Neoverse-N2 erratum 2242415 is a Cat B erratum that applies to
revision r0p0 of CPU. It is still open. The workaround
is to set CPUACTLR_EL1[22] to 1'b1. Setting CPUACTLR_EL1[22]
will cause CFP instruction to invalidate all branch predictor
resources regardless of context.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1982442/latest
Signed-off-by: nayanpatel-arm <nayankumar.patel@arm.com>
Change-Id: I442be81fbc32e21fed51a84f59584df17f845e96
When an Arm Ltd GIC (Arm GIC-[567]00) is instantiated with one or more
ITSes, the ITS MMIO frames appear between the distributor and
redistributor addresses. This makes the beginning of the redistributor
region dependent on the existence and number of ITSes.
To support various FPGA images, with and without ITSes, probe the
addresses in question, to learn whether they accommodate an ITS or a
redistributor. This can be safely done by looking at the PIDR[01]
registers, which contain an ID code for each region, documented in the
Arm GIC TRMs.
We try to find all ITSes instantiated, and skip either two or four 64K
frames, depending on GICv4.1 support. At some point we will find the
first redistributor; this address we then update in the DTB.
Change-Id: Iefb88c2afa989e044fe0b36b7020b56538c60b07
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The GIC specification describes ID registers in each GIC register frame
(PIDRx), which can be used to identify a GIC component. The Arm Ltd. GIC
implementations use certain ID values to identify the distributor, the
redistributors and other parts like ITSes.
Introduce a function that reads those part number IDs, which are spread
over two registers. The actual numbers are only meaningful in connection
with a certain GIC model, which would need to be checked beforehand, by
the caller.
Change-Id: Ia6ff326a1e8b12664e4637bc8e2683d2b5c7721c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
For platforms where we don't know the number of cores at compile time,
the size of the GIC redistributor frame is then also undetermined, since
it depends on this number of cores.
On top of this the GICR base address can also change, when an unknown
number of ITS frames (including zero) take up space between the
distributor and redistributor.
So while those two adjustments are done for independent reasons, the
code for doing so is very similar, so we should utilise the existing
fdt_adjust_gic_redist() function.
Add an (optional) gicr_base parameters to the prototype, so callers can
choose to also adjust this base address later, if needed.
Change-Id: Id39c0ba83e7401fdff1944e86950bb7121f210e8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Define a handler in the SPMD to route secure interrupts occurring while
the normal world runs. On a Group1 Secure interrupt (with a GICv3 or a
Group0 interrupt on GICv2), the normal world is pre-empted to EL3 and
redirected to the SPMD/SPMC for further handling.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: I1350d74048c5549a2af8da0ba004c08512cc006a
* changes:
feat(plat/st/stm32mp1): add STM32MP_USB_PROGRAMMER target
feat(plat/st/stm32mp1): add USB DFU support for STM32MP1
feat(plat/st): add STM32CubeProgrammer support on USB
feat(drivers/st/usb): add device driver for STM32MP1
feat(plat/st): add a USB DFU stack
feat(drivers/usb): add a USB device stack
Add a device driver for Synopsis DWC2 USB IP of STM32MP15x,
this USB OTG device is only supported in device mode.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I90b21f094f6637b85f3ace23a3a3a2f6fd4e0951
Add a new USB framework to manage an USB device profile (USBD)
based on a peripheral controller driver (PCD).
This USB stack can be use to implement any Universal Serial Bus Device
Class in TF-A on top of a USB driver defined in the platform.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I7971ec6d952edec3511157a198e6e5359df4346b
This patch removes files that are not used by TF-R as well as
removes unused generic files from the TF-R makefile.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Idb15ac295dc77fd38735bf2844efdb73e6f7c89b
MPMM - the Maximum Power Mitigation Mechanism - is an optional
microarchitectural feature present on some Armv9-A cores, introduced
with the Cortex-X2, Cortex-A710 and Cortex-A510 cores.
MPMM allows the SoC firmware to detect and limit high activity events
to assist in SoC processor power domain dynamic power budgeting and
limit the triggering of whole-rail (i.e. clock chopping) responses to
overcurrent conditions.
This feature is enabled via the `ENABLE_MPMM` build option.
Configuration can be done via FCONF by enabling `ENABLE_MPMM_FCONF`, or
by via the plaform-implemented `plat_mpmm_topology` function.
Change-Id: I77da82808ad4744ece8263f0bf215c5a091c3167
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change makes AMU auxiliary counters configurable on a per-core
basis, controlled by `ENABLE_AMU_AUXILIARY_COUNTERS`.
Auxiliary counters can be described via the `HW_CONFIG` device tree if
the `ENABLE_AMU_FCONF` build option is enabled, or the platform must
otherwise implement the `plat_amu_topology` function.
A new phandle property for `cpu` nodes (`amu`) has been introduced to
the `HW_CONFIG` specification to allow CPUs to describe the view of
their own AMU:
```
cpu0: cpu@0 {
...
amu = <&cpu0_amu>;
};
```
Multiple cores may share an `amu` handle if they implement the
same set of auxiliary counters.
AMU counters are described for one or more AMUs through the use of a new
`amus` node:
```
amus {
cpu0_amu: amu-0 {
#address-cells = <1>;
#size-cells = <0>;
counter@0 {
reg = <0>;
enable-at-el3;
};
counter@n {
reg = <n>;
...
};
};
};
```
This structure describes the **auxiliary** (group 1) AMU counters.
Architected counters have architecturally-defined behaviour, and as
such do not require DTB entries.
These `counter` nodes support two properties:
- The `reg` property represents the counter register index.
- The presence of the `enable-at-el3` property determines whether
the firmware should enable the counter prior to exiting EL3.
Change-Id: Ie43aee010518c5725a3b338a4899b0857caf4c28
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change represents a general refactoring to clean up old code that
has been adapted to account for changes required to enable dynamic
auxiliary counters.
Change-Id: Ia85e0518f3f65c765f07b34b67744fc869b9070d
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change decouples the group 1 counter macros to facilitate dynamic
detection at runtime. These counters remain disabled - we will add
dynamic enablement of them in a later patch.
Change-Id: I820d05f228d440643bdfa308d030bd51ebc0b35a
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change removes the `AMU_GROUP0_COUNTERS_MASK` and
`AMU_GROUP0_MAX_COUNTERS` preprocessor definitions, instead retrieving
the number of group 0 counters dynamically through `AMCGCR_EL0.CG0NC`.
Change-Id: I70e39c30fbd5df89b214276fac79cc8758a89f72
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change reduces preprocessor dependencies on the
`AMU_GROUP1_NR_COUNTERS` and `AMU_GROUP1_COUNTERS_MASK` definitions, as
these values will eventually be discovered dynamically.
In their stead, we introduce the `ENABLE_AMU_AUXILIARY_COUNTERS` build
option, which will enable support for dynamically detecting and
enabling auxiliary AMU counters.
This substantially reduces the amount of memory used by platforms that
know ahead of time that they do not have any auxiliary AMU counters.
Change-Id: I3d998aff44ed5489af4857e337e97634d06e3ea1
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change introduces a small set of register getters and setters to
avoid having to repeatedly mask and shift in complex code.
Change-Id: Ia372f60c5efb924cd6eeceb75112e635ad13d942
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change reduces the exposed surface area of the AMU API in order to
simplify the refactoring work in following patches. The functions and
definitions privatized by this change are not used by other parts of the
code-base today.
