The get_bl_mem_params_node() function could return NULL. Add asserts to
check the return value is not NULL.
This corrects coverity issues:
pager_mem_params = get_bl_mem_params_node(BL32_EXTRA1_IMAGE_ID);
>>> CID 378360: (NULL_RETURNS)
>>> Dereferencing "pager_mem_params", which is known to be "NULL".
paged_mem_params = get_bl_mem_params_node(BL32_EXTRA2_IMAGE_ID);
>>> CID 378360: (NULL_RETURNS)
>>> Dereferencing "paged_mem_params", which is known to be "NULL".
tos_fw_mem_params = get_bl_mem_params_node(TOS_FW_CONFIG_ID);
>>> CID 378360: (NULL_RETURNS)
>>> Dereferencing "tos_fw_mem_params", which is known to be "NULL".
Do the same for other occurrences of get_bl_mem_params_node() return not
checked, in the functions plat_get_bl_image_load_info() and
bl2_plat_handle_pre_image_load().
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I79165b1628fcee3da330f2db4ee5e1dafcb1b21f
MISRA Violation: MISRA-C:2012 R.14.4
The controlling expression of an if statement and the controlling
expression of an iteration-statement shall have essentially Boolean type.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I8f3f6f956d1d58ca201fb5895f12bcaabf2afd3b
MISRA Violation: MISRA-C:2012 R.15.7
- All if . . else if constructs shall be terminated
with an else statement.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: If921ca7c30b2feea6535791aa15f4de7101c3134
MISRA Violation: MISRA-C:2012 R.15.6
- The body of an iteration-statement or a selection-statement shall be
a compound statement.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I0fc8eeac0e592f00297a1ac42a1ba3df1144733b
MISRA Violation: MISRA-C:2012 R.7.2
- A "u" or "U" suffix shall be applied to all integer constants that are
represented in an unsigned type.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: Ieeff81ed42155c03aebca75b2f33f311279b9ed4
MISRA Violation: MISRA-C:2012 R.10.3
- The value of an expression shall not be assigned to an object with a
narrower essential type or of a different essential type category.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I5a60c66788d59e45f41ceb81758b42ef2df9f5f7
This patch enables access to the branch record buffer control registers
in non-secure EL2 and EL1 using the new build option ENABLE_BRBE_FOR_NS.
It is disabled for all secure world, and cannot be used with ENABLE_RME.
This option is disabled by default, however, the FVP platform makefile
enables it for FVP builds.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I576a49d446a8a73286ea6417c16bd0b8de71fca0
SMPLSEL and DRVSEL values need to updated in
DWMMC for the IP to work correctly. This apply
on Stratix 10 device only.
Signed-off-by: Loh Tien Hock <tien.hock.loh@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ibd799a65890690682e27e4cbbc85e83ea03d51fc
This adds F2S and S2F bridge enable, disable and reset
sequence to enable, disable and reset properly the bridges
in SMC call or during reset.
The reset is also maskable as the SMC from uboot can
pass in the bridge mask when requesting for bridge
enable or disable.
Signed-off-by: Loh Tien Hock <tien.hock.loh@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ie144518c591664ef880016c9b3706968411bbf21
Introduce additional #defines for running with the EL3
SPMC on the FVP.
The increase in xlat tables has been chosen to allow
the test cases to complete successfully and may need
adjusting depending on the desired usecase.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I7f44344ff8b74ae8907d53ebb652ff8def2d2562
Add an example logical partition to the FVP platform that
simply prints and echos the contents of a direct request
with the appropriate direct response.
Change-Id: Ib2052c9a63a74830e5e83bd8c128c5f9b0d94658
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change the OPTEE FF-A manifest to comply with changes to the sp pkg [1].
The sptool packs the image at the default offset of 0x4000, if it is not
provided in the arguments.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/14507
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I647950410114f7fc24926696212bb7f8101390ac
Mediatek's mt6795 platform was deprecated in 2.5 release and as per [1]
a platform which has been marked deprecated should be removed from repo
after 2 release cycle.
[1] https://trustedfirmware-a.readthedocs.io/en/latest/plat/deprecated.html?highlight=deprecated
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ic427a3071316a13f34a726a1eb086b679e1671a1
The Allwinner SID device holds a 16-bit SoC identifier, which we already
use in our code.
Export this number through the generic SMCCC SOCID interface, to allow
an architectural identification of an Allwinner SoC. This enables access
to this information from non-secure world, simplifies generic drivers
(ACPI comes to mind), and gives easy and precise access to the SoC ID
from userland in OSes like Linux.
Change-Id: I91753046b2ae5408ca7bc0b864fcd97d24c8267c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
* changes:
feat(allwinner): provide CPU idle states to the rich OS
feat(allwinner): simplify CPU_SUSPEND power state encoding
feat(allwinner): choose PSCI states to avoid translation
feat(fdt): add the ability to supply idle state information
fix(allwinner): improve DTB patching error handling
refactor(allwinner): patch the DTB after setting up PSCI
refactor(allwinner): move DTB change code into allwinner/common
This patch adds SPP/EMU platform support for Xilinx Versal and
also updating the documentation.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: Ibdadec4d00cd33ea32332299e7a00de31dc9d60b
This patch is to add size checking to make sure that
each certificate and encryption/decryption request
are 4-byte align as this driver is expecting. Unaligned
size may indicate invalid/corrupted request hence will
be rejected.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ib6f97849ec470e45679c5adc4fbfa3afd10eda90
Changing the log message from notice to verbose, to save some space
and that leads to successfull compilation.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: Iee5a808febf211464eb8ba6f0377f79378333f5d
* changes:
feat(intel): add SMC support for HWMON voltage and temp sensor
feat(intel): add SMC support for Get USERCODE
fix(intel): extend SDM command to return the SDM firmware version
feat(intel): add SMC for enquiring firmware version
fix(intel): configuration status based on start request
fix(intel): bit-wise configuration flag handling
fix(intel): get config status OK status
fix(intel): use macro as return value
fix(intel): fix fpga config write return mechanism
feat(intel): add SiP service for DCMF status
feat(intel): add RSU 'Max Retry' SiP SMC services
feat(intel): enable SMC SoC FPGA bridges enable/disable
feat(intel): add SMC/PSCI services for DCMF version support
feat(intel): allow to access all register addresses if DEBUG=1
fix(intel): modify how configuration type is handled
feat(intel): support SiP SVC version
feat(intel): enable firewall for OCRAM in BL31
feat(intel): create source file for firewall configuration
fix(intel): refactor NOC header
This change performs a basic configuration of the SMMU root registers
interface on an RME enabled system. This permits enabling GPC checks
for transactions originated from a non-secure or secure device upstream
to an SMMU. It re-uses the boot time GPT base address and configuration
programmed on the PE.
The root register file offset is platform dependent and has to be
supplied on a model command line.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I4f889be6b7afc2afb4d1d147c5c1c3ea68f32e07
Add support to read temperature and voltage using SMC command
Signed-off-by: Kris Chaplin <kris.chaplin@linux.intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: I806611610043906b720b5096728a5deb5d652b1d
This patch adds SMC support for enquiring FPGA's User Code.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I82c1fa9390b6f7509b2284d51e199fb8b6a9b1ad
Updates intel_smc_fw_version function to read SDM
firmware version in major/minor ACDS release number.
Update CONFIG_STATUS Response Data [1] bit0-23.
Return INTEL_SIP_SMC_STATUS_ERROR if unexpected
firmware version is being retrieved.
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: I018ccbb961786a75dc6eb873b0f232e71341e1d2
This command allows non-secure world software to enquire the
version of currently running Secure Device Manager (SDM) firmware.
This will be useful in maintaining backward-compatibility as well
as ensuring software cross-compabitility.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ibc23734d1135db74423da5e29655f9d32472a3b0
Configuration status command now returns the result based on the last
config start command made to the runtime software. The status type can
be either:
- NO_REQUEST (default)
- RECONFIGURATION
- BITSTREAM_AUTH
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I97406abe09b49b9d9a5b43e62fe09eb23c729bff
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change configuration type handling to bit-wise flag. This is to align
with Linux's FPGA Manager definitions and promotes better compatibility.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I5aaf91d3fec538fe3f4fe8395d9adb47ec969434
Config status have different OK requirement between MBOX_CONFIG_STATUS
and MBOX_RECONFIG_STATUS request. This patch adds the checking to
differentiate between both command.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I45a4c3de460b031757dbcbd0b3a8055cb0a55aff
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
SMC function should strictly return INTEL_SIP_SMC_STATUS macro. Directly
returning value of variable status might cause confusion in calling
software.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Iea17f4feaa5c917e8b995471f3019dba6ea8dcd3
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
This revert commit 279c8015fefcb544eb311b9052f417fc02ab84aa.
