Currently, BLs are mapping the GIC memory region as read-write
for all cores on boot-up.
This opens up the security hole where the active core can write
the GICR frame of fused/inactive core. To avoid this issue, disable
the GICR frame of all inactive cores as below:
1. After primary CPU boots up, map GICR region of all cores as
read-only.
2. After primary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
3. After secondary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
4. All unused/fused core's redistributor regions remain read-only and
write attempt to such protected regions results in an exception.
As mentioned above, this patch offers only the GICR memory-mapped
region protection considering there is no facility at the GIC IP
level to avoid writing the redistributor area.
These changes are currently done in BL31 of Arm FVP and guarded under
the flag 'FVP_GICR_REGION_PROTECTION'.
As of now, this patch is tested manually as below:
1. Disable the FVP cores (core 1, 2, 3) with core 0 as an active core.
2. Verify data abort triggered by manually updating the ‘GICR_CTLR’
register of core 1’s(fused) redistributor from core 0(active).
Change-Id: I86c99c7b41bae137b2011cf2ac17fad0a26e776d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
GIC memory region is not getting used in BL1 and BL2.
Hence avoid its mapping in BL1 and BL2 that freed some
page table entries to map other memory regions in the
future.
Retains mapping of CCN interconnect region in BL1 and BL2
overlapped with the GIC memory region.
Change-Id: I880dd0690f94b140e59e4ff0c0d436961b9cb0a7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This patch removes the Neoverse N1 CPU errata workaround for
bug 1542419 as the bug is not present in Rainier R0P0 core.
Change-Id: Icaca299b13ef830b2ee5129576aae655a6288e69
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Increase the core count and add respective entries in DTS.
Add Klein assembly file to cpu sources for core initialization.
Add SCMI entries for cores.
Signed-off-by: Avinash Mehta <avinash.mehta@arm.com>
Change-Id: I14dc1d87df6dcc8d560ade833ce1f92507054747
When building TF-A with USE_ROMLIB=1 and -j make options, the build fails with the following error:
make[1]: *** No rule to make target '/build/juno/debug/romlib/romlib.bin', needed by 'bl1_romlib.bin'.
This patch fixes that issue.
Signed-off-by: Zelalem <zelalem.aweke@arm.com>
Change-Id: I0cca416f3f50f400759164e0735c2d6b520ebf84
* changes:
docs: marvell: Update info about WTMI_IMG option
plat: marvell: armada: a3k: Remove unused variable WTMI_SYSINIT_IMG from Makefile
plat: marvell: armada: Show informative build messages and blank lines
plat: marvell: armada: Move definition of mrvl_flash target to common marvell_common.mk file
plat: marvell: armada: a3k: Use $(Q) instead of @
plat: marvell: armada: a3k: Add a new target mrvl_uart which builds UART image
plat: marvell: armada: a3k: Build UART image files directly in $(BUILD_UART) subdirectory
plat: marvell: armada: a3k: Build intermediate files in $(BUILD_PLAT) directory
plat: marvell: armada: a3k: Correctly set DDR_TOPOLOGY and CLOCKSPRESET for WTMI
plat: marvell: armada: a3k: Allow use of the system Crypto++ library
docs: marvell: Update info about WTP and MV_DDR_PATH parameters
plat: marvell: armada: a3k: Add checks that WTP, MV_DDR_PATH and CRYPTOPP_PATH are correctly defined
docs: marvell: Update mv-ddr-marvell and A3700-utils-marvell branches
* changes:
allwinner: Leave CPU power alone during BL31 setup
allwinner: psci: Invert check in .validate_ns_entrypoint
allwinner: psci: Drop MPIDR check from .pwr_domain_on
allwinner: psci: Drop .get_node_hw_state callback
AMU counters are used for monitoring the CPU performance. RD-N2 platform
has architected AMU available for each core. Enable the use of AMU by
non-secure OS for supporting the use of counters for processor
performance control (ACPI CPPC).
Change-Id: I5cc749cf63c18fc5c7563dd754c2f42990a97e23
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
AMU counters are used for monitoring the CPU performance. RD-V1 platform
has architected AMU available for each core. Enable the use of AMU by
non-secure OS for supporting the use of counters for processor
performance control (ACPI CPPC).
Change-Id: I4003d21407953f65b3ce99eaa8f496d6052546e0
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
Some of the PSCI platform callbacks were restricted on RD-V1 platform
because the idle was not functional. Now that it is functional, remove
all the restrictions on the use PSCI platform callbacks.
Change-Id: I4cb97cb54de7ee166c30f28df8fea653b6b425c7
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
It does not have to be supported by the current shell used in Makefile.
