Adding support for generating a semi-random number required for
enabling building TF-A with stack protector support.
TF-A for corstone-700 may now be built using ENABLE_STACK_PROTECTOR=all
Change-Id: I03e1be1a8d4e4a822cf286f3b9ad4da4337ca765
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Forced hash generation used to always generate hash via RSA encryption.
This patch changes encryption based on ARM_ROTPK_LOCATION.
Also removes setting KEY_ALG based on ARM_ROTPL_LOCATION - there is no
relation between these two.
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: Id727d2ed06176a243719fd0adfa0cae26c325005
* changes:
SPMD: enable SPM dispatcher support
SPMD: hook SPMD into standard services framework
SPMD: add SPM dispatcher based upon SPCI Beta 0 spec
SPMD: add support to run BL32 in TDRAM and BL31 in secure DRAM on Arm FVP
SPMD: add support for an example SPM core manifest
SPMD: add SPCI Beta 0 specification header file
This patch adds support to the build system to include support for the SPM
dispatcher when the SPD configuration option is spmd.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: Ic1ae50ecd7403fcbcf1d318abdbd6ebdc642f732
This patch reserves and maps the Trusted DRAM for SPM core execution.
It also configures the TrustZone address space controller to run BL31
in secure DRAM.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: I7e1bb3bbc61a0fec6a9cb595964ff553620c21dc
This patch repurposes the TOS FW configuration file as the manifest for
the SPM core component which will reside at the secure EL adjacent to
EL3. The SPM dispatcher component will use the manifest to determine how
the core component must be initialised. Routines and data structure to
parse the manifest have also been added.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: Id94f8ece43b4e05609f0a1d364708a912f6203cb
In preparation for adding support for Reference Design platforms
which have different base addresses for GIC Distributor or
Redistributor, move GIC related base addresses to individual platform
definition files.
Change-Id: Iecf52b4392a30b86905e1cd047c0ff87d59d0191
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Include multi-chip-mode parameter in HW_CONFIG dts to let next stage of
boot firmware know about the multi-chip operation mode.
Change-Id: Ic7535c2280fd57180ad14aa0ae277cf0c4d1337b
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
RD-N1-Edge based platforms can operate in dual-chip configuration
wherein two rdn1edge SoCs are connected through a high speed coherent
CCIX link.
This patch adds a function to check if the RD-N1-Edge platform is
operating in multi-chip mode by reading the SID register's NODE_ID
value. If operating in multi-chip mode, initialize GIC-600 multi-chip
operation by overriding the default GICR frames with array of GICR
frames and setting the chip 0 as routing table owner.
The address space of the second RD-N1-Edge chip (chip 1) starts from the
address 4TB. So increase the physical and virtual address space size to
43 bits to accommodate the multi-chip configuration. If the multi-chip
mode configuration is detected, dynamically add mmap entry for the
peripherals memory region of the second RD-N1-Edge SoC. This is required
to let the BL31 platform setup stage to configure the devices in the
second chip.
PLATFORM_CORE_COUNT macro is set to be multiple of CSS_SGI_CHIP_COUNT
and topology changes are added to represent the dual-chip configuration.
In order the build the dual-chip platform, CSS_SGI_CHIP_COUNT macro
should be set to 2:
export CROSS_COMPILE=<path-to-cross-compiler>
make PLAT=rdn1edge CSS_SGI_CHIP_COUNT=2 ARCH=aarch64 all
Change-Id: I576cdaf71f0b0e41b9a9181fa4feb7091f8c7bb4
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
On systems that have multiple platform components that can interpret the
SCMI messages, there is a need to support multiple SCMI channels (one
each to those platform components). Extend the existing SCMI interface
that currently supports only a single SCMI channel to support multiple
SCMI channels.
Change-Id: Ice4062475b903aef3b5e5bc37df364c9778a62c5
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
In order to allow the MHUv2 driver to be usable with multiple MHUv2
controllers, use the base address of the controller from the platform
information instead of the MHUV2_BASE_ADDR macro.
Change-Id: I4dbab87b929fb0568935e6c8b339ce67937f8cd1
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
AFF3 bits of MPIDR corresponds to Chip-Id in Arm multi-chip platforms.
For calculating linear core position of CPU cores from slave chips, AFF3
bits has to be used. Update `plat_arm_calc_core_pos` assembly function
to include AFF3 bits in calculation.
Change-Id: I4af2bd82ab8e31e18bc61de22705a73893954260
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Some of the Reference Design platforms like RD-N1-Edge can operate in
multi-chip configuration wherein two or more SoCs are connected through
a high speed coherent CCIX link. For the RD platforms, the remote chip
address space is at the offset of 4TB per chip. In order for the primary
chip to access the device memory region on the remote chip, the required
memory region entries need to be added as mmap entry. This patch adds
macros related to the remote chip device memory region.
Change-Id: I833810b96f1a0e7c3c289ac32597b6ba03344c80
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Multi-chip platforms have two or more identical chips connected using a
high speed coherent link. In order to identify such platforms,
add chip_id and multi_chip_mode information in the platform variant
info structure. The values of these two new elements is populated
during boot.
Change-Id: Ie6e89cb33b3f0f408814f6239cd06647053e23ed
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
For SGI-575 and RD platforms, move bl31_platform_setup handler to
individual board files to allow the platforms to perform board specific
bl31 setup.
Change-Id: Ia44bccc0a7f40a155b33909bcb438a0909b20d42
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
RD-E1-Edge platform consists of two clusters with eight CPUs each and
two processing elements (PE) per CPU. Commit a9fbf13e04 (plat/arm/sgi:
move topology information to board folder) defined the RD-E1-Edge
topology tree to have two clusters with eight CPUs each but PE per CPU
entries were not added. This patch fixes the topology tree accordingly.
Change-Id: I7f97f0013be60e5d51c214fce3962e246bae8a0b
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Introduce macro 'CSS_SGI_CHIP_COUNT' to allow Arm CSS platforms with
multi-chip support to define number of chiplets on the platform. By
default, this flag is set to 1 and does not affect the existing single
chip platforms.
For multi-chip platforms, override the default value of
CSS_SGI_CHIP_COUNT with the number of chiplets supported on the
platform. As an example, the command below sets the number of chiplets
to two on the RD-N1-Edge multi-chip platform:
export CROSS_COMPILE=<path-to-cross-compiler>
make PLAT=rdn1edge CSS_SGI_CHIP_COUNT=2 ARCH=aarch64 all
Change-Id: If364dc36bd34b30cc356f74b3e97633933e6c8ee
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Currently, an IO setup failure will be ignored on arm platform release
build. Change this to panic instead.
Change-Id: I027a045bce2422b0a0fc4ff9e9d4c6e7bf5d2f98
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change the return type of "arm_io_is_toc_valid()" and
"plat_arm_bl1_fwu_needed()" to bool, to match function behavior.
Change-Id: I503fba211219a241cb263149ef36ca14e3362a1c
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Use the firmware configuration framework to store the io_policies
information inside the configuration device tree instead of the static
structure in the code base.
The io_policies required by BL1 can't be inside the dtb, as this one is
loaded by BL1, and only available at BL2.
This change currently only applies to FVP platform.
Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Use the firmware configuration framework in arm dynamic configuration
to retrieve mbedtls heap information between bl1 and bl2.
For this, a new fconf getter is added to expose the device tree base
address and size.
Change-Id: Ifa5ac9366ae100e2cdd1f4c8e85fc591b170f4b6
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Use fconf to retrieve the `disable_authentication` property.
Move this access from arm dynamic configuration to bl common.
Change-Id: Ibf184a5c6245d04839222f5457cf5e651f252b86
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
This patch introduces a better separation between the trusted-boot
related properties, and the dynamic configuration DTBs loading
information.
The dynamic configuration DTBs properties are moved to a new node:
`dtb-registry`. All the sub-nodes present will be provided to the
dynamic config framework to be loaded. The node currently only contains
the already defined configuration DTBs, but can be extended for future
features if necessary.
The dynamic config framework is modified to use the abstraction provided
by the fconf framework, instead of directly accessing the DTBs.
The trusted-boot properties are kept under the "arm,tb_fw" compatible
string, but in a separate `tb_fw-config` node.
The `tb_fw-config` property of the `dtb-registry` node simply points
to the load address of `fw_config`, as the `tb_fw-config` is currently
part of the same DTB.
Change-Id: Iceb6c4c2cb92b692b6e28dbdc9fb060f1c46de82
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Use the dtb provided by bl1 as configuration file for fconf.
Change-Id: I3f466ad9b7047e1a361d94e71ac6d693e31496d9
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Move the loading of the dtb from arm_dym_cfg to fconf. The new loading
function is not associated to arm platform anymore, and can be moved
to bl_main if wanted.
Change-Id: I847d07eaba36d31d9d3ed9eba8e58666ea1ba563
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Introduce the Firmware CONfiguration Framework (fconf).
The fconf is an abstraction layer for platform specific data, allowing
a "property" to be queried and a value retrieved without the requesting
entity knowing what backing store is being used to hold the data.
The default backing store used is C structure. If another backing store
has to be used, the platform integrator needs to provide a "populate()"
function to fill the corresponding C structure.
The "populate()" function must be registered to the fconf framework with
the "FCONF_REGISTER_POPULATOR()". This ensures that the function would
be called inside the "fconf_populate()" function.
A two level macro is used as getter:
- the first macro takes 3 parameters and converts it to a function
call: FCONF_GET_PROPERTY(a,b,c) -> a__b_getter(c).
- the second level defines a__b_getter(c) to the matching C structure,
variable, array, function, etc..
Ex: Get a Chain of trust property:
1) FCONF_GET_PROPERY(tbbr, cot, BL2_id) -> tbbr__cot_getter(BL2_id)
2) tbbr__cot_getter(BL2_id) -> cot_desc_ptr[BL2_id]
Change-Id: Id394001353ed295bc680c3f543af0cf8da549469
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Enables usage of ARM_ROTPK_LOCATION=regs for FVP board.
Removes hard-coded developer keys. Instead, setting
ARM_ROTPK_LOCATION=devel_* takes keys from default directory.
In case of ROT_KEY specified - generates a new hash and replaces the
original.
Note: Juno board was tested by original feature author and was not tested
for this patch since we don't have access to the private key. Juno
implementation was moved to board-specific file without changing
functionality. It is not known whether byte-swapping is still needed
for this platform.
Change-Id: I0fdbaca0415cdcd78f3a388551c2e478c01ed986
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Stack usage reaches 90% with some configuration. Bump slightly the stack
size to prevent a stack-overflow.
Change-Id: I44ce8b12906586a42f152b7677785fcdc5e78ae1
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Fix code that violates the MISRA rule:
MISRA C-2012 Rule 11.9: Literal "0" shall not be used as
null pointer constant.
The fix explicitly checks whether a pointer is NULL.
Change-Id: Ibc318dc0f464982be9a34783f24ccd1d44800551
Signed-off-by: Zelalem <zelalem.aweke@arm.com>
This patch adds 'fdtw_read_bytes' and 'fdtw_write_inplace_bytes'
functions for read/write array of bytes from/to a given property.
It also adds 'fdt_setprop_inplace_namelen_partial' to jmptbl.i
files for builds with USE_ROMLIB=1 option.
Change-Id: Ied7b5c8b38a0e21d508aa7bcf5893e656028b14d
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Allows to select the chain of trust to use when the Trusted Boot feature
is enabled. This affects both the cert_create tool and the firmware
itself.
Right now, the only available CoT is TBBR.
Change-Id: I7ab54e66508a1416cb3fcd3dfb0f055696763b3d
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The Secure Configuration Register is 64-bits in AArch64 and 32-bits in
AArch32. Use u_register_t instead of unsigned int to reflect this.
Change-Id: I51b69467baba36bf0cfaec2595dc8837b1566934
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
In order to support SEPARATE_NOBITS_REGION for Arm platforms, we need to load
BL31 PROGBITS into secure DRAM space and BL31 NOBITS into SRAM. Hence mandate
the build to require that ARM_BL31_IN_DRAM is enabled as well.
Naturally with SEPARATE_NOBITS_REGION enabled, the BL31 initialization code
cannot be reclaimed to be used for runtime data such as secondary cpu stacks.
Memory map for BL31 NOBITS region also has to be created.
Change-Id: Ibbc8c9499a32e63fd0957a6e254608fbf6fa90c9
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The platform topology description of the upcoming Arm's RD platforms
have different topology than those listed in the sgi_topology.c file. So
instead of adding platform specific topology into existing
sgi_topology.c file, those can be added to respective board files. In
order to maintain consistency with the upcoming platforms, move the
existing platform topology description to respective board files.
Change-Id: I4689c7d24cd0c75a3dc234370c34a85c08598abb
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
As on SGI platforms, SCPI is unsupported on SGM platforms.
Change-Id: I556ed095b9eb55b72447230ee2725d3c76160a08
Signed-off-by: Chris Kay <chris.kay@arm.com>
In order to support SEPARATE_NOBITS_REGION for Arm platforms, we need to load
BL31 PROGBITS into secure DRAM space and BL31 NOBITS into SRAM. Hence mandate
the build to require that ARM_BL31_IN_DRAM is enabled as well.
Naturally with SEPARATE_NOBITS_REGION enabled, the BL31 initialization code
cannot be reclaimed to be used for runtime data such as secondary cpu stacks.
Memory map for BL31 NOBITS region also has to be created.
Change-Id: Ibd480f82c1dc74e9cbb54eec07d7a8fecbf25433
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
NOTE for platform integrators:
API `plat_psci_stat_get_residency()` third argument
`last_cpu_idx` is changed from "signed int" to the
"unsigned int" type.
Issue / Trouble points
1. cpu_idx is used as mix of `unsigned int` and `signed int` in code
with typecasting at some places leading to coverity issues.
2. Underlying platform API's return cpu_idx as `unsigned int`
and comparison is performed with platform specific defines
`PLAFORM_xxx` which is not consistent
Misra Rule 10.4:
The value of a complex expression of integer type may only be cast to
a type that is narrower and of the same signedness as the underlying
type of the expression.
Based on above points, cpu_idx is kept as `unsigned int` to match
the API's and low-level functions and platform defines are updated
where ever required
Signed-off-by: Deepika Bhavnani <deepika.bhavnani@arm.com>
Change-Id: Ib26fd16e420c35527204b126b9b91e8babcc3a5c
This patch removes re-definition of the following FVP build
options from plat\arm\board\fvp\fvp_def.h:
'FVP_CLUSTER_COUNT'
'FVP_MAX_CPUS_PER_CLUSTER'
'FVP_MAX_PE_PER_CPU'
which are set in platform.mk.
This fixes a potential problem when a build option set in
platform.mk file can be re-defined in fvp_def.h header file
used by other build component with a different makefile which
does not set this option.
Ref. GENFW-3505.
Change-Id: I4288629920516acf2c239c7b733f92a0c5a812ff
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
The reclaim init code functionality relies on forward reference in the
linker script. The LLVM linker does not process it correctly.
Change-Id: I993aeb9587bfa07af25b60ed823a6a2c5e970c94
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Point boot address to DDR location for booting A5DS FPGA
FIP, Kernel and rootfs are sideloaded to DDR
Also move BL2 to higher address in DDR
Change-Id: Ia2a57a0bda776a1a0a96bcd3cfb5c6cd2cf4dc04
Signed-off-by: Avinash Mehta <avinash.mehta@arm.com>
Correct the system, timer and uart frequencies to successfully run
the stack on FPGA
Correct Cortex-A5MPcore to 8 word granularity for Cache writeback
Change-Id: I2c59c26b7dca440791ad39f2297c68ae513da7b6
Signed-off-by: Avinash Mehta <avinash.mehta@arm.com>
The SCU connects one to four Cortex-A5/Cortex-A9 processors
to the memory system through the AXI interfaces.
The SCU functions are to:
- maintain data cache coherency between the Cortex-A5/Cortex-A9
processors
- initiate L2 AXI memory accesses
- arbitrate between Cortex-A5/Cortex-A9 processors requesting
L2 accesses
- manage ACP accesses.
Snoop Control Unit will enable to snoop on other CPUs caches.
