According to [1] and in context of FF-A v1.0 a secure partition must
have either one EC (migratable UP) or a number of ECs equal to the
number of PEs (pinned MP). Adjust the SPMC manifest such that the
number of ECs is equal to the number of PEs.
[1] https://trustedfirmware-a.readthedocs.io/en/latest/components/
secure-partition-manager.html#platform-topology
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ie8c7d96ae7107cb27f5b97882d8f476c18e026d4
Increased BL2 maximum size when CoT descriptors are placed
in device tree.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I6466d2841e189e7f15eb4f1a8db070542893cb5b
The size of debug binaries of SCP has increased beyond the current
limit of 80kB set in platform. Hence, increase it to 128kB.
Change-Id: I5dbcf87f8fb35672b39abdb942c0691fb339444a
Signed-off-by: Usama Arif <usama.arif@arm.com>
UUID's in the device tree files were stored in little endian. So
to keep all entries in these files RFC 4122 compliant, store them in
big endian then convert it to little endian when they are read so they
can be used in the UUID data structure.
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: I5674159b82b245104381df10a4e3291160d9b3b5
At the moment BL31 dynamically discovers the CPU topology of an FPGA
system at runtime, but does not export it to the non-secure world.
Any BL33 user would typically looks at the devicetree to learn about
existing CPUs.
This patch exports a minimum /cpus node in a devicetree to satisfy
the binding. This means that no cpumaps or caches are described.
This could be added later if needed.
An existing /cpus node in the DT will make the code bail out with a
message.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I589a2b3412411a3660134bdcef3a65e8200e1d7e
This patch adds dependencies to the generated configuration
files that are included in the FIP. This fixes occasional
build errors that occur when the FIP happens to be built first.
Change-Id: I5a2bf724ba3aee13954403b141f2f19b4fd51d1b
Signed-off-by: Anders Dellien <anders.dellien@arm.com>
Using the Fconf, register base address of the various nv-counters
(currently, trusted, non-trusted nv-counters) are moved to the
device tree and retrieved during run-time. This feature is
enabled using the build option COT_DESC_IN_DTB.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I236f532e63cea63b179f60892cb406fc05cd5830
Allocated 512-959 SPI numbers for remote n1sdp chip and same has been
referenced for GIC routing table.
Change-Id: Id79ea493fd665ed93fe9644a59e363ec10441098
Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
Add information about the third partition so it can be loaded into SPM
when running the tests
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: I5544e88df391ef294ddf6b5750d468d3e74892b1
Implemented platform functions to retrieve the soc-id information
for juno platform
Change-Id: Ie677120710b45e202a2d63a954459ece8a64b353
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Implemented platform functions to retrieve the soc-id information
for FVP platform.
Change-Id: Id3df02ab290a210310e8d34ec9d706a59d817517
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
SP804 TIMER is not platform specific, and current code base adds
multiple defines to use this driver. Like FVP_USE_SP804_TIMER and
FVP_VE_USE_SP804_TIMER.
This patch removes platform specific build flag and adds generic
flag `USE_SP804_TIMER` to be set to 1 by platform if needed.
Change-Id: I5ab792c189885fd1b98ddd187f3a38ebdd0baba2
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
* changes:
SPM: Add owner field to cactus secure partitions
SPM: Alter sp_gen.mk entry depending on owner of partition
plat/arm: enable support for Plat owned SPs
For supporting dualroot CoT for Secure Partitions a new optional field
"owner" is introduced which will be used to sign the SP with
corresponding signing domain. To demonstrate its usage, this patch adds
owners to cactus Secure Partitions.
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: I7b760580355fc92edf5402cecc38c38125dc1cae
This resolves MISRA defects such as:
plat/common/plat_bl1_common.c:63:[MISRA C-2012 Rule 14.4 (required)]
The condition expression "1" does not have an essentially boolean type.
Change-Id: I679411980ad661191fbc834a44a5eca5494fd0e2
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Following merge of patchset [1] the spm_mm_boot_info_t structure is
included in few platform files unconditionally even when SPM_MM option
is disabled.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/2647
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I68bc034c9348b5d9bcfd2e5217b781df5ad1b369
The command line for BL33 payloads is typically taken from the DTB. On
"normal" systems the bootloader will put the right version in there, but
we typically don't use one on the FPGAs.
To avoid editing (and possibly re-packaging) the DTB for every change in
the command line, try to read it from some "magic" memory location
instead. It can be easily placed there by the tool that uploads the
other payloads to the FPGA's memory. BL31 will then replace the existing
command line in the DTB with that new string.
To avoid reading garbage, check the memory location for containing a
magic value. This is conveniently chosen to be a simple ASCII string, so
it can just preceed the actual command line in a text file:
--------------------------------
CMD:console=ttyAMA0,38400n8 debug loglevel=8
--------------------------------
Change-Id: I5923a80332c9fac3b4afd1a6aaa321233d0f60da
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Provide manifest and build options to boot OP-TEE as a
guest S-EL1 Secure Partition on top of Hafnium in S-EL2.
Increase ARM_SP_MAX_SIZE to cope with OP-TEE debug build image.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Idd2686fa689a78fe2d05ed92b1d23c65e2edd4cb
As secondary cores show up, they populate an array to
announce themselves so plat_core_pos_by_mpidr() can
return an invalid COREID code for any non-existing
MPIDR that it is queried about.
The Power Domain Tree Description is populated with
a topology based on the maximum harcoded values.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I8fd64761a2296714ce0f37c46544f3e6f13b5f61
In BL2, fw_config's population happened before the cache gets
enabled.
Hence to boost the performance, moved fw_config's population
after cache gets enabled (i.e. after MMU gets enabled).
