TRP is a small test payload that implements Realm Monitor
Management (RMM) functionalities. RMM runs in the Realm world
(R-EL2) and manages the execution of Realm VMs and their
interaction with the hypervisor in Normal world.
TRP is used to test the interface between RMM and Normal world
software, known as Realm Management Interface (RMI). Current
functions includes returning RMM version and transitioning
granules from Non-secure to Realm world and vice versa.
More information about RMM can be found at:
https://developer.arm.com/documentation/den0125/latest
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Ic7b9a1e1f3142ef6458d40150d0b4ba6bd723ea2
The latest FVP model fix which correctly checks if IRQs
are enabled in current exception level, is causing TFTF
tests to hang.
This patch adds setting SCR_EL3.I and SCR_EL3.F bits in
'fvp_cpu_standby()' function to allow CPU to exit from WFI.
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Change-Id: Iceec1e9dbd805803d370ecdb10e04ad135d6b3aa
This patch adds the basic CPU library code to support the Hayes CPU
in TF-A. This CPU is based on the Klein core so that library code
has been adapted for use here.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: If0e0070cfa77fee8f6eebfee13d3c4f209ad84fc
Update UUID to little endian:
The SPMC expects a little endian representation of the UUID as an array
of four integers in the SP manifest.
Add managed exit field and cosmetic comments updates.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Icad93ca70bc27bc9d83b8cf888fe5f8839cb1288
* changes:
feat(plat/fvp): enable trace extension features by default
feat(trf): enable trace filter control register access from lower NS EL
feat(trf): initialize trap settings of trace filter control registers access
feat(sys_reg_trace): enable trace system registers access from lower NS ELs
feat(sys_reg_trace): initialize trap settings of trace system registers access
feat(trbe): enable access to trace buffer control registers from lower NS EL
feat(trbe): initialize trap settings of trace buffer control registers access
Currently the list of SP UUIDs loaded by BL2 is hardcoded in the DT.
This is a problem when building a system with other SPs (e.g. from
Trusted Services). This commit implements a workaround to enable adding
SP UUIDs to the list at build time.
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Change-Id: Iff85d3778596d23d777dec458f131bd7a8647031
This patch adds the basic CPU library code to support the Demeter
CPU. This CPU is based on the Makalu-ELP core so that CPU lib code
was adapted to create this patch.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ib5740b748008a72788c557f0654d8d5e9ec0bb7f
Bump the required FF-A version in framework and manifests to v1.1 as
upstream feature development goes.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I89b2bd3828a13fc4344ccd53bc3ac9c0c22ab29f
These files are needed during boot, but they were missing
for semihosting.
With this patch, the list of files is complete enough to
boot on ATF platform via semihosting.
Change-Id: I2f0ca25983a6e18096f040780776f19f8040ea79
Signed-off-by: stsp@users.sourceforge.net
Align documentation with changes of messaging method for partition
manifest:
- Bit[0]: support for receiving direct message requests
- Bit[1]: support for sending direct messages
- Bit[2]: support for indirect messaging
- Bit[3]: support for managed exit
Change the optee_sp_manifest to align with the new messaging method
description.
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>
Change-Id: I333e82c546c03698c95f0c77293018f8dca5ba9c
In the FVP platform, BL1 uses flash only for read purpose
hence marked this flash region as read-only.
Change-Id: I3b57130fd4f3b4df522ac075f66e9799f237ebb7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Erasing the FIP TOC header present in a flash is replaced by updating NV
flags with an error code on image load/authentication failure.
BL1 component uses these NV flags to detect whether a firmware update is
needed or not.
These NV flags get cleared once the firmware update gets completed.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I6232a0db07c89b2373b7b9d28acd37df6203d914
The partition layout description JSON file generated by TF-A tests
declares a fourth test partition called Ivy demonstrating the
implementation of a S-EL0 partition supported by a S-EL1 shim.
Change-Id: If8562acfc045d6496dfdb3df0524b3a069357f8e
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
We don't ever expect to load a binary with an STM32 header on the Arm
FVP platform so remove this type of image from the list of
measurements.
Also remove the GPT image type from the list, as it does not get
measured. GPT is a container, just like FIP is. We don't measure the FIP
but rather the images inside it. It would seem logical to treat GPT the
same way.
