Trap bits of trace filter control registers access are in
architecturally UNKNOWN state at boot hence
1. Initialized trap bits to one to prohibit trace filter control
registers accesses in lower ELs (EL2, EL1) in all security states
when FEAT_TRF is implemented.
2. These bits are RES0 when FEAT_TRF is not implemented and hence set
it to zero to aligns with the Arm ARM reference recommendation,
that mentions software must writes RES0 bits with all 0s.
Change-Id: I1b7abf2170ece84ee585c91cda32d22b25c0fc34
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Introduced a build flag 'ENABLE_SYS_REG_TRACE_FOR_NS' to enable trace
system registers access in NS-EL2, or NS-EL1 (when NS-EL2 is
implemented but unused).
Change-Id: Idc1acede4186e101758cbf7bed5af7b634d7d18d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Trap bits of trace system registers access are in architecturally
UNKNOWN state at boot hence
1. Initialized trap bits to one to prohibit trace system registers
accesses in lower ELs (EL2, EL1) in all security states when system
trace registers are implemented.
2. These bits are RES0 in the absence of system trace register support
and hence set it to zero to aligns with the Arm ARM reference
recommendation,that mentions software must writes RES0 bits with
all 0s.
Change-Id: I4b6c15cda882325273492895d72568b29de89ca3
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Introduced a build flag 'ENABLE_TRBE_FOR_NS' to enable trace buffer
control registers access in NS-EL2, or NS-EL1 (when NS-EL2 is
implemented but unused).
Change-Id: I285a672ccd395eebd377714c992bb21062a729cc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
1. Refined struct soc_info_t definition.
2. Refined get_soc_info function.
3. Fixed some SVR persernality value.
4. Refined API to get cluster numbers and cores per cluster.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I3c20611a523516cc63330dce4c925e6cda1e93c4
Trap bits of trace buffer control registers access are in
architecturally UNKNOWN state at boot hence
1. Initialized these bits to zero to prohibit trace buffer control
registers accesses in lower ELs (EL2, EL1) in all security states
when FEAT_TRBE is implemented
2. Also, these bits are RES0 when FEAT_TRBE is not implemented, and
hence setting it to zero also aligns with the Arm ARM reference
recommendation, that mentions software must writes RES0 bits with
all 0s
Change-Id: If2752fd314881219f232f21d8e172a9c6d341ea1
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
clang build breaks when both ENABLE_PAUTH (BRANCH_PROTECTOR=1)
and CRASH_REPORTING (DEBUG=1) options are enabled:
include/lib/el3_runtime/cpu_data.h:135:2: error: redefinition of typedef
'assert_cpu_data_crash_stack_offset_mismatch' is a C11 feature [-Werror,
-Wtypedef-redefinition]
assert_cpu_data_crash_stack_offset_mismatch);
^
include/lib/el3_runtime/cpu_data.h:128:2: note: previous definition is here
assert_cpu_data_crash_stack_offset_mismatch);
^
1 error generated.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I22c8c45a94a64620007979d55412dbb57b11b813
Cortex A78 AE erratum 1941500 is a Cat B erratum that applies
to revisions <= r0p1. It is still open.
This erratum is avoided by by setting CPUECTLR_EL1[8] to 1.
There is a small performance cost (<0.5%) for setting this
bit.
SDEN is available at https://developer.arm.com/documentation/SDEN1707912/0900
Change-Id: I2d72666468b146714a0340ba114ccf0f5165b39c
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds the basic CPU library code to support the Demeter
CPU. This CPU is based on the Makalu-ELP core so that CPU lib code
was adapted to create this patch.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ib5740b748008a72788c557f0654d8d5e9ec0bb7f
Put default ea handler implementation into function plat_default_ea_handler()
which just print verbose information and panic, so it can be called also
from overwritten / weak function plat_ea_handler() implementation.
Replace every custom implementation of printing verbose error message of
external aborts in custom plat_ea_handler() functions by a common
implementation from plat_default_ea_handler() function.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I15897f61b62b4c3c29351e693f51d4df381f3b98
* changes:
feat(io_mtd): offset management for FIP usage
feat(nand): count bad blocks before a given offset
feat(plat/st): add helper to save boot interface
fix(plat/st): improve DDR get size function
refactor(plat/st): map DDR secure at boot
refactor(plat/st): rework TZC400 configuration
Bump the required FF-A version in framework and manifests to v1.1 as
upstream feature development goes.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I89b2bd3828a13fc4344ccd53bc3ac9c0c22ab29f
Neoverse V1 erratum 1925756 is a Cat B erratum present in r0p0, r1p0,
and r1p1 of the V1 processor core, and it is still open.
SDEN can be found here:
https://documentation-service.arm.com/static/60d499080320e92fa40b4625
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I6500dc98da92a7c405b9ae09d794d666e8f4ae52
Neoverse V1 erratum 1852267 is a Cat B erratum present in r0p0 and
r1p0 of the V1 processor core. It is fixed in r1p1.
SDEN can be found here:
https://documentation-service.arm.com/static/60d499080320e92fa40b4625
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ide5e0bc09371fbc91c2385ffdff74e604beb2dbe
Neoverse V1 erratum 1774420 is a Cat B erratum present in r0p0 and
r1p0 of the V1 processor core. It is fixed in r1p1.
SDEN can be found here:
https://documentation-service.arm.com/static/60d499080320e92fa40b4625
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I66e27b2518f73faeedd8615a1443a74b6a30f123
NXP drivers header files are moved:
- from: drivers/nxp/<xx>/*.h
- to : include/drivers/nxp/<xx>/*.h
To accommodate these changes each drivers makefiles
drivers/nxp/<xx>/xx.mk, are updated.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I3979c509724d87e3d631a03dbafda1ee5ef07d21
Renamed hw_crc32 to tf_crc32 to make the file and function
name more generic so that the same name can be used in upcoming
software CRC32 implementation.
Change-Id: Idff8f70c50ca700a4328a27b49d5e1f14d2095eb
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Added firmware update support in Arm platforms by using
FWU platform hooks and compiling FWU driver in BL2
component.
Change-Id: I71af06c09d95c2c58e3fd766c4a61c5652637151
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Implemented FWU metadata load and verification APIs.
Also, exported below APIs to the platform:
1. fwu_init - Load FWU metadata in a structure. Also, set the
addresses of updated components in I/O policy
2. fwu_is_trial_run_state - To detect trial run or regular run
state
Change-Id: I67eeabb52d9275ac83be635306997b7c353727cd
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Added FWU platform specific functions declarations in common
platform header.
Change-Id: I637e61753ea3dc7f7e7f3159ae1b43ab6780aef2
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Added a firmware update metadata structure as per section 4.1
in the specification document[1].
Also, added the build options used in defining the firmware
update metadata structure.
[1]: https://developer.arm.com/documentation/den0118/a/
Change-Id: I8f43264a46fde777ceae7fd2a5bb0326f1711928
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
* changes:
refactor(plat/allwinner): clean up platform definitions
refactor(plat/allwinner): do not map BL32 DRAM at EL3
refactor(plat/allwinner): map SRAM as device memory by default
refactor(plat/allwinner): rename static mmap region constant
feat(bl_common): import BL_NOBITS_{BASE,END} when defined
The SDEI specification now says that during an SDEI
event handler dispatch the SPSR should be set according
to the TakeException() pseudocode function defined in
the Arm Architecture Reference Manual. This patch sets
the SPSR according to the function given in
ARM DDI 0487F.c page J1-7635
Change-Id: Id2f8f2464fd69c701d81626162827e5c4449b658
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
If SVE are enabled for both Non-secure and Secure world along with AMU
extension, then it causes the TAM_BIT in CPTR_EL3 to be set upon exit
from bl31. This restricts access to the AMU register set in normal
world. This fix maintains consistency in both TAM_BIT and CPTR_EZ_BIT
by saving and restoring CPTR_EL3 register from EL3 context.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: Id76ce1d27ee48bed65eb32392036377716aff087
If SEPARATE_NOBITS_REGION is enabled, the platform may need to map
memory specifically for that region. Import the symbols from the linker
script to allow the platform to do so.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: Iaec4dee94a6735b22f58f7b61f18d53e7bc6ca8d
Existing macro ERROR() prints string "ERROR" followed by string
specified by caller. Therefore via this existing macro it is not
possible to end incomplete / existing line by a newline character.
This change adds a new macro ERROR_NL() which prints just a newline
character without any prefix. Implementation of this macro is done via a
new function tf_log_newline() which based on supplied log level either
return or print newline character.
If needed in future based on this tf_log_newline() function can be
defined also macros for other log levels.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I05414ca177f94cdc0f6077394d9c4af4a4382306
Neoverse V1 erratum 1791573 is a Cat B erratum present in r0p0 and
r1p0 of the V1 processor core. It is fixed in r1p1.
SDEN can be found here:
https://documentation-service.arm.com/static/60d499080320e92fa40b4625
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ic6f92da4d0b995bd04ca5b1673ffeedaebb71d10
A new seek handler is also created. It will be used for NAND to add an
extra offset in case of bad blocks, when FIP is used.
Change-Id: I03fb1588b44029db50583c0b2e7af7a1e88a5a7a
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
In case of FIP, the offsets given in the FIP header are relative.
If bad blocks are found between the FIP base address and this offset,
the offset should be updated, taking care of the bad blocks.
Change-Id: I96fefabb583b3d030ab05191bae7d45cfeefe341
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
For Arm platforms PIE is enabled when RESET_TO_BL31=1 in aarch64 mode on
the similar lines enable PIE when RESET_TO_SP_MIN=1 in aarch32 mode.
The underlying changes for enabling PIE in aarch32 is submitted in
commit 4324a14bf
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib8bb860198b3f97cdc91005503a3184d63e15469
Enables SVE support for the secure world via ENABLE_SVE_FOR_SWD.
ENABLE_SVE_FOR_SWD defaults to 0 and has to be explicitly set by the
platform. SVE is configured during initial setup and then uses EL3
context save/restore routine to switch between SVE configurations for
different contexts.
Reset value of CPTR_EL3 changed to be most restrictive by default.
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: I889fbbc2e435435d66779b73a2d90d1188bf4116
Cortex A78 erratum 1821534 is a Cat B erratum present in r0p0 and
r1p0 of the A78 processor core, it is fixed in r1p1.
SDEN can be found here:
https://documentation-service.arm.com/static/603e3733492bde1625aa8780
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I71057c4b9625cd9edc1a06946b453cf16ae5ea2c
Cortex A77 erratum 1791578 is a Cat B erratum present in r0p0, r1p0,
and r1p1 of the A77 processor core, it is still open.
SDEN can be found here:
https://documentation-service.arm.com/static/60a63a3c982fc7708ac1c8b1
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ib4b963144f880002de308def12744b982d3df868
BTI instructions are a part of the NOP space in earlier architecture
versions, so it's not inherently incorrect to enable BTI code
or instructions even if the target architecture does not support them.
This change reduces our reliance on architecture versions when checking
for features.
Change-Id: I79f884eec3d65978c61e72e4268021040fd6c96e
Signed-off-by: Chris Kay <chris.kay@arm.com>
* changes:
refactor(plat/nvidia): use SOC_ID defines
refactor(plat/mediatek): use SOC_ID defines
refactor(plat/arm): use SOC_ID defines
feat(plat/st): implement platform functions for SMCCC_ARCH_SOC_ID
refactor(plat/st): export functions to get SoC information
feat(smccc): add bit definition for SMCCC_ARCH_SOC_ID
The arm-gic.h was a concatenation of arm-gic.h and irq.h from Linux.
Just copy the 2 files here. They both have MIT license which is accepted
in TF-A.
With this alignment, a new macro is added (GIC_CPU_MASK_SIMPLE).
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Ib45174f35f1796ebb7f34af861b59810cfb808b0
Use dedicated read function for boot partition
Signed-off-by: Vyacheslav Yurkov <uvv.mail@gmail.com>
Change-Id: If75df7691fce0797205365736fc6e4e3429efdca
Added a public function to read blocks from a current boot partition.
switch between partitions has to respect eMMC partition switch timing.