Replace it by a simple echo with implicit newline.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I97fe44986ac36d3079d5258c67f0c9184537e7f0
This change separates building of flash and UART images, so it is possible
to build only one of these images. Also this change allows make to build
them in parallel.
Target mrvl_flash now builds only flash image and mrvl_uart only UART
image. This change reflects it also in the documentation.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Ie9ce4538d52188dd26d99dfeeb5ad171a5b818f3
This removes need to move files and also allows to build uart and flash
images in parallel.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I13bea547d7849615e1c1e11d333c8c99e568d3f6
Currently a3700_common.mk makefile builds intermediate files in TF-A top
level directory and also outside of the TF-A tree. This change fixes this
issue and builds all intermediate files in $(BUILD_PLAT) directory.
Part of this change is also removal of 'rm' and 'mv' commands as there is
no need to remove or move intermediate files from outside of the TF-A build
tree.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I72e3a3024bd3fdba1b991a220184d750029491e9
When building WTMI image we need to correctly set DDR_TOPOLOGY and
CLOCKSPRESET variables which WTMI build system expect. Otherwise it use
default values.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Ib83002194c8a6c64a2014899ac049bd319e1652f
This change introduces two new A3720 parameters, CRYPTOPP_LIBDIR and
CRYPTOPP_INCDIR, which can be used to specify directory paths to
pre-compiled Crypto++ library and header files.
When both new parameters are specified then the source code of Crypto++ via
CRYPTOPP_PATH parameter is not needed. And therefore it allows TF-A build
process to use system Crypto++ library.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I6d440f86153373b11b8d098bb68eb7325e86b20b
These variables must contain a path to a valid directory (not a file) which
really exists. Also WTP and MV_DDR_PATH must point to either a valid Marvell
release tarball or git repository.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I1ad80c41092cf3ea6a625426df62b7d9d6f37815
Disabling secondary CPUs during boot is unnecessary because the other
CPUs are already in reset, and it saves an entirely insignificant amount
of power. Let's remove this bit of code that was added mostly "because
we can", and along with it remove an unconditional dependency on the CPU
ops functions.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: Ia77a1b722da6ba989c3992b656a6cde3f2238fd7
Checking the exceptional case and letting the success case fall through
is not only more idiomatic, but it also allows adding more exceptional
cases in the future, such as a check for overlapping secure DRAM.
Change-Id: I720441a6a8853fd7f211ebe851f14d921a6db03d
Signed-off-by: Samuel Holland <samuel@sholland.org>
This duplicated the logic in psci_validate_mpidr() which was already
called from psci_cpu_on().
Change-Id: I96ee92f1ce3e9cc2985b4e229ba86ebd27b79915
Signed-off-by: Samuel Holland <samuel@sholland.org>
This optional PSCI function was only implemented when SCPI was
available. However, the underlying SCPI function is not able to fulfill
the necessary contract. First, the SCPI protocol has no way to represent
HW_STANDBY at the CPU power level. Second, the SCPI implementation
maintains its own logical view of power states, and its implementation
of SCPI_CMD_GET_CSS_POWER_STATE does not actually query the hardware.
Thus it cannot provide "the physical view of power state", as required
for this function by the PSCI specification.
Since the function is optional, drop it.
Change-Id: I5f3a0810ac19ddeb3c0c5d35aeb09f09a0b80c1d
Signed-off-by: Samuel Holland <samuel@sholland.org>
The base address of UART peripheral should be given in R0, not in R1.
Otherwise the console_stm32_core_flush issues an assert message.
This issue was highlighted with recent changes in console flush functions.
Change-Id: Iead01986fdbbf30ad2fd9fa515a1d2b611b4e591
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The issue is that, when interrupt is triggered and RAS handler
is entered, after interrupt handler finishes, TF-A will re-enter
bl32 and then crash.
sdei_dispatch_event() may return failing result in some cases,
for example kernel may not have registered a handler or RAS event
may happen early during boot. We restore the NS context when
sdei_dispatch_event() returns failing result.
error log :
Received delegated event
X0 : 0xC4000061
X1 : 0x0
X2 : 0x0
X3 : 0x0
Received event - 0xC4000061 on cpu 0
UnRecognized Event - 0xC4000061
Failed delegated event 0xC4000061, Status Invalid Parameter
Unhandled Exception in EL3.
x30 = 0x000000000401f700
x0 = 0xfffffffffffffffe
x1 = 0xfffffffffffffffe
x2 = 0x00000000600003c0
Signed-off-by: Ming Huang <huangming@linux.alibaba.com>
Change-Id: I9802e9a32eee0ac3b5a8bcc0362d0b0e3b71dc9f
Turn ON/OFF GIC redistributor in sync with GIC CPU interface ON/OFF.
