Add two new functions 'plat_arm_sgi_get_platform_id' and
'plat_arm_sgi_get_config_id' which will be implemented by all the
SGI platforms. These functions can be used to determine the part
number and configuration id of the SGI platforms.
In BL2, these functions are used to populate the 'system-id' node.
In BL31, these functions are used to populate the 'sgi_plat_info_t'
structure with the part number and configuration id of the platform.
Change-Id: I3bacda933527724a3b4074ad4ed5b53a81ea4689
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
In order to allow Arm platforms to override the default list of PSCI
callbacks, remove the existing weak implementation of
'plat_arm_psci_override_pm_ops' function and let all the Arm platforms
implement their own 'plat_arm_psci_override_pm_ops' function.
For platforms that support SCMI protocol, the function
'css_scmi_override_pm_ops' can be additionally used as well to
override the default PSCI callbacks.
Change-Id: If7c27468bd51a00ea9c2a3716b5894163f5a9f3c
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
For platforms with multi-threaded CPUs, the number of power domains
supported would be more than the value currently defined by
PLAT_MAX_PWR_LVL. So move the PLAT_MAX_PWR_LVL macro to platform
specific code and let the platform define the number of power domain
levels.
Change-Id: I21c0682e62b397860b2999031a0c9c5ce0d28eed
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
To support platforms which are based on multi-threaded CPUs, override
the weak implementation of plat_arm_get_cpu_pe_count function to return
the number of threads supported by the CPU used in the platform.
Change-Id: Ia680773f1277b17e2d3d2414d87943dcece33e89
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
For platforms using multi-threaded CPUs, there can be upto four
platform power domain levels. At present, there are three platform
power domain levels that are defined for the CSS platforms. Define a
fourth level 'ARM_PWR_LVL3' as well to provide support for an
additional platform power domain level.
Change-Id: I40cc17a10f4690a560776f504364fd7277a7e72a
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
The CSS_SYSTEM_PWR_DMN_LVL macro that defines the system power domain
level is fixed at ARM_PWR_LVL2 for all CSS platforms. However, the
system power domain level can be different for CSS platforms that
use multi-threaded CPUs.
So, in preparation towards adding support for platforms that use
multi-threaded CPUs, refactor the definition of CSS_SYSTEM_PWR_DMN_LVL
such that CSS_SYSTEM_PWR_DMN_LVL is uniquely defined for each of the
CSS platform.
Change-Id: Ia837b13f6865e71da01780993c048b45b7f36d85
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Initial Spectre Variant 1 mitigations (CVE-2017-5753).
A potential speculative data leak was found in PSCI code, this depends
on a non-robust implementation of the `plat_get_core_pos_by_mpidr()`
function. This is considered very low-risk. This patch adds a macro to
mitigate this. Note not all code paths could be analyzed with current
tools.
Add a macro which makes a variable 'speculation safe', using the
__builtin_speculation_safe_value function of GCC and llvm. This will be
available in GCC 9, and is planned for llvm, but is not currently in
mainline GCC or llvm. In order to implement this mitigation the compiler
must support this builtin. Support is indicated by the
__HAVE_SPECULATION_SAFE_VALUE flag.
The -mtrack-speculation option maintains a 'tracker' register, which
determines if the processor is in false speculation at any point. This
adds instructions and increases code size, but avoids the performance
impact of a hard barrier.
Without the -mtrack-speculation option, __builtin_speculation_safe_value
expands to a
ISB
DSB SY
sequence after a conditional branch, before the
speculation safe variable is used. With -mtrack-speculation a
CSEL tracker, tracker, XZR, [cond];
AND safeval,tracker;
CSDB
sequence is added instead, clearing the vulnerable variable by
AND'ing it with the tracker register, which is zero during speculative
execution. [cond] are the status flags which will only be true during
speculative execution. For more information on
__builtin_speculation_safe_value and the -mtrack-speculation option see
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/compiler-support-for-mitigations
The -mtracking option was not added, as the performance impact of the
mitigation is low, and there is only one occurence.
Change-Id: Ic9e66d1f4a5155e42e3e4055594974c230bfba3c
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
Secure world execution nearly always expect a controlled exit to
Non-secure world. SDEI interrupts, although targets EL3, occur on behalf
of Non-secure world, and may have higher priority than Secure world
interrupts. Therefore they might preempt Secure execution, and yield
execution to Non-secure SDEI handler. Upon completion of SDEI event
handling (regardless of whether it's COPLETE or COMPLETE_AND_RESUME), we
must resume Secure execution if it was preempted.
Change-Id: I6edd991032588588427ba2fe6c3d7668f7080e3d
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The headers forked at some point in the past and have diverged a lot. In
order to make it easier to share code between TF-A-Tests and TF-A, this
patch synchronises most of the definitions in the mentioned headers.
This is not a complete sync, it has to be followed by more cleanup.