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I2e75cabd76b1cb7a660f6b72f409ab40d2877284
This patch adds support for Measured Boot functionality
to FVP platform code. It also defines new properties
in 'tpm_event_log' node to store Event Log address and
it size
'tpm_event_log_sm_addr'
'tpm_event_log_addr'
'tpm_event_log_size'
in 'event_log.dtsi' included in 'fvp_tsp_fw_config.dts'
and 'fvp_nt_fw_config.dts'. The node and its properties
are described in binding document
'docs\components\measured_boot\event_log.rst'.
Change-Id: I087e1423afcb269d6cfe79c1af9c348931991292
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
TBBR authentication framework depends on the plat_get_rotpk_info()
function to return the pointer to the Root of Trust Public Key (ROTPK)
stored in the platform along with its length. Add this function for
RD-Daniel Config-XLR platform to support Trusted Board Boot. The
function makes use of the wrapper function provided by the arm common
trusted board boot function to get the ROTPK hash.
Change-Id: I509e2f7e88cc2167e1732a971d71dc131d3d4b01
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
TBBR authentication framework depends on the plat_get_rotpk_info()
function to return the pointer to the Root of Trust Public Key (ROTPK)
stored in the platform along with its length. Add this function for
RD-Daniel platform to support Trusted Board Boot. The function makes use
of the wrapper function provided by the arm common trusted board boot
function to get the ROTPK hash.
Change-Id: I6c2826a7898664afea19fd62432684cfddd9319a
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
This patch moves all GICv2 driver files into new added
'gicv2.mk' makefile for the benefit of the generic driver
which can evolve in the future without affecting platforms.
NOTE: Usage of 'drivers/arm/gic/common/gic_common.c' file
is now deprecated and platforms with GICv2 driver need to
be modified to include 'drivers/arm/gic/v2/gicv2.mk' in
their makefiles.
Change-Id: Ib10e71bdda0e5c7e80a049ddce2de1dd839602d1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
BL2 size gets increased due to the libfdt library update and
that eventually cause no-optimization build failure for BL2 as below:
aarch64-none-elf-ld.bfd: BL2 image has exceeded its limit.
aarch64-none-elf-ld.bfd: region `RAM' overflowed by 4096 bytes
Makefile:1070: recipe for target 'build/fvp/debug/bl2/bl2.elf' failed
make: *** [build/fvp/debug/bl2/bl2.elf] Error 1
Fixed build failure by increasing BL2 image size limit by 4Kb.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I92a57eb4db601561a98e254b64994bb921a88db3
Included cot_descriptors.dtsi in platform device tree
(fvp_tb_fw_config.dts).
Also, updated the maximum size of tb_fw_config to 0x1800
in order to accomodate the device tree for CoT descriptors.
Follow up patch will parse the device tree for these CoT descriptors
and fill the CoT descriptor structures at runtime instead of using
static CoT descriptor structures in the code base.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I90122bc713f6842b82fb019b04caf42629b4f45a
The memory layout for the FPGA is fairly uniform for most of the FPGA
images, and we already assume that DRAM starts at 2GB by default.
Prepopulate PRELOADED_BL33_BASE and FPGA_PRELOADED_DTB_BASE to some
sane default values, to simplify building some stock image.
If people want to deviate from that, they can always override those
addresses on the make command line.
Change-Id: I2238fafb3f8253a01ad2d88d45827c141d9b29dd
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
To support FPGAs with those cores as well, as the respective cpulib
files to the Makefile.
Change-Id: I1a60867d5937be88b32b210c7817be4274554a76
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The maximum number of clusters is currently set to 2, which is quite
limiting. As there are FPGA images with 4 clusters, let's increase the
limit to 4.
Change-Id: I9a85ca07ebbd2a018ad9668536d867ad6b75e537
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch performs the following:
- Creating two corstone700 platforms under corstone700 board:
fvp and fpga
- Since the FVP and FPGA have IP differences, this commit provides a specific DTS for each platform
- The platform can be specified using the TARGET_PLATFORM Makefile variable
(possible values are: fvp or fpga)
- Allowing to use u-boot by:
- Enabling NEED_BL33 option
- Fixing non-secure image base: For no preloaded bl33 we want to
have the NS base set on shared ram. Setup a memory map region
for NS in shared map and set the bl33 address in the area.
- Setting the SYS_COUNTER_FREQ_IN_TICKS based on the selected
platform
- Setting ARM_MAP_SHARED_RAM and ARM_MAP_NS_SHARED_RAM to use MT_MEMORY
Change-Id: I4c8ac3387acb1693ab617bcccab00d80e340c163
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
This version corresponds to the following commit <7be250b>
libfdt: Correct condition for reordering blocks
Also, updated the Juno romlib jumptable with fdt APIs.
Change-Id: Ib6d28c1aea81c2144a263958f0792cc4daea7a1f
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The plat_core_pos_by_mpidr() implementation for the Arm FPGA port has
some issues, which leads to problems when matching GICv3 redistributors
with cores:
- The power domain tree was not taking multithreading into account, so
we ended up with the wrong mapping between MPIDRs and core IDs.
- Before even considering an MPIDR, we try to make sure Aff2 is 0.
Unfortunately this is the cluster ID when the MT bit is set.
- We mask off the MT bit in MPIDR, before basing decisions on it.
- When detecting the MT bit, we are properly calculating the thread ID,
but don't account for the shift in the core and cluster ID checks.
Those problems lead to early rejections of MPIDRs values, in particular
when called from the GIC code. As a result, CPU_ON for secondary cores
was failing for most of the cores.
Fix this by properly handling the MT bit in plat_core_pos_by_mpidr(),
also pulling in FPGA_MAX_PE_PER_CPU when populating the power domain
tree.
Change-Id: I71b2255fc0d27bfe5806511df479ab38e4e33fc4
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Passed the address of fw_config instead of soc_fw_config
as arg1 to BL31 from BL2 for ARM fvp platform.
