* changes:
feat(plat/st/stm32mp1): add STM32MP_USB_PROGRAMMER target
feat(plat/st/stm32mp1): add USB DFU support for STM32MP1
feat(plat/st): add STM32CubeProgrammer support on USB
feat(drivers/st/usb): add device driver for STM32MP1
feat(plat/st): add a USB DFU stack
feat(drivers/usb): add a USB device stack
Add a support of USB as serial boot devices for STM32MP15x platform:
the FIP file is provide by STM32CubeProgrammer with the DFU protocol,
loaded in DDR at DWL_BUFFER_BASE address and then the io memmap is used.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I272c17c458ff1e9d0780f8fa22330c8a35533d19
Add the USB descriptor, the struct used for USB enumeration with
the function usb_dfu_plat_init().
The USB support is based on the usb lib and on the stm32mp1 usb driver.
The content of enumeration (the string descriptor) is identical to
ROM code to avoid the USB reset en re-enumeration needs.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I18b40649e8df83813a5a340b0eee44c9a3470e43
Add a file to support over USB the STMicroelectronics tool
STM32CubeProgrammer in BL2 for STM32MP15x platform.
This tools is based on DFU stack.
Change-Id: I48a8f772cb0e9b8be24c06847f724f0470c0f917
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Add a stack to support the Universal Serial Bus Device Class
Specification for Device Firmware Upgrade (USB DFU v1.1).
This stack is based on the USB device stack (USBD).
Change-Id: I8a56411d184882b6a9e3617c6dfb859086b8f353
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
This patch removes files that are not used by TF-R as well as
removes unused generic files from the TF-R makefile.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Idb15ac295dc77fd38735bf2844efdb73e6f7c89b
This change essentially reverts [1] by removing the BL31 workaround
forcing the dtb address when Hafnium is loaded as an Hypervisor.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/9569
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I302161d027261448113c66b7fafa9c11620b54ef
This change enables MPMM and adds, to the TC firmware configuration
device tree, the AMU counters representing the "gears" for the
Maximum Power Mitigation Mechanism feature of the Cortex-X2,
Cortex-A710 and Cortex-A510:
- Gear 0: throttle medium and high bandwidth vector and viruses.
- Gear 1: throttle high bandwidth vector and viruses.
- Gear 2: throttle power viruses only.
This ensures these counters are enabled and context-switched as
expected.
Change-Id: I6df6e0fe3a5362861aa967a78ab7c34fc4bb8fc3
Signed-off-by: Chris Kay <chris.kay@arm.com>
Including the FCONF Makefile today automatically places the FCONF
sources into the source list of the BL1 and BL2 images. This may be
undesirable if, for instance, FCONF is only required for BL31.
This change moves the BL1 and BL2 source appends out of the common
Makefile to where they are required.
BREAKING CHANGE: FCONF is no longer added to BL1 and BL2 automatically
when the FCONF Makefile (`fconf.mk`) is included. When including this
Makefile, consider whether you need to add `${FCONF_SOURCES}` and
`${FCONF_DYN_SOURCES}` to `BL1_SOURCES` and `BL2_SOURCES`.
Change-Id: Ic028eabb7437ae95a57c5bcb7821044d31755c77
Signed-off-by: Chris Kay <chris.kay@arm.com>
This has been introduced to simplify dependencies on the FDT wrappers.
We generally want to avoid pulling in components on a file-by-file
basis, particularly as we are trying to draw conceptual boxes around
components in preparation for transitioning the build system to CMake,
where dependencies are modelled on libraries rather than files.
Signed-off-by: Chris Kay <chris.kay@arm.com>
Change-Id: Idb7ee05a9b54a8caa3e07f36e608867e20b6dcd5
Increase `PLAT_ARM_MAX_BL2_SIZE` to 128KiB for the primary chip to
accommodate debug builds with log level set to verbose
(LOG_LEVEL=LOG_LEVEL_VERBOSE).
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I9dc835430f61b0d0c46a75f7a36d67f165293c8c
This patch changes Cortex Demeter to Neoverse Demeter.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I7306d09ca60e101d0a96c9ceff9845422d75c160
This patch adds the basic CPU library code to support the Hunter CPU
in TF-A. This CPU is based on the Makalu core so that library code
was adapted as the basis for this patch.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I956b2dc0f43da7cec3e015252392e2694363e1b3
'#' needs to be before TAB, otherwise comment is printed on stdout during build.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I502374ef35d91e194dc35b78d31d6884a466fab2
* changes:
feat(plat/rcar): change process for Suspend To RAM
fix(plat/rcar): change process that copy code to system ram
fix(plat/rcar): fix cache maintenance process of reading cert header
fix(plat/rcar): fix to load image when option BL2_DCACHE_ENABLE is enabled
- Added the function rcar_pwr_domain_pwr_down_wfi() for power down process.
And change the sequence to power down.
- Removed clearing the count of psci_locks (PSCI exclusive lock) during
Warm Boot.
Signed-off-by: Koichi Yamaguchi <koichi.yamaguchi.zb@hitachi.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: I684d54a798a6dccde15fbebe16c6e104cbb470ed
We need to add #include <arch.h> to platform_def.h to fix MODE_RW_64
undeclared.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: I358bc6644243a7ea1befd87f946b4087feddd857
Audio DSP is power-off when system suspend. Remove it from
wakeup source list to prevent unnecessary wakeup.
Signed-off-by: Edward-JW Yang <edward-jw.yang@mediatek.corp-partner.google.com>
Change-Id: Id7251de9c8b9c9a4a4b2c41a310168d336035b9a
assert() is not used in release mode and complaining about unused
variable "desc".
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib919eb27532344a25be0b6ece7e239efa87be744
This change adds just comments why some checks are required. They check
that ENV variables and external repos are correctly set for TF-A builds.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I2f8af5061411c0c92d3875917f4d97b60dc2cf10
The qti sc7280 platform uses the pmk7325 PMIC, which has the same
functionality as the pm8998 driver, with the exception of the LC
PON register offsets, which are defined as:
Since it is nearly identical to the pm8998 driver, moving the above
register offset definitions to platform_def.h for the respective SoC
and reusing the rest of the functions defined in the pm8998 driver.
Renaming pm8998 driver to pm_ps_hold to make it more generic.
Change-Id: I0dda3a54579e0bbdd42c247405362a86d0607478
Signed-off-by: Shelley Chen <shchen@chromium.org>
Made measurement strings compliant to Server Base Security Guide
(SBSG, Arm DEN 0086) hence updated measurement strings for BL32, BL31,
and SCP_BL2 images. As the GPT image is not get measured by BL2 so
removed its measurement string.
Also, namespaced measurement string defines that were looking quite
generic.
Change-Id: Iaa17c0cfeee3d06dc822eff2bd553da23bd99b76
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Introduced functions to set and get Event log information
(tpm_event_log address and its size).
In FVP platform case, measured boot with Event Log backend flow
work as below
1. event_log_init function called by BL1 to initialize Event Log
module
2. arm_set_tb_fw_info function called by BL1 to set the
'tpm_event_log_addr' and 'tpm_event_log_size' properties
in tb_fw_config
3. arm_get_tb_fw_info function called by BL2 to get tpm Event Log
parameters set by BL1. These parameters used by the BL2 to
extend the tpm Event Log records, and use these parameters
to initialize Event Log using event_log_init function
4. arm_set_nt_fw_info and arm_set_tos_fw_info function called by
BL2 to set 'tpm_event_log' address and its size properties in
nt_fw_config and tos_fw_config respectively
Alongside, this patch created a separate instances of plat_mboot_init
and plat_mboot_finish APIs for BL1 and BL2.
This patch is tested using the existing measured boot test configuration
in jenkins CI.
Change-Id: Ib9eca092afe580df014541c937868f921dff9c37
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Making tb_fw_config ready to pass the Event Log base address
and size information to BL2.
Change-Id: I5dd0e79007e3848b5d6d0e69275a46c2e9807a98
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
It looks safer and cleaner approach to record the measurement taken by
BL1 straightaway in TCG Event Log instead of deferring these recordings
to BL2.
Hence pull in the full-fledged measured boot driver into BL1 that
replaces the former ad-hoc platform interfaces i.e.
bl1_plat_set_bl2_hash, bl2_plat_get_hash.
As a result of this change the BL1 of Arm FVP platform now do the
measurements and recordings of below images:
1. FW_CONFIG
2. TB_FW_CONFIG
3. BL2
Change-Id: I798c20336308b5e91b547da4f8ed57c24d490731
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Currently, the Event Log driver does platform layer work by invoking
a few platform functions in the 'event_log_finalise' call. Doing
platform work does not seem to be the driver's responsibility, hence
moved 'event_log_finalise' function's implementation to the platform
layer.
Alongside, introduced few Event Log driver functions and done
some cosmetic changes.
Change-Id: I486160e17e5b0677c734fd202af7ccd85476a551
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Subsequent patches will provide a solution to do the BL2 hash measurement
and recording in BL1 itself, hence in preparation to adopt that solution
remove the logic of passing BL2 hash measurement to BL2 component
via TB_FW config.
Change-Id: Iff9b3d4c6a236a33b942898fcdf799cbab89b724
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Right now, event_log_init() does 2 things:
1) It writes all the necessary TCG data structures in the event log buffer.
2) It writes the first measurement (BL2's).
Step 2) introduces in the TCG event log driver an assumption on what
is getting measured and in what order. Ideally, the driver should only
be concerned about generic operations, such as initializing the event
log or recording a measurement in it. As much as possible, we should
design the driver such that it could be reused in another project that
has a different measure boot flow.
For these reasons, move step 2) up to the caller, plat_mboot_init() in
this case. Make event_log_record() a public function for this purpose.
This refactoring will also help when we make BL1 record BL2's
measurement into the event log (instead of BL2). Both BL1 and BL2 will
need to call the driver's init function but only BL1 will need
recording BL2's measurement. We can handle this through different
implementations of plat_mboot_init() for BL1 and BL2, leaving the TCG
event log driver unchanged.
Change-Id: I358e097c1eedb54f82b866548dfc6bcade83d519
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Right now, the assumption is that the platform post-load hook takes
care of measuring the image that just got loaded. This is how it's
implemented on FVP.
This patch moves the measurement into the generic code
instead. load_auth_image() now calls plat_mboot_measure_image(),
which is a new platform interface introduced in this patch to measure
an image. This is called just after authenticating the image.
Implement plat_mboot_measure_image() for the Arm FVP platform. The code
is copied straight from the post-load hook.
As a result, the FVP specific implementation of
arm_bl2_plat_handle_post_image_load() is no longer needed. We can go
back to using the Arm generic implementation of it.
Change-Id: I7b4b8d28941a865e10af9d0eadaf2e4850942090
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
With the removal of the generic functions measured_boot_init()/finish(),
measured_boot.mk becomes specific to the TCG event log backend. Change
its file name to event_log.mk.
Also, the Event Log driver is one of the backend of measured boot hence
created a separate folder for it under the measured_boot directory.
Alongside done some cosmetic changes (adding a comment and fixing
identation).
Change-Id: I4ce3300e6958728dc15ca5cced09eaa01510606c
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Right now, the measured boot driver is strongly coupled with the TCG
event log driver. It would not be possible to push the measurements
somewhere else, for instance to a physical TPM.
To enable this latter use case, turn the driver's init and teardown
functions into platform hooks. Call them bl2_plat_mboot_init()/finish().
This allows each platform to implement them appropriately, depending on
the type of measured boot backend they use. For example, on a platform
with a physical TPM, the plat_mboot_init() hook would startup the TPM
and setup it underlying bus (e.g. SPI).
Move the current implementation of the init and teardown function to the
FVP platform layer.
