CASSERT and
something else, so we make the name of the typedef unique to the
invocation of DEFFINE_SVC_UUID2 by appending the name that's passed into
the macro. This eliminates the following MISRA violation:
bl1/bl1_main.c:233:[MISRA C-2012 Rule 5.6 (required)] Identifier
"invalid_svc_uuid" is already used to represent a typedef.
This also resolves MISRA rule 5.9.
These renamings are as follows:
* tzram -> secram. This matches the function call name as it has
sec_mem in it's name
* fw_config_base -> config_base. This file does not mess with
hw_conig, so there's little chance of confusion
Change-Id: I8734ba0956140c8e29b89d0596d10d61a6ef351e
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
- Merge "lib: cpus: denver: mark exception vectors as private" into integration
- Merge "qti: Add RNG driver" into integration
- qti: Add RNG driver
This patch adds RNG driver and use it to generate random number for stack
protection.
Change-Id: I73d79e68d08b5aa902dc7fad48e17a03f996178d
Signed-off-by: Saurabh Gorecha <sgorecha@codeaurora.org>
- Merge "TF-A AMU: remove AMU enable info print" into integration
- TF-A AMU: remove AMU enable info print
Following f3ccf036ecb1ae1628 the INFO print in amu_enable is causing
a lot of print outs on UART1 in DEBUG mode especially on PSCI test
cases because CPU_ON or SUSPEND operations call:
cm_prepare_el3_exit => enable_extensions_nonsecure => amu_enable.
PSCI SUSPEND is also very frequent in linux boot cases causing test
timeout failures.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I63581f8fa489d44b3b1d10af3b7f6fdf3af44720
- dualroot: add chain of trust for Platform owned SPs
For dualroot CoT there are two sets of SP certificates, one owned by
Silicon Provider(SiP) and other owned by Platform. Each certificate can
have a maximum of 4 SPs.
This patch reduces the number of SiP owned SPs from 8 to 4 and adds
the remaining 4 to Plat owned SP.
Plat owned SP certificate is signed using Platform RoT key and
protected against anti-rollback using the Non-trusted Non-volatile
counter.
Change-Id: Idc3ddd87d6d85a5506a7435f45a6ec17c4c50425
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
- cert_create: add Platform owned secure partitions support
Add support to generate a certificate named "plat-sp-cert" for Secure
Partitions(SP) owned by Platform.
Earlier a single certificate file "sip-sp-cert" was generated which
contained hash of all 8 SPs, with this change SPs are divided into
two categories viz "SiP owned" and "Plat owned" containing 4 SPs each.
Platform RoT key pair is used for signing.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I5bd493cfce4cf3fc14b87c8ed1045f633d0c92b6
- Merge "TF-A AMU extension: fix detection of group 1 counters." into integration
- Merge "plat/arm: Reduce size of BL31 binary" into integration
- plat: marvell: ap807: implement workaround for errata-id 3033912
ERRATA ID: RES-3033912 - Internal Address Space Init state causes
a hang upon accesses to [0xf070_0000, 0xf07f_ffff]
Workaround: Boot Firmware (ATF) should configure CCU_RGF_WIN(4) to
split [0x6e_0000, 0xff_ffff] to values [0x6e_0000, 0x6f_ffff] and
[0x80_0000, 0xff_ffff] that cause accesses to the segment of
[0xf070_0000, 0xf07f_ffff] to act as RAZWI. Reuse common
work-around code for both AP806 and AP807.
Change-Id: Ia91a4802d02917d1682faa0c81571093d1687d97
Signed-off-by: Stefan Chulski <stefanc@marvell.com>
- Merge changes from topic "release/14.0" into integration
* changes:
docs: marvell: update PHY porting layer description
docs: marvell: update path in marvell documentation
docs: marvell: update build instructions with CN913x
plat: marvell: octeontx: add support for t9130
plat: marvell: t9130: add SVC support
plat: marvell: t9130: update AVS settings
plat: marvell: t9130: pass actual CP count for load_image
plat: marvell: armada: a7k: add support to SVC validation mode
plat: marvell: armada: add support for twin-die combined memory device
- Merge "sc7180 platform support" into integration
- TF-A AMU extension: fix detection of group 1 counters.
This patch fixes the bug when AMUv1 group1 counters was
always assumed being implemented without checking for its
presence which was causing exception otherwise.
The AMU extension code was also modified as listed below:
- Added detection of AMUv1 for ARMv8.6
- 'PLAT_AMU_GROUP1_NR_COUNTERS' build option is removed and
number of group1 counters 'AMU_GROUP1_NR_COUNTERS' is now
calculated based on 'AMU_GROUP1_COUNTERS_MASK' value
- Added bit fields definitions and access functions for
AMCFGR_EL0/AMCFGR and AMCGCR_EL0/AMCGCR registers
- Unification of amu.c Aarch64 and Aarch32 source files
- Bug fixes and TF-A coding style compliant changes.
Change-Id: I14e407be62c3026ebc674ec7045e240ccb71e1fb
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- plat/arm: Reduce size of BL31 binary
BL31 binary size is aligned to 4KB because of the
code in include\plat\arm\common\arm_reclaim_init.ld.S:
__INIT_CODE_UNALIGNED__ = .;
. = ALIGN(PAGE_SIZE);
__INIT_CODE_END__ = .;
with all the zero data after the last instruction of
BL31 code to the end of the page.
This causes increase in size of BL31 binary stored in FIP
and its loading time by BL2.
This patch reduces the size of BL31 image by moving
page alignment from __INIT_CODE_END__ to __STACKS_END__
which also increases the stack size for secondary CPUs.
Change-Id: Ie2ec503fc774c22c12ec506d74fd3ef2b0b183a9
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- sc7180 platform support
Adding support for QTI CHIP SC7180 on ATF
Change-Id: I0d82d3a378036003fbd0bc4784f61464bb76ea82
Signed-off-by: Saurabh Gorecha <sgorecha@codeaurora.org>
Co-authored-by: Maulik Shah <mkshah@codeaurora.org>
- Merge "MISRA cleanup in mem_region and semihosting files" into integration
- lib: cpus: denver: add some MIDR values
This patch adds support for additional Denver MIDRs to
cover all the current SKUs.
Change-Id: I85d0ffe9b3cb351f430ca7d7065a2609968a7a28
Signed-off-by: Alex Van Brunt <avanbrunt@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- Tegra: memctrl: remove unused TZRAM setup function
This patch removes the unused TZRAM setup function from the memory
controller driver.
Change-Id: Ic16f21fb84c47df71be6ab3e1e286640daa39291
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- Tegra: reorganize drivers and lib folders
This patch moves the 'drivers' and the 'lib' folders out of the
'common' folder. This way the 'common' folder shall contain only
the platform support required for all Tegra platforms.
Change-Id: I2f238572d0a078d60c6b458a559538dc8a4d1856
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- lib: cpus: denver: mark exception vectors as private
This patch removes the 'workaround_bpflush_runtime_exceptions' exception
vector table base address from the globals list as it gets used only by
the Denver CPU implementation.
Change-Id: I6ef94989f6dc4535d464493cc8621d32795ee1f6
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- MISRA cleanup in mem_region and semihosting files
MISRA defect cleanup and general code cleanup in mem_region.c and
semihosting.c. This task also called for cleanup of the ARM NOR flash
driver but that was removed at some point since the Jira task was
created. This patch fixes all MISRA defects in these files except for a
few "Calling function "console_flush()" which returns error information
without testing the error information." errors which can't really be
avoided.
Defects Fixed
File Line Rule
lib/semihosting/semihosting.c 70 MISRA C-2012 Rule 14.4 (required)
lib/semihosting/semihosting.c 197 MISRA C-2012 Rule 14.3 (required)
lib/semihosting/semihosting.c 210 MISRA C-2012 Rule 14.4 (required)
lib/utils/mem_region.c 128 MISRA C-2012 Rule 12.1 (advisory)
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I21a039d1cfccd6aa4301da09daec15e373305a80
- Merge "Fix broken links in docs" into integration
- Merge "plat: imx: add sdei support for i.MX8MM" into integration
- Fix broken links in docs
Change-Id: If82aaba9f2a5a74cfb5e4381f968166037a70037
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
- plat: imx: add sdei support for i.MX8MM
Add sdei support for i.MX8MM, this is to let jailhouse Hypervisor
could use SDEI to do hypervisor management, after physical IRQ
has been disabled routing.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Change-Id: I5fd697fee22df151e13d0f1335e8ac8a7bae6189
- Merge "Initialize platform for MediaTek mt8192" into integration
- Merge "BL31: Fix relocation error for PIE" into integration
- Merge "Use abspath to dereference $BUILD_BASE" into integration
- Merge changes from topic "qemu" into integration
* changes:
docs: qemu: bump to QEMU 5.0.0
docs: qemu: remove unneeded root=/dev/vda2 kernel parameter
docs: qemu: add build instructions for QEMU_EFI.fd and rootfs.cpio.gz
- Use abspath to dereference $BUILD_BASE
If the user tries to change BUILD_BASE to put the build products outside
the build tree the compile will fail due to hard coded assumptions that
$BUILD_BASE is a relative path. Fix by using $(abspath $(BUILD_BASE))
to rationalize to an absolute path every time and remove the relative
path assumptions.
This patch also adds documentation that BUILD_BASE can be specified by
the user.
Signed-off-by: Grant Likely <grant.likely@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib1af874de658484aaffc672f30029b852d2489c8
- Merge "spm-mm: fix MISRA C-2012 Rule 2.3 spm_mm_boot_info_t defined but never used." into integration
- Merge "SPM: build OP-TEE as an S-EL1 Secure Partition" into integration
- Merge "Fix broken links to various sections across docs" into integration
- Merge "TF-A Aarch32: optimise memcpy4()" into integration
- Merge "Aarch32 xlat_tables lib: Fix MISRA-2012 defects" into integration
- Fix broken links to various sections across docs
These broken links were found with the help of this command:
$> sphinx-build -M linkcheck . build
A sample broken link is reported as follows:
(line 80) -local- firmware-design.rst#secure-el1-payloads-and-dispatchers
Change-Id: I5dcefdd4b8040908658115647e957f6c2c5da7c2
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
- Merge "arm_fpga: Support uploading a custom command line" into integration
- Merge "tbbr/dualroot: rename SP package certificate file" into integration
- BL31: Fix relocation error for PIE
This patch fixes BL31 linker error
"relocation R_AARCH64_ABS32 against `a local symbol'
can not be used when making a shared object"
when Position Independent Executable (PIE) support
is enabled with ENABLE_PIE=1 build option.
Change-Id: I2692269676db3f3b27eed499fc029fffb67969be
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- Merge "Makefile, doc: Make OPENSSL_DIR variable as build option for tools" into integration
- tbbr/dualroot: rename SP package certificate file
Currently only single signing domain is supported for SP packages but
there is plan to support dual signing domains if CoT is dualroot.
SP_CONTENT_CERT_ID is the certificate file which is currently generated
and signed with trusted world key which in-turn is derived from Silicon
provider RoT key.
To allow dual signing domain for SP packages, other certificate file
will be derived from Platform owned RoT key.
This patch renames "SP_CONTENT_CERT_ID" to "SIP_SP_CONTENT_CERT_ID" and
does other related changes.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I0bc445a3ab257e2dac03faa64f46e36a9fed5e93
- spm-mm: fix MISRA C-2012 Rule 2.3 spm_mm_boot_info_t defined but never used.
Following merge of patchset [1] the spm_mm_boot_info_t structure is
included in few platform files unconditionally even when SPM_MM option
is disabled.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/2647
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I68bc034c9348b5d9bcfd2e5217b781df5ad1b369
- Initialize platform for MediaTek mt8192
- Add basic platform setup
- Add mt8192 documentation at docs/plat/
- Add generic CPU helper functions
- Add basic register address
Change-Id: Ife34622105404a8227441aab939e3c55c96374e9
Signed-off-by: Nina Wu <nina-cm.wu@mediatek.com>
- Merge "fconf: spm: minor bug fix" into integration
- arm_fpga: Support uploading a custom command line
The command line for BL33 payloads is typically taken from the DTB. On
"normal" systems the bootloader will put the right version in there, but
we typically don't use one on the FPGAs.
