Allow to access all register addresses from SMC call if compile the code
with DEBUG=1 for debugging purpose.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: Idd31827fb71307efbdbcceeaa05f6cb072842e10
This patch creates macros to handle different configuration
types. These changes will help in adding new configuration
types in the future.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: I5826a8e5942228a9ed376212f0df43b1605c0199
This command supports to return SiP SVC major and minor version.
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: Ia8bf678b8de0278aeaae748f24bdd05f8c9f9b47
Set OCRAM as secure region and required privileged access in BL31 to
prevent software running in normal world (non-secure) accessing memory
region in OCRAM which may contain sensitive information (e.g. FSBL,
handoff data)
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ib6b24efd69f49cd3f9aa4ef2ea9f1af5ce582bd6
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Move codes that previously were part of system_manager driver into
firewall driver which are more appropriate based on their functionalities.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I35e9d792f35ee7491c2f306781417a0c8faae3fd
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Refactor NOC header to be shareable across both Stratix 10 and Agilex
platforms. This patch also removes redundant NOC declarations in system
manager header file.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I6348b67a8b54c2ad19327d6b8c25ae37d25e4b4a
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
In order to modularize software libraries and platform drivers,
we create makefile helpers to treat a folder as a basic compile
unit.
Each module has a build rule (rules.mk) to describe driver and software
library source codes to be built in.
Signed-off-by: Leon Chen <leon.chen@mediatek.com>
Change-Id: Ib2113b259dc97937b7295b265509025b43b14077
Introduce EXTRA_LINKERFILE for GCC linker options. GCC linker
can realize multiple linker scripts, and vendors can extend ro or
text sections by inserting sections among the original sections
specified by blx.ld.S.
Vendors can assign compiled object files by assigning MODULE_OBJS
with their own built path.
Signed-off-by: Leon Chen <leon.chen@mediatek.com>
Change-Id: I1bd2e0383a52204723816131da4b7948def4c4e9
As per change [1], now HW_CONFIG gets loaded in secure and
non-secure memory. Hence updated the documentation to show
secure and non-secure load region of HW_CONFIG in FVP Arm
platform.
Additionally, added a note on how FW_CONFIG address gets
passed from BL2 to BL31/SP_MIN.
[1]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/14620
Change-Id: I37e02ff4f433c87bccbe67c7df5ecde3017668b9
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Added a description for the newly introduced 'ns-load-address' property
in the dtb-registry node of FCONF.
Change-Id: Ief8e8a55a6363fd42b23491d000b097b0c48453b
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Currently, HW-config is loaded into non-secure memory, which mean
a malicious NS-agent could tamper with it. Ideally, this shouldn't
be an issue since no software runs in non-secure world at this time
(non-secure world has not been started yet).
It does not provide a guarantee though since malicious external
NS-agents can take control of this memory region for update/corruption
after BL2 loads it and before BL31/BL32/SP_MIN consumes it. The threat
is mapped to Threat ID#3 (Bypass authentication scenario) in threat
model [1].
Hence modified the code as below -
1. BL2 loads the HW_CONFIG into secure memory
2. BL2 makes a copy of the HW_CONFIG in the non-secure memory at an
address provided by the newly added property(ns-load-address) in
the 'hw-config' node of the FW_CONFIG
3. SP_MIN receives the FW_CONFIG address from BL2 via arg1 so that
it can retrieve details (address and size) of HW_CONFIG from
FW_CONFIG
4. A secure and non-secure HW_CONFIG address will eventually be used
by BL31/SP_MIN/BL32 and BL33 components respectively
5. BL31/SP_MIN dynamically maps the Secure HW_CONFIG region and reads
information from it to local variables (structures) and then
unmaps it
6. Reduce HW_CONFIG maximum size from 16MB to 1MB; it appears
sufficient, and it will also create a free space for any future
components to be added to memory
[1]: https://trustedfirmware-a.readthedocs.io/en/latest/threat_model/threat_model.html
Change-Id: I1d431f3e640ded60616604b1c33aa638b9a1e55e
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Not all K3 platforms support low power mode, so to allow these
features to be included for platforms that do in build and
therefore reported in the PSCI caps, define K3_PM_SYSTEM_SUSPEND
flag that can be set during build that will cause appropriate
space and functionality to be included in build for system
suspend support.