Finally move the conditional compilation logic (#if MEASURED_BOOT) out
of bl2_main() to improve its readability. Provide a dummy implementation
in the case measured boot is not included in the build.
Change-Id: Ib6474cb5a9c1e3d4a30c7f228431b22d1a6e85e3
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
tpm_record_measurement() function name suggests that:
- It only records a measurement but does not compute it.
This is not the case, the function does both.
- It stores this measurement into a TPM (discrete chip or fTPM).
This is not the case either, the measurement is just stored into
the event log, which is a data structure hold in memory, there is
no TPM involvement here.
To better convey the intent of the function, rename it into
event_log_measure_and_record().
Change-Id: I0102eeda477d6c6761151ac96759b31b6997e9fb
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Use low to high gpio sequence to reboot/shutdown qemu machine.
Use low to high gpio pins level change which will cause an interrupt
in qemu virt platform. This change will supported with next qemu 6.1
release once patchset:
hw/arm: Make virt board secure powerdown/reset work
will be merged.
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
CC: Peter Maydell <peter.maydell@linaro.org>
Change-Id: I70979517358c3b587722b2dcb33f63d29bf79d9b
Add support for Globalscale MOCHAbin board.
Its based on Armada 7040 SoC and ships in multiple DRAM options:
* 2GB DDR4 (1CS)
* 4GB DDR4 (1CS)
* 8GB DDR4 (2CS)
Since it ships in multiple DRAM configurations, an
Armada 3k style DDR_TOPOLOGY variable is added.
Currently, this only has effect on the MOCHAbin, but
I expect more boards with multiple DRAM sizes to be
supported.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Change-Id: I8a1ec9268fed34f6a81c5cbf1e891f638d461305
In order to enable OCRAM ECC, it need to be initialized
with 64-bit writes and then a write performed to address
0x0010_0534 with the value 0x0000_0008.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Id7d4f5df65ca52f24e9251c08a75ad2006451b95
Fix the error that no "gpio_init_data" is defined when
build with "FUSE_PROG=1".
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I0ba8005725fe33c6d8e68b4d52539f5d5d749f1a
Commit 434d0491c5 ("refactor(makefile): remove BL prefixes in build
macros") changed the MAKE_S macro to expect "bl31" instead of just "31".
Adjust our calls to MAKE_S and MAKE_LD to fix the build for arm_fpga.
Change-Id: I2743e421c10eaecb39bfa4515ea049a1b8d18fcb
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Due to patch [1], the bl prefix was removed from the build macros.
It should then add explicitly when compiling stm32mp1.ld.S.
[1] 434d0491c5 ("refactor(makefile): remove BL prefixes in build macros")
Change-Id: I298dba2a7c958dd4ea6429c83ed4b1ee97e1735f
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add casts where required to avoid compialtion error when enabling
-Wsign-compare in shared resources file.
The assert is also corrected to match the correct range (change ||
to &&).
Change-Id: Ie4c9c0c935d39ff9a2165b909172aacb3e94ab4d
Signed-off-by: Yann Gautier <yann.gautier@st.com>
* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme): add build and run instructions for FEAT_RME
fix(plat/fvp): bump BL2 stack size
fix(plat/fvp): allow changing the kernel DTB load address
refactor(plat/arm): rename ARM_DTB_DRAM_NS region macros
refactor(plat/fvp): update FVP platform DTS for FEAT_RME
feat(plat/arm): add GPT initialization code for Arm platforms
feat(plat/fvp): add memory map for FVP platform for FEAT_RME
refactor(plat/arm): modify memory region attributes to account for FEAT_RME
feat(plat/fvp): add RMM image support for FVP platform
feat(rme): add GPT Library
feat(rme): add ENABLE_RME build option and support for RMM image
refactor(makefile): remove BL prefixes in build macros
feat(rme): add context management changes for FEAT_RME
feat(rme): add Test Realm Payload (TRP)
feat(rme): add RMM dispatcher (RMMD)
feat(rme): run BL2 in root world when FEAT_RME is enabled
feat(rme): add xlat table library changes for FEAT_RME
feat(rme): add Realm security state definition
feat(rme): add register definitions and helper functions for FEAT_RME
Following system registers are modified before exiting EL2 to allow
u-boot/Linux to boot
1. CNTHCTL_EL2.EL1PCTEN -> 1
Allows U-boot to use physical counters at EL1
2. VTCR_EL2.MSA -> 1
Enables VMSA at EL1, which is required by U-Boot and Linux.
3. HCR_EL2.APK = 1 & HCR_EL2.API = 1
Disables PAuth instruction and register traps in EL1
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I58f45b6669a9ad1debb80265b243015c054a9bb1
An STM32 image with the awaited header major version shouldn't be forbid
to boot. If the minor differs, then it means only non-mandatory options
have been added in the reserved fields, and the header remains backward
compatible.
Change-Id: Iff16b67f95c728e2f1d128bd1760a4be497c5ca3
Signed-off-by: Yann Gautier <yann.gautier@st.com>
dt_match_instance_by_compatible() gives the DT node offset in DT
that matches both compatible and the peripheral instance address.
Change-Id: Ia85f4f4aa8fe8efd4df310d765e7586e67aa34c2
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This patch updates and refactors the GPT library and fixes bugs.
- Support all combinations of PGS, PPS, and L0GPTSZ parameters.
- PPS and PGS are set at runtime, L0GPTSZ is read from GPCCR_EL3.
- Use compiler definitions to simplify code.
- Renaming functions to better suit intended uses.
- MMU enabled before GPT APIs called.
- Add comments to make function usage more clear in GPT library.
- Added _rme suffix to file names to differentiate better from the
GPT file system code.
- Renamed gpt_defs.h to gpt_rme_private.h to better separate private
and public code.
- Renamed gpt_core.c to gpt_rme.c to better conform to TF-A precedent.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I4cbb23b0f81e697baa9fb23ba458aa3f7d1ed919
In the typical TF-A boot flow, the Trusted Watchdog is started
at the beginning of BL1 and then stopped in BL1 after returning
from BL2. However, in the RME boot flow there is no return path
from BL2 to BL1. Therefore, disable the Watchdog if ENABLE_RME is set.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Id88fbfab8e8440642414bed48c50e3fcb23f3621
VERBOSE print logs need a larger stack size and the currently configured
BL2 stack size was insufficient for FVP. This patch increases the same.
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I316ba2ea467571161b5f4807e6e5fa0bf89d44c6
We currently use ARM_PRELOADED_DTB_BASE build
variable to pass the kernel DTB base address to
the kernel when using the ARM_LINUX_KERNEL_AS_BL33
option. However this variable doesn't actually
change the DTB load address.
The DTB load address is actually specified in the
FW_CONFIG DTS (fvp_fw_config.dts) as 'hw_config'.
This patch passes the hw_config value instead of
ARM_PRELOADED_DTB_BASE allowing us to change
the kernel DTB load address through
fvp_fw_config.dts.
With this change we don't need the ARM_PRELOADED_DTB_BASE
build variable if RESET_TO_BL31 is not set.
Note that the hw_config value needs to be within the
ARM_DTB_DRAM_NS region specified by FVP_DTB_DRAM_MAP_START
and FVP_DTB_DRAM_MAP_SIZE.
This patch also expands the ARM_DTB_DRAM_NS region to 32MB.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Idd74cdf5d2c649bb320644392ba5d69e175a53a9
The macros PLAT_HW_CONFIG_DTB_BASE and PLAT_HW_CONFIG_DTB_SIZE
describe the range of memory where the HW_CONFIG_DTB can be loaded
rather than the actual load address and size of the DTB. This patch
changes the names to something more descriptive.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I98b81f3ce0c80fd76614f959667c25b07941e190
When RME is enabled, during configuration of the TrustZone controller,
Root regions are initially configured as Secure regions, and Realm
regions as Non-secure regions. Then later these regions are configured
as Root and Realm regions respectively in the GPT. According to the RME
architecture reference manual, Root firmware must ensure that Granule
Protection Check is enabled before enabling any stage of translation.
Therefore initializations are done as follows when RME is enabled :
Initialize/enable the TrustZone controller (plat_arm_security_setup) -->
Initialize/enable GPC (arm_bl2_plat_gpt_setup) -->
enable MMU (enable_mmu_el3)
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I91094e8259079437bee02de1f65edb9ad51e43cf
When FEAT_RME is enabled, memory is divided into four Physical
Address Spaces (PAS): Root, Realm, Secure and Non-secure.
This patch introduces new carveouts for the Trusted SRAM and DRAM
for the FVP platform accordingly.
The following new regions are introduced with this change:
ARM_MAP_L0_GPT_REGION: Trusted SRAM region used to store Level 0
Granule Protection Table (GPT). This region resides in the Root PAS.
ARM_MAP_GPT_L1_DRAM: DRAM region used to store Level 1 GPT. It
resides in the Root PAS.
ARM_MAP_RMM_DRAM: DRAM region used to store RMM image. It
resides in the Realm PAS.
The L0 GPT is stored on Trusted SRAM next to firmware configuration
memory. The DRAM carveout when RME is enable is modified as follow:
--------------------
| |
| AP TZC (~28MB) |
--------------------
| |
| REALM (32MB) |
--------------------
| |
| EL3 TZC (3MB) |
--------------------
| L1 GPT + SCP TZC |
| (~1MB) |
0xFFFF_FFFF --------------------
During initialization of the TrustZone controller, Root regions
are configured as Secure regions. Then they are later reconfigured
to Root upon GPT initialization.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: If2e257141d51f51f715b70d4a06f18af53607254
If FEAT_RME is enabled, EL3 runs in the Root world as opposed to
Secure world. This patch changes EL3 memory region attributes for
Arm platforms accordingly.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Ie176f8b440ff34330e4e44bd3bf8d9703b3892ff
This patch adds the necessary changes needed to build
and load RMM image for the FVP platform. RMM image is
loaded by BL2 after BL32 (if BL32 exists) and before BL33.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I1ac9eade84c2e35c7479a322ca1d090b4e626819
The current Makefile assumes all TF-A binaries
have BL prefixes (BL1, BL2, etc). Now that we
have other binary names with FEAT_RME feature, remove
this assumption. With this change, we need to pass
the full name of a binary when using build macros.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I44e094b2366aa526f807d92dffa709390d14d145
TRP is a small test payload that implements Realm Monitor
Management (RMM) functionalities. RMM runs in the Realm world
(R-EL2) and manages the execution of Realm VMs and their
interaction with the hypervisor in Normal world.
TRP is used to test the interface between RMM and Normal world
software, known as Realm Management Interface (RMI). Current
functions includes returning RMM version and transitioning
granules from Non-secure to Realm world and vice versa.
More information about RMM can be found at:
https://developer.arm.com/documentation/den0125/latest
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Ic7b9a1e1f3142ef6458d40150d0b4ba6bd723ea2
* changes:
feat(plat/rcar3): keep RWDT enabled
feat(drivers/rcar3): add extra offset if booting B-side
feat(plat/rcar3): modify LifeC register setting for R-Car D3
feat(plat/rcar3): modify SWDT counter setting for R-Car D3
feat(plat/rcar3): update DDR setting for R-Car D3
feat(plat/rcar3): remove access to RMSTPCRn registers in R-Car D3
feat(plat/rcar3): add process of SSCG setting for R-Car D3
feat(plat/rcar3): add process to back up X6 and X7 register's value
feat(plat/rcar3): modify operation register from SYSCISR to SYSCISCR
feat(plat/rcar3): add SYSCEXTMASK bit set/clear in scu_power_up
feat(plat/rcar3): change the memory map for OP-TEE
feat(plat/rcar3): use PRR cut to determine DRAM size on M3
feat(plat/rcar3): apply ERRATA_A53_1530924 and ERRATA_A57_1319537
fix(plat/rcar3): fix disabling MFIS write protection for R-Car D3
fix(plat/rcar3): fix eMMC boot support for R-Car D3
fix(plat/rcar3): fix version judgment for R-Car D3
fix(plat/rcar3): fix source file to make about GICv2
fix(drivers/rcar3): console: fix a return value of console_rcar_init
The latest FVP model fix which correctly checks if IRQs
are enabled in current exception level, is causing TFTF
tests to hang.
