CoT used for BL1 and BL2 are moved to tbbr_cot_bl1.c
and tbbr_cot_bl2.c respectively.
Common CoT used across BL1 and BL2 are moved to
tbbr_cot_common.c.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I2252ac8a6960b3431bcaafdb3ea4fb2d01b79cf5
This patch introduces dynamic configuration for SDEI setup and is supported
when the new build flag SDEI_IN_FCONF is enabled. Instead of using C arrays
and processing the configuration at compile time, the config is moved to
dts files. It will be retrieved at runtime during SDEI init, using the fconf
layer.
Change-Id: If5c35a7517ba00a9f258d7f3e7c8c20cee169a31
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Co-authored-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
* changes:
arm_fpga: Read UART address from DT
arm_fpga: Read GICD and GICR base addresses from DT
arm_fpga: Read generic timer counter frequency from DT
arm_fpga: Use Generic UART
The arm_fpga port requires a DTB, to launch a BL33 payload.
To make this port more flexible, we can also use the information in the
DT to configure the console driver.
For a start, find the DT node pointed to by the stdout-path property, and
read the base address from there.
This assumes for now that the stdout-path points to a PL011 UART.
This allows to remove platform specific addresses from the image. We
keep the original base address for the crash console.
Change-Id: I46a990de2315f81cae4d7913ae99a07b0bec5cb1
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since we use a DTB with all platform information to pass this on to a
kernel loaded as BL33, we can as well make use of it for our own
purposes.
Every DT would contain a node for the GIC(v3) interrupt controller, so
we can read the base address for the distributor and redistributors from
there.
This avoids hard coding this information in the code and allows for a more
flexible binary.
Change-Id: Ic530e223a21a45bc30a07a21048116d5af69e972
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The stdout-path property in the /chosen node of a DTB points to a device
node, which is used for boot console output.
On most (if not all) ARM based platforms this is the debug UART.
The ST platform code contains a function to parse this property and
chase down eventual aliases to learn the node offset of this UART node.
Introduce a slightly more generalised version of this ST platform function
in the generic fdt_wrappers code. This will be useful for other platforms
as well.
Change-Id: Ie6da47ace7833861b5e35fe8cba49835db3659a5
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The ARM Generic Timer DT binding describes an (optional) property to
declare the counter frequency. Its usage is normally discouraged, as the
value should be read from the CNTFRQ_EL0 system register.
However in our case we can use it to program this register in the first
place, which avoids us to hard code a counter frequency into the code.
We keep some default value in, if the DT lacks that property for
whatever reason.
Change-Id: I5b71176db413f904f21eb16f3302fbb799cb0305
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The STM32 platform port parse DT nodes to find base address to
peripherals. It does this by using its own implementation, even though
this functionality is generic and actually widely useful outside of the
STM32 code.
Re-implement fdt_get_reg_props_by_name() on top of the newly introduced
fdt_get_reg_props_by_index() function, and move it to fdt_wrapper.c.
This is removes the assumption that #address-cells and #size-cells are
always one.
Change-Id: I6d584930262c732b6e0356d98aea50b2654f789d
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The SCP firmware on the ARM FPGA initialises the UART already. This allows
us to treat the PL011 as an SBSA Generic UART, which does not require
any further setup.
This in particular removes the need for any baudrate and base clock related
settings to be hard coded into the BL31 image.
Change-Id: I16fc943526267356b97166a7068459e06ff77f0f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment the fconf_populate_gicv3_config() implementation is
somewhat incomplete: First it actually fails to store the retrieved
information (the local addr[] array is going nowhere), but also it makes
quite some assumptions about the device tree passed to it: it needs to
use two address-cells and two size-cells, and also requires all five
register regions to be specified, where actually only the first two
are mandatory according to the binding (and needed by our code).
Fix this by introducing a proper generic function to retrieve "reg"
property information from a DT node:
We retrieve the #address-cells and #size-cells properties from the
parent node, then use those to extract the right values from the "reg"
property. The function takes an index to select one region of a reg
property.
This is loosely based on the STM32 implementation using "reg-names",
which we will subsume in a follow-up patch.
Change-Id: Ia59bfdf80aea4e36876c7b6ed4d153e303f482e8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Dynamic configuration properties are fconf properties. Modify the
compatible string from "arm,.." to "fconf,.." to reflect this.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: I85eb75cf877c5f4d3feea3936d4c348ca843bc6c
Our fdtw_read_cells() implementation goes to great lengths to
sanity-check every parameter and result, but leaves a big hole open:
The size of the storage the value pointer points at needs to match the
number of cells given. This can't be easily checked at compile time,
since we lose the size information by using a void pointer.
Regardless the current usage of this function is somewhat wrong anyways,
since we use it on single-element, fixed-length properties only, for
which the DT binding specifies the size.
Typically we use those functions dealing with a number of cells in DT
context to deal with *dynamically* sized properties, which depend on
other properties (#size-cells, #clock-cells, ...), to specify the number
of cells needed.
Another problem with the current implementation is the use of
ambiguously sized types (uintptr_t, size_t) together with a certain
expectation about their size. In general there is no relation between
the length of a DT property and the bitness of the code that parses the
DTB: AArch64 code could encounter 32-bit addresses (where the physical
address space is limited to 4GB [1]), while AArch32 code could read
64-bit sized properties (/memory nodes on LPAE systems, [2]).
To make this more clear, fix the potential issues and also align more
with other DT users (Linux and U-Boot), introduce functions to explicitly
read uint32 and uint64 properties. As the other DT consumers, we do this
based on the generic "read array" function.
Convert all users to use either of those two new functions, and make
sure we never use a pointer to anything other than uint32_t or uint64_t
variables directly.
This reveals (and fixes) a bug in plat_spmd_manifest.c, where we write
4 bytes into a uint16_t variable (passed via a void pointer).
Also we change the implementation of the function to better align with
other libfdt users, by using the right types (fdt32_t) and common
variable names (*prop, prop_names).
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi#n874
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/boot/dts/ecx-2000.dts
Change-Id: I718de960515117ac7a3331a1b177d2ec224a3890
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Currently our fdtw_read_array() implementation requires the length of
the property to exactly match the requested size, which makes it less
flexible for parsing generic device trees.
Also the name is slightly misleading, since we treat the cells of the
array as 32 bit unsigned integers, performing the endianess conversion.
To fix those issues and align the code more with other DT users (Linux
kernel or U-Boot), rename the function to "fdt_read_uint32_array", and
relax the length check to only check if the property covers at least the
number of cells we request.
This also changes the variable names to be more in-line with other DT
users, and switches to the proper data types.
This makes this function more useful in later patches.
Change-Id: Id86f4f588ffcb5106d4476763ecdfe35a735fa6c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
RD-Daniel Config-XLR platform has four identical chips connected via a
high speed coherent CCIX link. Each chip has four Neoverse cores
connected via coherent CMN interconnect.
Change-Id: I37d1b91f2b6ba08f61c64d0288bc16a429836c08
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
This commit fixes an assertion that was triggering in certain contexts:
ERROR: mmap_add_region_check() failed. error -22
ASSERT: lib/xlat_tables_v2/xlat_tables_core.c:790
Change-Id: Ia55b3fb4f496c8cd791ea6093d122edae0a7e92a
Signed-off-by: Chris Kay <chris.kay@arm.com>
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
By writing 0 to CLUSTERPWRDN DSU register bit 0, we send an
advisory to the power controller that cluster power is not required
when all cores are powered down.
The AArch32 CLUSTERPWRDN register is architecturally mapped to the
AArch64 CLUSTERPWRDN_EL1 register
Change-Id: Ie6e67c1c7d811fa25c51e2e405ca7f59bd20c81b
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
A single chip platform requires five mmap entries and a corresponding
number of translation tables. For every additional chip in the system,
three additional mmap entries are required to map the shared SRAM and
the IO regions. A corresponding number of additional translation
tables are required as well.
Change-Id: I1332a1305f2af62181387cf36954f6fb0e6f11ed
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
The arm_fpga platform code contains an dubious line to initialise some
timer. On closer inspection this turn out to be bogus, as this was only
needed on some special (older) FPGA board, and is actually not needed on
the current model. Also the base address was wrong anyways.
Remove the code entirely.
Change-Id: I02e71aea645051b5addb42d972d7a79f04b81106
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
RD-Daniel uses GIC-Clayton as its interrupt controller which is an
implementation of GICv4.1 architecture. Hence for RD-Daniel, enable
GICv4 extension support.
Change-Id: I45ae8c82376f8fe8fc0666306822ae2db74e71b8
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
This patch adds support for GICv4 extension for FVP platform.
Change-Id: Ia389b61266af669b1ca9b999a8b76476cab214f4
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Increased the maximum size of BL2 image in order to
accommodate the BL2 image when TF-A build with no compiler
optimization for ARM platform.
Note: As of now, "no compiler optimization" build works
only when TRUSTED_BOOT_BOARD option is set to 0.
This change is verified using below CI configuration:
1. juno-no-optimize-default:juno-linux.uboot
2. fvp-no-optimize-default,fvp-default:fvp-tftf-fip.tftf-aemv8a-debug
Change-Id: I5932621237f8acd1b510682388f3ba78eae90ea4
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
with commit a6ea06f5, the way platform includes gicv3 files has been
modified, this patch adapts to new method of including gicv3 files
for arm_fpga platform.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ic5ccae842b39b7db06d4f23c5738b174c42edf63
The platform io policies array is now always accessed through a fconf getter.
