The LLC SRAM will be enabled in OP-TEE OS for usage as secure storage.
The CCU have to prepare SRAM window, but point to the DRAM-0 target
until the SRAM is actually enabled.
This patch changes CCU SRAM window target to DRAM-0
Remove dependence between LLC_SRAM and LLC_ENABLE and update the
build documentation.
The SRAМ base moved to follow the OP-TEE SHMEM area (0x05400000)
Change-Id: I85c2434a3d515ec37da5ae8eb729e3280f91c456
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Area used as trusted DRAM is 12MB in Marvell OP-TEE OS module.
It is followed by 4MB of shared memory.
Change-Id: If8edeeec5861b529408baca25f78c06a0a440d8c
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Now when mg_conf_cm3 driver is present - move all relevant code there.
Change-Id: I444d9e877c450d6ee69ca3a49b547e4c3aeac0be
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
Implement function which will allow to start AP FW.
Change-Id: Ie0fc8ad138bf56b10809cdc92d1e5e96a2aaf33f
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
Included cot_descriptors.dtsi in platform device tree
(fvp_tb_fw_config.dts).
Also, updated the maximum size of tb_fw_config to 0x1800
in order to accomodate the device tree for CoT descriptors.
Follow up patch will parse the device tree for these CoT descriptors
and fill the CoT descriptor structures at runtime instead of using
static CoT descriptor structures in the code base.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I90122bc713f6842b82fb019b04caf42629b4f45a
This patch performs the following:
- Creating two corstone700 platforms under corstone700 board:
fvp and fpga
- Since the FVP and FPGA have IP differences, this commit provides a specific DTS for each platform
- The platform can be specified using the TARGET_PLATFORM Makefile variable
(possible values are: fvp or fpga)
- Allowing to use u-boot by:
- Enabling NEED_BL33 option
- Fixing non-secure image base: For no preloaded bl33 we want to
have the NS base set on shared ram. Setup a memory map region
for NS in shared map and set the bl33 address in the area.
- Setting the SYS_COUNTER_FREQ_IN_TICKS based on the selected
platform
- Setting ARM_MAP_SHARED_RAM and ARM_MAP_NS_SHARED_RAM to use MT_MEMORY
Change-Id: I4c8ac3387acb1693ab617bcccab00d80e340c163
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Added assert in the code to check valid address of dtb information
structure retrieved from fw_config device tree.
This patch fixes coverity defect:360213.
Also, removed conditional calling of "fconf_populate" as "fconf_populate"
function already checks the validity of the device tree address received
and go to panic in case of address is NULL.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ib83e4e84a95e2456a12c7a2bb3fe70461d882cba
The non-secure world has no business accessing the CPU power switches in
the PRCM; those are handled by TF-A or the SCP. Only allow access to the
clock control part of the PRCM.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: I657b97f4ea8a0073448ad3343fbc66ba168ed89e
This version corresponds to the following commit <7be250b>
libfdt: Correct condition for reordering blocks
Also, updated the Juno romlib jumptable with fdt APIs.
Change-Id: Ib6d28c1aea81c2144a263958f0792cc4daea7a1f
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
* changes:
plat: marvell: armada: a8k: add OP-TEE OS MMU tables
drivers: marvell: add support for mapping the entire LLC to SRAM
plat: marvell: armada: add LLC SRAM CCU setup for AP806/AP807 platforms
plat: marvell: armada: reduce memory size reserved for FIP image
plat: marvell: armada: platform definitions cleanup
plat: marvell: armada: a8k: check CCU window state before loading MSS BL2
drivers: marvell: add CCU driver API for window state checking
drivers: marvell: align and extend llc macros
plat: marvell: a8k: move address config of cp1/2 to BL2
plat: marvell: armada: re-enable BL32_BASE definition
plat: marvell: a8k: extend includes to take advantage of the phy_porting_layer
marvell: comphy: initialize common phy selector for AP mode
marvell: comphy: update rx_training procedure
plat: marvell: armada: configure amb for all CPs
plat: marvell: armada: modify PLAT_FAMILY name for 37xx SoCs
The plat_core_pos_by_mpidr() implementation for the Arm FPGA port has
some issues, which leads to problems when matching GICv3 redistributors
with cores:
- The power domain tree was not taking multithreading into account, so
we ended up with the wrong mapping between MPIDRs and core IDs.
