Neoverse-V1 erratum 2372203 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[40] of
CPUACTLR2_EL1 to disable folding of demand requests into older
prefetches with L2 miss requests outstanding.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401781/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ice8c2e5a0152972a35219c8245a2e07e646d0557
BL2 base address updated to provide enough space for BL31 in
Trusted SRAM when building with BL2_AT_EL3 and ENABLE_PIE options.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ieaba00d841648add855feb99b7923a4b0cccfb08
Removed GICR_CTLR_DPG0_MASK definition from platform GIC header file
as Arm GICv3 header file added its definition.
Change-Id: Ieec43aeef96b9b6c8a7f955a8d145be6e4b183c5
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
If the interrupt being targeted is released from the CPU before the
CLEAR command is sent to the CPU then a subsequent SET command may not
be delivered in a finite time. To workaround this, issue an unblocking
event by toggling GICR_CTLR.DPG* bits after clearing the cpu group
enable (EnableGrp* bits of GIC CPU interface register)
This fix is implemented as per the errata 2384374-part 2 workaround
mentioned here:
https://developer.arm.com/documentation/sden892601/latest/
Change-Id: I13926ceeb7740fa4c05cc5b43170e7ce49598f70
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Added support for cca CoT in the fiptool by adding the cca,
core_swd, and plat key certificates.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I1ba559e188ad8c33cb0e643d7a2fc6fb96736ab9
This chain of trust is targeted at Arm CCA solutions and defines 3
independent signing domains:
1) CCA signing domain. The Arm CCA Security Model (Arm DEN-0096.A.a) [1]
refers to the CCA signing domain as the provider of CCA components
running on the CCA platform. The CCA signing domain might be independent
from other signing domains providing other firmware blobs.
The CCA platform is a collective term used to identify all hardware and
firmware components involved in delivering the CCA security guarantee.
Hence, all hardware and firmware components on a CCA enabled system that
a Realm is required to trust.
In the context of TF-A, this corresponds to BL1, BL2, BL31, RMM and
associated configuration files.
The CCA signing domain is rooted in the Silicon ROTPK, just as in the
TBBR CoT.
2) Non-CCA Secure World signing domain. This includes SPMC (and
associated configuration file) as the expected BL32 image as well as
SiP-owned secure partitions. It is rooted in a new SiP-owned key called
Secure World ROTPK, or SWD_ROTPK for short.
3) Platform owner signing domain. This includes BL33 (and associated
configuration file) and the platform owner's secure partitions. It is
rooted in the Platform ROTPK, or PROTPK.
[1] https://developer.arm.com/documentation/DEN0096/A_a
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I6ffef3f53d710e6a2072fb4374401249122a2805
Neoverse-V1 erratum 2294912 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[0] of
CPUACTLR2_EL1 to force PLDW/PFRM ST to behave like PLD/PRFM LD and not
cause invalidations to other PE caches.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401781/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ia7afb4c42fe66b36fdf38a7d4281a0d168f68354
This patch splits the el2_sysregs_context_save/restore functions
into multiple functions based on features. This will allow us to
selectively save and restore EL2 context registers based on
features enabled for a particular configuration.
For now feature build flags are used to decide which registers
to save and restore. The long term plan is to dynamically check
for features that are enabled and then save/restore registers
accordingly. Splitting el2_sysregs_context_save/restore functions
into smaller assembly functions makes that task easier. For more
information please take a look at:
https://trustedfirmware-a.readthedocs.io/en/latest/design_documents/context_mgmt_rework.html
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I1819a9de8b70fa35c8f45568908025f790c4808c
Replay-protected memory block access is enabled by writing 0x3
to PARTITION_ACCESS (bit[2:0]). Instead the driver is using the
first boot partition, which does not provide any playback protection.
Additionally, it unconditionally activates the first boot partition,
potentially breaking boot for SoCs that consult boot partitions,
require boot ack or downgrading to an old bootloader if the first
partition happens to be the inactive one.
Also, neither enabling or disabling the RPMB observes the
PARTITION_SWITCH_TIME. As there are no in-tree users for these
functions, drop them for now until a properly functional implementation
is added. That one will likely share most code with the existing boot
partition switch, which doesn't suffer from the described issues.
Change-Id: Ia4a3f738f60a0dbcc33782f868cfbb1e1c5b664a
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
This change adds "FEAT_TRBE" to be part of feature detection mechanism.
Previously feature enablement flags were of boolean type, containing
either 0 or 1. With the introduction of feature detection procedure
we now support three states for feature enablement build flags(0 to 2).
Accordingly, "ENABLE_TRBE_FOR_NS" flag is now modified from boolean
to numeric type to align with the feature detection.
Change-Id: I53d3bc8dc2f6eac63feef22dfd627f3a48480afc
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
This change adds "FEAT_BRBE" to be part of feature detection mechanism.
Previously feature enablement flags were of boolean type, possessing
either 0 or 1. With the introduction of feature detection procedure
we now support three states for feature enablement build flags(0 to 2).
Accordingly, "ENABLE_BRBE_FOR_NS" flag is now modified from boolean
to numeric type to align with the feature detection.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I1eb52863b4afb10b808e2f0b6584a8a210d0f38c
Disabling access to the boot partition reverts the MMC to read from the
user area. Add a macro to make this clearer.