To avoid editing (and possibly re-packaging) the DTB for every change in
the command line, try to read it from some "magic" memory location
instead. It can be easily placed there by the tool that uploads the
other payloads to the FPGA's memory. BL31 will then replace the existing
command line in the DTB with that new string.
To avoid reading garbage, check the memory location for containing a
magic value. This is conveniently chosen to be a simple ASCII string, so
it can just preceed the actual command line in a text file:
--------------------------------
CMD:console=ttyAMA0,38400n8 debug loglevel=8
--------------------------------
Change-Id: I5923a80332c9fac3b4afd1a6aaa321233d0f60da
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- SPM: build OP-TEE as an S-EL1 Secure Partition
Provide manifest and build options to boot OP-TEE as a
guest S-EL1 Secure Partition on top of Hafnium in S-EL2.
Increase ARM_SP_MAX_SIZE to cope with OP-TEE debug build image.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Idd2686fa689a78fe2d05ed92b1d23c65e2edd4cb
- Makefile, doc: Make OPENSSL_DIR variable as build option for tools
Openssl directory path is hardcoded to '/usr' in the makefile
of certificate generation and firmware encryption tool using
'OPENSSL_DIR' variable.
Hence changes are done to make 'OPENSSL_DIR' variable as
a build option so that user can provide openssl directory
path while building the certificate generation and firmware
encryption tool.
Also, updated the document for this newly created build option
Change-Id: Ib1538370d2c59263417f5db3746d1087ee1c1339
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- Merge "fdts: n1sdp: DTS file for single-chip and multi-chip environment." into integration
- docs: marvell: update PHY porting layer description
The purpose of rx_training had changed after last update. Currently it
is not supposed to help with providing static parameters for porting
layer. Instead, it aims to suit the parameters per connection.
Change-Id: I2a146b71e2e20bd264c090a9a627d0b6bc56e052
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
- docs: marvell: update path in marvell documentation
Change-Id: I0cebbaa900aa518700f13cbf02f8a97e0c76b21c
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
- docs: marvell: update build instructions with CN913x
Add references to the OcteonTX2 CN913x family.
Change-Id: I172a8e3d061086bf4843acad014c113c80359e01
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
- plat: marvell: octeontx: add support for t9130
CN-9130 has single CP0 inside the package and 2 additional one from MoChi
interface. In case of db-9130-modular board the MCI interface is routed to:
- on-board CP115 (MCI0)
- extension board CP115 (MCI1)
The board is based on DIMM DDR.
The 9130 has up to 3CP, and decoding windows looks like below:
(free for further use)
.----------. 0xf800 0000
| CP2 CFG |
'----------' 0xf600 0000
| CP1 CFG |
'----------' 0xf400 0000
| CP0 CFG |
'----------' 0xf200 0000
| AP CFG |
'----------' 0xf000 0000
(free for further use)
.----------. 0xec00 0000
| SPI |
| MEM_MAP | (Currently not opened)
'----------' 0xe800 0000
| PEX2_CP2 |
'----------' 0xe700 0000
| PEX1_CP2 |
'----------' 0xe600 0000
| PEX0-CP2 |
'----------'
.----------. 0xe500 0000
| PEX2_CP1 |
'----------' 0xe400 0000
| PEX1_CP1 |
'----------' 0xe300 0000
| PEX0-CP1 |
'----------'
.----------. 0xe200 0000
| PEX2-CP0 |
'----------' 0xe100 0000
| PEX1-CP0 |
'----------' 0xe000 0000
| PEX0-CP0 |
| 512MB |
'----------' 0xc000 0000
Change-Id: Ia8eee4f96c1043753f74f9da437b9f72ce2d6eb0
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
- plat: marvell: t9130: add SVC support
As the preparation for adding the CN913x SoC family support
introduce code that enable SVC and the frequency handling
specific for the AP807 North Bridge.
Change-Id: Ibe34a511b49cd9671a2e53b77bdcfc644bb915e3
Signed-off-by: Alex Evraev <alexev@marvell.com>
- plat: marvell: t9130: update AVS settings
Update AVS settings and remove unused macros.
This is a preparation patch for adding CN913x SoC
family support.
Change-Id: Ib1dd70885a316ed5763d0f4730d0e4734da117b7
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
- plat: marvell: t9130: pass actual CP count for load_image
Add CN913x case to bl2_plat_get_cp_count.
Fix loading of cp1/2 image. This is a preparation
patch for adding CN913x SoC family support.
Change-Id: Id84a30203d20572fc0dfd3f91ea395c199a85fe9
Signed-off-by: Ben Peled <bpeled@marvell.com>
- plat: marvell: armada: a7k: add support to SVC validation mode
Add support for “AVS reduction” feature at this mode for
7040 Dual Cluster operation mode at CPU=1600MHz
Change-Id: Ia72b10e0ccfad07568bf4c089ea3990173ae24b2
Signed-off-by: Alex Evraev <alexev@marvell.com>
- plat: marvell: armada: add support for twin-die combined memory device
the twin-die combined memory device should be treated as
X8 device and not as X16 one. This patch is required to
re-enable compilation after BLE (mv-ddr-marvell) firmware upgrade.
Change-Id: I41257ff2825164ebca85a84bbb8462d7b3447b97
Signed-off-by: Moti Buskila <motib@marvell.com>
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
- fdts: n1sdp: DTS file for single-chip and multi-chip environment.
N1SDP supports both single-chip and multi-chip environment.
Added DTS file for both type of environment.
Enabled DTS files compilation for N1SDP platform.
Change-Id: I66af88dcfb841893eb6ed2ca18d3025de81236a0
Co-authored-by: Robin Murphy <Robin.Murphy@arm.com>
Co-authored-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
Co-authored-by: Manoj Kumar <manoj.kumar3@arm.com>
Co-authored-by: Anurag Koul <anurag.koul@arm.com>
Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
- fconf: spm: minor bug fix
This patch fixes a bug where wrong panic was caused when the number
of SP was same as max limit.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I9ace62d8d5bcdc410eeacdd9d33d55a7be5fcc8e
- Merge "GIC-600: Fix MISRA-2012 defects" into integration
- GIC-600: Fix MISRA-2012 defects
This patch fixes violation of Rules 10.1, 10.4,
11.9 and 13.2 reported by MISRA-2012 scan.
Change-Id: Ibe9190cb0f26ae85d9a31db8e92fbd32f1740e25
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- Merge "docs/fvp: update SGI and RD FVP list" into integration
- Aarch32 xlat_tables lib: Fix MISRA-2012 defects
This patch fixes violation of Rules 2.1, 7.3, 10.1,
10.4, 12.1, 14.3, 14.4, 17.7, 20.9 reported by
MISRA-2012 scan and adds braces for conditional
statements according to the TF-A coding style.
Change-Id: Ib2463601fb43d955c3d901102b6dceaaad6614f3
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- Merge "doc: secure partition manager design" into integration
- Merge "Fix broken link in documentation" into integration
- Merge "plat/nvidia: tegra: Enable SMCCC_ARCH_SOC_ID feature" into integration
- Merge "plat/arm: Disable SMCCC_ARCH_SOC_ID feature" into integration
- Merge "SMCCC: Introduce function to check SMCCC function availability" into integration
- Fix broken link in documentation
The link to the exception handling framework page on the System Design /
Firmware Design / Section 4.3 just links to itself, so I changed it to
link to the exception handling framework component document.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I6711b423a789b2b3d1921671e8497fffa8ba33d1
- Merge "doc: use docker to build documentation" into integration
- Merge "TZ DMC620 driver: Fix MISRA-2012 defects" into integration
- TZ DMC620 driver: Fix MISRA-2012 defects
This patch fixes defects 10.3, 10.4, 10.7, 20.7
reported by MISRA-2012 scan and adds braces for
conditional statements according to the TF-A
coding style.
Change-Id: If84ed31cdd55bc8e7cdd2a5f48c0dacc25792112
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- plat/nvidia: tegra: Enable SMCCC_ARCH_SOC_ID feature
Enabled 'SMCCC_ARCH_SOC_ID' feature for Nvidia Tegra platforms.
Change-Id: If17415f42304c6518aeead8dfe5909c378aaa777
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- plat/arm: Disable SMCCC_ARCH_SOC_ID feature
Currently, soc-revision information is not available for arm
platforms hence disabled 'SMCCC_ARCH_SOC_ID' feature for all arm
platforms.
Change-Id: I1ab878c6a4c8fecfff63bc6dde83e3ecefe20279
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- SMCCC: Introduce function to check SMCCC function availability
Currently, 'SMCCC_ARCH_FEATURES' SMC call handler unconditionally
returns 'SMC_OK' for 'SMCCC_ARCH_SOC_ID' function. This seems to
be not correct for the platform which doesn't implement soc-id
functionality i.e. functions to retrieve both soc-version and
soc-revision.
Hence introduced a platform function which will check whether SMCCC
feature is available for the platform.
Also, updated porting guide for the newly added platform function.
Change-Id: I389f0ef6b0837bb24c712aa995b7176117bc7961
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- Merge "plat/arm: spm: add support for RESET_TO_BL31" into integration
- plat/arm: spm: add support for RESET_TO_BL31
SPM(BL32) and hafnium(BL33) expect their manifest base address in x0
register, which is updated during BL2 stage by parsing fw_config.
In case of RESET_TO_BL31 it has to be updated while populating
entry point information.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I6f4a97f3405029bd6ba25f0935e2d1f74bb95517
- Merge "arm_fpga: Add support for topology self-discovery" into integration
- arm_fpga: Add support for topology self-discovery
As secondary cores show up, they populate an array to
announce themselves so plat_core_pos_by_mpidr() can
return an invalid COREID code for any non-existing
MPIDR that it is queried about.
The Power Domain Tree Description is populated with
a topology based on the maximum harcoded values.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I8fd64761a2296714ce0f37c46544f3e6f13b5f61
- Merge "Revert workaround for Neoverse N1 erratum 1800710" into integration
- Revert workaround for Neoverse N1 erratum 1800710
This reverts commit 11af40b6308ac75c83e874129bb79bc3a58060bf, reversing
changes made to 2afcf1d4b845272791b75c8285108c4dcd91e2b9.
This errata workaround did not work as intended so we are reverting this
change. In the future, when the corrected workaround is published in an
SDEN, we will push a new workaround.
This is the patch being reverted:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4750
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I20aa064c1bac9671939e657bec269d32b9e75a97
- TF-A Aarch32: optimise memcpy4()
This patch makes optimisation of Aarch32 memcpy4()
function.
Change-Id: If9cdaa4a1224f88fb14df8a308a645344b6c4f1c
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- Merge "plat: imx: common: implement IMX_SIP_AARCH32" into integration
- Merge changes from topic "tf-cleanup" into integration
* changes:
plat/arm: Move fconf population after the enablement of MMU
lib/fconf: Update 'set_fw_config_info' function
lib/fconf: Update data type of config max size
plat/arm: Check the need for firmware update only once
plat/arm: sgm: Use consistent name for tb fw config node
- plat/arm: Move fconf population after the enablement of MMU
In BL2, fw_config's population happened before the cache gets
enabled.
Hence to boost the performance, moved fw_config's population
after cache gets enabled (i.e. after MMU gets enabled).
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I2e75cabd76b1cb7a660f6b72f409ab40d2877284
- lib/fconf: Update 'set_fw_config_info' function
Updated the function 'set_fw_config_info' to make it generic
by doing below changes:
1. Rename function name from 'set_fw_config_info' to 'set_config_info'
2. Take image_id as an argument so that this function can set any
config information.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Icf29e19d3e9996d8154d84dbbbc76712fab0f0c1
- lib/fconf: Update data type of config max size
Update the data type of the member 'config_max_size' present in the
structure 'dyn_cfg_dtb_info_t' to uint32_t.
This change is being done so that dyn_cfg_dtb_info_t and image_info
structure should use same data type for maximum size.
Change-Id: I9b5927a47eb8351bbf3664b8b1e047ae1ae5a260
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- plat/arm: Check the need for firmware update only once
Currently, the need for firmware update is being checked twice
in the code hence modifications are done to do this check only
once and set the global variable.
Then this global variable helps to decide whether to go for
normal boot or firmware update flow.
Change-Id: I8469284555a8039786f34670f9dc4830f87aecc1
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- plat/arm: sgm: Use consistent name for tb fw config node
Renamed node for trusted boot fw config from 'plat_arm_bl2' to
'tb_fw-config'.
