This patch adds the option HARDEN_SLS_ALL that can be used to enable
the -mharden-sls=all, which mitigates the straight-line speculation
vulnerability. Enable this by adding the option HARDEN_SLS_ALL=1,
default this will be disabled.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I0d498d9e96903fcb879993ad491949f6f17769b2
* changes:
refactor(plat/arm): use mmio* functions to read/write NVFLAGS registers
refactor(plat/arm): mark the flash region as read-only
refactor(plat/arm): update NV flags on image load/authentication failure
* changes:
fix(plat/marvell/a3k): Fix building uart-images.tgz.bin archive
refactor(plat/marvell/a3k): Rename *_CFG and *_SIG variables
refactor(plat/marvell/a3k): Rename DOIMAGETOOL to TBB
refactor(plat/marvell/a3k): Remove useless DOIMAGEPATH variable
fix(plat/marvell/a3k): Fix check for external dependences
fix(plat/marvell/a8k): Add missing build dependency for BLE target
fix(plat/marvell/a8k): Correctly set include directories for individual targets
fix(plat/marvell/a8k): Require that MV_DDR_PATH is correctly set
There is a error setting for SPM, so we need to fix this issue.
Signed-off-by: Garmin Chang <garmin.chang@mediatek.com>
Change-Id: I741a5dc1505a831fe48fd5bc3da9904db14c8a57
For UART secure boot it is required also TIMN image, so pack it into
uart-images.tgz.bin archive which is created by mrvl_uart target.
$(TIMN_IMAGE) and $(TIM_IMAGE) variables are used only for UART images
so their content needs to be initialized from $(TIMN_UART_CFG) and
$(TIM_UART_CFG) config files. And not from $(TIMN_CFG) and $(TIM_CFG) as
it is now because they are not generated during mrvl_uart target. Fix it
to allow building mrvl_uart target before mrvl_flash target.
To match usage of these variables, rename them to $(TIMN_UART_IMAGE) and
$(TIM_UART_IMAGE).
To not complicate rule for building uart-images.tgz.bin archive, set
list of image files into a new $(UART_IMAGES) variable.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I83b980abb4047a3afb3ce3026842e1d873c490bf
For TIM config file use TIM name instead of DOIMAGE and use underscores
to make variable names more readable.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I1282ce11f1431c15458a143ae7bfcee85eed2432
Armada 3700 uses external TBB tool for creating images and does not use
internal TF-A doimage tool from tools/marvell/doimage/
Therefore set correct name of variable.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I38a94dca78d483de4c79da597c032e1e5d06d92d
Old Marvell a3700_utils and mv-ddr tarballs do not have to work with
latest TF-A code base. Marvell do not provide these old tarballs on
Extranet anymore. Public version on github repository contains all
patches and is working fine, so for public TF-A builds use only public
external dependencies from git.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Iee5ac6daa9a1826a5b80a8d54968bdbb8fe72f61
BLE source files depend on external Marvell mv-ddr-marvell tree
(specified in $(MV_DDR_PATH) variable) and its header files. Add
dependency on $(MV_DDR_LIB) target which checks that variable
$(MV_DDR_PATH) is correctly set and ensures that make completes
compilation of mv-ddr-marvell tree.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I73968b24c45d9af1e3500b8db7a24bb4eb2bfa47
Do not set all include directories, including those for external targets
in one PLAT_INCLUDES variable.
Instead split them into variables:
* $(PLAT_INCLUDES) for all TF-A BL images
* BLE target specific $(PLAT_INCLUDES) only for Marvell BLE image
* $(MV_DDR_INCLUDES) for targets in external Marvell mv-ddr-marvell tree
Include directory $(CURDIR)/drivers/marvell is required by TF-A BL
images, so move it from ble.mk to a8k_common.mk.
Include directory $(MV_DDR_PATH) is needed only by Marvell BLE image, so
move it into BLE target specific $(PLAT_INCLUDES) variable.
And remaining include directories specified in ble.mk are needed only
for building external dependences from Marvell mv-ddr tree, so move them
into $(MV_DDR_INCLUDES) variable and correctly use it in $(MV_DDR_LIB)
target.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I331f7de675dca2bc70733d56b768f00d56ae4a67
Target mrvl_flash depends on external mv_ddr source code which is not
part of TF-A project. Do not expect that it is pre-downloaded at some
specific location and require user to specify correct path to mv_ddr
source code via MV_DDR_PATH build option.
TF-A code for Armada 37x0 platform also depends on mv_ddr source code
and already requires passing correct MV_DDR_PATH build option.
So for A8K implement same checks for validity of MV_DDR_PATH option as
are already used by TF-A code for Armada 37x0 platform.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I792f2bfeab0cec89b1b64e88d7b2c456e22de43a
All API calls except non-blocking should wait for
IPI response and read buffer to check return status
from firmware. Some of API calls are not reading
status from IPI payload data. Use sync method which
reads actual return status from IPI payload.
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: I6f568b85d0da639c264f507122e3015807d8423d
All API calls except non-blocking should wait for
IPI response and read buffer to check return status
from firmware. Some of API calls are not reading
status from IPI payload data. Use sync method which
reads actual return status from IPI payload.
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: I78f9c061a80cee6d524ade4ef124ca88ce1848cf
Used mmio* functions to read/write NVFLAGS registers to avoid
possibile reordering of instructions by compiler.
Change-Id: Iae50ac30e5413259cf8554f0fff47512ad83b0fd
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
In the FVP platform, BL1 uses flash only for read purpose
hence marked this flash region as read-only.
