bl31-data file written in assembly helps to manage data at bl31.
Signed-off-by: rocket <rod.dorris@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: Ic3ace03364648cc1174bb05b5b334b9ccdaaa4ed
NXP tool to create pbl from bl2 binary:
- RCW is prepended to BL2.bin
- If TRUSTED_BOARD_BOOT=1, pre-append the CSF header
to be understood by NXP boot-rom.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: Iddc7336a045222e2073ddad86358ebc4440b8bcf
NXP SMMU driver API for NXP SoC.
- Currently it supports by-passing SMMU, called only when NXP CAAM
is enabled.
- (TBD) AMQ based SMMU access control: Access Management Qualifiers (AMQ)
advertised by a bus master for a given transaction.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I23a12928ddedb1a2cf4b396606e35c67e016e331
Chain of trust(CoT) is enabled on NXP SoC in two ways:
- Using MbedTLS, parsing X509 Certificates.
- Using NXP internal method parsing CSF header
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I78fb28516dfcfa667bebf8a1951ffb24bcab8de4
NXP has hardware crypto accelerator called CAAM.
- Work with Job ring
- Jobs are submitted to CAAM in the form of 64 word
descriptor.
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I02bcfce68143b8630e1833a74c4b126972f4323d
Flexspi driver now introduces read/write/erase APIs for complete flash
size, FAST-READ are by default used and IP bus is used for erase, read
and write using flexspi APIs.
Framework layer is currently embedded in driver itself using flash_info
defines.
Test cases are also added to confirm flash functionality currently under
DEBUG flag.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Ashish Kumar <Ashish.Kumar@nxp.com>
Signed-off-by: Kuldeep Singh <kuldeep.singh@nxp.com>
Change-Id: I755c0f763f6297a35cad6885f84640de50f51bb0
GIC api used by NXP SoC is based on:
- arm provided drivers: /drivers/arm/gic
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: If3d470256e5bd078614f191e56062c4fbd97f8bd
NXP General Purpose Input/Output driver support for
NXP platforms.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I9a3574f1d5d12e4a65ff60f640d4e77e2defd6d4
NXP Central Security Unit(CSU) for NXP SoC.
CSU is used for:
- Access permissions for peripheral that donot have their own
access control.
- Locking of individual CSU settings until the next POR
- General purpose security related control bits
Refer NXP SoC manuals fro more details.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I07a4729c79c5e2597f8b2a782e87e09f7f30c2ca
DDR driver for NXP layerscape SoC(s):
- lx2160aqds
- lx2162aqds
- lx2160ardb
- Other Board with SoC(s) like ls1046a, ls1043a etc;
-- These other boards are not verified yet.
Signed-off-by: Rajesh Bhagat <rajesh.bhagat@nxp.com>
Signed-off-by: York Sun <york.sun@nxp.com>
Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: Ic84a63cb30eba054f432d479862cd4d1097cbbaf
NXP I2C driver support for NXP SoC(s).
Signed-off-by: York Sun <york.sun@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I234b76f9fa1b30dd13aa087001411370cc6c8dd0
NXP Security Monitor IP provides hardware anchored
- current security state of the SoC.
- Tamper detect etc.
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I8ff809fe2f3fd013844ab3d4a8733f53c2b06c81
NXP Security Fuse Processor is used to read and write
fuses.
- Fuses once written, are cannot be un-done.
- Used as trust anchor for monotonic counter,
different platform keys etc.
Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I347e806dd87078150fbbbfc28355bb44d9eacb9c
CCN API(s) to be used NXP SoC(s) are added.
These API(s) based on ARM CCN driver
- driver/arm/ccn
CCI API(s) to be used NXP SoC(s) are added.
These API(s) based on ARM CCI driver
- driver/arm/cci
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I7682c4c9bd42f63542b3ffd3cb6c5d2effe4ae0a
NXP TZC-400 API(s) to configure ddr regions are based on:
- drivers/arm/tzc
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I524433ff9fafe1170b13e99b7de01fe957b6d305
NXP Timer Apis are based on:
- drivers/delay_timer
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I2cbccf4c082a10affee1143390905b9cc99c3382
NXP SoCs, supports two types of UART controller:
- PL011 - using ARM drivers sources
- 16550 - using TI drivers source
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: Iacbcefd2b6e5d96f83fa00ad25b4f63a4c822bb4
Generic framework is added to include platform defined UUID.
This framework is added for the following:
- All NXP SoC based platforms needed additional fip-fuse.bin
- NXP SoC lx2160a based platforms requires additional fip-ddr.bin
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: Ibe05d9c596256e34077287a490dfcd5b731ef2cf
Conditional definition for the macro MAX_NUMBER_IDS.
This will allow to update this definition by the platform
specific implementation.
Since, NXP SoC lx2160a based platforms requires additional
FIP DDR to be loaded before initializing the DDR.
It requires addition of defines for DDR image IDs.
A dedicated header plat_tbbr_img_def.h is added to the platform
folder - plat/nxp/common/include/default/
Inclusion of this header file will depend on the compile time
flag PLAT_TBBR_IMG_DEF.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I4faba74dce578e2a34acbc8915ff75d7b8368cee
Incorrect value is picked for TF_MBEDTLS_USE_RSA defination,
even if the TF_MBEDTLS_RSA is enabled.
Due to which PK_DER_LEN is defined incorrectly.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I2ca4ca121e0287b88ea689c885ddcd45a34a3e91
Changes to 'tools/cert_create' folder, to include platform defined
certificates, keys, and extensions.
