Earlier PIE support was enabled for all arm platforms when
RESET_TO_BL31=1, but later on it was restricted only to FVP with patch
SHA d4580d17 because of n1sdp platform.
Now it has been verified that PIE does work for n1sdp platform also, so
enabling it again for all arm platforms.
Change-Id: I05ad4f1775ef72e7cb578ec9245cde3fbce971a5
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
1. Switch ARMPLL_LL/CCIPLL/MAINPLL/MPLL control to SPM
2. Switch CLKSQ1/TDCLKSQ control to SPM
3. Switch ck_off/axi_26m control to SPM
BUG=b:136980838
TEST=system suspend/resume passed
Change-Id: I5c8506f7cf16d5cdaeb5ef8caa60a2992a361e18
Signed-off-by: Roger Lu <roger.lu@mediatek.com>
ARM platform can have a non-contiguous GICR frames. For instance, a
multi socket platform can have two or more GIC Redistributor frames
which are 4TB apart. Hence it is necessary for the `gicv3_rdistif_probe`
function to probe all the GICR frames available in the platform.
Introduce `plat_arm_override_gicr_frames` function which platforms can
use to override the default gicr_frames which holds the GICR base
address of the primary cpu.
Change-Id: I1f537b0d871a679cb256092944737f2e55ab866e
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
N1SDP supports multichip configuration wherein n1sdp boards are
connected over high speed coherent CCIX link for now only dual-chip is
supported.
A single instance of TF-A runs on master chip which should be aware of
slave chip's CPU and memory topology.
This patch updates platform macros to include remote chip's information
and also ensures that a single version of firmware works for both single
and dual-chip setup.
Change-Id: I75799fd46dc10527aa99585226099d836c21da70
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Platform information structure holds information about platform's DDR
size(local/remote) which will be used to zero out the memory before
enabling the ECC capability as well as information about multichip
setup. Multichip and remote DDR information can only be probed in SCP,
SDS region will be used by TF-A to get this information at boot up.
This patch introduces a new SDS to store platform information, which is
populated dynamically by SCP Firmware.previously used mem_info SDS is
also made part of this structure itself.
The platform information is also passed to BL33 by copying it to Non-
Secure SRAM.
Change-Id: I4781dc6a7232c3c0a3219b164d943ce9e3e469ee
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Running TF-A from non-standard location such as DRAM is useful for some
SRAM heavy use-cases. Allow the TF-A binary to be executed from an
arbitrary memory location.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Change-Id: Icd97926e4d97f37d7cde4a92758a52f57d569111
This patch adds macros defining the generalised security carveout
registers. These macros help us program the TZRAM carveout access
and the Video Protect Clear carveout access.
Change-Id: I8f7b24b653fdb702fb57a4097801cb3eae050294
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch defines the macro for the TEGRA_TMRUS aperture size.
Change-Id: I33fb674c6a7be8d02971667e7bf8650b7adc62ef
Signed-off-by: Steven Kao <skao@nvidia.com>
TEGRA186_SMMU_CTX_SIZE should match the numbe of elements
in smmu_ctx_regs, which is defined in smmu_plat_config.h.
The current number of elements are 0x490.
Change-Id: If0614ea8ef8b6a8f5da1a3279abaf9255eb76420
Signed-off-by: Stefan Kristiansson <stefank@nvidia.com>
Dont run MCE firmware on pre-silicon emulation platforms
Change-Id: I2a8d653e46f494621580ca92271a18e62f648859
Signed-off-by: Rohit Khanna <rokhanna@nvidia.com>
GPU, MPCORE and PTC clients are changed and not going through SMMU.
Removing it from streamid list.
Change-Id: I14b450a11f02ad6c1a97e67e487d6d624911d019
Signed-off-by: Pritesh Raithatha <praithatha@nvidia.com>
This patch uses SMC64 encoding for all MCE SMC calls originating
from the linux kernel.
Change-Id: Ic4633de5c638566012db033bbaf8c9d9343acdc0
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch enable MCE driver for T19x SoC. The MCE driver
takes care of the communication with the MCE firmware to
achieve:
- Cold boot
- Warm boot
- Core/Cluster/System Power management
- Custom MCE requests
Change-Id: I75854c0b649a691e9b244d9ed9fc1c19743e3e8d
Signed-off-by: Steven Kao <skao@nvidia.com>
This patch adds support for all three SMMU devices present on the SoC.
The following changes have been done:
Add SMMU devices to the memory map
Update register read and write functions
Change-Id: I0007b496d2ae7264f4fa9f605d4b0a15fa747a0f
Signed-off-by: Pritesh Raithatha <praithatha@nvidia.com>
Define mc sid and txn override regs and sec cfgs.
Create array for mc sid override regs and sec config that is
used to initialize mc.
Add smmu ctx regs array to hold register values during suspend.
