Clear the MHU message buffer to remove assets from memory.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I730e7b044eaf0bf517532a12146e4f542949544e
Platform must define the maximum size of the message
over MHU.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I91a6c132c946f4465178910b8ea83544f562e837
Adding PLAT_* prefix to indicate that the
platform needs to provide this definition.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I0bd02be405fd8b1e625bd2b82647ebb2b58265fc
Remove an assert, which checks whether output buffer is
provided, because in measured boot there is no output.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I08db9c2eea1da2d7120c9872ffbf8d8ee45c8e08
Provide a new makefile as a convenience for platform makefiles to pull
in the list of source files and headers for the RSS communication
driver.
Change-Id: I188a1a8f4e77318cdc87c3155b280090c46ce813
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The current comms protocol (where arguments and return data is embedded
into the MHU message) is now protocol v0. Protocol v1 embeds pointers
into the message, and has the RSS retrieve the data via DMA.
Change-Id: I08d7f09c4eaea673769fde9eee194447a99f1b78
Signed-off-by: Raef Coles <raef.coles@arm.com>
- Removing platform dependencies from libc modules.
- Replacing panicking with actual error handling.
- Debug macros are included indirectly from assert.h. Removing
"platform_def.h" from assert.h and adding "common/debug.h"
where the macros are used.
- Removing hack for fixing PLAT_LOG_LEVEL_ASSERT to 40.
Instead removing assert with expression, as this
does not provide additional information.
Signed-off-by: Claus Pedersen <claustbp@google.com>
Change-Id: Icc201ea7b63c1277e423c1cfd13fd6816c2bc568
To initiate a reset or reboot, the nonsecure OS invokes the PSCI
SYSTEM_RESET function from any one core. As per the PSCI specification,
it is the responsibility of firmware to implement the system view of
the reset or reboot operation. For the platforms supported by CSS,
trigger the reset/reboot operation by sending an SGI to rest all CPUs
which are online. The CPUs respond to this interrupt by initiating its
powerdown sequence.
In addition to these changes, fix coding style issues that are not
directly related to the code being introduced in this patch.
Change-Id: I547253ee28ef7eefa78180d016893671a406bbfa
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
Before issuing the system power down command, set the trusted mailbox
to 0. This will ensure that in the case of a warm/cold reset, the
primary CPU executes from the cold boot sequence, clearing any stale
jump address at this location.
Change-Id: I491ef5baf7a6728acd7e90e4558939ba77b8f9bf
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
This patch adds two helper functions:
- plat_ic_raise_ns_sgi to raise a NS SGI
- plat_ic_raise_s_el1_sgi to raise a S-EL1 SGI
Signed-off-by: Florian Lugou <florian.lugou@provenrun.com>
Change-Id: I6f262dd1da1d77fec3f850eb74189e726b8e24da
This patch introduces support to validate the GIC-700 multichip data
structure passed by the platform.
GIC-700 provides support for SPI ID 4096 to 5119. Platforms using the
GIC-700 in a multichip configuration can enable these SPI IDs. The
driver needs to validate the data before using it and this patch
implements the support.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I6f85ec21ef7a59f397fcf6271f8c13c24fe47697
If the interrupt being targeted is released from the CPU before the
CLEAR command is sent to the CPU then a subsequent SET command may not
be delivered in a finite time. To workaround this, issue an unblocking
event by toggling GICR_CTLR.DPG* bits after clearing the cpu group
enable (EnableGrp* bits of GIC CPU interface register)
This fix is implemented as per the errata 2384374-part 2 workaround
mentioned here:
https://developer.arm.com/documentation/sden892601/latest/
Change-Id: I13926ceeb7740fa4c05cc5b43170e7ce49598f70
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Created a function to abort all pending NS DMA transactions to
engage complete DMA protection. This call will be used by the
subsequent DRTM implementation changes.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Change-Id: I94992b54c570327d6746295073822a9c0ebdc85d
This commit adds a driver to conduct the AP's communication
with the Runtime Security Subsystem (RSS).
RSS is Arm's reference implementation for the CCA HES [1].
It can be considered as a secure enclave to which, for example,
certain services can be offloaded such as initial attestation.
RSS comms driver:
- Relies on MHU v2.x communication IP, using a generic MHU API,
- Exposes the psa_call(..) API to the upper layers.