Besides, only images that get loaded through load_auth_image() get
measured right now. GPT processing happens before that and is handled in
a different way (see partition_init()).
Change-Id: Iac4de75380ed625b228e69ee4564cf9e67e19336
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
For Arm platforms PIE is enabled when RESET_TO_BL31=1 in aarch64 mode on
the similar lines enable PIE when RESET_TO_SP_MIN=1 in aarch32 mode.
The underlying changes for enabling PIE in aarch32 is submitted in
commit 4324a14bf
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib8bb860198b3f97cdc91005503a3184d63e15469
* changes:
refactor(plat/nvidia): use SOC_ID defines
refactor(plat/mediatek): use SOC_ID defines
refactor(plat/arm): use SOC_ID defines
feat(plat/st): implement platform functions for SMCCC_ARCH_SOC_ID
refactor(plat/st): export functions to get SoC information
feat(smccc): add bit definition for SMCCC_ARCH_SOC_ID
Fix a remainder from early prototyping. OP-TEE as a secure partition
does not need specific SMC function id pass through to EL3.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I2843d1b9a5eb4c966f82790e1655fb569c2de7d4
The UUID strings used in FW_CONFIG DT are not aligned with UUIDs defined
in include/tools_share/firmware_image_package.h for BL32_EXTRA1 and
TRUSTED_KEY_CERT.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I517f8f9311585931f2cb931e0588414da449b694
This patch renames the Matterhorn, Matterhorn ELP, and Klein CPUs to
Cortex A710, Cortex X2, and Cortex A510 respectively.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I056d3114210db71c2840a24562b51caf2546e195
Use the macros that are now defined in include/lib/smccc.h.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I688a76277b729672835d51fafb68d1d6205b6ae4
Added GPT parser support in BL2 for Arm platforms to get the entry
address and length of the FIP in the GPT image.
Also, increased BL2 maximum size for FVP platform to successfully
compile ROM-enabled build with this change.
Verified this change using a patch:
https://review.trustedfirmware.org/c/ci/tf-a-ci-scripts/+/9654
Change-Id: Ie8026db054966653b739a82d9ba106d283f534d0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
NOTE: Breaking change to the way UUIDs are stored in the DT
Currently, UUIDs are stored in the device tree as
sequences of 4 integers. There is a mismatch in endianness
between the way UUIDs are represented in memory and the way
they are parsed from the device tree. As a result, we must either
store the UUIDs in little-endian format in the DT (which means
that they do not match up with their string representations)
or perform endianness conversion after parsing them.
Currently, TF-A chooses the second option, with unwieldy
endianness-conversion taking place after reading a UUID.
To fix this problem, and to make it convenient to copy and
paste UUIDs from other tools, change to store UUIDs in string
format, using a new wrapper function to parse them from the
device tree.
Change-Id: I38bd63c907be14e412f03ef0aab9dcabfba0eaa0
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Replaced PLAT_ARM_FIP_BASE and PLAT_ARM_FIP_MAX_SIZE macro with a
generic name PLAT_ARM_FLASH_IMAGE_BASE and PLAT_ARM_FLASH_IMAGE_MAX_SIZE
so that these macros can be reused in the subsequent GPT based support
changes.
Change-Id: I88fdbd53e1966578af4f1e8e9d5fef42c27b1173
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This will help in keeping source file generic and conditional
compilation can be contained in platform provided dt files.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I3c6e0a429073f0afb412b9ba521ce43f880b57fe
ELP processors can sometimes have different MIDR values or features so
we are adding the "_arm" suffix to differentiate the reference
implementation from other future versions.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ieea444288587c7c18a397d279ee4b22b7ad79e20
NT_FW_CONFIG file is meant to be passed from BL31 to be consumed by
BL33, fvp platforms use this to pass measured boot configuration and
the x0 register is used to pass the base address of it.
In case of hafnium used as hypervisor in normal world, hypervisor
manifest is expected to be passed from BL31 and its base address is
passed in x0 register.