- Before even considering an MPIDR, we try to make sure Aff2 is 0.
Unfortunately this is the cluster ID when the MT bit is set.
- We mask off the MT bit in MPIDR, before basing decisions on it.
- When detecting the MT bit, we are properly calculating the thread ID,
but don't account for the shift in the core and cluster ID checks.
Those problems lead to early rejections of MPIDRs values, in particular
when called from the GIC code. As a result, CPU_ON for secondary cores
was failing for most of the cores.
Fix this by properly handling the MT bit in plat_core_pos_by_mpidr(),
also pulling in FPGA_MAX_PE_PER_CPU when populating the power domain
tree.
Change-Id: I71b2255fc0d27bfe5806511df479ab38e4e33fc4
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Passed the address of fw_config instead of soc_fw_config
as arg1 to BL31 from BL2 for ARM fvp platform.
BL31 then retrieve load-address of other device trees
from fw_config device tree.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ib7e9581cd765d76111dcc3b7e0dafc12503c83c1
* changes:
doc: Update memory layout for firmware configuration area
plat/arm: Increase size of firmware configuration area
plat/arm: Load and populate fw_config and tb_fw_config
fconf: Handle error from fconf_load_config
plat/arm: Update the fw_config load call and populate it's information
fconf: Allow fconf to load additional firmware configuration
fconf: Clean confused naming between TB_FW and FW_CONFIG
tbbr/dualroot: Add fw_config image in chain of trust
cert_tool: Update cert_tool for fw_config image support
fiptool: Add fw_config in FIP
plat/arm: Rentroduce tb_fw_config device tree
Increased the size of firmware configuration area to accommodate
all configs.
Updated maximum size of following bootloaders due to increase
in firmware configs size and addition of the code in the BL2.
1. Increased maximum size of BL2 for Juno platform in no
optimisation case.
2. Reduced maximum size of BL31 for fvp and Juno platform.
3. Reduced maximum size of BL32 for Juno platform.
Change-Id: Ifba0564df0d1fe86175bed9fae87fdcf013b1831
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Modified the code to do below changes:
1. Load tb_fw_config along with fw_config by BL1.
2. Populate fw_config device tree information in the
BL1 to load tb_fw_config.
3. In BL2, populate fw_config information to retrieve
the address of tb_fw_config and then tb_fw_config
gets populated using retrieved address.
4. Avoid processing of configuration file in case of error
value returned from "fw_config_load" function.
5. Updated entrypoint information for BL2 image so
that it's arg0 should point to fw_config address.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: Ife6f7b673a074e7f544ee3d1bda7645fd5b2886c
Query clock frequency in runtime using FCONF getter API
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ie6a8a62d8d190b9994feffb167a1d48829913e9b
Extract Timer clock frequency from the timer node in
HW_CONFIG dtb. The first timer is a per-core architected timer attached
to a GIC to deliver its per-processor interrupts via PPIs.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I2f4b27c48e4c79208dab9f03c768d9221ba6ca86
Modified the code to do below changes:
1. Migrates the Arm platforms to the API changes introduced in the
previous patches by fixing the fconf_load_config() call.
2. Retrieve dynamically the address of tb_fw_config using fconf
getter api which is subsequently used to write mbedTLS heap
address and BL2 hash data in the tb_fw_config DTB.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: I3c9d9345dcbfb99127c61d5589b4aa1532fbf4be
Cleaned up confused naming between TB_FW and FW_CONFIG.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I9e9f6e6ca076d38fee0388f97d370431ae067f08
Moved BL2 configuration nodes from fw_config to newly
created tb_fw_config device tree.
fw_config device tree's main usage is to hold properties shared
across all BLx images.
An example is the "dtb-registry" node, which contains the
information about the other device tree configurations
(load-address, size).
Also, Updated load-address of tb_fw_config which is now located
after fw_config in SRAM.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ic398c86a4d822dacd55b5e25fd41d4fe3888d79a
Embed Arch Architecture SMCCC services in stm32mp1 SP_MIN. This
service is needed by Linux kernel to setup the SMCCC conduit
used by its SCMI SMC transport driver.