Signed-off-by: Vyacheslav Yurkov <uvv.mail@gmail.com>
Change-Id: I55b0c910314253e5647486609583fd290dadd30a
The UART code for the A3K platform assumes that UART parent clock rate
is always 25 MHz. This is incorrect, because the xtal clock can also run
at 40 MHz (this is board specific).
The frequency of the xtal clock is determined by a value on a strapping
pin during SOC reset. The code to determine this frequency is already in
A3K's comphy driver.
Move the get_ref_clk() function from the comphy driver to a separate
file and use it for UART parent clock rate determination.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I8bb18a2d020ef18fe65aa06ffa4ab205c71be92e
This patch renames the Matterhorn, Matterhorn ELP, and Klein CPUs to
Cortex A710, Cortex X2, and Cortex A510 respectively.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I056d3114210db71c2840a24562b51caf2546e195
Use the macros that are now defined in include/lib/smccc.h.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I688a76277b729672835d51fafb68d1d6205b6ae4
The definitions of SMCCC_ARCH_SOC_ID SoC version return bits are defined
in SMC Calling Convention [1]. Add the masks and shifts for JEP-106 bank
index, JEP-106 identification code, and Implementation defined SoC ID.
Add a macro to easily set JEP-106 fields.
[1] https://developer.arm.com/documentation/den0028/latest/
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Iecbd09f6de6728de89dc746d2d1981a5a97a8ab7
Add constants, structures and build definition for the
new standard SMCCC PCI conduit. These are documented
in DEN0115A.
https://developer.arm.com/documentation/den0115/latest
Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
Change-Id: If667800a26b9ae88626e8d895674c9c2e8c09658
Added support for HW computed CRC using Arm ACLE intrinsics.
These are built-in intrinsics available for ARMv8.1-A, and
onwards.
These intrinsics are enabled via '-march=armv8-a+crc' compile
switch for ARMv8-A (supports CRC instructions optionally).
HW CRC support is enabled unconditionally in BL2 for all Arm
platforms.
HW CRC calculation is verified offline to ensure a similar
result as its respective ZLib utility function.
HW CRC calculation support will be used in the upcoming
firmware update patches.
Change-Id: Ia2ae801f62d2003e89a9c3e6d77469b5312614b3
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Disable non-invasive debug of secure state for Juno
in release builds. This makes sure that PMU counts
only Non-secure events.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I0d1c3f96f3b4e48360a7211ae55851d65d291025
This patch adds setting MDCR_EL3.MCCD in 'el3_arch_init_common'
macro to disable cycle counting by PMCCNTR_EL0 in EL3 when
FEAT_PMUv3p7 is implemented. This fixes failing test
'Leak PMU CYCLE counter values from EL3 on PSCI suspend SMC'
on FVP models with 'has_v8_7_pmu_extension' parameter set to
1 or 2.
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Change-Id: I2ad3ef501b31ee11306f76cb5a61032ecfd0fbda
Handle calls to the FFA_SPM_ID_GET interface. If FFA_SPM_ID_GET is
invoked from the non-secure physical FF-A instance, return the SPMC id
(defined in the SPMC manifest). If FFA_SPM_ID_GET is invoked from
the secure physical FF-A instance (e.g. the SPMC), return the SPMD id.
Change-Id: Id6d4e96b1da2510386d344e09c4553dba01227ec
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
* changes:
stm32mp1: enable PIE for BL32
stm32mp1: set BL sizes regardless of flags
Add PIE support for AARCH32
Avoid the use of linker *_SIZE__ macros
Added GPT parser support in BL2 for Arm platforms to get the entry
address and length of the FIP in the GPT image.
Also, increased BL2 maximum size for FVP platform to successfully
compile ROM-enabled build with this change.
Verified this change using a patch:
https://review.trustedfirmware.org/c/ci/tf-a-ci-scripts/+/9654
Change-Id: Ie8026db054966653b739a82d9ba106d283f534d0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
NOTE: Breaking change to the way UUIDs are stored in the DT
Currently, UUIDs are stored in the device tree as
sequences of 4 integers. There is a mismatch in endianness
between the way UUIDs are represented in memory and the way
they are parsed from the device tree. As a result, we must either
store the UUIDs in little-endian format in the DT (which means
that they do not match up with their string representations)
or perform endianness conversion after parsing them.
Currently, TF-A chooses the second option, with unwieldy
endianness-conversion taking place after reading a UUID.
To fix this problem, and to make it convenient to copy and
paste UUIDs from other tools, change to store UUIDs in string
format, using a new wrapper function to parse them from the
device tree.
Change-Id: I38bd63c907be14e412f03ef0aab9dcabfba0eaa0
Signed-off-by: David Horstmann <david.horstmann@arm.com>
TF-A does not have the capability to read UUIDs in string form
from the device tree. This capability is useful for readability,
so add a wrapper function, fdtw_read_uuid() to parse UUIDs from
the DT.
This function should parse a string of the form:
"aabbccdd-eeff-4099-8877-665544332211"
to the byte sequence in memory:
[aa bb cc dd ee ff 40 99 88 77 66 55 44 33 22 11]
Change-Id: I99a92fbeb40f4f4713f3458b36cb3863354d2bdf
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Replaced PLAT_ARM_FIP_BASE and PLAT_ARM_FIP_MAX_SIZE macro with a
generic name PLAT_ARM_FLASH_IMAGE_BASE and PLAT_ARM_FLASH_IMAGE_MAX_SIZE
so that these macros can be reused in the subsequent GPT based support
changes.
Change-Id: I88fdbd53e1966578af4f1e8e9d5fef42c27b1173
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This patch fixes static checks errors reported for missing copyright in
`include/dt-bindings/interrupt-controller/arm-gic.h` and the include
order of header files in `.dts` and `.dtsi` files.
Change-Id: I2baaf2719fd2c84cbcc08a8f0c4440a17a9f24f6
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Signed-off-by: Chris Kay <chris.kay@arm.com>
The `arm-gic.h` file distributed by the Linux kernel is disjunctively
dual-licensed under the GPL-2.0 or MIT licenses, but the BSD-3-Clause
license has been applied in violation of the requirements of both
licenses. This change ensures the file is correctly licensed under the
terms of the MIT license, and that we comply with it by distributing a
copy of the license text.
Change-Id: Ie90066753a5eb8c0e2fc95ba43e3f5bcbe2fa459
Signed-off-by: Chris Kay <chris.kay@arm.com>
Only BL32 (SP_min) is supported at the moment, BL1 and BL2_AT_EL3 are just
stubbed with _pie_fixup_size=0.
The changes are an adaptation for AARCH32 on what has been done for
PIE support on AARCH64.
The RELA_SECTION is redefined for AARCH32, as the created section is
.rel.dyn and the symbols are .rel*.
Change-Id: I92bafe70e6b77735f6f890f32f2b637b98cf01b9
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The use of end addresses is preferred over the size of sections.
This was done for some AARCH64 files for PIE with commit [1],
and some extra explanations can be found in its commit message.
Align the missing AARCH64 files.
For AARCH32 files, this is required to prepare PIE support introduction.
[1] f1722b693d ("PIE: Use PC relative adrp/adr for symbol reference")
Change-Id: I8f1c06580182b10c680310850f72904e58a54d7d
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The Arm Generic Timer specification mandates that the
interrupt associated with each timer is low level triggered,
see:
Arm Cortex-A76 Core:
"Each timer provides an active-LOW interrupt output to the SoC."
Arm Cortex-A53 MPCore Processor:
"It generates timer events as active-LOW interrupt outputs and
event streams."
The following files in fdts\
fvp-base-gicv3-psci-common.dtsi
fvp-base-gicv3-psci-aarch32-common.dtsi
fvp-base-gicv2-psci-aarch32.dts
fvp-base-gicv2-psci.dts
fvp-foundation-gicv2-psci.dts
fvp-foundation-gicv3-psci.dts
describe interrupt types as edge rising
IRQ_TYPE_EDGE_RISING = 0x01:
interrupts = <1 13 0xff01>,
<1 14 0xff01>,
<1 11 0xff01>,
<1 10 0xff01>;
, see include\dt-bindings\interrupt-controller\arm-gic.h:
which causes Linux to generate the warnings below:
arch_timer: WARNING: Invalid trigger for IRQ5, assuming level low
arch_timer: WARNING: Please fix your firmware
This patch adds GIC_CPU_MASK_RAW macro definition to
include\dt-bindings\interrupt-controller\arm-gic.h,
modifies interrupt type to IRQ_TYPE_LEVEL_LOW and
makes use of type definitions in arm-gic.h.
Change-Id: Iafa2552a9db85a0559c73353f854e2e0066ab2b9
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
ELP processors can sometimes have different MIDR values or features so
we are adding the "_arm" suffix to differentiate the reference
implementation from other future versions.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ieea444288587c7c18a397d279ee4b22b7ad79e20
By default the Arm Ethos-N NPU will boot up in secure mode. In this mode
the non-secure world cannot access the registers needed to use the NPU.
To still allow the non-secure world to use the NPU, a SiP service has
been added that can delegate non-secure access to the registers needed
to use it.
Only the HW_CONFIG for the Arm Juno platform has been updated to include
the device tree for the NPU and the platform currently only loads the
HW_CONFIG in AArch64 builds.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I65dfd864042ed43faae0a259dcf319cbadb5f3d2
Move efuse definitions to a separate header file for later
usage with other FW modules.
Change-Id: I2e9465f760d0388c8e5863bc64a4cdc57de2417f
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Reviewed-on: https://sj1git1.cavium.com/c/IP/SW/boot/atf/+/47313
Tested-by: sa_ip-sw-jenkins <sa_ip-sw-jenkins@marvell.com>
Reviewed-by: Yi Guo <yi.guo@cavium.com>
The SCMI power domain protocol in firmware has been updated to v2.0,
thus update the corresponding version in TF-A too.
Signed-off-by: Nicola Mazzucato <nicola.mazzucato@arm.com>
Change-Id: If3920ff71136dce94b2780e29a47f24aa09876c0
Enable basic support for QEMU "max" CPU.
The "max" CPU does not attampt to emulate any specific CPU, but rather
just enables all the functions emulated by QEMU.
Change-Id: I69c212932ef61433509662d0fefbabb1e9e71cf2
Signed-off-by: Leif Lindholm <leif@nuviainc.com>
Since there is a secure and non-secure version of the timer registers
there is no need to preserve their context in EL3.
With that, following registers were removed from EL3 save/restore
routine:
cnthps_ctl_el2
cnthps_tval_el2
cnthps_cval_el2
cnthvs_ctl_el2
cnthvs_tval_el2
cnthvs_cval_el2
cnthp_ctl_el2
cnthp_cval_el2
cnthp_tval_el2
cnthv_ctl_el2
cnthv_cval_el2
cnthv_tval_el2
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: I6e2fc09c74a7375c4fccc11f12af4e39e6dc616b
The legacy console is gone. Re-add DCC console support based
on the multi-console framework.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Change-Id: Ia8388721093bc1be3af40974530d7c9a9ae5f43e
Broadcom I2C controller driver. Follwoing API's are supported:-
- i2c_init() Intialize ethe I2C controller
- i2c_probe()
- i2c_set_bus_speed() Set the I2C bus speed
- i2c_get_bus_speed() Get the current bus speed
- i2c_recv_byte() Receive one byte of data.
- i2c_send_byte() Send one byteof data
- i2c_read_byte() Read single byte of data
- i2c_read() Read multiple bytes of data
- i2c_write_byte Write single byte of data
- i2c_write() Write multiple bytes of data
This driver is verified by reading the DDR SPD data.
Signed-off-by: Bharat Gooty <bharat.gooty@broadcom.com>
Change-Id: I2d7fe53950e8b12fab19d0293020523ff8b74e13
NXP SMMU driver API for NXP SoC.
- Currently it supports by-passing SMMU, called only when NXP CAAM
is enabled.