Suggested-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Change-Id: I34a5a987980bb4690d08d255f465b11a4697ed5a
At the moment, mmc_boot_part_read_blocks() takes care to switch
to the boot partition before transfer and back afterwards.
This can introduce large overhead when reading small chunks.
Give consumers of the API more control by exporting
mmc_part_switch_current_boot() and mmc_part_switch_user().
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Change-Id: Ib641f188071bb8e0196f4af495ec9ad4a292284f
This patch fixes the following encodings in the System register
encoding space for the MPAM registers. The encodings now match
with the Arm® Architecture Reference Manual Supplement for MPAM.
* MPAMVPM0_EL2
* MPAMVPM1_EL2
* MPAMVPM2_EL2
* MPAMVPM3_EL2
* MPAMVPM4_EL2
* MPAMVPM5_EL2
* MPAMVPM6_EL2
* MPAMVPM7_EL2
* MPAMVPMV_EL2
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ib339412de6a9c945a3307f3f347fe7b2efabdc18
Add SP entries to event_log_metadata if SPD_spmd is enabled. Otherwise
the platform cannot boot with measured boot enabled.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I525eb50e7bb60796b63a8c7f81962983017bbf87
* changes:
feat(fvp): add plat hook for memory transactions
feat(spmc): enable handling of the NS bit
feat(spmc): add support for v1.1 FF-A memory data structures
feat(spmc/mem): prevent duplicated sharing of memory regions
feat(spmc/mem): support multiple endpoints in memory transactions
feat(spmc): add support for v1.1 FF-A boot protocol
feat(plat/fvp): introduce accessor function to obtain datastore
feat(spmc/mem): add FF-A memory management code
In FF-A v1.1 the NS bit is used by the SPMC to specify the
security state of a memory region retrieved by a SP.
Enable the SPMC to set the bit for v1.1 callers or v1.0
callers that explicitly request the usage via FFA_FEATURES.
In this implementation the sender of the memory region must
reside in the normal world and the SPMC does not support
changing the security state of memory regions therefore
always set the NS bit if required by the caller.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I215756b28e2382082933ba1dcc7584e7faf4b36b
Add support for the FF-A v1.1 data structures to the EL3 SPMC
and enable the ability to convert between v1.0 and the v1.1
forwards compatible data structures.
The SPMC now uses the v1.1 data structures internally and will
convert descriptors as required depending on the FF-A version
supported by the calling partition.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ic14a95ea2e49c989aecf19b927a6b21ac50f863e
Enable FFA_MEM_LEND and FFA_MEM_SHARE transactions to support multiple
borrowers and add the appropriate validation. Since we currently
only support a single S-EL1 partition, this functionality is to
support the use case where a VM shares or lends memory to one or
more VMs in the normal world as part of the same transaction to
the SP.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ia12c4357e9d015cb5f9b38e518b7a25b1ea2e30e
A partition can request the use of the FF-A boot protocol via
an entry in its manifest along with the register (0-3)
that should be populated with a pointer to a data structure
containing boot related information. Currently the boot
information consists of an allocated memory region
containing the SP's manifest, allowing it to map and parse
any extra information as required.
This implementation only supports the v1.1 data structures
and will return an error if a v1.0 client requests the usage
of the protocol.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I67692553a90a7e7d94c64fe275edd247b512efca
In order to provide the EL3 SPMC a sufficient datastore to
record memory descriptors, a accessor function is used.
This allows for the backing memory to be allocated in a
platform defined manner, to accommodate memory constraints
and desired use cases.
Provide an implementation for the Arm FVP platform to
use a default value of 512KB memory allocated in the
TZC RAM section.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I92bc55ba6e04bdad429eb52f0d2960ceda682804
Originally taken from the downstream Trusty SPD [1]
implementation and modified to integrate with
the EL3 SPMC internals.
Add support to the EL3 SPMC for a subset of the FF-A
memory management ABIs:
- FFA_MEM_SHARE
- FFA_MEM_LEND
- FFA_MEM_RETRIEVE_REQ
- FFA_MEM_RETRIEVE_RESP
- FFA_MEM_RELINQUISH
- FFA_MEM_RECLAIM
- FFA_MEM_FRAG_RX
- FFA_MEM_FRAG_TX
This implementation relies on a datastore allocated in
platform specific code in order to store memory descriptors
about ongoing memory transactions. This mechanism
will be implemented in the following commit.
[1] https://android.googlesource.com/trusty/external/trusted-firmware-a/+/refs/heads/master/services/spd/trusty/
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ib042f73c8a6e0f0aed00f6762be175cb9dedc042
Created a function to abort all pending NS DMA transactions to
engage complete DMA protection. This call will be used by the
subsequent DRTM implementation changes.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Change-Id: I94992b54c570327d6746295073822a9c0ebdc85d
This change makes use of 32-bit crc for calculating gpt header crc
and compares it with the given value.
Signed-off-by: Rohit Ner <rohitner@google.com>
Change-Id: I49bca7aab2c3884881c4b7d90d31786a895290e6
* changes:
feat(spmd): allow forwarding of FFA_FRAG_RX/TX calls
feat(spmc): add support for FFA_SPM_ID_GET
feat(spmc): add support for forwarding a secure interrupt to the SP
feat(spmc): add support for FF-A power mgmt. messages in the EL3 SPMC
Enable the SPMD to forward FFA_FRAG_RX/TX calls between
the normal world and the SPMC.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I097a48552827a8527dd3efe1155bc601d7cbf887
This patch adds support for forwarding the following PSCI messages
received by the SPMC at EL3 to the S-EL1 SP if the SP has indicated
that it wishes to receive the appropriate message via its manifest.
