TBBR spec advocates for optional encryption of firmwares (see optional
requirement: R060_TBBR_FUNCTION). So add an IO abstaction layer to
support firmware decryption that can be stacked above any underlying IO/
packaging layer like FIP etc. It aims to provide a framework to load any
encrypted IO payload.
Also, add plat_get_enc_key_info() to be implemented in a platform
specific manner as handling of encryption key may vary from one platform
to another.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I9892e0ddf00ebecb8981301dbfa41ea23e078b03
Add framework for autheticated decryption of data. Currently this
patch optionally imports mbedtls library as a backend if build option
"DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption
using AES-GCM algorithm.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: Iea6ca26ff4903c33f0fad27fec96fdbabd4e0a91
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: I836e26ff1771abf21fd460d0ee40e90a452e9b43
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: I89c3ab2ed85ab941d8b38ced48474feb4aaa8b7e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: I5c2fe3b6a667acf80c808cfec4a64059a2c9c25f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location for the coreboot memory console.
This removes the base member from the coreboot specific data structure,
but keeps the struct console_cbmc_t and its size member.
Change-Id: I7f1dffd41392ba3fe5c07090aea761a42313fb5b
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: I9f8b55414ab7965e431e3e86d182eabd511f32a4
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: I7a23327394d142af4b293ea7ccd90b843c54587c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: I07a07677153d3671ced776671e4f107824d3df16
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
*All* UART drivers in TF-A are storing their base address as a uintptr_t
pointer in the first location of the UART specific driver data.
Since the base address is a pretty natural and generic data item, we
should integrate this into the generic console_t structure.
That will not only allow to remove a lot of seemingly UART specific data
structures, but also enables to simplify runtime choices between different
UARTs, since they can share the same pointer.
This patch just adds the new member, the existing data structures will
be handled on a per-UART base in follow-up patches.
Change-Id: I59ce49471ccc8f3b870f2cfd8a72ebfd0cb14d12
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
On systems that have multiple platform components that can interpret the
SCMI messages, there is a need to support multiple SCMI channels (one
each to those platform components). Extend the existing SCMI interface
that currently supports only a single SCMI channel to support multiple
SCMI channels.
Change-Id: Ice4062475b903aef3b5e5bc37df364c9778a62c5
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
In order to allow the MHUv2 driver to be usable with multiple MHUv2
controllers, use the base address of the controller from the platform
information instead of the MHUV2_BASE_ADDR macro.
Change-Id: I4dbab87b929fb0568935e6c8b339ce67937f8cd1
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Use the firmware configuration framework to store the io_policies
information inside the configuration device tree instead of the static
structure in the code base.
The io_policies required by BL1 can't be inside the dtb, as this one is
loaded by BL1, and only available at BL2.
This change currently only applies to FVP platform.
Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
In order to access MG SRAM, the amb bridge needs to be configured which is
done in bl2 platform init.
For MG CM3, the image is only loaded to its SRAM and the CM3 itself is
left in reset. It is because the next stage bootloader (e.g. u-boot)
will trigger action which will take it out of reset when needed. This
can happen e.g. when appropriate device-tree setup (which has enabled
802.3 auto-neg) will be chosen. In other cases the MG CM3 should not be
running.
Change-Id: I816ea14e3a7174eace068ec44e3cc09998d0337e
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
This patch adds 'calc_hash' function using Mbed TLS library
required for Measured Boot support.
Change-Id: Ifc5aee0162d04db58ec6391e0726a526f29a52bb
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Device size could be more than 4GB, we must
define size as unsigned long long.
Change-Id: I52055cf5c1c15ff18ab9e157aa9b73c8b4fb7b63
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
SPI-NOR framework is based on SPI-MEM framework using
spi_mem_op execution interface.
It implements read functions and allows NOR configuration
up to quad mode.
Default management is 1 data line but it can be overridden
by platform.
It also includes specific quad mode configuration for
Spansion, Micron and Macronix memories.
Change-Id: If49502b899b4a75f6ebc3190f6bde1013651197f
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Christophe Kerello <christophe.kerello@st.com>
This framework supports SPI-NAND and is based on the
SPI-MEM framework for SPI operations. It uses a common high
level access using the io_mtd.
It is limited to the read functionalities.
Default behavior is the basic one data line operation
but it could be overridden by platform.
Change-Id: Icb4e0887c4003a826f47c876479dd004a323a32b
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Christophe Kerello <christophe.kerello@st.com>
The raw NAND framework supports SLC NAND devices.