This patch also removes the read helpers for the AArch32 instructions
ats1cpr and ats1hr (they are write-only).
Change-Id: Id13ecd7aeb83bd2318cd47156d71a42f1c9f6ba2
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
commit 386b14bf64124ebf0368eab33ef07603e0c3138a
Author: Haojian Zhuang <haojian.zhuang@linaro.org>
Date: Wed Nov 21 09:19:49 2018 +0800
mmc: poll eMMC status after EXT_CSD command
EXT_CSD command needs to access data from eMMC device. Add the
operation of polling eMMC device status. Make sure the command is
finished.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
A hacked delay time can't fit each eMMC device. Since the above commit
enables the polling operation, remove the hacked delay time now.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
EXT_CSD command needs to access data from eMMC device. Add the
operation of polling eMMC device status. Make sure the command is
finished.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
This patch adds support to build a combined BL1
and ROMLIB binary file with the right page
alignment in Juno. When USE_ROMLIB=1 is set for
Juno, it generates the combined file
bl1_romlib.bin which needs to be used instead of
bl1.bin
Change-Id: I407efbe48d3e522fa6ef855538a9587193cb1919
Signed-off-by: Sathees Balya <sathees.balya@arm.com>
Register functions have to be added to the
jump table to allow patching in the
future
Change-Id: I57a885f7fc6290ea74a6096aea5b1867b2098eb7
Signed-off-by: Sathees Balya <sathees.balya@arm.com>
This change allows patching of functions in the
romlib. This can be done by adding "patch" at the
end of the jump table entry for the function that
needs to be patched in the file jmptbl.i.
Functions patched in the jump table list will be
built as part of the BL image and the romlib
version will not be used
Change-Id: Iefb200cb86e2a4b61ad3ee6180d3ecc39bad537f
Signed-off-by: Sathees Balya <sathees.balya@arm.com>
This reverts commit 6f512a3dfd.
According to the 'Cortex-A57 MPCore Software Developers Errata Notice':
This bug will only affect secure AArch64 EL3. If the above
conditions occur, the CPU will not invalidate the targeted EL3 TLB
entries and incorrect translations might occur.
For this reason it is not needed in AArch32.
Change-Id: I6f7b333817515499723e8f306145790ad6af9975
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Provide new APIs to add new regions without specifying the base VA.
- `mmap_add_region_alloc_va` adds a static region to mmap choosing as
base VA the first possible address after all the currently mapped
regions. It is aligned to an appropriate boundary in relation to the
size and base PA of the requested region. No attempt is made to fill
any unused VA holes.
- `mmap_add_dynamic_region_alloc_va` it adds a region the same way as
`mmap_add_region_alloc_va` does, but it's dynamic instead of static.
- `mmap_add_alloc_va` takes an array of non const `mmap_region_t`,
maps them in the same way as `mmap_add_region_alloc_va` and fills
their `base_va` field. A helper macro has been created to help create
the array, called `MAP_REGION_ALLOC_VA`.
Change-Id: I5ef3f82ca0dfd0013d2e8034aa22f13ca528ba37
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Remove the platform common plat_arm_security_setup function to allow
platform specific implementations of the security setup function
implemented in the board directory of the platform.
For use by secure software, configure region0 of DMC-620 trustzone
controller to protect the upper 16MB of memory of the first DRAM block
from non-secure accesses.
Change-Id: I9a8c19656702c4fa4f6917b3655b692d443bb568
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
ARM CoreLink DMC-620 Dynamic Memory Controller includes a TZC controller
to setup secure or non-secure regions of DRAM memory. The TZC controller
allows to setup upto eight such regions of memory in DRAM. This driver
provides helper functions to setup the TZC controller within DMC-620.
Change-Id: Iee7692417c2080052bdb7b1c2873a024bc5d1d10
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
RCAR_RPC_HYPERFLASH_LOCKED can be set to 0 as a build option if the
user needs to allow u-boot to reprogram the ATF firmware using a FIP
image (as a faster alternative of toggling numerous DIP switches on
the board and using ascii-xfer of srec files)
The code being controlled with this commit should only be re-enabled for
debugging (_never_ on a product release)
Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez.ortiz@gmail.com>
It's better to have them in a separate file instead of having them spread
across the Makefile. This is what the stack protector is already doing.
Change-Id: Id30742c0af10de5ea6d10674ca25bf52b0f2b262
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The default Raspberry Pi 3 memory mapping for ATF is geared towards
the use of uboot + Linux. This creates issues when trying to use
ATF with an UEFI payload and Windows on ARM64.
We therefore introduce new build option RPI3_USE_UEFI_MAP, that
enables the build process to use an alternate memory mapping that
is compatible with UEFI + Windows (as well as UEFI + Linux).
FixesARM-software/tf-issues#649
Signed-off-by: Pete Batard <pete@akeo.ie>