This change implements SCMI channels for reading a SCMI message from a
shared memory and call the SCMI message drivers to route the message
to the target platform services.
SMT refers to the shared memory management protocol which is used
to get/put message/response in shared memory. SMT is a 28byte header
stating shared memory state and exchanged protocol data.
The processing entry for a SCMI message can be a secure interrupt
or fastcall SMCCC invocation.
SMT description in this implementation is based on the OP-TEE
project [1] itself based in the SCP-firmware implementation [2].
Link: [1] a58c4d706d
Link: [2] https://github.com/ARM-software/SCP-firmware.git
Change-Id: I416c7dab5c67954c6fe80bae8d8cdfdcda66873e
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Adds SCMI reset domain protocol support in the SCMI message drivers
as defined in SCMI specification v2.0 [1]. Not all the messages
defined in the specification are supported.
scmi_msg_get_rd_handler() sanitizes the message_id value
against any speculative use of reset domain ID as a index since by
SCMI specification, IDs are indices.
This implementation is based on the OP-TEE project implementation [2]
itself based on the SCP-firmware implementation [3] of the SCMI
protocol server side.
Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
Link: [2] 56a1f10ed9
Link: [3] https://github.com/ARM-software/SCP-firmware.git
Change-Id: If7cf13de40a815dedb40dcd5af8b6bb6725d9078
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Adds SCMI clock protocol support in the SCMI message drivers as
defined in SCMI specification v2.0 [1] for clock protocol messages.
Platform can provide one of the plat_scmi_clock_*() handler for the
supported operations set/get state/rate and others.
scmi_msg_get_clock_handler() sanitizes the message_id value
against any speculative use of clock ID as a index since by
SCMI specification, IDs are indices.
This implementation is based on the OP-TEE project implementation [2]
itself based on the SCP-firmware implementation [3] of the SCMI
protocol server side.
Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
Link: [2] a7a9e3ba71
Link: [3] https://github.com/ARM-software/SCP-firmware.git
Change-Id: Ib56e096512042d4f7b9563d1e4181554eb8ed02c
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
This change introduces drivers to allow a platform to create a basic
SCMI service and register handlers for client request (SCMI agent) on
system resources. This is the first piece of the drivers: an entry
function, the SCMI base protocol support and helpers for create
the response message.
With this change, scmi_process_message() is the entry function to
process an incoming SCMI message. The function expect the message
is already copied from shared memory into secure memory. The message
structure stores message reference and output buffer reference where
response message shall be stored.
scmi_process_message() calls the SCMI protocol driver according to
the protocol ID in the message. The SCMI protocol driver will call
defined platform handlers according to the message content.
This change introduces only the SCMI base protocol as defined in
SCMI specification v2.0 [1]. Not all the messages defined
in the specification are supported.
The SCMI message implementation is derived from the OP-TEE project [2]
itself based on the SCP-firmware implementation [3] of the SCMI protocol
server side.
Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
Link: [2] ae8c806809
Link: [3] https://github.com/ARM-software/SCP-firmware/tree/v2.6.0
Change-Id: I639c4154a39fca60606264baf8d32452641f45e9
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
with sha 44f1aa8, support for Silicon Provider(SiP) owned Secure
Partition(SP) was added for dualroot CoT. This patch extends this
support for tbbr CoT.
Earlier tbbr CoT for SPs was left to avoid adding new image types in
TBBR which could possibly be seen as deviation from specification.
But with further discussions it is understood that TBBR being a
*minimal* set of requirements that can be extended as long as we don't
violate any of the musts, which is the case with adding SP support.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I1b9e3ebdd7d653f1fd4cc3bd910a69871b55ecbb
The only difference between GIC-500 and GIC-600 relevant to TF-A is the
differing power management sequence.
A certain GIC implementation is detectable at runtime, for instance by
checking the IIDR register. Let's add that test before initiating the
GIC-600 specific sequence, so the code can be used on both GIC-600 and
GIC-500 chips alike, without deciding on a GIC chip at compile time.