This is very important when it comes to synchronizing data between
CPUs. As an example, there is a high chance that data might be
cache'd and other CPUs can't see the change. In such cases,
if snoop control unit is enabled, data is synchoronized immediately
between CPUs and the changes are visible to other CPUs.
This driver provides functionality to enable SCU as well as enabling
user to know the following
- number of CPUs present
- is a particular CPU operating in SMP mode or AMP mode
- data cache size of a particular CPU
- does SCU has ACP port
- is L2CPRESENT
Change-Id: I0d977970154fa60df57caf449200d471f02312a0
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
The contents of this header have been merged into the spm_mm_svc.h
header file.
Change-Id: I01530b2e4ec1b4c091ce339758025e2216e740a4
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Before adding any new SPM-related components we should first do
some cleanup around the existing SPM-MM implementation. The aim
is to make sure that any SPM-MM components have names that clearly
indicate that they are MM-related. Otherwise, when adding new SPM
code, it could quickly become confusing as it would be unclear to
which component the code belongs.
The secure_partition.h header is a clear example of this, as the
name is generic so it could easily apply to any SPM-related code,
when it is in fact SPM-MM specific.
This patch renames the file and the two structures defined within
it, and then modifies any references in files that use the header.
Change-Id: I44bd95fab774c358178b3e81262a16da500fda26
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
The Secure Partition Manager (SPM) prototype implementation is
being removed. This is preparatory work for putting in place a
dispatcher component that, in turn, enables partition managers
at S-EL2 / S-EL1.
This patch removes:
- The core service files (std_svc/spm)
- The Resource Descriptor headers (include/services)
- SPRT protocol support and service definitions
- SPCI protocol support and service definitions
Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
There are two different implementations of Secure Partition
management in TF-A. One is based on the "Management Mode" (MM)
design, the other is based on the Secure Partition Client Interface
(SPCI) specification. Currently there is a dependency between their
build flags that shouldn't exist, making further development
harder than it should be. This patch removes that
dependency, making the two flags function independently.
Before: ENABLE_SPM=1 is required for using either implementation.
By default, the SPCI-based implementation is enabled and
this is overridden if SPM_MM=1.
After: ENABLE_SPM=1 enables the SPCI-based implementation.
SPM_MM=1 enables the MM-based implementation.
The two build flags are mutually exclusive.
Note that the name of the ENABLE_SPM flag remains a bit
ambiguous - this will be improved in a subsequent patch. For this
patch the intention was to leave the name as-is so that it is
easier to track the changes that were made.
Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
This patch fixes the bug in BL2 dynamic configuration initialisation
which prevents loading NT_FW_CONFIG image (ref. GENFW-3471).
It also adds parentheses around 'if' statement conditions to fix
Coverity defect.
Change-Id: I353566c29b84341887e13bf8098a4fedfc4e00ff
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Provide an SMC interface to the 9p filesystem. This permits
accessing firmware drivers through a common interface, using
standardized read/write/control operations.
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I9314662314bb060f6bc02714476574da158b2a7d
Ported the pmf asm macros and the asm code in the bl31 entrypoint
necessary for the instrumentation to AArch32.
Since smc dispatch is handled by the bl32 payload on AArch32, we
provide this service only if AARCH32_SP=sp_min is set.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Change-Id: Id33b7e9762ae86a4f4b40d7f1b37a90e5130c8ac
Switching execution states is only possible if EL3 is AArch64.
As such there is no need to validate the entrypoint on AArch32 builds.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Change-Id: I3c1eb25b5df296a492870641d274bf65213c6608
C99 standard: "What constitutes an access to an object that has
volatile-qualified type is implementation-defined".
GCC is not considering the cast to void of volatile structures as an
access and so is not actually issuing reads.
Clang does read those structures by copying them on the stack, which in
this case creates an overflow because of their large size.
This patch removes the cast to void and instead uses the USED attribute
to tell the compiler to retain the static variables.
Change-Id: I952b5056e3f6e91841e7ef9558434352710ab80d
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Zelalem Aweke <zelalem.aweke@arm.com>
Previously the .init section was created even when the reclaim flag was
manually set to 0.
Change-Id: Ia9e7c7997261f54a4eca725d7ea605192f60bcf8
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Zelalem Aweke <zelalem.aweke@arm.com>
Currently tb_fw_cfg_dtb size is fixed to max, which is generally a page
(but depend on the platform). Instead, read the actual size of the dtb
with the libfdt "fdt_totalsize" function.
This avoid flushing extra memory after updating the dtb with mbedtls
heap information when shared heap is used.
Change-Id: Ibec727661116429f486464a0c9f15e9760d7afe2
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
ROMLIB extract functions code from BL images to put them inside ROM.
This has for effect to reduce the size of the BL images.
This patch take this size reduction into consideration to optimize the
memory layout of BL2.
A new "PLAT_ARM_BL2_ROMLIB_OPTIMIZATION" macro is defined and used to
reduce "PLAT_ARM_MAX_BL2_SIZE". This allows to remove the gap between
BL1 and BL2 when ROMLIB is used and provides more room for BL31.
The current memory gain is 0x6000 for fvp and 0x8000 for juno.
Change-Id: I71c2c2c63b57bce5b22a125efaefc486ff3e87be
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
The number of levels in the topology has not changed but the count of
processing elements on the lowest layer is now multiplied by the value
of FVP_MAX_PE_PER_CPU.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: Ia1568a40ea33dbbbcdfab6c8ab6d19f4db0b8eb4
N1SDP supports multichip configuration wherein n1sdp boards are
connected over high speed coherent CCIX link, for now only dual-chip
is supported.
Whether or not multiple chips are present is dynamically probed by
SCP firmware and passed on to TF-A, routing table will be set up
only if multiple chips are present.
Initialize GIC-600 multichip operation by overriding the default GICR
frames with array of GICR frames and setting the chip 0 as routing
table owner.
Change-Id: Ida35672be4bbf4c517469a5b330548d75e593ff2
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Earlier PIE support was enabled for all arm platforms when
RESET_TO_BL31=1, but later on it was restricted only to FVP with patch
SHA d4580d17 because of n1sdp platform.
Now it has been verified that PIE does work for n1sdp platform also, so
enabling it again for all arm platforms.
Change-Id: I05ad4f1775ef72e7cb578ec9245cde3fbce971a5
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
ARM platform can have a non-contiguous GICR frames. For instance, a
multi socket platform can have two or more GIC Redistributor frames
which are 4TB apart. Hence it is necessary for the `gicv3_rdistif_probe`
function to probe all the GICR frames available in the platform.
Introduce `plat_arm_override_gicr_frames` function which platforms can
use to override the default gicr_frames which holds the GICR base
address of the primary cpu.
Change-Id: I1f537b0d871a679cb256092944737f2e55ab866e
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
N1SDP supports multichip configuration wherein n1sdp boards are
connected over high speed coherent CCIX link for now only dual-chip is
supported.
A single instance of TF-A runs on master chip which should be aware of
slave chip's CPU and memory topology.
This patch updates platform macros to include remote chip's information
and also ensures that a single version of firmware works for both single
and dual-chip setup.
Change-Id: I75799fd46dc10527aa99585226099d836c21da70
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Platform information structure holds information about platform's DDR
size(local/remote) which will be used to zero out the memory before
enabling the ECC capability as well as information about multichip
setup. Multichip and remote DDR information can only be probed in SCP,
SDS region will be used by TF-A to get this information at boot up.
This patch introduces a new SDS to store platform information, which is
populated dynamically by SCP Firmware.previously used mem_info SDS is
also made part of this structure itself.
The platform information is also passed to BL33 by copying it to Non-
Secure SRAM.
Change-Id: I4781dc6a7232c3c0a3219b164d943ce9e3e469ee
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
There are some platforms which uses MPIDR Affinity level 3 for storing
extra affinity information e.g. N1SDP uses it for keeping chip id in a
multichip setup, for such platforms MPIDR validation should not fail.
This patch adds Aff3 bits also as part of mpidr validation mask, for
platforms which does not uses Aff3 will not have any impact as these
bits will be all zeros.
Change-Id: Ia8273972fa7948fdb11708308d0239d2dc4dfa85
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
a5ds only has always-on power domain and there is no power control
present. However, without the pwr_domain_off handler, the kernel
panics when the user will try to switch off secondary cores. The
a5ds_pwr_domain_off handler will prevent kernel from crashing,
i.e. the kernel will attempt but fail to shut down the secondary CPUs
if the user tries to switch them offline.
Change-Id: I3c2239a1b6f035113ddbdda063c8495000cbe30c
Signed-off-by: Usama Arif <usama.arif@arm.com>
* changes:
Migrate ARM platforms to use the new GICv3 API
Adding new optional PSCI hook pwr_domain_on_finish_late
GICv3: Enable multi socket GIC redistributor frame discovery
This patch invokes the new function gicv3_rdistif_probe() in the
ARM platform specific gicv3 driver. Since this API modifies the
shared GIC related data structure, it must be invoked coherently
by using the platform specific pwr_domain_on_finish_late hook.
Change-Id: I6efb17d5da61545a1c5a6641b8f58472b31e62a8
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The Fast Models provide a non-volatile counter component, which is used
in the Trusted Board Boot implementation to protect against rollback
attacks.
This component comes in 2 versions (see [1]).
- Version 0 is the default and models a locked non-volatile counter,
whose value is fixed.
- Version 1 of the counter may be incremented in a monotonic fashion.
plat_set_nv_ctr() must cope with both versions. This is achieved by:
1) Attempting to write the new value in the counter.
2) Reading the value back.
3) If there is a mismatch, we know the counter upgrade failed.
When using version 0 of the counter, no upgrade is possible so the
function is expected to fail all the time. However, the code is
missing a compiler barrier between the write operation and the next
read. Thus, the compiler may optimize and remove the read operation on
the basis that the counter value has not changed. With the default
optimization level used in TF-A (-Os), this is what's happening.
The fix introduced in this patch marks the write and subsequent read
accesses to the counter as volatile, such that the compiler makes no
assumption about the value of the counter.
Note that the comment above plat_set_nv_ctr() was clearly stating
that when using the read-only version of the non-volatile counter,
"we expect the values in the certificates to always match the RO
values so that this function is never called". However, the fact that
the counter value was read back seems to contradict this comment, as
it is implementing a counter-measure against misuse of the
function. The comment has been reworded to avoid any confusion.
Without this patch, this bug may be demonstrated on the Base AEM FVP:
- Using version 0 of the non-volatile counter (default version).
- With certificates embedding a revision number value of 32
(compiling TF-A with TFW_NVCTR_VAL=32).
In this configuration, the non-volatile counter is tied to value 31 by
default. When BL1 loads the Trusted Boot Firmware certificate, it
notices that the two values do not match and tries to upgrade the
non-volatile counter. This write operation is expected to fail
(because the counter is locked) and the function is expected to return
an error but it succeeds instead.
As a result, the trusted boot does not abort as soon as it should and
incorrectly boots BL2. The boot is finally aborted when BL2 verifies
the BL31 image and figures out that the version of the SoC Firmware
Key Certificate does not match. On Arm platforms, only certificates
signed with the Root-of-Trust Key may trigger an upgrade of the
non-volatile Trusted counter.
[1] https://developer.arm.com/docs/100964/1160/fast-models-components/peripheral-components/nonvolatilecounter
Change-Id: I9979f29c23b47b338b9b484013d1fb86c59db92f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Enable cores 1-3 using psci. On receiving the smc call from kernel,
core 0 will bring the secondary cores out pen and signal an event for
the cores. Currently on switching the cores is enabled i.e. it is not
possible to suspend, switch cores off, etc.
Change-Id: I6087e1d2ec650e1d587fd543efc1b08cbb50ae5f
Signed-off-by: Usama Arif <usama.arif@arm.com>
For the secondary CPUs, hold the cpu in wfe rather then panic.
This will be needed when multicore support is added to a5ds as
the smc call will write to the hold base and signal an event to
power on the secondary CPUs.
Change-Id: I0ffc2059e9ef894c21375ca5c94def859bfa6599
Signed-off-by: Usama Arif <usama.arif@arm.com>
This patch provides the following features and makes modifications
listed below:
- Individual APIAKey key generation for each CPU.
- New key generation on every BL31 warm boot and TSP CPU On event.
- Per-CPU storage of APIAKey added in percpu_data[]
of cpu_data structure.
- `plat_init_apiakey()` function replaced with `plat_init_apkey()`
which returns 128-bit value and uses Generic timer physical counter
value to increase the randomness of the generated key.
The new function can be used for generation of all ARMv8.3-PAuth keys
- ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`.
- New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions
generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively;
pauth_disable_el1()` and `pauth_disable_el3()` functions disable
PAuth for EL1 and EL3 respectively;
`pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from
cpu-data structure.
- Combined `save_gp_pauth_registers()` function replaces calls to
`save_gp_registers()` and `pauth_context_save()`;
`restore_gp_pauth_registers()` replaces `pauth_context_restore()`
and `restore_gp_registers()` calls.
- `restore_gp_registers_eret()` function removed with corresponding
code placed in `el3_exit()`.
- Fixed the issue when `pauth_t pauth_ctx` structure allocated space
for 12 uint64_t PAuth registers instead of 10 by removal of macro
CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h`
and assigning its value to CTX_PAUTH_REGS_END.
- Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions
in `msr spsel` instruction instead of hard-coded values.
- Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI.
Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Some cores support only AArch64 from EL1 and above, e.g. A76, N1 etc. If
TF-A is compiled with CTX_INCLUDE_AARCH32_REGS=0 so as to properly
handle those cores, only the AArch64 cores' assembly is included in the
TF-A binary. In other words, for FVP, TF-A assumes that AArch64 only
cores will never exist in the same cluster with cores that also support
AArch32.
However, A55 and A75 can be used as AArch64 only cores, despite
supporting AArch32, too. This patch enables A55 and A75 to exist in
clusters together with AArch64 cores.
Change-Id: I58750ad6c3d76ce77eb354784c2a42f2c179031d
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
This patch adds support for Corstone-700 foundation IP, which integrates
both Cortex-M0+ and Cortex-A(Host) processors in one handy, flexible
subsystem.
This is an example implementation of Corstone-700 IP host firmware.
Cortex-M0+ will take care of boot stages 1 and 2(BL1/BL2) as well as
bringing Host out RESET. Host will start execution directly from BL32 and
then will jump to Linux.
It is an initial port and additional features are expected to be added
later.
Change-Id: I7b5c0278243d574284b777b2408375d007a7736e
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
SMMUv3 driver functions which are called from BL1 and BL31
currently use counter-based poll method for testing status
bits. Adding Delay Timer driver to BL1 and BL31 is required
for timeout-based implementation using timer delay functions
for SMMU and other drivers.
This patch adds new function `fvp_timer_init()` which
initialises either System level generic or SP804 timer based on
FVP_USE_SP804_TIMER build flag.
In BL2U `bl2u_early_platform_setup()` function the call to
`arm_bl2u_early_platform_setup()` (which calls
`generic_delay_timer_init()` ignoring FVP_USE_SP804_TIMER flag),
is replaced with `arm_console_boot_init()` and `fvp_timer_init()`.
Change-Id: Ifd8dcebf4019e877b9bc5641551deef77a44c0d1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Add the disable_auth dynamic parameter, that allows to disable the
authentication when TBBR is enabled. This parameter is for development
only.
Change-Id: Ic24ad16738517f7e07c4f506dcf69a1ae8df7d2d
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__.
All common C compilers pre-define the same macros to signal which
architecture the code is being compiled for: __arm__ for AArch32 (or
earlier versions) and __aarch64__ for AArch64. There's no need for TF-A
to define its own custom macros for this. In order to unify code with
the export headers (which use __aarch64__ to avoid another dependency),
let's deprecate the AARCH32 and AARCH64 macros and switch the code base
over to the pre-defined standard macro. (Since it is somewhat
unintuitive that __arm__ only means AArch32, let's standardize on only
using __aarch64__.)
Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200
Signed-off-by: Julius Werner <jwerner@chromium.org>
NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__.