Change-Id: I3b57130fd4f3b4df522ac075f66e9799f237ebb7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Erasing the FIP TOC header present in a flash is replaced by updating NV
flags with an error code on image load/authentication failure.
BL1 component uses these NV flags to detect whether a firmware update is
needed or not.
These NV flags get cleared once the firmware update gets completed.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I6232a0db07c89b2373b7b9d28acd37df6203d914
DCM means dynamic clock management, and it can dynamically
slow down or gate clocks during CPU or bus idle.
1. Add MCUSYS related DCM drivers.
2. Enable MCUSYS related DCM by default.
Change-Id: I3237199bc217bd3682f51d31284db5fd0324b396
Signed-off-by: Garmin Chang <garmin.chang@mediatek.com>
In the qemu memory map 1GB and up is RAM. Change the
size of NS DRAM to 3GB to support VM's with more
memory requirements.
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Change-Id: If15cf3b9d3e2e7876c40ce888f22e887893fe696
* changes:
feat(plat/mediatek/mt8195): add SPM suspend driver
feat(plat/mediatek/mt8195): support MCUSYS off when system suspend
feat(plat/mediatek/mt8195): add support for PTP3
fix(plat/mediatek/mt8195): extend MMU region size
Support DRAM/MAINPLL/26M off when system suspend.
Signed-off-by: Edward-JW Yang <edward-jw.yang@mediatek.corp-partner.google.com>
Change-Id: Ib8502f9b0b4e47aa405e5449f0b6d483bd3f5d77
Add drivers to support MCUSYS off when system suspend.
Signed-off-by: Edward-JW Yang <edward-jw.yang@mediatek.corp-partner.google.com>
Change-Id: I388fd2318f471083158992464ecdf2181fc7d87a
Add PTP3 drivers to protect CPU excessive voltage drop
in CPU heavy loading.
Change-Id: I7bd37912c32d5328ba0287fccc8409794bd19c1d
Signed-off-by: Elly Chiang <elly.chiang@mediatek.com>
In mt8195 suspend/resume flow, ATF has to communicate with a subsys by
read/write the subsys registers. However, the register region of subsys
doesn't include in the MMU mapping region. It triggers MMU faults.
This patch extends the MMU region 0 size to cover all mt8195 HW modules.
This patch also remove MMU region 1 because region 0 covers region 1.
Change-Id: I3a186ed71d0d963b59ae55e27a6d27a01fe4f638
Signed-off-by: Tinghan Shen <tinghan.shen@mediatek.com>
The partition layout description JSON file generated by TF-A tests
declares a fourth test partition called Ivy demonstrating the
implementation of a S-EL0 partition supported by a S-EL1 shim.
Change-Id: If8562acfc045d6496dfdb3df0524b3a069357f8e
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Add a generic function to setup the stm32image IO.
Change-Id: I0f7cf4a6030605037643f3119b809e0319d926af
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Add a panic() at the end of stm32mp_io_setup() if the boot interface
given in ROM code boot context is not supported.
Change-Id: I0d50f21a11231febd21041b6e63108cc3e6f4f0c
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
We don't ever expect to load a binary with an STM32 header on the Arm
FVP platform so remove this type of image from the list of
measurements.
Also remove the GPT image type from the list, as it does not get
measured. GPT is a container, just like FIP is. We don't measure the FIP
but rather the images inside it. It would seem logical to treat GPT the
same way.
Besides, only images that get loaded through load_auth_image() get
measured right now. GPT processing happens before that and is handled in
a different way (see partition_init()).
Change-Id: Iac4de75380ed625b228e69ee4564cf9e67e19336
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
For Arm platforms PIE is enabled when RESET_TO_BL31=1 in aarch64 mode on
the similar lines enable PIE when RESET_TO_SP_MIN=1 in aarch32 mode.
The underlying changes for enabling PIE in aarch32 is submitted in
commit 4324a14bf
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib8bb860198b3f97cdc91005503a3184d63e15469
Third instance of cactus is a UP SP. Set its vcpu count to 1.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I34b7feb2915e6d335e690e89dea466e75944ed1b
This patch will make BL2_BASE to be hex valaue but
not a shell command.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Iebb86a0b9bc8cab1676bd8e898cf4a1b6d16f472
Some build variables have already defined in common
make helper file, use them directly.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I7fe6331160bfdf315924d4498d78b0a399eb2e89
To quote jwerner in T925:
"The __sramdata in the declaration is a mistake, the correct target
section for that global needs to be .pmusram.data. This used to be
in .sram.data once upon a time but then the suspend.c stuff got added
and required it to be moved to PMUSRAM. I guess they forgot to update
that part in the declaration and since the old GCC seemed to silently
prefer the attribute in the definition, nobody noticed."
This fixes building with gcc 11.
fix #T925
Change-Id: I2b91542277c95cf487eaa1344927294d5d1b8f2b
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
In stm32mp1_syscfg_disable_io_compensation(), to disable the IO
compensation cell, we have to set the corresponding bit in
SYSCFG_CMPENCLRR register, instead of clearing the bit in SETR register.
Change-Id: I510a50451f8afb9e98c24e1ea84efbf73a39e6b4
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Venkatesh Yadav Abbarapu
Madhukar Pappireddy
Manish Pandey
Garmin Chang
Pali Rohár
Abhyuday Godhasara
Manish V Badarkhe
Ruchika Gupta
Sandrine Bailleux
Olivier Deprez
Edward-JW Yang
Elly Chiang
Tinghan Shen
Daniel Boulby
Mark Dykes
Patrick Delaunay
Yann Gautier
Arunachalam Ganapathy
Jiafei Pan
Patrick Georgi
Yann Gautier