This patch adds two new compile time options to enable SME in TF-A:
ENABLE_SME_FOR_NS and ENABLE_SME_FOR_SWD for use in non-secure and
secure worlds respectively. Setting ENABLE_SME_FOR_NS=1 will enable
SME for non-secure worlds and trap SME, SVE, and FPU/SIMD instructions
in secure context. Setting ENABLE_SME_FOR_SWD=1 will disable these
traps, but support for SME context management does not yet exist in
SPM so building with SPD=spmd will fail.
The existing ENABLE_SVE_FOR_NS and ENABLE_SVE_FOR_SWD options cannot
be used with SME as it is a superset of SVE and will enable SVE and
FPU/SIMD along with SME.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Iaaac9d22fe37b4a92315207891da848a8fd0ed73
Changing the SMC code value to conform with RMM for
transitioning a realm granule back to non-secure,
otherwise known as undelegate.
Signed-off-by: Mark Dykes <mark.dykes@arm.com>
Change-Id: Ia45ad6cab538de48c65b071b49e504be234afa2b
Use long instead of long long on aarch64 for 64_t stdint types.
Introduce inttypes.h to properly support printf format specifiers for
fixed width types for such change.
Change-Id: I0bca594687a996fde0a9702d7a383055b99f10a1
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
Correctly handle USB_DESC_TYPE_OTHER_SPEED_CONFIGURATION request
in USB driver and support a different result than
USB_DESC_TYPE_CONFIGURATION with the new optional ops
get_other_speed_config_desc().
The support of this descriptor is optionnal and is only
required when high-speed capable device which can operate at its
other possible speed.
This patch allows to remove the pbuf update in usb_core_get_desc()
and solves an issue on USB re-enumeration on STM32MP15 platform
as the result of get_config_desc() is a const array.
This issue is not see on normal use-case, as the USB enumeration
is only done in ROM code and TF-A reuse the same USB descritors.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I8edcc1e45065ab4e45d48f4bc37b49120674fdb0
Neoverse-N2 erratum 2242400 is a Cat B erratum that applies to
revision r0p0 of CPU. It is still open. The workaround
is to set CPUACTLR5_EL1[17] to 1'b1 followed by setting few
system control registers to specific values as per attached
SDEN document.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1982442/latest
Signed-off-by: nayanpatel-arm <nayankumar.patel@arm.com>
Change-Id: I6a9cb4a23238b8b511802a1ee9fcc5b207137649
Neoverse-N2 erratum 2138958 is a Cat B erratum that applies to
revision r0p0 of CPU. It is still open. The workaround
is to set CPUACTLR5_EL1[13] to 1'b1.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1982442/latest
Signed-off-by: nayanpatel-arm <nayankumar.patel@arm.com>
Change-Id: I5247f8f8eef08d38c169aad6d2c5501ac387c720
Neoverse-N2 erratum 2242415 is a Cat B erratum that applies to
revision r0p0 of CPU. It is still open. The workaround
is to set CPUACTLR_EL1[22] to 1'b1. Setting CPUACTLR_EL1[22]
will cause CFP instruction to invalidate all branch predictor
resources regardless of context.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1982442/latest
Signed-off-by: nayanpatel-arm <nayankumar.patel@arm.com>
Change-Id: I442be81fbc32e21fed51a84f59584df17f845e96
When an Arm Ltd GIC (Arm GIC-[567]00) is instantiated with one or more
ITSes, the ITS MMIO frames appear between the distributor and
redistributor addresses. This makes the beginning of the redistributor
region dependent on the existence and number of ITSes.
To support various FPGA images, with and without ITSes, probe the
addresses in question, to learn whether they accommodate an ITS or a
redistributor. This can be safely done by looking at the PIDR[01]
registers, which contain an ID code for each region, documented in the
Arm GIC TRMs.
We try to find all ITSes instantiated, and skip either two or four 64K
frames, depending on GICv4.1 support. At some point we will find the
first redistributor; this address we then update in the DTB.
Change-Id: Iefb88c2afa989e044fe0b36b7020b56538c60b07
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The GIC specification describes ID registers in each GIC register frame
(PIDRx), which can be used to identify a GIC component. The Arm Ltd. GIC
implementations use certain ID values to identify the distributor, the
redistributors and other parts like ITSes.
Introduce a function that reads those part number IDs, which are spread
over two registers. The actual numbers are only meaningful in connection
with a certain GIC model, which would need to be checked beforehand, by
the caller.
Change-Id: Ia6ff326a1e8b12664e4637bc8e2683d2b5c7721c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
For platforms where we don't know the number of cores at compile time,
the size of the GIC redistributor frame is then also undetermined, since
it depends on this number of cores.