Change-Id: I821fbbd5232d91de6c40f63254b855e285d9b3e8
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Increase the lite platform SEC_SRAM_SIZE to 128k to allow space
for GIC context.
Change-Id: I6414309757ce9a9b7b3a9233a401312bfc459a3b
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Add necessary K3 PSCI handlers to enable system suspend to be reported
in the PSCI capabilities when asked during OS boot.
Additionally, have the handlers provide information that all domains
should be off and also have the power domain suspend handler invoke the
TISCI_MSG_ENTER_SLEEP message to enter system suspend.
Change-Id: I351a16167770e9909e8ca525ee0d74fa93331194
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Add functions to save and restore GICv3 redist and dist contexts during
low power mode and then call these during the suspend entry and finish
psci handlers.
Change-Id: I26c2c0f3b7fc925de3b349499fa42d2405441577
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
This TISCI API must be used to trigger entry into system suspend, and
this is done through the use of TI_SCI_MSG_ENTER_SLEEP. Introduce a
method to send this message.
Change-Id: Id7af5fb2a34623ad69e76764f389ff4d8d259fba
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
* changes:
fix(versal): fix coverity scan warnings
feat(versal): get version for ATF related EEMI APIs
feat(versal): enhance PM_IOCTL EEMI API to support additional arg
feat(versal): add common interfaces to handle EEMI commands
Update the make command with the RESET_TO_BL31=1 addition.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I46cc81abb539773706348464b3061d20d94522e9
The patch does below things.
1. As per current implementation, when Linux send a request to ATF to
get the version of APIs which are implemented in ATF then ATF wasn't
returning any version because there is a check for LIBPM module id.
The ATF is used to return version for the APIs which are implemented
in the firmware only.
Hence moved this switch-case before checking module id to get ATF
version.
Also, no need to pass Linux request to the firmware for the APIs
which are implemented in ATF instead return success after updating
version.
2. As per current implementation, higher 16-bit is used for ATF
version and lower 16-bit is used for firmware version. Now, removed
16-bit shift operation and send complete word i.e. 32-bit to Linux
user as there is no user who checks ATF version.
3. Add bit mask support in the feature check PM EEMI API for QUERY and
IOCTL ids.
Change-Id: Icdca3de6659f3b673b81a423ed79a3c20b678768
Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Signed-off-by: Tanmay Shah <tanmay.shah@xilinx.com>
Currently, SMC handler is limited to parsing 5 arguments (1 API ID + 4
32-bit command args). Extend this handling to support one more 32-bit
command argument which is necessary to support new IOCTL IDs for
secure read/write interface.
Note that, this change is completely transparent and does not affect
existing functionality of any of the EEMI APIs.
Change-Id: I72016620eeeaf598f14853512120bfb30bb9a3e9
Signed-off-by: Izhar Ameer Shaikh <izhar.ameer.shaikh@xilinx.com>
Signed-off-by: Tanmay Shah <tanmay.shah@xilinx.com>
This change adds common interfaces to handle commands from firmware driver
to power management controller. It removes big chunk of source line of code
that was handling each command separately and doing same repetitive work.
EEMI - Embedded Energy Management Interface is Xilinx proprietary
protocol to allow communication between power management controller
and different processing clusters.
As of now, Each EEMI command has its own implementation in TF-A.
This is redundant. Essentially most EEMI command implementation
in TF-A does same work. It prepares payload received from kernel, sends
payload to firmware, receives response from firmware and send response
back to kernel.
The same functionality can be achieved if common interface is used among
multiple EEMI commands. This change divides platform management related
SMCCC requests into 4 categories.
1) EEMI commands required for backward compatibility.
