BIT24 of IPI command header is used to determine if caller is
secure or non-secure.
Mark BIT24 of IPI command header as non-secure if SMC caller
is non-secure.
Signed-off-by: Tejas Patel <tejas.patel@xilinx.com>
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: Iec25af8f4b202093f58e858ee47cd9cd46890267
Versal is a72 based that's why there is no reason to build low level
assemble code for a53.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Change-Id: Iff9cf2582102d951825b87fd9af18e831ca717d6
The FF-A v1.0 spec allows two configurations for the number of EC/vCPU
instantiated in a Secure Partition:
-A MultiProcessor (MP) SP instantiates as many ECs as the number of PEs.
An EC is pinned to a corresponding physical CPU.
-An UniProcessor (UP) SP instantiates a single EC. The EC is migrated to
the physical CPU from which the FF-A call is originating.
This change permits exercising the latter case within the TF-A-tests
framework.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I7fae0e7b873f349b34e57de5cea496210123aea0
Compiling BL31 for the Rockchip platform now produces a message about
the deprecation of gic_common.c.
Follow the advice and use include gicv2.mk instead.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Change-Id: I396b977d57975dba27cfed801ad5264bbbde2b5e
The case for value "VCOREFS_SMC_CMD_INIT" is not
terminated by a "break" statement.
Signed-off-by: Roger Lu <roger.lu@mediatek.com>
Change-Id: I56cc7c1648e101c0da6e77e592e6edbd5d37724e
1 Only enable domain D0 and D1:PCIe access 0xC0000000~0xC4000000;
2 Only enable domain D0 and D3(SCP) access 0x50000000~0x51400000;
Signed-off-by: Xi Chen <xixi.chen@mediatek.com>
Change-Id: Ic4f9e6d85bfd1cebdb24ffc1d14309c89c103b2a
Low Power Management (LPM) helps find a suitable configuration
for letting system entering idle or suspend with the most
resources off.
Change-Id: Ie6a7063b666cf338cff5bc972c9025b26de482eb
Signed-off-by: Roger Lu <roger.lu@mediatek.com>
Add support for ZU43DR, ZU46DR and ZU47DR to the list of zynqmp
devices. The ZU43DR, ZU46DR and ZU47DR RFSoC silicon id values are
0x7d, 0x78 and 0x7f.
Signed-off-by: Sandeep Gundlupet Raju <sandeep.gundlupet-raju@xilinx.com>
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Change-Id: I566f707116d83475de7c87a6004ca96bf7bccebe
This commit fixes the wrong memory type, secure NOR flash
shall be mapped as MT_DEVICE.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Change-Id: I9c9ed51675d84ded675bb56b2e4ec7a08184c602
sbsa-ref in QEMU may create up to 512 cores.
This commit prepares the MP information to support 512 cores.
The number of xlat tables for spm_mm is also increased.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Change-Id: I2788eaf6d14e188e9b5d1102d359b2899e02df7c
* changes:
plat/marvell/armada: cleanup MSS SRAM if used for copy
plat/marvell: cn913x: allow CP1/CP2 mapping at BLE stage
plat/marvell/armada/common/mss: use MSS SRAM in secure mode
include/drivers/marvell/mochi: add detection of secure mode
plat/marvell: fix SPD handling in dram port
marvell: drivers: move XOR0/1 DIOB from WIN 0 to 1
drivers/marvell/mochi: add support for cn913x in PCIe EP mode
drivers/marvell/mochi: add missing stream IDs configurations
plat/marvell/armada/a8k: support HW RNG by SMC
drivers/rambus: add TRNG-IP-76 driver
This patch cleans up the MSS SRAM if it was used for MSS image
copy (secure boot mode).
Change-Id: I23f600b512050f75e63d59541b9c21cef21ed313
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Reviewed-on: https://sj1git1.cavium.com/c/IP/SW/boot/atf/+/30099
Reviewed-by: Stefan Chulski <stefanc@marvell.com>
Tested-by: sa_ip-sw-jenkins <sa_ip-sw-jenkins@marvell.com>
Map IO WIN to CP1 and CP2 at all stages including the BLE.
Do not map CP1/CP2 if CP_NUM is lower than 2 and 3 accordingly.
This patch allows access to CP1/CP2 internal registers at
BLE stage if CP1/CP2 are connected.