On top of this the GICR base address can also change, when an unknown
number of ITS frames (including zero) take up space between the
distributor and redistributor.
So while those two adjustments are done for independent reasons, the
code for doing so is very similar, so we should utilise the existing
fdt_adjust_gic_redist() function.
Add an (optional) gicr_base parameters to the prototype, so callers can
choose to also adjust this base address later, if needed.
Change-Id: Id39c0ba83e7401fdff1944e86950bb7121f210e8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Define a handler in the SPMD to route secure interrupts occurring while
the normal world runs. On a Group1 Secure interrupt (with a GICv3 or a
Group0 interrupt on GICv2), the normal world is pre-empted to EL3 and
redirected to the SPMD/SPMC for further handling.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: I1350d74048c5549a2af8da0ba004c08512cc006a
* changes:
feat(plat/st/stm32mp1): add STM32MP_USB_PROGRAMMER target
feat(plat/st/stm32mp1): add USB DFU support for STM32MP1
feat(plat/st): add STM32CubeProgrammer support on USB
feat(drivers/st/usb): add device driver for STM32MP1
feat(plat/st): add a USB DFU stack
feat(drivers/usb): add a USB device stack
Add a device driver for Synopsis DWC2 USB IP of STM32MP15x,
this USB OTG device is only supported in device mode.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I90b21f094f6637b85f3ace23a3a3a2f6fd4e0951
Add a new USB framework to manage an USB device profile (USBD)
based on a peripheral controller driver (PCD).
This USB stack can be use to implement any Universal Serial Bus Device
Class in TF-A on top of a USB driver defined in the platform.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I7971ec6d952edec3511157a198e6e5359df4346b
This patch removes files that are not used by TF-R as well as
removes unused generic files from the TF-R makefile.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Idb15ac295dc77fd38735bf2844efdb73e6f7c89b
MPMM - the Maximum Power Mitigation Mechanism - is an optional
microarchitectural feature present on some Armv9-A cores, introduced
with the Cortex-X2, Cortex-A710 and Cortex-A510 cores.
MPMM allows the SoC firmware to detect and limit high activity events
to assist in SoC processor power domain dynamic power budgeting and
limit the triggering of whole-rail (i.e. clock chopping) responses to
overcurrent conditions.
This feature is enabled via the `ENABLE_MPMM` build option.
Configuration can be done via FCONF by enabling `ENABLE_MPMM_FCONF`, or
by via the plaform-implemented `plat_mpmm_topology` function.
Change-Id: I77da82808ad4744ece8263f0bf215c5a091c3167
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change makes AMU auxiliary counters configurable on a per-core
basis, controlled by `ENABLE_AMU_AUXILIARY_COUNTERS`.
Auxiliary counters can be described via the `HW_CONFIG` device tree if
the `ENABLE_AMU_FCONF` build option is enabled, or the platform must
otherwise implement the `plat_amu_topology` function.
A new phandle property for `cpu` nodes (`amu`) has been introduced to
the `HW_CONFIG` specification to allow CPUs to describe the view of
their own AMU:
```
cpu0: cpu@0 {
...
amu = <&cpu0_amu>;
};
```
Multiple cores may share an `amu` handle if they implement the
same set of auxiliary counters.
AMU counters are described for one or more AMUs through the use of a new
`amus` node:
```
amus {
cpu0_amu: amu-0 {
#address-cells = <1>;
#size-cells = <0>;
counter@0 {
reg = <0>;
enable-at-el3;
};
counter@n {
reg = <n>;
...
};
};
};
```
This structure describes the **auxiliary** (group 1) AMU counters.
Architected counters have architecturally-defined behaviour, and as
such do not require DTB entries.
These `counter` nodes support two properties:
- The `reg` property represents the counter register index.
- The presence of the `enable-at-el3` property determines whether
the firmware should enable the counter prior to exiting EL3.
Change-Id: Ie43aee010518c5725a3b338a4899b0857caf4c28
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change represents a general refactoring to clean up old code that
has been adapted to account for changes required to enable dynamic
auxiliary counters.
Change-Id: Ia85e0518f3f65c765f07b34b67744fc869b9070d
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change decouples the group 1 counter macros to facilitate dynamic
detection at runtime. These counters remain disabled - we will add
dynamic enablement of them in a later patch.
Change-Id: I820d05f228d440643bdfa308d030bd51ebc0b35a
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change removes the `AMU_GROUP0_COUNTERS_MASK` and
`AMU_GROUP0_MAX_COUNTERS` preprocessor definitions, instead retrieving
the number of group 0 counters dynamically through `AMCGCR_EL0.CG0NC`.