The previous change breaks this feature compatibility with Linux driver.
Hence, the fix for the earlier issue is going to be fixed in uboot instead.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I93220243bad65ed53322050d990544c7df4ce66b
This patch adds 2 additional RSU SiP services for Intel SoCFPGA
platforms:
- INTEL_SIP_SMC_RSU_COPY_DCMF_STATUS stores current DCMF status in
BL31
- INTEL_SIP_SMC_RSU_DCMF_STATUS is calling function for non-secure
software to retrieve stored DCMF status
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ic7a3e6988c71ad4bf66c58a1d669956524dfdf11
Enable SoC FPGA bridges enable/disable from non-secure world
through secure monitor calls
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I4474abab9731923a61ff0e7eb2c2fa32048001cb
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Support get/store RSU DCMF version:
INTEL_SIP_SMC_RSU_DCMF_VERSION - Get current DCMF version
INTEL_SIP_SMC_RSU_COPY_DCMF_VERSION - Store current DCMF version
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: I85ffbc0efc859736899d4812f040fd7be17c8d8d
Allow to access all register addresses from SMC call if compile the code
with DEBUG=1 for debugging purpose.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: Idd31827fb71307efbdbcceeaa05f6cb072842e10
This patch creates macros to handle different configuration
types. These changes will help in adding new configuration
types in the future.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: I5826a8e5942228a9ed376212f0df43b1605c0199
This command supports to return SiP SVC major and minor version.
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: Ia8bf678b8de0278aeaae748f24bdd05f8c9f9b47
Set OCRAM as secure region and required privileged access in BL31 to
prevent software running in normal world (non-secure) accessing memory
region in OCRAM which may contain sensitive information (e.g. FSBL,
handoff data)
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ib6b24efd69f49cd3f9aa4ef2ea9f1af5ce582bd6
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Move codes that previously were part of system_manager driver into
firewall driver which are more appropriate based on their functionalities.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I35e9d792f35ee7491c2f306781417a0c8faae3fd
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Refactor NOC header to be shareable across both Stratix 10 and Agilex
platforms. This patch also removes redundant NOC declarations in system
manager header file.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I6348b67a8b54c2ad19327d6b8c25ae37d25e4b4a
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
In order to modularize software libraries and platform drivers,
we create makefile helpers to treat a folder as a basic compile
unit.
Each module has a build rule (rules.mk) to describe driver and software
library source codes to be built in.
Signed-off-by: Leon Chen <leon.chen@mediatek.com>
Change-Id: Ib2113b259dc97937b7295b265509025b43b14077
Currently, HW-config is loaded into non-secure memory, which mean
a malicious NS-agent could tamper with it. Ideally, this shouldn't
be an issue since no software runs in non-secure world at this time
(non-secure world has not been started yet).
It does not provide a guarantee though since malicious external
NS-agents can take control of this memory region for update/corruption
after BL2 loads it and before BL31/BL32/SP_MIN consumes it. The threat
is mapped to Threat ID#3 (Bypass authentication scenario) in threat
model [1].
Hence modified the code as below -
1. BL2 loads the HW_CONFIG into secure memory
2. BL2 makes a copy of the HW_CONFIG in the non-secure memory at an
address provided by the newly added property(ns-load-address) in
the 'hw-config' node of the FW_CONFIG
3. SP_MIN receives the FW_CONFIG address from BL2 via arg1 so that
it can retrieve details (address and size) of HW_CONFIG from
FW_CONFIG
4. A secure and non-secure HW_CONFIG address will eventually be used
by BL31/SP_MIN/BL32 and BL33 components respectively
5. BL31/SP_MIN dynamically maps the Secure HW_CONFIG region and reads
information from it to local variables (structures) and then
unmaps it
6. Reduce HW_CONFIG maximum size from 16MB to 1MB; it appears
sufficient, and it will also create a free space for any future
components to be added to memory
[1]: https://trustedfirmware-a.readthedocs.io/en/latest/threat_model/threat_model.html
Change-Id: I1d431f3e640ded60616604b1c33aa638b9a1e55e
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Not all K3 platforms support low power mode, so to allow these
features to be included for platforms that do in build and
therefore reported in the PSCI caps, define K3_PM_SYSTEM_SUSPEND
flag that can be set during build that will cause appropriate
space and functionality to be included in build for system
suspend support.
Change-Id: I821fbbd5232d91de6c40f63254b855e285d9b3e8
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Increase the lite platform SEC_SRAM_SIZE to 128k to allow space
for GIC context.
Change-Id: I6414309757ce9a9b7b3a9233a401312bfc459a3b
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Add necessary K3 PSCI handlers to enable system suspend to be reported
in the PSCI capabilities when asked during OS boot.
Additionally, have the handlers provide information that all domains
should be off and also have the power domain suspend handler invoke the
TISCI_MSG_ENTER_SLEEP message to enter system suspend.
Change-Id: I351a16167770e9909e8ca525ee0d74fa93331194
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Add functions to save and restore GICv3 redist and dist contexts during
low power mode and then call these during the suspend entry and finish
psci handlers.
Change-Id: I26c2c0f3b7fc925de3b349499fa42d2405441577
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
This TISCI API must be used to trigger entry into system suspend, and
this is done through the use of TI_SCI_MSG_ENTER_SLEEP. Introduce a
method to send this message.
Change-Id: Id7af5fb2a34623ad69e76764f389ff4d8d259fba
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
* changes:
fix(versal): fix coverity scan warnings
feat(versal): get version for ATF related EEMI APIs
feat(versal): enhance PM_IOCTL EEMI API to support additional arg
feat(versal): add common interfaces to handle EEMI commands
The patch does below things.
1. As per current implementation, when Linux send a request to ATF to
get the version of APIs which are implemented in ATF then ATF wasn't
returning any version because there is a check for LIBPM module id.
The ATF is used to return version for the APIs which are implemented
in the firmware only.
Hence moved this switch-case before checking module id to get ATF
version.
Also, no need to pass Linux request to the firmware for the APIs
which are implemented in ATF instead return success after updating
version.
2. As per current implementation, higher 16-bit is used for ATF
version and lower 16-bit is used for firmware version. Now, removed
16-bit shift operation and send complete word i.e. 32-bit to Linux
user as there is no user who checks ATF version.
3. Add bit mask support in the feature check PM EEMI API for QUERY and
IOCTL ids.
Change-Id: Icdca3de6659f3b673b81a423ed79a3c20b678768
Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Signed-off-by: Tanmay Shah <tanmay.shah@xilinx.com>
Currently, SMC handler is limited to parsing 5 arguments (1 API ID + 4
32-bit command args). Extend this handling to support one more 32-bit
command argument which is necessary to support new IOCTL IDs for
secure read/write interface.
Note that, this change is completely transparent and does not affect
existing functionality of any of the EEMI APIs.
Change-Id: I72016620eeeaf598f14853512120bfb30bb9a3e9
Signed-off-by: Izhar Ameer Shaikh <izhar.ameer.shaikh@xilinx.com>
Signed-off-by: Tanmay Shah <tanmay.shah@xilinx.com>
This change adds common interfaces to handle commands from firmware driver
to power management controller. It removes big chunk of source line of code
that was handling each command separately and doing same repetitive work.
EEMI - Embedded Energy Management Interface is Xilinx proprietary
protocol to allow communication between power management controller
and different processing clusters.
As of now, Each EEMI command has its own implementation in TF-A.
This is redundant. Essentially most EEMI command implementation
in TF-A does same work. It prepares payload received from kernel, sends
payload to firmware, receives response from firmware and send response
back to kernel.
The same functionality can be achieved if common interface is used among
multiple EEMI commands. This change divides platform management related
SMCCC requests into 4 categories.
1) EEMI commands required for backward compatibility.