Change-Id: I7b265710a9ec2be7dea050058bce65c614772c78
Signed-off-by: Pritesh Raithatha <praithatha@nvidia.com>
This patch fixes the variable width to store the TZDRAM base
address used to resume from System Suspend.
Change-Id: I3c18eb844963f39f91b5ac45e3709f3354bcda0c
Signed-off-by: Steven Kao <skao@nvidia.com>
This patch creates the base commit for the Tegra194 platform, from
Tegra186 code base.
Change-Id: I1c77e4984f7ff39655f3fb79633d13d533707ede
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This reverts commit c41df8fda84b9bc56bbb2347fb902f64b1bb557e
Fake system suspend relies on software running on EL3
to trigger a warm reset.
Revert enabling fake system suspend, as the software
running on El3 is not allowed to trigger a warm reset.
Change-Id: I6035f2a7bcb0a4ad50a62c5bc5239226c625ee5e
Signed-off-by: Vignesh Radhakrishnan <vigneshr@nvidia.com>
There are some platforms which uses MPIDR Affinity level 3 for storing
extra affinity information e.g. N1SDP uses it for keeping chip id in a
multichip setup, for such platforms MPIDR validation should not fail.
This patch adds Aff3 bits also as part of mpidr validation mask, for
platforms which does not uses Aff3 will not have any impact as these
bits will be all zeros.
Change-Id: Ia8273972fa7948fdb11708308d0239d2dc4dfa85
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Introduce timeout_init_us/timeout_elapsed() delay tracking with CNTPCT.
timeout_init_us(some_timeout_us); returns a reference to detect
timeout for the provided microsecond delay value from current time.
timeout_elapsed(reference) return true/false whether the reference
timeout is elapsed.
Cherry picked from OP-TEE implementation [1].
[1] commit 33d30a74502b ("core: timeout detection support")
Minor:
- Remove stm32mp platform duplicated implementation.
- Add new include in marvell ble.mk
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: Iaef6d43c11a2e6992fb48efdc674a0552755ad9c
a5ds only has always-on power domain and there is no power control
present. However, without the pwr_domain_off handler, the kernel
panics when the user will try to switch off secondary cores. The
a5ds_pwr_domain_off handler will prevent kernel from crashing,
i.e. the kernel will attempt but fail to shut down the secondary CPUs
if the user tries to switch them offline.
Change-Id: I3c2239a1b6f035113ddbdda063c8495000cbe30c
Signed-off-by: Usama Arif <usama.arif@arm.com>
This patch adds mapping for secure FLASH0 for qemu/virt and
qemu/qemu_sbsa platforms. This change is targeted for sbsa but since both
platforms share common code, changes in common defines was necessary.
For qemu_sbsa, this patch adds necessary mapping in order to boot without
semi-hosting from secure FLASH0. EFI need to stay in FLASH1 (share it with
variables) since it need to "run in place" in non secure domain. Changes
for this are under RFC at edk2-platforms mailing list:
https://patches.linaro.org/patch/171327/
(edk2-platforms/Platform/Qemu/SbsaQemu/SbsaQemu.dsc).
In docs qemu/virt is described as using semi-hosting, therefore this change
should be orthogonal to existing assumptions while giving possibility to
store both bl1 and fip in FLASH0 at some point (additional changes required
for that).
Signed-off-by: Radoslaw Biernacki <radoslaw.biernacki@linaro.org>
Change-Id: I782bc3637c91c01eaee680b3c5c408e24b4b6e28
This patch introduces Qemu SBSA platform.
Both platform specific files where copied from qemu/qemu with changes for
DRAM base above 32bit and removal of ARMv7 conditional defines/code.
Documentation is aligned to rest of SBSA patches along the series and
planed changes in edk2-platform repo.
FixesARM-software/tf-issues#602
Signed-off-by: Radoslaw Biernacki <radoslaw.biernacki@linaro.org>
Change-Id: I8ebc34eedb2268365e479ef05654b2df1b99128c
* changes:
stm32mp1: add authentication support for stm32image
bsec: move bsec_mode_is_closed_device() service to platform
crypto: stm32_hash: Add HASH driver
* changes:
amlogic: g12a: Add support for the S905X2 (G12A) platform
amlogic: makefile: Use PLAT variable when possible
amlogic: sha_dma: Move register mappings to platform header
* changes:
rpi4: Add initial documentation file
rpi4: Add stdout-path to device tree
rpi4: Add GIC maintenance interrupt to GIC DT node
rpi4: Cleanup memory regions, move pens to first page
rpi4: Reserve resident BL31 region from non-secure world
rpi4: Amend DTB to advertise PSCI
rpi4: Determine BL33 entry point at runtime
rpi4: Accommodate "armstub8.bin" header at the beginning of BL31 image
Add basic support for Raspberry Pi 4
rpi3: Allow runtime determination of UART base clock rate
FDT helper functions: Respect architecture in PSCI function IDs
FDT helper functions: Add function documentation
* changes:
Migrate ARM platforms to use the new GICv3 API
Adding new optional PSCI hook pwr_domain_on_finish_late
GICv3: Enable multi socket GIC redistributor frame discovery
Introduce the preliminary support for the Amlogic S905X2 (G12A) SoC.