BREAKING CHANGE: The public AMU API has been reduced to enablement only
to facilitate refactoring work. These APIs were not previously used.
Change-Id: Ibf6174fb5b3949de3c4ba6847cce47d82a6bd08c
Signed-off-by: Chris Kay <chris.kay@arm.com>
With the introduction of MPMM, the auxiliary AMU counter logic requires
refactoring to move away from a single platform-defined group 1 counter
mask in order to support microarchitectural (per-core) group 1 counters.
BREAKING CHANGE: The `PLAT_AMU_GROUP1_COUNTERS_MASK` platform definition
has been removed. Platforms should specify per-core AMU counter masks
via FCONF or a platform-specific mechanism going forward.
Change-Id: I1e852797c7954f92409222b066a1ae57bc72bb05
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change adds a new utility function - `fdtw_for_each_cpu` - to
invoke a callback for every CPU node listed in a flattened device tree
(FDT) with the node identifier and the MPIDR of the core it describes.
Signed-off-by: Chris Kay <chris.kay@arm.com>
Change-Id: Iabb5c0f0c9d11928a4a7a41cdc7d1e09aadeb2bc
This patch changes Cortex Demeter to Neoverse Demeter.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I7306d09ca60e101d0a96c9ceff9845422d75c160
This patch adds the basic CPU library code to support the Hunter CPU
in TF-A. This CPU is based on the Makalu core so that library code
was adapted as the basis for this patch.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I956b2dc0f43da7cec3e015252392e2694363e1b3
Currently on image entry, the data cache in the RW address range is
invalidated before MMU is enabled to safeguard against potential
stale data from previous firmware stage. If PIE is enabled however,
RO sections including the GOT may be also modified during pie fixup.
Therefore, to be on the safe side, invalidate the entire image
region if PIE is enabled.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I7ee2a324fe4377b026e32f9ab842617ad4e09d89
This change aims to make the UFS code more robust by performing a
controller reset if linkstartup fails. This idea was borrowed from
Linux's ufshcd_link_startup function.
Signed-off-by: Jorge Troncoso <jatron@google.com>
Change-Id: I6b52148d1bf155b11198dc82a39b1120057adaaf
This change aims to make the UFS code more robust by adding retry logic
and timeouts to ufshc_reset. We also define a new function
ufshc_hce_enable for Host Controller Enable (HCE). The inner and outer
retry pattern is based on Linux's ufshcd_hba_execute_hce function.
Signed-off-by: Jorge Troncoso <jatron@google.com>
Change-Id: I9403a5a25d3ca50af5f2f9a65b774f6a2d7a9626
This change aims to make the UFS code more robust by removing asserts
and adding retry logic. We also reduce repetition by reusing
ufshc_send_uic_cmd for DME_GET and DME_SET commands.
Signed-off-by: Jorge Troncoso <jatron@google.com>
Change-Id: Id70aa1687d5ca78dc7d47234372255ac5a04a612
* changes:
fix(stpmic1): fix power switches activation
fix(stpmic1): update error cases return
refactor(stpmic1): use BIT and GENMASK helpers
fix(stm32mp1_clk): keep RTC clock always on
fix(stm32mp1_clk): set other clocks as always on
Currently, for the supported SCMI protocols, the version returned by the SCMI
platform agent must be exactly matching the driver's version (major version).
The recent change for the required version of Power Domain protocol means that
the platform must return version 2.0. This can be however a limitation in some
cases, where a SCMI-v1.0 platform can still be considered compatible with the
driver supported in firmware.
Relax the protocol version requirement such that any version older than the
one supported by the drivers can still be compatible.
Note: For now this has effect only on Power Domain protocol, as the other
drivers still require the "base" version 1.0.
Signed-off-by: Nicola Mazzucato <nicola.mazzucato@arm.com>
Change-Id: I310ae1869c2e952991a8d733f394029ab64087bf
Made measurement strings compliant to Server Base Security Guide
(SBSG, Arm DEN 0086) hence updated measurement strings for BL32, BL31,
and SCP_BL2 images. As the GPT image is not get measured by BL2 so
removed its measurement string.
Also, namespaced measurement string defines that were looking quite
generic.
Change-Id: Iaa17c0cfeee3d06dc822eff2bd553da23bd99b76
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Introduced functions to set and get Event log information
(tpm_event_log address and its size).
In FVP platform case, measured boot with Event Log backend flow
work as below
1. event_log_init function called by BL1 to initialize Event Log
module
2. arm_set_tb_fw_info function called by BL1 to set the
'tpm_event_log_addr' and 'tpm_event_log_size' properties
in tb_fw_config
3. arm_get_tb_fw_info function called by BL2 to get tpm Event Log
parameters set by BL1. These parameters used by the BL2 to
extend the tpm Event Log records, and use these parameters
to initialize Event Log using event_log_init function
4. arm_set_nt_fw_info and arm_set_tos_fw_info function called by
BL2 to set 'tpm_event_log' address and its size properties in
nt_fw_config and tos_fw_config respectively
Alongside, this patch created a separate instances of plat_mboot_init
and plat_mboot_finish APIs for BL1 and BL2.
This patch is tested using the existing measured boot test configuration
in jenkins CI.
Change-Id: Ib9eca092afe580df014541c937868f921dff9c37
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
It looks safer and cleaner approach to record the measurement taken by
BL1 straightaway in TCG Event Log instead of deferring these recordings
to BL2.
Hence pull in the full-fledged measured boot driver into BL1 that
replaces the former ad-hoc platform interfaces i.e.
bl1_plat_set_bl2_hash, bl2_plat_get_hash.
As a result of this change the BL1 of Arm FVP platform now do the
measurements and recordings of below images:
1. FW_CONFIG
2. TB_FW_CONFIG
3. BL2
Change-Id: I798c20336308b5e91b547da4f8ed57c24d490731
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Currently, the Event Log driver does platform layer work by invoking
a few platform functions in the 'event_log_finalise' call. Doing
platform work does not seem to be the driver's responsibility, hence
moved 'event_log_finalise' function's implementation to the platform
layer.
Alongside, introduced few Event Log driver functions and done
some cosmetic changes.
Change-Id: I486160e17e5b0677c734fd202af7ccd85476a551
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Subsequent patches will provide a solution to do the BL2 hash measurement
and recording in BL1 itself, hence in preparation to adopt that solution
remove the logic of passing BL2 hash measurement to BL2 component
via TB_FW config.
Change-Id: Iff9b3d4c6a236a33b942898fcdf799cbab89b724
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Right now, event_log_init() does 2 things:
1) It writes all the necessary TCG data structures in the event log buffer.
2) It writes the first measurement (BL2's).
Step 2) introduces in the TCG event log driver an assumption on what
is getting measured and in what order. Ideally, the driver should only
be concerned about generic operations, such as initializing the event
log or recording a measurement in it. As much as possible, we should
design the driver such that it could be reused in another project that
has a different measure boot flow.
For these reasons, move step 2) up to the caller, plat_mboot_init() in
this case. Make event_log_record() a public function for this purpose.
This refactoring will also help when we make BL1 record BL2's
measurement into the event log (instead of BL2). Both BL1 and BL2 will
need to call the driver's init function but only BL1 will need
recording BL2's measurement. We can handle this through different
implementations of plat_mboot_init() for BL1 and BL2, leaving the TCG
event log driver unchanged.
