Add tsp service to check the value of the PSTATE DIT bit is as
expected and toggle it's value. This is used to ensure that
the DIT bit is maintained during a switch from the Normal to
Secure worlds and back.
Change-Id: I4e8bdfa6530e5e75925c0079d4fa2795133c5105
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
During a transition to a higher EL some of the PSTATE bits are not set
by hardware, this means that their state may be leaked from lower ELs.
This patch sets those bits to a default value upon entry to EL3.
This patch was tested using a debugger to check the PSTATE values
are correctly set. As well as adding a test in the next patch to
ensure the PSTATE in lower ELs is still maintained after this change.
Change-Id: Ie546acbca7b9aa3c86bd68185edded91b2a64ae5
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Introduce the bare mimimum base of the msm8916 BL31 port. This is
pretty much just a standard platform "skeleton" with CPU/memory
initialization and an UART driver. This allows booting into
e.g. U-Boot with working UART output.
Note that the plat/qti/msm8916 port is completely separate and does not
make use of anything in plat/qti/common at the moment. The main reason
for that is that plat/qti/common is heavily focused around having a
binary "qtiseclib" component, while the MSM8916 port is fully
open-source (and therefore somewhat limited to publicly documented
functionality).
In the future it might be possible to re-use some of the open-source
parts in plat/qti/common (e.g. spmi_arb.c or pm_ps_hold.c) but it's
not strictly required for the basic functionality supported so far.
Change-Id: I7b4375df0f947b3bd1e55b0b52b21edb6e6d175b
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
The Qualcomm Snapdragon 410 is Qualcomm's first 64-bit SoC, released
in 2014 with four ARM Cortex-A53 cores. There are differents variants
(MSM8916, APQ8016(E), ...) that are all very similar. A popular device
based on APQ8016E is the DragonBoard 410c single-board computer,
but the SoC is also used in various mid-range smartphones/tablets.
This commit adds documentation for a minimal, community-maintained port
of TF-A/BL31 for MSM8916. The actual platform port is added in the
following four separate small commits to simplify the review process.
The code is primarily based on the information from the public
Snapdragon 410E Technical Reference Manual [1], combined with a lot of
trial and error to actually make it work.
Note that this port is a pure community effort without any
commercial interests and is not related to Qualcomm in any way.
The main motivation for this port is to have a minimal, updatable
firmware since this old chip does not receive many updates anymore from
Qualcomm. It works quite well for many use cases so I am willing to
maintain it as a "code owner". I have also added Nikita Travkin as
second code owner to help with reviews.
The main limitation so far is the lack of memory protection for TF-A.
This is similar to the ports for the Raspberry Pi but in this case not
a lack of hardware support but rather a lack of documentation. However,
this does not limit the usefulness of the port when used as a minimal
PSCI implementation.
[1]: https://developer.qualcomm.com/download/sd410/snapdragon-410e-technical-reference-manual.pdf
Change-Id: I676adf86061638cfc2f3ae8615470d145e84f172
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
From the new binding, the RCC become secured based on the new
compatible. This must be done only from the secure OS initialisation.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I7f0a62f22bfcca638ddaefc9563df00f89f01653
Add an early UART console to ease debug before UART is fully configured.
This is done under flag STM32MP_EARLY_CONSOLE in the first STM32MP1
platform function called (bl2_el3_early_platform_setup()). It uses the
parameters defined for crash console: STM32MP_DEBUG_USART* macros.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Id6be62368723a0499e97bbf56fb52c166fcbdfad
* changes:
feat(stm32mp1): warn when debug enabled on secure chip
fix(stm32mp1): rework switch/case for MISRA
feat(st): disable authentication based on part_number
* changes:
fix(sptool): add leading zeroes in UUID conversion
feat(tc): enable SMMU for DPU
feat(tc): add reserved memory region for Gralloc
feat(tc): enable GPU
fix(tc): remove the bootargs node
* changes:
feat(st-gpio): do not apply secure config in BL2
feat(st): get pin_count from the gpio-ranges property
feat(st-gpio): allow to set a gpio in output mode
refactor(st-gpio): code improvements
The Event Log sources are added to the source-list of BL1 and BL2
images in the Event Log Makefile. It doesn't seem correct since
some platforms only compile Event Log sources for BL2.