- (TBD) AMQ based SMMU access control: Access Management Qualifiers (AMQ)
advertised by a bus master for a given transaction.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I23a12928ddedb1a2cf4b396606e35c67e016e331
Flexspi driver now introduces read/write/erase APIs for complete flash
size, FAST-READ are by default used and IP bus is used for erase, read
and write using flexspi APIs.
Framework layer is currently embedded in driver itself using flash_info
defines.
Test cases are also added to confirm flash functionality currently under
DEBUG flag.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Ashish Kumar <Ashish.Kumar@nxp.com>
Signed-off-by: Kuldeep Singh <kuldeep.singh@nxp.com>
Change-Id: I755c0f763f6297a35cad6885f84640de50f51bb0
NXP Timer Apis are based on:
- drivers/delay_timer
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I2cbccf4c082a10affee1143390905b9cc99c3382
Generic framework is added to include platform defined UUID.
This framework is added for the following:
- All NXP SoC based platforms needed additional fip-fuse.bin
- NXP SoC lx2160a based platforms requires additional fip-ddr.bin
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: Ibe05d9c596256e34077287a490dfcd5b731ef2cf
Conditional definition for the macro MAX_NUMBER_IDS.
This will allow to update this definition by the platform
specific implementation.
Since, NXP SoC lx2160a based platforms requires additional
FIP DDR to be loaded before initializing the DDR.
It requires addition of defines for DDR image IDs.
A dedicated header plat_tbbr_img_def.h is added to the platform
folder - plat/nxp/common/include/default/
Inclusion of this header file will depend on the compile time
flag PLAT_TBBR_IMG_DEF.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I4faba74dce578e2a34acbc8915ff75d7b8368cee
Incorrect value is picked for TF_MBEDTLS_USE_RSA defination,
even if the TF_MBEDTLS_RSA is enabled.
Due to which PK_DER_LEN is defined incorrectly.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I2ca4ca121e0287b88ea689c885ddcd45a34a3e91
Changes to 'tools/cert_create' folder, to include platform defined
certificates, keys, and extensions.
NXP SoC lx2160a : based platforms requires additional
FIP DDR to be loaded before initializing the DDR.
To enable chain of trust on these platforms, FIP DDR
image needs to be authenticated, additionally.
Platform specific folder 'tools/nxp/cert_create_helper'
is added to support platform specific macros and definitions.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I4752a30a9ff3aa1d403e9babe3a07ba0e6b2bf8f
A new function tzc400_it_handler() is created to manage TZC400
interrupts. The required helpers to read and clear interrupts are added
as well.
In case DEBUG is enabled, more information about the faulty access
(address, NSAID, type of access) is displayed.
Change-Id: Ie9ab1c199a8f12b2c9472d7120efbdf35711284a
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The UEFI specification details the represenatation
for the EFI_GUID type. Add this representation to the
uuid_helper_t union type so that GUID definitions
can be shared verbatim between UEFI and TF-A header
files.
Change-Id: Ie44ac141f70dd0025e186581d26dce1c1c29fce6
Signed-off-by: Tomas Pilar <tomas@nuviainc.com>
The speculation barrier feature (`FEAT_SB`) was introduced with and
made mandatory in the Armv8.5-A extension. It was retroactively made
optional in prior extensions, but the checks in our code-base do not
reflect that, assuming that it is only available in Armv8.5-A or later.
This change introduces the `ENABLE_FEAT_SB` definition, which derives
support for the `sb` instruction in the assembler from the feature
flags passed to it. Note that we assume that if this feature is enabled
then all the cores in the system support it - enabling speculation
barriers for only a subset of the cores is unsupported.
Signed-off-by: Chris Kay <chris.kay@arm.com>
Change-Id: I978ed38829385b221b10ba56d49b78f4756e20ea
Remove the former impdef SPMD service for SPMC entry point
registration. Replace with FFA_SECONDARY_EP_REGISTER ABI
providing a single entry point address into the SPMC for
primary and secondary cold boot.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I067adeec25fc12cdae90c15a616903b4ac4d4d83
ARMv8.6 adds virtual offset registers to support virtualization of the
event counters in EL1 and EL0. This patch enables support for this
feature in EL3 firmware.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I7ee1f3d9f554930bf5ef6f3d492e932e6d95b217
* changes:
plat/marvell/armada: cleanup MSS SRAM if used for copy
plat/marvell: cn913x: allow CP1/CP2 mapping at BLE stage
plat/marvell/armada/common/mss: use MSS SRAM in secure mode
include/drivers/marvell/mochi: add detection of secure mode
plat/marvell: fix SPD handling in dram port
marvell: drivers: move XOR0/1 DIOB from WIN 0 to 1
drivers/marvell/mochi: add support for cn913x in PCIe EP mode
drivers/marvell/mochi: add missing stream IDs configurations
plat/marvell/armada/a8k: support HW RNG by SMC
drivers/rambus: add TRNG-IP-76 driver
The Juno Trusted Entropy Source has a bias, which makes the generated
raw numbers fail a FIPS 140-2 statistic test.
To improve the quality of the numbers, we can use the CPU's CRC
instructions, which do a decent job on conditioning the bits.
This adds a *very* simple version of arm_acle.h, which is typically
provided by the compiler, and contains the CRC instrinsics definitions
we need. We need the original version by using -nostdinc.
Change-Id: I83d3e6902d6a1164aacd5060ac13a38f0057bd1a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Add Rambus (InsideSecure) TRNG-IP-76 HW RNG driver.
This IP is part of Marvell Armada CP110/CP115 die integrated
to Armada 7k/8K/CN913x SoCs
Change-Id: I9c5f510ad6728c7ed168da43d85b19d5852cd873
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Reviewed-by: Stefan Chulski <stefanc@marvell.com>
The filters parameter passed to tzc400_configure_region() is supposed
to be filter bit flag without bit shift, so the macros
TZC_400_REGION_ATTR_FILTER_BIT and TZC_400_REGION_ATTR_FILTER_BIT_ALL
should always construct the value without any shift.
It is not a functional issue for TZC_REGION_ATTR_F_EN_SHIFT is lucky
to be 0.
Signed-off-by: Heyi Guo <guoheyi@linux.alibaba.com>
Change-Id: I5d363c462b8517256523f637e670eefa56722afd
This adds the TRNG Firmware Interface Service to the standard
service dispatcher. This includes a method for dispatching entropy
requests to platforms and includes an entropy pool implementation to
avoid dropping any entropy requested from the platform.
Change-Id: I71cadb3cb377a507652eca9e0d68714c973026e9
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
In DDR controller PWRTMG register, the mask for field SELFREF_TO_X32 is
wrong. This field is from bit 16 to 23.
Change-Id: Id336fb08c88f0a153df186dd819e41af72febb88
Signed-off-by: Yann Gautier <yann.gautier@st.com>
From commit: 21571b1d140ae7bb44e94c0afba2ec61456b275b
The coding guidelines[1] in TF-A forbid the use of ato*() functions
in favour of strto*(). However, the TF-A libc does not provide an
implementation of strto*(), making this rule impossible to satisfy.
Also made small changes to fit into TF-A project. Added the source
files to the libc makefile
[1] https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-guidelines.html#libc-functions-that-are-banned-or-to-be-used-with-caution
Change-Id: I2e94a0b227ec39f6f4530dc50bb477999d27730f
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
From commit: 21571b1d140ae7bb44e94c0afba2ec61456b275b
The coding guidelines[1] in TF-A forbid the use of ato*() functions
in favour of strto*(). However, the TF-A libc does not provide an
implementation of strto*(), making this rule impossible to satisfy.
Also made small changes to fit into TF-A project. Added the source
files to the libc makefile
[1] https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-guidelines.html#libc-functions-that-are-banned-or-to-be-used-with-caution
Change-Id: I9cb581574d46de73c3d6917ebf78935fc5ac075a
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
From commit: 21571b1d140ae7bb44e94c0afba2ec61456b275b
The coding guidelines[1] in TF-A forbid the use of ato*() functions
in favour of strto*(). However, the TF-A libc does not provide an
implementation of strto*(), making this rule impossible to satisfy.
Also made small changes to fit into TF-A project. Added the source
files to the libc makefile
[1] https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-guidelines.html#libc-functions-that-are-banned-or-to-be-used-with-caution
Change-Id: I8c3b92751d1ce226c966f7c81fedd83f0846865e
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
From commit: 21571b1d140ae7bb44e94c0afba2ec61456b275b
The coding guidelines[1] in TF-A forbid the use of ato*() functions
in favour of strto*(). However, the TF-A libc does not provide an
implementation of strto*(), making this rule impossible to satisfy.
Also made small changes to fit into TF-A project. Added the source
files to the libc makefile
[1] https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-guidelines.html#libc-functions-that-are-banned-or-to-be-used-with-caution
Change-Id: Ica95bf5da722913834fe90bf3fe743aa34e01e80
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
For SoCs which do not implement RAS, use DSB as a barrier to
synchronize pending external aborts at the entry and exit of
exception handlers. This is needed to isolate the SErrors to
appropriate context.
However, this introduces an unintended side effect as discussed
in the https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3440
A summary of the side effect and a quick workaround is provided as
part of this patch and summarized here:
The explicit DSB at the entry of various exception vectors in BL31
for handling exceptions from lower ELs can inadvertently trigger an
SError exception in EL3 due to pending asyncrhonouus aborts in lower
ELs. This will end up being handled by serror_sp_elx in EL3 which will
ultimately panic and die.
The way to workaround is to update a flag to indicate if the exception
truly came from EL3. This flag is allocated in the cpu_context
structure. This is not a bullet proof solution to the problem at hand
because we assume the instructions following "isb" that help to update
the flag (lines 100-102 & 139-141) execute without causing further
exceptions.
Change-Id: I4d345b07d746a727459435ddd6abb37fda24a9bf
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This patch does not change code, it only updates comments and macro name
for 6th bit of Status Register. So TF-A binary stay same.
6th bit of the Status Register is named TX EMPTY and is set to 1 when both
Transmitter Holding Register (THR) or Transmitter Shift Register (TSR) are
empty. It is when all characters were already transmitted.
There is also TX FIFO EMPTY bit in the Status Register which is set to 1
only when THR is empty.
In both console_a3700_core_init() and console_a3700_core_flush() functions
we should wait until both THR and TSR are empty therefore we should check
6th bit of the Status Register.
So current code is correct, just had misleading macro names and comments.
This change fixes this "documentation" issue, fixes macro name for 6th bit
of the Status Register and also updates comments.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I19e4e7f53a90bcfb318e6dd1b1249b6cbf81c4d3
Implementation is simple, just check if there is a pending character in
RX FIFO via RXRDY bit of Status Register and if yes, read it from
UART_RX_REG register.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I226b6e336f44f5d0ca8dcb68e49a68e8f2f49708
Add ISAR0 feature register read helper, location
of FEAT_RNG bits, feature support helper and the
rndr/rndrrs register read helpers.
Signed-off-by: Tomas Pilar <tomas@nuviainc.com>
Change-Id: I2a785a36f62a917548e55892ce92fa8b72fcb99d
Cortex A78 erratum 1951500 is a Cat B erratum that applies to revisions
r0p0, r1p0, and r1p1. The workaround is to insert a DMB ST before
acquire atomic instructions without release semantics. This workaround
works on revisions r1p0 and r1p1, in r0p0 there is no workaround.
SDEN can be found here:
https://documentation-service.arm.com/static/5fb66157ca04df4095c1cc2e
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I47610cee75af6a127ea65edc4d5cffc7e6a2d0a3
Cortex A78 erratum 1941498 is a Cat B erratum that applies to revisions
r0p0, r1p0, and r1p1. The workaround is to set bit 8 in the ECTLR_EL1
register, there is a small performance cost (<0.5%) for setting this bit.
SDEN can be found here:
https://documentation-service.arm.com/static/5fb66157ca04df4095c1cc2e
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I959cee8e3d46c1b84ff5e4409ce5945e459cc6a9
Write char if fifo is empty. If this is done like this all chars are
printed. Because origin code just put that chars to fifo and in case of
reset messages were missing.
