Platforms which support Realm world cannot boot up
properly if measured boot is enabled at build time.
An assertions occurs due to the missing RMM entry
in the event_log_metadata array.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I172f10a440797f7c9e1bc79dc72242b40c2521ea
Currently only the lowest 2 DRAM region were configured in the
TrustZone Controller, but the platform supports 6 regions spanning the
whole address space.
Configuring all of them to allow tests to access memory also in those
higher memory regions.
FVP memory map:
https://developer.arm.com/documentation/100964/1116/Base-Platform/Base---memory/Base-Platform-memory-map
Note that last row is wrong, describing a non-existing 56bit address,
all region labels should be shifted upward.
Issue has been reported and next release will be correct.
Change-Id: I695fe8e24aff67d75e74635ba32a133342289eb4
Signed-off-by: Federico Recanati <federico.recanati@arm.com>
Add initial support for RD-Edmunds platform. This platform is considered
as a variant of RD-N2 platform with only major change being the CPU
which is Demeter instead of Neoverse-N2.
Signed-off-by: Tony K Nadackal <tony.nadackal@arm.com>
Change-Id: I939d9eac652fa9e76ad002ee5e6107aa79baa013
Secure enclave decides the boot bank based on the firmware update
state of the system and updates the boot bank information at a given
location in the flash. In this commit, bl2 reads the given flash
location to indentify the bank from which it should load fip from.
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: I7f0f4ffc97189c9deb99db44afcd966082ffbf21
More space in the flash is reserved up front for metadata
parser and UEFI variables. That requires change in the flash
base address of where images are present.
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: Ieaabe09374d707de18d36505c69b6c9a8c2ec2e9
This change implements platform specific psci reset
for the corstone1000.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: I25f77234506416c3376ff4a028f6ea40ebe68437
These changes are required to accommodate 3MB for OP-TEE and this
is required for SP's part of optee
Added size macro's for better readability of the code
Moved uboot execution memory from CVM to DDR
Change-Id: I16657c6e336fe7c0fffdee1617d10af8a2c76732
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
diphda platform is now being renamed to corstone1000.
These changes are to replace all the instances and traces
of diphda corstone1000.
Change-Id: I330f3a112d232b99b4721b6bf0236253b068dbba
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Add board support for variant 2 of RD-N2 platform which is a four chip
variant with 4 cores on each chip. The "CSS_SGI_PLATFORM_VARIANT" value
is 2 for multi-chip variant. The "CSS_SGI_CHIP_COUNT_MACRO" can be in
the range [1, 4] for multi-chip variant.
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Change-Id: I6412106e80e2f17704c796226c2ee9fe808705ba
The Event Log sources are added to the source-list of BL1 and BL2
images in the Event Log Makefile. It doesn't seem correct since
some platforms only compile Event Log sources for BL2.
Hence, moved compilation decision of Event Log sources to the
platform makefile.
Change-Id: I1cb96e24d6bea5e091d08167f3d1470d22b461cc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This patch adds the basic CPU library code to support the Poseidon CPU
in TF-A. Poseidon is derived from HunterELP core, an implementation of
v9.2 architecture. Currently, Hunter CPU the predecessor to HunterELP,
is supported in TF-A. Accordingly the Hunter CPU library code has been
as the base and adapted here.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I406b4de156a67132e6a5523370115aaac933f18d
The metadata structure copy is passed to the platform routine to set
the image source to boot the platform from. This is done by reading
the metadata structure. Pass the metadata as a read-only copy to the
routine -- the routine only needs to consume the metadata values and
should not be able to update the metadata fields.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: I399cad99ab89c71483e5a32a1de0e22df304f8b0
Total Compute has ETE and TRBE tracing components and they have
to be enabled to capture the execution trace of the processor.
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
Change-Id: I3c86c11be2c655a61ecefa3eb2e4e3951577a113
As Measured-Boot and Trusted-Boot are orthogonal, removed
Trusted-Boot's dependency on Measured-Boot by allowing them
to apply the Crypto module changes independently using the
CRYPTO_SUPPORT build flag.
Change-Id: I5a420e5d84f3fefe0c0092d822dab981e6390bbf
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This patch includes the errata workaround for erratum
1868343 for the Morello platform.
