This change introduces two new A3720 parameters, CRYPTOPP_LIBDIR and
CRYPTOPP_INCDIR, which can be used to specify directory paths to
pre-compiled Crypto++ library and header files.
When both new parameters are specified then the source code of Crypto++ via
CRYPTOPP_PATH parameter is not needed. And therefore it allows TF-A build
process to use system Crypto++ library.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I6d440f86153373b11b8d098bb68eb7325e86b20b
For SoCs which do not implement RAS, use DSB as a barrier to
synchronize pending external aborts at the entry and exit of
exception handlers. This is needed to isolate the SErrors to
appropriate context.
However, this introduces an unintended side effect as discussed
in the https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3440
A summary of the side effect and a quick workaround is provided as
part of this patch and summarized here:
The explicit DSB at the entry of various exception vectors in BL31
for handling exceptions from lower ELs can inadvertently trigger an
SError exception in EL3 due to pending asyncrhonouus aborts in lower
ELs. This will end up being handled by serror_sp_elx in EL3 which will
ultimately panic and die.
The way to workaround is to update a flag to indicate if the exception
truly came from EL3. This flag is allocated in the cpu_context
structure. This is not a bullet proof solution to the problem at hand
because we assume the instructions following "isb" that help to update
the flag (lines 100-102 & 139-141) execute without causing further
exceptions.
Change-Id: I4d345b07d746a727459435ddd6abb37fda24a9bf
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
These variables must contain a path to a valid directory (not a file) which
really exists. Also WTP and MV_DDR_PATH must point to either a valid Marvell
release tarball or git repository.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I1ad80c41092cf3ea6a625426df62b7d9d6f37815
The value of stdout-path is a string and as a result, we can't use a
label as a reference to the serial0 node. This change fixes the
stdout-path property for N1SDP, Morello and TC0 by pointing to the
right alias.
Signed-off-by: Nikos Nikoleris <nikos.nikoleris@arm.com>
Change-Id: I3d403389a424569be56327fab4140fec06f96d37
This bug manifests itself as a segfault triggered by a double-free.
I noticed that right before the double-free, the sk list contained 2
elements with the same address.
(gdb) p sk_X509_EXTENSION_value(sk, 1)
$34 = (X509_EXTENSION *) 0x431ad0
(gdb) p sk_X509_EXTENSION_value(sk, 0)
$35 = (X509_EXTENSION *) 0x431ad0
(gdb) p sk_X509_EXTENSION_num(sk)
$36 = 2
This caused confusion; this should never happen.
I figured that this was caused by a ext_new_xxxx function freeing
something before it is added to the list, so I put a breakpoint on
each of them to step through. I was suprised to find that none of my
breakpoints triggered for the second element of the iteration through
the outer loop just before the double-free.
Looking through the code, I noticed that it's possible to avoid doing
a ext_new_xxxx, when either:
* ext->type == NVCOUNTER and ext->arg == NULL
* ext->type == HASH and ext->arg == NULL and ext->optional == false
So I put a breakpoint on both.
It turns out that it was the HASH version, but I added a fix for both.
The fix for the Hash case is simple, as it was a mistake. The fix for
the NVCOUNTER case, however, is a bit more subtle. The NVCOUNTER may
be optional, and when it's optional we can skip it. The other case,
when the NVCOUNTER is required (not optinal), the `check_cmd_params`
function has already verified that the `ext->arg` must be non-NULL.
We assert that before processing it to covert any possible segfaults
into more descriptive errors.
This should no longer cause double-frees by adding the same ext twice.
Change-Id: Idae2a24ecd964b0a3929e6193c7f85ec769f6470
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
The certification tool creates all the certificates mentioned
statically in the code rather than taking explicit certificate
requests from the command line parameters.
Code is optimized to avoid unnecessary attempts to create
non-requested certificates.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I78feac25bc701bf8f08c6aa5a2e1590bec92d0f2
Marvell finally started providing the latest version of mv-ddr-marvell and
A3700-utils-marvell code in master branch of their git repositories.
Reflect this in build instructions.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I08d1189dac60eb2a28335c68f611c1da634106f6
Now that we have split the native and the SCPI version of the PSCI ops,
we can introduce build options to compile in either or both of them.
If one version is not compiled in, some stub functions make sure the
common code still compiles and makes the right decisions.
By default both version are enabled (as before), but one of them can be
disabled on the make command line, or via a platform specific Makefile.
Change-Id: I0c019d8700c0208365eacf57809fb8bc608eb9c0
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Samuel Holland <samuel@sholland.org>
In order to keep SCP firmware as optional, the original, limited native
PSCI implementation was kept around as a fallback. This turned out to be
a good decision, as some newer SoCs omit the ARISC, and thus cannot run
SCP firmware.
However, keeping the two implementations in one file makes things
unnecessarily messy. First, it is difficult to compile out the
SCPI-based implementation where it is not applicable. Second the check
is done in each callback, while scpi_available is only updated at boot.