1. A PSCI CPU_OFF message in response to a cpu hot unplug request
from the OS.
2. A message to indicate warm boot of a cpu in response to a cpu
hot plug request from the OS.
3. A PSCI CPU_SUSPEND message in response to a cpu idle event
initiated from the OS.
4. A message to indicate warm boot of a cpu from a shallow power
state in response to a cpu resume power event.
This patch also implements the FFA_SECONDARY_EP_REGISTER function to
enable the SP specify its secondary entrypoint.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I375d0655b2c6fc27445facc39213d1d0678557f4
Enable the SPMC to handle calls to FFA_PARTITION_INFO_GET.
This allows the normal world to discover which partitions
are running in the secure world including logical partitions
in EL3.
This implementation supports both the v1.0 and v1.1
implementations of the Partition Info Get Descriptor.
The SPMC populates the appropriate descriptor in the
partitions RX buffer, if requested, according to the
version of FF-A that the caller is using.
Additionally rename the common/uuid UUID_H include guard
due to a conflict with another header file.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I0a85f1dae50fae1fe47a3cafb765fbe9f40619e1
When RECLAIM_INIT_CODE is enabled, functions with __init attribute can
be reclaimed after boot and marked as Execute Never.
Because of a bug in linker script the functions starting with "init"
were also marked XN and causing instruction abort.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I2221973c05af170acf4e723cd44645b9ff9d58d2
Implements the loop workaround for Cortex Makalu/Makalu-ELP/Hunter
and Neoverse Demeter/Poseidon.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: If5f6689b662ecac92491e0c0902df4270051ce5b
DSU-110 erratum 2313941 is a Cat B erratum and applies to revisions
r0p0, r1p0, r2p0, r2p1, r3p0, r3p1 and is still open.
The workaround sets IMP_CLUSTERACTLR_EL1[16:15] bits to 0b11 to disable
clock gating of the SCLK domain. This will increase the idle power
consumption.
This patch applies the fix for Cortex-X2/A510/A710 and Neoverse N2.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1781796/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I54d948b23e8e01aaf1898ed9fe4e2255dd209318
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Enable the RSS backend based measured boot feature.
In the absence of RSS the mocked version of PSA APIs
are used. They always return with success and hard-code data.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I7543e9033a7a21f1b836d911d8d9498c6e09b956
Runtime Security Subsystem (RSS) provides for the host:
- Runtime service to store measurments, which were
computed by the host during measured boot.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ia9e4e8a1fe8f01a28da1fd8c434b780f2a08f94e
This commit adds a driver to conduct the AP's communication
with the Runtime Security Subsystem (RSS).
RSS is Arm's reference implementation for the CCA HES [1].
It can be considered as a secure enclave to which, for example,
certain services can be offloaded such as initial attestation.
RSS comms driver:
- Relies on MHU v2.x communication IP, using a generic MHU API,
- Exposes the psa_call(..) API to the upper layers.
[1] https://developer.arm.com/documentation/DEN0096/latest
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Change-Id: Ib174ac7d1858834006bbaf8aad0eb31e3a3ad107
Supports:
- Get Platform Attestation token from secure enclave
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Icaeb7b4eaff08e10f449fbf752068de3ac7974bf
A secure enclave could provide an alternate
backend for measured boot. This API can be used
to store measurements in a secure enclave, which
provides the measured boot runtime service.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I2448e324e7ece6b318403c5937dfe7abea53d0f3
The Arm Message Handling Unit (MHU) is a mailbox controller used to
communicate with other processing element(s). Adding a driver to
enable the communication:
- Adding generic MHU driver interface,
- Adding MHU_v2_x driver.
Driver supports:
- Discovering available MHU channels,
- Sending / receiving words over MHU channels,
- Signaling happens over a dedicated channel.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Change-Id: I41a5b968f6b8319cdbdf7907d70bd8837839862e
This patch adds workarounds for following cortex-x1 errata:
- 1821534 (CatB)
- 1688305 (CatB)
- 1827429 (CatB)
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401782/latest
Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I10ebe8d5c56a6d273820bb2c682f21bf98daa7a5
This patch adds basic CPU library code to support Cortex-X1 CPU in TF-A.
Follow-up patches will add selected errata workarounds for this CPU.
Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I4a3d50a98bf55a555bfaefeed5c7b88a35e3bc21
Report the SPMC version to the caller, currently v1.1 and
also store the requested version to allow the SPMC to
use the corresponding FF-A version in future ABI calls.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I79aafd1e6694cbd4b231bbd0cac5834a71063d79
Cortex-A710 erratum 2008768 is a Cat B erratum that applies to revisions
r0p0, r1p0, and r2p0, and is fixed in r2p1. The workaround is to clear
the ED bit in each ERXCTLR_EL1 register before setting the PWRDN bit in
CPUPWRCTLR_EL1.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ib2171c06da762dd4155b02c03d86766f1616381d
* changes:
fix(sptool): update Optee FF-A manifest
feat(sptool): delete c version of the sptool
feat(sptool): use python version of sptool
feat(sptool): python version of the sptool
refactor(sptool): use SpSetupActions in sp_mk_generator.py
feat(sptool): add python SpSetupActions framework
This patch enables access to the branch record buffer control registers
in non-secure EL2 and EL1 using the new build option ENABLE_BRBE_FOR_NS.