Change-Id: I358e097c1eedb54f82b866548dfc6bcade83d519
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Right now, the assumption is that the platform post-load hook takes
care of measuring the image that just got loaded. This is how it's
implemented on FVP.
This patch moves the measurement into the generic code
instead. load_auth_image() now calls plat_mboot_measure_image(),
which is a new platform interface introduced in this patch to measure
an image. This is called just after authenticating the image.
Implement plat_mboot_measure_image() for the Arm FVP platform. The code
is copied straight from the post-load hook.
As a result, the FVP specific implementation of
arm_bl2_plat_handle_post_image_load() is no longer needed. We can go
back to using the Arm generic implementation of it.
Change-Id: I7b4b8d28941a865e10af9d0eadaf2e4850942090
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
With the removal of the generic functions measured_boot_init()/finish(),
measured_boot.mk becomes specific to the TCG event log backend. Change
its file name to event_log.mk.
Also, the Event Log driver is one of the backend of measured boot hence
created a separate folder for it under the measured_boot directory.
Alongside done some cosmetic changes (adding a comment and fixing
identation).
Change-Id: I4ce3300e6958728dc15ca5cced09eaa01510606c
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Right now, the measured boot driver is strongly coupled with the TCG
event log driver. It would not be possible to push the measurements
somewhere else, for instance to a physical TPM.
To enable this latter use case, turn the driver's init and teardown
functions into platform hooks. Call them bl2_plat_mboot_init()/finish().
This allows each platform to implement them appropriately, depending on
the type of measured boot backend they use. For example, on a platform
with a physical TPM, the plat_mboot_init() hook would startup the TPM
and setup it underlying bus (e.g. SPI).
Move the current implementation of the init and teardown function to the
FVP platform layer.
Finally move the conditional compilation logic (#if MEASURED_BOOT) out
of bl2_main() to improve its readability. Provide a dummy implementation
in the case measured boot is not included in the build.
Change-Id: Ib6474cb5a9c1e3d4a30c7f228431b22d1a6e85e3
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
tpm_record_measurement() function name suggests that:
- It only records a measurement but does not compute it.
This is not the case, the function does both.
- It stores this measurement into a TPM (discrete chip or fTPM).
This is not the case either, the measurement is just stored into
the event log, which is a data structure hold in memory, there is
no TPM involvement here.
To better convey the intent of the function, rename it into
event_log_measure_and_record().
Change-Id: I0102eeda477d6c6761151ac96759b31b6997e9fb
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme): add build and run instructions for FEAT_RME
fix(plat/fvp): bump BL2 stack size
fix(plat/fvp): allow changing the kernel DTB load address
refactor(plat/arm): rename ARM_DTB_DRAM_NS region macros
refactor(plat/fvp): update FVP platform DTS for FEAT_RME
feat(plat/arm): add GPT initialization code for Arm platforms
feat(plat/fvp): add memory map for FVP platform for FEAT_RME
refactor(plat/arm): modify memory region attributes to account for FEAT_RME
feat(plat/fvp): add RMM image support for FVP platform
feat(rme): add GPT Library
feat(rme): add ENABLE_RME build option and support for RMM image
refactor(makefile): remove BL prefixes in build macros
feat(rme): add context management changes for FEAT_RME
feat(rme): add Test Realm Payload (TRP)
feat(rme): add RMM dispatcher (RMMD)
feat(rme): run BL2 in root world when FEAT_RME is enabled
feat(rme): add xlat table library changes for FEAT_RME
feat(rme): add Realm security state definition
feat(rme): add register definitions and helper functions for FEAT_RME
Following system registers are modified before exiting EL2 to allow
u-boot/Linux to boot
1. CNTHCTL_EL2.EL1PCTEN -> 1
Allows U-boot to use physical counters at EL1
2. VTCR_EL2.MSA -> 1
Enables VMSA at EL1, which is required by U-Boot and Linux.
3. HCR_EL2.APK = 1 & HCR_EL2.API = 1
Disables PAuth instruction and register traps in EL1
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I58f45b6669a9ad1debb80265b243015c054a9bb1
Now lx2 which use MT35XU512A supports warm boot, fix the macro
define caused by the commit:
feat(driver/nxp/xspi): add MT35XU02G flash info
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I83eb8cb9a30ac7c7efd5a010acbd03eddebed52b
Use BIT and GENMASK macros to ease stpmic1.h reading.
Change-Id: I808a62818d4188bb2f3686ab37518d369b6c41cb
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
This patch updates and refactors the GPT library and fixes bugs.
- Support all combinations of PGS, PPS, and L0GPTSZ parameters.
- PPS and PGS are set at runtime, L0GPTSZ is read from GPCCR_EL3.
- Use compiler definitions to simplify code.
- Renaming functions to better suit intended uses.
- MMU enabled before GPT APIs called.
- Add comments to make function usage more clear in GPT library.
- Added _rme suffix to file names to differentiate better from the
GPT file system code.
- Renamed gpt_defs.h to gpt_rme_private.h to better separate private
and public code.
- Renamed gpt_core.c to gpt_rme.c to better conform to TF-A precedent.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I4cbb23b0f81e697baa9fb23ba458aa3f7d1ed919
When RME is enabled, during configuration of the TrustZone controller,
Root regions are initially configured as Secure regions, and Realm
regions as Non-secure regions. Then later these regions are configured
as Root and Realm regions respectively in the GPT. According to the RME
architecture reference manual, Root firmware must ensure that Granule
Protection Check is enabled before enabling any stage of translation.
Therefore initializations are done as follows when RME is enabled :
Initialize/enable the TrustZone controller (plat_arm_security_setup) -->
Initialize/enable GPC (arm_bl2_plat_gpt_setup) -->
enable MMU (enable_mmu_el3)
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I91094e8259079437bee02de1f65edb9ad51e43cf
When FEAT_RME is enabled, memory is divided into four Physical
Address Spaces (PAS): Root, Realm, Secure and Non-secure.
This patch introduces new carveouts for the Trusted SRAM and DRAM
for the FVP platform accordingly.
The following new regions are introduced with this change:
ARM_MAP_L0_GPT_REGION: Trusted SRAM region used to store Level 0
Granule Protection Table (GPT). This region resides in the Root PAS.
ARM_MAP_GPT_L1_DRAM: DRAM region used to store Level 1 GPT. It
resides in the Root PAS.
ARM_MAP_RMM_DRAM: DRAM region used to store RMM image. It
resides in the Realm PAS.
The L0 GPT is stored on Trusted SRAM next to firmware configuration
memory. The DRAM carveout when RME is enable is modified as follow:
--------------------
| |
| AP TZC (~28MB) |
--------------------
| |
| REALM (32MB) |
--------------------
| |
| EL3 TZC (3MB) |
--------------------
| L1 GPT + SCP TZC |
| (~1MB) |
0xFFFF_FFFF --------------------
During initialization of the TrustZone controller, Root regions
are configured as Secure regions. Then they are later reconfigured
to Root upon GPT initialization.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: If2e257141d51f51f715b70d4a06f18af53607254
If FEAT_RME is enabled, EL3 runs in the Root world as opposed to
Secure world. This patch changes EL3 memory region attributes for
Arm platforms accordingly.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Ie176f8b440ff34330e4e44bd3bf8d9703b3892ff
This patch introduces the Granule Protection Table (GPT)
library code. This implementation will be updated later to
be more flexible, as the current implementation is very rigid.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I3af824a28c6e9a5d36459c0c51d2d9bebfba1505
The changes include:
- A new build option (ENABLE_RME) to enable FEAT_RME
- New image called RMM. RMM is R-EL2 firmware that manages Realms.