This makes the individual callbacks unnecessarily complicated.
It is cleaner to provide two entirely separate implementations in two
separate files. The native implementation does not support any kind of
CPU suspend, so its callbacks are greatly simplified. One function,
sunxi_validate_ns_entrypoint, is shared between the two implementations.
Finally, the logic for choosing between implementations is kept in a
third file, to provide for platforms where only one implementation is
applicable and the other is compiled out.
Change-Id: I4914f07d8e693dbce218e0e2394bef15c42945f8
Signed-off-by: Samuel Holland <samuel@sholland.org>
- When the SCPI shutdown/reset command returns success, the SCP is
still waiting for the CPU to enter WFI. Do that.
- Peform board-level poweroff before CPU poweroff. If there is a PMIC
available, it will turn everything off including the CPUs, so doing
CPU poweroff first is a waste of cycles.
- During poweroff, attempt to turn off the local CPU using the ARISC.
This should use slightly less power than just an infinite WFI.
- Drop the WFI in the reset failure path. The panic will hang anyway.
Change-Id: I897efecb3fe4e77a56041b97dd273156ec51ef8e
Signed-off-by: Samuel Holland <samuel@sholland.org>
When operating on the local cpu, sunxi_cpu_power_off_self() only "arms"
the ARISC to perform the power-off process; the SCP waits for the CPU to
enter WFI before acutally powering it off. Since this matches the
expected split between .pwr_domain_off and .pwr_domain_pwr_down_wfi, we
can move the sunxi_cpu_power_off_self() call to sunxi_pwr_domain_off().
Since that change makes sunxi_pwr_down_wfi() equivalent to the default
implementation, the callback is no longer needed.
Change-Id: I7d65f66c550d1c69fa5e9945affd7a25b3d3ef42
Signed-off-by: Samuel Holland <samuel@sholland.org>
Currently, sunxi_cpu_off() has two separate code paths: one for the
local CPU, and one for other CPUs. Let's split them in to two functions.
This actually simplifies things, because all callers either operate on
the local CPU only (sunxi_pwr_down_wfi()) or other CPUs only
(sunxi_cpu_power_off_others()). This avoids needing a second MPIDR read
to choose the appropriate code path.
Change-Id: I55de85025235cc95466bfa106831fc4c2368f527
Signed-off-by: Samuel Holland <samuel@sholland.org>
Disabling secondary CPUs during boot is unnecessary because the other
CPUs are already in reset, and it saves an entirely insignificant amount
of power. Let's remove this bit of code that was added mostly "because
we can", and along with it remove an unconditional dependency on the CPU
ops functions.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: Ia77a1b722da6ba989c3992b656a6cde3f2238fd7
Checking the exceptional case and letting the success case fall through
is not only more idiomatic, but it also allows adding more exceptional
cases in the future, such as a check for overlapping secure DRAM.
Change-Id: I720441a6a8853fd7f211ebe851f14d921a6db03d
Signed-off-by: Samuel Holland <samuel@sholland.org>
This duplicated the logic in psci_validate_mpidr() which was already
called from psci_cpu_on().
Change-Id: I96ee92f1ce3e9cc2985b4e229ba86ebd27b79915
Signed-off-by: Samuel Holland <samuel@sholland.org>
This optional PSCI function was only implemented when SCPI was
available. However, the underlying SCPI function is not able to fulfill
the necessary contract. First, the SCPI protocol has no way to represent
HW_STANDBY at the CPU power level. Second, the SCPI implementation
maintains its own logical view of power states, and its implementation
of SCPI_CMD_GET_CSS_POWER_STATE does not actually query the hardware.
Thus it cannot provide "the physical view of power state", as required
for this function by the PSCI specification.
Since the function is optional, drop it.
Change-Id: I5f3a0810ac19ddeb3c0c5d35aeb09f09a0b80c1d
Signed-off-by: Samuel Holland <samuel@sholland.org>
The base address of UART peripheral should be given in R0, not in R1.
Otherwise the console_stm32_core_flush issues an assert message.
This issue was highlighted with recent changes in console flush functions.
Change-Id: Iead01986fdbbf30ad2fd9fa515a1d2b611b4e591
Signed-off-by: Yann Gautier <yann.gautier@st.com>
* changes:
libc/snprintf: use macro to reduce duplicated code
libc/snprintf: add support to print "%" character
libc/printf: add support to print "%" character
To avoid a potential out-of-bounds access, check whether
a device exists on a channel before calling the corresponding
clone function.
