Measured-Boot and Trusted-Boot are orthogonal to each other and hence
removed dependency of Trusted-Boot on Measured-Boot by making below
changes -
1. BL1 and BL2 main functions are used for initializing Crypto module
instead of the authentication module
2. Updated Crypto module registration macro for MEASURED_BOOT with only
necessary callbacks for calculating image hashes
3. The 'load_auth_image' function is now used for the image measurement
during Trusted or Non-Trusted Boot flow
Change-Id: I3570e80bae8ce8f5b58d84bd955aa43e925d9fff
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
These basic tests are generic and should be used independently of the
driver, depending on the plaftorm characteristics.
Change-Id: I38161b659ef2a23fd30a56e1c9b1bd98461a2fe4
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@foss.st.com>
stm32mp_ddrctl structure contains DDRCTRL registers definitions.
stm32mp_ddr_info contains general DDR information extracted from DT.
stm32mp_ddr_size moves to the generic side.
stm32mp1_ddr_priv contains platform private data.
stm32mp_ddr_dt_get_info() and stm32mp_ddr_dt_get_param() allow to
retrieve data from DT. They are located in new generic c/h files in
which stm32mp_ddr_param structure is declared. Platform makefile
is updated.
Adapt driver with this new classification.
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Change-Id: I4187376c9fff1a30e7a94407d188391547107997
A new flag STM32MP_DDR_DUAL_AXI_PORT is added, and enabled by default.
It will allow choosing single or dual AXI ports for DDR.
Change-Id: I48826a66a6f4d18df87e081c0960af89ddda1b9d
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add the read data eye training = training for optimal read valid placement
(RVTRN) when the built-in calibration is executed for LPDDR2 and LPDDR3.
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Change-Id: I7ac1c77c21ebc30315b532741f2f255c2312d5b2
The support of a predefined DDR PHY tuning result is removed for
STM32MP1 driver because it is not needed at the supported frequency
when built-in calibration is executed.
The calibration parameters were provided in the device tree by the
optional node "st,phy-cal", activated in ddr helper file by the
compilation flag DDR_PHY_CAL_SKIP and filled with values generated
by CubeMX.
This patch
- updates the binding file to remove "st,phy-cal" support
- updates the device trees and remove the associated defines
- simplifies the STM32MP1 DDR driver and remove the support of
the optional "st,phy-cal"
After this patch the built-in calibration is always executed.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Change-Id: I3fc445520c259f7f05730aefc25e64b328bf7159
Refactor the GPIO code to use a small lookup table instead of redundant or
repetitive code.
Signed-off-by: Jona Stubbe <tf-a@jona-stubbe.de>
Change-Id: Icf60385095efc1f506e4215d497b60f90e16edfd
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
For somewhat historical reasons we are doing some initial PMIC regulator
setup in BL31, as U-Boot does not (yet) have a PMIC driver. This worked
fine so far, but there is at least one board (OrangePi 3) that gets upset,
because the Ethernet PHY needs some *coordinated* bringup of *two*
regulators.
To avoid custom hacks, let's introduce a build option to keep doing the
regulator setup in TF-A. Defining SUNXI_SETUP_REGULATORS to 0 will break
support for some devices on some boards in U-Boot (Ethernet and HDMI),
but will allow to bring up the OrangePi 3 in Linux correctly. We keep
the default at 1 to not change the behaviour for all other boards.
After U-Boot gained proper PMIC support at some point in the future, we
will probably change the default to 0, to get rid of the less optimal
PMIC code in TF-A.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: Ie8e2583d0396f6eeaae8ffe6b6190f27db63e2a7
To correctly initialize the MMC devices, a power cycle is required.
For this we need to:
- disable vmmc-supply regulator
- make the power cycle required for SDMMC2 peripheral
- enable regulators
Change-Id: I2be6d9082d1cc4c864a82cf2c31ff8522e2d31a2
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Fixed regulator is mainly used when no pmic is available
Change-Id: Ib6a998684bcb055ba95a093bee563372d9051474
Signed-off-by: Pascal Paillet <p.paillet@st.com>
print_pmic_info_and_debug() prints the PMIC version ID and displays
regulator information if debug is enabled.
It is under DEBUG flag and called after initialize_pmic() in BL2.