Before this change chars are put to fifo and only check before adding if
fifo is full. The patch is changing this logic that it is adding char only
when fifo is empty to make sure that in case of reset (by another SW for
example) all chars are printed. Maybe one char can be missed but for IP
itself it is much easier to send just one char compare to full fifo.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Change-Id: Ic24c2c1252bce24be2aed68ee29477ca4a549e5f
* changes:
allwinner: Use RSB for the PMIC connection on H6
allwinner: Return the PMIC to I2C mode after use
allwinner: Always use a 3MHz RSB bus clock
Increase SP max size for latest OP-TEE build with debug and
stats enabled.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Change-Id: I4593884e0deb39ada10009f6876d815136f8ee65
This gives the rich OS the flexibility to choose between I2C and RSB
communication. Since a runtime address can only be assigned once after
entering RSB mode, it also lets the rich OS choose any runtime address.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: Id49c124c5e925985fc31c0ba38c7fb6c941aafa8
If FEAT_PMUv3 is implemented and PMEVTYPER<n>(_EL0).MT bit is implemented
as well, it is possible to control whether PMU counters take into account
events happening on other threads.
If FEAT_MTPMU is implemented, EL3 (or EL2) can override the MT bit
leaving it to effective state of 0 regardless of any write to it.
This patch introduces the DISABLE_MTPMU flag, which allows to diable
multithread event count from EL3 (or EL2). The flag is disabled
by default so the behavior is consistent with those architectures
that do not implement FEAT_MTPMU.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: Iee3a8470ae8ba13316af1bd40c8d4aa86e0cb85e
This patch provides the following changes:
- Adds definition for FEAT_MTE3 value in ID_AA64PFR1_EL1 register
- Enables Memory Tagging Extension for FEAT_MTE3.
Change-Id: I735988575466fdc083892ec12c1aee89b5faa472
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Enable basic support for Neoverse-N2 CPUs.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I498adc2d9fc61ac6e1af8ece131039410872e8ad
This patch provides the changes listed below:
- Adds new bit fields definitions for SCTLR_EL1/2 registers
- Corrects the name of SCTLR_EL1/2.[20] bit field from
SCTLR_UWXN_BIT to SCTLR_TSCXT_BIT
- Adds FEAT_PANx bit field definitions and their possible
values for ID_AA64MMFR1_EL1 register.
- Adds setting of SCTLR_EL1.SPAN bit to preserve PSTATE.PAN
on taking an exception to EL1 in spm_sp_setup() function
(services\std_svc\spm_mm\spm_mm_setup.c)
Change-Id: If51f20e7995c649126a7728a4d0867041fdade19
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This errata workaround did not work as intended and was revised in
subsequent SDEN releases so we are reverting this change.
This is the patch being reverted:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4686
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I8554c75d7217331c7effd781b5f7f49b781bbebe
This errata workaround did not work as intended and was revised in
subsequent SDEN releases so we are reverting this change.
This is the patch being reverted:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4684
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I560749a5b55e22fbe49d3f428a8b9545d6bdaaf0
Currently, when RECLAIM_INIT_CODE is set, the
stacks are scaled to ensure that the entirety
of the init section can be reclaimed as stack.
This causes an issue in lib/psci/aarch64/psci_helpers.S,
where the stack size is used for cache operations in
psci_do_pwrdown_cache_maintenance(). If the stacks
are scaled, then the PSCI code may fail to invalidate
some of the stack memory before power down.
Resizing stacks is also not good for stability in general,
since code that works with a small number of cores may
overflow the stack when the number of cores is increased.
Change to make every stack be PLATFORM_STACK_SIZE big,
and allow the total stack to be smaller than the
init section.
Any pages of the init section not reclaimed as
stack will be set to read-only and execute-never,
for security.
Change-Id: I10b3884981006431f2fcbec3864c81d4a8c246e8
Signed-off-by: David Horstmann <david.horstmann@arm.com>
When issuing barrier instructions like DSB or DMB, we must make sure
that the compiler does not undermine out efforts to fence off
instructions. Currently the compiler is free to move the barrier
instruction around, in respect to former or later memory access
statements, which is not what we want.
Add a compiler barrier to the inline assembly statement in our
DEFINE_SYSOP_TYPE_FUNC macro, to make sure memory accesses are not
reordered by the compiler.
This is in line with Linux' definition:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/include/asm/barrier.h
Since those instructions share a definition, apart from DSB and DMB this
now also covers some TLBI instructions. Having a compiler barrier there
also is useful, although we probably have stronger barriers in place
already.
Change-Id: If6fe97b13a562643a643efc507cb4aad29daa5b6
Reported-by: Alexandru Elisei <alexandru.elisei@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
To support platforms without Trusted DRAM this patch defines
PLAT_ARM_SPMC_BASE and enables platform to use either Trusted DRAM or
DRAM region behind TZC.
Change-Id: Icaa5c7d33334258ff27e8e0bfd0812c304e68ae4
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Retrieve peripheral base address from a define instead of
parsing the device tree. The goal is to improve execution time.
Signed-off-by: Pascal Paillet <p.paillet@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I2588c53ad3d4abcc3d7fe156458434a7940dd72b
Usually, C has no problem up-converting types to larger bit sizes. MISRA
rule 10.7 requires that you not do this, or be very explicit about this.
This resolves the following required rule:
bl1/aarch64/bl1_context_mgmt.c:81:[MISRA C-2012 Rule 10.7 (required)]<None>
The width of the composite expression "0U | ((mode & 3U) << 2U) | 1U |
0x3c0U" (32 bits) is less that the right hand operand
"18446744073709547519ULL" (64 bits).
This also resolves MISRA defects such as:
bl2/aarch64/bl2arch_setup.c:18:[MISRA C-2012 Rule 12.2 (required)]
In the expression "3U << 20", shifting more than 7 bits, the number
of bits in the essential type of the left expression, "3U", is
not allowed.
Further, MISRA requires that all shifts don't overflow. The definition of
PAGE_SIZE was (1U << 12), and 1U is 8 bits. This caused about 50 issues.
This fixes the violation by changing the definition to 1UL << 12. Since
this uses 32bits, it should not create any issues for aarch32.
This patch also contains a fix for a build failure in the sun50i_a64
platform. Specifically, these misra fixes removed a single and
instruction,
92407e73 and x19, x19, #0xffffffff
from the cm_setup_context function caused a relocation in
psci_cpus_on_start to require a linker-generated stub. This increased the
size of the .text section and caused an alignment later on to go over a
page boundary and round up to the end of RAM before placing the .data
section. This sectionn is of non-zero size and therefore causes a link
error.
The fix included in this reorders the functions during link time
without changing their ording with respect to alignment.
Change-Id: I76b4b662c3d262296728a8b9aab7a33b02087f16
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
And from crash_console_flush.
We ignore the error information return by console_flush in _every_
place where we call it, and casting the return type to void does not
work around the MISRA violation that this causes. Instead, we collect
the error information from the driver (to avoid changing that API), and
don't return it to the caller.
Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
This patch updates the MIDR value for rainier cpu.
Change-Id: I99a5d96f757239cf65b2688095c4ec66cd991cf9
Signed-off-by: Jagadeesh Ujja <jagadeesh.ujja@arm.com>
Cortex A77 erratum 1925769 is a Cat B erratum, present in older
revisions of the Cortex A77 processor core. The workaround is to
set bit 8 in the ECTLR_EL1 register, there is a small performance cost
(<0.5%) for setting this bit.
SDEN can be found here:
https://documentation-service.arm.com/static/5f7c35d0d3be967f7be46d33
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I9cf0e0b5dc1e3e32e24279d2632c759cc7bd7ce9
Update the libfdt source files, the upstream commit is 73e0f143b73d
("libfdt: fdt_strerror(): Fix comparison warning").
This brings us the fixes for the signed/unsigned comparison warnings,
so platforms can enable -Wsign-compare now.
Change-Id: I303d891c82ffea0acefdde27289339db5ac5a289
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch migrates the mbedcrypto dependency for TF-A
to mbedTLS repo v2.24.0 which is the latest release tag.
The relevant documentation is updated to reflect the
use of new version.
Change-Id: I116f44242e8c98e856416ea871d11abd3234dac1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
* changes:
arm_fpga: Add platform documentation
arm_fpga: Add post-build linker script
arm_fpga: Add ROM trampoline
arm_fpga: Add devicetree file
arm_fpga: Remove SPE PMU DT node if SPE is not available
arm_fpga: Adjust GICR size in DT to match number of cores
fdt: Add function to adjust GICv3 redistributor size
drivers: arm: gicv3: Allow detecting number of cores
We now have code to detect the CPU topology at runtime, and can also
populate the CPU nodes in a devicetree accordingly. This is used by the
ARM FPGA port, for instance.
But also a GICv3 compatible interrupt controller provides MMIO frames
per core, so the size of this region needs to be adjusted in the DT,
to match the number of cores as well.
Provide a generic function to find the GICv3 interrupt controller in
the DT, then adjust the "reg" entry to match the number of detected
cores. Since the size of the GICR frame per cores differs between
GICv4 and GICv3, this size is supplied as a parameter to the function.
The caller should determine the applicable value by either hardcoding
it or by observing GICR_TYPER.VLPIS.
Change-Id: Ic2a6445c2c5381a36bf24263f52fcbefad378c05
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
A GICv3 interrupt controller will be instantiated for a certain number
of cores. This will result in the respective number of GICR frames. The
last frame will have the "Last" bit set in its GICR_TYPER register.
For platforms with a topology unknown at build time (the Arm FPGAs, for
instance), we need to learn the number of used cores at runtime, to size
the GICR region in the devicetree accordingly.
Add a generic function that iterates over all GICR frames until it
encounters one with the "Last" bit set. It returns the number of cores
the GICv3 has been configured for.
Change-Id: I79f033c50dfc1c275aba7122725868811abcc4f8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
* changes:
plat/arm: Add platform support for Morello
fdts: add device tree sources for morello platform
lib/cpus: add support for Morello Rainier CPUs
This patch adds CPU support for the Rainier CPU which is
derived from Neoverse N1 r4p0 CPU and implements the
Morello capability architecture.
Change-Id: Ic6b796481da5a66504ecb0648879446edf4c69fb
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Cortex A77 erratum 1508412 is a Cat B Errata present in r0p0 and r1p0.
The workaround is a write sequence to several implementation defined
registers based on A77 revision.
This errata is explained in this SDEN:
https://static.docs.arm.com/101992/0010/Arm_Cortex_A77_MP074_Software_Developer_Errata_Notice_v10.pdf
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I217993cffb3ac57c313db8490e7b8a7bb393379b
This patch allows the system to fallback to a default CPU library
in case the MPID does not match with any of the supported ones.
This feature can be enabled by setting SUPPORT_UNKNOWN_MPID build
option to 1 (enabled by default only on arm_fpga platform).
This feature can be very dangerous on a production image and
therefore it MUST be disabled for Release images.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I0df7ef2b012d7d60a4fd5de44dea1fbbb46881ba
Depending on compiler, the issue about bool or uint*_t not defined can
appear.
Correct this by adding stdbool.h and stdint.h includes in etzpc.h.
Change-Id: If1419dc511efbe682459fa4a776481fa52a38aa3
Signed-off-by: Yann Gautier <yann.gautier@st.com>
nand_wait_ready is called with a millisecond delay
but the timeout used a micro second. Fixing the conversion
in the timeout call.
The prototype of the function is also changed to use an unsigned int
parameter.
Change-Id: Ia3281be7980477dfbfdb842308d35ecd8b926fb8
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
There is one dtsi file per SoC version:
- STM32MP151: common part for all version, Single Cortex-A7
- STM32MP153: Dual Cortex-A7
- STM32MP157: + GPU and DSI, but not needed for TF-A
The STM32MP15xC include a cryptography peripheral, add it in a dedicated
file.
There are 4 packages available, for which the IOs number change. Have one
file for each package. The 2 packages AB and AD are added.
