Measurements taken during boot are stored in RSS.
These measurements are included in the platform
attestation token.
Change-Id: Iac3356f813fb417315681c718839319832a76191
Signed-off-by: David Vincze <david.vincze@arm.com>
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
The maximum size of BL1/BL2/BL31 is increased due to
the added new functionalities, such as RSS based
measured boot on TC2.
Change-Id: I939c7c3da6bf870db46b32cd2836c6737de278bb
Signed-off-by: David Vincze <david.vincze@arm.com>
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Adding PLAT_* prefix to indicate that the
platform needs to provide this definition.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I0bd02be405fd8b1e625bd2b82647ebb2b58265fc
Define the RSS_COMMS_PAYLOAD_MAX_SIZE macro. Its value is platform
specific and gives the largest message size which are exchanged
on the TC2 platform between RSS and AP.
Change-Id: Id831c282dc9a39755b82befead1a81767e217215
Signed-off-by: David Vincze <david.vincze@arm.com>
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Added a platform function to check passed region is within
the Non-Secure region of DRAM.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ie5808fa6a1b6e6bc99f4185fa8acc52af0d5f14d
Added a platform function to set and get DRTM error.
Also, added a platform function to reset the system.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I471f2387f8c78b21a06af063a6fa02cda3646557
Added Event Log driver support for DRTM. This driver
is responsible for the doing the hash measurement of
various DRTM components as per [1], and putting these
measurements in the Event Log buffer.
[1]: https://developer.arm.com/documentation/den0113/a, section 3.16
Change-Id: I9892c313cf6640b82e261738116fe00f7975ee12
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Added platform hooks to retrieve DRTM features and
address map.
Additionally, implemented these hooks for the FVP platform.
Signed-off-by: John Powell <john.powell@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I5621cc9807ffff8139ae8876250147f7b2c76759
DRTM implementation needs crypto support in BL31 to calculate
hash of various DRTM components
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I659ce8e54550946db253d23f150cca8b2fa7b880
DRTM implementation maps the DLME data region provided by the
DCE-preamble in BL31, hence increased MAX_XLAT_TABLES entries
count.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Change-Id: I5f0ac69e009c4f81d3590fdb1f4c0a7f73c5c99d
The stack size of BL31 has been increased to accommodate the
introduction of mbedTLS support for DRTM.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Change-Id: Id0beacf4df553af4ecbe714af20e71604ccfed59
Added necessary platform hooks for DRTM DMA protection.
These calls will be used by the subsequent DRTM implementation
patches.
DRTM platform API declarations have been listed down in a
separate header file.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Change-Id: Ib9726d1d3570800241bde702ee7006a64f1739ec
On one hand, there is currently no upstream platform supporting the
RSS. On the other hand, we are gradually introducing driver code for
RSS. Even though we cannot test this code in the TF-A CI right now, we
can at least build it to make sure no build regressions are introduced
as we continue development.
This patch adds support for overriding PLAT_RSS_NOT_SUPPORTED build
flag (which defaults to 1 on the Base AEM FVP) from the command
line. This allows introducing an ad-hoc CI build config with
PLAT_RSS_NOT_SUPPORTED=0, which will correctly pull in the RSS and MHU
source files. Of course, the resulting firmware will not be
functional.
Change-Id: I2b0e8dd03bf301e7063dd4734ea5266b73265be1
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Neoverse Reference Design platform RD-Edmunds has been renamed to RD-V2
and so all corresponding references have been changed.
Signed-off-by: Joel Goddard <joel.goddard@arm.com>
Change-Id: I134f125f8ce9ec2f42988ecd742de307da936f2b
Neoverse Demeter CPU has been renamed to Neoverse V2 CPU.
Correspondingly, update the CPU library, file names and other
references to use the updated IP name.
Signed-off-by: Joel Goddard <joel.goddard@arm.com>
Change-Id: Ia4bf45bf47807c06f4c966861230faea420d088f
Update test CCA Platform token in fvp_plat_attest_token.c to be
up-to-date with RMM spec Beta0.
