* changes:
refactor(plat/nvidia): use SOC_ID defines
refactor(plat/mediatek): use SOC_ID defines
refactor(plat/arm): use SOC_ID defines
feat(plat/st): implement platform functions for SMCCC_ARCH_SOC_ID
refactor(plat/st): export functions to get SoC information
feat(smccc): add bit definition for SMCCC_ARCH_SOC_ID
Fix a remainder from early prototyping. OP-TEE as a secure partition
does not need specific SMC function id pass through to EL3.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I2843d1b9a5eb4c966f82790e1655fb569c2de7d4
The UUID strings used in FW_CONFIG DT are not aligned with UUIDs defined
in include/tools_share/firmware_image_package.h for BL32_EXTRA1 and
TRUSTED_KEY_CERT.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I517f8f9311585931f2cb931e0588414da449b694
This patch renames the Matterhorn, Matterhorn ELP, and Klein CPUs to
Cortex A710, Cortex X2, and Cortex A510 respectively.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I056d3114210db71c2840a24562b51caf2546e195
Use the macros that are now defined in include/lib/smccc.h.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I688a76277b729672835d51fafb68d1d6205b6ae4
Disable non-invasive debug of secure state for Juno
in release builds. This makes sure that PMU counts
only Non-secure events.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I0d1c3f96f3b4e48360a7211ae55851d65d291025
This patch adds support for the crypto and secure storage secure
partitions for the Total Compute platform. These secure partitions
have to be managed by Hafnium executing at S-EL2
Change-Id: I2df690e3a99bf6bf50e2710994a905914a07026e
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
AMU counters are used for monitoring the CPU performance. RD-V1-MC
platform has architected AMU available for each core. Enable the use of
AMU by non-secure OS for supporting the use of counters for processor
performance control (ACPI CPPC).
Change-Id: I33be594cee669e7f4031e5e5a371eec7c7451030
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
Added GPT parser support in BL2 for Arm platforms to get the entry
address and length of the FIP in the GPT image.
Also, increased BL2 maximum size for FVP platform to successfully
compile ROM-enabled build with this change.
Verified this change using a patch:
https://review.trustedfirmware.org/c/ci/tf-a-ci-scripts/+/9654
Change-Id: Ie8026db054966653b739a82d9ba106d283f534d0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
NOTE: Breaking change to the way UUIDs are stored in the DT
Currently, UUIDs are stored in the device tree as
sequences of 4 integers. There is a mismatch in endianness
between the way UUIDs are represented in memory and the way
they are parsed from the device tree. As a result, we must either
store the UUIDs in little-endian format in the DT (which means
that they do not match up with their string representations)
or perform endianness conversion after parsing them.
Currently, TF-A chooses the second option, with unwieldy
endianness-conversion taking place after reading a UUID.
To fix this problem, and to make it convenient to copy and
paste UUIDs from other tools, change to store UUIDs in string
format, using a new wrapper function to parse them from the
device tree.
Change-Id: I38bd63c907be14e412f03ef0aab9dcabfba0eaa0
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Replaced PLAT_ARM_FIP_BASE and PLAT_ARM_FIP_MAX_SIZE macro with a
generic name PLAT_ARM_FLASH_IMAGE_BASE and PLAT_ARM_FLASH_IMAGE_MAX_SIZE
so that these macros can be reused in the subsequent GPT based support
changes.
Change-Id: I88fdbd53e1966578af4f1e8e9d5fef42c27b1173
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Add board support for RD-N2 Cfg1 variant of RD-N2 platform. It is a
variant of RD-N2 platform with a reduced interconnect mesh size (3x3)
and core count (8-cores). Its platform variant id is 1.
Change-Id: I34ad35c5a5c1e9b69a658fb92ed00e5bc5fe72f3
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
A Neoverse reference design platform can have two or more variants that
differ in core count, cluster count or other peripherals. To allow reuse
of platform code across all the variants of a platform, introduce build
option CSS_SGI_PLATFORM_VARIANT for Arm Neoverse reference design
platforms. The range of allowed values for the build option is platform
specific. The recommended range is an interval of non negative integers.
An example usage of the build option is
make PLAT=rdn2 CSS_SGI_PLATFORM_VARIANT=1
Change-Id: Iaae79c0b4d0dc700521bf6e9b4979339eafe0359
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
This will help in keeping source file generic and conditional
compilation can be contained in platform provided dt files.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I3c6e0a429073f0afb412b9ba521ce43f880b57fe
sgm775 is an old platform and is no longer maintained by Arm and its
fast model FVP_CSS_SGM-775 is no longer available for download.
This platform is now superseded by Total Compute(tc) platforms.
This platform is now deprecated but the source will be kept for cooling
off period of 2 release cycle before removing it completely.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I8fe1fc3da0c508dba62ed4fc60cbc1642e0f7f2a
ELP processors can sometimes have different MIDR values or features so
we are adding the "_arm" suffix to differentiate the reference
implementation from other future versions.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ieea444288587c7c18a397d279ee4b22b7ad79e20
To make it possible to use the hw_config device tree for dynamic
configuration in BL31 on the Arm Juno platform. A placeholder hw_config
has been added that is included in the FIP and a Juno specific BL31
setup has been added to populate fconf with the hw_config.
Juno's BL2 setup has been updated to align it with the new behavior
implemented in the Arm FVP platform, where fw_config is passed in arg1
to BL31 instead of soc_fw_config. The BL31 setup is expected to use the
fw_config passed in arg1 to find the hw_config.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: Ib3570faa6714f92ab8451e8f1e59779dcf19c0b6
Remove an incorrect tabulation in front of an $(error) function call
outside of a recipe, which caused the following text to be displayed:
plat/arm/board/common/board_common.mk:36: *** recipe commences before first target. Stop.
instead of:
plat/arm/board/common/board_common.mk:36: *** "Unsupported ARM_ROTPK_LOCATION value". Stop.