STM32157A-DK1 and STM32MP157C-DK2 share most of their features, a common
dkx file is then created.
Some reordering is done in other files, and realign with kernel DT files.
The DDR files are generated with our internal tool, no changes in the
registers values.
Change-Id: I9f2ef00306310abe34b94c2f10fc7a77a10493d1
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Builds in Debug mode with Measured Boot enabled might run out of trusted
SRAM. This patch allows to change the Log Level at which the Measured Boot
driver will dump the event log, so the latter can be accessed even on
Release builds if necessary, saving space on RAM.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I133689e313776cb3f231b774c26cbca4760fa120
From commit: 21571b1d140ae7bb44e94c0afba2ec61456b275b
Made small changes to fit into TF-A project
Change-Id: I991f653a7ace04f9c84bcda78ad8d7114ea18e93
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Implemented a parser which populates the properties of
the CoT descriptors as per the binding document [1].
'COT_DESC_IN_DTB' build option is disabled by default and can
be enabled in future for all Arm platforms by making necessary
changes in the memory map.
Currently, this parser is tested only for FVP platform.
[1]:
https://trustedfirmware-a.readthedocs.io/en/latest/components/cot-binding.html
Change-Id: I2f911206087a1a2942aa728de151d2ac269d27cc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
It uses the existing implementation of snprintf() function
Change-Id: Ie59418564c2e415222e819cf322c34e9a4d1f336
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
From commit: 21571b1d140ae7bb44e94c0afba2ec61456b275b
Made small changes to fit into TF-A project
Change-Id: I07fd7fe1037857f6b299c35367c104fb51fa5cfa
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The API can be used to invoke a 'stop_func' callback for all
other cores from any initiating core. Optionally it can also
wait for other cores to power down. There may be various use
of such API by platform. Ex: Platform may use this to power
down all other cores from a crashed core.
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Change-Id: I4f9dc8a38d419f299c021535d5f1bcc6883106f9
The DSU contains system control registers in the SCU and L3 logic to
control the functionality of the cluster. If "DIRECT CONNECT" L3
memory system variant is used, there won't be any L3 cache,
snoop filter, and SCU logic present hence no system control register
will be present. Hence check SCU presence before accessing DSU register
for DSU_936184 errata.
Signed-off-by: Pramod Kumar <pramod.kumar@broadcom.com>
Change-Id: I1ffa8afb0447ae3bd1032c9dd678d68021fe5a63
This patch creates and populates the /cpus node in a device tree
based on the existing topology. It uses the minimum required nodes
and properties to satisfy the binding as specified in
https://www.kernel.org/doc/Documentation/devicetree/bindings/arm/cpus.txt
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I03bf4e9a6427da0a3b8ed013f93d7bc43b5c4df0
This patch introduces support for PN9 variant for some
Denver based platforms.
Original change by: Hemant Nigam <hnigam@nvidia.com>
Signed-off-by: Kalyani Chidambaram Vaidyanathan <kalyanic@nvidia.com>
Change-Id: I331cd3a083721fd1cd1b03f4a11b32fd306a21f3
Using the Fconf, register base address of the various nv-counters
(currently, trusted, non-trusted nv-counters) are moved to the
device tree and retrieved during run-time. This feature is
enabled using the build option COT_DESC_IN_DTB.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I236f532e63cea63b179f60892cb406fc05cd5830
Created a header file defining the id of the various nv-counters
used in the system.
Also, updated the device tree to add 'id' property for the trusted
and non-trusted nv-counters.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ia41a557f7e56ad4ed536aee11c7a59e078ae07c0
'EHF' is used by RAS, SDEI, SPM_MM common frameworks.
If platform needs to plug-in specific handlers then
'PLAT_EHF_DESC' can be used to populate platform specific
priority levels.
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Change-Id: I37af7e0e48111f87b6982604bf5c15db3e05755d
FF-A interface to handle SPMC to SPMD direct messages requests.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: Ia707a308c55561a31dcfa86e554ea1c9e23f862a
In case of AT speculative workaround applied, page table walk
is disabled for lower ELs (EL1 and EL0) in EL3.
Hence added a wrapper function which temporarily enables page
table walk to execute AT instruction for lower ELs and then
disables page table walk.
Execute AT instructions directly for lower ELs (EL1 and EL0)
assuming page table walk is enabled always when AT speculative
workaround is not applied.
Change-Id: I4ad4c0bcbb761448af257e9f72ae979473c0dde8
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
As per latest mailing communication [1], we decided to
update AT speculative workaround implementation in order to
disable page table walk for lower ELs(EL1 or EL0) immediately
after context switching to EL3 from lower ELs.
Previous implementation of AT speculative workaround is available
here: 45aecff00
AT speculative workaround is updated as below:
1. Avoid saving and restoring of SCTLR and TCR registers for EL1
in context save and restore routine respectively.
2. On EL3 entry, save SCTLR and TCR registers for EL1.
3. On EL3 entry, update EL1 system registers to disable stage 1
page table walk for lower ELs (EL1 and EL0) and enable EL1
MMU.
4. On EL3 exit, restore SCTLR and TCR registers for EL1 which
are saved in step 2.
[1]:
https://lists.trustedfirmware.org/pipermail/tf-a/2020-July/000586.html
Change-Id: Iee8de16f81dc970a8f492726f2ddd57e7bd9ffb5
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
SCTLR and TCR registers of EL1 plays role in enabling/disabling of
page table walk for lower ELs (EL0 and EL1).
Hence re-arranged EL1 context offsets to have SCTLR and TCR registers
values one after another in the stack so that these registers values
can be saved and restored using stp and ldp instruction respectively.
Change-Id: Iaa28fd9eba82a60932b6b6d85ec8857a9acd5f8b
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
* changes:
SPM: Add owner field to cactus secure partitions
SPM: Alter sp_gen.mk entry depending on owner of partition
plat/arm: enable support for Plat owned SPs
For Arm platforms SPs are loaded by parsing tb_fw_config.dts and
adding them to SP structure sequentially, which in-turn is appended to
loadable image list.
With recently introduced dualroot CoT for SPs where they are owned
either by SiP or by Platform. SiP owned SPs index starts at SP_PKG1_ID
and Plat owned SPs index starts at SP_PKG5_ID. As the start index of SP
depends on the owner, there should be a mechanism to parse owner of a SP
and put it at the correct index in SP structure.
This patch adds support for parsing a new optional field "owner" and
based on it put SP details(UUID & Load-address) at the correct index in
SP structure.
Change-Id: Ibd255b60d5c45023cc7fdb10971bef6626cb560b
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
We relyed on the default signed-ness of constants, which is usually
signed. This can create MISRA violations, such as:
bl1/bl1_main.c:257:[MISRA C-2012 10.8 (required)] Cast of composite
expression off essential type signed to essential type unsigned
These constants were only used as unsigned, so this patch makes them
explicitly unsigned.
Change-Id: I5f1310c881e936077035fbb1d5ffb449b45de3ad
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
There was a collision between the name of the typedef in the CASSERT and
something else, so we make the name of the typedef unique to the
invocation of DEFFINE_SVC_UUID2 by appending the name that's passed into
the macro. This eliminates the following MISRA violation:
bl1/bl1_main.c:233:[MISRA C-2012 Rule 5.6 (required)] Identifier
"invalid_svc_uuid" is already used to represent a typedef.
This also resolves MISRA rule 5.9.
These renamings are as follows:
* tzram -> secram. This matches the function call name as it has
sec_mem in it's name
* fw_config_base -> config_base. This file does not mess with
hw_conig, so there's little chance of confusion
Change-Id: I8734ba0956140c8e29b89d0596d10d61a6ef351e
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
For dualroot CoT there are two sets of SP certificates, one owned by
Silicon Provider(SiP) and other owned by Platform. Each certificate can
have a maximum of 4 SPs.
This patch reduces the number of SiP owned SPs from 8 to 4 and adds
the remaining 4 to Plat owned SP.
Plat owned SP certificate is signed using Platform RoT key and
protected against anti-rollback using the Non-trusted Non-volatile
counter.
Change-Id: Idc3ddd87d6d85a5506a7435f45a6ec17c4c50425
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Add support to generate a certificate named "plat-sp-cert" for Secure
Partitions(SP) owned by Platform.
Earlier a single certificate file "sip-sp-cert" was generated which
contained hash of all 8 SPs, with this change SPs are divided into
two categories viz "SiP owned" and "Plat owned" containing 4 SPs each.
Platform RoT key pair is used for signing.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I5bd493cfce4cf3fc14b87c8ed1045f633d0c92b6
ERRATA ID: RES-3033912 - Internal Address Space Init state causes
a hang upon accesses to [0xf070_0000, 0xf07f_ffff]
Workaround: Boot Firmware (ATF) should configure CCU_RGF_WIN(4) to
split [0x6e_0000, 0xff_ffff] to values [0x6e_0000, 0x6f_ffff] and
[0x80_0000, 0xff_ffff] that cause accesses to the segment of
[0xf070_0000, 0xf07f_ffff] to act as RAZWI. Reuse common
work-around code for both AP806 and AP807.
Change-Id: Ia91a4802d02917d1682faa0c81571093d1687d97
Signed-off-by: Stefan Chulski <stefanc@marvell.com>
This patch fixes the bug when AMUv1 group1 counters was
always assumed being implemented without checking for its
presence which was causing exception otherwise.
The AMU extension code was also modified as listed below:
- Added detection of AMUv1 for ARMv8.6
- 'PLAT_AMU_GROUP1_NR_COUNTERS' build option is removed and
number of group1 counters 'AMU_GROUP1_NR_COUNTERS' is now
calculated based on 'AMU_GROUP1_COUNTERS_MASK' value
- Added bit fields definitions and access functions for
AMCFGR_EL0/AMCFGR and AMCGCR_EL0/AMCGCR registers
- Unification of amu.c Aarch64 and Aarch32 source files
- Bug fixes and TF-A coding style compliant changes.
Change-Id: I14e407be62c3026ebc674ec7045e240ccb71e1fb
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
BL31 binary size is aligned to 4KB because of the
code in include\plat\arm\common\arm_reclaim_init.ld.S:
__INIT_CODE_UNALIGNED__ = .;
. = ALIGN(PAGE_SIZE);
__INIT_CODE_END__ = .;
with all the zero data after the last instruction of
BL31 code to the end of the page.
This causes increase in size of BL31 binary stored in FIP
and its loading time by BL2.
This patch reduces the size of BL31 image by moving
page alignment from __INIT_CODE_END__ to __STACKS_END__
which also increases the stack size for secondary CPUs.
Change-Id: Ie2ec503fc774c22c12ec506d74fd3ef2b0b183a9
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch adds support for additional Denver MIDRs to
cover all the current SKUs.
Change-Id: I85d0ffe9b3cb351f430ca7d7065a2609968a7a28
Signed-off-by: Alex Van Brunt <avanbrunt@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Currently only single signing domain is supported for SP packages but
there is plan to support dual signing domains if CoT is dualroot.
SP_CONTENT_CERT_ID is the certificate file which is currently generated
and signed with trusted world key which in-turn is derived from Silicon
provider RoT key.
To allow dual signing domain for SP packages, other certificate file
will be derived from Platform owned RoT key.
This patch renames "SP_CONTENT_CERT_ID" to "SIP_SP_CONTENT_CERT_ID" and
does other related changes.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I0bc445a3ab257e2dac03faa64f46e36a9fed5e93
Provide manifest and build options to boot OP-TEE as a
guest S-EL1 Secure Partition on top of Hafnium in S-EL2.
Increase ARM_SP_MAX_SIZE to cope with OP-TEE debug build image.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Idd2686fa689a78fe2d05ed92b1d23c65e2edd4cb
Add CN913x case to bl2_plat_get_cp_count.
Fix loading of cp1/2 image. This is a preparation
patch for adding CN913x SoC family support.