It introduces a new high level interface (io_mtd) that
defines operations a driver can register to the NAND framework.
This interface will fill in the io_mtd device specification:
- device_size
- erase_size
that could be used by the io_storage interface.
NAND core source file integrates the standard read loop that
performs NAND device read operations using a skip bad block strategy.
A platform buffer must be defined in case of unaligned
data. This buffer must fit to the maximum device page size
defined by PLATFORM_MTD_MAX_PAGE_SIZE.
The raw_nand.c source file embeds the specific NAND operations
to read data.
The read command is a raw page read without any ECC correction.
This can be overridden by a low level driver.
No generic support for write or erase command or software
ECC correction.
NAND ONFI detection is available and can be enabled using
NAND_ONFI_DETECT=1.
For non-ONFI NAND management, platform can define required
information.
Change-Id: Id80e9864456cf47f02b74938cf25d99261da8e82
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Christophe Kerello <christophe.kerello@st.com>
IO seek offset can be set to values above UINT32_MAX, this change
changes the seek offset argument from 'ssize_t' to 'signed long long'.
Fixing platform seek functions to match the new interface update.
Change-Id: I25de83b3b7abe5f52a7b0fee36f71e60cac9cfcb
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
The SCU connects one to four Cortex-A5/Cortex-A9 processors
to the memory system through the AXI interfaces.
The SCU functions are to:
- maintain data cache coherency between the Cortex-A5/Cortex-A9
processors
- initiate L2 AXI memory accesses
- arbitrate between Cortex-A5/Cortex-A9 processors requesting
L2 accesses
- manage ACP accesses.
Snoop Control Unit will enable to snoop on other CPUs caches.
This is very important when it comes to synchronizing data between
CPUs. As an example, there is a high chance that data might be
cache'd and other CPUs can't see the change. In such cases,
if snoop control unit is enabled, data is synchoronized immediately
between CPUs and the changes are visible to other CPUs.
This driver provides functionality to enable SCU as well as enabling
user to know the following
- number of CPUs present
- is a particular CPU operating in SMP mode or AMP mode
- data cache size of a particular CPU
- does SCU has ACP port
- is L2CPRESENT
Change-Id: I0d977970154fa60df57caf449200d471f02312a0
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
On some platforms the UART might have already been initialised, for
instance by firmware running before TF-A or by a separate management
processor. In this case it would not be need to initialise it again
(doing so could create spurious characters). But more importantly this
saves us from knowing the right baudrate and the right base clock rate
for the UART. This can lead to more robust and versatile firmware builds.
Allow to skip the 16550 UART initialisation and baud rate divisor
programming, by interpreting an input clock rate of "0" to signify this
case. This will just skip the call to console_16550_core_init, but still
will register the console properly.
Users should just pass 0 as the second parameter, the baudrate (third
parameter) will then be ignored as well.
Fix copy & paste typos in comments for the console_16550_register()
function on the way.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: I9f8fca5b358f878fac0f31dc411358fd160786ee
Previously, the A64/H5 and H6 platforms' PMIC setup code was entirely
independent. However, some H6 boards also need early regulator setup.
Most of the register interface and all of the device tree traversal code
can be reused between the AXP803 and AXP805. The main difference is the
hardware bus interface, so that part is left to the platforms. The
remainder is moved into a driver.
I factored out the bits that were obviously specific to the AXP803;
additional changes for compatibility with other PMICs can be made as
needed.
The only functional change is that rsb_init() now checks the PMIC's chip
ID register against the expected value. This was already being done in
the H6 version of the code.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: Icdcf9edd6565f78cccc503922405129ac27e08a2
This adds the new regulator list, as well as changes to make the switch
(equivalent to DC1SW on the AXP803) work on both PMICs.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: I9a1eac8ddfc54b27096c10a8eebdd51aaf9b8311
Add the support needed to enable using CryptoCell integration with
with RSA 3K support.
Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com>
Change-Id: I95527cb0c41ae012109e8968dd20a4ae9fe67f17
Add support to configure GIC-600's multichip routing table registers.
Introduce a new gic600 multichip structure in order to support platforms
to pass their GIC-600 multichip information such as routing table owner,
SPI blocks ownership.
This driver is currently experimental and the driver api may change in
the future.
Change-Id: Id409d0bc07843e271ead3fc2f6e3cb38b317878d
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
The function has to use read_cntpct_el0() to update the counter, and not
read_cntfrq_el0().
