The number of ITS have changed from 4 to 1, resulting
in GICR base address change.
Signed-off-by: Usama Arif <usama.arif@arm.com>
Change-Id: I28101f0d1faf9f3c58591b642033c3fd49a275e7
NT_FW_CONFIG file is meant to be passed from BL31 to be consumed by
BL33, fvp platforms use this to pass measured boot configuration and
the x0 register is used to pass the base address of it.
In case of hafnium used as hypervisor in normal world, hypervisor
manifest is expected to be passed from BL31 and its base address is
passed in x0 register.
As only one of NT_FW_CONFIG or hypervisor manifest base address can be
passed in x0 register and also measured boot is not required for SPM so
disable passing NT_FW_CONFIG.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ifad9d3658f55ba7d70f468a88997d5272339e53e
Refine the function plat_add_sp_images_load_info() by saving the
previous node and only setting its next link when the current node is
valid. This can reduce the check for the next node and simply the
total logic.
Signed-off-by: Heyi Guo <guoheyi@linux.alibaba.com>
Change-Id: I4061428bf49ef0c3816ac22aaeb2e50315531f88
The traverse flow in function plat_add_sp_images_load_info() will find
the last node in the main load info list, with its
next_load_info==NULL. However this node is still useful and should not
be overridden with SP node info.
The bug will cause below error on RDN2 for spmd enabled:
ERROR: Invalid NT_FW_CONFIG DTB passed
Fix the bug by only setting the next_load_info of the last node in the
original main node list.
Signed-off-by: Heyi Guo <guoheyi@linux.alibaba.com>
Change-Id: Icaee5da1f2d53b29fdd6085a8cc507446186fd57
Add the secure partition mmap table and the secure partition boot
information to support secure partitions on RD-N2 platform. In addition
to this, add the required memory region mapping for accessing the
SoC peripherals from the secure partition.
Signed-off-by: Omkar Anand Kulkarni <omkar.kulkarni@arm.com>
Change-Id: I2c75760d6c8c3da3ff4885599be420e924aeaf3c
A TZC400 controller is placed inline on DRAM channels and regulates
the secure and non-secure accesses to both secure and non-secure
regions of the DRAM memory. Configure each of the TZC controllers
across the Chips.
For use by secure software, configure the first chip's trustzone
controller to protect the upper 16MB of the memory of the first DRAM
block for secure accesses only. The other regions are configured for
non-secure read write access. For all the remote chips, all the DRAM
regions are allowed for non-secure read and write access.
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Change-Id: I809f27eccadfc23ea0ef64e2fd87f95eb8f195c1
On a multi-chip platform, the boot CPU on the first chip programs the
TZC controllers on all the remote chips. Define a memory region map for
the TZC controllers for all the remote chips and include it in the BL2
memory map table.
In addition to this, for SPM_MM enabled multi-chip platforms, increase
the number of mmap entries and xlat table counts for EL3 execution
context as well because the shared RAM regions and GIC address space of
remote chips are accessed.
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Change-Id: I6f0b5fd22f9f28046451e382eef7f1f9258d88f7
For multi-chip platforms, add a macro to define the memory regions on
chip numbers >1 and its associated access permissions. These memory
regions are marked with non-secure access.
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Change-Id: If3d6180fd8ea61f45147c39d3140d694abf06617
Allow the access of system registers and nor2 flash memory region
from s-el0. This allows the secure parititions residing at s-el0
to access these memory regions.
Signed-off-by: Thomas Abraham <thomas.abraham@arm.com>
Change-Id: I3887a86770de806323fbde0d20fdc96eec6e0c3c
Define a default DMC-620 TZC memory region configuration and use it to
specify the TZC memory regions on sgi575, rdn1edge and rde1edge
platforms. The default DMC-620 TZC memory regions are defined
considering the support for secure paritition as well.
Signed-off-by: Thomas Abraham <thomas.abraham@arm.com>
Change-Id: Iedee3e57d0d3de5b65321444da51ec990d3702db
Remove the 'ARM_' prefix from the macros defining the CPER buffer memory
and replace it with 'CSS_SGI_' prefix. These macros are applicable only
for platforms supported within plat/sgi. In addition to this, ensure
that these macros are defined only if the RAS_EXTENSION build option is
enabled.
