Platform NV counter get updated (if cert NV counter > plat NV counter)
before authenticating the certificate if the platform specifies NV
counter method before signature authentication in its CoT, and this
provides an opportunity for a tempered certificate to upgrade the
platform NV counter. This is theoretical issue, as in practice none
of the standard CoT (TBBR, dualroot) or upstream platforms ones (NXP)
exercised this issue.
To fix this issue, modified the auth_nvctr method to do only NV
counter check, and flags if the NV counter upgrade is needed or not.
Then ensured that the platform NV counter gets upgraded with the NV
counter value from the certificate only after that certificate gets
authenticated.
This change is verified manually by modifying the CoT that specifies
certificate with:
1. NV counter authentication before signature authentication
method
2. NV counter authentication method only
Change-Id: I1ad17f1a911fb1035a1a60976cc26b2965b05166
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
* changes:
renesas: rzg: Add support to identify EK874 RZ/G2E board
drivers: renesas: common: watchdog: Add support for RZ/G2E
drivers: renesas: rzg: Add QoS support for RZ/G2E
drivers: renesas: rzg: Add PFC support for RZ/G2E
drivers: renesas: common: Add support for DRAM initialization on RZ/G2E SoC
renesas: rzg: Add support to identify HopeRun HiHope RZ/G2N board
drivers: renesas: common: emmc: Select eMMC channel for RZ/G2N SoC
drivers: renesas: rzg: Add QoS support for RZ/G2N
drivers: renesas: rzg: Add PFC support for RZ/G2N
drivers: renesas: common: Add support for DRAM initialization on RZ/G2N SoC
renesas: rzg: Add support to identify HopeRun HiHope RZ/G2H board
drivers: renesas: common: emmc: Select eMMC channel for RZ/G2H SoC
drivers: renesas: rzg: Add QoS support for RZ/G2H
drivers: renesas: rzg: Add PFC support for RZ/G2H
drivers: renesas: common: Add support for DRAM initialization on RZ/G2H SoC
drivers: renesas: rzg: Switch using common ddr code
drivers: renesas: ddr: Move to common
Add support to identify Silicon Linux RZ/G2E evaluation kit (EK874).
Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Reviewed-by: Biju Das <biju.das.jz@bp.renesas.com>
Change-Id: Id7bdbc9b0d25aa9af496d58d4bd5055579edc104
Add pin control support for RZ/G2E SoC.
Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Reviewed-by: Biju Das <biju.das.jz@bp.renesas.com>
Change-Id: I736724cc0dd32f2169018ed7f2f48319b039b61f
DRAM initialization on RZ/G2E SoC is identical to R-Car E3 so re-use the
same.
Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Reviewed-by: Biju Das <biju.das.jz@bp.renesas.com>
Change-Id: I454fb40af4f8ce6c4c0d2a53edb307326efd02df
Add pin control support for RZ/G2N SoC.
Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Reviewed-by: Biju Das <biju.das.jz@bp.renesas.com>
Change-Id: Ib5eb4f3b1b75e158ec13c4eefdbe9688344206a3
Add support for initializing DRAM on RZ/G2N SoC.
Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Reviewed-by: Biju Das <biju.das.jz@bp.renesas.com>
Change-Id: Id09a367b92b11a5da88f2dce6887677cc935d0c0
Add pin control support for RZ/G2H SoC.
Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Reviewed-by: Biju Das <biju.das.jz@bp.renesas.com>
Change-Id: I06dc259d7d26a5a5313e8731ea72f846bfca09ed
Add support for initializing DRAM on RZ/G2H SoC.
Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Reviewed-by: Biju Das <biju.das.jz@bp.renesas.com>
Change-Id: Iae23f1093f65a9efd065d37b7d6e9340ff6350b9
Switch using common ddr driver code from renesas/common/ddr directory
for RZ/G2M SoC.
Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Reviewed-by: Biju Das <biju.das.jz@bp.renesas.com>
Change-Id: I807dcb0bc5186bd32bc1c577945d28634bb10e1f
Move ddr driver code to common directory, so that the same
code can be re-used by both R-Car Gen3 and RZ/G2 platforms.
Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Reviewed-by: Biju Das <biju.das.jz@bp.renesas.com>
Change-Id: I9aef73d3e9a027a127ce7483b72d339559866727
By default the Arm Ethos-N NPU will boot up in secure mode. In this mode
the non-secure world cannot access the registers needed to use the NPU.