This port is a minimal implementation of BL31 capable of booting
mainline U-Boot and Linux. Tested on a SEI510 board.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ife958f10e815a4530292c45446adb71239f3367f
This patch invokes the new function gicv3_rdistif_probe() in the
ARM platform specific gicv3 driver. Since this API modifies the
shared GIC related data structure, it must be invoked coherently
by using the platform specific pwr_domain_on_finish_late hook.
Change-Id: I6efb17d5da61545a1c5a6641b8f58472b31e62a8
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Some device tree users like to find a pointer to the standard serial
console in the device tree, in the "stdout-path" property of the /chosen
node.
Add the location of the Mini UART in that property, so that DT users are
happy, for instance Linux' earlycon detection.
Change-Id: I178e55016e5640de5ab0bc6e061944bd3583ea96
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
For being able to use the virtualisation support the GIC offers, we need
to know the interrupt number of the maintenance interrupt. This
information is missing from the official RPi4 device tree.
Use libfdt to add the "interrupts" property to the GIC node, which
allows hypervisors like KVM or Xen to be able to use the GIC's help on
virtualising interrupts.
Change-Id: Iab84f0885a5bf29fb84ca8f385e8a39d27700c75
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Now that we have the SMP pens in the first page of DRAM, we can get rid
of all the fancy RPi3 memory regions that our RPi4 port does not really
need. This avoids using up memory all over the place, restricting ATF
to just run in the first 512KB of DRAM.
Remove the now unused regions. This also moves the SMP pens into our
first memory page (holding the firmware magic), where the original
firmware put them, but where there is also enough space for them.
Since the pens will require code execution privileges, we amend the
memory attributes used for that page to include write and execution
rights.
Change-Id: I131633abeb4a4d7b9057e737b9b0d163b73e47c6
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The GPU firmware loads the armstub8.bin (BL31) image at address 0, the
beginning of DRAM. As this holds the resident PSCI code and the SMP
pens, the non-secure world should better know about this, to avoid
accessing memory owned by TF-A. This is particularly criticial as the
Raspberry Pi 4 does not feature a secure memory controller, so
overwriting code is a very real danger.
Use the newly introduced function to add a node into reserved-memory
node, where non-secure world can check for regions to be excluded from
its mappings.
Reserve the first 512KB of memory for now. We can refine this later if
need be.
Change-Id: I00e55e70c5c02615320d79ff35bc32b805d30770
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The device tree provided by the official Raspberry Pi firmware uses
spin tables for SMP bringup.
One of the benefit of having TF-A is that it provides PSCI services, so
let's rewrite the DTB to advertise PSCI instead of spin tables.
This uses the (newly exported) routine from the QEMU platform port.
Change-Id: Ifddcb14041ca253a333f8c2d5e97a42db152470c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Now that we have the armstub magic value in place, the GPU firmware will
write the kernel load address (and DTB address) into our special page,
so we can always easily access the actual location without hardcoding
any addresses into the BL31 image.
Make the compile-time defined PRELOADED_BL33_BASE macro optional, and
read the BL33 entry point from the magic location, if the macro was not
defined. We do the same for the DTB address.
This also splits the currently "common" definition of
plat_get_ns_image_entrypoint() to be separate between RPi3 and RPi4.
Change-Id: I6f26c0adc6fce2df47786b271c490928b4529abb
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The Raspberry Pi GPU firmware checks for a magic value at offset 240
(0xf0) of the armstub8.bin image it loads. If that value matches,
it writes the kernel load address and the DTB address into subsequent
memory locations.
We can use these addresses to avoid hardcoding these values into the BL31
image, to make it more flexible and a drop-in replacement for the
official armstub8.bin.
Reserving just 16 bytes at offset 240 of the final image file is not easily
possible, though, as this location is in the middle of the generic BL31
entry point code.
However we can prepend an extra section before the actual BL31 image, to
contain the magic and addresses. This needs to be 4KB, because the
actual BL31 entry point needs to be page aligned.
Use the platform linker script hook that the generic code provides, to
add an almost empty 4KB code block before the entry point code. The very
first word contains a branch instruction to jump over this page, into
the actual entry code.
This also gives us plenty of room for the SMP pens later.
Change-Id: I38caa5e7195fa39cbef8600933a03d86f09263d6
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The Raspberry Pi 4 is a single board computer with four Cortex-A72
cores. From a TF-A perspective it is quite similar to the Raspberry Pi
3, although it comes with more memory (up to 4GB) and has a GIC.
