The partition layout description JSON file generated by TF-A tests
declares a fourth test partition called Ivy demonstrating the
implementation of a S-EL0 partition supported by a S-EL1 shim.
Change-Id: If8562acfc045d6496dfdb3df0524b3a069357f8e
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
We don't ever expect to load a binary with an STM32 header on the Arm
FVP platform so remove this type of image from the list of
measurements.
Also remove the GPT image type from the list, as it does not get
measured. GPT is a container, just like FIP is. We don't measure the FIP
but rather the images inside it. It would seem logical to treat GPT the
same way.
Besides, only images that get loaded through load_auth_image() get
measured right now. GPT processing happens before that and is handled in
a different way (see partition_init()).
Change-Id: Iac4de75380ed625b228e69ee4564cf9e67e19336
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
For Arm platforms PIE is enabled when RESET_TO_BL31=1 in aarch64 mode on
the similar lines enable PIE when RESET_TO_SP_MIN=1 in aarch32 mode.
The underlying changes for enabling PIE in aarch32 is submitted in
commit 4324a14bf
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib8bb860198b3f97cdc91005503a3184d63e15469
Third instance of cactus is a UP SP. Set its vcpu count to 1.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I34b7feb2915e6d335e690e89dea466e75944ed1b
* changes:
refactor(plat/nvidia): use SOC_ID defines
refactor(plat/mediatek): use SOC_ID defines
refactor(plat/arm): use SOC_ID defines
feat(plat/st): implement platform functions for SMCCC_ARCH_SOC_ID
refactor(plat/st): export functions to get SoC information
feat(smccc): add bit definition for SMCCC_ARCH_SOC_ID
Fix a remainder from early prototyping. OP-TEE as a secure partition
does not need specific SMC function id pass through to EL3.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I2843d1b9a5eb4c966f82790e1655fb569c2de7d4
The UUID strings used in FW_CONFIG DT are not aligned with UUIDs defined
in include/tools_share/firmware_image_package.h for BL32_EXTRA1 and
TRUSTED_KEY_CERT.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I517f8f9311585931f2cb931e0588414da449b694
Morello exhibits the behavior similar to Juno wherein CNTBaseN.CNTFRQ
can be written but does not reflect the value of the CNTFRQ register
in CNTCTLBase frame. This doesn't follow ARM ARM in that the value
updated in CNTCTLBase.CNTFRQ is not reflected in CNTBaseN.CNTFRQ.
Hence enable the workaround (applied to Juno) for Morello that updates
the CNTFRQ register in the Non Secure CNTBaseN frame.
Change-Id: Iabe53bf3c25152052107e08321323e4bde5fbef4
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
This patch renames the Matterhorn, Matterhorn ELP, and Klein CPUs to
Cortex A710, Cortex X2, and Cortex A510 respectively.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I056d3114210db71c2840a24562b51caf2546e195
Use the macros that are now defined in include/lib/smccc.h.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I688a76277b729672835d51fafb68d1d6205b6ae4
The SGI/RD platforms have been using PSCI state ID format as defined in
PSCI version prior to 1.0. This is being changed and the PSCI extended
state ID format as defined in PSCI version 1.1 is being adapted. In
addition to this, the use of Arm recommended PSCI state ID encoding is
enabled as well.
Change-Id: I2be8a9820987a96b23f4281563b6fa22db48fa5f
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
Added support for HW computed CRC using Arm ACLE intrinsics.
These are built-in intrinsics available for ARMv8.1-A, and
onwards.
These intrinsics are enabled via '-march=armv8-a+crc' compile
switch for ARMv8-A (supports CRC instructions optionally).
HW CRC support is enabled unconditionally in BL2 for all Arm
platforms.
HW CRC calculation is verified offline to ensure a similar
result as its respective ZLib utility function.
HW CRC calculation support will be used in the upcoming
firmware update patches.
Change-Id: Ia2ae801f62d2003e89a9c3e6d77469b5312614b3
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Disable non-invasive debug of secure state for Juno
in release builds. This makes sure that PMU counts
only Non-secure events.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I0d1c3f96f3b4e48360a7211ae55851d65d291025
This patch adds support for the crypto and secure storage secure
partitions for the Total Compute platform. These secure partitions
have to be managed by Hafnium executing at S-EL2
Change-Id: I2df690e3a99bf6bf50e2710994a905914a07026e
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
AMU counters are used for monitoring the CPU performance. RD-V1-MC
platform has architected AMU available for each core. Enable the use of
AMU by non-secure OS for supporting the use of counters for processor
performance control (ACPI CPPC).
Change-Id: I33be594cee669e7f4031e5e5a371eec7c7451030
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
Added GPT parser support in BL2 for Arm platforms to get the entry
address and length of the FIP in the GPT image.
Also, increased BL2 maximum size for FVP platform to successfully
compile ROM-enabled build with this change.
Verified this change using a patch:
https://review.trustedfirmware.org/c/ci/tf-a-ci-scripts/+/9654
Change-Id: Ie8026db054966653b739a82d9ba106d283f534d0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
NOTE: Breaking change to the way UUIDs are stored in the DT
Currently, UUIDs are stored in the device tree as
sequences of 4 integers. There is a mismatch in endianness
between the way UUIDs are represented in memory and the way
they are parsed from the device tree. As a result, we must either
store the UUIDs in little-endian format in the DT (which means
that they do not match up with their string representations)
or perform endianness conversion after parsing them.
Currently, TF-A chooses the second option, with unwieldy
endianness-conversion taking place after reading a UUID.
To fix this problem, and to make it convenient to copy and
paste UUIDs from other tools, change to store UUIDs in string
format, using a new wrapper function to parse them from the
device tree.
Change-Id: I38bd63c907be14e412f03ef0aab9dcabfba0eaa0
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Replaced PLAT_ARM_FIP_BASE and PLAT_ARM_FIP_MAX_SIZE macro with a
generic name PLAT_ARM_FLASH_IMAGE_BASE and PLAT_ARM_FLASH_IMAGE_MAX_SIZE
so that these macros can be reused in the subsequent GPT based support
changes.
Change-Id: I88fdbd53e1966578af4f1e8e9d5fef42c27b1173
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Add board support for RD-N2 Cfg1 variant of RD-N2 platform. It is a
variant of RD-N2 platform with a reduced interconnect mesh size (3x3)
and core count (8-cores). Its platform variant id is 1.
Change-Id: I34ad35c5a5c1e9b69a658fb92ed00e5bc5fe72f3
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
A Neoverse reference design platform can have two or more variants that
differ in core count, cluster count or other peripherals. To allow reuse
of platform code across all the variants of a platform, introduce build
option CSS_SGI_PLATFORM_VARIANT for Arm Neoverse reference design
platforms. The range of allowed values for the build option is platform
specific. The recommended range is an interval of non negative integers.
An example usage of the build option is
make PLAT=rdn2 CSS_SGI_PLATFORM_VARIANT=1
Change-Id: Iaae79c0b4d0dc700521bf6e9b4979339eafe0359
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
This will help in keeping source file generic and conditional
compilation can be contained in platform provided dt files.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I3c6e0a429073f0afb412b9ba521ce43f880b57fe
sgm775 is an old platform and is no longer maintained by Arm and its
fast model FVP_CSS_SGM-775 is no longer available for download.
This platform is now superseded by Total Compute(tc) platforms.
This platform is now deprecated but the source will be kept for cooling
off period of 2 release cycle before removing it completely.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I8fe1fc3da0c508dba62ed4fc60cbc1642e0f7f2a
ELP processors can sometimes have different MIDR values or features so
we are adding the "_arm" suffix to differentiate the reference
implementation from other future versions.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ieea444288587c7c18a397d279ee4b22b7ad79e20
By default the Arm Ethos-N NPU will boot up in secure mode. In this mode
the non-secure world cannot access the registers needed to use the NPU.
To still allow the non-secure world to use the NPU, a SiP service has
been added that can delegate non-secure access to the registers needed
to use it.
Only the HW_CONFIG for the Arm Juno platform has been updated to include
the device tree for the NPU and the platform currently only loads the
HW_CONFIG in AArch64 builds.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I65dfd864042ed43faae0a259dcf319cbadb5f3d2
To make it possible to use the hw_config device tree for dynamic
configuration in BL31 on the Arm Juno platform. A placeholder hw_config
has been added that is included in the FIP and a Juno specific BL31
setup has been added to populate fconf with the hw_config.