This gives us an ideal spot to check for out-of-bound accesses.
Remove the assertion in plat_get_image_source(), which is now redundant.
Change-Id: Iefe808d530229073b68cbd164d927b8b6662a217
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
As GCC manual says, -D option defines a macro as 1, if =<value> is omitted.
-D <name>
Predefine <name> as a macro, with definition 1.
The same applied with Clang, too.
In the context of -D option, =1 is always redundant.
Change-Id: I487489a1ea3eb51e734741619c1e65dab1420bc4
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-D is a preprocessor flag that defines a macro. So, adding it to
BL*_CPPFLAGS makes more sense. You can reference it not only from
.c files but also from .S files.
Change-Id: Ib4f2f27a3ed3eae476a6a32da7ab5225ad0649de
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
1. Necessary changes to platform makefile to include fw_config
device tree and package it in fip.bin
2. Removed hw_config node from fw_config dts as there is no
HW_CONFIG device tree source for sgm775
3. Added mbedtls_heap related properties for TBBR functionality
Change-Id: I26b940c65b17ad2fb5537141f8649785bb0fd4ad
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Moved SMCCC defines from plat_arm.h to new <smccc_def.h> header
and include this header in all ARM platforms.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I4cbc69c7b9307461de87b7c7bf200dd9b810e485
This patch moves all GICv3 driver files into new added
'gicv3.mk' makefile for the benefit of the generic driver
which can evolve in the future without affecting platforms.
The patch adds GICv3 driver configuration flags
'GICV3_IMPL', 'GICV3_IMPL_GIC600_MULTICHIP' and
'GICV3_OVERRIDE_DISTIF_PWR_OPS' described in
'GICv3 driver options' section of 'build-option.rst'
document.
NOTE: Platforms with GICv3 driver need to be modified to
include 'drivers/arm/gic/v3/gicv3.mk' in their makefiles.
Change-Id: If055f6770ff20f5dee5a3c99ae7ced7cdcac5c44
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Use ARRAY_SIZE macro instead of sizeof operator to obtain the maximum
number of SCMI channels supported on the platform.
Change-Id: Id922bb548af98ac99b4ac0c34e38e589e5a80b2d
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
* changes:
plat/arm/board/arm_fpga: Compile with additional CPU libraries
plat/arm/board/arm_fpga: Enable position-independent execution
plat/arm/board/arm_fpga: Enable port for alternative cluster configurations
plat/arm/board/arm_fpga: Initialize the Generic Interrupt Controller
plat/arm/board/arm_fpga: Initialize the System Counter
plat/arm/board/arm_fpga: Add PSCI implementation for FPGA images
plat/arm/board/arm_fpga: Use preloaded BL33 alternative boot flow
plat/arm/board/arm_fpga: Enable basic BL31 port for an FPGA image
This change is part of the goal of enabling the port to be compatible
with multiple FPGA images.
BL31 behaves differently depending on whether or not the CPUs in the
system use cache coherency, and as a result any CPU libraries that are
compiled together must serve processors that are consistent in this
regard.
This compiles a different set of CPU libraries depending on whether or
not the HW_ASSISTED_COHERENCY is enabled at build-time to indicate the
CPUs support hardware-level support for cache coherency. This build
flag is used in the makefile in the same way as the Arm FVP port.
Signed-off-by: Oliver Swede <oli.swede@arm.com>
Change-Id: I18300b4443176b89767015e3688c0f315a91c27e
This allows the BL31 port to run with position-independent execution
enabled so that it can be ran from any address in the system.
This increases the flexibility of the image, allowing it to be ran from
other locations rather than only its hardcoded absolute address
(currently set to the typical DRAM base of 2GB). This may be useful for
future images that describe system configurations with other memory
layouts (e.g. where SRAM is included).
It does this by setting ENABLE_PIE=1 and changing the absolute
address to 0. The load address of bl31.bin can then be specified by
the -l [load address] argument in the fpga-run command (additionally,
this address is required by any preceding payloads that specify the
start address. For ELF payloads this is usually extracted automatically
by reading the entrypoint address in the header, however bl31.bin is a
different file format so has this additional dependency).
Signed-off-by: Oliver Swede <oli.swede@arm.com>
Change-Id: Idd74787796ab0cf605fe2701163d9c4b3223a143
This change is part of the goal of enabling the port to be compatible
with multiple FPGA images.
The BL31 port that is uploaded as a payload to the FPGA with an image
should cater for a wide variety of system configurations. This patch
makes the necessary changes to enable it to function with images whose
cluster configurations may be larger (either by utilizing more
clusters, more CPUs per cluster, more threads in each CPU, or a
combination) than the initial image being used for testing.
As part of this, the hard-coded values that configure the size of the
array describing the topology of the power domain tree are increased
to max. 8 clusters, max. 8 cores per cluster & max 4 threads per core.
This ensures the port works with cluster configurations up to these
sizes. When there are too many entries for the number of available PEs,
e.g. if there is a variable number of CPUs between clusters, then there
will be empty entries in the array. This is permitted and the PSCI
library will still function as expected. While this increases its size,
this shouldn't be an issue in the context of the size of BL31, and is
worth the trade-off for the extra compatibility.
Signed-off-by: Oliver Swede <oli.swede@arm.com>
Change-Id: I7d4ae1e20b2e99fdbac428d122a2cf9445394363
This initializes the GIC using the Arm GIC drivers in TF-A.
The initial FPGA image uses a GIC600 implementation, and so that its
power controller is enabled, this platform port calls the corresponding
implementation-specific routines.
Signed-off-by: Oliver Swede <oli.swede@arm.com>
Change-Id: I88d5a073eead4b653b1ca73273182cd98a95e4c5
This sets the frequency of the system counter so that the Delay Timer
driver programs the correct value to CNTCRL. This value depends on
the FPGA image being used, and is 10MHz for the initial test image.
Once configured, the BL31 platform setup sequence then enables the
system counter.
Signed-off-by: Oliver Swede <oli.swede@arm.com>
Change-Id: Ieb036a36fd990f350b5953357424a255b8ac5d5a
This adds a basic PSCI implementation allow secondary CPUs to be
released from an initial state and continue through to the warm boot
entrypoint.
Each secondary CPU is kept in a holding pen, whereby it polls the value
representing its hold state, by reading this from an array that acts as
a table for all the PEs. The hold states are initially set to 0 for all
cores to indicate that the executing core should continue polling.
To prevent the secondary CPUs from interfering with the platform's
initialization, they are only updated by the primary CPU once the cold
boot sequence has completed and fpga_pwr_domain_on(mpidr) is called.
The polling target CPU will then read 1 (which indicates that it should
branch to the warm reset entrypoint) and then jump to that address
rather than continue polling.
In addition to the initial polling behaviour of the secondary CPUs
before their warm boot reset sequence, they are also placed in a
low-power wfe() state at the end of each poll; accordingly, the PSCI
fpga_pwr_domain_on(mpidr) function also signals an event to all cores
(after updating the target CPU's hold entry) to wake them from this
state, allowing any secondary CPUs that are still polling to check
their hold state again.
This method is in accordance with both the PSCI and Linux kernel
recommendations, as the lessened overhead reduces the energy
consumption associated with the busy-loop.
The table of hold entries is implemented by a global array as shared SRAM
(which is used by other platforms in similar implementations) is not
available on the FPGA images.
Signed-off-by: Oliver Swede <oli.swede@arm.com>
Change-Id: I65cfd1892f8be1dfcb285f0e1e94e7a9870cdf5a
This makes use of the PRELOADED_BL33_BASE flag to indicate to BL31 that
the BL33 payload (kernel) has already been loaded and resides in memory;
BL31 will then jump to the non-secure address.
For this port the BL33 payload is the Linux kernel, and in accordance
with the pre-kernel setup requirements (as specified in the `Booting
AArch64 Linux' documentation:
https://www.kernel.org/doc/Documentation/arm64/booting.txt),
this change also sets up the primary CPU's registers x0-x3 so they are
the expected values, which includes the address of the DTB at x0.
An external linker script is currently required to combine BL31, the
BL33 payload, and any other software images to create an ELF file that
can be uploaded to the FPGA board along with the bit file. It therefore
has dependencies on the value of PRELOADED_BL33_BASE (kernel base) and
the DTB base (plus any other relevant base addresses used to
distinguish the different ELF sections), both of which are set in this
patch.
Signed-off-by: Oliver Swede <oli.swede@arm.com>
Change-Id: If7ae8ee82d1e09fb05f553f6077ae13680dbf66b
This adds the minimal functions and definitions to create a basic
BL31 port for an initial FPGA image, in order for the port to be
uploaded to one the FPGA boards operated by an internal group within
Arm, such that BL31 runs as a payload for an image.
Future changes will enable the port for a wide range of system
configurations running on the FPGA boards to ensure compatibility with
multiple FPGA images.
It is expected that this will replace the FPGA fork of the Linux kernel
bootwrapper by performing similar secure-world initialization and setup
through the use of drivers and other well-established methods, before
passing control to the kernel, which will act as the BL33 payload and
run in EL2NS.