All common C compilers predefine a macro called __ASSEMBLER__ when
preprocessing a .S file. There is no reason for TF-A to define it's own
__ASSEMBLY__ macro for this purpose instead. To unify code with the
export headers (which use __ASSEMBLER__ to avoid one extra dependency),
let's deprecate __ASSEMBLY__ and switch the code base over to the
predefined standard.
Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417
Signed-off-by: Julius Werner <jwerner@chromium.org>
Fixed the path to a source file specified in tsp makefile
Created a platform specific tsp makefile
Change-Id: I89565127c67eff510e48e21fd450af4c3088c2d4
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Code using Cryptocell specific APIs was used as part of the
arm common board ROT support, instead of being abstracted
in Cryptocell specific driver code, creating two problems:
- Any none arm board that uses Cryptocell wuld need to
copy and paste the same code.
- Inability to cleanly support multiple versions of Cryptocell
API and products.
Move over Cryptocell specific API calls into the Cryptocell
driver, creating abstraction API where needed.
Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com>
Change-Id: I9e03ddce90fcc47cfdc747098bece86dbd11c58e
The DMC-620 memory controllers in N1SDP platform has to be put
into CONFIG state before writing to ERR0CTLR0 register to enable
ECC.
This patch fixes the sequence so that DMCs are set to CONFIG
state before writing to ERR0CTLR0 register and moved back to
READY state after writing.
Change-Id: I1252f3ae0991603bb29234029cddb5fbf869c1b2
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
The watchdog is configured with a default value of 256 seconds in order
to implement the Trusted Board Boot Requirements.
For the FVP and Juno platforms, the FWU process relies on a watchdog
reset. In order to automate the test of FWU, the length of this process
needs to be as short as possible. Instead of waiting for those 4 minutes
to have a reset by the watchdog, tell it to reset immediately.
There are no side effects as the value of the watchdog's load register
resets to 0xFFFFFFFF.
Tested on Juno.
Change-Id: Ib1aea80ceddc18ff1e0813a5b98dd141ba8a3ff2
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
This patch adds support for Cortex-A5 FVP for the
DesignStart program. DesignStart aims at providing
low cost and fast access to Arm IP.
Currently with this patch only the primary CPU is booted
and the rest of them wait for an interrupt.
Signed-off-by: Usama Arif <usama.arif@arm.com>
Change-Id: I3a2281ce6de2402dda4610a89939ed53aa045fab
* changes:
qemu: use new console interface in aarch32
warp7: remove old console from makefile
Remove MULTI_CONSOLE_API flag and references to it
Console: removed legacy console API
N1SDP platform supports RDIMMs with ECC capability. To use the ECC
capability, the entire DDR memory space has to be zeroed out before
enabling the ECC bits in DMC620. Zeroing out several gigabytes of
memory from SCP is quite time consuming so functions are added that
zeros out the DDR memory from application processor which is
much faster compared to SCP. BL33 binary cannot be copied to DDR memory
before enabling ECC so this is also done by TF-A from IOFPGA-DDR3
memory to main DDR4 memory after ECC is enabled.
Original PLAT_PHY_ADDR_SPACE_SIZE was limited to 36-bits with which
the entire DDR space cannot be accessed as DRAM2 starts in base
0x8080000000. So these macros are redefined for all ARM platforms.
Change-Id: If09524fb65b421b7a368b1b9fc52c49f2ddb7846
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
BL2U should not build when RESET_TO_SP_MIN flag is set, like BL1 and
BL2.
Change-Id: Iac516121f98611ca1f58d2b5efdec6525b06ce4e
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
During the secondary cores' cold boot path, the cores initialise the GIC
CPU interface. However this is a redundant action since 1) the cores are
powered down immediately after that, 2) the GIC CPU interface is
initialised from scratch when the secondary cores are powered up again
later.
Moreover, this part of code was introducing a bug. In a GICv3 system,
the GIC's CPU interface system registers must not be written without the
core being marked as "awake" in the redistributor. However, this
sequence was performing such accesses and this would cause those cores
to hang. The hang was caused by the DSB instruction that would never
complete because of the GIC not recognising those writes.
For the two aforementioned reasons, the entire part of the GIC CPU
interface initialisation is removed.
Change-Id: I6c33a1edda69dd5b6add16a27390a70731b5532a
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
Some cores support only AArch64 mode. In those cores, only a limited
subset of the AArch32 system registers are implemented. Hence, if TF-A
is supposed to run on AArch64-only cores, it must be compiled with
CTX_INCLUDE_AARCH32_REGS=0.
Currently, the default settings for compiling TF-A are with the AArch32
system registers included. So, if we compile TF-A the default way and
attempt to run it on an AArch64-only core, we only get a runtime panic.
Now a compile-time check has been added to ensure that this flag has the
appropriate value when AArch64-only cores are included in the build.
Change-Id: I298ec550037fafc9347baafb056926d149197d4c
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
* changes:
N1SDP: Initialise CNTFRQ in Non Secure CNTBaseN
N1SDP: Fix DRAM2 start address
Add option for defining platform DRAM2 base
Disable speculative loads only if SSBS is supported
N1SDP exhibits the behavior similar to Juno wherein CNTBaseN.CNTFRQ
can be written but does not reflect the value of the CNTFRQ register
in CNTCTLBase frame. This doesn't follow ARM ARM in that the value
updated in CNTCTLBase.CNTFRQ is not reflected in CNTBaseN.CNTFRQ.
Hence enable the workaround (applied to Juno) for N1SDP that updates
the CNTFRQ register in the Non Secure CNTBaseN frame.
Change-Id: Id89ee1bca0f25c9d62f8f794f2c4f4e618cdf092
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
The default DRAM2 start address for Arm platforms
is 0x880000000. However, for N1SDP platform this is
0x8080000000.
Fix the DRAM2 start address by initialising
PLAT_ARM_DRAM2_BASE.
Without this fix there is a mismatch of the System
memory region view as seen by the BL31 runtime
firmware (PSCI) versus the view of the OS (which
is based on the description provided by UEFI. In
this case UEFI is correctly describing the DRAM2
start address).
This implicates in secondary cores failing to start
on some Operating Systems if the OS decides to place
the secondary start address in the mismatched region.
Change-Id: I57220e753219353dda429868b4c5e1a69944cc64
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
The default DRAM2 base address for Arm platforms
is 0x880000000. However, on some platforms the
firmware may want to move the start address to
a different value.
To support this introduce PLAT_ARM_DRAM2_BASE that
defaults to 0x880000000; but can be overridden by
a platform (e.g. in platform_def.h).
Change-Id: I0d81195e06070bc98f376444b48ada2db1666e28
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
For security DMA should be blocked at the SMMU by default
unless explicitly enabled for a device. SMMU is disabled
after reset with all streams bypassing the SMMU, and
abortion of all incoming transactions implements a default
deny policy on reset.
This patch also moves "bl1_platform_setup()" function from
arm_bl1_setup.c to FVP platforms' fvp_bl1_setup.c and
fvp_ve_bl1_setup.c files.
Change-Id: Ie0ffedc10219b1b884eb8af625bd4b6753749b1a
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch fixes this issue:
https://github.com/ARM-software/tf-issues/issues/660
The introduced changes are the following:
1) Some cores implement cache coherency maintenance operation on the
hardware level. For those cores, such as - but not only - the DynamIQ
cores, it is mandatory that TF-A is compiled with the
HW_ASSISTED_COHERENCY flag. If not, the core behaviour at runtime is
unpredictable. To prevent this, compile time checks have been added and
compilation errors are generated, if needed.
2) To enable this change for FVP, a logical separation has been done for
the core libraries. A system cannot contain cores of both groups, i.e.
cores that manage coherency on hardware and cores that don't do it. As
such, depending on the HW_ASSISTED_COHERENCY flag, FVP includes the
libraries only of the relevant cores.
3) The neoverse_e1.S file has been added to the FVP sources.
Change-Id: I787d15819b2add4ec0d238249e04bf0497dc12f3
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
This patch is a preparation for the subsequent changes in
SMMUv3 driver. It introduces a new "smmuv3_poll" function
and replaces inline functions for accessing SMMU registers
with mmio read/write operations. Also the infinite loop
for the poll has been replaced with a counter based timeout.
Change-Id: I7a0547beb1509601f253e126b1a7a6ab3b0307e7
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Security sources are required if stack-protector is enabled.
Change-Id: Ia0071f60cf03d48b200fd1facbe50bd9e2f8f282
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
The BL1 stage setup code for ARM platforms sets up the SP805 watchdog
controller as the secure watchdog. But not all ARM platforms use SP805
as the secure watchdog controller.
So introduce two new ARM platform code specific wrapper functions to
start and stop the secure watchdog. These functions then replace the
calls to SP805 driver in common BL1 setup code. All the ARM platforms
implement these wrapper functions by either calling into SP805 driver
or the SBSA watchdog driver.
Change-Id: I1a9a11b124cf3fac2a84f22ca40acd440a441257
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
There is a bug in the shared heap implementation for SGM. Until the bug
is solved, the default implementation is used.
Change-Id: I010911a3f00ed860f742b14daad1d99b9e7ce711
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
The implementation of the heap function plat_get_mbedtls_heap() becomes
mandatory for platforms supporting TRUSTED_BOARD_BOOT.
The shared Mbed TLS heap default weak function implementation is
converted to a helper function get_mbedtls_heap_helper() which can be
used by the platforms for their own function implementation.
Change-Id: Ic8f2994e25e3d9fcd371a21ac459fdcafe07433e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
The weak version of plat_get_mbedtls_heap() was being used.
Change-Id: I6da331a098dd1af5bb64729d5b914cfb74b8869e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
This file is used when building the cert_create tool without using
the 'standard' set of Arm OID values as defined in the TBBR
specification (see tbbr_oid.h). This configuration is enabled by
setting USE_TBBR_DEFS to 0 during build.
At the moment this will fail because the header file included by
this file was removed in commit bb41eb7a9d ("cert: move
platform_oid.h to include/tools_share for all platforms"). For
the SGM platform this means that there is no current use for
this file.
Change-Id: I3c82983ada62330f1ab6be6d6c0cf489adabae7b
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Improved support for W=2 compilation flag by solving some nested-extern
and sign-compare warnings.
The libraries are compiling with warnings (which turn into errors with
the Werror flag).
Outside of libraries, some warnings cannot be fixed.
Change-Id: I06b1923857f2a6a50e93d62d0274915b268cef05
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Improved support for W=1 compilation flag by solving missing-prototypes
and old-style-definition warnings.
The libraries are compiling with warnings (which turn into errors with
the Werror flag).
Outside of libraries, some warnings cannot be fixed without heavy
structural changes.
Change-Id: I1668cf99123ac4195c2a6a1d48945f7a64c67f16
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
Fixed the below bugs:
1) Bug related to build flag V=1: if the flag was V=0, building with
ROMLIB would fail.
2) Due to a syntax bug in genwrappers.sh, index file entries marked as
"patch" or "reserved" were ignored.
3) Added a prepending hash to constants that genwrappers is generating.
4) Due to broken dependencies, currently the inclusion functionality is
intentionally not utilised. This is why the contents of romlib/jmptbl.i
have been copied to platform specific jmptbl.i files. As a result of the
broken dependencies, when changing the index files, e.g. patching
functions, a clean build is always required. This is a known issue that
will be fixed in the future.
Change-Id: I9d92aa9724e86d8f90fcd3e9f66a27aa3cab7aaa
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
When RECLAIM_INIT_CODE is 1, the stack is used to contain the .text.init
section. This is by default enable on FVP. Due to the size increase of
the .text.init section, the stack had to be adjusted contain it.
Change-Id: Ia392341970fb86c0426cf2229b1a7295453e2e32
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
The dummy implementation of the plat_init_apiakey() platform API uses
an internal 128-bit buffer to store the initial key value used for
Pointer Authentication support.
The intent - as stated in the file comments - was for this buffer to
be write-protected by the MMU. Initialization of the buffer would be
performed before enabling the MMU, thus bypassing write protection
checks.
However, the key buffer ended up into its own read-write section by
mistake due to a typo on the section name ('rodata.apiakey' instead of
'.rodata.apiakey', note the leading dot). As a result, the linker
script was not pulling it into the .rodata output section.
One way to address this issue could have been to fix the section
name. However, this approach does not work well for BL1. Being the
first image in the boot flow, it typically is sitting in real ROM
so we don't have the capacity to update the key buffer at any time.
The dummy implementation of plat_init_apiakey() provided at the moment
is just there to demonstrate the Pointer Authentication feature in
action. Proper key management and key generation would have to be a
lot more careful on a production system.
Therefore, the approach chosen here to leave the key buffer in
writable memory but move it to the BSS section. This does mean that
the key buffer could be maliciously updated for intalling unintended
keys on the warm boot path but at the feature is only at an
experimental stage right now, this is deemed acceptable.
Change-Id: I121ccf35fe7bc86c73275a4586b32d4bc14698d6
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
MHU doorbell driver requires arm platform specific
macro "PLAT_CSS_MHU_BASE".
Rename it to "PLAT_MHUV2_BASE", so that platforms other than arm
can use generic MHU doorbell driver.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Replace all uses of 'SGI_CLARK' with 'RD_N1E1_EDGE' and
'SGI_CLARK_HELIOS' with 'RD_E1_EDGE' as per the updated product
names
Change-Id: Ib8136e421b1a46da1e5df58c6b1432d5c78d279b
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
This feature is only supported on FVP.
Change-Id: I4e265610211d92a84bd2773c34acfbe02a1a1826
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Replace all usage of 'sgiclark' with 'rdn1e1edge' and 'sgiclarkh' with
'rde1edge' as per the updated product names.
Change-Id: I14e9b0332851798531de21d70eb54f1e5557a7bd
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Replace all usage of 'sgiclark' with 'rdn1e1edge' and 'sgiclarka' with
'rdn1edge' as per the updated product names.
Change-Id: Idbc157c73477ec32f507ba2d4a4e907d8813374c
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Cortex A5 doesnt support VFP, Large Page addressing and generic timer
which are addressed in this patch. The device tree for Cortex a5
is also included.
Change-Id: I0722345721b145dfcc80bebd36a1afbdc44bb678
Signed-off-by: Usama Arif <usama.arif@arm.com>
This patch adds support for Versatile express FVP (Fast models).
Versatile express is a family of platforms that are based on ARM v7.
Currently this port has only been tested on Cortex A7, although it
should work with other ARM V7 cores that support LPAE, generic timers,
VFP and hardware divide. Future patches will support other
cores like Cortex A5 that dont support features like LPAE
and hardware divide. This platform is tested on and only expected to
work on single core models.
Change-Id: I10893af65b8bb64da7b3bd851cab8231718e61dd
Signed-off-by: Usama Arif <usama.arif@arm.com>
The variable is renamed to PLAT_ARM_RUN_UART as
the UART is used outside BL31 as well.
Change-Id: I00e3639dfb2001758b7d24548c11236c6335f64a
Signed-off-by: Usama Arif <usama.arif@arm.com>
Rather than letting the Trusty makefile set the option to enable dynamic
translation tables, make platforms do it themselves.
This also allows platforms to replace the implementation of the
translation tables library as long as they use the same function
prototypes.
Change-Id: Ia60904f61709ac323addcb57f7a83391d9e21cd0
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Many parts of the code were duplicating symbols that are defined in
include/common/bl_common.h. It is better to only use the definitions in
this header.
As all the symbols refer to virtual addresses, they have to be
uintptr_t, not unsigned long. This has also been fixed in bl_common.h.
Change-Id: I204081af78326ced03fb05f69846f229d324c711
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The BL33 image must not go past the end of DRAM.
Change-Id: I56668ab760d82332d69a8904d125d9a055aa91d5
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
PLAT_ARM_NS_IMAGE_OFFSET is in fact not an offset relative to some base
address, it is an absolute address. Rename it to avoid any confusion.
Change-Id: I1f7f5e8553cb267786afe7e5f3cd4d665b610d3f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The PLAT_XLAT_TABLES_DYNAMIC build option, defined in platform_def.h
in Arm platforms, is checked by several headers, affecting their
behaviour. To avoid issues around the include ordering of the headers,
the definition should be moved to the platform's makefile.
Change-Id: I0e12365c8d66309122e8a20790e1641a4f480a10
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Use full include paths like it is done for common includes.