To still allow the non-secure world to use the NPU, a SiP service has
been added that can delegate non-secure access to the registers needed
to use it.
Only the HW_CONFIG for the Arm Juno platform has been updated to include
the device tree for the NPU and the platform currently only loads the
HW_CONFIG in AArch64 builds.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I65dfd864042ed43faae0a259dcf319cbadb5f3d2
Some Marvell SoCs may have crypto engine disabled in the HW.
This patch checks the AP LD0 efuse for crypto engine/TRNG
presence before initializing the driver.
Change-Id: I441e7c69a137106bd36302b028b04c0b31896dbd
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Reviewed-on: https://sj1git1.cavium.com/c/IP/SW/boot/atf/+/47314
Tested-by: sa_ip-sw-jenkins <sa_ip-sw-jenkins@marvell.com>
Reviewed-by: Yi Guo <yi.guo@cavium.com>
This patch forces rx training on 10G ports
as part of comphy_smc call from Linux.
Signed-off-by: Alex Evraev <alexev@marvell.com>
Change-Id: Iebe6ea7c8b21cbdce5c466c8a69b92e9d7c8a8ca
Reviewed-on: https://sj1git1.cavium.com/c/IP/SW/boot/atf/+/30763
Tested-by: sa_ip-sw-jenkins <sa_ip-sw-jenkins@marvell.com>
Reviewed-by: Stefan Chulski <stefanc@marvell.com>
Reviewed-by: Nadav Haklai <nadavh@marvell.com>
Setting MSS_SUPPORT to 0 also removes requirement for SCP_BL2
definition.
Images build with MSS_SUPPORT=0 will not include service CPUs
FW and will not support PM, FC and other features implemented
in these FW images.
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Change-Id: Idf301ebd218ce65a60f277f3876d0aeb6c72f105
Reviewed-on: https://sj1git1.cavium.com/c/IP/SW/boot/atf/+/37769
Tested-by: sa_ip-sw-jenkins <sa_ip-sw-jenkins@marvell.com>
Reviewed-by: Stefan Chulski <stefanc@marvell.com>
Reviewed-by: Ofer Heifetz <oferh@marvell.com>
Reviewed-by: Nadav Haklai <nadavh@marvell.com>
Linux cpu clk driver requires access to some dfx registers. By adding
these registers to the white list, we enable access to them from
non-secure world.
Change-Id: Ic05c96b375121c025bfb41c2ac9474a530720155
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
Reviewed-on: https://sj1git1.cavium.com/25187
Tested-by: Kostya Porotchkin <kostap@marvell.com>
Reviewed-by: Kostya Porotchkin <kostap@marvell.com>
Since the dfx register set is going to be marked as secure expose dfx
secure read and write function via SiP services. In introduced misc_dfx
driver some registers are white-listed so non-secure software can still
access them.
This will allow non-secure word drivers access some white-listed
registers related to e.g.: Sample at reset, efuses, SoC type and
revision ID accesses.
Change-Id: If9ae2da51ab2e6ca62b9a2c940819259bf25edc0
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
Reviewed-on: https://sj1git1.cavium.com/25055
Tested-by: Kostya Porotchkin <kostap@marvell.com>
Reviewed-by: Kostya Porotchkin <kostap@marvell.com>
Since more drivers which uses dfx register set need to be handled with
use of SiP services, use dedicated and more meaningful name for thermal
SiP services.
Change-Id: Ic2ac27535a4902477df8edc4c86df3e34cb2344f
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
Reviewed-on: https://sj1git1.cavium.com/25054
Tested-by: sa_ip-sw-jenkins <sa_ip-sw-jenkins@marvell.com>
Reviewed-by: Kostya Porotchkin <kostap@marvell.com>
Since the dfx register set is going to be marked as secure (in order to
protect efuse registers for non secure access), accessing thermal
registers which are part of dfx register set, will not be possible from
lower exception levels. Due to above expose thermal driver as a SiP
service. This will allow Linux and U-Boot thermal driver to initialise
and perform various operations on thermal sensor.
The thermal sensor driver is based on Linux
drivers/thermal/armada_thermal.c.
Change-Id: I4763a3bf5c43750c724c86b1dcadad3cb729e93e
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
Reviewed-on: https://sj1git1.cavium.com/20581
Reviewed-by: Kostya Porotchkin <kostap@marvell.com>
Tested-by: Kostya Porotchkin <kostap@marvell.com>
This reverts commit 13f3c5166f.