BL31 then retrieve load-address of other device trees
from fw_config device tree.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ib7e9581cd765d76111dcc3b7e0dafc12503c83c1
* changes:
doc: Update memory layout for firmware configuration area
plat/arm: Increase size of firmware configuration area
plat/arm: Load and populate fw_config and tb_fw_config
fconf: Handle error from fconf_load_config
plat/arm: Update the fw_config load call and populate it's information
fconf: Allow fconf to load additional firmware configuration
fconf: Clean confused naming between TB_FW and FW_CONFIG
tbbr/dualroot: Add fw_config image in chain of trust
cert_tool: Update cert_tool for fw_config image support
fiptool: Add fw_config in FIP
plat/arm: Rentroduce tb_fw_config device tree
Increased the size of firmware configuration area to accommodate
all configs.
Updated maximum size of following bootloaders due to increase
in firmware configs size and addition of the code in the BL2.
1. Increased maximum size of BL2 for Juno platform in no
optimisation case.
2. Reduced maximum size of BL31 for fvp and Juno platform.
3. Reduced maximum size of BL32 for Juno platform.
Change-Id: Ifba0564df0d1fe86175bed9fae87fdcf013b1831
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Query clock frequency in runtime using FCONF getter API
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ie6a8a62d8d190b9994feffb167a1d48829913e9b
Extract Timer clock frequency from the timer node in
HW_CONFIG dtb. The first timer is a per-core architected timer attached
to a GIC to deliver its per-processor interrupts via PPIs.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I2f4b27c48e4c79208dab9f03c768d9221ba6ca86
Cleaned up confused naming between TB_FW and FW_CONFIG.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I9e9f6e6ca076d38fee0388f97d370431ae067f08
Moved BL2 configuration nodes from fw_config to newly
created tb_fw_config device tree.
fw_config device tree's main usage is to hold properties shared
across all BLx images.
An example is the "dtb-registry" node, which contains the
information about the other device tree configurations
(load-address, size).
Also, Updated load-address of tb_fw_config which is now located
after fw_config in SRAM.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ic398c86a4d822dacd55b5e25fd41d4fe3888d79a
Load address of tb_fw_config is incorrectly mentioned
in below device trees:
1. rdn1edge_fw_config.dts
2. tc0_fw_config.dts
Till now, tb_fw_config load-address is not being retrieved from
device tree and hence never exeprienced any issue for tc0 and
rdn1edge platform.
For tc0 and rdn1edge platform, Load-address of tb_fw_config should
be the SRAM base address + 0x300 (size of fw_config device tree)
Hence updated these platform's fw_config.dts accordingly to reflect
this load address change.
Change-Id: I2ef8b05d49be10767db31384329f516df11ca817
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Using the fconf framework, the Group 0 and Group 1 secure interrupt
descriptors are moved to device tree and retrieved in runtime. This
feature is enabled by the build flag SEC_INT_DESC_IN_FCONF.
Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The only difference between GIC-500 and GIC-600 relevant to TF-A is the
differing power management sequence.
A certain GIC implementation is detectable at runtime, for instance by
checking the IIDR register. Let's add that test before initiating the
GIC-600 specific sequence, so the code can be used on both GIC-600 and
GIC-500 chips alike, without deciding on a GIC chip at compile time.
This means that the GIC-500 "driver" is now redundant. To allow minimal
platform support, add a switch to disable GIC-600 support.
Change-Id: I17ea97d9fb05874772ebaa13e6678b4ba3415557
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP)
owned Secure Partitions(SP). A similar support for Platform owned SP can
be added in future. The certificate is also protected against anti-
rollback using the trusted Non-Volatile counter.
To avoid deviating from TBBR spec, support for SP CoT is only provided
in dualroot.
Secure Partition content certificate is assigned image ID 31 and SP
images follows after it.
The CoT for secure partition look like below.
+------------------+ +-------------------+
| ROTPK/ROTPK Hash |------>| Trusted Key |
+------------------+ | Certificate |
| (Auth Image) |
/+-------------------+
/ |
/ |
/ |
/ |
L v
+------------------+ +-------------------+
| Trusted World |------>| SiP owned SPs |
| Public Key | | Content Cert |
+------------------+ | (Auth Image) |
/ +-------------------+
/ |
/ v|
+------------------+ L +-------------------+
| SP_PKG1 Hash |------>| SP_PKG1 |
| | | (Data Image) |
+------------------+ +-------------------+
. .
. .
. .
+------------------+ +-------------------+
| SP_PKG8 Hash |------>| SP_PKG8 |
| | | (Data Image) |
+------------------+ +-------------------+
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ia31546bac1327a3e0b5d37e8b99c808442d5e53f
As per "include/export/README", TF-A code should never include export
headers directly. Instead, it should include a wrapper header that
ensures the export header is included in the right manner.
"tbbr_img_def_exp.h" is directly included in TF-A code, this patch
replaces it with its wrapper header "tbbr_img_def.h".
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I31c1a42e6a7bcac4c396bb17e8548567ecd8147d
This should allow git to easily track file moves
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Change-Id: I1592cf39a4f94209c560dc6d1a8bc1bfb21d8327
This patch adds support for Total Compute (TC0) platform. It is an
initial port and additional features are expected to be added later.
TC0 has a SCP which brings the primary Cortex-A out of reset
which starts executing BL1. TF-A optionally authenticates the SCP
ram-fw available in FIP and makes it available for SCP to copy.
Some of the major features included and tested in this platform
port include TBBR, PSCI, MHUv2 and DVFS.
Change-Id: I1675e9d200ca7687c215009eef483d9b3ee764ef
Signed-off-by: Usama Arif <usama.arif@arm.com>
SPCI is renamed as PSA FF-A which stands for Platform Security
Architecture Firmware Framework for A class processors.