This means that the GIC-500 "driver" is now redundant. To allow minimal
platform support, add a switch to disable GIC-600 support.
Change-Id: I17ea97d9fb05874772ebaa13e6678b4ba3415557
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP)
owned Secure Partitions(SP). A similar support for Platform owned SP can
be added in future. The certificate is also protected against anti-
rollback using the trusted Non-Volatile counter.
To avoid deviating from TBBR spec, support for SP CoT is only provided
in dualroot.
Secure Partition content certificate is assigned image ID 31 and SP
images follows after it.
The CoT for secure partition look like below.
+------------------+ +-------------------+
| ROTPK/ROTPK Hash |------>| Trusted Key |
+------------------+ | Certificate |
| (Auth Image) |
/+-------------------+
/ |
/ |
/ |
/ |
L v
+------------------+ +-------------------+
| Trusted World |------>| SiP owned SPs |
| Public Key | | Content Cert |
+------------------+ | (Auth Image) |
/ +-------------------+
/ |
/ v|
+------------------+ L +-------------------+
| SP_PKG1 Hash |------>| SP_PKG1 |
| | | (Data Image) |
+------------------+ +-------------------+
. .
. .
. .
+------------------+ +-------------------+
| SP_PKG8 Hash |------>| SP_PKG8 |
| | | (Data Image) |
+------------------+ +-------------------+
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ia31546bac1327a3e0b5d37e8b99c808442d5e53f
ETZPC stands for Extended TrustZone Protection Controller. It is a
resource conditional access device. It is mainly based on Arm TZPC.
ST ETZPC exposes memory mapped DECPROT cells to set access permissions
to SoC peripheral interfaces as I2C, SPI, DDR controllers, and some
of the SoC internal memories.
ST ETZPC exposes memory mapped TZMA cells to set access permissions
to some SoC internal memories.
Change-Id: I47ce20ffcfb55306dab923153b71e1bcbe2a5570
Co-developed-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
This patch enables the stream ID for the SD/MMC
controllers via dedicated unit register. Thanks to this
change it is possible to configure properly the
IOMMU in OS and use the SD/MMC interface in a guest
Virtual Machine.
Change-Id: I99cbd2c9882eb558ba01405d3d8a3e969f06e082
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
Signed-off-by: Tomasz Nowicki <tn@semihalf.com>
Changes stm32mp1 reset driver to API to add a timeout argument
to stm32mp_reset_assert() and stm32mp_reset_deassert() and
a return value.
With a supplied timeout, the functions wait the target reset state
is reached before returning. With a timeout of zero, the functions
simply load target reset state in SoC interface and return without
waiting.
Helper functions stm32mp_reset_set() and stm32mp_reset_release()
use a zero timeout and return without a return code.
This change updates few stm32 drivers and plat/stm32mp1 blé_plat_setup.c
accordingly without any functional change.
functional change.
Change-Id: Ia1a73a15125d3055fd8739c125b70bcb9562c27f
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
CoT used for BL1 and BL2 are moved to tbbr_cot_bl1.c
and tbbr_cot_bl2.c respectively.
Common CoT used across BL1 and BL2 are moved to
tbbr_cot_common.c.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I2252ac8a6960b3431bcaafdb3ea4fb2d01b79cf5
Adds missing terminal new line character '\n' to debug traces,
fix format as index is an unsigned value and use present tense rather
than past tense in the printed message.
Change-Id: I88c06ef4d3a11d97ff8e96875a3dd0f58a3c98b6
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Enable few system clocks at related BL initialization.
Change-Id: I12b35e8cdc128b993de4a1dc4c6e9d52624dd8d9
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Oscillators and PLLs are not gated on stm32mp_clk_enable/disable()
calls. This change prevents functions to panic when called for such
always-on clocks. Gating these clocks is out of the scope of
this change.
Change-Id: Ie730553dea480b529de942446176db9119587832
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Adds RTC clock to the list of the supported clocks. This allows
stm32mp_clk_*() API functions to enable, disable and set and get
rate for the clock RTC clock.