When building TF-A, a path to RMM image can be specified using
the "RMM" build flag. If RMM image is not provided, TRP is built
by default and used as RMM image.
- Support for RMM image in fiptool
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I017c23ef02e465a5198baafd665a60858ecd1b25
This patch adds a new context for realm world and realm world
awareness in context management.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: Ic17469393603e789d7adc025880346bc3d6233d7
TRP is a small test payload that implements Realm Monitor
Management (RMM) functionalities. RMM runs in the Realm world
(R-EL2) and manages the execution of Realm VMs and their
interaction with the hypervisor in Normal world.
TRP is used to test the interface between RMM and Normal world
software, known as Realm Management Interface (RMI). Current
functions includes returning RMM version and transitioning
granules from Non-secure to Realm world and vice versa.
More information about RMM can be found at:
https://developer.arm.com/documentation/den0125/latest
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Ic7b9a1e1f3142ef6458d40150d0b4ba6bd723ea2
This patch introduces the RMM dispatcher into BL31. This
will be the mechanism that will enable communication to
take place between the Realm and non-secure world. Currently
gives the capability for granules to be
transitioned from non-secure type to realm and vice versa.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: I1fdc99a4bdd42bc14911aa0c6954b131de309511
This patch enables BL2 to run in root world (EL3) which is
needed as per the security model of RME-enabled systems.
Using the existing BL2_AT_EL3 TF-A build option is not convenient
because that option assumes TF-A BL1 doesn't exist, which is not
the case for RME-enabled systems. For the purposes of RME, we use
a normal BL1 image but we also want to run BL2 in EL3 as normally as
possible, therefore rather than use the special bl2_entrypoint
function in bl2_el3_entrypoint.S, we use a new bl2_entrypoint
function (in bl2_rme_entrypoint.S) which doesn't need reset or
mailbox initialization code seen in the el3_entrypoint_common macro.
The patch also cleans up bl2_el3_entrypoint.S, moving the
bl2_run_next_image function to its own file to avoid duplicating
code.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I99821b4cd550cadcb701f4c0c4dc36da81c7ef55
FEAT_RME adds a new bit (NSE) in the translation table descriptor
to determine the Physical Address Space (PAS) of an EL3 stage 1
translation according to the following mapping:
TTD.NSE TTD.NS | PAS
=================================
0 0 | Secure
0 1 | Non-secure
1 0 | Root
1 1 | Realm
This patch adds modifications to version 2 of the translation table
library accordingly. Bits 4 and 5 in mmap attribute are used to
determine the PAS.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I82790f6900b7a1ab9494c732eac7b9808a388103
FEAT_RME introduces two additional security states,
Root and Realm security states. This patch adds Realm
security state awareness to SMCCC helpers and entry point info
structure.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I9cdefcc1aa71259b2de46e5fb62b28d658fa59bd
This patch adds new register and bit definitions for the Armv9-A
Realm Management Extension (RME) as described in the Arm
document DDI0615 (https://developer.arm.com/documentation/ddi0615/latest).
The patch also adds TLB maintenance functions and a function to
detect the presence of RME feature.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I03d2af7ea41a20a9e8a362a36b8099e3b4d18a11
Cortex-A78 erratum 2132060 is a Cat B erratum that applies to
revisions r0p0, r1p0, r1p1, and r1p2 of CPU. It is still open.
The workaround is to write the value 2'b11 to the PF_MODE bits
in the CPUECTLR_EL1 register which will place the data prefetcher
in the most conservative mode instead of disabling it.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401784/latest
Signed-off-by: nayanpatel-arm <nayankumar.patel@arm.com>
Change-Id: If7dec72578633d37d110d103099e406c3a970ff7
Neoverse-V1 erratum 2108267 is a Cat B erratum that applies to
revisions r0p0, r1p0, and r1p1 of CPU. It is still open. The
workaround is to write the value 2'b11 to the PF_MODE bits in
the CPUECTLR_EL1 register which will place the data prefetcher
in the most conservative mode instead of disabling it.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401781/latest
Signed-off-by: nayanpatel-arm <nayankumar.patel@arm.com>
Change-Id: Iedcb84a7ad34af7083116818f49d7296f7d9bf94
Neoverse-N2 erratum 2138953 is a Cat B erratum that applies to
revision r0p0 of CPU. It is still open. The workaround
is to write the value 4'b1001 to the PF_MODE bits in the
IMP_CPUECTLR2_EL1 register which will place the data prefetcher
in the most conservative mode instead of disabling it.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1982442/latest
Signed-off-by: nayanpatel-arm <nayankumar.patel@arm.com>
Change-Id: Ife0a4bece7ccf83cc99c1d5f5b5a43084bb69d64
Cortex-A710 erratum 2058056 is a Cat B erratum that applies to
revisions r0p0, r1p0, and r2p0. It is still open. The workaround
is to write the value 4'b1001 to the PF_MODE bits in the
IMP_CPUECTLR2_EL1 register which will place the data prefetcher
in the most conservative mode instead of disabling it.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101/latest
Signed-off-by: nayanpatel-arm <nayankumar.patel@arm.com>
Change-Id: I7ce5181b3b469fbbb16501e633116e119b8bf4f1
Add support for Arm Ethos-N NPU multi-device.
The device tree parsing currently only supports one NPU device with
multiple cores. To be able to support multi-device NPU configurations
this patch adds support for having multiple NPU devices in the device
tree.
To be able to support multiple NPU devices in the SMC API, it has been
changed in an incompatible way so the API version has been bumped.
Signed-off-by: Laurent Carlier <laurent.carlier@arm.com>
Change-Id: Ide279ce949bd06e8939268b9601c267e45f3edc3
This macro enables users to go through dts nodes that have a particular
compatible string in its node attribute.
Signed-off-by: Laurent Carlier <laurent.carlier@arm.com>
Change-Id: Id80cbe6f6057076e0d53905cdc0f9a44e79960f8
This patch adds the basic CPU library code to support the Hayes CPU
in TF-A. This CPU is based on the Klein core so that library code
has been adapted for use here.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: If0e0070cfa77fee8f6eebfee13d3c4f209ad84fc
Adding load, authentication, and transfer functionality from FVP R BL1 to
BL33, which will be the partner runtime code.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I293cad09739dacac0d20dd57c1d98178dbe84d40
For v8-R64, especially R82, creating code to run BL1 at EL2, using MPU.
Signed-off-by: Gary Morrison <gary.morrison@arm.com>
Change-Id: I439ac3915b982ad1e61d24365bdd1584b3070425
Creating a platform port for FVP_R based on the FVP platform.
Differences including only-BL1, aarch64, Secure only, and EL2 being the
ELmax (No EL3).