It is disabled for all secure world, and cannot be used with ENABLE_RME.
This option is disabled by default, however, the FVP platform makefile
enables it for FVP builds.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I576a49d446a8a73286ea6417c16bd0b8de71fca0
For EL3 SPMC configuration enabled platforms, allow the reuse of
BL32 specific definitions.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I37ffbbf680326c101fbb2f146085a96c138f07a1
Introduce a framework to support running logical
partitions alongside the SPMC in EL3 as per the
v1.1 FF-A spec.
The DECLARE_LOGICAL_PARTITION macro has been added to
simplify the process to define a Logical Partition.
The partitions themselves are statically allocated
with the descriptors placed in RO memory.
It is assumed that the MAX_EL3_LP_DESCS_COUNT will
be defined by the platform.
Change-Id: I1c2523e0ad2d9c5d36aeeef6b8bcb1e80db7c443
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
* changes:
feat(allwinner): provide CPU idle states to the rich OS
feat(allwinner): simplify CPU_SUSPEND power state encoding
feat(allwinner): choose PSCI states to avoid translation
feat(fdt): add the ability to supply idle state information
fix(allwinner): improve DTB patching error handling
refactor(allwinner): patch the DTB after setting up PSCI
refactor(allwinner): move DTB change code into allwinner/common
Previously the SCR_EL3.AMVOFFEN bit was set for all contexts, this
behavior is incorrect as it allows secure world to access the virtual
offset registers when it should not be able to. This patch only sets
AMVOFFEN for non-secure world.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I2c61fe0a8a0092df089f1cb2c0d8a45c8c8ad0d3
This change performs a basic configuration of the SMMU root registers
interface on an RME enabled system. This permits enabling GPC checks
for transactions originated from a non-secure or secure device upstream
to an SMMU. It re-uses the boot time GPT base address and configuration
programmed on the PE.
The root register file offset is platform dependent and has to be
supplied on a model command line.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I4f889be6b7afc2afb4d1d147c5c1c3ea68f32e07
This change adds a new utility function - `fdtw_find_or_add_subnode`
to find a subnode. If the subnode is not present, the function adds
it in the flattened device tree.
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Change-Id: Idf3ceddc57761ac015763d4a8b004877bcad766a
Currently, HW-config is loaded into non-secure memory, which mean
a malicious NS-agent could tamper with it. Ideally, this shouldn't
be an issue since no software runs in non-secure world at this time
(non-secure world has not been started yet).
It does not provide a guarantee though since malicious external
NS-agents can take control of this memory region for update/corruption
after BL2 loads it and before BL31/BL32/SP_MIN consumes it. The threat
is mapped to Threat ID#3 (Bypass authentication scenario) in threat
model [1].
Hence modified the code as below -
1. BL2 loads the HW_CONFIG into secure memory
2. BL2 makes a copy of the HW_CONFIG in the non-secure memory at an
address provided by the newly added property(ns-load-address) in
the 'hw-config' node of the FW_CONFIG
3. SP_MIN receives the FW_CONFIG address from BL2 via arg1 so that
it can retrieve details (address and size) of HW_CONFIG from
FW_CONFIG
4. A secure and non-secure HW_CONFIG address will eventually be used
by BL31/SP_MIN/BL32 and BL33 components respectively
5. BL31/SP_MIN dynamically maps the Secure HW_CONFIG region and reads
information from it to local variables (structures) and then
unmaps it
6. Reduce HW_CONFIG maximum size from 16MB to 1MB; it appears
sufficient, and it will also create a free space for any future
components to be added to memory
[1]: https://trustedfirmware-a.readthedocs.io/en/latest/threat_model/threat_model.html
Change-Id: I1d431f3e640ded60616604b1c33aa638b9a1e55e
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Some platforms require extra firmware to implement CPU_SUSPEND, or only
have working CPU_SUSPEND in certain configurations. On these platforms,
CPU idle states should only be listed in the devicetree when they are
actually available. Add a function BL31 can use to dynamically supply
this idle state information.
Change-Id: I64fcc288303faba8abec4f59efd13a04220d54dc
Signed-off-by: Samuel Holland <samuel@sholland.org>
The devicetree specification[1] defines the generic DT properties
"mac-address" and "local-mac-address", that allow to set the MAC address
for a network device. This is needed because many platform network
devices do not define a method for obtaining a unique MAC address, and
many devices lack the non-volatile storage to hold such a number.
Some platforms (for instance Allwinner) derive the MAC address from
another unique SoC property, for instance some serial number. To allow
those MAC address to be set by TF-A, add a function that finds the DT
node of a network device (by using the "ethernet<x>" alias), then adding
the "local-mac-address" property into that node, setting it to a user
provided address. Platforms can use this function to generate MAC
addresses in a platform specific way, and store them in the DT.
DT consumers like U-Boot or the Linux kernel will automatically pick up
the address from that property and program the MAC device accordingly.
