* changes:
feat(arm): retrieve the right ROTPK for cca
feat(arm): add support for cca CoT
feat(arm): provide some swd rotpk files
build(tbbr): drive cert_create changes for cca CoT
refactor(arm): add cca CoT certificates to fconf
feat(fiptool): add cca, core_swd, plat cert in FIP
feat(cert_create): define the cca chain of trust
feat(cca): introduce new "cca" chain of trust
build(changelog): add new scope for CCA
refactor(fvp): increase bl2 size when bl31 in DRAM
Add braces to correct MISRA C2012 15.6 warning:
The body of an iteration-statement or a selection-statement shall be a
compound-statement.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: If26f3732d31df11bf389a16298ec9e9d8a4a2279
The function clk_oscillator_wait_ready() was wrongly checking the set
bit and not the ready bit. Correct that by using osc_data->gate_rdy_id
when calling _clk_stm32_gate_wait_ready().
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Ida58f14d7f0f326b580ae24b98d6b9f592d2d711
* changes:
refactor(arm): update BL2 base address
refactor(nxp): use DPG0 mask from Arm GICv3 header
fix(gic600): implement workaround to forward highest priority interrupt
Firmware buffer has already been mapped when loading 1D firmware,
so the same buffer address will be re-mapped when loading 2D
firmware. Move the buffer mapping to be out of load_fw().
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Idb29d504bc482a1e7ca58bc51bec09ffe6068324
According to TCG PC Client Platform Firmware Profile Specification
(Section 10.2.2, TCG_PCR_EVENT2 Structure, and 10.4.5 EV_NO_ACTION Event
Types), all EV_NO_ACTION events shall set TCG_PCR_EVENT2.digests to all
0x00's for each allocated Hash algorithm.
Right now, this is not enforced. Only part of the buffer is zeroed due
to the wrong macro being used for the size of the buffer in the clearing
operation (TPM_ALG_ID instead of TCG_DIGEST_SIZE). This could confuse
a TPM event log parser.
Also, add an assertion to ensure that the Event Log size is large enough
before writing the Event Log header.
Change-Id: I6d4bc3fb28fd10c227e33c8c7bb4a40b08c3fd5e
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algorithms, so now there can be more than one hash algorithm in a build.
Therefore the logic for selecting the measured boot hash algorithm needs
to be updated and the coordination of algorithm selection added. This is
done by:
- Adding MBOOT_EL_HASH_ALG for Event Log to define the hash algorithm
to replace TPM_HASH_ALG, removing reference to TPM.
- Adding MBOOT_RSS_HASH_ALG for RSS to define the hash algorithm to
replace TPM_HASH_ALG.
- Coordinating MBOOT_EL_HASH_ALG and MBOOT_RSS_HASH_ALG to define the
Measured Boot configuration macros through defining
TF_MBEDTLS_MBOOT_USE_SHA512 to pull in SHA-512 support if either
backend requires a stronger algorithm than SHA-256.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I4ddf06ebdc3835beb4d1b6c7bab5a257ffc5c71a
If the interrupt being targeted is released from the CPU before the
CLEAR command is sent to the CPU then a subsequent SET command may not
be delivered in a finite time. To workaround this, issue an unblocking
event by toggling GICR_CTLR.DPG* bits after clearing the cpu group
enable (EnableGrp* bits of GIC CPU interface register)
This fix is implemented as per the errata 2384374-part 2 workaround
mentioned here:
https://developer.arm.com/documentation/sden892601/latest/
Change-Id: I13926ceeb7740fa4c05cc5b43170e7ce49598f70
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This chain of trust is targeted at Arm CCA solutions and defines 3
independent signing domains:
1) CCA signing domain. The Arm CCA Security Model (Arm DEN-0096.A.a) [1]
refers to the CCA signing domain as the provider of CCA components
running on the CCA platform. The CCA signing domain might be independent
from other signing domains providing other firmware blobs.
