This patch also adds an initial RMM Boot Manifest (v0.1) for fvp
platform.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I1374f8f9cb207028f1820953cd2a5cf6d6c3b948
Use the RMM shared buffer to attestation token and signing key SMCs.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I313838b26d3d9334fb0fe8cd4b229a326440d2f4
This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, among others, to pass a boot manifest to RMM. The buffer is
composed a single memory page be used by a later EL3 <-> RMM interface
by all CPUs.
The RMM boot manifest is not implemented by this patch.
In addition to that, this patch also enables support for RMM when
RESET_TO_BL31 is enabled.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I855cd4758ee3843eadd9fb482d70a6d18954d82a
According to Arm CCA security model [1],
"Root world firmware, including Monitor, is the most trusted CCA
component on application PE. It enforces CCA security guarantees for
not just Realm world, but also for Secure world and for itself.
It is expected to be small enough to feasibly fit in on-chip memory,
and typically needs to be available early in the boot process when
only on-chip memory is available."
For these reasons, it is expected that "monitor code executes entirely
from on-chip memory."
This precludes usage of ARM_BL31_IN_DRAM for RME-enlightened firmware.
[1] Arm DEN0096 A.a, section 7.3 "Use of external memory by CCA".
Change-Id: I752eb45f1e6ffddc7a6f53aadcc92a3e71c1759f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
On STM32MP15, there is currently an OP-TEE shared memory area at the end
of the DDR. But this area will in term be removed. To allow a smooth
transition, a new flag is added (STM32MP15_OPTEE_RSV_SHM). It reflects
the OP-TEE flag: CFG_CORE_RESERVED_SHM. The flag is enabled by default
(no behavior change). It will be set to 0 when OP-TEE is aligned, and
then later be removed.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I91146cd8a26a24be22143c212362294c1e880264
* changes:
feat(synquacer): add FWU Multi Bank Update support
feat(synquacer): add TBBR support
feat(synquacer): add BL2 support
refactor(synquacer): move common source files
Add FWU Multi Bank Update support. This reads the platform metadata
and update the FIP base address so that BL2 can load correct BL3X
based on the boot index.
Cc: Sumit Garg <sumit.garg@linaro.org>
Cc: Masahisa Kojima <masahisa.kojima@linaro.org>
Cc: Manish V Badarkhe <manish.badarkhe@arm.com>
Cc: Leonardo Sandoval <leonardo.sandoval@linaro.org>
Change-Id: I5d96972bc4b3b9a12a8157117e53a05da5ce89f6
Signed-off-by: Masami Hiramatsu <masami.hiramatsu@linaro.org>
Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
Prepare for introduction of BL2 support by moving
reusable files from BL31_SOURCES into PLAT_BL_COMMON_SOURCES
Cc: Sumit Garg <sumit.garg@linaro.org>
Cc: Masahisa Kojima <masahisa.kojima@linaro.org>
Cc: Manish V Badarkhe <manish.badarkhe@arm.com>
Cc: Leonardo Sandoval <leonardo.sandoval@linaro.org>
Change-Id: I21137cdd40d027cfa77f1dec3598ee85d4873581
Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
Introduce a functionality for saving/restoring boot auth status
and partition used for booting (FSBL partition on which the boot
was successful).
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Change-Id: I4d7f153b70dfc49dad8c1c3fa71111a350caf1ee
No need to keep all PU domains on as the full power domain driver
support has been added.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: Iec22dcabbbfe3f38b915104a437d396d7b1bb2d8
Add PLL power down override & bypass support when
system enter DSM mode.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I50cd6b82151961ab849f58714a8c307d3f7f4166
* changes:
feat(arm): retrieve the right ROTPK for cca
feat(arm): add support for cca CoT
feat(arm): provide some swd rotpk files
build(tbbr): drive cert_create changes for cca CoT
refactor(arm): add cca CoT certificates to fconf
feat(fiptool): add cca, core_swd, plat cert in FIP
feat(cert_create): define the cca chain of trust
feat(cca): introduce new "cca" chain of trust
build(changelog): add new scope for CCA
refactor(fvp): increase bl2 size when bl31 in DRAM
STM32MP13 can encrypt the DDR. OP-TEE is then fully in DDR, and there
is no need for paged image on STM32MP13. The management of the paged
OP-TEE is made conditional, and will be kept only for STM32MP15.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I85ac7aaf6a172c4ee529736113ed40fe66835fd7
Increase the size of bl31 image by 52K to accomodate increased size of
xlat table.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: Ic3a8d8be1104adf48d22aa829e2197f710b6b666
Add support to read the list of isolated CPUs from SDS and publish this
list via the non-trusted firmware configuration file for the next stages
of boot software to use.
Isolated CPUs are those that are not to be used on the platform for
various reasons. The isolated CPU list is an array of MPID values of the
CPUs that have to be isolated.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I4313cf025f4c9e9feffebca2d35b259f5bafce69
Add a new property named 'isolated-cpu-list' to list the CPUs that are
to be isolated and not used by the platform. The data represented by
this property is formatted as below.
strutct isolated_cpu_mpid_list {
uint64_t count;
uint64_t mpid_list[MAX Number of PE];
}
Also, the property is pre-initialized to 0 to reserve space for the
property in the dtb. The data for this property is read from SDS and
updated during boot. The number of entries in this list is equal to the
maximum number of PEs present on the platform.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I4119f899a273ccbf8259e0d711d3a25501c7ec64
* changes:
feat(sgi): add page table translation entry for secure uart
feat(sgi): route TF-A logs via secure uart
feat(sgi): deviate from arm css common uart related definitions
Add the TPM event log node to the SPMC manifest such that the TF-A
measured boot infrastructure fills the properties with event log address
for components measured by BL2 at boot time.
For a SPMC there is a particular interest with SP measurements.
In the particular case of Hafnium SPMC, the tpm event log node is not
yet consumed, but the intent is later to pass this information to an
attestation SP.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ic30b553d979532c5dad9ed6d419367595be5485e
Add page table translation entry for secure uart so that logs from
secure partition can be routed via the same.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I3416d114bcee13824a7d0861ee54fb799e154897
Route the boot, runtime and crash stage logs via secure UART port
instead of the existing use of non-secure UART. This aligns with the
security state the PE is in when logs are put out. In addition to this,
this allows consolidation of the UART related macros across all the
variants of the Neoverse reference design platforms.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I417f5d16457b602c94da4c74b4d88bba03da7462
The Neoverse reference design platforms will migrate to use different
set of secure and non-secure UART ports. This implies that the board
specific macros defined in the common Arm platform code will no longer
be usable for Neoverse reference design platforms.
In preparation for migrating to a different set of UART ports, add a
Neoverse reference design platform specific copy of the board
definitions. The value of these definitions will be changed in
subsequent patches.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I1ab17a3f02c8180b63be24e9266f7129beee819f
Pull in MbedTLS support for sha512 when greater than sha256 is required
based on refactoring for hash algorithm selection for Measured Boot.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I489392133435436a16edced1d810bc5204ba608f
Pull in MbedTLS support for sha512 when greater than sha256 is required
based on refactoring for hash algorithm selection for Measured Boot.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ib0ca5ecdee7906b41a0e1060339d43ce7a018d31
With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algorithms, so now there can be more than one hash algorithm in a build.