Change-Id: I0f5e2ac1149eb6f7a93a997682f41d90e109a049
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
RD-N2* variants of Neoverse reference design platforms could be
configured to boot from SRAM or DRAM. Having ARM_BL31_IN_DRAM set to 1
within the common makefile would deter these platforms from having this
flexibility. Remove the default override configuration for
`ARM_BL31_IN_DRAM`.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I8d79969c003a984675cbe705de890b51a1f7f4ea
Update SRAM size for Neoverse reference design platforms from 256KB to
512KB. This is required to place and execute BL31 image from the
on-chip SRAM. Additionally, revise BL31 image size to accommodate
larger BL31 images of multi-chip platforms.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I11c2672a1089f24a9fafcf6555b8e1d52032cfde
- Removing platform dependencies from libc modules.
- Replacing panicking with actual error handling.
- Debug macros are included indirectly from assert.h. Removing
"platform_def.h" from assert.h and adding "common/debug.h"
where the macros are used.
- Removing hack for fixing PLAT_LOG_LEVEL_ASSERT to 40.
Instead removing assert with expression, as this
does not provide additional information.
Signed-off-by: Claus Pedersen <claustbp@google.com>
Change-Id: Icc201ea7b63c1277e423c1cfd13fd6816c2bc568
Enable the CSS implementation of the warm reset for the rdn2 platform.
In addition to these changes, fix coding style issues that are not
directly related to the code being introduced in this patch.
Change-Id: I75128d8bbcccbc26cf1e904691c7ef71349c622f
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
To initiate a reset or reboot, the nonsecure OS invokes the PSCI
SYSTEM_RESET function from any one core. As per the PSCI specification,
it is the responsibility of firmware to implement the system view of
the reset or reboot operation. For the platforms supported by CSS,
trigger the reset/reboot operation by sending an SGI to rest all CPUs
which are online. The CPUs respond to this interrupt by initiating its
powerdown sequence.
In addition to these changes, fix coding style issues that are not
directly related to the code being introduced in this patch.
Change-Id: I547253ee28ef7eefa78180d016893671a406bbfa
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
Add platform specific interrupt handler for handling the reboot of
all CPU's. On shutdown/reboot, only one CPU invoke PSCI and enter into
trusted firmware. The CPU which entered trusted firmware signals the
rest of the cores which are online using SGI to initiate power down
sequence. On receiving the SGI, the handler will power down the
GIC redistributor interface of the respective core, configure the power
control register and power down the CPU by executing wfi.
In addition to these changes, fix coding style issues that are not
directly related to the code being introduced in this patch.
Change-Id: I4917dfdc47be5ce7367bee629486a6344cdd706f
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
Add a new function to setup a SGI interrupt that will be used to trigger
a request for per-cpu power down when executing the PSCI SYSTEM_RESET
request. This will be used on CSS platform that require all the CPUs to
execute the CPU specific power down sequence to complete a warm reboot
sequence in which only the CPUs are power cycled.
Change-Id: I80da0f6c3cd0c5c442c82239ba1e1f773821a7f5
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
Currently the Run-time UART is mapped to AP UART1 which is internally
routed to MCP UART1, so unsharing it from AP UART1 and mapping it to
IOFPGA UART0 for exclusiveness among the usage of the UARTs.
Signed-off-by: Himanshu Sharma <Himanshu.Sharma@arm.com>
Change-Id: I366740a971a880decf0d373e9055e7ebda5df53a
* ASM files are renamed to have public IP names in their filename.
* updated other files to include ASM filename changes.
Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
Change-Id: Ie899c512b11fd7c4312e3a808bb6b9d2376cdb8c
Add an example manifest for the EL3 SPMC on the FVP Platform
that allows booting the TSP example partition.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ie7f40328e0313abb5b1a121dfdc22a5f7387587f
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Currently Tf-A uses whatever openssl binary is on the system to sign
images. However if OPENSSL_DIR is specified in the build flags this can
lead to linking issues as the system binary can end up being linked
against shared libraries provided in OPENSSL_DIR/lib if both binaries
(the system's and the on in OPENSSL_DIR/bin) are the same version.
