The GIC specification describes ID registers in each GIC register frame
(PIDRx), which can be used to identify a GIC component. The Arm Ltd. GIC
implementations use certain ID values to identify the distributor, the
redistributors and other parts like ITSes.
Introduce a function that reads those part number IDs, which are spread
over two registers. The actual numbers are only meaningful in connection
with a certain GIC model, which would need to be checked beforehand, by
the caller.
Change-Id: Ia6ff326a1e8b12664e4637bc8e2683d2b5c7721c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
For platforms where we don't know the number of cores at compile time,
the size of the GIC redistributor frame is then also undetermined, since
it depends on this number of cores.
On top of this the GICR base address can also change, when an unknown
number of ITS frames (including zero) take up space between the
distributor and redistributor.
So while those two adjustments are done for independent reasons, the
code for doing so is very similar, so we should utilise the existing
fdt_adjust_gic_redist() function.
Add an (optional) gicr_base parameters to the prototype, so callers can
choose to also adjust this base address later, if needed.
Change-Id: Id39c0ba83e7401fdff1944e86950bb7121f210e8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Define a handler in the SPMD to route secure interrupts occurring while
the normal world runs. On a Group1 Secure interrupt (with a GICv3 or a
Group0 interrupt on GICv2), the normal world is pre-empted to EL3 and
redirected to the SPMD/SPMC for further handling.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: I1350d74048c5549a2af8da0ba004c08512cc006a
* changes:
feat(plat/st/stm32mp1): add STM32MP_USB_PROGRAMMER target
feat(plat/st/stm32mp1): add USB DFU support for STM32MP1
feat(plat/st): add STM32CubeProgrammer support on USB
feat(drivers/st/usb): add device driver for STM32MP1
feat(plat/st): add a USB DFU stack
feat(drivers/usb): add a USB device stack
Add a device driver for Synopsis DWC2 USB IP of STM32MP15x,
this USB OTG device is only supported in device mode.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I90b21f094f6637b85f3ace23a3a3a2f6fd4e0951
Add a new USB framework to manage an USB device profile (USBD)
based on a peripheral controller driver (PCD).
This USB stack can be use to implement any Universal Serial Bus Device
Class in TF-A on top of a USB driver defined in the platform.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I7971ec6d952edec3511157a198e6e5359df4346b
This patch removes files that are not used by TF-R as well as
removes unused generic files from the TF-R makefile.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Idb15ac295dc77fd38735bf2844efdb73e6f7c89b
MPMM - the Maximum Power Mitigation Mechanism - is an optional
microarchitectural feature present on some Armv9-A cores, introduced
with the Cortex-X2, Cortex-A710 and Cortex-A510 cores.
MPMM allows the SoC firmware to detect and limit high activity events
to assist in SoC processor power domain dynamic power budgeting and
limit the triggering of whole-rail (i.e. clock chopping) responses to
overcurrent conditions.
This feature is enabled via the `ENABLE_MPMM` build option.
Configuration can be done via FCONF by enabling `ENABLE_MPMM_FCONF`, or
by via the plaform-implemented `plat_mpmm_topology` function.
Change-Id: I77da82808ad4744ece8263f0bf215c5a091c3167
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change makes AMU auxiliary counters configurable on a per-core
basis, controlled by `ENABLE_AMU_AUXILIARY_COUNTERS`.
Auxiliary counters can be described via the `HW_CONFIG` device tree if
the `ENABLE_AMU_FCONF` build option is enabled, or the platform must
otherwise implement the `plat_amu_topology` function.
A new phandle property for `cpu` nodes (`amu`) has been introduced to
the `HW_CONFIG` specification to allow CPUs to describe the view of
their own AMU:
```
cpu0: cpu@0 {
...
amu = <&cpu0_amu>;
};
```
Multiple cores may share an `amu` handle if they implement the
same set of auxiliary counters.
AMU counters are described for one or more AMUs through the use of a new
`amus` node:
```
amus {
cpu0_amu: amu-0 {
#address-cells = <1>;
#size-cells = <0>;
counter@0 {
reg = <0>;
enable-at-el3;
};
counter@n {
reg = <n>;
...