Change-Id: I8efc3f00b1f22d1912f59d1846994e9e646d6614
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
The current implementation optimizes memory consumed by gateable
clock table by storing bit mask and bit shift with 1 byte each.
The issue is that register selector bit masks above the 7th LSBit
cannot be stored.
This change uses the shift info to shift the mask before it is used,
allowing clock selector register bit fields to be spread on the 32 bits
of the register as long as the mask fits in 8 contiguous bit at most.
This change is needed to add the RTC clock to the gateable clocks table.
Change-Id: I8a0fbcbf20ea383fb3d712f5064d2d307e44465d
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Oscillators, PLLs and some system clocks can be related straight to
a parent clock. Prior this change were only oscillators and few
clocks supported by this look up. This changes adds PLLs and other
system clocks. This enables for flexible use of clock tree exploration
when computing a clock frequency value.
Change-Id: I15ec98023a7095e3120a6954de59a4799d92c66b
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
The STM32 platform port parse DT nodes to find base address to
peripherals. It does this by using its own implementation, even though
this functionality is generic and actually widely useful outside of the
STM32 code.
Re-implement fdt_get_reg_props_by_name() on top of the newly introduced
fdt_get_reg_props_by_index() function, and move it to fdt_wrapper.c.
This is removes the assumption that #address-cells and #size-cells are
always one.
Change-Id: I6d584930262c732b6e0356d98aea50b2654f789d
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The STM32 platform code uses its own set of FDT helper functions,
although some of them are fairly generic.
Remove the implementation of fdt_read_uint32_default() and implement it
on top of the newly introduced fdt_read_uint32() function, then convert
all users over.
This also fixes two callers, which were slightly abusing the "default"
semantic.
Change-Id: I570533362b4846e58dd797a92347de3e0e5abb75
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The device tree parsing code for the STM32 platform is using its own FDT
helper functions, some of them being rather generic.
In particular the existing fdt_read_uint32_array() implementation is now
almost identical to the new generic code in fdt_wrappers.c, so we can
remove the ST specific version and adjust the existing callers.
Compared to the original ST implementation the new version takes a
pointer to the DTB as the first argument, and also swaps the order of
the number of cells and the pointer.
Change-Id: Id06b0f1ba4db1ad1f733be40e82c34f46638551a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
To support compatibility with previous GICv3 driver version
this patch:
- restores original API for gicr_read_ipriority() and
gicr_wrtite_ipriority() functions;
- adds accessor functions for GICR_XXX0,1 registers, e.g.
GICR_IGROUPR0, GICR_ICFGR0, GICR_ICFGR1, etc.
Change-Id: I796a312a61665ff384e3d9de2f4b3c60f700b43b
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
GIC-Clayton supports multichip operation mode which allows it to connect
upto 16 other GIC-Clayton instances. GIC-Clayton's multichip programming
and operation remains same as GIC-600 with a minor change in the
SPI_BLOCKS and SPI_BLOCK_MIN shifts to accommodate additional SPI
ranges. So identify if the GIC v4 extension is enabled by the platform
makefile and appropriately select the SPI_BLOCKS and SPI_BLOCK_MIN
shifts.
Change-Id: I95fd80ef16af6c7ca09e2335539187b133052d41
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
This patch adds support for GICv4 extension.
New `GIC_ENABLE_V4_EXTN` option passed to gicv3.mk makefile
was added, and enables GICv4 related changes when set to 1.
This option defaults to 0.
Change-Id: I30ebe1b7a98d3a54863900f37eda4589c707a288
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch provides support for GICv3.1 extended PPI and SPI
range. The option is enabled by setting to 1 and passing
`GIC_EXT_INTID` build flag to gicv3.mk makefile.
This option defaults to 0 with no extended range support.