Some EEMI commands are still required for backward compatibility
until removed completely or its use is changed to accommodate
common interface
2) EEMI commands that require for PSCI interface and accessed from debugfs
For example EEMI calls related to CPU suspend/resume
3) TF-A specific requests
Functionality such as getting TF-A version and getting callback
data for platform management is handled by this interface
4) Common interface for rest of EEMI commands
This handlers performs payload and firmware response transaction job for
rest of EEMI commands. Also it parses module ID from SMC payload and inserts
in IPI request. If not module ID is found, then default is LIBPM_MODULE_ID.
This helps in making common path in TF-A for all the modules in PLM firmware
Change-Id: I57a2787c7fff9f2e1d1f9003b3daab092632d57e
Signed-off-by: Tanmay Shah <tanmay.shah@xilinx.com>
When using SCPI as the PSCI backend, firmware can wake up the CPUs and
cluster from sleep, so CPU idle states are available for the rich OS to
use. In that case, advertise them to the rich OS via the DTB.
Change-Id: I718ef6ef41212fe5213b11b4799613adbbe6e0eb
Signed-off-by: Samuel Holland <samuel@sholland.org>
Use the encoding recommended by the PSCI specification: four bits for
the power state at each power level.
SCPI provides no way to handshake an exit from a standby state, so the
only possible standby state is the architectural WFI state. Since WFI
can be used outside of PSCI, we do not allow passing in standby states.
Change-Id: I4b3b84e5c255ee58a25255a0cab5d7623425086e
Signed-off-by: Samuel Holland <samuel@sholland.org>
Aligning the PSCI and SCPI power states avoids some code to translate
between the two. This also makes room for an intermediate power state,
for future firmware capability growth.
Change-Id: I26691085f277a96bd405e3305ab0fe390a92b418
Signed-off-by: Samuel Holland <samuel@sholland.org>
Currently, if any step of the DTB patching process fails, the whole
process is aborted. However, this causes some problems:
- If any step modifies the DTB (including fdt_open_into), the dcache
must still be cleaned, even if some later step fails.
- The DTB may need changes in multiple places; if one patch fails (for
example due to missing nodes), we should still apply other patches.
- Similarly, if some patch fails, we should still run fdt_pack to
clean up after ourselves.
Change-Id: If1af2e58e5a7edaf542354bb8a261dd1c3da1ad0
Signed-off-by: Samuel Holland <samuel@sholland.org>
Idle states are advertised to the rich OS by declaring them in the DTB.
Since the availability of idle states depends on which PSCI
implementation was chosen, the DTB must be updated after PSCI setup.
Move this operation to bl31_plat_runtime_setup, the platform hook
which happens at the right time. Defining this hook overrides the weak
definition from plat/common, so copy over the code from there, too.
Change-Id: I42a83edb9cb28e1803d17dc2d73dbc879d885222
Signed-off-by: Samuel Holland <samuel@sholland.org>
So far the H616 was the only Allwinner SoC needed to amend the DTB, to
reserve the DRAM portion that BL31 occupies.
To allow other SoCs to modify the DTB as well, without duplicating code,
move the DTB change routines into Allwinner common code, and generalise
the current code to allow other modifications.
No functional change intended.
Change-Id: I080ea07b6470367f3c2573a4368f8ef5196d411c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Samuel Holland <samuel@sholland.org>
Depending on the shell used, the grep command can fail, leading to
a wrong dtc version detection. Correct that by adding quotes.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I329ec929559c94bf1bf99b127662c9d978e067cf
* changes:
refactor(stm32mp1-fdts): remove nvmem_layout node
refactor(stm32mp1): drop the "st,stm32-nvmem-layout" node
refactor(st): remove useless includes
The current implementation uses plat_arm API under generic code.
"plat_arm" API is a convention used with Arm common platform layer
and is reserved for that purpose. In addition, the function has a
weak definition which is not encouraged in TF-A.
Henceforth, removing the weak API with a configurable macro "TWED_DELAY"
of numeric data type in generic code and simplifying the implementation.
By default "TWED_DELAY" is defined to zero, and the delay value need to
be explicitly set by the platforms during buildtime.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I25cd6f628e863dc40415ced3a82d0662fdf2d75a
As part of the RFC:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/13651,
this patch adds the 'cm_prepare_el3_exit_ns' function. The function is
a wrapper to 'cm_prepare_el3_exit' function for Non-secure state.
When EL2 sysregs context exists (CTX_INCLUDE_EL2_REGS is
enabled) EL1 and EL2 sysreg values are restored from the context
instead of directly updating the registers.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I9b071030576bb05500d54090e2a03b3f125d1653
Used MBEDTLS_CONFIG_FILE macro for including mbedTLS
configuration.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I374b59a31df3ab1e69481b2c37a6f7455a106b6e
The reported function raises a error when compilers assert the flag
`-Warray-parameter=`, signaling that an array-type argument was promoted
to a pointer-type argument. We observed this behaviour with the gcc 11.2
version.
plat/xilinx/common/pm_service/pm_ipi.c:263:34: error: argument 1 of type 'uint32_t *'
{aka 'unsigned int *'} declared as a pointer [-Werror=array-parameter=]
263 | uint32_t calculate_crc(uint32_t *payload, uint32_t bufsize)
| ~~~~~~~~~~^~~~~~~
In file included from plat/xilinx/common/pm_service/pm_ipi.c:16:
plat/xilinx/common/include/pm_ipi.h:30:33: note: previously declared as an array 'uint32_t[8]'
{aka 'unsigned int[8]'}
30 | uint32_t calculate_crc(uint32_t payload[PAYLOAD_ARG_CNT], uint32_t buffersize);
| ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~
cc1.real: all warnings being treated as errors
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I7329f2e76ee0ca5faba71eb50babd20a796fee64
In some implementations of dtc tool (e.g. with yocto), there can be a 'v'
at the beginning of the version, and a '+' at the end. Just keep numbers
then, with a grep -o.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I180e97ab75ba3e5ceacb4b1961a1f22788b428a3
HSD #1509626040:
This patch is to add the flexibility for BL2 and BL31
to choose different UART output port at platform_def.h
using parameter PLAT_INTEL_UART_BASE
This patch also fixing the plat_helpers.S where the
UART BASE is hardcoded to PLAT_UART0_BASE. It is then
switched to CRASH_CONSOLE_BASE.
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Change-Id: Iccfa7ec64e4955b531905778be4da803045d3c8f
HSD #16014059592:
Add support for ROM Patch SHA384 mailbox SMC call.
Signed-off-by: Kris Chaplin <kris.chaplin@linux.intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ide9a7af41a089980745cb7216a9bf85e7fbd84e3
There are plans to contribute a generic MHU driver to the TF-A code
base in the short term.
In preparation for this, rename the Corstone-700 MHU driver source
files and prefix them with the name of the platform to avoid any
ambiguity or name clashes with the upcoming generic MHU driver. Also
rename the header guard accordingly.
This renaming is inline with other platform-specific MHU drivers, such
as the ones used on Broadcom [1], Socionext [2] or Amlogic [3] platforms.
[1] plat/brcm/common/brcm_mhu.h
[2] plat/socionext/synquacer/drivers/mhu/sq_mhu.h
[3] plat/amlogic/common/aml_mhu.c
Change-Id: I8a5e5b16e7c19bf931a90422dfca8f6a2a0663b4
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
If we reboot 3 times in trial mode, BL2 will select previous boot image.
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Change-Id: I82b423cc84f0471fdb6fa7c393fc5fe411d25c06
Change the backup register used to store FWU parameters from 21 to 10.
This is chosen to have a Read/Write secure and Read non-secure register.
The mapping is also changed: only the first 4 bits will be used to store
the FWU index. The 4 next bits will be used to store count info. The
other bits are reserved.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Change-Id: I9249768287ec5688ba2d8711ce04d429763543d7
Simplify the DT parsing by removing the parsing of the nvmem layout node
with "st,stm32-nvmem-layout" compatible.
The expected OTP NAME can directly be found in a sub-node named
NAME@ADDRESS of the BSEC node, the NVMEM provider node.
This patch also removes this specific binding introduced for TF-A.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: Ic703385fad1bec5bef1cee583fbe9fbbf6aea216
The stm32mp_dt.c file does not need anything from DDR header files.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ibfe23204d68ee2e863cd2eda3d725baa830b729a
Add a dummy realm attestation key to RMMD, and return it on request.
The realm attestation key is requested with an SMC with the following
parameters:
* Fid (0xC400001B2).
* Attestation key buffer PA (the realm attestation key is copied
at this address by the monitor).