Change-Id: Id84a30203d20572fc0dfd3f91ea395c199a85fe9
Signed-off-by: Ben Peled <bpeled@marvell.com>
This patch fixes defects 10.3, 10.4, 10.7, 20.7
reported by MISRA-2012 scan and adds braces for
conditional statements according to the TF-A
coding style.
Change-Id: If84ed31cdd55bc8e7cdd2a5f48c0dacc25792112
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Currently, 'SMCCC_ARCH_FEATURES' SMC call handler unconditionally
returns 'SMC_OK' for 'SMCCC_ARCH_SOC_ID' function. This seems to
be not correct for the platform which doesn't implement soc-id
functionality i.e. functions to retrieve both soc-version and
soc-revision.
Hence introduced a platform function which will check whether SMCCC
feature is available for the platform.
Also, updated porting guide for the newly added platform function.
Change-Id: I389f0ef6b0837bb24c712aa995b7176117bc7961
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This reverts commit 11af40b630, reversing
changes made to 2afcf1d4b8.
This errata workaround did not work as intended so we are reverting this
change. In the future, when the corrected workaround is published in an
SDEN, we will push a new workaround.
This is the patch being reverted:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4750
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I20aa064c1bac9671939e657bec269d32b9e75a97
In BL2, fw_config's population happened before the cache gets
enabled.
Hence to boost the performance, moved fw_config's population
after cache gets enabled (i.e. after MMU gets enabled).
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I2e75cabd76b1cb7a660f6b72f409ab40d2877284
Updated the function 'set_fw_config_info' to make it generic
by doing below changes:
1. Rename function name from 'set_fw_config_info' to 'set_config_info'
2. Take image_id as an argument so that this function can set any
config information.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Icf29e19d3e9996d8154d84dbbbc76712fab0f0c1
Update the data type of the member 'config_max_size' present in the
structure 'dyn_cfg_dtb_info_t' to uint32_t.
This change is being done so that dyn_cfg_dtb_info_t and image_info
structure should use same data type for maximum size.
Change-Id: I9b5927a47eb8351bbf3664b8b1e047ae1ae5a260
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
* changes:
plat/arm/board/fvp: Add support for Measured Boot
TF-A: Add support for Measured Boot driver to FCONF
TF-A: Add support for Measured Boot driver in BL1 and BL2
TF-A: Add Event Log for Measured Boot
TF-A: Add support for Measured Boot driver
This patch adds support for Event Log generation required
for Measured Boot functionality.
Change-Id: I34f05a33565e6659e78499d62cc6fb00b7d6c2dc
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch adds support for Measured Boot driver functionality
in common Arm platform code.
Change-Id: If049dcf8d847c39023b77c0d805a8cf5b8bcaa3e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Getting the actual size of a DTB blob is useful beyond the Raspberry Pi
port, so let's move this helper to a common header.
Change-Id: Ia5be46e9353ca859a1e5ad9e3c057a322dfe22e2
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch redefines 'true' and 'false' definitions in
'include/lib/libc/stdbool.h' to fix defect reported by
MISRA C-2012 Rule 10.1
"The expression \"0\" of non-boolean essential type is
being interpreted as a boolean value for the operator \"? :\"."
Change-Id: Ie1b16e5826e5427cc272bd753e15d4d283e1ee4c
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
- Fix the line address macro
- LLC invalidate and enable before ways lock for allocation
- Add support for limited SRAM size allocation
- Add SRAM RW test function
Change-Id: I1867ece3047566ddd7931bd7472e1f47fb42c8d4
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Included cot_descriptors.dtsi in platform device tree
(fvp_tb_fw_config.dts).
Also, updated the maximum size of tb_fw_config to 0x1800
in order to accomodate the device tree for CoT descriptors.
Follow up patch will parse the device tree for these CoT descriptors
and fill the CoT descriptor structures at runtime instead of using
static CoT descriptor structures in the code base.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I90122bc713f6842b82fb019b04caf42629b4f45a
Added CoT descriptor nodes and properties in device tree.
Currently, CoT descriptors which are used by BL2 are added as part
of device tree.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Iff23cff843e5489fac18bcee5f5d6a71de5ad0d0
Introduce stm32mp1_register_clock_parents_secure() in stm32mp1
clock driver to allow platform shared resources to register as
secure the parent clocks of a clock registered as secure.
Change-Id: I53a9ab6aa78ee840ededce67e7b12a84e08ee843
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
The .rela.dyn section is the same for BL2-AT-EL3, BL31, TSP.
Move it to the common header file.
I slightly changed the definition so that we can do "RELA_SECTION >RAM".
It still produced equivalent elf images.
Please note I got rid of '.' from the VMA field. Otherwise, if the end
of previous .data section is not 8-byte aligned, it fails to link.
aarch64-linux-gnu-ld.bfd: warning: changing start of section .rela.dyn by 4 bytes
aarch64-linux-gnu-ld.bfd: warning: changing start of section .rela.dyn by 4 bytes
aarch64-linux-gnu-ld.bfd: warning: changing start of section .rela.dyn by 4 bytes
make: *** [Makefile:1071: build/qemu/release/bl31/bl31.elf] Error 1
Change-Id: Iba7422d99c0374d4d9e97e6fd47bae129dba5cc9
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This version corresponds to the following commit <7be250b>
libfdt: Correct condition for reordering blocks
Also, updated the Juno romlib jumptable with fdt APIs.
Change-Id: Ib6d28c1aea81c2144a263958f0792cc4daea7a1f
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
* changes:
plat: marvell: armada: a8k: add OP-TEE OS MMU tables
drivers: marvell: add support for mapping the entire LLC to SRAM
plat: marvell: armada: add LLC SRAM CCU setup for AP806/AP807 platforms
plat: marvell: armada: reduce memory size reserved for FIP image
plat: marvell: armada: platform definitions cleanup
plat: marvell: armada: a8k: check CCU window state before loading MSS BL2
drivers: marvell: add CCU driver API for window state checking
drivers: marvell: align and extend llc macros
plat: marvell: a8k: move address config of cp1/2 to BL2
plat: marvell: armada: re-enable BL32_BASE definition
plat: marvell: a8k: extend includes to take advantage of the phy_porting_layer
marvell: comphy: initialize common phy selector for AP mode
marvell: comphy: update rx_training procedure
plat: marvell: armada: configure amb for all CPs
plat: marvell: armada: modify PLAT_FAMILY name for 37xx SoCs
* changes:
doc: Update memory layout for firmware configuration area
plat/arm: Increase size of firmware configuration area
plat/arm: Load and populate fw_config and tb_fw_config
fconf: Handle error from fconf_load_config
plat/arm: Update the fw_config load call and populate it's information
fconf: Allow fconf to load additional firmware configuration
fconf: Clean confused naming between TB_FW and FW_CONFIG
tbbr/dualroot: Add fw_config image in chain of trust
cert_tool: Update cert_tool for fw_config image support
fiptool: Add fw_config in FIP
plat/arm: Rentroduce tb_fw_config device tree
Neoverse N1 erratum 1800710 is a Cat B erratum, present in older
revisions of the Neoverse N1 processor core. The workaround is to
set a bit in the ECTLR_EL1 system register, which disables allocation
of splintered pages in the L2 TLB.
This errata is explained in this SDEN:
https://static.docs.arm.com/sden885747/f/Arm_Neoverse_N1_MP050_Software_Developer_Errata_Notice_v21.pdf
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ie5b15c8bc3235e474a06a57c3ec70684361857a6
Cortex A77 erratum 1800714 is a Cat B erratum, present in older
revisions of the Cortex A77 processor core. The workaround is to
set a bit in the ECTLR_EL1 system register, which disables allocation
of splintered pages in the L2 TLB.
Since this is the first errata workaround implemented for Cortex A77,
this patch also adds the required cortex_a77_reset_func in the file
lib/cpus/aarch64/cortex_a77.S.
This errata is explained in this SDEN:
https://static.docs.arm.com/101992/0010/Arm_Cortex_A77_MP074_Software_Developer_Errata_Notice_v10.pdf
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I844de34ee1bd0268f80794e2d9542de2f30fd3ad
Increased the size of firmware configuration area to accommodate
all configs.
Updated maximum size of following bootloaders due to increase
in firmware configs size and addition of the code in the BL2.
1. Increased maximum size of BL2 for Juno platform in no
optimisation case.
2. Reduced maximum size of BL31 for fvp and Juno platform.
3. Reduced maximum size of BL32 for Juno platform.
Change-Id: Ifba0564df0d1fe86175bed9fae87fdcf013b1831
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Modified the code to do below changes:
1. Load tb_fw_config along with fw_config by BL1.
2. Populate fw_config device tree information in the
BL1 to load tb_fw_config.
3. In BL2, populate fw_config information to retrieve
the address of tb_fw_config and then tb_fw_config
gets populated using retrieved address.
4. Avoid processing of configuration file in case of error
value returned from "fw_config_load" function.
5. Updated entrypoint information for BL2 image so
that it's arg0 should point to fw_config address.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: Ife6f7b673a074e7f544ee3d1bda7645fd5b2886c
Updated 'fconf_load_config' function to return
the error.
Error from 'fconf_load_config" gets handled
by BL1 in subsequent patches.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I4360f4df850e355b5762bb2d9666eb285101bc68
Modified the `fconf_load_config` function so that it can
additionally support loading of tb_fw_config along with
fw_config.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ie060121d367ba12e3fcac5b8ff169d415a5c2bcd
Cleaned up confused naming between TB_FW and FW_CONFIG.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I9e9f6e6ca076d38fee0388f97d370431ae067f08
Updated cert_tool to add hash information of fw_config image into
the existing "trusted boot fw" certificate.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I720319225925806a2a9f50a1ac9c8a464be975f0
Added support in fiptool to include fw_config image
in FIP.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ibbd14723a4141598d9d7f6bfcf88a0ef92cf87bc
Change handler of FFA version interface:
- Return SPMD's version if the origin of the call is secure;
- Return SPMC's version if origin is non-secure.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I0d1554da79b72b1e02da6cc363a2288119c32f44
Cortex A76 erratum 1800710 is a Cat B erratum, present in older
revisions of the Cortex A76 processor core. The workaround is to
set a bit in the ECTLR_EL1 system register, which disables allocation
of splintered pages in the L2 TLB.
This errata is explained in this SDEN:
https://static.docs.arm.com/sden885749/g/Arm_Cortex_A76_MP052_Software_Developer_Errata_Notice_v20.pdf
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ifc34f2e9e053dcee6a108cfb7df7ff7f497c9493
Cortex A76 erratum 1791580 is a Cat B erratum present in earlier
revisions of the Cortex A76. The workaround is to set a bit in the
implementation defined CPUACTLR2 register, which forces atomic store
operations to write-back memory to be performed in the L1 data cache.
This errata is explained in this SDEN:
https://static.docs.arm.com/sden885749/g/Arm_Cortex_A76_MP052_Software_Developer_Errata_Notice_v20.pdf
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Iefd58159b3f2e2286138993317b98e57dc361925
* changes:
drivers/scmi-msg: smt entry points for incoming messages
drivers/scmi-msg: support for reset domain protocol
drivers/scmi-msg: support for clock protocol
drivers/scmi-msg: driver for processing scmi messages
It is desired to have the peripheral writes completed to clear the
interrupt condition and de-assert the interrupt request to GIC before
EOI write. Failing which spurious interrupt will occurred.
A barrier is needed to ensure peripheral register write transfers are
complete before EOI is done.
GICv2 memory mapped DEVICE nGnR(n)E writes are ordered from core point
of view. However these writes may pass over different interconnects,
bridges, buffers leaving some rare chances for the actual write to
complete out of order.
GICv3 ICC EOI system register writes have no ordering against nGnR(n)E
memory writes as they are over different interfaces.
Hence a dsb can ensure from core no writes are issued before the previous
writes are *complete*.
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Change-Id: Ie6362009e2f91955be99dca8ece14ade7b4811d6
Adjust the latest OP-TEE memory definitions to the
newest TF-A baseline.
Change-Id: Ib9c82b85f868adaf3c7285eb340486bda9c59c36
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Add llc_sram_enable() and llc_sram_disable() APIs to Marvell
cache_lls driver.
