Handle boot from UART with STM32CubeProgammer based on mmap io
for STM32MP15.
Depends-On: Iba84e8dfd67b9f30416efb0f6778e48ba1f75dad
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Change-Id: Ibd719dd46a11da78633728675ef6639635b6cf67
Add a file to support the STMicroelectronics tool STM32CubeProgrammer
over UART in BL2 for STM32MP15x platform.
This tools is based on protocol defined in AN5275,
"USB DFU/USART protocols used in STM32MP1 Series bootloaders"
based on STM32 MCU protocols (AN3155, "USART protocol used
in the STM32 bootloader").
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Change-Id: I956c95d8de0a94d1eb8e61f043651dae7b838170
These registers make it is possible to do external resets of A3700
peripherals. Most peripherals are reset by clearing a particular bit,
but some need setting the bit. Reflect this via "_N" suffix in macro
names.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Iacef5e671746b831b5beea9e4fdcc59d8de84edc
Commit 4333f95 ("fix(spm_mm): do not compile if SVE/SME is enabled")
introduced a comiple time check to verify if ENABLE_SVE_FOR_NS is set to
0 when SPM_MM build is enabled. To support SPM_MM builds on SGI/RD
platforms set ENABLE_SVE_FOR_NS to 0.
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: If78ed7567f6d988795b2bc7f772a883783246964
MISRA Violation: MISRA-C:2012 R.10.6
- The value of a composite expression shall not be assigned to an object
with wider essential type
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: Ia0d13c3cfeb13d22b6fc7e8869cc713218302973
MISRA Violation: MISRA-C:2012 R.14.4
- The controlling expression of an if statement and the controlling
expression of an iteration-statement shall have essentially Boolean type.
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: I8cf821a42015858200cc0c514600012c8f61061f
MISRA Violation: MISRA-C:2012 R.17.7
- The value returned by a function having non-void return type shall be
used ((void) missing for discarded return value.).
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: I1e6a598b9fe6c571a3e5010ee832ef860dfe491d
MISRA Violation: MISRA-C:2012 R.10.3
- The value of an expression shall not be assigned to an object with a
narrower essential type or of a different essential type category
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: I9c6dd8dba40db8067b46947ceff295732648612a
MISRA Violation: MISRA-C:2012 R.7.2
- A "u" or "U" suffix shall be applied to all integer constants that are
represented in an unsigned type
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: Iaf6db75e42913ddceccb803426287d0c47d7f31d
MISRA Violation: MISRA-C:2012 R.15.7
- All if . . else if constructs shall be terminated with an else statement
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: Iea32e32b5683f7accd7fac8d557957f05ed0f5c5
MISRA Violation: MISRA-C:2012 R.15.6
- The body of an iteration-statement or a selection-statement shall be
a compound statement
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: If1ccaa2f254ac85a329295de501e2b5558e8ff43
MISRA Violation: MISRA-C:2012 R.10.1
- Operands shall not be of an inappropriate essential type.
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: I67b5788054a136be8d764472c5d85528a5c4272f
MISRA Violation: MISRA-C:2012 R.20.7
- Expressions resulting from the expansion of macro parameters shall be
enclosed in parentheses
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: Id913c556cab955c798809ad2bd08ca3e48e2231a
MISRA Violation: MISRA-C:2012 R.10.3
- The value of an expression shall not be assigned to an object with a
narrower essential type or of a different essential type category
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: I73c056ff4df2f14e04c92a49ac5c97e578e82107
MISRA Violation: MISRA-C:2012 R.10.6
- The value of a composite expression shall not be assigned to an object
with wider essential type.
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: I67ac6b6b4b643f57e76a435345540e241c9a88b9
MISRA Violation: MISRA-C:2012 R.15.6
- The body of an iteration-statement or a selection-statement shall be
a compound statement
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: I82e924a77ee3afeb56fa18714e94cc4f6fff5a49
The clock and pll of mt8195 can be locked into security access
by device apc. Add clock and pll related SiP call for the access
from Kernel space.
Signed-off-by: Flora Fu <flora.fu@mediatek.com>
Change-Id: I0c1f7d6c6abdd3b976492a0b776dc5b1d1f1512b
Adds support for SPMD with SPMC at S-EL1. A new config option SPMC_OPTEE
is added to support loading the special OP-TEE images when configured
with SPD=spmd. With or without SPMC_OPTEE. It should still be possible
to load another BL32 payload implementing a SPMC, provided that entry
point is the same as load address, that is, BL32_BASE.
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Change-Id: Ie61dcd1ee564688baee1b575030e63dc2bb85121
Renamed a macro 'INVALID_ID' to 'EVLOG_INVALID_ID' to avoid its clash
with other macro names and to show it is explicitly used for Event
Log driver.
Change-Id: Ie4c92b3cd1366d9a59cd6f43221e24734865f427
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
When the console verbosity is at maximum, fconf_populate_arm_sp()
prints the UUID and load address of each secure partition. However,
the load address has not been retrieved yet at this point, which means
all partitions show a zero load address.
Move the trace after we have retrieved the SP's load address from the
device tree to make it more meaningful.
