The value used to signal failure is 0. It is needed to return a different
value on success.
Change-Id: I2186aa7dfbfc825bfe7b3d5ae3c4de7af10ee44f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The patch d323af9 removed the support for coherent memory in BL1 and
BL2 for ARM platforms. But the CryptoCell SBROM integration depends
on use of coherent buffers for passing data from the AP CPU to the
CryptoCell. Hence this patch reintroduces support for coherent
memory in BL1 and BL2 if ARM_CRYPTOCELL_INTEG=1.
Change-Id: I011482dda7f7a3ec9e3e79bfb3f4fa03796f7e02
Signed-Off-by: Soby Mathew <soby.mathew@arm.com>
The expected value for failure is 0, so the warning only has to be shown
in that case. This is the way the TSPD has done it since it was
introduced, and the way SPM and OP-TEE do it.
Trusty wrongly returns 0 on success.
In the case of TLK, the return value of tlkd_init() is passed from the
secure world in register X1 when calling the SMC TLK_ENTRY_DONE.
Change-Id: I39106d67631ee57f109619f8830bf4b9d96155e6
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
When using the tf_log_set_max_level() function, one can dynamically
set the log level to a value smaller than then compile time specified
one, but not equal. This means that when the log level have been
lowered, it can't be reset to the previous value. This commit modifies
this function to allow setting the log level back to the compile time
value.
FixesARM-software/tf-issues#624
Change-Id: Ib157715c8835982ce4977ba67a48e18ff23d5a61
Signed-off-by: Junhan Zhou <Junhan@mellanox.com>
- Linaro binaries: 18.04
- mbed TLS library: 2.12.0
- FVP model versions: 11.4 build 37
This patch updates the user guide documentation to reflect these
changes to the dependencies.
Change-Id: I454782ca43a0db43aeeef2ab3622f4dea9dfec55
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch fixes the name of the Cortex-ares errata function which was
previously named `cortex_a72_errata_report` which was an error.
Change-Id: Ia124df4628261021baa8d9a30308bc286d45712b
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch fixes an array overrun in CSS scmi driver if the
system power domain level is less than 2. This was reported from
https://scan.coverity.com/projects/arm-software-arm-trusted-firmware
CID 308492
Change-Id: I3a59c700490816718d20c71141281f19b2b7e7f7
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch adds experimental support for TBB to the HiKey960 board. To
build and test with TBB modify the uefi-tools project platforms.config
+ATF_BUILDFLAGS=TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 SAVE_KEYS=1 \
MBEDTLS_DIR=./mbedtls
Signed-off-by: Teddy Reed <teddy@casualhacking.io>
The AXP805 PMIC used with H6 is capable of shutting down the system.
Add support for using it to shut down the system power.
The original placeholder power off code is moved to A64 code, as it's
still TODO to implement PMIC operations for A64.
Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
The OTT reference design of Allwinner H6 SoC uses an X-Powers AXP805
PMIC.
Add initial code for it.
Currently it's only detected.
Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
Allwinner 64-bit SoCs all use the Mentor Graphics MI2CV I2C controller
core, with inverted clear quirk.
Add a glue driver for this.
Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
The I2C controller on Allwinner SoCs after A31 has a inverted interrupt
clear flag, which needs to be written 1 (rather than 0 on Marvell SoCs
and old Allwinner SoCs) to clear.
Add such a quirk to mi2cv driver common code.
Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
As the ATF may need to do some power initialization on Allwinner
platform with AXP PMICs, call the PMIC setup code in BL31.
Stub of PMIC setup code is added, to prevent undefined reference.
Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
The patch 7b56928 unified the FWU mechanism on FVP and Juno
platforms due to issues with MCC firmware not preserving the
NVFLAGS. With MCCv150 firmware, this issue is resolved. Also
writing to the NOR flash while executing from the same flash
in Bypass mode had some stability issues. Hence, since the
MCC firmware issue is resolved, this patch reverts to the
NVFLAGS mechanism to detect FWU. Also, with the introduction
of SDS (Shared Data Structure) by the SCP, the reset syndrome
needs to queried from the appropriate SDS field.
Change-Id: If9c08f1afaaa4fcf197f3186887068103855f554
Signed-off-by: Sathees Balya <sathees.balya@arm.com>
Signed-off-by: Soby Mathew <Soby.Mathew@arm.com>
After introducing the Mbed TLS shared heap optimisation, reducing BL2
size by 3 pages didn't leave enough space for growth. We give 1 page
back to maximum BL2 size.