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Change-Id: Ifea8148e10946db2276560f90bf2f32bf12b9dcc
Cortex X2 erratum 2083908 is a Cat B erratum present in the Cortex
X2 core. It applies to revision r2p0 and is still open.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775100
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Id9dca2b042bf48e75fb3013ab37d1c5925824728
SoC UART1 is internally connected to MCP UART1 so this
cannot be used as AP runtime UART instead we use the
IOFPGA UART0 as the AP runtime UART.
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Change-Id: Iecefb0d2cb875b3ecf97e0983b06f6e914835021
This patch adds support to load nt_fw_config
with the information from plat_info sds
structure which is then passed from BL2 to BL33.
Signed-off-by: sah01 <sahil@arm.com>
Change-Id: I2242da7404c72a4f9c2e3d7f3b5c154890a78526
Different platform_info sds struct definition will be used
for fvp and soc.
Signed-off-by: sahil <sahil@arm.com>
Change-Id: I92f0e1b2d0d755ad0405ceebfeb78d6e4c67013d
This patch adds all SOC and FVP related changes required to boot
a standard TBBR style boot on Morello.
Signed-off-by: sahil <sahil@arm.com>
Change-Id: Ib8f7f326790b13082cbe8db21a980e048e3db88c
Based on the SCC configuration value obtained from the SDS
platform information structure configure DMC-Bing Server or
Client mode after zeroing out the memory.
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Change-Id: I0555fa06c9c1906264848f4e32ca413b4742cdee
For Morello SoC, we use ECC capability for the RDIMMs
which require the entire DDR memory space to be zeroed
out before it can be accessed.
Change-Id: Icbe9916f9a2d3c4ce839d8bf7f867efa18f33e23
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
The same folder "plat/arm/board/morello" is going to be
used by both Morello FVP and Morello SoC platforms.
TARGET_PLATFORM build flag has been introduced to
differentiate between the two platforms
Change-Id: I3e94da372a3f1ba810b4259b85dd4c204306c359
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
There might be several platforms which use the
TARGET_PLATFORM build option to differentiate the code
between the platform variants.
Use of TARGET_PLATFORM in the common code leads to build
failures instead use PLAT build option.
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Change-Id: I9724caf875bd56225e035ecffa8b9ca1a50d3401
Implemented a platform function 'plat_mboot_measure_critical_data' to
measure critical data and record its measurement using the Event Log
driver.
'bl2_plat_mboot_finish' function invokes this platform function
immediately after populating the critical data.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ia198295c6e07ab26d436eab1ff90df2cf28303af
It doesn't look correct to use mbed TLS defines directly in the Event
Log driver as this driver may use another Crypto library in future.
Hence mbed TLS Crypto dependency on Event Log driver is removed by
introducing generic Crypto defines and uses those in the Event Log
driver to call Crypto functions.
Also, updated mbed TLS glue layer to map these generic Crypto defines
to mbed TLS library defines.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ibc9c751f60cbce4d3f3cf049b7c53b3d05cc6735
Commit 4333f95 ("fix(spm_mm): do not compile if SVE/SME is enabled")
introduced a comiple time check to verify if ENABLE_SVE_FOR_NS is set to
0 when SPM_MM build is enabled. To support SPM_MM builds on SGI/RD
platforms set ENABLE_SVE_FOR_NS to 0.
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: If78ed7567f6d988795b2bc7f772a883783246964
Renamed a macro 'INVALID_ID' to 'EVLOG_INVALID_ID' to avoid its clash
with other macro names and to show it is explicitly used for Event
Log driver.
Change-Id: Ie4c92b3cd1366d9a59cd6f43221e24734865f427
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
When the console verbosity is at maximum, fconf_populate_arm_sp()
prints the UUID and load address of each secure partition. However,
the load address has not been retrieved yet at this point, which means
all partitions show a zero load address.
Move the trace after we have retrieved the SP's load address from the
device tree to make it more meaningful.
Change-Id: I58ef7df6c9107a433f61113cafd8f0855c468d40
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Use long instead of long long on aarch64 for 64_t stdint types.
