This patch fixes incorrect setting for DEVICE1_SIZE
for FVP platforms with more than 8 PEs.
The current value of 0x200000 supports only 8 PEs
and causes exception for FVP platforms with the greater
number of PEs, e.g. FVP_Base_Cortex_A65AEx8 with 16 PEs
in one cluster.
Change-Id: Ie6391509fe6eeafb8ba779303636cd762e7d21b2
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Board Support for the stm32mp1 platform is contained in the device tree,
so if we remove hardcoding of board name from the Makefile, we can build
the intermediary objects once and generate one new tf-a-*.stm32 binary
for every device tree specified. All in one go.
With implicit rules implemented, we only need to change the top level
target to support multi-image builds on the stm32mp1.
Change-Id: I4cae7d32a4c03a3c29c559dc5332e002223902c1
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Board Support for the stm32mp1 platform is contained in the device tree,
so if we remove hardcoding of board name from the Makefile, we can build
the intermediary objects once and generate one new tf-a-*.stm32 binary
for every device tree specified. All in one go.
Prepare for this by employing implicit rules.
Change-Id: I5a022a89eb12696cd8cee7bf28ac6be54849901f
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Doing this allows us in the next commit to use implicit rules (%-patterns)
to cover all the images we generate during a stm32mp1 build.
Change-Id: Ibde59d10ccce42566f82820117d7fd0d77345e6c
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
The linker script has no board-specific information that necessitates it
having a name derived from the board name. Give it a fixed name, so we
can later reuse the same linker script for multiple boards.
Change-Id: Ie6650f00389f4ab8577ae82a36c620af9c64101e
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Currently, building TF-A for STM32MP1 triggers a full rebuild,
avoid this by removing the .PHONY: specification for the final image and
replace it by specifying PHONYness for the targets that don't actually
produce file output.
This will come in handy in follow-up commits, when implicit rules are
introduced, as implicit rule search is skipped for .PHONY targets.
Change-Id: Ib9966479032b081a54123b99f889760e85639f19
Fixes: f74cbc93a ("stm32mp1: Link BL2, BL32 and DTB in one binary")
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Now that different UARTs share the same console_t struct, we can
simplify the console selection for the Marvell platforms:
We share the same console_t pointers, just change the name of the
console register functions, depending on the selected platform.
Change-Id: I6fe3e49fd7f208a9b3372c5deef43236a12867bc
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location for the coreboot memory console.
This removes the base member from the coreboot specific data structure,
but keeps the struct console_cbmc_t and its size member.
Change-Id: I7f1dffd41392ba3fe5c07090aea761a42313fb5b
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: I7a23327394d142af4b293ea7ccd90b843c54587c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: I07a07677153d3671ced776671e4f107824d3df16
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
*All* UART drivers in TF-A are storing their base address as a uintptr_t
pointer in the first location of the UART specific driver data.
Since the base address is a pretty natural and generic data item, we
should integrate this into the generic console_t structure.
That will not only allow to remove a lot of seemingly UART specific data
structures, but also enables to simplify runtime choices between different
UARTs, since they can share the same pointer.
This patch just adds the new member, the existing data structures will
be handled on a per-UART base in follow-up patches.
Change-Id: I59ce49471ccc8f3b870f2cfd8a72ebfd0cb14d12
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: Ia9d996bb45ff3a7f1b240f12fd75805b48a048e9
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: I347849424782333149e5912a25cc0ab9d277a201
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: I75dbfafb67849833b3f7b5047e237651e3f553cd
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: I9f8b55414ab7965e431e3e86d182eabd511f32a4
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: Ifd6aff1064ba1c3c029cdd8a83f715f7a9976db5
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: Iea6ca26ff4903c33f0fad27fec96fdbabd4e0a91
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: I836e26ff1771abf21fd460d0ee40e90a452e9b43
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: I89c3ab2ed85ab941d8b38ced48474feb4aaa8b7e
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: I5c2fe3b6a667acf80c808cfec4a64059a2c9c25f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: I058f793e4024fa7291e432f5be374a77faf16f36
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch comes as fixes for 'intel: Fix Coverity Scan Defects' patch.
