The Trusted Random Number Generator service is using the standard SMC
service dispatcher, running in BL31. For that reason we list the files
implementing the service in bl31.mk.
However when building for a 32-bit TF-A runtime, sp_min.mk is the
Makefile snippet used, so we have to add the files into there as well.
This fixes 32-bit builds of platforms that provide the TRNG service.
Change-Id: I8be61522300d36477a9ee0a9ce159a140390b254
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The DRAM port code issues a dummy write to SPD page-0 i2c address
in order to select this page for the forthcoming read transaction.
If the write buffer length supplied to i2c_write is not zero, this
call is translated to 2 bus transations:
- set the target offset
- write the data to the target
However no actual data should be transferred to SPD page-0 in order
to select it. Actually, the second transation never receives an ACK
from the target device, which caused the following error report:
ERROR: Status 30 in write transaction
This patch sets the buffer length in page-0 select writes to zero,
leading to bypass the data transfer to the target device.
Issuing the target offset command to SPD page-0 address effectively
selects this page for the read operation.
Change-Id: I4bf8e8c09da115ee875f934bc8fbc9349b995017
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Reviewed-on: https://sj1git1.cavium.com/24387
Tested-by: sa_ip-sw-jenkins <sa_ip-sw-jenkins@marvell.com>
Reviewed-by: Ofer Heifetz <oferh@marvell.com>
Reviewed-by: Moti Buskila <motib@marvell.com>
Change CP110 XOR (DMA) to use WIN1 which is used for PCI-EP address
space only and using this window bypasses the need for translation
in the SMMU which has performance impact.
Change-Id: I98d99da59e904e6721cfa263ce44ad178a0fa956
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
Reviewed-on: https://sj1git1.cavium.com/20389
Tested-by: sa_ip-sw-jenkins <sa_ip-sw-jenkins@marvell.com>
Reviewed-by: Kostya Porotchkin <kostap@marvell.com>
Add initialization for TRNG-IP-76 driver and support SMC call
0xC200FF11 used for reading HW RNG value by secondary bootloader
software for KASLR support.
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Change-Id: I1d644f67457b28d347523f8a7bfc4eacc45cba68
Reviewed-on: https://sj1git1.cavium.com/c/IP/SW/boot/atf/+/32688
Reviewed-by: Stefan Chulski <stefanc@marvell.com>
Reviewed-by: Ofer Heifetz <oferh@marvell.com>
Add Rambus (InsideSecure) TRNG-IP-76 HW RNG driver.
This IP is part of Marvell Armada CP110/CP115 die integrated
to Armada 7k/8K/CN913x SoCs
Change-Id: I9c5f510ad6728c7ed168da43d85b19d5852cd873
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Reviewed-by: Stefan Chulski <stefanc@marvell.com>
Update TZC base address to align with the recent changes in the platform
memory map.
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I0d0ad528a2e236607c744979e1ddc5c6d426687a
The code to check for the presence of the TRNG service relies on
toolchain garbage collection, which is not enabled with -O0.
Add #ifdef guards around the call to the TRNG service handler to
cover builds without optimisation as well.
Change-Id: I08ece2005ea1c8fa96afa13904a851dec6b24216
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
* changes:
plat/arm: fvp: Protect GICR frames for fused/unused cores
doc: Build option to protect GICR frame
plat/arm: fvp: Do not map GIC region in BL1 and BL2
Currently, BLs are mapping the GIC memory region as read-write
for all cores on boot-up.
This opens up the security hole where the active core can write
the GICR frame of fused/inactive core. To avoid this issue, disable
the GICR frame of all inactive cores as below:
1. After primary CPU boots up, map GICR region of all cores as
read-only.
2. After primary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
3. After secondary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
4. All unused/fused core's redistributor regions remain read-only and
write attempt to such protected regions results in an exception.
As mentioned above, this patch offers only the GICR memory-mapped
region protection considering there is no facility at the GIC IP
level to avoid writing the redistributor area.
These changes are currently done in BL31 of Arm FVP and guarded under
the flag 'FVP_GICR_REGION_PROTECTION'.
As of now, this patch is tested manually as below:
1. Disable the FVP cores (core 1, 2, 3) with core 0 as an active core.
2. Verify data abort triggered by manually updating the ‘GICR_CTLR’
register of core 1’s(fused) redistributor from core 0(active).
Change-Id: I86c99c7b41bae137b2011cf2ac17fad0a26e776d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Added a build option 'FVP_GICR_REGION_PROTECTION' to make
redistributor frame of fused/unused cores as read only.
Change-Id: Ie85f86e2465b93321a92a888ce8712a3144e4ccb
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
GIC memory region is not getting used in BL1 and BL2.
Hence avoid its mapping in BL1 and BL2 that freed some
page table entries to map other memory regions in the
future.