Change-Id: I58ef7df6c9107a433f61113cafd8f0855c468d40
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
sha 4ce3e99a3 introduced printf format specifiers for fixed width
types, which uses PRI*64 instead of "ll" for 64 bit values.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ic6811cc1788c698adde0807e5f8ab5290a900a26
sha 4ce3e99a3 introduced printf format specifiers for fixed width
types, which uses PRI*64 instead of "ll" for 64 bit variables.
Change-Id: I09a8d174694d4b170a6ef2e4a03df13adc829c00
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Use long instead of long long on aarch64 for 64_t stdint types.
Introduce inttypes.h to properly support printf format specifiers for
fixed width types for such change.
Change-Id: I0bca594687a996fde0a9702d7a383055b99f10a1
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
* changes:
feat(arm_fpga): write UART baud base clock frequency into DTB
feat(arm_fpga): query PL011 to learn system frequency
refactor(arm_fpga): move command line code into separate function
fix(fdt): avoid output on missing DT property
feat(arm_fpga): add ITS autodetection
feat(arm_fpga): determine GICR base by probing
feat(gicv3): introduce GIC component identification
feat(libfdt): also allow changing base address
fix(arm_fpga): avoid re-linking from executable ELF file
Correctly handle USB_DESC_TYPE_OTHER_SPEED_CONFIGURATION request
in USB driver and support a different result than
USB_DESC_TYPE_CONFIGURATION with the new optional ops
get_other_speed_config_desc().
The support of this descriptor is optionnal and is only
required when high-speed capable device which can operate at its
other possible speed.
This patch allows to remove the pbuf update in usb_core_get_desc()
and solves an issue on USB re-enumeration on STM32MP15 platform
as the result of get_config_desc() is a const array.
This issue is not see on normal use-case, as the USB enumeration
is only done in ROM code and TF-A reuse the same USB descritors.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I8edcc1e45065ab4e45d48f4bc37b49120674fdb0
Since we now autodetect the actual system frequency, which is also used
as the base for the UART baudrate generation, we should update the value
currently hard-coded in the DT. Otherwise Linux will reprogram the
divider using a potentially wrong base rate, which breaks the UART
output.
Find the DT node referenced by the UART node as the clock rate, and set
the "clock-frequency" property in that node to the detected system
frequency. This will let Linux reprogram the divider to the same value,
preserving the actual baudrate.
Change-Id: Ib5a936849f2198577b86509f032751d5386ed2f8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The Arm FPGAs run in mostly one clock domain, which is used for the CPU
cores, the generic timer, and also the UART baudrate base clock. This
single clock can have different rates, to compensate for different IP
complexity. So far most images used 10 MHz, but different rates start to
appear.
To avoid patching both the arch timer frequency and UART baud base fixed
clock in the DTB manually, we would like to set the clock rate
automatically. Fortunately the SCP firmware has the actual clock rate
hard coded, and already programs the PL011 UART baud divider register
with the correct value to achieve a 38400 bps baudrate.
So read the two PL011 baudrate divider values and re-calculate the
original base clock from there, to use as the arch timer frequency. If
the arch timer DT node contains a clock-frequency property, we use that
instead, to support overriding and disabling this autodetection.
Change-Id: I9857fbb418deb4644aeb2816f1102796f9bfd3bb
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The code dealing with finding the command line and inserting that into
the DTB is somewhat large, and drowns the other DT handlers in our
fpga_prepare_dtb() function.
Move that code into a separate function, to improve readability.
Change-Id: I828203c4bb248d38a2562fcb6afdefedf3179f8d
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Some FPGAs come with a GIC that has an ITS block configured. Since the
ITS sits between the distributor and redistributors, we can autodetect
that, and already adjust the GICR base address.
To also make this ITS usable, add an ITS node to our base DTB, and
remove that should we not find an ITS during the scan for the
redistributor. This allows to use the same TF-A binary for FPGA images
with or without an ITS.
Change-Id: I4c0417dec7bccdbad8cbca26fa2634950fc50a66
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
When an Arm Ltd GIC (Arm GIC-[567]00) is instantiated with one or more
ITSes, the ITS MMIO frames appear between the distributor and
redistributor addresses. This makes the beginning of the redistributor
region dependent on the existence and number of ITSes.
To support various FPGA images, with and without ITSes, probe the
addresses in question, to learn whether they accommodate an ITS or a
redistributor. This can be safely done by looking at the PIDR[01]
registers, which contain an ID code for each region, documented in the
Arm GIC TRMs.
We try to find all ITSes instantiated, and skip either two or four 64K
frames, depending on GICv4.1 support. At some point we will find the
first redistributor; this address we then update in the DTB.
Change-Id: Iefb88c2afa989e044fe0b36b7020b56538c60b07
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
For platforms where we don't know the number of cores at compile time,
the size of the GIC redistributor frame is then also undetermined, since
it depends on this number of cores.
On top of this the GICR base address can also change, when an unknown
number of ITS frames (including zero) take up space between the
distributor and redistributor.
So while those two adjustments are done for independent reasons, the
code for doing so is very similar, so we should utilise the existing
fdt_adjust_gic_redist() function.
Add an (optional) gicr_base parameters to the prototype, so callers can
choose to also adjust this base address later, if needed.