* Attestation key buffer length as input and size of realm
attesation key as output.
* Type of elliptic curve.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I12d8d98fd221f4638ef225c9383374ddf6e65eac
Add QDS support for ls1088a.
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: York Sun <york.sun@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I6c7a7a23fa6b9ba01c011a7e6237f8063d45e261
The LS1088A reference design board provides a comprehensive platform
that enables design and evaluation of the product (LS1088A processor).
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: York Sun <york.sun@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: If4ca24fcee7a4c2c514303853955f1b00298c0e5
LS1088A is a cost-effective, powerefficient, and highly integrated
SoC device featuring eight extremely power-efficient 64-bit ARM
Cortex-A53 cores with ECC-protected L1 and L2 cache memories for
high reliability, running up to 1.6 GHz.
This patch is to add ls1088a SoC support in TF-A.
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: rocket <rod.dorris@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Id9ebcdad1beab07ea81a41955edd4f471d6cf090
Refine the code to be compatible with new CCN504 which is used
by ls2088a.
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I2e2b3bbb9392862b04bf8a89dfb9575bf4be974a
Support CHASSIS 3.0(such as SoC LS1088A).
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I60843bc4d604f0de1d91c6d3ad5eb4921cdcc91a
Add base address definiton for Chassis 3 platforms.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I6041b93c9e9bb49af60743bd277ac7cc6f1b9da8
Set the receiver gain to max value to recover
cold temp marginality issue for phy-gen2
Signed-off-by: Pankit Garg <pankit.garg@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: If639fa3ed404cf6e1b8abcc2b7137db1fdd0b2c2
Fix build issue of mmap_add_ddr_region_dynamically():
ls_bl2_el3_setup.c:(.text.bl2_plat_preload_setup+0x28): undefined
reference to mmap_add_ddr_region_dynamically
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I74a8b4c2337fc0646d6acb16ce61755c5efbdf38
Add a dummy platform token to RMMD and return it on request. The
platform token is requested with an SMC with the following parameters:
* Fid (0xC40001B3).
* Platform token PA (the platform token is copied at this address by
the monitor). The challenge object needs to be passed by
the caller in this buffer.
* Platform token len.
* Challenge object len.
When calling the SMC, the platform token buffer received by EL3 contains
the challenge object. It is not used on the FVP and is only printed to
the log.
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: I8b2f1d54426c04e76d7a3baa6b0fbc40b0116348
* changes:
feat(stm32mp1): select platform compilation either by flag or DT
feat(stm32mp1-fdts): add support for STM32MP13 DK board
feat(stm32mp1-fdts): add DDR support for STM32MP13
feat(stm32mp1-fdts): add st-io_policies node for STM32MP13
feat(stm32mp1): updates for STM32MP13 device tree compilation
feat(stm32mp1-fdts): add DT files for STM32MP13
feat(dt-bindings): add TZC400 bindings for STM32MP13
feat(stm32mp1): add "Boot mode" management for STM32MP13
feat(stm32mp1): manage HSLV on STM32MP13
feat(stm32mp1): add sdmmc compatible in platform define
feat(st-sdmmc2): allow compatible to be defined in platform code
feat(stm32mp1): update IO compensation on STM32MP13
feat(stm32mp1): call pmic_voltages_init() in platform init
feat(st-pmic): add pmic_voltages_init() function
feat(stm32mp1): update CFG0 OTP for STM32MP13
feat(stm32mp1): usb descriptor update for STM32MP13
feat(st-clock): add clock driver for STM32MP13
feat(dt-bindings): add bindings for STM32MP13
feat(stm32mp1): get CPU info from SYSCFG on STM32MP13
feat(stm32mp1): use only one filter for TZC400 on STM32MP13
feat(stm32mp1): add a second fixed regulator
feat(stm32mp1): adaptations for STM32MP13 image header
feat(stm32mp1): update boot API for header v2.0
feat(stm32mp1): update IP addresses for STM32MP13
feat(stm32mp1): add part numbers for STM32MP13
feat(stm32mp1): chip rev. Z is 0x1001 on STM32MP13
feat(stm32mp1): update BACKUP_BOOT_MODE for STM32MP13
feat(stm32mp1): stm32mp_is_single_core() for STM32MP13
feat(stm32mp1): remove unsupported features on STM32MP13
feat(stm32mp1): update memory mapping for STM32MP13
feat(stm32mp1): introduce new flag for STM32MP13
feat(st): update stm32image tool for header v2
To choose either STM32MP13 or STM32MP15, one of the two flags can be
set to 1 in the make command line. Or the platform selection can be
done with device tree name, if it begins with stm32mp13 or stm32mp15.
Change-Id: I72f42665c105b71a84b4952ef3fcd6c06ae4598c
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add dedicated device tree files for STM32MP13.
Add new DDR compatible for STM32MP13x.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Change-Id: Ib1bb9ad8cb2ab9f5f81549635d6604093aeb99d3
Add new APIs to enter and exit "boot mode".
In this mode a potential tamper won't block access or reset
the secure IPs needed while boot, without this mode a dead
lock may occurs.
Change-Id: Iad60d4a0420ec125b842a285f73a20eb54cd1828
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
On STM32MP13, the high speed mode for pads in low voltage is different
from STM32MP15. Each peripheral supporting the feature has its own
register.
Special care is taken for SDMMC peripherals. The HSLV mode is enabled
only if the max voltage for the pads is lower or equal to 1.8V.
Change-Id: Id94d2cca17dd4aca4d764230a643b2bb9a5f3342
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add DT_SDMMC2_COMPAT define in stm32mp1_def.h file in platform.
It allows the use of the compatible in platform code.
Change-Id: I535ad67dd133bab59cf81881adaef42d8e88632c
Signed-off-by: Yann Gautier <yann.gautier@st.com>
On STM32MP13, two new SD1 and SD2 IO compensations cells are added,
for SDMMC1 and SDMMC2. They have to be managed the same way as the
main compensation cell.
Change-Id: Ib7aa648d65fc98e1613bfb46b0e7dd568fd21002
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The nominal voltage for VDDCPU when Cortex-A7 runs at 650MHz is 1.25V
on STM32MP13. VDDCORE should be set at 1.25V as well.
This is necessary, as the PMIC values in its NVMEM are 1.2V.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I3c24fe4cd68c7bf143cf9318ab38a15d6d41b5d2
This field is now declared on the 10 LSB bits on STM32MP13.
Several possible values are specified in the Reference Manual, and
indicate an open or closed device. Other values lead to a system panic.
Change-Id: I697124a21db66a56e7e223d601aa7cf44bb183c4
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Update USB and DFU descriptor used for STM32MP13x
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Change-Id: I6e8111d279f49400a72baa12ff39f140d97e1c70
Add new clock driver for STM32MP13. Split the include file to manage
either STM32MP13 or STM32MP15.
Change-Id: Ia568cd12b1d5538809204f0fd2224d51e5d1e985
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@st.com>
The IDC register from DBGMCU is duplicated in SYSCFG. As SYSCFG is
always accessible, get chip ID and revision ID from there on STM32MP13.
Change-Id: Ib0b6e8f68a2934a45ec0012f69db6c12a60adb17
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The ERXCTLR_EL1 register reads are RES0 for some error records
leading to a false assert on a read back.
This patch removes the assert on reading back the ERXCTLR_EL1
register to fix this issue.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I0cab30b12656a800ba87b8bb94b4c67a2331dee6
On STM32MP13, there is only 1 DDR port, hence only 1 TZC400 filter.
Change-Id: I4f6750022cdaf658cd209a4bf48a6cdb0717020e
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Increase the fixed regulator number that needs to be
2 for STM32MP13.
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Change-Id: Ica990fe9a6494b76aed763d2d353f5234fed7cea
The header must now include by default at least an extra padding
header, increasing the size of the header to 512 bytes (0x200).
This header will be placed at the end of SRAM3 by BootROM, letting
the whole SYSRAM to TF-A.
The boot context is now placed in SRAM2, hence this memory has to be
mapped in BL2 MMU. This mapping is done for all SRAMs in a 2MB area.
Change-Id: I50fcd43ecd0ba2076292b057566efe6809b9971a
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add the new field for the new header v2.0.
Force MP13 platform to use v2.0.
Removing unused fields in boot_api_context_t for STM32MP13.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: Iac81aad9a939c1f305184e335e0a907ac69071df
Add the IP addresses that are STM32MP13 and update the ones for
which the base address has changed.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Iea71a491da36f721bfd3fbfb010177e2a6a57281
Add the new part numbers and adapt the functions that use them.