Introduce inttypes.h to properly support printf format specifiers for
fixed width types for such change.
Change-Id: I0bca594687a996fde0a9702d7a383055b99f10a1
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
* changes:
feat(arm_fpga): write UART baud base clock frequency into DTB
feat(arm_fpga): query PL011 to learn system frequency
refactor(arm_fpga): move command line code into separate function
fix(fdt): avoid output on missing DT property
feat(arm_fpga): add ITS autodetection
feat(arm_fpga): determine GICR base by probing
feat(gicv3): introduce GIC component identification
feat(libfdt): also allow changing base address
fix(arm_fpga): avoid re-linking from executable ELF file
Since we now autodetect the actual system frequency, which is also used
as the base for the UART baudrate generation, we should update the value
currently hard-coded in the DT. Otherwise Linux will reprogram the
divider using a potentially wrong base rate, which breaks the UART
output.
Find the DT node referenced by the UART node as the clock rate, and set
the "clock-frequency" property in that node to the detected system
frequency. This will let Linux reprogram the divider to the same value,
preserving the actual baudrate.
Change-Id: Ib5a936849f2198577b86509f032751d5386ed2f8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The Arm FPGAs run in mostly one clock domain, which is used for the CPU
cores, the generic timer, and also the UART baudrate base clock. This
single clock can have different rates, to compensate for different IP
complexity. So far most images used 10 MHz, but different rates start to
appear.
To avoid patching both the arch timer frequency and UART baud base fixed
clock in the DTB manually, we would like to set the clock rate
automatically. Fortunately the SCP firmware has the actual clock rate
hard coded, and already programs the PL011 UART baud divider register
with the correct value to achieve a 38400 bps baudrate.
So read the two PL011 baudrate divider values and re-calculate the
original base clock from there, to use as the arch timer frequency. If
the arch timer DT node contains a clock-frequency property, we use that
instead, to support overriding and disabling this autodetection.
Change-Id: I9857fbb418deb4644aeb2816f1102796f9bfd3bb
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The code dealing with finding the command line and inserting that into
the DTB is somewhat large, and drowns the other DT handlers in our
fpga_prepare_dtb() function.
Move that code into a separate function, to improve readability.
Change-Id: I828203c4bb248d38a2562fcb6afdefedf3179f8d
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Some FPGAs come with a GIC that has an ITS block configured. Since the
ITS sits between the distributor and redistributors, we can autodetect
that, and already adjust the GICR base address.
To also make this ITS usable, add an ITS node to our base DTB, and
remove that should we not find an ITS during the scan for the
redistributor. This allows to use the same TF-A binary for FPGA images
with or without an ITS.
Change-Id: I4c0417dec7bccdbad8cbca26fa2634950fc50a66
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
When an Arm Ltd GIC (Arm GIC-[567]00) is instantiated with one or more
ITSes, the ITS MMIO frames appear between the distributor and
redistributor addresses. This makes the beginning of the redistributor
region dependent on the existence and number of ITSes.
To support various FPGA images, with and without ITSes, probe the
addresses in question, to learn whether they accommodate an ITS or a
redistributor. This can be safely done by looking at the PIDR[01]
registers, which contain an ID code for each region, documented in the
Arm GIC TRMs.
We try to find all ITSes instantiated, and skip either two or four 64K
frames, depending on GICv4.1 support. At some point we will find the
first redistributor; this address we then update in the DTB.
Change-Id: Iefb88c2afa989e044fe0b36b7020b56538c60b07
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
For platforms where we don't know the number of cores at compile time,
the size of the GIC redistributor frame is then also undetermined, since
it depends on this number of cores.
On top of this the GICR base address can also change, when an unknown
number of ITS frames (including zero) take up space between the
distributor and redistributor.
So while those two adjustments are done for independent reasons, the
code for doing so is very similar, so we should utilise the existing
fdt_adjust_gic_redist() function.
Add an (optional) gicr_base parameters to the prototype, so callers can
choose to also adjust this base address later, if needed.