This cleanup was started in commit d40e0e08283a ("Sanitise includes
across codebase"), but it only cleaned common files and drivers. This
patch does the same to Arm platforms.
Change-Id: If982e6450bbe84dceb56d464e282bcf5d6d9ab9b
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
On ARM platforms, the BL2 memory can be overlaid by BL31/BL32. The memory
descriptors describing the list of executable images are created in BL2
R/W memory, which could be possibly corrupted later on by BL31/BL32 due
to overlay. This patch creates a reserved location in SRAM for these
descriptors and are copied over by BL2 before handing over to next BL
image.
Also this patch increases the PLAT_ARM_MAX_BL2_SIZE for juno when TBBR
is enabled.
FixesARM-Software/tf-issues#626
Change-Id: I755735706fa702024b4032f51ed4895b3687377f
Signed-off-by: Sathees Balya <sathees.balya@arm.com>
The SPM implementation based on MM is going to be kept for the
foreseeable future.
Change-Id: I11e96778a4f52a1aa803e7e048d9a7cb24a53954
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Corrects typos in core code, documentation files, drivers, Arm
platforms and services.
None of the corrections affect code; changes are limited to comments
and other documentation.
Change-Id: I5c1027b06ef149864f315ccc0ea473e2a16bfd1d
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
From now on, platform_def.h must include any header with definitions that
are platform-specific (like arm_def.h) and the included headers mustn't
include back platform_def.h, and shouldn't be used by other files. Only
platform_def.h should be included in other files. This will ensure that all
needed definitions are present, rather than needing to include all the
headers in all the definitions' headers just in case.
This also prevents problems like cyclic dependencies.
Change-Id: I9d3cf4d1de4b956fa035c79545222697acdaf5ca
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The definitions in bl1/bl1_private.h and bl2/bl2_private.h are useful for
platforms that may need to access them.
Change-Id: Ifd1880f855ddafcb3bfcaf1ed4a4e0f121eda174
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
A previous commit 89f2e58985 ("plat/arm: remove weak implemention of
'plat_arm_psci_override_pm_ops' function") introduced a problem with the
CSS_USE_SCMI_SDS_DRIVER configuration. In juno_pm.c the
css_scmi_override_pm_ops function was used regardless of whether the
flag was set. This patch ifdefs the function to restore the original
behaviour.
Change-Id: I508025ba70cf3a9250cc6270c1df209179c37ae7
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
Update some asserts that refer to #defines that only occur in
ARM platforms, preventing this code to be used on other platforms.
Instead, use a platform agnostic name, and update all the existing
users.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
This patch removes the dependency of the N1SDP on soc
css defines in order to let the N1SDP platform port
define the uart related constants.
Change-Id: If13796f278586a01512ee99615502b30e478189e
Signed-off-by: Deepak Pandey <Deepak.Pandey@arm.com>
The top level makefile defines the PLAT variable, not PLATFORM.
This mistake was causing an empty variable expansion and showing an
incomplete error message.
Change-Id: I5da1275c73c61a7c1823643a76300f255841719d
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The patch SHA 55cf015c enabled PIE support when RESET_TO_BL31=1 for
all ARM platforms. But it seems n1sdp platform doesn't work with PIE
support yet. Hence restrict the ENABLE_PIE=1 to fvp platform.
Change-Id: If44e42528e4b0b57c69084503f346576fe0748bd
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Enforce full include path for includes. Deprecate old paths.
The following folders inside include/lib have been left unchanged:
- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}
The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).
For example, this patch had to be created because two headers were
called the same way: e0ea0928d5 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3a2 ("drivers: add tzc380 support").
This problem was introduced in commit 4ecca33988 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.
Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.
Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Even though this is not used unless SPD=tspd, only defining it when
SPD_tspd is defined doesn't have any advantage and it makes it harder to
read the code.
Change-Id: I3d93135e05f39be071d16f8a47394a9a3ff54bc8
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch allows platforms to define their
own jump table list for library at ROM. The
file has the list of functions to be used
from library at ROM. It can also include
other list files.
Change-Id: I721c35d7dad3dcadbb3a7f3277bfd5d3e1f6e00a
Signed-off-by: Sathees Balya <sathees.balya@arm.com>
SPM needs to map a number of regions on behalf of the secure partition.
Previously, it used to get a list of them from platform code using the
plat_get_secure_partition_mmap() API. Now it gets them from the resource
description structure.
The SPM<->SP shared buffer is mapped dynamically at EL3. This buffer is
used to pass information between SPM and SP, so it must be mapped at EL3
as well in order to be used by SPM.
Dynamic translation tables have been enabled when the Trusted Firmware
is compiled with SPM support.
Change-Id: I64ad335e931661812a0a60558e60372e1e5e6b72
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Load SP and RD from package instead of relying on RD being already
loaded in memory and the SP being loaded as a BL32 image.
Change-Id: I18d4fbf4597656c6a7e878e1d7c01a8a324f3f8a
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This information is retrieved from the resource description now.
Change-Id: Iaae23945eb2c45305cdc6442853e42f4e04fe094
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This information is defined by the Secure Partition in the resource
description.
Change-Id: Ia7db90c5de8360a596106880d3f6a632a88d3ea8
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Introduce helpers to create resource description struct, as well as code
to load the information from DTB files.
Change-Id: I0f5bb94eb8b01c6cb53fe807a9db0c05a70d7a43
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
SGI-Clark.Helios platform is similar to SGI-Clark.Ares platform.
The difference between these two platforms is the CPU type and
the number of CPUs. Add the base support for SGI-Clark.Helios platform.
Change-Id: I2b04cb3fb953907848b4fab016e3648899ca4256
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
For SGI-Clark.Helios platform, at present, only the CPU power ON/OFF
ops are supported. So override the PSCI ops to allow callbacks only
for CPU power ON/OFF operations.
Change-Id: Idc0a3deb78cb850310cbe849d77604fa9881579c
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
SGI-Clark.Helios platform is based on multi-threaded CPUs and uses an
additional thread power domain level as well.
Define a power domain tree descriptor 'sgi_clark_helios_pd_tree_desc'
for SGI-Clark.Helios platform and let the function
'plat_get_power_domain_tree_desc' pick up the correct power
domain tree descriptor based on the platform.
Change-Id: Ibc6d551b570bc740053316a3608c455679d9155b
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
With the two new APIs 'plat_arm_sgi_get_platform_id' and
'plat_arm_sgi_get_config_id' that are available now, BL31 need not
depend on hw_config device tree to identify the platform. In addition
to this, the existing hardware description in hw_config can be limited
to use by BL33 and not by the operating system.
So the hardware description from hw_config dts can be moved into
nt_fw_config dts and the use of hw_config dts can be removed.
Change-Id: I873b7e1e72823d3ec5d253a848e85ae724f09e49
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Add two new functions 'plat_arm_sgi_get_platform_id' and
'plat_arm_sgi_get_config_id' which will be implemented by all the
SGI platforms. These functions can be used to determine the part
number and configuration id of the SGI platforms.
In BL2, these functions are used to populate the 'system-id' node.
In BL31, these functions are used to populate the 'sgi_plat_info_t'
structure with the part number and configuration id of the platform.
Change-Id: I3bacda933527724a3b4074ad4ed5b53a81ea4689
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
In order to allow Arm platforms to override the default list of PSCI
callbacks, remove the existing weak implementation of
'plat_arm_psci_override_pm_ops' function and let all the Arm platforms
implement their own 'plat_arm_psci_override_pm_ops' function.
For platforms that support SCMI protocol, the function
'css_scmi_override_pm_ops' can be additionally used as well to
override the default PSCI callbacks.
Change-Id: If7c27468bd51a00ea9c2a3716b5894163f5a9f3c
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
For platforms with multi-threaded CPUs, the number of power domains
supported would be more than the value currently defined by
PLAT_MAX_PWR_LVL. So move the PLAT_MAX_PWR_LVL macro to platform
specific code and let the platform define the number of power domain
levels.
Change-Id: I21c0682e62b397860b2999031a0c9c5ce0d28eed
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
To support platforms which are based on multi-threaded CPUs, override
the weak implementation of plat_arm_get_cpu_pe_count function to return
the number of threads supported by the CPU used in the platform.
Change-Id: Ia680773f1277b17e2d3d2414d87943dcece33e89
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
The CSS_SYSTEM_PWR_DMN_LVL macro that defines the system power domain
level is fixed at ARM_PWR_LVL2 for all CSS platforms. However, the
system power domain level can be different for CSS platforms that
use multi-threaded CPUs.
So, in preparation towards adding support for platforms that use
multi-threaded CPUs, refactor the definition of CSS_SYSTEM_PWR_DMN_LVL
such that CSS_SYSTEM_PWR_DMN_LVL is uniquely defined for each of the
CSS platform.
Change-Id: Ia837b13f6865e71da01780993c048b45b7f36d85
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
The headers forked at some point in the past and have diverged a lot. In
order to make it easier to share code between TF-A-Tests and TF-A, this
patch synchronises most of the definitions in the mentioned headers.
This is not a complete sync, it has to be followed by more cleanup.
This patch also removes the read helpers for the AArch32 instructions
ats1cpr and ats1hr (they are write-only).
Change-Id: Id13ecd7aeb83bd2318cd47156d71a42f1c9f6ba2
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch adds support to build a combined BL1
and ROMLIB binary file with the right page
alignment in Juno. When USE_ROMLIB=1 is set for
Juno, it generates the combined file
bl1_romlib.bin which needs to be used instead of
bl1.bin
Change-Id: I407efbe48d3e522fa6ef855538a9587193cb1919
Signed-off-by: Sathees Balya <sathees.balya@arm.com>
Remove the platform common plat_arm_security_setup function to allow
platform specific implementations of the security setup function
implemented in the board directory of the platform.
For use by secure software, configure region0 of DMC-620 trustzone
controller to protect the upper 16MB of memory of the first DRAM block
from non-secure accesses.
Change-Id: I9a8c19656702c4fa4f6917b3655b692d443bb568
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Register a priority level, PLAT_SP_PRI, for secure partition with EL3
exception handling framework(ehf) module.
The secure partition manager(SPM) would raise the core's priority to
PLAT_SP_PRI before entering the secure partition, to protect the core
from getting interrupted while in secure partition.
Change-Id: I686897f052a4371e0efa9b929c07d3ad77249e95
Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>
All identifiers, regardless of use, that start with two underscores are
reserved. This means they can't be used in header guards.
The style that this project is now to use the full name of the file in
capital letters followed by 'H'. For example, for a file called
"uart_example.h", the header guard is UART_EXAMPLE_H.
The exceptions are files that are imported from other projects:
- CryptoCell driver
- dt-bindings folders
- zlib headers
Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This option allows the Trusted Firmware to directly jump to Linux
kernel for aarch32 without the need of an intermediate loader such
as U-Boot.
Similar to AArch64 ARM_LINUX_KERNEL_AS_BL33 only available with
RESET_TO_SP_MIN=1 as well as BL33 and DTB are preloaded in memory.
Change-Id: I908bc1633696be1caad0ce2f099c34215c8e0633
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
When CSS_USE_SCMI_DRIVER is not defined or set to 0, we get the
following build error.
plat/arm/board/juno/juno_topology.c:16:19: error: ‘CSS_SCMI_PAYLOAD_BASE’ undeclared here (not in a function)
.scmi_mbx_mem = CSS_SCMI_PAYLOAD_BASE,
^~~~~~~~~~~~~~~~~~~~~
plat/arm/board/juno/juno_topology.c:17:38: error: ‘CSS_SCMI_MHU_DB_REG_OFF’ undeclared here (not in a function)
.db_reg_addr = PLAT_CSS_MHU_BASE + CSS_SCMI_MHU_DB_REG_OFF,
^~~~~~~~~~~~~~~~~~~~~~~
CSS_CPU_PWR_STATE_OFF
Fix the error in order to get function legacy SCPI support functional.
Change-Id: I00cb80db9968aa0be546e33a3a682a2db87719be
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
The macro EL_IMPLEMENTED() has been deprecated in favour of the new
function el_implemented().
Change-Id: Ic9b1b81480b5e019b50a050e8c1a199991bf0ca9
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch adds support for the N1SDP (NeoVerse N1 System Development
Platform). It is an initial port and additional features are expected
to be added later.
The port includes only BL31 support as the System Control Processor
(SCP) is expected to take the role of primary boatloader
Change-Id: Ife17d8215a7bfcc1420204a72205e7ef920d0c10
Signed-off-by: Deepak Pandey <Deepak.Pandey@arm.com>
This patch enabled PIE for FVP when RESET_TO_BL31=1. The references
to BL31_BASE are replaced by BL31_START as being a symbol exported by
the linker, will create a dynamic relocation entry in .rela.dyn and
hence will be fixed up by dynamic linker at runtime. Also, we disable
RECLAIM_INIT_CODE when PIE is enabled as the init section overlay
creates some static relocations which cannot be handled by the
dynamic linker currently.
Change-Id: I86df1b0a8b2a8bbbe7c3f3c0b9a08c86c2963ec0
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch makes use of mov_imm macro where possible to load
immediate values within ARM platform layer.
Change-Id: I02bc7fbc1fa334c9fccf76fbddf515952f9a1298
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch adds a utility function to return
the address of a symbol. By default, the compiler
generates adr/adrp instruction pair to return
the reference and this utility is used to override
this compiler generated to code and use `ldr`
instruction.
This is needed for Position Independent Executable
when it needs to reference a symbol which is constant
and does not depend on the execute address of the
binary.
For example, on the FVP, the GICv3 register context is
stored in a secure carveout (arm_el3_tzc_dram) within
DDR and does not relocate with the BL image. Now if
BL31 is executing at a different address other than
the compiled address, using adrp/adr instructions to
reference this memory will not work as they generate an
address that is PC relative. The way to get around this
problem is to reference it as non-PC relative (i.e
non-relocatable location) via `ldr` instruction.
Change-Id: I5008a951b007144258121690afb68dc8e12ee6f7
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This function is not related to Arm platforms and can be reused by other
platforms if needed.
Change-Id: Ia9c328ce57ce7e917b825a9e09a42b0abb1a53e8
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
There are several platforms using arm_setup_page_tables(), which is
supposed to be Arm platform only. This creates several dependency
problems between platforms.
This patch adds the definition XLAT_TABLES_LIB_V2 to the xlat tables lib
v2 makefile. This way it is possible to detect from C code which version
is being used and include the correct header.
The file arm_xlat_tables.h has been renamed to xlat_tables_compat.h and
moved to a common folder. This way, when in doubt, this header can be
used to guarantee compatibility, as it includes the correct header based
on XLAT_TABLES_LIB_V2.
This patch also removes the usage of ARM_XLAT_TABLES_V1 from QEMU (so
that is now locked in xlat lib v2) and ZynqMP (where it was added as a
workaround).
Change-Id: Ie1e22a23b44c549603d1402a237a70d0120d3e04
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
SGI-Clark.Ares platform is a variant of the SGI-Clark platform. It has
two clusters of four Ares CPUs each. Though very similar to the SGI575
platform, there are subtle differences. HW_CONFIG and TB_FW_CONFIG dts
files have been added.
Change-Id: I740a33cbd1c3b1f1984cb56243b46ad379bab3e6
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
SGI-Clark platform is the next version in the Arm's SGI platform
series. One of the primary difference between the SGI-575 platform and
the SGI-Clark platform is the MHU version (MHUv2 in case of SGI-Clark).
Add the required base support for SGI-Clark platform.
Change-Id: If396e5279fdf801d586662dad0b55195e81371e4
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
On SGI platforms that include Ares CPUs, the 'CORE_PWRDN_EN' bit of
'CPUPWRCTLR_EL1' register requires an explicit write to clear it to
enable hotplug and idle to function correctly.
The reset value of the CORE_PWRDN_EN bit is zero but it still requires
this explicit clear to zero. This indicates that this could be a model
related issue but for now this issue can be fixed be clearing the
CORE_PWRDN_EN bit in the platform specific reset handler function.