Juno's BL2 setup has been updated to align it with the new behavior
implemented in the Arm FVP platform, where fw_config is passed in arg1
to BL31 instead of soc_fw_config. The BL31 setup is expected to use the
fw_config passed in arg1 to find the hw_config.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: Ib3570faa6714f92ab8451e8f1e59779dcf19c0b6
Remove an incorrect tabulation in front of an $(error) function call
outside of a recipe, which caused the following text to be displayed:
plat/arm/board/common/board_common.mk:36: *** recipe commences before first target. Stop.
instead of:
plat/arm/board/common/board_common.mk:36: *** "Unsupported ARM_ROTPK_LOCATION value". Stop.
Change-Id: I8592948e7de8ab0c4abbc56eb65a53eb1875a83c
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The number of ITS have changed from 4 to 1, resulting
in GICR base address change.
Signed-off-by: Usama Arif <usama.arif@arm.com>
Change-Id: I28101f0d1faf9f3c58591b642033c3fd49a275e7
NT_FW_CONFIG file is meant to be passed from BL31 to be consumed by
BL33, fvp platforms use this to pass measured boot configuration and
the x0 register is used to pass the base address of it.
In case of hafnium used as hypervisor in normal world, hypervisor
manifest is expected to be passed from BL31 and its base address is
passed in x0 register.
As only one of NT_FW_CONFIG or hypervisor manifest base address can be
passed in x0 register and also measured boot is not required for SPM so
disable passing NT_FW_CONFIG.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ifad9d3658f55ba7d70f468a88997d5272339e53e
Refine the function plat_add_sp_images_load_info() by saving the
previous node and only setting its next link when the current node is
valid. This can reduce the check for the next node and simply the
total logic.
Signed-off-by: Heyi Guo <guoheyi@linux.alibaba.com>
Change-Id: I4061428bf49ef0c3816ac22aaeb2e50315531f88
The traverse flow in function plat_add_sp_images_load_info() will find
the last node in the main load info list, with its
next_load_info==NULL. However this node is still useful and should not
be overridden with SP node info.
The bug will cause below error on RDN2 for spmd enabled:
ERROR: Invalid NT_FW_CONFIG DTB passed
Fix the bug by only setting the next_load_info of the last node in the
original main node list.
Signed-off-by: Heyi Guo <guoheyi@linux.alibaba.com>
Change-Id: Icaee5da1f2d53b29fdd6085a8cc507446186fd57
Define a GUID that should be used in the header of MM communicate
message originating due to a dmc620 ECC error interrupt. So the use
of SMC ID in 'sgi_ras_ev_map' to represent the interrupt event is
removed.
In addition to this, update the dmc620 error record data structure to
use aux_data to indicate the dmc620 instance number on which the ECC
error interrupt occurred.
Signed-off-by: Omkar Anand Kulkarni <omkar.kulkarni@arm.com>
Change-Id: I18c8ef5ba6483bb1bce6464ee9be0c2aabec4baa
Add the secure partition mmap table and the secure partition boot
information to support secure partitions on RD-N2 platform. In addition
to this, add the required memory region mapping for accessing the
SoC peripherals from the secure partition.
Signed-off-by: Omkar Anand Kulkarni <omkar.kulkarni@arm.com>
Change-Id: I2c75760d6c8c3da3ff4885599be420e924aeaf3c
A TZC400 controller is placed inline on DRAM channels and regulates
the secure and non-secure accesses to both secure and non-secure
regions of the DRAM memory. Configure each of the TZC controllers
across the Chips.
For use by secure software, configure the first chip's trustzone
controller to protect the upper 16MB of the memory of the first DRAM
block for secure accesses only. The other regions are configured for
non-secure read write access. For all the remote chips, all the DRAM
regions are allowed for non-secure read and write access.
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Change-Id: I809f27eccadfc23ea0ef64e2fd87f95eb8f195c1
On a multi-chip platform, the boot CPU on the first chip programs the
TZC controllers on all the remote chips. Define a memory region map for
the TZC controllers for all the remote chips and include it in the BL2
memory map table.
In addition to this, for SPM_MM enabled multi-chip platforms, increase
the number of mmap entries and xlat table counts for EL3 execution
context as well because the shared RAM regions and GIC address space of
remote chips are accessed.
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Change-Id: I6f0b5fd22f9f28046451e382eef7f1f9258d88f7
For multi-chip platforms, add a macro to define the memory regions on
chip numbers >1 and its associated access permissions. These memory
regions are marked with non-secure access.
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Change-Id: If3d6180fd8ea61f45147c39d3140d694abf06617
Allow the access of system registers and nor2 flash memory region
from s-el0. This allows the secure parititions residing at s-el0
to access these memory regions.
Signed-off-by: Thomas Abraham <thomas.abraham@arm.com>
Change-Id: I3887a86770de806323fbde0d20fdc96eec6e0c3c
Define a default DMC-620 TZC memory region configuration and use it to
specify the TZC memory regions on sgi575, rdn1edge and rde1edge
platforms. The default DMC-620 TZC memory regions are defined
considering the support for secure paritition as well.
Signed-off-by: Thomas Abraham <thomas.abraham@arm.com>
Change-Id: Iedee3e57d0d3de5b65321444da51ec990d3702db
Remove the 'ARM_' prefix from the macros defining the CPER buffer memory
and replace it with 'CSS_SGI_' prefix. These macros are applicable only
for platforms supported within plat/sgi. In addition to this, ensure
that these macros are defined only if the RAS_EXTENSION build option is
enabled.
Signed-off-by: Thomas Abraham <thomas.abraham@arm.com>
Change-Id: I44df42cded18d9d3a4cb13e5c990e9ab3194daee
The macros defining the SMC function ids for DMC-620 error handling are
listed in the sgi_base_platform_def.h header file. But these macros are
not applicable for all platforms supported under plat/sgi. So move these
macro definitions to sgi_ras.c file in which these are consumed. While
at it, remove the AArch32 and error injection function ids as these are
unused.
Signed-off-by: Thomas Abraham <thomas.abraham@arm.com>
Change-Id: I249b54bf4c1b1694188a1e3b297345b942f16bc9
The macros specific to SDEI defined in the sgi_base_platform_def.h are
not applicable for all the platforms supported by plat/sgi. So refactor
the SDEI specific macros into a new header file and include this file on
only on platforms it is applicable on.
Signed-off-by: Thomas Abraham <thomas.abraham@arm.com>
Change-Id: I0cb7125334f02a21cae1837cdfd765c16ab50bf5
The FF-A v1.0 spec allows two configurations for the number of EC/vCPU
instantiated in a Secure Partition:
-A MultiProcessor (MP) SP instantiates as many ECs as the number of PEs.
An EC is pinned to a corresponding physical CPU.
-An UniProcessor (UP) SP instantiates a single EC. The EC is migrated to
the physical CPU from which the FF-A call is originating.
This change permits exercising the latter case within the TF-A-tests
framework.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I7fae0e7b873f349b34e57de5cea496210123aea0
Rename rd_n1e1_edge_scmi_plat_info array to plat_rd_scmi_info as the
same array is used to provide SCMI platform info across mulitple RD
platforms and is not resitricted to only RD-N1 and RD-E1 platforms.
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Change-Id: I42ba33e0afa3003c731ce513c6a5754b602ec01f
Now that we have a framework for the SMCCC TRNG interface, and the
existing Juno entropy code has been prepared, add the few remaining bits
to implement this interface for the Juno Trusted Entropy Source.
We retire the existing Juno specific RNG interface, and use the generic
one for the stack canary generation.
Change-Id: Ib6a6e5568cb8e0059d71740e2d18d6817b07127d
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The Juno Trusted Entropy Source has a bias, which makes the generated
raw numbers fail a FIPS 140-2 statistic test.
To improve the quality of the numbers, we can use the CPU's CRC
instructions, which do a decent job on conditioning the bits.
This adds a *very* simple version of arm_acle.h, which is typically
provided by the compiler, and contains the CRC instrinsics definitions
we need. We need the original version by using -nostdinc.
Change-Id: I83d3e6902d6a1164aacd5060ac13a38f0057bd1a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Currently we use the Juno's TRNG hardware entropy source to initialise
the stack canary. The current function allows to fill a buffer of any
size, but we will actually only ever request 16 bytes, as this is what
the hardware implements. Out of this, we only need at most 64 bits for
the canary.
In preparation for the introduction of the SMCCC TRNG interface, we
can simplify this Juno specific interface by making it compatible with
the generic one: We just deliver 64 bits of entropy on each call.
This reduces the complexity of the code. As the raw entropy register
readouts seem to be biased, it makes sense to do some conditioning
inside the juno_getentropy() function already.
Also initialise the TRNG hardware, if not already done.
Change-Id: I11b977ddc5417d52ac38709a9a7b61499eee481f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Update TZC base address to align with the recent changes in the platform
memory map.