The CCA platform is a collective term used to identify all hardware and
firmware components involved in delivering the CCA security guarantee.
Hence, all hardware and firmware components on a CCA enabled system that
a Realm is required to trust.
In the context of TF-A, this corresponds to BL1, BL2, BL31, RMM and
associated configuration files.
The CCA signing domain is rooted in the Silicon ROTPK, just as in the
TBBR CoT.
2) Non-CCA Secure World signing domain. This includes SPMC (and
associated configuration file) as the expected BL32 image as well as
SiP-owned secure partitions. It is rooted in a new SiP-owned key called
Secure World ROTPK, or SWD_ROTPK for short.
3) Platform owner signing domain. This includes BL33 (and associated
configuration file) and the platform owner's secure partitions. It is
rooted in the Platform ROTPK, or PROTPK.
[1] https://developer.arm.com/documentation/DEN0096/A_a
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I6ffef3f53d710e6a2072fb4374401249122a2805
Replay-protected memory block access is enabled by writing 0x3
to PARTITION_ACCESS (bit[2:0]). Instead the driver is using the
first boot partition, which does not provide any playback protection.
Additionally, it unconditionally activates the first boot partition,
potentially breaking boot for SoCs that consult boot partitions,
require boot ack or downgrading to an old bootloader if the first
partition happens to be the inactive one.
Also, neither enabling or disabling the RPMB observes the
PARTITION_SWITCH_TIME. As there are no in-tree users for these
functions, drop them for now until a properly functional implementation
is added. That one will likely share most code with the existing boot
partition switch, which doesn't suffer from the described issues.
Change-Id: Ia4a3f738f60a0dbcc33782f868cfbb1e1c5b664a
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
* changes:
feat(stm32mp1): extend STM32MP_EMMC_BOOT support to FIP format
refactor(mmc): replace magic value with new PART_CFG_BOOT_PARTITION_NO_ACCESS
refactor(mmc): export user/boot partition switch functions
Disabling access to the boot partition reverts the MMC to read from the
user area. Add a macro to make this clearer.
Suggested-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Change-Id: I34a5a987980bb4690d08d255f465b11a4697ed5a
At the moment, mmc_boot_part_read_blocks() takes care to switch
to the boot partition before transfer and back afterwards.
This can introduce large overhead when reading small chunks.
Give consumers of the API more control by exporting
mmc_part_switch_current_boot() and mmc_part_switch_user().
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Change-Id: Ib641f188071bb8e0196f4af495ec9ad4a292284f
Created a function to abort all pending NS DMA transactions to
engage complete DMA protection. This call will be used by the
subsequent DRTM implementation changes.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Change-Id: I94992b54c570327d6746295073822a9c0ebdc85d
This change makes use of 32-bit crc for calculating gpt header crc
and compares it with the given value.
Signed-off-by: Rohit Ner <rohitner@google.com>
Change-Id: I49bca7aab2c3884881c4b7d90d31786a895290e6
Corrects the function reporting the SCMI protocols supported by the
platform to not assume 8 protocol IDs at most can be returned. Indeed
the number of protocol IDs returned depends on the SCMI output buffer
size.
Change-Id: Idafbe02d2b25b3bcacaf25977c560c0ac5bb8d62
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Corrects the size of the SCMI response payload when querying the list
of the supported protocol. This response payload size depends on the
number of protocols enumerated by the response.
Change-Id: Ib01eb5cec6c6656dfd7d88ccdd5a720c1deee7a3
Reported-by: Nicolas Frattaroli <frattaroli.nicolas@gmail.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Runtime Security Subsystem (RSS) provides for the host:
- Runtime service to store measurments, which were
computed by the host during measured boot.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ia9e4e8a1fe8f01a28da1fd8c434b780f2a08f94e
This commit adds a driver to conduct the AP's communication
with the Runtime Security Subsystem (RSS).
RSS is Arm's reference implementation for the CCA HES [1].