Change-Id: I2e16b6f4d272292ec1855daafd014e851436dd9b
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- docs/fvp: update SGI and RD FVP list
Update SGI-575, RD-E1-Edge and RD-N1-Edge FVP versions to 11.10/36 and
add RD-N1-Edge-Dual to the list of supported Arm Fixed Virtual
Platforms.
Change-Id: I9e7e5662324eeefc80d799ca5341b5bc4dc39cbb
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
- Merge changes from topics "af/add_measured_boot_bl1_bl2", "af/add_measured_boot_driver", "af/add_measured_boot_driver_support", "af/add_measured_boot_fconf", "af/add_measured_boot_fvp" into integration
* changes:
plat/arm/board/fvp: Add support for Measured Boot
TF-A: Add support for Measured Boot driver to FCONF
TF-A: Add support for Measured Boot driver in BL1 and BL2
TF-A: Add Event Log for Measured Boot
TF-A: Add support for Measured Boot driver
- Merge changes from topic "stm32-scmi" into integration
* changes:
stm32mp1: SCMI clock and reset service in SP_MIN
dts: bindings: stm32mp1: define SCMI clock and reset domain IDs
- plat/arm/board/fvp: Add support for Measured Boot
This patch adds support for Measured Boot functionality
to FVP platform code. It also defines new properties
in 'tpm_event_log' node to store Event Log address and
it size
'tpm_event_log_sm_addr'
'tpm_event_log_addr'
'tpm_event_log_size'
in 'event_log.dtsi' included in 'fvp_tsp_fw_config.dts'
and 'fvp_nt_fw_config.dts'. The node and its properties
are described in binding document
'docs\components\measured_boot\event_log.rst'.
Change-Id: I087e1423afcb269d6cfe79c1af9c348931991292
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- plat: imx: common: implement IMX_SIP_AARCH32
Implement IMX_SIP_AARCH32 to let AArch64 Bootloader could issue
SIP call to switch to AArch32 mode to run OS.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Change-Id: I38b04ef909a6dbfba5ded12a7bb6e799a3935a66
- Merge "FVP Doc: Update list of supported FVP platforms" into integration
- Merge changes I0826ef8b,I9b4659a1 into integration
* changes:
plat: marvell: armada: a8k: Add support for iEi Puzzle-M801 board
plat: marvell: armada: a8k: common: Fix a8k_common.mk to use BOARD_DIR variable
- Merge "io_fip: return -ENFILE when a file is already open" into integration
- Merge "gicv3: Do power management on Arm GIC-Clayton as well" into integration
- TF-A: Add support for Measured Boot driver to FCONF
This patch adds support for Measured Boot driver functionality
to FCONF library code.
Change-Id: I81cdb06f1950f7e6e58f938a1b9c2f74f7cfdf88
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- TF-A: Add support for Measured Boot driver in BL1 and BL2
This patch adds support for Measured Boot driver functionality
in BL1 and BL2 code.
Change-Id: I7239a94c3e32b0a3e9e73768a0140e0b52ab0361
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- TF-A: Add Event Log for Measured Boot
This patch adds support for Event Log generation required
for Measured Boot functionality.
Change-Id: I34f05a33565e6659e78499d62cc6fb00b7d6c2dc
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- TF-A: Add support for Measured Boot driver
This patch adds support for Measured Boot driver functionality
in common Arm platform code.
Change-Id: If049dcf8d847c39023b77c0d805a8cf5b8bcaa3e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- Merge "Add myself and Jack Bond-Preston as code owners for the CMake build definitions" into integration
- Merge "Add myself and Alexei Fedorov as Measured Boot code owners" into integration
- Add myself and Jack Bond-Preston as code owners for the CMake build
definitions
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I1c5cc8af34c02a6294ffc44a26152fb8984927fc
- doc: secure partition manager design
Former EL3 Secure Partition Manager using MM protocol is renamed
Secure Partition Manager (MM).
A new Secure Partition Manager document covers TF-A support for the
PSA FF-A compliant implementation.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I9763359c2e96181e1726c8ad72738de293b80eb4
- Add myself and Alexei Fedorov as Measured Boot code owners
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: Ib327bda239bb5163c60764bae90b0739589dcf66
- Merge changes from topic "rddaniel_rotpk" into integration
* changes:
plat/arm/rddanielxlr: add platform function to return ROTPK
plat/arm/rddaniel: add platform function to return ROTPK
- Merge "TF-A GICv2 driver: Introduce makefile" into integration
- plat/arm/rddanielxlr: add platform function to return ROTPK
TBBR authentication framework depends on the plat_get_rotpk_info()
function to return the pointer to the Root of Trust Public Key (ROTPK)
stored in the platform along with its length. Add this function for
RD-Daniel Config-XLR platform to support Trusted Board Boot. The
function makes use of the wrapper function provided by the arm common
trusted board boot function to get the ROTPK hash.
Change-Id: I509e2f7e88cc2167e1732a971d71dc131d3d4b01
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
- plat/arm/rddaniel: add platform function to return ROTPK
TBBR authentication framework depends on the plat_get_rotpk_info()
function to return the pointer to the Root of Trust Public Key (ROTPK)
stored in the platform along with its length. Add this function for
RD-Daniel platform to support Trusted Board Boot. The function makes use
of the wrapper function provided by the arm common trusted board boot
function to get the ROTPK hash.
Change-Id: I6c2826a7898664afea19fd62432684cfddd9319a
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
- gicv3: Do power management on Arm GIC-Clayton as well
The Arm GIC-Clayton IP has the same power management requirements as
the GIC-600, when it comes to powering up the redistributors before
using them.
Add the IIDR value to the existing list of implementations requiring
the power sequence.
Change-Id: Ib965dfe278c40a4fff94f65a8d445c27a2ae6fd2
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- FVP Doc: Update list of supported FVP platforms
This patch adds the following models
FVP_Base_Neoverse-E1x1
FVP_Base_Neoverse-E1x2
FVP_Base_Neoverse-E1x4
to the list of supported FVP platforms.
Change-Id: Ib526a2a735f17724af3a874b06bf69b4ca85d0dd
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- TF-A GICv2 driver: Introduce makefile
This patch moves all GICv2 driver files into new added
'gicv2.mk' makefile for the benefit of the generic driver
which can evolve in the future without affecting platforms.
NOTE: Usage of 'drivers/arm/gic/common/gic_common.c' file
is now deprecated and platforms with GICv2 driver need to
be modified to include 'drivers/arm/gic/v2/gicv2.mk' in
their makefiles.
Change-Id: Ib10e71bdda0e5c7e80a049ddce2de1dd839602d1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- Merge "TF-A: Redefine true/false definitions" into integration
- Merge "rpi4/fdt: Move dtb_size() function to fdt_wrappers.h" into integration
- Merge changes from topic "brcm_rng_driver" into integration
* changes:
driver: brcm: add RNG driver
plat/brcm: Define RNG base address
- doc: use docker to build documentation
docker (container) is another way to build the documentation and fortunately
there is already a docker image (sphinxdoc/sphinx) with sphinx so we can use
it to generate the documentation.
Change-Id: I06b0621cd7509a8279655e828680b92241b9fde4
Signed-off-by: Leonardo Sandoval <leonardo.sandoval@linaro.org>
- rpi4/fdt: Move dtb_size() function to fdt_wrappers.h
Getting the actual size of a DTB blob is useful beyond the Raspberry Pi
port, so let's move this helper to a common header.
Change-Id: Ia5be46e9353ca859a1e5ad9e3c057a322dfe22e2
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- Merge changes from topic "imx8mp_basic_support" into integration
* changes:
plat: imx8mp: Add the basic support for i.MX8MP
plat: imx8m: Move the gpc hw reg to a separate header file
- Merge "uniphier: increase BL33 max size and GZIP temporary buffer size" into integration
- Merge "IO Driver Misra Cleanup" into integration
- IO Driver Misra Cleanup
This patch cleans up MISRA C violations in the IO driver files. Some
things did not make sense to fix or would require sweeping changes
but the simple issues have been resolved.
Defects Fixed
File Line Rule
drivers/io/io_fip.c 39 MISRA C-2012 Rule 5.6 (required)
drivers/io/io_fip.c 52 MISRA C-2012 Rule 8.9 (advisory)
drivers/io/io_fip.c 60 MISRA C-2012 Rule 5.9 (advisory)
drivers/io/io_fip.c 285 MISRA C-2012 Rule 8.9 (advisory)
drivers/io/io_fip.c 336 MISRA C-2012 Rule 15.4 (advisory)
drivers/io/io_fip.c 340 MISRA C-2012 Rule 15.4 (advisory)
drivers/io/io_fip.c 342 MISRA C-2012 Rule 15.4 (advisory)
drivers/io/io_memmap.c 30 MISRA C-2012 Rule 5.6 (required)
drivers/io/io_memmap.c 32 MISRA C-2012 Rule 5.9 (advisory)
drivers/io/io_memmap.c 85 MISRA C-2012 Rule 11.8 (required)
drivers/io/io_semihosting.c 66 MISRA C-2012 Rule 11.8 (required)
drivers/io/io_storage.c 73 MISRA C-2012 Rule 5.9 (advisory)
drivers/io/io_storage.c 116 MISRA C-2012 Rule 13.4 (advisory)
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Id9b1b2b684588d4eaab674ed4ed04f3950dd21f4
- stm32mp1: SCMI clock and reset service in SP_MIN
This change implements platform services for stm32mp1 to expose clock
and reset controllers over SCMI clock and reset domain protocols
in sp_min firmware.
Requests execution use a fastcall SMC context using a SiP function ID.
The setup allows the create SCMI channels by assigning a specific
SiP SMC function ID for each channel/agent identifier defined. In this
change, stm32mp1 exposes a single channel and hence expects single
agent at a time.
The input payload in copied in secure memory before the message
in passed through the SCMI server drivers. BL32/sp_min is invoked
for a single SCMI message processing and always returns with a
synchronous response message passed back to the caller agent.
This change fixes and updates STM32_COMMON_SIP_NUM_CALLS that was
previously wrongly set 4 whereas only 1 SiP SMC function ID was to
be counted. STM32_COMMON_SIP_NUM_CALLS is now set to 3 since the
2 added SiP SMC function IDs for SCMI services.
Change-Id: Icb428775856b9aec00538172aea4cf11e609b033
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
- dts: bindings: stm32mp1: define SCMI clock and reset domain IDs
Define the platform SCMI clocks and reset domains for stm32mp1 family.
SCMI agent 0 accesses clock/reset controllers under RCC TZEN hardening.
SCMI agent 1 accesses clock controllers under RCC MCKPROT hardening.
Change-Id: I52e906f846d445a3e6850e5f2e1584da14692553
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
- Merge "drivers/stm32_hash: register resources as secure or not" into integration
- Merge "drivers/stm32_gpio: register GPIO resources as secure or not" into integration
- Merge "drivers/stm32_iwdg: register IWDG resources as secure or not" into integration
- Merge "drivers/stm32mp_pmic: register PMIC resources as secure or not" into integration
- Merge "stm32mp1: register shared resource per GPIO bank/pin" into integration
- Merge "stm32mp1: register shared resource per IOMEM address" into integration
- Merge "stm32mp1: allow non-secure access to reset upon periph registration" into integration
- Merge "stm32mp1: allow non-secure access to clocks upon periph registration" into integration
- Merge "stm32mp1: shared resources: peripheral registering" into integration
- Merge "drivers: st: clock: register parent of secure clocks" into integration
- Merge "stm32mp1: shared resources: add trace messages" into integration
- Merge "fiptool: return zero status on help and help <command>" into integration
- Merge changes from topic "fpga_cmdline" into integration
* changes:
arm_fpga: Predefine DTB and BL33 load addresses
arm_fpga: Add Klein and Matterhorn support
arm_fpga: Support more CPU clusters
- TF-A: Redefine true/false definitions
This patch redefines 'true' and 'false' definitions in
'include/lib/libc/stdbool.h' to fix defect reported by
MISRA C-2012 Rule 10.1
"The expression \"0\" of non-boolean essential type is
being interpreted as a boolean value for the operator \"? :\"."
