Cortex A77 erratum 1800714 is a Cat B erratum, present in older
revisions of the Cortex A77 processor core. The workaround is to
set a bit in the ECTLR_EL1 system register, which disables allocation
of splintered pages in the L2 TLB.
Since this is the first errata workaround implemented for Cortex A77,
this patch also adds the required cortex_a77_reset_func in the file
lib/cpus/aarch64/cortex_a77.S.
This errata is explained in this SDEN:
https://static.docs.arm.com/101992/0010/Arm_Cortex_A77_MP074_Software_Developer_Errata_Notice_v10.pdf
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I844de34ee1bd0268f80794e2d9542de2f30fd3ad
Captured the increase in firmware configuration area from
4KB to 8kB in memory layout document. Updated the documentation
to provide details about fw_config separately.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ifbec443ced479301be65827b49ff4fe447e9109f
Increased the size of firmware configuration area to accommodate
all configs.
Updated maximum size of following bootloaders due to increase
in firmware configs size and addition of the code in the BL2.
1. Increased maximum size of BL2 for Juno platform in no
optimisation case.
2. Reduced maximum size of BL31 for fvp and Juno platform.
3. Reduced maximum size of BL32 for Juno platform.
Change-Id: Ifba0564df0d1fe86175bed9fae87fdcf013b1831
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Modified the code to do below changes:
1. Load tb_fw_config along with fw_config by BL1.
2. Populate fw_config device tree information in the
BL1 to load tb_fw_config.
3. In BL2, populate fw_config information to retrieve
the address of tb_fw_config and then tb_fw_config
gets populated using retrieved address.
4. Avoid processing of configuration file in case of error
value returned from "fw_config_load" function.
5. Updated entrypoint information for BL2 image so
that it's arg0 should point to fw_config address.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: Ife6f7b673a074e7f544ee3d1bda7645fd5b2886c
Query clock frequency in runtime using FCONF getter API
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ie6a8a62d8d190b9994feffb167a1d48829913e9b
Extract Timer clock frequency from the timer node in
HW_CONFIG dtb. The first timer is a per-core architected timer attached
to a GIC to deliver its per-processor interrupts via PPIs.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I2f4b27c48e4c79208dab9f03c768d9221ba6ca86
All projects under the TrustedFirmware.org project now use the same
security incident process, therefore update the disclosure/vulnerability
reporting information in the TF-A documentation.
------------------------------------------------------------------------
/!\ IMPORTANT /!\
Please note that the email address to send these reports to has changed.
Please do *not* use trusted-firmware-security@arm.com anymore.
Similarly, the PGP key provided to encrypt emails to the security email
alias has changed as well. Please do *not* use the former one provided
in the TF-A source tree. It is recommended to remove it from your
keyring to avoid any mistake. Please use the new key provided on
TrustedFirmware.org from now on.
------------------------------------------------------------------------
Change-Id: I14eb61017ab99182f1c45d1e156b96d5764934c1
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Updated 'fconf_load_config' function to return
the error.
Error from 'fconf_load_config" gets handled
by BL1 in subsequent patches.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I4360f4df850e355b5762bb2d9666eb285101bc68
Modified the code to do below changes:
1. Migrates the Arm platforms to the API changes introduced in the
previous patches by fixing the fconf_load_config() call.
2. Retrieve dynamically the address of tb_fw_config using fconf
getter api which is subsequently used to write mbedTLS heap
address and BL2 hash data in the tb_fw_config DTB.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: I3c9d9345dcbfb99127c61d5589b4aa1532fbf4be
Modified the `fconf_load_config` function so that it can
additionally support loading of tb_fw_config along with
fw_config.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ie060121d367ba12e3fcac5b8ff169d415a5c2bcd
Cleaned up confused naming between TB_FW and FW_CONFIG.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I9e9f6e6ca076d38fee0388f97d370431ae067f08
Updated cert_tool to add hash information of fw_config image into
the existing "trusted boot fw" certificate.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I720319225925806a2a9f50a1ac9c8a464be975f0
Added support in fiptool to include fw_config image
in FIP.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ibbd14723a4141598d9d7f6bfcf88a0ef92cf87bc
Moved BL2 configuration nodes from fw_config to newly
created tb_fw_config device tree.
fw_config device tree's main usage is to hold properties shared
across all BLx images.