Change-Id: I9c676466e784c3122e9ffc2d87e66708797086e7
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Introduce timeout_init_us/timeout_elapsed() delay tracking with CNTPCT.
timeout_init_us(some_timeout_us); returns a reference to detect
timeout for the provided microsecond delay value from current time.
timeout_elapsed(reference) return true/false whether the reference
timeout is elapsed.
Cherry picked from OP-TEE implementation [1].
[1] commit 33d30a74502b ("core: timeout detection support")
Minor:
- Remove stm32mp platform duplicated implementation.
- Add new include in marvell ble.mk
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: Iaef6d43c11a2e6992fb48efdc674a0552755ad9c
Use size_t for length parameter in header file, as in .c file.
Change-Id: I310f2a6159cde1c069b4f814f6558c2488c203ec
Signed-off-by: Yann Gautier <yann.gautier@st.com>
* changes:
stm32mp1: add authentication support for stm32image
bsec: move bsec_mode_is_closed_device() service to platform
crypto: stm32_hash: Add HASH driver
* changes:
Migrate ARM platforms to use the new GICv3 API
Adding new optional PSCI hook pwr_domain_on_finish_late
GICv3: Enable multi socket GIC redistributor frame discovery
This patch provides declaration and definition of new GICv3 driver
API: gicv3_rdistif_probe().This function delegates the responsibility
of discovering the corresponding Redistributor base frame to each CPU
itself. It is a modified version of gicv3_rdistif_base_addrs_probe()
and is executed by each CPU in the platform unlike the previous
approach in which only the Primary CPU did the discovery of all the
Redistributor frames for every CPU.
The flush operations as part of gicv3_driver_init() function are
made necessary even for platforms with WARMBOOT_ENABLE_DCACHE_EARLY
because the GICv3 driver data structure contents are accessed by CPU
with D-Cache turned off during power down operations.
Change-Id: I1833e81d3974b32a3e4a3df4766a33d070982268
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This BSEC service is a platform specific service. Implementation
moved to the platform part.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I1f70ed48a446860498ed111acce01187568538c9
The driver manages the HASH processor IP on STM32MP1
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I3b67c80c16d819f86b951dae29a6c465e51ad585
The block size of some storage device is 4096-byte long, such as UFS. But
PARTITION_BLOCK_SIZE is defined as 512-byte long. So replace it by
PLAT_PARTITION_BLOCK_SIZE. Make it configurable in platform.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Change-Id: Iada05f7c646d0a0f2c0d3b8545540b3cb7153de3
To allow sharing the driver between the RPi3 and RPi4, move the random
number generator driver into the generic driver directory.
Change-Id: Iae94d7cb22c6bce3af9bff709d76d4caf87b14d1
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
To allow sharing the driver between the RPi3 and RPi4, move the mailbox
driver into the generic driver directory.
Change-Id: I463e49acf82b02bf004f3d56482b7791f3020bc0
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Previously, TF-A could not support large RSA key sizes as the
configuration options passed to MBEDTLS prevented storing and performing
calculations with the larger, higher-precision numbers required. With
these changes to the arguments passed to MBEDTLS, TF-A now supports
using 3072 (3K) and 4096 (4K) keys in certificates.
Change-Id: Ib73a6773145d2faa25c28d04f9a42e86f2fd555f
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
* changes:
amlogic: Fix includes order
amlogic: Fix header guards
amlogic: Fix prefixes in the SoC specific files
amlogic: Fix prefixes in the PM code
amlogic: Fix prefixes in the SCPI related code
amlogic: Fix prefixes in the MHU code
amlogic: Fix prefixes in the SIP/SVC code
amlogic: Fix prefixes in the thermal driver
amlogic: Fix prefixes in the private header file
amlogic: Fix prefixes in the efuse driver
amlogic: Fix prefixes in the platform macros file
amlogic: Fix prefixes in the helpers file
amlogic: Rework Makefiles
amlogic: Move the SIP SVC code to common directory
amlogic: Move topology file to common directory
amlogic: Move thermal code to common directory
amlogic: Move MHU code to common directory
amlogic: Move efuse code to common directory
amlogic: Move platform macros assembly file to common directory
amlogic: Introduce unified private header file
amlogic: Move SCPI code to common directory
amlogic: Move the SHA256 DMA driver to common directory
amlogic: Move assembly helpers to common directory
amlogic: Introduce directory parameters in the makefiles
meson: Rename platform directory to amlogic
The SHA256 DMA driver can be used by multiple SoCs. Move it to the
common directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I96319eeeeeebd503ef0dcb07c0e4ff6a67afeaa5
Meson is the internal code name for the SoC family. The correct name for
the platform should be Amlogic. Change the name of the platform
directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Icc140e1ea137f12117acbf64c7dcb1a8b66b345d
The #include "mbedtls/check_config.h" directive first searches for
the header in the relative path to mbedtls_config.h, i.e.
include/drivers/auth/mbedtls/mbedtls/check_config.h
Obviously, it does not exist since check_config.h is located in
the mbedtls project.