[1] https://devicetree-specification.readthedocs.io/en/latest/chapter4-device-bindings.html#local-mac-address-property
Change-Id: I3f5766cc575fa9718f9ca23e8269b11495c43be2
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
ufs controller needs to be disabled if already enabled, without
this we noticed a crash at linkstartup during reinit
Signed-off-by: anans <anans@google.com>
Change-Id: I523c5d57c1d34f6404a6368ee3f364fbffd2e542
time taken for device init varies based on different devices,
instead of waiting for 200ms - we can poll on fdevice init
until it gets cleared, similar to what linux does
Change-Id: I571649231732fde0cd6d5be89b6f14fe905fcaff
Signed-off-by: anans <anans@google.com>
* changes:
feat(spmc): add support for direct req/resp
feat(spmc): add support for handling FFA_ERROR ABI
feat(spmc): add support for FFA_MSG_WAIT
feat(spmc): add function to determine the return path from the SPMC
feat(spmd): enable handling of FF-A SMCs with the SPMC at EL3
feat(spmd): update SPMC init flow to use EL3 implementation
feat(spmc): add FF-A secure partition manager core
feat(spmc): prevent read only xlat tables with the EL3 SPMC
feat(spmc): enable building of the SPMC at EL3
refactor(spm_mm): reorganize secure partition manager code
Any FF-A SMC that arrives from the normal world is handled by the
SPMD before being forwarded to the SPMC. Similarly any SMC
arriving from the secure world will hit the SPMC first and be
forwarded to the SPMD if required, otherwise the SPMC will
respond directly.
This allows for the existing flow of handling FF-A ABI's when
the SPMC resides at a lower EL to be preserved.
In order to facilitate this flow the spmd_smc_forward function
has been split and control is either passed to the SPMC or it is
forwarded as before. To allow this the flags and cookie parameters
must now also be passed into this method as the SPMC must be able to
provide these when calling back into the SPMD handler as appropriate.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I84fee8390023295b9689067e14cd25cba23ca39b
Allow the SPMD to initialise an SPMC implementation at EL3 directly
rather than at a lower EL.
This includes removing the requirement to parse an SPMC manifest to
obtain information about the SPMC implementation, in this case since the
SPMD and SPMC reside in the same EL we can hardcode the required
information directly.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I66d1e1b3ec2d0abbfc28b011a32445ee890a331d
This patch introduces the core support for enabling an SPMC in EL3
as per the FF-A spec.
The current implemented functionality is targeted to enable
initialization of the SPMC itself and initial support for
bringing up a single S-EL1 SP.
This includes initialization of the SPMC's internal state,
parsing of an SP's manifest, preparing the cpu contexts and
appropriate system registers for the Secure Partition.
The spmc_smc_handler is the main handler for all incoming SMCs
to the SPMC, FF-A ABI handlers and functionality will
be implemented in subsequent patches.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ib33c240b91e54cbd018a69fec880d02adfbe12b9
The current implementation uses plat_arm API under generic code.
"plat_arm" API is a convention used with Arm common platform layer
and is reserved for that purpose. In addition, the function has a
weak definition which is not encouraged in TF-A.
Henceforth, removing the weak API with a configurable macro "TWED_DELAY"
of numeric data type in generic code and simplifying the implementation.
By default "TWED_DELAY" is defined to zero, and the delay value need to
be explicitly set by the platforms during buildtime.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I25cd6f628e863dc40415ced3a82d0662fdf2d75a
As part of the RFC:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/13651,
this patch adds the 'cm_prepare_el3_exit_ns' function. The function is
a wrapper to 'cm_prepare_el3_exit' function for Non-secure state.
When EL2 sysregs context exists (CTX_INCLUDE_EL2_REGS is
enabled) EL1 and EL2 sysreg values are restored from the context
instead of directly updating the registers.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I9b071030576bb05500d54090e2a03b3f125d1653
The following registers are only accessible from secure state,
therefore don't need to be saved/restored during world switch.
- SDER32_EL2
- VSTCR_EL2
- VSTTBR_EL2
This patch removes these registers from EL2 context.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I24d08aacb1b6def261c7b37d3e1265bb76adafdc
Cortex-X2 erratum 2147715 is a Cat B erratum that applies to revision
r2p0 and is fixed in r2p1. The workaround is to set CPUACTLR_EL1[22]=1,
which will cause the CFP instruction to invalidate all branch predictor
resources regardless of context.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775100/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I2d81867486d9130f2c36cd4554ca9a8f37254b57
* changes:
feat(gic600ae_fmu): enable all GICD, PPI, ITS SMs
feat(gic600ae_fmu): disable SMID for unavailable blocks
feat(gic600ae_fmu): introduce support for RAS error handling
The following SMIDs are disabled by default.
* GICD: MBIST REQ error and GICD FMU ClkGate override
* PPI: MBIST REQ error and PPI FMU ClkGate override
* ITS: MBIST REQ error and ITS FMU ClkGate override
This patch explicitly enables them during the FMU init sequence.
Change-Id: I573e64786e3318d4cbcd07d0a1caf25f8e6e9200
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch updates the gic600_fmu_init function to disable all safety
mechanisms for a block ID that is not present on the platform. All
safety mechanisms for GIC-600AE are enabled by default and should be
disabled for blocks that are not present on the platform to avoid
false positive RAS errors.
Change-Id: I52dc3bee9a8b49fd2e51d7ed851fdc803a48e6e3
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Add __BASE_XLAT_TABLE_START__/_END__ and __XLAT_TABLE_START__/_END__
symbols in the linker script to have them in the .map file.
