Now that the DDR is mapped secured, the security settings (TZC400
firewall) have to be applied at the end of BL2 for the OP-TEE case.
This is required to avoid checskum computation error on U-Boot binary,
for which MMU and TZC400 would not be aligned.
Change-Id: I4a364f7117960e8fae1b579f341b9f140b766ea6
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Some parameters from BootROM boot context can be required after boot.
To save space in SYSRAM, this context can be overwritten during images
load sequence. The needed information (here the boot interface) is
then saved in a local variable.
Change-Id: I5e1ad4630ccf78480f415a0a83939005ae67729e
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Avoid parsing device tree every time when returning
the DDR size.
A cache flush on this size is also added because TZC400 configuration
is applied at the end of BL2 after MMU and data cache being turned off.
Configuration needs to retrieve the DDR size to generate the correct
region. Access to the size fails because the value is still in the data
cache. Flushing the size is mandatory.
Change-Id: I3dd1958f37d806f9c15a5d4151968935f6fe642e
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
In BL2, the DDR can be mapped as secured in MMU, as no other SW
has access to it during its execution.
The TZC400 configuration is also updated to reflect this. When using
OP-TEE, the TZC400 is reconfigured at the end of BL2, to match OP-TEE
mapping. Else, SP_min will be in charge to reconfigure TZC400 to set
DDR non-secure.
Change-Id: Ic5ec614b218f733796feeab1cdc425d28cc7c103
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add new static functions to factorize code in stm32mp1_security.c.
Change-Id: Ifa5a1aaf7c56c25dba9a0ab8e985496d7cb06990
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add a generic function to setup the stm32image IO.
Change-Id: I0f7cf4a6030605037643f3119b809e0319d926af
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Add a panic() at the end of stm32mp_io_setup() if the boot interface
given in ROM code boot context is not supported.
Change-Id: I0d50f21a11231febd21041b6e63108cc3e6f4f0c
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
The dependency on this macro was added by patch [1]. But the macro
itself was forgotten in the patch.
[1] 128e0b3e2e ("stm32mp1: update rules for stm32image tool")
Change-Id: I49219e1e13828b97b95f404983da33ef4567fe23
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
In stm32mp1_syscfg_disable_io_compensation(), to disable the IO
compensation cell, we have to set the corresponding bit in
SYSCFG_CMPENCLRR register, instead of clearing the bit in SETR register.
Change-Id: I510a50451f8afb9e98c24e1ea84efbf73a39e6b4
Signed-off-by: Yann Gautier <yann.gautier@st.com>
BSEC services should return SMC error codes as other IDs (defined in
stm32mp1_smc.h) and not BSEC driver ones. So that non-secure caller
is able to treat them correctly.
In global SMC handler, unknown ID should also return a value from this
definition list, and not the generic one, which seems not well adapted
for our needs.
Two unsigned values initializations are also changed from 0 to 0U.
Change-Id: Ib6fd3866a748cefad1d13d48f7be38241621023e
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
* changes:
refactor(plat/nvidia): use SOC_ID defines
refactor(plat/mediatek): use SOC_ID defines
refactor(plat/arm): use SOC_ID defines
feat(plat/st): implement platform functions for SMCCC_ARCH_SOC_ID
refactor(plat/st): export functions to get SoC information
feat(smccc): add bit definition for SMCCC_ARCH_SOC_ID
Device Tree address is now a parameter for dt_open_and_check() function.
This will allow better flexibility when introducing PIE and FIP.
The fdt pointer is now only assigned if the given address holds
a valid device tree file. This allows removing the fdt_checked variable,
as we now check fdt is not null.
Change-Id: I04cbb2fc05c9c711ae1c77d56368dbeb6dd4b01a
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The boot device is now checked inside a dedicated rule, that is only
called during BL2 compilation step
Change-Id: Ie7bcd1f166285224b0c042238989a82f7b6105c6
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Added a new STM32MP_EMMC_BOOT option, which is used to look for SSBL in
the same eMMC boot partition TF-A booted from at a fixed 256k offset. In
case STM32 image header is not found, the boot process rolls back to a
GPT partition look-up scheme.