This patch adds setting SCR_EL3.I and SCR_EL3.F bits in
'fvp_cpu_standby()' function to allow CPU to exit from WFI.
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Change-Id: Iceec1e9dbd805803d370ecdb10e04ad135d6b3aa
For convenience we let the build system generate an ELF file (named
bl31.axf), containing all the trampolines, BL31 code and the DTB in one
file. This can be fed directly into the FPGA payload tool, and it will
load the bits at the right addresses.
Since this ELF file is more used as a "container with load addresses",
there is no need for normal ELF features like alignment or a symbol
table.
Remove unnecessary sections from that output file, by doing a static
"link", dropping the NOBITS stacks section, and by adding "-n" to the
linker command line (to avoid page alignment). This trims the generated
.axf file, and makes it smaller.
Change-Id: I5768543101d667fb4a3b70e60b08cfe970d2a2b6
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The arm64 Linux kernel needed to be loaded at a certain offset within any
2MB aligned region; this value was configured at compile time and stored
in the Linux kernel image header. The default value was always 512KiB,
so this is the value we use in the TF-A build system for the kernel
load address.
However the whole scheme around the TEXT_OFFSET changed in Linux v5.8:
Linux kernels became fully relocatable, so this value is largely ignored
now, and its default value changed to 0. The only remainder is a warning
message at boot time in case there is a mismatch:
[Firmware Bug]: Kernel image misaligned at boot, please fix your bootloader!
To avoid this warning, and to make TF-A Linux kernel boot protocol
compliant, we should load newer kernels to offset 0 of a 2 MB
region. This can be done by the user at FPGA boot time, but BL31 needs
to know about this address. As we can't change the build default to 0
without breaking older kernels, we should try to make a build dealing
with both versions:
This patch introduces a small trampoline code, which gets loaded at
512KB of DRAM, and branches up to 2MB. If users load their newer
kernels at 2MB, this trampoline will cover them. In case an older kernel
is loaded at 512KB, it will overwrite this trampoline code, so it would
still work.
Change-Id: If49ca86f5dca380036caf2555349748722901277
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
* changes:
feat(plat/imx/imx8m/imx8mp): enable Trusted Boot
feat(plat/imx/imx8m/imx8mp): add in BL2 with FIP
refactor(plat/imx/imx8m): make image load logic for TBBR FIP booting common
feat(plat/imx/imx8m/imx8mp): add initial definition to facilitate FIP layout
refactor(plat/imx/imx): make imx io-storage logic for TBBR/FIP common
feat(plat/imx/imx8m/imx8mp): add imx8mp_private.h to the build
Add support for Arm Ethos-N NPU multi-device.
The device tree parsing currently only supports one NPU device with
multiple cores. To be able to support multi-device NPU configurations
this patch adds support for having multiple NPU devices in the device
tree.
To be able to support multiple NPU devices in the SMC API, it has been
changed in an incompatible way so the API version has been bumped.
Signed-off-by: Laurent Carlier <laurent.carlier@arm.com>
Change-Id: Ide279ce949bd06e8939268b9601c267e45f3edc3
This patch adds the basic CPU library code to support the Hayes CPU
in TF-A. This CPU is based on the Klein core so that library code
has been adapted for use here.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: If0e0070cfa77fee8f6eebfee13d3c4f209ad84fc
Adding load, authentication, and transfer functionality from FVP R BL1 to
BL33, which will be the partner runtime code.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I293cad09739dacac0d20dd57c1d98178dbe84d40
For v8-R64, especially R82, creating code to run BL1 at EL2, using MPU.
Signed-off-by: Gary Morrison <gary.morrison@arm.com>
Change-Id: I439ac3915b982ad1e61d24365bdd1584b3070425
Creating a platform port for FVP_R based on the FVP platform.
Differences including only-BL1, aarch64, Secure only, and EL2 being the
ELmax (No EL3).
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I1283e033fbd4e03c397d0a2c10c4139548b4eee4
The 'CORE_PWRDN_EN' bit of 'CPUPWRCTLR_EL1' register requires an
explicit write to clear it for hotplug and idle to function correctly.
So add Neoverse N2 CPU specific handler in platform reset handler to
clear the CORE_PWRDN_EN bit.
Signed-off-by: shriram.k <shriram.k@arm.com>
Change-Id: If3859447410c4b8e704588993941178fa9411f52
The 'CORE_PWRDN_EN' bit of 'CPUPWRCTLR_EL1' register requires an
explicit write to clear it for hotplug and idle to function correctly.
So add Neoverse V1 CPU specific handler in platform reset handler to
clear the CORE_PWRDN_EN bit.
Signed-off-by: shriram.k <shriram.k@arm.com>
Change-Id: I56084c42a56c401503a751cb518238c83cfca8ac
Currently the SP package loading mechanism is only enabled when S-EL2
SPMC is selected. Remove this limitation.
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Change-Id: I5bf5a32248e85a26d0345cacff7d539eed824cfc
Update UUID to little endian:
The SPMC expects a little endian representation of the UUID as an array
of four integers in the SP manifest.
Add managed exit field and cosmetic comments updates.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Icad93ca70bc27bc9d83b8cf888fe5f8839cb1288
CIRQ software reset can be used on all platforms, so we remove
CIRQ_NEED_SW_RESET in mt_cirq_sw_reset to enable software reset.
BUG=b:192200380, b:201035723
Signed-off-by: Pan Gao <gtk_pangao@mediatek.com>
Change-Id: Id53ea099ae566bf2a573fca866bd10c60429bd5a
DFD (Design for Debug) is a debugging tool, which scans
flip-flops and dumps to internal RAM on the WDT reset.
After system reboots, those values could be showed for
debugging.
BUG=b:192429713
Signed-off-by: Rex-BC Chen <rex-bc.chen@mediatek.com>
Change-Id: I02c6c862b6217bc84c83a09b533bd53ec19b06f7
* changes:
feat(docs/nxp/layerscape): add ls1028a soc and board support
feat(plat/nxp/ls1028ardb): add ls1028ardb board support
feat(plat/nxp/ls1028a): add ls1028a soc support
feat(plat/nxp/common): define default SD buffer
feat(driver/nxp/xspi): add MT35XU02G flash info
feat(plat/nxp/common): add SecMon register definition for ch_3_2
feat(driver/nxp/dcfg): define RSTCR_RESET_REQ
feat(plat/nxp/common/psci): define CPUECTLR_TIMER_2TICKS
feat(plat/nxp/common): define default PSCI features if not defined
feat(plat/nxp/common): define common macro for ARM registers
feat(plat/nxp/common): add CCI and EPU address definition
The LS1028A reference design board (RDB) is a computing,
evaluation, and development platform that supports industrial
IoT applications, human machine interface solutions, and
industrial networking.
It supports the following features:
1. Layerscape LS1028A dual-core processor based on Cortex-A72
at 1.3 GHz.
2. 4 GB DDR4 SDRAM w/ECC
3. Support Ethernet:
1) x1 RJ45 connector for 1Gbps Ethernet support w/TSN, 1588
2) x4 RJ45 connector for 1Gbps Ethernet switch support w/TSN,
1588 (QSGMII)
3. With Basic Peripherals and Interconnect
2x M.2 Type E slots with PCIe Gen 3.0 x1
1x M.2 Type B slot with SATA 3.0 (resistor mux with 1 Type E slot)
1x Type A USB 3.0 super-speed port
1x Type C USB 3.0 super-speed port
1x DisplayPort interface
2x DB9 RS232 serial ports
2x DB9 CAN interfaces
1x 3.5 mm audio out
2x MikroBUS™ sockets
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: York Sun <york.sun@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Change-Id: I48ee254a488ae4af227641da3875a1e9a63a720c
The QorIQ LS1028A processor integrates two 64-bit ARM Cortex-A72
cores with a GPU and LCD controller, as well as a TSNenabled
Ethernet port and a TSN-enabled switch with four external ports.
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Signed-off-by: Ran Wang <ran.wang_1@nxp.com>
Change-Id: I9f65c6af5db7e20702828cd208290c1b43a54941
Add the reset set/clear sequence at the beginning of the function
plat_crash_console_init(). If not done, there is a risk that the UART
is in a bad state and will not be able to print correct characters.
Change-Id: Id31e28773d6c4f26f16d3569d1e3c5aa0e26e039
Signed-off-by: Yann Gautier <yann.gautier@st.com>
* changes:
feat(plat/fvp): enable trace extension features by default
feat(trf): enable trace filter control register access from lower NS EL
feat(trf): initialize trap settings of trace filter control registers access
feat(sys_reg_trace): enable trace system registers access from lower NS ELs
feat(sys_reg_trace): initialize trap settings of trace system registers access
feat(trbe): enable access to trace buffer control registers from lower NS EL
feat(trbe): initialize trap settings of trace buffer control registers access
Trusted Services had removed secure storage and added two new
trusted services - Protected Storage and Internal Trusted Storage.
Hence we are removing secure storage and adding support for the
internal trusted storage.
And enable external SP images in BL2 config for TC, so that
we do not have to modify this file whenever the list of SPs
changes. It is already implemented for fvp in the below commit.
commit 33993a3737
Author: Balint Dobszay <balint.dobszay@arm.com>
Date: Fri Mar 26 15:19:11 2021 +0100
feat(fvp): enable external SP images in BL2 config
Change-Id: I3e0a0973df3644413ca5c3a32f36d44c8efd49c7
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
Define default SD buffer address and size in DRAM.
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I5872d95b0c1114e05f0e145756e9a6ef39b2fd9a
SoC code can define supported features, otherwise use default setting.
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I0f11498c1f7558ff0ec2d9b344f3f7a4f5489ced
Define common register macro both for Cortex-A53 and Cortex-A72
because the code will be used by both Cortex platform.
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I485661bfe3ed4f214c403ff6af53dc6af1ddf089
Add CCI and EPU base address definiton for Chassis v3.2.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I13250555b6646c1e7ba2e9d7c9efca8501f17b3a
EMI MPU stands for external memory interface memory protect unit.
MT8195 supports 32 regions and 16 domains.
We add basic drivers currently, and will add more setting for
EMI MPU in next patch.
Change-Id: Iedc19d8f6fcf1ceb2d8241319b8dc17c885642dd
Signed-off-by: Penny Jan <penny.jan@mediatek.com>
This patch enables Trusted Boot on the i.MX8MP with BL2 doing image
verification from a FIP prior to hand-over to BL31.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: Iac1d1d62ea9858f67326a47c1e5ba377f23f9db5
Adds bl2 with FIP to the build required for mbed Linux booting where
we do:
BootROM -> SPL -> BL2 -> OPTEE -> u-boot
If NEED_BL2 is specified then BL2 will be built and BL31 will have its
address range modified upwards to accommodate. BL31 must be loaded from a
FIP in this case.