Hence, moved compilation decision of Event Log sources to the
platform makefile.
Change-Id: I1cb96e24d6bea5e091d08167f3d1470d22b461cc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
The UUID conversion drops leading zeroes, so make sure that
all hex strings always are 8 digits long
Signed-off-by: Anders Dellien <anders.dellien@arm.com>
Change-Id: I5d7e3cf3b53403a02bf551f35f17dbdb96dec8ae
At boot, the devices under ETZPC control are secured, so should be
their GPIOs. As securable GPIOs are secured by default, keep the reset
values in BL2.
Change-Id: I9e560d936f8e8fda0f96f6299bb0c3b35ba9b71f
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The "ngpios" property is deprecated and may be removed.
Use the "gpio-ranges" property where the last parameter of that
property is the number of available pins within that range.
Signed-off-by: Fabien Dessenne <fabien.dessenne@foss.st.com>
Change-Id: I28295412c7cb1246fc753cff0d447b6fdcdc4c0f
Allow to set a gpio in output mode from the device tree.
Signed-off-by: Fabien Dessenne <fabien.dessenne@foss.st.com>
Change-Id: Ic483324bc5fe916a60df05f74706bd1da4d08aa5
No functional, change, but some improvements:
- Declare set_gpio() as static (only called locally)
- Handle the type ('open-drain') property independently from the
mode one.
- Replace mmio_clrbits_32() + mmio_setbits_32() with
mmio_clrsetbits_32().
- Add a missing log
- Add missing U() in macro definitions
Signed-off-by: Fabien Dessenne <fabien.dessenne@foss.st.com>
Change-Id: I1a79609609ac8e8001127ebefdb81def573f76fa
Add a banner that inform user that debug is enabled
on a secure chip.
Change-Id: Ib618ac1332b40a1af72d0b60750eea4fc36a8014
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Avoid the use of return inside switch/case in stm32mp_is_single_core().
Although this MISRA rulre might not be enforced, we align on what is done
for stm32mp_is_auth_supported().
Change-Id: I00a5ec1b18c55b4254af00c9c5cf5a4dce104175
Signed-off-by: Yann Gautier <yann.gautier@st.com>
STM32MP15xA and STM32MP15xD chip part numbers don't
support the secure boot.
All functions linked to secure boot must not be used
and signed binaries are not allowed on such chip.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I5b85f322f5eb3b64415e1819bd00fb2c99f20695
The SMMU needs to be enabled to support 8GB RAM
Signed-off-by: Anders Dellien <anders.dellien@arm.com>
Change-Id: Ie81f2fc59886c52e9d6ed799ea73f49eb7a7c307
Gralloc for Android S uses dmabuf, we need to add reserved memory area
for these allocations
Signed-off-by: Anders Dellien <anders.dellien@arm.com>
Change-Id: If869ac930fadc374ec435cae3847ba374584275b
Add DTS node for GPU to support hardware rendering in Android
Signed-off-by: Anders Dellien <anders.dellien@arm.com>
Change-Id: I2cf2badf5b15e59a910f6cf7d3d30fdfaf4fe9ce
We need to keep the kernel command line in Yocto, otherwise we
can't support AVB.
Signed-off-by: Anders Dellien <anders.dellien@arm.com>
Change-Id: Ic291eb13620b307f10354c2c2797c6fc9b053e83
In the next patch we add an extra step of setting the PSTATE
registers to a known state on el3 entry. In this patch we create
the function prepare_el3_entry to wrap the steps needed for before
el3 entry. For now this is only save_gp_pmcr_pauth_regs.
Change-Id: Ie26dc8d89bfaec308769165d2649e84d41be196c
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
The monotonic counter is stored in an OTP fuse.
A check is done in TF-A.