This change introduces a basic, loadable port with the console
initialized by setting the baud rate and base address of the UART as
configured by the Zeus image.
It is a BL31-only port, and RESET_TO_BL31 is enabled to reflect this.
Signed-off-by: Oliver Swede <oli.swede@arm.com>
Change-Id: I1817ad81be00afddcdbbda1ab70eb697203178e2
This patch provides support for measured boot by adding calculation
of BL2 image hash in BL1 and writing these data in TB_FW_CONFIG DTB.
Change-Id: Ic074a7ed19b14956719c271c805b35d147b7cec1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
When SPD=spmd and SPMD_SPM_AT_SEL2=0, that is SPMC sits at S-EL1
then there is no need for TF-A to load secure partitions individually.
In this configuration, SPMC handles secure partition loading at
S-EL1/EL0 levels.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I06a0d88a4811274a8c347ce57b56bb5f64e345df
To demonstrate communication between SP's two instances of Cactus at
S-EL1 has been used.
This patch replaces Ivy SP with cactus-secondary SP which aligns with
changes in tf-a-tests repository.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Iee84f1f7f023b7c4f23fbc13682a42614a7f3707
When using the SPM Dispatcher, the SPMC sits as a BL32 component
(BL32_IMAGE_ID). The SPMC manifest is passed as the TOS fw config
component (TOS_FW_CONFIG_ID). It defines platform specific attributes
(memory range and physical CPU layout) as well as the attributes for
each secure partition (mostly load address). This manifest is passed
to the SPMC on boot up. An SP package contains the SP dtb in the SPCI
defined partition manifest format. As the SPMC manifest was enriched
it needs an increase of tos_fw-config max-size in fvp_fw_config dts.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ia1dce00c6c4cbaa118fa56617980d32e2956a94e
Rather than creating entry in plat_arm_mmap array to map the
entire DRAM region in BL31/SP_MIN, only map a smaller region holding
HW_CONFIG DTB. Consequently, an increase in number of sub-translation
tables(level-2 and level-3) i.e., MAX_XLAT_TABLES is necessary to map
the new region in memory.
In order to accommodate the increased code size in BL31 i.e.,
PROGBITS, the max size of BL31 image is increased by 0x1000(4K).
Change-Id: I540b8ee550588e22a3a9fb218183d2ab8061c851
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Implemented SMCCC_ARCH_SOC_ID call in order to get below
SOC information:
1. SOC revision
2. SOC version
Implementation done using below SMCCC specification document:
https://developer.arm.com/docs/den0028/c
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ie0595f1c345a6429a6fb4a7f05534a0ca9c9a48b
Merge the previously introduced arm_fconf_io_storage into arm_io_storage. This
removes the duplicate io_policies and functions definition.
This patch:
- replace arm_io_storage.c with the content of arm_fconf_io_storage.c
- rename the USE_FCONF_BASED_IO option into ARM_IO_IN_DTB.
- use the ARM_IO_IN_DTB option to compile out io_policies moved in dtb.
- propagate DEFINES when parsing dts.
- use ARM_IO_IN_DTB to include or not uuid nodes in fw_config dtb.
- set the ARM_IO_IN_DTB to 0 by default for fvp. This ensure that the behavior
of fvp stays the same as it was before the introduction of fconf.
Change-Id: Ia774a96d1d3a2bccad29f7ce2e2b4c21b26c080e
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
This patch introduces the `SPCI_ID_GET` interface which will return the
ID of the calling SPCI component. Returns 0 for requests from the
non-secure world and the SPCI component ID as specified in the manifest
for secure world requests.
Change-Id: Icf81eb1d0e1d7d5c521571e04972b6e2d356e0d1
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
To accommodate the increasing size of the SCP_BL2 binary, the base
address of the memory region allocated to SCP_BL2 has been moved
downwards from its current (mostly) arbitrary address to the beginning
of the non-shared trusted SRAM.
Change-Id: I086a3765bf3ea88f45525223d765dc0dbad6b434
Signed-off-by: Chris Kay <chris.kay@arm.com>
Add CLCD, HDLCD, PCI and VIRTIO devices as source interfaces for TZC
filter unit to enable DMA for these devices.
Change-Id: Ifad2e56b18605311936e03cfcccda573cac7e60a
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
The motivation behind this patch and following patches is to extract
information about the platform in runtime rather than depending on
compile time macros such as FVP_CLUSTER_COUNT. This partially enables
us to use a single binary for a family of platforms which all have
similar hardware capabilities but differ in configurations.
we populate the data structure describing the power domain hierarchy
of the platform dynamically by querying the number of clusters and cpus
using fconf getter APIs. Compile time macro such as FVP_CLUSTER_COUNT
is still needed as it determines the size of related data structures.
Note that the cpu-map node in HW_CONFIG dts represents a logical
hierarchy of power domains of CPU. However, in reality, the power
domains may not have been physically built in such hierarchy.
Change-Id: Ibcbb5ca7b2c969f8ad03ab2eab289725245af7a9
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Create, register( and implicitly invoke) fconf_populate_topology()
function which extracts the topology related properties from dtb into
the newly created fconf based configuration structure 'soc_topology'.
Appropriate libfdt APIs are added to jmptbl.i file for use with USE_ROMLIB
build feature.
A new property which describes the power domain levels is added to the
HW_CONFIG device tree source files.
This patch also fixes a minor bug in the common device tree file
fvp-base-gicv3-psci-dynamiq-common.dtsi
As this file includes fvp-base-gicv3-psci-common.dtsi, it is necessary
to delete all previous cluster node definitons because DynamIQ based
models have upto 8 CPUs in each cluster. If not deleted, the final dts
would have an inaccurate description of SoC topology, i.e., cluster0
with 8 or more core nodes and cluster1 with 4 core nodes.
Change-Id: I9eb406da3ba4732008a66c01afec7c9fa8ef59bf
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Necessary infrastructure added to integrate fconf framework in BL31 & SP_MIN.
Created few populator() functions which parse HW_CONFIG device tree
and registered them with fconf framework. Many of the changes are
only applicable for fvp platform.
This patch:
1. Adds necessary symbols and sections in BL31, SP_MIN linker script
2. Adds necessary memory map entry for translation in BL31, SP_MIN
3. Creates an abstraction layer for hardware configuration based on
fconf framework
4. Adds necessary changes to build flow (makefiles)
5. Minimal callback to read hw_config dtb for capturing properties
related to GIC(interrupt-controller node)
6. updates the fconf documentation
Change-Id: Ib6292071f674ef093962b9e8ba0d322b7bf919af
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
A populate() function essentially captures the value of a property,
defined by a platform, into a fconf related c structure. Such a
callback is usually platform specific and is associated to a specific
configuration source.
For example, a populate() function which captures the hardware topology
of the platform can only parse HW_CONFIG DTB. Hence each populator
function must be registered with a specific 'config_type' identifier.
It broadly represents a logical grouping of configuration properties
which is usually a device tree source file.
Example:
> TB_FW: properties related to trusted firmware such as IO policies,
base address of other DTBs, mbedtls heap info etc.
> HW_CONFIG: properties related to hardware configuration of the SoC
such as topology, GIC controller, PSCI hooks, CPU ID etc.
This patch modifies FCONF_REGISTER_POPULATOR macro and fconf_populate()
to register and invoke the appropriate callbacks selectively based on
configuration type.
Change-Id: I6f63b1fd7a8729c6c9137d5b63270af1857bb44a
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Shared RAM region in the remote chip's memory is used as one of the
mailbox region (SCMI payload area) through which the AP core on the
local chip and SCP core on the remote chip exchange SCMI protocol
message during the initialization. Mark this region as non-cacheable in
the MMAP entry to prevent local AP core from reading stale data from the
cache.
Change-Id: I7e9dc5fbcc3b40e9bcff5499f15abd2aadaed385
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Since N1SDP has a system level cache which is an
external LLC enable the NEOVERSE_N1_EXTERNAL_LLC flag.
Change-Id: Idb34274e61e7fd9db5485862a0caa497f3e290c7
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
* changes:
plat/arm: Pass cookie argument down to arm_get_rotpk_info()
plat/arm: Add support for dualroot CoT
plat/arm: Provide some PROTK files for development
This patch provides separation of GICD, GICR accessor
functions and adds new macros for GICv3 registers access
as a preparation for GICv3.1 and GICv4 support.
NOTE: Platforms need to modify to include both
'gicdv3_helpers.c' and 'gicrv3_helpers.c' instead of the
single helper file previously.
Change-Id: I1641bd6d217d6eb7d1228be3c4177b2d556da60a
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch implements loading of Secure Partition packages using
existing framework of loading other bl images.
The current framework uses a statically defined array to store all the
possible image types and at run time generates a link list and traverse
through it to load different images.
To load SPs, a new array of fixed size is introduced which will be
dynamically populated based on number of SPs available in the system
and it will be appended to the loadable images list.
Change-Id: I8309f63595f2a71b28a73b922d20ccba9c4f6ae4
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Added SPMD_SPM_AT_SEL2 build command line parameter.
Set to 1 to run SPM at S-EL2.
Set to 0 to run SPM at S-EL1 (pre-v8.4 or S-EL2 is disabled).
