This patch extends the functionality of FPGA Crypto Services (FCS) to
support FPGA Attestation feature in Agilex device.
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I3c2e29d2fa04d394e9f65d8143d7f4e57389cd02
Due to the cache coherency issue the dcache need to flush
before sending the certificate to the mailbox
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I39d5144519d9c7308597698b4cbea1b8aba0a849
This patch will introduce a generic error code (0x3ff)
to be used in case where Secure Device Manager (SDM)
mailbox request is not failing (returns OK with no error
code) but BL31 instead wants to return error/reject
to the calling software. This value aligns with generic
error code implemented in SDM for consistency.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I9894c7df8897fff9aa80970940a6f3f6bfa30bb7
Allows non-secure software to access FPGA Crypto Services (FCS)
through secure monitor calls (SMC).
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I805b3f650abf5e118e2c55e469866d5d0ca68048
Extend the functionality of FPGA Crypto Service
(FCS) to support FPGA single certificate feature
so that the counter value can be updated with
only one preauthorized certificate
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ibde87e4ee46367cf7f27f7bb0172838ab8766340
This is to extend the functionality of FPGA Crypto Service (FCS)
to support FPGA Attestation feature in Stratix 10 device.
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ib15783383dc9a06a2f0dc6dc1786f44b89f32cb1
This change is to re-align HPS cryption logic with
underlying Secure Device Manager's (SDM) mailbox API.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I8fc90982d3cddceaf401c1a112ff8e20861bf4c5
* changes:
feat(spmc): add helper to obtain a partitions FF-A version
feat(spmd): enable SPMD to forward FFA_VERSION to EL3 SPMC
feat(spmc): enable handling FFA_VERSION ABI
feat(spmc): add helper function to obtain endpoint mailbox
feat(spmc): add helper function to obtain hyp structure
feat(spmc): enable parsing of messaging methods from manifest
Add a helper function to obtain the FF-A version of a calling
partition. This is used to ensure that the SPMC maintains
backwards compatibility if the partition implements a lower
minor version for the same major version than the SPMC.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I5b364a1e510a999bb0c4cacae28f23f8a42a1e3e
In order to allow the EL3 SPMC to know the FF-A version of the
entity running in the normal world, allow the SPMD to
forward the call rather than replying on its behalf.
This solution works as the EL3 can ERET directly back to
the calling partition however this is not an option
when the SPMC resides in a lower exception level. A new
approach will be required to support such scenario.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ic2d6e49c06340167eadefe893c6e1e20b67ab498
Report the SPMC version to the caller, currently v1.1 and
also store the requested version to allow the SPMC to
use the corresponding FF-A version in future ABI calls.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I79aafd1e6694cbd4b231bbd0cac5834a71063d79
Add a helper function to obtain the relevant mailbox buffers
depending on which entity was last run. This will be used in
subsequent functionality to populate requested information in
the callers RX buffer.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I85959ced4d1454be05a7b3fb6853ed3ab7f0cf3e
We assume that the first descriptor in the normal world
endpoints is reserved for the hypervisor and add a helper
function to enable retrieving this directly.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I67c3589994eb820ef420db6ab7e8bd0825d64455
Ensure that the `messaging-methods` entry is populated in
an SP's manifest. Currently only direct messaging is supported
so alert if this does not match the manifest entry.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I67f1fad71a3507627993a004e0f8579388faf178
Add long, long long and size_t length specifiers to
snprintf similar to vprintf. This will help capturing
all the UART logs into a logbuffer and makes snprintf
functionally equivalent to vprintf.
Change-Id: Ib9bd20e2b040c9b8755cf7ed7c9b4da555604810
Signed-off-by: Channagoud kadabi <kadabi@google.com>
Cortex-A78 erratum 2395406 is a cat B erratum that applies to revisions
r0p0 - r1p2 and is still open. The workaround is to set bit[40] of
CPUACTLR2 which will disable folding of demand requests into older
prefetches with L2 miss requests outstanding.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401784
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: If06f988f05f925c2a4bed3e6a9414b6acdfec894
Cortex-A710 erratum 2008768 is a Cat B erratum that applies to revisions
r0p0, r1p0, and r2p0, and is fixed in r2p1. The workaround is to clear
the ED bit in each ERXCTLR_EL1 register before setting the PWRDN bit in
CPUPWRCTLR_EL1.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ib2171c06da762dd4155b02c03d86766f1616381d
Cortex-A78 erratum 2376745 is a cat B erratum that applies to revisions
r0p0 - r1p2 and is still open. The workaround is to set bit[0] of
CPUACTLR2 which will force PLDW/PFRM ST to behave like PLD/PRFM LD and
not cause invalidation to other PE caches.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401784
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I6f1a3a7d613c5ed182a7028f912e0f6ae3aa7f98
In cm_prepare_el3_exit_ns, SCR_EL3.NS bit change (to non-secure) is not
committed before the EL2 restoration sequence happens.
