The default Raspberry Pi 3 memory mapping for ATF is geared towards
the use of uboot + Linux. This creates issues when trying to use
ATF with an UEFI payload and Windows on ARM64.
We therefore introduce new build option RPI3_USE_UEFI_MAP, that
enables the build process to use an alternate memory mapping that
is compatible with UEFI + Windows (as well as UEFI + Linux).
FixesARM-software/tf-issues#649
Signed-off-by: Pete Batard <pete@akeo.ie>
Some OSes (e.g. Ubuntu 18.04 LTS on Raspberry Pi 3) may disable the
runtime UART in a manner that prevents the system from rebooting if
ATF tries to send runtime messages there.
Also, we don't want the firmware to share the UART with normal
world, as this can be a DoS attack vector into the secure world.
This patch fixes these 2 issues by introducing new build option
RPI3_RUNTIME_UART, that disables the runtime UART by default.
FixesARM-software/tf-issues#647
Signed-off-by: Pete Batard <pete@akeo.ie>
All identifiers, regardless of use, that start with two underscores are
reserved. This means they can't be used in header guards.
The style that this project is now to use the full name of the file in
capital letters followed by 'H'. For example, for a file called
"uart_example.h", the header guard is UART_EXAMPLE_H.
The exceptions are files that are imported from other projects:
- CryptoCell driver
- dt-bindings folders
- zlib headers
Change-Id: I50561bf6c88b491ec440d0c8385c74650f3c106e
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
When a device tree blob is present at a known address, instead of, for
example, relying on the user modifying the Linux command line to warn
about the memory reserved for the Trusted Firmware, pass it on the DTB.
The current code deletes the memory reserved for the default bootstrap
of the Raspberry Pi and adds the region used by the Trusted Firmware.
This system replaces the previous one consisting on adding
``memmap=16M$256M`` to the Linux command line. It's also meant to be
used by U-Boot and any other bootloader that understands DTB files.
Change-Id: I13ee528475fb043d6e8d9e9f24228e37ac3ac436
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The "Secure" prefix (S-ELx) is valid only for S-EL0 and S-EL1 but is
meaningless for EL3, since EL3 is always secure. Hence, the "S" prefix
has been removed from wherever it was used as "S-EL3".
Change-Id: Icdeac9506d763f9f83d7297c7113aec7b85e9dbe
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
The codebase was using non-standard headers. It is needed to replace
them by the correct ones so that we can use the new libc headers.
Change-Id: I530f71d9510cb036e69fe79823c8230afe890b9d
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The Raspberry Pi 3 port doesn't actually depend on any Arm platform
code, so the dependencies can be removed.
Change-Id: Ic2f47f5001bebde3862815b1d880a169d82b3f65
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The Non-secure DRAM region shouldn't be protected in the range specified
in the Linux command line with memmap.
This change also increases the size of the Secure DRAM region.
Change-Id: I306e9e443a84b834c99739f54a534a3ca3be2424
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This option allows the Trusted Firmware to pass the correct arguments to
a 32 or 64-bit Linux kernel without the need of an intermediate loader
such as U-Boot.
Change-Id: I2b22e8933fad6a614588ace559f893e97329801f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
FIQs shouldn't be used at all as long as the interrupt routing doesn't
support them properly.
Change-Id: Ib1db7b523a62de2035d41197bc791048337cf791
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Remove unused variable and set the secure entrypoint correctly.
Change-Id: I7447ea62771092de6be35704077ae28c519d6993
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
It uses the hardware RNG in a similar way as Juno (it gets 128 bits of
entropy and does xor on them).
It is disabled by default.
Change-Id: I8b3adb61f5a5623716e0e8b6799404c68dd94c60
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Note that this is a non-secure RNG. This is only useful for educational
purposes.
Change-Id: If359c8d0f755ef8e416986de7fbca34679a523e1
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
There is no way to boot BL31 at the addresses specified in the platform
memory map unless an extra loader is used at address 0x00000000. It is
better to remove it to prevent confusion. Having it enabled was a bug.
Change-Id: I3229fbc080f5996cff47efce8e799bae94e0d5cb
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Implement VideoCore mailbox interface driver and use it to get the board
revision identifier.
For now it is only used to print the model for debug purposes.
This wiki contains the documentation of the mailbox interface:
https://github.com/raspberrypi/firmware/wiki
Change-Id: I11943b99b52cc1409f4a195ebe58eb44ae5b1d6c
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This implementation doesn't actually turn the system off, it simply
reboots it and prevents it from booting while keeping it in a low power
mode.
Change-Id: I7f72c9f43f25ba0341db052bc2be4774c88a7ea3
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Add a new default makefile target to concatenate BL1 and the FIP and
generate armstub8.bin. This way it isn't needed to do it manually.
Documentation updated to reflect the changes.
Change-Id: Id5b5b1b7b9f87767db63fd01180ddfea855a7207
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Running optee_test failed because SEC_DRAM0_SIZE is too small. Previous
is 2 MB. We enlarge it to 11 MB for passing the test. Also we reduce
the NS_DRAM0_SIZE from 13MB to 4MB so that the whole section is still
fit in 16MB.
This commit also modified the document to reflect the changes we've
made in code.
Tested-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Implement minimal interrupt routing functions. All interrupts are
treated as non-secure interrupts to be handled by the non-secure world.
Add note to the documentation about disabling FIQs qhen using OP-TEE
with Linux.
Change-Id: I937096542d973925e43ae946c5d0b306d0d95a94
Tested-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch adds support for TBB to rpi3. The ROTPK is generated at build
time and is included into BL1/BL2. The key and content certificates are
read over semihosting.
Tested-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Switch to the new console APIs enabled by setting MULTI_CONSOLE_API=1.
The crash console doesn't use this API, it uses internally the core
functions of the 16550 console.
`bl31_plat_runtime_setup` is no longer needed. When this platform port
was introduced, that function used to disable the console. It was needed
to override that behaviour. The new behaviour is to switch to the
runtime console. The console is registered for all scopes (boot, crash
and runtime) in `rpi3_console_init` so it is not needed to override the
default behaviour anymore.
Update documentation.
Change-Id: If2ee8f91044216183b7ef142e5c05ad6220ae92f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This port can be compiled to boot an AArch64 or AArch32 payload with the
build option `RPI3_BL33_AARCH32`.
Note: This is not a secure port of the Trusted Firmware. This port is
only meant to be a reference implementation to experiment with an
inexpensive board in real hardware.
Change-Id: Ide58114299289bf765ef1366199eb05c46f81903
Co-authored-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>