It is more sensible to use #include <...> form.
Change-Id: If72a71381f84e7748a2c9f07dd1176559d9bb1d2
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
If the max-frequency property is provided in the device tree mmc node,
it should be managed. The max allowed frequency will be the min between
this property value and what the card can support.
Change-Id: I885b676c3300d2670a0fe4c6ecab87758b5893ad
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Introduce driver for STM32 IWDG peripheral (Independent Watchdog).
It is configured according to device tree content and should be enabled
from there.
The watchdog is not started by default. It can be started after an HW
reset if the dedicated OTP is fused.
The watchdog also needs to be frozen if a debugger is attached.
This is done by configuring the correct bits in DBGMCU.
This configuration is allowed by checking BSEC properties.
An increase of BL2 size is also required when adding this new code.
Change-Id: Ide7535d717885ce2f9c387cf17afd8b5607f3e7f
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Currently, console drivers prepend '\r' to '\n' by themselves. This is
common enough to be supported in the framework.
Add a new flag, CONSOLE_FLAG_TRANSLATE_CRLF. A driver can set this
flag to ask the framework to transform LF into CRLF instead of doing
it by itself.
Change-Id: I4f5c5887591bc0a8749a105abe62b6562eaf503b
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__.
All common C compilers predefine a macro called __ASSEMBLER__ when
preprocessing a .S file. There is no reason for TF-A to define it's own
__ASSEMBLY__ macro for this purpose instead. To unify code with the
export headers (which use __ASSEMBLER__ to avoid one extra dependency),
let's deprecate __ASSEMBLY__ and switch the code base over to the
predefined standard.
Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417
Signed-off-by: Julius Werner <jwerner@chromium.org>
Add support for multiple Cryptocell revisions which
use different APIs.
This commit only refactors the existing code in preperation to the addition
of another Cryptocell revisions later on.
Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com>
Change-Id: I16d80b31afb6edd56dc645fee5ea619cc74f09b6
Code using Cryptocell specific APIs was used as part of the
arm common board ROT support, instead of being abstracted
in Cryptocell specific driver code, creating two problems:
- Any none arm board that uses Cryptocell wuld need to
copy and paste the same code.
- Inability to cleanly support multiple versions of Cryptocell
API and products.
Move over Cryptocell specific API calls into the Cryptocell
driver, creating abstraction API where needed.
Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com>
Change-Id: I9e03ddce90fcc47cfdc747098bece86dbd11c58e
This patch adds a new include/export/ directory meant for inclusion in
third-party code. This is useful for cases where third-party code needs
to interact with TF-A interfaces and data structures (such as a custom
BL2-implementation like coreboot handing off to BL31). Directly
including headers from the TF-A repository avoids having to duplicate
all these definitions (and risk them going stale), but with the current
header structure this is not possible because handoff API definitions
are too deeply intertwined with other TF code/headers and chain-include
other headers that will not be available in the other environment.
The new approach aims to solve this by separating only the parts that
are really needed into these special headers that are self-contained and
will not chain-include other (non-export) headers. TF-A code should
never include them directly but should instead always include the
respective wrapper header, which will include the required prerequisites
(like <stdint.h>) before including the export header. Third-party code
can include the export headers via its own wrappers that make sure the
necessary definitions are available in whatever way that environment can
provide them.
Change-Id: Ifd769320ba51371439a8e5dd5b79c2516c3b43ab
Signed-off-by: Julius Werner <jwerner@chromium.org>
This consists of ensuring that the left operand of each shift is
unsigned when the operation might overflow into the sign bit.