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I1283e033fbd4e03c397d0a2c10c4139548b4eee4
FEAT_HCX adds the extended hypervisor configuration register (HCRX_EL2)
and access to this register must be explicitly enabled through the
SCR_EL3.HXEn bit. This patch adds a new build flag ENABLE_FEAT_HCX to
allow the register to be accessed from EL2.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ibb36ad90622f1dc857adab4b0d4d7a89456a522b
* changes:
feat(docs/nxp/layerscape): add ls1028a soc and board support
feat(plat/nxp/ls1028ardb): add ls1028ardb board support
feat(plat/nxp/ls1028a): add ls1028a soc support
feat(plat/nxp/common): define default SD buffer
feat(driver/nxp/xspi): add MT35XU02G flash info
feat(plat/nxp/common): add SecMon register definition for ch_3_2
feat(driver/nxp/dcfg): define RSTCR_RESET_REQ
feat(plat/nxp/common/psci): define CPUECTLR_TIMER_2TICKS
feat(plat/nxp/common): define default PSCI features if not defined
feat(plat/nxp/common): define common macro for ARM registers
feat(plat/nxp/common): add CCI and EPU address definition
Cortex-A710 erratum 2083908 is a Cat B erratum that applies to
revision r2p0 and is still open. The workaround is to set
CPUACTLR5_EL1[13] to 1.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101/latest
Signed-off-by: nayanpatel-arm <nayankumar.patel@arm.com>
Change-Id: I876d26a7ac6ab0d7c567a9ec9f34fc0f952589d8
Change the fdt_get_rcc_node function to static, as it is used only in
stm32mp_clkfunc.c file; it is only a cleanup change without functional
modification.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Change-Id: Ib4ef110f6f1b16dbaa727a065e40275d3cf58a73
The file is first generated with the peripheral spirit XML file.
And then we add some common definition, to ease driver development.
Change-Id: I4c222cf006caf27cda6da044eaf184ce66bb1442
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
* changes:
feat(plat/fvp): enable trace extension features by default
feat(trf): enable trace filter control register access from lower NS EL
feat(trf): initialize trap settings of trace filter control registers access
feat(sys_reg_trace): enable trace system registers access from lower NS ELs
feat(sys_reg_trace): initialize trap settings of trace system registers access
feat(trbe): enable access to trace buffer control registers from lower NS EL
feat(trbe): initialize trap settings of trace buffer control registers access
Defining SMC IDs for FF-A v1.1 notifications functionality, and adding
them to SPMD SMC handler, to ensure calls are forwarded to the SPMC.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Icc88aded0fd33507f7795e996bd4ff1c2fe679c8
Define RSTCR_RESET_REQ for Chassis V3.
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I5cb7019baae5fe0d06b3d5e65f185f87ee16ad3a
Add a new function that allows to enable or disabled filters on
configured regions dynamically. This will avoid the need to
reconfigure the entire attribute and just manage to
enable/disable filters.
Change-Id: If0937ca755bec6c45d3649718147108459682fff
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Add bindings that will be used to define DDR regions
and their access rights.
Change-Id: I745a7e580ef2b9e251d53db12c5a0a86dfe34463
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
This new function optee_header_is_valid() allows platform to know
whether OP-TEE OS is loaded from multi-image (using OP-TEE header
image as BL32_IMAGE_ID) or from a single OP-TEE binary image.
The function tee_validate_header() is reworked to return a boolean,
and is now silent.
Change-Id: Idc7dde091f2ada8898f40d02e68c3834ca39d8e8
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Neoverse N2 erratum 2189731 is a Cat B erratum that applies to
revision r0p0 and is still open. The workaround is to set
CPUACTLR5_EL1[44] to 1 which will cause the CPP instruction to
invalidate the hardware prefetcher state trained from any EL.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1982442/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Iddc6a59adf9fa3cab560c46f2133e1f5a8b3ad03
Cortex-A710 erratum 2017096 is a Cat B erratum that applies to
revisions r0p0, r1p0 & r2p0 and is still open. The workaround is to
set CPUECLTR_EL1[8] to 1 which disables store issue prefetching.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: If5f61ec30dbc2fab7f2c68663996057086e374e3
Cortex-A710 erratum 2055002 is a Cat B erratum that applies to
revisions r1p0 & r2p0 and is still open. The workaround is to
set CPUACTLR_EL1[46] to force L2 tag ECC inline correction mode.
This workaround works on revision r1p0 & r2p0.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I67be1dce53c4651167d8cee33c116e73b9dafe81
* changes:
refactor(plat/nxp): refine api to read SVR register
refactor(plat/nxp): each errata use a seperate source file
refactor(plat/nxp): use a unified errata api
refactor(plat/soc-lx2160): move errata to common directory
Neoverse N2 erratum 2025414 is a Cat B erratum that applies to
revision r0p0 and is still open. The workaround is to set
CPUECLTR_EL1[8] to 1 which disables store issue prefetching.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1982442/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ia1c63fb93a1bdb1c3f4cf019a197b2a59233885a
Neoverse N2 erratum 2067956 is a Cat B erratum that applies to
revision r0p0 and is still open. The workaround is to set
CPUACTLR_EL1[46] to force L2 tag ECC inline correction mode.
This workaround works on revision r0p0.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1982442/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ie92d18a379c66675b5c1c50fd0b8dde130848b21
The FMU is part of the GIC Distributor (GICD) component. It implements
the following functionality in GIC-600AE:
* Provides software the means to enable or disable a Safety Mechanism
within a GIC block.
* Receives error signaling from all Safety Mechanisms within other GIC
blocks.
* Maintains error records for each GIC block, for software inspection
and provides information on the source of the error.
* Retains error records across functional reset.
* Enables software error recovery testing by providing error injection
capabilities in a Safety Mechanism.
This patch introduces support to enable error detection for all safety
mechanisms provided by the FMU. Platforms are expected to invoke the
initialization function during cold boot.
The support for the FMU is guarded by the GICV3_SUPPORT_GIC600AE_FMU
makefile variable. The default value of this variable is '0'.
Change-Id: I421c3d059624ddefd174cb1140a2d2a2296be0c6
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
At the moment we have a GIC_ENABLE_V4_EXTN build time variable to
determine whether the GIC interrupt controller is compliant to version
4.0 of the spec or not. This just changes the number of 64K MMIO pages
we expect per redistributor.
To support firmware builds which run on variable systems (emulators,
fast model or FPGAs), let's make this decision at runtime.
The GIC specification provides several architected flags to learn the
size of the MMIO frame per redistributor, we use GICR_TYPER[VLPI] here.
Provide a (static inline) function to return the size of each
redistributor.
We keep the GIC_ENABLE_V4_EXTN build time variable around, but change
its meaning to enable this autodetection code. Systems not defining this
rely on a "pure" GICv3 (as before), but platforms setting it to "1" can
now deal with both configurations.
Change-Id: I9ede4acf058846157a0a9e2ef6103bf07c7655d9
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
For the GIC power management we need to identify certain GIC
implementations, so we have the IIDR values for some Arm Ltd. GIC models
defined.
We will need those number elsewhere very soon, so export them to a
shared header file, to avoid defining them again.
Change-Id: I1b8e2d93d6cea0d066866143c89eef736231134f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Introduced a build flag 'ENABLE_TRF_FOR_NS' to enable trace filter
control registers access in NS-EL2, or NS-EL1 (when NS-EL2 is
implemented but unused).