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Change-Id: Icf9ffdf2e9e3cdc2a153429ffd914cc0005f9eca
Reviewed-on: https://sj1git1.cavium.com/c/IP/SW/boot/atf/+/36939
Tested-by: sa_ip-sw-jenkins <sa_ip-sw-jenkins@marvell.com>
Reviewed-by: Stefan Chulski <stefanc@marvell.com>
Reviewed-by: Nadav Haklai <nadavh@marvell.com>
Reviewed-by: Yi Guo <yi.guo@cavium.com>
Reviewed-by: Ofer Heifetz <oferh@marvell.com>
The CP MSS IRAM is only accessible by CM3 CPU and MSS DMA.
In secure boot mode the MSS DMA is unable to directly load
the MSS FW image from DRAM to IRAM.
This patch adds support for using the MSS SRAM as intermediate
storage. The MSS FW image is loaded by application CPU into the
MSS SRAM first, then transferred to MSS IRAM by MSS DMA.
Such change allows the CP MSS image load in secure mode.
Change-Id: Iee7a51d157743a0bdf8acb668ee3d599f760a712
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Reviewed-by: Stefan Chulski <stefanc@marvell.com>
Reviewed-by: Grzegorz Jaszczyk <jaszczyk@marvell.com>
Removing the custom crash implementation and use
plat/common/aarch64/crash_console_helpers.S.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I045d42eb62bcaf7d1e18fbe9ab9fb9470e800215
* changes:
allwinner: Split native and SCPI-based PSCI implementations
allwinner: psci: Improve system shutdown/reset sequence
allwinner: psci: Drop .pwr_domain_pwr_down_wfi callback
allwinner: Separate code to power off self and other CPUs
Rename rd_n1e1_edge_scmi_plat_info array to plat_rd_scmi_info as the
same array is used to provide SCMI platform info across mulitple RD
platforms and is not resitricted to only RD-N1 and RD-E1 platforms.
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Change-Id: I42ba33e0afa3003c731ce513c6a5754b602ec01f
Now that we have a framework for the SMCCC TRNG interface, and the
existing Juno entropy code has been prepared, add the few remaining bits
to implement this interface for the Juno Trusted Entropy Source.
We retire the existing Juno specific RNG interface, and use the generic
one for the stack canary generation.
Change-Id: Ib6a6e5568cb8e0059d71740e2d18d6817b07127d
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The Juno Trusted Entropy Source has a bias, which makes the generated
raw numbers fail a FIPS 140-2 statistic test.
To improve the quality of the numbers, we can use the CPU's CRC
instructions, which do a decent job on conditioning the bits.
This adds a *very* simple version of arm_acle.h, which is typically
provided by the compiler, and contains the CRC instrinsics definitions
we need. We need the original version by using -nostdinc.
Change-Id: I83d3e6902d6a1164aacd5060ac13a38f0057bd1a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
NXP specifc macro SET_NXP_MAKE_FLAG is added.
NXP has pool of multiple IPs. This macro helps:
- In soc.mk, this macro help the selected IP source files to be included
for that SoC.
-- The set of IPs required for one NXP SoC is different to the set of IPs
required by another NXP SoC.
- For the same SoC,
-- For one feature, the IP may be required in both BL2 and BL31.
-- Without the above feature, that IP may be required in one.
This macro help in selecting the inclusion of source and header files to:
--- BL2 only
--- BL31 only
--- COMM (used by BL2 and BL31)
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I2cdb13b89aa815fc5219cf8bfb9666d0a9f78765
Currently we use the Juno's TRNG hardware entropy source to initialise
the stack canary. The current function allows to fill a buffer of any
size, but we will actually only ever request 16 bytes, as this is what
the hardware implements. Out of this, we only need at most 64 bits for
the canary.
In preparation for the introduction of the SMCCC TRNG interface, we
can simplify this Juno specific interface by making it compatible with
the generic one: We just deliver 64 bits of entropy on each call.
This reduces the complexity of the code. As the raw entropy register
readouts seem to be biased, it makes sense to do some conditioning
inside the juno_getentropy() function already.
Also initialise the TRNG hardware, if not already done.