[1] https://developer.arm.com/documentation/DEN0096/latest
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Change-Id: Ib174ac7d1858834006bbaf8aad0eb31e3a3ad107
The Arm Message Handling Unit (MHU) is a mailbox controller used to
communicate with other processing element(s). Adding a driver to
enable the communication:
- Adding generic MHU driver interface,
- Adding MHU_v2_x driver.
Driver supports:
- Discovering available MHU channels,
- Sending / receiving words over MHU channels,
- Signaling happens over a dedicated channel.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Change-Id: I41a5b968f6b8319cdbdf7907d70bd8837839862e
This change performs a basic configuration of the SMMU root registers
interface on an RME enabled system. This permits enabling GPC checks
for transactions originated from a non-secure or secure device upstream
to an SMMU. It re-uses the boot time GPT base address and configuration
programmed on the PE.
The root register file offset is platform dependent and has to be
supplied on a model command line.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I4f889be6b7afc2afb4d1d147c5c1c3ea68f32e07
The following SMIDs are disabled by default.
* GICD: MBIST REQ error and GICD FMU ClkGate override
* PPI: MBIST REQ error and PPI FMU ClkGate override
* ITS: MBIST REQ error and ITS FMU ClkGate override
This patch explicitly enables them during the FMU init sequence.
Change-Id: I573e64786e3318d4cbcd07d0a1caf25f8e6e9200
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch updates the gic600_fmu_init function to disable all safety
mechanisms for a block ID that is not present on the platform. All
safety mechanisms for GIC-600AE are enabled by default and should be
disabled for blocks that are not present on the platform to avoid
false positive RAS errors.
Change-Id: I52dc3bee9a8b49fd2e51d7ed851fdc803a48e6e3
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The GIC-600AE uses a range of RAS features for all RAMs, which include
SECDED, ECC, and Scrub, software and bus error reporting. The GIC makes
all necessary information available to software through Armv8.2 RAS
architecture compliant register space.
This patch introduces support to probe the FMU_ERRGSR register to find
the right error record. Once the correct record is identified, the
"handler" function queries the FMU_ERR<m>STATUS register to further
identify the block ID, safety mechanism and the architecturally defined
primary error code. The description of the error is displayed on the
console to simplify debug.
Change-Id: I7e543664b74457afee2da250549f4c3d9beb1a03
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
As filter is unsigned, we have to use %u and not %d.
This avoids warning when -Wformat-signedness is enabled.
Change-Id: I9fc9f15774dc974edfa3db65f5aecd1e70bc146b
Signed-off-by: Yann Gautier <yann.gautier@st.com>
When tf-a is built with the llvm toolchain, the compiler optimizes the
variable in some way which results in SCMI_MSG_GET_TOKEN assert failure
in multiple places. This patch makes the msg_header variable in
mailbox_mem struct volatile, which seems to fix the issue.
Signed-off-by: sahil <sahil@arm.com>
Change-Id: I1d28b30a6472fc23ed85adff9cf73dfb536e39cc
As mpidr is unsigned long long, U should be ULL. We use macro to
fix this issue.
Signed-off-by: Ming Huang <huangming@linux.alibaba.com>
Change-Id: I7dfd51a63f27f471794bcbf72ffff0c1a0598b46
The previous codes were using the cntpct_el0 to check the time
elapsed. But this physical timer does not seem to count for
the expected time resulting in gic fmu communication failures
on Tegra platforms.
This patch uses the delay_timer instead to use a platform
defined timer for calculating timeouts.
Change-Id: Ic8646ad1662c9928ac64c4152deb27e8c86fe344
Signed-off-by: Anthony Zhou <anzhou@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The GIC specification describes ID registers in each GIC register frame
(PIDRx), which can be used to identify a GIC component. The Arm Ltd. GIC
implementations use certain ID values to identify the distributor, the
redistributors and other parts like ITSes.
Introduce a function that reads those part number IDs, which are spread
over two registers. The actual numbers are only meaningful in connection
with a certain GIC model, which would need to be checked beforehand, by
the caller.
Change-Id: Ia6ff326a1e8b12664e4637bc8e2683d2b5c7721c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
there are features which are marked as experimental even though they
are stable and used for quite some time.