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I0d0ad528a2e236607c744979e1ddc5c6d426687a
Currently, BLs are mapping the GIC memory region as read-write
for all cores on boot-up.
This opens up the security hole where the active core can write
the GICR frame of fused/inactive core. To avoid this issue, disable
the GICR frame of all inactive cores as below:
1. After primary CPU boots up, map GICR region of all cores as
read-only.
2. After primary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
3. After secondary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
4. All unused/fused core's redistributor regions remain read-only and
write attempt to such protected regions results in an exception.
As mentioned above, this patch offers only the GICR memory-mapped
region protection considering there is no facility at the GIC IP
level to avoid writing the redistributor area.
These changes are currently done in BL31 of Arm FVP and guarded under
the flag 'FVP_GICR_REGION_PROTECTION'.
As of now, this patch is tested manually as below:
1. Disable the FVP cores (core 1, 2, 3) with core 0 as an active core.
2. Verify data abort triggered by manually updating the ‘GICR_CTLR’
register of core 1’s(fused) redistributor from core 0(active).
Change-Id: I86c99c7b41bae137b2011cf2ac17fad0a26e776d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
GIC memory region is not getting used in BL1 and BL2.
Hence avoid its mapping in BL1 and BL2 that freed some
page table entries to map other memory regions in the
future.
Retains mapping of CCN interconnect region in BL1 and BL2
overlapped with the GIC memory region.
Change-Id: I880dd0690f94b140e59e4ff0c0d436961b9cb0a7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
So far the ARM platform Makefile would require that RESET_TO_BL31 is set
when we ask for the ARM_LINUX_KERNEL_AS_BL33 feature.
There is no real technical reason for that, and the one place in the
code where this was needed has been fixed.
Remove the requirement of those two options to be always enabled
together.
This enables the direct kernel boot feature for the Foundation FVP
(as described in the documentation), which requires a BL1/FIP
combination to boot, so cannot use RESET_TO_BL31.
Change-Id: I6814797b6431b6614d684bab3c5830bfd9481851
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we have the somewhat artifical limitation of
ARM_LINUX_KERNEL_AS_BL33 only being used together with RESET_TO_BL31.
However there does not seem to be a good technical reason for that,
it was probably just to differentate between two different boot flows.
Move the initial register setup for ARM_LINUX_KERNEL_AS_BL33 out of the
RESET_TO_BL31 #ifdef, so that we initialise the registers in any case.
This allows to use a preloaded kernel image when using BL1 and FIP.
Change-Id: I832df272d3829f077661f4ee6d3dd9a276a0118f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The structure has been modified to specify the memory
size in bytes instead of Gigabytes.
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Change-Id: I3384677d79af4f3cf55d3c353b6c20bb827b5ae7
This patch removes the Neoverse N1 CPU errata workaround for
bug 1542419 as the bug is not present in Rainier R0P0 core.
Change-Id: Icaca299b13ef830b2ee5129576aae655a6288e69
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Increase the core count and add respective entries in DTS.
Add Klein assembly file to cpu sources for core initialization.
Add SCMI entries for cores.
Signed-off-by: Avinash Mehta <avinash.mehta@arm.com>
Change-Id: I14dc1d87df6dcc8d560ade833ce1f92507054747
When building TF-A with USE_ROMLIB=1 and -j make options, the build fails with the following error:
make[1]: *** No rule to make target '/build/juno/debug/romlib/romlib.bin', needed by 'bl1_romlib.bin'.
This patch fixes that issue.
Signed-off-by: Zelalem <zelalem.aweke@arm.com>
Change-Id: I0cca416f3f50f400759164e0735c2d6b520ebf84
AMU counters are used for monitoring the CPU performance. RD-N2 platform
has architected AMU available for each core. Enable the use of AMU by
non-secure OS for supporting the use of counters for processor
performance control (ACPI CPPC).
Change-Id: I5cc749cf63c18fc5c7563dd754c2f42990a97e23
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
AMU counters are used for monitoring the CPU performance. RD-V1 platform
has architected AMU available for each core. Enable the use of AMU by
non-secure OS for supporting the use of counters for processor
performance control (ACPI CPPC).
Change-Id: I4003d21407953f65b3ce99eaa8f496d6052546e0
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
Some of the PSCI platform callbacks were restricted on RD-V1 platform
because the idle was not functional. Now that it is functional, remove
all the restrictions on the use PSCI platform callbacks.
Change-Id: I4cb97cb54de7ee166c30f28df8fea653b6b425c7
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
The issue is that, when interrupt is triggered and RAS handler
is entered, after interrupt handler finishes, TF-A will re-enter
bl32 and then crash.
sdei_dispatch_event() may return failing result in some cases,
for example kernel may not have registered a handler or RAS event
may happen early during boot. We restore the NS context when
sdei_dispatch_event() returns failing result.
error log :
Received delegated event
X0 : 0xC4000061
X1 : 0x0
X2 : 0x0
X3 : 0x0
Received event - 0xC4000061 on cpu 0
UnRecognized Event - 0xC4000061
Failed delegated event 0xC4000061, Status Invalid Parameter
Unhandled Exception in EL3.
x30 = 0x000000000401f700
x0 = 0xfffffffffffffffe
x1 = 0xfffffffffffffffe
x2 = 0x00000000600003c0
Signed-off-by: Ming Huang <huangming@linux.alibaba.com>
Change-Id: I9802e9a32eee0ac3b5a8bcc0362d0b0e3b71dc9f
Turn ON/OFF GIC redistributor in sync with GIC CPU interface ON/OFF.
Issue :
The Linux prompt hangs when all the cores in a cluster are turned OFF
and we try to turn ON a core in that cluster. Previously when TF-A turns
ON a core, TF-A first turns ON the redistributor followed by the core.
This did not match the flow when turning OFF a core, as TF-A did not
turn OFF redistributor when the corresponding core[s] are disabled.
This hang is resolved by disabling redistributor as cores are disabled,
keeping them in sync.
Signed-off-by: Jagadeesh Ujja <jagadeesh.ujja@arm.com>
Change-Id: Ifd04fdcfd47b45e00f874f15b098471883d023f0
Reference Design platform RD-Daniel-ConfigXLR has been renamed to
RD-V1-MC. Correspondingly, remove all uses of 'rddanielxlr' and replace
it with 'rdv1mc' where appropriate.
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Change-Id: I5d91c69738397b19ced43949b4080c74678e604c
Reference Design platform RD-Daniel has been renamed to RD-V1.
Correspondingly, remove all uses of 'rddaniel' and replace it with
'rdv1' where appropriate.
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Change-Id: I1702bab39c501f8c0a09df131cb2394d54c83bcf
Only non-file targets should be set a .PHONY. Otherwise if file target is
set as .PHONY then targets which depends on those file .PHONY targets would
be always rebuilt even when their prerequisites are not changed.
File target which needs to be always rebuilt can be specified in Make
system via having a prerequisite on some .PHONY target, instead of marking
whole target as .PHONY. In Makefile projects it is common to create empty
.PHONY target named FORCE for this purpose.
This patch changes all file targets which are set as .PHONY to depends on
new .PHONY target FORCE, to ensure that these file targets are always
rebuilt (as before). Basically they are those targets which calls external
make subprocess.
After FORCE target is specified in main Makefile, remove it from other
Makefile files to prevent duplicate definitions.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Iee3b4e0de93879b95eb29a1745a041538412e69e
RD-N2 platform has been updated to use six GIC ITS blocks. This results
in change in base address of the GIC Redistributor to accomodate two
new GIC ITS blocks. Update the base address of GICR to reflect the same.
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I740a547328fb9a9f25d7a09c08e61bdbc8bf781c
This patch adds support to enable OP-TEE as S-EL1 SP with SPMC at S-EL2
- create SPMC manifest file with OP-TEE as SP
- add support for ARM_SPMC_MANIFEST_DTS build option
- add optee entry with ffa as method in tc0.dts
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: Ia9b5c22c6f605d3886914bbac8ac45e8365671cb
* changes:
doc: Update list of supported FVP platforms
board/rdn2: add board support for rdn2 platform
plat/arm/sgi: adapt to changes in memory map
plat/arm/sgi: add platform id value for rdn2 platform
plat/arm/sgi: platform definitions for upcoming platforms
plat/arm/sgi: refactor header file inclusions
plat/arm/sgi: refactor the inclusion of memory mapping
Add the initial board support for RD-N2 platform.
Change-Id: I8325885bf248dd92191d6fc92a2da91c23118f8c
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Upcoming RD platforms will have an updated memory map for the various
pheripherals on the system. So, for the newer platforms, handle the
memory mapping and other platform specific functionality separately
from the existing platforms.