As only one of NT_FW_CONFIG or hypervisor manifest base address can be
passed in x0 register and also measured boot is not required for SPM so
disable passing NT_FW_CONFIG.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ifad9d3658f55ba7d70f468a88997d5272339e53e
The FF-A v1.0 spec allows two configurations for the number of EC/vCPU
instantiated in a Secure Partition:
-A MultiProcessor (MP) SP instantiates as many ECs as the number of PEs.
An EC is pinned to a corresponding physical CPU.
-An UniProcessor (UP) SP instantiates a single EC. The EC is migrated to
the physical CPU from which the FF-A call is originating.
This change permits exercising the latter case within the TF-A-tests
framework.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I7fae0e7b873f349b34e57de5cea496210123aea0
Currently, BLs are mapping the GIC memory region as read-write
for all cores on boot-up.
This opens up the security hole where the active core can write
the GICR frame of fused/inactive core. To avoid this issue, disable
the GICR frame of all inactive cores as below:
1. After primary CPU boots up, map GICR region of all cores as
read-only.
2. After primary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
3. After secondary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
4. All unused/fused core's redistributor regions remain read-only and
write attempt to such protected regions results in an exception.
As mentioned above, this patch offers only the GICR memory-mapped
region protection considering there is no facility at the GIC IP
level to avoid writing the redistributor area.
These changes are currently done in BL31 of Arm FVP and guarded under
the flag 'FVP_GICR_REGION_PROTECTION'.
As of now, this patch is tested manually as below:
1. Disable the FVP cores (core 1, 2, 3) with core 0 as an active core.
2. Verify data abort triggered by manually updating the ‘GICR_CTLR’
register of core 1’s(fused) redistributor from core 0(active).
Change-Id: I86c99c7b41bae137b2011cf2ac17fad0a26e776d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
GIC memory region is not getting used in BL1 and BL2.
Hence avoid its mapping in BL1 and BL2 that freed some
page table entries to map other memory regions in the
future.
Retains mapping of CCN interconnect region in BL1 and BL2
overlapped with the GIC memory region.
Change-Id: I880dd0690f94b140e59e4ff0c0d436961b9cb0a7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
The primary VM concept is removed from the SPMC.
Update the SPMC manifests with number of Execution Contexts
and SP workspace size for the first Secure Partition (as it
is done for NWd secondary VMs and other SPs).
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I3b9c52666f7dfe74ab1f7d2148ad0070ee44b54e
The chosen node is no longer required as the SPMC implements
a specific boot flow which no longer requires this node.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ib566b602a7f83003a1b2d0ba5f6ebf4d8b7a9156
The PVM concept is removed from the SPMC so the device-memory
node which is specifying the device memory range for the PVM
is no longer applicable.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: If0cb956e0197028b24ecb78952c66ec454904516
Enable basic support for Neoverse-N2 CPUs.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I498adc2d9fc61ac6e1af8ece131039410872e8ad
For the first partition, mark first 2GB as device memory excluding
the Trusted DRAM region reserved for the SPMC.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I3ff110b3facf5b6d41ac2519ff6ca5e30a0a502b
To support platforms without Trusted DRAM this patch defines
PLAT_ARM_SPMC_BASE and enables platform to use either Trusted DRAM or
DRAM region behind TZC.
Change-Id: Icaa5c7d33334258ff27e8e0bfd0812c304e68ae4
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
And from crash_console_flush.
We ignore the error information return by console_flush in _every_
place where we call it, and casting the return type to void does not
work around the MISRA violation that this causes. Instead, we collect
the error information from the driver (to avoid changing that API), and
don't return it to the caller.
Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
According to [1] and in context of FF-A v1.0 a secure partition must
have either one EC (migratable UP) or a number of ECs equal to the
number of PEs (pinned MP). Adjust the SPMC manifest such that the
number of ECs is equal to the number of PEs.
[1] https://trustedfirmware-a.readthedocs.io/en/latest/components/
secure-partition-manager.html#platform-topology
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ie8c7d96ae7107cb27f5b97882d8f476c18e026d4
Increased BL2 maximum size when CoT descriptors are placed
in device tree.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I6466d2841e189e7f15eb4f1a8db070542893cb5b
UUID's in the device tree files were stored in little endian. So
to keep all entries in these files RFC 4122 compliant, store them in
big endian then convert it to little endian when they are read so they
can be used in the UUID data structure.