Following features are no longer marked as experimental
- SPMD
- MEASURED_BOOT
- FCONF and associated build flags
- DECRYPTION_SUPPORT and associated build flags
- ENABLE_PAUTH
- ENABLE_BTI
- USE_SPINLOCK_CAS
- GICv3 Multichip support
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I4bb653d9c413c66095ec31f0b8aefeb13ea04ee9
Currently the SCMI driver reports:
INFO: Initializing driver on Channel 0
on the console, which is not very specific (which driver?).
Add "SCMI" to the message so the user knows what the firmware is trying
to initialise.
Change-Id: Id8202655d07b8e12fe07670d462c6202e6eae2f0
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Add support for Arm Ethos-N NPU multi-device.
The device tree parsing currently only supports one NPU device with
multiple cores. To be able to support multi-device NPU configurations
this patch adds support for having multiple NPU devices in the device
tree.
To be able to support multiple NPU devices in the SMC API, it has been
changed in an incompatible way so the API version has been bumped.
Signed-off-by: Laurent Carlier <laurent.carlier@arm.com>
Change-Id: Ide279ce949bd06e8939268b9601c267e45f3edc3
Disabling filter 0 causes inability to access DRAM.
An attempt leads to an abort.
ARM manual disallows to disable filter 0, but if we do
that from SRAM, nothing bad happens.
This patch prevents disabling of a filter 0, allowing to
reconfigure other filters from DRAM.
Note: this patch doesn't change the logic after reset.
It is only needed in case someone wants to reconfigure the
previously configured TZASC.
Change-Id: I196a0cb110a89afbde97f64a94df3101f28708a4
Signed-off-by: stsp@users.sourceforge.net
Add a new function that allows to enable or disabled filters on
configured regions dynamically. This will avoid the need to
reconfigure the entire attribute and just manage to
enable/disable filters.
Change-Id: If0937ca755bec6c45d3649718147108459682fff
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
The FMU is part of the GIC Distributor (GICD) component. It implements
the following functionality in GIC-600AE:
* Provides software the means to enable or disable a Safety Mechanism
within a GIC block.
* Receives error signaling from all Safety Mechanisms within other GIC
blocks.
* Maintains error records for each GIC block, for software inspection
and provides information on the source of the error.
* Retains error records across functional reset.
* Enables software error recovery testing by providing error injection
capabilities in a Safety Mechanism.
This patch introduces support to enable error detection for all safety
mechanisms provided by the FMU. Platforms are expected to invoke the
initialization function during cold boot.
The support for the FMU is guarded by the GICV3_SUPPORT_GIC600AE_FMU
makefile variable. The default value of this variable is '0'.
Change-Id: I421c3d059624ddefd174cb1140a2d2a2296be0c6
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
At the moment we have a GIC_ENABLE_V4_EXTN build time variable to
determine whether the GIC interrupt controller is compliant to version
4.0 of the spec or not. This just changes the number of 64K MMIO pages
we expect per redistributor.
To support firmware builds which run on variable systems (emulators,
fast model or FPGAs), let's make this decision at runtime.
The GIC specification provides several architected flags to learn the
size of the MMIO frame per redistributor, we use GICR_TYPER[VLPI] here.
Provide a (static inline) function to return the size of each
redistributor.
We keep the GIC_ENABLE_V4_EXTN build time variable around, but change
its meaning to enable this autodetection code. Systems not defining this
rely on a "pure" GICv3 (as before), but platforms setting it to "1" can
now deal with both configurations.
Change-Id: I9ede4acf058846157a0a9e2ef6103bf07c7655d9
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment we have a GIC_ENABLE_V4_EXTN build time variable to
determine whether the GIC interrupt controller is compliant to version
4.0 of the GIC spec or not.
In case of the GIC-600 multichip support we were somewhat abusing that
flag to differentiate between a GIC-700 and GIC-600 implementation
being used in the system.
To avoid a build time dependency on this flag, look at the GICD_IIDR
register and check if the hardware is a GIC-600 or not, to make this
decision at runtime. We then use the values for either GIC-700 or the
GIC-600, respectively.
Change-Id: I8c09ec1cd6fd60d28da879ed55ffef5506f9869d
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
For the GIC power management we need to identify certain GIC
implementations, so we have the IIDR values for some Arm Ltd. GIC models
defined.
We will need those number elsewhere very soon, so export them to a
shared header file, to avoid defining them again.