Change-Id: I11b977ddc5417d52ac38709a9a7b61499eee481f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The DRAM port code issues a dummy write to SPD page-0 i2c address
in order to select this page for the forthcoming read transaction.
If the write buffer length supplied to i2c_write is not zero, this
call is translated to 2 bus transations:
- set the target offset
- write the data to the target
However no actual data should be transferred to SPD page-0 in order
to select it. Actually, the second transation never receives an ACK
from the target device, which caused the following error report:
ERROR: Status 30 in write transaction
This patch sets the buffer length in page-0 select writes to zero,
leading to bypass the data transfer to the target device.
Issuing the target offset command to SPD page-0 address effectively
selects this page for the read operation.
Change-Id: I4bf8e8c09da115ee875f934bc8fbc9349b995017
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Reviewed-on: https://sj1git1.cavium.com/24387
Tested-by: sa_ip-sw-jenkins <sa_ip-sw-jenkins@marvell.com>
Reviewed-by: Ofer Heifetz <oferh@marvell.com>
Reviewed-by: Moti Buskila <motib@marvell.com>
Add initialization for TRNG-IP-76 driver and support SMC call
0xC200FF11 used for reading HW RNG value by secondary bootloader
software for KASLR support.
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Change-Id: I1d644f67457b28d347523f8a7bfc4eacc45cba68
Reviewed-on: https://sj1git1.cavium.com/c/IP/SW/boot/atf/+/32688
Reviewed-by: Stefan Chulski <stefanc@marvell.com>
Reviewed-by: Ofer Heifetz <oferh@marvell.com>
Update TZC base address to align with the recent changes in the platform
memory map.
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I0d0ad528a2e236607c744979e1ddc5c6d426687a
Currently, BLs are mapping the GIC memory region as read-write
for all cores on boot-up.
This opens up the security hole where the active core can write
the GICR frame of fused/inactive core. To avoid this issue, disable
the GICR frame of all inactive cores as below:
1. After primary CPU boots up, map GICR region of all cores as
read-only.
2. After primary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
3. After secondary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
4. All unused/fused core's redistributor regions remain read-only and
write attempt to such protected regions results in an exception.
As mentioned above, this patch offers only the GICR memory-mapped
region protection considering there is no facility at the GIC IP
level to avoid writing the redistributor area.
These changes are currently done in BL31 of Arm FVP and guarded under
the flag 'FVP_GICR_REGION_PROTECTION'.
As of now, this patch is tested manually as below:
1. Disable the FVP cores (core 1, 2, 3) with core 0 as an active core.
2. Verify data abort triggered by manually updating the ‘GICR_CTLR’
register of core 1’s(fused) redistributor from core 0(active).
Change-Id: I86c99c7b41bae137b2011cf2ac17fad0a26e776d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
GIC memory region is not getting used in BL1 and BL2.
Hence avoid its mapping in BL1 and BL2 that freed some
page table entries to map other memory regions in the
future.
Retains mapping of CCN interconnect region in BL1 and BL2
overlapped with the GIC memory region.
Change-Id: I880dd0690f94b140e59e4ff0c0d436961b9cb0a7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
So far the ARM platform Makefile would require that RESET_TO_BL31 is set
when we ask for the ARM_LINUX_KERNEL_AS_BL33 feature.
There is no real technical reason for that, and the one place in the
code where this was needed has been fixed.
Remove the requirement of those two options to be always enabled
together.
This enables the direct kernel boot feature for the Foundation FVP
(as described in the documentation), which requires a BL1/FIP
combination to boot, so cannot use RESET_TO_BL31.
Change-Id: I6814797b6431b6614d684bab3c5830bfd9481851
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we have the somewhat artifical limitation of
ARM_LINUX_KERNEL_AS_BL33 only being used together with RESET_TO_BL31.
However there does not seem to be a good technical reason for that,
it was probably just to differentate between two different boot flows.
Move the initial register setup for ARM_LINUX_KERNEL_AS_BL33 out of the
RESET_TO_BL31 #ifdef, so that we initialise the registers in any case.
This allows to use a preloaded kernel image when using BL1 and FIP.
Change-Id: I832df272d3829f077661f4ee6d3dd9a276a0118f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The structure has been modified to specify the memory
size in bytes instead of Gigabytes.
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Change-Id: I3384677d79af4f3cf55d3c353b6c20bb827b5ae7