};
};
};
```
This structure describes the **auxiliary** (group 1) AMU counters.
Architected counters have architecturally-defined behaviour, and as
such do not require DTB entries.
These `counter` nodes support two properties:
- The `reg` property represents the counter register index.
- The presence of the `enable-at-el3` property determines whether
the firmware should enable the counter prior to exiting EL3.
Change-Id: Ie43aee010518c5725a3b338a4899b0857caf4c28
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change represents a general refactoring to clean up old code that
has been adapted to account for changes required to enable dynamic
auxiliary counters.
Change-Id: Ia85e0518f3f65c765f07b34b67744fc869b9070d
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change decouples the group 1 counter macros to facilitate dynamic
detection at runtime. These counters remain disabled - we will add
dynamic enablement of them in a later patch.
Change-Id: I820d05f228d440643bdfa308d030bd51ebc0b35a
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change removes the `AMU_GROUP0_COUNTERS_MASK` and
`AMU_GROUP0_MAX_COUNTERS` preprocessor definitions, instead retrieving
the number of group 0 counters dynamically through `AMCGCR_EL0.CG0NC`.
Change-Id: I70e39c30fbd5df89b214276fac79cc8758a89f72
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change reduces preprocessor dependencies on the
`AMU_GROUP1_NR_COUNTERS` and `AMU_GROUP1_COUNTERS_MASK` definitions, as
these values will eventually be discovered dynamically.
In their stead, we introduce the `ENABLE_AMU_AUXILIARY_COUNTERS` build
option, which will enable support for dynamically detecting and
enabling auxiliary AMU counters.
This substantially reduces the amount of memory used by platforms that
know ahead of time that they do not have any auxiliary AMU counters.
Change-Id: I3d998aff44ed5489af4857e337e97634d06e3ea1
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change introduces a small set of register getters and setters to
avoid having to repeatedly mask and shift in complex code.
Change-Id: Ia372f60c5efb924cd6eeceb75112e635ad13d942
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change reduces the exposed surface area of the AMU API in order to
simplify the refactoring work in following patches. The functions and
definitions privatized by this change are not used by other parts of the
code-base today.
BREAKING CHANGE: The public AMU API has been reduced to enablement only
to facilitate refactoring work. These APIs were not previously used.
Change-Id: Ibf6174fb5b3949de3c4ba6847cce47d82a6bd08c
Signed-off-by: Chris Kay <chris.kay@arm.com>
With the introduction of MPMM, the auxiliary AMU counter logic requires
refactoring to move away from a single platform-defined group 1 counter
mask in order to support microarchitectural (per-core) group 1 counters.
BREAKING CHANGE: The `PLAT_AMU_GROUP1_COUNTERS_MASK` platform definition
has been removed. Platforms should specify per-core AMU counter masks
via FCONF or a platform-specific mechanism going forward.
Change-Id: I1e852797c7954f92409222b066a1ae57bc72bb05
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change adds a new utility function - `fdtw_for_each_cpu` - to
invoke a callback for every CPU node listed in a flattened device tree
(FDT) with the node identifier and the MPIDR of the core it describes.
Signed-off-by: Chris Kay <chris.kay@arm.com>
Change-Id: Iabb5c0f0c9d11928a4a7a41cdc7d1e09aadeb2bc
This patch changes Cortex Demeter to Neoverse Demeter.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I7306d09ca60e101d0a96c9ceff9845422d75c160
This patch adds the basic CPU library code to support the Hunter CPU
in TF-A. This CPU is based on the Makalu core so that library code
was adapted as the basis for this patch.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I956b2dc0f43da7cec3e015252392e2694363e1b3
Currently on image entry, the data cache in the RW address range is
invalidated before MMU is enabled to safeguard against potential
stale data from previous firmware stage. If PIE is enabled however,
RO sections including the GOT may be also modified during pie fixup.
Therefore, to be on the safe side, invalidate the entire image
region if PIE is enabled.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I7ee2a324fe4377b026e32f9ab842617ad4e09d89
This change aims to make the UFS code more robust by performing a
controller reset if linkstartup fails. This idea was borrowed from
Linux's ufshcd_link_startup function.