Change-Id: Iab1355a4c8ea1f6db4f79fcdd6eed907903b6a18
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
In preparation for adding the board support for RD-N2 platform, add
macros to define the platform id and the corresponding SCMI platform
info for the RD-N2 platform.
Change-Id: Ie764ae618732b39e316f7ed080421f5d79adab21
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Upcoming RD platforms have changes in the SOC address map from that
of the existing platforms. As a prepartory step to add support for the
upcoming platforms, create platform definitions for those platforms.
Change-Id: Ic5df9fed02c44e65ec260bbb5efc1b8dbd919a56
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Upcoming RD platforms have deviations in various definitions of
platform macros from that of the exisiting platforms. In preparation
for adding support for those upcoming RD platforms, refactor the
header file inclusion to allow newer platforms to use a different
set of platform macros.
Change-Id: Ic80283ddadafaa7f766f300652cb0d4e507efdb6
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Upcoming RD platforms have a different memory map from those of the
existing platforms. So make the build of the existing mmap entries to be
usable only for existing platforms and let upcoming platforms define
a different set of mmap entries.
Change-Id: Id1ef0293efe8749c78a99237e78d32573c7233aa
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
The primary VM concept is removed from the SPMC.
Update the SPMC manifests with number of Execution Contexts
and SP workspace size for the first Secure Partition (as it
is done for NWd secondary VMs and other SPs).
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I3b9c52666f7dfe74ab1f7d2148ad0070ee44b54e
The chosen node is no longer required as the SPMC implements
a specific boot flow which no longer requires this node.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ib566b602a7f83003a1b2d0ba5f6ebf4d8b7a9156
The PVM concept is removed from the SPMC so the device-memory
node which is specifying the device memory range for the PVM
is no longer applicable.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: If0cb956e0197028b24ecb78952c66ec454904516
Enable basic support for Neoverse-N2 CPUs.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I498adc2d9fc61ac6e1af8ece131039410872e8ad
Currently, when RECLAIM_INIT_CODE is set, the
stacks are scaled to ensure that the entirety
of the init section can be reclaimed as stack.
This causes an issue in lib/psci/aarch64/psci_helpers.S,
where the stack size is used for cache operations in
psci_do_pwrdown_cache_maintenance(). If the stacks
are scaled, then the PSCI code may fail to invalidate
some of the stack memory before power down.
Resizing stacks is also not good for stability in general,
since code that works with a small number of cores may
overflow the stack when the number of cores is increased.
Change to make every stack be PLATFORM_STACK_SIZE big,
and allow the total stack to be smaller than the
init section.
Any pages of the init section not reclaimed as
stack will be set to read-only and execute-never,
for security.
Change-Id: I10b3884981006431f2fcbec3864c81d4a8c246e8
Signed-off-by: David Horstmann <david.horstmann@arm.com>
For the first partition, mark first 2GB as device memory excluding
the Trusted DRAM region reserved for the SPMC.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I3ff110b3facf5b6d41ac2519ff6ca5e30a0a502b
This includes configuration for SPMC and trusted OS.
Change-Id: Ie24df200f446b3f5b23f5f764b115c7191e6ada3
Signed-off-by: Usama Arif <usama.arif@arm.com>
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
This patch enables SPMC execution at S-EL2 by adding below changes
- Map TC0_MAP_TZC_DRAM1 for loading SPMC
- Add details of cactus test secure partitions
- Adds tc0 spmc manifest file with details on secure partitions
- Inlcude TOS_FW_CONFIG when SPM is spmd
- Increases bl2 image size
SPMC at S-EL2 is only enabled when build with SPD=spmd.
Change-Id: I4c5f70911903c232ee8ecca57f1e288d6b1cd647
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
- Reserve 32MB below ARM_AP_TZC_DRAM1_BASE for TC0_TZC_DRAM1
- Add TC0_NS_DRAM1 base and mapping
- Reserve memory region in tc0.dts
Change-Id: If2431f7f68e4255e28c86a0e89637dab7c424a13
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
To support platforms without Trusted DRAM this patch defines
PLAT_ARM_SPMC_BASE and enables platform to use either Trusted DRAM or
DRAM region behind TZC.
Change-Id: Icaa5c7d33334258ff27e8e0bfd0812c304e68ae4
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Statistical Profiling Extension is not supported by Matterhorn core
Change-Id: Iec652f1c6d6b6a9bf118ba682276a7c70a6abc0d
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Usually, C has no problem up-converting types to larger bit sizes. MISRA
rule 10.7 requires that you not do this, or be very explicit about this.
This resolves the following required rule:
bl1/aarch64/bl1_context_mgmt.c:81:[MISRA C-2012 Rule 10.7 (required)]<None>
The width of the composite expression "0U | ((mode & 3U) << 2U) | 1U |
0x3c0U" (32 bits) is less that the right hand operand
"18446744073709547519ULL" (64 bits).
This also resolves MISRA defects such as:
bl2/aarch64/bl2arch_setup.c:18:[MISRA C-2012 Rule 12.2 (required)]
In the expression "3U << 20", shifting more than 7 bits, the number
of bits in the essential type of the left expression, "3U", is
not allowed.
Further, MISRA requires that all shifts don't overflow. The definition of
PAGE_SIZE was (1U << 12), and 1U is 8 bits. This caused about 50 issues.
This fixes the violation by changing the definition to 1UL << 12. Since
this uses 32bits, it should not create any issues for aarch32.
This patch also contains a fix for a build failure in the sun50i_a64
platform. Specifically, these misra fixes removed a single and
instruction,
92407e73 and x19, x19, #0xffffffff
from the cm_setup_context function caused a relocation in
psci_cpus_on_start to require a linker-generated stub. This increased the
size of the .text section and caused an alignment later on to go over a
page boundary and round up to the end of RAM before placing the .data
section. This sectionn is of non-zero size and therefore causes a link
error.
The fix included in this reorders the functions during link time
without changing their ording with respect to alignment.
Change-Id: I76b4b662c3d262296728a8b9aab7a33b02087f16
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
And from crash_console_flush.
We ignore the error information return by console_flush in _every_
place where we call it, and casting the return type to void does not
work around the MISRA violation that this causes. Instead, we collect
the error information from the driver (to avoid changing that API), and
don't return it to the caller.
Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Only define arm_get_rotpk_info_regs if ROTPK is in registers,
i.e. (ARM_ROTPK_LOCATION_ID == ARM_ROTPK_REGS_ID). This will
allow platform build without definition of TZ_PUB_KEY_HASH_BASE
if dedicated registers for ROTPK are not available on the platform.
Change-Id: I74ee2d5007f5d876a031a1efca20ebee2dede0c7
Signed-off-by: Usama Arif <usama.arif@arm.com>
This patch makes changes required to get the morello
platform working with the tip of TF-A.
Change-Id: I095006615c9959bba49fcc75b52e1de7d7486309
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
* changes:
arm_fpga: Add platform documentation
arm_fpga: Add post-build linker script
arm_fpga: Add ROM trampoline
arm_fpga: Add devicetree file
arm_fpga: Remove SPE PMU DT node if SPE is not available
arm_fpga: Adjust GICR size in DT to match number of cores
fdt: Add function to adjust GICv3 redistributor size
drivers: arm: gicv3: Allow detecting number of cores
For the Arm Ltd. FPGAs to run, we need to load several payloads into the
FPGA's memory:
- Some trampoline code at address 0x0, to jump to BL31's entry point.
- The actual BL31 binary at the beginning of DRAM.
- The (generic) DTB image to describe the hardware.
- The actual non-secure payloads (kernel, ramdisks, ...)
The latter is application specific, but the first three blobs are rather
generic.
Since the uploader tool supports ELF binaries, it seems helpful to
combine these three images into one .axf file, as this also simplifies
the command line.
Add a post-build linker script, that combines those three bits into one
ELF file, together with their specific load addresses.
Include a call to "ld" with this linker script in the platform Makefile,
so it will be build automatically. The result will be called "bl31.axf".
Change-Id: I4a90da16fa1e0e83b51d19e5b1daf61f5a0bbfca
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The application cores of the FPGAs used in Arm Ltd. start execution at
address 0x0. This is the location of some (emulated) ROM area (which can
be written to by the uploading tool).
Since the arm_fpga port is configured to run from DRAM, we load BL31 to
the beginning of DRAM (mapped at 2GB). This requires some small
trampoline code in the "ROM" to jump to the BL31 entry point.
To avoid some extra magic binary, add a tiny assembly file with that
trivial jump instruction to the tree, so this binary can be created
alongside BL31.
Change-Id: I9e4439fc0f093fa24dd49a8377c9edb030fbb477
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The FPGA images used in Arm Ltd. focus on CPU cores, so they share a
common platform, with a minimal set of peripherals (interconnect, GIC,
UART).