Change-Id: Id39c0ba83e7401fdff1944e86950bb7121f210e8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
When we build the convenience firmware package file for the Arm FPGA
boards (bl31.axf), we combine trampolines, the DTB and the actual BL31
code into one ELF file, which is more a "container with load addresses"
than an actual executable. So far ld was fine with us using bl31.elf as
an input file, but binutils 2.35 changed that and complains about
taking an *executable* ELF file as in *input* to the linker:
-----------------
aarch64-none-elf-ld.bfd: cannot use executable file 'build/arm_fpga/debug/./bl31/bl31.elf' as input to a link
-----------------
Fortunately we don't need the actual BL31 ELF file for *that* part of
the linking, so can use the just created bl31.bin binary version of it.
Actually that shrinks the file, as we needlessly included the .BSS
section in the final file before.
Using the binary works with both older and newer toolchains versions, so
let's do this unconditionally.
Change-Id: Ib7e697f8363499123f7cb860f118f182d0830768
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Replace double space with single space in stm32cubeprogrammer_usb.c.
Change-Id: I717b136119e85fe8e25dd540758525f995200458
Signed-off-by: Yann Gautier <yann.gautier@st.com>
* changes:
feat(plat/st/stm32mp1): add STM32MP_USB_PROGRAMMER target
feat(plat/st/stm32mp1): add USB DFU support for STM32MP1
feat(plat/st): add STM32CubeProgrammer support on USB
feat(drivers/st/usb): add device driver for STM32MP1
feat(plat/st): add a USB DFU stack
feat(drivers/usb): add a USB device stack
Add a support of USB as serial boot devices for STM32MP15x platform:
the FIP file is provide by STM32CubeProgrammer with the DFU protocol,
loaded in DDR at DWL_BUFFER_BASE address and then the io memmap is used.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I272c17c458ff1e9d0780f8fa22330c8a35533d19
Add the USB descriptor, the struct used for USB enumeration with
the function usb_dfu_plat_init().
The USB support is based on the usb lib and on the stm32mp1 usb driver.
The content of enumeration (the string descriptor) is identical to
ROM code to avoid the USB reset en re-enumeration needs.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I18b40649e8df83813a5a340b0eee44c9a3470e43
Add a file to support over USB the STMicroelectronics tool
STM32CubeProgrammer in BL2 for STM32MP15x platform.
This tools is based on DFU stack.
Change-Id: I48a8f772cb0e9b8be24c06847f724f0470c0f917
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Add a stack to support the Universal Serial Bus Device Class
Specification for Device Firmware Upgrade (USB DFU v1.1).
This stack is based on the USB device stack (USBD).
Change-Id: I8a56411d184882b6a9e3617c6dfb859086b8f353
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
This patch removes files that are not used by TF-R as well as
removes unused generic files from the TF-R makefile.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Idb15ac295dc77fd38735bf2844efdb73e6f7c89b
This change essentially reverts [1] by removing the BL31 workaround
forcing the dtb address when Hafnium is loaded as an Hypervisor.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/9569
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I302161d027261448113c66b7fafa9c11620b54ef
This change enables MPMM and adds, to the TC firmware configuration
device tree, the AMU counters representing the "gears" for the
Maximum Power Mitigation Mechanism feature of the Cortex-X2,
Cortex-A710 and Cortex-A510:
- Gear 0: throttle medium and high bandwidth vector and viruses.
- Gear 1: throttle high bandwidth vector and viruses.
- Gear 2: throttle power viruses only.
This ensures these counters are enabled and context-switched as
expected.
Change-Id: I6df6e0fe3a5362861aa967a78ab7c34fc4bb8fc3
Signed-off-by: Chris Kay <chris.kay@arm.com>
Including the FCONF Makefile today automatically places the FCONF
sources into the source list of the BL1 and BL2 images. This may be
undesirable if, for instance, FCONF is only required for BL31.
This change moves the BL1 and BL2 source appends out of the common
Makefile to where they are required.
BREAKING CHANGE: FCONF is no longer added to BL1 and BL2 automatically
when the FCONF Makefile (`fconf.mk`) is included. When including this
Makefile, consider whether you need to add `${FCONF_SOURCES}` and
`${FCONF_DYN_SOURCES}` to `BL1_SOURCES` and `BL2_SOURCES`.
Change-Id: Ic028eabb7437ae95a57c5bcb7821044d31755c77
Signed-off-by: Chris Kay <chris.kay@arm.com>
This has been introduced to simplify dependencies on the FDT wrappers.
We generally want to avoid pulling in components on a file-by-file
basis, particularly as we are trying to draw conceptual boxes around
components in preparation for transitioning the build system to CMake,
where dependencies are modelled on libraries rather than files.
Signed-off-by: Chris Kay <chris.kay@arm.com>
Change-Id: Idb7ee05a9b54a8caa3e07f36e608867e20b6dcd5
Increase `PLAT_ARM_MAX_BL2_SIZE` to 128KiB for the primary chip to
accommodate debug builds with log level set to verbose
(LOG_LEVEL=LOG_LEVEL_VERBOSE).
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I9dc835430f61b0d0c46a75f7a36d67f165293c8c
This patch changes Cortex Demeter to Neoverse Demeter.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I7306d09ca60e101d0a96c9ceff9845422d75c160
This patch adds the basic CPU library code to support the Hunter CPU
in TF-A. This CPU is based on the Makalu core so that library code
was adapted as the basis for this patch.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I956b2dc0f43da7cec3e015252392e2694363e1b3
'#' needs to be before TAB, otherwise comment is printed on stdout during build.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I502374ef35d91e194dc35b78d31d6884a466fab2
* changes:
feat(plat/rcar): change process for Suspend To RAM
fix(plat/rcar): change process that copy code to system ram
fix(plat/rcar): fix cache maintenance process of reading cert header
fix(plat/rcar): fix to load image when option BL2_DCACHE_ENABLE is enabled
- Added the function rcar_pwr_domain_pwr_down_wfi() for power down process.