It can be considered as a secure enclave to which, for example,
certain services can be offloaded such as initial attestation.
RSS comms driver:
- Relies on MHU v2.x communication IP, using a generic MHU API,
- Exposes the psa_call(..) API to the upper layers.
[1] https://developer.arm.com/documentation/DEN0096/latest
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Change-Id: Ib174ac7d1858834006bbaf8aad0eb31e3a3ad107
The Arm Message Handling Unit (MHU) is a mailbox controller used to
communicate with other processing element(s). Adding a driver to
enable the communication:
- Adding generic MHU driver interface,
- Adding MHU_v2_x driver.
Driver supports:
- Discovering available MHU channels,
- Sending / receiving words over MHU channels,
- Signaling happens over a dedicated channel.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Change-Id: I41a5b968f6b8319cdbdf7907d70bd8837839862e
Waiting for SR_BUSY bit when receiving a new command is not needed.
SR_BUSY bit is already managed in the previous command treatment.
Change-Id: I736e8488d354cb165ae765022d864cca1dbdc9ee
Signed-off-by: Christophe Kerello <christophe.kerello@foss.st.com>
Currently, SR_TCF flag is checked in case there is data, this criteria
is not correct.
SR_TCF flags is set when programmed number of bytes have been
transferred to the memory device ("bytes" comprised command and data
send to the SPI device).
So even if there is no data, we must check SR_TCF flag.
Change-Id: I99c4145e639c1b842feb3690dd78329179c18132
Signed-off-by: Christophe Kerello <christophe.kerello@foss.st.com>
This change performs a basic configuration of the SMMU root registers
interface on an RME enabled system. This permits enabling GPC checks
for transactions originated from a non-secure or secure device upstream
to an SMMU. It re-uses the boot time GPT base address and configuration
programmed on the PE.
The root register file offset is platform dependent and has to be
supplied on a model command line.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I4f889be6b7afc2afb4d1d147c5c1c3ea68f32e07
according to the spec, the response to read attr comes in the
ts.attr.value field and not in the data segment.
Signed-off-by: anans <anans@google.com>
Change-Id: Iaf21883bb7e364fd7c7e4bccb33359367a0cf99d
ufs controller needs to be disabled if already enabled, without
this we noticed a crash at linkstartup during reinit
Signed-off-by: anans <anans@google.com>
Change-Id: I523c5d57c1d34f6404a6368ee3f364fbffd2e542
Upgrade to the latest and greatest 2.x release of Mbed TLS library
(i.e. v2.28.0) to take advantage of their bug fixes.
Note that the Mbed TLS project published version 3.x some time
ago. However, as this is a major release with API breakages, upgrading
to 3.x might require some more involved changes in TF-A, which we are
not ready to do. We shall upgrade to mbed TLS 3.x after the v2.7
release of TF-A.
Actually, the upgrade this time simply boils down to including the new
source code module 'constant_time.c' into the firmware.
To quote mbed TLS v2.28.0 release notes [1]:
The mbedcrypto library includes a new source code module
constant_time.c, containing various functions meant to resist timing
side channel attacks. This module does not have a separate
configuration option, and functions from this module will be
included in the build as required.
As a matter of fact, if one is attempting to link TF-A against mbed
TLS v2.28.0 without the present patch, one gets some linker errors
due to missing symbols from this new module.
Apart from this, none of the items listed in mbed TLS release
notes [1] directly affect TF-A. Special note on the following one:
Fix a bug in mbedtls_gcm_starts() when the bit length of the iv
exceeds 2^32.
In TF-A, we do use mbedtls_gcm_starts() when the firmware decryption
feature is enabled with AES-GCM as the authenticated decryption
algorithm (DECRYPTION_SUPPORT=aes_gcm). However, the iv_len variable
which gets passed to mbedtls_gcm_starts() is an unsigned int, i.e. a
32-bit value which by definition is always less than 2**32. Therefore,
we are immune to this bug.