Change-Id: I7d09086fe22ea531c5df51a8a1efd8928458d394
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
* changes:
doc: brcm: Add documentation file for brcm stingray platform
drivers: Add SPI Nor flash support
drivers: Add iproc spi driver
drivers: Add emmc driver for Broadcom platforms
Add BL31 support for Broadcom stingray platform
Add BL2 support for Broadcom stingray platform
Add bl31 support common across Broadcom platforms
Add bl2 setup code common across Broadcom platforms
drivers: Add support to retrieve plat_toc_flags
Add Crypto 713 support as crypto module and NVM counter provider.
As files under include/drivers/arm/cryptocell/713/ are copied verbatim
from the CryptoCell SBROM lib project they are filtered from checkpatch
coding style check.
Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Change-Id: I7c361772f00ca7d96481f81ac6cbb2704467e52c
Add support to retrieve plat_toc_flags value from FIP header flags.
plat_toc_flags is for platform specific use. It is stored in
FIP header by fiptool using --plat-toc-flags option.
Change-Id: Ibadd91b4f28e6503f4426e4efd404bbe512ad124
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
* changes:
stm32mp1: use stm32mp_get_ddr_ns_size() function
stm32mp1: set XN attribute for some areas in BL2
stm32mp1: dynamically map DDR later and non-cacheable during its test
stm32mp1: add a function to get non-secure DDR size
This patch moves all GICv3 driver files into new added
'gicv3.mk' makefile for the benefit of the generic driver
which can evolve in the future without affecting platforms.
The patch adds GICv3 driver configuration flags
'GICV3_IMPL', 'GICV3_IMPL_GIC600_MULTICHIP' and
'GICV3_OVERRIDE_DISTIF_PWR_OPS' described in
'GICv3 driver options' section of 'build-option.rst'
document.
NOTE: Platforms with GICv3 driver need to be modified to
include 'drivers/arm/gic/v3/gicv3.mk' in their makefiles.
Change-Id: If055f6770ff20f5dee5a3c99ae7ced7cdcac5c44
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
A speculative accesses to DDR could be done whereas it was not reachable
and could lead to bus stall.
To correct this the dynamic mapping in MMU is used.
A first mapping is done for DDR tests with MT_NON_CACHEABLE attribute,
once DDR access is setup. It is then unmapped and a new mapping DDR is done
with cacheable attribute (through MT_MEMORY) to speed-up BL33 (or OP-TEE)
load.
The disabling of cache during DDR tests is also removed, as now useless.
A call to new functions stm32mp_{,un}map_ddr_non_cacheable() is done
instead.
PLAT_XLAT_TABLES_DYNAMIC is activated globally as used in BL2 and BL32.
BL33 max size is also updated to take into account the secure and shared
memory areas. Those are used in OP-TEE case.
Change-Id: I22c48b4a48255ee264991c34ecbb15bfe87e67c3
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This patch provides support for measured boot by adding calculation
of BL2 image hash in BL1 and writing these data in TB_FW_CONFIG DTB.
Change-Id: Ic074a7ed19b14956719c271c805b35d147b7cec1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This issue was found with cppcheck in our downstream code:
[drivers/st/io/io_stm32image.c:234] -> [drivers/st/io/io_stm32image.c:244]:
(warning) Either the condition 'buffer!=0U' is redundant or there is
possible null pointer dereference: local_buffer.
Change-Id: Ieb615b7e485dc93bbeeed4cd8bf845eb84c14ac9
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The variable is wrongly set to 0L, whereas it is an unsigned int, it should
then be 0U.
Change-Id: I0b164c0ea598ec8a503f1693da2f3789f59da238
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Sparse issue:
drivers/st/spi/stm32_qspi.c:445:5:
warning: symbol 'stm32_qspi_init' was not declared. Should it be static?
Cppcheck issue:
[drivers/st/spi/stm32_qspi.c:175] -> [drivers/st/spi/stm32_qspi.c:187]:
(style) Variable 'len' is reassigned a value before the old one has been
used.
[drivers/st/spi/stm32_qspi.c:178]:
(style) The scope of the variable 'timeout' can be reduced.
Change-Id: I575fb50766355a6717cbd193fc4a80ff1923014c
Signed-off-by: Yann Gautier <yann.gautier@st.com>