And change the sequence to power down.
- Removed clearing the count of psci_locks (PSCI exclusive lock) during
Warm Boot.
Signed-off-by: Koichi Yamaguchi <koichi.yamaguchi.zb@hitachi.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: I684d54a798a6dccde15fbebe16c6e104cbb470ed
We need to add #include <arch.h> to platform_def.h to fix MODE_RW_64
undeclared.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: I358bc6644243a7ea1befd87f946b4087feddd857
Audio DSP is power-off when system suspend. Remove it from
wakeup source list to prevent unnecessary wakeup.
Signed-off-by: Edward-JW Yang <edward-jw.yang@mediatek.corp-partner.google.com>
Change-Id: Id7251de9c8b9c9a4a4b2c41a310168d336035b9a
assert() is not used in release mode and complaining about unused
variable "desc".
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib919eb27532344a25be0b6ece7e239efa87be744
This change adds just comments why some checks are required. They check
that ENV variables and external repos are correctly set for TF-A builds.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I2f8af5061411c0c92d3875917f4d97b60dc2cf10
The qti sc7280 platform uses the pmk7325 PMIC, which has the same
functionality as the pm8998 driver, with the exception of the LC
PON register offsets, which are defined as:
Since it is nearly identical to the pm8998 driver, moving the above
register offset definitions to platform_def.h for the respective SoC
and reusing the rest of the functions defined in the pm8998 driver.
Renaming pm8998 driver to pm_ps_hold to make it more generic.
Change-Id: I0dda3a54579e0bbdd42c247405362a86d0607478
Signed-off-by: Shelley Chen <shchen@chromium.org>
Made measurement strings compliant to Server Base Security Guide
(SBSG, Arm DEN 0086) hence updated measurement strings for BL32, BL31,
and SCP_BL2 images. As the GPT image is not get measured by BL2 so
removed its measurement string.
Also, namespaced measurement string defines that were looking quite
generic.
Change-Id: Iaa17c0cfeee3d06dc822eff2bd553da23bd99b76
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Introduced functions to set and get Event log information
(tpm_event_log address and its size).
In FVP platform case, measured boot with Event Log backend flow
work as below
1. event_log_init function called by BL1 to initialize Event Log
module
2. arm_set_tb_fw_info function called by BL1 to set the
'tpm_event_log_addr' and 'tpm_event_log_size' properties
in tb_fw_config
3. arm_get_tb_fw_info function called by BL2 to get tpm Event Log
parameters set by BL1. These parameters used by the BL2 to
extend the tpm Event Log records, and use these parameters
to initialize Event Log using event_log_init function
4. arm_set_nt_fw_info and arm_set_tos_fw_info function called by
BL2 to set 'tpm_event_log' address and its size properties in
nt_fw_config and tos_fw_config respectively
Alongside, this patch created a separate instances of plat_mboot_init
and plat_mboot_finish APIs for BL1 and BL2.
This patch is tested using the existing measured boot test configuration
in jenkins CI.
Change-Id: Ib9eca092afe580df014541c937868f921dff9c37
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Making tb_fw_config ready to pass the Event Log base address
and size information to BL2.
Change-Id: I5dd0e79007e3848b5d6d0e69275a46c2e9807a98
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
It looks safer and cleaner approach to record the measurement taken by
BL1 straightaway in TCG Event Log instead of deferring these recordings
to BL2.
Hence pull in the full-fledged measured boot driver into BL1 that
replaces the former ad-hoc platform interfaces i.e.
bl1_plat_set_bl2_hash, bl2_plat_get_hash.
As a result of this change the BL1 of Arm FVP platform now do the
measurements and recordings of below images:
1. FW_CONFIG
2. TB_FW_CONFIG
3. BL2
Change-Id: I798c20336308b5e91b547da4f8ed57c24d490731
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Currently, the Event Log driver does platform layer work by invoking
a few platform functions in the 'event_log_finalise' call. Doing
platform work does not seem to be the driver's responsibility, hence
moved 'event_log_finalise' function's implementation to the platform
layer.
Alongside, introduced few Event Log driver functions and done
some cosmetic changes.
Change-Id: I486160e17e5b0677c734fd202af7ccd85476a551
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Subsequent patches will provide a solution to do the BL2 hash measurement
and recording in BL1 itself, hence in preparation to adopt that solution
remove the logic of passing BL2 hash measurement to BL2 component
via TB_FW config.
Change-Id: Iff9b3d4c6a236a33b942898fcdf799cbab89b724
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Right now, event_log_init() does 2 things:
1) It writes all the necessary TCG data structures in the event log buffer.
2) It writes the first measurement (BL2's).
Step 2) introduces in the TCG event log driver an assumption on what
is getting measured and in what order. Ideally, the driver should only
be concerned about generic operations, such as initializing the event
log or recording a measurement in it. As much as possible, we should
design the driver such that it could be reused in another project that
has a different measure boot flow.