Change-Id: Iddd6f38139a4c6e500468b4fc48d04e0939f574e
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
* changes:
fdts: stm32mp1: realign device tree files with internal devs
stm32mp1: increase device tree size to 20kB
stm32mp1: make dt_get_stdout_node_offset() static
stm32mp1: use unsigned values for SDMMC defines
stm32mp1: remove useless LIBFDT_SRCS from PLAT_BL_COMMON_SOURCES
stm32mp1: update doc for U-Boot compilation
stm32mp1: add general SYSCFG management
stm32mp1: move stm32_get_gpio_bank_clock() to private file
clk: stm32mp1: correctly handle Clock Spreading Generator
clk: stm32mp1: use defines for mask values in stm32mp1_clk_sel array
clk: stm32mp1: move oscillator functions to generic file
arch: add some defines for generic timer registers
Rework the macro that eases the table definition: the src and msk fields
are now using MASK and SHIFT defines of each source register.
Some macros had then to be modified: _USART1_SEL, _ASS_SEL and _MSS_SEL to
_UART1_SEL, _AXIS_SEL, and _MCUS_SEL to match register fields.
Note: the mask for RCC_ASSCKSELR_AXISSRC is changed from 0x3 to 0x7
to reflect the size of the register field, even if there are only
3 possible clock sources.
The mask value is also corrected for QSPI and FMC clock selection.
Change-Id: I44114e3c1dd37b9fa1be1ba519611abd9a07764c
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Those functions are generic for parsing nodes from device tree
hence could be located in generic source file.
The oscillators description structure is also moved to STM32MP1 clock
driver, as it is no more used in stm32mp1_clkfunc and cannot be in a
generic file.
Change-Id: I93ba74f4eea916440fef9b160d306af1b39f17c6
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Convert the R-Car Gen3 platform and both SCIF and Log drivers
to multi-console API.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Change-Id: I18556973937d150b60453f9150d54ee612571e35
The chain of trust description and the pointer pointing to its first
element were incompatible, thus requiring an explicit type cast for
the assignment.
- cot_desc was an array of
const pointers to const image descriptors.
- cot_desc_ptr was a const pointer to
(non-constant) pointers to const image descriptors.
Thus, trying to assign cot_desc to cot_desc_ptr (with no cast) would
generate the following compiler warning:
drivers/auth/tbbr/tbbr_cot.c:826:14: warning: initialization discards
‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
REGISTER_COT(cot_desc);
^~~~~~~~
Change-Id: Iae62dd1bdb43fe379e3843d96461d47cc2f68a06
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
For security DMA should be blocked at the SMMU by default
unless explicitly enabled for a device. SMMU is disabled
after reset with all streams bypassing the SMMU, and
abortion of all incoming transactions implements a default
deny policy on reset.
This patch also moves "bl1_platform_setup()" function from
arm_bl1_setup.c to FVP platforms' fvp_bl1_setup.c and
fvp_ve_bl1_setup.c files.
Change-Id: Ie0ffedc10219b1b884eb8af625bd4b6753749b1a
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch is a preparation for the subsequent changes in
SMMUv3 driver. It introduces a new "smmuv3_poll" function
and replaces inline functions for accessing SMMU registers
with mmio read/write operations. Also the infinite loop
for the poll has been replaced with a counter based timeout.
Change-Id: I7a0547beb1509601f253e126b1a7a6ab3b0307e7
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Add a driver for configuring the SBSA Generic Watchdog which aids in
the detection of errant system behaviour.
Change-Id: I5a1e7149c69fd8b85be7dfbcf511f431339946f4
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
This changes the auth_img_desc_t struct to have pointers to struct
arrays instead of struct arrays. This saves memory as many of these
were never used, and can be NULL pointers. Note the memory savings are
only when these arrays are not initialised, as it is assumed these
arrays are fixed length. A possible future optimisation could allow for
variable length.
memory diff:
bl1: bl2:
text text
-12 -12
bss bss
-1463 0
data data
-56 -48
rodata rodata
-5688 -2592
total total
-7419 -2652
Change-Id: I8f9bdedf75048b8867f40c56381e3a6dc6402bcc
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
When Trusted Board Boot is enabled, we need to specify the Chain of
Trust (CoT) of the BL1 and BL2 images. A CoT consists of an array
of image descriptors. The authentication module assumes that each
image descriptor in this array is indexed by its unique image
identifier. For example, the Trusted Boot Firmware Certificate has to
be at index [TRUSTED_BOOT_FW_CERT_ID].
Unique image identifiers may not necessarily be consecutive. Also,
a given BL image might not use all image descriptors. For example, BL1
does not need any of the descriptors related to BL31. As a result, the
CoT array might contain holes, which unnecessarily takes up space in
the BL binary.
