It uses the hardware RNG in a similar way as Juno (it gets 128 bits of
entropy and does xor on them).
It is disabled by default.
Change-Id: I8b3adb61f5a5623716e0e8b6799404c68dd94c60
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Note that this is a non-secure RNG. This is only useful for educational
purposes.
Change-Id: If359c8d0f755ef8e416986de7fbca34679a523e1
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
There is no way to boot BL31 at the addresses specified in the platform
memory map unless an extra loader is used at address 0x00000000. It is
better to remove it to prevent confusion. Having it enabled was a bug.
Change-Id: I3229fbc080f5996cff47efce8e799bae94e0d5cb
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Implement VideoCore mailbox interface driver and use it to get the board
revision identifier.
For now it is only used to print the model for debug purposes.
This wiki contains the documentation of the mailbox interface:
https://github.com/raspberrypi/firmware/wiki
Change-Id: I11943b99b52cc1409f4a195ebe58eb44ae5b1d6c
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This implementation doesn't actually turn the system off, it simply
reboots it and prevents it from booting while keeping it in a low power
mode.
Change-Id: I7f72c9f43f25ba0341db052bc2be4774c88a7ea3
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Add a new default makefile target to concatenate BL1 and the FIP and
generate armstub8.bin. This way it isn't needed to do it manually.
Documentation updated to reflect the changes.
Change-Id: Id5b5b1b7b9f87767db63fd01180ddfea855a7207
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Running optee_test failed because SEC_DRAM0_SIZE is too small. Previous
is 2 MB. We enlarge it to 11 MB for passing the test. Also we reduce
the NS_DRAM0_SIZE from 13MB to 4MB so that the whole section is still
fit in 16MB.
This commit also modified the document to reflect the changes we've
made in code.
Tested-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Implement minimal interrupt routing functions. All interrupts are
treated as non-secure interrupts to be handled by the non-secure world.
Add note to the documentation about disabling FIQs qhen using OP-TEE
with Linux.
Change-Id: I937096542d973925e43ae946c5d0b306d0d95a94
Tested-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The plat_arm_mmap variable is already declared in plat_arm.h, which is
included from plat/arm/common/arm_common.c.
Similarly, plat_arm.h declares the 'plat_arm_psci_pm_ops' variable, which
does not need to be declared again in plat/arm/common/arm_pm.c.
The duplication was not compliant with MISRA rule 8.5.
Change-Id: Icc42547cc025023226b1078a7ec4f06d093364b7
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
These directives are only used when stabs debugging information
is used, but we use ELF which uses DWARF debugging information.
Clang assembler doesn't support these directives, and removing
them makes the code more compatible with clang.
Change-Id: I2803f22ebd24c0fe248e04ef1b17de9cec5f89c4
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Clang linker doesn't support NEXT. As we are not using the MEMORY command
to define discontinuous memory for the output file in any of the linker
scripts, ALIGN and NEXT are equivalent.
Change-Id: I867ffb9c9a76d4e81c9ca7998280b2edf10efea0
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined
Fixed for:
make DEBUG=1 PLAT=juno SPD=tspd CSS_USE_SCMI_SDS_DRIVER=1 all
Change-Id: Id732c8df12ef3e20903c41b7ab9a9b55341d68ac
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.3: All declarations of an object or function shall
use the same names and type qualifiers.
Fixed for:
make DEBUG=1 PLAT=juno SPD=tspd CSS_USE_SCMI_SDS_DRIVER=1 all
Change-Id: Id9dcc6238b39fac6046abc28141e3ef5e7aa998d
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined
Fixed for:
make DEBUG=1 PLAT=juno ARCH=aarch32 AARCH32_SP=sp_min RESET_TO_SP_MIN=1 JUNO_AARCH32_EL3_RUNTIME=1 bl32
Change-Id: I3ac25096b55774689112ae37bdf1222f9a9ecffb
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.3: All declarations of an object or function shall
use the same names and type qualifiers.
Fixed for:
make DEBUG=1 PLAT=juno ARCH=aarch32 AARCH32_SP=sp_min RESET_TO_SP_MIN=1 JUNO_AARCH32_EL3_RUNTIME=1 bl32
Change-Id: Ia34f5155e1cdb67161191f69e8d1248cbaa39e1a
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
This patch adds support for TBB to rpi3. The ROTPK is generated at build
time and is included into BL1/BL2. The key and content certificates are
read over semihosting.