With this upgrade, the size of BL1 and BL2 binaries does not appear to
change on a standard sample test build (with trusted boot and measured
boot enabled).
[1] https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.0
Change-Id: Icd5dbf527395e9e22c8fd6b77427188bd7237fd6
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
time taken for device init varies based on different devices,
instead of waiting for 200ms - we can poll on fdevice init
until it gets cleared, similar to what linux does
Change-Id: I571649231732fde0cd6d5be89b6f14fe905fcaff
Signed-off-by: anans <anans@google.com>
The result variable is not being used so it's better to delete it.
Signed-off-by: Jorge Troncoso <jatron@google.com>
Change-Id: Icae614076ce1ba7cdc86267473d59a8bec682f6c
The following SMIDs are disabled by default.
* GICD: MBIST REQ error and GICD FMU ClkGate override
* PPI: MBIST REQ error and PPI FMU ClkGate override
* ITS: MBIST REQ error and ITS FMU ClkGate override
This patch explicitly enables them during the FMU init sequence.
Change-Id: I573e64786e3318d4cbcd07d0a1caf25f8e6e9200
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch updates the gic600_fmu_init function to disable all safety
mechanisms for a block ID that is not present on the platform. All
safety mechanisms for GIC-600AE are enabled by default and should be
disabled for blocks that are not present on the platform to avoid
false positive RAS errors.
Change-Id: I52dc3bee9a8b49fd2e51d7ed851fdc803a48e6e3
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The GIC-600AE uses a range of RAS features for all RAMs, which include
SECDED, ECC, and Scrub, software and bus error reporting. The GIC makes
all necessary information available to software through Armv8.2 RAS
architecture compliant register space.
This patch introduces support to probe the FMU_ERRGSR register to find
the right error record. Once the correct record is identified, the
"handler" function queries the FMU_ERR<m>STATUS register to further
identify the block ID, safety mechanism and the architecturally defined
primary error code. The description of the error is displayed on the
console to simplify debug.
Change-Id: I7e543664b74457afee2da250549f4c3d9beb1a03
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The fdt_getprop() function sets the length to -1 if the property is not
found. We should then not use it later in stm32_clk_parse_fdt_by_name()
in that case. Directly set *nb to 0U and return 0 if the property is not
found.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I19c5c953f392cdc768e0b1f3f240fc99a73a049c
This issue was found by Coverity (CID 376885). The _clk_stm32_get_parent()
return shouldn't be negative. Return the error in this case.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I91eff7e99fcdac9a258100b163fd9b040a9bd2c0
* changes:
docs(layerscape): add ls1088a soc and board support
feat(ls1088aqds): add ls1088aqds board support
feat(ls1088ardb): add ls1088ardb board support
feat(ls1088a): add new SoC platform ls1088a
build(changelog): add new scopes for ls1088a
feat(bl2): add support to separate no-loadable sections
refactor(layerscape): refine comparison of inerconnection
feat(layerscape): add soc helper macro definition for chassis 3
feat(nxp-gic): add some macros definition for gicv3
feat(layerscape): add CHASSIS 3 support for tbbr
feat(layerscape): define more chassis 3 hardware address
feat(nxp-crypto): add chassis 3 support
feat(nxp-dcfg): add Chassis 3 support
feat(lx2): enable DDR erratas for lx2 platforms
feat(layerscape): print DDR errata information
feat(nxp-ddr): add workaround for errata A050958
feat(layerscape): add new soc errata a010539 support
feat(layerscape): add new soc errata a009660 support
feat(nxp-ddr): add rawcard 1F support
fix(layerscape): fix build issue of mmap_add_ddr_region_dynamically
fix(nxp-tools): fix create_pbl print log
build(changelog): add new scopes for NXP driver
The variable is_fwu_initialized was initialized after
plat_fwu_set_images_source() is called.
But some functions called by plat_fwu_set_images_source() for STM32MP1
implementation expect is_fwu_initialized is set to true with asserts.
