Due to their interrelationship in the architecture the SVE and SME
features in TF-A are mutually exclusive. This means that a single binary
can't be shared between systems with and without SME if the system
without SME does support SVE, SVE will not be initialised so lower ELs
will run into trouble trying to use it. This unusual behaviour for TF-A
which normally gracefully handles situations where features are enabled
but not supported on the current hardware.
Address this by calling the SVE enable and disable functions if SME is
not supported rather than immediately exiting, these perform their own
feature checks so if neither SVE nor SME is supported behaviour is
unchanged.
Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I2c606202fa6c040069f44e29d36b5abb48391874
This patch documents the RMM-EL3 Boot and runtime interfaces.
Note that for the runtime interfaces, some services are not
documented in this patch and will be added on a later doc patch.
These services are:
* RMMD_GTSI_DELEGATE
* RMMD_GTSI_UNDELEGATE
* RMMD_RMI_REQ_COMPLETE
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I8fcc89d91fe5a334c2f68c6bfd1fd672a8738b5c
This patch also adds an initial RMM Boot Manifest (v0.1) for fvp
platform.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I1374f8f9cb207028f1820953cd2a5cf6d6c3b948
Use the RMM shared buffer to attestation token and signing key SMCs.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I313838b26d3d9334fb0fe8cd4b229a326440d2f4
This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, among others, to pass a boot manifest to RMM. The buffer is
composed a single memory page be used by a later EL3 <-> RMM interface
by all CPUs.
The RMM boot manifest is not implemented by this patch.
In addition to that, this patch also enables support for RMM when
RESET_TO_BL31 is enabled.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I855cd4758ee3843eadd9fb482d70a6d18954d82a
According to Arm CCA security model [1],
"Root world firmware, including Monitor, is the most trusted CCA
component on application PE. It enforces CCA security guarantees for
not just Realm world, but also for Secure world and for itself.
It is expected to be small enough to feasibly fit in on-chip memory,
and typically needs to be available early in the boot process when
only on-chip memory is available."
For these reasons, it is expected that "monitor code executes entirely
from on-chip memory."
This precludes usage of ARM_BL31_IN_DRAM for RME-enlightened firmware.
[1] Arm DEN0096 A.a, section 7.3 "Use of external memory by CCA".
Change-Id: I752eb45f1e6ffddc7a6f53aadcc92a3e71c1759f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Validate that non-secure caller does not spoof
SPMD, SPMC or any secure endpoint ID
in FFA_MSG_SEND_DIRECT_REQ.
Change-Id: I7eadb8886142d94bef107cf485462dfcda828895
Signed-off-by: Shruti <shruti.gupta@arm.com>
On STM32MP15, there is currently an OP-TEE shared memory area at the end
of the DDR. But this area will in term be removed. To allow a smooth
transition, a new flag is added (STM32MP15_OPTEE_RSV_SHM). It reflects
the OP-TEE flag: CFG_CORE_RESERVED_SHM. The flag is enabled by default
(no behavior change). It will be set to 0 when OP-TEE is aligned, and
then later be removed.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I91146cd8a26a24be22143c212362294c1e880264
Add dependency between rules to generate SP packages and their dtb files
to ensure the dtb files are built before the sptool attempts to generate
the SP package.
Change-Id: I071806f4aa09f39132e3e1990c91d71dc9acd728
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
* changes:
feat(synquacer): add FWU Multi Bank Update support
feat(synquacer): add TBBR support
feat(synquacer): add BL2 support
refactor(synquacer): move common source files
Add FWU Multi Bank Update support. This reads the platform metadata
and update the FIP base address so that BL2 can load correct BL3X
based on the boot index.
Cc: Sumit Garg <sumit.garg@linaro.org>
Cc: Masahisa Kojima <masahisa.kojima@linaro.org>
Cc: Manish V Badarkhe <manish.badarkhe@arm.com>
Cc: Leonardo Sandoval <leonardo.sandoval@linaro.org>
Change-Id: I5d96972bc4b3b9a12a8157117e53a05da5ce89f6
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
Prepare for introduction of BL2 support by moving
reusable files from BL31_SOURCES into PLAT_BL_COMMON_SOURCES
Cc: Sumit Garg <sumit.garg@linaro.org>
Cc: Masahisa Kojima <masahisa.kojima@linaro.org>
Cc: Manish V Badarkhe <manish.badarkhe@arm.com>
Cc: Leonardo Sandoval <leonardo.sandoval@linaro.org>
Change-Id: I21137cdd40d027cfa77f1dec3598ee85d4873581
Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
Introduce a functionality for saving/restoring boot auth status
and partition used for booting (FSBL partition on which the boot
was successful).
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Change-Id: I4d7f153b70dfc49dad8c1c3fa71111a350caf1ee
Define the MBEDTLS_CHECK_RETURN_WARNING macro in mbedTLS configuration
file to get compile-time warnings for mbedTLS functions we call and do
not check the return value of. Right now, this does not flag anything
but it could help catching bugs in the future.
This was a new feature introduced in mbed TLS 2.28.0 release.
Change-Id: If26f3c83b6ccc8bc60e75c3e582ab20817d047aa
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
No need to keep all PU domains on as the full power domain driver
support has been added.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: Iec22dcabbbfe3f38b915104a437d396d7b1bb2d8
Add PLL power down override & bypass support when
system enter DSM mode.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I50cd6b82151961ab849f58714a8c307d3f7f4166
* changes:
feat(arm): retrieve the right ROTPK for cca
feat(arm): add support for cca CoT
feat(arm): provide some swd rotpk files
build(tbbr): drive cert_create changes for cca CoT
refactor(arm): add cca CoT certificates to fconf
feat(fiptool): add cca, core_swd, plat cert in FIP
feat(cert_create): define the cca chain of trust
feat(cca): introduce new "cca" chain of trust
build(changelog): add new scope for CCA
refactor(fvp): increase bl2 size when bl31 in DRAM
STM32MP13 can encrypt the DDR. OP-TEE is then fully in DDR, and there
is no need for paged image on STM32MP13. The management of the paged
OP-TEE is made conditional, and will be kept only for STM32MP15.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I85ac7aaf6a172c4ee529736113ed40fe66835fd7
For OP-TEE without pager, the paged image may not be present in OP-TEE
header. We could then pass NULL for paged_image_info to the function
parse_optee_header(). It avoids creating a useless struct for that
non existing image. But we should then avoid assigning header_ep args
that depend on paged_image_info.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I4fdb45a91ac1ba6f912d6130813f5215c7e28c8b
Add braces to correct MISRA C2012 15.6 warning:
The body of an iteration-statement or a selection-statement shall be a
compound-statement.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: If26f3732d31df11bf389a16298ec9e9d8a4a2279
The function clk_oscillator_wait_ready() was wrongly checking the set
bit and not the ready bit. Correct that by using osc_data->gate_rdy_id
when calling _clk_stm32_gate_wait_ready().
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Ida58f14d7f0f326b580ae24b98d6b9f592d2d711
Increase the size of bl31 image by 52K to accomodate increased size of
xlat table.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: Ic3a8d8be1104adf48d22aa829e2197f710b6b666
Add support to read the list of isolated CPUs from SDS and publish this
list via the non-trusted firmware configuration file for the next stages
of boot software to use.
Isolated CPUs are those that are not to be used on the platform for
various reasons. The isolated CPU list is an array of MPID values of the
CPUs that have to be isolated.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I4313cf025f4c9e9feffebca2d35b259f5bafce69