Change-Id: Ib81a625740b7ec6abb49cfca05e44c69efaa4718
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Add a regulator framework to:
- provide an interface to consumers and drivers,
- connect consumers with drivers,
- handle most of devicetree-parsing,
- handle always-on and boot-on regulators,
- handle min/max voltages,
Change-Id: I23c939fdef2c71a416c44c9de332f70db0d2aa53
Signed-off-by: Pascal Paillet <p.paillet@st.com>
Add support for ICC, sink mode, bypass mode,
active discharge and list voltages.
Handle LDO3 sink source mode in a different way to avoid
setting voltage while in sink source mode.
Change-Id: Ib1b909fd8a153f542917f650e43e24317a570534
Signed-off-by: Pascal Paillet <p.paillet@st.com>
Add regulators boost, pwr_sw1 and pwr_sw2 regulators related to
USB OTG supply BOOST, SW_OTG and SWIN/SWOUT. These regulators are
needed since manipulated during the suspend/resume power sequence
as per FDT description for stm32mp15x-xxx boards from
STMicroelectronics.
Change-Id: I6217de707e49882bd5a9100db43e0d354908800d
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
This is mainly a clock interface with clk_ops callbacks.
Those callbacks are: enable, disable, get_rate, set_parent,
and is_enabled.
This framework is compiled for STM32MP1.
Change-Id: I5119a2aeaf103ceaae7a60d9e423caf0c148d794
Signed-off-by: Ludovic Barre <ludovic.barre@st.com>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@st.com>
Add set_gpio_reset_cfg() to set a pin in its reset configuration:
analog, no-pull, speed low, and its secure configuration, thanks to
stm32_gpio_is_secure_at_reset().
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I7b73c3636859f97fcc57f81cf68b42efc727922e
Implemented a platform function 'plat_mboot_measure_critical_data' to
measure critical data and record its measurement using the Event Log
driver.
'bl2_plat_mboot_finish' function invokes this platform function
immediately after populating the critical data.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ia198295c6e07ab26d436eab1ff90df2cf28303af
It doesn't look correct to use mbed TLS defines directly in the Event
Log driver as this driver may use another Crypto library in future.
Hence mbed TLS Crypto dependency on Event Log driver is removed by
introducing generic Crypto defines and uses those in the Event Log
driver to call Crypto functions.
Also, updated mbed TLS glue layer to map these generic Crypto defines
to mbed TLS library defines.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ibc9c751f60cbce4d3f3cf049b7c53b3d05cc6735
Add a UART/USART driver for STM32 with complete a hardware support;
it used for STM32CubeProgrammer support with even parity.
This driver is not used for console, which is already handle
by a simple driver (drivers/st/uart/aarch32/stm32_console.S).
Change-Id: Ia9266e5d177fe7fd09c8a15b81da1a05b1bc8b2d
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Sometimes when changing UART clock from TBG to XTAL, UART HW enters into
some broken state. It does not transit characters from TX FIFO anymore
and TX FIFO stays always empty. TX FIFO reset does not recover UART HW
from this broken state.
Experiments show that external reset can fix UART HW from this broken
state.
TF-A fatal error handler calls console_a3700_core_init() function to
initialize UART HW. This handler may be called anytime during CPU
runtime, also when kernel is running.
U-Boot or Linux kernel may change UART clock to TBG to achieve higher
baudrates. During initialization, console_a3700_core_init() resets UART
configuration to default settings, which means that it also changes
UART clock from TBG to XTAL.
Do an external reset of UART via North Bridge Peripheral reset register
to prevent this UART hangup.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I8990bce24d1a6fd8ccc47a2cd0a5ff932fcfcf14
Renamed a macro 'INVALID_ID' to 'EVLOG_INVALID_ID' to avoid its clash
with other macro names and to show it is explicitly used for Event
Log driver.
Change-Id: Ie4c92b3cd1366d9a59cd6f43221e24734865f427
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Correctly handle USB_DESC_TYPE_OTHER_SPEED_CONFIGURATION request
in USB driver and support a different result than
USB_DESC_TYPE_CONFIGURATION with the new optional ops
get_other_speed_config_desc().
The support of this descriptor is optionnal and is only
required when high-speed capable device which can operate at its
other possible speed.
This patch allows to remove the pbuf update in usb_core_get_desc()
and solves an issue on USB re-enumeration on STM32MP15 platform
as the result of get_config_desc() is a const array.