If NEED_BL2 is not specified then the current BL31 boot flow is unaffected
and u-boot SPL will load and execute BL31 directly.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: I78914d6002755f733ea866127cb47982a00f9700
This commit makes the image load logic from imx8mm common for all
imx8m platform.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: Ibfe2e9cc09d198cb9e309afaf381a0237a4b82ed
Adds a number of definitions consistent with the established RSB3720
equivalents specifying number of io_handles and block devices.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: I401e48216d67257137351ee4d0b98904a76fa789
This commit makes imx image io-storage logic common for all
imx platform.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: I15045ac8f9dfa8cb714e32f9e7475d5eae4e86e4
Allows for exporting of FIP related methods cleanly in a private header.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: Iaaad4e69ef89c8a8a74648647d7fd09cd0fdd12a
In the SCMI power domain off handling, configure GIC
to prevent interrupt toward to the core to be turned off,
and configure CCN to disable coherency when the cluster is turned off.
The same operation is done in SCPI power domain off processing.
This commit adds the missing operation in SCMI power domain
off handling.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Change-Id: Ib3523de488500c2e8bdc74e4cb8772a1442d9781
In case the WDT is enabled by prior stage, keep it enabled.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Change-Id: Ie7c0eaf2f59dd8c30a9ef686a7000424f38d6352
Because the Realtime module stop control register n (RMSTPCRn)
are not supported in R-Car D3. Therefore, remove access to these
registers in R-Car D3.
Signed-off-by: Hideyuki Nitta <hideyuki.nitta.jf@hitachi.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: I4647e28d0e176ff97151e9842019ba12cefe5c03
- Added the condition where output the SSCG (MD12) setting
to log for R-Car D3.
- Added the process to switching the bit rate of SCIF by the
SSCG (MD12) setting value for R-Car D3.
Signed-off-by: Hideyuki Nitta <hideyuki.nitta.jf@hitachi.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: Iaf07fa4df12dc233af0b57569ee4fa9329f670a9
Because the x6 and x7 registers will be overwritten by the callee function,
added the processing the register's value push to/pop from stack memory.
Signed-off-by: Hideyuki Nitta <hideyuki.nitta.jf@hitachi.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: I5351a008d3b208a30a8bc8651b8d9b4d1a02a8e8
Added the process of SYSECEXTMASK bit set/clear for following
power Resume/Shutoff flow.
Signed-off-by: Hideyuki Nitta <hideyuki.nitta.jf@hitachi.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: I71ed22840a42e7ab7d87bfd4241eec6f5ddb129b
The memory area size of OP-TEE was changed from 1MB to 2MB
because the size of OP-TEE has increased.
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: Ic8a165c83a3a9ef2829f68d5fabeed9ccb6da95e
The new M3 DRAM size can be determined by the PRR cut version.
Read the PRR cut version, and if it is older than cut 30, use
legacy DRAM size scheme, else report 8GB in 2GBx4 2ch split.
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com> # Fix DRAM size judgment by PRR register, reword commit message
Change-Id: Ib83176d0d09cab5cae0119ba462e42c66c642798
Fix to support of booting from eMMC (50MHz x 8) on
Draak board for R-Car D3.
Signed-off-by: Hideyuki Nitta <hideyuki.nitta.jf@hitachi.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: I0ab2b5c7f8075acbf5f4a69694fb535dddc1a4c8
Added the process of judgment and logging for R-Car D3 Ver.1.1 and Ver.1.0.
Signed-off-by: Hideyuki Nitta <hideyuki.nitta.jf@hitachi.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: I326aa42374b70b6a4a71893561a7eaa0b6eddef0
Changed the plat/renesas/common/common.mk to change the source files
about GICv2 by include gicv2.mk, because gic_common.c has deprecated.
Signed-off-by: Hideyuki Nitta <hideyuki.nitta.jf@hitachi.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: Iaa7eae6b2c1dd79a05339325e6bc422d87bce49e
Erratum 1530924 affects Armada 37xx CPU, since it affects all Cortex-A53
revisions from r0p0 to r0p4.
Enable the workaround for this erratum.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Change-Id: I753225040e49e956788d5617cd7ce76d5e6ea8e8
BL2 passes FW_CONFIG to BL31 which contains information
about different DTBs present. BL31 then uses FW_CONFIG
to get the base address of HW_CONFIG and populate fconf.
Signed-off-by: Usama Arif <usama.arif@arm.com>
Change-Id: I0b4fc83e6e0a0b9401f692516654eb9a3b037616
This avoids duplicate define of TZC_REGION_NSEC_ALL_ACCESS_RDWR.
And remove the previous TZC400 definitions from stm32mp1_def.h.
Change-Id: I6c72c2a18731f69d855fbce8ce822a21da9364fa
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Add required code to support FCONF on STM32MP1 platform.
The new FW_CONFIG DT file will be inside the FIP, and loaded by BL2.
It will be used to configure the addresses where to load other binaries.
BL2 should be agnostic of which BL32 is in the FIP (OP-TEE or SP_min),
so optee_utils.c is always compiled, and some OP-TEE flags are removed.
Change-Id: Id957b49b0117864136250bfc416664f815043ada
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Instead of using a scratch buffer of 512 bytes, we can directly use the
image address and max size. The mmc_block_dev_spec struct info is then
overwritten for each image with this info, except FW_CONFIG and GPT
table which will still use the scratch buffer.
This allows using multiple blocks read on MMC, and so improves the boot
time.
A cache invalidate is required for the remaining data not used from the
first and last blocks read. It is not required for FW_CONFIG_ID,
as it is in scratch buffer in SYSRAM, and also because bl_mem_params
struct is overwritten in this case. This should also not be done if
the image is not found (OP-TEE extra binaries when using SP_min).
Change-Id: If3ecfdfe35bb9db66284036ca49c4bd1be4fd121
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
BL2 still uses the STM32 header binary format to be loaded from ROM code.
BL32 and BL33 and their respective device tree files are now put together
in a FIP file.
One DTB is created for each BL. To reduce their sizes, 2 new dtsi file are
in charge of removing useless nodes for a given BL. This is done because
BL2 and BL32 share the same device tree files base.
The previous way of booting is still available, the compilation flag
STM32MP_USE_STM32IMAGE has to be set to 1 in the make command. Some files
are duplicated and their names modified with _stm32_ to avoid too much
switches in the code.
Change-Id: I1ffada0af58486d4cf6044511b51e56b52269817
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Protect BL32 (SP_min) with MMU if OP-TEE is not used.
Validate OP-TEE header with optee_header_is_valid().
Use default values in bl2_mem_params_descs[]. They will be overwritten
in bl2_plat_handle_post_image_load() if OP-TEE is used.
Change-Id: I8614f3a17caa827561614d0f25f30ee90c4ec3fe
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Embarrassingly we never told the non-secure world that secure firmware
lives in the first few hundred KBs of DRAM, so any non-secure payload
could happily overwrite TF-A, and we couldn't even blame it.
Advertise the BL31 region in the reserved-memory DT node, so non-secure
world stays out of it.
This fixes Linux booting on FPGAs with less memory than usual.
Change-Id: I7fbe7d42c0b251c0ccc43d7c50ca902013d152ec
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
* changes:
refactor(plat/nxp): refine api to read SVR register
refactor(plat/nxp): each errata use a seperate source file
refactor(plat/nxp): use a unified errata api
refactor(plat/soc-lx2160): move errata to common directory
At the moment we specified the BL31 memory limits to 1MB; since we
typically have gigabytes of DRAM, we can be quite generous.
However the default parameters expect the devicetree binary at
0x80070000, so we should actually make sure we have no code or data
beyond that point.
Limit the ARM FPGA BL31 memory footprint to this available 7*64K region.
We stay within the limit at the moment, with more than half of it
reserved for stacks, so this could be downsized later should we run
into problems.
The PIE addresses stay as they are, since the default addresses do not
apply there anywhere, and the build is broken anyway.
Change-Id: I7768af1a93ff67096f4359fc5f5feb66464bafaa
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Currently the list of SP UUIDs loaded by BL2 is hardcoded in the DT.
This is a problem when building a system with other SPs (e.g. from
Trusted Services). This commit implements a workaround to enable adding
SP UUIDs to the list at build time.
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Change-Id: Iff85d3778596d23d777dec458f131bd7a8647031
Up until now we relied on the GICs used in our FPGA images to be GICv3
compliant, without the "direct virtual injection" feature (aka GICv4)
enabled.
To support newer images which have GICv4 compliant GICs, enable the
newly introduced GICv4 detection code, and use that also when we adjust
the redistributor region size in the devicetree.
This allows the same BL31 image to be used with GICv3 or GICv4 FPGA
images.
Change-Id: I9f6435a6d5150983625efe3650a8b7d1ef11b1d1
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we have a GIC_ENABLE_V4_EXTN build time variable to
determine whether the GIC interrupt controller is compliant to version
4.0 of the spec or not. This just changes the number of 64K MMIO pages
we expect per redistributor.
To support firmware builds which run on variable systems (emulators,
fast model or FPGAs), let's make this decision at runtime.
The GIC specification provides several architected flags to learn the
size of the MMIO frame per redistributor, we use GICR_TYPER[VLPI] here.
Provide a (static inline) function to return the size of each
redistributor.
We keep the GIC_ENABLE_V4_EXTN build time variable around, but change
its meaning to enable this autodetection code. Systems not defining this
rely on a "pure" GICv3 (as before), but platforms setting it to "1" can
now deal with both configurations.
Change-Id: I9ede4acf058846157a0a9e2ef6103bf07c7655d9
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
1. Refined struct soc_info_t definition.
2. Refined get_soc_info function.
3. Fixed some SVR persernality value.
4. Refined API to get cluster numbers and cores per cluster.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I3c20611a523516cc63330dce4c925e6cda1e93c4
This patch adds the necessary files to support
the SolidRun CN913X CEx7 Evaluation Board.
Because the DRAM connectivity and SerDes settings
is shared with the CN913X DB - reuse relevant
board-specific files.
Change-Id: I75a4554a4373953ca3fdf3b04c4a29c2c4f8ea80
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
The common makefile used by every a8k/cn913x platform
(a8k_common.mk) assumed default paths in PLAT_INCLUDES,
BLE/BL31_PORTING_SOURCES. Allow overriding those
variables, in order to avoid code duplication.
It can be helpful in case using multiple board variants
or sharing common settings between different platforms.
Change-Id: Idce603e44ed04d99fb1e3e11a2bb395d552e2bf7
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
* changes:
feat(plat/allwinner): add R329 support
refactor(plat/allwinner): allow custom BL31 offset
refactor(plat/allwinner): allow new AA64nAA32 position
fix(plat/allwinner): delay after enabling CPU power
Use a unfied API soc_errata() for each platforms,
add print a INFO message for each enabled errata,
so that it will be easy to check which errata is
enabled on current platform.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I5eab3f338db6b46c57cbad475819043fc60ca6d3
Will add more Erratas, some errata can be used for multiple
platforms, so move errata to be common code which can
be share between different platforms.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Ib149b3eac365bdb593331e9f38f0b89d92c9c0d1
Allwinner R329 is a new dual-core Corte-A53 SoC. Add basical TF-A
support for it, to provide a PSCI implementation containing CPU
boot/shutdown and SoC reset.
Change-Id: I0fa37ee9b4a8e0e1137bf7cf7d614b6ca9624bfe
Signed-off-by: Icenowy Zheng <icenowy@sipeed.com>
Not all Allwinner SoCs have the same arrangement to SRAM A2.
Allow to specify a offset at which BL31 will stay in SRAM A2.
Change-Id: I574140ffd704a796fae0a5c2d0976e85c7fcbdf9
Signed-off-by: Icenowy Zheng <icenowy@sipeed.com>
In newer Allwiner SoCs, the AA64nAA32 wires are mapped to a new register
called "General Control Register0" in the manual rather than the
"Cluster 0 Control Register0" in older SoCs.
Now the position of AA64nAA32 (reg and bit offset) is defined in a few
macros instead assumed to be at bit offset 24 of
SUNXI_CPUCFG_CLS_CTRL_REG0.