Removed runtime EL from SPM core manifest.
Change-Id: Icb4f5ea4c800f266880db1d410d63fe27a1171c0
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Add load address and UUID in fw config dts for Cactus and Ivy which are
example SP's in tf-test repository.
For prototype purpose these information is added manually but later on
it will be updated at compile time from SP layout file and SP manifests
provided by platform.
Change-Id: I41f485e0245d882c7b514bad41fae34036597ce4
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Use the firmware configuration framework to retrieve information about
Secure Partitions to facilitate loading them into memory.
To load a SP image we need UUID look-up into FIP and the load address
where it needs to be loaded in memory.
This patch introduces a SP populator function which gets UUID and load
address from firmware config device tree and updates its C data
structure.
Change-Id: I17faec41803df9a76712dcc8b67cadb1c9daf8cd
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
* changes:
board/rddaniel: intialize tzc400 controllers
plat/arm/tzc: add support to configure multiple tzc400
plat/arm: allow boards to specify second DRAM Base address
plat/arm: allow boards to define PLAT_ARM_TZC_FILTERS
MISRA C-2012 Rule 20.7:
Macro parameter expands into an expression without being wrapped by parentheses.
MISRA C-2012 Rule 12.1:
Missing explicit parentheses on sub-expression.
MISRA C-2012 Rule 18.4:
Essential type of the left hand operand is not the same as that of the right
operand.
Include does not provide any needed symbols.
Change-Id: Ie1c6451cfbc8f519146c28b2cf15c50b1f36adc8
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
This patch fixes incorrect setting for DEVICE1_SIZE
for FVP platforms with more than 8 PEs.
The current value of 0x200000 supports only 8 PEs
and causes exception for FVP platforms with the greater
number of PEs, e.g. FVP_Base_Cortex_A65AEx8 with 16 PEs
in one cluster.
Change-Id: Ie6391509fe6eeafb8ba779303636cd762e7d21b2
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: I7a23327394d142af4b293ea7ccd90b843c54587c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch introduces a build flag which allows the xlat tables
to be mapped in a read-only region within BL31 memory. It makes it
much harder for someone who has acquired the ability to write to
arbitrary secure memory addresses to gain control of the
translation tables.
The memory attributes of the descriptors describing the tables
themselves are changed to read-only secure data. This change
happens at the end of BL31 runtime setup. Until this point, the
tables have read-write permissions. This gives a window of
opportunity for changes to be made to the tables with the MMU on
(e.g. reclaiming init code). No changes can be made to the tables
with the MMU turned on from this point onwards. This change is also
enabled for sp_min and tspd.
To make all this possible, the base table was moved to .rodata. The
penalty we pay is that now .rodata must be aligned to the size of
the base table (512B alignment). Still, this is better than putting
the base table with the higher level tables in the xlat_table
section, as that would cost us a full 4KB page.
Changing the tables from read-write to read-only cannot be done with
the MMU on, as the break-before-make sequence would invalidate the
descriptor which resolves the level 3 page table where that very
descriptor is located. This would make the translation required for
writing the changes impossible, generating an MMU fault.
The caches are also flushed.
Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>
Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
The dualroot chain of trust involves 2 root-of-trust public keys:
- The classic ROTPK.
- The platform ROTPK (a.k.a. PROTPK).
Use the cookie argument as a key ID for plat_get_rotpk_info() to return the
appropriate one. This only applies if we are using the dualroot CoT ; if using
the TBBR one, the behaviour is unchanged.
Change-Id: I400707a87ec01afd5922b68db31d652d787f79bd
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The cookie will be leveraged in the next commit.
Change-Id: Ie8bad275d856d84c27466461cf815529dd860446
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
- Use the development PROTPK if using the dualroot CoT.
Note that unlike the ROTPK, the PROTPK key hash file is not generated
from the key file, instead it has to be provided. This might be
enhanced in the future.
- Define a CoT build flag for the platform code to provide different
implementations where needed.
Change-Id: Iaaf25183b94e77a99a5d8d875831d90c102a97ea
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
When using the new dualroot chain of trust, a new root of trust key is
needed to authenticate the images belonging to the platform owner.
Provide a development one to deploy this on Arm platforms.
Change-Id: I481145e09aa564822d474cb47d38ec211dd24efd
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
A TZC400 controller is placed inline on DRAM channels and regulates
the secure and non-secure accesses to both secure and non-secure
regions of the DRAM memory. Configure each of the TZC controllers
accordingly.
Change-Id: I75f6d13591a7fe9e50ce15c793e35a8018041815
Signed-off-by: Suyash Pathak <suyash.pathak@arm.com>
For platforms that have two or more TZC400 controllers instantiated,
allow the TZC400 driver to be usable with all those instances.
This is achieved by allowing 'arm_tzc400_setup' function to accept
the base address of the TZC400 controller.
Change-Id: I4add470e6ddb58432cd066145e644112400ab924
Signed-off-by: Suyash Pathak <suyash.pathak@arm.com>
The base address for second DRAM varies across different platforms.
So allow platforms to define second DRAM by moving Juno/SGM-775 specific
definition of second DRAM base address to Juno/SGM-775 board definition
respectively, SGI/RD specific definition of DRAM 2 base address to SGI
board definition.
Change-Id: I0ecd3a2bd600b6c7019c7f06f8c452952bd07cae
Signed-off-by: Suyash Pathak <suyash.pathak@arm.com>
A TZC400 can have upto 4 filters and the number of filters instantiated
within a TZC400 is platform dependent. So allow platforms to define the
value of PLAT_ARM_TZC_FILTERS by moving the existing Juno specific
definition of PLAT_ARM_TZC_FILTERS to Juno board definitions.
Change-Id: I67a63d7336595bbfdce3163f9a9473e15e266f40
Signed-off-by: Suyash Pathak <suyash.pathak@arm.com>
Use CREATE_SEQ helper macro to create sequence of valid chip counts
instead of manually creating the sequence. This allows a scalable
approach to increase the valid chip count sequence in the future.
Change-Id: I5ca7a00460325c156b9e9e52b2bf656a2e43f82d
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
When TF-A is built with RESET_TO_BL31=1 option, BL31 is the
first image to be run and should have all the memory allocated
to it except for the memory reserved for Shared RAM at the start
of Trusted SRAM.
This patch fixes FVP BL31 load address and its image size for
RESET_TO_BL31=1 option. BL31 startup address should be set to
0x400_1000 and its maximum image size to the size of Trusted SRAM
minus the first 4KB of shared memory.
Loading BL31 at 0x0402_0000 as it is currently stated in
'\docs\plat\arm\fvp\index.rst' causes EL3 exception when the
image size gets increased (i.e. building with LOG_LEVEL=50)
but doesn't exceed 0x3B000 not causing build error.
Change-Id: Ie450baaf247f1577112f8d143b24e76c39d33e91
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Adding support for 32MHz UART clock and selecting it as the
default UART clock
Change-Id: I9541eaff70424e85a3b5ee4820ca0e7efb040d2c
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Running checkpatch.pl on the codebase and making required changes
Change-Id: I7d3f8764cef632ab2a6d3c355c68f590440b85b8
Signed-off-by: Avinash Mehta <avinash.mehta@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Note: This patch implements in-band messaging protocol only.
ARM has launched a next version of MHU i.e. MHUv2 with its latest
subsystems. The main change is that the MHUv2 is now a distributed IP
with different peripheral views (registers) for the sender and receiver.
Another main difference is that MHUv1 duplex channels are now split into
simplex/half duplex in MHUv2. MHUv2 has a configurable number of
communication channels. There is a capability register (MSG_NO_CAP) to
find out how many channels are available in a system.
The register offsets have also changed for STAT, SET & CLEAR registers
from 0x0, 0x8 & 0x10 in MHUv1 to 0x0, 0xC & 0x8 in MHUv2 respectively.
0x0 0x4 0x8 0xC 0x1F
------------------------....-----
| STAT | | | SET | | |
------------------------....-----
Transmit Channel
0x0 0x4 0x8 0xC 0x1F
------------------------....-----
| STAT | | CLR | | | |
------------------------....-----
Receive Channel
The MHU controller can request the receiver to wake-up and once the
request is removed, the receiver may go back to sleep, but the MHU
itself does not actively put a receiver to sleep.
So, in order to wake-up the receiver when the sender wants to send data,
the sender has to set ACCESS_REQUEST register first in order to wake-up
receiver, state of which can be detected using ACCESS_READY register.
ACCESS_REQUEST has an offset of 0xF88 & ACCESS_READY has an offset
of 0xF8C and are accessible only on any sender channel.
This patch adds necessary changes in a new file required to support the
latest MHUv2 controller. This patch also needs an update in DT binding
for ARM MHUv2 as we need a second register base (tx base) which would
be used as the send channel base.
Change-Id: I1455e08b3d88671a191c558790c503eabe07a8e6
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Adding support for generating a semi-random number required for
enabling building TF-A with stack protector support.
TF-A for corstone-700 may now be built using ENABLE_STACK_PROTECTOR=all
Change-Id: I03e1be1a8d4e4a822cf286f3b9ad4da4337ca765
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Forced hash generation used to always generate hash via RSA encryption.
This patch changes encryption based on ARM_ROTPK_LOCATION.