This issue is not see on normal use-case, as the USB enumeration
is only done in ROM code and TF-A reuse the same USB descritors.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I8edcc1e45065ab4e45d48f4bc37b49120674fdb0
When an Arm Ltd GIC (Arm GIC-[567]00) is instantiated with one or more
ITSes, the ITS MMIO frames appear between the distributor and
redistributor addresses. This makes the beginning of the redistributor
region dependent on the existence and number of ITSes.
To support various FPGA images, with and without ITSes, probe the
addresses in question, to learn whether they accommodate an ITS or a
redistributor. This can be safely done by looking at the PIDR[01]
registers, which contain an ID code for each region, documented in the
Arm GIC TRMs.
We try to find all ITSes instantiated, and skip either two or four 64K
frames, depending on GICv4.1 support. At some point we will find the
first redistributor; this address we then update in the DTB.
Change-Id: Iefb88c2afa989e044fe0b36b7020b56538c60b07
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The GIC specification describes ID registers in each GIC register frame
(PIDRx), which can be used to identify a GIC component. The Arm Ltd. GIC
implementations use certain ID values to identify the distributor, the
redistributors and other parts like ITSes.
Introduce a function that reads those part number IDs, which are spread
over two registers. The actual numbers are only meaningful in connection
with a certain GIC model, which would need to be checked beforehand, by
the caller.
Change-Id: Ia6ff326a1e8b12664e4637bc8e2683d2b5c7721c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Add a device driver for Synopsis DWC2 USB IP of STM32MP15x,
this USB OTG device is only supported in device mode.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I90b21f094f6637b85f3ace23a3a3a2f6fd4e0951
Add a new USB framework to manage an USB device profile (USBD)
based on a peripheral controller driver (PCD).
This USB stack can be use to implement any Universal Serial Bus Device
Class in TF-A on top of a USB driver defined in the platform.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I7971ec6d952edec3511157a198e6e5359df4346b
This change aims to make the UFS code more robust by performing a
controller reset if linkstartup fails. This idea was borrowed from
Linux's ufshcd_link_startup function.
Signed-off-by: Jorge Troncoso <jatron@google.com>
Change-Id: I6b52148d1bf155b11198dc82a39b1120057adaaf
This change aims to make the UFS code more robust by adding retry logic
and timeouts to ufshc_reset. We also define a new function
ufshc_hce_enable for Host Controller Enable (HCE). The inner and outer
retry pattern is based on Linux's ufshcd_hba_execute_hce function.
Signed-off-by: Jorge Troncoso <jatron@google.com>
Change-Id: I9403a5a25d3ca50af5f2f9a65b774f6a2d7a9626
This change aims to make the UFS code more robust by removing asserts
and adding retry logic. We also reduce repetition by reusing
ufshc_send_uic_cmd for DME_GET and DME_SET commands.
Signed-off-by: Jorge Troncoso <jatron@google.com>
Change-Id: Id70aa1687d5ca78dc7d47234372255ac5a04a612
* changes:
fix(stpmic1): fix power switches activation
fix(stpmic1): update error cases return
refactor(stpmic1): use BIT and GENMASK helpers
fix(stm32mp1_clk): keep RTC clock always on
fix(stm32mp1_clk): set other clocks as always on
Currently, for the supported SCMI protocols, the version returned by the SCMI
platform agent must be exactly matching the driver's version (major version).
The recent change for the required version of Power Domain protocol means that
the platform must return version 2.0. This can be however a limitation in some
cases, where a SCMI-v1.0 platform can still be considered compatible with the
driver supported in firmware.
Relax the protocol version requirement such that any version older than the
one supported by the drivers can still be compatible.
Note: For now this has effect only on Power Domain protocol, as the other
drivers still require the "base" version 1.0.
Signed-off-by: Nicola Mazzucato <nicola.mazzucato@arm.com>
Change-Id: I310ae1869c2e952991a8d733f394029ab64087bf
Made measurement strings compliant to Server Base Security Guide
(SBSG, Arm DEN 0086) hence updated measurement strings for BL32, BL31,
and SCP_BL2 images. As the GPT image is not get measured by BL2 so
removed its measurement string.
Also, namespaced measurement string defines that were looking quite
generic.
Change-Id: Iaa17c0cfeee3d06dc822eff2bd553da23bd99b76
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
It looks safer and cleaner approach to record the measurement taken by
BL1 straightaway in TCG Event Log instead of deferring these recordings
to BL2.