Signed-off-by: Vyacheslav Yurkov <uvv.mail@gmail.com>
Change-Id: I85a87dc9ae7f2b915ed8e584be80f4b3588efc48
The io_dummy code and function calls are only used in case BL32 is TF-A
SP_min, and not OP-TEE. This code in bl2_io_storage can then be put under
#ifndef AARCH32_SP_OPTEE.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I52787a775160b335f97547203f653419621f5147
STM32MP1 does not use BL1, the loading of BL2 is done by ROM code. It is
then useless to have an entry BL2_IMAGE_ID in the policies.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I464cedf588114d60522433123f8dbef32ae36818
The JEDEC information for STMicroelectronics is:
JEDEC_ST_MFID U(0x20)
JEDEC_ST_BKID U(0x0)
And rely on platform functions to get chip IP and revision.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I4fa4ac8bb5583b1871b768decc9fe08e8966ff54
Three functions are exported to get SoC version, SoC device ID, and SoC
name. Those functions are based on reworked existing static functions.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I1f3949062bb488286a9e7a38ffcd1457953dac56
In order to prepare future support of FIP, BL32 (SP_min) is compiled
as Position Independent Executable.
Change-Id: I15e7cc433fb03e1833002f4fe2eaecb6ed42eb47
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
BL2 size is set to 100kB, and BL32 to 72kB, regardless of OP-TEE
or stack protector flags.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Id7411bd55a4140718d64a647d81037720615fc81
Create a dedicated static struct mmc_device_info mmc_info mmc_info
instead of having this in stack.
A boot issue has been seen on some platform when applying patch [1].
[1] 13f3c5166f ("mmc:prevent accessing to the released space in case of wrong usage")
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I73a079715253699d903721c865d6470d58f6bd30
TZC400 is configured to raise an interrupt in case of faulty access.
Call the new added tzc400_it_handler, in case this interrupt occurs.
Change-Id: Iaf4fa408a8eff99498042e11e2d6177bad39868c
Signed-off-by: Yann Gautier <yann.gautier@st.com>
On STM32MP15, only filters 0 and 1 are used.
Use TZC_400_REGION_ATTR_FILTER_BIT() macro for those 2 filters 0 and 1
instead of U(3).
Change-Id: Ibc61823842ade680f59d5b66b8db59b6a30080e4
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The base address of UART peripheral should be given in R0, not in R1.
Otherwise the console_stm32_core_flush issues an assert message.
This issue was highlighted with recent changes in console flush functions.
Change-Id: Iead01986fdbbf30ad2fd9fa515a1d2b611b4e591
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The board information values, read in an OTP are never negative,
%u is then used instead of %d.
Change-Id: I3bc22401fb4d54666ddf56411f75b79aca738492
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Retrieve peripheral base address from a define instead of
parsing the device tree. The goal is to improve execution time.
Signed-off-by: Pascal Paillet <p.paillet@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I2588c53ad3d4abcc3d7fe156458434a7940dd72b
Update the board info with the new coding including the finished good
variant:
Board: MBxxxx Var<CPN>.<FG> Rev.<Rev>-<BOM>
The OTP 59 coding is:
bit [31:16] (hex) => MBxxxx
bit [15:12] (dec) => Variant CPN (1....15)
bit [11:8] (dec) => Revision board (index with A = 1, Z = 26)
bit [7:4] (dec) => Variant FG : finished good (NEW)
bit [3:0] (dec) => BOM (01, .... 255)
Change-Id: I4fbc0c84596419d1bc30d166311444ece1d9123f
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I2b702698d6be93da5ac86da1cbc98b3838315a5a
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Update to support new part numbers.
Add new STM32 MPUs Part = STM32MP151F, STM32MP153F, STM32MP157F,
STM32MP151D, STM32MP153D, STM32MP157D
The STM32MP1 series is available in 3 different lines which are pin-to-pin
compatible:
- STM32MP157: Dual Cortex-A7 cores, Cortex-M4 core @ 209 MHz,
3D GPU, DSI display interface and CAN FD
- STM32MP153: Dual Cortex-A7 cores, Cortex-M4 core @ 209 MHz
and CAN FD
- STM32MP151: Single Cortex-A7 core, Cortex-M4 core @ 209 MHz
Each line comes with a security option (cryptography & secure boot)
& a Cortex-A frequency option :
- A Basic + Cortex-A7 @ 650 MHz
- C Secure Boot + HW Crypto + Cortex-A7 @ 650 MHz
- D Basic + Cortex-A7 @ 800 MHz
- F Secure Boot + HW Crypto + Cortex-A7 @ 800 MHz
Remove useless variable in stm32mp_is_single_core().