For these reasons, move step 2) up to the caller, plat_mboot_init() in
this case. Make event_log_record() a public function for this purpose.
This refactoring will also help when we make BL1 record BL2's
measurement into the event log (instead of BL2). Both BL1 and BL2 will
need to call the driver's init function but only BL1 will need
recording BL2's measurement. We can handle this through different
implementations of plat_mboot_init() for BL1 and BL2, leaving the TCG
event log driver unchanged.
Change-Id: I358e097c1eedb54f82b866548dfc6bcade83d519
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Right now, the assumption is that the platform post-load hook takes
care of measuring the image that just got loaded. This is how it's
implemented on FVP.
This patch moves the measurement into the generic code
instead. load_auth_image() now calls plat_mboot_measure_image(),
which is a new platform interface introduced in this patch to measure
an image. This is called just after authenticating the image.
Implement plat_mboot_measure_image() for the Arm FVP platform. The code
is copied straight from the post-load hook.
As a result, the FVP specific implementation of
arm_bl2_plat_handle_post_image_load() is no longer needed. We can go
back to using the Arm generic implementation of it.
Change-Id: I7b4b8d28941a865e10af9d0eadaf2e4850942090
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
With the removal of the generic functions measured_boot_init()/finish(),
measured_boot.mk becomes specific to the TCG event log backend. Change
its file name to event_log.mk.
Also, the Event Log driver is one of the backend of measured boot hence
created a separate folder for it under the measured_boot directory.
Alongside done some cosmetic changes (adding a comment and fixing
identation).
Change-Id: I4ce3300e6958728dc15ca5cced09eaa01510606c
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Right now, the measured boot driver is strongly coupled with the TCG
event log driver. It would not be possible to push the measurements
somewhere else, for instance to a physical TPM.
To enable this latter use case, turn the driver's init and teardown
functions into platform hooks. Call them bl2_plat_mboot_init()/finish().
This allows each platform to implement them appropriately, depending on
the type of measured boot backend they use. For example, on a platform
with a physical TPM, the plat_mboot_init() hook would startup the TPM
and setup it underlying bus (e.g. SPI).
Move the current implementation of the init and teardown function to the
FVP platform layer.
Finally move the conditional compilation logic (#if MEASURED_BOOT) out
of bl2_main() to improve its readability. Provide a dummy implementation
in the case measured boot is not included in the build.
Change-Id: Ib6474cb5a9c1e3d4a30c7f228431b22d1a6e85e3
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
tpm_record_measurement() function name suggests that:
- It only records a measurement but does not compute it.
This is not the case, the function does both.
- It stores this measurement into a TPM (discrete chip or fTPM).
This is not the case either, the measurement is just stored into
the event log, which is a data structure hold in memory, there is
no TPM involvement here.
To better convey the intent of the function, rename it into
event_log_measure_and_record().
Change-Id: I0102eeda477d6c6761151ac96759b31b6997e9fb
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Use low to high gpio sequence to reboot/shutdown qemu machine.
Use low to high gpio pins level change which will cause an interrupt
in qemu virt platform. This change will supported with next qemu 6.1
release once patchset:
hw/arm: Make virt board secure powerdown/reset work
will be merged.
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
CC: Peter Maydell <peter.maydell@linaro.org>
Change-Id: I70979517358c3b587722b2dcb33f63d29bf79d9b
Add support for Globalscale MOCHAbin board.
Its based on Armada 7040 SoC and ships in multiple DRAM options:
* 2GB DDR4 (1CS)
* 4GB DDR4 (1CS)
* 8GB DDR4 (2CS)
Since it ships in multiple DRAM configurations, an
Armada 3k style DDR_TOPOLOGY variable is added.
Currently, this only has effect on the MOCHAbin, but
I expect more boards with multiple DRAM sizes to be
supported.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Change-Id: I8a1ec9268fed34f6a81c5cbf1e891f638d461305
In order to enable OCRAM ECC, it need to be initialized
with 64-bit writes and then a write performed to address
0x0010_0534 with the value 0x0000_0008.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Id7d4f5df65ca52f24e9251c08a75ad2006451b95
Fix the error that no "gpio_init_data" is defined when
build with "FUSE_PROG=1".
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I0ba8005725fe33c6d8e68b4d52539f5d5d749f1a
Commit 434d0491c5 ("refactor(makefile): remove BL prefixes in build
macros") changed the MAKE_S macro to expect "bl31" instead of just "31".
Adjust our calls to MAKE_S and MAKE_LD to fix the build for arm_fpga.
Change-Id: I2743e421c10eaecb39bfa4515ea049a1b8d18fcb
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Due to patch [1], the bl prefix was removed from the build macros.
It should then add explicitly when compiling stm32mp1.ld.S.
[1] 434d0491c5 ("refactor(makefile): remove BL prefixes in build macros")
Change-Id: I298dba2a7c958dd4ea6429c83ed4b1ee97e1735f
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add casts where required to avoid compialtion error when enabling
-Wsign-compare in shared resources file.
The assert is also corrected to match the correct range (change ||
to &&).