Signed-off-by: Jorge Troncoso <jatron@google.com>
Change-Id: I6b52148d1bf155b11198dc82a39b1120057adaaf
This change aims to make the UFS code more robust by adding retry logic
and timeouts to ufshc_reset. We also define a new function
ufshc_hce_enable for Host Controller Enable (HCE). The inner and outer
retry pattern is based on Linux's ufshcd_hba_execute_hce function.
Signed-off-by: Jorge Troncoso <jatron@google.com>
Change-Id: I9403a5a25d3ca50af5f2f9a65b774f6a2d7a9626
This change aims to make the UFS code more robust by removing asserts
and adding retry logic. We also reduce repetition by reusing
ufshc_send_uic_cmd for DME_GET and DME_SET commands.
Signed-off-by: Jorge Troncoso <jatron@google.com>
Change-Id: Id70aa1687d5ca78dc7d47234372255ac5a04a612
* changes:
fix(stpmic1): fix power switches activation
fix(stpmic1): update error cases return
refactor(stpmic1): use BIT and GENMASK helpers
fix(stm32mp1_clk): keep RTC clock always on
fix(stm32mp1_clk): set other clocks as always on
Currently, for the supported SCMI protocols, the version returned by the SCMI
platform agent must be exactly matching the driver's version (major version).
The recent change for the required version of Power Domain protocol means that
the platform must return version 2.0. This can be however a limitation in some
cases, where a SCMI-v1.0 platform can still be considered compatible with the
driver supported in firmware.
Relax the protocol version requirement such that any version older than the
one supported by the drivers can still be compatible.
Note: For now this has effect only on Power Domain protocol, as the other
drivers still require the "base" version 1.0.
Signed-off-by: Nicola Mazzucato <nicola.mazzucato@arm.com>
Change-Id: I310ae1869c2e952991a8d733f394029ab64087bf
Made measurement strings compliant to Server Base Security Guide
(SBSG, Arm DEN 0086) hence updated measurement strings for BL32, BL31,
and SCP_BL2 images. As the GPT image is not get measured by BL2 so
removed its measurement string.
Also, namespaced measurement string defines that were looking quite
generic.
Change-Id: Iaa17c0cfeee3d06dc822eff2bd553da23bd99b76
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Introduced functions to set and get Event log information
(tpm_event_log address and its size).
In FVP platform case, measured boot with Event Log backend flow
work as below
1. event_log_init function called by BL1 to initialize Event Log
module
2. arm_set_tb_fw_info function called by BL1 to set the
'tpm_event_log_addr' and 'tpm_event_log_size' properties
in tb_fw_config
3. arm_get_tb_fw_info function called by BL2 to get tpm Event Log
parameters set by BL1. These parameters used by the BL2 to
extend the tpm Event Log records, and use these parameters
to initialize Event Log using event_log_init function
4. arm_set_nt_fw_info and arm_set_tos_fw_info function called by
BL2 to set 'tpm_event_log' address and its size properties in
nt_fw_config and tos_fw_config respectively
Alongside, this patch created a separate instances of plat_mboot_init
and plat_mboot_finish APIs for BL1 and BL2.
This patch is tested using the existing measured boot test configuration
in jenkins CI.
Change-Id: Ib9eca092afe580df014541c937868f921dff9c37
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
It looks safer and cleaner approach to record the measurement taken by
BL1 straightaway in TCG Event Log instead of deferring these recordings
to BL2.
Hence pull in the full-fledged measured boot driver into BL1 that
replaces the former ad-hoc platform interfaces i.e.
bl1_plat_set_bl2_hash, bl2_plat_get_hash.
As a result of this change the BL1 of Arm FVP platform now do the
measurements and recordings of below images:
1. FW_CONFIG
2. TB_FW_CONFIG
3. BL2
Change-Id: I798c20336308b5e91b547da4f8ed57c24d490731
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Currently, the Event Log driver does platform layer work by invoking
a few platform functions in the 'event_log_finalise' call. Doing
platform work does not seem to be the driver's responsibility, hence
moved 'event_log_finalise' function's implementation to the platform
layer.
Alongside, introduced few Event Log driver functions and done
some cosmetic changes.