Using pointers to auth_img_desc_t structs (rather than structs
themselves) means these unused elements only use 1 pointer worth of
space, rather than one struct worth of space. This patch also changes
the code which accesses this array to reflect the change to pointers.
Image descriptors not needed in BL1 or BL2 respectively are also
ifdef'd out in this patch. For example, verifying the BL31 image is
the responsibility of BL2 so BL1 does not need any of the data
structures describing BL31.
memory diff:
bl1: bl2:
text text
-20 -20
bss bss
-1463 0
data data
-256 -48
rodata rodata
-5240 -1952
total total
-6979 -2020
Change-Id: I163668b174dc2b9bbb183acec817f2126864aaad
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
Types tzc_action_t and tzc_region_attributes_t are deprecated.
Change-Id: Ieefeb8521a0e1130f39d09b5c0d2728f05084773
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
In order to configure and boot SCP, BL31 has to compute and send
the SHA-256 of the firmware data via scpi. Luckily Amlogic GXL SOC
has a DMA facility that could be used to offload SHA-256
computations. This adds basic support of this hardware SHA-256
engine.
Signed-off-by: Remi Pommarel <repk@triplefau.lt>
Improved support for W=1 compilation flag by solving missing-prototypes
and old-style-definition warnings.
The libraries are compiling with warnings (which turn into errors with
the Werror flag).
Outside of libraries, some warnings cannot be fixed without heavy
structural changes.
Change-Id: I1668cf99123ac4195c2a6a1d48945f7a64c67f16
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
MHU doorbell driver requires arm platform specific
macro "PLAT_CSS_MHU_BASE".
Rename it to "PLAT_MHUV2_BASE", so that platforms other than arm
can use generic MHU doorbell driver.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
This TODO was added five years ago so I assume that there is not
going to be a shutdown API added after all.
Change-Id: If0f4e2066454df773bd9bf41ed65d3a10248a2d3
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
There are some issues with synopsys MMC driver:
- CMD8 should not expect data (for SD)
- ACMD51 should expect data (Send SCR for SD)
- dw_prepare should not dictate size to be MMC_BLOCK_SIZE, block size is
now handled in the dw_prepare function
- after the CMD completes, when doing dw_read, we need to invalidate cache
and wait for the data transfer to complete
- Need to set FIFO threshold, otherwise DMA might never get the interrupt
to read or write
Signed-off-by: Tien Hock, Loh <tien.hock.loh@intel.com>
Some bugs in MMC stack needs to be fixed:
- scr cannot be local as this will cause cache issue when invalidating
after the read DMA transfer is completed
- ACMD41 needs to send voltage information in initialization, otherwise the
command is a query, thus will not initialize the controller
- when checking device state, retry until the retries counter goes to zero
before failing
Signed-off-by: Tien Hock, Loh <tien.hock.loh@intel.com>
This commit improves the SDHost driver for RPi3 as following:
* Unblock MMC_CMD(17). Using MMC_CMD(17) is more efficient on
block reading.
* In some low probability that SEND_OP_COND might results CRC7
error. We can consider that the command runs correctly. We don't
need to retry this command so removing the code for retry.
* Using MMC_BUS_WIDTH_1 as MMC default value to improve the stability.
* Increase the clock to 50Mhz in data mode to speed up the io.
* Change the pull resistors configuration to gain more stability.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
STM32MP1 chip embeds a dual Cortex-A7 and a Cortex-M4.
The support for Cortex-M4 clocks is added when configuring the clock tree.
Some minimal security features to allow communications between A7 and M4
are also added.
Change-Id: I60417e244a476f60a2758f4969700b2684056665
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Remove useless private structure in function prototypes.
Add a reference counter on clocks.
Prepare for future secured/shared/non-secured clocks.
Change-Id: I3dbed81721da5ceff5e10b2c4155b1e340c036ee
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Nicolas LE BAYON <nicolas.le.bayon@st.com>
This change makes the platform to panic in case of peripheral reset
resource malfunction.
Change-Id: I17eb9cb045b78a4e5142a8c33b744e84992d732a
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Nicolas LE BAYON <nicolas.le.bayon@st.com>
Create a new file stm32mp_clkfunc.c to put functions that could be common
between several platforms.
Change-Id: Ica915c796b162b2345056b33328acc05035a242c
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Regulator configuration at boot takes more information from DT.
I2C configuration from DT is done in I2C driver.
I2C driver manages more transfer modes.
The min voltage of buck1 should also be increased to 1.2V,
else the platform does not boot.