This patch replaces the occurrence of SPCI with PSA FF-A(in documents)
or simply FFA(in code).
Change-Id: I4ab10adb9ffeef1ff784641dfafd99f515133760
Signed-off-by: J-Alves <joao.alves@arm.com>
We query the UART base address and clk frequency in runtime
using fconf getter APIs.
Change-Id: I5f4e84953be5f384472bf90720b706d45cb86260
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This patch introduces the populate function which leverages
a new driver to extract base address and clk frequency properties
of the uart serial node from HW_CONFIG device tree.
This patch also introduces fdt helper API fdtw_translate_address()
which helps in performing address translation.
Change-Id: I053628065ebddbde0c9cb3aa93d838619f502ee3
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Query the GICD and GICR base addresses in runtime using fconf getter
APIs.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I309fb2874f3329ddeb8677ddb53ed4c02199a1e9
This patch introduces dynamic configuration for SDEI setup and is supported
when the new build flag SDEI_IN_FCONF is enabled. Instead of using C arrays
and processing the configuration at compile time, the config is moved to
dts files. It will be retrieved at runtime during SDEI init, using the fconf
layer.
Change-Id: If5c35a7517ba00a9f258d7f3e7c8c20cee169a31
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Co-authored-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
* changes:
arm_fpga: Read UART address from DT
arm_fpga: Read GICD and GICR base addresses from DT
arm_fpga: Read generic timer counter frequency from DT
arm_fpga: Use Generic UART
The arm_fpga port requires a DTB, to launch a BL33 payload.
To make this port more flexible, we can also use the information in the
DT to configure the console driver.
For a start, find the DT node pointed to by the stdout-path property, and
read the base address from there.
This assumes for now that the stdout-path points to a PL011 UART.
This allows to remove platform specific addresses from the image. We
keep the original base address for the crash console.
Change-Id: I46a990de2315f81cae4d7913ae99a07b0bec5cb1
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since we use a DTB with all platform information to pass this on to a
kernel loaded as BL33, we can as well make use of it for our own
purposes.
Every DT would contain a node for the GIC(v3) interrupt controller, so
we can read the base address for the distributor and redistributors from
there.
This avoids hard coding this information in the code and allows for a more
flexible binary.
Change-Id: Ic530e223a21a45bc30a07a21048116d5af69e972
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The stdout-path property in the /chosen node of a DTB points to a device
node, which is used for boot console output.
On most (if not all) ARM based platforms this is the debug UART.
The ST platform code contains a function to parse this property and
chase down eventual aliases to learn the node offset of this UART node.
Introduce a slightly more generalised version of this ST platform function
in the generic fdt_wrappers code. This will be useful for other platforms
as well.
Change-Id: Ie6da47ace7833861b5e35fe8cba49835db3659a5
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The ARM Generic Timer DT binding describes an (optional) property to
declare the counter frequency. Its usage is normally discouraged, as the
value should be read from the CNTFRQ_EL0 system register.
However in our case we can use it to program this register in the first
place, which avoids us to hard code a counter frequency into the code.
We keep some default value in, if the DT lacks that property for
whatever reason.
Change-Id: I5b71176db413f904f21eb16f3302fbb799cb0305
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The STM32 platform port parse DT nodes to find base address to
peripherals. It does this by using its own implementation, even though
this functionality is generic and actually widely useful outside of the
STM32 code.
Re-implement fdt_get_reg_props_by_name() on top of the newly introduced
fdt_get_reg_props_by_index() function, and move it to fdt_wrapper.c.
This is removes the assumption that #address-cells and #size-cells are
always one.
Change-Id: I6d584930262c732b6e0356d98aea50b2654f789d
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The SCP firmware on the ARM FPGA initialises the UART already. This allows
us to treat the PL011 as an SBSA Generic UART, which does not require
any further setup.
This in particular removes the need for any baudrate and base clock related
settings to be hard coded into the BL31 image.
Change-Id: I16fc943526267356b97166a7068459e06ff77f0f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment the fconf_populate_gicv3_config() implementation is
somewhat incomplete: First it actually fails to store the retrieved
information (the local addr[] array is going nowhere), but also it makes
quite some assumptions about the device tree passed to it: it needs to
use two address-cells and two size-cells, and also requires all five
register regions to be specified, where actually only the first two
are mandatory according to the binding (and needed by our code).
Fix this by introducing a proper generic function to retrieve "reg"
property information from a DT node:
We retrieve the #address-cells and #size-cells properties from the
parent node, then use those to extract the right values from the "reg"
property. The function takes an index to select one region of a reg
property.
This is loosely based on the STM32 implementation using "reg-names",
which we will subsume in a follow-up patch.
Change-Id: Ia59bfdf80aea4e36876c7b6ed4d153e303f482e8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Dynamic configuration properties are fconf properties. Modify the
compatible string from "arm,.." to "fconf,.." to reflect this.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: I85eb75cf877c5f4d3feea3936d4c348ca843bc6c
Our fdtw_read_cells() implementation goes to great lengths to
sanity-check every parameter and result, but leaves a big hole open:
The size of the storage the value pointer points at needs to match the
number of cells given. This can't be easily checked at compile time,
since we lose the size information by using a void pointer.
Regardless the current usage of this function is somewhat wrong anyways,
since we use it on single-element, fixed-length properties only, for
which the DT binding specifies the size.
Typically we use those functions dealing with a number of cells in DT
context to deal with *dynamically* sized properties, which depend on
other properties (#size-cells, #clock-cells, ...), to specify the number
of cells needed.
Another problem with the current implementation is the use of
ambiguously sized types (uintptr_t, size_t) together with a certain
expectation about their size. In general there is no relation between
the length of a DT property and the bitness of the code that parses the
DTB: AArch64 code could encounter 32-bit addresses (where the physical
address space is limited to 4GB [1]), while AArch32 code could read
64-bit sized properties (/memory nodes on LPAE systems, [2]).