Change-Id: Id39c0ba83e7401fdff1944e86950bb7121f210e8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
When we build the convenience firmware package file for the Arm FPGA
boards (bl31.axf), we combine trampolines, the DTB and the actual BL31
code into one ELF file, which is more a "container with load addresses"
than an actual executable. So far ld was fine with us using bl31.elf as
an input file, but binutils 2.35 changed that and complains about
taking an *executable* ELF file as in *input* to the linker:
-----------------
aarch64-none-elf-ld.bfd: cannot use executable file 'build/arm_fpga/debug/./bl31/bl31.elf' as input to a link
-----------------
Fortunately we don't need the actual BL31 ELF file for *that* part of
the linking, so can use the just created bl31.bin binary version of it.
Actually that shrinks the file, as we needlessly included the .BSS
section in the final file before.
Using the binary works with both older and newer toolchains versions, so
let's do this unconditionally.
Change-Id: Ib7e697f8363499123f7cb860f118f182d0830768
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch removes files that are not used by TF-R as well as
removes unused generic files from the TF-R makefile.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Idb15ac295dc77fd38735bf2844efdb73e6f7c89b
This change essentially reverts [1] by removing the BL31 workaround
forcing the dtb address when Hafnium is loaded as an Hypervisor.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/9569
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I302161d027261448113c66b7fafa9c11620b54ef
This change enables MPMM and adds, to the TC firmware configuration
device tree, the AMU counters representing the "gears" for the
Maximum Power Mitigation Mechanism feature of the Cortex-X2,
Cortex-A710 and Cortex-A510:
- Gear 0: throttle medium and high bandwidth vector and viruses.
- Gear 1: throttle high bandwidth vector and viruses.
- Gear 2: throttle power viruses only.
This ensures these counters are enabled and context-switched as
expected.
Change-Id: I6df6e0fe3a5362861aa967a78ab7c34fc4bb8fc3
Signed-off-by: Chris Kay <chris.kay@arm.com>
Including the FCONF Makefile today automatically places the FCONF
sources into the source list of the BL1 and BL2 images. This may be
undesirable if, for instance, FCONF is only required for BL31.
This change moves the BL1 and BL2 source appends out of the common
Makefile to where they are required.
BREAKING CHANGE: FCONF is no longer added to BL1 and BL2 automatically
when the FCONF Makefile (`fconf.mk`) is included. When including this
Makefile, consider whether you need to add `${FCONF_SOURCES}` and
`${FCONF_DYN_SOURCES}` to `BL1_SOURCES` and `BL2_SOURCES`.
Change-Id: Ic028eabb7437ae95a57c5bcb7821044d31755c77
Signed-off-by: Chris Kay <chris.kay@arm.com>
This has been introduced to simplify dependencies on the FDT wrappers.
We generally want to avoid pulling in components on a file-by-file
basis, particularly as we are trying to draw conceptual boxes around
components in preparation for transitioning the build system to CMake,
where dependencies are modelled on libraries rather than files.
Signed-off-by: Chris Kay <chris.kay@arm.com>
Change-Id: Idb7ee05a9b54a8caa3e07f36e608867e20b6dcd5
Increase `PLAT_ARM_MAX_BL2_SIZE` to 128KiB for the primary chip to
accommodate debug builds with log level set to verbose
(LOG_LEVEL=LOG_LEVEL_VERBOSE).
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I9dc835430f61b0d0c46a75f7a36d67f165293c8c
This patch changes Cortex Demeter to Neoverse Demeter.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I7306d09ca60e101d0a96c9ceff9845422d75c160
This patch adds the basic CPU library code to support the Hunter CPU
in TF-A. This CPU is based on the Makalu core so that library code
was adapted as the basis for this patch.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I956b2dc0f43da7cec3e015252392e2694363e1b3
assert() is not used in release mode and complaining about unused
variable "desc".
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib919eb27532344a25be0b6ece7e239efa87be744
Made measurement strings compliant to Server Base Security Guide
(SBSG, Arm DEN 0086) hence updated measurement strings for BL32, BL31,
and SCP_BL2 images. As the GPT image is not get measured by BL2 so
removed its measurement string.
Also, namespaced measurement string defines that were looking quite
generic.
Change-Id: Iaa17c0cfeee3d06dc822eff2bd553da23bd99b76
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Introduced functions to set and get Event log information
(tpm_event_log address and its size).