NXP SoC lx2160a : based platforms requires additional
FIP DDR to be loaded before initializing the DDR.
To enable chain of trust on these platforms, FIP DDR
image needs to be authenticated, additionally.
Platform specific folder 'tools/nxp/cert_create_helper'
is added to support platform specific macros and definitions.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I4752a30a9ff3aa1d403e9babe3a07ba0e6b2bf8f
Platforms, which requires additional images to be
verified using TBBR; such that their key certificate
is tied to TRUSTED_KEY_CERT.
For such platforms, if make commands runs twice:
- Once with targets as bl2 & fip.bin, and
- Again to build the target as the additional image.
then, if path to the TRUSTED_KEY_CERT varies in the
makefile with make-target of the additional image, then
there would be two location where "trusted_key.crt" will
be created.
This patch helps overriding the TRUSTED_KEY_CERT from any .mk
in the platform's makefile structure.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I775a2c409035504b21b0bbe5a4f9046898163eed
This works even on SoCs that do not have an ARISC, and it avoids
clobbering whatever ARISC firmware might be running.
Change-Id: I9f2fed597189bb387de79e8e76a7da3375e1ee91
Signed-off-by: Samuel Holland <samuel@sholland.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The devicetree binding document[1] for the /reserved-memory node demands
that the number of address and size-cells in the reserved-memory node
must match those values in the root node. So far we were forcing a
64-bit address along with a 32-bit size.
Adjust the code to query the cells values from the root node, and
populate the newly created /reserved-memory node accordingly.
This fixes the fdt_add_reserved_memory() function when called on a
devicetree which does not use the 2/1 pair. Linux is picky about this
and will bail out the parsing routine, effectively ignoring the
reserved-memory node:
[ 0.000000] OF: fdt: Reserved memory: unsupported node format, ignoring
[1] Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
in the Linux kernel source tree
Change-Id: Ie126ebab4f3fedd48e12c9ed4bd8fa123acc86d3
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Adds a number of definitions consistent with the established WaRP7
equivalents specifying number of io_handles and block devices.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: If1d7ef1ad3ac3dfc860f949392c7534ce8d206e3
Allows for exporting of FIP related methods cleanly in a private header.
Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: I8523f1370312ed22ff7ca710cd916be52f725e3c
TZC400 is configured to raise an interrupt in case of faulty access.
Call the new added tzc400_it_handler, in case this interrupt occurs.
Change-Id: Iaf4fa408a8eff99498042e11e2d6177bad39868c
Signed-off-by: Yann Gautier <yann.gautier@st.com>
On STM32MP15, only filters 0 and 1 are used.
Use TZC_400_REGION_ATTR_FILTER_BIT() macro for those 2 filters 0 and 1
instead of U(3).
Change-Id: Ibc61823842ade680f59d5b66b8db59b6a30080e4
Signed-off-by: Yann Gautier <yann.gautier@st.com>
A new function tzc400_it_handler() is created to manage TZC400
interrupts. The required helpers to read and clear interrupts are added
as well.
In case DEBUG is enabled, more information about the faulty access
(address, NSAID, type of access) is displayed.
Change-Id: Ie9ab1c199a8f12b2c9472d7120efbdf35711284a
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Addresses the deprecation warning produced by
drivers/arm/gic/common/gic_common.c.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Change-Id: I1a3ff4835d0f94c74b405db10622e99875ded82b
BIT24 of IPI command header is used to determine if caller is
secure or non-secure.
Mark BIT24 of IPI command header as non-secure if SMC caller
is non-secure.
Signed-off-by: Tejas Patel <tejas.patel@xilinx.com>
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: Iec25af8f4b202093f58e858ee47cd9cd46890267
FF-A specification states that error codes should be typed int32_t.
SPMD's uses uint64_t for return values, which if assigned with a signed
type would have sign extension, and change the size of the return from
32-bit to 64-bit.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I288ab2ffec8330a2fe1f21df14e22c34bd83ced3
If a PMIC regulator has its DT node disabled, leave the regulator off.
Change-Id: I895f740328e8f11d485829c3a89a9b9f8e5644be
Signed-off-by: Roman Beranek <roman.beranek@prusa3d.com>
Typically, interrupts for a specific security state get handled in the
same security execption level if the execution is in the same security
state. For example, if a non-secure interrupt gets fired when CPU is
executing in NS-EL2 it gets handled in the non-secure world.
However, interrupts belonging to the opposite security state typically
demand a world(context) switch. This is inline with the security
principle which states a secure interrupt has to be handled in the
secure world. Hence, the TSPD in EL3 expects the context(handle) for a
secure interrupt to be non-secure and vice versa.
The function "tspd_sel1_interrupt_handler" is the handler registered
for S-EL1 interrupts by the TSPD. Based on the above assumption, it
provides an assertion to validate if the interrupt originated from
non-secure world and upon success arranges entry into the TSP at
'tsp_sel1_intr_entry' for handling the interrupt.
However, a race condition between non-secure and secure interrupts can
lead to a scenario where the above assumptions do not hold true and
further leading to following assert fail.
This patch fixes the bug which causes this assert fail:
ASSERT: services/spd/tspd/tspd_main.c:105
BACKTRACE: START: assert
0: EL3: 0x400c128
1: EL3: 0x400faf8
2: EL3: 0x40099a4
3: EL3: 0x4010d54
BACKTRACE: END: assert
Change-Id: I359d30fb5dbb1429a4a3c3fff37fdc64c07e9414
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>