Some EEMI commands are still required for backward compatibility
until removed completely or its use is changed to accommodate
common interface
2) EEMI commands that require for PSCI interface and accessed from debugfs
For example EEMI calls related to CPU suspend/resume
3) TF-A specific requests
Functionality such as getting TF-A version and getting callback
data for platform management is handled by this interface
4) Common interface for rest of EEMI commands
This handlers performs payload and firmware response transaction job for
rest of EEMI commands. Also it parses module ID from SMC payload and inserts
in IPI request. If not module ID is found, then default is LIBPM_MODULE_ID.
This helps in making common path in TF-A for all the modules in PLM firmware
Change-Id: I57a2787c7fff9f2e1d1f9003b3daab092632d57e
Signed-off-by: Tanmay Shah <tanmay.shah@xilinx.com>
When using SCPI as the PSCI backend, firmware can wake up the CPUs and
cluster from sleep, so CPU idle states are available for the rich OS to
use. In that case, advertise them to the rich OS via the DTB.
Change-Id: I718ef6ef41212fe5213b11b4799613adbbe6e0eb
Signed-off-by: Samuel Holland <samuel@sholland.org>
Use the encoding recommended by the PSCI specification: four bits for
the power state at each power level.
SCPI provides no way to handshake an exit from a standby state, so the
only possible standby state is the architectural WFI state. Since WFI
can be used outside of PSCI, we do not allow passing in standby states.
Change-Id: I4b3b84e5c255ee58a25255a0cab5d7623425086e
Signed-off-by: Samuel Holland <samuel@sholland.org>
Aligning the PSCI and SCPI power states avoids some code to translate
between the two. This also makes room for an intermediate power state,
for future firmware capability growth.
Change-Id: I26691085f277a96bd405e3305ab0fe390a92b418
Signed-off-by: Samuel Holland <samuel@sholland.org>
Some platforms require extra firmware to implement CPU_SUSPEND, or only
have working CPU_SUSPEND in certain configurations. On these platforms,
CPU idle states should only be listed in the devicetree when they are
actually available. Add a function BL31 can use to dynamically supply
this idle state information.
Change-Id: I64fcc288303faba8abec4f59efd13a04220d54dc
Signed-off-by: Samuel Holland <samuel@sholland.org>
Currently, if any step of the DTB patching process fails, the whole
process is aborted. However, this causes some problems:
- If any step modifies the DTB (including fdt_open_into), the dcache
must still be cleaned, even if some later step fails.
- The DTB may need changes in multiple places; if one patch fails (for
example due to missing nodes), we should still apply other patches.
- Similarly, if some patch fails, we should still run fdt_pack to
clean up after ourselves.
Change-Id: If1af2e58e5a7edaf542354bb8a261dd1c3da1ad0
Signed-off-by: Samuel Holland <samuel@sholland.org>
Idle states are advertised to the rich OS by declaring them in the DTB.
Since the availability of idle states depends on which PSCI
implementation was chosen, the DTB must be updated after PSCI setup.
Move this operation to bl31_plat_runtime_setup, the platform hook
which happens at the right time. Defining this hook overrides the weak
definition from plat/common, so copy over the code from there, too.
Change-Id: I42a83edb9cb28e1803d17dc2d73dbc879d885222
Signed-off-by: Samuel Holland <samuel@sholland.org>
So far the H616 was the only Allwinner SoC needed to amend the DTB, to
reserve the DRAM portion that BL31 occupies.
To allow other SoCs to modify the DTB as well, without duplicating code,
move the DTB change routines into Allwinner common code, and generalise
the current code to allow other modifications.
No functional change intended.
Change-Id: I080ea07b6470367f3c2573a4368f8ef5196d411c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Samuel Holland <samuel@sholland.org>
TB_FW_CONFIG DT no longer contains the address of HW_CONFIG; it has
been moved to the FW_CONFIG DT since the introduction of FCONF.
Hence updated the documentation accordingly.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I37b68502a89dbd521acd99f2cb3aeb0bd36a04e0
according to the spec, the response to read attr comes in the
ts.attr.value field and not in the data segment.