Rename is_fwu_initialized to is_metadata_initialized, and set it before
plat_fwu_set_images_source() is called.
Change-Id: I17c6ee6293dfa55385b0c859db442647f0bebaed
Signed-off-by: Sebastien Pasdeloup <sebastien.pasdeloup-ext@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add support for Chassis 3.
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I85cf68d4f1db81bf344e34dce13799ae173aa23a
Set the receiver gain to max value to recover
cold temp marginality issue for phy-gen2
Signed-off-by: Pankit Garg <pankit.garg@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: If639fa3ed404cf6e1b8abcc2b7137db1fdd0b2c2
New UDIMM 18ADF2G72AZ-2G6E1 has raw card ID = 0x1F
Also, changing mask for raw card ID from - 0x8f -> 0x9f
Changing the mask need the raw card to changed from 0x0f -> 0x1f
Signed-off-by: Maninder Singh <maninder.singh_1@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Iee8e732ebc5e09cdca6917be608f1597c7edd9f9
* changes:
feat(stm32mp1): select platform compilation either by flag or DT
feat(stm32mp1-fdts): add support for STM32MP13 DK board
feat(stm32mp1-fdts): add DDR support for STM32MP13
feat(stm32mp1-fdts): add st-io_policies node for STM32MP13
feat(stm32mp1): updates for STM32MP13 device tree compilation
feat(stm32mp1-fdts): add DT files for STM32MP13
feat(dt-bindings): add TZC400 bindings for STM32MP13
feat(stm32mp1): add "Boot mode" management for STM32MP13
feat(stm32mp1): manage HSLV on STM32MP13
feat(stm32mp1): add sdmmc compatible in platform define
feat(st-sdmmc2): allow compatible to be defined in platform code
feat(stm32mp1): update IO compensation on STM32MP13
feat(stm32mp1): call pmic_voltages_init() in platform init
feat(st-pmic): add pmic_voltages_init() function
feat(stm32mp1): update CFG0 OTP for STM32MP13
feat(stm32mp1): usb descriptor update for STM32MP13
feat(st-clock): add clock driver for STM32MP13
feat(dt-bindings): add bindings for STM32MP13
feat(stm32mp1): get CPU info from SYSCFG on STM32MP13
feat(stm32mp1): use only one filter for TZC400 on STM32MP13
feat(stm32mp1): add a second fixed regulator
feat(stm32mp1): adaptations for STM32MP13 image header
feat(stm32mp1): update boot API for header v2.0
feat(stm32mp1): update IP addresses for STM32MP13
feat(stm32mp1): add part numbers for STM32MP13
feat(stm32mp1): chip rev. Z is 0x1001 on STM32MP13
feat(stm32mp1): update BACKUP_BOOT_MODE for STM32MP13
feat(stm32mp1): stm32mp_is_single_core() for STM32MP13
feat(stm32mp1): remove unsupported features on STM32MP13
feat(stm32mp1): update memory mapping for STM32MP13
feat(stm32mp1): introduce new flag for STM32MP13
feat(st): update stm32image tool for header v2
Put DT_SDMMC2_COMPAT under #ifndef. Keep the default value if it is not
defined in platform code.
Change-Id: I611baaf1fc622d33e655ee2c78d9c287baaa6a67
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This new function pmic_voltages_init() is used to set the minimum value
for STM32MP13 VDDCPU and VDDCORE regulators. This value is retrieved
from device tree.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ibbe237cb5dccc1fddf92e07ffd3955048ff82075
Add new clock driver for STM32MP13. Split the include file to manage
either STM32MP13 or STM32MP15.
Change-Id: Ia568cd12b1d5538809204f0fd2224d51e5d1e985
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@st.com>
* GPIO: On STM32MP13, there are no banks GPIOJ, GPIOK and GPIOZ.