Change-Id: Ie1b16e5826e5427cc272bd753e15d4d283e1ee4c
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- Merge "io_storage: remove redundant assigments" into integration
- Merge "SPMD: fix boundary check if manifest is page aligned" into integration
- SPMD: fix boundary check if manifest is page aligned
while mapping SPMC manifest page in the SPMD translation regime the
mapped size was resolved to zero if SPMC manifest base address is PAGE
aligned, causing SPMD to abort.
To fix the problem change mapped size to PAGE_SIZE if manifest base is
PAGE aligned.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I06cd39dbefaf492682d9bbb0c82b950dd31fb416
- Merge "Add myself and Andre Przywara as code owners for the Arm FPGA platform port" into integration
- Merge "plat/arm: Fix build failure due to increase in BL2 size" into integration
- driver: brcm: add RNG driver
Signed-off-by: Bharat Gooty <bharat.gooty@broadcom.com>
Change-Id: I490d7e4d49bd9f5a62d343a264a1e14c2066ceca
- plat/brcm: Define RNG base address
Change-Id: I4f5efcd7638a25c317382b51f05e6b9aa283d068
Signed-off-by: Roman Bacik <roman.bacik@broadcom.com>
Signed-off-by: Bharat Gooty <bharat.gooty@broadcom.com>
- io_fip: return -ENFILE when a file is already open
The cause of failure is not memory shortage.
The comment for ENFILE in include/lib/libc/errno.h
/* Too many open files in system */
... is a better match to the warning message here.
Change-Id: I45a1740995d464edd8b3e32b93f1f92ba17e5874
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
- Merge changes I9feae1fc,I5cbe7192,I1867ece3,I85c2434a,If8edeeec, ... into integration
* changes:
plat: marvell: armada: mcbin: squash several IO windows into one
plat: marvell: armada: fix BL32 extra parameters usage
drivers: marvell: Fix the LLC SRAM driver
plat: marvell: armada: a8k: change CCU LLC SRAM mapping
plat: marvell: armada: adjust trusted DRAM size to match OP-TEE OS
drivers: marvell: mg_conf_cm3: pass comphy lane number to AP FW
plat: marvell: armada: move mg conf related code to appropriate driver
marvell: comphy: start AP FW when comphy AP mode selected
drivers: marvell: mg_conf_cm3: add basic driver
tools: doimage: change the binary image alignment to 16
tools: doimage: migrate to mbedtls v2.8 APIs
- Add myself and Andre Przywara as code owners for the Arm FPGA platform port
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I6d3949a971fada5a086b788dbe274f8451fcfc0d
- plat/arm: Fix build failure due to increase in BL2 size
BL2 size gets increased due to the libfdt library update and
that eventually cause no-optimization build failure for BL2 as below:
aarch64-none-elf-ld.bfd: BL2 image has exceeded its limit.
aarch64-none-elf-ld.bfd: region `RAM' overflowed by 4096 bytes
Makefile:1070: recipe for target 'build/fvp/debug/bl2/bl2.elf' failed
make: *** [build/fvp/debug/bl2/bl2.elf] Error 1
Fixed build failure by increasing BL2 image size limit by 4Kb.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I92a57eb4db601561a98e254b64994bb921a88db3
- plat: marvell: armada: mcbin: squash several IO windows into one
There is no need to open tree different IO window when there is
possibility of having one covering required range.
Change-Id: I9feae1fc583df1f7d97d28161cf7601f43513856
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
- plat: marvell: armada: fix BL32 extra parameters usage
Update missing code releated to the BL32 payload.
Change-Id: I5cbe71921467c53c45be5510f950cefdacc110e1
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
- drivers: marvell: Fix the LLC SRAM driver
- Fix the line address macro
- LLC invalidate and enable before ways lock for allocation
- Add support for limited SRAM size allocation
- Add SRAM RW test function
Change-Id: I1867ece3047566ddd7931bd7472e1f47fb42c8d4
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
- plat: marvell: armada: a8k: change CCU LLC SRAM mapping
The LLC SRAM will be enabled in OP-TEE OS for usage as secure storage.
The CCU have to prepare SRAM window, but point to the DRAM-0 target
until the SRAM is actually enabled.
This patch changes CCU SRAM window target to DRAM-0
Remove dependence between LLC_SRAM and LLC_ENABLE and update the
build documentation.
The SRAМ base moved to follow the OP-TEE SHMEM area (0x05400000)
Change-Id: I85c2434a3d515ec37da5ae8eb729e3280f91c456
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
- plat: marvell: armada: adjust trusted DRAM size to match OP-TEE OS
Area used as trusted DRAM is 12MB in Marvell OP-TEE OS module.
It is followed by 4MB of shared memory.
Change-Id: If8edeeec5861b529408baca25f78c06a0a440d8c
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
- drivers: marvell: mg_conf_cm3: pass comphy lane number to AP FW
Since the AP process can be enabled on different setups, the information
about used comphy lane should be passed to AP FW. For instance:
- A8K development board uses comphy lane 2 for eth 0
- cn913x development board uses comphy lane 4 for eth 0
Change-Id: Icf001fb3eea4d9c24c09384e49844ecaf8655ad2
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
- plat: marvell: armada: move mg conf related code to appropriate driver
Now when mg_conf_cm3 driver is present - move all relevant code there.
Change-Id: I444d9e877c450d6ee69ca3a49b547e4c3aeac0be
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
- marvell: comphy: start AP FW when comphy AP mode selected
After configuring comphy to AP mode also start AP FW.
Change-Id: Ib28977d7ee643575a818ba17f69dea0b7e8e0df4
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
- drivers: marvell: mg_conf_cm3: add basic driver
Implement function which will allow to start AP FW.
Change-Id: Ie0fc8ad138bf56b10809cdc92d1e5e96a2aaf33f
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
- tools: doimage: change the binary image alignment to 16
Change the binary image alignment from 4 to 16.
The PKCS signature verification fails for unaligned images.
Change-Id: Ieb08dc3ea128790f542ad93e3c948117567a65af
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
- tools: doimage: migrate to mbedtls v2.8 APIs
Replace deprecated mbedtls_sha256 with mbedtls_sha256_ret
The mbedtls_pk_parse_key does not work correctly anymore
with the DER buffer embedded in the secure image extentson
using the buffer size as the the key length.
Move to mbedtls_pk_parse_subpubkey API that handles such
case correctly.
The DER format already contains the key length, so there
is no particular reason to supply it to the key parser.
Update the doimage version to 3.3
Change-Id: I0ec5ee84b7d1505b43138e0b7a6bdba44a6702b6
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
- plat: imx8mp: Add the basic support for i.MX8MP
The i.MX 8MP Media Applications Processor is part of the growing
i.MX8M family targeting the consumer and industrial market. It brings
an effective Machine Learning and AI accelerator that enables a new
class of applications. It is built in 14LPP to achieve both high
performance and low power consumption and relies on a powerful fully
coherent core complex based on a quad core Arm Cortex-A53 cluster and
Cortex-M7 low-power coprocessor, audio digital signal processor, machine
learning and graphics accelerators.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I98311ebc32bee20af05031492e9fc24d06e55f4a
- Merge "plat/arm, dts: Update platform device tree for CoT" into integration
- plat/arm, dts: Update platform device tree for CoT
Included cot_descriptors.dtsi in platform device tree
(fvp_tb_fw_config.dts).
Also, updated the maximum size of tb_fw_config to 0x1800
in order to accomodate the device tree for CoT descriptors.
Follow up patch will parse the device tree for these CoT descriptors
and fill the CoT descriptor structures at runtime instead of using
static CoT descriptor structures in the code base.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I90122bc713f6842b82fb019b04caf42629b4f45a
- Merge "dts: Add CoT descriptor nodes and properties in device tree" into integration
- dts: Add CoT descriptor nodes and properties in device tree
Added CoT descriptor nodes and properties in device tree.
Currently, CoT descriptors which are used by BL2 are added as part
of device tree.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Iff23cff843e5489fac18bcee5f5d6a71de5ad0d0
- Merge "make, doc: Add build option to create chain of trust at runtime" into integration
- plat: imx8m: Move the gpc hw reg to a separate header file
Although the GPC provides the similar functions for all the
i.MX8M SoC family, the HW register offset and bit defines
still have some slight difference, so move the hw reg
offset & most of the bitfield defines in 'gpc_reg.h' that
is specific to each SoC.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I291c435fe98c2f6e6ff8fe0c715ff3a83daa6a0f
- io_storage: remove redundant assigments
The assignments to 'result' are unneeded.
Change-Id: I18899f10bf9bd7f219f0e47a981683d8b4701bde
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
- arm_fpga: Predefine DTB and BL33 load addresses
The memory layout for the FPGA is fairly uniform for most of the FPGA
images, and we already assume that DRAM starts at 2GB by default.
Prepopulate PRELOADED_BL33_BASE and FPGA_PRELOADED_DTB_BASE to some
sane default values, to simplify building some stock image.
If people want to deviate from that, they can always override those
addresses on the make command line.
Change-Id: I2238fafb3f8253a01ad2d88d45827c141d9b29dd
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- arm_fpga: Add Klein and Matterhorn support
To support FPGAs with those cores as well, as the respective cpulib
files to the Makefile.
Change-Id: I1a60867d5937be88b32b210c7817be4274554a76
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- arm_fpga: Support more CPU clusters
The maximum number of clusters is currently set to 2, which is quite
limiting. As there are FPGA images with 4 clusters, let's increase the
limit to 4.
Change-Id: I9a85ca07ebbd2a018ad9668536d867ad6b75e537
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- make, doc: Add build option to create chain of trust at runtime
Added a build option 'COT_DESC_IN_DTB' to create chain of trust
at runtime using fconf.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I92b257ac4ece8bbf56f05a41d1e4056e2422ab89
- Merge "doc: Update CoT binding to make it more generic" into integration
- doc: Update CoT binding to make it more generic
Updated the CoT binding document to show chain of trust relationship
with the help of 'authentication method' and 'authentication data'
instead of showing content of certificate and fixed rendering issue
while creating html page using this document.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ib48279cfe786d149ab69ddc711caa381a50f9e2b
- drivers/stm32_hash: register resources as secure or not
Register in the shared resources driver the secure or non-secure state
of the HASH instances. Note that only BL32 needs to register the
shared peripheral because BL2 does not embed the shared resources
driver.
Change-Id: I7f78fa8e47da71d48ef8b1dfe4d6f040fe918d8b
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
- drivers/stm32_gpio: register GPIO resources as secure or not
Register in the shared resources driver the secure or non-secure state
of the GPIO pins.
Change-Id: Ifda473bcbbb0af799be6587961d6641edf887605
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
- drivers/stm32_iwdg: register IWDG resources as secure or not
Register in the shared resources driver the secure or non-secure state
of the IWDG instances.
Change-Id: I3a3bc9525447f6a2a465891ca3a3fd5fe664ca07
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
- drivers/stm32mp_pmic: register PMIC resources as secure or not
Register in the shared resources driver the secure or non-secure
state of the PMIC.
Change-Id: Ic1f172ba62785018f8e9bb321782d725e2d2f434
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
- stm32mp1: register shared resource per GPIO bank/pin
Introduce helper functions stm32mp_register_secure_gpio() and
stm32mp_register_non_secure_gpio() for drivers to register a
GPIO pin as secure or non-secure.
These functions are stubbed when shared resource driver is not
embedded in the BL image so that drivers do not bother whether they
shall register or not their resources.
Change-Id: I1fe98576c072ae31f75427c9ac5c9f6c4f1b6ed1
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
- stm32mp1: register shared resource per IOMEM address
Introduce helper functions stm32mp_register_secure_periph_iomem()
and stm32mp_register_non_secure_periph_iomem() for drivers to
register a resource as secure or non-secure based on its SoC
interface registers base address.
These functions are stubbed when shared resources driver is not
embedded (!STM32MP_SHARED_RESOURCES) so that drivers embedded
in other BL stages do not bother whether they shall register or
not their resources.
Change-Id: Icebd05a930afc5964bc4677357da5d1b23666066
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
- stm32mp1: allow non-secure access to reset upon periph registration
Update implementation of stm32mp_nsec_can_access_reset() based
on the registering of the shared resources.
Querying registering state locks further registration of
peripherals.
Change-Id: I5f38f2a3481780b9a71939d95984c4821c537aa4
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
- stm32mp1: allow non-secure access to clocks upon periph registration
Update implementation of stm32mp_nsec_can_access_clock() based
on the registering of the shared resources.