Revert changing argument type from uint32_t to uint64_t to fix
incompatible cast issue. Fix said bug by using intermediate uint32_t
array as a more appropriate solution.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I344cdabd432cf0a0389b225c934b35d12f4c631d
This initializes the EMAC PHY in both Stratix 10 and Agilex,
without this, EMAC PHY wouldn't work correctly.
Change-Id: I7e6b9e88fd9ef472884fcf648e6001fcb7549ae6
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
This patch introduces a build flag which allows the xlat tables
to be mapped in a read-only region within BL31 memory. It makes it
much harder for someone who has acquired the ability to write to
arbitrary secure memory addresses to gain control of the
translation tables.
The memory attributes of the descriptors describing the tables
themselves are changed to read-only secure data. This change
happens at the end of BL31 runtime setup. Until this point, the
tables have read-write permissions. This gives a window of
opportunity for changes to be made to the tables with the MMU on
(e.g. reclaiming init code). No changes can be made to the tables
with the MMU turned on from this point onwards. This change is also
enabled for sp_min and tspd.
To make all this possible, the base table was moved to .rodata. The
penalty we pay is that now .rodata must be aligned to the size of
the base table (512B alignment). Still, this is better than putting
the base table with the higher level tables in the xlat_table
section, as that would cost us a full 4KB page.
Changing the tables from read-write to read-only cannot be done with
the MMU on, as the break-before-make sequence would invalidate the
descriptor which resolves the level 3 page table where that very
descriptor is located. This would make the translation required for
writing the changes impossible, generating an MMU fault.
The caches are also flushed.
Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>
Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
The dualroot chain of trust involves 2 root-of-trust public keys:
- The classic ROTPK.
- The platform ROTPK (a.k.a. PROTPK).
Use the cookie argument as a key ID for plat_get_rotpk_info() to return the
appropriate one. This only applies if we are using the dualroot CoT ; if using
the TBBR one, the behaviour is unchanged.
Change-Id: I400707a87ec01afd5922b68db31d652d787f79bd
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The cookie will be leveraged in the next commit.
Change-Id: Ie8bad275d856d84c27466461cf815529dd860446
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
- Use the development PROTPK if using the dualroot CoT.
Note that unlike the ROTPK, the PROTPK key hash file is not generated
from the key file, instead it has to be provided. This might be
enhanced in the future.
- Define a CoT build flag for the platform code to provide different
implementations where needed.
Change-Id: Iaaf25183b94e77a99a5d8d875831d90c102a97ea
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
When using the new dualroot chain of trust, a new root of trust key is
needed to authenticate the images belonging to the platform owner.
Provide a development one to deploy this on Arm platforms.
Change-Id: I481145e09aa564822d474cb47d38ec211dd24efd
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The build system needs to drive the cert_create tool in a slightly
different manner when using the dualroot chain of trust.
- It needs to pass it the platform root of trust key file.
- It must not try to generate the Non-Trusted Firmware Key Certificate,
which is not part of the dualroot CoT.
Change-Id: Ibcc821c5735765523730f861ae8230208f41302b
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Selection of the chain of trust is done through the COT build option:
> make COT=dualroot
Change-Id: Id87c7a5116bdd13bdb29645ecf31d111ad094c1e
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
This new chain of trust defines 2 independent signing domains:
1) One for the silicon firmware (BL1, BL2, BL31) and optionally the
Trusted OS. It is rooted in the Silicon ROTPK, just as in the TBBR
CoT.
2) One for the Normal World Bootloader (BL33). It is rooted in a new key
called Platform ROTPK, or PROTPK for short.
In terms of certificates chain,
- Signing domain 1) is similar to what TBBR advocates (see page 21 of
the TBBR specification), except that the Non-Trusted World Public Key
has been removed from the Trusted Key Certificate.