Change-Id: I486160e17e5b0677c734fd202af7ccd85476a551
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Subsequent patches will provide a solution to do the BL2 hash measurement
and recording in BL1 itself, hence in preparation to adopt that solution
remove the logic of passing BL2 hash measurement to BL2 component
via TB_FW config.
Change-Id: Iff9b3d4c6a236a33b942898fcdf799cbab89b724
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Right now, event_log_init() does 2 things:
1) It writes all the necessary TCG data structures in the event log buffer.
2) It writes the first measurement (BL2's).
Step 2) introduces in the TCG event log driver an assumption on what
is getting measured and in what order. Ideally, the driver should only
be concerned about generic operations, such as initializing the event
log or recording a measurement in it. As much as possible, we should
design the driver such that it could be reused in another project that
has a different measure boot flow.
For these reasons, move step 2) up to the caller, plat_mboot_init() in
this case. Make event_log_record() a public function for this purpose.
This refactoring will also help when we make BL1 record BL2's
measurement into the event log (instead of BL2). Both BL1 and BL2 will
need to call the driver's init function but only BL1 will need
recording BL2's measurement. We can handle this through different
implementations of plat_mboot_init() for BL1 and BL2, leaving the TCG
event log driver unchanged.
Change-Id: I358e097c1eedb54f82b866548dfc6bcade83d519
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Right now, the assumption is that the platform post-load hook takes
care of measuring the image that just got loaded. This is how it's
implemented on FVP.
This patch moves the measurement into the generic code
instead. load_auth_image() now calls plat_mboot_measure_image(),
which is a new platform interface introduced in this patch to measure
an image. This is called just after authenticating the image.
Implement plat_mboot_measure_image() for the Arm FVP platform. The code
is copied straight from the post-load hook.
As a result, the FVP specific implementation of
arm_bl2_plat_handle_post_image_load() is no longer needed. We can go
back to using the Arm generic implementation of it.
Change-Id: I7b4b8d28941a865e10af9d0eadaf2e4850942090
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
With the removal of the generic functions measured_boot_init()/finish(),
measured_boot.mk becomes specific to the TCG event log backend. Change
its file name to event_log.mk.
Also, the Event Log driver is one of the backend of measured boot hence
created a separate folder for it under the measured_boot directory.
Alongside done some cosmetic changes (adding a comment and fixing
identation).
Change-Id: I4ce3300e6958728dc15ca5cced09eaa01510606c
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Right now, the measured boot driver is strongly coupled with the TCG
event log driver. It would not be possible to push the measurements
somewhere else, for instance to a physical TPM.
To enable this latter use case, turn the driver's init and teardown
functions into platform hooks. Call them bl2_plat_mboot_init()/finish().
This allows each platform to implement them appropriately, depending on
the type of measured boot backend they use. For example, on a platform
with a physical TPM, the plat_mboot_init() hook would startup the TPM
and setup it underlying bus (e.g. SPI).
Move the current implementation of the init and teardown function to the
FVP platform layer.
Finally move the conditional compilation logic (#if MEASURED_BOOT) out
of bl2_main() to improve its readability. Provide a dummy implementation
in the case measured boot is not included in the build.
Change-Id: Ib6474cb5a9c1e3d4a30c7f228431b22d1a6e85e3
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
tpm_record_measurement() function name suggests that:
- It only records a measurement but does not compute it.
This is not the case, the function does both.
- It stores this measurement into a TPM (discrete chip or fTPM).
This is not the case either, the measurement is just stored into
the event log, which is a data structure hold in memory, there is
no TPM involvement here.
To better convey the intent of the function, rename it into
event_log_measure_and_record().