Querying registering state locks further registration of peripherals.
Change-Id: If68f6d4a52c4742ba66244c6ea2d9afa08404137
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
- stm32mp1: shared resources: peripheral registering
Define helper functions stm32mp_register_secure_periph() and
stm32mp_register_non_secure_periph() for platform drivers to
register a shared resource assigned to respectively secure
or non-secure world.
Some resources are related to clock resources. When a resource is
registered as secure, ensure its clock dependencies are also
registered as secure. Registering a non-secure resource does not
mandate its clock dependencies are also registered as non-secure.
Change-Id: I74975be8976b8d3bf18dcc807541a072803af6e3
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
- drivers: st: clock: register parent of secure clocks
Introduce stm32mp1_register_clock_parents_secure() in stm32mp1
clock driver to allow platform shared resources to register as
secure the parent clocks of a clock registered as secure.
Change-Id: I53a9ab6aa78ee840ededce67e7b12a84e08ee843
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
- stm32mp1: shared resources: add trace messages
Define from helper functions to get a human readable string
identifier from a shared resource enumerated ID. Use them to
make debug traces more friendly peripheral registering functions.
Change-Id: I9e207b8ce1d1e9250e242ca7e15461b9a1532f40
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
- Merge "Upgrade libfdt source files" into integration
- Merge "drivers: arm: gicv3: auto-detect presence of GIC600-AE" into integration
- drivers: arm: gicv3: auto-detect presence of GIC600-AE
This patch adds the IIDR value for GIC600-AE to the gicv3_is_gic600()
helper function. This helps platforms supporting this version of the
GIC600 interrupt controller to function with the generic GIC driver.
Verified with tftf-validation test suite
******************************* Summary *******************************
> Test suite 'Framework Validation'
Passed
> Test suite 'Timer framework Validation'
Passed
=================================
Tests Skipped : 0
Tests Passed : 6
Tests Failed : 0
Tests Crashed : 0
Total tests : 6
=================================
NOTICE: Exiting tests.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I518ae7b56f7f372e374e453287d76ca370fc3574
- Merge "corstone700: splitting the platform support into FVP and FPGA" into integration
- corstone700: splitting the platform support into FVP and FPGA
This patch performs the following:
- Creating two corstone700 platforms under corstone700 board:
fvp and fpga
- Since the FVP and FPGA have IP differences, this commit provides a specific DTS for each platform
- The platform can be specified using the TARGET_PLATFORM Makefile variable
(possible values are: fvp or fpga)
- Allowing to use u-boot by:
- Enabling NEED_BL33 option
- Fixing non-secure image base: For no preloaded bl33 we want to
have the NS base set on shared ram. Setup a memory map region
for NS in shared map and set the bl33 address in the area.
- Setting the SYS_COUNTER_FREQ_IN_TICKS based on the selected
platform
- Setting ARM_MAP_SHARED_RAM and ARM_MAP_NS_SHARED_RAM to use MT_MEMORY
Change-Id: I4c8ac3387acb1693ab617bcccab00d80e340c163
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
- fiptool: return zero status on help and help <command>
Querying the 'fiptool' for help or help <command> should return 0
return status (success) and not 1 (failure). In the other hand, if tool is
executed with any other command (not help) where command's parameters are
either missing or wrong, then the tool should return non-zero (failure). Now,
the 'usage' function caller is the one that passes the return status.
Change-Id: Id5eea91037cd810fb1e34a42e8199ef504f5daa4
Signed-off-by: Leonardo Sandoval <leonardo.sandoval@linaro.org>
- rockchip: don't crash if we get an FDT we can't parse
When we parse the param from BL2, we try to parse it as a FDT and then,
if that fails, as aux params. However, we don't sufficiently distinguish
between failure modes in the first step: specifically, if we are given
an FDT with good magic that we can't parse for some other reason (e.g.
not enough space in our buffer), we still attempt to parse it as aux
params even though that's guaranteed to fatal. Instead, we should either
fail with a more descriptive message or continue to boot without parsing
the FDT.
This patch takes the latter approach, since all we currently get from
the FDT is non-critical UART params.
Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>
Change-Id: I1e98f1fcda4f78e6b45e86956288bafe58b113e4
- docs: qemu: bump to QEMU 5.0.0
Fix the version inconsistency in the same file.
I tested QEMU 5.0.0, and it worked for me.
Change-Id: I9d8ca9aae1e413410eb5676927e13ae4aee9fad8
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
- docs: qemu: remove unneeded root=/dev/vda2 kernel parameter
In my understanding, /dev/vda2 does not exist unless you add
virtio drive to the qemu command line.
The rootfs is already specified by '-initrd rootfs.cpio.gz'.
Change-Id: Ifdca5d4f3819d87ef7e8a08ed870872d24b86370
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
- docs: qemu: add build instructions for QEMU_EFI.fd and rootfs.cpio.gz
This commit solves the limitation, "No build instructions for
QEMU_EFI.fd and rootfs-arm64.cpio.gz"
Document the steps to build them.
Change-Id: Ic6d895617cf71fe969f4aa9820dad25cc6182023
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
- plat: marvell: armada: a8k: Add support for iEi Puzzle-M801 board
Add support for the iEi Puzzle-M801 board that is based on
the Marvell Armada 88F8040 SoC.
It supports 1 x 288-pin DIMM, DDR4 2400MHz up to 16 GB (ECC).
The iEi Puzzle-M801 board is using a custom MCU to handle board
power management. The MCU is managing the boards power LEDs, fans
and some other periferals. It's using UART for communication.
Signed-off-by: Luka Kovacic <luka.kovacic@sartura.hr>
Cc: Luka Perkov <luka.perkov@sartura.hr>
Change-Id: I0826ef8bf651b69aad5803184f20930ac7212ef8
- plat: marvell: armada: a8k: common: Fix a8k_common.mk to use BOARD_DIR variable
Use the BOARD_DIR variable instead of PLAT_FAMILY_BASE variable for
determening the path of the system_power.c file.
The variable was not updated, when it was deprecated in a8k_common.mk
in commit 613bbde09e48874658af5a00612fe2a0b0388523.
Signed-off-by: Luka Kovacic <luka.kovacic@sartura.hr>
Cc: Luka Perkov <luka.perkov@sartura.hr>
Change-Id: I9b4659a19ba3cd5c869d44c5d834b220f49136e8
- Merge "arm_fpga: Fix MPIDR topology checks" into integration
- Merge changes from topic "stm32-shres" into integration
* changes:
stm32mp1: shared resources: apply registered configuration
stm32mp1: shared resources: count GPIOZ bank pins
stm32mp1: shared resources: define resource identifiers
- Merge "stm32mp1: introduce shared resources support" into integration
- Merge "doc: Fix some broken links" into integration
- Merge "Workaround for Neoverse N1 erratum 1800710" into integration
- Merge "doc: RAS: fixing broken links" into integration
- doc: Fix some broken links
Fix all external broken links reported by Sphinx linkcheck tool.
This does not take care of broken cross-references between internal
TF-A documentation files. These will be fixed in a future patch.
Change-Id: I2a740a3ec0b688c14aad575a6c2ac71e72ce051e
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
- doc: RAS: fixing broken links
There were some links in the file "ras.rst" which were broken, this
patch fixes all the broken links in this file.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I00cf080e9338af5786239a4843cb4c2e0cc9d99d
- Merge "linker_script: move .rela.dyn section to bl_common.ld.h" into integration
- Merge "plat/arm: Add assert for the valid address of dtb information" into integration
- Merge "Fix makefile to build on a Windows host PC" into integration
- Fix makefile to build on a Windows host PC
The TF-A firmware build system is capable of building on both Unix like
and Windows host PCs. The commit ID 7ff088 "Enable MTE support" updated
the Makefile to conditionally enable the MTE support if the AArch64
architecture revision was greater than 8.5. However, the Makefile changes
were dependent on shell commands that are only available on unix shells,
resulting in build failures on a Windows host PC.
This patch fixes the Makefile by using a more portable approach for
comparing the architecture revision.
Change-Id: Icb56cbecd8af5b0b9056d105970ff4a6edd1755a
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
- Merge "stm32mp1: disable neon in sp_min" into integration
- Merge "stm32mp1: check stronger the secondary CPU entry point" into integration
- plat/arm: Add assert for the valid address of dtb information
Added assert in the code to check valid address of dtb information
structure retrieved from fw_config device tree.
This patch fixes coverity defect:360213.
Also, removed conditional calling of "fconf_populate" as "fconf_populate"
function already checks the validity of the device tree address received
and go to panic in case of address is NULL.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ib83e4e84a95e2456a12c7a2bb3fe70461d882cba
- Merge "allwinner: Disable NS access to PRCM power control registers" into integration
- allwinner: Disable NS access to PRCM power control registers
The non-secure world has no business accessing the CPU power switches in
the PRCM; those are handled by TF-A or the SCP. Only allow access to the
clock control part of the PRCM.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: I657b97f4ea8a0073448ad3343fbc66ba168ed89e
- uniphier: increase BL33 max size and GZIP temporary buffer size
The current BL33 size is large enough for U-Boot, but we need to
increase the limit to use other boot loaders such as edk2.
Increase the buffer size used for GZIP decompression too.
BL33 max size (UNIPHIER_BL33_MAX_SIZE): 1MB -> 8MB
GZIP buffer (UNIPHIER_IMAGE_BUF_SIZE): 1MB -> 8MB
Increasing the block buffer size (UNIPHIER_BLOCK_BUF_SIZE) is not
required, but I increased it too to make it work more efficiently.
Change-Id: I4fa6d795bed9ab9ada7f8f616c7d47076139e3a8
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
- linker_script: move .rela.dyn section to bl_common.ld.h
The .rela.dyn section is the same for BL2-AT-EL3, BL31, TSP.
Move it to the common header file.
I slightly changed the definition so that we can do "RELA_SECTION >RAM".
It still produced equivalent elf images.
Please note I got rid of '.' from the VMA field. Otherwise, if the end
of previous .data section is not 8-byte aligned, it fails to link.
aarch64-linux-gnu-ld.bfd: warning: changing start of section .rela.dyn by 4 bytes
aarch64-linux-gnu-ld.bfd: warning: changing start of section .rela.dyn by 4 bytes
aarch64-linux-gnu-ld.bfd: warning: changing start of section .rela.dyn by 4 bytes
make: *** [Makefile:1071: build/qemu/release/bl31/bl31.elf] Error 1
Change-Id: Iba7422d99c0374d4d9e97e6fd47bae129dba5cc9
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
- Upgrade libfdt source files
This version corresponds to the following commit <7be250b>
libfdt: Correct condition for reordering blocks
Also, updated the Juno romlib jumptable with fdt APIs.
Change-Id: Ib6d28c1aea81c2144a263958f0792cc4daea7a1f
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
- Merge changes Ib9c82b85,Ib348e097,I4dc315e4,I58a8ce44,Iebc03361, ... into integration
* changes:
plat: marvell: armada: a8k: add OP-TEE OS MMU tables
drivers: marvell: add support for mapping the entire LLC to SRAM
plat: marvell: armada: add LLC SRAM CCU setup for AP806/AP807 platforms
plat: marvell: armada: reduce memory size reserved for FIP image
plat: marvell: armada: platform definitions cleanup
plat: marvell: armada: a8k: check CCU window state before loading MSS BL2
drivers: marvell: add CCU driver API for window state checking
drivers: marvell: align and extend llc macros
plat: marvell: a8k: move address config of cp1/2 to BL2
plat: marvell: armada: re-enable BL32_BASE definition
plat: marvell: a8k: extend includes to take advantage of the phy_porting_layer
marvell: comphy: initialize common phy selector for AP mode
marvell: comphy: update rx_training procedure
plat: marvell: armada: configure amb for all CPs
plat: marvell: armada: modify PLAT_FAMILY name for 37xx SoCs
- arm_fpga: Fix MPIDR topology checks
The plat_core_pos_by_mpidr() implementation for the Arm FPGA port has
some issues, which leads to problems when matching GICv3 redistributors
with cores:
- The power domain tree was not taking multithreading into account, so
we ended up with the wrong mapping between MPIDRs and core IDs.
- Before even considering an MPIDR, we try to make sure Aff2 is 0.
Unfortunately this is the cluster ID when the MT bit is set.