If the TF-A version is incremented, then the counter will be updated
in the corresponding OTP.
Change-Id: I6e7831300ca9efbb35b4c87706f2dcab35affacb
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Mathieu Belou <mathieu.belou@st.com>
Use dt_find_otp_name() to retrieve platform OTP information
from device tree, directly or through stm32_get_otp_index() and
stm32_get_otp_value() platform services.
String definitions replace hard-coded values, they are used to call
this new function.
Change-Id: I81213e4a9ad08fddadc2c97b064ae057a4c79561
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Set non-secure property on platform secure OTP nodes that non-secure
world is allowed to access through secure world services.
These are the SoC MAC address and the ST boards board_id OTPs.
Most of these were already done but it was missing for ED1 board.
Change-Id: Idfa6322d9d5c35285706d0b2d32ae09af38684a7
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Rename driver file to BSEC2.
Split header file in IP and feature parts.
Add functions to access BSEC scratch register.
Several corrections and improvements.
Probe the driver earlier, especially to check debug features.
Change-Id: I1981536398d598d67a19d2d7766dacc18de72ec1
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
A new nvmem_layout node includes nvmem platform-dependent layout
information, such as OTP NVMEM cell lists (phandle, name).
This list allows easy access to OTP offsets defined in BSEC node,
where more OTP definitions with offsets in bytes and length have
been added (replace hard-coded values).
Each board may redefine this list, especially for board_id info.
Change-Id: I910ae671b3bf3320ee6500fecc9ec335ae67bbda
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Used by driver parsing this node to get information.
Change-Id: I50623a497157adf7b9da6fafe8d79f6ff58c0ebc
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Add support for regulator-always-on at BL2 level as it was supported
before using the regulator framework.
Signed-off-by: Pascal Paillet <p.paillet@st.com>
Change-Id: Idb2f4ddc2fdd4e0d31fb33da87c84618aa2e5135
This patch adds the basic CPU library code to support the Poseidon CPU
in TF-A. Poseidon is derived from HunterELP core, an implementation of
v9.2 architecture. Currently, Hunter CPU the predecessor to HunterELP,
is supported in TF-A. Accordingly the Hunter CPU library code has been
as the base and adapted here.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I406b4de156a67132e6a5523370115aaac933f18d
This warning can only be removed if the version is newer than v1.6.0.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I472a8e552305b563447e8148074a5c0970b429e3
If a board declares an mmc1 alias in its DT and is compiled without flags
STM32MP_EMMC or STM32MP_SDMMC, the DT will fail to build.
Add /delete-property/ mmc1; to correct this.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I1938ff99dc3d883f9174ee886f9ffa195ec60373
Some of the ST drivers were not listed, and had no scopes. Add BSEC,
Crypto, DDR, I2C, FMC, GPIO, Regulator, Reset, SPI and Watchdog.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I4441f160f778d4bf7686e24e7d2d3c8330891327
* changes:
refactor(st-clock): update STGEN management
feat(st-clock): assign clocks to the correct BL
feat(st-clock): do not refcount on non-secure clocks in bl32
feat(st-clock): define secure and non-secure gate clocks
refactor(stm32mp1): remove unused refcount helper functions
fix(stm32mp1): add missing debug.h
refactor(st-clock): use refcnt instead of secure status
Some clocks are only required in BL2, like boot devices clocks:
FMC, QSPI.
Some clocks are only used in BL32: Timers, devices that need special
care for independent reset.
Change-Id: Id4ba99afeea5095f419a86f7dc6423192c628d82
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This change removes reference counting support in clock gating
implementation for clocks that rely on non-secure only RCC resources.
As RCC registers are accessed straight by non-secure world for these
clocks, secure world cannot safely store the clock state and even
disabling such clock from secure world can jeopardize the non-secure
world clock management framework and drivers.
As a consequence, for such clocks, stm32_clock_enable() forces the clock
ON without any increment of a refcount and stm32_clock_disable() does
not disable the clock.
Change-Id: I0cc159b36a25dbc8676f05edf2668ae63c640537
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>