Issue :
The Linux prompt hangs when all the cores in a cluster are turned OFF
and we try to turn ON a core in that cluster. Previously when TF-A turns
ON a core, TF-A first turns ON the redistributor followed by the core.
This did not match the flow when turning OFF a core, as TF-A did not
turn OFF redistributor when the corresponding core[s] are disabled.
This hang is resolved by disabling redistributor as cores are disabled,
keeping them in sync.
Signed-off-by: Jagadeesh Ujja <jagadeesh.ujja@arm.com>
Change-Id: Ifd04fdcfd47b45e00f874f15b098471883d023f0
Some switch cases uses same operation. So, club switch cases
which uses same operation and remove duplicate code.
Signed-off-by: Rajan Vaja <rajan.vaja@xilinx.com>
Change-Id: I260b474c0ff3f2ca102c32d4af2e4abba2b8f57c
This allows PSCI in TF-A to signal platform power states to QEMU
via a controller in secure space.
This required a sbsa-ref specific version of PSCI functions for the
platform. Also adjusted the MMU range to also include the new EC.
Add a new MMU region for the embedded controller and increase the
size of xlat tables by one for the new region.
Signed-off-by: Graeme Gregory <graeme@nuviainc.com>
Change-Id: Iece8a88947f11e82ab8988e460a8a66ad175a5ee
sbsa-ref in QEMU creates clusers of 8 cores, it may create up to 512
cores in upto 64 clusters. Implement a qemu_sbsa specific topology file
and increase the BL31_SIZE to accommodate the bigger table sizes. Change
platform_def.h for new topology. Correct PLATFORM_CPU_PER_CLUSTER_SHIFT so
plat_helpers.S calculates correct result.
Signed-off-by: Graeme Gregory <graeme@nuviainc.com>
Change-Id: Idc5d70394c0956b759ad2c86f9fda8f293f2cfa7
DEVICE2 is not currently used on qemu platform but is needed for
a future patch for qemu_sbsa platform. Change its definition to
RW and add it to all levels of arm-tf similar to DEVICE1 definition.
Signed-off-by: Graeme Gregory <graeme@nuviainc.com>
Change-Id: I03495471bfd423b61ad44ec4953fb25f76aa54bf
Rather than re-create this file in multiple qemu variants instead
caclulate the shift needed to convert MPIDR to position.
Add a new PLATFORM_CPU_PER_CLUSTER_SHIFT define in platform_def.h
for both qemu and qemu_sbsa to enable this calculation.
Signed-off-by: Graeme Gregory <graeme@nuviainc.com>
Change-Id: I0e3a86354aa716d95150a3a34b15287cd70c8fd2
When getting a stack protector canary value, check
if cpu supports FEAT_RNG and use that. Fallback to
old method of using a (hardcoded value ^ timer).
Signed-off-by: Tomas Pilar <tomas@nuviainc.com>
Change-Id: I8181acf8e31661d4cc82bc3a4078f8751909e725
Add DT node support for channel 0 where physical memory is split
between 32bit space and 64bit space.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: I99a18dbb14cdb54100a836c16445242e430794e3
The HiHope RZ/G2M board from HopeRun consists of main board
(HopeRun HiHope RZ/G2M main board) and sub board(HopeRun
HiHope RZ/G2M sub board). The HiHope RZ/G2M sub board sits
below the HiHope RZ/G2M main board.
This patch adds the required board support to boot HopeRun HiHope
RZ/G2M board.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: I3ed55aa4a2cc5c9d9cd6440e087bcd93186520c7
Include header ulcb_cpld.h in plat_pm.c only if RCAR_GEN3_ULCB
is enabled.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: Ie89223097c608265c50e32778e8df28feed82480
Move rcar plat code to common directory, so that the same
code can be re-used by both R-Car Gen3 and RZ/G2 platforms.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Change-Id: I1001bea1a8a9232a03ddbf6931ca3c764ba1e181
Manish V Badarkhe
Manoj Kumar
Lauren Wehrmeister
Manish Pandey
Avinash Mehta
Zelalem
André Przywara
Pranav Madhu
Pali Rohár
Madhukar Pappireddy
Sandrine Bailleux
Samuel Holland
Yann Gautier
Ming Huang
Jagadeesh Ujja
Rajan Vaja
Peng Fan
Graeme Gregory
Tomas Pilar
Biju Das