* changes:
refactor(plat/allwinner): clean up platform definitions
refactor(plat/allwinner): do not map BL32 DRAM at EL3
refactor(plat/allwinner): map SRAM as device memory by default
refactor(plat/allwinner): rename static mmap region constant
feat(bl_common): import BL_NOBITS_{BASE,END} when defined
The SDEI specification now says that during an SDEI
event handler dispatch the SPSR should be set according
to the TakeException() pseudocode function defined in
the Arm Architecture Reference Manual. This patch sets
the SPSR according to the function given in
ARM DDI 0487F.c page J1-7635
Change-Id: Id2f8f2464fd69c701d81626162827e5c4449b658
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Recent changes to enable SVE for the secure world have disabled AMU
extension by default in the reset value of CPTR_EL3 register. So the
platform has to enable this extension explicitly.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I7d930d96ec22d7c3db961411370564bece0ce272
If SVE are enabled for both Non-secure and Secure world along with AMU
extension, then it causes the TAM_BIT in CPTR_EL3 to be set upon exit
from bl31. This restricts access to the AMU register set in normal
world. This fix maintains consistency in both TAM_BIT and CPTR_EZ_BIT
by saving and restoring CPTR_EL3 register from EL3 context.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: Id76ce1d27ee48bed65eb32392036377716aff087
A RAS error may be triggered while offline core in OS. Error:
Uncorrected software error in the Distributor, with IERR=9,SERR=f.
Core put to sleep before its Group enables were cleared.
gicv3_cpuif_disable() will be called in offline core flow.
According to GIC architecture version 3 and version 4:
Architectural execution of a DSB instruction guarantees that
the last value written to ICC_IGRPEN0_EL1, ICC_IGRPEN1_EL1,
ICC_IGRPEN1_EL3 or GICC_CTLR.{EnableGrp0, EnableGrp1}is observed
by the associated Redistributor.
An ISB or other context synchronization operation must precede
the DSB to ensure visibility of System register writes.
Signed-off-by: Ming Huang <huangming@linux.alibaba.com>
Change-Id: Iff1475657f401374c761b5e8f2f5b3a4b2040e9d
Group the SCP base/size definitions in a more logical location.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: Id43f9b468d7d855a2413173d674a5ee666527808
BL31 does not appear to ever access the DRAM allocated to BL32,
so there is no need to map it at EL3.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: Ie8727b793e53ea14517894942266f6da0333eb74
The SRAM on Allwinner platforms is shared between BL31 and coprocessor
firmware. Previously, SRAM was mapped as normal memory by default.
This scheme requires carveouts and cache maintenance code for proper
synchronization with the coprocessor.
A better scheme is to only map pages owned by BL31 as normal memory,
and leave everything else as device memory. This removes the need for
cache maintenance, and it makes the mapping for BL31 RW data explicit
instead of magic.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: I820ddeba2dfa2396361c2322308c0db51b55c348
This constant specifically refers to the number of static mmap regions.
Rename it to make that clear.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: I475c037777ce2a10db2631ec0e7446bb73590a36
If SEPARATE_NOBITS_REGION is enabled, the platform may need to map
memory specifically for that region. Import the symbols from the linker
script to allow the platform to do so.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: Iaec4dee94a6735b22f58f7b61f18d53e7bc6ca8d
At this stage of development Non Volatile counters are not implemented
in the Diphda platform.
This commit disables their use during the Trusted Board Boot by
overriding the NV counters get/set functions.
Change-Id: I8dcbebe0281cc4d0837c283ff637e20b850988ef
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
This commit enables trusted-firmware-a with Trusted Board Boot support
for the Diphda 64-bit platform.
Diphda uses a FIP image located in the flash. The FIP contains the
following components:
- BL2
- BL31
- BL32
- BL32 SPMC manifest
- BL33
- The TBB certificates
The board boot relies on CoT (chain of trust). The trusted-firmware-a
BL2 is extracted from the FIP and verified by the Secure Enclave
processor. BL2 verification relies on the signature area at the
beginning of the BL2 image. This area is needed by the SecureEnclave
bootloader.
Then, the application processor is released from reset and starts by
executing BL2.
BL2 performs the actions described in the trusted-firmware-a TBB design
document.
Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Change-Id: Iddb1cb9c2a0324a9635e23821c210ac81dfc305d
Align documentation with changes of messaging method for partition
manifest:
- Bit[0]: support for receiving direct message requests
- Bit[1]: support for sending direct messages
- Bit[2]: support for indirect messaging
- Bit[3]: support for managed exit
Change the optee_sp_manifest to align with the new messaging method
description.
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>
Change-Id: I333e82c546c03698c95f0c77293018f8dca5ba9c
One platform may not implement all the protocols, to avoid build break
when we not include all the protocols, add weak functions.
Reviewed-by: Jacky Bai <ping.bai@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Change-Id: I1485baa2e8f381cb0eede1a7b93ed10e49934971
Add SCMI power domain protocol, with POWER_STATE_NOTIFY and
POWER_STATE_CHANGE_REQUESTED_NOTIFY not implemented.
Reviewed-by: Jacky Bai <ping.bai@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Change-Id: Ia7c4db57c4c702667f8eaa630c924016e4a8bde0
This patch adds the option HARDEN_SLS_ALL that can be used to enable
the -mharden-sls=all, which mitigates the straight-line speculation
vulnerability. Enable this by adding the option HARDEN_SLS_ALL=1,
default this will be disabled.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I0d498d9e96903fcb879993ad491949f6f17769b2
Existing macro ERROR() prints string "ERROR" followed by string
specified by caller. Therefore via this existing macro it is not
possible to end incomplete / existing line by a newline character.