Change-Id: I933d00b9a914bf7103e3a9dadbc6d7be1a409668
Signed-off-by: Icenowy Zheng <icenowy@sipeed.com>
Adds a 1us delay after enabling power to a CPU core, to prevent
inrush-caused CPU crash before it's up.
Change-Id: I8f4c1b0dc0d1d976b31ddc30efe7a77a1619b1b3
Signed-off-by: Icenowy Zheng <icenowy@sipeed.com>
Add TZC master source id for DMA in the SoC space and for the DMAs
behind the I/O Virtualization block to allow the non-secure transactions
from these DMAs targeting DRAM.
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I77a2947b01b4b49a7c1940f09cf62b7b5257657c
It was enabled in commit 3c7dcdac5c ("marvell/a3700: Prevent SError
accessing PCIe link while it is down") with a workaround for a bug found
in U-Boot and Linux kernel driver pci-aardvark.c (PCIe controller driver
for Armada 37xx SoC) which results in SError interrupt caused by AXI
SLVERR on external access (syndrome 0xbf000002) and immediate kernel
panic.
Now when proper patches are in both U-Boot and Linux kernel projects,
this workaround in TF-A should not have to be enabled by default
anymore as it has unwanted side effects like propagating all external
aborts, including non-fatal/correctable into EL3 and making them as
fatal which cause immediate abort.
Add documentation for HANDLE_EA_EL3_FIRST build option into Marvell
Armada build section.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Ic92b65bf9923505ab682830afb66c2f6cec70491
A3700 plat_ea_handler was introduced into TF-A codebase just because of
bugs in U-Boot and Linux kernel PCIe controller driver pci-aardvark.c.
These bugs were finally fixed in both U-Boot and Linux kernel drivers:
eccbd4ad8ehttps://git.kernel.org/stable/c/f18139966d072dab8e4398c95ce955a9742e04f7
Add all these information into comments, including printing error
message into a3k plat_ea_handler. Also check that abort is really
asynchronous and comes from lower level than EL3.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I46318d221b39773d5e25b3a0221d7738736ffdf1
The GIC IP formerly known as "GIC Clayton" has been released under the
name of "GIC-700".
Rename occurences of Clayton in comments and macro names to reflect the
official name.
Change-Id: Ie8c55f7da7753127d58c8382b0033c1b486f7909
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Add support for runtime feature configuration which are running on the
firmware. Add new IOCTL IDs like IOCTL_SET_FEATURE_CONFIG and
IOCTL_GET_FEATURE_CONFIG for configuring the features.
Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Change-Id: I976aef15932783a25396b2adeb4c8f140cc87e79
Sync IOCTL IDs in order to avoid conflict with other components like,
Linux and firmware. Hence assigning value to IDs to make it more
specific.
Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Change-Id: I11ae679fbd0a953290306b62d661cc142f50dc28
after this commit: If15cf3b9d3e2e7876c40ce888f22e887893fe696
plat/qemu/common/qemu_pm.c:116: (entrypoint < (NS_DRAM0_BASE + NS_DRAM0_SIZE)))
the above line (NS_DRAM0_BASE + NS_DRAM0_SIZE) = 0x100000000, which will
overflow 32bit and cause ERROR
SO add ULL to fix it
tested on compiler:
gcc version 10.2.1 20201103 (GNU Toolchain for the A-profile Architecture 10.2-2020.11 (arm-10.16))
Signed-off-by: Darren Liang <lwp513@qq.com>
Change-Id: I1d769b0803142d37bd2968d765ab04a9c7c5c21a
This patch adds the basic CPU library code to support the Demeter
CPU. This CPU is based on the Makalu-ELP core so that CPU lib code
was adapted to create this patch.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ib5740b748008a72788c557f0654d8d5e9ec0bb7f
As done recently for plat/tc0 in b5863cab9, enable AMU explicitly.
This is necessary as the recent changes that enable SVE for the secure
world disable AMU by default in the CPTR_EL3 reset value.
Change-Id: Ie3abf1dee8a4e1c8c39f934da8e32d67891f5f09
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Now that the DDR is mapped secured, the security settings (TZC400
firewall) have to be applied at the end of BL2 for the OP-TEE case.
This is required to avoid checskum computation error on U-Boot binary,
for which MMU and TZC400 would not be aligned.
Change-Id: I4a364f7117960e8fae1b579f341b9f140b766ea6
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
The Tegra132 platforms have reached their end of life and are
no longer used in the field. Internally and externally, all
known programs have removed support for this legacy platform.
This change removes this platform from the Tegra tree as a result.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I72edb689293e23b63290cdcaef60468b90687a5a
Most DTBs used on the RaspberryPi contain a FDT /memreserve/ region,
that covers the original secondaries' spin table.
We need to reserve more memory than described there, to cover the whole
of the TF-A image, so we add a /reserved-memory node to the DTB.
However having the same memory region described by both methods upsets
the Linux kernel and U-Boot, so we have to make sure there is only one
instance describing this reserved memory.
Keep our currently used /reserved-memory node, since it's more capable
(it allows to mark the region as secure memory). Add some code to drop
the original /memreserve/ region, since we don't need this anymore,
because we take the secondaries out of their original spin loop.
We explicitly check for the currently used size of 4KB for this region,
to be alerted by any changes to this region in the upstream DTB.
Change-Id: Ia3105560deb3f939e026f6ed715a9bbe68b56230
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Put default ea handler implementation into function plat_default_ea_handler()
which just print verbose information and panic, so it can be called also
from overwritten / weak function plat_ea_handler() implementation.
Replace every custom implementation of printing verbose error message of
external aborts in custom plat_ea_handler() functions by a common
implementation from plat_default_ea_handler() function.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I15897f61b62b4c3c29351e693f51d4df381f3b98
* changes:
feat(plat/rcar3): emit RPC status to DT fragment if RPC unlocked
feat(plat/rcar3): add a DRAM size setting for M3N
feat(plat/rcar3): update IPL and Secure Monitor Rev.3.0.0
feat(plat/rcar3): add new board revision for Salvator-XS/H3ULCB
feat(drivers/rcar3): ddr: add function to judge a DDR rank
fix(drivers/rcar3): ddr: update DDR setting for H3, M3, M3N
fix(drivers/rcar3): i2c_dvfs: fix I2C operation
fix(drivers/rcar3): fix CPG registers redefinition
fix(drivers/rcar3): emmc: remove CPG_CPGWPR redefinition
fix(plat/rcar3): generate two memory nodes for larger than 2 GiB channel 0
refactor(plat/rcar3): factor out DT memory node generation
feat(plat/rcar3): add optional support for gzip-compressed BL33
* changes:
feat(io_mtd): offset management for FIP usage
feat(nand): count bad blocks before a given offset
feat(plat/st): add helper to save boot interface
fix(plat/st): improve DDR get size function
refactor(plat/st): map DDR secure at boot
refactor(plat/st): rework TZC400 configuration
This commit activates the stack protector feature for the diphda
platform.
Change-Id: Ib16b74871c62b67e593a76ecc12cd3634d212614
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
This renames tc0 platform folder and files to tc, and introduces
TARGET_PLATFORM variable to account for the differences between
TC0 and TC1.
Signed-off-by: Usama Arif <usama.arif@arm.com>
Change-Id: I5b4a83f3453afd12542267091b3edab4c139c5cd
This reverts commit 4d9b9b2352.
Timeout in IPI ack was added for functional safety reason.
Functional safety is not criteria for ATF. However, this
creates issues for APIs that take long or non-deterministic
duration like FPGA load. So revert this patch for now to fix
FPGA loading issue. Need to add support for non-blocking API
for FPGA loading with callback when API completes.
Signed-off-by: Rajan Vaja <rajan.vaja@xilinx.com>
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I940e798f1e2f7d0dfca1da5caaf8b94036d440c6
DFD (Design for Debug) is a debugging tool, which scans
flip-flops and dumps to internal RAM on the WDT reset.
After system reboots, those values could be showed for
debugging.
Signed-off-by: Rex-BC Chen <rex-bc.chen@mediatek.com>
Change-Id: I9c7af9a4f75216ed2c6b44458d121a352bef4b95
Fixed the build error by removing the local definition of 'efi_guid'
structure in 'sgi_ras.c' file as this structure definition is already
populated in 'sgi_ras.c' file via 'uuid.h' header.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I57687336863f2a0761c09b6c1aa00b4aa82a6a12
Bump the required FF-A version in framework and manifests to v1.1 as
upstream feature development goes.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I89b2bd3828a13fc4344ccd53bc3ac9c0c22ab29f
Renamed hw_crc32 to tf_crc32 to make the file and function
name more generic so that the same name can be used in upcoming
software CRC32 implementation.
Change-Id: Idff8f70c50ca700a4328a27b49d5e1f14d2095eb
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Added firmware update support in Arm platforms by using
FWU platform hooks and compiling FWU driver in BL2
component.
Change-Id: I71af06c09d95c2c58e3fd766c4a61c5652637151
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
External Abort may happen also during printing of some messages by
U-Boot or kernel. So print newline before fatal abort error message.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Ic7579b605e695c2e4cb9a4f5cdc2d0b3e5083e49
These files are needed during boot, but they were missing
for semihosting.
With this patch, the list of files is complete enough to
boot on ATF platform via semihosting.
Change-Id: I2f0ca25983a6e18096f040780776f19f8040ea79
Signed-off-by: stsp@users.sourceforge.net
The rpi4 has a single nonstandard ECAM. It is broken
into two pieces, the root port registers, and a window
to a single device's config space which can be moved
between devices. Now that we have widened the page
tables/MMIO window, we can create a read/write acces
functions that are called by the SMCCC/PCI API.
As an example platform, the rpi4 single device ECAM
region quirk is pretty straightforward. The assumption
here is that a lower level (uefi) has configured and
initialized the PCI root to match the values we are
using here.
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
Change-Id: Ie1ffa8fe9aa1d3c62e6aa84746a949c1009162e0
Now that we have adjusted the address map, added the
SMC conduit code, and the RPi4 PCI callbacks, lets
add the flags to enable everything in the build.
By default this service is disabled because the
expectation is that its only useful in a UEFI+ACPI
environment.
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
Change-Id: I2a3cac6d63ba8119d3b711db121185816b89f8a2
* changes:
refactor(plat/allwinner): clean up platform definitions
refactor(plat/allwinner): do not map BL32 DRAM at EL3
refactor(plat/allwinner): map SRAM as device memory by default
refactor(plat/allwinner): rename static mmap region constant
feat(bl_common): import BL_NOBITS_{BASE,END} when defined
Recent changes to enable SVE for the secure world have disabled AMU
extension by default in the reset value of CPTR_EL3 register. So the
platform has to enable this extension explicitly.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I7d930d96ec22d7c3db961411370564bece0ce272
Group the SCP base/size definitions in a more logical location.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: Id43f9b468d7d855a2413173d674a5ee666527808
BL31 does not appear to ever access the DRAM allocated to BL32,
so there is no need to map it at EL3.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: Ie8727b793e53ea14517894942266f6da0333eb74
The SRAM on Allwinner platforms is shared between BL31 and coprocessor
firmware. Previously, SRAM was mapped as normal memory by default.
This scheme requires carveouts and cache maintenance code for proper
synchronization with the coprocessor.
A better scheme is to only map pages owned by BL31 as normal memory,
and leave everything else as device memory. This removes the need for
cache maintenance, and it makes the mapping for BL31 RW data explicit
instead of magic.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: I820ddeba2dfa2396361c2322308c0db51b55c348
This constant specifically refers to the number of static mmap regions.
Rename it to make that clear.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: I475c037777ce2a10db2631ec0e7446bb73590a36
At this stage of development Non Volatile counters are not implemented
in the Diphda platform.