This patch ensures that the binary used is always the one given by
OPENSSL_DIR to avoid those link issues.
Signed-off-by: Salome Thirot <salome.thirot@arm.com>
Change-Id: Ib534e06ebc8482e4391e376d3791a87968de4a99
These changes are to add support for loading and booting
OP-TEE as SPMC running at SEL1 for N1SDP platform.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: I0514db646d4868b6f0c56f1ea60495cb3f7364fd
Added a platform support to use tc2 specific CPU cores.
Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
Change-Id: Ib76d440e358e9bd1cf80aec5b8591f7a6e47ecbd
Change [1] is specific to TC2 model and breaks former TC0/TC1 test
configs.
BL1 start address is 0x0 on TC0/TC1 and 0x1000 from TC2 onwards.
Fix by adding conditional defines depending on TARGET_PLATFORM build
flag.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/15917
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I51f77e6a61ca8eaa6871c19cabe9deb1288f5a9d
Locate BL1 at 0x1000 to compensate for the MCUBoot
header size.
Signed-off-by: Anders Dellien <anders.dellien@arm.com>
Change-Id: I30a5ccf8212786479bff8286f3d0abb9dec4b7d0
Added debug logs to show the reason behind skipping firmware
configuration loading, and also a few debug strings were corrected.
Additionally, a panic will be triggered if the configuration sanity
fails.
Change-Id: I6bbd67b72801e178a14cbe677a8831b25a907d0c
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
The value of the macro CSS_SGI_REMOTE_CHIP_MEM_OFFSET can be different
across all the Neoverse reference design platforms. This value depends
on the number of address bits used per chip. So let all platforms define
CSS_SGI_ADDR_BITS_PER_CHIP which specifies the number of address bits
used per chip.
In addition to this, reuse the definition of CSS_SGI_ADDR_BITS_PER_CHIP
for single chip platforms and CSS_SGI_REMOTE_CHIP_MEM_OFFSET for multi-
chip platforms to determine the maximum address space size. Also,
increase the RD-N2 multi-chip address space per chip from 4TB to 64TB.
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: If5e69ec26c2389304c71911729d4addbdf8b2686
The EL3 runtime firmware has been running from internal trusted
SRAM space on the Morello platform. Due to unavailability of tag
support for the internal trusted SRAM this becomes a problem if
we enable capability pointers in BL31.
To support capability pointers in BL31 it has to be run from the
main DDR memory space. This patch updates the Morello platform
configuration such that BL31 is loaded and run from DDR space.
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Change-Id: I16d4d757fb6f58c364f5133236d50fc06845e0b4
* changes:
docs(rmmd): document EL3-RMM Interfaces
feat(rmmd): add support to create a boot manifest
fix(rme): use RMM shared buffer for attest SMCs
feat(rmmd): add support for RMM Boot interface
This patch also adds an initial RMM Boot Manifest (v0.1) for fvp
platform.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I1374f8f9cb207028f1820953cd2a5cf6d6c3b948
Use the RMM shared buffer to attestation token and signing key SMCs.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I313838b26d3d9334fb0fe8cd4b229a326440d2f4
This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, among others, to pass a boot manifest to RMM. The buffer is
composed a single memory page be used by a later EL3 <-> RMM interface
by all CPUs.
The RMM boot manifest is not implemented by this patch.
In addition to that, this patch also enables support for RMM when
RESET_TO_BL31 is enabled.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I855cd4758ee3843eadd9fb482d70a6d18954d82a
According to Arm CCA security model [1],
"Root world firmware, including Monitor, is the most trusted CCA
component on application PE. It enforces CCA security guarantees for
not just Realm world, but also for Secure world and for itself.
It is expected to be small enough to feasibly fit in on-chip memory,
and typically needs to be available early in the boot process when
only on-chip memory is available."
For these reasons, it is expected that "monitor code executes entirely
from on-chip memory."
This precludes usage of ARM_BL31_IN_DRAM for RME-enlightened firmware.
[1] Arm DEN0096 A.a, section 7.3 "Use of external memory by CCA".
Change-Id: I752eb45f1e6ffddc7a6f53aadcc92a3e71c1759f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