Change-Id: I70e39c30fbd5df89b214276fac79cc8758a89f72
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change reduces preprocessor dependencies on the
`AMU_GROUP1_NR_COUNTERS` and `AMU_GROUP1_COUNTERS_MASK` definitions, as
these values will eventually be discovered dynamically.
In their stead, we introduce the `ENABLE_AMU_AUXILIARY_COUNTERS` build
option, which will enable support for dynamically detecting and
enabling auxiliary AMU counters.
This substantially reduces the amount of memory used by platforms that
know ahead of time that they do not have any auxiliary AMU counters.
Change-Id: I3d998aff44ed5489af4857e337e97634d06e3ea1
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change introduces a small set of register getters and setters to
avoid having to repeatedly mask and shift in complex code.
Change-Id: Ia372f60c5efb924cd6eeceb75112e635ad13d942
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change reduces the exposed surface area of the AMU API in order to
simplify the refactoring work in following patches. The functions and
definitions privatized by this change are not used by other parts of the
code-base today.
BREAKING CHANGE: The public AMU API has been reduced to enablement only
to facilitate refactoring work. These APIs were not previously used.
Change-Id: Ibf6174fb5b3949de3c4ba6847cce47d82a6bd08c
Signed-off-by: Chris Kay <chris.kay@arm.com>
With the introduction of MPMM, the auxiliary AMU counter logic requires
refactoring to move away from a single platform-defined group 1 counter
mask in order to support microarchitectural (per-core) group 1 counters.
BREAKING CHANGE: The `PLAT_AMU_GROUP1_COUNTERS_MASK` platform definition
has been removed. Platforms should specify per-core AMU counter masks
via FCONF or a platform-specific mechanism going forward.
Change-Id: I1e852797c7954f92409222b066a1ae57bc72bb05
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change adds a new utility function - `fdtw_for_each_cpu` - to
invoke a callback for every CPU node listed in a flattened device tree
(FDT) with the node identifier and the MPIDR of the core it describes.
Signed-off-by: Chris Kay <chris.kay@arm.com>
Change-Id: Iabb5c0f0c9d11928a4a7a41cdc7d1e09aadeb2bc
This patch changes Cortex Demeter to Neoverse Demeter.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I7306d09ca60e101d0a96c9ceff9845422d75c160
This patch adds the basic CPU library code to support the Hunter CPU
in TF-A. This CPU is based on the Makalu core so that library code
was adapted as the basis for this patch.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I956b2dc0f43da7cec3e015252392e2694363e1b3
Currently on image entry, the data cache in the RW address range is
invalidated before MMU is enabled to safeguard against potential
stale data from previous firmware stage. If PIE is enabled however,
RO sections including the GOT may be also modified during pie fixup.
Therefore, to be on the safe side, invalidate the entire image
region if PIE is enabled.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I7ee2a324fe4377b026e32f9ab842617ad4e09d89
This change aims to make the UFS code more robust by performing a
controller reset if linkstartup fails. This idea was borrowed from
Linux's ufshcd_link_startup function.
Signed-off-by: Jorge Troncoso <jatron@google.com>
Change-Id: I6b52148d1bf155b11198dc82a39b1120057adaaf
This change aims to make the UFS code more robust by adding retry logic
and timeouts to ufshc_reset. We also define a new function
ufshc_hce_enable for Host Controller Enable (HCE). The inner and outer
retry pattern is based on Linux's ufshcd_hba_execute_hce function.
Signed-off-by: Jorge Troncoso <jatron@google.com>
Change-Id: I9403a5a25d3ca50af5f2f9a65b774f6a2d7a9626
This change aims to make the UFS code more robust by removing asserts
and adding retry logic. We also reduce repetition by reusing
ufshc_send_uic_cmd for DME_GET and DME_SET commands.
Signed-off-by: Jorge Troncoso <jatron@google.com>
Change-Id: Id70aa1687d5ca78dc7d47234372255ac5a04a612
* changes:
fix(stpmic1): fix power switches activation
fix(stpmic1): update error cases return
refactor(stpmic1): use BIT and GENMASK helpers
fix(stm32mp1_clk): keep RTC clock always on
fix(stm32mp1_clk): set other clocks as always on
Currently, for the supported SCMI protocols, the version returned by the SCMI
platform agent must be exactly matching the driver's version (major version).
The recent change for the required version of Power Domain protocol means that
the platform must return version 2.0. This can be however a limitation in some
cases, where a SCMI-v1.0 platform can still be considered compatible with the
driver supported in firmware.
Relax the protocol version requirement such that any version older than the
one supported by the drivers can still be compatible.
Note: For now this has effect only on Power Domain protocol, as the other
drivers still require the "base" version 1.0.