Also removes setting KEY_ALG based on ARM_ROTPL_LOCATION - there is no
relation between these two.
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: Id727d2ed06176a243719fd0adfa0cae26c325005
* changes:
SPMD: enable SPM dispatcher support
SPMD: hook SPMD into standard services framework
SPMD: add SPM dispatcher based upon SPCI Beta 0 spec
SPMD: add support to run BL32 in TDRAM and BL31 in secure DRAM on Arm FVP
SPMD: add support for an example SPM core manifest
SPMD: add SPCI Beta 0 specification header file
This patch adds support to the build system to include support for the SPM
dispatcher when the SPD configuration option is spmd.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: Ic1ae50ecd7403fcbcf1d318abdbd6ebdc642f732
This patch reserves and maps the Trusted DRAM for SPM core execution.
It also configures the TrustZone address space controller to run BL31
in secure DRAM.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: I7e1bb3bbc61a0fec6a9cb595964ff553620c21dc
This patch repurposes the TOS FW configuration file as the manifest for
the SPM core component which will reside at the secure EL adjacent to
EL3. The SPM dispatcher component will use the manifest to determine how
the core component must be initialised. Routines and data structure to
parse the manifest have also been added.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: Id94f8ece43b4e05609f0a1d364708a912f6203cb
In preparation for adding support for Reference Design platforms
which have different base addresses for GIC Distributor or
Redistributor, move GIC related base addresses to individual platform
definition files.
Change-Id: Iecf52b4392a30b86905e1cd047c0ff87d59d0191
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Include multi-chip-mode parameter in HW_CONFIG dts to let next stage of
boot firmware know about the multi-chip operation mode.
Change-Id: Ic7535c2280fd57180ad14aa0ae277cf0c4d1337b
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
RD-N1-Edge based platforms can operate in dual-chip configuration
wherein two rdn1edge SoCs are connected through a high speed coherent
CCIX link.
This patch adds a function to check if the RD-N1-Edge platform is
operating in multi-chip mode by reading the SID register's NODE_ID
value. If operating in multi-chip mode, initialize GIC-600 multi-chip
operation by overriding the default GICR frames with array of GICR
frames and setting the chip 0 as routing table owner.
The address space of the second RD-N1-Edge chip (chip 1) starts from the
address 4TB. So increase the physical and virtual address space size to
43 bits to accommodate the multi-chip configuration. If the multi-chip
mode configuration is detected, dynamically add mmap entry for the
peripherals memory region of the second RD-N1-Edge SoC. This is required
to let the BL31 platform setup stage to configure the devices in the
second chip.
PLATFORM_CORE_COUNT macro is set to be multiple of CSS_SGI_CHIP_COUNT
and topology changes are added to represent the dual-chip configuration.
In order the build the dual-chip platform, CSS_SGI_CHIP_COUNT macro
should be set to 2:
export CROSS_COMPILE=<path-to-cross-compiler>
make PLAT=rdn1edge CSS_SGI_CHIP_COUNT=2 ARCH=aarch64 all
Change-Id: I576cdaf71f0b0e41b9a9181fa4feb7091f8c7bb4
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
On systems that have multiple platform components that can interpret the
SCMI messages, there is a need to support multiple SCMI channels (one
each to those platform components). Extend the existing SCMI interface
that currently supports only a single SCMI channel to support multiple
SCMI channels.
Change-Id: Ice4062475b903aef3b5e5bc37df364c9778a62c5
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
In order to allow the MHUv2 driver to be usable with multiple MHUv2
controllers, use the base address of the controller from the platform
information instead of the MHUV2_BASE_ADDR macro.
Change-Id: I4dbab87b929fb0568935e6c8b339ce67937f8cd1
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
AFF3 bits of MPIDR corresponds to Chip-Id in Arm multi-chip platforms.
For calculating linear core position of CPU cores from slave chips, AFF3
bits has to be used. Update `plat_arm_calc_core_pos` assembly function
to include AFF3 bits in calculation.
Change-Id: I4af2bd82ab8e31e18bc61de22705a73893954260
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Some of the Reference Design platforms like RD-N1-Edge can operate in
multi-chip configuration wherein two or more SoCs are connected through
a high speed coherent CCIX link. For the RD platforms, the remote chip
address space is at the offset of 4TB per chip. In order for the primary
chip to access the device memory region on the remote chip, the required
memory region entries need to be added as mmap entry. This patch adds
macros related to the remote chip device memory region.
Change-Id: I833810b96f1a0e7c3c289ac32597b6ba03344c80
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Multi-chip platforms have two or more identical chips connected using a
high speed coherent link. In order to identify such platforms,
add chip_id and multi_chip_mode information in the platform variant
info structure. The values of these two new elements is populated
during boot.
Change-Id: Ie6e89cb33b3f0f408814f6239cd06647053e23ed
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
For SGI-575 and RD platforms, move bl31_platform_setup handler to
individual board files to allow the platforms to perform board specific
bl31 setup.
Change-Id: Ia44bccc0a7f40a155b33909bcb438a0909b20d42
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
RD-E1-Edge platform consists of two clusters with eight CPUs each and
two processing elements (PE) per CPU. Commit a9fbf13e04 (plat/arm/sgi:
move topology information to board folder) defined the RD-E1-Edge
topology tree to have two clusters with eight CPUs each but PE per CPU
entries were not added. This patch fixes the topology tree accordingly.
Change-Id: I7f97f0013be60e5d51c214fce3962e246bae8a0b
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Introduce macro 'CSS_SGI_CHIP_COUNT' to allow Arm CSS platforms with
multi-chip support to define number of chiplets on the platform. By
default, this flag is set to 1 and does not affect the existing single
chip platforms.
For multi-chip platforms, override the default value of
CSS_SGI_CHIP_COUNT with the number of chiplets supported on the
platform. As an example, the command below sets the number of chiplets
to two on the RD-N1-Edge multi-chip platform:
export CROSS_COMPILE=<path-to-cross-compiler>
make PLAT=rdn1edge CSS_SGI_CHIP_COUNT=2 ARCH=aarch64 all
Change-Id: If364dc36bd34b30cc356f74b3e97633933e6c8ee
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Currently, an IO setup failure will be ignored on arm platform release
build. Change this to panic instead.
Change-Id: I027a045bce2422b0a0fc4ff9e9d4c6e7bf5d2f98
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change the return type of "arm_io_is_toc_valid()" and
"plat_arm_bl1_fwu_needed()" to bool, to match function behavior.
Change-Id: I503fba211219a241cb263149ef36ca14e3362a1c
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Use the firmware configuration framework to store the io_policies
information inside the configuration device tree instead of the static
structure in the code base.
The io_policies required by BL1 can't be inside the dtb, as this one is
loaded by BL1, and only available at BL2.
This change currently only applies to FVP platform.
Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Use the firmware configuration framework in arm dynamic configuration
to retrieve mbedtls heap information between bl1 and bl2.
For this, a new fconf getter is added to expose the device tree base
address and size.
Change-Id: Ifa5ac9366ae100e2cdd1f4c8e85fc591b170f4b6
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Use fconf to retrieve the `disable_authentication` property.
Move this access from arm dynamic configuration to bl common.
Change-Id: Ibf184a5c6245d04839222f5457cf5e651f252b86
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
This patch introduces a better separation between the trusted-boot
related properties, and the dynamic configuration DTBs loading
information.
The dynamic configuration DTBs properties are moved to a new node:
`dtb-registry`. All the sub-nodes present will be provided to the
dynamic config framework to be loaded. The node currently only contains
the already defined configuration DTBs, but can be extended for future
features if necessary.
The dynamic config framework is modified to use the abstraction provided
by the fconf framework, instead of directly accessing the DTBs.
The trusted-boot properties are kept under the "arm,tb_fw" compatible
string, but in a separate `tb_fw-config` node.
The `tb_fw-config` property of the `dtb-registry` node simply points
to the load address of `fw_config`, as the `tb_fw-config` is currently
part of the same DTB.
Change-Id: Iceb6c4c2cb92b692b6e28dbdc9fb060f1c46de82
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Use the dtb provided by bl1 as configuration file for fconf.
Change-Id: I3f466ad9b7047e1a361d94e71ac6d693e31496d9
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Move the loading of the dtb from arm_dym_cfg to fconf. The new loading
function is not associated to arm platform anymore, and can be moved
to bl_main if wanted.
Change-Id: I847d07eaba36d31d9d3ed9eba8e58666ea1ba563
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Introduce the Firmware CONfiguration Framework (fconf).
The fconf is an abstraction layer for platform specific data, allowing
a "property" to be queried and a value retrieved without the requesting
entity knowing what backing store is being used to hold the data.
The default backing store used is C structure. If another backing store
has to be used, the platform integrator needs to provide a "populate()"
function to fill the corresponding C structure.
The "populate()" function must be registered to the fconf framework with
the "FCONF_REGISTER_POPULATOR()". This ensures that the function would
be called inside the "fconf_populate()" function.
A two level macro is used as getter:
- the first macro takes 3 parameters and converts it to a function
call: FCONF_GET_PROPERTY(a,b,c) -> a__b_getter(c).
- the second level defines a__b_getter(c) to the matching C structure,
variable, array, function, etc..