Signed-off-by: Thomas Abraham <thomas.abraham@arm.com>
Change-Id: I44df42cded18d9d3a4cb13e5c990e9ab3194daee
The macros defining the SMC function ids for DMC-620 error handling are
listed in the sgi_base_platform_def.h header file. But these macros are
not applicable for all platforms supported under plat/sgi. So move these
macro definitions to sgi_ras.c file in which these are consumed. While
at it, remove the AArch32 and error injection function ids as these are
unused.
Signed-off-by: Thomas Abraham <thomas.abraham@arm.com>
Change-Id: I249b54bf4c1b1694188a1e3b297345b942f16bc9
The macros specific to SDEI defined in the sgi_base_platform_def.h are
not applicable for all the platforms supported by plat/sgi. So refactor
the SDEI specific macros into a new header file and include this file on
only on platforms it is applicable on.
Signed-off-by: Thomas Abraham <thomas.abraham@arm.com>
Change-Id: I0cb7125334f02a21cae1837cdfd765c16ab50bf5
The FF-A v1.0 spec allows two configurations for the number of EC/vCPU
instantiated in a Secure Partition:
-A MultiProcessor (MP) SP instantiates as many ECs as the number of PEs.
An EC is pinned to a corresponding physical CPU.
-An UniProcessor (UP) SP instantiates a single EC. The EC is migrated to
the physical CPU from which the FF-A call is originating.
This change permits exercising the latter case within the TF-A-tests
framework.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I7fae0e7b873f349b34e57de5cea496210123aea0
Rename rd_n1e1_edge_scmi_plat_info array to plat_rd_scmi_info as the
same array is used to provide SCMI platform info across mulitple RD
platforms and is not resitricted to only RD-N1 and RD-E1 platforms.
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Change-Id: I42ba33e0afa3003c731ce513c6a5754b602ec01f
Now that we have a framework for the SMCCC TRNG interface, and the
existing Juno entropy code has been prepared, add the few remaining bits
to implement this interface for the Juno Trusted Entropy Source.
We retire the existing Juno specific RNG interface, and use the generic
one for the stack canary generation.
Change-Id: Ib6a6e5568cb8e0059d71740e2d18d6817b07127d
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The Juno Trusted Entropy Source has a bias, which makes the generated
raw numbers fail a FIPS 140-2 statistic test.
To improve the quality of the numbers, we can use the CPU's CRC
instructions, which do a decent job on conditioning the bits.
This adds a *very* simple version of arm_acle.h, which is typically
provided by the compiler, and contains the CRC instrinsics definitions
we need. We need the original version by using -nostdinc.
Change-Id: I83d3e6902d6a1164aacd5060ac13a38f0057bd1a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Currently we use the Juno's TRNG hardware entropy source to initialise
the stack canary. The current function allows to fill a buffer of any
size, but we will actually only ever request 16 bytes, as this is what
the hardware implements. Out of this, we only need at most 64 bits for
the canary.
In preparation for the introduction of the SMCCC TRNG interface, we
can simplify this Juno specific interface by making it compatible with
the generic one: We just deliver 64 bits of entropy on each call.
This reduces the complexity of the code. As the raw entropy register
readouts seem to be biased, it makes sense to do some conditioning
inside the juno_getentropy() function already.
Also initialise the TRNG hardware, if not already done.
Change-Id: I11b977ddc5417d52ac38709a9a7b61499eee481f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Update TZC base address to align with the recent changes in the platform
memory map.
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I0d0ad528a2e236607c744979e1ddc5c6d426687a
Currently, BLs are mapping the GIC memory region as read-write
for all cores on boot-up.
This opens up the security hole where the active core can write
the GICR frame of fused/inactive core. To avoid this issue, disable
the GICR frame of all inactive cores as below:
1. After primary CPU boots up, map GICR region of all cores as
read-only.
2. After primary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
3. After secondary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
4. All unused/fused core's redistributor regions remain read-only and
write attempt to such protected regions results in an exception.
As mentioned above, this patch offers only the GICR memory-mapped
region protection considering there is no facility at the GIC IP
level to avoid writing the redistributor area.
These changes are currently done in BL31 of Arm FVP and guarded under
the flag 'FVP_GICR_REGION_PROTECTION'.