Change-Id: Ie4c9c0c935d39ff9a2165b909172aacb3e94ab4d
Signed-off-by: Yann Gautier <yann.gautier@st.com>
* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme): add build and run instructions for FEAT_RME
fix(plat/fvp): bump BL2 stack size
fix(plat/fvp): allow changing the kernel DTB load address
refactor(plat/arm): rename ARM_DTB_DRAM_NS region macros
refactor(plat/fvp): update FVP platform DTS for FEAT_RME
feat(plat/arm): add GPT initialization code for Arm platforms
feat(plat/fvp): add memory map for FVP platform for FEAT_RME
refactor(plat/arm): modify memory region attributes to account for FEAT_RME
feat(plat/fvp): add RMM image support for FVP platform
feat(rme): add GPT Library
feat(rme): add ENABLE_RME build option and support for RMM image
refactor(makefile): remove BL prefixes in build macros
feat(rme): add context management changes for FEAT_RME
feat(rme): add Test Realm Payload (TRP)
feat(rme): add RMM dispatcher (RMMD)
feat(rme): run BL2 in root world when FEAT_RME is enabled
feat(rme): add xlat table library changes for FEAT_RME
feat(rme): add Realm security state definition
feat(rme): add register definitions and helper functions for FEAT_RME
Following system registers are modified before exiting EL2 to allow
u-boot/Linux to boot
1. CNTHCTL_EL2.EL1PCTEN -> 1
Allows U-boot to use physical counters at EL1
2. VTCR_EL2.MSA -> 1
Enables VMSA at EL1, which is required by U-Boot and Linux.
3. HCR_EL2.APK = 1 & HCR_EL2.API = 1
Disables PAuth instruction and register traps in EL1
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I58f45b6669a9ad1debb80265b243015c054a9bb1
An STM32 image with the awaited header major version shouldn't be forbid
to boot. If the minor differs, then it means only non-mandatory options
have been added in the reserved fields, and the header remains backward
compatible.
Change-Id: Iff16b67f95c728e2f1d128bd1760a4be497c5ca3
Signed-off-by: Yann Gautier <yann.gautier@st.com>
dt_match_instance_by_compatible() gives the DT node offset in DT
that matches both compatible and the peripheral instance address.
Change-Id: Ia85f4f4aa8fe8efd4df310d765e7586e67aa34c2
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This patch updates and refactors the GPT library and fixes bugs.
- Support all combinations of PGS, PPS, and L0GPTSZ parameters.
- PPS and PGS are set at runtime, L0GPTSZ is read from GPCCR_EL3.
- Use compiler definitions to simplify code.
- Renaming functions to better suit intended uses.
- MMU enabled before GPT APIs called.
- Add comments to make function usage more clear in GPT library.
- Added _rme suffix to file names to differentiate better from the
GPT file system code.
- Renamed gpt_defs.h to gpt_rme_private.h to better separate private
and public code.
- Renamed gpt_core.c to gpt_rme.c to better conform to TF-A precedent.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I4cbb23b0f81e697baa9fb23ba458aa3f7d1ed919
In the typical TF-A boot flow, the Trusted Watchdog is started
at the beginning of BL1 and then stopped in BL1 after returning
from BL2. However, in the RME boot flow there is no return path
from BL2 to BL1. Therefore, disable the Watchdog if ENABLE_RME is set.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Id88fbfab8e8440642414bed48c50e3fcb23f3621
VERBOSE print logs need a larger stack size and the currently configured
BL2 stack size was insufficient for FVP. This patch increases the same.
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I316ba2ea467571161b5f4807e6e5fa0bf89d44c6
We currently use ARM_PRELOADED_DTB_BASE build
variable to pass the kernel DTB base address to
the kernel when using the ARM_LINUX_KERNEL_AS_BL33
option. However this variable doesn't actually
change the DTB load address.
The DTB load address is actually specified in the
FW_CONFIG DTS (fvp_fw_config.dts) as 'hw_config'.
This patch passes the hw_config value instead of
ARM_PRELOADED_DTB_BASE allowing us to change
the kernel DTB load address through
fvp_fw_config.dts.
With this change we don't need the ARM_PRELOADED_DTB_BASE
build variable if RESET_TO_BL31 is not set.
Note that the hw_config value needs to be within the
ARM_DTB_DRAM_NS region specified by FVP_DTB_DRAM_MAP_START
and FVP_DTB_DRAM_MAP_SIZE.
This patch also expands the ARM_DTB_DRAM_NS region to 32MB.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Idd74cdf5d2c649bb320644392ba5d69e175a53a9
The macros PLAT_HW_CONFIG_DTB_BASE and PLAT_HW_CONFIG_DTB_SIZE
describe the range of memory where the HW_CONFIG_DTB can be loaded
rather than the actual load address and size of the DTB. This patch
changes the names to something more descriptive.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I98b81f3ce0c80fd76614f959667c25b07941e190
When RME is enabled, during configuration of the TrustZone controller,
Root regions are initially configured as Secure regions, and Realm
regions as Non-secure regions. Then later these regions are configured
as Root and Realm regions respectively in the GPT. According to the RME
architecture reference manual, Root firmware must ensure that Granule
Protection Check is enabled before enabling any stage of translation.
Therefore initializations are done as follows when RME is enabled :
Initialize/enable the TrustZone controller (plat_arm_security_setup) -->
Initialize/enable GPC (arm_bl2_plat_gpt_setup) -->
enable MMU (enable_mmu_el3)
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I91094e8259079437bee02de1f65edb9ad51e43cf
When FEAT_RME is enabled, memory is divided into four Physical
Address Spaces (PAS): Root, Realm, Secure and Non-secure.