To make this more clear, fix the potential issues and also align more
with other DT users (Linux and U-Boot), introduce functions to explicitly
read uint32 and uint64 properties. As the other DT consumers, we do this
based on the generic "read array" function.
Convert all users to use either of those two new functions, and make
sure we never use a pointer to anything other than uint32_t or uint64_t
variables directly.
This reveals (and fixes) a bug in plat_spmd_manifest.c, where we write
4 bytes into a uint16_t variable (passed via a void pointer).
Also we change the implementation of the function to better align with
other libfdt users, by using the right types (fdt32_t) and common
variable names (*prop, prop_names).
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi#n874
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/boot/dts/ecx-2000.dts
Change-Id: I718de960515117ac7a3331a1b177d2ec224a3890
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Currently our fdtw_read_array() implementation requires the length of
the property to exactly match the requested size, which makes it less
flexible for parsing generic device trees.
Also the name is slightly misleading, since we treat the cells of the
array as 32 bit unsigned integers, performing the endianess conversion.
To fix those issues and align the code more with other DT users (Linux
kernel or U-Boot), rename the function to "fdt_read_uint32_array", and
relax the length check to only check if the property covers at least the
number of cells we request.
This also changes the variable names to be more in-line with other DT
users, and switches to the proper data types.
This makes this function more useful in later patches.
Change-Id: Id86f4f588ffcb5106d4476763ecdfe35a735fa6c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
RD-Daniel Config-XLR platform has four identical chips connected via a
high speed coherent CCIX link. Each chip has four Neoverse cores
connected via coherent CMN interconnect.
Change-Id: I37d1b91f2b6ba08f61c64d0288bc16a429836c08
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
This commit fixes an assertion that was triggering in certain contexts:
ERROR: mmap_add_region_check() failed. error -22
ASSERT: lib/xlat_tables_v2/xlat_tables_core.c:790
Change-Id: Ia55b3fb4f496c8cd791ea6093d122edae0a7e92a
Signed-off-by: Chris Kay <chris.kay@arm.com>
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
By writing 0 to CLUSTERPWRDN DSU register bit 0, we send an
advisory to the power controller that cluster power is not required
when all cores are powered down.
The AArch32 CLUSTERPWRDN register is architecturally mapped to the
AArch64 CLUSTERPWRDN_EL1 register
Change-Id: Ie6e67c1c7d811fa25c51e2e405ca7f59bd20c81b
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The arm_fpga platform code contains an dubious line to initialise some
timer. On closer inspection this turn out to be bogus, as this was only
needed on some special (older) FPGA board, and is actually not needed on
the current model. Also the base address was wrong anyways.
Remove the code entirely.
Change-Id: I02e71aea645051b5addb42d972d7a79f04b81106
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
RD-Daniel uses GIC-Clayton as its interrupt controller which is an
implementation of GICv4.1 architecture. Hence for RD-Daniel, enable
GICv4 extension support.
Change-Id: I45ae8c82376f8fe8fc0666306822ae2db74e71b8
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
This patch adds support for GICv4 extension for FVP platform.
Change-Id: Ia389b61266af669b1ca9b999a8b76476cab214f4
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Increased the maximum size of BL2 image in order to
accommodate the BL2 image when TF-A build with no compiler
optimization for ARM platform.
Note: As of now, "no compiler optimization" build works
only when TRUSTED_BOOT_BOARD option is set to 0.
This change is verified using below CI configuration:
1. juno-no-optimize-default:juno-linux.uboot
2. fvp-no-optimize-default,fvp-default:fvp-tftf-fip.tftf-aemv8a-debug
Change-Id: I5932621237f8acd1b510682388f3ba78eae90ea4
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
with commit a6ea06f5, the way platform includes gicv3 files has been
modified, this patch adapts to new method of including gicv3 files
for arm_fpga platform.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ic5ccae842b39b7db06d4f23c5738b174c42edf63
As GCC manual says, -D option defines a macro as 1, if =<value> is omitted.
-D <name>
Predefine <name> as a macro, with definition 1.
The same applied with Clang, too.
In the context of -D option, =1 is always redundant.
Change-Id: I487489a1ea3eb51e734741619c1e65dab1420bc4
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-D is a preprocessor flag that defines a macro. So, adding it to
BL*_CPPFLAGS makes more sense. You can reference it not only from
.c files but also from .S files.
Change-Id: Ib4f2f27a3ed3eae476a6a32da7ab5225ad0649de
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
1. Necessary changes to platform makefile to include fw_config
device tree and package it in fip.bin
2. Removed hw_config node from fw_config dts as there is no
HW_CONFIG device tree source for sgm775
3. Added mbedtls_heap related properties for TBBR functionality
Change-Id: I26b940c65b17ad2fb5537141f8649785bb0fd4ad
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Moved SMCCC defines from plat_arm.h to new <smccc_def.h> header
and include this header in all ARM platforms.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I4cbc69c7b9307461de87b7c7bf200dd9b810e485
This patch moves all GICv3 driver files into new added
'gicv3.mk' makefile for the benefit of the generic driver
which can evolve in the future without affecting platforms.
The patch adds GICv3 driver configuration flags
'GICV3_IMPL', 'GICV3_IMPL_GIC600_MULTICHIP' and
'GICV3_OVERRIDE_DISTIF_PWR_OPS' described in
'GICv3 driver options' section of 'build-option.rst'
document.
NOTE: Platforms with GICv3 driver need to be modified to
include 'drivers/arm/gic/v3/gicv3.mk' in their makefiles.