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: I5674159b82b245104381df10a4e3291160d9b3b5
This patch adds dependencies to the generated configuration
files that are included in the FIP. This fixes occasional
build errors that occur when the FIP happens to be built first.
Change-Id: I5a2bf724ba3aee13954403b141f2f19b4fd51d1b
Signed-off-by: Anders Dellien <anders.dellien@arm.com>
Using the Fconf, register base address of the various nv-counters
(currently, trusted, non-trusted nv-counters) are moved to the
device tree and retrieved during run-time. This feature is
enabled using the build option COT_DESC_IN_DTB.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I236f532e63cea63b179f60892cb406fc05cd5830
Add information about the third partition so it can be loaded into SPM
when running the tests
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: I5544e88df391ef294ddf6b5750d468d3e74892b1
Implemented platform functions to retrieve the soc-id information
for FVP platform.
Change-Id: Id3df02ab290a210310e8d34ec9d706a59d817517
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
SP804 TIMER is not platform specific, and current code base adds
multiple defines to use this driver. Like FVP_USE_SP804_TIMER and
FVP_VE_USE_SP804_TIMER.
This patch removes platform specific build flag and adds generic
flag `USE_SP804_TIMER` to be set to 1 by platform if needed.
Change-Id: I5ab792c189885fd1b98ddd187f3a38ebdd0baba2
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
* changes:
SPM: Add owner field to cactus secure partitions
SPM: Alter sp_gen.mk entry depending on owner of partition
plat/arm: enable support for Plat owned SPs
For supporting dualroot CoT for Secure Partitions a new optional field
"owner" is introduced which will be used to sign the SP with
corresponding signing domain. To demonstrate its usage, this patch adds
owners to cactus Secure Partitions.
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: I7b760580355fc92edf5402cecc38c38125dc1cae
This resolves MISRA defects such as:
plat/common/plat_bl1_common.c:63:[MISRA C-2012 Rule 14.4 (required)]
The condition expression "1" does not have an essentially boolean type.
Change-Id: I679411980ad661191fbc834a44a5eca5494fd0e2
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Following merge of patchset [1] the spm_mm_boot_info_t structure is
included in few platform files unconditionally even when SPM_MM option
is disabled.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/2647
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I68bc034c9348b5d9bcfd2e5217b781df5ad1b369
Provide manifest and build options to boot OP-TEE as a
guest S-EL1 Secure Partition on top of Hafnium in S-EL2.
Increase ARM_SP_MAX_SIZE to cope with OP-TEE debug build image.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Idd2686fa689a78fe2d05ed92b1d23c65e2edd4cb
This patch adds support for Measured Boot functionality
to FVP platform code. It also defines new properties
in 'tpm_event_log' node to store Event Log address and
it size
'tpm_event_log_sm_addr'
'tpm_event_log_addr'
'tpm_event_log_size'
in 'event_log.dtsi' included in 'fvp_tsp_fw_config.dts'
and 'fvp_nt_fw_config.dts'. The node and its properties
are described in binding document
'docs\components\measured_boot\event_log.rst'.
Change-Id: I087e1423afcb269d6cfe79c1af9c348931991292
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch moves all GICv2 driver files into new added
'gicv2.mk' makefile for the benefit of the generic driver
which can evolve in the future without affecting platforms.
NOTE: Usage of 'drivers/arm/gic/common/gic_common.c' file
is now deprecated and platforms with GICv2 driver need to
be modified to include 'drivers/arm/gic/v2/gicv2.mk' in
their makefiles.
Change-Id: Ib10e71bdda0e5c7e80a049ddce2de1dd839602d1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
BL2 size gets increased due to the libfdt library update and
that eventually cause no-optimization build failure for BL2 as below:
aarch64-none-elf-ld.bfd: BL2 image has exceeded its limit.
aarch64-none-elf-ld.bfd: region `RAM' overflowed by 4096 bytes
Makefile:1070: recipe for target 'build/fvp/debug/bl2/bl2.elf' failed
make: *** [build/fvp/debug/bl2/bl2.elf] Error 1
Fixed build failure by increasing BL2 image size limit by 4Kb.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I92a57eb4db601561a98e254b64994bb921a88db3
Included cot_descriptors.dtsi in platform device tree
(fvp_tb_fw_config.dts).
