This patch defines a macro to handle Secure Device Manager's (SDM)
pointer to command & response buffer entries and convert them to the
correct physical address.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I4cf9f1d90e0d5ae4e1a2ce84165864b48c2862e7
'INTEL_SIP_SMC_MBOX_SEND_CMD' SMC runtime service will only return
mailbox status and the argument's length back to the caller
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Change-Id: I50d2ae74845794cab7bf0858e742b5a70e0ea868
This patch fixes the mailbox stall issue when sending mailbox command
that is larger than mailbox command FIFO size.
Large mailbox command will be sent to SDM in multiple chunks. HPS will
set doorbell to SDM when command FIFO full (is_doorbell_triggered will
be set to 1) to notify SDM to read the command data from FIFO, so that
HPS can continue to send the next chunk of command data.
However, HPS will not set the doorbell to SDM at the end if the doorbell
have been set earlier due to FIFO full. This will cause SDM mailbox
service stall because it is still waiting for last chunk of command data.
This patch fixes the code to always set the doorbell to SDM at the end
to get rid of stall issue.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Change-Id: Idbe62410a00d92a30c7aeaa26d53d79a910cac0a
intel_secure_reg_update function should apply mask to the value before
write into register.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Change-Id: I84bbd06e24b8666528b53030e8359743d438eb5b
This patch fix address range checker to make sure that it does not
errors out on NULL address with size 0. Non-secure software will send
this NULL address if the SMC call doesn't need to pass any address buffer.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I7e492c562a311ba989570c4ed465f845333ec865
* changes:
feat(stm32mp1): enable format-signedness warning
fix(stm32mp1): correct types in messages
fix(st-pmic): correct verbose message
fix(st-sdmmc2): correct cmd_idx type in messages
fix(st-fmc): fix type in message
fix(mtd): correct types in messages
fix(usb): correct type in message
fix(tzc400): correct message with filter
fix(psci): correct parent_node type in messages
fix(libc): correct some messages
fix(fconf): correct image_id type in messages
fix(bl2): correct messages with image_id
Add the flag -Wformat-signedness to TF_CFLAGS for STM32MP1.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I6af18778902b0a4dae1c08735d2d070ef3d137ce
Secure enclave decides the boot bank based on the firmware update
state of the system and updates the boot bank information at a given
location in the flash. In this commit, bl2 reads the given flash
location to indentify the bank from which it should load fip from.
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: I7f0f4ffc97189c9deb99db44afcd966082ffbf21
More space in the flash is reserved up front for metadata
parser and UEFI variables. That requires change in the flash
base address of where images are present.
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: Ieaabe09374d707de18d36505c69b6c9a8c2ec2e9
This change implements platform specific psci reset
for the corstone1000.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: I25f77234506416c3376ff4a028f6ea40ebe68437
These changes are required to accommodate 3MB for OP-TEE and this
is required for SP's part of optee
Added size macro's for better readability of the code
Moved uboot execution memory from CVM to DDR
Change-Id: I16657c6e336fe7c0fffdee1617d10af8a2c76732
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
diphda platform is now being renamed to corstone1000.
These changes are to replace all the instances and traces
of diphda corstone1000.
Change-Id: I330f3a112d232b99b4721b6bf0236253b068dbba
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
The PIE compilation is used only for BL32, move the ENABLE_PIE to
sp_min-stm32mp1.mk file. Override PIE flags, as sp_min.mk file is
included after the flags are set in Makefile.
The BL2_IN_XIP_MEM was added for a feature not yet upstreamed.
It is then removed from platform.mk file.
Change-Id: If055e51e0f160f99cd4e4cf68ca718d4d693119c
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
tamp_bkpr() returns a register address. So use uintptr_t instead of
uin32_t.
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Change-Id: I5eddfa525465313dadfec18d128248a968ba74e2
Add the SZ_* macros from 32 to 2G.
This allows removing some defines in raw NAND driver
and STM32MP1 boot device selection code.
Change-Id: I3c4d4959b0f43e785eeb37a43d03b2906b7fcfbc
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Add board support for variant 2 of RD-N2 platform which is a four chip
variant with 4 cores on each chip. The "CSS_SGI_PLATFORM_VARIANT" value
is 2 for multi-chip variant. The "CSS_SGI_CHIP_COUNT_MACRO" can be in
the range [1, 4] for multi-chip variant.
