Add initialization for TRNG-IP-76 driver and support SMC call
0xC200FF11 used for reading HW RNG value by secondary bootloader
software for KASLR support.
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Change-Id: I1d644f67457b28d347523f8a7bfc4eacc45cba68
Reviewed-on: https://sj1git1.cavium.com/c/IP/SW/boot/atf/+/32688
Reviewed-by: Stefan Chulski <stefanc@marvell.com>
Reviewed-by: Ofer Heifetz <oferh@marvell.com>
Add Rambus (InsideSecure) TRNG-IP-76 HW RNG driver.
This IP is part of Marvell Armada CP110/CP115 die integrated
to Armada 7k/8K/CN913x SoCs
Change-Id: I9c5f510ad6728c7ed168da43d85b19d5852cd873
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Reviewed-by: Stefan Chulski <stefanc@marvell.com>
The code to check for the presence of the TRNG service relies on
toolchain garbage collection, which is not enabled with -O0.
Add #ifdef guards around the call to the TRNG service handler to
cover builds without optimisation as well.
Change-Id: I08ece2005ea1c8fa96afa13904a851dec6b24216
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
* changes:
plat/arm: fvp: Protect GICR frames for fused/unused cores
doc: Build option to protect GICR frame
plat/arm: fvp: Do not map GIC region in BL1 and BL2
Currently, BLs are mapping the GIC memory region as read-write
for all cores on boot-up.
This opens up the security hole where the active core can write
the GICR frame of fused/inactive core. To avoid this issue, disable
the GICR frame of all inactive cores as below:
1. After primary CPU boots up, map GICR region of all cores as
read-only.
2. After primary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
3. After secondary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
4. All unused/fused core's redistributor regions remain read-only and
write attempt to such protected regions results in an exception.
As mentioned above, this patch offers only the GICR memory-mapped
region protection considering there is no facility at the GIC IP
level to avoid writing the redistributor area.
These changes are currently done in BL31 of Arm FVP and guarded under
the flag 'FVP_GICR_REGION_PROTECTION'.
As of now, this patch is tested manually as below:
1. Disable the FVP cores (core 1, 2, 3) with core 0 as an active core.
2. Verify data abort triggered by manually updating the ‘GICR_CTLR’
register of core 1’s(fused) redistributor from core 0(active).
Change-Id: I86c99c7b41bae137b2011cf2ac17fad0a26e776d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Added a build option 'FVP_GICR_REGION_PROTECTION' to make
redistributor frame of fused/unused cores as read only.
Change-Id: Ie85f86e2465b93321a92a888ce8712a3144e4ccb
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
GIC memory region is not getting used in BL1 and BL2.
Hence avoid its mapping in BL1 and BL2 that freed some
page table entries to map other memory regions in the
future.
Retains mapping of CCN interconnect region in BL1 and BL2
overlapped with the GIC memory region.
Change-Id: I880dd0690f94b140e59e4ff0c0d436961b9cb0a7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This allows Matterhorn cores to operate at their optimal OPPs.
Signed-off-by: Usama Arif <usama.arif@arm.com>
Change-Id: I2e1b784da10154a1f1f65dd0e3a39213e7683116
This adds the TRNG Firmware Interface Service to the standard
service dispatcher. This includes a method for dispatching entropy
requests to platforms and includes an entropy pool implementation to
avoid dropping any entropy requested from the platform.
Change-Id: I71cadb3cb377a507652eca9e0d68714c973026e9
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch removes the Neoverse N1 CPU errata workaround for
bug 1542419 as the bug is not present in Rainier R0P0 core.
Change-Id: Icaca299b13ef830b2ee5129576aae655a6288e69
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
In DDR controller PWRTMG register, the mask for field SELFREF_TO_X32 is
wrong. This field is from bit 16 to 23.
Change-Id: Id336fb08c88f0a153df186dd819e41af72febb88
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Increase the core count and add respective entries in DTS.
Add Klein assembly file to cpu sources for core initialization.
Add SCMI entries for cores.
Signed-off-by: Avinash Mehta <avinash.mehta@arm.com>
Change-Id: I14dc1d87df6dcc8d560ade833ce1f92507054747
When building TF-A with USE_ROMLIB=1 and -j make options, the build fails with the following error:
make[1]: *** No rule to make target '/build/juno/debug/romlib/romlib.bin', needed by 'bl1_romlib.bin'.
This patch fixes that issue.