Change-Id: I8592948e7de8ab0c4abbc56eb65a53eb1875a83c
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The number of ITS have changed from 4 to 1, resulting
in GICR base address change.
Signed-off-by: Usama Arif <usama.arif@arm.com>
Change-Id: I28101f0d1faf9f3c58591b642033c3fd49a275e7
NT_FW_CONFIG file is meant to be passed from BL31 to be consumed by
BL33, fvp platforms use this to pass measured boot configuration and
the x0 register is used to pass the base address of it.
In case of hafnium used as hypervisor in normal world, hypervisor
manifest is expected to be passed from BL31 and its base address is
passed in x0 register.
As only one of NT_FW_CONFIG or hypervisor manifest base address can be
passed in x0 register and also measured boot is not required for SPM so
disable passing NT_FW_CONFIG.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ifad9d3658f55ba7d70f468a88997d5272339e53e
A TZC400 controller is placed inline on DRAM channels and regulates
the secure and non-secure accesses to both secure and non-secure
regions of the DRAM memory. Configure each of the TZC controllers
across the Chips.
For use by secure software, configure the first chip's trustzone
controller to protect the upper 16MB of the memory of the first DRAM
block for secure accesses only. The other regions are configured for
non-secure read write access. For all the remote chips, all the DRAM
regions are allowed for non-secure read and write access.
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Change-Id: I809f27eccadfc23ea0ef64e2fd87f95eb8f195c1
Define a default DMC-620 TZC memory region configuration and use it to
specify the TZC memory regions on sgi575, rdn1edge and rde1edge
platforms. The default DMC-620 TZC memory regions are defined
considering the support for secure paritition as well.
Signed-off-by: Thomas Abraham <thomas.abraham@arm.com>
Change-Id: Iedee3e57d0d3de5b65321444da51ec990d3702db
The macros specific to SDEI defined in the sgi_base_platform_def.h are
not applicable for all the platforms supported by plat/sgi. So refactor
the SDEI specific macros into a new header file and include this file on
only on platforms it is applicable on.
Signed-off-by: Thomas Abraham <thomas.abraham@arm.com>
Change-Id: I0cb7125334f02a21cae1837cdfd765c16ab50bf5
The FF-A v1.0 spec allows two configurations for the number of EC/vCPU
instantiated in a Secure Partition:
-A MultiProcessor (MP) SP instantiates as many ECs as the number of PEs.
An EC is pinned to a corresponding physical CPU.
-An UniProcessor (UP) SP instantiates a single EC. The EC is migrated to
the physical CPU from which the FF-A call is originating.
This change permits exercising the latter case within the TF-A-tests
framework.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I7fae0e7b873f349b34e57de5cea496210123aea0
Now that we have a framework for the SMCCC TRNG interface, and the
existing Juno entropy code has been prepared, add the few remaining bits
to implement this interface for the Juno Trusted Entropy Source.
We retire the existing Juno specific RNG interface, and use the generic
one for the stack canary generation.
Change-Id: Ib6a6e5568cb8e0059d71740e2d18d6817b07127d
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The Juno Trusted Entropy Source has a bias, which makes the generated
raw numbers fail a FIPS 140-2 statistic test.
To improve the quality of the numbers, we can use the CPU's CRC
instructions, which do a decent job on conditioning the bits.
This adds a *very* simple version of arm_acle.h, which is typically
provided by the compiler, and contains the CRC instrinsics definitions
we need. We need the original version by using -nostdinc.
Change-Id: I83d3e6902d6a1164aacd5060ac13a38f0057bd1a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Currently we use the Juno's TRNG hardware entropy source to initialise
the stack canary. The current function allows to fill a buffer of any
size, but we will actually only ever request 16 bytes, as this is what
the hardware implements. Out of this, we only need at most 64 bits for
the canary.
In preparation for the introduction of the SMCCC TRNG interface, we
can simplify this Juno specific interface by making it compatible with
the generic one: We just deliver 64 bits of entropy on each call.
This reduces the complexity of the code. As the raw entropy register
readouts seem to be biased, it makes sense to do some conditioning
inside the juno_getentropy() function already.
Also initialise the TRNG hardware, if not already done.
Change-Id: I11b977ddc5417d52ac38709a9a7b61499eee481f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Update TZC base address to align with the recent changes in the platform
memory map.
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I0d0ad528a2e236607c744979e1ddc5c6d426687a
Currently, BLs are mapping the GIC memory region as read-write
for all cores on boot-up.
This opens up the security hole where the active core can write
the GICR frame of fused/inactive core. To avoid this issue, disable
the GICR frame of all inactive cores as below:
1. After primary CPU boots up, map GICR region of all cores as
read-only.
2. After primary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
3. After secondary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
4. All unused/fused core's redistributor regions remain read-only and
write attempt to such protected regions results in an exception.
As mentioned above, this patch offers only the GICR memory-mapped
region protection considering there is no facility at the GIC IP
level to avoid writing the redistributor area.
These changes are currently done in BL31 of Arm FVP and guarded under
the flag 'FVP_GICR_REGION_PROTECTION'.
As of now, this patch is tested manually as below:
1. Disable the FVP cores (core 1, 2, 3) with core 0 as an active core.
2. Verify data abort triggered by manually updating the ‘GICR_CTLR’
register of core 1’s(fused) redistributor from core 0(active).
Change-Id: I86c99c7b41bae137b2011cf2ac17fad0a26e776d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>