At ICC_SRE_EL2 write in cm_el2_sysregs_context_restore, NS is still 0
from CPU perspective (with EEL2=0) which is an invalid condition and
triggers a fault. By adding ISB, SCR_EL3 gets synced with NS=1/EEL2=0
before ICC_SRE_EL2 write.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ie72a6152aa7729e66b3344c1b7b0749f54cafb6f
* changes:
feat(imx8mp): enable BL32 fdt overlay support on imx8mp
feat(imx8mq): enable optee fdt overlay support
feat(imx8mn): enable optee fdt overlay support
feat(imx8mm): enable optee fdt overlay support
feat(imx8mp): add trusty for imx8mp
feat(imx8mq): enable trusty for imx8mq
feat(imx8mn): enable Trusty OS for imx8mn
feat(imx8mm): enable Trusty OS on imx8mm
feat(imx8/imx8m): switch to xlat_tables_v2
feat(imx8m): enable the coram_s tz by default on imx8mn/mp
feat(imx8m): enable the csu init on imx8m
feat(imx8m): add a simple csu driver for imx8m family
refactor(imx8m): replace magic number with enum type
feat(imx8m): add imx csu/rdc enum type defines for imx8m
fix(imx8m): check the validation of domain id
feat(imx8m): enable conditional build for SDEI
Allow OP-TEE to generate a device-tree overlay binary
that will be applied by u-boot on the regular dtb.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: Idfd268cdd8b7ba321f8e1b9b85c2bba7ffdeddf0
Add trusty support for imx8mq, default load address
and size for trusty os will be 0xfe000000 and 0x2000000.
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I2b35ee525b25b80bf6c9599a0adcc2d9f069aa41
Add trusty support for imx8mn, default load address and
size of trusty are 0xbe000000 and 0x2000000.
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I63fd5159027d7400b8c6bfc03193dd1330c43140
Add trusty support for imx8mm, default load address
and size of trusty are 0xbe000000 anx 0x2000000.
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I3f8b1adc08933e38a39f1ab1723947319d19a703
spd trusty requires memory dynamic mapping feature to be
enabled, so we have to use xlat table library v2 instead
of v1.
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I2813af9c7878b1fc2a59e27619c5b643af6a1e91
Enable the OCRAM_S TZ for secure protection by default on
i.MX8MN/i.MX8MP. And lock the ocram secure access configure
on i.MX8MM/i.MX8MP.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I2e24f4b823ee5f804415218d5c2e371f4e4c6fe1
Enable the CSU init on i.MX8M SoC family. The 'csu_cfg' array
is just a placeholder for now as example with limited config listed.
In real use case,user can add the CSU config as needed based on system design.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I1f7999efa346f18f6625ed8c478d088ed75f7833
Replace those RDC config related magic numbers with enum type
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I6245ccfa74d079179dc0f205980c2daf5c7af786
Add various enum type defines for CSU & RDC module for i.MX8M
family
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I70c050286919eab51c6c553912bd4be57bc60f81
check the domain id to make sure it is in the valid range
to make sure no out of range access to the array.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: Iccd7298eea390b6e68156bb356226839a23417ea
SDEI support on imx8m is an optional feature, so
make it conditional build, not enabled by default.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I6e7e8d77959ea352bc019f8468793992ec7ecfc4
In case JR0 is used by the HAB for secure boot, it can be used later
for authenticating kernel or other binaries.
We are checking if the HAB is using the JR by the DID set.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I6e9595012262ffabfc3f3d4841f446f34e48e059
Sieu Mun Tang
Boon Khai Ng
Bipin Ravi
Madhukar Pappireddy
Joanna Farley
Olivier Deprez
Manish Pandey
Marc Bonnici
kadabi
John Powell
Jacky Bai
Silvano di Ninno
Ji Luo
Franck LENORMAND