Also, updated the maximum size of tb_fw_config to 0x1800
in order to accomodate the device tree for CoT descriptors.
Follow up patch will parse the device tree for these CoT descriptors
and fill the CoT descriptor structures at runtime instead of using
static CoT descriptor structures in the code base.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I90122bc713f6842b82fb019b04caf42629b4f45a
Passed the address of fw_config instead of soc_fw_config
as arg1 to BL31 from BL2 for ARM fvp platform.
BL31 then retrieve load-address of other device trees
from fw_config device tree.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ib7e9581cd765d76111dcc3b7e0dafc12503c83c1
* changes:
doc: Update memory layout for firmware configuration area
plat/arm: Increase size of firmware configuration area
plat/arm: Load and populate fw_config and tb_fw_config
fconf: Handle error from fconf_load_config
plat/arm: Update the fw_config load call and populate it's information
fconf: Allow fconf to load additional firmware configuration
fconf: Clean confused naming between TB_FW and FW_CONFIG
tbbr/dualroot: Add fw_config image in chain of trust
cert_tool: Update cert_tool for fw_config image support
fiptool: Add fw_config in FIP
plat/arm: Rentroduce tb_fw_config device tree
Increased the size of firmware configuration area to accommodate
all configs.
Updated maximum size of following bootloaders due to increase
in firmware configs size and addition of the code in the BL2.
1. Increased maximum size of BL2 for Juno platform in no
optimisation case.
2. Reduced maximum size of BL31 for fvp and Juno platform.
3. Reduced maximum size of BL32 for Juno platform.
Change-Id: Ifba0564df0d1fe86175bed9fae87fdcf013b1831
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Query clock frequency in runtime using FCONF getter API
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ie6a8a62d8d190b9994feffb167a1d48829913e9b
Extract Timer clock frequency from the timer node in
HW_CONFIG dtb. The first timer is a per-core architected timer attached
to a GIC to deliver its per-processor interrupts via PPIs.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I2f4b27c48e4c79208dab9f03c768d9221ba6ca86
Moved BL2 configuration nodes from fw_config to newly
created tb_fw_config device tree.
fw_config device tree's main usage is to hold properties shared
across all BLx images.
An example is the "dtb-registry" node, which contains the
information about the other device tree configurations
(load-address, size).
Also, Updated load-address of tb_fw_config which is now located
after fw_config in SRAM.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ic398c86a4d822dacd55b5e25fd41d4fe3888d79a
Using the fconf framework, the Group 0 and Group 1 secure interrupt
descriptors are moved to device tree and retrieved in runtime. This
feature is enabled by the build flag SEC_INT_DESC_IN_FCONF.
Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The only difference between GIC-500 and GIC-600 relevant to TF-A is the
differing power management sequence.
A certain GIC implementation is detectable at runtime, for instance by
checking the IIDR register. Let's add that test before initiating the
GIC-600 specific sequence, so the code can be used on both GIC-600 and
GIC-500 chips alike, without deciding on a GIC chip at compile time.
This means that the GIC-500 "driver" is now redundant. To allow minimal
platform support, add a switch to disable GIC-600 support.
Change-Id: I17ea97d9fb05874772ebaa13e6678b4ba3415557
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP)
owned Secure Partitions(SP). A similar support for Platform owned SP can
be added in future. The certificate is also protected against anti-
rollback using the trusted Non-Volatile counter.
To avoid deviating from TBBR spec, support for SP CoT is only provided
in dualroot.
Secure Partition content certificate is assigned image ID 31 and SP
images follows after it.
The CoT for secure partition look like below.
+------------------+ +-------------------+
| ROTPK/ROTPK Hash |------>| Trusted Key |
+------------------+ | Certificate |
| (Auth Image) |
/+-------------------+
/ |
/ |
/ |
/ |
L v
+------------------+ +-------------------+
| Trusted World |------>| SiP owned SPs |
| Public Key | | Content Cert |
+------------------+ | (Auth Image) |
/ +-------------------+
/ |
/ v|
+------------------+ L +-------------------+
| SP_PKG1 Hash |------>| SP_PKG1 |
| | | (Data Image) |
+------------------+ +-------------------+
. .