Ex: Get a Chain of trust property:
1) FCONF_GET_PROPERY(tbbr, cot, BL2_id) -> tbbr__cot_getter(BL2_id)
2) tbbr__cot_getter(BL2_id) -> cot_desc_ptr[BL2_id]
Change-Id: Id394001353ed295bc680c3f543af0cf8da549469
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Enables usage of ARM_ROTPK_LOCATION=regs for FVP board.
Removes hard-coded developer keys. Instead, setting
ARM_ROTPK_LOCATION=devel_* takes keys from default directory.
In case of ROT_KEY specified - generates a new hash and replaces the
original.
Note: Juno board was tested by original feature author and was not tested
for this patch since we don't have access to the private key. Juno
implementation was moved to board-specific file without changing
functionality. It is not known whether byte-swapping is still needed
for this platform.
Change-Id: I0fdbaca0415cdcd78f3a388551c2e478c01ed986
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Stack usage reaches 90% with some configuration. Bump slightly the stack
size to prevent a stack-overflow.
Change-Id: I44ce8b12906586a42f152b7677785fcdc5e78ae1
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Fix code that violates the MISRA rule:
MISRA C-2012 Rule 11.9: Literal "0" shall not be used as
null pointer constant.
The fix explicitly checks whether a pointer is NULL.
Change-Id: Ibc318dc0f464982be9a34783f24ccd1d44800551
Signed-off-by: Zelalem <zelalem.aweke@arm.com>
This patch adds 'fdtw_read_bytes' and 'fdtw_write_inplace_bytes'
functions for read/write array of bytes from/to a given property.
It also adds 'fdt_setprop_inplace_namelen_partial' to jmptbl.i
files for builds with USE_ROMLIB=1 option.
Change-Id: Ied7b5c8b38a0e21d508aa7bcf5893e656028b14d
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Allows to select the chain of trust to use when the Trusted Boot feature
is enabled. This affects both the cert_create tool and the firmware
itself.
Right now, the only available CoT is TBBR.
Change-Id: I7ab54e66508a1416cb3fcd3dfb0f055696763b3d
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The Secure Configuration Register is 64-bits in AArch64 and 32-bits in
AArch32. Use u_register_t instead of unsigned int to reflect this.
Change-Id: I51b69467baba36bf0cfaec2595dc8837b1566934
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
In order to support SEPARATE_NOBITS_REGION for Arm platforms, we need to load
BL31 PROGBITS into secure DRAM space and BL31 NOBITS into SRAM. Hence mandate
the build to require that ARM_BL31_IN_DRAM is enabled as well.
Naturally with SEPARATE_NOBITS_REGION enabled, the BL31 initialization code
cannot be reclaimed to be used for runtime data such as secondary cpu stacks.
Memory map for BL31 NOBITS region also has to be created.
Change-Id: Ibbc8c9499a32e63fd0957a6e254608fbf6fa90c9
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The platform topology description of the upcoming Arm's RD platforms
have different topology than those listed in the sgi_topology.c file. So
instead of adding platform specific topology into existing
sgi_topology.c file, those can be added to respective board files. In
order to maintain consistency with the upcoming platforms, move the
existing platform topology description to respective board files.
Change-Id: I4689c7d24cd0c75a3dc234370c34a85c08598abb
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
As on SGI platforms, SCPI is unsupported on SGM platforms.
Change-Id: I556ed095b9eb55b72447230ee2725d3c76160a08
Signed-off-by: Chris Kay <chris.kay@arm.com>
In order to support SEPARATE_NOBITS_REGION for Arm platforms, we need to load
BL31 PROGBITS into secure DRAM space and BL31 NOBITS into SRAM. Hence mandate
the build to require that ARM_BL31_IN_DRAM is enabled as well.
Naturally with SEPARATE_NOBITS_REGION enabled, the BL31 initialization code
cannot be reclaimed to be used for runtime data such as secondary cpu stacks.
Memory map for BL31 NOBITS region also has to be created.
Change-Id: Ibd480f82c1dc74e9cbb54eec07d7a8fecbf25433
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
NOTE for platform integrators:
API `plat_psci_stat_get_residency()` third argument
`last_cpu_idx` is changed from "signed int" to the
"unsigned int" type.
Issue / Trouble points
1. cpu_idx is used as mix of `unsigned int` and `signed int` in code
with typecasting at some places leading to coverity issues.
2. Underlying platform API's return cpu_idx as `unsigned int`
and comparison is performed with platform specific defines
`PLAFORM_xxx` which is not consistent
Misra Rule 10.4:
The value of a complex expression of integer type may only be cast to
a type that is narrower and of the same signedness as the underlying
type of the expression.
Based on above points, cpu_idx is kept as `unsigned int` to match
the API's and low-level functions and platform defines are updated
where ever required
Signed-off-by: Deepika Bhavnani <deepika.bhavnani@arm.com>
Change-Id: Ib26fd16e420c35527204b126b9b91e8babcc3a5c
This patch removes re-definition of the following FVP build
options from plat\arm\board\fvp\fvp_def.h:
'FVP_CLUSTER_COUNT'
'FVP_MAX_CPUS_PER_CLUSTER'
'FVP_MAX_PE_PER_CPU'
which are set in platform.mk.
This fixes a potential problem when a build option set in
platform.mk file can be re-defined in fvp_def.h header file
used by other build component with a different makefile which
does not set this option.
Ref. GENFW-3505.
Change-Id: I4288629920516acf2c239c7b733f92a0c5a812ff
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
The reclaim init code functionality relies on forward reference in the
linker script. The LLVM linker does not process it correctly.
Change-Id: I993aeb9587bfa07af25b60ed823a6a2c5e970c94
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Point boot address to DDR location for booting A5DS FPGA
FIP, Kernel and rootfs are sideloaded to DDR
Also move BL2 to higher address in DDR
Change-Id: Ia2a57a0bda776a1a0a96bcd3cfb5c6cd2cf4dc04
Signed-off-by: Avinash Mehta <avinash.mehta@arm.com>
Correct the system, timer and uart frequencies to successfully run
the stack on FPGA
Correct Cortex-A5MPcore to 8 word granularity for Cache writeback
Change-Id: I2c59c26b7dca440791ad39f2297c68ae513da7b6
Signed-off-by: Avinash Mehta <avinash.mehta@arm.com>
The SCU connects one to four Cortex-A5/Cortex-A9 processors
to the memory system through the AXI interfaces.
The SCU functions are to:
- maintain data cache coherency between the Cortex-A5/Cortex-A9
processors
- initiate L2 AXI memory accesses
- arbitrate between Cortex-A5/Cortex-A9 processors requesting
L2 accesses
- manage ACP accesses.
Snoop Control Unit will enable to snoop on other CPUs caches.
This is very important when it comes to synchronizing data between
CPUs. As an example, there is a high chance that data might be
cache'd and other CPUs can't see the change. In such cases,
if snoop control unit is enabled, data is synchoronized immediately
between CPUs and the changes are visible to other CPUs.
This driver provides functionality to enable SCU as well as enabling
user to know the following
- number of CPUs present
- is a particular CPU operating in SMP mode or AMP mode
- data cache size of a particular CPU
- does SCU has ACP port
- is L2CPRESENT
Change-Id: I0d977970154fa60df57caf449200d471f02312a0
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
The contents of this header have been merged into the spm_mm_svc.h
header file.
Change-Id: I01530b2e4ec1b4c091ce339758025e2216e740a4
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Before adding any new SPM-related components we should first do
some cleanup around the existing SPM-MM implementation. The aim
is to make sure that any SPM-MM components have names that clearly
indicate that they are MM-related. Otherwise, when adding new SPM
code, it could quickly become confusing as it would be unclear to
which component the code belongs.
The secure_partition.h header is a clear example of this, as the
name is generic so it could easily apply to any SPM-related code,
when it is in fact SPM-MM specific.
This patch renames the file and the two structures defined within
it, and then modifies any references in files that use the header.
Change-Id: I44bd95fab774c358178b3e81262a16da500fda26
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The Secure Partition Manager (SPM) prototype implementation is
being removed. This is preparatory work for putting in place a
dispatcher component that, in turn, enables partition managers
at S-EL2 / S-EL1.
This patch removes:
- The core service files (std_svc/spm)
- The Resource Descriptor headers (include/services)
- SPRT protocol support and service definitions
- SPCI protocol support and service definitions
Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
There are two different implementations of Secure Partition
management in TF-A. One is based on the "Management Mode" (MM)
design, the other is based on the Secure Partition Client Interface
(SPCI) specification. Currently there is a dependency between their
build flags that shouldn't exist, making further development
harder than it should be. This patch removes that
dependency, making the two flags function independently.
Before: ENABLE_SPM=1 is required for using either implementation.
By default, the SPCI-based implementation is enabled and
this is overridden if SPM_MM=1.
After: ENABLE_SPM=1 enables the SPCI-based implementation.
SPM_MM=1 enables the MM-based implementation.
The two build flags are mutually exclusive.
Note that the name of the ENABLE_SPM flag remains a bit
ambiguous - this will be improved in a subsequent patch. For this
patch the intention was to leave the name as-is so that it is
easier to track the changes that were made.
Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
This patch fixes the bug in BL2 dynamic configuration initialisation
which prevents loading NT_FW_CONFIG image (ref. GENFW-3471).