Change-Id: I8b9884ae27a2986d789bfec2e9ae792ef930944e
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
In Arm platforms the crash console doesn't print anything if the crash
happens early enough. This happens in all images, not only BL1. The
reason is that they the files ``plat/common/aarch64/platform_helpers.S``
and ``plat/arm/common/aarch64/arm_helpers.S``, and the crash console
functions are defined as weak in both files. In practice, the linker
can pick the one in ``plat/common``, which simply switches the multi
console to crash mode when it wants to initialize the crash console.
In the case of Arm platforms, there are no console drivers registered
at that point, so nothing is printed.
This patch makes the functions in plat/arm strong so that they override
the weak functions in plat/common.
Change-Id: Id358db7d2567d7df0951790a695636cf6c9ac57f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Version 1.4.7 of libfdt is bigger than the current one (1.4.2) and the
current reserved space for BL2 in Juno isn't enough to fit the Trusted
Firmware when compiling with clang or armclang.
Change-Id: I7b73394ca60d17f417773f56dd5b3d54495a45a8
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The definitions FAIL_CONTROL_*_SHIFT were incorrect, they have been
fixed.
The types tzc_region_attributes_t and tzc_action_t have been removed and
replaced by unsigned int because it is not allowed to do logical
operations on enums.
Also, fix some address definitions in arm_def.h.
Change-Id: Id37941d76883f9fe5045a5f0a4224c133c504d8b
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The default values of 'plat_css_scmi_plat_info' is not applicable for
all the platforms. There should be a provision to let platform code to
register a platform specific instance of scmi_channel_plat_info_t.
Add a new API 'plat_css_get_scmi_info' which lets the platform to
register a platform specific instance of scmi_channel_plat_info_t and
remove the default values.
In addition to this, the existing 'plat_css_scmi_plat_info' structure
is removed from the common code and instantiated for the platforms that
need it. This allows for a consistent provisioning of the SCMI channel
information across all the existing and upcoming platforms.
Change-Id: I4fb65d7f2f165b78697b4677f1e8d81edebeac06
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Dynamically populating the 'system-id' node in the HW_CONFIG dts makes
it difficult to enforce memory overlap checks. So add the system-id node
in the HW_CONFIG dts file as a place holder with 'platform-id' and
'config-id' set to zero.
The code at BL2 stage determines the values of 'platform-id' and
'config-id' at runtime and updates the corresponding fields in the
system-id node of HW_CONFIG dts.
Change-Id: I2ca9980b994ac418da8afa0c72716ede10aff68a
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
To align the placement of ftds files with that of other Arm platforms,
move the ftds files from plat/arm/css/sgi/ to plat/arm/board/sgi575.
Change-Id: Id7c772eb5cf3d308d4e02a3c8099218e889a0e96
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
On SGI platforms, the interconnect is setup by the SCP and so the
existing unused interconnect setup in sgi575 platform code can be
removed. As a result of this, sgi_plat_config.c and sgi_bl1_setup.c
files can be removed as these files are now empty or can be
substainated by the existing weak functions.
Change-Id: I3c883e4d1959d890bf2213a9be01f02551ea3a45
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
In preparation of adding support for upcoming SGI platforms, macros
common to all the SGI platforms are moved into sgi_base_platform_def.h
file. Macros that are specific to sgi575 platform remain in the
platform_def.h file. In addition to this, the platform_def.h file is
moved to sgi575 board directory. Also the ENT_CPU_SOURCES has been
renamed to SGI_CPU_SOURCES and moved from sgi-common.mk to board
specific makefile platform.mk
Change-Id: Iccdd9f070f4feea232b9fbf4fdcc0ef2e8eccbf2
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
When HW_ASSISTED_COHERENCY is enabled we can use spinlocks
instead of using the more complex and slower bakery algorithm.
Change-Id: I9d791a70050d599241169b9160a67e57d5506564
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
macro jump_if_cpu_midr is used commonly by many arm platform.
It has now been relocated to common place to remove duplication
of code.
Change-Id: Ic0876097dbc085df4f90eadb4b7687dde7c726da
Signed-off-by: Deepak Pandey <Deepak.Pandey@arm.com>
This file is shared between FVP and all CSS platforms. While it may be
true that some definitions can be common, it doesn't make sense
conceptually. For example, the stack size depends on the platform and so
does the SRAM size.
After removing them, there are not enough common definitions to justify
having this header, so the other definitions have been moved to the
platform_def.h of FVP, board_css_def.h and arm_def.h.
Change-Id: Ifbf4b017227f9dfefa1a430f67d7d6baae6a4ba1
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This file is only used by Juno as all other CSS platforms have their own
private memory maps.
Change-Id: I1c9f27aac7b1d8bff4d92674e8bde5505b93c8c4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The "Secure" prefix (S-ELx) is valid only for S-EL0 and S-EL1 but is
meaningless for EL3, since EL3 is always secure. Hence, the "S" prefix
has been removed from wherever it was used as "S-EL3".
Change-Id: Icdeac9506d763f9f83d7297c7113aec7b85e9dbe
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
In the function, bl1_early_platform_setup in the file
plat/arm/css/sgm/sgm_bl1_setup.c:
plat_config_init();
arm_bl1_early_platform_setup();
The debug messages logged by plat_config_init() are lost because
the console is initialized in the function
arm_bl1_early_platform_setup()
To see the logs of plat_config_init, this fix re-orders above calls
so that the console is initialized before call to plat_config_init.
Change-Id: I2e98f1f67c591cca24e28905acd0838ea3697a7c
Signed-off-by: Girish Pathak <girish.pathak@arm.com>
This way it can be reused by other platforms if needed.
Note that this driver is designed to work with the Versatile Express NOR
flash of Juno and FVP. In said platforms, the memory is organized as an
interleaved memory of two chips with a 16 bit word.
Any platform that wishes to reuse it with a different configuration will
need to modify the driver so that it is more generic.
Change-Id: Ic721758425864e0cf42b7b9b04bf0d9513b6022e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This lets any future CSS platforms to use RESET_TO_BL31 flag.
Change-Id: I32a90fce43cb0c6f4d33589653a0fd6a7ecc9577
Signed-off-by: Deepak Pandey <Deepak.Pandey@arm.com>
Map the initialization code for BL31 to overlap with the memory
required for the secondary cores stack. Once BL31 has been
initialized the memory can be remapped to RW data so that it can
be used for secondary cores stacks. By moving code from .text to
.text.init the size of the BL31 image is decreased by a page.
Split arm_common.ld.S into two linker scripts, one for tzc_dram
(arm_tzc_dram.ld.S) and one for reclaiming initialization code
(arm_reclaim_init.ld.S) so that platforms can chose which memory
regions they wish to include.
Change-Id: I648e88f3eda1aa71765744cf34343ecda9320b32
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Mark the GICv3, CCI and CCN code only used in Bl31 initialization
with __init to be reclaimed once no longer needed.
Change-Id: I3d77f36758450d9d1d87ecc60bc1c63fe4082667
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Mark the initialization functions found in the BL31 boot sequence
as __init so they can be reclaimed when no longer needed.
Change-Id: I687a89346419c7710ef5097feaa325d83c527697
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Remove ARM_MAP_BL_ROMLIB memory region macro as it is now split
into two regions for code and data
Change-Id: Ic17b5b584933c196db29fe83051d7e0a8e92911c
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
This option makes it hard to optimize the memory definitions of all Arm
platforms because any change in the common defines must work in all of
them. The best thing to do is to remove it and move the definition to
each platform's header.
FVP, SGI and SGM were using the definitions in board_arm_def.h. The
definitions have been copied to each platform's platform_def.h. Juno
was already using the ones in platform_def.h, so there have been no
changes.
Change-Id: I9aecd11bbc72a3d0d7aad1ef9934d8df21dcfaf2
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
- Remove references to removed build options.
- Remove support for legacy GIC driver.
- Remove support for LOAD_IMAGE_V2=0.
Change-Id: I72f8c05620bdf4a682765e6e53e2c04ca749a3d5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Fixed a Coverity defect by adding a runtime check to avoid potential
NULL pointer dereference.
Change-Id: I9a0aa0efd27334131ac835b43348658b436c657d
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
For sgm775 the SCP_BL2 build in debug mode is around 94KiB which
is higher than the maximum size for SCP_BL2.
This patch increase the maximum allowed size for SCP_BL2 to
96KiB.
Change-Id: Ibca0daadba41429301c651ae21cbba87e45ccddf
Signed-off-by: Elieva Pignat <Elieva.Pignat@arm.com>
Set MULTI_CONSOLE_API=1 for both AArch64 and AArch32 by default.
MULTI_CONSOLE_API=0 is still supported, but it has to be set from the
command line.
Change-Id: I4eeaa8e243a3fe93ed8a716e502666a26ad28f35
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Allow AArch32 to use the multi console driver by adding the
required functions
Change-Id: I9e69f18965f320074cf75442d6b0de891aef7936
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
The patch d323af9 removed the support for coherent memory in BL1 and
BL2 for ARM platforms. But the CryptoCell SBROM integration depends
on use of coherent buffers for passing data from the AP CPU to the
CryptoCell. Hence this patch reintroduces support for coherent
memory in BL1 and BL2 if ARM_CRYPTOCELL_INTEG=1.
Change-Id: I011482dda7f7a3ec9e3e79bfb3f4fa03796f7e02
Signed-Off-by: Soby Mathew <soby.mathew@arm.com>
This patch fixes an array overrun in CSS scmi driver if the
system power domain level is less than 2. This was reported from
https://scan.coverity.com/projects/arm-software-arm-trusted-firmware
CID 308492
Change-Id: I3a59c700490816718d20c71141281f19b2b7e7f7
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The patch 7b56928 unified the FWU mechanism on FVP and Juno
platforms due to issues with MCC firmware not preserving the
NVFLAGS. With MCCv150 firmware, this issue is resolved. Also
writing to the NOR flash while executing from the same flash
in Bypass mode had some stability issues. Hence, since the
MCC firmware issue is resolved, this patch reverts to the
NVFLAGS mechanism to detect FWU. Also, with the introduction
of SDS (Shared Data Structure) by the SCP, the reset syndrome
needs to queried from the appropriate SDS field.
Change-Id: If9c08f1afaaa4fcf197f3186887068103855f554
Signed-off-by: Sathees Balya <sathees.balya@arm.com>
Signed-off-by: Soby Mathew <Soby.Mathew@arm.com>
Adds an undocumented build option that enables non-secure access to
the PL011 UART1.
This allows a custom build where the UART can be used as a serial debug
port for WinDbg (or other debugger) connection.
This option is not documented in the user guide, as it is provided as a
convenience for Windows debugging, and not intended for general use.
In particular, enabling non-secure access to the UART might allow
a denial of service attack!
Change-Id: I4cd7d59c2cac897cc654ab5e1188ff031114ed3c
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Signed-off-by: Evan Lloyd <evan.lloyd@arm.com>
A cache flush is added in BL1, in Mbed TLS shared heap code. Thus, we
ensure that the heap info written to the DTB always gets written back to
memory. Hence, sharing this info with other images is guaranteed.
Change-Id: I0faada31fe7a83854cd5e2cf277ba519e3f050d5
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
In Mbed TLS shared heap code, an additional sanity check is introduced
in BL2. Currently, when BL2 shares heap with BL1, it expects the heap
info to be found in the DTB. If for any reason the DTB is missing, BL2
cannot have the heap address and, hence, Mbed TLS cannot proceed. So,
BL2 cannot continue executing and it will eventually crash. With this
change we ensure that if the DTB is missing BL2 will panic() instead of
having an unpredictable crash.
Change-Id: I3045ae43e54b7fe53f23e7c2d4d00e3477b6a446
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
This patch, firstly, makes the error messages consistent to how printed
strings are usually formatted. Secondly, it removes an unnecessary #if
directive.
Change-Id: Idbb8ef0070562634766b683ac65f8160c9d109e6
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
This patch introduces the shared Mbed TLS heap optimisation for Arm
platforms. The objective is the Mbed TLS heap to be shared between BL1
and BL2 so as to not allocate the heap memory twice. To achieve that,
the patch introduces all the necessary helpers for implementing this
optimisation. It also applies it for FVP.
Change-Id: I6d85eaa1361517b7490956b2ac50f5fa0d0bb008
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
Add another level of abstraction of weak defs for
arm_bl2_handle_post_image_load to prevent two weak definitions
of the same function
Change-Id: Ie953786f43b0f88257c82956ffaa5fe0d19603db
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Small patch which removes some redundant casts to (void *).
Change-Id: If1cfd68f2989bac1d39dbb3d1c31d4119badbc21
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
The codebase was using non-standard headers. It is needed to replace
them by the correct ones so that we can use the new libc headers.
Change-Id: I530f71d9510cb036e69fe79823c8230afe890b9d
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
All the arm platforms were including the files related to
mem-protect. This configuration generates some problems
with new platforms that don't support such functionality,
and for that reason this patch moves these files to the
platform specific makefiles.
Change-Id: I6923e5224668b76667795d8e11723cede7979b1e
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
These changes address most of the required MISRA rules. In the process,
some from generic code is also fixed.
No functional changes.
Change-Id: I707dbec9b34b802397e99da2f5ae738165d6feba
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Add support for System Guidance for Mobile platform SGM775
Change-Id: I2442a50caae8f597e5e5949cd48f695cf75d9653
Signed-off-by: Nariman Poushin <nariman.poushin@linaro.org>
In css platforms where the cpu/cluster management is done by the hardware,
software does need to issue certain scmi requests.
This patch wraps those scmi calls around the HW_ASSISTED_COHERENCY
build option to remove them on platforms that have this hardware support.
Change-Id: Ie818e234484ef18549aa7f977aef5c3f0fc26c27
Signed-off-by: Deepak Pandey <Deepak.Pandey@arm.com>
Signed-off-by: Amit Daniel Kachhap <amit.kachhap@arm.com>
Signed-off-by: Nariman Poushin <nariman.poushin@linaro.org>
This omission causes a build error as the definition for
arm_tzc_regions_info_t is needed from plat_arm.h
Change-Id: I26935ee90d3e36ab6a016ff2c4eee4413df3e4e8
Signed-off-by: Nariman Poushin <nariman.poushin@linaro.org>
The Arm SGI platforms can switch to using SCMI. So enable support for
SCMI and remove portions of code that would be unused after switching
to SCMI.
Change-Id: Ifd9e1c944745f703da5f970b5daf1be2b07ed14e
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
On SGI platforms, the 'CORE_PWRDN_EN' bit of 'CPUPWRCTLR_EL1'
register requires an explicit write to clear it for hotplug and
idle to function correctly. The reset value of this bit is zero
but it still requires this explicit clear to zero. This indicates
that this could be a model related issue but for now this issue can
be fixed be clearing the CORE_PWRDN_EN in the platform specific
reset handler function.
Change-Id: I4222930daa9a3abacdace6b7c3f4a5472ac0cb19
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
TF Makefile was linking all the objects files generated for the
fdt library instead of creating a static library that could be
used in the linking stage.
Change-Id: If3705bba188ec39e1fbf2322a7f2a9a941e1b90d
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
TF won't build since no memory region is specified
for when SEPARATE_CODE_AND_RODATA=0 it still relies on
the ARM_MAP_BL_RO_DATA region which is never defined for
this case. Create memory region combining code and RO data for
when the build flag SEPARATE_CODE_AND_RODATA=0 to fix this
Change-Id: I6c129eb0833497710cce55e76b8908ce03e0a638
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Add the various flags that are required to build the components needed
to enable the RAS feature on SGI575 platform. By default, all flags
are set to 0, disabling building of all corresponding components.
Change-Id: I7f8536fba895043ef6e397cc33ac9126cb572132
Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>
Add platform specific changes needed to add support for the RAS
feature on SGI575 platform, including adding a mapping for the
CPER buffer being used on SGI575 platform.
Change-Id: I01a982e283609b5c48661307906346fa2738a43b
Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>
Add a platform specific handler for RAS interrupts and configure the
platform RAS interrupts for EL3 handling. The interrupt handler passes
control to StandaloneMM code executing in S-EL0, which populates the
CPER buffer with relevant error information. The handler subsequently
invokes the SDEI client which processes the information in the error
information in the CPER buffer. The helper functions
plat_sgi_get_ras_ev_map and plat_sgi_get_ras_ev_map_size would be
defined for sgi platforms in the subsequent patch, which adds sgi575
specific RAS changes.