Therefore the logic for selecting the measured boot hash algorithm needs
to be updated and the coordination of algorithm selection added. This is
done by:
- Adding MBOOT_EL_HASH_ALG for Event Log to define the hash algorithm
to replace TPM_HASH_ALG, removing reference to TPM.
- Adding MBOOT_RSS_HASH_ALG for RSS to define the hash algorithm to
replace TPM_HASH_ALG.
- Coordinating MBOOT_EL_HASH_ALG and MBOOT_RSS_HASH_ALG to define the
Measured Boot configuration macros through defining
TF_MBEDTLS_MBOOT_USE_SHA512 to pull in SHA-512 support if either
backend requires a stronger algorithm than SHA-256.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I4ddf06ebdc3835beb4d1b6c7bab5a257ffc5c71a
By default placing bl31 to addrexx 0x1000 is not good. Because this
location is used by U-Boot SPL. That's why move TF-A back to OCM where it
should be placed. BL31_BASE address exactly matches which requested address
for U-BOOT SPL boot flow.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Change-Id: I608c1b88baffec538c6ae528f057820e34971c4c
The cca chain of trust involves 3 root-of-trust public keys:
- The CCA components ROTPK.
- The platform owner ROTPK (PROTPK).
- The secure world ROTPK (SWD_ROTPK).
Use the cookie argument as a key ID for plat_get_rotpk_info() to return
the appropriate one.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ieaae5b0bc4384dd12d0b616596596b031179044a
- Use the development PROTPK and SWD_ROTPK if using cca CoT.
- Define a cca CoT build flag for the platform code to provide
different implementations where needed.
- When ENABLE_RME=1, CCA CoT is selected by default on Arm
platforms if no specific CoT is specified by the user.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I70ae6382334a58d3c726b89c7961663eb8571a64
When using the new cca chain of trust, a new root of trust key is needed
to authenticate the images belonging to the secure world. Provide a
development one to deploy this on Arm platforms.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I9ea7bc1c15c0c94c1021d879a839cef40ba397e3
Adding support in fconf for the cca CoT certificates for cca, core_swd,
and plat key.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I8019cbcb7ccd4de6da624aebf3611b429fb53f96
Increase the space for BL2 by 0xC000 to accommodate the increase in size
of BL2 when ARM_BL31_IN_DRAM is set.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ifc99da51f2de3c152bbed1c8269dcc8b9100797a
* changes:
feat(stm32mp1): extend STM32MP_EMMC_BOOT support to FIP format
refactor(mmc): replace magic value with new PART_CFG_BOOT_PARTITION_NO_ACCESS
refactor(mmc): export user/boot partition switch functions
Instead of searching pinctrl node with its name, search with its
compatible. This will be necessary before pin-controller name changes
to pinctrl due to kernel yaml changes.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I00590414fa65e193c6a72941a372bcecac673f60
Add support for new xck24 device.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I913a34d5a48ea665aaa4348f573fc59566dd5a9b
MISRA Violation: MISRA-C:2012 R.8.6
- Function is declared but never defined.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I0df53ef4b2c91fa8ec3bf3e5491bf37dd7400685
MISRA Violation: MISRA-C:2012 R.4.6
- Using basic numerical type int rather than a typedef
that includes size and signedness information.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I9fb686e7aa2b85af6dfcb7bb5f87eddf469fb85c
STM32MP_EMMC_BOOT allowed placing SSBL into the eMMC boot
partition along with FSBL. This allows atomic update of both
FSBL and SSBL at the same time. Previously, this was only
possible for the FSBL, as the eMMC layout expected by TF-A
had a single SSBL GPT partition in the eMMC user area.
TEE binaries remained in dedicated GPT partitions whether
STM32MP_EMMC_BOOT was on or off.
The new FIP format collects SSBL and TEE partitions into
a single binary placed into a GPT partition.
Extend STM32MP_EMMC_BOOT, so eMMC-booted TF-A first uses
a FIP image placed at offset 256K into the active eMMC boot
partition. If no FIP magic is detected at that offset or if
STM32MP_EMMC_BOOT is disabled, the GPT on the eMMC user area
will be consulted as before.
This allows power fail-safe update of all firmware using the
built-in eMMC boot selector mechanism, provided it fits into
the boot partition - SZ_256K. SZ_256K was chosen because it's
the same offset used with the legacy format and because it's
the size of the on-chip SRAM, where the STM32MP15x BootROM
loads TF-A into. As such, TF-A may not exceed this size limit
for existing SoCs.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Change-Id: Id7bec45652b3a289ca632d38d4b51316c5efdf8d
Add SP entries to event_log_metadata if SPD_spmd is enabled. Otherwise
the platform cannot boot with measured boot enabled.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I525eb50e7bb60796b63a8c7f81962983017bbf87
MISRA Violation: MISRA-C:2012 R.15.6
- The body of an iteration-statement or a selection-statement shall be
a compound statement.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: Ia1d6fcabd36d18ff2dab6c22579ffafd5211fc1f
After the SRC bit clear, we must wait for a while to make sure
the operation is finished. And don't enable all the PU domains
by default.
for USB OTG, the limitations are:
1. before system clock configuration. ipg clock runs at 12.5MHz.
delay time should longer than 82us.
2. after system clock configuration. ipg clock runs at 66.5MHz.
delay time should longer than 15.3us.
so add udelay 100 to safely clear the SRC bit 0.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I52e8e7739fdaaf86442bcd148e768b6af38bcdb7
MISRA Violation: MISRA-C:2012 R.8.13
- The pointer variable points to a non-constant type
but does not modify the object it points to. Consider
adding const qualifier to the points-to type.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: Ifd06c789cfd3babe1f5c0a17aff1ce8e70c87b05
MISRA Violation: MISRA-C:2012 R.8.13
- The pointer variable points to a non-constant type
but does not modify the object it points to. Consider
adding const qualifier to the points-to type.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I74e1b69290e081645bec8bb380128936190b5e24
MISRA Violation: MISRA-C:2012 R.4.6
- Using basic numerical type int rather than a typedef
that includes size and signedness information.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I4eccce7e238f283348a5013e2e45c91435b4ae4e
Different from other i.MX SoCs, which typically use a 24MHz reference clock,
the i.MX8MQ uses a 25MHz reference clock. As the architected timer clock
frequency is directly sourced from the reference clock via a /3 divider this
SoC runs the timers at 8.33MHz.
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Change-Id: Ief36af9ffebce7cb75a200124134828d3963e744
Optimizing the pinctrl_functions structure. Remove the pointer to
array of u16 type which consumes a lot of memory (64bits pointer to
array + 16B for END_OF_GROUPS + almost useless 8bits on every entry
which is the same for every group) and add two new members of type
u16 and u8 with the name called group_base and group_size
respectively.
The group_base member contains the base value of pinctrl group whereas
the group_size member contains the total number of groups requested
from the pinctrl function.
Overall, it saves around ~2KB of RAM and ~0.7KB of code memory.
Signed-off-by: Michal Simek <michal.simek@amd.com>
Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Change-Id: I79b761b45df350d390fa344d411b340d9b2f13ac
* changes:
feat(fvp): add plat hook for memory transactions
feat(spmc): enable handling of the NS bit
feat(spmc): add support for v1.1 FF-A memory data structures
feat(spmc/mem): prevent duplicated sharing of memory regions
feat(spmc/mem): support multiple endpoints in memory transactions
feat(spmc): add support for v1.1 FF-A boot protocol
feat(plat/fvp): introduce accessor function to obtain datastore
feat(spmc/mem): add FF-A memory management code
Add call to platform hooks upon successful transmission of a
memory transaction request and as part of a memory reclaim request.