In FVP platform case, measured boot with Event Log backend flow
work as below
1. event_log_init function called by BL1 to initialize Event Log
module
2. arm_set_tb_fw_info function called by BL1 to set the
'tpm_event_log_addr' and 'tpm_event_log_size' properties
in tb_fw_config
3. arm_get_tb_fw_info function called by BL2 to get tpm Event Log
parameters set by BL1. These parameters used by the BL2 to
extend the tpm Event Log records, and use these parameters
to initialize Event Log using event_log_init function
4. arm_set_nt_fw_info and arm_set_tos_fw_info function called by
BL2 to set 'tpm_event_log' address and its size properties in
nt_fw_config and tos_fw_config respectively
Alongside, this patch created a separate instances of plat_mboot_init
and plat_mboot_finish APIs for BL1 and BL2.
This patch is tested using the existing measured boot test configuration
in jenkins CI.
Change-Id: Ib9eca092afe580df014541c937868f921dff9c37
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Making tb_fw_config ready to pass the Event Log base address
and size information to BL2.
Change-Id: I5dd0e79007e3848b5d6d0e69275a46c2e9807a98
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
It looks safer and cleaner approach to record the measurement taken by
BL1 straightaway in TCG Event Log instead of deferring these recordings
to BL2.
Hence pull in the full-fledged measured boot driver into BL1 that
replaces the former ad-hoc platform interfaces i.e.
bl1_plat_set_bl2_hash, bl2_plat_get_hash.
As a result of this change the BL1 of Arm FVP platform now do the
measurements and recordings of below images:
1. FW_CONFIG
2. TB_FW_CONFIG
3. BL2
Change-Id: I798c20336308b5e91b547da4f8ed57c24d490731
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Currently, the Event Log driver does platform layer work by invoking
a few platform functions in the 'event_log_finalise' call. Doing
platform work does not seem to be the driver's responsibility, hence
moved 'event_log_finalise' function's implementation to the platform
layer.
Alongside, introduced few Event Log driver functions and done
some cosmetic changes.
Change-Id: I486160e17e5b0677c734fd202af7ccd85476a551
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Subsequent patches will provide a solution to do the BL2 hash measurement
and recording in BL1 itself, hence in preparation to adopt that solution
remove the logic of passing BL2 hash measurement to BL2 component
via TB_FW config.
Change-Id: Iff9b3d4c6a236a33b942898fcdf799cbab89b724
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Right now, event_log_init() does 2 things:
1) It writes all the necessary TCG data structures in the event log buffer.
2) It writes the first measurement (BL2's).
Step 2) introduces in the TCG event log driver an assumption on what
is getting measured and in what order. Ideally, the driver should only
be concerned about generic operations, such as initializing the event
log or recording a measurement in it. As much as possible, we should
design the driver such that it could be reused in another project that
has a different measure boot flow.
For these reasons, move step 2) up to the caller, plat_mboot_init() in
this case. Make event_log_record() a public function for this purpose.
This refactoring will also help when we make BL1 record BL2's
measurement into the event log (instead of BL2). Both BL1 and BL2 will
need to call the driver's init function but only BL1 will need
recording BL2's measurement. We can handle this through different
implementations of plat_mboot_init() for BL1 and BL2, leaving the TCG
event log driver unchanged.
Change-Id: I358e097c1eedb54f82b866548dfc6bcade83d519
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Right now, the assumption is that the platform post-load hook takes
care of measuring the image that just got loaded. This is how it's
implemented on FVP.
This patch moves the measurement into the generic code
instead. load_auth_image() now calls plat_mboot_measure_image(),
which is a new platform interface introduced in this patch to measure
an image. This is called just after authenticating the image.
Implement plat_mboot_measure_image() for the Arm FVP platform. The code
is copied straight from the post-load hook.
As a result, the FVP specific implementation of
arm_bl2_plat_handle_post_image_load() is no longer needed. We can go
back to using the Arm generic implementation of it.
Change-Id: I7b4b8d28941a865e10af9d0eadaf2e4850942090
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
With the removal of the generic functions measured_boot_init()/finish(),
measured_boot.mk becomes specific to the TCG event log backend. Change
its file name to event_log.mk.