* STM32MP13 is a single Cortex-A7 CPU: remove reset from MPU1
and reset from MCU traces
* There is no MCU on STM32MP13. Put MCU security management
under STM32MP15 flag.
* The authentication feature is not supported yet on STM32MP13,
put the code under SPM32MP15 flag.
* On STM32MP13, the monotonic counter is managed in ROM code, keep
the monotonic counter update just for STM32MP15.
* SYSCFG: put registers not present on STM32MP13 under STM32MP15
flag, as the code that manages them.
* PMIC: use ldo3 during DDR configuration only for STM32MP15
* Reset UART pins on USB boot is no more required.
Change-Id: Iceba59484a9bb02828fe7e99f3ecafe69c837bc7
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@st.com>
The code declares different types of parameters.
static bool message_id_is_supported(unsigned int message_id);
static bool message_id_is_supported(size_t message_id)
{
...
}
Signed-off-by: Schspa Shi <schspa@gmail.com>
Change-Id: I7435d3b9309ea5fb5f8e3daa7173e09322184422
nutrs is set in ufs_enum (used by get_empty_slot), this will not
be assigned if UFS_FLAGS_SKIPINIT is set in flags during init and
might end up crashing read/write commands
Change-Id: I1517b69c56741fd5bf4ef0ebc1fc8738746233d7
Signed-off-by: anans <anans@google.com>
Fix software cache maintenance issues that can happen when
cpu prefetches data before DMA operations are complete.
This change fixes two cases one for ufs_read_blocks and
other for ufs_check_resp, in both cases invalidation of
buffer was done before the DMA operation completed.
This caused cpu prefetcher to bring data into cache
before DMA completed and caused UFS read failures.
The changes also removes unwanted cache operations to
local variable utrd which is not consumed by UFS host
controller and zeroing out buffer in ufs_read_capacity.
Change-Id: I9a288eb19d6705f6fa8bdb0b817a6411235fd8b6
Signed-off-by: Channagoud kadabi <kadabi@google.com>
new function for sending commands and reuses that function in the
driver, this can also be used to have retries for specific
commands in the future
Signed-off-by: anans <anans@google.com>
Change-Id: Ie01f36ff8e2df072db4d97929d293b80ed24f04b
The static was found by sparse tool:
drivers/st/pmic/stm32mp_pmic.c:456:18: warning: symbol 'pmic_ops'
was not declared. Should it be static?
The const was also missing.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ibb5cfaf67ac980bf0af27712a95dbef05b617c25
UART oversampling by 8 allows higher baud rates for UART. This is
required when (UART freq / baudrate) <= 16. In this case the OVER8 bit
needs to be enabled in CR1 register. And the BRR register management is
different:
USARTDIV = (2 * UART freq / baudrate) (with div round nearest)
BRR[15:4] = USARTDIV[15:4]
BRR[3] = 0
BRR[2:0] = USARTDIV[3:0] >> 1
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Ia3fbeeb73a36a4dc485c7ba428c531e65b6f6c09
To get the nearest divisor for BRR register, we use:
Divisor = (Uart clock + (baudrate / 2)) / baudrate
But lsl was wrongly used instead of lsr to have the division by 2.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Iedcc3ccdb4cf8268012e82a66df2a9ec48fc1d79
The issue was found by Coverity:
CID 376582: (UNINIT)
Using uninitialized value "*pllcfg[_PLL4]" when calling
"stm32mp1_check_pll_conf".
CID 376582: (UNINIT)
Using uninitialized value "*pllcfg[_PLL3]" when calling
"stm32mp1_check_pll_conf".
Check PLL configs are valid before using pllcfg.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I49de849eaf451d0c165a8eb8555112a0a4140bbc
Common mbedTLS implementation include the fixed configuration
file of mbedTLS and that does not gives flexilibility to the
platform to include their own mbedTLS configuration.
Hence changes are done so that platform can include their own
mbedTLS configuration file.