Tested-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
The H6 is Allwinner's most recent SoC. It shares most peripherals with the
other ARMv8 Allwinner SoCs (A64/H5), but has a completely different memory
map.
Introduce a separate platform target, which includes a different header
file to cater for the address differences. Also add the new build target
to the documentation.
The new ATF platform name is "sun50i_h6".
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
To wake a core from wfi interrupts must be enabled, in some cases they
may not be and so we can lock up here. Unconditionally enable interrupts
before wfi and then restore interrupt state.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Actions may need to be taken by the last core when all clusters
have been shutdown. Add a top level root domain node to coordinate
this between clusters.
Signed-off-by: Andrew F. Davis <afd@ti.com>
So far we already support booting on two different SoCs, and we will
shortly add a third, so add some code to determine the current SoC type.
This can be later used to runtime detect certain properties.
Also print the SoC name to the console, to give valuable debug information.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
There is nothing we need from the BootROM area, so we also don't need
to map it in EL3.
Remove the mapping and reduce the number of MMAP regions by one.
Reported-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The DRAM controller supports up to 4GB of DRAM, and there are actually
boards out there where we can use at least 3GB of this.
Relax the PSCI entry point check, to be not restricted to 2GB of DRAM.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The "#ifdef SUNXI_SPC_BASE" guard was meant to allow the build on SoCs
without a Secure Peripherals Controller, so that we skip that part of
the security setup. But in the current position this will trigger a
warning about an unused variable.
Simply move the guard one line up to cover the variable as well.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The "INFO" output in sunxi_cpu_ops.c is quite verbose, so make this more
obvious by changing the log level to "VERBOSE" and so avoiding it to
be printed in a normal (even debug) build.
Reported-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The relative VER_REG *offset* is the same across all known SoCs, so we
can define this offset near it's user.
Remove it from the memory map.
Reported-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Some code in sunxi_common.c requires symbols defined in sunxi_private.h,
so add the header to that file.
It was included via another header before, but let's make this explicit.
Reported-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch is an attempt to run Trusted OS (OP-TEE OS being one of them) along
side BL31 image.
ATF supports multiple SPD's that can take dispatcher name (opteed for OP-TEE OS)
as an input using the 'SPD=<dispatcher name>' option during bl31 build.
Signed-off-by: Amit Singh Tomar <amittomer25@gmail.com>
Having an active stack while enabling MMU has shown coherency problems.
This patch builds on top of translation library changes that introduces
MMU-enabling without using stacks.
Previously, with HW_ASSISTED_COHERENCY, data caches were disabled while
enabling MMU only because of active stack. Now that we can enable MMU
without using stack, we can enable both MMU and data caches at the same
time.
NOTE: Since this feature depends on using translation table library v2,
disallow using translation table library v1 with HW_ASSISTED_COHERENCY.
FixesARM-software/tf-issues#566
Change-Id: Ie55aba0c23ee9c5109eb3454cb8fa45d74f8bbb2
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Currenly the CNTFRQ register and system timer is initialized in BL31 for
use by the normal world. During firmware update, the NS-BL1 or NS-BL2U
may need to access the system timer. Hence this patch duplicates the
CNTFRQ and system timer initialization in BL1 as well.
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I1ede78b4ae64080fb418cb93f3e48b26d7b724dc
Set the ability to dynamically disable Trusted Boot Board
authentication to be off by default
Change-Id: Ibd2aa179179f7d9b0e7731c6e450f200a8c67529
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
In the case of the platform max power level being less than the system
power level, make sure to not overrun the array of power states.
This fixes Coverity Scan OVERRUN defect CID 267021.
Change-Id: I52646ab9be2fceeb5c331b5dad7a6267991f4197
Signed-off-by: Nariman Poushin <nariman.poushin@linaro.org>
This is to fix a number of Coverity Scan DEADCODE defects, CID numbers
listed below, as reported from
https://scan.coverity.com/projects/arm-software-arm-trusted-firmware
CID 267023
CID 267022
CID 267020
Change-Id: I2963a799b210149e84ccab5c5b9082267ddfe337
Signed-off-by: Nariman Poushin <nariman.poushin@linaro.org>
This patch is an attempt to run Trusted OS (OP-TEE OS being one of them) along
side BL31 image.
ATF supports multiple SPD's that can take dispatcher name (opteed for OP-TEE OS)
as an input using the 'SPD=<dispatcher name>' option during bl31 build.
Signed-off-by: Amit Singh Tomar <amittomer25@gmail.com>