This allows for platform specific functionality to be performed
accordingly.
Note the hooks must be placed in the initial share request and final
reclaim to prevent order dependencies with operations that may take
place in the normal world without visibility of the SPMC.
Add a dummy implementation to the FVP platform.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I0c7441a9fdf953c4db0651512e5e2cdbc6656c79
In order to provide the EL3 SPMC a sufficient datastore to
record memory descriptors, a accessor function is used.
This allows for the backing memory to be allocated in a
platform defined manner, to accommodate memory constraints
and desired use cases.
Provide an implementation for the Arm FVP platform to
use a default value of 512KB memory allocated in the
TZC RAM section.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I92bc55ba6e04bdad429eb52f0d2960ceda682804
This change makes the necessary additions to makefile of
platforms using partition driver.
Signed-off-by: Rohit Ner <rohitner@google.com>
Change-Id: I0d524760bf52e1d9b4a103f556231f20146bd78e
This change makes the necessary additions to makefile of
platforms using partition driver.
Signed-off-by: Rohit Ner <rohitner@google.com>
Change-Id: I1290972c7d2626262d4b6d68b99bb8f2c4b6744c
This change makes the necessary additions to makefile of
platforms using partition driver.
Signed-off-by: Rohit Ner <rohitner@google.com>
Change-Id: Ie26d9e5943453ce54ee8c72c6e44170577e3afc0
This change makes the necessary additions to makefile of
platforms using partition driver.
Signed-off-by: Rohit Ner <rohitner@google.com>
Change-Id: I66f6daaa0deac984b0aa5f2a182385410189ba8a
stm32mp1 platform build failed with the error [1] in the coverity, to
fix it included assert.h file.
Including bl32/sp_min/sp_min.mk
plat/st/stm32mp1/plat_image_load.c: In function
'plat_get_bl_image_load_info':
plat/st/stm32mp1/plat_image_load.c:30:2: error: implicit declaration of
function 'assert' [-Werror=implicit-function-declaration]
30 | assert(bl33 != NULL);
| ^~~~~~
plat/st/stm32mp1/plat_image_load.c:9:1: note: 'assert' is defined in
header '<assert.h>'; did you forget to '#include <assert.h>'?
8 | #include <plat/common/platform.h>
+++ |+#include <assert.h>
9 |
cc1: all warnings being treated as errors
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I486bd695298798c05008158545668020babb3eca
MISRA Violation: MISRA-C:2012 R.8.3
- Declaration uses a different parameter name than the one present in the
definition.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: Id0521afd7383df13870710b7dd2894e788896e5e
MISRA Violation: MISRA-C:2012 R.8.4
- Function definition does not have a visible prototype.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I50a2c1adf2e099217770ac665f135302f990b162
This patch is to fix configuration status command now returns
the result based on the last config start command made to the
runtime software. The status type can be either:
- NO_REQUEST (default)
- RECONFIGURATION
- BITSTREAM_AUTH
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I1ce4b7b4c741d88de88778f8fbed7dfe83a39fbc
This patch is to align the sequence of function in header file.
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I9658aef78b06b744c6c14f95b2821daf5dbb0082
This patch is to remove redundant NOC declarations in
system manager header file. The NOC headers are shareable
across both Stratix 10 and Agilex platforms.
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I40ff55eb1d8fe280db1d099d5d1a3c2bf4b4b459
This call is used to register and reset SGI interrupt.
Before this functionality was performed using IOCTL_REGISTER_SGI
pm_ioctl EEMI call. It's not correct use of PM_IOCTL as it is
not EEMI functionality. Instead this new SMCCC call will be
handled by TF-A specific handler.
Change-Id: If2408af38b889d29a5c584e8eec5f1672eab4fb5
Signed-off-by: Tanmay Shah <tanmay.shah@xilinx.com>
Add "reset" parameter in pm_register_sgi() to reset
SGI number. This will be required if OS wants to reset
SGI number to default state. Caller can reset param to
1 to reset SGI in ATF.
Change-Id: If485ff275df884f74eb67671cac7fa953458afe9
Signed-off-by: Rajan Vaja <rajan.vaja@xilinx.com>
Signed-off-by: Tanmay Shah <tanmay.shah@xilinx.com>
This patch adds support to load nt_fw_config with the information from
plat_info sds structure which is then passed from BL2 to BL33.
Signed-off-by: sahil <sahil@arm.com>
Change-Id: I2fcf13b7bf5ab042ef830157fd9cceedbdca617a
* changes:
fix(intel): add flash dcache after return response for INTEL_SIP_SMC_MBOX_SEND_CMD
fix(intel): extending to support large file size for SHA2/HMAC get digest and verifying
fix(intel): extending to support large file size for SHA-2 ECDSA data signing and signature verifying
fix(intel): extending to support large file size for AES encryption and decryption
feat(intel): support version 2 SiP SVC SMC function ID for mailbox commands
feat(intel): support version 2 SiP SVC SMC function ID for non-mailbox commands
fix(intel): update certificate mask for FPGA Attestation
feat(intel): update to support maximum response data size
feat(intel): support ECDSA HASH Verification
feat(intel): support ECDSA HASH Signing
feat(intel): support ECDH request
feat(intel): support ECDSA SHA-2 Data Signature Verification
feat(intel): support ECDSA SHA-2 Data Signing
feat(intel): support ECDSA Get Public Key
feat(intel): support session based SDOS encrypt and decrypt
feat(intel): support AES Crypt Service
feat(intel): support HMAC SHA-2 MAC verify request
feat(intel): support SHA-2 hash digest generation on a blob
feat(intel): support extended random number generation
feat(intel): support crypto service key operation
feat(intel): support crypto service session
feat(intel): extend attestation service to Agilex family
fix(intel): flush dcache before sending certificate to mailbox
fix(intel): introduce a generic response error code
fix(intel): allow non-secure access to FPGA Crypto Services (FCS)
feat(intel): single certificate feature enablement
feat(intel): initial commit for attestation service
fix(intel): update encryption and decryption command logic
This is required to prevent Nwd context corruption during StMM
execution.
Standalone MM uses OpenSSL for secure boot, which uses FP registers for
floating point calculations.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I6ed11d4fa5d64c3089a24b66fd048a841c480792
Enable the RSS backend based measured boot feature.
In the absence of RSS the mocked version of PSA APIs
are used. They always return with success and hard-code data.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I7543e9033a7a21f1b836d911d8d9498c6e09b956
This patch is to add flash dcache after return
response in INTEL_SIP_SMC_MBOX_SEND_CMD.
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ie9451e352f2b7c41ebb44a1f6be9da35f4600fb9
This patch is to extend to support large file size
for SHA2/HMAC get digest and verifying. The large
file will be split into smaller chunk and send using
initialize, update and finalize staging method.
Signed-off-by: Yuslaimi, Alif Zakuan <alif.zakuan.yuslaimi@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I1815deeb61287b32c3e77c5ac1b547b79ef12674
This patch is to extend to support large file size
for SHA-2 ECDSA data signing and signature verifying.
The large file will be split into smaller chunk and
send using initialize, update and finalize staging method.
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: If277b2b375a404fe44b0858006c8ba6316a5ce23
This patch is to extend to support large file size
for AES encryption and decryption. The large file
will be split into smaller chunk and send using
initialize, update and finalize staging method.