There is no package number in OTP as they all share the same GPIO
banks.
This part is then stubbed for STM32MP13.
Change-Id: I13414326b140119aece662bf8d82b387dece0dcc
Signed-off-by: Yann Gautier <yann.gautier@st.com>
On STM32MP13, the chip revision Z is 0x1001, contrary to STM32MP15,
for which it was 0x2001.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: If65482e824b169282abb5e26ca91e16ef7640b52
The backup register used on STM32MP15 to save the boot interface for
the next boot stage was 20. It is now saved in backup register 30
on STM32MP13.
Change-Id: Ibd051ff2eca7202184fa428ed57ecd4ae7388bd8
Signed-off-by: Yann Gautier <yann.gautier@st.com>
STM32MP13 is a single Cortex-A7 CPU, always return true in
stm32mp_is_single_core() function.
Change-Id: Icf36eaa887bdf314137eda07c5751cea8c950143
Signed-off-by: Yann Gautier <yann.gautier@st.com>
* GPIO: On STM32MP13, there are no banks GPIOJ, GPIOK and GPIOZ.
* STM32MP13 is a single Cortex-A7 CPU: remove reset from MPU1
and reset from MCU traces
* There is no MCU on STM32MP13. Put MCU security management
under STM32MP15 flag.
* The authentication feature is not supported yet on STM32MP13,
put the code under SPM32MP15 flag.
* On STM32MP13, the monotonic counter is managed in ROM code, keep
the monotonic counter update just for STM32MP15.
* SYSCFG: put registers not present on STM32MP13 under STM32MP15
flag, as the code that manages them.
* PMIC: use ldo3 during DDR configuration only for STM32MP15
* Reset UART pins on USB boot is no more required.
Change-Id: Iceba59484a9bb02828fe7e99f3ecafe69c837bc7
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@st.com>
SYSRAM is only 128KB and starts at 0x2FFE0000.
SRAMs are added.
BL2 code and DTB sizes are also reduced to fit in 128KB.
Change-Id: I25da99ef5c08f8008ff00d38248d61b6045adad4
Signed-off-by: Yann Gautier <yann.gautier@st.com>
STM32MP13 is a variant of STM32MP1, with a single Cortex-A7, and no
Cortex-M4.
There is only one DDR port.
SP_min is not supported, only OP-TEE can be used as monitor.
STM32MP13 uses the header v2.0 format for stm32image generation
for BL2.
Change-Id: Ie5b0e3230c5e064fe96f3561fc5b3208914dea53
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The stm32image tool is updated to manage new header v2.0 for BL2
images.
Add new structure for the header v2.0 management.
Adapt to keep compatibility with v1.0.
Add the header version major and minor in the command line
when executing the tool, as well as binary type (0x10 for BL2).
Change-Id: I70c187e8e7e95b57ab7cfad63df314307a78f1d6
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
This patch applies CVE-2022-23960 workarounds for Cortex-A75,
Cortex-A73, Cortex-A72 & Cortex-A57. This patch also implements
the new SMCCC_ARCH_WORKAROUND_3 and enables necessary discovery
hooks for Coxtex-A72, Cortex-A57, Cortex-A73 and Cortex-A75 to
enable discovery of this SMC via SMC_FEATURES. SMCCC_ARCH_WORKAROUND_3
is implemented for A57/A72 because some revisions are affected by both
CVE-2022-23960 and CVE-2017-5715 and this allows callers to replace
SMCCC_ARCH_WORKAROUND_1 calls with SMCCC_ARCH_WORKAROUND_3. For details
of SMCCC_ARCH_WORKAROUND_3, please refer SMCCCv1.4 specification.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ifa6d9c7baa6764924638efe3c70468f98d60ed7c
Update WA for Errata A-050426 as Commands for
PEX (PEX1..PEX6) , lnx1_e1000#0, lnx1_xfi and
lnx2_xfi has been moved to PBI phase.
This patch requires RCW to include PBI commands
to write commands in BIST mode for PEX, lnx1_e1000,
lnx1_xfi and lnx2_xfi IP blocks.
Signed-off-by: Wasim Khan <wasim.khan@nxp.com>
Change-Id: I27c2b055c82c0b58df83449f9082bfbfdeb65115
In anticipation of Spectre BHB workaround mitigation patches, we
disable the RECLAIM_INIT_CODE for FVP platform. Since the spectre
BHB mitigation workarounds inevitably increase the size of the various
segments due to additional instructions and/or macros, these segments
cannot be fit in the existing memory layout designated for BL31 image.
The issue is specifically seen in complex build configs for FVP
platform. One such config has TBB with Dual CoT and test secure
payload dispatcher(TSPD) enabled. Even a small increase in individual
segment size in order of few bytes might lead to build fails due to
alignment requirements(PAGE_ALIGN to 4KB).
This is needed to workaround the following build failures observed
across multiple build configs:
aarch64-none-elf-ld.bfd: BL31 init has exceeded progbits limit.
aarch64-none-elf-ld.bfd: /work/workspace/workspace/tf-worker_ws_2/trusted_firmware/build/fvp/debug/bl31/bl31.elf section coherent_ram will not fit in region RAM
aarch64-none-elf-ld.bfd: BL31 image has exceeded its limit.
aarch64-none-elf-ld.bfd: region RAM overflowed by 4096 bytes
Change-Id: Idfab539e9a40f4346ee11eea1e618c97e93e19a1
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Pass NS-load address as ~0UL to the 'set_config_info' function while
updating FW_CONFIG device tree information since it is always loaded
into secure memory.
Change-Id: Ieeaf9c97085128d7b7339d34495bdd58cd9fcf8a
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Pass NS-load address as ~0UL to the 'set_config_info' function while
updating FW_CONFIG device tree information since it is always loaded
into secure memory.
Change-Id: I64e8531e0ad5cda63f14d838efb9da9cf20beea8
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Pass NS-load address as ~0UL to the 'set_config_info' function while
updating FW_CONFIG device tree information since it is always loaded
into secure memory.
Change-Id: Ia33adfa9e7b0392f62056053a2df7db321a74e22
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This allows TF-A's a3700_system_reset() function to try Warm reset
method when CM3 reset method is not implemented by WTMI firmware.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I7303197373e1a8ca5a44ba0b1e90b48855d6c0c3
* changes:
Revert "feat(sgi): deviate from arm css common uart related defi..."
Revert "feat(sgi): route TF-A logs via secure uart"
Revert "feat(sgi): add page table translation entry for secure uart"
Revert submission 14286-uart_segregation
Reason for revert: Need to wait for companion patches in CI and UEFI/Linux to be upstreamed.
Reverted Changes:
I8574b31d5:feat(sgi): add page table translation entry for se...
I8896ae05e:feat(sgi): route TF-A logs via secure uart
I39170848e:feat(sgi): deviate from arm css common uart relate...
Change-Id: I28a370dd8b3a37087da621460eccc1acd7a30287
Revert submission 14286-uart_segregation
Reason for revert: Need to wait for companion patches in CI and UEFI/Linux to be upstreamed.
Reverted Changes:
I8574b31d5:feat(sgi): add page table translation entry for se...
I8896ae05e:feat(sgi): route TF-A logs via secure uart
I39170848e:feat(sgi): deviate from arm css common uart relate...
Change-Id: I7c488aed9fcb70c55686d705431b3fe017b8927d
Revert submission 14286-uart_segregation
Reason for revert: Need to wait for companion patches in CI and UEFI/Linux to be upstreamed.
Reverted Changes:
I8574b31d5:feat(sgi): add page table translation entry for se...
I8896ae05e:feat(sgi): route TF-A logs via secure uart
I39170848e:feat(sgi): deviate from arm css common uart relate...
Change-Id: I9bec02496f826e184c6efa643f869b2eb3b52539
DFD (Design for Debug) is a debugging tool, which scans flip-flops and
dumps to internal RAM on the WDT reset. After system reboots, those
values could be showed for debugging.
BUG=b:222217317
TEST=build pass
Signed-off-by: Rex-BC Chen <rex-bc.chen@mediatek.com>
Change-Id: I659ea1e0789cf135a71a13b752edaa35123e0941
When trying to boot from an SD card with STM32MP_EMMC_BOOT enabled,
booting fails with:
ERROR: Got unexpected value for active boot partition, 0
ASSERT: plat/st/common/bl2_stm32_io_storage.c:285
because SD cards don't provide a boot partition. So only try reading
from such a partition when booting from eMMC.