Signed-off-by: Zelalem <zelalem.aweke@arm.com>
Change-Id: I0cca416f3f50f400759164e0735c2d6b520ebf84
* changes:
docs: marvell: Replace ESPRESSObin-Ultra TF-A build example by full example how to build production release of Marvell firmware image
docs: marvell: Fix description of flash-image.bin image
docs: marvell: Add information into CLOCKSPRESET option how to identify CPU frequency
docs: marvell: Reformat DDR_TOPOLOGY option and mention EspressoBin-Ultra board
docs: marvell: Move Supported Marvell platforms to PLAT build option
* changes:
docs: marvell: Update info about WTMI_IMG option
plat: marvell: armada: a3k: Remove unused variable WTMI_SYSINIT_IMG from Makefile
plat: marvell: armada: Show informative build messages and blank lines
plat: marvell: armada: Move definition of mrvl_flash target to common marvell_common.mk file
plat: marvell: armada: a3k: Use $(Q) instead of @
plat: marvell: armada: a3k: Add a new target mrvl_uart which builds UART image
plat: marvell: armada: a3k: Build UART image files directly in $(BUILD_UART) subdirectory
plat: marvell: armada: a3k: Build intermediate files in $(BUILD_PLAT) directory
plat: marvell: armada: a3k: Correctly set DDR_TOPOLOGY and CLOCKSPRESET for WTMI
plat: marvell: armada: a3k: Allow use of the system Crypto++ library
docs: marvell: Update info about WTP and MV_DDR_PATH parameters
plat: marvell: armada: a3k: Add checks that WTP, MV_DDR_PATH and CRYPTOPP_PATH are correctly defined
docs: marvell: Update mv-ddr-marvell and A3700-utils-marvell branches
ESPRESSObin-Ultra TF-A build example was now just a copy+paste of previous
mentioned example. It produced debug binary with custom log level, which
was not described. So rather replace this duplicate build example by a full
example with all steps how to build production release of Marvell firmware
image for EspressoBin with 1GHz CPU and 1GB DDR4 RAM.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Ief1b8bc96a3035ebd8421bd68dca5eb5c8d8fd52
Reformat list of boards, remove unsupported OcteonTX2 and mention
supported Turris MOX board.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I22cea7f77fd078554c7f0ed4108781626209e563
* changes:
allwinner: Leave CPU power alone during BL31 setup
allwinner: psci: Invert check in .validate_ns_entrypoint
allwinner: psci: Drop MPIDR check from .pwr_domain_on
allwinner: psci: Drop .get_node_hw_state callback
AMU counters are used for monitoring the CPU performance. RD-N2 platform
has architected AMU available for each core. Enable the use of AMU by
non-secure OS for supporting the use of counters for processor
performance control (ACPI CPPC).
Change-Id: I5cc749cf63c18fc5c7563dd754c2f42990a97e23
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
AMU counters are used for monitoring the CPU performance. RD-V1 platform
has architected AMU available for each core. Enable the use of AMU by
non-secure OS for supporting the use of counters for processor
performance control (ACPI CPPC).
Change-Id: I4003d21407953f65b3ce99eaa8f496d6052546e0
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
Some of the PSCI platform callbacks were restricted on RD-V1 platform
because the idle was not functional. Now that it is functional, remove
all the restrictions on the use PSCI platform callbacks.
Change-Id: I4cb97cb54de7ee166c30f28df8fea653b6b425c7
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
It does not have to be supported by the current shell used in Makefile.
Replace it by a simple echo with implicit newline.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I97fe44986ac36d3079d5258c67f0c9184537e7f0
Default WTMI_IMG value was documented incorrectly. Also WTMI_IMG name may
be misleading as this option does not specify full WTMI image, just a main
loop (e.g. fuse.bin or custom RTOS image) without hardware initialization
code (DDR, CPU and clocks).
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I3de4a27ce2165b962fa628c992fd8f80151efd7c
This change separates building of flash and UART images, so it is possible
to build only one of these images. Also this change allows make to build
them in parallel.
Target mrvl_flash now builds only flash image and mrvl_uart only UART
image. This change reflects it also in the documentation.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Ie9ce4538d52188dd26d99dfeeb5ad171a5b818f3
This removes need to move files and also allows to build uart and flash
images in parallel.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I13bea547d7849615e1c1e11d333c8c99e568d3f6
Currently a3700_common.mk makefile builds intermediate files in TF-A top
level directory and also outside of the TF-A tree. This change fixes this
issue and builds all intermediate files in $(BUILD_PLAT) directory.
Part of this change is also removal of 'rm' and 'mv' commands as there is
no need to remove or move intermediate files from outside of the TF-A build
tree.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I72e3a3024bd3fdba1b991a220184d750029491e9
When building WTMI image we need to correctly set DDR_TOPOLOGY and
CLOCKSPRESET variables which WTMI build system expect. Otherwise it use
default values.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Ib83002194c8a6c64a2014899ac049bd319e1652f
This change introduces two new A3720 parameters, CRYPTOPP_LIBDIR and
CRYPTOPP_INCDIR, which can be used to specify directory paths to
pre-compiled Crypto++ library and header files.
When both new parameters are specified then the source code of Crypto++ via
CRYPTOPP_PATH parameter is not needed. And therefore it allows TF-A build
process to use system Crypto++ library.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I6d440f86153373b11b8d098bb68eb7325e86b20b
For SoCs which do not implement RAS, use DSB as a barrier to
synchronize pending external aborts at the entry and exit of
exception handlers. This is needed to isolate the SErrors to
appropriate context.
However, this introduces an unintended side effect as discussed
in the https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3440
A summary of the side effect and a quick workaround is provided as
part of this patch and summarized here:
The explicit DSB at the entry of various exception vectors in BL31
for handling exceptions from lower ELs can inadvertently trigger an
SError exception in EL3 due to pending asyncrhonouus aborts in lower
ELs. This will end up being handled by serror_sp_elx in EL3 which will
ultimately panic and die.
The way to workaround is to update a flag to indicate if the exception
truly came from EL3. This flag is allocated in the cpu_context
structure. This is not a bullet proof solution to the problem at hand
because we assume the instructions following "isb" that help to update
the flag (lines 100-102 & 139-141) execute without causing further
exceptions.
Change-Id: I4d345b07d746a727459435ddd6abb37fda24a9bf
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>