- Signing domain 2) only contains the Non-Trusted World Content
certificate, which provides the hash of the Non-Trusted World
Bootloader. Compared to the TBBR CoT, there's no Non-Trusted World
Key certificate for simplicity.
Change-Id: I62f1e952522d84470acc360cf5ee63e4c4b0b4d9
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
This patch adds support for a new SMC that can be used to control the
watchdog. This allows for a cleaner separation of responsibilities where
all watchdog operations have to go through Trusted Firmware and we could
no longer have kernel and firmware poking concurrently at the same
register block.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Change-Id: I4844a3559d5c956a53a74a61dd5bc2956f0cce7b
At each BL entry point, the registers r9 to r12 are used to save info from
the previous BL parameters put in r0 to r3. But zeromem uses r12, leading
to a corruption of arg3. Therefore this change copies r12 to r7 before
zeromem() call and restores r12 afterwards. It may be better to save it
in r7 in el3_arch_init_common and not at the entrypoint as r7 could be used
in other functions, especially platform ones.
This is a fix for Task T661.
Change-Id: Icc11990c69b5d4c542d08aca1a77b1f754b61a53
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Till now TF-A allows limited number of external images to be made part
of FIP. With SPM coming along, there may exist multiple SP packages
which need to be inserted into FIP. To achieve this we need a more
scalable approach to feed SP packages to FIP.
This patch introduces changes in build system to generate and add SP
packages into FIP based on information provided by platform.
Platform provides information in form of JSON which contains layout
description of available Secure Partitions.
JSON parser script is invoked by build system early on and generates
a makefile which updates FIP, SPTOOL and FDT arguments which will be
used by build system later on for final packaging.
"SP_LAYOUT_FILE" passed as a build argument and can be outside of TF-A
tree. This option will be used only when SPD=spmd.
For each SP, generated makefile will have following entries
- FDT_SOURCES += sp1.dts
- SPTOOL_ARGS += -i sp1.img:sp1.dtb -o sp1.pkg
- FIP_ARGS += --blob uuid=XXXX-XXX...,file=SP1.pkg
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib6a9c064400caa3cd825d9886008a3af67741af7
There are chances a denial-of-service attack, if an attacker
removes the SPE firmware from the system. The console driver
would end up waiting for the firmware to respond indefinitely.
The console driver must detect such scenarios and uninit the
interface as a result.
This patch adds a timeout to the interaction with the SPE
firmware and uninits the interface if it times out.
Change-Id: I06f27a858baed25711d41105b4110865f1a01727
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Tegra210 SoCs need the sc7entry-fw to enter System Suspend mode,
but there might be certain boards that do not have this firmware
blob. To stop the NS world from issuing System suspend entry
commands on such devices, we ned to disable System Suspend from
the PSCI "features".
This patch removes the System suspend handler from the Tegra PSCI
ops, so that the framework will disable support for "System Suspend"
from the PSCI "features".
Original change by: kalyani chidambaram <kalyanic@nvidia.com>
Change-Id: Ie029f82f55990a8b3a6debb73e95e0e218bfd1f5
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Code complexity is a good indication of maintainability versus
testability of a piece of software.
ISO26262 introduces the following thresholds:
complexity < 10 is accepted
10 <= complexity < 20 has to be justified
complexity >= 20 cannot be accepted
Rationale is that number of test cases to fully test a piece of
software can (depending on the coverage metrics) grow exponentially
with the number of branches in the software.
This patch removes redundant conditionals from 'ipc_send_req_atomic'
handler to reduce the McCabe Cyclomatic Complexity for this function
Change-Id: I20fef79a771301e1c824aea72a45ff83f97591d5
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Mark Dykes
Alexei Fedorov
Soby Mathew
Sandrine Bailleux
Ahmad Fatoum
Andre Przywara
Abdul Halim, Muhammad Hadi Asyrafi
Tien Hock, Loh
Petre-Ionut Tudor
Julius Werner
joanna.farley
Yann Gautier
Manish Pandey
Varun Wadekar