Change-Id: I490f16c15d9917ac40bdc0441659b92380108d63
Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>
The secure partition manager reserves chunks of memory which are used
for the S-EL0 StandaloneMM image and the buffers required for
communication between the Non-Secure world with the StandaloneMM
image. Add the memory chunks to relevant arrays for mapping the
regions of memory with corresponding attributes.
Change-Id: If371d1afee0a50ca7cacd55e16aeaca949d5062b
Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>
The SGI platforms need to allocate memory for CPER buffers. These
platform buffers would be placed between the shared reserved memory
and the per cpu stack memory, thus the need to redefine stack base
pointer for these platforms. This patch allows each board in ARM
platform to define the PLAT_SP_IMAGE_STACK_BASE.
Change-Id: Ib5465448b860ab7ab0f645f7cb278a67acce7be9
Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>
Include arm_spm_def.h in the platform_def.h file. Without this
inclusion, we get build errors like
In file included from services/std_svc/spm/sp_setup.c:12:0:
services/std_svc/spm/sp_setup.c: In function 'spm_sp_setup':
services/std_svc/spm/sp_setup.c:61:57: error: 'PLAT_SPM_BUF_BASE'
undeclared (first use in this function)
write_ctx_reg(get_gpregs_ctx(ctx), CTX_GPREG_X0, PLAT_SPM_BUF_BASE);
Now that the platform_def.h includes arm_spm_def.h, remove inclusion
of platform_def.h in arm_spm_def.h to remove the circular dependency.
Change-Id: I5225c8ca33fd8d288849524395e436c3d56daf17
Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>
The board_arm_def.h header file needs to be included via the platform
definition header. Not doing so, results in a redefinition error of
PLAT_ARM_MAX_BL31_SIZE macro, if defined in the platform definition
file.
Change-Id: I1d178f6e8a6a41461e7fbcab9f6813a2faa2d82b
Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>
Change arm_setup_page_tables() to take a variable number of memory
regions. Remove coherent memory region from BL1, BL2 and BL2U as
their coherent memory region doesn't contain anything and
therefore has a size of 0. Add check to ensure this
doesn't change without us knowing.
Change-Id: I790054e3b20b056dda1043a4a67bd7ac2d6a3bc0
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
This also gets rid of MISRA violations for Rule 8.3 and 8.4.
Change-Id: I45bba011b16f90953dd4b260fcd58381f978eedc
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The plat_arm_mmap variable is already declared in plat_arm.h, which is
included from plat/arm/common/arm_common.c.
Similarly, plat_arm.h declares the 'plat_arm_psci_pm_ops' variable, which
does not need to be declared again in plat/arm/common/arm_pm.c.
The duplication was not compliant with MISRA rule 8.5.
Change-Id: Icc42547cc025023226b1078a7ec4f06d093364b7
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined
Fixed for:
make DEBUG=1 PLAT=juno SPD=tspd CSS_USE_SCMI_SDS_DRIVER=1 all
Change-Id: Id732c8df12ef3e20903c41b7ab9a9b55341d68ac
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.3: All declarations of an object or function shall
use the same names and type qualifiers.
Fixed for:
make DEBUG=1 PLAT=juno SPD=tspd CSS_USE_SCMI_SDS_DRIVER=1 all
Change-Id: Id9dcc6238b39fac6046abc28141e3ef5e7aa998d
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined
Fixed for:
make DEBUG=1 PLAT=juno ARCH=aarch32 AARCH32_SP=sp_min RESET_TO_SP_MIN=1 JUNO_AARCH32_EL3_RUNTIME=1 bl32
Change-Id: I3ac25096b55774689112ae37bdf1222f9a9ecffb
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.3: All declarations of an object or function shall
use the same names and type qualifiers.
Fixed for:
make DEBUG=1 PLAT=juno ARCH=aarch32 AARCH32_SP=sp_min RESET_TO_SP_MIN=1 JUNO_AARCH32_EL3_RUNTIME=1 bl32
Change-Id: Ia34f5155e1cdb67161191f69e8d1248cbaa39e1a
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Currenly the CNTFRQ register and system timer is initialized in BL31 for
use by the normal world. During firmware update, the NS-BL1 or NS-BL2U
may need to access the system timer. Hence this patch duplicates the
CNTFRQ and system timer initialization in BL1 as well.
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I1ede78b4ae64080fb418cb93f3e48b26d7b724dc
Set the ability to dynamically disable Trusted Boot Board
authentication to be off by default
Change-Id: Ibd2aa179179f7d9b0e7731c6e450f200a8c67529
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
In the case of the platform max power level being less than the system
power level, make sure to not overrun the array of power states.
This fixes Coverity Scan OVERRUN defect CID 267021.
Change-Id: I52646ab9be2fceeb5c331b5dad7a6267991f4197
Signed-off-by: Nariman Poushin <nariman.poushin@linaro.org>
This is to fix a number of Coverity Scan DEADCODE defects, CID numbers
listed below, as reported from
https://scan.coverity.com/projects/arm-software-arm-trusted-firmware
CID 267023
CID 267022
CID 267020
Change-Id: I2963a799b210149e84ccab5c5b9082267ddfe337
Signed-off-by: Nariman Poushin <nariman.poushin@linaro.org>
The file arm_ras.c intended to provide common platform-specific RAS
configuration for Arm platforms. Because this file has symbol
definitions, it's proving difficult to provide a common definition.
This patch therefore renames and makes the file specific to FVP. Other
platforms shall provide their own configuration in similar fashion.
Change-Id: I766fd238946e3e49cdb659680e1b45f41b237901
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Currently TF-A doesn't initialise CNTFRQ register in CNTCTLBase
frame of the system timer. ARM ARM states that "The instance of
the register in the CNTCTLBase frame must be programmed with this
value as part of system initialization."
The psci_arch_setup() updates the CNTFRQ system register but
according to the ARM ARM, this instance of the register is
independent of the memory mapped instance. This is only an issue
for Normal world software which relies on the memory mapped
instance rather than the system register one.
This patch resolves the issue for ARM platforms.
The patch also solves a related issue on Juno, wherein
CNTBaseN.CNTFRQ can be written and does not reflect the value of
the register in CNTCTLBase frame. Hence this patch additionally
updates CNTFRQ register in the Non Secure frame of the CNTBaseN.
FixesARM-Software/tf-issues#593
Change-Id: I09cebb6633688b34d5b1bc349fbde4751025b350
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The old API is deprecated and will eventually be removed.
Arm platforms now use the multi console driver for boot and runtime
consoles. However, the crash console uses the direct console API because
it doesn't need any memory access to work. This makes it more robust
during crashes.
The AArch32 port of the Trusted Firmware doesn't support this new API
yet, so it is only enabled in AArch64 builds. Because of this, the
common code must maintain compatibility with both systems. SP_MIN
doesn't have to be updated because it's only used in AArch32 builds.
The TSP is only used in AArch64, so it only needs to support the new
API without keeping support for the old one.
Special care must be taken because of PSCI_SYSTEM_SUSPEND. In Juno, this
causes the UARTs to reset (except for the one used by the TSP). This
means that they must be unregistered when suspending and re-registered
when resuming. This wasn't a problem with the old driver because it just
restarted the UART, and there were no problems associated with
registering and unregistering consoles.
The size reserved for BL2 has been increased.
Change-Id: Icefd117dd1eb9c498921181a21318c2d2435c441
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Having these definitions in board_arm_def.h forces to
all the arm platforms to use the same definition for
PLAT_ARM_MEM_PROT_ADDR.
This macro also enables the mem-protect mechanism,
which means that all the arm platform has enabled
mem-protect and they cannot get rid of it.
Change-Id: Id29d2c51cbe6edc15f010a9f5a20c42266c48a08
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
In Arm platforms, when using dynamic configuration, the necessary
parameters are made available as a DTB. The DTB is loaded by BL1 and,
later on, is parsed by BL1, BL2 or even both, depending on when
information from the DTB is needed.
When the DTB is going to be parsed, it must be validated first, to
ensure that it is properly structured. If an invalid DTB is detected
then:
- BL1 prints a diagnostic but allows execution to continue,
- BL2 prints a diagnostic and panics.
Now the behaviour of BL1 is changed so for it also to panic. Thus, the
behaviour of BL1 and BL2 is now similar.
Keep in mind that if BL1 only loads the DTB but it doesn't need to
read/write it, then it doesn't validate it. The validation is done only
when the DTB is actually going to be accessed.
Change-Id: Idcae6092e6dbeab7248dd5e041d6cbb7784fe410
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
Remove the redundant SGI functions which map memory
for BL1 and BL2.
Change-Id: I651a06d0eb6d28263a56f59701bb3815f1ba93dc
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Append a node to hw-config dtb which will include a property to hold
the value of the SSC_VERSION register. This will be used by the BL33
stage to determine the platform-id and the config-id of the platform
it is executing on.
Change-Id: Ie7b1e5d8c1bbe0efdb7ef0714f14b7794ec6058e
Signed-off-by: Amit Daniel Kachhap <amit.kachhap@arm.com>
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Remove the existing method of populating the platform id in arg2 of
BL33 which is no longer needed with dynamic configuration feature
enabled as the BL33 will get this information directly via the config
files. Add the tb_fw_config and hw_config dts files.
Change-Id: I3c93fec2aedf9ef1f774a5f0969d2d024e47ed2c
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
RFC4122 defines that fields are stored in network order (big endian),
but TF-A stores them in machine order (little endian by default in TF-A).
We cannot change the future UUIDs that are already generated, but we can store
all the bytes using arrays and modify fiptool to generate the UUIDs with
the correct byte order.
Change-Id: I97be2d3168d91f4dee7ccfafc533ea55ff33e46f
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
The translation tables allocated for the Secure Partition do not need
to be treated as a special case. They can be put amongst the other
tables mapping BL31's general purpose memory. They will be mapped with
the same attributes as them, which is fine.
The explicit alignment constraint in BL31's linker script to pad the
last page of memory allocated to the Secure Partition's translation
tables is useless too, as page tables are per se pages, thus their
end address is naturally aligned on a page-boundary.
In fact, this patch does not change the existing behaviour. Since
patch 22282bb68a ("SPM: Move all SP-related info to SP context
struct"), the secure_partition.c file has been renamed into sp_xlat.c
but the linker script has not been properly updated. As a result, the
SP translation tables are not specifically put at the start of the
xlat_table linker section, the __SP_IMAGE_XLAT_TABLES_START__/_END__
symbols have the same value, the size of the resulting mmap_region
covering these xlat tables is 0 and so it is ignored.
Change-Id: I4cf0a4cc090298811cca53fc9cee74df0f2b1512
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Follow convention of shorter names for smaller scope to fix
violations of MISRA rule 5.7
To prevent violation of directive 4.5 having variable name channel
in css_pm_scmi.c not being typographically ambiguous change macro
argument CHANNEL in css_mhu_doorbell.h change argument to _channel
to fit with our convention which is a permitted exception of
directive 4.5 for this project
Rule 5.7: A tag name shall be a unique identifier
Fixed for:
make LOG_LEVEL=50 PLAT=juno
Change-Id: I147cdb13553e83ed7df19149b282706db115d612
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Use a _ prefix for macro arguments to prevent that argument from
hiding variables of the same name in the outer scope
Rule 5.3: An identifier declared in an inner scope shall not
hide an identifier declared in an outer scope
Fixed For:
make LOG_LEVEL=50 PLAT=juno
Change-Id: I575fbc96e8267f2b075e88def1f6e3185394613a
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
The upcoming patch that adds dynamic mitigation for Cortex-A76
requires that DYNAMIC_WORKAROUND_CVE_2018_3639=1. On FVP, we pull in
all the CPU files into the build which means there will be a build
failure if DYNAMIC_WORKAROUND_CVE_2018_3639=0.
Change-Id: I2e781cbeafbf5d16eaabf76a1677e0c9f81269d2
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Both Cortex-Ares and Cortex-A76 CPUs use the ARM DynamIQ Shared Unit
(DSU). The power-down and power-up sequences are therefore mostly
managed in hardware, and required software operations are simple.
Change-Id: I3a9447b5bdbdbc5ed845b20f6564d086516fa161
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
This patch bumps up the BL1-RW size for Juno and at the same time reduces
the BL2 size when TBB is enabled, TF_MBEDTLS_KEY_ALG=rsa+ecdsa. The BL2
size for this config is reduced as it was observed that the peak memory
usage is only reached when SPD=opteed and the dual rsa+ecdsa support is
not needed for this case.
Change-Id: Ia9009771b5cfd805e9cc75410aabb7db99fc2fbc
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The patch changes the layout of BL images in memory to enable
more efficient use of available space. Previously BL31 was loaded
with the expectation that BL2 memory would be reclaimed by BL32
loaded in SRAM. But with increasing memory requirements in the
firmware, we can no longer fit BL32 in SRAM anymore which means the
BL2 memory is not reclaimed by any runtime image. Positioning BL2
below BL1-RW and above BL31 means that the BL31 NOBITS can be
overlaid on BL2 and BL1-RW.
This patch also propogates the same memory layout to BL32 for AArch32
mode. The reset addresses for the following configurations are also
changed :
* When RESET_TO_SP_MIN=1 for BL32 in AArch32 mode
* When BL2_AT_EL3=1 for BL2
The restriction on BL31 to be only in DRAM when SPM is enabled
is now removed with this change. The update to the firmware design
guide for the BL memory layout is done in the following patch.
Change-Id: Icca438e257abe3e4f5a8215f945b9c3f9fbf29c9
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The weak pragma was assigned twice to the bl2_plat_handle_post_image_load
definition both in plat/common/ and in plat/arm/common/ this was an error as
it should have only have been defined in plat/common
Change-Id: Id85e14c699cb09ed998d1677f2a172e760911918
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
BL31 is running out of space, and the use-case of SPM doesn't require it
to be in SRAM. To prevent BL31 from running out of space in the future,
move BL31 to DRAM if SPM is enabled.
Secure Partition Manager design document updated to reflect the changes.
Increased the size of the stack of BL31 for builds with SPM.
The translation tables used by SPM in Arm platforms have been moved back
to the 'xlat_tables' region instead of 'arm_el3_tzc_dram'. Everything is
in DRAM now, so it doesn't make sense to treat them in a different way.
Change-Id: Ia6136c8e108b8da9edd90e9d72763dada5e5e5dc
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch adds soc_fw_config, tos_fw_config and nt_fw_config to the FVP.
The config files are placeholders and do not have any useful bindings
defined. The tos_fw_config is packaged in FIP and loaded by BL2 only
if SPD=tspd. The load address of these configs are specified in tb_fw_config
via new bindings defined for these configs. Currently, in FVP, the
soc_fw_config and tos_fw_config is loaded in the page between BL2_BASE
and ARM_SHARED_RAM. This memory was typically used for BL32 when
ARM_TSP_RAM_LOCATION=tsram but since we cannot fit BL32 in that
space anymore, it should be safe to use this memory for these configs.
There is also a runtime check in arm_bl2_dyn_cfg_init() which ensures
that this overlap doesn't happen.
The previous arm_dyn_get_hwconfig_info() is modified to accept configs
other than hw_config and hence renamed to arm_dyn_get_config_load_info().
The patch also corrects the definition of ARM_TB_FW_CONFIG_LIMIT to be
BL2_BASE.
Change-Id: I03a137d9fa1f92c862c254be808b8330cfd17a5a
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch adds capability to FVP to disable authentication dynamically
via the `disable_auth` property in TB_FW_CONFIG. Both BL1 and BL2 parses
the TB_FW_CONFIG for the `disable_auth` property and invokes the
`load_dyn_disable_auth()` API to disable authentication if the
property is set to 1. The DYN_DISABLE_AUTH is enabled by default for
FVP as it is a development platform. Note that the TB_FW_CONFIG has to
be authenticated by BL1 irrespective of these settings.
The arm_bl2_dyn_cfg_init() is now earlier in bl2_plat_preload_setup()
rather than in bl2_platform_setup() as we need to get the value of
`disable_auth` property prior to authentication of any image by BL2.