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ie2ceaf247e0d7082aad84faf399fbd18d129c36a
A separated SMC function ID of mailbox command
is introduced for the new format of SMC protocol.
The new format of SMC procotol will be started
using by Zephyr.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I7996d5054f76c139b5ad55451c373f5669a1017f
A separated SMC function ID of non-mailbox command
is introduced for the new format of SMC protocol.
The new format of SMC procotol will be started
using by Zephyr.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I01cff2739364b1bda2ebb9507ddbcef6095f5d29
Update the certificate mask to 0xff to cover all certificate
in Agilex family.
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Id40bc3aa4b3e4f7568a58581bbb03a75b0f20a0b
Update to support maximum (4092 bytes) response data size.
And, clean up the intel_smc_service_completed function to
directly write the response data to addr to avoid additional
copy.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I0a230e73c563d22e6999ad3473587b07382dacfe
Supporting the command to send digital signature verification
request on a data blob. This include ECC algorithm such as
NISP P-256, NISP P-384, Brainpool 256 and, Branpool 384
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ic86f531bfe7cc7606699f2b064ac677aaf806a76
Supporting the command to send digital signature signing
request on a data blob. This include ECC algorithm such as
NISP P-256, NISP P-384, Brainpool 256 and, Branpool 384
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I12cf0f1ceaf07c33a110eae398d3ad82a9b13d38
This command sends the request on generating a share secret on
Diffie-Hellman key exchange.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ic7c8470cf036ea8c17bf87401f49936950b3e1d6
This command support ECC based signature verification on a blob.
Supported ECC algorithm are NISP P-256, NISP P-384, Brainpool 256
and Brainpool 384.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I7f43d2a69bbe6693ec1bb90f32b817cf00f9f5ae
This command support ECC based signing on a blob. Supported ECC algorithm
are NISP P-256, NISP P-384, Brainpool 256 and Brainpool 384.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I82f95ddafa6b62f8cd882fce9a3e63e469c85067
To support the ECDSA feature and send the command
as a request to get the public key
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I9d7bb5b6ab8ef7d4f3ceb21ff0068baf3175a1ac
Extends existing Secure Data Object Service (SDOS) encryption and
decryption mailbox command to include session id and context id. The
new format requires an opened crypto service session.
A separated SMC function ID is introduced for the new format and it is
only supported by Agilex.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I2627750e8337c1af66217e9cb45981a9e06e7d19
Enable Support for AES Crypt Service to send request
to encrypt or decrypt a blob. Command will send a memory
location that SDM will read and also memory location that
SDM will write back after encryption or decryption operation.
Response will be sent back after the crypto operation is done,
and data is written back to the destination
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I86ea4ff64dda2fbb1000591e30fa8cb2640ce954
This command sends request on checking the integrity and authenticity
of a blob by comparing the calculated MAC with tagged MAC. The
comparison result will be returned in response.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ifefdf67f088d7612d2ec2459d71faf2ec8181222
This command is to request the SHA-2 hash digest on a blob.
If input has a key, the output shall be key-hash digest.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I08cb82d89a8e8f7bfe04f5f01e079ea49fe38cf5
The random number generation (RNG) mailbox command format
is updated to extends the support to upto 4080 bytes random
number generation. The new RNG format requires an opened
crypto service session.
A separated SMC function ID is introduced for the new RNG
format and it is only supported by Agilex.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I3f044a3c01ff7cb50be4705e2c1f982bf6f61432
Support crypto service key operation mailbox commands through SMC.
Crypto service key operation begin by sending an open crypto service
session request to SDM firmware. Once successfully open the session,
send crypto service key management commands (import, export, remove
and get key info) with the associated session id to SDM firmware.
The crypto service key is required before perform any crypto service
(encryption, signing, etc). Last, close the session after finishes
crypto service. All crypto service keys associated with this session
will be erased by SDM firmware.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I02406533f38b9607eb1ec7e1395b9dc2d084a9e3
Support crypto service open and close session mailbox commands through
SMC.
Crypto service support begin by sending an open crypto service session
request to SDM firmware. Last, close the session after finishes crypto
service. All crypto service parameters with this session will be erased
by SDM firmware.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I48968498bbd6f2e71791f4ed38dd5f369e171082
This patch extends the functionality of FPGA Crypto Services (FCS) to
support FPGA Attestation feature in Agilex device.
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I3c2e29d2fa04d394e9f65d8143d7f4e57389cd02
Due to the cache coherency issue the dcache need to flush
before sending the certificate to the mailbox
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I39d5144519d9c7308597698b4cbea1b8aba0a849
This patch will introduce a generic error code (0x3ff)
to be used in case where Secure Device Manager (SDM)
mailbox request is not failing (returns OK with no error
code) but BL31 instead wants to return error/reject
to the calling software. This value aligns with generic
error code implemented in SDM for consistency.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I9894c7df8897fff9aa80970940a6f3f6bfa30bb7
Allows non-secure software to access FPGA Crypto Services (FCS)
through secure monitor calls (SMC).
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I805b3f650abf5e118e2c55e469866d5d0ca68048
Extend the functionality of FPGA Crypto Service
(FCS) to support FPGA single certificate feature
so that the counter value can be updated with
only one preauthorized certificate
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ibde87e4ee46367cf7f27f7bb0172838ab8766340
This is to extend the functionality of FPGA Crypto Service (FCS)
to support FPGA Attestation feature in Stratix 10 device.
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ib15783383dc9a06a2f0dc6dc1786f44b89f32cb1
This change is to re-align HPS cryption logic with
underlying Secure Device Manager's (SDM) mailbox API.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I8fc90982d3cddceaf401c1a112ff8e20861bf4c5
* changes:
feat(imx8mp): enable BL32 fdt overlay support on imx8mp
feat(imx8mq): enable optee fdt overlay support
feat(imx8mn): enable optee fdt overlay support
feat(imx8mm): enable optee fdt overlay support
feat(imx8mp): add trusty for imx8mp
feat(imx8mq): enable trusty for imx8mq
feat(imx8mn): enable Trusty OS for imx8mn
feat(imx8mm): enable Trusty OS on imx8mm
feat(imx8/imx8m): switch to xlat_tables_v2
feat(imx8m): enable the coram_s tz by default on imx8mn/mp
feat(imx8m): enable the csu init on imx8m
feat(imx8m): add a simple csu driver for imx8m family
refactor(imx8m): replace magic number with enum type
feat(imx8m): add imx csu/rdc enum type defines for imx8m
fix(imx8m): check the validation of domain id
feat(imx8m): enable conditional build for SDEI
Allow OP-TEE to generate a device-tree overlay binary
that will be applied by u-boot on the regular dtb.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: Idfd268cdd8b7ba321f8e1b9b85c2bba7ffdeddf0
Add trusty support for imx8mq, default load address
and size for trusty os will be 0xfe000000 and 0x2000000.
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I2b35ee525b25b80bf6c9599a0adcc2d9f069aa41
Add trusty support for imx8mn, default load address and
size of trusty are 0xbe000000 and 0x2000000.
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I63fd5159027d7400b8c6bfc03193dd1330c43140
Add trusty support for imx8mm, default load address
and size of trusty are 0xbe000000 anx 0x2000000.
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I3f8b1adc08933e38a39f1ab1723947319d19a703
spd trusty requires memory dynamic mapping feature to be
enabled, so we have to use xlat table library v2 instead
of v1.