. .
. .
+------------------+ +-------------------+
| SP_PKG8 Hash |------>| SP_PKG8 |
| | | (Data Image) |
+------------------+ +-------------------+
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ia31546bac1327a3e0b5d37e8b99c808442d5e53f
As per "include/export/README", TF-A code should never include export
headers directly. Instead, it should include a wrapper header that
ensures the export header is included in the right manner.
"tbbr_img_def_exp.h" is directly included in TF-A code, this patch
replaces it with its wrapper header "tbbr_img_def.h".
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I31c1a42e6a7bcac4c396bb17e8548567ecd8147d
This should allow git to easily track file moves
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Change-Id: I1592cf39a4f94209c560dc6d1a8bc1bfb21d8327
SPCI is renamed as PSA FF-A which stands for Platform Security
Architecture Firmware Framework for A class processors.
This patch replaces the occurrence of SPCI with PSA FF-A(in documents)
or simply FFA(in code).
Change-Id: I4ab10adb9ffeef1ff784641dfafd99f515133760
Signed-off-by: J-Alves <joao.alves@arm.com>
We query the UART base address and clk frequency in runtime
using fconf getter APIs.
Change-Id: I5f4e84953be5f384472bf90720b706d45cb86260
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This patch introduces the populate function which leverages
a new driver to extract base address and clk frequency properties
of the uart serial node from HW_CONFIG device tree.
This patch also introduces fdt helper API fdtw_translate_address()
which helps in performing address translation.
Change-Id: I053628065ebddbde0c9cb3aa93d838619f502ee3
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Query the GICD and GICR base addresses in runtime using fconf getter
APIs.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I309fb2874f3329ddeb8677ddb53ed4c02199a1e9
This patch introduces dynamic configuration for SDEI setup and is supported
when the new build flag SDEI_IN_FCONF is enabled. Instead of using C arrays
and processing the configuration at compile time, the config is moved to
dts files. It will be retrieved at runtime during SDEI init, using the fconf
layer.
Change-Id: If5c35a7517ba00a9f258d7f3e7c8c20cee169a31
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Co-authored-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The stdout-path property in the /chosen node of a DTB points to a device
node, which is used for boot console output.
On most (if not all) ARM based platforms this is the debug UART.
The ST platform code contains a function to parse this property and
chase down eventual aliases to learn the node offset of this UART node.
Introduce a slightly more generalised version of this ST platform function
in the generic fdt_wrappers code. This will be useful for other platforms
as well.
Change-Id: Ie6da47ace7833861b5e35fe8cba49835db3659a5
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The STM32 platform port parse DT nodes to find base address to
peripherals. It does this by using its own implementation, even though
this functionality is generic and actually widely useful outside of the
STM32 code.
Re-implement fdt_get_reg_props_by_name() on top of the newly introduced
fdt_get_reg_props_by_index() function, and move it to fdt_wrapper.c.
This is removes the assumption that #address-cells and #size-cells are
always one.
Change-Id: I6d584930262c732b6e0356d98aea50b2654f789d
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment the fconf_populate_gicv3_config() implementation is
somewhat incomplete: First it actually fails to store the retrieved
information (the local addr[] array is going nowhere), but also it makes
quite some assumptions about the device tree passed to it: it needs to
use two address-cells and two size-cells, and also requires all five
register regions to be specified, where actually only the first two
are mandatory according to the binding (and needed by our code).
Fix this by introducing a proper generic function to retrieve "reg"
property information from a DT node:
We retrieve the #address-cells and #size-cells properties from the
parent node, then use those to extract the right values from the "reg"
property. The function takes an index to select one region of a reg
property.
This is loosely based on the STM32 implementation using "reg-names",
which we will subsume in a follow-up patch.
Change-Id: Ia59bfdf80aea4e36876c7b6ed4d153e303f482e8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Dynamic configuration properties are fconf properties. Modify the
compatible string from "arm,.." to "fconf,.." to reflect this.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: I85eb75cf877c5f4d3feea3936d4c348ca843bc6c