Change-Id: I0102eeda477d6c6761151ac96759b31b6997e9fb
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme): add build and run instructions for FEAT_RME
fix(plat/fvp): bump BL2 stack size
fix(plat/fvp): allow changing the kernel DTB load address
refactor(plat/arm): rename ARM_DTB_DRAM_NS region macros
refactor(plat/fvp): update FVP platform DTS for FEAT_RME
feat(plat/arm): add GPT initialization code for Arm platforms
feat(plat/fvp): add memory map for FVP platform for FEAT_RME
refactor(plat/arm): modify memory region attributes to account for FEAT_RME
feat(plat/fvp): add RMM image support for FVP platform
feat(rme): add GPT Library
feat(rme): add ENABLE_RME build option and support for RMM image
refactor(makefile): remove BL prefixes in build macros
feat(rme): add context management changes for FEAT_RME
feat(rme): add Test Realm Payload (TRP)
feat(rme): add RMM dispatcher (RMMD)
feat(rme): run BL2 in root world when FEAT_RME is enabled
feat(rme): add xlat table library changes for FEAT_RME
feat(rme): add Realm security state definition
feat(rme): add register definitions and helper functions for FEAT_RME
Following system registers are modified before exiting EL2 to allow
u-boot/Linux to boot
1. CNTHCTL_EL2.EL1PCTEN -> 1
Allows U-boot to use physical counters at EL1
2. VTCR_EL2.MSA -> 1
Enables VMSA at EL1, which is required by U-Boot and Linux.
3. HCR_EL2.APK = 1 & HCR_EL2.API = 1
Disables PAuth instruction and register traps in EL1
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I58f45b6669a9ad1debb80265b243015c054a9bb1
Now lx2 which use MT35XU512A supports warm boot, fix the macro
define caused by the commit:
feat(driver/nxp/xspi): add MT35XU02G flash info
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I83eb8cb9a30ac7c7efd5a010acbd03eddebed52b
Use BIT and GENMASK macros to ease stpmic1.h reading.
Change-Id: I808a62818d4188bb2f3686ab37518d369b6c41cb
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
This patch updates and refactors the GPT library and fixes bugs.
- Support all combinations of PGS, PPS, and L0GPTSZ parameters.
- PPS and PGS are set at runtime, L0GPTSZ is read from GPCCR_EL3.
- Use compiler definitions to simplify code.
- Renaming functions to better suit intended uses.
- MMU enabled before GPT APIs called.
- Add comments to make function usage more clear in GPT library.
- Added _rme suffix to file names to differentiate better from the
GPT file system code.
- Renamed gpt_defs.h to gpt_rme_private.h to better separate private
and public code.
- Renamed gpt_core.c to gpt_rme.c to better conform to TF-A precedent.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I4cbb23b0f81e697baa9fb23ba458aa3f7d1ed919
When RME is enabled, during configuration of the TrustZone controller,
Root regions are initially configured as Secure regions, and Realm
regions as Non-secure regions. Then later these regions are configured
as Root and Realm regions respectively in the GPT. According to the RME
architecture reference manual, Root firmware must ensure that Granule
Protection Check is enabled before enabling any stage of translation.
Therefore initializations are done as follows when RME is enabled :
Initialize/enable the TrustZone controller (plat_arm_security_setup) -->
Initialize/enable GPC (arm_bl2_plat_gpt_setup) -->
enable MMU (enable_mmu_el3)
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I91094e8259079437bee02de1f65edb9ad51e43cf
When FEAT_RME is enabled, memory is divided into four Physical
Address Spaces (PAS): Root, Realm, Secure and Non-secure.
This patch introduces new carveouts for the Trusted SRAM and DRAM
for the FVP platform accordingly.
The following new regions are introduced with this change:
ARM_MAP_L0_GPT_REGION: Trusted SRAM region used to store Level 0
Granule Protection Table (GPT). This region resides in the Root PAS.
ARM_MAP_GPT_L1_DRAM: DRAM region used to store Level 1 GPT. It
resides in the Root PAS.
ARM_MAP_RMM_DRAM: DRAM region used to store RMM image. It
resides in the Realm PAS.