This commit disables their use during the Trusted Board Boot by
overriding the NV counters get/set functions.
Change-Id: I8dcbebe0281cc4d0837c283ff637e20b850988ef
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
This commit enables trusted-firmware-a with Trusted Board Boot support
for the Diphda 64-bit platform.
Diphda uses a FIP image located in the flash. The FIP contains the
following components:
- BL2
- BL31
- BL32
- BL32 SPMC manifest
- BL33
- The TBB certificates
The board boot relies on CoT (chain of trust). The trusted-firmware-a
BL2 is extracted from the FIP and verified by the Secure Enclave
processor. BL2 verification relies on the signature area at the
beginning of the BL2 image. This area is needed by the SecureEnclave
bootloader.
Then, the application processor is released from reset and starts by
executing BL2.
BL2 performs the actions described in the trusted-firmware-a TBB design
document.
Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Change-Id: Iddb1cb9c2a0324a9635e23821c210ac81dfc305d
Align documentation with changes of messaging method for partition
manifest:
- Bit[0]: support for receiving direct message requests
- Bit[1]: support for sending direct messages
- Bit[2]: support for indirect messaging
- Bit[3]: support for managed exit
Change the optee_sp_manifest to align with the new messaging method
description.
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>
Change-Id: I333e82c546c03698c95f0c77293018f8dca5ba9c
This patch adds the option HARDEN_SLS_ALL that can be used to enable
the -mharden-sls=all, which mitigates the straight-line speculation
vulnerability. Enable this by adding the option HARDEN_SLS_ALL=1,
default this will be disabled.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I0d498d9e96903fcb879993ad491949f6f17769b2
When enabling U-boot with UEFI and secure boot, the size of U-boot
becomes more than 1MB. So we enlarge BL33 to 2MB.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: I9d9d24132bb1ec17ef6080dc72e93c7f531c97b5
* changes:
refactor(plat/arm): use mmio* functions to read/write NVFLAGS registers
refactor(plat/arm): mark the flash region as read-only
refactor(plat/arm): update NV flags on image load/authentication failure
* changes:
fix(plat/marvell/a3k): Fix building uart-images.tgz.bin archive
refactor(plat/marvell/a3k): Rename *_CFG and *_SIG variables
refactor(plat/marvell/a3k): Rename DOIMAGETOOL to TBB
refactor(plat/marvell/a3k): Remove useless DOIMAGEPATH variable
fix(plat/marvell/a3k): Fix check for external dependences
fix(plat/marvell/a8k): Add missing build dependency for BLE target
fix(plat/marvell/a8k): Correctly set include directories for individual targets
fix(plat/marvell/a8k): Require that MV_DDR_PATH is correctly set
There is a error setting for SPM, so we need to fix this issue.
Signed-off-by: Garmin Chang <garmin.chang@mediatek.com>
Change-Id: I741a5dc1505a831fe48fd5bc3da9904db14c8a57
This change adds 208 bytes to PMUSRAM, pushing the end of text from
0xff3b0de0 to 0xff3b0eb0, which is still shy of the maximum
0xff3b1000.
Further, this skips enabling the watchdog when it's not being used
elsewhere, as you can't turn the watchdog off.
Change-Id: I2e6fa3c7e01f2be6b32ce04ce479edf64e278554
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Some parameters from BootROM boot context can be required after boot.
To save space in SYSRAM, this context can be overwritten during images
load sequence. The needed information (here the boot interface) is
then saved in a local variable.
Change-Id: I5e1ad4630ccf78480f415a0a83939005ae67729e
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Avoid parsing device tree every time when returning
the DDR size.
A cache flush on this size is also added because TZC400 configuration
is applied at the end of BL2 after MMU and data cache being turned off.
Configuration needs to retrieve the DDR size to generate the correct
region. Access to the size fails because the value is still in the data
cache. Flushing the size is mandatory.
Change-Id: I3dd1958f37d806f9c15a5d4151968935f6fe642e
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
In BL2, the DDR can be mapped as secured in MMU, as no other SW
has access to it during its execution.
The TZC400 configuration is also updated to reflect this. When using
OP-TEE, the TZC400 is reconfigured at the end of BL2, to match OP-TEE
mapping. Else, SP_min will be in charge to reconfigure TZC400 to set
DDR non-secure.
Change-Id: Ic5ec614b218f733796feeab1cdc425d28cc7c103
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add new static functions to factorize code in stm32mp1_security.c.
Change-Id: Ifa5a1aaf7c56c25dba9a0ab8e985496d7cb06990
Signed-off-by: Yann Gautier <yann.gautier@st.com>
For UART secure boot it is required also TIMN image, so pack it into
uart-images.tgz.bin archive which is created by mrvl_uart target.
$(TIMN_IMAGE) and $(TIM_IMAGE) variables are used only for UART images
so their content needs to be initialized from $(TIMN_UART_CFG) and
$(TIM_UART_CFG) config files. And not from $(TIMN_CFG) and $(TIM_CFG) as
it is now because they are not generated during mrvl_uart target. Fix it
to allow building mrvl_uart target before mrvl_flash target.
To match usage of these variables, rename them to $(TIMN_UART_IMAGE) and
$(TIM_UART_IMAGE).
To not complicate rule for building uart-images.tgz.bin archive, set
list of image files into a new $(UART_IMAGES) variable.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I83b980abb4047a3afb3ce3026842e1d873c490bf
For TIM config file use TIM name instead of DOIMAGE and use underscores
to make variable names more readable.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I1282ce11f1431c15458a143ae7bfcee85eed2432
In case the RCAR_RPC_HYPERFLASH_LOCKED is 0, emit DT node /soc/rpc@ee200000
with property status = "okay" into the DT fragment passed to subsequent
software, to indicate the RPC is unlocked.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Change-Id: Id93c4573ab1c62cf13fa5a803dc5818584a2c13a
Armada 3700 uses external TBB tool for creating images and does not use
internal TF-A doimage tool from tools/marvell/doimage/
Therefore set correct name of variable.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I38a94dca78d483de4c79da597c032e1e5d06d92d
Old Marvell a3700_utils and mv-ddr tarballs do not have to work with
latest TF-A code base. Marvell do not provide these old tarballs on
Extranet anymore. Public version on github repository contains all
patches and is working fine, so for public TF-A builds use only public
external dependencies from git.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Iee5ac6daa9a1826a5b80a8d54968bdbb8fe72f61
BLE source files depend on external Marvell mv-ddr-marvell tree
(specified in $(MV_DDR_PATH) variable) and its header files. Add
dependency on $(MV_DDR_LIB) target which checks that variable
$(MV_DDR_PATH) is correctly set and ensures that make completes
compilation of mv-ddr-marvell tree.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I73968b24c45d9af1e3500b8db7a24bb4eb2bfa47
Do not set all include directories, including those for external targets
in one PLAT_INCLUDES variable.
Instead split them into variables:
* $(PLAT_INCLUDES) for all TF-A BL images
* BLE target specific $(PLAT_INCLUDES) only for Marvell BLE image
* $(MV_DDR_INCLUDES) for targets in external Marvell mv-ddr-marvell tree
Include directory $(CURDIR)/drivers/marvell is required by TF-A BL
images, so move it from ble.mk to a8k_common.mk.
Include directory $(MV_DDR_PATH) is needed only by Marvell BLE image, so
move it into BLE target specific $(PLAT_INCLUDES) variable.
And remaining include directories specified in ble.mk are needed only
for building external dependences from Marvell mv-ddr tree, so move them
into $(MV_DDR_INCLUDES) variable and correctly use it in $(MV_DDR_LIB)
target.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I331f7de675dca2bc70733d56b768f00d56ae4a67
Target mrvl_flash depends on external mv_ddr source code which is not
part of TF-A project. Do not expect that it is pre-downloaded at some
specific location and require user to specify correct path to mv_ddr
source code via MV_DDR_PATH build option.
TF-A code for Armada 37x0 platform also depends on mv_ddr source code
and already requires passing correct MV_DDR_PATH build option.
So for A8K implement same checks for validity of MV_DDR_PATH option as
are already used by TF-A code for Armada 37x0 platform.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I792f2bfeab0cec89b1b64e88d7b2c456e22de43a
This commit adds a DRAM size setting when building with
RCAR_DRAM_LPDDR4_MEMCONF=2 for M3N Ver.1.1 4GB DRAM.
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: Ib7fea862ab2e0bcafaf39ec030384f0fddda9b96
Update the revision number in the revision management file.
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: I44b9e5a992e8a44cfeafad6d2c1a97aa59baca4e
This commit deletes the value of the redefined CPG register.
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: I05cf4a449ae28adb2ddd59593971a7d0cbcb21de
The DRAM channel 0 memory area in 32bit space is limited to 2 GiB window.
Furthermore, the first 128 MiB of this memory window are reserved and not
accessible by the system software, hence the 32bit area memory node is
limited to range 0x4800_0000..0xbfff_ffff.
In case there are more than 2 GiB of DRAM populated in channel 0, it is
necessary to generate two memory nodes, once covering the 2 GiB - 128 MiB
area in the 32bit space, and another covering the rest of the memory in
64bit space. This patch implements handling of such a case.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Change-Id: I3495241fb938e355352e817afaca8f01d04c81d2
Move the code that adds single new memory@ node into the DT fragment passed
to system software into separate function. Adjust the failure message to be
more specific and print the address range of node which failed to be added.
No functional change.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Change-Id: Ie42cd7756b045271f070bca93c524fff6238f5a2
The BL33 size on this platform is limited to 1 MiB, add optional
support for decompressing and starting gzip-compressed BL33, which
may help with this size limitation. This functionality is disabled
by default, set RCAR_GEN3_BL33_GZIP=1 during build to enable it.
The BL33 at 0x50000000 should then be gzip compressed, however if
the BL33 does not have a valid gzip header, it is copied to the
correct location and started as-is, this is a fallback for legacy
systems and systems which update to gzip-compressed BL33.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Change-Id: Id93f1c7e6f17db1ffb952ea086562993473f6efa
All API calls except non-blocking should wait for
IPI response and read buffer to check return status
from firmware. Some of API calls are not reading
status from IPI payload data. Use sync method which
reads actual return status from IPI payload.
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: I6f568b85d0da639c264f507122e3015807d8423d
All API calls except non-blocking should wait for
IPI response and read buffer to check return status
from firmware. Some of API calls are not reading
status from IPI payload data. Use sync method which
reads actual return status from IPI payload.
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: I78f9c061a80cee6d524ade4ef124ca88ce1848cf
Used mmio* functions to read/write NVFLAGS registers to avoid
possibile reordering of instructions by compiler.
Change-Id: Iae50ac30e5413259cf8554f0fff47512ad83b0fd
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
In the FVP platform, BL1 uses flash only for read purpose
hence marked this flash region as read-only.
Change-Id: I3b57130fd4f3b4df522ac075f66e9799f237ebb7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Erasing the FIP TOC header present in a flash is replaced by updating NV
flags with an error code on image load/authentication failure.
BL1 component uses these NV flags to detect whether a firmware update is
needed or not.
These NV flags get cleared once the firmware update gets completed.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I6232a0db07c89b2373b7b9d28acd37df6203d914
DCM means dynamic clock management, and it can dynamically
slow down or gate clocks during CPU or bus idle.
1. Add MCUSYS related DCM drivers.
2. Enable MCUSYS related DCM by default.
Change-Id: I3237199bc217bd3682f51d31284db5fd0324b396
Signed-off-by: Garmin Chang <garmin.chang@mediatek.com>
In the qemu memory map 1GB and up is RAM. Change the
size of NS DRAM to 3GB to support VM's with more
memory requirements.