Change-Id: If3f53b8173a5573424b9a405a4bd8c206ffdeb8c
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Trap bits of trace filter control registers access are in
architecturally UNKNOWN state at boot hence
1. Initialized trap bits to one to prohibit trace filter control
registers accesses in lower ELs (EL2, EL1) in all security states
when FEAT_TRF is implemented.
2. These bits are RES0 when FEAT_TRF is not implemented and hence set
it to zero to aligns with the Arm ARM reference recommendation,
that mentions software must writes RES0 bits with all 0s.
Change-Id: I1b7abf2170ece84ee585c91cda32d22b25c0fc34
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Introduced a build flag 'ENABLE_SYS_REG_TRACE_FOR_NS' to enable trace
system registers access in NS-EL2, or NS-EL1 (when NS-EL2 is
implemented but unused).
Change-Id: Idc1acede4186e101758cbf7bed5af7b634d7d18d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Trap bits of trace system registers access are in architecturally
UNKNOWN state at boot hence
1. Initialized trap bits to one to prohibit trace system registers
accesses in lower ELs (EL2, EL1) in all security states when system
trace registers are implemented.
2. These bits are RES0 in the absence of system trace register support
and hence set it to zero to aligns with the Arm ARM reference
recommendation,that mentions software must writes RES0 bits with
all 0s.
Change-Id: I4b6c15cda882325273492895d72568b29de89ca3
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Introduced a build flag 'ENABLE_TRBE_FOR_NS' to enable trace buffer
control registers access in NS-EL2, or NS-EL1 (when NS-EL2 is
implemented but unused).
Change-Id: I285a672ccd395eebd377714c992bb21062a729cc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
1. Refined struct soc_info_t definition.
2. Refined get_soc_info function.
3. Fixed some SVR persernality value.
4. Refined API to get cluster numbers and cores per cluster.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I3c20611a523516cc63330dce4c925e6cda1e93c4
Trap bits of trace buffer control registers access are in
architecturally UNKNOWN state at boot hence
1. Initialized these bits to zero to prohibit trace buffer control
registers accesses in lower ELs (EL2, EL1) in all security states
when FEAT_TRBE is implemented
2. Also, these bits are RES0 when FEAT_TRBE is not implemented, and
hence setting it to zero also aligns with the Arm ARM reference
recommendation, that mentions software must writes RES0 bits with
all 0s
Change-Id: If2752fd314881219f232f21d8e172a9c6d341ea1
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
clang build breaks when both ENABLE_PAUTH (BRANCH_PROTECTOR=1)
and CRASH_REPORTING (DEBUG=1) options are enabled:
include/lib/el3_runtime/cpu_data.h:135:2: error: redefinition of typedef
'assert_cpu_data_crash_stack_offset_mismatch' is a C11 feature [-Werror,
-Wtypedef-redefinition]
assert_cpu_data_crash_stack_offset_mismatch);
^
include/lib/el3_runtime/cpu_data.h:128:2: note: previous definition is here
assert_cpu_data_crash_stack_offset_mismatch);
^
1 error generated.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I22c8c45a94a64620007979d55412dbb57b11b813
Cortex A78 AE erratum 1941500 is a Cat B erratum that applies
to revisions <= r0p1. It is still open.
This erratum is avoided by by setting CPUECTLR_EL1[8] to 1.
There is a small performance cost (<0.5%) for setting this
bit.
SDEN is available at https://developer.arm.com/documentation/SDEN1707912/0900
Change-Id: I2d72666468b146714a0340ba114ccf0f5165b39c
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds the basic CPU library code to support the Demeter
CPU. This CPU is based on the Makalu-ELP core so that CPU lib code
was adapted to create this patch.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ib5740b748008a72788c557f0654d8d5e9ec0bb7f
Put default ea handler implementation into function plat_default_ea_handler()
which just print verbose information and panic, so it can be called also
from overwritten / weak function plat_ea_handler() implementation.
Replace every custom implementation of printing verbose error message of
external aborts in custom plat_ea_handler() functions by a common
implementation from plat_default_ea_handler() function.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I15897f61b62b4c3c29351e693f51d4df381f3b98
* changes:
feat(io_mtd): offset management for FIP usage
feat(nand): count bad blocks before a given offset
feat(plat/st): add helper to save boot interface
fix(plat/st): improve DDR get size function
refactor(plat/st): map DDR secure at boot
refactor(plat/st): rework TZC400 configuration
Bump the required FF-A version in framework and manifests to v1.1 as
upstream feature development goes.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I89b2bd3828a13fc4344ccd53bc3ac9c0c22ab29f
Neoverse V1 erratum 1925756 is a Cat B erratum present in r0p0, r1p0,
and r1p1 of the V1 processor core, and it is still open.
SDEN can be found here:
https://documentation-service.arm.com/static/60d499080320e92fa40b4625
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I6500dc98da92a7c405b9ae09d794d666e8f4ae52
Neoverse V1 erratum 1852267 is a Cat B erratum present in r0p0 and
r1p0 of the V1 processor core. It is fixed in r1p1.
SDEN can be found here:
https://documentation-service.arm.com/static/60d499080320e92fa40b4625
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ide5e0bc09371fbc91c2385ffdff74e604beb2dbe
Neoverse V1 erratum 1774420 is a Cat B erratum present in r0p0 and
r1p0 of the V1 processor core. It is fixed in r1p1.
SDEN can be found here:
https://documentation-service.arm.com/static/60d499080320e92fa40b4625
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I66e27b2518f73faeedd8615a1443a74b6a30f123
NXP drivers header files are moved:
- from: drivers/nxp/<xx>/*.h
- to : include/drivers/nxp/<xx>/*.h
To accommodate these changes each drivers makefiles
drivers/nxp/<xx>/xx.mk, are updated.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I3979c509724d87e3d631a03dbafda1ee5ef07d21
Renamed hw_crc32 to tf_crc32 to make the file and function
name more generic so that the same name can be used in upcoming
software CRC32 implementation.
Change-Id: Idff8f70c50ca700a4328a27b49d5e1f14d2095eb
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Added firmware update support in Arm platforms by using
FWU platform hooks and compiling FWU driver in BL2
component.
Change-Id: I71af06c09d95c2c58e3fd766c4a61c5652637151
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Implemented FWU metadata load and verification APIs.
Also, exported below APIs to the platform:
1. fwu_init - Load FWU metadata in a structure. Also, set the
addresses of updated components in I/O policy
2. fwu_is_trial_run_state - To detect trial run or regular run
state
Change-Id: I67eeabb52d9275ac83be635306997b7c353727cd
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Added FWU platform specific functions declarations in common
platform header.
Change-Id: I637e61753ea3dc7f7e7f3159ae1b43ab6780aef2
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Added a firmware update metadata structure as per section 4.1
in the specification document[1].
Also, added the build options used in defining the firmware
update metadata structure.