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I2813af9c7878b1fc2a59e27619c5b643af6a1e91
Enable the OCRAM_S TZ for secure protection by default on
i.MX8MN/i.MX8MP. And lock the ocram secure access configure
on i.MX8MM/i.MX8MP.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I2e24f4b823ee5f804415218d5c2e371f4e4c6fe1
Enable the CSU init on i.MX8M SoC family. The 'csu_cfg' array
is just a placeholder for now as example with limited config listed.
In real use case,user can add the CSU config as needed based on system design.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I1f7999efa346f18f6625ed8c478d088ed75f7833
Replace those RDC config related magic numbers with enum type
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I6245ccfa74d079179dc0f205980c2daf5c7af786
Add various enum type defines for CSU & RDC module for i.MX8M
family
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I70c050286919eab51c6c553912bd4be57bc60f81
check the domain id to make sure it is in the valid range
to make sure no out of range access to the array.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: Iccd7298eea390b6e68156bb356226839a23417ea
SDEI support on imx8m is an optional feature, so
make it conditional build, not enabled by default.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I6e7e8d77959ea352bc019f8468793992ec7ecfc4
In case JR0 is used by the HAB for secure boot, it can be used later
for authenticating kernel or other binaries.
We are checking if the HAB is using the JR by the DID set.
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I6e9595012262ffabfc3f3d4841f446f34e48e059
Get cpu frequency and update the timer init div with it.
The timer is vary based on the cpu frequency instead of hardcoded.
The implementation shall apply to only Agilex and S10
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: I61684d9762ad34e5a60b8b176b60c8848db4b422
This issue is triggered when enabling -Wmissing-prototypes:
plat/st/common/bl2_io_storage.c:114:5: warning: no previous prototype
for 'open_fip' [-Wmissing-prototypes]
114 | int open_fip(const uintptr_t spec)
| ^~~~~~~~
plat/st/common/bl2_io_storage.c:119:5: warning: no previous prototype
for 'open_storage' [-Wmissing-prototypes]
119 | int open_storage(const uintptr_t spec)
| ^~~~~~~~~~~~
Add missing stm32mp_io_storage.h header include, where those functions
prototypes are defined.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I2af69fadfc4780553f41b338cd93b731210672a6
* changes:
fix(sptool): update Optee FF-A manifest
feat(sptool): delete c version of the sptool
feat(sptool): use python version of sptool
feat(sptool): python version of the sptool
refactor(sptool): use SpSetupActions in sp_mk_generator.py
feat(sptool): add python SpSetupActions framework
Enable ARM_XLAT_TABLES_LIB_V1 as ZynqMP is using
v1 library of translation tables.
With upstream patch d323af9e3d,
the usage of MAP_REGION_FLAT is referring to definition in file
include/lib/xlat_tables/xlat_tables_v2.h but while preparing
xlat tables in lib/xlat_tables/xlat_tables_common.c it is referring
to include/lib/xlat_tables/xlat_tables.h which is v1 xlat tables.
Also, ZynqMP was using v1 so defined ARM_XLAT_TABLES_LIB_V1 to
use v1 xlat tables everywhere.
This fixes the issue of xlat tables failures as it takes v2
library mmap_region structure in some files and v1 in other
files.
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: Ibc0e1c536e19f4edd6a6315bf1b0dfcec33e2fdc
The get_bl_mem_params_node() function could return NULL. Add asserts to
check the return value is not NULL.
This corrects coverity issues:
pager_mem_params = get_bl_mem_params_node(BL32_EXTRA1_IMAGE_ID);
>>> CID 378360: (NULL_RETURNS)
>>> Dereferencing "pager_mem_params", which is known to be "NULL".
paged_mem_params = get_bl_mem_params_node(BL32_EXTRA2_IMAGE_ID);
>>> CID 378360: (NULL_RETURNS)
>>> Dereferencing "paged_mem_params", which is known to be "NULL".
tos_fw_mem_params = get_bl_mem_params_node(TOS_FW_CONFIG_ID);
>>> CID 378360: (NULL_RETURNS)
>>> Dereferencing "tos_fw_mem_params", which is known to be "NULL".
Do the same for other occurrences of get_bl_mem_params_node() return not
checked, in the functions plat_get_bl_image_load_info() and
bl2_plat_handle_pre_image_load().
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I79165b1628fcee3da330f2db4ee5e1dafcb1b21f
MISRA Violation: MISRA-C:2012 R.14.4
The controlling expression of an if statement and the controlling
expression of an iteration-statement shall have essentially Boolean type.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I8f3f6f956d1d58ca201fb5895f12bcaabf2afd3b
MISRA Violation: MISRA-C:2012 R.15.7
- All if . . else if constructs shall be terminated
with an else statement.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: If921ca7c30b2feea6535791aa15f4de7101c3134
MISRA Violation: MISRA-C:2012 R.15.6
- The body of an iteration-statement or a selection-statement shall be
a compound statement.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I0fc8eeac0e592f00297a1ac42a1ba3df1144733b
MISRA Violation: MISRA-C:2012 R.7.2
- A "u" or "U" suffix shall be applied to all integer constants that are
represented in an unsigned type.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: Ieeff81ed42155c03aebca75b2f33f311279b9ed4
MISRA Violation: MISRA-C:2012 R.10.3
- The value of an expression shall not be assigned to an object with a
narrower essential type or of a different essential type category.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I5a60c66788d59e45f41ceb81758b42ef2df9f5f7
This patch enables access to the branch record buffer control registers
in non-secure EL2 and EL1 using the new build option ENABLE_BRBE_FOR_NS.
It is disabled for all secure world, and cannot be used with ENABLE_RME.
This option is disabled by default, however, the FVP platform makefile
enables it for FVP builds.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I576a49d446a8a73286ea6417c16bd0b8de71fca0
SMPLSEL and DRVSEL values need to updated in
DWMMC for the IP to work correctly. This apply
on Stratix 10 device only.
Signed-off-by: Loh Tien Hock <tien.hock.loh@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ibd799a65890690682e27e4cbbc85e83ea03d51fc
This adds F2S and S2F bridge enable, disable and reset
sequence to enable, disable and reset properly the bridges
in SMC call or during reset.
The reset is also maskable as the SMC from uboot can
pass in the bridge mask when requesting for bridge
enable or disable.
Signed-off-by: Loh Tien Hock <tien.hock.loh@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ie144518c591664ef880016c9b3706968411bbf21
Introduce additional #defines for running with the EL3
SPMC on the FVP.
The increase in xlat tables has been chosen to allow
the test cases to complete successfully and may need
adjusting depending on the desired usecase.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I7f44344ff8b74ae8907d53ebb652ff8def2d2562
Add an example logical partition to the FVP platform that
simply prints and echos the contents of a direct request
with the appropriate direct response.
Change-Id: Ib2052c9a63a74830e5e83bd8c128c5f9b0d94658
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change the OPTEE FF-A manifest to comply with changes to the sp pkg [1].
The sptool packs the image at the default offset of 0x4000, if it is not
provided in the arguments.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/14507
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I647950410114f7fc24926696212bb7f8101390ac
Mediatek's mt6795 platform was deprecated in 2.5 release and as per [1]
a platform which has been marked deprecated should be removed from repo
after 2 release cycle.
[1] https://trustedfirmware-a.readthedocs.io/en/latest/plat/deprecated.html?highlight=deprecated
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ic427a3071316a13f34a726a1eb086b679e1671a1
The Allwinner SID device holds a 16-bit SoC identifier, which we already
use in our code.