This allows displaying those areas when running memory map script.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I768a459c5cecc403a9b81b36a71397ecc3179f4f
The GIC-600AE uses a range of RAS features for all RAMs, which include
SECDED, ECC, and Scrub, software and bus error reporting. The GIC makes
all necessary information available to software through Armv8.2 RAS
architecture compliant register space.
This patch introduces support to probe the FMU_ERRGSR register to find
the right error record. Once the correct record is identified, the
"handler" function queries the FMU_ERR<m>STATUS register to further
identify the block ID, safety mechanism and the architecturally defined
primary error code. The description of the error is displayed on the
console to simplify debug.
Change-Id: I7e543664b74457afee2da250549f4c3d9beb1a03
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Replacing ARM_ARCH_AT_LEAST macro with feature specific build options
to prevent unconditional accesses to the registers during context save
and restore routines.
Registers are tightly coupled with features more than architecture
versions. Henceforth having a feature-specific build flag guarding the
respective registers, will restrict any undefined actions.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I809774df580530803c8a6e05a62d8d4de0910e02
This patch adds architectural features detection procedure to ensure
features enabled are present in the given hardware implementation.
It verifies whether the architecture build flags passed during
compilation match the respective features by reading their ID
registers. It reads through all the enabled feature specific ID
registers at once and panics in case of mismatch(feature enabled
but not implemented in PE).
Feature flags are used at sections (context_management,
save and restore routines of registers) during context switch.
If the enabled feature flag is not supported by the PE, it causes an
exception while saving or restoring the registers guarded by them.
With this mechanism, the build flags are validated at an early
phase prior to their usage, thereby preventing any undefined action
under their control.
This implementation is based on tristate approach for each feature and
currently FEAT_STATE=0 and FEAT_STATE=1 are covered as part of this
patch. FEAT_STATE=2 is planned for phase-2 implementation and will be
taken care separately.
The patch has been explicitly tested, by adding a new test_config
with build config enabling majority of the features and detected
all of them under FVP launched with parameters enabling v8.7 features.
Note: This is an experimental procedure and the mechanism itself is
guarded by a macro "FEATURE_DETECTION", which is currently being
disabled by default.
The "FEATURE_DETECTION" macro is documented and the platforms are
encouraged to make use of this diagnostic tool by enabling this
"FEATURE_DETECTION" flag explicitly and get used to its behaviour
during booting before the procedure gets mandated.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: Ia23d95430fe82d417a938b672bfb5edc401b0f43
Add a dummy realm attestation key to RMMD, and return it on request.
The realm attestation key is requested with an SMC with the following
parameters:
* Fid (0xC400001B2).
* Attestation key buffer PA (the realm attestation key is copied
at this address by the monitor).
* Attestation key buffer length as input and size of realm
attesation key as output.
* Type of elliptic curve.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I12d8d98fd221f4638ef225c9383374ddf6e65eac
Add new options SEPARATE_BL2_NOLOAD_REGION to separate no-loadable
sections (.bss, stack, page tables) to a ram region specified
by BL2_NOLOAD_START and BL2_NOLOAD_LIMIT.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I844ee0fc405474af0aff978d292c826fbe0a82fd
Add support for Chassis 3.
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I85cf68d4f1db81bf344e34dce13799ae173aa23a
Add a dummy platform token to RMMD and return it on request. The
platform token is requested with an SMC with the following parameters:
* Fid (0xC40001B3).
* Platform token PA (the platform token is copied at this address by
the monitor). The challenge object needs to be passed by
the caller in this buffer.
* Platform token len.
* Challenge object len.
When calling the SMC, the platform token buffer received by EL3 contains
the challenge object. It is not used on the FVP and is only printed to
the log.
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: I8b2f1d54426c04e76d7a3baa6b0fbc40b0116348
This patch reworks the GTSI service implementation in RMMD
such that it is made internal to RMMD. This rework also
lays the ground work for additional RMMD services which
can be invoked from RMM.
The rework renames some of the FID macros to make it
more suited for adding more RMMD services. All the RMM-EL31
service SMCs are now routed via rmmd_rmm_el3_handler().
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: Ic52ca0f33b79a1fd1deefa8136f9586b088b2e07
Cortex A78 AE erratum 2395408 is a Cat B erratum that applies
to revisions <= r0p1. It is still open.
This erratum states, "A translation table walk that matches an
existing L1 prefetch with a read request outstanding on CHI might
fold into the prefetch, which might lead to data corruption for
a future instruction fetch"
This erratum is avoided by setting CPUACTLR2_EL1[40] to 1 to
disable folding of demand requests into older prefetches with
L2 miss requests outstanding.
SDEN is available at https://developer.arm.com/documentation/SDEN-1707912
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: Ic17968987ca3c67fa7f64211bcde6dfcb35ed5d6
Cortex A78 AE erratum 2376748 is a Cat B erratum that applies
to revisions <= r0p1. It is still open.
The erratum states, "A PE executing a PLDW or PRFM PST instruction
that lies on a mispredicted branch path might cause a second PE
executing a store exclusive to the same cache line address to fail
continuously."
The erratum is avoided by setting CPUACTLR2_EL1[0] to 1 to force
PLDW/PFRM ST to behave like PLD/PRFM LD and not cause invalidations
to other PE caches. There might be a small performance degradation
to this workaround for certain workloads that share data.