Heavily modifies stm32_i2c.c since many functions move inside the source
file to remove redundant declarations.
Change-Id: I0bee5d776cf3ff15e687427cd6abc06ab237d025
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Nicolas LE BAYON <nicolas.le.bayon@st.com>
Remove the previously use function: get_timer, and use new functions
timeout_init_us and timeout_elapsed.
Change-Id: I4e95b123648bff7ca91e40462a2a3ae24cfe1697
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Nicolas LE BAYON <nicolas.le.bayon@st.com>
Mainly remove suffix 1 from prefix stm32mp1 in several macros and functions
that can be used in drivers shared by different platforms.
Change-Id: I2295c44f5b1edac7e80a93c0e8dfd671b36e88e7
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
This commit adds SDHost driver for RaspberryPi3. SDHost driver uses the
GPIO driver to connect the SDCard and SDHost. By using this driver it is
able to read/write raw blocks on SDCard.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
This commit adds GPIO driver for RaspberryPi3. The GPIO driver for RPi3
also provides the way to do pinmux selections.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Valid addresses for GICR base are always a set calculable distance from
the GICD and is based on the number of cores a given instance of GICv3 IP
can support. The formula for the number of address bits is given by the
ARM GIC-500 TRM section 3.2 as 2^(18+log2(cores)) with the MSB set to
one for GICR instances. Holes in the GIC address space are also
guaranteed to safely return 0 on reads. This allows us to support runtime
detection of the GICR base address by starting from GIC base address plus
BIT(18) and walking until the GICR ID register (IIDR) is detected. We
stop searching after BIT(20) to prevent searching out into space if
something goes wrong. This can be extended out if we ever have a device
with 16 or more cores.
Signed-off-by: Andrew F. Davis <afd@ti.com>
The BSEC (Boot and Security and OTP control) is intended to control an OTP
(one time programmable) fuse box, used for on-chip non-volatile storage
for device configuration and security parameters.
Change-Id: I38c44684c7b9c6a1f24ec0ae3fe99cec481d5a51
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Mathieu Belou <mathieu.belou@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Change fdt_check_status function to fdt_get_status.
Update GPIO defines.
Move some functions in gpio driver, instead of dt helper file.
Add GPIO bank helper functions.
Use only one status field in dt_node_info structure including both status
and secure status.
Change-Id: I34f93408dd4aac16ae722f564bc3f7d6ae978cf4
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Reword some traces.
Use uintptr_t where required.
Reduce scope of variables.
Improve io_stm32image algo.
Complete some IP registers definitions.
Add failure on supported DDR (stm32mp1_ddr_init()).
Fix cache flush on cache disable (stm32mp1_ddr_setup).
Change-Id: Ie02fa71e02b9d69abc807fd5b7df233e5be6668c
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Change-Id: I4a1b281925e0a3a1e2a34b3e363537e4a7f13823
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
The drivers are also updated to reflect the changes.
Set RCC as non-secure.
Change-Id: I568fa1f418355830ad1d4d1cdcdb910fb362231b
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This is the correct name of the IP.
Rename stm32mp1_pmic files to stm32mp_pmic.
Change-Id: I238a7d1f9a1d099daf7788dc9ebbd3146ba2f15f
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Instead, only platform_def.h is included.
The required files to be included are added in stm32mp1_def.h.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Enforce full include path for includes. Deprecate old paths.
The following folders inside include/lib have been left unchanged:
- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}
The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).
For example, this patch had to be created because two headers were
called the same way: e0ea0928d5 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3a2 ("drivers: add tzc380 support").
This problem was introduced in commit 4ecca33988 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.
Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.
Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The GIC lowest priority values for each world depends on the number of
priority values implemented in hardware. These constants currently
defined in gic_common.h only meant to enumerate lowest possible
architectural values. Since these values are not used in generic code or
upstream platforms, and that general use of these constants can be
wrong, remove these. Platforms should either define and use these as
appropriate, or determine correct values at run time.
Change-Id: I3805cea8ceb8a592b9eff681ea1b63b7496cec5f
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
console_unregister() has always returned a pointer to the console that
was removed on success, not just an integer. Fix the C prototype to
match the assembly implementation.
Change-Id: Iafc43de0767a5c87c9ae5c3aba53761dd28d51e6
Signed-off-by: Julius Werner <jwerner@chromium.org>
- Update CPU frequency on AP807 to 2GHz for SAR 0x0.