Export this number through the generic SMCCC SOCID interface, to allow
an architectural identification of an Allwinner SoC. This enables access
to this information from non-secure world, simplifies generic drivers
(ACPI comes to mind), and gives easy and precise access to the SoC ID
from userland in OSes like Linux.
Change-Id: I91753046b2ae5408ca7bc0b864fcd97d24c8267c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
* changes:
feat(allwinner): provide CPU idle states to the rich OS
feat(allwinner): simplify CPU_SUSPEND power state encoding
feat(allwinner): choose PSCI states to avoid translation
feat(fdt): add the ability to supply idle state information
fix(allwinner): improve DTB patching error handling
refactor(allwinner): patch the DTB after setting up PSCI
refactor(allwinner): move DTB change code into allwinner/common
This patch adds SPP/EMU platform support for Xilinx Versal and
also updating the documentation.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: Ibdadec4d00cd33ea32332299e7a00de31dc9d60b
This patch is to add size checking to make sure that
each certificate and encryption/decryption request
are 4-byte align as this driver is expecting. Unaligned
size may indicate invalid/corrupted request hence will
be rejected.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ib6f97849ec470e45679c5adc4fbfa3afd10eda90
Changing the log message from notice to verbose, to save some space
and that leads to successfull compilation.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: Iee5a808febf211464eb8ba6f0377f79378333f5d
* changes:
feat(intel): add SMC support for HWMON voltage and temp sensor
feat(intel): add SMC support for Get USERCODE
fix(intel): extend SDM command to return the SDM firmware version
feat(intel): add SMC for enquiring firmware version
fix(intel): configuration status based on start request
fix(intel): bit-wise configuration flag handling
fix(intel): get config status OK status
fix(intel): use macro as return value
fix(intel): fix fpga config write return mechanism
feat(intel): add SiP service for DCMF status
feat(intel): add RSU 'Max Retry' SiP SMC services
feat(intel): enable SMC SoC FPGA bridges enable/disable
feat(intel): add SMC/PSCI services for DCMF version support
feat(intel): allow to access all register addresses if DEBUG=1
fix(intel): modify how configuration type is handled
feat(intel): support SiP SVC version
feat(intel): enable firewall for OCRAM in BL31
feat(intel): create source file for firewall configuration
fix(intel): refactor NOC header
This change performs a basic configuration of the SMMU root registers
interface on an RME enabled system. This permits enabling GPC checks
for transactions originated from a non-secure or secure device upstream
to an SMMU. It re-uses the boot time GPT base address and configuration
programmed on the PE.
The root register file offset is platform dependent and has to be
supplied on a model command line.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I4f889be6b7afc2afb4d1d147c5c1c3ea68f32e07
Add support to read temperature and voltage using SMC command
Signed-off-by: Kris Chaplin <kris.chaplin@linux.intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: I806611610043906b720b5096728a5deb5d652b1d
This patch adds SMC support for enquiring FPGA's User Code.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I82c1fa9390b6f7509b2284d51e199fb8b6a9b1ad
Updates intel_smc_fw_version function to read SDM
firmware version in major/minor ACDS release number.
Update CONFIG_STATUS Response Data [1] bit0-23.
Return INTEL_SIP_SMC_STATUS_ERROR if unexpected
firmware version is being retrieved.
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: I018ccbb961786a75dc6eb873b0f232e71341e1d2
This command allows non-secure world software to enquire the
version of currently running Secure Device Manager (SDM) firmware.
This will be useful in maintaining backward-compatibility as well
as ensuring software cross-compabitility.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ibc23734d1135db74423da5e29655f9d32472a3b0
Configuration status command now returns the result based on the last
config start command made to the runtime software. The status type can
be either:
- NO_REQUEST (default)
- RECONFIGURATION
- BITSTREAM_AUTH
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I97406abe09b49b9d9a5b43e62fe09eb23c729bff
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change configuration type handling to bit-wise flag. This is to align
with Linux's FPGA Manager definitions and promotes better compatibility.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I5aaf91d3fec538fe3f4fe8395d9adb47ec969434
Config status have different OK requirement between MBOX_CONFIG_STATUS
and MBOX_RECONFIG_STATUS request. This patch adds the checking to
differentiate between both command.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I45a4c3de460b031757dbcbd0b3a8055cb0a55aff
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
SMC function should strictly return INTEL_SIP_SMC_STATUS macro. Directly
returning value of variable status might cause confusion in calling
software.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Iea17f4feaa5c917e8b995471f3019dba6ea8dcd3
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
This revert commit 279c8015fefcb544eb311b9052f417fc02ab84aa.
The previous change breaks this feature compatibility with Linux driver.
Hence, the fix for the earlier issue is going to be fixed in uboot instead.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I93220243bad65ed53322050d990544c7df4ce66b
This patch adds 2 additional RSU SiP services for Intel SoCFPGA
platforms:
- INTEL_SIP_SMC_RSU_COPY_DCMF_STATUS stores current DCMF status in
BL31
- INTEL_SIP_SMC_RSU_DCMF_STATUS is calling function for non-secure
software to retrieve stored DCMF status
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ic7a3e6988c71ad4bf66c58a1d669956524dfdf11
Enable SoC FPGA bridges enable/disable from non-secure world
through secure monitor calls
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I4474abab9731923a61ff0e7eb2c2fa32048001cb
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Support get/store RSU DCMF version:
INTEL_SIP_SMC_RSU_DCMF_VERSION - Get current DCMF version
INTEL_SIP_SMC_RSU_COPY_DCMF_VERSION - Store current DCMF version
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: I85ffbc0efc859736899d4812f040fd7be17c8d8d
Allow to access all register addresses from SMC call if compile the code
with DEBUG=1 for debugging purpose.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: Idd31827fb71307efbdbcceeaa05f6cb072842e10
This patch creates macros to handle different configuration
types. These changes will help in adding new configuration
types in the future.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: I5826a8e5942228a9ed376212f0df43b1605c0199
This command supports to return SiP SVC major and minor version.
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: Ia8bf678b8de0278aeaae748f24bdd05f8c9f9b47
Set OCRAM as secure region and required privileged access in BL31 to
prevent software running in normal world (non-secure) accessing memory
region in OCRAM which may contain sensitive information (e.g. FSBL,
handoff data)
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ib6b24efd69f49cd3f9aa4ef2ea9f1af5ce582bd6
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Move codes that previously were part of system_manager driver into
firewall driver which are more appropriate based on their functionalities.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I35e9d792f35ee7491c2f306781417a0c8faae3fd
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Refactor NOC header to be shareable across both Stratix 10 and Agilex
platforms. This patch also removes redundant NOC declarations in system
manager header file.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I6348b67a8b54c2ad19327d6b8c25ae37d25e4b4a
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
In order to modularize software libraries and platform drivers,
we create makefile helpers to treat a folder as a basic compile
unit.
Each module has a build rule (rules.mk) to describe driver and software
library source codes to be built in.
Signed-off-by: Leon Chen <leon.chen@mediatek.com>
Change-Id: Ib2113b259dc97937b7295b265509025b43b14077
Currently, HW-config is loaded into non-secure memory, which mean
a malicious NS-agent could tamper with it. Ideally, this shouldn't
be an issue since no software runs in non-secure world at this time
(non-secure world has not been started yet).