SDEN is available at https://developer.arm.com/documentation/SDEN-1707912
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I93bd392a870d4584f3e12c8e4626dbe5a3a40a4d
And new file stm32mp13-tzc400.h is created for STM32MP13.
Change-Id: I18d6aa443d07dc42c0fff56fefb2a47632a2c0e6
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This new function pmic_voltages_init() is used to set the minimum value
for STM32MP13 VDDCPU and VDDCORE regulators. This value is retrieved
from device tree.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ibbe237cb5dccc1fddf92e07ffd3955048ff82075
Add new clock driver for STM32MP13. Split the include file to manage
either STM32MP13 or STM32MP15.
Change-Id: Ia568cd12b1d5538809204f0fd2224d51e5d1e985
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@st.com>
Add dedicated clock and reset dt-bindings include files. The former
files are renamed with stm32mp15, and the stm32mp1 file just
determine through STM32MP13 or STM32MP15 flag which file to include.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I0db23996a3ba25f7c3ea920f16230b11cf051208
Implements the loop workaround for Cortex-A76AE, Cortex-A78AE and
Cortex-A78C.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: I5c838f5b9d595ed3c461a7452bd465bd54acc548
Add FF-A v1.1 FFA_RX_ACQUIRE ABI forwarding to SPMD.
RX acquire interface is used by Hypervisor to acquire ownership of a
VM's RX buffer from SPMC when it needs to deliver a message to the VM.
Change-Id: I5f57240a9c9e94eb696a5a394ec0644170380026
Signed-off-by: Federico Recanati <federico.recanati@arm.com>
This patch applies CVE-2022-23960 workarounds for Cortex-A75,
Cortex-A73, Cortex-A72 & Cortex-A57. This patch also implements
the new SMCCC_ARCH_WORKAROUND_3 and enables necessary discovery
hooks for Coxtex-A72, Cortex-A57, Cortex-A73 and Cortex-A75 to
enable discovery of this SMC via SMC_FEATURES. SMCCC_ARCH_WORKAROUND_3
is implemented for A57/A72 because some revisions are affected by both
CVE-2022-23960 and CVE-2017-5715 and this allows callers to replace
SMCCC_ARCH_WORKAROUND_1 calls with SMCCC_ARCH_WORKAROUND_3. For details
of SMCCC_ARCH_WORKAROUND_3, please refer SMCCCv1.4 specification.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ifa6d9c7baa6764924638efe3c70468f98d60ed7c
Implements mitigation for Cortex-A72 CPU versions that support
the CSV2 feature(from r1p0). It also applies the mitigation for
Cortex-A57 CPU.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I7cfcf06537710f144f6e849992612033ddd79d33
Retrieved the NS load address of configs from FW_CONFIG device tree,
and modified the prototype of "set_config_info" to update device tree
information with the retrieved address.
Change-Id: Ic5a98ba65bc7aa0395c70c7d450253ff8d84d02c
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
The previous delegating/undelegating sequence was incorrect as per the
specification DDI0615, "Architecture Reference Manual Supplement, The
Realm Management Extension (RME), for Armv9-A" Sections A1.1.1 and
A1.1.2
Off topic:
- cleaning the gpt_is_gpi_valid and gpt_check_pass_overlap
Change-Id: Idb64d0a2e6204f1708951137062847938ab5e0ac
Signed-off-by: Robert Wakim <robert.wakim@arm.com>
Cortex-A710 erratum 2282622 is a Cat B erratum that applies to revisions
r0p0, r1p0, and r2p0, and is fixed in r2p1. The workaround is to set
CPUACTLR2_EL1[0] to 1, which will force PLDW/PFRM ST to behave like
PLD/PRFM LD and not cause invalidations to other PE caches.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ic48409822536e9eacc003300036a1f0489593020
Cortex-A510 erratum 2172148 is a Cat B erratum that applies to revisions
r0p0, r0p1, r0p2, r0p3 and r1p0, and is fixed in r1p1.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2397239
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I1784d643ca3d1d448340cd421facb5f229df1d22
* changes:
fix(nxp-crypto): refine code to avoid hang issue for some of toolchain
build(changelog): add new scope for nxp crypto
fix(lx2): drop erratum A-009810
Platforms which support Realm world cannot boot up
properly if measured boot is enabled at build time.
An assertions occurs due to the missing RMM entry
in the event_log_metadata array.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I172f10a440797f7c9e1bc79dc72242b40c2521ea
On RME-enabled platforms, it is currently not possible to incorporate
mapping of all bl_regions specified in bl31 setup[1] with the
ARM_BL_REGIONS macro defined to 6. Hence increased its count to 7.
[1]: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/
plat/arm/common/arm_bl31_setup.c#n380
Change-Id: Ieaa97f026ab2ae6eae22442595aa4122ba0a13c4
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Cortex-A510 erratum 2042739 is a Cat B erratum that applies to revisions
r0p0, r0p1 and r0p2 and is fixed in r0p3.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2397239
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I1d2ebee3914396e1e298eb45bdab35ce9e194ad9
Cortex-A510 erratum 2288014 is a Cat B erratum that applies to revisions
r0p0, r0p1, r0p2, r0p3 and r1p0, and is fixed in r1p1.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2397239
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I875519ff55be90244cc3d3a7e9f7abad0fc3c2b8
Cortex-A510 erratum 1922240 is a Cat B erratum that applies to revision
r0p0 and is fixed in r0p1.