Change-Id: If055f6770ff20f5dee5a3c99ae7ced7cdcac5c44
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
* changes:
plat/arm/board/arm_fpga: Compile with additional CPU libraries
plat/arm/board/arm_fpga: Enable position-independent execution
plat/arm/board/arm_fpga: Enable port for alternative cluster configurations
plat/arm/board/arm_fpga: Initialize the Generic Interrupt Controller
plat/arm/board/arm_fpga: Initialize the System Counter
plat/arm/board/arm_fpga: Add PSCI implementation for FPGA images
plat/arm/board/arm_fpga: Use preloaded BL33 alternative boot flow
plat/arm/board/arm_fpga: Enable basic BL31 port for an FPGA image
This change is part of the goal of enabling the port to be compatible
with multiple FPGA images.
BL31 behaves differently depending on whether or not the CPUs in the
system use cache coherency, and as a result any CPU libraries that are
compiled together must serve processors that are consistent in this
regard.
This compiles a different set of CPU libraries depending on whether or
not the HW_ASSISTED_COHERENCY is enabled at build-time to indicate the
CPUs support hardware-level support for cache coherency. This build
flag is used in the makefile in the same way as the Arm FVP port.
Signed-off-by: Oliver Swede <oli.swede@arm.com>
Change-Id: I18300b4443176b89767015e3688c0f315a91c27e
This allows the BL31 port to run with position-independent execution
enabled so that it can be ran from any address in the system.
This increases the flexibility of the image, allowing it to be ran from
other locations rather than only its hardcoded absolute address
(currently set to the typical DRAM base of 2GB). This may be useful for
future images that describe system configurations with other memory
layouts (e.g. where SRAM is included).
It does this by setting ENABLE_PIE=1 and changing the absolute
address to 0. The load address of bl31.bin can then be specified by
the -l [load address] argument in the fpga-run command (additionally,
this address is required by any preceding payloads that specify the
start address. For ELF payloads this is usually extracted automatically
by reading the entrypoint address in the header, however bl31.bin is a
different file format so has this additional dependency).
Signed-off-by: Oliver Swede <oli.swede@arm.com>
Change-Id: Idd74787796ab0cf605fe2701163d9c4b3223a143
This change is part of the goal of enabling the port to be compatible
with multiple FPGA images.
The BL31 port that is uploaded as a payload to the FPGA with an image
should cater for a wide variety of system configurations. This patch
makes the necessary changes to enable it to function with images whose
cluster configurations may be larger (either by utilizing more
clusters, more CPUs per cluster, more threads in each CPU, or a
combination) than the initial image being used for testing.
As part of this, the hard-coded values that configure the size of the
array describing the topology of the power domain tree are increased
to max. 8 clusters, max. 8 cores per cluster & max 4 threads per core.
This ensures the port works with cluster configurations up to these
sizes. When there are too many entries for the number of available PEs,
e.g. if there is a variable number of CPUs between clusters, then there
will be empty entries in the array. This is permitted and the PSCI
library will still function as expected. While this increases its size,
this shouldn't be an issue in the context of the size of BL31, and is
worth the trade-off for the extra compatibility.
Signed-off-by: Oliver Swede <oli.swede@arm.com>
Change-Id: I7d4ae1e20b2e99fdbac428d122a2cf9445394363
This initializes the GIC using the Arm GIC drivers in TF-A.
The initial FPGA image uses a GIC600 implementation, and so that its
power controller is enabled, this platform port calls the corresponding
implementation-specific routines.
Signed-off-by: Oliver Swede <oli.swede@arm.com>
Change-Id: I88d5a073eead4b653b1ca73273182cd98a95e4c5
This sets the frequency of the system counter so that the Delay Timer
driver programs the correct value to CNTCRL. This value depends on
the FPGA image being used, and is 10MHz for the initial test image.
Once configured, the BL31 platform setup sequence then enables the
system counter.
Signed-off-by: Oliver Swede <oli.swede@arm.com>
Change-Id: Ieb036a36fd990f350b5953357424a255b8ac5d5a
This adds a basic PSCI implementation allow secondary CPUs to be
released from an initial state and continue through to the warm boot
entrypoint.
Each secondary CPU is kept in a holding pen, whereby it polls the value
representing its hold state, by reading this from an array that acts as
a table for all the PEs. The hold states are initially set to 0 for all
cores to indicate that the executing core should continue polling.
To prevent the secondary CPUs from interfering with the platform's
initialization, they are only updated by the primary CPU once the cold
boot sequence has completed and fpga_pwr_domain_on(mpidr) is called.
The polling target CPU will then read 1 (which indicates that it should
branch to the warm reset entrypoint) and then jump to that address
rather than continue polling.
In addition to the initial polling behaviour of the secondary CPUs
before their warm boot reset sequence, they are also placed in a
low-power wfe() state at the end of each poll; accordingly, the PSCI
fpga_pwr_domain_on(mpidr) function also signals an event to all cores
(after updating the target CPU's hold entry) to wake them from this
state, allowing any secondary CPUs that are still polling to check
their hold state again.
This method is in accordance with both the PSCI and Linux kernel
recommendations, as the lessened overhead reduces the energy
consumption associated with the busy-loop.
The table of hold entries is implemented by a global array as shared SRAM
(which is used by other platforms in similar implementations) is not
available on the FPGA images.
Signed-off-by: Oliver Swede <oli.swede@arm.com>
Change-Id: I65cfd1892f8be1dfcb285f0e1e94e7a9870cdf5a
This makes use of the PRELOADED_BL33_BASE flag to indicate to BL31 that
the BL33 payload (kernel) has already been loaded and resides in memory;
BL31 will then jump to the non-secure address.
For this port the BL33 payload is the Linux kernel, and in accordance
with the pre-kernel setup requirements (as specified in the `Booting
AArch64 Linux' documentation:
https://www.kernel.org/doc/Documentation/arm64/booting.txt),
this change also sets up the primary CPU's registers x0-x3 so they are
the expected values, which includes the address of the DTB at x0.