[1]: https://developer.arm.com/documentation/den0118/a/
Change-Id: I8f43264a46fde777ceae7fd2a5bb0326f1711928
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
* changes:
refactor(plat/allwinner): clean up platform definitions
refactor(plat/allwinner): do not map BL32 DRAM at EL3
refactor(plat/allwinner): map SRAM as device memory by default
refactor(plat/allwinner): rename static mmap region constant
feat(bl_common): import BL_NOBITS_{BASE,END} when defined
The SDEI specification now says that during an SDEI
event handler dispatch the SPSR should be set according
to the TakeException() pseudocode function defined in
the Arm Architecture Reference Manual. This patch sets
the SPSR according to the function given in
ARM DDI 0487F.c page J1-7635
Change-Id: Id2f8f2464fd69c701d81626162827e5c4449b658
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
If SVE are enabled for both Non-secure and Secure world along with AMU
extension, then it causes the TAM_BIT in CPTR_EL3 to be set upon exit
from bl31. This restricts access to the AMU register set in normal
world. This fix maintains consistency in both TAM_BIT and CPTR_EZ_BIT
by saving and restoring CPTR_EL3 register from EL3 context.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: Id76ce1d27ee48bed65eb32392036377716aff087
If SEPARATE_NOBITS_REGION is enabled, the platform may need to map
memory specifically for that region. Import the symbols from the linker
script to allow the platform to do so.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: Iaec4dee94a6735b22f58f7b61f18d53e7bc6ca8d
Existing macro ERROR() prints string "ERROR" followed by string
specified by caller. Therefore via this existing macro it is not
possible to end incomplete / existing line by a newline character.
This change adds a new macro ERROR_NL() which prints just a newline
character without any prefix. Implementation of this macro is done via a
new function tf_log_newline() which based on supplied log level either
return or print newline character.
If needed in future based on this tf_log_newline() function can be
defined also macros for other log levels.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I05414ca177f94cdc0f6077394d9c4af4a4382306
Neoverse V1 erratum 1791573 is a Cat B erratum present in r0p0 and
r1p0 of the V1 processor core. It is fixed in r1p1.
SDEN can be found here:
https://documentation-service.arm.com/static/60d499080320e92fa40b4625
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ic6f92da4d0b995bd04ca5b1673ffeedaebb71d10
A new seek handler is also created. It will be used for NAND to add an
extra offset in case of bad blocks, when FIP is used.
Change-Id: I03fb1588b44029db50583c0b2e7af7a1e88a5a7a
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
In case of FIP, the offsets given in the FIP header are relative.
If bad blocks are found between the FIP base address and this offset,
the offset should be updated, taking care of the bad blocks.
Change-Id: I96fefabb583b3d030ab05191bae7d45cfeefe341
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
For Arm platforms PIE is enabled when RESET_TO_BL31=1 in aarch64 mode on
the similar lines enable PIE when RESET_TO_SP_MIN=1 in aarch32 mode.
The underlying changes for enabling PIE in aarch32 is submitted in
commit 4324a14bf
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib8bb860198b3f97cdc91005503a3184d63e15469
Enables SVE support for the secure world via ENABLE_SVE_FOR_SWD.
ENABLE_SVE_FOR_SWD defaults to 0 and has to be explicitly set by the
platform. SVE is configured during initial setup and then uses EL3
context save/restore routine to switch between SVE configurations for
different contexts.
Reset value of CPTR_EL3 changed to be most restrictive by default.
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: I889fbbc2e435435d66779b73a2d90d1188bf4116
Cortex A78 erratum 1821534 is a Cat B erratum present in r0p0 and
r1p0 of the A78 processor core, it is fixed in r1p1.
SDEN can be found here:
https://documentation-service.arm.com/static/603e3733492bde1625aa8780
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I71057c4b9625cd9edc1a06946b453cf16ae5ea2c
Cortex A77 erratum 1791578 is a Cat B erratum present in r0p0, r1p0,
and r1p1 of the A77 processor core, it is still open.
SDEN can be found here:
https://documentation-service.arm.com/static/60a63a3c982fc7708ac1c8b1
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ib4b963144f880002de308def12744b982d3df868
BTI instructions are a part of the NOP space in earlier architecture
versions, so it's not inherently incorrect to enable BTI code
or instructions even if the target architecture does not support them.
This change reduces our reliance on architecture versions when checking
for features.
Change-Id: I79f884eec3d65978c61e72e4268021040fd6c96e
Signed-off-by: Chris Kay <chris.kay@arm.com>
* changes:
refactor(plat/nvidia): use SOC_ID defines
refactor(plat/mediatek): use SOC_ID defines
refactor(plat/arm): use SOC_ID defines
feat(plat/st): implement platform functions for SMCCC_ARCH_SOC_ID
refactor(plat/st): export functions to get SoC information
feat(smccc): add bit definition for SMCCC_ARCH_SOC_ID
The arm-gic.h was a concatenation of arm-gic.h and irq.h from Linux.
Just copy the 2 files here. They both have MIT license which is accepted
in TF-A.
With this alignment, a new macro is added (GIC_CPU_MASK_SIMPLE).
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Ib45174f35f1796ebb7f34af861b59810cfb808b0
Use dedicated read function for boot partition
Signed-off-by: Vyacheslav Yurkov <uvv.mail@gmail.com>
Change-Id: If75df7691fce0797205365736fc6e4e3429efdca
Added a public function to read blocks from a current boot partition.
switch between partitions has to respect eMMC partition switch timing.
Signed-off-by: Vyacheslav Yurkov <uvv.mail@gmail.com>
Change-Id: I55b0c910314253e5647486609583fd290dadd30a
The UART code for the A3K platform assumes that UART parent clock rate
is always 25 MHz. This is incorrect, because the xtal clock can also run
at 40 MHz (this is board specific).
The frequency of the xtal clock is determined by a value on a strapping
pin during SOC reset. The code to determine this frequency is already in
A3K's comphy driver.
Move the get_ref_clk() function from the comphy driver to a separate
file and use it for UART parent clock rate determination.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I8bb18a2d020ef18fe65aa06ffa4ab205c71be92e
This patch renames the Matterhorn, Matterhorn ELP, and Klein CPUs to
Cortex A710, Cortex X2, and Cortex A510 respectively.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I056d3114210db71c2840a24562b51caf2546e195
Use the macros that are now defined in include/lib/smccc.h.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I688a76277b729672835d51fafb68d1d6205b6ae4
The definitions of SMCCC_ARCH_SOC_ID SoC version return bits are defined
in SMC Calling Convention [1]. Add the masks and shifts for JEP-106 bank
index, JEP-106 identification code, and Implementation defined SoC ID.
Add a macro to easily set JEP-106 fields.
[1] https://developer.arm.com/documentation/den0028/latest/
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Iecbd09f6de6728de89dc746d2d1981a5a97a8ab7
Add constants, structures and build definition for the
new standard SMCCC PCI conduit. These are documented
in DEN0115A.
https://developer.arm.com/documentation/den0115/latest
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
Change-Id: If667800a26b9ae88626e8d895674c9c2e8c09658
Added support for HW computed CRC using Arm ACLE intrinsics.
These are built-in intrinsics available for ARMv8.1-A, and
onwards.
These intrinsics are enabled via '-march=armv8-a+crc' compile
switch for ARMv8-A (supports CRC instructions optionally).
HW CRC support is enabled unconditionally in BL2 for all Arm
platforms.
HW CRC calculation is verified offline to ensure a similar
result as its respective ZLib utility function.
HW CRC calculation support will be used in the upcoming
firmware update patches.
Change-Id: Ia2ae801f62d2003e89a9c3e6d77469b5312614b3
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Disable non-invasive debug of secure state for Juno
in release builds. This makes sure that PMU counts
only Non-secure events.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I0d1c3f96f3b4e48360a7211ae55851d65d291025
This patch adds setting MDCR_EL3.MCCD in 'el3_arch_init_common'
macro to disable cycle counting by PMCCNTR_EL0 in EL3 when
FEAT_PMUv3p7 is implemented. This fixes failing test
'Leak PMU CYCLE counter values from EL3 on PSCI suspend SMC'
on FVP models with 'has_v8_7_pmu_extension' parameter set to
1 or 2.