- Increase AVS to 0.88V for 2GHz clock
Change-Id: Ic945b682ab2f8543e34294bfc56c3eae2c5e0c8e
Signed-off-by: Christine Gharzuzi <chrisg@marvell.com>
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
ARM CoreLink DMC-620 Dynamic Memory Controller includes a TZC controller
to setup secure or non-secure regions of DRAM memory. The TZC controller
allows to setup upto eight such regions of memory in DRAM. This driver
provides helper functions to setup the TZC controller within DMC-620.
Change-Id: Iee7692417c2080052bdb7b1c2873a024bc5d1d10
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Migrate Marvell platforms from legacy console API to
multi-console API.
Change-Id: I647f5f49148b463a257a747af05b5f0c967f267c
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
These issues wer found by sparse:
drivers/st/clk/stm32mp1_clk.c:1524:19:
warning: incorrect type in assignment (different base types)
expected restricted fdt32_t const [usertype] *pkcs_cell
got unsigned int const [usertype] *
plat/st/stm32mp1/plat_image_load.c:13:6:
warning: symbol 'plat_flush_next_bl_params' was not declared.
Should it be static?
plat/st/stm32mp1/plat_image_load.c:21:16:
warning: symbol 'plat_get_bl_image_load_info' was not declared.
Should it be static?
plat/st/stm32mp1/plat_image_load.c:29:13:
warning: symbol 'plat_get_next_bl_params' was not declared.
Should it be static?
plat/st/stm32mp1/bl2_io_storage.c:40:10:
warning: symbol 'block_buffer' was not declared. Should it be static?
Signed-off-by: Yann Gautier <yann.gautier@st.com>
All identifiers, regardless of use, that start with two underscores are
reserved. This means they can't be used in header guards.
The style that this project is now to use the full name of the file in
capital letters followed by 'H'. For example, for a file called
"uart_example.h", the header guard is UART_EXAMPLE_H.
The exceptions are files that are imported from other projects:
- CryptoCell driver
- dt-bindings folders
- zlib headers
Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
It has only been tested with a system clock of 24 MHz.
It has only been implemented for the multi console API.
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The definitions FAIL_CONTROL_*_SHIFT were incorrect, they have been
fixed.
The types tzc_region_attributes_t and tzc_action_t have been removed and
replaced by unsigned int because it is not allowed to do logical
operations on enums.
Also, fix some address definitions in arm_def.h.
Change-Id: Id37941d76883f9fe5045a5f0a4224c133c504d8b
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The "Reduced Serial Bus" is an Allwinner specific bus, bearing many
similarities with I2C. It sports a much higher bus frequency, though,
(typically 3 MHz) and requires much less handholding for the typical
task of manipulating slave registers (fire-and-forget).
On most A64 boards this bus is used to connect the PMIC to the SoC.
This driver provides basic primitives to read and write slave registers,
it will be later used by the PMIC code.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Whereas the GPT table is read with io_block, the binaries to be loaded
(e.g. BL33) cannot use it, as it is not suitable to read them block by
block, or the boot time would be very bad.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This IO is required to read binaries with STM32 header.
This header is added with the stm32image tool.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
To boot on eMMC or SD-cards, STM32MP1 platform needs:
- GPT_IMAGE_ID to read GPT table on those devices
- STM32_IMAGE_ID and IO_TYPE_STM32IMAGE to read images with STM32 header
- IO_TYPE_MMC to have a IO for MMC devices
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This driver is for the STMicroelectronics sdmmc2 IP
which is in STM32MP1 SoC.
It uses the MMC framework, and can address either eMMC or SD-card.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This way it can be reused by other platforms if needed.
Note that this driver is designed to work with the Versatile Express NOR
flash of Juno and FVP. In said platforms, the memory is organized as an
interleaved memory of two chips with a 16 bit word.
Any platform that wishes to reuse it with a different configuration will
need to modify the driver so that it is more generic.
Change-Id: Ic721758425864e0cf42b7b9b04bf0d9513b6022e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Respect official response type and update response to follow
official specification.
All the MMC_RESPONSE_R(_x) are replaced with each corresponding define.
Partly revert 2a82a9c95f for dw_mmc.c:
Responses R1, R1B and R5 have CRC.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The Marvell A8K SoCs use the MI2CV IP core from Mentor Graphics, which
is also used by Allwinner.
As Mentor Graphics allows a lot of customization, the MI2CV in the two
SoC families are not compatible, and driver modifications are needed.
Extract the common code to a MI2CV driver.
Signed-off-by: Icenowy Zheng <icenowy@aosc.io>