- We mask off the MT bit in MPIDR, before basing decisions on it.
- When detecting the MT bit, we are properly calculating the thread ID,
but don't account for the shift in the core and cluster ID checks.
Those problems lead to early rejections of MPIDRs values, in particular
when called from the GIC code. As a result, CPU_ON for secondary cores
was failing for most of the cores.
Fix this by properly handling the MT bit in plat_core_pos_by_mpidr(),
also pulling in FPGA_MAX_PE_PER_CPU when populating the power domain
tree.
Change-Id: I71b2255fc0d27bfe5806511df479ab38e4e33fc4
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- Merge changes from topic "fw_config_handoff" into integration
* changes:
doc: Update arg usage for BL2 and BL31 setup functions
doc: Update BL1 and BL2 boot flow
plat/arm: Use only fw_config between bl2 and bl31
- doc: Update arg usage for BL2 and BL31 setup functions
Updated the porting guide for the usage of received arguments
in BL2 and BL32 setup functions in case of Arm platform.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ia83a5607fed999819d25e49322b3bfb5db9425c0
- doc: Update BL1 and BL2 boot flow
Updated the document for BL1 and BL2 boot flow to capture
below changes made in FCONF
1. Loading of fw_config and tb_fw_config images by BL1.
2. Population of fw_config and tb_fw_config by BL2.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ifea5c61d520ff1de834c279ce1759b53448303ba
- plat/arm: Use only fw_config between bl2 and bl31
Passed the address of fw_config instead of soc_fw_config
as arg1 to BL31 from BL2 for ARM fvp platform.
BL31 then retrieve load-address of other device trees
from fw_config device tree.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ib7e9581cd765d76111dcc3b7e0dafc12503c83c1
- Merge changes from topic "fw_config_handoff" into integration
* changes:
doc: Update memory layout for firmware configuration area
plat/arm: Increase size of firmware configuration area
plat/arm: Load and populate fw_config and tb_fw_config
fconf: Handle error from fconf_load_config
plat/arm: Update the fw_config load call and populate it's information
fconf: Allow fconf to load additional firmware configuration
fconf: Clean confused naming between TB_FW and FW_CONFIG
tbbr/dualroot: Add fw_config image in chain of trust
cert_tool: Update cert_tool for fw_config image support
fiptool: Add fw_config in FIP
plat/arm: Rentroduce tb_fw_config device tree
- Workaround for Neoverse N1 erratum 1800710
Neoverse N1 erratum 1800710 is a Cat B erratum, present in older
revisions of the Neoverse N1 processor core. The workaround is to
set a bit in the ECTLR_EL1 system register, which disables allocation
of splintered pages in the L2 TLB.
This errata is explained in this SDEN:
https://static.docs.arm.com/sden885747/f/Arm_Neoverse_N1_MP050_Software_Developer_Errata_Notice_v21.pdf
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ie5b15c8bc3235e474a06a57c3ec70684361857a6
- Merge "stm32mp1: use last page of SYSRAM as SCMI shared memory" into integration
- Merge "stm32mp1: SP_MIN embeds Arm Architecture services" into integration
- Merge "Redirect security incident report to TrustedFirmware.org" into integration
- Merge "doc: Add a binding document for COT descriptors" into integration
- Merge "plat/fvp: Dynamic description of clock freq" into integration
- Merge "fconf: Extract Timer clock freq from HW_CONFIG dtb" into integration
- Merge "Workaround for Cortex A77 erratum 1800714" into integration
- Workaround for Cortex A77 erratum 1800714
Cortex A77 erratum 1800714 is a Cat B erratum, present in older
revisions of the Cortex A77 processor core. The workaround is to
set a bit in the ECTLR_EL1 system register, which disables allocation
of splintered pages in the L2 TLB.
Since this is the first errata workaround implemented for Cortex A77,
this patch also adds the required cortex_a77_reset_func in the file
lib/cpus/aarch64/cortex_a77.S.
This errata is explained in this SDEN:
https://static.docs.arm.com/101992/0010/Arm_Cortex_A77_MP074_Software_Developer_Errata_Notice_v10.pdf
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I844de34ee1bd0268f80794e2d9542de2f30fd3ad
- doc: Update memory layout for firmware configuration area
Captured the increase in firmware configuration area from
4KB to 8kB in memory layout document. Updated the documentation
to provide details about fw_config separately.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ifbec443ced479301be65827b49ff4fe447e9109f
- plat/arm: Increase size of firmware configuration area
Increased the size of firmware configuration area to accommodate
all configs.
Updated maximum size of following bootloaders due to increase
in firmware configs size and addition of the code in the BL2.
1. Increased maximum size of BL2 for Juno platform in no
optimisation case.
2. Reduced maximum size of BL31 for fvp and Juno platform.
3. Reduced maximum size of BL32 for Juno platform.
Change-Id: Ifba0564df0d1fe86175bed9fae87fdcf013b1831
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- plat/arm: Load and populate fw_config and tb_fw_config
Modified the code to do below changes:
1. Load tb_fw_config along with fw_config by BL1.
2. Populate fw_config device tree information in the
BL1 to load tb_fw_config.
3. In BL2, populate fw_config information to retrieve
the address of tb_fw_config and then tb_fw_config
gets populated using retrieved address.
4. Avoid processing of configuration file in case of error
value returned from "fw_config_load" function.
5. Updated entrypoint information for BL2 image so
that it's arg0 should point to fw_config address.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: Ife6f7b673a074e7f544ee3d1bda7645fd5b2886c
- Merge "Fix usage of incorrect function name" into integration
- plat/fvp: Dynamic description of clock freq
Query clock frequency in runtime using FCONF getter API
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ie6a8a62d8d190b9994feffb167a1d48829913e9b
- fconf: Extract Timer clock freq from HW_CONFIG dtb
Extract Timer clock frequency from the timer node in
HW_CONFIG dtb. The first timer is a per-core architected timer attached
to a GIC to deliver its per-processor interrupts via PPIs.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I2f4b27c48e4c79208dab9f03c768d9221ba6ca86
- Redirect security incident report to TrustedFirmware.org
All projects under the TrustedFirmware.org project now use the same
security incident process, therefore update the disclosure/vulnerability
reporting information in the TF-A documentation.
------------------------------------------------------------------------
/!\ IMPORTANT /!\
Please note that the email address to send these reports to has changed.
Please do *not* use trusted-firmware-security@arm.com anymore.
Similarly, the PGP key provided to encrypt emails to the security email
alias has changed as well. Please do *not* use the former one provided
in the TF-A source tree. It is recommended to remove it from your
keyring to avoid any mistake. Please use the new key provided on
TrustedFirmware.org from now on.
------------------------------------------------------------------------
Change-Id: I14eb61017ab99182f1c45d1e156b96d5764934c1
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
- fconf: Handle error from fconf_load_config
Updated 'fconf_load_config' function to return
the error.
Error from 'fconf_load_config" gets handled
by BL1 in subsequent patches.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I4360f4df850e355b5762bb2d9666eb285101bc68
- plat/arm: Update the fw_config load call and populate it's information
Modified the code to do below changes:
1. Migrates the Arm platforms to the API changes introduced in the
previous patches by fixing the fconf_load_config() call.
2. Retrieve dynamically the address of tb_fw_config using fconf
getter api which is subsequently used to write mbedTLS heap
address and BL2 hash data in the tb_fw_config DTB.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: I3c9d9345dcbfb99127c61d5589b4aa1532fbf4be
- fconf: Allow fconf to load additional firmware configuration
Modified the `fconf_load_config` function so that it can
additionally support loading of tb_fw_config along with
fw_config.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ie060121d367ba12e3fcac5b8ff169d415a5c2bcd
- fconf: Clean confused naming between TB_FW and FW_CONFIG
Cleaned up confused naming between TB_FW and FW_CONFIG.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I9e9f6e6ca076d38fee0388f97d370431ae067f08
- tbbr/dualroot: Add fw_config image in chain of trust
fw_config image is authenticated using secure boot framework by
adding it into the single root and dual root chain of trust.
The COT for fw_config image looks as below:
+------------------+ +-------------------+
| ROTPK/ROTPK Hash |------>| Trusted Boot fw |
+------------------+ | Certificate |
| (Auth Image) |
/+-------------------+
/ |
/ |
/ |
/ |
L v
+------------------+ +-------------------+
| fw_config hash |------>| fw_config |
| | | (Data Image) |
+------------------+ +-------------------+
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I08fc8ee95c29a95bb140c807dd06e772474c7367
- cert_tool: Update cert_tool for fw_config image support
Updated cert_tool to add hash information of fw_config image into
the existing "trusted boot fw" certificate.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I720319225925806a2a9f50a1ac9c8a464be975f0
- fiptool: Add fw_config in FIP
Added support in fiptool to include fw_config image
in FIP.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ibbd14723a4141598d9d7f6bfcf88a0ef92cf87bc
- plat/arm: Rentroduce tb_fw_config device tree
Moved BL2 configuration nodes from fw_config to newly
created tb_fw_config device tree.
fw_config device tree's main usage is to hold properties shared
across all BLx images.
An example is the "dtb-registry" node, which contains the
information about the other device tree configurations
(load-address, size).
Also, Updated load-address of tb_fw_config which is now located
after fw_config in SRAM.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ic398c86a4d822dacd55b5e25fd41d4fe3888d79a
- Merge changes Ifc34f2e9,Iefd58159 into integration
* changes:
Workaround for Cortex A76 erratum 1800710
Workaround for Cortex A76 erratum 1791580
- Fix usage of incorrect function name
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Change-Id: Ic387630c096361ea9a963cde0018a0efb63e3bd2
- Merge "FFA Version interface update" into integration
- doc: Add a binding document for COT descriptors
Added a binding document for COT descriptors which is going
to be used in order to create COT desciptors at run-time.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ic54519b0e16d145cd1609274a00b137a9194e8dd
- FFA Version interface update
Change handler of FFA version interface:
- Return SPMD's version if the origin of the call is secure;
- Return SPMC's version if origin is non-secure.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I0d1554da79b72b1e02da6cc363a2288119c32f44
- stm32mp1: SP_MIN embeds Arm Architecture services
Embed Arch Architecture SMCCC services in stm32mp1 SP_MIN. This
service is needed by Linux kernel to setup the SMCCC conduit
used by its SCMI SMC transport driver.
Change-Id: I454a7ef3048a77ab73fff945e8115b60445d5841
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
- stm32mp1: use last page of SYSRAM as SCMI shared memory
SCMI shared memory is used to exchange message payloads between
secure SCMI services and non-secure SCMI agents. It is mapped
uncached (device) mainly to conform to existing support in
the Linux kernel. Note that executive messages are mostly short
(few 32bit words) hence not using cache will not penalize much
performances.
Platform stm32mp1 shall configure ETZPC to harden properly the
secure and non-secure areas of the SYSRAM address space, that before
CPU accesses the shared memory when mapped non-secure.
This change defines STM32MP_SEC_SYSRAM_BASE/STM32MP_SEC_SYSRAM_SIZE and
STM32MP_NS_SYSRAM_BASE/STM32MP_NS_SYSRAM_SIZE.
Change-Id: I71ff02a359b9668ae1c5a71b5f102cf3d310f289
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
- stm32mp1: check stronger the secondary CPU entry point
When using SP_min as monitor, only sp_min_warm_entrypoint() is a valid
secure entry point.
Change-Id: I440cec798e901b11a34dd482c33b2e378a8328ab
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
- stm32mp1: disable neon in sp_min
Disable use of Neon VFP support for platform stm32mp1 when
building with SP_MIN runtime services as these can conflict with
non-secure world use of NEON support. This is preferred over a
systematic backup/restore of NEON context when switching
between non-secure and secure worlds.
When NEON support is disabled, this is done for both BL2 and BL32 as
build process uses common libraries built once for both binaries.
Change-Id: I4e8808dcb6ef58fc839e6f85fd6e45cfbaa34be0
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
- stm32mp1: shared resources: apply registered configuration
BL32/SP_MIN configures platform security hardening from the shared
resources driver. At the end of SP_MIN initialization, all shared
resources shall be assigned to secure or non-secure world by
drivers. A lock prevent from further change on the resource
assignation. By definition, resources not registered are assign
to non-secure world since not claimed by any component on the BL.