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Change-Id: I6412106e80e2f17704c796226c2ee9fe808705ba
Add support for the PSCI CPU_ON call to allow booting secondary CPU
cores. On cold boot they need to be booted with a special register
sequence. Also, the "boot remapper" needs to be configured to point to
the BL31_BASE, so the CPUs actually start executing BL31 after reset.
Change-Id: I406c508070ccb046bfdefd51554f12e1db671fd4
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Booting e.g. Linux in the non-secure world does not work with the
msm8916 port yet because essential hardware is not made available to
the non-secure world. Add more platform initialization to:
- Initialize the GICv2 and mark secure interrupts.
Only secure SGIs/PPIs so far. Override the GICD_PIDR2_GICV2
register address in platform_def.h to avoid a failing assert()
because of a (hardware) mistake in Qualcomm's GICv2 implementation.
- Make a timer frame available to the non-secure world.
The "Qualcomm Timer" (QTMR) implements the ARM generic timer
specification, so the standard defines (CNTACR_BASE etc)
can be used.
- Make parts of the "APCS" register region available to the
non-secure world, e.g. for CPU frequency control implemented
in Linux.
- Initialize a platform-specific register to route all SMMU context
bank interrupts to the non-secure interrupt pin, since all control
of the SMMUs is left up to the non-secure world for now.
Change-Id: Icf676437b8e329dead06658e177107dfd0ba4f9d
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Introduce the bare mimimum base of the msm8916 BL31 port. This is
pretty much just a standard platform "skeleton" with CPU/memory
initialization and an UART driver. This allows booting into
e.g. U-Boot with working UART output.
Note that the plat/qti/msm8916 port is completely separate and does not
make use of anything in plat/qti/common at the moment. The main reason
for that is that plat/qti/common is heavily focused around having a
binary "qtiseclib" component, while the MSM8916 port is fully
open-source (and therefore somewhat limited to publicly documented
functionality).
In the future it might be possible to re-use some of the open-source
parts in plat/qti/common (e.g. spmi_arb.c or pm_ps_hold.c) but it's
not strictly required for the basic functionality supported so far.
Change-Id: I7b4375df0f947b3bd1e55b0b52b21edb6e6d175b
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
From the new binding, the RCC become secured based on the new
compatible. This must be done only from the secure OS initialisation.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I7f0a62f22bfcca638ddaefc9563df00f89f01653
Add an early UART console to ease debug before UART is fully configured.
This is done under flag STM32MP_EARLY_CONSOLE in the first STM32MP1
platform function called (bl2_el3_early_platform_setup()). It uses the
parameters defined for crash console: STM32MP_DEBUG_USART* macros.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Id6be62368723a0499e97bbf56fb52c166fcbdfad
* changes:
feat(stm32mp1): warn when debug enabled on secure chip
fix(stm32mp1): rework switch/case for MISRA
feat(st): disable authentication based on part_number
* changes:
feat(st-gpio): do not apply secure config in BL2
feat(st): get pin_count from the gpio-ranges property
feat(st-gpio): allow to set a gpio in output mode
refactor(st-gpio): code improvements
The Event Log sources are added to the source-list of BL1 and BL2
images in the Event Log Makefile. It doesn't seem correct since
some platforms only compile Event Log sources for BL2.
Hence, moved compilation decision of Event Log sources to the
platform makefile.
Change-Id: I1cb96e24d6bea5e091d08167f3d1470d22b461cc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
The "ngpios" property is deprecated and may be removed.
Use the "gpio-ranges" property where the last parameter of that
property is the number of available pins within that range.
Signed-off-by: Fabien Dessenne <fabien.dessenne@foss.st.com>
Change-Id: I28295412c7cb1246fc753cff0d447b6fdcdc4c0f
Add a banner that inform user that debug is enabled
on a secure chip.
Change-Id: Ib618ac1332b40a1af72d0b60750eea4fc36a8014
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Avoid the use of return inside switch/case in stm32mp_is_single_core().
Although this MISRA rulre might not be enforced, we align on what is done
for stm32mp_is_auth_supported().
Change-Id: I00a5ec1b18c55b4254af00c9c5cf5a4dce104175
Signed-off-by: Yann Gautier <yann.gautier@st.com>
STM32MP15xA and STM32MP15xD chip part numbers don't
support the secure boot.