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Change-Id: If15cf3b9d3e2e7876c40ce888f22e887893fe696
* changes:
feat(plat/mediatek/mt8195): add SPM suspend driver
feat(plat/mediatek/mt8195): support MCUSYS off when system suspend
feat(plat/mediatek/mt8195): add support for PTP3
fix(plat/mediatek/mt8195): extend MMU region size
Support DRAM/MAINPLL/26M off when system suspend.
Signed-off-by: Edward-JW Yang <edward-jw.yang@mediatek.corp-partner.google.com>
Change-Id: Ib8502f9b0b4e47aa405e5449f0b6d483bd3f5d77
Add drivers to support MCUSYS off when system suspend.
Signed-off-by: Edward-JW Yang <edward-jw.yang@mediatek.corp-partner.google.com>
Change-Id: I388fd2318f471083158992464ecdf2181fc7d87a
Add PTP3 drivers to protect CPU excessive voltage drop
in CPU heavy loading.
Change-Id: I7bd37912c32d5328ba0287fccc8409794bd19c1d
Signed-off-by: Elly Chiang <elly.chiang@mediatek.com>
In mt8195 suspend/resume flow, ATF has to communicate with a subsys by
read/write the subsys registers. However, the register region of subsys
doesn't include in the MMU mapping region. It triggers MMU faults.
This patch extends the MMU region 0 size to cover all mt8195 HW modules.
This patch also remove MMU region 1 because region 0 covers region 1.
Change-Id: I3a186ed71d0d963b59ae55e27a6d27a01fe4f638
Signed-off-by: Tinghan Shen <tinghan.shen@mediatek.com>
The partition layout description JSON file generated by TF-A tests
declares a fourth test partition called Ivy demonstrating the
implementation of a S-EL0 partition supported by a S-EL1 shim.
Change-Id: If8562acfc045d6496dfdb3df0524b3a069357f8e
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Add a generic function to setup the stm32image IO.
Change-Id: I0f7cf4a6030605037643f3119b809e0319d926af
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Add a panic() at the end of stm32mp_io_setup() if the boot interface
given in ROM code boot context is not supported.
Change-Id: I0d50f21a11231febd21041b6e63108cc3e6f4f0c
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
We don't ever expect to load a binary with an STM32 header on the Arm
FVP platform so remove this type of image from the list of
measurements.
Also remove the GPT image type from the list, as it does not get
measured. GPT is a container, just like FIP is. We don't measure the FIP
but rather the images inside it. It would seem logical to treat GPT the
same way.
Besides, only images that get loaded through load_auth_image() get
measured right now. GPT processing happens before that and is handled in
a different way (see partition_init()).
Change-Id: Iac4de75380ed625b228e69ee4564cf9e67e19336
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
For Arm platforms PIE is enabled when RESET_TO_BL31=1 in aarch64 mode on
the similar lines enable PIE when RESET_TO_SP_MIN=1 in aarch32 mode.
The underlying changes for enabling PIE in aarch32 is submitted in
commit 4324a14bf
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib8bb860198b3f97cdc91005503a3184d63e15469
Third instance of cactus is a UP SP. Set its vcpu count to 1.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I34b7feb2915e6d335e690e89dea466e75944ed1b
This patch will make BL2_BASE to be hex valaue but
not a shell command.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Iebb86a0b9bc8cab1676bd8e898cf4a1b6d16f472
Some build variables have already defined in common
make helper file, use them directly.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I7fe6331160bfdf315924d4498d78b0a399eb2e89
To quote jwerner in T925:
"The __sramdata in the declaration is a mistake, the correct target
section for that global needs to be .pmusram.data. This used to be
in .sram.data once upon a time but then the suspend.c stuff got added
and required it to be moved to PMUSRAM. I guess they forgot to update
that part in the declaration and since the old GCC seemed to silently
prefer the attribute in the definition, nobody noticed."
This fixes building with gcc 11.
fix #T925
Change-Id: I2b91542277c95cf487eaa1344927294d5d1b8f2b
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
In stm32mp1_syscfg_disable_io_compensation(), to disable the IO
compensation cell, we have to set the corresponding bit in
SYSCFG_CMPENCLRR register, instead of clearing the bit in SETR register.
Change-Id: I510a50451f8afb9e98c24e1ea84efbf73a39e6b4
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The dependency on this macro was added by patch [1]. But the macro
itself was forgotten in the patch.
[1] 128e0b3e2e ("stm32mp1: update rules for stm32image tool")
Change-Id: I49219e1e13828b97b95f404983da33ef4567fe23
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
BSEC services should return SMC error codes as other IDs (defined in
stm32mp1_smc.h) and not BSEC driver ones. So that non-secure caller
is able to treat them correctly.
In global SMC handler, unknown ID should also return a value from this
definition list, and not the generic one, which seems not well adapted
for our needs.
Two unsigned values initializations are also changed from 0 to 0U.
Change-Id: Ib6fd3866a748cefad1d13d48f7be38241621023e
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
As there is constraint with the space for the release builds,
remove some of the legacy code.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I5b8b16f34ed8e480f16ab1aeac80b85cdb391852
Add imx_system_reset2 which extends existing SYSTEM_RESET. It provides
architectural reset definitions and vendor-specific resets.
By default warm reset is triggered.
Also refactor existing implementation of wdog reset, add details about
each flag used.
Change-Id: Ia7348c32c385f1c61f8085776e81dd1e38ddda5c
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
* changes:
feat(plat/nxp/lx2): add SUPPORTED_BOOT_MODE definition
feat(plat/nxp/common): add build macro for BOOT_MODE validation checking
refactor(plat/nxp/common): moved soc make-variables to new soc_common_def.mk
refactor(plat/nxp/lx216x): clean up platform configure file
refactor(plat/nxp/common): moved plat make-variables to new plat_common_def.mk
* changes:
refactor(plat/nvidia): use SOC_ID defines
refactor(plat/mediatek): use SOC_ID defines
refactor(plat/arm): use SOC_ID defines
feat(plat/st): implement platform functions for SMCCC_ARCH_SOC_ID
refactor(plat/st): export functions to get SoC information
feat(smccc): add bit definition for SMCCC_ARCH_SOC_ID
Add macro of SUPPORTED_BOOT_MODE for board lx2160ardb, lx2160aqds,
lx2162aqds.
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I4451ca030eca79c9bc5fee928eec497a7f0e878c
1. Added the build macro "add_boot_mode_define".
2. Use the macro to validate current BOOT_MODE against the
pre-determined list of SUPPORTED_BOOT_MODE, so each platform
need to define the list: SUPPORTED_BOOT_MODE.
3. Reports error if BOOT_MODE is not in SUPPORTED_BOOT_MODE list,
or BOOT_MODE is not supported yet althoug it is in SUPPORTED_BOOT_MODE.
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I29be60ecdb19fbec1cd162e327cdfb30ba629b07
Move some soc make variables to new soc_common_def.mk,
then it can be reused by other platforms.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Ia30bd332c95b6475f1cfee2f03a8ed3892a9568d
Use common code in common file to configure platform.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I72fe22751f12b8a4996a7b9f75fae4c912ea86de
Move some common make variables to new plat_common_def.mk,
then it can be reused by other platforms.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I37bd65b0f8124f63074fa03339f886c2cdb30bd3
In case of TF-A running out of DDR there is a need to reserved
memory to let other SW know that none can't use this memory. HW
wise this region can be (and should be) also protected by
protection unit XMPU. This is the first step to add reserved
memory location to DT.
DT address corresponds with default address in U-Boot and also
default address in Xilinx BSPs.
Code is valid only when TF-A runs out of DDR. When it runs out
of OCM there is no need to reseve anything because OCM is hidden
to OS.
Change-Id: I01f230ced67207a159128cc11d11d36dd4590cab
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Add sdei support for i.MX8MM, this is to let jailhouse Hypervisor
could use SDEI to do hypervisor management, after physical IRQ
has been disabled routing.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Change-Id: I8308c629448bd8adca9d3d25701adcf0c5a6afc2
Add sdei support for i.MX8MN, this is to let jailhouse Hypervisor
could use SDEI to do hypervisor management, after physical IRQ
has been disabled routing.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Change-Id: Ie15fffdd09e1bba1b22334b8ccac2335c96b8b4d
Device Tree address is now a parameter for dt_open_and_check() function.
This will allow better flexibility when introducing PIE and FIP.
The fdt pointer is now only assigned if the given address holds
a valid device tree file. This allows removing the fdt_checked variable,
as we now check fdt is not null.
Change-Id: I04cbb2fc05c9c711ae1c77d56368dbeb6dd4b01a
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The boot device is now checked inside a dedicated rule, that is only
called during BL2 compilation step
Change-Id: Ie7bcd1f166285224b0c042238989a82f7b6105c6
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Added a new STM32MP_EMMC_BOOT option, which is used to look for SSBL in
the same eMMC boot partition TF-A booted from at a fixed 256k offset. In
case STM32 image header is not found, the boot process rolls back to a
GPT partition look-up scheme.
Signed-off-by: Vyacheslav Yurkov <uvv.mail@gmail.com>
Change-Id: I85a87dc9ae7f2b915ed8e584be80f4b3588efc48
Add basic SDEI support, implementing the software event 0 only for now.
This already allows hypervisors like Jailhouse to use SDEI for internal
signaling while passing the GICC through to the guest (see also IMX8).
With SDEI on, we overrun the SRAM and need to stay in DRAM. So keep SDEI
off by default.
Co-developed-by: Angelo Ruocco <angeloruocco90@gmail.com>
Signed-off-by: Angelo Ruocco <angeloruocco90@gmail.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Change-Id: Ic0d71b4ef0978c0a34393f4e3530ed1e24a39ca2
The io_dummy code and function calls are only used in case BL32 is TF-A
SP_min, and not OP-TEE. This code in bl2_io_storage can then be put under
#ifndef AARCH32_SP_OPTEE.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I52787a775160b335f97547203f653419621f5147
STM32MP1 does not use BL1, the loading of BL2 is done by ROM code. It is
then useless to have an entry BL2_IMAGE_ID in the policies.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I464cedf588114d60522433123f8dbef32ae36818
Fix a remainder from early prototyping. OP-TEE as a secure partition
does not need specific SMC function id pass through to EL3.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I2843d1b9a5eb4c966f82790e1655fb569c2de7d4
The UUID strings used in FW_CONFIG DT are not aligned with UUIDs defined
in include/tools_share/firmware_image_package.h for BL32_EXTRA1 and
TRUSTED_KEY_CERT.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I517f8f9311585931f2cb931e0588414da449b694
The UART code for the A3K platform assumes that UART parent clock rate
is always 25 MHz. This is incorrect, because the xtal clock can also run
at 40 MHz (this is board specific).
The frequency of the xtal clock is determined by a value on a strapping
pin during SOC reset. The code to determine this frequency is already in
A3K's comphy driver.
Move the get_ref_clk() function from the comphy driver to a separate
file and use it for UART parent clock rate determination.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I8bb18a2d020ef18fe65aa06ffa4ab205c71be92e
Macros PLAT_MARVELL_BOOT_UART* and PLAT_MARVELL_CRASH_UART* are defined
to same values. De-duplicate them into PLAT_MARVELL_UART* macros.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Iae5daf7cad6a971e6f3dbe561df3d0174106ca7f
Macros PLAT_MARVELL_BL31_RUN_UART* are not used since commit
d7c4420cb8 ("plat/marvell: Migrate to multi-console API").
Remove them.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I5ec959ef4de87dcfb332c017ad2599bf8af6ffc3
Morello exhibits the behavior similar to Juno wherein CNTBaseN.CNTFRQ
can be written but does not reflect the value of the CNTFRQ register
in CNTCTLBase frame. This doesn't follow ARM ARM in that the value
updated in CNTCTLBase.CNTFRQ is not reflected in CNTBaseN.CNTFRQ.