Change-Id: Id30c836af986c6340c91efa8a7ae9480a2827089
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add a new revision of STM32MP15x CPU (Rev.Z).
Change-Id: I227dd6d9b3fcc43270015cfb21f60aeb0a8ab658
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
And from crash_console_flush.
We ignore the error information return by console_flush in _every_
place where we call it, and casting the return type to void does not
work around the MISRA violation that this causes. Instead, we collect
the error information from the driver (to avoid changing that API), and
don't return it to the caller.
Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Remove some useless extra tabs or spaces.
Replace some spaces with tabs.
Change-Id: I0e8e2a1a1be7a1109ba7f3e3ae35e3fe1b5b4552
Signed-off-by: Yann Gautier <yann.gautier@st.com>
In heavy parallel builds, it has sometimes been seen issues with the
tool not generated before it was needed. Change some rules order and
dependency to solve that.
Change-Id: I8f4b4f46a2ea0fe496bc66bca47c66d1c81d3c99
Signed-off-by: Yann Gautier <yann.gautier@st.com>
There were fixed values when computing PLAT_PARTITION_MAX_ENTRIES.
Use STM32_BL33_PARTS_NUM and STM32_RUNTIME_PARTS_NUM. The first one is
for the number of copies of BL33. The second one depends on the use case
SP_min or OP-TEE. For OP-TEE, there are 3 partitions. For SP_min, as it
is in the same binary as BL2, it is set to 0. It will be set to 1 if
BL32 is in a separate binary.
Change-Id: Iba4d8ec5fbc713bebfbdcd9f9426c3fded20d3ad
Signed-off-by: Yann Gautier <yann.gautier@st.com>
First put Makefile variables definition, then definitions for each feature,
then C flags, then source files, then compilation rules.
Change-Id: I238115ea2fe4ebafccd2135979814c27932c34e2
Signed-off-by: Yann Gautier <yann.gautier@st.com>
To simplify the rule that creates the concatenated binary, use ASFLAGS
instead of adding all paths in the AS command line. This allows a better
management if a binary is not present.
Change-Id: Ic8b4566e7dedc6f55be355a92e3b214cef138d9b
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The previous proprietary version was not correctly handling dependencies.
Using MAKE_LD from make_helpers files now correctly handles that.
The generated linker script is the same as before.
Change-Id: Iccfd8dc3fffa7a33e73b184b72e0dfd5d26bc9c9
Signed-off-by: Yann Gautier <yann.gautier@st.com>
There is one dtsi file per SoC version:
- STM32MP151: common part for all version, Single Cortex-A7
- STM32MP153: Dual Cortex-A7
- STM32MP157: + GPU and DSI, but not needed for TF-A
The STM32MP15xC include a cryptography peripheral, add it in a dedicated
file.
There are 4 packages available, for which the IOs number change. Have one
file for each package. The 2 packages AB and AD are added.
STM32157A-DK1 and STM32MP157C-DK2 share most of their features, a common
dkx file is then created.
Some reordering is done in other files, and realign with kernel DT files.
The DDR files are generated with our internal tool, no changes in the
registers values.
Change-Id: I9f2ef00306310abe34b94c2f10fc7a77a10493d1
Signed-off-by: Yann Gautier <yann.gautier@st.com>
If GPIO port for UART TX is less than 8, the register GPIO_AFRL should
be used to set the alternate. GPIO_AFRH is used if GPIO port is greater
or equal to 8. The macro GPIO_TX_ALT_SHIFT is removed and the GPIO port
number is tested against GPIO_ALT_LOWER_LIMIT (=8) in
plat_crash_console_init() function.
Change-Id: Ibb62223ed6bce589bbcab59a5e986b2677e6d118
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The STM32MP1 implementation of this function will call
plat_report_exception(). It displays more information about the panic
if DEBUG is enabled.
The LR register is also filled with R6 content, which hold the faulty
address. This allows debugger to reconstruct the backtrace.
Change-Id: I6710e8e2ab6658b05c5bbad2f3c545f07f355afb
Signed-off-by: Yann Gautier <yann.gautier@st.com>
In case DEBUG is enabled, plat_report_exception will now display extra
information of the cause of the exception.
Change-Id: I72cc9d180959cbf31c13821dd051eaf4462b733e
Signed-off-by: Yann Gautier <yann.gautier@st.com>