Change-Id: I454a7ef3048a77ab73fff945e8115b60445d5841
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
SCMI shared memory is used to exchange message payloads between
secure SCMI services and non-secure SCMI agents. It is mapped
uncached (device) mainly to conform to existing support in
the Linux kernel. Note that executive messages are mostly short
(few 32bit words) hence not using cache will not penalize much
performances.
Platform stm32mp1 shall configure ETZPC to harden properly the
secure and non-secure areas of the SYSRAM address space, that before
CPU accesses the shared memory when mapped non-secure.
This change defines STM32MP_SEC_SYSRAM_BASE/STM32MP_SEC_SYSRAM_SIZE and
STM32MP_NS_SYSRAM_BASE/STM32MP_NS_SYSRAM_SIZE.
Change-Id: I71ff02a359b9668ae1c5a71b5f102cf3d310f289
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
When using SP_min as monitor, only sp_min_warm_entrypoint() is a valid
secure entry point.
Change-Id: I440cec798e901b11a34dd482c33b2e378a8328ab
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Disable use of Neon VFP support for platform stm32mp1 when
building with SP_MIN runtime services as these can conflict with
non-secure world use of NEON support. This is preferred over a
systematic backup/restore of NEON context when switching
between non-secure and secure worlds.
When NEON support is disabled, this is done for both BL2 and BL32 as
build process uses common libraries built once for both binaries.
Change-Id: I4e8808dcb6ef58fc839e6f85fd6e45cfbaa34be0
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
BL32/SP_MIN configures platform security hardening from the shared
resources driver. At the end of SP_MIN initialization, all shared
resources shall be assigned to secure or non-secure world by
drivers. A lock prevent from further change on the resource
assignation. By definition, resources not registered are assign
to non-secure world since not claimed by any component on the BL.
No functional change as all resources are currently in state
SHRES_UNREGISTERED hence assigned to non-secure world as prior
this change in stm32mp1_etzpc_early_setup() and
sp_min_platform_setup().
Change-Id: Ic41fab47216c3b8b7a6a75b8358cfcec411ed941
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Get number of pins in the GPIOZ bank with helper function
fdt_get_gpio_bank_pin_count(). Save the value in RAM to prevent
parsing the FDT several time for the same information.
Change-Id: Ie68e300804461ffce09914100a7d2962116023b5
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Define enum stm32mp_shres for platform stm32mp1. The enumerated
type defines all resources that can be assigned to secure or
non-secure worlds at run time for the platform.
Change-Id: I5de20d72735856645f1efd0993643278e8d35bcb
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
STM32MP1 SoC includes peripheral interfaces that can be assigned to
the secure world, or that can be opened to the non-secure world.
This change introduces the basics of a driver that manages such
resources which assignation is done at run time. It currently offers
API functions that state whether a service exposed to non-secure
world has permission to access a targeted clock or reset controller.
Change-Id: Iff20028f41586bc501085488c03546ffe31046d8
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
This patch updates the 'bl31_check_ns_address()' helper function to
check that the memory address and size passed by the NS world are not
zero.
The helper fucntion also returns the error code as soon as it detects
inconsistencies, to avoid multiple error paths from kicking in for the
same input parameters.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I46264f913954614bedcbde12e47ea0c70cd19be0
Adjust the latest OP-TEE memory definitions to the
newest TF-A baseline.
Change-Id: Ib9c82b85f868adaf3c7285eb340486bda9c59c36
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Add llc_sram_enable() and llc_sram_disable() APIs to Marvell
cache_lls driver.
Add LLC_SRAM definition to Marvell common makefile - disabled
by the default.
Add description of LLC_SRAM flag to the build documentation.
Change-Id: Ib348e09752ce1206d29268ef96c9018b781db182
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Extend the CCU tables with secure SRAM window in all board
setups that uses SoCs based on AP806/AP807 North Bridges
Change-Id: I4dc315e4ea847562ac8648d8a8739244b548c70e
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
It is not needed to reserve 64MB for FIP. Limit this to 4MB
for both supported Armada SoC families.
Change-Id: I58a8ce4408a646fe1afd3c1ea1ed54007c8d205d
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
[Extract from bigger commit]
Signed-off-by: Marcin Wojtas <mw@semihalf.com>