An example is the "dtb-registry" node, which contains the
information about the other device tree configurations
(load-address, size).
Also, Updated load-address of tb_fw_config which is now located
after fw_config in SRAM.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ic398c86a4d822dacd55b5e25fd41d4fe3888d79a
Added a binding document for COT descriptors which is going
to be used in order to create COT desciptors at run-time.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ic54519b0e16d145cd1609274a00b137a9194e8dd
Change handler of FFA version interface:
- Return SPMD's version if the origin of the call is secure;
- Return SPMC's version if origin is non-secure.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I0d1554da79b72b1e02da6cc363a2288119c32f44
Embed Arch Architecture SMCCC services in stm32mp1 SP_MIN. This
service is needed by Linux kernel to setup the SMCCC conduit
used by its SCMI SMC transport driver.
Change-Id: I454a7ef3048a77ab73fff945e8115b60445d5841
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
SCMI shared memory is used to exchange message payloads between
secure SCMI services and non-secure SCMI agents. It is mapped
uncached (device) mainly to conform to existing support in
the Linux kernel. Note that executive messages are mostly short
(few 32bit words) hence not using cache will not penalize much
performances.
Platform stm32mp1 shall configure ETZPC to harden properly the
secure and non-secure areas of the SYSRAM address space, that before
CPU accesses the shared memory when mapped non-secure.
This change defines STM32MP_SEC_SYSRAM_BASE/STM32MP_SEC_SYSRAM_SIZE and
STM32MP_NS_SYSRAM_BASE/STM32MP_NS_SYSRAM_SIZE.
Change-Id: I71ff02a359b9668ae1c5a71b5f102cf3d310f289
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
When using SP_min as monitor, only sp_min_warm_entrypoint() is a valid
secure entry point.
Change-Id: I440cec798e901b11a34dd482c33b2e378a8328ab
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Disable use of Neon VFP support for platform stm32mp1 when
building with SP_MIN runtime services as these can conflict with
non-secure world use of NEON support. This is preferred over a
systematic backup/restore of NEON context when switching
between non-secure and secure worlds.
When NEON support is disabled, this is done for both BL2 and BL32 as
build process uses common libraries built once for both binaries.
Change-Id: I4e8808dcb6ef58fc839e6f85fd6e45cfbaa34be0
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
BL32/SP_MIN configures platform security hardening from the shared
resources driver. At the end of SP_MIN initialization, all shared
resources shall be assigned to secure or non-secure world by
drivers. A lock prevent from further change on the resource
assignation. By definition, resources not registered are assign
to non-secure world since not claimed by any component on the BL.
No functional change as all resources are currently in state
SHRES_UNREGISTERED hence assigned to non-secure world as prior
this change in stm32mp1_etzpc_early_setup() and
sp_min_platform_setup().
Change-Id: Ic41fab47216c3b8b7a6a75b8358cfcec411ed941
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Get number of pins in the GPIOZ bank with helper function
fdt_get_gpio_bank_pin_count(). Save the value in RAM to prevent
parsing the FDT several time for the same information.
Change-Id: Ie68e300804461ffce09914100a7d2962116023b5
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Define enum stm32mp_shres for platform stm32mp1. The enumerated
type defines all resources that can be assigned to secure or
non-secure worlds at run time for the platform.
Change-Id: I5de20d72735856645f1efd0993643278e8d35bcb
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
STM32MP1 SoC includes peripheral interfaces that can be assigned to
the secure world, or that can be opened to the non-secure world.
This change introduces the basics of a driver that manages such
resources which assignation is done at run time. It currently offers
API functions that state whether a service exposed to non-secure
world has permission to access a targeted clock or reset controller.
Change-Id: Iff20028f41586bc501085488c03546ffe31046d8
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Cortex A76 erratum 1800710 is a Cat B erratum, present in older
revisions of the Cortex A76 processor core. The workaround is to
set a bit in the ECTLR_EL1 system register, which disables allocation
of splintered pages in the L2 TLB.