Also, the Event Log driver is one of the backend of measured boot hence
created a separate folder for it under the measured_boot directory.
Alongside done some cosmetic changes (adding a comment and fixing
identation).
Change-Id: I4ce3300e6958728dc15ca5cced09eaa01510606c
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Right now, the measured boot driver is strongly coupled with the TCG
event log driver. It would not be possible to push the measurements
somewhere else, for instance to a physical TPM.
To enable this latter use case, turn the driver's init and teardown
functions into platform hooks. Call them bl2_plat_mboot_init()/finish().
This allows each platform to implement them appropriately, depending on
the type of measured boot backend they use. For example, on a platform
with a physical TPM, the plat_mboot_init() hook would startup the TPM
and setup it underlying bus (e.g. SPI).
Move the current implementation of the init and teardown function to the
FVP platform layer.
Finally move the conditional compilation logic (#if MEASURED_BOOT) out
of bl2_main() to improve its readability. Provide a dummy implementation
in the case measured boot is not included in the build.
Change-Id: Ib6474cb5a9c1e3d4a30c7f228431b22d1a6e85e3
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
tpm_record_measurement() function name suggests that:
- It only records a measurement but does not compute it.
This is not the case, the function does both.
- It stores this measurement into a TPM (discrete chip or fTPM).
This is not the case either, the measurement is just stored into
the event log, which is a data structure hold in memory, there is
no TPM involvement here.
To better convey the intent of the function, rename it into
event_log_measure_and_record().
Change-Id: I0102eeda477d6c6761151ac96759b31b6997e9fb
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Commit 434d0491c5 ("refactor(makefile): remove BL prefixes in build
macros") changed the MAKE_S macro to expect "bl31" instead of just "31".
Adjust our calls to MAKE_S and MAKE_LD to fix the build for arm_fpga.
Change-Id: I2743e421c10eaecb39bfa4515ea049a1b8d18fcb
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme): add build and run instructions for FEAT_RME
fix(plat/fvp): bump BL2 stack size
fix(plat/fvp): allow changing the kernel DTB load address
refactor(plat/arm): rename ARM_DTB_DRAM_NS region macros
refactor(plat/fvp): update FVP platform DTS for FEAT_RME
feat(plat/arm): add GPT initialization code for Arm platforms
feat(plat/fvp): add memory map for FVP platform for FEAT_RME
refactor(plat/arm): modify memory region attributes to account for FEAT_RME
feat(plat/fvp): add RMM image support for FVP platform
feat(rme): add GPT Library
feat(rme): add ENABLE_RME build option and support for RMM image
refactor(makefile): remove BL prefixes in build macros
feat(rme): add context management changes for FEAT_RME
feat(rme): add Test Realm Payload (TRP)
feat(rme): add RMM dispatcher (RMMD)
feat(rme): run BL2 in root world when FEAT_RME is enabled
feat(rme): add xlat table library changes for FEAT_RME
feat(rme): add Realm security state definition
feat(rme): add register definitions and helper functions for FEAT_RME
Following system registers are modified before exiting EL2 to allow
u-boot/Linux to boot
1. CNTHCTL_EL2.EL1PCTEN -> 1
Allows U-boot to use physical counters at EL1
2. VTCR_EL2.MSA -> 1
Enables VMSA at EL1, which is required by U-Boot and Linux.
3. HCR_EL2.APK = 1 & HCR_EL2.API = 1
Disables PAuth instruction and register traps in EL1
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I58f45b6669a9ad1debb80265b243015c054a9bb1
This patch updates and refactors the GPT library and fixes bugs.
- Support all combinations of PGS, PPS, and L0GPTSZ parameters.
- PPS and PGS are set at runtime, L0GPTSZ is read from GPCCR_EL3.
- Use compiler definitions to simplify code.
- Renaming functions to better suit intended uses.
- MMU enabled before GPT APIs called.
- Add comments to make function usage more clear in GPT library.
- Added _rme suffix to file names to differentiate better from the
GPT file system code.
- Renamed gpt_defs.h to gpt_rme_private.h to better separate private
and public code.