This initial port though differs quite a lot from the existing rpi3
platform port, mainly due to taking a much simpler and more robust
approach to loading the non-secure payload:
The GPU firmware of the SoC, which is responsible for initial platform
setup (including DRAM initialisation), already loads the kernel, device
tree and the "armstub" into DRAM. We take advantage of this, by placing
just a BL31 component into the armstub8.bin component, which will be
executed first, in AArch64 EL3.
The non-secure payload can be a kernel or a boot loader (U-Boot or
EDK-2), disguised as the "kernel" image and loaded by the GPU firmware.
So this is just a BL31-only port, which directly drops into EL2
and executes whatever has been loaded as the "kernel" image, handing
over the DTB address in x0.
Change-Id: I636f4d1f661821566ad9e341d69ba36f6bbfb546
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment the UART input clock rate is hard coded at compile time.
This works as long as the GPU firmware always sets up the same rate,
which does not seem to be true for the Raspberry Pi 4.
In preparation for being able to change this at runtime, add a base
clock parameter to the console setup function. This is still hardcoded
for the Raspberry Pi 3.
Change-Id: I398bc2f1e9b46f7af9a84cb0b33cbe8e78f2d900
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The Fast Models provide a non-volatile counter component, which is used
in the Trusted Board Boot implementation to protect against rollback
attacks.
This component comes in 2 versions (see [1]).
- Version 0 is the default and models a locked non-volatile counter,
whose value is fixed.
- Version 1 of the counter may be incremented in a monotonic fashion.
plat_set_nv_ctr() must cope with both versions. This is achieved by:
1) Attempting to write the new value in the counter.
2) Reading the value back.
3) If there is a mismatch, we know the counter upgrade failed.
When using version 0 of the counter, no upgrade is possible so the
function is expected to fail all the time. However, the code is
missing a compiler barrier between the write operation and the next
read. Thus, the compiler may optimize and remove the read operation on
the basis that the counter value has not changed. With the default
optimization level used in TF-A (-Os), this is what's happening.
The fix introduced in this patch marks the write and subsequent read
accesses to the counter as volatile, such that the compiler makes no
assumption about the value of the counter.
Note that the comment above plat_set_nv_ctr() was clearly stating
that when using the read-only version of the non-volatile counter,
"we expect the values in the certificates to always match the RO
values so that this function is never called". However, the fact that
the counter value was read back seems to contradict this comment, as
it is implementing a counter-measure against misuse of the
function. The comment has been reworded to avoid any confusion.
Without this patch, this bug may be demonstrated on the Base AEM FVP:
- Using version 0 of the non-volatile counter (default version).
- With certificates embedding a revision number value of 32
(compiling TF-A with TFW_NVCTR_VAL=32).
In this configuration, the non-volatile counter is tied to value 31 by
default. When BL1 loads the Trusted Boot Firmware certificate, it
notices that the two values do not match and tries to upgrade the
non-volatile counter. This write operation is expected to fail
(because the counter is locked) and the function is expected to return
an error but it succeeds instead.
As a result, the trusted boot does not abort as soon as it should and
incorrectly boots BL2. The boot is finally aborted when BL2 verifies
the BL31 image and figures out that the version of the SoC Firmware
Key Certificate does not match. On Arm platforms, only certificates
signed with the Root-of-Trust Key may trigger an upgrade of the
non-volatile Trusted counter.
[1] https://developer.arm.com/docs/100964/1160/fast-models-components/peripheral-components/nonvolatilecounter
Change-Id: I9979f29c23b47b338b9b484013d1fb86c59db92f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Enable cores 1-3 using psci. On receiving the smc call from kernel,
core 0 will bring the secondary cores out pen and signal an event for
the cores. Currently on switching the cores is enabled i.e. it is not
possible to suspend, switch cores off, etc.
Change-Id: I6087e1d2ec650e1d587fd543efc1b08cbb50ae5f
Signed-off-by: Usama Arif <usama.arif@arm.com>
For the secondary CPUs, hold the cpu in wfe rather then panic.
This will be needed when multicore support is added to a5ds as
the smc call will write to the hold base and signal an event to
power on the secondary CPUs.
Change-Id: I0ffc2059e9ef894c21375ca5c94def859bfa6599
Signed-off-by: Usama Arif <usama.arif@arm.com>
This commit adds authentication binary support for STM32MP1.
It prints the bootrom authentication result if signed
image is used and authenticates the next loaded STM32 images.
It also enables the dynamic translation table support
(PLAT_XLAT_TABLES_DYNAMIC) to use bootrom services.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: Iba706519e0dc6b6fae1f3dd498383351f0f75f51
This BSEC service is a platform specific service. Implementation
moved to the platform part.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I1f70ed48a446860498ed111acce01187568538c9
Rockchip platform is using the first 1MB of DRAM as secure ram space,
and there is a vendor loader who loads and runs the BL31/BL32/BL33,
this loader is usually load by SoC BootRom to the start addres of DRAM,
we need to reserve enough space for this loader so that it doesn't need
to do the relocate when loading the BL31. eg.