Change-Id: I1b8e2d93d6cea0d066866143c89eef736231134f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The GIC IP formerly known as "GIC Clayton" has been released under the
name of "GIC-700".
Rename occurences of Clayton in comments and macro names to reflect the
official name.
Change-Id: Ie8c55f7da7753127d58c8382b0033c1b486f7909
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
A RAS error may be triggered while offline core in OS. Error:
Uncorrected software error in the Distributor, with IERR=9,SERR=f.
Core put to sleep before its Group enables were cleared.
gicv3_cpuif_disable() will be called in offline core flow.
According to GIC architecture version 3 and version 4:
Architectural execution of a DSB instruction guarantees that
the last value written to ICC_IGRPEN0_EL1, ICC_IGRPEN1_EL1,
ICC_IGRPEN1_EL3 or GICC_CTLR.{EnableGrp0, EnableGrp1}is observed
by the associated Redistributor.
An ISB or other context synchronization operation must precede
the DSB to ensure visibility of System register writes.
Signed-off-by: Ming Huang <huangming@linux.alibaba.com>
Change-Id: Iff1475657f401374c761b5e8f2f5b3a4b2040e9d
Use helper functions to get SPI and ESPI INTID limit, to remove
several pieces of similar code in gicv3 driver.
Signed-off-by: Heyi Guo <guoheyi@linux.alibaba.com>
Change-Id: Iaf441fe5e333c4260e7f6d98df6fdd931591976d
Add helper function gicv3_get_espi_limit() to get the value of
(maximum extended SPI INTID + 1), so that some duplicated code can be
removed later.
Signed-off-by: Heyi Guo <guoheyi@linux.alibaba.com>
Change-Id: I0355ca2647f872e8189add259f6c47d415494cce
Add newline(\n) to make the message clearer when the warnings are
really triggered.
Signed-off-by: Heyi Guo <guoheyi@linux.alibaba.com>
Change-Id: I5e2574a52c9065db32ecb4d453b9b02445f69a82
Add helper function gicv3_get_spi_limit() to get the value of (maximum
SPI INTID + 1), so that some duplicated code can be removed later.
Signed-off-by: Heyi Guo <guoheyi@linux.alibaba.com>
Change-Id: I160c8a88fbb71d22790b8999a84afbfba766f5e7
By default the Arm Ethos-N NPU will boot up in secure mode. In this mode
the non-secure world cannot access the registers needed to use the NPU.
To still allow the non-secure world to use the NPU, a SiP service has
been added that can delegate non-secure access to the registers needed
to use it.
Only the HW_CONFIG for the Arm Juno platform has been updated to include
the device tree for the NPU and the platform currently only loads the
HW_CONFIG in AArch64 builds.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I65dfd864042ed43faae0a259dcf319cbadb5f3d2
The legacy console is gone. Re-add DCC console support based
on the multi-console framework.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Change-Id: Ia8388721093bc1be3af40974530d7c9a9ae5f43e
A new function tzc400_it_handler() is created to manage TZC400
interrupts. The required helpers to read and clear interrupts are added
as well.
In case DEBUG is enabled, more information about the faulty access
(address, NSAID, type of access) is displayed.
Change-Id: Ie9ab1c199a8f12b2c9472d7120efbdf35711284a
Signed-off-by: Yann Gautier <yann.gautier@st.com>
* changes:
drivers/gicv3: also shift eSPI register offset in GICD_OFFSET_64()
drivers/gicv3: add debug log for maximum INTID of SPI and eSPI
drivers/gicv3: limit SPI ID to avoid misjudgement in GICD_OFFSET()
drivers/gicv3: fix logical issue for num_eints
drivers/gicv3: fix potential GICD context override with ESPI enabled
drivers/gicv3: use mpidr to probe GICR for current CPU
TZC_400_REGION_ATTR_FILTER_BIT_ALL is a simple constant definition, so
it can't get the real filter number to construct the bit flag for all
existing filters. If the platform doesn't have 4 filters, passing
FILTER_BIT_ALL to tzc400_configure_region() will cause assertion or
misconfiguration. So adjust the bit flag against the real filter
number.
Signed-off-by: Heyi Guo <guoheyi@linux.alibaba.com>
Change-Id: Ie5c48303485f3b5015772961ee7c34746121ee84