This allows to support most platforms with a single devicetree file.
The topology and number of CPU cores differ, but those will added at
runtime, in BL31. Other adjustments (GICR size, SPE node, command line)
are also done at this point.
Add the common devicetree file to TF-A's build system, so it can be
build together with BL31. At runtime, the resulting .dtb file should be
uploaded to the address given with FPGA_PRELOADED_DTB_BASE at build time.
Change-Id: I3206d6131059502ec96896e95329865452c9d83e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The Statistical Profiling Extension (SPE) is an architectural feature we
can safely detect at runtime. However it still relies on one piece of
platform-specific information: the interrupt line it is connected
to. This requires SPE to be described in a devicetree node.
Since SPE support varies with the CPU cores found on an FPGA image, we
should detect the presence of SPE at runtime, and remove a potentially
existing SPE PMU node from the DT.
This allows to always have the SPE node in a generic devicetree file,
without risking exposing it on a CPU without this feature.
Change-Id: I73d83ea8509b03fe7bba20b9cce8d1335035fa31
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The size of a GICv3 redistributor region depends on the number of
cores in the system. For the ARM FPGA port, we detect the topology at
runtime, and adjust the CPU DT nodes accordingly.
Now the size of the GICR region must also be adjusted, or Linux will
fail to initialise the GICv3.
Use the newly introduced function to overwrite the GICR size entry in
the GICv3 reg property. We count the number of existing cores by
iterating over the GICR frames until we find the LAST bit set in TYPER.
Change-Id: Ib69565600859de9b1b15ceb8495172cd26d16fce
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
* changes:
plat/arm: Add platform support for Morello
fdts: add device tree sources for morello platform
lib/cpus: add support for Morello Rainier CPUs
This patch adds support for Morello platform.
It is an initial port which includes only BL31 support
as the System Control Processor (SCP) is expected to take
the role of primary bootloader.
Change-Id: I1ecbe5a14a2d487b2ecea3c1ca227f08473ed2dd
Co-authored-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Signed-off-by: Anurag Koul <anurag.koul@arm.com>
This patch allows the system to fallback to a default CPU library
in case the MPID does not match with any of the supported ones.
This feature can be enabled by setting SUPPORT_UNKNOWN_MPID build
option to 1 (enabled by default only on arm_fpga platform).
This feature can be very dangerous on a production image and
therefore it MUST be disabled for Release images.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I0df7ef2b012d7d60a4fd5de44dea1fbbb46881ba
The SGI platform defines the macro PLAT_ARM_MEM_PROT_ADDR which
indicates that the platform has mitigation for cold reboot attacks.
However, the flash memory used for the mem_protect region was not
mapped. This results in a crash when an OS calls PSCI MEM_PROTECT.
To fix this map the flash region used for mem_protect.
Change-Id: Ia494f924ecfe2ce835c045689ba8f942bf0941f4
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
According to [1] and in context of FF-A v1.0 a secure partition must
have either one EC (migratable UP) or a number of ECs equal to the
number of PEs (pinned MP). Adjust the SPMC manifest such that the
number of ECs is equal to the number of PEs.
[1] https://trustedfirmware-a.readthedocs.io/en/latest/components/
secure-partition-manager.html#platform-topology
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ie8c7d96ae7107cb27f5b97882d8f476c18e026d4
Increased BL2 maximum size when CoT descriptors are placed
in device tree.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I6466d2841e189e7f15eb4f1a8db070542893cb5b
Implemented a parser which populates the properties of
the CoT descriptors as per the binding document [1].
'COT_DESC_IN_DTB' build option is disabled by default and can
be enabled in future for all Arm platforms by making necessary
changes in the memory map.
Currently, this parser is tested only for FVP platform.
[1]:
https://trustedfirmware-a.readthedocs.io/en/latest/components/cot-binding.html
Change-Id: I2f911206087a1a2942aa728de151d2ac269d27cc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
The size of debug binaries of SCP has increased beyond the current
limit of 80kB set in platform. Hence, increase it to 128kB.
Change-Id: I5dbcf87f8fb35672b39abdb942c0691fb339444a
Signed-off-by: Usama Arif <usama.arif@arm.com>
UUID's in the device tree files were stored in little endian. So
to keep all entries in these files RFC 4122 compliant, store them in
big endian then convert it to little endian when they are read so they
can be used in the UUID data structure.
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: I5674159b82b245104381df10a4e3291160d9b3b5
Trace analysis of FVP_Base_AEMv8A 0.0/6063 model
running in Aarch32 mode with the build options
listed below:
TRUSTED_BOARD_BOOT=1 GENERATE_COT=1
ARM_ROTPK_LOCATION=devel_ecdsa KEY_ALG=ecdsa
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_ecdsa.pem
shows that when auth_signature() gets called
71.99% of CPU execution time is spent in memset() function
written in C using single byte write operations,
see lib\libc\memset.c.
This patch introduces new libc_asm.mk makefile which
replaces C memset() implementation with assembler
version giving the following results:
- for Aarch32 in auth_signature() call memset() CPU time
reduced to 20.56%.
The number of CPU instructions (Inst) executed during
TF-A boot stage before start of BL33 in RELEASE builds
for different versions is presented in the tables below,
where:
- C TF-A: existing TF-A C code;
- C musl: "lightweight code" C "implementation of the
standard library for Linux-based systems"
https://git.musl-libc.org/cgit/musl/tree/src/string/memset.c
- Asm Opt: assemler version from "Arm Optimized Routines"
project
https://github.com/ARM-software/optimized-routines/blob/
master/string/arm/memset.S
- Asm Linux: assembler version from Linux kernel
https://github.com/torvalds/linux/blob/master/arch/arm/lib/memset.S
- Asm TF-A: assembler version from this patch
Aarch32:
+-----------+------+------+--------------+----------+
| Variant | Set | Size | Inst | Ratio |
+-----------+------+------+--------------+----------+
| C TF-A | T32 | 16 | 2122110003 | 1.000000 |
| C musl | T32 | 156 | 1643917668 | 0.774662 |
| Asm Opt | T32 | 84 | 1604810003 | 0.756233 |
| Asm Linux | A32 | 168 | 1566255018 | 0.738065 |
| Asm TF-A | A32 | 160 | 1525865101 | 0.719032 |
+-----------+------+------+--------------+----------+
AArch64:
+-----------+------+------------+----------+
| Variant | Size | Inst | Ratio |
+-----------+------+------------+----------+
| C TF-A | 28 | 2732497518 | 1.000000 |
| C musl | 212 | 1802999999 | 0.659836 |
| Asm TF-A | 140 | 1680260003 | 0.614917 |
+-----------+------+------------+----------+
This patch modifies 'plat\arm\common\arm_common.mk'
by overriding libc.mk makefile with libc_asm.mk and
does not effect other platforms.
Change-Id: Ie89dd0b74ba1079420733a0d76b7366ad0157c2e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
At the moment BL31 dynamically discovers the CPU topology of an FPGA
system at runtime, but does not export it to the non-secure world.
Any BL33 user would typically looks at the devicetree to learn about
existing CPUs.
This patch exports a minimum /cpus node in a devicetree to satisfy
the binding. This means that no cpumaps or caches are described.
This could be added later if needed.
An existing /cpus node in the DT will make the code bail out with a
message.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I589a2b3412411a3660134bdcef3a65e8200e1d7e
This patch adds dependencies to the generated configuration
files that are included in the FIP. This fixes occasional
build errors that occur when the FIP happens to be built first.
Change-Id: I5a2bf724ba3aee13954403b141f2f19b4fd51d1b
Signed-off-by: Anders Dellien <anders.dellien@arm.com>
In the case of Juno AArch32, platform security configuration
gets done from both BL2 and SP_MIN(BL32) components when
JUNO_AARCH32_EL3_RUNTIME and RESET_TO_SP_MIN build options
are set.
Fix is provided to avoid Platform security configuration from
SP_MIN when it is already done in BL2.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I702e91dacb4cdd2d10e339ddeaea91289bef3229
Using the Fconf, register base address of the various nv-counters
(currently, trusted, non-trusted nv-counters) are moved to the
device tree and retrieved during run-time. This feature is
enabled using the build option COT_DESC_IN_DTB.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I236f532e63cea63b179f60892cb406fc05cd5830
'EHF' is used by RAS, SDEI, SPM_MM common frameworks.
If platform needs to plug-in specific handlers then
'PLAT_EHF_DESC' can be used to populate platform specific
priority levels.
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Change-Id: I37af7e0e48111f87b6982604bf5c15db3e05755d
Allocated 512-959 SPI numbers for remote n1sdp chip and same has been
referenced for GIC routing table.