It also adds parentheses around 'if' statement conditions to fix
Coverity defect.
Change-Id: I353566c29b84341887e13bf8098a4fedfc4e00ff
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Provide an SMC interface to the 9p filesystem. This permits
accessing firmware drivers through a common interface, using
standardized read/write/control operations.
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I9314662314bb060f6bc02714476574da158b2a7d
Ported the pmf asm macros and the asm code in the bl31 entrypoint
necessary for the instrumentation to AArch32.
Since smc dispatch is handled by the bl32 payload on AArch32, we
provide this service only if AARCH32_SP=sp_min is set.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Change-Id: Id33b7e9762ae86a4f4b40d7f1b37a90e5130c8ac
Switching execution states is only possible if EL3 is AArch64.
As such there is no need to validate the entrypoint on AArch32 builds.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Change-Id: I3c1eb25b5df296a492870641d274bf65213c6608
C99 standard: "What constitutes an access to an object that has
volatile-qualified type is implementation-defined".
GCC is not considering the cast to void of volatile structures as an
access and so is not actually issuing reads.
Clang does read those structures by copying them on the stack, which in
this case creates an overflow because of their large size.
This patch removes the cast to void and instead uses the USED attribute
to tell the compiler to retain the static variables.
Change-Id: I952b5056e3f6e91841e7ef9558434352710ab80d
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Zelalem Aweke <zelalem.aweke@arm.com>
Previously the .init section was created even when the reclaim flag was
manually set to 0.
Change-Id: Ia9e7c7997261f54a4eca725d7ea605192f60bcf8
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Zelalem Aweke <zelalem.aweke@arm.com>
Currently tb_fw_cfg_dtb size is fixed to max, which is generally a page
(but depend on the platform). Instead, read the actual size of the dtb
with the libfdt "fdt_totalsize" function.
This avoid flushing extra memory after updating the dtb with mbedtls
heap information when shared heap is used.
Change-Id: Ibec727661116429f486464a0c9f15e9760d7afe2
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
ROMLIB extract functions code from BL images to put them inside ROM.
This has for effect to reduce the size of the BL images.
This patch take this size reduction into consideration to optimize the
memory layout of BL2.
A new "PLAT_ARM_BL2_ROMLIB_OPTIMIZATION" macro is defined and used to
reduce "PLAT_ARM_MAX_BL2_SIZE". This allows to remove the gap between
BL1 and BL2 when ROMLIB is used and provides more room for BL31.
The current memory gain is 0x6000 for fvp and 0x8000 for juno.
Change-Id: I71c2c2c63b57bce5b22a125efaefc486ff3e87be
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
The number of levels in the topology has not changed but the count of
processing elements on the lowest layer is now multiplied by the value
of FVP_MAX_PE_PER_CPU.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: Ia1568a40ea33dbbbcdfab6c8ab6d19f4db0b8eb4
N1SDP supports multichip configuration wherein n1sdp boards are
connected over high speed coherent CCIX link, for now only dual-chip
is supported.
Whether or not multiple chips are present is dynamically probed by
SCP firmware and passed on to TF-A, routing table will be set up
only if multiple chips are present.
Initialize GIC-600 multichip operation by overriding the default GICR
frames with array of GICR frames and setting the chip 0 as routing
table owner.
Change-Id: Ida35672be4bbf4c517469a5b330548d75e593ff2
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Earlier PIE support was enabled for all arm platforms when
RESET_TO_BL31=1, but later on it was restricted only to FVP with patch
SHA d4580d17 because of n1sdp platform.
Now it has been verified that PIE does work for n1sdp platform also, so
enabling it again for all arm platforms.
Change-Id: I05ad4f1775ef72e7cb578ec9245cde3fbce971a5
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
ARM platform can have a non-contiguous GICR frames. For instance, a
multi socket platform can have two or more GIC Redistributor frames
which are 4TB apart. Hence it is necessary for the `gicv3_rdistif_probe`
function to probe all the GICR frames available in the platform.
Introduce `plat_arm_override_gicr_frames` function which platforms can
use to override the default gicr_frames which holds the GICR base
address of the primary cpu.
Change-Id: I1f537b0d871a679cb256092944737f2e55ab866e
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
N1SDP supports multichip configuration wherein n1sdp boards are
connected over high speed coherent CCIX link for now only dual-chip is
supported.
A single instance of TF-A runs on master chip which should be aware of
slave chip's CPU and memory topology.
This patch updates platform macros to include remote chip's information
and also ensures that a single version of firmware works for both single
and dual-chip setup.
Change-Id: I75799fd46dc10527aa99585226099d836c21da70
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Platform information structure holds information about platform's DDR
size(local/remote) which will be used to zero out the memory before
enabling the ECC capability as well as information about multichip
setup. Multichip and remote DDR information can only be probed in SCP,
SDS region will be used by TF-A to get this information at boot up.
This patch introduces a new SDS to store platform information, which is
populated dynamically by SCP Firmware.previously used mem_info SDS is
also made part of this structure itself.
The platform information is also passed to BL33 by copying it to Non-
Secure SRAM.
Change-Id: I4781dc6a7232c3c0a3219b164d943ce9e3e469ee
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
There are some platforms which uses MPIDR Affinity level 3 for storing
extra affinity information e.g. N1SDP uses it for keeping chip id in a
multichip setup, for such platforms MPIDR validation should not fail.
This patch adds Aff3 bits also as part of mpidr validation mask, for
platforms which does not uses Aff3 will not have any impact as these
bits will be all zeros.
Change-Id: Ia8273972fa7948fdb11708308d0239d2dc4dfa85
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
a5ds only has always-on power domain and there is no power control
present. However, without the pwr_domain_off handler, the kernel
panics when the user will try to switch off secondary cores. The
a5ds_pwr_domain_off handler will prevent kernel from crashing,
i.e. the kernel will attempt but fail to shut down the secondary CPUs
if the user tries to switch them offline.
Change-Id: I3c2239a1b6f035113ddbdda063c8495000cbe30c
Signed-off-by: Usama Arif <usama.arif@arm.com>
* changes:
Migrate ARM platforms to use the new GICv3 API
Adding new optional PSCI hook pwr_domain_on_finish_late
GICv3: Enable multi socket GIC redistributor frame discovery
This patch invokes the new function gicv3_rdistif_probe() in the
ARM platform specific gicv3 driver. Since this API modifies the
shared GIC related data structure, it must be invoked coherently
by using the platform specific pwr_domain_on_finish_late hook.
Change-Id: I6efb17d5da61545a1c5a6641b8f58472b31e62a8
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The Fast Models provide a non-volatile counter component, which is used
in the Trusted Board Boot implementation to protect against rollback
attacks.
This component comes in 2 versions (see [1]).
- Version 0 is the default and models a locked non-volatile counter,
whose value is fixed.
- Version 1 of the counter may be incremented in a monotonic fashion.
plat_set_nv_ctr() must cope with both versions. This is achieved by:
1) Attempting to write the new value in the counter.
2) Reading the value back.
3) If there is a mismatch, we know the counter upgrade failed.
When using version 0 of the counter, no upgrade is possible so the
function is expected to fail all the time. However, the code is
missing a compiler barrier between the write operation and the next
read. Thus, the compiler may optimize and remove the read operation on
the basis that the counter value has not changed. With the default
optimization level used in TF-A (-Os), this is what's happening.
The fix introduced in this patch marks the write and subsequent read
accesses to the counter as volatile, such that the compiler makes no
assumption about the value of the counter.
Note that the comment above plat_set_nv_ctr() was clearly stating
that when using the read-only version of the non-volatile counter,
"we expect the values in the certificates to always match the RO
values so that this function is never called". However, the fact that
the counter value was read back seems to contradict this comment, as
it is implementing a counter-measure against misuse of the
function. The comment has been reworded to avoid any confusion.
Without this patch, this bug may be demonstrated on the Base AEM FVP:
- Using version 0 of the non-volatile counter (default version).
- With certificates embedding a revision number value of 32
(compiling TF-A with TFW_NVCTR_VAL=32).
In this configuration, the non-volatile counter is tied to value 31 by
default. When BL1 loads the Trusted Boot Firmware certificate, it
notices that the two values do not match and tries to upgrade the
non-volatile counter. This write operation is expected to fail
(because the counter is locked) and the function is expected to return
an error but it succeeds instead.
As a result, the trusted boot does not abort as soon as it should and
incorrectly boots BL2. The boot is finally aborted when BL2 verifies
the BL31 image and figures out that the version of the SoC Firmware
Key Certificate does not match. On Arm platforms, only certificates
signed with the Root-of-Trust Key may trigger an upgrade of the
non-volatile Trusted counter.
[1] https://developer.arm.com/docs/100964/1160/fast-models-components/peripheral-components/nonvolatilecounter
Change-Id: I9979f29c23b47b338b9b484013d1fb86c59db92f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Enable cores 1-3 using psci. On receiving the smc call from kernel,
core 0 will bring the secondary cores out pen and signal an event for
the cores. Currently on switching the cores is enabled i.e. it is not
possible to suspend, switch cores off, etc.
Change-Id: I6087e1d2ec650e1d587fd543efc1b08cbb50ae5f
Signed-off-by: Usama Arif <usama.arif@arm.com>
For the secondary CPUs, hold the cpu in wfe rather then panic.