Add LLC_SRAM definition to Marvell common makefile - disabled
by the default.
Add description of LLC_SRAM flag to the build documentation.
Change-Id: Ib348e09752ce1206d29268ef96c9018b781db182
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Add ccu_is_win_enabled() API for checking the CCU window
state using AP and window indexes.
Change-Id: Ib955a2cac28b2729b0a763f3bbbea28b476a2fe4
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Make all LLC-related macros to start with the same prefix
Add more LLC control registers definitions
This patch is a preparation step for LLC SRAM support
Change-Id: I0a4f0fc83e8ef35be93dd239a85f2a9f88d1ab19
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
As a preparation to support proper loading the OPTEE OS image,
enable the BL32 specific defines in case the SPD is used.
On the occasion move two BL32-related macros to marvell_def.h
and fix BL32_LIMIT definition.
Change-Id: Id4e2d81833bc1895650cca8b0fc0bfc341cf77f3
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
The Marvell Armada 37xx SoCs-based platforms contain a bit
awkward directory structure because the currently only one
supported PLAT and PLAT_FAMILY are the same. Modify the latter
to 'a3k' in order to improve it and keep plat/marvell/armada
tree more consistent:
plat/marvell/
├── armada
│ ├── a3k
│ │ ├── a3700
[...]
│ ├── a8k
│ │ ├── a70x0
[...]
Change-Id: I693a6ef88e6ce49a326a3328875c90bbc186066a
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
* changes:
ddr: a80x0: add DDR 32-bit ECC mode support
ble: ap807: improve PLL configuration sequence
ble: ap807: clean-up PLL configuration sequence
ddr: a80x0: add DDR 32-bit mode support
plat: marvell: mci: perform mci link tuning for all mci interfaces
plat: marvell: mci: use more meaningful name for mci link tuning
plat: marvell: a8k: remove wrong or unnecessary comments
plat: marvell: ap807: enable snoop filter for ap807
plat: marvell: ap807: update configuration space of each CP
plat: marvell: ap807: use correct address for MCIx4 register
plat: marvell: add support for PLL 2.2GHz mode
plat: marvell: armada: make a8k_common.mk and mss_common.mk more generic
marvell: armada: add extra level in marvell platform hierarchy
This change implements SCMI channels for reading a SCMI message from a
shared memory and call the SCMI message drivers to route the message
to the target platform services.
SMT refers to the shared memory management protocol which is used
to get/put message/response in shared memory. SMT is a 28byte header
stating shared memory state and exchanged protocol data.
The processing entry for a SCMI message can be a secure interrupt
or fastcall SMCCC invocation.
SMT description in this implementation is based on the OP-TEE
project [1] itself based in the SCP-firmware implementation [2].
Link: [1] a58c4d706d
Link: [2] https://github.com/ARM-software/SCP-firmware.git
Change-Id: I416c7dab5c67954c6fe80bae8d8cdfdcda66873e
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Adds SCMI reset domain protocol support in the SCMI message drivers
as defined in SCMI specification v2.0 [1]. Not all the messages
defined in the specification are supported.
scmi_msg_get_rd_handler() sanitizes the message_id value
against any speculative use of reset domain ID as a index since by
SCMI specification, IDs are indices.
This implementation is based on the OP-TEE project implementation [2]
itself based on the SCP-firmware implementation [3] of the SCMI
protocol server side.
Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
Link: [2] 56a1f10ed9
Link: [3] https://github.com/ARM-software/SCP-firmware.git
Change-Id: If7cf13de40a815dedb40dcd5af8b6bb6725d9078
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Adds SCMI clock protocol support in the SCMI message drivers as
defined in SCMI specification v2.0 [1] for clock protocol messages.
Platform can provide one of the plat_scmi_clock_*() handler for the
supported operations set/get state/rate and others.
scmi_msg_get_clock_handler() sanitizes the message_id value
against any speculative use of clock ID as a index since by
SCMI specification, IDs are indices.
This implementation is based on the OP-TEE project implementation [2]
itself based on the SCP-firmware implementation [3] of the SCMI
protocol server side.
Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
Link: [2] a7a9e3ba71
Link: [3] https://github.com/ARM-software/SCP-firmware.git
Change-Id: Ib56e096512042d4f7b9563d1e4181554eb8ed02c
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
This change introduces drivers to allow a platform to create a basic
SCMI service and register handlers for client request (SCMI agent) on
system resources. This is the first piece of the drivers: an entry
function, the SCMI base protocol support and helpers for create
the response message.
With this change, scmi_process_message() is the entry function to
process an incoming SCMI message. The function expect the message
is already copied from shared memory into secure memory. The message
structure stores message reference and output buffer reference where
response message shall be stored.
scmi_process_message() calls the SCMI protocol driver according to
the protocol ID in the message. The SCMI protocol driver will call
defined platform handlers according to the message content.
This change introduces only the SCMI base protocol as defined in
SCMI specification v2.0 [1]. Not all the messages defined
in the specification are supported.
The SCMI message implementation is derived from the OP-TEE project [2]
itself based on the SCP-firmware implementation [3] of the SCMI protocol
server side.
Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
Link: [2] ae8c806809
Link: [3] https://github.com/ARM-software/SCP-firmware/tree/v2.6.0
Change-Id: I639c4154a39fca60606264baf8d32452641f45e9
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
This patch adds a build config 'RAS_TRAP_LOWER_EL_ERR_ACCESS' to set
SCR_EL3.TERR during CPU boot. This bit enables trapping RAS register
accesses from EL1 or EL2 to EL3.
RAS_TRAP_LOWER_EL_ERR_ACCESS is disabled by default.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ifb0fb0afedea7dd2a29a0b0491a1161ecd241438
This patch adds all Tegra194 RAS nodes definitions and support to
handle all uncorrectable RAS errors.
Change-Id: I109b5a8dbca91d92752dc282c4ca30f273c475f9
Signed-off-by: David Pu <dpu@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
with sha 0792dd7, support to generate certificate for Secure
Partitions was added for dualroot CoT only, this patch extends
this support for tbbr CoT.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I451c0333536dd1cbe17861d454bdb0dc7a17c63f
Using the fconf framework, the Group 0 and Group 1 secure interrupt
descriptors are moved to device tree and retrieved in runtime. This
feature is enabled by the build flag SEC_INT_DESC_IN_FCONF.
Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The only difference between GIC-500 and GIC-600 relevant to TF-A is the
differing power management sequence.
A certain GIC implementation is detectable at runtime, for instance by
checking the IIDR register. Let's add that test before initiating the
GIC-600 specific sequence, so the code can be used on both GIC-600 and
GIC-500 chips alike, without deciding on a GIC chip at compile time.
This means that the GIC-500 "driver" is now redundant. To allow minimal
platform support, add a switch to disable GIC-600 support.
Change-Id: I17ea97d9fb05874772ebaa13e6678b4ba3415557
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP)
owned Secure Partitions(SP). A similar support for Platform owned SP can
be added in future. The certificate is also protected against anti-
rollback using the trusted Non-Volatile counter.
To avoid deviating from TBBR spec, support for SP CoT is only provided
in dualroot.
Secure Partition content certificate is assigned image ID 31 and SP
images follows after it.
The CoT for secure partition look like below.
+------------------+ +-------------------+
| ROTPK/ROTPK Hash |------>| Trusted Key |
+------------------+ | Certificate |
| (Auth Image) |
/+-------------------+
/ |
/ |
/ |
/ |
L v
+------------------+ +-------------------+
| Trusted World |------>| SiP owned SPs |
| Public Key | | Content Cert |
+------------------+ | (Auth Image) |
/ +-------------------+
/ |
/ v|
+------------------+ L +-------------------+
| SP_PKG1 Hash |------>| SP_PKG1 |
| | | (Data Image) |
+------------------+ +-------------------+
. .
. .
. .
+------------------+ +-------------------+
| SP_PKG8 Hash |------>| SP_PKG8 |
| | | (Data Image) |
+------------------+ +-------------------+
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ia31546bac1327a3e0b5d37e8b99c808442d5e53f
Add support to generate certificate "sip-sp-cert" for Secure
Partitions(SP) owned by Silicon provider(SiP).
To avoid deviation from TBBR specification the support is only added for
dualroot CoT and not for TBBR CoT.
A single certificate file is generated containing hash of individual
packages. Maximum 8 secure partitions are supported.
Following new options added to cert_tool:
--sip-sp-cert --> SiP owned Secure Partition Content Certificate
--sp-pkg1 --> Secure Partition Package1 file
--sp-pkg2
.....
--sp-pkg8
Trusted world key pair is used for signing.
Going forward, this feature can be extended for Platfrom owned
Partitions, if required.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ia6dfbc1447cfb41b1fcbd12cf2bf7b88f409bd8d
Remove pll powerdown from pll configuration sequence to improve
stability. Remove redundant cases, which no longer exist.
Also get rid of irrelevant definition of CPU_2200_DDR_1200_RCLK_1200,
which is not used by 806/807.
Change-Id: If911e7dee003dfb9a42fafd7ffe34662f026fd23
Signed-off-by: Alex Leibovich <alexl@marvell.com>
The mci_initialize function name was misleading. The function itself
doesn't initialize MCI in general but performs MCI link tuning for
performance improvement.
Change-Id: I13094ad2235182a14984035bbe58013ebde84a7e
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
By default all external CPs start with configuration address space set to
0xf200_0000. To overcome this issue, go in the loop and initialize the
CP one by one, using temporary window configuration which allows to access
each CP and update its configuration space according to decoding
windows scheme defined for each platform.
In case of cn9130 after this procedure bellow addresses will be used:
CP0 - f2000000
CP1 - f4000000
CP2 - f6000000
When the re-configuration is done there is need to restore previous
decoding window configuration(init_io_win).
Change-Id: I1a652bfbd0bf7106930a7a4e949094dc9078a981
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
This commit is a preparation for upcoming support for OcteonTX and
OcteonTX2 product families. Armada platform related files (docs,
plat, include/plat) are moved to the new "armada" sub-folder.
Change-Id: Icf03356187078ad6a2e56c9870992be3ca4c9655
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
ETZPC stands for Extended TrustZone Protection Controller. It is a
resource conditional access device. It is mainly based on Arm TZPC.
ST ETZPC exposes memory mapped DECPROT cells to set access permissions
to SoC peripheral interfaces as I2C, SPI, DDR controllers, and some
of the SoC internal memories.
ST ETZPC exposes memory mapped TZMA cells to set access permissions
to some SoC internal memories.
Change-Id: I47ce20ffcfb55306dab923153b71e1bcbe2a5570
Co-developed-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Enhanced Counter Virtualization, ECV, is an architecture extension introduced
in ARMv8.6. This extension allows the hypervisor, at EL2, to setup
self-synchronizing views of the timers for it's EL1 Guests. This patch pokes the
control register to enable this extension when booting a hypervisor at EL2.
Change-Id: I4e929ecdf400cea17eff1de5cf8704aa7e40973d
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
The Fine Grained Traps (FGT) architecture extension was added to aarch64 in
ARMv8.6. This extension primarily allows hypervisors, at EL2, to trap specific
instructions in a more fine grained manner, with an enable bit for each
instruction. This patch adds support for this extension by enabling the
extension when booting an hypervisor at EL2.
Change-Id: Idb9013ed118b6a1b7b76287237096de992ca4da3
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Core spm_mm code expects the translation tables are located in the
inner & outer WBWA & shareable memory.
REGISTER_XLAT_CONTEXT2 macro is used to specify the translation
table section in spm_mm.
In the commit 363830df1c (xlat_tables_v2: merge
REGISTER_XLAT_CONTEXT_{FULL_SPEC,RO_BASE_TABLE}), REGISTER_XLAT_CONTEXT2
macro explicitly specifies the base xlat table goes into .bss by default.
This change affects the existing SynQuacer spm_mm implementation.
plat/socionext/synquacer/include/plat.ld.S linker script intends to
locate ".bss.sp_base_xlat_table" into "sp_xlat_table" section,
but this implementation is no longer available.