We use U-Boot SPL to load ATF BL31 and U-Boot proper as BL33, the SPL
TEXT BASE is offset 0 of DRAM which is decide by Bootrom; if we update
the BL31_BASE to offset 0x40000(256KB), then the 0~0x40000 should be
enough for SPL and no need to do the relocate while the space size
0x10000(64KB) may not enough for SPL.
After this update, the BL31 can use the rest 768KB of the first 1MB,
which is also enough, and the loader who is using BL31 elf file can
support this update without any change.
Change-Id: I66dc685594d77f10f9a49c3be015fd6729250ece
Signed-off-by: Kever Yang <kever.yang@rock-chips.com>
Patch introduce the macro NS_IMAGE_MAX_SIZE to simplify the image size
calculation. Use of additional parenthesis removes the possibility of
improper calculations due nested macro expansion for subtraction.
In case of platforms with DRAM window over 32bits, patch also removes
potential problems with type casting, as meminfo.image_size is uint32_t
but macro calculations were done in 64bit space.
Signed-off-by: Radoslaw Biernacki <radoslaw.biernacki@linaro.org>
Change-Id: I2d05a2d9dd6000dba6114df53262995cf85af018
This commit change the plat/qemu directory structure into:
`-- plat
`-- qemu
|-- common (files shared with all qemu subplatforms)
|-- qemu (original qemu platform)
|-- qemu_sbsa (new sqemu_sbsa platform)
|-- subplat1
`-- subplat2
This opens the possibility of adding new qemu sub-platforms which reuse
existing common platform code. The first platform which will leverage new
structure will be SBSA platform.
Signed-off-by: Radoslaw Biernacki <radoslaw.biernacki@linaro.org>
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Id0d8133e1fffc1b574b69aa2770ebc02bb837a9b
Avoid to load FIP by hacking address. Load it by partition table instead.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Change-Id: I0283fc2e6e459bff14de19d92db4158e05106ee4
Avoid to load FIP by hacking address. Load it by partition table instead.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Change-Id: Ib476d024a51e4b9705441a0007d78f9fdf0ca078
The registers location for the SHA DMA driver is not unique for the
different platforms. Move the mapping out of the driver and into the
platform-specific header.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ice64637844a3cb384b01e466cb8c1cea5f764129
Both kernel and U-Boot use a SMC call to the secure monitor to get the
chip ID. This call is translated by BL31 to a call to the SCP to
retrieve the ID. Add a new SiP call and the backing SCPI command.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ib128f5645ee92866e7ebbcd550dacd33f573524b
* changes:
rpi3: Do prescaler and control setup in C
rpi3: Prepare for supporting a GIC (in RPi4)
rpi3: Make SHARED_RAM optional
rpi3: Rename RPI3_IO_BASE to RPI_IO_BASE
rpi3: Move shared rpi3 files into common directory
To initialise the arch timer configuration and some clock prescaler, we
need to do two MMIO access *once*, early during boot.
As tempting as it may sound, plat_reset_handler() is not the right place
to do this, as it will be called on every CPU coming up, both for
secondary cores as well as during warmboots. So this access will be done
multiple times, and even during a rich OS' runtime. Whether doing so anyway
is actually harmful is hard to say, but we should definitely avoid this if
possible.
Move the initialisation of these registers to C code in
bl1_early_platform_setup(), where it will still be executed early enough
(before enabling the console), but only once during the whole boot
process.
Change-Id: I081c41a5476d424411411488ff8f633e87d3bcc5
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
To allow sharing the driver between the RPi3 and RPi4, move the random
number generator driver into the generic driver directory.
Change-Id: Iae94d7cb22c6bce3af9bff709d76d4caf87b14d1
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
With the incoming support for the Raspberry Pi 4 boards, one directory
to serve both versions will not end up well.
Create an additional layer by inserting a "rpi" directory betweeen /plat
and rpi3, so that we can more easily share or separate files between the
two later.
Change-Id: I75adbb054fe7902f34db0fd5e579a55612dd8a5f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
As the PSCI "power" management functions for the Raspberry Pi 3 port
will be shared with the upcoming RPi4 support, we need to prepare them
for dealing with the GIC interrupt controller.
Splitting this code just for those simple calls to the generic GIC
routines does not seem worthwhile, so just use a #define the protect the
GIC code from being included by the existing RPi3 code.
Change-Id: Iaca6b0214563852b28ad4a088ec45348ae8be40d
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The QEMU platform port scans its device tree to advertise PSCI as the
CPU enable method. It does this by scanning *every* node in the DT and
check whether its compatible string starts with "arm,cortex-a". Then it
sets the enable-method to PSCI, if it doesn't already have one.