Change-Id: Id79ea493fd665ed93fe9644a59e363ec10441098
Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
Add information about the third partition so it can be loaded into SPM
when running the tests
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: I5544e88df391ef294ddf6b5750d468d3e74892b1
In case of AT speculative workaround applied, page table walk
is disabled for lower ELs (EL1 and EL0) in EL3.
Hence added a wrapper function which temporarily enables page
table walk to execute AT instruction for lower ELs and then
disables page table walk.
Execute AT instructions directly for lower ELs (EL1 and EL0)
assuming page table walk is enabled always when AT speculative
workaround is not applied.
Change-Id: I4ad4c0bcbb761448af257e9f72ae979473c0dde8
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Implemented platform functions to retrieve the soc-id information
for juno platform
Change-Id: Ie677120710b45e202a2d63a954459ece8a64b353
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Implemented platform functions to retrieve the soc-id information
for FVP platform.
Change-Id: Id3df02ab290a210310e8d34ec9d706a59d817517
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Removed common code for soc-id feature which is applicable
for all arm platforms.
In subsequent patches, added a platform based functions
for FVP and Juno to retrieve the soc-id information.
Change-Id: Idb632a935758a6caff2ca03a6eab8f663da8a93a
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
SP804 TIMER is not platform specific, and current code base adds
multiple defines to use this driver. Like FVP_USE_SP804_TIMER and
FVP_VE_USE_SP804_TIMER.
This patch removes platform specific build flag and adds generic
flag `USE_SP804_TIMER` to be set to 1 by platform if needed.
Change-Id: I5ab792c189885fd1b98ddd187f3a38ebdd0baba2
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
* changes:
SPM: Add owner field to cactus secure partitions
SPM: Alter sp_gen.mk entry depending on owner of partition
plat/arm: enable support for Plat owned SPs
For supporting dualroot CoT for Secure Partitions a new optional field
"owner" is introduced which will be used to sign the SP with
corresponding signing domain. To demonstrate its usage, this patch adds
owners to cactus Secure Partitions.
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: I7b760580355fc92edf5402cecc38c38125dc1cae
For Arm platforms SPs are loaded by parsing tb_fw_config.dts and
adding them to SP structure sequentially, which in-turn is appended to
loadable image list.
With recently introduced dualroot CoT for SPs where they are owned
either by SiP or by Platform. SiP owned SPs index starts at SP_PKG1_ID
and Plat owned SPs index starts at SP_PKG5_ID. As the start index of SP
depends on the owner, there should be a mechanism to parse owner of a SP
and put it at the correct index in SP structure.
This patch adds support for parsing a new optional field "owner" and
based on it put SP details(UUID & Load-address) at the correct index in
SP structure.
Change-Id: Ibd255b60d5c45023cc7fdb10971bef6626cb560b
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
This resolves MISRA defects such as:
plat/common/plat_bl1_common.c:63:[MISRA C-2012 Rule 14.4 (required)]
The condition expression "1" does not have an essentially boolean type.
Change-Id: I679411980ad661191fbc834a44a5eca5494fd0e2
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
There was a collision between the name of the typedef in the CASSERT and
something else, so we make the name of the typedef unique to the
invocation of DEFFINE_SVC_UUID2 by appending the name that's passed into
the macro. This eliminates the following MISRA violation:
bl1/bl1_main.c:233:[MISRA C-2012 Rule 5.6 (required)] Identifier
"invalid_svc_uuid" is already used to represent a typedef.
This also resolves MISRA rule 5.9.
These renamings are as follows:
* tzram -> secram. This matches the function call name as it has
sec_mem in it's name
* fw_config_base -> config_base. This file does not mess with
hw_conig, so there's little chance of confusion
Change-Id: I8734ba0956140c8e29b89d0596d10d61a6ef351e
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
BL31 binary size is aligned to 4KB because of the
code in include\plat\arm\common\arm_reclaim_init.ld.S:
__INIT_CODE_UNALIGNED__ = .;
. = ALIGN(PAGE_SIZE);
__INIT_CODE_END__ = .;
with all the zero data after the last instruction of
BL31 code to the end of the page.
This causes increase in size of BL31 binary stored in FIP
and its loading time by BL2.
This patch reduces the size of BL31 image by moving
page alignment from __INIT_CODE_END__ to __STACKS_END__
which also increases the stack size for secondary CPUs.
Change-Id: Ie2ec503fc774c22c12ec506d74fd3ef2b0b183a9
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Currently only single signing domain is supported for SP packages but
there is plan to support dual signing domains if CoT is dualroot.
SP_CONTENT_CERT_ID is the certificate file which is currently generated
and signed with trusted world key which in-turn is derived from Silicon
provider RoT key.
To allow dual signing domain for SP packages, other certificate file
will be derived from Platform owned RoT key.
This patch renames "SP_CONTENT_CERT_ID" to "SIP_SP_CONTENT_CERT_ID" and
does other related changes.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I0bc445a3ab257e2dac03faa64f46e36a9fed5e93
Following merge of patchset [1] the spm_mm_boot_info_t structure is
included in few platform files unconditionally even when SPM_MM option
is disabled.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/2647
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I68bc034c9348b5d9bcfd2e5217b781df5ad1b369
The command line for BL33 payloads is typically taken from the DTB. On
"normal" systems the bootloader will put the right version in there, but
we typically don't use one on the FPGAs.
To avoid editing (and possibly re-packaging) the DTB for every change in
the command line, try to read it from some "magic" memory location
instead. It can be easily placed there by the tool that uploads the
other payloads to the FPGA's memory. BL31 will then replace the existing
command line in the DTB with that new string.
To avoid reading garbage, check the memory location for containing a
magic value. This is conveniently chosen to be a simple ASCII string, so
it can just preceed the actual command line in a text file:
--------------------------------
CMD:console=ttyAMA0,38400n8 debug loglevel=8
--------------------------------
Change-Id: I5923a80332c9fac3b4afd1a6aaa321233d0f60da
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Provide manifest and build options to boot OP-TEE as a
guest S-EL1 Secure Partition on top of Hafnium in S-EL2.
Increase ARM_SP_MAX_SIZE to cope with OP-TEE debug build image.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Idd2686fa689a78fe2d05ed92b1d23c65e2edd4cb
This patch fixes a bug where wrong panic was caused when the number
of SP was same as max limit.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I9ace62d8d5bcdc410eeacdd9d33d55a7be5fcc8e
Currently, soc-revision information is not available for arm
platforms hence disabled 'SMCCC_ARCH_SOC_ID' feature for all arm
platforms.
Change-Id: I1ab878c6a4c8fecfff63bc6dde83e3ecefe20279
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
SPM(BL32) and hafnium(BL33) expect their manifest base address in x0
register, which is updated during BL2 stage by parsing fw_config.
In case of RESET_TO_BL31 it has to be updated while populating
entry point information.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I6f4a97f3405029bd6ba25f0935e2d1f74bb95517
As secondary cores show up, they populate an array to
announce themselves so plat_core_pos_by_mpidr() can
return an invalid COREID code for any non-existing
MPIDR that it is queried about.
The Power Domain Tree Description is populated with
a topology based on the maximum harcoded values.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I8fd64761a2296714ce0f37c46544f3e6f13b5f61
In BL2, fw_config's population happened before the cache gets
enabled.
Hence to boost the performance, moved fw_config's population
after cache gets enabled (i.e. after MMU gets enabled).
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I2e75cabd76b1cb7a660f6b72f409ab40d2877284
Updated the function 'set_fw_config_info' to make it generic
by doing below changes:
1. Rename function name from 'set_fw_config_info' to 'set_config_info'
2. Take image_id as an argument so that this function can set any
config information.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Icf29e19d3e9996d8154d84dbbbc76712fab0f0c1
Update the data type of the member 'config_max_size' present in the
structure 'dyn_cfg_dtb_info_t' to uint32_t.
This change is being done so that dyn_cfg_dtb_info_t and image_info
structure should use same data type for maximum size.
Change-Id: I9b5927a47eb8351bbf3664b8b1e047ae1ae5a260
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Currently, the need for firmware update is being checked twice
in the code hence modifications are done to do this check only
once and set the global variable.
Then this global variable helps to decide whether to go for
normal boot or firmware update flow.
Change-Id: I8469284555a8039786f34670f9dc4830f87aecc1
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Renamed node for trusted boot fw config from 'plat_arm_bl2' to
'tb_fw-config'.