Signed-off-by: Nicola Mazzucato <nicola.mazzucato@arm.com>
Change-Id: I310ae1869c2e952991a8d733f394029ab64087bf
Made measurement strings compliant to Server Base Security Guide
(SBSG, Arm DEN 0086) hence updated measurement strings for BL32, BL31,
and SCP_BL2 images. As the GPT image is not get measured by BL2 so
removed its measurement string.
Also, namespaced measurement string defines that were looking quite
generic.
Change-Id: Iaa17c0cfeee3d06dc822eff2bd553da23bd99b76
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Introduced functions to set and get Event log information
(tpm_event_log address and its size).
In FVP platform case, measured boot with Event Log backend flow
work as below
1. event_log_init function called by BL1 to initialize Event Log
module
2. arm_set_tb_fw_info function called by BL1 to set the
'tpm_event_log_addr' and 'tpm_event_log_size' properties
in tb_fw_config
3. arm_get_tb_fw_info function called by BL2 to get tpm Event Log
parameters set by BL1. These parameters used by the BL2 to
extend the tpm Event Log records, and use these parameters
to initialize Event Log using event_log_init function
4. arm_set_nt_fw_info and arm_set_tos_fw_info function called by
BL2 to set 'tpm_event_log' address and its size properties in
nt_fw_config and tos_fw_config respectively
Alongside, this patch created a separate instances of plat_mboot_init
and plat_mboot_finish APIs for BL1 and BL2.
This patch is tested using the existing measured boot test configuration
in jenkins CI.
Change-Id: Ib9eca092afe580df014541c937868f921dff9c37
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
It looks safer and cleaner approach to record the measurement taken by
BL1 straightaway in TCG Event Log instead of deferring these recordings
to BL2.
Hence pull in the full-fledged measured boot driver into BL1 that
replaces the former ad-hoc platform interfaces i.e.
bl1_plat_set_bl2_hash, bl2_plat_get_hash.
As a result of this change the BL1 of Arm FVP platform now do the
measurements and recordings of below images:
1. FW_CONFIG
2. TB_FW_CONFIG
3. BL2
Change-Id: I798c20336308b5e91b547da4f8ed57c24d490731
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Currently, the Event Log driver does platform layer work by invoking
a few platform functions in the 'event_log_finalise' call. Doing
platform work does not seem to be the driver's responsibility, hence
moved 'event_log_finalise' function's implementation to the platform
layer.
Alongside, introduced few Event Log driver functions and done
some cosmetic changes.
Change-Id: I486160e17e5b0677c734fd202af7ccd85476a551
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Subsequent patches will provide a solution to do the BL2 hash measurement
and recording in BL1 itself, hence in preparation to adopt that solution
remove the logic of passing BL2 hash measurement to BL2 component
via TB_FW config.
Change-Id: Iff9b3d4c6a236a33b942898fcdf799cbab89b724
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Right now, event_log_init() does 2 things:
1) It writes all the necessary TCG data structures in the event log buffer.
2) It writes the first measurement (BL2's).
Step 2) introduces in the TCG event log driver an assumption on what
is getting measured and in what order. Ideally, the driver should only
be concerned about generic operations, such as initializing the event
log or recording a measurement in it. As much as possible, we should
design the driver such that it could be reused in another project that
has a different measure boot flow.
For these reasons, move step 2) up to the caller, plat_mboot_init() in
this case. Make event_log_record() a public function for this purpose.
This refactoring will also help when we make BL1 record BL2's
measurement into the event log (instead of BL2). Both BL1 and BL2 will
need to call the driver's init function but only BL1 will need
recording BL2's measurement. We can handle this through different
implementations of plat_mboot_init() for BL1 and BL2, leaving the TCG
event log driver unchanged.
Change-Id: I358e097c1eedb54f82b866548dfc6bcade83d519
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Right now, the assumption is that the platform post-load hook takes
care of measuring the image that just got loaded. This is how it's
implemented on FVP.
This patch moves the measurement into the generic code
instead. load_auth_image() now calls plat_mboot_measure_image(),
which is a new platform interface introduced in this patch to measure
an image. This is called just after authenticating the image.
Implement plat_mboot_measure_image() for the Arm FVP platform. The code
is copied straight from the post-load hook.
As a result, the FVP specific implementation of
arm_bl2_plat_handle_post_image_load() is no longer needed. We can go
back to using the Arm generic implementation of it.
Change-Id: I7b4b8d28941a865e10af9d0eadaf2e4850942090
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
johpow01
Mark Dykes
Olivier Deprez
Madhukar Pappireddy
Manish Pandey
Scott Branden
Patrick Delaunay
nayanpatel-arm
Andre Przywara
Patrick Delaunay
Chris Kay
Sandrine Bailleux
Zelalem Aweke
Joanna Farley
Jorge Troncoso
Nicola Mazzucato
Manish V Badarkhe