It does not provide a guarantee though since malicious external
NS-agents can take control of this memory region for update/corruption
after BL2 loads it and before BL31/BL32/SP_MIN consumes it. The threat
is mapped to Threat ID#3 (Bypass authentication scenario) in threat
model [1].
Hence modified the code as below -
1. BL2 loads the HW_CONFIG into secure memory
2. BL2 makes a copy of the HW_CONFIG in the non-secure memory at an
address provided by the newly added property(ns-load-address) in
the 'hw-config' node of the FW_CONFIG
3. SP_MIN receives the FW_CONFIG address from BL2 via arg1 so that
it can retrieve details (address and size) of HW_CONFIG from
FW_CONFIG
4. A secure and non-secure HW_CONFIG address will eventually be used
by BL31/SP_MIN/BL32 and BL33 components respectively
5. BL31/SP_MIN dynamically maps the Secure HW_CONFIG region and reads
information from it to local variables (structures) and then
unmaps it
6. Reduce HW_CONFIG maximum size from 16MB to 1MB; it appears
sufficient, and it will also create a free space for any future
components to be added to memory
[1]: https://trustedfirmware-a.readthedocs.io/en/latest/threat_model/threat_model.html
Change-Id: I1d431f3e640ded60616604b1c33aa638b9a1e55e
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Not all K3 platforms support low power mode, so to allow these
features to be included for platforms that do in build and
therefore reported in the PSCI caps, define K3_PM_SYSTEM_SUSPEND
flag that can be set during build that will cause appropriate
space and functionality to be included in build for system
suspend support.
Change-Id: I821fbbd5232d91de6c40f63254b855e285d9b3e8
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Increase the lite platform SEC_SRAM_SIZE to 128k to allow space
for GIC context.
Change-Id: I6414309757ce9a9b7b3a9233a401312bfc459a3b
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Add necessary K3 PSCI handlers to enable system suspend to be reported
in the PSCI capabilities when asked during OS boot.
Additionally, have the handlers provide information that all domains
should be off and also have the power domain suspend handler invoke the
TISCI_MSG_ENTER_SLEEP message to enter system suspend.
Change-Id: I351a16167770e9909e8ca525ee0d74fa93331194
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Add functions to save and restore GICv3 redist and dist contexts during
low power mode and then call these during the suspend entry and finish
psci handlers.
Change-Id: I26c2c0f3b7fc925de3b349499fa42d2405441577
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
This TISCI API must be used to trigger entry into system suspend, and
this is done through the use of TI_SCI_MSG_ENTER_SLEEP. Introduce a
method to send this message.
Change-Id: Id7af5fb2a34623ad69e76764f389ff4d8d259fba
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
* changes:
fix(versal): fix coverity scan warnings
feat(versal): get version for ATF related EEMI APIs
feat(versal): enhance PM_IOCTL EEMI API to support additional arg
feat(versal): add common interfaces to handle EEMI commands
The patch does below things.
1. As per current implementation, when Linux send a request to ATF to
get the version of APIs which are implemented in ATF then ATF wasn't
returning any version because there is a check for LIBPM module id.
The ATF is used to return version for the APIs which are implemented
in the firmware only.
Hence moved this switch-case before checking module id to get ATF
version.
Also, no need to pass Linux request to the firmware for the APIs
which are implemented in ATF instead return success after updating
version.
2. As per current implementation, higher 16-bit is used for ATF
version and lower 16-bit is used for firmware version. Now, removed
16-bit shift operation and send complete word i.e. 32-bit to Linux
user as there is no user who checks ATF version.
3. Add bit mask support in the feature check PM EEMI API for QUERY and
IOCTL ids.
Change-Id: Icdca3de6659f3b673b81a423ed79a3c20b678768
Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Signed-off-by: Tanmay Shah <tanmay.shah@xilinx.com>
Currently, SMC handler is limited to parsing 5 arguments (1 API ID + 4
32-bit command args). Extend this handling to support one more 32-bit
command argument which is necessary to support new IOCTL IDs for
secure read/write interface.
Note that, this change is completely transparent and does not affect
existing functionality of any of the EEMI APIs.
Change-Id: I72016620eeeaf598f14853512120bfb30bb9a3e9
Signed-off-by: Izhar Ameer Shaikh <izhar.ameer.shaikh@xilinx.com>
Signed-off-by: Tanmay Shah <tanmay.shah@xilinx.com>
This change adds common interfaces to handle commands from firmware driver
to power management controller. It removes big chunk of source line of code
that was handling each command separately and doing same repetitive work.
EEMI - Embedded Energy Management Interface is Xilinx proprietary
protocol to allow communication between power management controller
and different processing clusters.
As of now, Each EEMI command has its own implementation in TF-A.
This is redundant. Essentially most EEMI command implementation
in TF-A does same work. It prepares payload received from kernel, sends
payload to firmware, receives response from firmware and send response
back to kernel.
The same functionality can be achieved if common interface is used among
multiple EEMI commands. This change divides platform management related
SMCCC requests into 4 categories.
1) EEMI commands required for backward compatibility.
Some EEMI commands are still required for backward compatibility
until removed completely or its use is changed to accommodate
common interface
2) EEMI commands that require for PSCI interface and accessed from debugfs
For example EEMI calls related to CPU suspend/resume
3) TF-A specific requests
Functionality such as getting TF-A version and getting callback
data for platform management is handled by this interface
4) Common interface for rest of EEMI commands
This handlers performs payload and firmware response transaction job for
rest of EEMI commands. Also it parses module ID from SMC payload and inserts
in IPI request. If not module ID is found, then default is LIBPM_MODULE_ID.
This helps in making common path in TF-A for all the modules in PLM firmware
Change-Id: I57a2787c7fff9f2e1d1f9003b3daab092632d57e
Signed-off-by: Tanmay Shah <tanmay.shah@xilinx.com>
When using SCPI as the PSCI backend, firmware can wake up the CPUs and
cluster from sleep, so CPU idle states are available for the rich OS to
use. In that case, advertise them to the rich OS via the DTB.
Change-Id: I718ef6ef41212fe5213b11b4799613adbbe6e0eb
Signed-off-by: Samuel Holland <samuel@sholland.org>
Use the encoding recommended by the PSCI specification: four bits for
the power state at each power level.
SCPI provides no way to handshake an exit from a standby state, so the
only possible standby state is the architectural WFI state. Since WFI
can be used outside of PSCI, we do not allow passing in standby states.
Change-Id: I4b3b84e5c255ee58a25255a0cab5d7623425086e
Signed-off-by: Samuel Holland <samuel@sholland.org>
Aligning the PSCI and SCPI power states avoids some code to translate
between the two. This also makes room for an intermediate power state,
for future firmware capability growth.
Change-Id: I26691085f277a96bd405e3305ab0fe390a92b418
Signed-off-by: Samuel Holland <samuel@sholland.org>
Currently, if any step of the DTB patching process fails, the whole
process is aborted. However, this causes some problems:
- If any step modifies the DTB (including fdt_open_into), the dcache
must still be cleaned, even if some later step fails.
- The DTB may need changes in multiple places; if one patch fails (for
example due to missing nodes), we should still apply other patches.
- Similarly, if some patch fails, we should still run fdt_pack to
clean up after ourselves.
Change-Id: If1af2e58e5a7edaf542354bb8a261dd1c3da1ad0
Signed-off-by: Samuel Holland <samuel@sholland.org>
Idle states are advertised to the rich OS by declaring them in the DTB.