Hence enable the workaround (applied to Juno) for Morello that updates
the CNTFRQ register in the Non Secure CNTBaseN frame.
Change-Id: Iabe53bf3c25152052107e08321323e4bde5fbef4
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Add support for XCK26 silicon which is available on SOM board.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: Ic98213328702903af8a79f487a2868f3e6d60338
This patch renames the Matterhorn, Matterhorn ELP, and Klein CPUs to
Cortex A710, Cortex X2, and Cortex A510 respectively.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I056d3114210db71c2840a24562b51caf2546e195
UART parent clock is by default the platform's xtal clock, which is
25 MHz.
The value defined in the driver, though, is 25.8048 MHz. This is a hack
for the suboptimal divisor calculation
Divisor = UART clock / (16 * baudrate)
which does not use rounding division, resulting in a suboptimal value
for divisor if the correct parent clock rate was used.
Change the code for divisor calculation to
Divisor = Round(UART clock / (16 * baudrate))
and change the parent clock rate value to 25 MHz.
The final UART divisor for default baudrate 115200 is not affected by
this change.
(Note that the parent clock rate should not be defined via a macro,
since the xtal clock can also be 40 MHz. This is outside of the scope of
this fix, though.)
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Iaa401173df87aec94f2dd1b38a90fb6ed0bf0ec6
Create a dedicated static struct mmc_device_info mmc_info mmc_info
instead of having this in stack.
A boot issue has been seen on some platform when applying patch [1].
[1] 13f3c5166f ("mmc:prevent accessing to the released space in case of wrong usage")
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Iba0424a5787f9e510a60696d4033db1b49b243b2
Use the macros that are now defined in include/lib/smccc.h.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Ibe3c17acd2482b7779318c8a922a138dcace5554
Use the macros that are now defined in include/lib/smccc.h.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Ie1dbc54569086f6a74206b873fee664b4cdeea36
Use the macros that are now defined in include/lib/smccc.h.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I688a76277b729672835d51fafb68d1d6205b6ae4
The JEDEC information for STMicroelectronics is:
JEDEC_ST_MFID U(0x20)
JEDEC_ST_BKID U(0x0)
And rely on platform functions to get chip IP and revision.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I4fa4ac8bb5583b1871b768decc9fe08e8966ff54
Three functions are exported to get SoC version, SoC device ID, and SoC
name. Those functions are based on reworked existing static functions.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I1f3949062bb488286a9e7a38ffcd1457953dac56
The SGI/RD platforms have been using PSCI state ID format as defined in
PSCI version prior to 1.0. This is being changed and the PSCI extended
state ID format as defined in PSCI version 1.1 is being adapted. In
addition to this, the use of Arm recommended PSCI state ID encoding is
enabled as well.
Change-Id: I2be8a9820987a96b23f4281563b6fa22db48fa5f
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
Update idle flow in case of last read command timeout.
Signed-off-by: Hsin-Hsiung Wang <hsin-hsiung.wang@mediatek.com>
Change-Id: Idb0552d70d59b23822c38269d0fa9fe9ac0d6975
MTK display port mute/unmute control registers need to be
set in secure world.
Signed-off-by: Rex-BC Chen <rex-bc.chen@mediatek.com>
Change-Id: Iec73650e937bd20e25c18fa28d55ae29e68b10d3
Use proper offset for IPI data based on offset for IPI0
channel.
Signed-off-by: Rajan Vaja <rajan.vaja@xilinx.com>
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: I3070517944dd353c3733aa595df0da030127751a
The PCIe root port is outside of the current RPi
MMIO regions, so we need to adjust the address map.
Given much of the code depends on the legacy IOBASE
lets separate that from the actual MMIO begin/end.
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
Change-Id: Id65460ae58556bd8826dba08bbad79953e2a7c0b
Add APU iommap settings for reviser, apu_ao and
devapc control wrapper.
Signed-off-by: Flora Fu <flora.fu@mediatek.com>
Change-Id: Ie8e6a197c0f440f9e4ee8101202283a2dbf501a6
In iMX8MM it is possible to have two copies of bootloader in
SD/eMMC and switch between them. The switch is triggered either
by the BootROM in case the bootloader image is faulty OR can be
enforced by the user. To trigger that switch the
PERSIST_SECONDARY_BOOT bit should be set in GPR10 SRC register.
As the bit is retained after WARM reset, that permits to control
BootROM behavior regarding what boot image it will boot after
reset: primary or secondary.
This is useful for reliable bootloader A/B updates, as it permits
switching between two copies of bootloader at different offsets of
the same storage.
If the PERSIST_SECONDARY_BOOT is 0, the boot ROM uses address
0x8400 for the primary image. If the PERSIST_SECONDARY_BOOT is 1,
the boot ROM reads that secondary image table from address 0x8200
on the boot media and uses the address specified in the table for
the secondary image.
Secondary Image Table contains the sector of secondary bootloader
image, exluding the offset to that image (explained below in the
note). To generate the Secondary Image Table, use e.g.:
$ printf '\x0\x0\x0\x0\x0\x0\x0\x0\x33\x22\x11'
'\x00\x00\x10\x0\x0\x00\x0\x0\x0'
> /tmp/sit.bin
$ hexdump -vC /tmp/sit.bin
00000000 00 00 00 00
00000004 00 00 00 00
00000008 33 22 11 00 <--- This is the "tag"
0000000c 00 10 00 00 <--- This is the "firstSectorNumber"
00000010 00 00 00 00
You can also use NXP script from [1][2] imx-mkimage tool for
SIT generation. Note that the firstSectorNumber is NOT the offset
of the IVT, but an offset of the IVT decremented by Image Vector
Table offset (Table 6-25. Image Vector Table Offset and Initial
Load Region Size for iMX8MM/MQ), so for secondary SPL copy at
offset 0x1042 sectors, firstSectorNumber must be 0x1000
(0x42 sectors * 512 = 0x8400 bytes offset).
In order to test redundant boot board should be closed and
SD/MMC manufacture mode disabled, as secondary boot is not
supported in the SD/MMC manufacture mode, which can be disabled
by blowing DISABLE_SDMMC_MFG (example for iMX8MM):
> fuse prog -y 2 1 0x00800000
For additional details check i.MX 8M Mini Apllication Processor
Reference Manual, 6.1.5.4.5 Redundant boot support for
expansion device chapter.
[1] https://source.codeaurora.org/external/imx/imx-mkimage/
[2] scripts/gen_sit.sh
Change-Id: I0a5cea7295a4197f6c89183d74b4011cada52d4c
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Added support for HW computed CRC using Arm ACLE intrinsics.
These are built-in intrinsics available for ARMv8.1-A, and
onwards.
These intrinsics are enabled via '-march=armv8-a+crc' compile
switch for ARMv8-A (supports CRC instructions optionally).
HW CRC support is enabled unconditionally in BL2 for all Arm
platforms.
HW CRC calculation is verified offline to ensure a similar
result as its respective ZLib utility function.
HW CRC calculation support will be used in the upcoming
firmware update patches.
Change-Id: Ia2ae801f62d2003e89a9c3e6d77469b5312614b3
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Disable non-invasive debug of secure state for Juno
in release builds. This makes sure that PMU counts
only Non-secure events.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I0d1c3f96f3b4e48360a7211ae55851d65d291025
This patch adds support for the crypto and secure storage secure
partitions for the Total Compute platform. These secure partitions
have to be managed by Hafnium executing at S-EL2
Change-Id: I2df690e3a99bf6bf50e2710994a905914a07026e
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
AMU counters are used for monitoring the CPU performance. RD-V1-MC
platform has architected AMU available for each core. Enable the use of
AMU by non-secure OS for supporting the use of counters for processor
performance control (ACPI CPPC).
Change-Id: I33be594cee669e7f4031e5e5a371eec7c7451030
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
on i.MX8MP A1 silicon, the OCRAM space is extended to 512K + 64K,
currently, OCRAM @0x960000-0x980000 is reserved for BL31, it will
leave the last 64KB in non-continuous space. To provide a continuous
384KB + 64KB space for generic use, so move the BL31 space to
0x970000-0x990000 range.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I96d572fc0f87f05a60f55e0552a68b6e70f8e7f4
the 'always_on' member should be initialized from 'on'.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I5746ff40075b4fcda2ac7d04a8d7f1269af17e91
* changes:
stm32mp1: enable PIE for BL32
stm32mp1: set BL sizes regardless of flags
Add PIE support for AARCH32
Avoid the use of linker *_SIZE__ macros
Added GPT parser support in BL2 for Arm platforms to get the entry
address and length of the FIP in the GPT image.
Also, increased BL2 maximum size for FVP platform to successfully
compile ROM-enabled build with this change.
Verified this change using a patch:
https://review.trustedfirmware.org/c/ci/tf-a-ci-scripts/+/9654
Change-Id: Ie8026db054966653b739a82d9ba106d283f534d0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
NOTE: Breaking change to the way UUIDs are stored in the DT
Currently, UUIDs are stored in the device tree as
sequences of 4 integers. There is a mismatch in endianness
between the way UUIDs are represented in memory and the way
they are parsed from the device tree. As a result, we must either
store the UUIDs in little-endian format in the DT (which means
that they do not match up with their string representations)
or perform endianness conversion after parsing them.
Currently, TF-A chooses the second option, with unwieldy
endianness-conversion taking place after reading a UUID.
To fix this problem, and to make it convenient to copy and
paste UUIDs from other tools, change to store UUIDs in string
format, using a new wrapper function to parse them from the
device tree.
Change-Id: I38bd63c907be14e412f03ef0aab9dcabfba0eaa0
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Replaced PLAT_ARM_FIP_BASE and PLAT_ARM_FIP_MAX_SIZE macro with a
generic name PLAT_ARM_FLASH_IMAGE_BASE and PLAT_ARM_FLASH_IMAGE_MAX_SIZE
so that these macros can be reused in the subsequent GPT based support
changes.
Change-Id: I88fdbd53e1966578af4f1e8e9d5fef42c27b1173
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This new compile option is only for Armada 3720 Development Board. When
it is set to 1 then TF-A will setup PM wake up src configuration.
By default this new option is disabled as it is board specific and no
other A37xx board has PM wake up src configuration.
Currently neither upstream U-Boot nor upstream Linux kernel has wakeup
support for A37xx platforms, so having it disabled does not cause any
issue.
Prior this commit PM wake up src configuration specific for Armada 3720
Development Board was enabled for every A37xx board. After this change it
is enabled only when compiling with build flag A3720_DB_PM_WAKEUP_SRC=1
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I09fea1172c532df639acb3bb009cfde32d3c5766
Add board support for RD-N2 Cfg1 variant of RD-N2 platform. It is a
variant of RD-N2 platform with a reduced interconnect mesh size (3x3)
and core count (8-cores). Its platform variant id is 1.
Change-Id: I34ad35c5a5c1e9b69a658fb92ed00e5bc5fe72f3
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
A Neoverse reference design platform can have two or more variants that
differ in core count, cluster count or other peripherals. To allow reuse
of platform code across all the variants of a platform, introduce build
option CSS_SGI_PLATFORM_VARIANT for Arm Neoverse reference design
platforms. The range of allowed values for the build option is platform
specific. The recommended range is an interval of non negative integers.
An example usage of the build option is
make PLAT=rdn2 CSS_SGI_PLATFORM_VARIANT=1
Change-Id: Iaae79c0b4d0dc700521bf6e9b4979339eafe0359
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
This will help in keeping source file generic and conditional
compilation can be contained in platform provided dt files.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I3c6e0a429073f0afb412b9ba521ce43f880b57fe