Change-Id: I4f05432f00b923693160f69a4e4ec310a37a2b16
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
Adds an undocumented build option that enables non-secure access to
the PL011 UART1.
This allows a custom build where the UART can be used as a serial debug
port for WinDbg (or other debugger) connection.
This option is not documented in the user guide, as it is provided as a
convenience for Windows debugging, and not intended for general use.
In particular, enabling non-secure access to the UART might allow
a denial of service attack!
Change-Id: I4cd7d59c2cac897cc654ab5e1188ff031114ed3c
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Signed-off-by: Evan Lloyd <evan.lloyd@arm.com>
A cache flush is added in BL1, in Mbed TLS shared heap code. Thus, we
ensure that the heap info written to the DTB always gets written back to
memory. Hence, sharing this info with other images is guaranteed.
Change-Id: I0faada31fe7a83854cd5e2cf277ba519e3f050d5
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
In Mbed TLS shared heap code, an additional sanity check is introduced
in BL2. Currently, when BL2 shares heap with BL1, it expects the heap
info to be found in the DTB. If for any reason the DTB is missing, BL2
cannot have the heap address and, hence, Mbed TLS cannot proceed. So,
BL2 cannot continue executing and it will eventually crash. With this
change we ensure that if the DTB is missing BL2 will panic() instead of
having an unpredictable crash.
Change-Id: I3045ae43e54b7fe53f23e7c2d4d00e3477b6a446
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
This patch, firstly, makes the error messages consistent to how printed
strings are usually formatted. Secondly, it removes an unnecessary #if
directive.
Change-Id: Idbb8ef0070562634766b683ac65f8160c9d109e6
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
The specification requires that, after wakeup from a CPU suspend, the
dispatcher must mask all events on the CPU. This patch adds the feature
to the SDEI dispatcher by subscribing to the PSCI suspend to power down
event, and masking all events on the PE.
Change-Id: I9fe1d1bc2a58379ba7bba953a8d8b275fc18902c
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
If BL32 isn't present or it fails to initialize the current code prints
an error message in both debug and release builds. This is too verbose
for release builds, so it has been converted into a warning.
Also, it was missing a newline at the end of the message.
Change-Id: I91e18d5d5864dbb19d47ecd54f174d2d8c06296c
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The Marvell A8K SoCs use the MI2CV IP core from Mentor Graphics, which
is also used by Allwinner.
As Mentor Graphics allows a lot of customization, the MI2CV in the two
SoC families are not compatible, and driver modifications are needed.
Extract the common code to a MI2CV driver.
Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
The I2C controller found in Marvell A8K SoCs (and some older SoCs) mux
status and baudrate registers into the same address, however, it's a
vendor customization, and the original IP core by Mentor Graphics uses
two different addresses for the two registers.
Use anonymous union in the driver, in order to ease code sharing for
other SoC vendors that use this IP core (Allwinner SoCs that are newly
introduced to mainline ATF use this core).
Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
With the current implementation, it's possible for a contender to
observe accesses in the Critical Section before acquiring or releasing
the lock. Insert fencing in the locking and release codes to prevent any
reorder.
FixesARM-software/tf-issues#609
Change-Id: I773b82aa41dd544a2d3dbacb9a4b42c9eb767bbb
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
'dmb ld' is not a recognized instruction for ARMv7. Since generic code
may use 'dmb ld', alias it to 'dmb' when building for ARMv7.
Change-Id: I502f360cb6412897ca9580b725d9f79469a7612e
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
For Denver CPUs, this approach enables the mitigation during EL3
initialization, following every PE reset. No mechanism is provided to
disable the mitigation at runtime.
This approach permanently mitigates the EL3 software stack only. Other
software components are responsible to enable it for their exception
levels.
TF-A implements this approach for the Denver CPUs with DENVER_MIDR_PN3
and earlier:
* By setting bit 11 (Disable speculative store buffering) of
`ACTLR_EL3`
* By setting bit 9 (Disable speculative memory disambiguation) of
`ACTLR_EL3`
TF-A implements this approach for the Denver CPUs with DENVER_MIDR_PN4
and later:
* By setting bit 18 (Disable speculative store buffering) of
`ACTLR_EL3`
* By setting bit 17 (Disable speculative memory disambiguation) of
`ACTLR_EL3`
Change-Id: If1de96605ce3f7b0aff5fab2c828e5aecb687555
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Denver CPUs expect the power state field to be reset to 'C1'
during boot. This patch updates the reset handler to reset the
ACTLR_.PMSTATE field to 'C1' state during CPU boot.
Change-Id: I7cb629627a4dd1a30ec5cbb3a5e90055244fe30c
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>