Hence pull in the full-fledged measured boot driver into BL1 that
replaces the former ad-hoc platform interfaces i.e.
bl1_plat_set_bl2_hash, bl2_plat_get_hash.
As a result of this change the BL1 of Arm FVP platform now do the
measurements and recordings of below images:
1. FW_CONFIG
2. TB_FW_CONFIG
3. BL2
Change-Id: I798c20336308b5e91b547da4f8ed57c24d490731
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Currently, the Event Log driver does platform layer work by invoking
a few platform functions in the 'event_log_finalise' call. Doing
platform work does not seem to be the driver's responsibility, hence
moved 'event_log_finalise' function's implementation to the platform
layer.
Alongside, introduced few Event Log driver functions and done
some cosmetic changes.
Change-Id: I486160e17e5b0677c734fd202af7ccd85476a551
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Right now, event_log_init() does 2 things:
1) It writes all the necessary TCG data structures in the event log buffer.
2) It writes the first measurement (BL2's).
Step 2) introduces in the TCG event log driver an assumption on what
is getting measured and in what order. Ideally, the driver should only
be concerned about generic operations, such as initializing the event
log or recording a measurement in it. As much as possible, we should
design the driver such that it could be reused in another project that
has a different measure boot flow.
For these reasons, move step 2) up to the caller, plat_mboot_init() in
this case. Make event_log_record() a public function for this purpose.
This refactoring will also help when we make BL1 record BL2's
measurement into the event log (instead of BL2). Both BL1 and BL2 will
need to call the driver's init function but only BL1 will need
recording BL2's measurement. We can handle this through different
implementations of plat_mboot_init() for BL1 and BL2, leaving the TCG
event log driver unchanged.
Change-Id: I358e097c1eedb54f82b866548dfc6bcade83d519
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
With the removal of the generic functions measured_boot_init()/finish(),
measured_boot.mk becomes specific to the TCG event log backend. Change
its file name to event_log.mk.
Also, the Event Log driver is one of the backend of measured boot hence
created a separate folder for it under the measured_boot directory.
Alongside done some cosmetic changes (adding a comment and fixing
identation).
Change-Id: I4ce3300e6958728dc15ca5cced09eaa01510606c
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Right now, the measured boot driver is strongly coupled with the TCG
event log driver. It would not be possible to push the measurements
somewhere else, for instance to a physical TPM.
To enable this latter use case, turn the driver's init and teardown
functions into platform hooks. Call them bl2_plat_mboot_init()/finish().
This allows each platform to implement them appropriately, depending on
the type of measured boot backend they use. For example, on a platform
with a physical TPM, the plat_mboot_init() hook would startup the TPM
and setup it underlying bus (e.g. SPI).
Move the current implementation of the init and teardown function to the
FVP platform layer.
Finally move the conditional compilation logic (#if MEASURED_BOOT) out
of bl2_main() to improve its readability. Provide a dummy implementation
in the case measured boot is not included in the build.
Change-Id: Ib6474cb5a9c1e3d4a30c7f228431b22d1a6e85e3
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
tpm_record_measurement() function name suggests that:
- It only records a measurement but does not compute it.
This is not the case, the function does both.
- It stores this measurement into a TPM (discrete chip or fTPM).
This is not the case either, the measurement is just stored into
the event log, which is a data structure hold in memory, there is
no TPM involvement here.
To better convey the intent of the function, rename it into
event_log_measure_and_record().
Change-Id: I0102eeda477d6c6761151ac96759b31b6997e9fb
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Now lx2 which use MT35XU512A supports warm boot, fix the macro
define caused by the commit:
feat(driver/nxp/xspi): add MT35XU02G flash info
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I83eb8cb9a30ac7c7efd5a010acbd03eddebed52b
Manish V Badarkhe
Nicolas Le Bayon
Nicolas Le Bayon
Yann Gautier
Patrick Delaunay
Jona Stubbe
André Przywara
Madhukar Pappireddy
Pascal Paillet
Yann Gautier
Etienne Carriere
Gabriel Fernandez
Manish Pandey
Sandrine Bailleux
Pali Rohár
Patrick Delaunay
Joanna Farley
Jorge Troncoso
Mark Dykes
Nicola Mazzucato
Jiafei Pan
Pankaj Gupta