No functional change as all resources are currently in state
SHRES_UNREGISTERED hence assigned to non-secure world as prior
this change in stm32mp1_etzpc_early_setup() and
sp_min_platform_setup().
Change-Id: Ic41fab47216c3b8b7a6a75b8358cfcec411ed941
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
- stm32mp1: shared resources: count GPIOZ bank pins
Get number of pins in the GPIOZ bank with helper function
fdt_get_gpio_bank_pin_count(). Save the value in RAM to prevent
parsing the FDT several time for the same information.
Change-Id: Ie68e300804461ffce09914100a7d2962116023b5
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
- stm32mp1: shared resources: define resource identifiers
Define enum stm32mp_shres for platform stm32mp1. The enumerated
type defines all resources that can be assigned to secure or
non-secure worlds at run time for the platform.
Change-Id: I5de20d72735856645f1efd0993643278e8d35bcb
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
- stm32mp1: introduce shared resources support
STM32MP1 SoC includes peripheral interfaces that can be assigned to
the secure world, or that can be opened to the non-secure world.
This change introduces the basics of a driver that manages such
resources which assignation is done at run time. It currently offers
API functions that state whether a service exposed to non-secure
world has permission to access a targeted clock or reset controller.
Change-Id: Iff20028f41586bc501085488c03546ffe31046d8
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
- Workaround for Cortex A76 erratum 1800710
Cortex A76 erratum 1800710 is a Cat B erratum, present in older
revisions of the Cortex A76 processor core. The workaround is to
set a bit in the ECTLR_EL1 system register, which disables allocation
of splintered pages in the L2 TLB.
This errata is explained in this SDEN:
https://static.docs.arm.com/sden885749/g/Arm_Cortex_A76_MP052_Software_Developer_Errata_Notice_v20.pdf
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ifc34f2e9e053dcee6a108cfb7df7ff7f497c9493
- Workaround for Cortex A76 erratum 1791580
Cortex A76 erratum 1791580 is a Cat B erratum present in earlier
revisions of the Cortex A76. The workaround is to set a bit in the
implementation defined CPUACTLR2 register, which forces atomic store
operations to write-back memory to be performed in the L1 data cache.
This errata is explained in this SDEN:
https://static.docs.arm.com/sden885749/g/Arm_Cortex_A76_MP052_Software_Developer_Errata_Notice_v20.pdf
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Iefd58159b3f2e2286138993317b98e57dc361925
- Merge changes from topic "tegra-memctrlv2-vpr-resize-bugfix" into integration
* changes:
Tegra: sanity check NS address and size before use
Tegra: memctrl_v2: fixup sequence to resize video memory
- Merge "TF-A GIC driver: Add barrier before eoi" into integration
- Merge "TF-A: Add ARMv8.5 'bti' build option" into integration
- Merge changes from topic "scmi-msg" into integration
* changes:
drivers/scmi-msg: smt entry points for incoming messages
drivers/scmi-msg: support for reset domain protocol
drivers/scmi-msg: support for clock protocol
drivers/scmi-msg: driver for processing scmi messages
- Merge "Fix typo in file Header guard" into integration
- TF-A GIC driver: Add barrier before eoi
It is desired to have the peripheral writes completed to clear the
interrupt condition and de-assert the interrupt request to GIC before
EOI write. Failing which spurious interrupt will occurred.
A barrier is needed to ensure peripheral register write transfers are
complete before EOI is done.
GICv2 memory mapped DEVICE nGnR(n)E writes are ordered from core point
of view. However these writes may pass over different interconnects,
bridges, buffers leaving some rare chances for the actual write to
complete out of order.
GICv3 ICC EOI system register writes have no ordering against nGnR(n)E
memory writes as they are over different interfaces.
Hence a dsb can ensure from core no writes are issued before the previous
writes are *complete*.
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Change-Id: Ie6362009e2f91955be99dca8ece14ade7b4811d6
- Merge "Tegra: introduce support for GICv3" into integration
- Fix typo in file Header guard
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Change-Id: Iaf6deaeee2069720518221157edbb052bc42850a
- Tegra: sanity check NS address and size before use
This patch updates the 'bl31_check_ns_address()' helper function to
check that the memory address and size passed by the NS world are not
zero.
The helper fucntion also returns the error code as soon as it detects
inconsistencies, to avoid multiple error paths from kicking in for the
same input parameters.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I46264f913954614bedcbde12e47ea0c70cd19be0
- plat: marvell: armada: a8k: add OP-TEE OS MMU tables
Adjust the latest OP-TEE memory definitions to the
newest TF-A baseline.
Change-Id: Ib9c82b85f868adaf3c7285eb340486bda9c59c36
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
- drivers: marvell: add support for mapping the entire LLC to SRAM
Add llc_sram_enable() and llc_sram_disable() APIs to Marvell
cache_lls driver.
Add LLC_SRAM definition to Marvell common makefile - disabled
by the default.
Add description of LLC_SRAM flag to the build documentation.
Change-Id: Ib348e09752ce1206d29268ef96c9018b781db182
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
- plat: marvell: armada: add LLC SRAM CCU setup for AP806/AP807 platforms
Extend the CCU tables with secure SRAM window in all board
setups that uses SoCs based on AP806/AP807 North Bridges
Change-Id: I4dc315e4ea847562ac8648d8a8739244b548c70e
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
- plat: marvell: armada: reduce memory size reserved for FIP image
It is not needed to reserve 64MB for FIP. Limit this to 4MB
for both supported Armada SoC families.
Change-Id: I58a8ce4408a646fe1afd3c1ea1ed54007c8d205d
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
[Extract from bigger commit]
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
- plat: marvell: armada: platform definitions cleanup
- Remove
TRUSTED_DRAM_BASE
TRUSTED_DRAM_SIZE
MARVELL_TRUSTED_SRAM_BASE
- Rename
PLAT_MARVELL_TRUSTED_DRAM_* -> PLAT_MARVELL_TRUSTED_RAM_*
PLAT_MARVELL_TRUSTED_SRAM_* -> MARVELL_TRUSTED_DRAM_*
MARVELL_MAP_SHARED_RAM -> MARVELL_MAP_SECURE_RAM
- Move
MARVELL_TRUSTED_DRAM_SIZE to marvell_def.h
- Enable MARVELL_MAP_SECURE_RAM region in BL2U memory map
- Add dependency of MARVELL_MAP_SHARED_RAM on LLC_SRAM
- Add minor style improvents
Change-Id: Iebc03361e4f88489af1597f54e137b27c241814c
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
[Improve patch after rebase]
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
- plat: marvell: armada: a8k: check CCU window state before loading MSS BL2
Make sure the current CCU window is not in use before adding
a new address map during MSS BL2 image load preparations.
At BL2 stage the CCU Win-2 points to DRAM. If additional mapping is
added to MSS BL2 stage initialization, the DDR entry will be destroyed
and lead to the system hang.
Change-Id: I215e83508acc37d54dab6954d791b9a74cc883ca
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
- drivers: marvell: add CCU driver API for window state checking
Add ccu_is_win_enabled() API for checking the CCU window
state using AP and window indexes.
Change-Id: Ib955a2cac28b2729b0a763f3bbbea28b476a2fe4
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
- drivers: marvell: align and extend llc macros
Make all LLC-related macros to start with the same prefix
Add more LLC control registers definitions
This patch is a preparation step for LLC SRAM support
Change-Id: I0a4f0fc83e8ef35be93dd239a85f2a9f88d1ab19
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
- plat: marvell: a8k: move address config of cp1/2 to BL2
The configuration space of each standalone CP was updated in BL31.
Loading FW procedure take places earlier in SCP_BL2.
It needs to be done after access to each CP is provided.
Moving the proper configuration from BL31 to BL2 solves it.
Change-Id: I44cf88dfd4ebf09130544332bfdd3d16ef2674ea
Signed-off-by: Ben Peled <bpeled@marvell.com>
- plat: marvell: armada: re-enable BL32_BASE definition
As a preparation to support proper loading the OPTEE OS image,
enable the BL32 specific defines in case the SPD is used.
On the occasion move two BL32-related macros to marvell_def.h
and fix BL32_LIMIT definition.
Change-Id: Id4e2d81833bc1895650cca8b0fc0bfc341cf77f3
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
- plat: marvell: a8k: extend includes to take advantage of the phy_porting_layer
The phy porting layer uses defaults defined in
"phy-default-porting-layer.h" when board specific file
"phy-porting-layer.h" is not found. Because of the regression the board
specific directory was not included, therefore all boards used default
parameters.
Change-Id: I66e5e6eb8a39cca5aeeb4de6dab2ceddc39c1e31
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
- marvell: comphy: initialize common phy selector for AP mode
Configuring common phy selector which was missing for AP mode.
Change-Id: I15be1ba50b8aafe9094734abec139d72c18bb224
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
- marvell: comphy: update rx_training procedure
1) Relay only on rx training, remove parts responsible for tx training
(trx training).
2) Add extra steps e.g. preconfigure FFE before starting training.
3) Remove some unnecessary steps like RRBS31 loopback setting which
shouldn't be relevant for tx_training.
Change-Id: Ib1e8567714f9ce33578186a262c339aa4b1c51f2
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
- plat: marvell: armada: configure amb for all CPs
Before this patch the configuration took place only for CP0 and CP1, but
since new platforms can contains up to 3 CPs update is required.
Change-Id: Iebd50bbe7b9772063e2c4efb3a7ecbfd593e950d
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
- TF-A: Add ARMv8.5 'bti' build option
This patch adds BRANCH_PROTECTION = 4 'bti' build option
which turns on branch target identification mechanism.
Change-Id: I32464a6b51726a100519f449a95aea5331f0e82d
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- Tegra: introduce support for GICv3
This patch provides the platform level support to enable GICv3
drivers on future Tegra platforms.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I966a4502b2a4a7bd1ce66da843997c9ed605c59f
- Tegra: memctrl_v2: fixup sequence to resize video memory
The previous sequence used by the driver to program the new memory
aperture settings and clear the non-overlapping memory was faulty.
The sequence locked the non-overlapping regions twice, leading to
faults when trying to clear it.
This patch modifies the sequence to follow these steps:
* move the previous memory region to a new firewall register
* program the new memory aperture settings
* clean the non-overlapping memory
This patch also maps the non-overlapping memory as Device memory to
follow guidance from the arch. team.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I7cf6e05b2dd372103dc7229e37b1b3fc269a57ae
- plat: marvell: armada: modify PLAT_FAMILY name for 37xx SoCs
The Marvell Armada 37xx SoCs-based platforms contain a bit
awkward directory structure because the currently only one
supported PLAT and PLAT_FAMILY are the same. Modify the latter
to 'a3k' in order to improve it and keep plat/marvell/armada
tree more consistent:
plat/marvell/
├── armada
│ ├── a3k
│ │ ├── a3700
[...]
│ ├── a8k
│ │ ├── a70x0
[...]
Change-Id: I693a6ef88e6ce49a326a3328875c90bbc186066a
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
- Merge changes I80316689,I23cac4fb,If911e7de,I169ff358,I4e040cd5, ... into integration
* changes:
ddr: a80x0: add DDR 32-bit ECC mode support
ble: ap807: improve PLL configuration sequence
ble: ap807: clean-up PLL configuration sequence
ddr: a80x0: add DDR 32-bit mode support
plat: marvell: mci: perform mci link tuning for all mci interfaces
plat: marvell: mci: use more meaningful name for mci link tuning
plat: marvell: a8k: remove wrong or unnecessary comments
plat: marvell: ap807: enable snoop filter for ap807
plat: marvell: ap807: update configuration space of each CP
plat: marvell: ap807: use correct address for MCIx4 register
plat: marvell: add support for PLL 2.2GHz mode
plat: marvell: armada: make a8k_common.mk and mss_common.mk more generic
marvell: armada: add extra level in marvell platform hierarchy
- drivers/scmi-msg: smt entry points for incoming messages
This change implements SCMI channels for reading a SCMI message from a
shared memory and call the SCMI message drivers to route the message
to the target platform services.
SMT refers to the shared memory management protocol which is used
to get/put message/response in shared memory. SMT is a 28byte header
stating shared memory state and exchanged protocol data.
The processing entry for a SCMI message can be a secure interrupt
or fastcall SMCCC invocation.
SMT description in this implementation is based on the OP-TEE
project [1] itself based in the SCP-firmware implementation [2].