An external linker script is currently required to combine BL31, the
BL33 payload, and any other software images to create an ELF file that
can be uploaded to the FPGA board along with the bit file. It therefore
has dependencies on the value of PRELOADED_BL33_BASE (kernel base) and
the DTB base (plus any other relevant base addresses used to
distinguish the different ELF sections), both of which are set in this
patch.
Signed-off-by: Oliver Swede <oli.swede@arm.com>
Change-Id: If7ae8ee82d1e09fb05f553f6077ae13680dbf66b
This adds the minimal functions and definitions to create a basic
BL31 port for an initial FPGA image, in order for the port to be
uploaded to one the FPGA boards operated by an internal group within
Arm, such that BL31 runs as a payload for an image.
Future changes will enable the port for a wide range of system
configurations running on the FPGA boards to ensure compatibility with
multiple FPGA images.
It is expected that this will replace the FPGA fork of the Linux kernel
bootwrapper by performing similar secure-world initialization and setup
through the use of drivers and other well-established methods, before
passing control to the kernel, which will act as the BL33 payload and
run in EL2NS.
This change introduces a basic, loadable port with the console
initialized by setting the baud rate and base address of the UART as
configured by the Zeus image.
It is a BL31-only port, and RESET_TO_BL31 is enabled to reflect this.
Signed-off-by: Oliver Swede <oli.swede@arm.com>
Change-Id: I1817ad81be00afddcdbbda1ab70eb697203178e2
This patch provides support for measured boot by adding calculation
of BL2 image hash in BL1 and writing these data in TB_FW_CONFIG DTB.
Change-Id: Ic074a7ed19b14956719c271c805b35d147b7cec1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
To demonstrate communication between SP's two instances of Cactus at
S-EL1 has been used.
This patch replaces Ivy SP with cactus-secondary SP which aligns with
changes in tf-a-tests repository.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Iee84f1f7f023b7c4f23fbc13682a42614a7f3707
When using the SPM Dispatcher, the SPMC sits as a BL32 component
(BL32_IMAGE_ID). The SPMC manifest is passed as the TOS fw config
component (TOS_FW_CONFIG_ID). It defines platform specific attributes
(memory range and physical CPU layout) as well as the attributes for
each secure partition (mostly load address). This manifest is passed
to the SPMC on boot up. An SP package contains the SP dtb in the SPCI
defined partition manifest format. As the SPMC manifest was enriched
it needs an increase of tos_fw-config max-size in fvp_fw_config dts.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ia1dce00c6c4cbaa118fa56617980d32e2956a94e
Rather than creating entry in plat_arm_mmap array to map the
entire DRAM region in BL31/SP_MIN, only map a smaller region holding
HW_CONFIG DTB. Consequently, an increase in number of sub-translation
tables(level-2 and level-3) i.e., MAX_XLAT_TABLES is necessary to map
the new region in memory.
In order to accommodate the increased code size in BL31 i.e.,
PROGBITS, the max size of BL31 image is increased by 0x1000(4K).
Change-Id: I540b8ee550588e22a3a9fb218183d2ab8061c851
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Merge the previously introduced arm_fconf_io_storage into arm_io_storage. This
removes the duplicate io_policies and functions definition.
This patch:
- replace arm_io_storage.c with the content of arm_fconf_io_storage.c
- rename the USE_FCONF_BASED_IO option into ARM_IO_IN_DTB.
- use the ARM_IO_IN_DTB option to compile out io_policies moved in dtb.
- propagate DEFINES when parsing dts.
- use ARM_IO_IN_DTB to include or not uuid nodes in fw_config dtb.
- set the ARM_IO_IN_DTB to 0 by default for fvp. This ensure that the behavior
of fvp stays the same as it was before the introduction of fconf.
Change-Id: Ia774a96d1d3a2bccad29f7ce2e2b4c21b26c080e
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
This patch introduces the `SPCI_ID_GET` interface which will return the
ID of the calling SPCI component. Returns 0 for requests from the
non-secure world and the SPCI component ID as specified in the manifest
for secure world requests.
Change-Id: Icf81eb1d0e1d7d5c521571e04972b6e2d356e0d1
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
To accommodate the increasing size of the SCP_BL2 binary, the base
address of the memory region allocated to SCP_BL2 has been moved
downwards from its current (mostly) arbitrary address to the beginning
of the non-shared trusted SRAM.
Change-Id: I086a3765bf3ea88f45525223d765dc0dbad6b434
Signed-off-by: Chris Kay <chris.kay@arm.com>
Add CLCD, HDLCD, PCI and VIRTIO devices as source interfaces for TZC
filter unit to enable DMA for these devices.
Change-Id: Ifad2e56b18605311936e03cfcccda573cac7e60a
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
The motivation behind this patch and following patches is to extract
information about the platform in runtime rather than depending on
compile time macros such as FVP_CLUSTER_COUNT. This partially enables
us to use a single binary for a family of platforms which all have
similar hardware capabilities but differ in configurations.
we populate the data structure describing the power domain hierarchy
of the platform dynamically by querying the number of clusters and cpus
using fconf getter APIs. Compile time macro such as FVP_CLUSTER_COUNT
is still needed as it determines the size of related data structures.
Note that the cpu-map node in HW_CONFIG dts represents a logical
hierarchy of power domains of CPU. However, in reality, the power
domains may not have been physically built in such hierarchy.
Change-Id: Ibcbb5ca7b2c969f8ad03ab2eab289725245af7a9
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Create, register( and implicitly invoke) fconf_populate_topology()
function which extracts the topology related properties from dtb into
the newly created fconf based configuration structure 'soc_topology'.