Change-Id: I2e16b6f4d272292ec1855daafd014e851436dd9b
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This patch adds support for Measured Boot functionality
to FVP platform code. It also defines new properties
in 'tpm_event_log' node to store Event Log address and
it size
'tpm_event_log_sm_addr'
'tpm_event_log_addr'
'tpm_event_log_size'
in 'event_log.dtsi' included in 'fvp_tsp_fw_config.dts'
and 'fvp_nt_fw_config.dts'. The node and its properties
are described in binding document
'docs\components\measured_boot\event_log.rst'.
Change-Id: I087e1423afcb269d6cfe79c1af9c348931991292
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch adds support for Event Log generation required
for Measured Boot functionality.
Change-Id: I34f05a33565e6659e78499d62cc6fb00b7d6c2dc
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch adds support for Measured Boot driver functionality
in common Arm platform code.
Change-Id: If049dcf8d847c39023b77c0d805a8cf5b8bcaa3e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
TBBR authentication framework depends on the plat_get_rotpk_info()
function to return the pointer to the Root of Trust Public Key (ROTPK)
stored in the platform along with its length. Add this function for
RD-Daniel Config-XLR platform to support Trusted Board Boot. The
function makes use of the wrapper function provided by the arm common
trusted board boot function to get the ROTPK hash.
Change-Id: I509e2f7e88cc2167e1732a971d71dc131d3d4b01
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
TBBR authentication framework depends on the plat_get_rotpk_info()
function to return the pointer to the Root of Trust Public Key (ROTPK)
stored in the platform along with its length. Add this function for
RD-Daniel platform to support Trusted Board Boot. The function makes use
of the wrapper function provided by the arm common trusted board boot
function to get the ROTPK hash.
Change-Id: I6c2826a7898664afea19fd62432684cfddd9319a
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
This patch moves all GICv2 driver files into new added
'gicv2.mk' makefile for the benefit of the generic driver
which can evolve in the future without affecting platforms.
NOTE: Usage of 'drivers/arm/gic/common/gic_common.c' file
is now deprecated and platforms with GICv2 driver need to
be modified to include 'drivers/arm/gic/v2/gicv2.mk' in
their makefiles.
Change-Id: Ib10e71bdda0e5c7e80a049ddce2de1dd839602d1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
BL2 size gets increased due to the libfdt library update and
that eventually cause no-optimization build failure for BL2 as below:
aarch64-none-elf-ld.bfd: BL2 image has exceeded its limit.
aarch64-none-elf-ld.bfd: region `RAM' overflowed by 4096 bytes
Makefile:1070: recipe for target 'build/fvp/debug/bl2/bl2.elf' failed
make: *** [build/fvp/debug/bl2/bl2.elf] Error 1
Fixed build failure by increasing BL2 image size limit by 4Kb.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I92a57eb4db601561a98e254b64994bb921a88db3
Included cot_descriptors.dtsi in platform device tree
(fvp_tb_fw_config.dts).
Also, updated the maximum size of tb_fw_config to 0x1800
in order to accomodate the device tree for CoT descriptors.
Follow up patch will parse the device tree for these CoT descriptors
and fill the CoT descriptor structures at runtime instead of using
static CoT descriptor structures in the code base.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I90122bc713f6842b82fb019b04caf42629b4f45a
The memory layout for the FPGA is fairly uniform for most of the FPGA
images, and we already assume that DRAM starts at 2GB by default.
Prepopulate PRELOADED_BL33_BASE and FPGA_PRELOADED_DTB_BASE to some
sane default values, to simplify building some stock image.
If people want to deviate from that, they can always override those
addresses on the make command line.
Change-Id: I2238fafb3f8253a01ad2d88d45827c141d9b29dd
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
To support FPGAs with those cores as well, as the respective cpulib
files to the Makefile.
Change-Id: I1a60867d5937be88b32b210c7817be4274554a76
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The maximum number of clusters is currently set to 2, which is quite
limiting. As there are FPGA images with 4 clusters, let's increase the
limit to 4.
Change-Id: I9a85ca07ebbd2a018ad9668536d867ad6b75e537
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch performs the following:
- Creating two corstone700 platforms under corstone700 board:
fvp and fpga
- Since the FVP and FPGA have IP differences, this commit provides a specific DTS for each platform
- The platform can be specified using the TARGET_PLATFORM Makefile variable
(possible values are: fvp or fpga)
- Allowing to use u-boot by:
- Enabling NEED_BL33 option
- Fixing non-secure image base: For no preloaded bl33 we want to
have the NS base set on shared ram. Setup a memory map region
for NS in shared map and set the bl33 address in the area.
- Setting the SYS_COUNTER_FREQ_IN_TICKS based on the selected
platform
- Setting ARM_MAP_SHARED_RAM and ARM_MAP_NS_SHARED_RAM to use MT_MEMORY
Change-Id: I4c8ac3387acb1693ab617bcccab00d80e340c163
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Added assert in the code to check valid address of dtb information
structure retrieved from fw_config device tree.
This patch fixes coverity defect:360213.
Also, removed conditional calling of "fconf_populate" as "fconf_populate"
function already checks the validity of the device tree address received
and go to panic in case of address is NULL.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ib83e4e84a95e2456a12c7a2bb3fe70461d882cba
This version corresponds to the following commit <7be250b>
libfdt: Correct condition for reordering blocks
Also, updated the Juno romlib jumptable with fdt APIs.
Change-Id: Ib6d28c1aea81c2144a263958f0792cc4daea7a1f
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The plat_core_pos_by_mpidr() implementation for the Arm FPGA port has
some issues, which leads to problems when matching GICv3 redistributors
with cores:
- The power domain tree was not taking multithreading into account, so
we ended up with the wrong mapping between MPIDRs and core IDs.
- Before even considering an MPIDR, we try to make sure Aff2 is 0.
Unfortunately this is the cluster ID when the MT bit is set.
- We mask off the MT bit in MPIDR, before basing decisions on it.
- When detecting the MT bit, we are properly calculating the thread ID,
but don't account for the shift in the core and cluster ID checks.
Those problems lead to early rejections of MPIDRs values, in particular
when called from the GIC code. As a result, CPU_ON for secondary cores
was failing for most of the cores.
Fix this by properly handling the MT bit in plat_core_pos_by_mpidr(),
also pulling in FPGA_MAX_PE_PER_CPU when populating the power domain
tree.
Change-Id: I71b2255fc0d27bfe5806511df479ab38e4e33fc4
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Passed the address of fw_config instead of soc_fw_config
as arg1 to BL31 from BL2 for ARM fvp platform.
BL31 then retrieve load-address of other device trees
from fw_config device tree.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ib7e9581cd765d76111dcc3b7e0dafc12503c83c1
* changes:
doc: Update memory layout for firmware configuration area
plat/arm: Increase size of firmware configuration area
plat/arm: Load and populate fw_config and tb_fw_config
fconf: Handle error from fconf_load_config
plat/arm: Update the fw_config load call and populate it's information
fconf: Allow fconf to load additional firmware configuration
fconf: Clean confused naming between TB_FW and FW_CONFIG
tbbr/dualroot: Add fw_config image in chain of trust
cert_tool: Update cert_tool for fw_config image support
fiptool: Add fw_config in FIP
plat/arm: Rentroduce tb_fw_config device tree
Increased the size of firmware configuration area to accommodate
all configs.
Updated maximum size of following bootloaders due to increase
in firmware configs size and addition of the code in the BL2.
1. Increased maximum size of BL2 for Juno platform in no
optimisation case.
2. Reduced maximum size of BL31 for fvp and Juno platform.
3. Reduced maximum size of BL32 for Juno platform.
Change-Id: Ifba0564df0d1fe86175bed9fae87fdcf013b1831
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Modified the code to do below changes:
1. Load tb_fw_config along with fw_config by BL1.
2. Populate fw_config device tree information in the
BL1 to load tb_fw_config.
3. In BL2, populate fw_config information to retrieve
the address of tb_fw_config and then tb_fw_config
gets populated using retrieved address.
4. Avoid processing of configuration file in case of error
value returned from "fw_config_load" function.
5. Updated entrypoint information for BL2 image so
that it's arg0 should point to fw_config address.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: Ife6f7b673a074e7f544ee3d1bda7645fd5b2886c
Query clock frequency in runtime using FCONF getter API
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ie6a8a62d8d190b9994feffb167a1d48829913e9b
Extract Timer clock frequency from the timer node in
HW_CONFIG dtb. The first timer is a per-core architected timer attached
to a GIC to deliver its per-processor interrupts via PPIs.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I2f4b27c48e4c79208dab9f03c768d9221ba6ca86
Modified the code to do below changes:
1. Migrates the Arm platforms to the API changes introduced in the
previous patches by fixing the fconf_load_config() call.