Signed-off-by: Lucian Paul-Trifu <lucian.paul-trifu@arm.com>
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I04546589f67299e26b0a6a6e151cdf1fdb302607
ufs_read_blocks always zeros out the buffer before passing
to UFS for DMA. We don't need to zero out buf before reading
from UFS storage, this change remove the memset in ufs_read_blocks.
Signed-off-by: Channa Kadabi <kadabi@google.com>
Change-Id: I8029a7ea07fbd8cce29b383c80a3cfc782c5b7ec
With gcc-11, the -Wformat-signedness warning complains about enum values
that should be printed as unsigned values. Change %d to %u for several
lines in the clock driver.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ia2d24e6feef5e852e0a6bfaa1286fe605f9a16b7
* changes:
fix(nxp-crypto): refine code to avoid hang issue for some of toolchain
build(changelog): add new scope for nxp crypto
fix(lx2): drop erratum A-009810
Notice that aldo1 is typically useful for the Olimex A64 board, where
it powers the PE bank through the vcc-pe line.
Without it, it is not possible to light the user led on PE17, for
instance.
Change-Id: I70588bc977b884b22df87f1b075549cb8925925a
Signed-off-by: Thierry Bultel <thierry.bultel@linatsea.fr>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
bitfield structure maybe has strict-aliasing issue for some compiler,
for example the old code has hang issue for yocto 3.4 toolchain, so
refine the code to avoid to use bitfield structure.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I6b6d7597311240dd6d6b8ca4ce508c69332f9c68
* changes:
docs(layerscape): add ls1046a soc and board support
feat(ls1046aqds): add board ls1046aqds support
feat(ls1046afrwy): add ls1046afrwy board support
feat(ls1046ardb): add ls1046ardb board support
feat(ls1046a): add new SoC platform ls1046a
fix(nxp-tools): fix tool location path for byte_swape
fix(nxp-qspi): fix include path for QSPI driver
build(changelog): add new scopes for NXP layerscape platforms
Replace %d with %u in log, to avoid warning when
-Wformat-signedness is enabled.
Change-Id: Ied5823520181f225ae09bd164e2e52e9a7692c60
Signed-off-by: Yann Gautier <yann.gautier@st.com>
As cmd_idx is unsigned, we have to use %u and not %d.
This avoids warning when -Wformat-signedness is enabled.
Change-Id: I6954a8c939f3fb47dbb2c6db56a1909565af078b
Signed-off-by: Yann Gautier <yann.gautier@st.com>
As page is unsigned, we should use %u and not %d.
Find with -Wformat-signedness.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I7205971ee5e83163e4fe47d33bb9e90832b59ae0
Some messages don't use the correct types, update them.
This avoids warning when -Wformat-signedness is enabled.
Change-Id: Ie5384a7d139c48a623e1617c93d15fecc8a36061
Signed-off-by: Yann Gautier <yann.gautier@st.com>
As filter is unsigned, we have to use %u and not %d.
This avoids warning when -Wformat-signedness is enabled.
Change-Id: I9fc9f15774dc974edfa3db65f5aecd1e70bc146b
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add the SZ_* macros from 32 to 2G.
This allows removing some defines in raw NAND driver
and STM32MP1 boot device selection code.
Change-Id: I3c4d4959b0f43e785eeb37a43d03b2906b7fcfbc
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Previously ufs_write_blocks was memsetting the write buffer before
calling ufs_prepare_cmd, causing zeros to be written to UFS. This change
deletes the memset call so the original buffer contents get written to
UFS.
Signed-off-by: Jorge Troncoso <jatron@google.com>
Change-Id: I3299f11b30e6d7d409408ce11a6759c88607ee18
From the new binding, the RCC become secured based on the new
compatible. This must be done only from the secure OS initialisation.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I7f0a62f22bfcca638ddaefc9563df00f89f01653
The Event Log sources are added to the source-list of BL1 and BL2
images in the Event Log Makefile. It doesn't seem correct since
some platforms only compile Event Log sources for BL2.