Change-Id: I734acd59572849793e5020ec44c6ac51f654a4d1
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The MT bit in MPIDR is always set for SGI platforms and so the
core position calculation code is updated to take into account
the thread affinity value as well.
Change-Id: I7b2a52707f607dc3859c6bbcd2b145b7987cb4ed
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Signed-off-by: Vishwanatha HG <vishwanatha.hg@arm.com>
Instead of instantiating a local copy of GICv3 driver data for SGI
platforms, reuse the existing instance of GICv3 driver data available
in the arm common platform code.
Change-Id: If6f38e15d1f0e20cea96fff98091da300015d295
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Signed-off-by: Vishwanatha HG <vishwanatha.hg@arm.com>
This reverts commit 2f18aa1fa3.
It is causing some tests to fail. Until the cause is found and fixed, it
is needed to remove this commit from master.
Change-Id: Ic5ff7a841903a15613e00379e87cbbd8a0e85152
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
SGI-575's NSRAM is neither in the same place nor the same size as Juno's.
Change-Id: Id6d692e9c7e9c1360014bb525eda966ebe29c823
Signed-off-by: Chris Kay <chris.kay@arm.com>
Normally, BL33 needs to contain a boot loader like U-Boot or UEFI that
eventually gives control to the OS. However, in some cases, this boot
sequence may be too slow. For example, when doing tests in a
cycle-accurate emulator, the user may only be interested in the
interaction between the Trusted Firmware and the OS, not in the boot
process itself.
The new option ARM_LINUX_KERNEL_AS_BL33 allows BL33 to contain the Linux
kernel image by changing the value of registers x0-x3 to the values
expected by the kernel. This option requires the device tree blob (DTB)
to be present in memory. Its address must be specified in the newly
introduced ARM_PRELOADED_DTB_BASE build option. For now, it only supports
AArch64 kernels.
This option is only available when RESET_TO_BL31=1. For this reason
the BL33 binary must be preloaded in memory and PRELOADED_BL33_BASE must
be used.
For example, if the kernel is loaded at 0x80080000 and the DTB is loaded
at address 0x82000000, the firmware could be built like this:
CROSS_COMPILE=aarch64-linux-gnu- \
make PLAT=fvp DEBUG=1 \
RESET_TO_BL31=1 \
ARM_LINUX_KERNEL_AS_BL33=1 \
PRELOADED_BL33_BASE=0x80080000 \
ARM_PRELOADED_DTB_BASE=0x82000000 \
all fip
Change-Id: If9dc847c65ae2d0c27b51f0fd44fc06b28497db9
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The old API is deprecated and will eventually be removed.
Arm platforms now use the multi console driver for boot and runtime
consoles. However, the crash console uses the direct console API because
it doesn't need any memory access to work. This makes it more robust
during crashes.
The AArch32 port of the Trusted Firmware doesn't support this new API
yet, so it is only enabled in AArch64 builds. Because of this, the
common code must maintain compatibility with both systems. SP_MIN
doesn't have to be updated because it's only used in AArch32 builds.
The TSP is only used in AArch64, so it only needs to support the new
API without keeping support for the old one.
Special care must be taken because of PSCI_SYSTEM_SUSPEND. In Juno, this
causes the UARTs to reset (except for the one used by the TSP). This
means that they must be unregistered when suspending and re-registered
when resuming. This wasn't a problem with the old driver because it just
restarted the UART, and there were no problems associated with
registering and unregistering consoles.
The size of BL31 has been increased in builds with SPM.
Change-Id: Icefd117dd1eb9c498921181a21318c2d2435c441
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
- Assign 0x10 for RAS exceptions on ARM platforms, and install
EHF priority descriptor.
- Call the common RAS initialisation from ARM BL31 setup.
- Add empty definitions for platform error records and RAS interrupts.
Change-Id: I0675f299b7840be4c83a9c7a81073a95c605dc90
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Previously mem_protect used to be only supported from BL2. This is not
helpful in the case when ARM TF-A BL2 is not used. This patch demonstrates
mem_protect from el3_runtime firmware on ARM Platforms specifically
when RESET_TO_BL31 or RESET_TO_SP_MIN flag is set as BL2 may be absent
in these cases. The Non secure DRAM is dynamically mapped into EL3 mmap
tables temporarily and then the protected regions are then cleared. This
avoids the need to map the non secure DRAM permanently to BL31/sp_min.
The stack size is also increased, because DYNAMIC_XLAT_TABLES require
a bigger stack.
Change-Id: Ia44c594192ed5c5adc596c0cff2c7cc18c001fde
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
SGI-575 platform is based on Cortex-A75 processor which has its MT bit
in the MPIDR register set to '1'. So the Arm platform layer code has
to be made aware of this.
Signed-off-by: Sudipto Paul <sudipto.paul@arm.com>
Currently the SCMI driver supports MHUv1, but Arm platforms may have
varied versions of MHU driver, with MHUv2 controllers being in the
latest Arm platforms.
This patch updates the SCMI driver to support MHUv2, specifically that
the sender must send the wake-up to the receiver before initiating any
data transfer.
Also, the existing mhu driver files, css_mhu.c and css_mhu.h, have been
moved from the scpi directory to a new directory, css/drivers/mhu.
Change-Id: I9b46b492a3e1d9e26db12d83a9773958a8c8402f
Signed-off-by: Samarth Parikh <samarth.parikh@arm.com>
Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined
Fixed for:
make DEBUG=1 PLAT=fvp SPD=tspd TRUSTED_BOARD_BOOT=1 \
GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
ROT_KEY=arm_rotprivk_rsa.pem MBEDTLS_DIR=mbedtls all
Change-Id: Ie4cd6011b3e4fdcdd94ccb97a7e941f3b5b7aeb8
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined
Fixed for:
make DEBUG=1 PLAT=fvp SPD=tspd all
Change-Id: I0a16cf68fef29cf00ec0a52e47786f61d02ca4ae
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.3: All declarations of an object or function shall
use the same names and type qualifiers.
Fixed for:
make DEBUG=1 PLAT=juno LOG_LEVEL=50 all
Change-Id: I0e4a03a0d2170cb1c632e079112a972091994a39
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined
Fixed for:
make DEBUG=1 PLAT=fvp LOG_LEVEL=50 all
Change-Id: I32b223251b8bf5924149d89431a65d3405a73d3e
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Add TZMP1 support on Juno and increase the BL2 size accordingly due to the
extra data structures to describe the TZC regions and the additional code.
Signed-off-by: Summer Qin <summer.qin@arm.com>
This patch allows the ARM Platforms to specify the TZC regions to be
specified to the ARM TZC helpers in arm_tzc400.c and arm_tzc_dmc500.c.
If the regions are not specified then the default TZC region will be
configured by these helpers.
This override mechanism allows specifying special regions for TZMP1
usecase.
Signed-off-by: Summer Qin <summer.qin@arm.com>
Building TBBR(SPD=opteed) and non-TBBR TF-A images is breaking for
Juno for different configurations listed below:
* Overflow error of 4096 bytes for rsa algorithm.
* Overflow error of 8192 bytes for ecdsa algorithm.
* Overflow error of 4096 bytes for rsa+ecdsa algorithm.
* Overflow error of 4096 bytes for non-TBBR case.
So this patch increments macro PLAT_ARM_MAX_BL2_SIZE for all the above
cases accordingly.
Change-Id: I75ec6c0a718181d34553fe55437f0496f467683f
Signed-off-by: Amit Daniel Kachhap <amit.kachhap@arm.com>
The current AArch32 version of plat_arm_calc_core_pos uses an incorrect
algorithm to calculate the linear position of a core / PE from its
MPIDR.
This patch corrects the algorithm to:
(ClusterId * FVP_MAX_CPUS_PER_CLUSTER) * FVP_MAX_PE_PER_CPU
+ (CPUId * FVP_MAX_PE_PER_CPU)
+ ThreadId
which supports cores where there are more than 1 PE per CPU.
NOTE: the AArch64 version was fixed in 39b21d1
Change-Id: I72aea89d8f72f8b1fef54e2177a0fa6fef0f5513
Signed-off-by: David Cunado <david.cunado@arm.com>
Add support for System Guidance for Infrastructure platform SGI575.
Change-Id: I0125c2ed4469fbc8367dafcc8adce770b6b3147d
Signed-off-by: Nariman Poushin <nariman.poushin@linaro.org>
When the source code says 'SMCC' it is talking about the SMC Calling
Convention. The correct acronym is SMCCC. This affects a few definitions
and file names.
Some files have been renamed (smcc.h, smcc_helpers.h and smcc_macros.S)
but the old files have been kept for compatibility, they include the
new ones with an ERROR_DEPRECATED guard.
Change-Id: I78f94052a502436fdd97ca32c0fe86bd58173f2f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
x3 will be assigned by the folloing instructions.
So the first instruction is not needed any more.
old method:
(ClusterId * FVP_MAX_CPUS_PER_CLUSTER)
+ (CPUId * FVP_MAX_PE_PER_CPU)
+ ThreadId
it should be
(ClusterId * FVP_MAX_CPUS_PER_CLUSTER) * FVP_MAX_PE_PER_CPU
+ (CPUId * FVP_MAX_PE_PER_CPU)
+ ThreadId
which can be simplified as:
(ClusterId * FVP_MAX_CPUS_PER_CLUSTER + CPUId) * FVP_MAX_PE_PER_CPU + ThreadId
Signed-off-by: Wang Feng <feng_feng.wang@spreadtrum.com>
The FVP platform port for SP_MIN (BL32) didn't map the flash memory
in BL32 for stroring the mem_protect enable state information leading
to synchronous exception. The patch fixes it by adding the region to
the BL32 mmap tables.
Change-Id: I37eec83c3e1ea43d1b5504d3683eebc32a57eadf
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
Previously, Juno used to depend on the SSC_GPRETN register to inform
about the reset syndrome. This method was removed when SCP migrated
to the SDS framework. But even the SDS framework doesn't report the
reset syndrome correctly and hence Juno failed to enter Firmware
update mode if BL2 authentication failed.
In addition to that, the error code populated in V2M_SYS_NVFLAGS register
does not seem to be retained any more on Juno across resets. This could
be down to the motherboard firmware not doing the necessary to preserve
the value.
Hence this patch modifies the Juno platform to use the same mechanism to
trigger firmware update as FVP which is to corrupt the FIP TOC on
authentication failure. The implementation in `fvp_err.c` is made common
for ARM platforms and is moved to the new `arm_err.c` file in
plat/arm/common folder. The BL1 and BL2 mmap table entries for Juno
are modified to allow write to the Flash memory address.
Change-Id: Ica7d49a3e8a46a90efd4cf340f19fda3b549e945
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This issue was detected when testing FWU on Juno. The Timer
`timer_ops` was not being initialized before being used by
the SDS driver on Juno. This patch adds the call to
`generic_delay_timer_init()` during bl2u_early_platform_setup().
This is done generically for all ARM platforms because the
cost involved is minimal.
Change-Id: I349cf0bd1db68406eb2298b65f9c729f792cabdc
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch removes default platform implementations of sp_min
platform APIs from plat/common/aarch32/plat_common.c. The APIs
are now implemented in `plat_sp_min_common.c` file within the
same folder.
The ARM platform layer had a weak definition of sp_min_platform_setup2()
which conflicted with the weak definition in the common file. Hence this
patch fixes that by introducing a `plat_arm_` version of the API thus
allowing individual boards within ARM platforms to override it if they
wish to.
FixesARM-software/tf-issues#559
Change-Id: I11a74ecae8191878ccc7ea03f12bdd5ae88faba5
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This was correct according to the model specifications , but it seems
that FVP doesn't implement it. It is safer to use the size exposed by
the DTB which is currently used by Linux.
Change-Id: I9aabe3284a50ec2a36ed94966eb7e4ddf37cec3b
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined
Fixed for:
make DEBUG=1 PLAT=juno LOG_LEVEL=50 all
Change-Id: Ic8f611da734f356566e8208053296e6c62b54709
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.4: A compatible declaration shall be visible when
an object or function with external linkage is defined
Fixed for:
make DEBUG=1 PLAT=fvp LOG_LEVEL=50 all
Change-Id: I7c2ad3f5c015411c202605851240d5347e4cc8c7
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Rule 8.3: All declarations of an object or function shall
use the same names and type qualifiers.
Fixed for:
make DEBUG=1 PLAT=fvp LOG_LEVEL=50 all
Change-Id: I48201c9ef022f6bd42ea8644529afce70f9b3f22
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
FVPs that model DynamIQ configuration implements all CPUs in a single
cluster. I.e., such models have a single cluster with more than 4 CPUs.
This differs from existing default build configuration for FVP where up
to 4 CPUs are assumed per cluster.
To allow building for DynamIQ configuration, promote the macro
FVP_MAX_CPUS_PER_CLUSTER as a build option to have it set from the build
command line. The value of the build option defaults to 4.
Change-Id: Idc3853bc95f680869b434b011c2dbd733e40c6ce
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The SCP binaries provided in the 17.10 Linaro release (and onwards)
have migrated to the SCMI/SDS protocols. Therefore, the ARM TF should
now use the corresponding drivers by default.
This patch changes the default value of the CSS_USE_SCMI_SDS_DRIVER
build option to 1 for Juno.
Change-Id: Idb7e3c6af582f49e332167a2158703c2d781b437
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
MISRA C-2012 Rule 7.3 violation: lowercase l shall not be used as literal suffixes.
This patch resolves this for the ULL() macro by using ULL suffix instead
of the ull suffix.
Change-Id: Ia8183c399e74677e676956e8653e82375d0e0a01
Signed-off-by: David Cunado <david.cunado@arm.com>
This patch restricts building the dynamic config DTBs to the Unix
build environment as the Device Tree compiler may not be available
on other build environments.
Change-Id: Ie690e80010a174300e966240fd977b37561156e0
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch also fixes the assumption that the counters are disabled on
the resume path. This is incorrect as the AMU counters are enabled
early in the CPU reset function before `cpuamu_context_restore()`
runs.
Change-Id: I38a94eb166a523f00de18e86860434ffccff2131
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
This patch also fixes `cpuamu_write_cpuamcntenclr_el0()` to use an MSR
instruction instead of an MRS instruction.
Change-Id: Ia6531f64b5ebc60ba432124eaa8d8eaccba40ed0
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
This patch adds TB_FW_CONFIG for FVP and allows FVP
to select the appropriate HW_CONFIG to include in the
fip. The HW_CONFIG for FVP is selected via `FVP_HW_CONFIG_DTS`
build option. The TB_FW_CONFIG specifies the load address of
HW_CONFIG to BL2. Since currently the load address is different
between AARCH32 and AARCH64, 2 separate TB_FW_CONFIGs are
maintained for the 2 modes.
Change-Id: Ide8581e752dfa900087f5895c775073c841c0daf
Signed-Off-By: Soby Mathew <soby.mathew@arm.com>
The patch adds the necessary changes to load HW_CONFIG in BL2 for
ARM Platforms :
1. The load address of HW_CONFIG is specified via the `hw_config_addr`
property in TB_FW_CONFIG is loaded by BL1. The `hw_config_max_size`
property defines the maximum size to be expected for the HW_CONFIG.
The `arm_dyn_cfg_helpers.c` and corresponding header implements
utility functions to parse these DT properties defined.
The `arm_dyn_cfg.c` implements wrappers to these helpers to enable
them to be invoked from ARM platform layer.
2. `HW_CONFIG` is added to the `bl2_mem_params_descs[]` array which is
the list of images to be loaded by BL2.
3. The `libfdt` sources are now included when BL2 is built
4. A new helper `populate_next_bl_params_config()` is introduced in
desc_image_load.c to populate the subsequent executable BL images
with the `hw_config` and the corresponding `fw_config` if available.
The `plat_get_next_bl_params()` API for ARM platforms is modified to
invoke this new helper.
5. The implementation of `bl2_early_platform_setup2()` is modified to
consider `arg0` as well in addition to `arg1` passed from BL1.