Other platforms might want to use this functionality as well, so let's
move it out of the QEMU platform directory and make it more robust by
fixing some shortcomings:
- A compatible string starting with a certain prefix is not a good way
to find the CPU nodes. For instance a "arm,cortex-a72-pmu" node will
match as well and is in turn favoured with an enable-method.
- If the DT already has an enable-method, we won't change this to PSCI.
Those two issues will for instance fail on the Raspberry Pi 4 DT.
To fix those problems, we adjust the scanning method:
The DT spec says that all CPU nodes are subnodes of the mandatory
/cpus node, which is a subnode of the root node. Also each CPU node has
to have a device_type = "cpu" property. So we find the /cpus node, then
scan for a subnode with the proper device_type, forcing the
enable-method to "psci".
We have to restart this search after a property has been patched, as the
node offsets might have changed meanwhile.
This allows this routine to be reused for the Raspberry Pi 4 later.
Change-Id: I00cae16cc923d9f8bb96a9b2a2933b9a79b06139
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
To allow sharing the driver between the RPi3 and RPi4, move the mailbox
driver into the generic driver directory.
Change-Id: I463e49acf82b02bf004f3d56482b7791f3020bc0
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The existing Raspberry Pi 3 port sports a number of memory regions,
which are used for several purposes. The upcoming RPi4 port will not use
all of those, so make the SHARED_RAM region optional, by only mapping it
if it has actually been defined. This helps to get a cleaner RPi4 port.
Change-Id: Id69677b7fb6ed48d9f238854b610896785db8cab
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
With the advent of Raspberry Pi 4 support, we need to separate some
board specific headers between the RPi3 and RPi4.
Rename and move the "rpi3_hw.h" header, so that .c files just include
rpi_hw.h, and automatically get the correct version.
Change-Id: I03b39063028d2bee1429bffccde71dddfe2dcde8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The location of the MMIO window is different between a Raspberry Pi 3
and 4: the former has it just below 1GB, the latter below 4GB.
The relative location of the peripherals is mostly compatible though.
To allow sharing code between the two models, let's rename the symbol
used for the MMIO base to the more generic RPI_IO_BASE name.
Change-Id: I3c2762fb30fd56cca743348e79d72ef8c60ddb03
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
To be able to share code more easily between the existing Raspberry Pi 3
and the upcoming Raspberry Pi 4 platform, move some code which is not
board specific into a "common" directory.
Change-Id: I9211ab2d754b040128fac13c2f0a30a5cc8c7f2c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch provides the following features and makes modifications
listed below:
- Individual APIAKey key generation for each CPU.
- New key generation on every BL31 warm boot and TSP CPU On event.
- Per-CPU storage of APIAKey added in percpu_data[]
of cpu_data structure.
- `plat_init_apiakey()` function replaced with `plat_init_apkey()`
which returns 128-bit value and uses Generic timer physical counter
value to increase the randomness of the generated key.
The new function can be used for generation of all ARMv8.3-PAuth keys
- ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`.
- New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions
generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively;
pauth_disable_el1()` and `pauth_disable_el3()` functions disable
PAuth for EL1 and EL3 respectively;
`pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from
cpu-data structure.
- Combined `save_gp_pauth_registers()` function replaces calls to
`save_gp_registers()` and `pauth_context_save()`;
`restore_gp_pauth_registers()` replaces `pauth_context_restore()`
and `restore_gp_registers()` calls.
- `restore_gp_registers_eret()` function removed with corresponding
code placed in `el3_exit()`.
- Fixed the issue when `pauth_t pauth_ctx` structure allocated space
for 12 uint64_t PAuth registers instead of 10 by removal of macro
CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h`
and assigning its value to CTX_PAUTH_REGS_END.
- Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions
in `msr spsel` instruction instead of hard-coded values.
- Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI.
Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
* changes:
mediatek: mt8183: Support coreboot configuration
mediatek: mt8183: support system reset
mediatek: mt8183: pass platform parameters
mediatek: mt8183: add GPIO driver
mediatek: mt8183: support system off
mediatek: mt8183: support CPU hotplug
mediatek: mt8183: refine GIC driver
The code managing the console is the same for all the platforms
currently supported. Since it is unlikely to change in the future move
the code to an external file in the common directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I6df555ea82d483b4f08a4a1e2cb0a7488fbaa015
Some of the platform (ie. Agilex) make use of CCU IPs which will only be
initialized during bl2_el3_early_platform_setup. Any operation to the
cache beforehand will crash the platform. Hence, this will provide an
option to skip the data cache invalidation upon bl2 entry at EL3
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I2c924ed0589a72d0034714c31be8fe57237d1f06
* changes:
amlogic: Fix includes order
amlogic: Fix header guards
amlogic: Fix prefixes in the SoC specific files
amlogic: Fix prefixes in the PM code
amlogic: Fix prefixes in the SCPI related code
amlogic: Fix prefixes in the MHU code
amlogic: Fix prefixes in the SIP/SVC code
amlogic: Fix prefixes in the thermal driver
amlogic: Fix prefixes in the private header file
amlogic: Fix prefixes in the efuse driver
amlogic: Fix prefixes in the platform macros file
amlogic: Fix prefixes in the helpers file
amlogic: Rework Makefiles
amlogic: Move the SIP SVC code to common directory
amlogic: Move topology file to common directory
amlogic: Move thermal code to common directory
amlogic: Move MHU code to common directory
amlogic: Move efuse code to common directory
amlogic: Move platform macros assembly file to common directory
amlogic: Introduce unified private header file
amlogic: Move SCPI code to common directory
amlogic: Move the SHA256 DMA driver to common directory
amlogic: Move assembly helpers to common directory
amlogic: Introduce directory parameters in the makefiles
meson: Rename platform directory to amlogic
Disable gic cpu interface for powered down cpu. This patch also removes
core reset during power off as core reset will be done during power on
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I2ca96d876b6e71e56d24a9a7e184b6d6226b8673
As part of the code refactoring fix the order of the include files
across all the source files.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ice72f687cc26ee881a9051168149467688100cfb
Make the header guards more generic and contextually remove the
GXBB_BL31_PLAT_PARAM_VAL value that is unused on the GXL platform.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I842fa2e084e71280ae17b39c67877e844821a171
Some cores support only AArch64 from EL1 and above, e.g. A76, N1 etc. If
TF-A is compiled with CTX_INCLUDE_AARCH32_REGS=0 so as to properly
handle those cores, only the AArch64 cores' assembly is included in the
TF-A binary. In other words, for FVP, TF-A assumes that AArch64 only
cores will never exist in the same cluster with cores that also support
AArch32.
However, A55 and A75 can be used as AArch64 only cores, despite
supporting AArch32, too. This patch enables A55 and A75 to exist in
clusters together with AArch64 cores.
Change-Id: I58750ad6c3d76ce77eb354784c2a42f2c179031d
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
This patch adds support for the Undefined Behaviour sanitizer. There are
two types of support offered - minimalistic trapping support which
essentially immediately crashes on undefined behaviour and full support
with full debug messages.
The full support relies on ubsan.c which has been adapted from code used
by OPTEE.
Change-Id: I417c810f4fc43dcb56db6a6a555bfd0b38440727
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Common ipi_table needs to be initialized before using any
IPI command (i.e send/receive). Move zynqmp ipi config table
initialization from sip_svc_setup() to zynqmp_config_setup().
Change-Id: Ic8aaa0728a43936cd4c6e1ed590e01ba8f0fbf5b
Signed-off-by: Tejas Patel <tejas.patel@xilinx.com>
Signed-off-by: Jolly Shah <jolly.shah@xilinx.com>
The STM32 console driver was pre-pending '\r' before '\n'.
It is now managed by the framework with the flag:
CONSOLE_FLAG_TRANSLATE_CRLF.
Remove the code in driver, and add the flag for STM32MP1.
Change-Id: I5d0d5d5c4abee0b7dc11c2f8707b1b5cf10149ab
Signed-off-by: Yann Gautier <yann.gautier@st.com>
* changes:
mmc: stm32_sdmmc2: correctly manage block size
mmc: stm32_sdmmc2: manage max-frequency property from DT
stm32mp1: move check_header() to common code
stm32mp1: keep console during runtime
stm32mp1: sp_min: initialize MMU and cache earlier
stm32mp1: add support for LpDDR3
stm32mp1: use a common function to check spinlock is available
clk: stm32mp: enable RTCAPB clock for dual-core chips
stm32mp1: check if the SoC is single core
stm32mp1: print information about board
stm32mp1: print information about SoC
stm32mp1: add watchdog support
When built for coreboot, we want to enable coreboot library to have
better integration. For example, serial console should be initialized by
coreboot_serial instead of hard-coded values.
Most coreboot configuration will enable memory console, which needs
larger XLAT_TABLES so MAX_XLAT_TABLES is increased; and to support that,
TZRAM_SIZE also need to be enlarged.
Change-Id: I08cf22df2fa26e48284e323d22ad8ce73a6ea803
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Add plat parameter structs to support BL2 to pass
variable-length, variable-type parameters to BL31.
The parameters are structured as a link list.
During BL31 setup time, we traverse the list to process
each parameter.
Signed-off-by: kenny liang <kenny.liang@mediatek.com>
Change-Id: Ie84cfc9606656fb1d2780a68cadf27e09afa6628
This patch fixes a coding error, where the size of the protected memory area
was truncated due to an incorrect typecast.
This defect was found by coverity and reported as CID 336781.