This will be needed when multicore support is added to a5ds as
the smc call will write to the hold base and signal an event to
power on the secondary CPUs.
Change-Id: I0ffc2059e9ef894c21375ca5c94def859bfa6599
Signed-off-by: Usama Arif <usama.arif@arm.com>
This patch provides the following features and makes modifications
listed below:
- Individual APIAKey key generation for each CPU.
- New key generation on every BL31 warm boot and TSP CPU On event.
- Per-CPU storage of APIAKey added in percpu_data[]
of cpu_data structure.
- `plat_init_apiakey()` function replaced with `plat_init_apkey()`
which returns 128-bit value and uses Generic timer physical counter
value to increase the randomness of the generated key.
The new function can be used for generation of all ARMv8.3-PAuth keys
- ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`.
- New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions
generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively;
pauth_disable_el1()` and `pauth_disable_el3()` functions disable
PAuth for EL1 and EL3 respectively;
`pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from
cpu-data structure.
- Combined `save_gp_pauth_registers()` function replaces calls to
`save_gp_registers()` and `pauth_context_save()`;
`restore_gp_pauth_registers()` replaces `pauth_context_restore()`
and `restore_gp_registers()` calls.
- `restore_gp_registers_eret()` function removed with corresponding
code placed in `el3_exit()`.
- Fixed the issue when `pauth_t pauth_ctx` structure allocated space
for 12 uint64_t PAuth registers instead of 10 by removal of macro
CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h`
and assigning its value to CTX_PAUTH_REGS_END.
- Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions
in `msr spsel` instruction instead of hard-coded values.
- Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI.
Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Some cores support only AArch64 from EL1 and above, e.g. A76, N1 etc. If
TF-A is compiled with CTX_INCLUDE_AARCH32_REGS=0 so as to properly
handle those cores, only the AArch64 cores' assembly is included in the
TF-A binary. In other words, for FVP, TF-A assumes that AArch64 only
cores will never exist in the same cluster with cores that also support
AArch32.
However, A55 and A75 can be used as AArch64 only cores, despite
supporting AArch32, too. This patch enables A55 and A75 to exist in
clusters together with AArch64 cores.
Change-Id: I58750ad6c3d76ce77eb354784c2a42f2c179031d
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
This patch adds support for Corstone-700 foundation IP, which integrates
both Cortex-M0+ and Cortex-A(Host) processors in one handy, flexible
subsystem.
This is an example implementation of Corstone-700 IP host firmware.
Cortex-M0+ will take care of boot stages 1 and 2(BL1/BL2) as well as
bringing Host out RESET. Host will start execution directly from BL32 and
then will jump to Linux.
It is an initial port and additional features are expected to be added
later.
Change-Id: I7b5c0278243d574284b777b2408375d007a7736e
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
SMMUv3 driver functions which are called from BL1 and BL31
currently use counter-based poll method for testing status
bits. Adding Delay Timer driver to BL1 and BL31 is required
for timeout-based implementation using timer delay functions
for SMMU and other drivers.
This patch adds new function `fvp_timer_init()` which
initialises either System level generic or SP804 timer based on
FVP_USE_SP804_TIMER build flag.
In BL2U `bl2u_early_platform_setup()` function the call to
`arm_bl2u_early_platform_setup()` (which calls
`generic_delay_timer_init()` ignoring FVP_USE_SP804_TIMER flag),
is replaced with `arm_console_boot_init()` and `fvp_timer_init()`.
Change-Id: Ifd8dcebf4019e877b9bc5641551deef77a44c0d1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Add the disable_auth dynamic parameter, that allows to disable the
authentication when TBBR is enabled. This parameter is for development
only.
Change-Id: Ic24ad16738517f7e07c4f506dcf69a1ae8df7d2d
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__.
All common C compilers pre-define the same macros to signal which
architecture the code is being compiled for: __arm__ for AArch32 (or
earlier versions) and __aarch64__ for AArch64. There's no need for TF-A
to define its own custom macros for this. In order to unify code with
the export headers (which use __aarch64__ to avoid another dependency),
let's deprecate the AARCH32 and AARCH64 macros and switch the code base
over to the pre-defined standard macro. (Since it is somewhat
unintuitive that __arm__ only means AArch32, let's standardize on only
using __aarch64__.)
Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200
Signed-off-by: Julius Werner <jwerner@chromium.org>
NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__.
All common C compilers predefine a macro called __ASSEMBLER__ when
preprocessing a .S file. There is no reason for TF-A to define it's own
__ASSEMBLY__ macro for this purpose instead. To unify code with the
export headers (which use __ASSEMBLER__ to avoid one extra dependency),
let's deprecate __ASSEMBLY__ and switch the code base over to the
predefined standard.
Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417
Signed-off-by: Julius Werner <jwerner@chromium.org>
Fixed the path to a source file specified in tsp makefile
Created a platform specific tsp makefile
Change-Id: I89565127c67eff510e48e21fd450af4c3088c2d4
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Code using Cryptocell specific APIs was used as part of the
arm common board ROT support, instead of being abstracted
in Cryptocell specific driver code, creating two problems:
- Any none arm board that uses Cryptocell wuld need to
copy and paste the same code.
- Inability to cleanly support multiple versions of Cryptocell
API and products.
Move over Cryptocell specific API calls into the Cryptocell
driver, creating abstraction API where needed.
Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com>
Change-Id: I9e03ddce90fcc47cfdc747098bece86dbd11c58e
The DMC-620 memory controllers in N1SDP platform has to be put
into CONFIG state before writing to ERR0CTLR0 register to enable
ECC.
This patch fixes the sequence so that DMCs are set to CONFIG
state before writing to ERR0CTLR0 register and moved back to
READY state after writing.
Change-Id: I1252f3ae0991603bb29234029cddb5fbf869c1b2
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
The watchdog is configured with a default value of 256 seconds in order
to implement the Trusted Board Boot Requirements.
For the FVP and Juno platforms, the FWU process relies on a watchdog
reset. In order to automate the test of FWU, the length of this process
needs to be as short as possible. Instead of waiting for those 4 minutes
to have a reset by the watchdog, tell it to reset immediately.
There are no side effects as the value of the watchdog's load register
resets to 0xFFFFFFFF.
Tested on Juno.
Change-Id: Ib1aea80ceddc18ff1e0813a5b98dd141ba8a3ff2
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
This patch adds support for Cortex-A5 FVP for the
DesignStart program. DesignStart aims at providing
low cost and fast access to Arm IP.
Currently with this patch only the primary CPU is booted
and the rest of them wait for an interrupt.
Signed-off-by: Usama Arif <usama.arif@arm.com>
Change-Id: I3a2281ce6de2402dda4610a89939ed53aa045fab
* changes:
qemu: use new console interface in aarch32
warp7: remove old console from makefile
Remove MULTI_CONSOLE_API flag and references to it
Console: removed legacy console API
N1SDP platform supports RDIMMs with ECC capability. To use the ECC
capability, the entire DDR memory space has to be zeroed out before
enabling the ECC bits in DMC620. Zeroing out several gigabytes of
memory from SCP is quite time consuming so functions are added that
zeros out the DDR memory from application processor which is
much faster compared to SCP. BL33 binary cannot be copied to DDR memory
before enabling ECC so this is also done by TF-A from IOFPGA-DDR3
memory to main DDR4 memory after ECC is enabled.
Original PLAT_PHY_ADDR_SPACE_SIZE was limited to 36-bits with which
the entire DDR space cannot be accessed as DRAM2 starts in base
0x8080000000. So these macros are redefined for all ARM platforms.
Change-Id: If09524fb65b421b7a368b1b9fc52c49f2ddb7846
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
BL2U should not build when RESET_TO_SP_MIN flag is set, like BL1 and
BL2.
Change-Id: Iac516121f98611ca1f58d2b5efdec6525b06ce4e
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
During the secondary cores' cold boot path, the cores initialise the GIC
CPU interface. However this is a redundant action since 1) the cores are
powered down immediately after that, 2) the GIC CPU interface is
initialised from scratch when the secondary cores are powered up again
later.
Moreover, this part of code was introducing a bug. In a GICv3 system,
the GIC's CPU interface system registers must not be written without the
core being marked as "awake" in the redistributor. However, this
sequence was performing such accesses and this would cause those cores
to hang. The hang was caused by the DSB instruction that would never
complete because of the GIC not recognising those writes.
For the two aforementioned reasons, the entire part of the GIC CPU
interface initialisation is removed.
Change-Id: I6c33a1edda69dd5b6add16a27390a70731b5532a
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
Some cores support only AArch64 mode. In those cores, only a limited
subset of the AArch32 system registers are implemented. Hence, if TF-A
is supposed to run on AArch64-only cores, it must be compiled with
CTX_INCLUDE_AARCH32_REGS=0.
Currently, the default settings for compiling TF-A are with the AArch32
system registers included. So, if we compile TF-A the default way and
attempt to run it on an AArch64-only core, we only get a runtime panic.
Now a compile-time check has been added to ensure that this flag has the
appropriate value when AArch64-only cores are included in the build.
Change-Id: I298ec550037fafc9347baafb056926d149197d4c
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>