6. Bump up the BL2 size for Juno to accommodate the inclusion of libfdt.
Change-Id: I80f1554adec41753e0d179a5237364f04fe13a3f
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch modifies the bl1_platform_setup() API to load and authenticate
TB_FW_CONFIG in BL1. The load address of the same is passed on to BL2 in
`arg0` of entrypoint info. The fvp_io_storage.c and arm_io_storage.c also
adds entries corresponding to TB_FW_CONFIG. A helper function
`arm_load_tb_fw_config()` is added to load and authenticate TB_FW_CONFIG
if present.
Change-Id: Ie7bce667b3fad2b1a083bbcbc0a773f9f04254b1
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch migrates the ARM Standard platforms to the new BL
handover interface. The arm_blx_early_platform_setup() functions
are also modified to take in 4 arguments. The `ARM_BL31_PLAT_PARAM_VAL`
value passed to BL31 from BL2 is now in arg3 in preparation of dynamic
configuration arguments.
Change-Id: I33e8e61325a19e7a7127b1ff203c3b86921bf153
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The console core flush API expects the base address in the first
register, but ARM helpers currently sets the second register with the
base address. This causes an assert failure.
This patch fixes that.
Change-Id: Ic54c423cd60f2756902ab3cfc77b3de2ac45481e
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
In the next commit, I need the image name in lowercase because
output files are generally named in lowercase.
Unfortunately, TOOL_ADD_IMG takes the first argument in uppercase
since we generally use uppercase Make variables.
make_helpers/build_macros.mk provides 'uppercase' macro to convert
a string into uppercase, but 'lowercase' does not exist. We can
implement it if we like, but it would be more straightforward to
change the argument of TOOL_ADD_IMG.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Now FIP_ADD_IMG takes care of both fiptool and cert_create
symmetrically. Rename it so that it matches the behavior.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The build system supports generating two FIP images, fip and fwu_fip.
Accordingly, we have similar build macros.
FIP_ADD_PAYLOAD <--> FWU_FIP_ADD_PAYLOAD
CERT_ADD_CMD_OPT <--> FWU_CERT_ADD_CMD_OPT
FIP_ADD_IMG <--> FWU_FIP_ADD_IMG
The duplicated code increases the maintenance burden. Also, the build
rule of BL2U looks clumsy - we want to call MAKE_BL to compile it from
source files, but we want to put it in fwu_fip. We can not do it in a
single macro call since the current MAKE_BL does not support fwu_fip.
To refactor those in a clean way is to support one more argument to
specify the FIP prefix. If it is empty, the images are targeted to
fip, whereas if the argument is "FWU_", targeted to fwu_fip.
The build macros prefixed with FWU_ go away.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This patch maps the devices in the first GB of the system address map
on the FVP into the S-EL1&0 translation regime when SPM support is
enabled. This grants the Secure Partition access to the devices in
this region, for example the memory-mapped Generic Timer device.
Change-Id: I3aeea65f859ecbe83efde2acee20c55500c451bc
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
This patch modifies the makefiles to avoid the definition
of BL1_SOURCES and BL2_SOURCES in the tbbr makefiles, and
it lets to the platform makefiles to define them if they
actually need these images. In the case of BL2_AT_EL3
BL1 will not be needed usually because the Boot ROM will
jump directly to BL2.
Change-Id: Ib6845a260633a22a646088629bcd7387fe35dcf9
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
This patch add supports for the new API added for BL2 at EL3 for
FVP. We don't have a non-TF Boot ROM for FVP, but this option can be
tested setting specific parameters in the model.
The bl2 image is loaded directly in memory instead of being loaded
by a non-TF Boot ROM and the reset address is changed:
--data cluster0.cpu0=bl2.bin@0x4001000
-C cluster0.cpu0.RVBAR=0x4001000
These parameters mean that in the cold boot path the processor will
jump to BL2 again. For this reason, BL2 is loaded in dram in this
case, to avoid other images reclaiming BL2 memory.
Change-Id: Ieb2ff8535a9e67ccebcd8c2212cad366e7776422
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
To allow BL31 to grow in SRAM, move TSP in TZC secured DRAM
by default.
Increase the BL31 max limit by one page.
Change-Id: Idd3479be02f0f9bafac2f275376d7db0c2015431
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
With this patch, ARM platforms are expected to define the macros
PLAT_ARM_SDEI_PRIVATE_EVENTS and PLAT_ARM_SDEI_SHARED_EVENTS as a list
of private and shared events, respectively. This allows for individual
platforms to define their own events.
Change-Id: I66851fdcbff83fd9568c2777ade9eb12df284b49
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
After returning from SYSTEM_SUSPEND state, BL31 reconfigures the
TrustZone Controller during the boot sequence. If BL31 is placed in
TZC-secured DRAM, it will try to change the permissions of the memory it
is being executed from, causing an exception.
The solution is to disable SYSTEM_SUSPEND when the Trusted Firmware has
been compiled with ``ARM_BL31_IN_DRAM=1``.
Change-Id: I96dc50decaacd469327c6b591d07964726e58db4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Common code mustn't include ARM platforms headers.
Change-Id: Ib6e4f5a77c2d095e6e8c3ad89c89cb1959cd3043
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch allows non-secure bus masters to access TZC region0 as well
as the EL3 Payload itself.
Change-Id: I7e44f2673a2992920d41503fb4c57bd7fb30747a
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Pre-v8.2 platforms such as the Juno platform does not have
the Scalable Vector Extensions implemented and so the build
option ENABLE_SVE is set to zero.
This has a minor performance improvement with no functional
impact.
Change-Id: Ib072735db7a0247406f8b60e325b7e28b1e04ad1
Signed-off-by: David Cunado <david.cunado@arm.com>
The bl2_early_platform_setup() and bl2_platform_setup() were
redefined for Juno AArch32 eventhough CSS platform layer had
same definition for them. The CSS definitions definitions were
previously restricted to EL3_PAYLOAD_BASE builds and this is now
modified to include the Juno AArch32 builds as well thus
allowing us to remove the duplicate definitions in Juno platform
layer.
Change-Id: Ibd1d8c1428cc1d51ac0ba90f19f5208ff3278ab5
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch fixes a couple of issues for AArch32 builds on ARM reference
platforms :
1. The arm_def.h previously defined the same BL32_BASE value for AArch64 and
AArch32 build. Since BL31 is not present in AArch32 mode, this meant that
the BL31 memory is empty when built for AArch32. Hence this patch allocates
BL32 to the memory region occupied by BL31 for AArch32 builds.
As a side-effect of this change, the ARM_TSP_RAM_LOCATION macro cannot
be used to control the load address of BL32 in AArch32 mode which was
never the intention of the macro anyway.
2. A static assert is added to sp_min linker script to check that the progbits
are within the bounds expected when overlaid with other images.
3. Fix specifying `SPD` when building Juno for AArch32 mode. Due to the quirks
involved when building Juno for AArch32 mode, the build option SPD needed to
specifed. This patch corrects this and also updates the documentation in the
user-guide.
4. Exclude BL31 from the build and FIP when building Juno for AArch32 mode. As
a result the previous assumption that BL31 must be always present is removed
and the certificates for BL31 is only generated if `NEED_BL31` is defined.
Change-Id: I1c39bbc0abd2be8fbe9f2dea2e9cb4e3e3e436a8
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Factor out SPE operations in a separate file. Use the publish
subscribe framework to drain the SPE buffers before entering secure
world. Additionally, enable SPE before entering normal world.
A side effect of this change is that the profiling buffers are now
only drained when a transition from normal world to secure world
happens. Previously they were drained also on return from secure
world, which is unnecessary as SPE is not supported in S-EL1.
Change-Id: I17582c689b4b525770dbb6db098b3a0b5777b70a
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Support SDEI on ARM platforms using frameworks implemented in earlier
patches by defining and exporting SDEI events: this patch defines the
standard event 0, and a handful of shared and private dynamic events.
Change-Id: I9d3d92a92cff646b8cc55eabda78e140deaa24e1
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Define number of priority bits, and allocate priority levels for SDEI.
Change-Id: Ib6bb6c5c09397f7caef950c4caed5a737b3d4112
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Provide a strong definition for plat_sdei_validate_sdei_entrypoint()
which translates client address to Physical Address, and then validating
the address to be present in DRAM.
Change-Id: Ib93eb66b413d638aa5524d1b3de36aa16d38ea11
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The function arm_validate_ns_entrypoint() validates a given non-secure
physical address. This function however specifically returns PSCI error
codes.
Non-secure physical address validation is potentially useful across ARM
platforms, even for non-PSCI use cases. Therefore make this function
common by returning 0 for success or -1 otherwise.
Having made the function common, make arm_validate_psci_entrypoint() a
wrapper around arm_validate_ns_entrypoint() which only translates return
value into PSCI error codes. This wrapper is now used where
arm_validate_ns_entrypoint() was currently used for PSCI entry point
validation.
Change-Id: Ic781fc3105d6d199fd8f53f01aba5baea0ebc310
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch brings in the following fixes:
- The per-PE target data initialized during power up needs to be
flushed so as to be visible to other PEs.
- Setup per-PE target data for the primary PE as well. At present,
this was only setup for secondary PEs when they were powered on.
Change-Id: Ibe3a57c14864e37b2326dd7ab321a5c7bf80e8af
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This initial port of the Secure Partitions Manager to FVP supports BL31
in both SRAM and Trusted DRAM.
A document with instructions to build the SPM has been added.
Change-Id: I4ea83ff0a659be77f2cd72eaf2302cdf8ba98b32
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Achin Gupta <achin.gupta@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
ARM_TSP_RAM_LOCATION_ID was defined only in AARCH64, but the macro
was also used in AARCH32, and it meant that it was taking the value 0,
which happened to equal ARM_TRUSTED_SRAM_ID.
Change-Id: If9f4dbee1a2ba15e7806f2a03305b554bd327363
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
For Trusted Board Boot, BL2 needs more space to support the ECDSA
and ECDSA+RSA algorithms.
Change-Id: Ie7eda9a1315ce836dbc6d18d6588f8d17891a92d
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
On Arm standard platforms, it runs out of SRAM space when TBB is
enabled, so the TSP default location is changed to dram when TBB
is enabled.
Change-Id: I516687013ad436ef454d2055d4e6fce06e467044
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
An earlier patch added provision for the platform to provide secure
interrupt properties. ARM platforms already has a list of interrupts
that fall into different secure groups.
This patch defines macros that enumerate interrupt properties in the
same fashion, and points the driver driver data to a list of interrupt
properties rather than list of secure interrupts on ARM platforms. The
deprecated interrupt list definitions are however retained to support
legacy builds.
Configuration applied to individual interrupts remain unchanged, so no
runtime behaviour change expected.
NOTE: Platforms that use the arm/common function
plat_arm_gic_driver_init() must replace their PLAT_ARM_G1S_IRQS and
PLAT_ARM_G0_IRQS macro definitions with PLAT_ARM_G1S_IRQ_PROPS and
PLAT_ARM_G0_IRQ_PROPS macros respectively, using the provided
INTR_PROP_DESC macro.
Change-Id: I24d643b83e3333753a3ba97d4b6fb71e16bb0952
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This function implements the platform dependant part of PSCI system
reset2 for CSS platforms using SCMI.
Change-Id: I724389decab484043cadf577aeed96b349c1466d
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
The common implementation of css_scp_sys_shutdown and
css_scp_warm_reset is refactored into a new function,
css_scp_system_off() that allows the desired power state to be
specified.
The css_scp_system_off can be used in the implementation of
SYSTEM_RESET2 for PSCI v1.1.
Change-Id: I161e62354d3d75f969b8436d794335237520a9a4
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Provides GICv3 save/restore feature to arm_system_pwr_domain_resume and
arm_system_pwr_domain_save functions.
Introduce FVP PSCI power level 3 (System level) support. This is solely
done to provide example code on how to use the GICv3 save and restore
helpers.
Also make CSS GICv3 platforms power off the Redistributor on SYSTEM
SUSPEND as its state is saved and restored.
Change-Id: I0d852f3af8824edee1a17c085cf593ddd33a4e77
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Co-Authored-by: Douglas Raillard <douglas.raillard@arm.com>
Some recent enhancements to EL3 runtime firmware like support for
save and restoring GICv3 register context during system_suspend
necessitates additional data memory for the firmware. This patch
introduces support for creating a TZC secured DDR carveout for use
by ARM reference platforms. A new linker section `el3_tzc_dram` is
created using platform supplied linker script and data marked with
the attribute `arm_el3_tzc_dram` will be placed in this section.
The FVP makefile now defines the `PLAT_EXTRA_LD_SCRIPT` variable to
allow inclusion of the platform linker script by the top level BL31
linker script.
Change-Id: I0e7f4a75a6ac51419c667875ff2677043df1585d
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
During system suspend, the GICv3 Distributor and Redistributor context
can be lost due to power gating of the system power domain. This means
that the GICv3 context needs to be saved prior to system suspend and
restored on wakeup. Currently the consensus is that the Firmware should
be in charge of this. See tf-issues#464 for more details.
This patch introduces helper APIs in the GICv3 driver to save and
restore the Distributor and Redistributor contexts. The GICv3 ITS
context is not considered in this patch because the specification says
that the details of ITS power management is implementation-defined.
These APIs are expected to be appropriately invoked by the platform
layer during system suspend.
FixesARM-software/tf-issues#464
Change-Id: Iebb9c6770ab8c4d522546f161fa402d2fe02ec00
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Commit 11ad8f208d added supporting
multi-threaded CPUs on FVP platform, including modifications for
calculating CPU IDs. This patch imports the strong definition of the
same CPU ID calculation on FVP platform for TSP.
Without this patch, TSP on FVP was using the default CPU ID calculation,
which would end up being wrong on CPUs with multi-threading.
Change-Id: If67fd492dfce1f57224c9e693988c4b0f89a9a9a
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
On ARM platforms, the maximum size of the address space is limited
to 32-bits as defined in arm_def.h. In order to access DRAM2, which
is defined beyond the 32-bit address space, the maximum address space
is increased to 36-bits in AArch64. It is possible to increase the
virtual space for AArch32, but it is more difficult and not supported
for now.
NOTE - the actual maximum memory address space is platform dependent
and is checked at run-time by querying the PARange field in the
ID_AA64MMFR0_EL1 register.
Change-Id: I6cb05c78a63b1fed96db9a9773faca04a5b93d67
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
mem_protect needs some kind of non-volatile memory because it has
to remember its state across reset and power down events.
The most suitable electronic part for this feature is a NVRAM
which should be only accesible from the secure world. Juno and
FVP lack such hardware and for this reason the MEM_PROTECT
functionality is implemented with Flash EEPROM memory on both
boards, even though this memory is accesible from the non-secure
world. This is done only to show a full implementation of
these PSCI features, but an actual system shouldn't use a
non-secure NVRAM to implement it.
The EL3 runtime software will write the mem_protect flag and BL2
will read and clear the memory ranges if enabled. It is done in
BL2 because it reduces the time that TF needs access to the full
non-secure memory.
The memory layout of both boards is defined using macros which
take different values in Juno and FVP platforms. Generic platform
helpers are added that use the platform specific macros to generate
a mem_region_t that is valid for the platform.
Change-Id: I2c6818ac091a2966fa07a52c5ddf8f6fde4941e9
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
For Trusted Board Boot, BL1 RW section and BL2 need more space to
support the ECDSA algorithm. Specifically, PLAT_ARM_MAX_BL1_RW_SIZE
is increased on ARM platforms.
And on the Juno platform:
- BL2 size, PLAT_ARM_MAX_BL2_SIZE is increased.
- SCP_BL2 is loaded into the space defined by BL31_BASE ->
BL31_RW_BASE. In order to maintain the same size space for
SCP_BL2,PLAT_ARM_MAX_BL31_SIZE is increased.
Change-Id: I379083f918b40ab1c765da4e71780d89f0058040
Co-Authored-By: David Cunado <david.cunado@arm.com>
Signed-off-by: Qixiang Xu <qixiang.xu@arm.com>
platform_def.h doesn't need all the definitions in utils.h,
the ones in utils_def.h are enough. This patch is related
to the changes introduced by commit 53d9c9c85b.
Change-Id: I4b2ff237a2d7fe07a7230e0e49b44b3fc2ca8abe
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>