Signed-off-by: Zelalem <zelalem.aweke@arm.com>
Change-Id: Ia0dd66b331d3fa8a33109a02369e1bc9ae0fdd5b
Fix some typos and misspellings in TF-A documentation.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Change-Id: Id72553ce7b2f0bed9821604fbc8df4d4949909fa
The issue is that, when interrupt is triggered and RAS handler
is entered, after interrupt handler finishes, TF-A will re-enter
bl32 and then crash.
sdei_dispatch_event() may return failing result in some cases,
for example kernel may not have registered a handler or RAS event
may happen early during boot. We restore the NS context when
sdei_dispatch_event() returns failing result.
error log :
Received delegated event
X0 : 0xC4000061
X1 : 0x0
X2 : 0x0
X3 : 0x0
Received event - 0xC4000061 on cpu 0
UnRecognized Event - 0xC4000061
Failed delegated event 0xC4000061, Status Invalid Parameter
Unhandled Exception in EL3.
x30 = 0x000000000401f700
x0 = 0xfffffffffffffffe
x1 = 0xfffffffffffffffe
x2 = 0x00000000600003c0
Signed-off-by: Ming Huang <huangming@linux.alibaba.com>
Change-Id: I9802e9a32eee0ac3b5a8bcc0362d0b0e3b71dc9f
* changes:
qemu/qemu_sbsa: add support for sbsa-ref Embedded Controller
qemu/qemu_sbsa: topology is different from qemu so add handling
qemu/common : change DEVICE2 definition for MMU
qemu/aarch64/plat_helpers.S : calculate the position shift
Turn ON/OFF GIC redistributor in sync with GIC CPU interface ON/OFF.
Issue :
The Linux prompt hangs when all the cores in a cluster are turned OFF
and we try to turn ON a core in that cluster. Previously when TF-A turns
ON a core, TF-A first turns ON the redistributor followed by the core.
This did not match the flow when turning OFF a core, as TF-A did not
turn OFF redistributor when the corresponding core[s] are disabled.
This hang is resolved by disabling redistributor as cores are disabled,
keeping them in sync.
Signed-off-by: Jagadeesh Ujja <jagadeesh.ujja@arm.com>
Change-Id: Ifd04fdcfd47b45e00f874f15b098471883d023f0
Some switch cases uses same operation. So, club switch cases
which uses same operation and remove duplicate code.
Signed-off-by: Rajan Vaja <rajan.vaja@xilinx.com>
Change-Id: I260b474c0ff3f2ca102c32d4af2e4abba2b8f57c
Add macro CHECK_AND_PUT_CHAR to check buffer capacity, save one
character to buffer, and then increase character counter by one in one
single statement, so that 4 similar code pieces can be cleaned.
Signed-off-by: Heyi Guo <guoheyi@linux.alibaba.com>
Change-Id: I2add6b4bd6c24ea3c0d2499a44924e3e8db0f4d1
Enable snprintf()/vsnprintf() in TF-A to print "%" character as C
standard, which may be used in platform porting to print percentage
information.
Signed-off-by: Heyi Guo <guoheyi@linux.alibaba.com>
Change-Id: I9b296372a1002046eabac1df5e8eb99a27efd4a8
Enable printf() in TF-A to print "%" character as C standard, which
may be used in platform porting to print percentage information.
Signed-off-by: Heyi Guo <guoheyi@linux.alibaba.com>
Change-Id: I7af2f1d153548e426f423fce15dc48b0da56c622
This allows PSCI in TF-A to signal platform power states to QEMU
via a controller in secure space.
This required a sbsa-ref specific version of PSCI functions for the
platform. Also adjusted the MMU range to also include the new EC.
Add a new MMU region for the embedded controller and increase the
size of xlat tables by one for the new region.
Signed-off-by: Graeme Gregory <graeme@nuviainc.com>
Change-Id: Iece8a88947f11e82ab8988e460a8a66ad175a5ee
sbsa-ref in QEMU creates clusers of 8 cores, it may create up to 512
cores in upto 64 clusters. Implement a qemu_sbsa specific topology file
and increase the BL31_SIZE to accommodate the bigger table sizes. Change
platform_def.h for new topology. Correct PLATFORM_CPU_PER_CLUSTER_SHIFT so
plat_helpers.S calculates correct result.
Signed-off-by: Graeme Gregory <graeme@nuviainc.com>
Change-Id: Idc5d70394c0956b759ad2c86f9fda8f293f2cfa7
DEVICE2 is not currently used on qemu platform but is needed for
a future patch for qemu_sbsa platform. Change its definition to
RW and add it to all levels of arm-tf similar to DEVICE1 definition.
Signed-off-by: Graeme Gregory <graeme@nuviainc.com>
Change-Id: I03495471bfd423b61ad44ec4953fb25f76aa54bf
Rather than re-create this file in multiple qemu variants instead
caclulate the shift needed to convert MPIDR to position.
Add a new PLATFORM_CPU_PER_CLUSTER_SHIFT define in platform_def.h
for both qemu and qemu_sbsa to enable this calculation.
Signed-off-by: Graeme Gregory <graeme@nuviainc.com>
Change-Id: I0e3a86354aa716d95150a3a34b15287cd70c8fd2