Fixes: 214c8a8d08 ("feat(plat/st): add STM32MP_EMMC_BOOT option")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Change-Id: I354b737a3ae3ea577e83dfeb7096df22275d852d
* changes:
feat(sgi): add page table translation entry for secure uart
feat(sgi): route TF-A logs via secure uart
feat(sgi): deviate from arm css common uart related definitions
Updated makefile so that build can accept absolute mbedTLS path.
Change-Id: Ife73266a01d7ed938aafc5e370240023237ebf61
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Updating call order for arm_console_boot_init() and arm_bl31_early_platform_setup().
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: If932fff2ee4282a0aacf8751fa81e7665b886467
Patch [1] introduces a mechanism to provide the platform
specified mbedTLS config file, but that result in build failure
for Broadcom platform.
This build failure is due to the absence of the mbedTLS configuration
file i.e. brcm_mbedtls_config.h in the TF-A source code repository.
"fatal error: brcm_mbedtls_config.h: No such file or directory"
This problem was resolved by removing the 'brcm_mbedtls_config.h' entry
from the broadcom platform makefile, allowing this platform to use
the default mbedtls_config.h file.
[1]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/13726
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I7cc2efc049aefd3ebce1ae513df9b265fe31ded6
Add page table translation entry for secure uart so that logs from
secure partition can be routed via the same.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I8574b31d5d138d9f94972deb903124f8c5b70ce4
Route the boot, runtime and crash stage logs via secure UART port
instead of the existing use of non-secure UART. This aligns with the
security state the PE is in when logs are put out. In addition to this,
this allows consolidation of the UART related macros across all the
variants of the Neoverse reference design platforms.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I8896ae05eaedf06dead520659375af0329f31015
The Neoverse reference design platforms will migrate to use different
set of secure and non-secure UART ports. This implies that the board
specific macros defined in the common Arm platform code will no longer
be usable for Neoverse reference design platforms.
In preparation for migrating to a different set of UART ports, add a
Neoverse reference design platform specific copy of the board
definitions. The value of these definitions will be changed in
subsequent patches.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I39170848ecd81a7c1bbd3689bd905e45f9435f5c
* changes:
build(intel): enable access to on-chip ram in BL31 for N5X
fix(intel): make FPGA memory configurations platform specific
fix(intel): fix ECC Double Bit Error handling
build(intel): define a macro for SIMICS build
build(intel): add N5X as a new Intel platform
build(intel): initial commit for crypto driver
Remove reserved range for platform provider owned SPs if the dual root
CoT is disabled and allow SPs to populate the range up to MAX_SP_IDS.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: Ib4ec18f6530d2515ada21d2c0c388d55aa479d26
Following I2d274fa897171807e39b0ce9c8a28824ff424534:
Remove GICD registers S2 mapping from OP-TEE partition when it runs in a
secure partition on top of Hafnium.
The partition is not meant to access the GIC directly but use the
Hafnium provided interfaces.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I1a38101f6ae9911662828734a3c9572642123f32
Fix coding style violations and alignments:
- Remove additional newlines in headers
- Remove additional newlines in code
- Add newline to separate variable from the code
- Use the same indentation in platform.mk
- Align function parameters
- Use tabs for indentation in kernel-doc format
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Change-Id: I0b12804ff63bc19778e8f21041f9accba5b488b9
This adds the ncore ccu access and enable access to the
on-chip ram for N5X device in BL31.
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I713f6e93d33b6e91705547477ca32cfba5c8c13d
Define FPGA_CONFIG_SIZE and FPGA_CONFIG_ADDR in
platform-specific header. This is due to different
allocated sizes between platforms.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Iac4fbf4d4940cdf31834a9d4332f9292870dee76
SError and Abort are handled in Linux (EL1) instead of
EL3. This patch adds some functionality that complements the
use cases by Linux as follows:
- Provide SMC for ECC DBE notification to EL3
- Determine type of reset needed and service the request in
place of Linux
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I43d02c77f28004a31770be53599a5a42de412211
SIMICS builds have different UART configurations compared
to hardware build. Hence, this patch defines a macro to
differentiate between both.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Iadecd5445e06611486ac3c6a214a6d0dc8ccd27b
This commit adds a new Intel platform called N5X.
This preliminary patch only have Bl31 support.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ib31f9c4a5a0dabdce81c1d5b0d4776188add7195
This patch adds driver for Intel FPGA's Crypto Services.
These services are provided by Intel platform
Secure Device Manager(SDM) and are made accessible by
processor components (ie ATF).
Below is the list of enabled features:
- Send SDM certificates
- Efuse provision data dump
- Encryption/decryption service
- Hardware IP random number generator
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: If7604cd1cacf27a38a9a29ec6b85b07385e1ea26
* changes:
fix(zynqmp): query node status to power up APU
feat(zynqmp): pm_api_clock_get_num_clocks cleanup
feat(zynqmp): add feature check support
fix(zynqmp): use common interface for eemi apis
feat(zynqmp): add support to get info of xilfpga
feat(zynqmp): pass ioctl calls to firmware
When the atf-handoff-params are updated we are returning
FSBL_HANDOFF_SUCCESS, but the return condition is wrongly
updated and added a error log which is incorrect.
Fixing the incorrect log message.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I44ebbb861831b86afcb87f09ddb2e23614393c28
Add the possibility to configure console UART baudrate, it can be passed
as a command line parameter with STM32MP_UART_BAUDRATE. The default value
remains 115200.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I000df70c10b2b4dac1449556596f9820c36cf243
If APU is in suspending state and if wakeup request comes then
PMUFW returns error which is not handled at ATF side.
To fix this, get the APU node status before calling wakeup and
return error if found in suspending state.
Here, we can not handle the error code of pm_req_wakeup() from PMUFW
because ATF is already calling pm_client_wakeup() before calling
pm_req_wakeup().
Signed-off-by: Ravi Patel <ravi.patel@xilinx.com>
Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Change-Id: I18d47384e46e22ae49e804093ad0641b7a6349e2
There is no reason to have even one additional useless line that's why
remove it.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Change-Id: Icc3c74249dfe64173aa5c88fb0f9ffe7576fc2aa
This API returns version of supported APIs.
Here, there are three cases to check API version by using feature
check implementation.
1. Completely implemented in TF-A: I mean the EEMI APIs which are
completely implemented in the TF-A only. So check those IDs and
return appropriate version for the same. Right now, it is base
version.
2. Completely implemented in firmware: I mean the EEMI APIs which are
completely implemented in the firmware only. Here, TF-A only passes
Linux request to the firmware to get the version of supported API. So
check those IDs and send request to firmware to get the version and
return to Linux if the version is supported or return the error code
if the feature is not supported.
3. Partially implemented (Implemented in TF-A and firmware both):
First check dependent EEMI API version with the expected version in
the TF-A. If the dependent EEMI API is supported in firmware then
return its version and check with the expected version in the TF-A.
If the version matches then check for the actual requested EEMI API
version. If the version is supported then return version of API
implemented in TF-A.
Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Change-Id: I73f20d8222c518df1cda7879548b408b130b5b2e
Currently all EEMI API has its own implementation in TF-A which is
redundant. Most EEMI API implementation in TF-A does same work. It
prepares payload received from kernel, sends payload to firmware,
receives response from firmware and send response back to kernel.
So use common interface for EEMI APIs which has similar functionality.
This will optimize TF-A code.
Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Change-Id: I07325644a1fae80211f2588d5807c21973f6d48f
Adds support to get the xilfpga library version and feature list info.
Signed-off-by: Nava kishore Manne <nava.manne@xilinx.com>
Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Change-Id: Iff10ad2628a6a90230c18dc3aebf9dde89f53ecd
Firmware supports new IOCTL for different purposes. To avoid
maintaining new IOCTL IDs in ATF, pass IOCTL call to firmware
for IOCTL IDs implemented in firmware.