The STM32MP1 platform can no more boot qwith this change.
The driver will not be aware when the static struct in framework is updated.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Icc544e243136ee3b0067f316b71dff7dfd6526d6
* changes:
drivers: marvell: comphy-a3700: Set TXDCLK_2X_SEL bit during PCIe initialization
drivers: marvell: comphy-a3700: Set mask parameter for every reg_set call
drivers: marvell: comphy-a3700: Fix configuring polarity invert bits
Marvell Armada 3700 Functional Specifications, section 52.2 PCIe Link
Initialization says that TXDCLK_2X_SEL bit needs to be enabled for PCIe
Root Complex mode. Both U-Boot and Linux kernel support only Root Complex
mode. Set this bit.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Id2a538c379b911b62597f9463b4842b7b5c24df7
The third argument of the reg_set() function has name 'mask', which
indicates that it is a mask applied to the register value which is
going to be updated. But the implementation of this function uses
this argument to clear prior value of the register, i.e. instead of
new_val = (old_val & ~mask) | (data & mask);
it does
new_val = (new_val & ~mask) | data;
(The more proper name for this function should be reg_clrsetbits(),
since internally it calls mmio_clrsetbits_32().)
To make code more readable set 'mask' argument to real mask, i.e. bits
of register values which are going to be updated.
This patch does not make any functional change, only cosmetic, due to
how 'mask' is interpreted.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Ifa0339e79c07d1994c7971b65d966b92cb735f65
TXD_INVERT_BIT or RXD_INVERT_BIT needs to be set only in case when
appropriate polarity is inverted. Otherwise these bits should be
cleared.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I8b09fab883a7b995fd72a7d8ae6233f0fa07011b
The legacy console is gone. Re-add DCC console support based
on the multi-console framework.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Change-Id: Ia8388721093bc1be3af40974530d7c9a9ae5f43e
Broadcom I2C controller driver. Follwoing API's are supported:-
- i2c_init() Intialize ethe I2C controller
- i2c_probe()
- i2c_set_bus_speed() Set the I2C bus speed
- i2c_get_bus_speed() Get the current bus speed
- i2c_recv_byte() Receive one byte of data.
- i2c_send_byte() Send one byteof data
- i2c_read_byte() Read single byte of data
- i2c_read() Read multiple bytes of data
- i2c_write_byte Write single byte of data
- i2c_write() Write multiple bytes of data
This driver is verified by reading the DDR SPD data.
Signed-off-by: Bharat Gooty <bharat.gooty@broadcom.com>
Change-Id: I2d7fe53950e8b12fab19d0293020523ff8b74e13
Chain of trust(CoT) is enabled on NXP SoC in two ways:
- Using MbedTLS, parsing X509 Certificates.
- Using NXP internal method parsing CSF header
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I78fb28516dfcfa667bebf8a1951ffb24bcab8de4
NXP has hardware crypto accelerator called CAAM.
- Work with Job ring
- Jobs are submitted to CAAM in the form of 64 word
descriptor.
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I02bcfce68143b8630e1833a74c4b126972f4323d
Flexspi driver now introduces read/write/erase APIs for complete flash
size, FAST-READ are by default used and IP bus is used for erase, read
and write using flexspi APIs.
Framework layer is currently embedded in driver itself using flash_info
defines.
Test cases are also added to confirm flash functionality currently under
DEBUG flag.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Ashish Kumar <Ashish.Kumar@nxp.com>
Signed-off-by: Kuldeep Singh <kuldeep.singh@nxp.com>
Change-Id: I755c0f763f6297a35cad6885f84640de50f51bb0
GIC api used by NXP SoC is based on:
- arm provided drivers: /drivers/arm/gic
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: If3d470256e5bd078614f191e56062c4fbd97f8bd
NXP General Purpose Input/Output driver support for
NXP platforms.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I9a3574f1d5d12e4a65ff60f640d4e77e2defd6d4
NXP Central Security Unit(CSU) for NXP SoC.
CSU is used for:
- Access permissions for peripheral that donot have their own
access control.
- Locking of individual CSU settings until the next POR
- General purpose security related control bits
Refer NXP SoC manuals fro more details.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I07a4729c79c5e2597f8b2a782e87e09f7f30c2ca