The L0 GPT is stored on Trusted SRAM next to firmware configuration
memory. The DRAM carveout when RME is enable is modified as follow:
--------------------
| |
| AP TZC (~28MB) |
--------------------
| |
| REALM (32MB) |
--------------------
| |
| EL3 TZC (3MB) |
--------------------
| L1 GPT + SCP TZC |
| (~1MB) |
0xFFFF_FFFF --------------------
During initialization of the TrustZone controller, Root regions
are configured as Secure regions. Then they are later reconfigured
to Root upon GPT initialization.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: If2e257141d51f51f715b70d4a06f18af53607254
If FEAT_RME is enabled, EL3 runs in the Root world as opposed to
Secure world. This patch changes EL3 memory region attributes for
Arm platforms accordingly.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Ie176f8b440ff34330e4e44bd3bf8d9703b3892ff
This patch introduces the Granule Protection Table (GPT)
library code. This implementation will be updated later to
be more flexible, as the current implementation is very rigid.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I3af824a28c6e9a5d36459c0c51d2d9bebfba1505
The changes include:
- A new build option (ENABLE_RME) to enable FEAT_RME
- New image called RMM. RMM is R-EL2 firmware that manages Realms.
When building TF-A, a path to RMM image can be specified using
the "RMM" build flag. If RMM image is not provided, TRP is built
by default and used as RMM image.
- Support for RMM image in fiptool
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I017c23ef02e465a5198baafd665a60858ecd1b25
This patch adds a new context for realm world and realm world
awareness in context management.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: Ic17469393603e789d7adc025880346bc3d6233d7
TRP is a small test payload that implements Realm Monitor
Management (RMM) functionalities. RMM runs in the Realm world
(R-EL2) and manages the execution of Realm VMs and their
interaction with the hypervisor in Normal world.
TRP is used to test the interface between RMM and Normal world
software, known as Realm Management Interface (RMI). Current
functions includes returning RMM version and transitioning
granules from Non-secure to Realm world and vice versa.
More information about RMM can be found at:
https://developer.arm.com/documentation/den0125/latest
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Ic7b9a1e1f3142ef6458d40150d0b4ba6bd723ea2
This patch introduces the RMM dispatcher into BL31. This
will be the mechanism that will enable communication to
take place between the Realm and non-secure world. Currently
gives the capability for granules to be
transitioned from non-secure type to realm and vice versa.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: I1fdc99a4bdd42bc14911aa0c6954b131de309511
This patch enables BL2 to run in root world (EL3) which is
needed as per the security model of RME-enabled systems.
Using the existing BL2_AT_EL3 TF-A build option is not convenient
because that option assumes TF-A BL1 doesn't exist, which is not
the case for RME-enabled systems. For the purposes of RME, we use
a normal BL1 image but we also want to run BL2 in EL3 as normally as
possible, therefore rather than use the special bl2_entrypoint
function in bl2_el3_entrypoint.S, we use a new bl2_entrypoint
function (in bl2_rme_entrypoint.S) which doesn't need reset or
mailbox initialization code seen in the el3_entrypoint_common macro.
The patch also cleans up bl2_el3_entrypoint.S, moving the
bl2_run_next_image function to its own file to avoid duplicating
code.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I99821b4cd550cadcb701f4c0c4dc36da81c7ef55
FEAT_RME adds a new bit (NSE) in the translation table descriptor
to determine the Physical Address Space (PAS) of an EL3 stage 1
translation according to the following mapping:
TTD.NSE TTD.NS | PAS
=================================
0 0 | Secure
0 1 | Non-secure
1 0 | Root
1 1 | Realm
This patch adds modifications to version 2 of the translation table
library accordingly. Bits 4 and 5 in mmap attribute are used to
determine the PAS.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I82790f6900b7a1ab9494c732eac7b9808a388103
FEAT_RME introduces two additional security states,
Root and Realm security states. This patch adds Realm
security state awareness to SMCCC helpers and entry point info
structure.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I9cdefcc1aa71259b2de46e5fb62b28d658fa59bd
This patch adds new register and bit definitions for the Armv9-A
Realm Management Extension (RME) as described in the Arm
document DDI0615 (https://developer.arm.com/documentation/ddi0615/latest).
The patch also adds TLB maintenance functions and a function to
detect the presence of RME feature.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I03d2af7ea41a20a9e8a362a36b8099e3b4d18a11
Cortex-A78 erratum 2132060 is a Cat B erratum that applies to
revisions r0p0, r1p0, r1p1, and r1p2 of CPU. It is still open.