Signed-off-by: anans <anans@google.com>
Change-Id: Iaf21883bb7e364fd7c7e4bccb33359367a0cf99d
ufs controller needs to be disabled if already enabled, without
this we noticed a crash at linkstartup during reinit
Signed-off-by: anans <anans@google.com>
Change-Id: I523c5d57c1d34f6404a6368ee3f364fbffd2e542
Upgrade to the latest and greatest 2.x release of Mbed TLS library
(i.e. v2.28.0) to take advantage of their bug fixes.
Note that the Mbed TLS project published version 3.x some time
ago. However, as this is a major release with API breakages, upgrading
to 3.x might require some more involved changes in TF-A, which we are
not ready to do. We shall upgrade to mbed TLS 3.x after the v2.7
release of TF-A.
Change-Id: I887dfd87893169c7be53b986e6c43338d15949d7
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Upgrade to the latest and greatest 2.x release of Mbed TLS library
(i.e. v2.28.0) to take advantage of their bug fixes.
Note that the Mbed TLS project published version 3.x some time
ago. However, as this is a major release with API breakages, upgrading
to 3.x might require some more involved changes in TF-A, which we are
not ready to do. We shall upgrade to mbed TLS 3.x after the v2.7
release of TF-A.
Actually, the upgrade this time simply boils down to including the new
source code module 'constant_time.c' into the firmware.
To quote mbed TLS v2.28.0 release notes [1]:
The mbedcrypto library includes a new source code module
constant_time.c, containing various functions meant to resist timing
side channel attacks. This module does not have a separate
configuration option, and functions from this module will be
included in the build as required.
As a matter of fact, if one is attempting to link TF-A against mbed
TLS v2.28.0 without the present patch, one gets some linker errors
due to missing symbols from this new module.
Apart from this, none of the items listed in mbed TLS release
notes [1] directly affect TF-A. Special note on the following one:
Fix a bug in mbedtls_gcm_starts() when the bit length of the iv
exceeds 2^32.
In TF-A, we do use mbedtls_gcm_starts() when the firmware decryption
feature is enabled with AES-GCM as the authenticated decryption
algorithm (DECRYPTION_SUPPORT=aes_gcm). However, the iv_len variable
which gets passed to mbedtls_gcm_starts() is an unsigned int, i.e. a
32-bit value which by definition is always less than 2**32. Therefore,
we are immune to this bug.
With this upgrade, the size of BL1 and BL2 binaries does not appear to
change on a standard sample test build (with trusted boot and measured
boot enabled).
[1] https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.0
Change-Id: Icd5dbf527395e9e22c8fd6b77427188bd7237fd6
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Right now, TF-A documentation recommends downloading Arm compilers
from:
https://developer.arm.com/open-source/gnu-toolchain/gnu-a/downloads
However, this page is now deprecated, as indicated by the banner at
the top of the page. When navigating to the new recommended page, one
can see the following note, which provides the rationale for the
deprecation:
GNU Toolchain releases from Arm were published previously as two
separate releases - one for A-profile and the other for R & M
profiles (GNU Toolchain for A-profile processors and GNU Arm
Embedded Toolchain).
Arm GNU Toolchain releases unifies these two into a single release
and the previous way of releases therefore have been
discontinued. However, the previous releases will continue to be
available for reference.
This patch updates the link to the new recommended place for compiler
downloads.
Change-Id: Iefdea3866a1af806a5db2d2288edbb63c543b8ee
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
time taken for device init varies based on different devices,
instead of waiting for 200ms - we can poll on fdevice init
until it gets cleared, similar to what linux does
Change-Id: I571649231732fde0cd6d5be89b6f14fe905fcaff
Signed-off-by: anans <anans@google.com>
Siew Chin Lim
Abdul Halim, Muhammad Hadi Asyrafi
Sieu Mun Tang
Leon Chen
Manish V Badarkhe
Dave Gerlach
Madhukar Pappireddy
Manish Pandey
Venkatesh Yadav Abbarapu
Tanmay Shah
Ronak Jain
Rupinderjit Singh
Samuel Holland
Andre Przywara
Joanna Farley
Sandrine Bailleux
anans
Lauren Wehrmeister