NOTE for platform integrators:
API `plat_psci_stat_get_residency()` third argument
`last_cpu_idx` is changed from "signed int" to the
"unsigned int" type.
Issue / Trouble points
1. cpu_idx is used as mix of `unsigned int` and `signed int` in code
with typecasting at some places leading to coverity issues.
2. Underlying platform API's return cpu_idx as `unsigned int`
and comparison is performed with platform specific defines
`PLAFORM_xxx` which is not consistent
Misra Rule 10.4:
The value of a complex expression of integer type may only be cast to
a type that is narrower and of the same signedness as the underlying
type of the expression.
Based on above points, cpu_idx is kept as `unsigned int` to match
the API's and low-level functions and platform defines are updated
where ever required
Signed-off-by: Deepika Bhavnani <deepika.bhavnani@arm.com>
Change-Id: Ib26fd16e420c35527204b126b9b91e8babcc3a5c
The SCU connects one to four Cortex-A5/Cortex-A9 processors
to the memory system through the AXI interfaces.
The SCU functions are to:
- maintain data cache coherency between the Cortex-A5/Cortex-A9
processors
- initiate L2 AXI memory accesses
- arbitrate between Cortex-A5/Cortex-A9 processors requesting
L2 accesses
- manage ACP accesses.
Snoop Control Unit will enable to snoop on other CPUs caches.
This is very important when it comes to synchronizing data between
CPUs. As an example, there is a high chance that data might be
cache'd and other CPUs can't see the change. In such cases,
if snoop control unit is enabled, data is synchoronized immediately
between CPUs and the changes are visible to other CPUs.
This driver provides functionality to enable SCU as well as enabling
user to know the following
- number of CPUs present
- is a particular CPU operating in SMP mode or AMP mode
- data cache size of a particular CPU
- does SCU has ACP port
- is L2CPRESENT
Change-Id: I0d977970154fa60df57caf449200d471f02312a0
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
All the SoCs in 64-bit UniPhier SoC family support EL2.
Just hard-code MODE_EL2 instead of using el_implemented() helper.
Change-Id: I7ab48002c5205bc8c013e1b46313b57d6c431db0
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
spm resume will restore Vmodem/Vcore voltages
back based on the SPM_DVS_LEVEL.
Change-Id: I37ff7ce4ba62219c1858acea816c5bc9ce6c493e
Signed-off-by: Roger Lu <roger.lu@mediatek.com>
The contents of this header have been merged into the spm_mm_svc.h
header file.
Change-Id: I01530b2e4ec1b4c091ce339758025e2216e740a4
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Before adding any new SPM-related components we should first do
some cleanup around the existing SPM-MM implementation. The aim
is to make sure that any SPM-MM components have names that clearly
indicate that they are MM-related. Otherwise, when adding new SPM
code, it could quickly become confusing as it would be unclear to
which component the code belongs.
The secure_partition.h header is a clear example of this, as the
name is generic so it could easily apply to any SPM-related code,
when it is in fact SPM-MM specific.
This patch renames the file and the two structures defined within
it, and then modifies any references in files that use the header.
Change-Id: I44bd95fab774c358178b3e81262a16da500fda26
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The Secure Partition Manager (SPM) prototype implementation is
being removed. This is preparatory work for putting in place a
dispatcher component that, in turn, enables partition managers
at S-EL2 / S-EL1.
This patch removes:
- The core service files (std_svc/spm)
- The Resource Descriptor headers (include/services)
- SPRT protocol support and service definitions
- SPCI protocol support and service definitions
Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
There are two different implementations of Secure Partition
management in TF-A. One is based on the "Management Mode" (MM)
design, the other is based on the Secure Partition Client Interface
(SPCI) specification. Currently there is a dependency between their
build flags that shouldn't exist, making further development
harder than it should be. This patch removes that
dependency, making the two flags function independently.
Before: ENABLE_SPM=1 is required for using either implementation.
By default, the SPCI-based implementation is enabled and
this is overridden if SPM_MM=1.
After: ENABLE_SPM=1 enables the SPCI-based implementation.
SPM_MM=1 enables the MM-based implementation.
The two build flags are mutually exclusive.
Note that the name of the ENABLE_SPM flag remains a bit
ambiguous - this will be improved in a subsequent patch. For this
patch the intention was to leave the name as-is so that it is
easier to track the changes that were made.
Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
This patch fixes the bug in BL2 dynamic configuration initialisation
which prevents loading NT_FW_CONFIG image (ref. GENFW-3471).
It also adds parentheses around 'if' statement conditions to fix
Coverity defect.
Change-Id: I353566c29b84341887e13bf8098a4fedfc4e00ff
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch saves the boot parameters provided by the previous bootloader
during cold boot and passes them to Trusty. Commit 06ff251ec introduced
the plat_trusty_set_boot_args() handler, but did not consider the boot
parameters passed by the previous bootloader. This patch fixes that
anomaly.
Change-Id: Ib40dcd02b67c94cea5cefce09edb0be4a998db37
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Provide an SMC interface to the 9p filesystem. This permits
accessing firmware drivers through a common interface, using
standardized read/write/control operations.