The workaround is to write the value 2'b11 to the PF_MODE bits
in the CPUECTLR_EL1 register which will place the data prefetcher
in the most conservative mode instead of disabling it.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401784/latest
Signed-off-by: nayanpatel-arm <nayankumar.patel@arm.com>
Change-Id: If7dec72578633d37d110d103099e406c3a970ff7
Neoverse-V1 erratum 2108267 is a Cat B erratum that applies to
revisions r0p0, r1p0, and r1p1 of CPU. It is still open. The
workaround is to write the value 2'b11 to the PF_MODE bits in
the CPUECTLR_EL1 register which will place the data prefetcher
in the most conservative mode instead of disabling it.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401781/latest
Signed-off-by: nayanpatel-arm <nayankumar.patel@arm.com>
Change-Id: Iedcb84a7ad34af7083116818f49d7296f7d9bf94
Neoverse-N2 erratum 2138953 is a Cat B erratum that applies to
revision r0p0 of CPU. It is still open. The workaround
is to write the value 4'b1001 to the PF_MODE bits in the
IMP_CPUECTLR2_EL1 register which will place the data prefetcher
in the most conservative mode instead of disabling it.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1982442/latest
Signed-off-by: nayanpatel-arm <nayankumar.patel@arm.com>
Change-Id: Ife0a4bece7ccf83cc99c1d5f5b5a43084bb69d64
Cortex-A710 erratum 2058056 is a Cat B erratum that applies to
revisions r0p0, r1p0, and r2p0. It is still open. The workaround
is to write the value 4'b1001 to the PF_MODE bits in the
IMP_CPUECTLR2_EL1 register which will place the data prefetcher
in the most conservative mode instead of disabling it.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101/latest
Signed-off-by: nayanpatel-arm <nayankumar.patel@arm.com>
Change-Id: I7ce5181b3b469fbbb16501e633116e119b8bf4f1
Add support for Arm Ethos-N NPU multi-device.
The device tree parsing currently only supports one NPU device with
multiple cores. To be able to support multi-device NPU configurations
this patch adds support for having multiple NPU devices in the device
tree.
To be able to support multiple NPU devices in the SMC API, it has been
changed in an incompatible way so the API version has been bumped.
Signed-off-by: Laurent Carlier <laurent.carlier@arm.com>
Change-Id: Ide279ce949bd06e8939268b9601c267e45f3edc3
This macro enables users to go through dts nodes that have a particular
compatible string in its node attribute.
Signed-off-by: Laurent Carlier <laurent.carlier@arm.com>
Change-Id: Id80cbe6f6057076e0d53905cdc0f9a44e79960f8
This patch adds the basic CPU library code to support the Hayes CPU
in TF-A. This CPU is based on the Klein core so that library code
has been adapted for use here.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: If0e0070cfa77fee8f6eebfee13d3c4f209ad84fc
Adding load, authentication, and transfer functionality from FVP R BL1 to
BL33, which will be the partner runtime code.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I293cad09739dacac0d20dd57c1d98178dbe84d40
For v8-R64, especially R82, creating code to run BL1 at EL2, using MPU.
Signed-off-by: Gary Morrison <gary.morrison@arm.com>
Change-Id: I439ac3915b982ad1e61d24365bdd1584b3070425
Creating a platform port for FVP_R based on the FVP platform.
Differences including only-BL1, aarch64, Secure only, and EL2 being the
ELmax (No EL3).
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I1283e033fbd4e03c397d0a2c10c4139548b4eee4
FEAT_HCX adds the extended hypervisor configuration register (HCRX_EL2)
and access to this register must be explicitly enabled through the
SCR_EL3.HXEn bit. This patch adds a new build flag ENABLE_FEAT_HCX to
allow the register to be accessed from EL2.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ibb36ad90622f1dc857adab4b0d4d7a89456a522b
* changes:
feat(docs/nxp/layerscape): add ls1028a soc and board support
feat(plat/nxp/ls1028ardb): add ls1028ardb board support
feat(plat/nxp/ls1028a): add ls1028a soc support
feat(plat/nxp/common): define default SD buffer
feat(driver/nxp/xspi): add MT35XU02G flash info
feat(plat/nxp/common): add SecMon register definition for ch_3_2
feat(driver/nxp/dcfg): define RSTCR_RESET_REQ
feat(plat/nxp/common/psci): define CPUECTLR_TIMER_2TICKS
feat(plat/nxp/common): define default PSCI features if not defined
feat(plat/nxp/common): define common macro for ARM registers
feat(plat/nxp/common): add CCI and EPU address definition
Cortex-A710 erratum 2083908 is a Cat B erratum that applies to
revision r2p0 and is still open. The workaround is to set
CPUACTLR5_EL1[13] to 1.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101/latest
Signed-off-by: nayanpatel-arm <nayankumar.patel@arm.com>
Change-Id: I876d26a7ac6ab0d7c567a9ec9f34fc0f952589d8
Change the fdt_get_rcc_node function to static, as it is used only in
stm32mp_clkfunc.c file; it is only a cleanup change without functional
modification.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Change-Id: Ib4ef110f6f1b16dbaa727a065e40275d3cf58a73
The file is first generated with the peripheral spirit XML file.