As of now, this patch is tested manually as below:
1. Disable the FVP cores (core 1, 2, 3) with core 0 as an active core.
2. Verify data abort triggered by manually updating the ‘GICR_CTLR’
register of core 1’s(fused) redistributor from core 0(active).
Change-Id: I86c99c7b41bae137b2011cf2ac17fad0a26e776d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
GIC memory region is not getting used in BL1 and BL2.
Hence avoid its mapping in BL1 and BL2 that freed some
page table entries to map other memory regions in the
future.
Retains mapping of CCN interconnect region in BL1 and BL2
overlapped with the GIC memory region.
Change-Id: I880dd0690f94b140e59e4ff0c0d436961b9cb0a7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
So far the ARM platform Makefile would require that RESET_TO_BL31 is set
when we ask for the ARM_LINUX_KERNEL_AS_BL33 feature.
There is no real technical reason for that, and the one place in the
code where this was needed has been fixed.
Remove the requirement of those two options to be always enabled
together.
This enables the direct kernel boot feature for the Foundation FVP
(as described in the documentation), which requires a BL1/FIP
combination to boot, so cannot use RESET_TO_BL31.
Change-Id: I6814797b6431b6614d684bab3c5830bfd9481851
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we have the somewhat artifical limitation of
ARM_LINUX_KERNEL_AS_BL33 only being used together with RESET_TO_BL31.
However there does not seem to be a good technical reason for that,
it was probably just to differentate between two different boot flows.
Move the initial register setup for ARM_LINUX_KERNEL_AS_BL33 out of the
RESET_TO_BL31 #ifdef, so that we initialise the registers in any case.
This allows to use a preloaded kernel image when using BL1 and FIP.
Change-Id: I832df272d3829f077661f4ee6d3dd9a276a0118f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The structure has been modified to specify the memory
size in bytes instead of Gigabytes.
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Change-Id: I3384677d79af4f3cf55d3c353b6c20bb827b5ae7
This patch removes the Neoverse N1 CPU errata workaround for
bug 1542419 as the bug is not present in Rainier R0P0 core.
Change-Id: Icaca299b13ef830b2ee5129576aae655a6288e69
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Increase the core count and add respective entries in DTS.
Add Klein assembly file to cpu sources for core initialization.
Add SCMI entries for cores.
Signed-off-by: Avinash Mehta <avinash.mehta@arm.com>
Change-Id: I14dc1d87df6dcc8d560ade833ce1f92507054747
When building TF-A with USE_ROMLIB=1 and -j make options, the build fails with the following error:
make[1]: *** No rule to make target '/build/juno/debug/romlib/romlib.bin', needed by 'bl1_romlib.bin'.
This patch fixes that issue.
Signed-off-by: Zelalem <zelalem.aweke@arm.com>
Change-Id: I0cca416f3f50f400759164e0735c2d6b520ebf84
AMU counters are used for monitoring the CPU performance. RD-N2 platform
has architected AMU available for each core. Enable the use of AMU by
non-secure OS for supporting the use of counters for processor
performance control (ACPI CPPC).
Change-Id: I5cc749cf63c18fc5c7563dd754c2f42990a97e23
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
AMU counters are used for monitoring the CPU performance. RD-V1 platform
has architected AMU available for each core. Enable the use of AMU by
non-secure OS for supporting the use of counters for processor
performance control (ACPI CPPC).
Change-Id: I4003d21407953f65b3ce99eaa8f496d6052546e0
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
Some of the PSCI platform callbacks were restricted on RD-V1 platform
because the idle was not functional. Now that it is functional, remove
all the restrictions on the use PSCI platform callbacks.
Change-Id: I4cb97cb54de7ee166c30f28df8fea653b6b425c7
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
Madhukar Pappireddy
Usama Arif
Olivier Deprez
Manish Pandey
Heyi Guo
Bipin Ravi
Omkar Anand Kulkarni
Aditya Angadi
Thomas Abraham
johpow01
Sandrine Bailleux
Andre Przywara
Vijayenthiran Subramaniam
Manish V Badarkhe
Manoj Kumar
Lauren Wehrmeister
Avinash Mehta
Zelalem
Pranav Madhu
Ming Huang