This patch adds the base table section name parameter for
REGISTER_XLAT_CONTEXT2 so that platform can specify the
inner & outer WBWA & shareable memory for spm_mm base xlat table.
If PLAT_SP_IMAGE_BASE_XLAT_SECTION_NAME is not defined, base xlat table
goes into .bss by default, the result is same as before.
Change-Id: Ie0e1a235e5bd4288dc376f582d6c44c5df6d31b2
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
This should allow git to easily track file moves
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Change-Id: I1592cf39a4f94209c560dc6d1a8bc1bfb21d8327
Changes stm32mp1 reset driver to API to add a timeout argument
to stm32mp_reset_assert() and stm32mp_reset_deassert() and
a return value.
With a supplied timeout, the functions wait the target reset state
is reached before returning. With a timeout of zero, the functions
simply load target reset state in SoC interface and return without
waiting.
Helper functions stm32mp_reset_set() and stm32mp_reset_release()
use a zero timeout and return without a return code.
This change updates few stm32 drivers and plat/stm32mp1 blé_plat_setup.c
accordingly without any functional change.
functional change.
Change-Id: Ia1a73a15125d3055fd8739c125b70bcb9562c27f
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
The patch fixes BL31 linker script error
"Init code ends past the end of the stacks"
for platforms with number of CPUs less than 4,
which is caused by __STACKS_END__ address being
lower than __INIT_CODE_END__.
The modified BL31 linker script detects such cases
and increases the total amount of stack memory,
setting __STACKS_END__ = __INIT_CODE_END__, and
CPUs' stacks are calculated by BL31 'plat_get_my_stack'
function accordingly. For platforms with more than 4 CPUs
and __INIT_CODE_END__ < __STACKS_END__ stack memory does not
increase and allocated CPUs' stacks match the existing
implementation.
The patch removes exclusion of PSCI initialization
functions from the reclaimed .init section in
'arm_reclaim_init.ld.S' script, which increases the
size of reclaimed memory region.
Change-Id: I927773e00dd84e1ffe72f9ee534f4f2fc7b6153c
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch fixes wrong ID_AA64DFR0_EL1 register read instead of
ID_AA64PFR0_EL1 to detect support for MPAM extension.
It also implements get_mpam_version() function which returns
MPAM version as:
0x00: None Armv8.0 or later;
0x01: v0.1 Armv8.4 or later;
0x10: v1.0 Armv8.2 or later;
0x11: v1.1 Armv8.4 or later;
Change-Id: I31d776b1a1b60cb16e5e62296d70adb129d7b760
Reported-by: Matteo Zini <matteozini96@gmail.com>
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
SPCI is renamed as PSA FF-A which stands for Platform Security
Architecture Firmware Framework for A class processors.
This patch replaces the occurrence of SPCI with PSA FF-A(in documents)
or simply FFA(in code).
Change-Id: I4ab10adb9ffeef1ff784641dfafd99f515133760
Signed-off-by: J-Alves <joao.alves@arm.com>
This patch introduces the populate function which leverages
a new driver to extract base address and clk frequency properties
of the uart serial node from HW_CONFIG device tree.
This patch also introduces fdt helper API fdtw_translate_address()
which helps in performing address translation.
Change-Id: I053628065ebddbde0c9cb3aa93d838619f502ee3
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This patch enables the v8.6 extension to add a delay before WFE traps
are taken. A weak hook plat_arm_set_twedel_scr_el3 has been added in
plat/common/aarch64/plat_common.c that disables this feature by default
but platform-specific code can override it when needed.
The only hook provided sets the TWED fields in SCR_EL3, there are similar
fields in HCR_EL2, SCTLR_EL2, and SCTLR_EL1 to control WFE trap delays in
lower ELs but these should be configured by code running at EL2 and/or EL1
depending on the platform configuration and is outside the scope of TF-A.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I0a9bb814205efeab693a3d0a0623e62144abba2d
Removing FPEXC32_EL2 from the register save/restore routine for EL2
registers since it is already a part of save/restore routine for
fpregs.
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: I5ed45fdbf7c8efa8dcfcd96586328d4f6b256bc4
CoT used for BL1 and BL2 are moved to tbbr_cot_bl1.c
and tbbr_cot_bl2.c respectively.
Common CoT used across BL1 and BL2 are moved to
tbbr_cot_common.c.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I2252ac8a6960b3431bcaafdb3ea4fb2d01b79cf5
This patch introduces dynamic configuration for SDEI setup and is supported
when the new build flag SDEI_IN_FCONF is enabled. Instead of using C arrays
and processing the configuration at compile time, the config is moved to
dts files. It will be retrieved at runtime during SDEI init, using the fconf
layer.
Change-Id: If5c35a7517ba00a9f258d7f3e7c8c20cee169a31
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Co-authored-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
During context switching from higher EL (EL2 or higher)
to lower EL can cause incorrect translation in TLB due to
speculative execution of AT instruction using out-of-context
translation regime.
Workaround is implemented as below during EL's (EL1 or EL2)
"context_restore" operation:
1. Disable page table walk using SCTLR.M and TCR.EPD0 & EPD1
bits for EL1 or EL2 (stage1 and stage2 disabled)
2. Save all system registers except TCR and SCTLR (for EL1 and EL2)
3. Do memory barrier operation (isb) to ensure all
system register writes are done.
4. Restore TCR and SCTLR registers (for EL1 and EL2)
Errata details are available for various CPUs as below:
Cortex-A76: 1165522
Cortex-A72: 1319367
Cortex-A57: 1319537
Cortex-A55: 1530923
Cortex-A53: 1530924
More details can be found in mail-chain:
https://lists.trustedfirmware.org/pipermail/tf-a/2020-April/000445.html
Currently, Workaround is implemented as build option which is default
disabled.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: If8545e61f782cb0c2dda7ffbaf50681c825bd2f0
Currently BL2 passes TOS_FW_CONFIG address and size through registers to
BL31. This corresponds to SPMC manifest load address and size. The SPMC
manifest is mapped in BL31 by dynamic mapping. This patch removes BL2
changes from generic code (which were enclosed by SPD=spmd) and retrieves
SPMC manifest size directly from within SPMD. The SPMC manifest load
address is still passed through a register by generic code.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I35c5abd95c616ae25677302f0b1d0c45c51c042f
As a follow-up to bdd2596d4, and related to SPM Dispatcher
EL3 component and SPM Core S-EL2/S-EL1 component: update
with cosmetic and coding rules changes. In addition:
-Add Armv8.4-SecEL2 arch detection helper.
-Add an SPMC context (on current core) get helper.
-Return more meaningful error return codes.
-Remove complexity in few spmd_smc_handler switch-cases.
-Remove unused defines and structures from spmd_private.h
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I99e642450b0dafb19d3218a2f0e2d3107e8ca3fe
Oscillators, PLLs and some system clocks can be related straight to
a parent clock. Prior this change were only oscillators and few
clocks supported by this look up. This changes adds PLLs and other
system clocks. This enables for flexible use of clock tree exploration
when computing a clock frequency value.
Change-Id: I15ec98023a7095e3120a6954de59a4799d92c66b
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
The stdout-path property in the /chosen node of a DTB points to a device
node, which is used for boot console output.
On most (if not all) ARM based platforms this is the debug UART.
The ST platform code contains a function to parse this property and
chase down eventual aliases to learn the node offset of this UART node.
Introduce a slightly more generalised version of this ST platform function
in the generic fdt_wrappers code. This will be useful for other platforms
as well.
Change-Id: Ie6da47ace7833861b5e35fe8cba49835db3659a5
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The STM32 platform port parse DT nodes to find base address to
peripherals. It does this by using its own implementation, even though
this functionality is generic and actually widely useful outside of the
STM32 code.
Re-implement fdt_get_reg_props_by_name() on top of the newly introduced
fdt_get_reg_props_by_index() function, and move it to fdt_wrapper.c.
This is removes the assumption that #address-cells and #size-cells are
always one.
Change-Id: I6d584930262c732b6e0356d98aea50b2654f789d
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment the fconf_populate_gicv3_config() implementation is
somewhat incomplete: First it actually fails to store the retrieved
information (the local addr[] array is going nowhere), but also it makes
quite some assumptions about the device tree passed to it: it needs to
use two address-cells and two size-cells, and also requires all five
register regions to be specified, where actually only the first two
are mandatory according to the binding (and needed by our code).
Fix this by introducing a proper generic function to retrieve "reg"
property information from a DT node:
We retrieve the #address-cells and #size-cells properties from the
parent node, then use those to extract the right values from the "reg"
property. The function takes an index to select one region of a reg
property.
This is loosely based on the STM32 implementation using "reg-names",
which we will subsume in a follow-up patch.
Change-Id: Ia59bfdf80aea4e36876c7b6ed4d153e303f482e8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The STM32 platform code uses its own set of FDT helper functions,
although some of them are fairly generic.
Remove the implementation of fdt_read_uint32_default() and implement it
on top of the newly introduced fdt_read_uint32() function, then convert
all users over.
This also fixes two callers, which were slightly abusing the "default"
semantic.
Change-Id: I570533362b4846e58dd797a92347de3e0e5abb75
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Our fdtw_read_cells() implementation goes to great lengths to
sanity-check every parameter and result, but leaves a big hole open:
The size of the storage the value pointer points at needs to match the
number of cells given. This can't be easily checked at compile time,
since we lose the size information by using a void pointer.
Regardless the current usage of this function is somewhat wrong anyways,
since we use it on single-element, fixed-length properties only, for
which the DT binding specifies the size.
Typically we use those functions dealing with a number of cells in DT
context to deal with *dynamically* sized properties, which depend on
other properties (#size-cells, #clock-cells, ...), to specify the number
of cells needed.
Another problem with the current implementation is the use of
ambiguously sized types (uintptr_t, size_t) together with a certain
expectation about their size. In general there is no relation between
the length of a DT property and the bitness of the code that parses the
DTB: AArch64 code could encounter 32-bit addresses (where the physical
address space is limited to 4GB [1]), while AArch32 code could read
64-bit sized properties (/memory nodes on LPAE systems, [2]).
To make this more clear, fix the potential issues and also align more
with other DT users (Linux and U-Boot), introduce functions to explicitly
read uint32 and uint64 properties. As the other DT consumers, we do this
based on the generic "read array" function.
Convert all users to use either of those two new functions, and make
sure we never use a pointer to anything other than uint32_t or uint64_t
variables directly.
This reveals (and fixes) a bug in plat_spmd_manifest.c, where we write
4 bytes into a uint16_t variable (passed via a void pointer).
Also we change the implementation of the function to better align with
other libfdt users, by using the right types (fdt32_t) and common
variable names (*prop, prop_names).
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi#n874
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/boot/dts/ecx-2000.dts
Change-Id: I718de960515117ac7a3331a1b177d2ec224a3890
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The device tree parsing code for the STM32 platform is using its own FDT
helper functions, some of them being rather generic.
In particular the existing fdt_read_uint32_array() implementation is now
almost identical to the new generic code in fdt_wrappers.c, so we can
remove the ST specific version and adjust the existing callers.
Compared to the original ST implementation the new version takes a
pointer to the DTB as the first argument, and also swaps the order of
the number of cells and the pointer.
Change-Id: Id06b0f1ba4db1ad1f733be40e82c34f46638551a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Currently our fdtw_read_array() implementation requires the length of
the property to exactly match the requested size, which makes it less
flexible for parsing generic device trees.
Also the name is slightly misleading, since we treat the cells of the
array as 32 bit unsigned integers, performing the endianess conversion.
To fix those issues and align the code more with other DT users (Linux
kernel or U-Boot), rename the function to "fdt_read_uint32_array", and
relax the length check to only check if the property covers at least the
number of cells we request.
This also changes the variable names to be more in-line with other DT
users, and switches to the proper data types.
This makes this function more useful in later patches.
Change-Id: Id86f4f588ffcb5106d4476763ecdfe35a735fa6c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>