Since no errata framework code existed for A510 prior to this patch, it
has been added as well. Also some general cleanup changes in the CPU lib
makefile.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2397239
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I8c427ef255cb4b38ed3e5c2c7444fcef957277e4
bitfield structure maybe has strict-aliasing issue for some compiler,
for example the old code has hang issue for yocto 3.4 toolchain, so
refine the code to avoid to use bitfield structure.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I6b6d7597311240dd6d6b8ca4ce508c69332f9c68
* changes:
test(el3-runtime): dit is retained on world switch
fix(el3-runtime): set unset pstate bits to default
refactor(el3-runtime): add prepare_el3_entry func
Add the SZ_* macros from 32 to 2G.
This allows removing some defines in raw NAND driver
and STM32MP1 boot device selection code.
Change-Id: I3c4d4959b0f43e785eeb37a43d03b2906b7fcfbc
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Cortex-A710 erratum 2136059 is a Cat B erratum that applies to
revisions r0p0, r1p0 and r2p0 of the CPU. It is fixed in r2p1.
The workaround is to set CPUACTLR5_EL1[44] to 1 which will cause
the CPP instruction to invalidate the hardware prefetcher state
trained from any EL.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I43a86a365418fb663cc1b6ab1d365b4beddae0bc
Cortex-A710 erratum 2267065 is a Cat B erratum that applies to
revisions r0p0, r1p0 and r2p0 of the CPU. It is fixed in r2p1.
The workaround is to set CPUACTLR_EL1[22] to 1'b1. Setting
CPUACTLR_EL1[22] will cause the CFP instruction to invalidate
all branch predictor resources regardless of context.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ia9085aaf9b2b6a2b25d03ab36bd3774839fac9aa
Cortex-X2 erratum 2216384 is a Cat B erratum that applies to
revisions r0p0, r1p0 and r2p0 of CPU. It is fixed in r2p1.
The workaround is to set CPUACTLR5_EL1[17] to 1'b1 followed by
applying an instruction patching sequence.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775100/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I3c216161678887c06a28c59644e784e0c7d37bab
Cortex-X2 erratum 2081180 is a Cat B erratum present in r0p0, r1p0
and r2p0 of the Cortex-X2 processor core.
Cortex-X2 SDEN: https://developer.arm.com/documentation/SDEN1775100
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I64bed2fd5b7e12932d6de2ae668786e689885188
Cortex-X2 erratum 2017096 is a Cat B erratum that applies to
revisions r0p0, r1p0 & r2p0. The workaround is to set CPUECLTR_EL1[8]
to 1 which disables store issue prefetching.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775100
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I3b740aedc95c2394f6b8d1186014d2b2f640ae05
Older Qualcomm SoCs seem to have a custom Qualcomm implementation of
the GICv2 specification. It's mostly compliant but unfortunately it
looks like a mistake was made with the GICD_PIDR registers. PIDR2 is
defined to be at offset 0xFE8, but the Qualcomm implementation has it
at 0xFD8.
It looks like the entire PIDR0-3/4-7 block is swapped compared to the
ARM implementation: PIDR0 starts at 0xFD0 (instead of 0xFE0)
and PIDR4 starts at 0xFE0 (instead of 0xFD0).
Actually this only breaks a single assert in gicv2_main.c that checks
the GIC version: assert((gic_version == ARCH_REV_GICV2) ...
In release mode everything seems to work correctly.
To keep the code generic, allow affected platforms to override the
GICD_PIDR2_GICV2 register address in platform_def.h. Since this header
is typically included very early (e.g. from assert.h), add an #ifndef
so the definitions from platform_def.h takes priority.
Change-Id: I2929a8c1726f8d751bc28796567eb30b81eca2fe
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Add tsp service to check the value of the PSTATE DIT bit is as
expected and toggle it's value. This is used to ensure that
the DIT bit is maintained during a switch from the Normal to
Secure worlds and back.
Change-Id: I4e8bdfa6530e5e75925c0079d4fa2795133c5105
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
During a transition to a higher EL some of the PSTATE bits are not set
by hardware, this means that their state may be leaked from lower ELs.
This patch sets those bits to a default value upon entry to EL3.
This patch was tested using a debugger to check the PSTATE values
are correctly set. As well as adding a test in the next patch to
ensure the PSTATE in lower ELs is still maintained after this change.
Change-Id: Ie546acbca7b9aa3c86bd68185edded91b2a64ae5
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
From the new binding, the RCC become secured based on the new
compatible. This must be done only from the secure OS initialisation.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I7f0a62f22bfcca638ddaefc9563df00f89f01653
Allow to set a gpio in output mode from the device tree.
Signed-off-by: Fabien Dessenne <fabien.dessenne@foss.st.com>
Change-Id: Ic483324bc5fe916a60df05f74706bd1da4d08aa5
No functional, change, but some improvements:
- Declare set_gpio() as static (only called locally)
- Handle the type ('open-drain') property independently from the
mode one.
- Replace mmio_clrbits_32() + mmio_setbits_32() with
mmio_clrsetbits_32().
- Add a missing log
- Add missing U() in macro definitions
Signed-off-by: Fabien Dessenne <fabien.dessenne@foss.st.com>
Change-Id: I1a79609609ac8e8001127ebefdb81def573f76fa