Hence, moved compilation decision of Event Log sources to the
platform makefile.
Change-Id: I1cb96e24d6bea5e091d08167f3d1470d22b461cc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
At boot, the devices under ETZPC control are secured, so should be
their GPIOs. As securable GPIOs are secured by default, keep the reset
values in BL2.
Change-Id: I9e560d936f8e8fda0f96f6299bb0c3b35ba9b71f
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Allow to set a gpio in output mode from the device tree.
Signed-off-by: Fabien Dessenne <fabien.dessenne@foss.st.com>
Change-Id: Ic483324bc5fe916a60df05f74706bd1da4d08aa5
No functional, change, but some improvements:
- Declare set_gpio() as static (only called locally)
- Handle the type ('open-drain') property independently from the
mode one.
- Replace mmio_clrbits_32() + mmio_setbits_32() with
mmio_clrsetbits_32().
- Add a missing log
- Add missing U() in macro definitions
Signed-off-by: Fabien Dessenne <fabien.dessenne@foss.st.com>
Change-Id: I1a79609609ac8e8001127ebefdb81def573f76fa
Rename driver file to BSEC2.
Split header file in IP and feature parts.
Add functions to access BSEC scratch register.
Several corrections and improvements.
Probe the driver earlier, especially to check debug features.
Change-Id: I1981536398d598d67a19d2d7766dacc18de72ec1
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add support for regulator-always-on at BL2 level as it was supported
before using the regulator framework.
Signed-off-by: Pascal Paillet <p.paillet@st.com>
Change-Id: Idb2f4ddc2fdd4e0d31fb33da87c84618aa2e5135
Some clocks are only required in BL2, like boot devices clocks:
FMC, QSPI.
Some clocks are only used in BL32: Timers, devices that need special
care for independent reset.
Change-Id: Id4ba99afeea5095f419a86f7dc6423192c628d82
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This change removes reference counting support in clock gating
implementation for clocks that rely on non-secure only RCC resources.
As RCC registers are accessed straight by non-secure world for these
clocks, secure world cannot safely store the clock state and even
disabling such clock from secure world can jeopardize the non-secure
world clock management framework and drivers.
As a consequence, for such clocks, stm32_clock_enable() forces the clock
ON without any increment of a refcount and stm32_clock_disable() does
not disable the clock.
Change-Id: I0cc159b36a25dbc8676f05edf2668ae63c640537
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Array stm32mp1_clk_gate[] defines the clock resources. This change
add a secure attribute to the clock: secure upon RCC[TZEN] (SEC),
secure upon RCC[TZEN] and RCC[MCKPROT] (MKP) or always accessible
from non-secure (N_S).
At init, lookup clock tree to check if any of the secure clocks
is derived from PLL3 in which case PLL3 shall be secure.
Note that this change does not grow byte size of stm32mp1_clk_gate[].
Change-Id: I933d8a30007f3c72f755aa1ef6d7e6bcfabbfa9e
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Rework the internal functions __stm32mp1_clk_enable/disable to check for
reference count instead of secure status for a clock.
Some functions now unused can be removed.
Change-Id: Ie4359110d7144229f85c961dcd5a019222c3fd25
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Simplify the assert to check if the FWU subsystem has been initialised
in the fwu_is_trial_run_state function.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: I428668470ebd4b67e68777a62d5732cb96841ab9
Add a helper function to pass the metadata structure to the
platforms. Platforms can then read the metadata structure and pass the
boot index value, i.e. the bank(partition) from which the firmware
images were booted, to the Update Agent.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: I571179b9baa0fbc4d0f08d7a6e3b50c0c7165c5c
With the GPT partition scheme, a partition can be identified using
it's UniquePartitionGUID, instead of it's name. Add a function to
identify the partition based on this GUID value. This functionality is
useful in identification of a partition whose UniquePartitionGUID
value is known.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: I543f794e1f7773f969968a6bce85ecca6f6a1659