This change adds a new macro ERROR_NL() which prints just a newline
character without any prefix. Implementation of this macro is done via a
new function tf_log_newline() which based on supplied log level either
return or print newline character.
If needed in future based on this tf_log_newline() function can be
defined also macros for other log levels.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I05414ca177f94cdc0f6077394d9c4af4a4382306
When enabling U-boot with UEFI and secure boot, the size of U-boot
becomes more than 1MB. So we enlarge BL33 to 2MB.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: I9d9d24132bb1ec17ef6080dc72e93c7f531c97b5
* changes:
refactor(plat/arm): use mmio* functions to read/write NVFLAGS registers
refactor(plat/arm): mark the flash region as read-only
refactor(plat/arm): update NV flags on image load/authentication failure
* changes:
fix(plat/marvell/a3k): Fix building uart-images.tgz.bin archive
refactor(plat/marvell/a3k): Rename *_CFG and *_SIG variables
refactor(plat/marvell/a3k): Rename DOIMAGETOOL to TBB
refactor(plat/marvell/a3k): Remove useless DOIMAGEPATH variable
fix(plat/marvell/a3k): Fix check for external dependences
fix(plat/marvell/a8k): Add missing build dependency for BLE target
fix(plat/marvell/a8k): Correctly set include directories for individual targets
fix(plat/marvell/a8k): Require that MV_DDR_PATH is correctly set
There is a error setting for SPM, so we need to fix this issue.
Signed-off-by: Garmin Chang <garmin.chang@mediatek.com>
Change-Id: I741a5dc1505a831fe48fd5bc3da9904db14c8a57
Neoverse V1 erratum 1940577 is a Cat B erratum, present in some
revisions of the V1 processor core. The workaround is to insert a
DMB ST before acquire atomic instructions without release semantics.
This issue is present in revisions r0p0 - r1p1 but this workaround
only applies to revisions r1p0 - r1p1, there is no workaround for older
versions.
SDEN can be found here:
https://documentation-service.arm.com/static/60d499080320e92fa40b4625
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I210ad7d8f31c81b6ac51b028dfbce75a725c11aa
This change adds 208 bytes to PMUSRAM, pushing the end of text from
0xff3b0de0 to 0xff3b0eb0, which is still shy of the maximum
0xff3b1000.
Further, this skips enabling the watchdog when it's not being used
elsewhere, as you can't turn the watchdog off.
Change-Id: I2e6fa3c7e01f2be6b32ce04ce479edf64e278554
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Neoverse V1 erratum 1791573 is a Cat B erratum present in r0p0 and
r1p0 of the V1 processor core. It is fixed in r1p1.
SDEN can be found here:
https://documentation-service.arm.com/static/60d499080320e92fa40b4625
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ic6f92da4d0b995bd04ca5b1673ffeedaebb71d10
For AARCH64, BIT() will make the number as ULL type, let use BIT_32()
here.
And use %zu for size_t print format.
Reviewed-by: Jacky Bai <ping.bai@nxp.com>
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Change-Id: I1dc18d374cd2c6eb83b40b66ed6189dcc6a21728
A new seek handler is also created. It will be used for NAND to add an
extra offset in case of bad blocks, when FIP is used.
Change-Id: I03fb1588b44029db50583c0b2e7af7a1e88a5a7a
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
In case of FIP, the offsets given in the FIP header are relative.
If bad blocks are found between the FIP base address and this offset,
the offset should be updated, taking care of the bad blocks.
Change-Id: I96fefabb583b3d030ab05191bae7d45cfeefe341
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Some parameters from BootROM boot context can be required after boot.
To save space in SYSRAM, this context can be overwritten during images
load sequence. The needed information (here the boot interface) is
then saved in a local variable.
Change-Id: I5e1ad4630ccf78480f415a0a83939005ae67729e
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Avoid parsing device tree every time when returning
the DDR size.
A cache flush on this size is also added because TZC400 configuration
is applied at the end of BL2 after MMU and data cache being turned off.
Configuration needs to retrieve the DDR size to generate the correct
region. Access to the size fails because the value is still in the data
cache. Flushing the size is mandatory.
Change-Id: I3dd1958f37d806f9c15a5d4151968935f6fe642e
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
In BL2, the DDR can be mapped as secured in MMU, as no other SW
has access to it during its execution.
The TZC400 configuration is also updated to reflect this. When using
OP-TEE, the TZC400 is reconfigured at the end of BL2, to match OP-TEE
mapping. Else, SP_min will be in charge to reconfigure TZC400 to set
DDR non-secure.
Change-Id: Ic5ec614b218f733796feeab1cdc425d28cc7c103
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add new static functions to factorize code in stm32mp1_security.c.
Change-Id: Ifa5a1aaf7c56c25dba9a0ab8e985496d7cb06990
Signed-off-by: Yann Gautier <yann.gautier@st.com>
André Przywara
Manish Pandey
Joanna Farley
Peng Fan
Madhukar Pappireddy
Daniel Boulby
Arunachalam Ganapathy
Ming Huang
Samuel Holland
Abdellatif El Khlifi
Maksims Svecovs
Venkatesh Yadav Abbarapu
Roger Lu
Pali Rohár
Ying-Chun Liu (PaulLiu)
Garmin Chang
bipin.ravi
johpow01
Jimmy Brisson
Rex-BC Chen
Lionel Debieve
Yann Gautier
Yann Gautier