Signed-off-by: Rajan Vaja <rajan.vaja@xilinx.com>
Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Change-Id: Ie14697c8da9581b0f695f4d33f05161ece558385
Update the MAX_XLAT_TABLES as the memory map has been
added for the dtb to accomodate in DDR address.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I46225673f40f123cdab38efefb038604da119b58
Remove the time stamp and system counter configuration, as
this configuration is already done by the first stage bootloader.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I41554dc2e14d97954bff299df9740a5efa30fad9
With gcc-11, the -Wformat-signedness warning complains about enum values
that should be printed as unsigned values. But the current version of
compiler used in CI states that this parameter is signed. Just cast the
value then.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ic0655e5ba9c44fe6abcd9958d7a9972f5de3b7ef
* changes:
fix(intel): null pointer handling for resp_len
fix(intel): define macros to handle buffer entries
fix(intel): change SMC return arguments for INTEL_SIP_SMC_MBOX_SEND_CMD
fix(intel): always set doorbell to SDM after sending command
fix(intel): fix bit masking issue in intel_secure_reg_update
fix(intel): fix ddr address range checker
build(changelog): add new scope for Intel platform
Change resource_req to 0 to disable 26MHz clock.
SPM firmware will pull-down SRCLKENA0 after 26MHz off while suspending.
TEST=verify 26MHz clock off using the oscilloscope.
BUG=b:215639203
Signed-off-by: Jason-ch Chen <jason-ch.chen@mediatek.com>
Change-Id: I05702d14a015cabccd6d4af0e3f2a534fbe4dd12
* changes:
fix(nxp-crypto): refine code to avoid hang issue for some of toolchain
build(changelog): add new scope for nxp crypto
fix(lx2): drop erratum A-009810
Platforms which support Realm world cannot boot up
properly if measured boot is enabled at build time.
An assertions occurs due to the missing RMM entry
in the event_log_metadata array.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I172f10a440797f7c9e1bc79dc72242b40c2521ea
Previous changes from commit #6a659448 updates resp_len from an integer
type to unsigned integer pointer type. This patch adds proper handling
in case resp_len is a null pointer. Resp_len with value 0 are also
changed to NULL to match the type change.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I75b3e3bfbb188d8e7b329ba3b948c23e31dec490
This patch defines a macro to handle Secure Device Manager's (SDM)
pointer to command & response buffer entries and convert them to the
correct physical address.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I4cf9f1d90e0d5ae4e1a2ce84165864b48c2862e7
'INTEL_SIP_SMC_MBOX_SEND_CMD' SMC runtime service will only return
mailbox status and the argument's length back to the caller
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Change-Id: I50d2ae74845794cab7bf0858e742b5a70e0ea868
This patch fixes the mailbox stall issue when sending mailbox command
that is larger than mailbox command FIFO size.
Large mailbox command will be sent to SDM in multiple chunks. HPS will
set doorbell to SDM when command FIFO full (is_doorbell_triggered will
be set to 1) to notify SDM to read the command data from FIFO, so that
HPS can continue to send the next chunk of command data.
However, HPS will not set the doorbell to SDM at the end if the doorbell
have been set earlier due to FIFO full. This will cause SDM mailbox
service stall because it is still waiting for last chunk of command data.
This patch fixes the code to always set the doorbell to SDM at the end
to get rid of stall issue.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Change-Id: Idbe62410a00d92a30c7aeaa26d53d79a910cac0a
intel_secure_reg_update function should apply mask to the value before
write into register.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Change-Id: I84bbd06e24b8666528b53030e8359743d438eb5b
This patch fix address range checker to make sure that it does not
errors out on NULL address with size 0. Non-secure software will send
this NULL address if the SMC call doesn't need to pass any address buffer.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I7e492c562a311ba989570c4ed465f845333ec865
This patch fixes the code issue detected by Klocwork scan. Pointer
'bl_mem_params' returned from call to function 'get_bl_mem_params_node'
may be NULL and the NULL pointer may be caused the system crash. Update
the code to assert if unexpected NULL pointer is returned.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Change-Id: I00f3132a6104618cadce26aa303c0b46b5921d5b
Request ownership and direct access to QSPI by default in BL2.
Previously, this is only done on QSPI boot mode.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ie222bbf9d719f2f70f89d4739c285efe6df4c955
The erratum A-009810 should not be applied to LX2, the impaction is
that it can cause system reboot when linux tried to power down, so remove
it.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I5e24229cf8512eff28b315ebcdf18de555c40c74
* changes:
docs(layerscape): add ls1046a soc and board support
feat(ls1046aqds): add board ls1046aqds support
feat(ls1046afrwy): add ls1046afrwy board support
feat(ls1046ardb): add ls1046ardb board support
feat(ls1046a): add new SoC platform ls1046a
fix(nxp-tools): fix tool location path for byte_swape
fix(nxp-qspi): fix include path for QSPI driver
build(changelog): add new scopes for NXP layerscape platforms
* changes:
feat(stm32mp1): enable format-signedness warning
fix(stm32mp1): correct types in messages
fix(st-pmic): correct verbose message
fix(st-sdmmc2): correct cmd_idx type in messages
fix(st-fmc): fix type in message
fix(mtd): correct types in messages
fix(usb): correct type in message
fix(tzc400): correct message with filter
fix(psci): correct parent_node type in messages
fix(libc): correct some messages
fix(fconf): correct image_id type in messages
fix(bl2): correct messages with image_id
Currently only the lowest 2 DRAM region were configured in the
TrustZone Controller, but the platform supports 6 regions spanning the
whole address space.
Configuring all of them to allow tests to access memory also in those
higher memory regions.
FVP memory map:
https://developer.arm.com/documentation/100964/1116/Base-Platform/Base---memory/Base-Platform-memory-map
Note that last row is wrong, describing a non-existing 56bit address,
all region labels should be shifted upward.
Issue has been reported and next release will be correct.
Change-Id: I695fe8e24aff67d75e74635ba32a133342289eb4
Signed-off-by: Federico Recanati <federico.recanati@arm.com>
Add initial support for RD-Edmunds platform. This platform is considered
as a variant of RD-N2 platform with only major change being the CPU
which is Demeter instead of Neoverse-N2.
Signed-off-by: Tony K Nadackal <tony.nadackal@arm.com>
Change-Id: I939d9eac652fa9e76ad002ee5e6107aa79baa013
Add the flag -Wformat-signedness to TF_CFLAGS for STM32MP1.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I6af18778902b0a4dae1c08735d2d070ef3d137ce
Secure enclave decides the boot bank based on the firmware update
state of the system and updates the boot bank information at a given
location in the flash. In this commit, bl2 reads the given flash
location to indentify the bank from which it should load fip from.
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: I7f0f4ffc97189c9deb99db44afcd966082ffbf21
A53 AP BootROM is just 16 kB long and is mapped to address range
0xFFFF0000-0xFFFF4000. RVBAR_EL3 register has value 0xFFFF0000.
A53 AP BootROM itself is in the BootROM window which is 1 MB long and
mapped to address range 0xFFF00000-0xFFFFFFFF.
CM3 BootROM is not accessible from A53 core.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I5d4a4c7b1e7550c4738c67a872d341f945d48bbc
More space in the flash is reserved up front for metadata
parser and UEFI variables. That requires change in the flash
base address of where images are present.
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: Ieaabe09374d707de18d36505c69b6c9a8c2ec2e9
This change implements platform specific psci reset
for the corstone1000.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: I25f77234506416c3376ff4a028f6ea40ebe68437
ls1046aqds board is full function board to evaluate ls1046a platform.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Signed-off-by: York Sun <york.sun@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: Id1befe37a25f7c379e76791538348fd03bba78f7
The LS1046A Freeway board (FRWY) is a high-performance computing,
evaluation, and development platform that supports the LS1046A
architecture processor capable of support more than 32,000 CoreMark
performance. The FRWY-LS1046A board supports the LS1046A processor,
onboard DDR4 memory, multiple Gigabit Ethernet, USB3.0 and M2_Type_E
interfaces for Wi-Fi, FRWY-LS1046A-AC includes the Wi-Fi card.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Signed-off-by: York Sun <york.sun@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I9a9680689e6f17bf4cc76fd5d1883eed6ace5149
The LS1046A reference design board (RDB) is a high-performance
computing, evaluation, and development platform that supports
the Layerscape LS1046A architecture processor.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Signed-off-by: York Sun <york.sun@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: Ib7a01b309e0b0acc7f38e22b138e9e181dff244a
The LS1046A is a cost-effective, power-efficient, and highly
integrated system-on-chip (SoC) design that extends the reach
of the NXP value-performance line of QorIQ communications
processors. Featuring power-efficient 64-bit Arm Cortex A72
cores with ECC-protected L1 and L2 cache memories for high
reliability, running up to 1.8 GHz.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: rocket <rod.dorris@nxp.com>
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Change-Id: I208d9bf1702410463c2b2630d31d0cd4eb7e8837
These changes are required to accommodate 3MB for OP-TEE and this
is required for SP's part of optee
Added size macro's for better readability of the code
Moved uboot execution memory from CVM to DDR
Change-Id: I16657c6e336fe7c0fffdee1617d10af8a2c76732
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
diphda platform is now being renamed to corstone1000.