2. Retrieve dynamically the address of tb_fw_config using fconf
getter api which is subsequently used to write mbedTLS heap
address and BL2 hash data in the tb_fw_config DTB.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: I3c9d9345dcbfb99127c61d5589b4aa1532fbf4be
Cleaned up confused naming between TB_FW and FW_CONFIG.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I9e9f6e6ca076d38fee0388f97d370431ae067f08
Moved BL2 configuration nodes from fw_config to newly
created tb_fw_config device tree.
fw_config device tree's main usage is to hold properties shared
across all BLx images.
An example is the "dtb-registry" node, which contains the
information about the other device tree configurations
(load-address, size).
Also, Updated load-address of tb_fw_config which is now located
after fw_config in SRAM.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ic398c86a4d822dacd55b5e25fd41d4fe3888d79a
Load address of tb_fw_config is incorrectly mentioned
in below device trees:
1. rdn1edge_fw_config.dts
2. tc0_fw_config.dts
Till now, tb_fw_config load-address is not being retrieved from
device tree and hence never exeprienced any issue for tc0 and
rdn1edge platform.
For tc0 and rdn1edge platform, Load-address of tb_fw_config should
be the SRAM base address + 0x300 (size of fw_config device tree)
Hence updated these platform's fw_config.dts accordingly to reflect
this load address change.
Change-Id: I2ef8b05d49be10767db31384329f516df11ca817
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Using the fconf framework, the Group 0 and Group 1 secure interrupt
descriptors are moved to device tree and retrieved in runtime. This
feature is enabled by the build flag SEC_INT_DESC_IN_FCONF.
Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The only difference between GIC-500 and GIC-600 relevant to TF-A is the
differing power management sequence.
A certain GIC implementation is detectable at runtime, for instance by
checking the IIDR register. Let's add that test before initiating the
GIC-600 specific sequence, so the code can be used on both GIC-600 and
GIC-500 chips alike, without deciding on a GIC chip at compile time.
This means that the GIC-500 "driver" is now redundant. To allow minimal
platform support, add a switch to disable GIC-600 support.
Change-Id: I17ea97d9fb05874772ebaa13e6678b4ba3415557
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP)
owned Secure Partitions(SP). A similar support for Platform owned SP can
be added in future. The certificate is also protected against anti-
rollback using the trusted Non-Volatile counter.
To avoid deviating from TBBR spec, support for SP CoT is only provided
in dualroot.
Secure Partition content certificate is assigned image ID 31 and SP
images follows after it.
The CoT for secure partition look like below.
+------------------+ +-------------------+
| ROTPK/ROTPK Hash |------>| Trusted Key |
+------------------+ | Certificate |
| (Auth Image) |
/+-------------------+
/ |
/ |
/ |
/ |
L v
+------------------+ +-------------------+
| Trusted World |------>| SiP owned SPs |
| Public Key | | Content Cert |
+------------------+ | (Auth Image) |
/ +-------------------+
/ |
/ v|
+------------------+ L +-------------------+
| SP_PKG1 Hash |------>| SP_PKG1 |
| | | (Data Image) |
+------------------+ +-------------------+
. .
. .
. .
+------------------+ +-------------------+
| SP_PKG8 Hash |------>| SP_PKG8 |
| | | (Data Image) |
+------------------+ +-------------------+
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ia31546bac1327a3e0b5d37e8b99c808442d5e53f
As per "include/export/README", TF-A code should never include export
headers directly. Instead, it should include a wrapper header that
ensures the export header is included in the right manner.
"tbbr_img_def_exp.h" is directly included in TF-A code, this patch
replaces it with its wrapper header "tbbr_img_def.h".
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I31c1a42e6a7bcac4c396bb17e8548567ecd8147d
This should allow git to easily track file moves
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Change-Id: I1592cf39a4f94209c560dc6d1a8bc1bfb21d8327
This patch adds support for Total Compute (TC0) platform. It is an
initial port and additional features are expected to be added later.
TC0 has a SCP which brings the primary Cortex-A out of reset
which starts executing BL1. TF-A optionally authenticates the SCP
ram-fw available in FIP and makes it available for SCP to copy.
Some of the major features included and tested in this platform
port include TBBR, PSCI, MHUv2 and DVFS.
Change-Id: I1675e9d200ca7687c215009eef483d9b3ee764ef
Signed-off-by: Usama Arif <usama.arif@arm.com>
Fixed build error for dualroot chain of trust.
Build error were thrown as below while compiling the code for
dualroot chain of trust:
aarch64-none-elf-ld.bfd: ./build/fvp/debug/bl1/tbbr_cot_bl1.o:
(.bss.auth_img_flags+0x0): multiple definition of `auth_img_flags';
./build/fvp/debug/bl1/cot.o:(.bss.auth_img_flags+0x0): first defined here
aarch64-none-elf-ld.bfd: ./build/fvp/debug/bl1/tbbr_cot_bl1.o:
(.rodata.cot_desc_size+0x0): multiple definition of `cot_desc_size';
./build/fvp/debug/bl1/cot.o:(.rodata.cot_desc_size+0x0): first defined here
aarch64-none-elf-ld.bfd: ./build/fvp/debug/bl1/tbbr_cot_bl1.o:
(.rodata.cot_desc_ptr+0x0): multiple definition of `cot_desc_ptr';
./build/fvp/debug/bl1/cot.o:(.rodata.cot_desc_ptr+0x0): first defined here
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I1a426c4e7f5f8013d71dafc176c7467c1b329757
SPCI is renamed as PSA FF-A which stands for Platform Security
Architecture Firmware Framework for A class processors.
This patch replaces the occurrence of SPCI with PSA FF-A(in documents)
or simply FFA(in code).
Change-Id: I4ab10adb9ffeef1ff784641dfafd99f515133760
Signed-off-by: J-Alves <joao.alves@arm.com>
We query the UART base address and clk frequency in runtime
using fconf getter APIs.
Change-Id: I5f4e84953be5f384472bf90720b706d45cb86260
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This patch introduces the populate function which leverages
a new driver to extract base address and clk frequency properties
of the uart serial node from HW_CONFIG device tree.
This patch also introduces fdt helper API fdtw_translate_address()
which helps in performing address translation.
Change-Id: I053628065ebddbde0c9cb3aa93d838619f502ee3
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Query the GICD and GICR base addresses in runtime using fconf getter
APIs.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I309fb2874f3329ddeb8677ddb53ed4c02199a1e9
CoT used for BL1 and BL2 are moved to tbbr_cot_bl1.c
and tbbr_cot_bl2.c respectively.
Common CoT used across BL1 and BL2 are moved to
tbbr_cot_common.c.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I2252ac8a6960b3431bcaafdb3ea4fb2d01b79cf5
This patch introduces dynamic configuration for SDEI setup and is supported
when the new build flag SDEI_IN_FCONF is enabled. Instead of using C arrays
and processing the configuration at compile time, the config is moved to
dts files. It will be retrieved at runtime during SDEI init, using the fconf
layer.
Change-Id: If5c35a7517ba00a9f258d7f3e7c8c20cee169a31
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Co-authored-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
* changes:
arm_fpga: Read UART address from DT
arm_fpga: Read GICD and GICR base addresses from DT
arm_fpga: Read generic timer counter frequency from DT
arm_fpga: Use Generic UART
The arm_fpga port requires a DTB, to launch a BL33 payload.
To make this port more flexible, we can also use the information in the
DT to configure the console driver.
For a start, find the DT node pointed to by the stdout-path property, and
read the base address from there.
This assumes for now that the stdout-path points to a PL011 UART.
This allows to remove platform specific addresses from the image. We
keep the original base address for the crash console.
Change-Id: I46a990de2315f81cae4d7913ae99a07b0bec5cb1
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Daniel Boulby
Manish Pandey
Sandrine Bailleux
Arunachalam Ganapathy
Olivier Deprez
Yann Gautier
Manoj Kumar
Madhukar Pappireddy
johpow01
Pranav Madhu
Mark Dykes
Manish V Badarkhe
Zelalem
Davidson K
David Horstmann
Aditya Angadi
bipin.ravi
Mikael Olsson
Usama Arif
Heyi Guo
Omkar Anand Kulkarni
Thomas Abraham
Andre Przywara
Vijayenthiran Subramaniam
Lauren Wehrmeister
Avinash Mehta
Ming Huang
Jagadeesh Ujja
Pali Rohár
Javier Almansa Sobrino
Alexei Fedorov
Joanna Farley
Jimmy Brisson
Chandni Cherukuri
Sami Mujawar
Anders Dellien
Ruari Phipps
Sandeep Tripathy
Sayanta Pattanayak
Mark Dykes
Abdellatif El Khlifi
Louis Mayencourt
J-Alves
Balint Dobszay