Change-Id: I41878b0a9a5e5cd78ef3393fdc7b9ea7f7403ed3
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Remove the GXBB prefix where needed and add SoC specific prefixes for
GXBB/GXL.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ic3eb3a77ca2d9c779a9dee5cee786e9c16ecdb27
Remove the GXBB prefix from the code in the common directory and add
SoC-specific prefixes in the SoC specific code.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ic983ef70b0ef23f95088dd8df488d8c42c3bc030
Add a new aml_* prefix to the SCPI related function calls.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I697812ac1c0df28cbb639a1dc3e838f1107fb739
Make the MHU code AML specific adding a new aml_* prefix and remove the
GXBB prefix from the register names.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I8f20918e29f08542bd71bd679f88e65b4efaa7d2
All the SIP/SVC related code is currently the same between GXL and GXBB.
Rename function names and register names to avoid hardcoding the GXBB
prefix.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I7e58ab68489df8d4762663fc01fb64e6899cc8bf
The header file is shared between all the SoCs. Better avoiding
hardcoding the SoC name in the function names.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I9074871bd1ed8a702c1a656e0f50f2d3c6cb0425
The efuse driver is hardcoding the GXBB prefix. No need to do that since
the driver is shared between multiple SoCs.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I97691b0bbd55170d8216d301a3fc04feb8c2af2e
Fixing at the same time the related register names.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ib1130d50abe6088f1c0826878d1ae454a0f23008
The code is the common directory is now generic, no need to have the SoC
prefix hardcoded in the function names.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ied3a5e506b9abd4c2d6f893bafef50019bff24f1
Now that every piece is in place, the makefiles can be refactored and
slightly beautified removing useless and redundant parts.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: If74e1909df52d475cf4b0dfed819d07d3a4c85b9
The code is the same between GXBB and GXL. Move it to the common source
directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I875689a6fd029971aa755fc2725217e90ed06b6c
As done already for multiple files, move the topology file to the common
directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Iaca357a089593ad58c35c05c929239132249dcda
As for most of the Amlogic code, this is common between the Amlogic
SoCs. Move the code to the common directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Id3f0073ff1f0b9ddbe964f80303323ee4a2f27b0
The MHU code is shared between all the supported platforms. Move it to
the common directory instead.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Iaf53122866eae85c13f772927d16836dcfa877a3
The efuse code is the same between GXL and GXBB. Move the code to common
directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ie37f21d1907a36292724f1fb645a78041fe4a6b3
The platform macros are shared between all the SoCs. Move it to common
directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ia04c3ffe4d7b068aa701268ed99f69995d8db92b
Now that also the SHA256 DMA driver is shared between all the SoCs, we
can have one single private platform header file.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I77d51915f9d8233aeceeed66ed1f491573402cfc
The SCPI code is the same between GXBB and GXL. No need to have it
replicated for each SoCs. Move it to the common directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I7e416caf1e9538b3ce7702c0363ee00a054e2451
The SHA256 DMA driver can be used by multiple SoCs. Move it to the
common directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I96319eeeeeebd503ef0dcb07c0e4ff6a67afeaa5
The assembly helpers are common to all the amlogic SoCs. Move the .S
file to the common directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I0d8616a7ae22dbcb14848cefd0149b6bb5814ea6
Make the platform name a parameter for the source directories. Besides a
cosmetic fix, this is going to be helpful when reusing the same Makefile
for different SoCs.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I307897a21800cca8ad68a5ab8972d27e9356ff2a
Meson is the internal code name for the SoC family. The correct name for
the platform should be Amlogic. Change the name of the platform
directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Icc140e1ea137f12117acbf64c7dcb1a8b66b345d
This console driver sends '\r' before 'n', not after.
It works, but the convention is "\r\n" (i.e. CRLF)
Instead of fixing it in the driver, set CONSOLE_FLAG_TRANSLATE_CRLF
to leave it to the framework.
Change-Id: I2154e29313739a40dff70cfb5c0f8989136d4ad2
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This function can be used on several stm32mp devices, it is then moved in
plat/st/common/stm32mp_common.c.
Change-Id: I862debe39604410f71a9ddc28713026362e9ecda
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The runtime console is only kept in DEBUG configuration.
Change-Id: I0447dfcacb9a63a12bcdab7c55584d70c3220e5b
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This change enhances performance and security in BL32 stage.
Change-Id: I64df5995fc6b04f6cf42d6a00a6d3d0f602b5407
Signed-off-by: Yann Gautier <yann.gautier@st.com>
To use spinlocks, MMU should be enabled, as well as data cache.
A common function is created (moved from clock file).
It is then used whenever a spinlock has to be taken, in BSEC and clock
drivers.
Change-Id: I94baed0114a2061ad71bd5287a91bf7f1c6821f6
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Among the variants of STM32MP, the STM32MP151 is a single Cortex-A7 chip.
A function is added to check the part number of the SoC.
If it corresponds to STM32MP151A or STM32MP151C, then the chip has a single
Cortex-A7.
Change-Id: Icac2015c5d03ce0bcb8e99bbaf1ec8ada34be49c
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>