- Renamed gpt_core.c to gpt_rme.c to better conform to TF-A precedent.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I4cbb23b0f81e697baa9fb23ba458aa3f7d1ed919
In the typical TF-A boot flow, the Trusted Watchdog is started
at the beginning of BL1 and then stopped in BL1 after returning
from BL2. However, in the RME boot flow there is no return path
from BL2 to BL1. Therefore, disable the Watchdog if ENABLE_RME is set.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Id88fbfab8e8440642414bed48c50e3fcb23f3621
VERBOSE print logs need a larger stack size and the currently configured
BL2 stack size was insufficient for FVP. This patch increases the same.
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I316ba2ea467571161b5f4807e6e5fa0bf89d44c6
We currently use ARM_PRELOADED_DTB_BASE build
variable to pass the kernel DTB base address to
the kernel when using the ARM_LINUX_KERNEL_AS_BL33
option. However this variable doesn't actually
change the DTB load address.
The DTB load address is actually specified in the
FW_CONFIG DTS (fvp_fw_config.dts) as 'hw_config'.
This patch passes the hw_config value instead of
ARM_PRELOADED_DTB_BASE allowing us to change
the kernel DTB load address through
fvp_fw_config.dts.
With this change we don't need the ARM_PRELOADED_DTB_BASE
build variable if RESET_TO_BL31 is not set.
Note that the hw_config value needs to be within the
ARM_DTB_DRAM_NS region specified by FVP_DTB_DRAM_MAP_START
and FVP_DTB_DRAM_MAP_SIZE.
This patch also expands the ARM_DTB_DRAM_NS region to 32MB.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Idd74cdf5d2c649bb320644392ba5d69e175a53a9
The macros PLAT_HW_CONFIG_DTB_BASE and PLAT_HW_CONFIG_DTB_SIZE
describe the range of memory where the HW_CONFIG_DTB can be loaded
rather than the actual load address and size of the DTB. This patch
changes the names to something more descriptive.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I98b81f3ce0c80fd76614f959667c25b07941e190
When RME is enabled, during configuration of the TrustZone controller,
Root regions are initially configured as Secure regions, and Realm
regions as Non-secure regions. Then later these regions are configured
as Root and Realm regions respectively in the GPT. According to the RME
architecture reference manual, Root firmware must ensure that Granule
Protection Check is enabled before enabling any stage of translation.
Therefore initializations are done as follows when RME is enabled :
Initialize/enable the TrustZone controller (plat_arm_security_setup) -->
Initialize/enable GPC (arm_bl2_plat_gpt_setup) -->
enable MMU (enable_mmu_el3)
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I91094e8259079437bee02de1f65edb9ad51e43cf
When FEAT_RME is enabled, memory is divided into four Physical
Address Spaces (PAS): Root, Realm, Secure and Non-secure.
This patch introduces new carveouts for the Trusted SRAM and DRAM
for the FVP platform accordingly.
The following new regions are introduced with this change:
ARM_MAP_L0_GPT_REGION: Trusted SRAM region used to store Level 0
Granule Protection Table (GPT). This region resides in the Root PAS.
ARM_MAP_GPT_L1_DRAM: DRAM region used to store Level 1 GPT. It
resides in the Root PAS.
ARM_MAP_RMM_DRAM: DRAM region used to store RMM image. It
resides in the Realm PAS.
The L0 GPT is stored on Trusted SRAM next to firmware configuration
memory. The DRAM carveout when RME is enable is modified as follow:
--------------------
| |
| AP TZC (~28MB) |
--------------------
| |
| REALM (32MB) |
--------------------
| |
| EL3 TZC (3MB) |
--------------------
| L1 GPT + SCP TZC |
| (~1MB) |
0xFFFF_FFFF --------------------
During initialization of the TrustZone controller, Root regions
are configured as Secure regions. Then they are later reconfigured
to Root upon GPT initialization.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: If2e257141d51f51f715b70d4a06f18af53607254
If FEAT_RME is enabled, EL3 runs in the Root world as opposed to
Secure world. This patch changes EL3 memory region attributes for
Arm platforms accordingly.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Ie176f8b440ff34330e4e44bd3bf8d9703b3892ff
This patch adds the necessary changes needed to build
and load RMM image for the FVP platform. RMM image is
loaded by BL2 after BL32 (if BL32 exists) and before BL33.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I1ac9eade84c2e35c7479a322ca1d090b4e626819
TRP is a small test payload that implements Realm Monitor
Management (RMM) functionalities. RMM runs in the Realm world
(R-EL2) and manages the execution of Realm VMs and their
interaction with the hypervisor in Normal world.