This patch introduces new carveouts for the Trusted SRAM and DRAM
for the FVP platform accordingly.
The following new regions are introduced with this change:
ARM_MAP_L0_GPT_REGION: Trusted SRAM region used to store Level 0
Granule Protection Table (GPT). This region resides in the Root PAS.
ARM_MAP_GPT_L1_DRAM: DRAM region used to store Level 1 GPT. It
resides in the Root PAS.
ARM_MAP_RMM_DRAM: DRAM region used to store RMM image. It
resides in the Realm PAS.
The L0 GPT is stored on Trusted SRAM next to firmware configuration
memory. The DRAM carveout when RME is enable is modified as follow:
--------------------
| |
| AP TZC (~28MB) |
--------------------
| |
| REALM (32MB) |
--------------------
| |
| EL3 TZC (3MB) |
--------------------
| L1 GPT + SCP TZC |
| (~1MB) |
0xFFFF_FFFF --------------------
During initialization of the TrustZone controller, Root regions
are configured as Secure regions. Then they are later reconfigured
to Root upon GPT initialization.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: If2e257141d51f51f715b70d4a06f18af53607254
If FEAT_RME is enabled, EL3 runs in the Root world as opposed to
Secure world. This patch changes EL3 memory region attributes for
Arm platforms accordingly.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Ie176f8b440ff34330e4e44bd3bf8d9703b3892ff
This patch adds the necessary changes needed to build
and load RMM image for the FVP platform. RMM image is
loaded by BL2 after BL32 (if BL32 exists) and before BL33.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I1ac9eade84c2e35c7479a322ca1d090b4e626819
The current Makefile assumes all TF-A binaries
have BL prefixes (BL1, BL2, etc). Now that we
have other binary names with FEAT_RME feature, remove
this assumption. With this change, we need to pass
the full name of a binary when using build macros.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I44e094b2366aa526f807d92dffa709390d14d145
TRP is a small test payload that implements Realm Monitor
Management (RMM) functionalities. RMM runs in the Realm world
(R-EL2) and manages the execution of Realm VMs and their
interaction with the hypervisor in Normal world.
TRP is used to test the interface between RMM and Normal world
software, known as Realm Management Interface (RMI). Current
functions includes returning RMM version and transitioning
granules from Non-secure to Realm world and vice versa.
More information about RMM can be found at:
https://developer.arm.com/documentation/den0125/latest
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Ic7b9a1e1f3142ef6458d40150d0b4ba6bd723ea2
* changes:
feat(plat/rcar3): keep RWDT enabled
feat(drivers/rcar3): add extra offset if booting B-side
feat(plat/rcar3): modify LifeC register setting for R-Car D3
feat(plat/rcar3): modify SWDT counter setting for R-Car D3
feat(plat/rcar3): update DDR setting for R-Car D3
feat(plat/rcar3): remove access to RMSTPCRn registers in R-Car D3
feat(plat/rcar3): add process of SSCG setting for R-Car D3
feat(plat/rcar3): add process to back up X6 and X7 register's value
feat(plat/rcar3): modify operation register from SYSCISR to SYSCISCR
feat(plat/rcar3): add SYSCEXTMASK bit set/clear in scu_power_up
feat(plat/rcar3): change the memory map for OP-TEE
feat(plat/rcar3): use PRR cut to determine DRAM size on M3
feat(plat/rcar3): apply ERRATA_A53_1530924 and ERRATA_A57_1319537
fix(plat/rcar3): fix disabling MFIS write protection for R-Car D3
fix(plat/rcar3): fix eMMC boot support for R-Car D3
fix(plat/rcar3): fix version judgment for R-Car D3
fix(plat/rcar3): fix source file to make about GICv2
fix(drivers/rcar3): console: fix a return value of console_rcar_init
The latest FVP model fix which correctly checks if IRQs
are enabled in current exception level, is causing TFTF
tests to hang.
This patch adds setting SCR_EL3.I and SCR_EL3.F bits in
'fvp_cpu_standby()' function to allow CPU to exit from WFI.
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Change-Id: Iceec1e9dbd805803d370ecdb10e04ad135d6b3aa
For convenience we let the build system generate an ELF file (named
bl31.axf), containing all the trampolines, BL31 code and the DTB in one
file. This can be fed directly into the FPGA payload tool, and it will
load the bits at the right addresses.
Since this ELF file is more used as a "container with load addresses",
there is no need for normal ELF features like alignment or a symbol
table.
Remove unnecessary sections from that output file, by doing a static
"link", dropping the NOBITS stacks section, and by adding "-n" to the
linker command line (to avoid page alignment). This trims the generated
.axf file, and makes it smaller.
Change-Id: I5768543101d667fb4a3b70e60b08cfe970d2a2b6
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The arm64 Linux kernel needed to be loaded at a certain offset within any
2MB aligned region; this value was configured at compile time and stored
in the Linux kernel image header. The default value was always 512KiB,
so this is the value we use in the TF-A build system for the kernel
load address.
However the whole scheme around the TEXT_OFFSET changed in Linux v5.8:
Linux kernels became fully relocatable, so this value is largely ignored
now, and its default value changed to 0. The only remainder is a warning
message at boot time in case there is a mismatch:
[Firmware Bug]: Kernel image misaligned at boot, please fix your bootloader!