Retains mapping of CCN interconnect region in BL1 and BL2
overlapped with the GIC memory region.
Change-Id: I880dd0690f94b140e59e4ff0c0d436961b9cb0a7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This allows Matterhorn cores to operate at their optimal OPPs.
Signed-off-by: Usama Arif <usama.arif@arm.com>
Change-Id: I2e1b784da10154a1f1f65dd0e3a39213e7683116
TZC_400_REGION_ATTR_FILTER_BIT_ALL is a simple constant definition, so
it can't get the real filter number to construct the bit flag for all
existing filters. If the platform doesn't have 4 filters, passing
FILTER_BIT_ALL to tzc400_configure_region() will cause assertion or
misconfiguration. So adjust the bit flag against the real filter
number.
Signed-off-by: Heyi Guo <guoheyi@linux.alibaba.com>
Change-Id: Ie5c48303485f3b5015772961ee7c34746121ee84
The filters parameter passed to tzc400_configure_region() is supposed
to be filter bit flag without bit shift, so the macros
TZC_400_REGION_ATTR_FILTER_BIT and TZC_400_REGION_ATTR_FILTER_BIT_ALL
should always construct the value without any shift.
It is not a functional issue for TZC_REGION_ATTR_F_EN_SHIFT is lucky
to be 0.
Signed-off-by: Heyi Guo <guoheyi@linux.alibaba.com>
Change-Id: I5d363c462b8517256523f637e670eefa56722afd
The structure has been modified to specify the memory
size in bytes instead of Gigabytes.
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Change-Id: I3384677d79af4f3cf55d3c353b6c20bb827b5ae7
This adds the TRNG Firmware Interface Service to the standard
service dispatcher. This includes a method for dispatching entropy
requests to platforms and includes an entropy pool implementation to
avoid dropping any entropy requested from the platform.
Change-Id: I71cadb3cb377a507652eca9e0d68714c973026e9
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch removes the Neoverse N1 CPU errata workaround for
bug 1542419 as the bug is not present in Rainier R0P0 core.
Change-Id: Icaca299b13ef830b2ee5129576aae655a6288e69
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
In DDR controller PWRTMG register, the mask for field SELFREF_TO_X32 is
wrong. This field is from bit 16 to 23.
Change-Id: Id336fb08c88f0a153df186dd819e41af72febb88
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Secure pl061 qemu driver allows to rize the GPIO pin
from the secure world to reboot and power down
virtual machine.
Do not define secure-gpio for sbsa-ref platform due to
reboot is done via sbsa-ec watchdog.
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Change-Id: I508d7c5cf4c75cb169b34b00682a76f6761d3869
The NUM_APID value was derived from kernel device tree sources, but I
made a conversion mistake: the amount of bytes in the APID map is the
total size of the "core" register range (0x1100) minus the offset of the
APID map in that range (0x900). This is of course 0x1100 - 0x900 = 0x800
and not 0x200, so the amount of 4-byte integers it can fit is not 0x80
but 0x200. Fix this and make the math more explicit so it can be more
easily factored out and adjusted if that becomes necessary for a future
SoC.
Also fix a dangerous typo in REG_APID_MAP() where the macro would
reference a random variable `i` rather than its argument (`apid`), and
we just got lucky that the only caller in the current code happened to
pass in a variable called `i` as that argument.
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I049dd044fa5aeb65be0e7b12150afd6eb4bac0fa
From commit: 21571b1d140ae7bb44e94c0afba2ec61456b275b
The coding guidelines[1] in TF-A forbid the use of ato*() functions
in favour of strto*(). However, the TF-A libc does not provide an
implementation of strto*(), making this rule impossible to satisfy.
Also made small changes to fit into TF-A project. Added the source
files to the libc makefile
[1] https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-guidelines.html#libc-functions-that-are-banned-or-to-be-used-with-caution
Change-Id: I2e94a0b227ec39f6f4530dc50bb477999d27730f
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
From commit: 21571b1d140ae7bb44e94c0afba2ec61456b275b
The coding guidelines[1] in TF-A forbid the use of ato*() functions
in favour of strto*(). However, the TF-A libc does not provide an
implementation of strto*(), making this rule impossible to satisfy.
Also made small changes to fit into TF-A project. Added the source
files to the libc makefile
[1] https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-guidelines.html#libc-functions-that-are-banned-or-to-be-used-with-caution
Change-Id: I9cb581574d46de73c3d6917ebf78935fc5ac075a
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
From commit: 21571b1d140ae7bb44e94c0afba2ec61456b275b
The coding guidelines[1] in TF-A forbid the use of ato*() functions
in favour of strto*(). However, the TF-A libc does not provide an
implementation of strto*(), making this rule impossible to satisfy.