Link: [1] https://github.com/OP-TEE/optee_os/commit/a58c4d706d2333d2b21a3eba7e2ec0cb257bca1d
Link: [2] https://github.com/ARM-software/SCP-firmware.git
Change-Id: I416c7dab5c67954c6fe80bae8d8cdfdcda66873e
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
- Merge "plat/arm: Fix load address of TB_FW_CONFIG" into integration
- drivers/scmi-msg: support for reset domain protocol
Adds SCMI reset domain protocol support in the SCMI message drivers
as defined in SCMI specification v2.0 [1]. Not all the messages
defined in the specification are supported.
scmi_msg_get_rd_handler() sanitizes the message_id value
against any speculative use of reset domain ID as a index since by
SCMI specification, IDs are indices.
This implementation is based on the OP-TEE project implementation [2]
itself based on the SCP-firmware implementation [3] of the SCMI
protocol server side.
Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
Link: [2] https://github.com/OP-TEE/optee_os/commit/56a1f10ed99d683ee3a8af29b6147a59a99ef3e0
Link: [3] https://github.com/ARM-software/SCP-firmware.git
Change-Id: If7cf13de40a815dedb40dcd5af8b6bb6725d9078
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
- drivers/scmi-msg: support for clock protocol
Adds SCMI clock protocol support in the SCMI message drivers as
defined in SCMI specification v2.0 [1] for clock protocol messages.
Platform can provide one of the plat_scmi_clock_*() handler for the
supported operations set/get state/rate and others.
scmi_msg_get_clock_handler() sanitizes the message_id value
against any speculative use of clock ID as a index since by
SCMI specification, IDs are indices.
This implementation is based on the OP-TEE project implementation [2]
itself based on the SCP-firmware implementation [3] of the SCMI
protocol server side.
Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
Link: [2] https://github.com/OP-TEE/optee_os/commit/a7a9e3ba71dd908aafdc4c5ed9b29b15faa9692d
Link: [3] https://github.com/ARM-software/SCP-firmware.git
Change-Id: Ib56e096512042d4f7b9563d1e4181554eb8ed02c
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
- drivers/scmi-msg: driver for processing scmi messages
This change introduces drivers to allow a platform to create a basic
SCMI service and register handlers for client request (SCMI agent) on
system resources. This is the first piece of the drivers: an entry
function, the SCMI base protocol support and helpers for create
the response message.
With this change, scmi_process_message() is the entry function to
process an incoming SCMI message. The function expect the message
is already copied from shared memory into secure memory. The message
structure stores message reference and output buffer reference where
response message shall be stored.
scmi_process_message() calls the SCMI protocol driver according to
the protocol ID in the message. The SCMI protocol driver will call
defined platform handlers according to the message content.
This change introduces only the SCMI base protocol as defined in
SCMI specification v2.0 [1]. Not all the messages defined
in the specification are supported.
The SCMI message implementation is derived from the OP-TEE project [2]
itself based on the SCP-firmware implementation [3] of the SCMI protocol
server side.
Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
Link: [2] https://github.com/OP-TEE/optee_os/commit/ae8c8068098d291e6e55744dbc237ec39fd9840a
Link: [3] https://github.com/ARM-software/SCP-firmware/tree/v2.6.0
Change-Id: I639c4154a39fca60606264baf8d32452641f45e9
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
- plat/arm: Fix load address of TB_FW_CONFIG
Load address of tb_fw_config is incorrectly mentioned
in below device trees:
1. rdn1edge_fw_config.dts
2. tc0_fw_config.dts
Till now, tb_fw_config load-address is not being retrieved from
device tree and hence never exeprienced any issue for tc0 and
rdn1edge platform.
For tc0 and rdn1edge platform, Load-address of tb_fw_config should
be the SRAM base address + 0x300 (size of fw_config device tree)
Hence updated these platform's fw_config.dts accordingly to reflect
this load address change.
Change-Id: I2ef8b05d49be10767db31384329f516df11ca817
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
- Merge changes from topic "tegra194-ras-handling" into integration
* changes:
Tegra194: ras: verbose prints for SErrors
Prevent RAS register access from lower ELs
Tegra194: SiP: clear RAS corrected error records
Tegra194: add RAS exception handling
- Merge "Add Raghu Krishnamurthy as a TF-A maintainer" into integration
- Merge changes I1b9e3ebd,I451c0333 into integration
* changes:
tbbr: add chain of trust for Secure Partitions
cert_create: extend Secure partition support for tbbr CoT
- Add Raghu Krishnamurthy as a TF-A maintainer
Change-Id: I3726f42f8f3de0cd88bd77a0f9d92a710649d18c
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
- tbbr: add chain of trust for Secure Partitions
with sha 44f1aa8, support for Silicon Provider(SiP) owned Secure
Partition(SP) was added for dualroot CoT. This patch extends this
support for tbbr CoT.
Earlier tbbr CoT for SPs was left to avoid adding new image types in
TBBR which could possibly be seen as deviation from specification.
But with further discussions it is understood that TBBR being a
*minimal* set of requirements that can be extended as long as we don't
violate any of the musts, which is the case with adding SP support.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I1b9e3ebdd7d653f1fd4cc3bd910a69871b55ecbb
- Tegra194: ras: verbose prints for SErrors
This patch provides verbose prints for RAS SErrors handled by the
firmware, for improved debugging.
Change-Id: Iaad8d183054d884f606dc4621da2cc6b2375bcf9
Signed-off-by: David Pu <dpu@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- Prevent RAS register access from lower ELs
This patch adds a build config 'RAS_TRAP_LOWER_EL_ERR_ACCESS' to set
SCR_EL3.TERR during CPU boot. This bit enables trapping RAS register
accesses from EL1 or EL2 to EL3.
RAS_TRAP_LOWER_EL_ERR_ACCESS is disabled by default.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ifb0fb0afedea7dd2a29a0b0491a1161ecd241438
- Tegra194: SiP: clear RAS corrected error records
This patch introduces a function ID to clear all the RAS error
records for corrected errors.
Per latest requirement, ARM RAS corrected errors will be reported to
lower ELs via interrupts and cleared via SMC. This patch provides
required function to clear RAS error status.
This patch also sets up all required RAS Corrected errors in order to
route RAS corrected errors to lower ELs.
Change-Id: I554ba1d0797b736835aa27824782703682c91e51
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Signed-off-by: David Pu <dpu@nvidia.com>
- Tegra194: add RAS exception handling
This patch adds all Tegra194 RAS nodes definitions and support to
handle all uncorrectable RAS errors.
Change-Id: I109b5a8dbca91d92752dc282c4ca30f273c475f9
Signed-off-by: David Pu <dpu@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
- cert_create: extend Secure partition support for tbbr CoT
with sha 0792dd7, support to generate certificate for Secure
Partitions was added for dualroot CoT only, this patch extends
this support for tbbr CoT.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I451c0333536dd1cbe17861d454bdb0dc7a17c63f
- Merge "rockchip: rk3368: fix PLAT_RK_CLST_TO_CPUID_SHIFT" into integration
- Merge "GICv3: GIC-600: Detect GIC-600 at runtime" into integration
- Merge "cpus: denver: disable cycle counter when event counting is prohibited" into integration
- rockchip: rk3368: fix PLAT_RK_CLST_TO_CPUID_SHIFT
The RK3368 has two clusters of 4 cores and it's cluster id starts at
bit 8 of the MPIDR. To convert from the cluster id (0 or 1) to the
lowest CPU-ID in the respective cluster, we thus need to shift by 6
(i.e. shift by 8 to extract the cluster-id and multiply by 4).
This change is required to ensure the PSCI support can index the
per-cpu entry-address array correctly.
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Change-Id: I64a76038f090a85a47067f09f750e96e3946e756
- cpus: denver: disable cycle counter when event counting is prohibited
The Denver CPUs implement support for PMUv3 for ARMv8.1 and expect the
PMCR_EL0 to be saved in non-secure context.
This patch disables cycle counter when event counting is prohibited
immediately on entering the secure world to avoid leaking useful
information about the PMU counters. The context saving code later
saves the value of PMCR_EL0 to the non-secure world context.
Verified with 'PMU Leakage' test suite.
******************************* Summary *******************************
> Test suite 'PMU Leakage'
Passed
=================================
Tests Skipped : 2
Tests Passed : 2
Tests Failed : 0
Tests Crashed : 0
Total tests : 4
=================================
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I3675e2b99b44ed23d86e29a5af1b496e80324875
- Merge changes from topic "sp_secure_boot" into integration
* changes:
dualroot: add chain of trust for secure partitions
sptool: append cert_tool arguments.
cert_create: add SiP owned secure partitions support
- Merge "plat/fvp: Add support for dynamic description of secure interrupts" into integration
- plat/fvp: Add support for dynamic description of secure interrupts
Using the fconf framework, the Group 0 and Group 1 secure interrupt
descriptors are moved to device tree and retrieved in runtime. This
feature is enabled by the build flag SEC_INT_DESC_IN_FCONF.
Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
- GICv3: GIC-600: Detect GIC-600 at runtime
The only difference between GIC-500 and GIC-600 relevant to TF-A is the
differing power management sequence.
A certain GIC implementation is detectable at runtime, for instance by
checking the IIDR register. Let's add that test before initiating the
GIC-600 specific sequence, so the code can be used on both GIC-600 and
GIC-500 chips alike, without deciding on a GIC chip at compile time.
This means that the GIC-500 "driver" is now redundant. To allow minimal
platform support, add a switch to disable GIC-600 support.
Change-Id: I17ea97d9fb05874772ebaa13e6678b4ba3415557
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
- dualroot: add chain of trust for secure partitions
A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP)
owned Secure Partitions(SP). A similar support for Platform owned SP can
be added in future. The certificate is also protected against anti-
rollback using the trusted Non-Volatile counter.
To avoid deviating from TBBR spec, support for SP CoT is only provided
in dualroot.
Secure Partition content certificate is assigned image ID 31 and SP
images follows after it.
The CoT for secure partition look like below.
+------------------+ +-------------------+
| ROTPK/ROTPK Hash |------>| Trusted Key |
+------------------+ | Certificate |
| (Auth Image) |
/+-------------------+
/ |
/ |
/ |
/ |
L v
+------------------+ +-------------------+
| Trusted World |------>| SiP owned SPs |
| Public Key | | Content Cert |
+------------------+ | (Auth Image) |
/ +-------------------+
/ |
/ v|
+------------------+ L +-------------------+
| SP_PKG1 Hash |------>| SP_PKG1 |
| | | (Data Image) |
+------------------+ +-------------------+
. .
. .
. .
+------------------+ +-------------------+
| SP_PKG8 Hash |------>| SP_PKG8 |
| | | (Data Image) |
+------------------+ +-------------------+
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ia31546bac1327a3e0b5d37e8b99c808442d5e53f
- Merge "plat/arm: do not include export header directly" into integration
- Merge "rockchip: increase FDT buffer size" into integration
- Merge changes from topic "fix-agilex-initialization" into integration
* changes:
plat: intel: Additional instruction required to enable global timer
plat: intel: Fix CCU initialization for Agilex
plat: intel: Add FPGAINTF configuration to when configuring pinmux
plat: intel: set DRVSEL and SMPLSEL for DWMMC
plat: intel: Fix clock configuration bugs
- plat: intel: Additional instruction required to enable global timer
There are additional instruction needed to enable the global timer.
This fixes the global timer initialization
Signed-off-by: Tien Hock Loh <tien.hock.loh@intel.com>
Change-Id: Idaf2d23359aacc417e2b7d8cdf1688b5cd17ca98
- plat: intel: Fix CCU initialization for Agilex
The CCU initialization loop uses the wrong units, this fixes that. This
also fixes snoop filter register set bits should be used instead of
overwriting the register
Signed-off-by: Tien Hock Loh <tien.hock.loh@intel.com>
Change-Id: Ia15eeeae5569b00ad84120182170d353ee221b31
[...]diff --git a/trusty/external/trusted-firmware-a b/trusty/external/trusted-firmware-a
index 2d7b074..b89e514 160000
--- a/trusty/external/trusted-firmware-a
+++ b/trusty/external/trusted-firmware-a
@@ -1 +1 @@
-Subproject commit 2d7b074e28e87f4c92903f9ebc89fb10ec51c27d
+Subproject commit b89e5144aee5f2f348357d3989163dc459694fe4