To avoid this warning, and to make TF-A Linux kernel boot protocol
compliant, we should load newer kernels to offset 0 of a 2 MB
region. This can be done by the user at FPGA boot time, but BL31 needs
to know about this address. As we can't change the build default to 0
without breaking older kernels, we should try to make a build dealing
with both versions:
This patch introduces a small trampoline code, which gets loaded at
512KB of DRAM, and branches up to 2MB. If users load their newer
kernels at 2MB, this trampoline will cover them. In case an older kernel
is loaded at 512KB, it will overwrite this trampoline code, so it would
still work.
Change-Id: If49ca86f5dca380036caf2555349748722901277
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
* changes:
feat(plat/imx/imx8m/imx8mp): enable Trusted Boot
feat(plat/imx/imx8m/imx8mp): add in BL2 with FIP
refactor(plat/imx/imx8m): make image load logic for TBBR FIP booting common
feat(plat/imx/imx8m/imx8mp): add initial definition to facilitate FIP layout
refactor(plat/imx/imx): make imx io-storage logic for TBBR/FIP common
feat(plat/imx/imx8m/imx8mp): add imx8mp_private.h to the build
Add support for Arm Ethos-N NPU multi-device.
The device tree parsing currently only supports one NPU device with
multiple cores. To be able to support multi-device NPU configurations
this patch adds support for having multiple NPU devices in the device
tree.
To be able to support multiple NPU devices in the SMC API, it has been
changed in an incompatible way so the API version has been bumped.
Signed-off-by: Laurent Carlier <laurent.carlier@arm.com>
Change-Id: Ide279ce949bd06e8939268b9601c267e45f3edc3
This patch adds the basic CPU library code to support the Hayes CPU
in TF-A. This CPU is based on the Klein core so that library code
has been adapted for use here.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: If0e0070cfa77fee8f6eebfee13d3c4f209ad84fc
Adding load, authentication, and transfer functionality from FVP R BL1 to
BL33, which will be the partner runtime code.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I293cad09739dacac0d20dd57c1d98178dbe84d40
For v8-R64, especially R82, creating code to run BL1 at EL2, using MPU.
Signed-off-by: Gary Morrison <gary.morrison@arm.com>
Change-Id: I439ac3915b982ad1e61d24365bdd1584b3070425
Creating a platform port for FVP_R based on the FVP platform.
Differences including only-BL1, aarch64, Secure only, and EL2 being the
ELmax (No EL3).
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I1283e033fbd4e03c397d0a2c10c4139548b4eee4
The 'CORE_PWRDN_EN' bit of 'CPUPWRCTLR_EL1' register requires an
explicit write to clear it for hotplug and idle to function correctly.
So add Neoverse N2 CPU specific handler in platform reset handler to
clear the CORE_PWRDN_EN bit.
Signed-off-by: shriram.k <shriram.k@arm.com>
Change-Id: If3859447410c4b8e704588993941178fa9411f52
The 'CORE_PWRDN_EN' bit of 'CPUPWRCTLR_EL1' register requires an
explicit write to clear it for hotplug and idle to function correctly.
So add Neoverse V1 CPU specific handler in platform reset handler to
clear the CORE_PWRDN_EN bit.
Signed-off-by: shriram.k <shriram.k@arm.com>
Change-Id: I56084c42a56c401503a751cb518238c83cfca8ac
Currently the SP package loading mechanism is only enabled when S-EL2
SPMC is selected. Remove this limitation.
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Change-Id: I5bf5a32248e85a26d0345cacff7d539eed824cfc
Update UUID to little endian:
The SPMC expects a little endian representation of the UUID as an array
of four integers in the SP manifest.
Add managed exit field and cosmetic comments updates.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Icad93ca70bc27bc9d83b8cf888fe5f8839cb1288
CIRQ software reset can be used on all platforms, so we remove
CIRQ_NEED_SW_RESET in mt_cirq_sw_reset to enable software reset.
BUG=b:192200380, b:201035723
Signed-off-by: Pan Gao <gtk_pangao@mediatek.com>
Change-Id: Id53ea099ae566bf2a573fca866bd10c60429bd5a
DFD (Design for Debug) is a debugging tool, which scans
flip-flops and dumps to internal RAM on the WDT reset.
After system reboots, those values could be showed for
debugging.
BUG=b:192429713
Signed-off-by: Rex-BC Chen <rex-bc.chen@mediatek.com>
Change-Id: I02c6c862b6217bc84c83a09b533bd53ec19b06f7
* changes:
feat(docs/nxp/layerscape): add ls1028a soc and board support
feat(plat/nxp/ls1028ardb): add ls1028ardb board support
feat(plat/nxp/ls1028a): add ls1028a soc support
feat(plat/nxp/common): define default SD buffer
feat(driver/nxp/xspi): add MT35XU02G flash info
feat(plat/nxp/common): add SecMon register definition for ch_3_2
feat(driver/nxp/dcfg): define RSTCR_RESET_REQ
feat(plat/nxp/common/psci): define CPUECTLR_TIMER_2TICKS
feat(plat/nxp/common): define default PSCI features if not defined
feat(plat/nxp/common): define common macro for ARM registers
feat(plat/nxp/common): add CCI and EPU address definition