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I9314662314bb060f6bc02714476574da158b2a7d
This patch enables per-CPU GIC CPU interfaces during CPU
power on. The previous code initialized the distributor
for all CPUs, which was not required.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ifd957b2367da06405b4c3e2225411adbaec35bb8
Ported the pmf asm macros and the asm code in the bl31 entrypoint
necessary for the instrumentation to AArch32.
Since smc dispatch is handled by the bl32 payload on AArch32, we
provide this service only if AARCH32_SP=sp_min is set.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Change-Id: Id33b7e9762ae86a4f4b40d7f1b37a90e5130c8ac
Switching execution states is only possible if EL3 is AArch64.
As such there is no need to validate the entrypoint on AArch32 builds.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Change-Id: I3c1eb25b5df296a492870641d274bf65213c6608
Enable the workaround for Cortex-A53 erratum 855873 for the Rockchip
RK3328, silencing a warning at startup.
Change-Id: I5aa29d674d23c096c599abcb5e7dac970f9607d8
Signed-off-by: Simon South <simon@simonsouth.net>
Fixes the SiP Service driver that is responsible for FPGA
reconfiguration. Also change the base address of FPGA reconfiguration
to 0x400000.
Signed-off-by: Tien Hock, Loh <tien.hock.loh@intel.com>
Change-Id: I2b84c12c85cd5fc235247131fec4916ed2fb56c8
There are a few issues in mailbox that needs to be fixed.
- Send doorbell after an indirect cmd
- Do not ring doorbell when polling mailbox response as it should've been
sent by send_cmd
- remove unneeded cmd_free_offset check
- Fix mailbox initialization
- Fix get_config_status returning a wrong status when the status is busy
- Add command length in mailbox command header
Signed-off-by: Tien Hock, Loh <tien.hock.loh@intel.com>
Change-Id: If613e2ca889a540a616c62d69ad0086a7cd46536
* changes:
rockchip: make miniloader ddr_parameter handling optional
rockchip: px30: cleanup securing of ddr regions
rockchip: px30: move secure init to separate file
rockchip: really use base+size for secure ddr regions
rockchip: bring TZRAM_SIZE values in line
Transfering the regions of ddr memory to additionally protect is very much
specific to some rockchip internal first stage bootloader and doesn't get
used in either mainline uboot or even Rockchip's published vendor uboot
sources.
This results in a big error
ERROR: over or zero region, nr=0, max=10
getting emitted on every boot for most users and such a message coming
from early firmware might actually confuse developers working with the
system.
As this mechanism seems to be only be used by Rockchip's internal miniloader
hide it behind a build conditional, so it doesn't confuse people too much.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Change-Id: I52c02decc60fd431ea78c7486cad5bac82bdbfbe
So far the px30-related ddr security was loading data for regions to secure
from a pre-specified memory location and also setting region0 to secure
the first megabyte of memory in hard-coded setting (top=0, end=0, meaning
1MB).
To make things more explicit and easier to read add a function doing
the settings for specified memory areas, like other socs have and also
add an assert to make sure any descriptor read from memory does not
overlap the TZRAM security in region0 and TEE security in region1.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Change-Id: I78441875112bf66a62fde5f1789f4e52a78ef95f
Similar to others like rk3399 and rk3288 move the secure init to a
separate file to unclutter the soc init a bit.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Change-Id: Iebb38e24f1c7fe5353f139c896fb8ca769bf9691
Add-in support for handling BL31 parameter from non-BL2 image, ie. SPL
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I16118d791399f652b6d1093c10092935a3449c32
Load BL31 to DDR instead of On-Chip RAM for scalability. Also, make use
of On-Chip RAM for BL31 specific variables filling down from handoff
offset to reduce fragmentation
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ib64f48bd14f71e5fca2d406f4ede3386f2881099
This patch will provide an entrypoint for uboot's spl into BL31.
BL31 will also handle secondary cpu state during uboot's cold boot
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I661bdb782c2d793d5fc3c7f78dd7ff746e33b7a3
Move the get_config_status out of sip_svc driver.
Modify the function so that it can return either
CONFIG_STATUS or RECONFIG_STATUS
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I642d5900339e67f98be61380edc2b838e0dd47af
Separate SiP related definition from mailbox header file
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I45ba540f29d9261007f7ec23469358747cf140b4
The calls to secure ddr regions on rk3288 and rk3399 use parameters of
base and size - as it custom for specifying memory regions, but the
functions themself expect start and endpoints of the area.
This only works by chance for the TZRAM, as it starts a 0x0 and therefore
its end location is the same as its size.
To not fall into a trap later on adapt the functions to really take
base+size parameters.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Change-Id: Idb9fab38aa081f3335a4eca971e7b7f6757fbbab
The agreed upon division of early boot locations is 0x40000 for bl31
to leave enough room for u-boot-spl and 0x100000 for bl33 (u-boot).
rk3288 and rk3399 already correctly secure the ddr up to the 1MB boundary
so pull the other platforms along to also give the Rockchip TF-A enough
room to comfortably live in.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Change-Id: Ie9e0c927d3074a418b6fd23b599d2ed7c15c8c6f
Chip ID checking and poweroff work just like they did before.
Regulators are now enabled just like on A64/H5.
This changes the signatures of the low-level register read/write
functions to match the interface expected by the common driver.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: I14d63d171a094fa1375904928270fa3e21761646