All functions linked to secure boot must not be used
and signed binaries are not allowed on such chip.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I5b85f322f5eb3b64415e1819bd00fb2c99f20695
The monotonic counter is stored in an OTP fuse.
A check is done in TF-A.
If the TF-A version is incremented, then the counter will be updated
in the corresponding OTP.
Change-Id: I6e7831300ca9efbb35b4c87706f2dcab35affacb
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Mathieu Belou <mathieu.belou@st.com>
Use dt_find_otp_name() to retrieve platform OTP information
from device tree, directly or through stm32_get_otp_index() and
stm32_get_otp_value() platform services.
String definitions replace hard-coded values, they are used to call
this new function.
Change-Id: I81213e4a9ad08fddadc2c97b064ae057a4c79561
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Rename driver file to BSEC2.
Split header file in IP and feature parts.
Add functions to access BSEC scratch register.
Several corrections and improvements.
Probe the driver earlier, especially to check debug features.
Change-Id: I1981536398d598d67a19d2d7766dacc18de72ec1
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Used by driver parsing this node to get information.
Change-Id: I50623a497157adf7b9da6fafe8d79f6ff58c0ebc
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
This patch adds the basic CPU library code to support the Poseidon CPU
in TF-A. Poseidon is derived from HunterELP core, an implementation of
v9.2 architecture. Currently, Hunter CPU the predecessor to HunterELP,
is supported in TF-A. Accordingly the Hunter CPU library code has been
as the base and adapted here.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I406b4de156a67132e6a5523370115aaac933f18d
This warning can only be removed if the version is newer than v1.6.0.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I472a8e552305b563447e8148074a5c0970b429e3
Remove stm32mp_incr_shrefcnt(), stm32mp_decr_shrefcnt(),
stm32mp_incr_refcnt() and stm32mp_decr_refcnt() that are unused.
The file is then just removed.
Change-Id: I09ee23c02317df5d8f71cbc355d3ed4a67ce2749
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Due to stm32mp_shres_helpers.h removal, the debug.h header is no more
included. It should then be added to stm32mp1_boot_device.c.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I397911ac05fdff464c010cf3b2e04320a781b4aa
Add support for enabling the FWU multi bank boot feature on the
platform.
Currently, this feature is supported on the STM32MP157C-DK2 board,
which boots off a uSD card. Also, support has been enabled when
booting from a FIP image.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: Ia69e858461e2daf599d41d66d7ff2ccae0c341c2
With the FWU Multi Bank update feature, the platform can boot from one
of multiple banks(partitions). Pass the value of bank from which the
platform has booted as boot index to the Update Agent. The Update
Agent will match this boot index value against the active_index field
in the metadata, and update the metadata if there is a mismatch.
Fow now, the mechanism to pass the boot index is platform specific. On
the STM32MP1 platform, the boot index value is passed through a
memorey mapped TAMP register on the SoC.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: I0aa665ff9c1db95be8ae19ed8de6d866587d6850
Add support for reading the FWU metadata partition. The metadata
partition stores information on the current active bank along with
information on all the FWU updatable images on the platform. This
information is then used to identify the image to be booted.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: I66bc5ac718c21a49c504e698b5b1f5c4daed2d08
With the FWU multi bank boot feature enabled, the platform can boot
from one of the multiple banks(partitions) containing the firmware
images. The bank whose firmware components are to be booted is read
from the FWU metadata structure -- the image to be booted is thus
derived by reading the metadata.
Read the metadata and set the image spec of the corresponding image
type to point to the partition from which the image is to be booted.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: I3dfdc7e9202859e917ec4e1f7d1855aad42c6b70
Abdul Halim, Muhammad Hadi Asyrafi
Sieu Mun Tang
Siew Chin Lim
Madhukar Pappireddy
Yann Gautier
Satish Kumar
Emekcan Aras
Arpita S.K
Vishnu Banavath
Manish Pandey
Nicolas Toromanoff
Aditya Angadi
Stephan Gerhold
Lionel Debieve
Manish V Badarkhe
Fabien Dessenne
Nicolas Le Bayon
Jayanth Dodderi Chidanand
Yann Gautier
Sughosh Ganu