Since the availability of idle states depends on which PSCI
implementation was chosen, the DTB must be updated after PSCI setup.
Move this operation to bl31_plat_runtime_setup, the platform hook
which happens at the right time. Defining this hook overrides the weak
definition from plat/common, so copy over the code from there, too.
Change-Id: I42a83edb9cb28e1803d17dc2d73dbc879d885222
Signed-off-by: Samuel Holland <samuel@sholland.org>
So far the H616 was the only Allwinner SoC needed to amend the DTB, to
reserve the DRAM portion that BL31 occupies.
To allow other SoCs to modify the DTB as well, without duplicating code,
move the DTB change routines into Allwinner common code, and generalise
the current code to allow other modifications.
No functional change intended.
Change-Id: I080ea07b6470367f3c2573a4368f8ef5196d411c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Samuel Holland <samuel@sholland.org>
Depending on the shell used, the grep command can fail, leading to
a wrong dtc version detection. Correct that by adding quotes.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I329ec929559c94bf1bf99b127662c9d978e067cf
* changes:
refactor(stm32mp1-fdts): remove nvmem_layout node
refactor(stm32mp1): drop the "st,stm32-nvmem-layout" node
refactor(st): remove useless includes
The current implementation uses plat_arm API under generic code.
"plat_arm" API is a convention used with Arm common platform layer
and is reserved for that purpose. In addition, the function has a
weak definition which is not encouraged in TF-A.
Henceforth, removing the weak API with a configurable macro "TWED_DELAY"
of numeric data type in generic code and simplifying the implementation.
By default "TWED_DELAY" is defined to zero, and the delay value need to
be explicitly set by the platforms during buildtime.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I25cd6f628e863dc40415ced3a82d0662fdf2d75a
As part of the RFC:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/13651,
this patch adds the 'cm_prepare_el3_exit_ns' function. The function is
a wrapper to 'cm_prepare_el3_exit' function for Non-secure state.
When EL2 sysregs context exists (CTX_INCLUDE_EL2_REGS is
enabled) EL1 and EL2 sysreg values are restored from the context
instead of directly updating the registers.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I9b071030576bb05500d54090e2a03b3f125d1653
Used MBEDTLS_CONFIG_FILE macro for including mbedTLS
configuration.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I374b59a31df3ab1e69481b2c37a6f7455a106b6e
The reported function raises a error when compilers assert the flag
`-Warray-parameter=`, signaling that an array-type argument was promoted
to a pointer-type argument. We observed this behaviour with the gcc 11.2
version.
plat/xilinx/common/pm_service/pm_ipi.c:263:34: error: argument 1 of type 'uint32_t *'
{aka 'unsigned int *'} declared as a pointer [-Werror=array-parameter=]
263 | uint32_t calculate_crc(uint32_t *payload, uint32_t bufsize)
| ~~~~~~~~~~^~~~~~~
In file included from plat/xilinx/common/pm_service/pm_ipi.c:16:
plat/xilinx/common/include/pm_ipi.h:30:33: note: previously declared as an array 'uint32_t[8]'
{aka 'unsigned int[8]'}
30 | uint32_t calculate_crc(uint32_t payload[PAYLOAD_ARG_CNT], uint32_t buffersize);
| ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~
cc1.real: all warnings being treated as errors
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I7329f2e76ee0ca5faba71eb50babd20a796fee64
In some implementations of dtc tool (e.g. with yocto), there can be a 'v'
at the beginning of the version, and a '+' at the end. Just keep numbers
then, with a grep -o.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I180e97ab75ba3e5ceacb4b1961a1f22788b428a3
HSD #1509626040:
This patch is to add the flexibility for BL2 and BL31
to choose different UART output port at platform_def.h
using parameter PLAT_INTEL_UART_BASE
This patch also fixing the plat_helpers.S where the
UART BASE is hardcoded to PLAT_UART0_BASE. It is then
switched to CRASH_CONSOLE_BASE.
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Change-Id: Iccfa7ec64e4955b531905778be4da803045d3c8f
HSD #16014059592:
Add support for ROM Patch SHA384 mailbox SMC call.
Signed-off-by: Kris Chaplin <kris.chaplin@linux.intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ide9a7af41a089980745cb7216a9bf85e7fbd84e3
There are plans to contribute a generic MHU driver to the TF-A code
base in the short term.
In preparation for this, rename the Corstone-700 MHU driver source
files and prefix them with the name of the platform to avoid any
ambiguity or name clashes with the upcoming generic MHU driver. Also
rename the header guard accordingly.
This renaming is inline with other platform-specific MHU drivers, such
as the ones used on Broadcom [1], Socionext [2] or Amlogic [3] platforms.
[1] plat/brcm/common/brcm_mhu.h
[2] plat/socionext/synquacer/drivers/mhu/sq_mhu.h
[3] plat/amlogic/common/aml_mhu.c
Change-Id: I8a5e5b16e7c19bf931a90422dfca8f6a2a0663b4
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
If we reboot 3 times in trial mode, BL2 will select previous boot image.
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Change-Id: I82b423cc84f0471fdb6fa7c393fc5fe411d25c06
Change the backup register used to store FWU parameters from 21 to 10.
This is chosen to have a Read/Write secure and Read non-secure register.
The mapping is also changed: only the first 4 bits will be used to store
the FWU index. The 4 next bits will be used to store count info. The
other bits are reserved.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Change-Id: I9249768287ec5688ba2d8711ce04d429763543d7
Simplify the DT parsing by removing the parsing of the nvmem layout node
with "st,stm32-nvmem-layout" compatible.
The expected OTP NAME can directly be found in a sub-node named
NAME@ADDRESS of the BSEC node, the NVMEM provider node.
This patch also removes this specific binding introduced for TF-A.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: Ic703385fad1bec5bef1cee583fbe9fbbf6aea216
The stm32mp_dt.c file does not need anything from DDR header files.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ibfe23204d68ee2e863cd2eda3d725baa830b729a
Add a dummy realm attestation key to RMMD, and return it on request.
The realm attestation key is requested with an SMC with the following
parameters:
* Fid (0xC400001B2).
* Attestation key buffer PA (the realm attestation key is copied
at this address by the monitor).
* Attestation key buffer length as input and size of realm
attesation key as output.
* Type of elliptic curve.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I12d8d98fd221f4638ef225c9383374ddf6e65eac
Add QDS support for ls1088a.
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: York Sun <york.sun@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I6c7a7a23fa6b9ba01c011a7e6237f8063d45e261
The LS1088A reference design board provides a comprehensive platform
that enables design and evaluation of the product (LS1088A processor).
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: York Sun <york.sun@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: If4ca24fcee7a4c2c514303853955f1b00298c0e5
LS1088A is a cost-effective, powerefficient, and highly integrated
SoC device featuring eight extremely power-efficient 64-bit ARM
Cortex-A53 cores with ECC-protected L1 and L2 cache memories for
high reliability, running up to 1.6 GHz.
This patch is to add ls1088a SoC support in TF-A.
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: rocket <rod.dorris@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Id9ebcdad1beab07ea81a41955edd4f471d6cf090
Refine the code to be compatible with new CCN504 which is used
by ls2088a.
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I2e2b3bbb9392862b04bf8a89dfb9575bf4be974a
Support CHASSIS 3.0(such as SoC LS1088A).
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I60843bc4d604f0de1d91c6d3ad5eb4921cdcc91a