Also made small changes to fit into TF-A project. Added the source
files to the libc makefile
[1] https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-guidelines.html#libc-functions-that-are-banned-or-to-be-used-with-caution
Change-Id: I8c3b92751d1ce226c966f7c81fedd83f0846865e
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
From commit: 21571b1d140ae7bb44e94c0afba2ec61456b275b
The coding guidelines[1] in TF-A forbid the use of ato*() functions
in favour of strto*(). However, the TF-A libc does not provide an
implementation of strto*(), making this rule impossible to satisfy.
Also made small changes to fit into TF-A project. Added the source
files to the libc makefile
[1] https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-guidelines.html#libc-functions-that-are-banned-or-to-be-used-with-caution
Change-Id: Ica95bf5da722913834fe90bf3fe743aa34e01e80
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Increase the core count and add respective entries in DTS.
Add Klein assembly file to cpu sources for core initialization.
Add SCMI entries for cores.
Signed-off-by: Avinash Mehta <avinash.mehta@arm.com>
Change-Id: I14dc1d87df6dcc8d560ade833ce1f92507054747
When building TF-A with USE_ROMLIB=1 and -j make options, the build fails with the following error:
make[1]: *** No rule to make target '/build/juno/debug/romlib/romlib.bin', needed by 'bl1_romlib.bin'.
This patch fixes that issue.
Signed-off-by: Zelalem <zelalem.aweke@arm.com>
Change-Id: I0cca416f3f50f400759164e0735c2d6b520ebf84
* changes:
docs: marvell: Replace ESPRESSObin-Ultra TF-A build example by full example how to build production release of Marvell firmware image
docs: marvell: Fix description of flash-image.bin image
docs: marvell: Add information into CLOCKSPRESET option how to identify CPU frequency
docs: marvell: Reformat DDR_TOPOLOGY option and mention EspressoBin-Ultra board
docs: marvell: Move Supported Marvell platforms to PLAT build option
* changes:
docs: marvell: Update info about WTMI_IMG option
plat: marvell: armada: a3k: Remove unused variable WTMI_SYSINIT_IMG from Makefile
plat: marvell: armada: Show informative build messages and blank lines
plat: marvell: armada: Move definition of mrvl_flash target to common marvell_common.mk file
plat: marvell: armada: a3k: Use $(Q) instead of @
plat: marvell: armada: a3k: Add a new target mrvl_uart which builds UART image
plat: marvell: armada: a3k: Build UART image files directly in $(BUILD_UART) subdirectory
plat: marvell: armada: a3k: Build intermediate files in $(BUILD_PLAT) directory
plat: marvell: armada: a3k: Correctly set DDR_TOPOLOGY and CLOCKSPRESET for WTMI
plat: marvell: armada: a3k: Allow use of the system Crypto++ library
docs: marvell: Update info about WTP and MV_DDR_PATH parameters
plat: marvell: armada: a3k: Add checks that WTP, MV_DDR_PATH and CRYPTOPP_PATH are correctly defined
docs: marvell: Update mv-ddr-marvell and A3700-utils-marvell branches
ESPRESSObin-Ultra TF-A build example was now just a copy+paste of previous
mentioned example. It produced debug binary with custom log level, which
was not described. So rather replace this duplicate build example by a full
example with all steps how to build production release of Marvell firmware
image for EspressoBin with 1GHz CPU and 1GB DDR4 RAM.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Ief1b8bc96a3035ebd8421bd68dca5eb5c8d8fd52
Reformat list of boards, remove unsupported OcteonTX2 and mention
supported Turris MOX board.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I22cea7f77fd078554c7f0ed4108781626209e563
* changes:
allwinner: Leave CPU power alone during BL31 setup
allwinner: psci: Invert check in .validate_ns_entrypoint
allwinner: psci: Drop MPIDR check from .pwr_domain_on
allwinner: psci: Drop .get_node_hw_state callback
AMU counters are used for monitoring the CPU performance. RD-N2 platform
has architected AMU available for each core. Enable the use of AMU by
non-secure OS for supporting the use of counters for processor
performance control (ACPI CPPC).
Change-Id: I5cc749cf63c18fc5c7563dd754c2f42990a97e23
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
AMU counters are used for monitoring the CPU performance. RD-V1 platform
has architected AMU available for each core. Enable the use of AMU by
non-secure OS for supporting the use of counters for processor
performance control (ACPI CPPC).
Change-Id: I4003d21407953f65b3ce99eaa8f496d6052546e0
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
Some of the PSCI platform callbacks were restricted on RD-V1 platform
because the idle was not functional. Now that it is functional, remove
all the restrictions on the use PSCI platform callbacks.
Change-Id: I4cb97cb54de7ee166c30f28df8fea653b6b425c7
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>