This errata is explained in this SDEN:
https://static.docs.arm.com/sden885749/g/Arm_Cortex_A76_MP052_Software_Developer_Errata_Notice_v20.pdf
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ifc34f2e9e053dcee6a108cfb7df7ff7f497c9493
Cortex A76 erratum 1791580 is a Cat B erratum present in earlier
revisions of the Cortex A76. The workaround is to set a bit in the
implementation defined CPUACTLR2 register, which forces atomic store
operations to write-back memory to be performed in the L1 data cache.
This errata is explained in this SDEN:
https://static.docs.arm.com/sden885749/g/Arm_Cortex_A76_MP052_Software_Developer_Errata_Notice_v20.pdf
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Iefd58159b3f2e2286138993317b98e57dc361925
* changes:
drivers/scmi-msg: smt entry points for incoming messages
drivers/scmi-msg: support for reset domain protocol
drivers/scmi-msg: support for clock protocol
drivers/scmi-msg: driver for processing scmi messages
It is desired to have the peripheral writes completed to clear the
interrupt condition and de-assert the interrupt request to GIC before
EOI write. Failing which spurious interrupt will occurred.
A barrier is needed to ensure peripheral register write transfers are
complete before EOI is done.
GICv2 memory mapped DEVICE nGnR(n)E writes are ordered from core point
of view. However these writes may pass over different interconnects,
bridges, buffers leaving some rare chances for the actual write to
complete out of order.
GICv3 ICC EOI system register writes have no ordering against nGnR(n)E
memory writes as they are over different interfaces.
Hence a dsb can ensure from core no writes are issued before the previous
writes are *complete*.
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Change-Id: Ie6362009e2f91955be99dca8ece14ade7b4811d6
This patch updates the 'bl31_check_ns_address()' helper function to
check that the memory address and size passed by the NS world are not
zero.
The helper fucntion also returns the error code as soon as it detects
inconsistencies, to avoid multiple error paths from kicking in for the
same input parameters.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I46264f913954614bedcbde12e47ea0c70cd19be0
Adjust the latest OP-TEE memory definitions to the
newest TF-A baseline.
Change-Id: Ib9c82b85f868adaf3c7285eb340486bda9c59c36
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Add llc_sram_enable() and llc_sram_disable() APIs to Marvell
cache_lls driver.
Add LLC_SRAM definition to Marvell common makefile - disabled
by the default.
Add description of LLC_SRAM flag to the build documentation.
Change-Id: Ib348e09752ce1206d29268ef96c9018b781db182
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Extend the CCU tables with secure SRAM window in all board
setups that uses SoCs based on AP806/AP807 North Bridges
Change-Id: I4dc315e4ea847562ac8648d8a8739244b548c70e
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
It is not needed to reserve 64MB for FIP. Limit this to 4MB
for both supported Armada SoC families.
Change-Id: I58a8ce4408a646fe1afd3c1ea1ed54007c8d205d
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
[Extract from bigger commit]
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
Make sure the current CCU window is not in use before adding
a new address map during MSS BL2 image load preparations.
At BL2 stage the CCU Win-2 points to DRAM. If additional mapping is
added to MSS BL2 stage initialization, the DDR entry will be destroyed
and lead to the system hang.
Change-Id: I215e83508acc37d54dab6954d791b9a74cc883ca
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Add ccu_is_win_enabled() API for checking the CCU window
state using AP and window indexes.
Change-Id: Ib955a2cac28b2729b0a763f3bbbea28b476a2fe4
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Make all LLC-related macros to start with the same prefix
Add more LLC control registers definitions
This patch is a preparation step for LLC SRAM support
Change-Id: I0a4f0fc83e8ef35be93dd239a85f2a9f88d1ab19
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
The configuration space of each standalone CP was updated in BL31.
Loading FW procedure take places earlier in SCP_BL2.
It needs to be done after access to each CP is provided.
Moving the proper configuration from BL31 to BL2 solves it.
Change-Id: I44cf88dfd4ebf09130544332bfdd3d16ef2674ea
Signed-off-by: Ben Peled <bpeled@marvell.com>
Lauren Wehrmeister
johpow01
Manish V Badarkhe
Sandrine Bailleux
Louis Mayencourt
Sheetal Tigadoli
Manish Pandey
J-Alves
Etienne Carriere
Madhukar Pappireddy
Mark Dykes
Sandeep Tripathy
Olivier Deprez
Varun Wadekar
Konstantin Porotchkin
Marcin Wojtas
Ben Peled