TRP is used to test the interface between RMM and Normal world
software, known as Realm Management Interface (RMI). Current
functions includes returning RMM version and transitioning
granules from Non-secure to Realm world and vice versa.
More information about RMM can be found at:
https://developer.arm.com/documentation/den0125/latest
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Ic7b9a1e1f3142ef6458d40150d0b4ba6bd723ea2
The latest FVP model fix which correctly checks if IRQs
are enabled in current exception level, is causing TFTF
tests to hang.
This patch adds setting SCR_EL3.I and SCR_EL3.F bits in
'fvp_cpu_standby()' function to allow CPU to exit from WFI.
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Change-Id: Iceec1e9dbd805803d370ecdb10e04ad135d6b3aa
For convenience we let the build system generate an ELF file (named
bl31.axf), containing all the trampolines, BL31 code and the DTB in one
file. This can be fed directly into the FPGA payload tool, and it will
load the bits at the right addresses.
Since this ELF file is more used as a "container with load addresses",
there is no need for normal ELF features like alignment or a symbol
table.
Remove unnecessary sections from that output file, by doing a static
"link", dropping the NOBITS stacks section, and by adding "-n" to the
linker command line (to avoid page alignment). This trims the generated
.axf file, and makes it smaller.
Change-Id: I5768543101d667fb4a3b70e60b08cfe970d2a2b6
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The arm64 Linux kernel needed to be loaded at a certain offset within any
2MB aligned region; this value was configured at compile time and stored
in the Linux kernel image header. The default value was always 512KiB,
so this is the value we use in the TF-A build system for the kernel
load address.
However the whole scheme around the TEXT_OFFSET changed in Linux v5.8:
Linux kernels became fully relocatable, so this value is largely ignored
now, and its default value changed to 0. The only remainder is a warning
message at boot time in case there is a mismatch:
[Firmware Bug]: Kernel image misaligned at boot, please fix your bootloader!
To avoid this warning, and to make TF-A Linux kernel boot protocol
compliant, we should load newer kernels to offset 0 of a 2 MB
region. This can be done by the user at FPGA boot time, but BL31 needs
to know about this address. As we can't change the build default to 0
without breaking older kernels, we should try to make a build dealing
with both versions:
This patch introduces a small trampoline code, which gets loaded at
512KB of DRAM, and branches up to 2MB. If users load their newer
kernels at 2MB, this trampoline will cover them. In case an older kernel
is loaded at 512KB, it will overwrite this trampoline code, so it would
still work.
Change-Id: If49ca86f5dca380036caf2555349748722901277
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Add support for Arm Ethos-N NPU multi-device.
The device tree parsing currently only supports one NPU device with
multiple cores. To be able to support multi-device NPU configurations
this patch adds support for having multiple NPU devices in the device
tree.
To be able to support multiple NPU devices in the SMC API, it has been
changed in an incompatible way so the API version has been bumped.
Signed-off-by: Laurent Carlier <laurent.carlier@arm.com>
Change-Id: Ide279ce949bd06e8939268b9601c267e45f3edc3
Sandrine Bailleux
Madhukar Pappireddy
Tamas Ban
Olivier Deprez
Federico Recanati
Tony K Nadackal
Satish Kumar
Emekcan Aras
Arpita S.K
Vishnu Banavath
Manish Pandey
Aditya Angadi
Manish V Badarkhe
Jayanth Dodderi Chidanand
Sughosh Ganu
Davidson K
Manoj Kumar
Bipin Ravi
johpow01
Chandni Cherukuri
sah01
Vijayenthiran Subramaniam
Scott Branden
André Przywara
Mark Dykes
Chris Kay
Usama Arif
Joanna Farley
Soby Mathew
Zelalem Aweke
Alexei Fedorov
Laurent Carlier