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Change-Id: I2ad3ef501b31ee11306f76cb5a61032ecfd0fbda
Handle calls to the FFA_SPM_ID_GET interface. If FFA_SPM_ID_GET is
invoked from the non-secure physical FF-A instance, return the SPMC id
(defined in the SPMC manifest). If FFA_SPM_ID_GET is invoked from
the secure physical FF-A instance (e.g. the SPMC), return the SPMD id.
Change-Id: Id6d4e96b1da2510386d344e09c4553dba01227ec
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
* changes:
stm32mp1: enable PIE for BL32
stm32mp1: set BL sizes regardless of flags
Add PIE support for AARCH32
Avoid the use of linker *_SIZE__ macros
Added GPT parser support in BL2 for Arm platforms to get the entry
address and length of the FIP in the GPT image.
Also, increased BL2 maximum size for FVP platform to successfully
compile ROM-enabled build with this change.
Verified this change using a patch:
https://review.trustedfirmware.org/c/ci/tf-a-ci-scripts/+/9654
Change-Id: Ie8026db054966653b739a82d9ba106d283f534d0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
NOTE: Breaking change to the way UUIDs are stored in the DT
Currently, UUIDs are stored in the device tree as
sequences of 4 integers. There is a mismatch in endianness
between the way UUIDs are represented in memory and the way
they are parsed from the device tree. As a result, we must either
store the UUIDs in little-endian format in the DT (which means
that they do not match up with their string representations)
or perform endianness conversion after parsing them.
Currently, TF-A chooses the second option, with unwieldy
endianness-conversion taking place after reading a UUID.
To fix this problem, and to make it convenient to copy and
paste UUIDs from other tools, change to store UUIDs in string
format, using a new wrapper function to parse them from the
device tree.
Change-Id: I38bd63c907be14e412f03ef0aab9dcabfba0eaa0
Signed-off-by: David Horstmann <david.horstmann@arm.com>
TF-A does not have the capability to read UUIDs in string form
from the device tree. This capability is useful for readability,
so add a wrapper function, fdtw_read_uuid() to parse UUIDs from
the DT.
This function should parse a string of the form:
"aabbccdd-eeff-4099-8877-665544332211"
to the byte sequence in memory:
[aa bb cc dd ee ff 40 99 88 77 66 55 44 33 22 11]
Change-Id: I99a92fbeb40f4f4713f3458b36cb3863354d2bdf
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Replaced PLAT_ARM_FIP_BASE and PLAT_ARM_FIP_MAX_SIZE macro with a
generic name PLAT_ARM_FLASH_IMAGE_BASE and PLAT_ARM_FLASH_IMAGE_MAX_SIZE
so that these macros can be reused in the subsequent GPT based support
changes.
Change-Id: I88fdbd53e1966578af4f1e8e9d5fef42c27b1173
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This patch fixes static checks errors reported for missing copyright in
`include/dt-bindings/interrupt-controller/arm-gic.h` and the include
order of header files in `.dts` and `.dtsi` files.
Change-Id: I2baaf2719fd2c84cbcc08a8f0c4440a17a9f24f6
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Signed-off-by: Chris Kay <chris.kay@arm.com>
The `arm-gic.h` file distributed by the Linux kernel is disjunctively
dual-licensed under the GPL-2.0 or MIT licenses, but the BSD-3-Clause
license has been applied in violation of the requirements of both
licenses. This change ensures the file is correctly licensed under the
terms of the MIT license, and that we comply with it by distributing a
copy of the license text.
Change-Id: Ie90066753a5eb8c0e2fc95ba43e3f5bcbe2fa459
Signed-off-by: Chris Kay <chris.kay@arm.com>
Only BL32 (SP_min) is supported at the moment, BL1 and BL2_AT_EL3 are just
stubbed with _pie_fixup_size=0.
The changes are an adaptation for AARCH32 on what has been done for
PIE support on AARCH64.
The RELA_SECTION is redefined for AARCH32, as the created section is
.rel.dyn and the symbols are .rel*.
Change-Id: I92bafe70e6b77735f6f890f32f2b637b98cf01b9
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The use of end addresses is preferred over the size of sections.
This was done for some AARCH64 files for PIE with commit [1],
and some extra explanations can be found in its commit message.
Align the missing AARCH64 files.
For AARCH32 files, this is required to prepare PIE support introduction.
[1] f1722b693d ("PIE: Use PC relative adrp/adr for symbol reference")
Change-Id: I8f1c06580182b10c680310850f72904e58a54d7d
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The Arm Generic Timer specification mandates that the
interrupt associated with each timer is low level triggered,
see:
Arm Cortex-A76 Core:
"Each timer provides an active-LOW interrupt output to the SoC."
Arm Cortex-A53 MPCore Processor:
"It generates timer events as active-LOW interrupt outputs and
event streams."
The following files in fdts\
fvp-base-gicv3-psci-common.dtsi
fvp-base-gicv3-psci-aarch32-common.dtsi
fvp-base-gicv2-psci-aarch32.dts
fvp-base-gicv2-psci.dts
fvp-foundation-gicv2-psci.dts
fvp-foundation-gicv3-psci.dts
describe interrupt types as edge rising
IRQ_TYPE_EDGE_RISING = 0x01:
interrupts = <1 13 0xff01>,
<1 14 0xff01>,
<1 11 0xff01>,
<1 10 0xff01>;
, see include\dt-bindings\interrupt-controller\arm-gic.h:
which causes Linux to generate the warnings below:
arch_timer: WARNING: Invalid trigger for IRQ5, assuming level low
arch_timer: WARNING: Please fix your firmware
This patch adds GIC_CPU_MASK_RAW macro definition to
include\dt-bindings\interrupt-controller\arm-gic.h,
modifies interrupt type to IRQ_TYPE_LEVEL_LOW and
makes use of type definitions in arm-gic.h.
Change-Id: Iafa2552a9db85a0559c73353f854e2e0066ab2b9
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
ELP processors can sometimes have different MIDR values or features so
we are adding the "_arm" suffix to differentiate the reference
implementation from other future versions.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ieea444288587c7c18a397d279ee4b22b7ad79e20
By default the Arm Ethos-N NPU will boot up in secure mode. In this mode
the non-secure world cannot access the registers needed to use the NPU.
To still allow the non-secure world to use the NPU, a SiP service has
been added that can delegate non-secure access to the registers needed
to use it.
Only the HW_CONFIG for the Arm Juno platform has been updated to include
the device tree for the NPU and the platform currently only loads the
HW_CONFIG in AArch64 builds.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I65dfd864042ed43faae0a259dcf319cbadb5f3d2
Move efuse definitions to a separate header file for later
usage with other FW modules.
Change-Id: I2e9465f760d0388c8e5863bc64a4cdc57de2417f
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Reviewed-on: https://sj1git1.cavium.com/c/IP/SW/boot/atf/+/47313
Tested-by: sa_ip-sw-jenkins <sa_ip-sw-jenkins@marvell.com>
Reviewed-by: Yi Guo <yi.guo@cavium.com>