Appropriate libfdt APIs are added to jmptbl.i file for use with USE_ROMLIB
build feature.
A new property which describes the power domain levels is added to the
HW_CONFIG device tree source files.
This patch also fixes a minor bug in the common device tree file
fvp-base-gicv3-psci-dynamiq-common.dtsi
As this file includes fvp-base-gicv3-psci-common.dtsi, it is necessary
to delete all previous cluster node definitons because DynamIQ based
models have upto 8 CPUs in each cluster. If not deleted, the final dts
would have an inaccurate description of SoC topology, i.e., cluster0
with 8 or more core nodes and cluster1 with 4 core nodes.
Change-Id: I9eb406da3ba4732008a66c01afec7c9fa8ef59bf
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Necessary infrastructure added to integrate fconf framework in BL31 & SP_MIN.
Created few populator() functions which parse HW_CONFIG device tree
and registered them with fconf framework. Many of the changes are
only applicable for fvp platform.
This patch:
1. Adds necessary symbols and sections in BL31, SP_MIN linker script
2. Adds necessary memory map entry for translation in BL31, SP_MIN
3. Creates an abstraction layer for hardware configuration based on
fconf framework
4. Adds necessary changes to build flow (makefiles)
5. Minimal callback to read hw_config dtb for capturing properties
related to GIC(interrupt-controller node)
6. updates the fconf documentation
Change-Id: Ib6292071f674ef093962b9e8ba0d322b7bf919af
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Since N1SDP has a system level cache which is an
external LLC enable the NEOVERSE_N1_EXTERNAL_LLC flag.
Change-Id: Idb34274e61e7fd9db5485862a0caa497f3e290c7
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
* changes:
plat/arm: Pass cookie argument down to arm_get_rotpk_info()
plat/arm: Add support for dualroot CoT
plat/arm: Provide some PROTK files for development
This patch provides separation of GICD, GICR accessor
functions and adds new macros for GICv3 registers access
as a preparation for GICv3.1 and GICv4 support.
NOTE: Platforms need to modify to include both
'gicdv3_helpers.c' and 'gicrv3_helpers.c' instead of the
single helper file previously.
Change-Id: I1641bd6d217d6eb7d1228be3c4177b2d556da60a
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Added SPMD_SPM_AT_SEL2 build command line parameter.
Set to 1 to run SPM at S-EL2.
Set to 0 to run SPM at S-EL1 (pre-v8.4 or S-EL2 is disabled).
Removed runtime EL from SPM core manifest.
Change-Id: Icb4f5ea4c800f266880db1d410d63fe27a1171c0
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Add load address and UUID in fw config dts for Cactus and Ivy which are
example SP's in tf-test repository.
For prototype purpose these information is added manually but later on
it will be updated at compile time from SP layout file and SP manifests
provided by platform.
Change-Id: I41f485e0245d882c7b514bad41fae34036597ce4
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
* changes:
board/rddaniel: intialize tzc400 controllers
plat/arm/tzc: add support to configure multiple tzc400
plat/arm: allow boards to specify second DRAM Base address
plat/arm: allow boards to define PLAT_ARM_TZC_FILTERS
This patch fixes incorrect setting for DEVICE1_SIZE
for FVP platforms with more than 8 PEs.
The current value of 0x200000 supports only 8 PEs
and causes exception for FVP platforms with the greater
number of PEs, e.g. FVP_Base_Cortex_A65AEx8 with 16 PEs
in one cluster.
Change-Id: Ie6391509fe6eeafb8ba779303636cd762e7d21b2
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch introduces a build flag which allows the xlat tables
to be mapped in a read-only region within BL31 memory. It makes it
much harder for someone who has acquired the ability to write to
arbitrary secure memory addresses to gain control of the
translation tables.
The memory attributes of the descriptors describing the tables
themselves are changed to read-only secure data. This change
happens at the end of BL31 runtime setup. Until this point, the
tables have read-write permissions. This gives a window of
opportunity for changes to be made to the tables with the MMU on
(e.g. reclaiming init code). No changes can be made to the tables
with the MMU turned on from this point onwards. This change is also
enabled for sp_min and tspd.
To make all this possible, the base table was moved to .rodata. The
penalty we pay is that now .rodata must be aligned to the size of
the base table (512B alignment). Still, this is better than putting
the base table with the higher level tables in the xlat_table
section, as that would cost us a full 4KB page.
Changing the tables from read-write to read-only cannot be done with
the MMU on, as the break-before-make sequence would invalidate the
descriptor which resolves the level 3 page table where that very
descriptor is located. This would make the translation required for
writing the changes impossible, generating an MMU fault.
The caches are also flushed.
Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>
Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
The dualroot chain of trust involves 2 root-of-trust public keys:
- The classic ROTPK.
- The platform ROTPK (a.k.a. PROTPK).
Use the cookie argument as a key ID for plat_get_rotpk_info() to return the
appropriate one. This only applies if we are using the dualroot CoT ; if using
the TBBR one, the behaviour is unchanged.
Change-Id: I400707a87ec01afd5922b68db31d652d787f79bd
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The cookie will be leveraged in the next commit.
Change-Id: Ie8bad275d856d84c27466461cf815529dd860446
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Manish Pandey
Olivier Deprez
Manish V Badarkhe
Usama Arif
Anders Dellien
Ruari Phipps
André Przywara
Javier Almansa Sobrino
Sayanta Pattanayak
Mark Dykes
Madhukar Pappireddy
Jimmy Brisson
Alexei Fedorov
Vijayenthiran Subramaniam
Sandrine Bailleux
Abdellatif El Khlifi
laurenw-arm
J-Alves
Balint Dobszay
Louis Mayencourt
Aditya Angadi
Chris Kay
Masahiro Yamada
Oliver Swede
Max Shvetsov
Chandni Cherukuri
Petre-Ionut Tudor