And then we add some common definition, to ease driver development.
Change-Id: I4c222cf006caf27cda6da044eaf184ce66bb1442
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
* changes:
feat(plat/fvp): enable trace extension features by default
feat(trf): enable trace filter control register access from lower NS EL
feat(trf): initialize trap settings of trace filter control registers access
feat(sys_reg_trace): enable trace system registers access from lower NS ELs
feat(sys_reg_trace): initialize trap settings of trace system registers access
feat(trbe): enable access to trace buffer control registers from lower NS EL
feat(trbe): initialize trap settings of trace buffer control registers access
Defining SMC IDs for FF-A v1.1 notifications functionality, and adding
them to SPMD SMC handler, to ensure calls are forwarded to the SPMC.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Icc88aded0fd33507f7795e996bd4ff1c2fe679c8
Define RSTCR_RESET_REQ for Chassis V3.
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I5cb7019baae5fe0d06b3d5e65f185f87ee16ad3a
Add a new function that allows to enable or disabled filters on
configured regions dynamically. This will avoid the need to
reconfigure the entire attribute and just manage to
enable/disable filters.
Change-Id: If0937ca755bec6c45d3649718147108459682fff
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Add bindings that will be used to define DDR regions
and their access rights.
Change-Id: I745a7e580ef2b9e251d53db12c5a0a86dfe34463
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
This new function optee_header_is_valid() allows platform to know
whether OP-TEE OS is loaded from multi-image (using OP-TEE header
image as BL32_IMAGE_ID) or from a single OP-TEE binary image.
The function tee_validate_header() is reworked to return a boolean,
and is now silent.
Change-Id: Idc7dde091f2ada8898f40d02e68c3834ca39d8e8
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Neoverse N2 erratum 2189731 is a Cat B erratum that applies to
revision r0p0 and is still open. The workaround is to set
CPUACTLR5_EL1[44] to 1 which will cause the CPP instruction to
invalidate the hardware prefetcher state trained from any EL.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1982442/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Iddc6a59adf9fa3cab560c46f2133e1f5a8b3ad03
Cortex-A710 erratum 2017096 is a Cat B erratum that applies to
revisions r0p0, r1p0 & r2p0 and is still open. The workaround is to
set CPUECLTR_EL1[8] to 1 which disables store issue prefetching.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: If5f61ec30dbc2fab7f2c68663996057086e374e3
Cortex-A710 erratum 2055002 is a Cat B erratum that applies to
revisions r1p0 & r2p0 and is still open. The workaround is to
set CPUACTLR_EL1[46] to force L2 tag ECC inline correction mode.
This workaround works on revision r1p0 & r2p0.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I67be1dce53c4651167d8cee33c116e73b9dafe81
Andre Przywara
Olivier Deprez
Madhukar Pappireddy
Manish Pandey
Patrick Delaunay
johpow01
Chris Kay
Sandrine Bailleux
Zelalem Aweke
Joanna Farley
Jorge Troncoso
Mark Dykes
Nicola Mazzucato
Manish V Badarkhe
Jiafei Pan
Soby Mathew
Pankaj Gupta
Yann Gautier
nayanpatel-arm
Laurent Carlier
Bipin Ravi
laurenw-arm
Gary Morrison
J-Alves
Lionel Debieve
Etienne Carriere