These changes are to replace all the instances and traces
of diphda corstone1000.
Change-Id: I330f3a112d232b99b4721b6bf0236253b068dbba
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Add helper functions to generate event log for imx8mm
when MEASURED_BOOT=1.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: Ifc947d749055787fbda0b39170aa2eb8865b7802
The PIE compilation is used only for BL32, move the ENABLE_PIE to
sp_min-stm32mp1.mk file. Override PIE flags, as sp_min.mk file is
included after the flags are set in Makefile.
The BL2_IN_XIP_MEM was added for a feature not yet upstreamed.
It is then removed from platform.mk file.
Change-Id: If055e51e0f160f99cd4e4cf68ca718d4d693119c
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
tamp_bkpr() returns a register address. So use uintptr_t instead of
uin32_t.
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Change-Id: I5eddfa525465313dadfec18d128248a968ba74e2
Add the SZ_* macros from 32 to 2G.
This allows removing some defines in raw NAND driver
and STM32MP1 boot device selection code.
Change-Id: I3c4d4959b0f43e785eeb37a43d03b2906b7fcfbc
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Actually BL31_LIMIT is set to 0xffffffff but that doesn't work correctly
with bl31.ld since ". = ALIGN(((1) << (12)));" will try to fill aligned up
to 0x100000000 included, but the RAM size is 0xffffffff, so this leads to
this build error:
```
bl31.elf section `coherent_ram' will not fit in region `RAM'
/home/br-user/git/upstream/ci-tests/zynqmp_zcu102/host/bin/aarch64-buildroot-linux-uclibc-ld: region `RAM' overflowed by 1 byte
```
So let's move BR31_LIMIT to 0x100000000 giving 1 byte more room to fill RAM
up to the end.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Change-Id: Ic0edb8ed159e013f60598a9dd4f50adbf656b38d
Add board support for variant 2 of RD-N2 platform which is a four chip
variant with 4 cores on each chip. The "CSS_SGI_PLATFORM_VARIANT" value
is 2 for multi-chip variant. The "CSS_SGI_CHIP_COUNT_MACRO" can be in
the range [1, 4] for multi-chip variant.
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Change-Id: I6412106e80e2f17704c796226c2ee9fe808705ba
Add support for the PSCI CPU_ON call to allow booting secondary CPU
cores. On cold boot they need to be booted with a special register
sequence. Also, the "boot remapper" needs to be configured to point to
the BL31_BASE, so the CPUs actually start executing BL31 after reset.
Change-Id: I406c508070ccb046bfdefd51554f12e1db671fd4
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Booting e.g. Linux in the non-secure world does not work with the
msm8916 port yet because essential hardware is not made available to
the non-secure world. Add more platform initialization to:
- Initialize the GICv2 and mark secure interrupts.
Only secure SGIs/PPIs so far. Override the GICD_PIDR2_GICV2
register address in platform_def.h to avoid a failing assert()
because of a (hardware) mistake in Qualcomm's GICv2 implementation.
- Make a timer frame available to the non-secure world.
The "Qualcomm Timer" (QTMR) implements the ARM generic timer
specification, so the standard defines (CNTACR_BASE etc)
can be used.
- Make parts of the "APCS" register region available to the
non-secure world, e.g. for CPU frequency control implemented
in Linux.
- Initialize a platform-specific register to route all SMMU context
bank interrupts to the non-secure interrupt pin, since all control
of the SMMUs is left up to the non-secure world for now.
Change-Id: Icf676437b8e329dead06658e177107dfd0ba4f9d
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Introduce the bare mimimum base of the msm8916 BL31 port. This is
pretty much just a standard platform "skeleton" with CPU/memory
initialization and an UART driver. This allows booting into
e.g. U-Boot with working UART output.
Note that the plat/qti/msm8916 port is completely separate and does not
make use of anything in plat/qti/common at the moment. The main reason
for that is that plat/qti/common is heavily focused around having a
binary "qtiseclib" component, while the MSM8916 port is fully
open-source (and therefore somewhat limited to publicly documented
functionality).
In the future it might be possible to re-use some of the open-source
parts in plat/qti/common (e.g. spmi_arb.c or pm_ps_hold.c) but it's
not strictly required for the basic functionality supported so far.
Change-Id: I7b4375df0f947b3bd1e55b0b52b21edb6e6d175b
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
From the new binding, the RCC become secured based on the new
compatible. This must be done only from the secure OS initialisation.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I7f0a62f22bfcca638ddaefc9563df00f89f01653
Add an early UART console to ease debug before UART is fully configured.
This is done under flag STM32MP_EARLY_CONSOLE in the first STM32MP1
platform function called (bl2_el3_early_platform_setup()). It uses the
parameters defined for crash console: STM32MP_DEBUG_USART* macros.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Id6be62368723a0499e97bbf56fb52c166fcbdfad
* changes:
feat(stm32mp1): warn when debug enabled on secure chip
fix(stm32mp1): rework switch/case for MISRA
feat(st): disable authentication based on part_number
* changes:
feat(st-gpio): do not apply secure config in BL2
feat(st): get pin_count from the gpio-ranges property
feat(st-gpio): allow to set a gpio in output mode
refactor(st-gpio): code improvements
The Event Log sources are added to the source-list of BL1 and BL2
images in the Event Log Makefile. It doesn't seem correct since
some platforms only compile Event Log sources for BL2.
Hence, moved compilation decision of Event Log sources to the
platform makefile.
Change-Id: I1cb96e24d6bea5e091d08167f3d1470d22b461cc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
The "ngpios" property is deprecated and may be removed.
Use the "gpio-ranges" property where the last parameter of that
property is the number of available pins within that range.
Signed-off-by: Fabien Dessenne <fabien.dessenne@foss.st.com>
Change-Id: I28295412c7cb1246fc753cff0d447b6fdcdc4c0f
Add a banner that inform user that debug is enabled
on a secure chip.
Change-Id: Ib618ac1332b40a1af72d0b60750eea4fc36a8014
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Avoid the use of return inside switch/case in stm32mp_is_single_core().
Although this MISRA rulre might not be enforced, we align on what is done
for stm32mp_is_auth_supported().
Change-Id: I00a5ec1b18c55b4254af00c9c5cf5a4dce104175
Signed-off-by: Yann Gautier <yann.gautier@st.com>
STM32MP15xA and STM32MP15xD chip part numbers don't
support the secure boot.
All functions linked to secure boot must not be used
and signed binaries are not allowed on such chip.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I5b85f322f5eb3b64415e1819bd00fb2c99f20695
The monotonic counter is stored in an OTP fuse.
A check is done in TF-A.
If the TF-A version is incremented, then the counter will be updated
in the corresponding OTP.
Change-Id: I6e7831300ca9efbb35b4c87706f2dcab35affacb
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Mathieu Belou <mathieu.belou@st.com>
Use dt_find_otp_name() to retrieve platform OTP information
from device tree, directly or through stm32_get_otp_index() and
stm32_get_otp_value() platform services.
String definitions replace hard-coded values, they are used to call
this new function.
Change-Id: I81213e4a9ad08fddadc2c97b064ae057a4c79561
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Rename driver file to BSEC2.
Split header file in IP and feature parts.
Add functions to access BSEC scratch register.
Several corrections and improvements.
Probe the driver earlier, especially to check debug features.
Change-Id: I1981536398d598d67a19d2d7766dacc18de72ec1
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Used by driver parsing this node to get information.
Change-Id: I50623a497157adf7b9da6fafe8d79f6ff58c0ebc
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
This patch adds the basic CPU library code to support the Poseidon CPU
in TF-A. Poseidon is derived from HunterELP core, an implementation of
v9.2 architecture. Currently, Hunter CPU the predecessor to HunterELP,
is supported in TF-A. Accordingly the Hunter CPU library code has been
as the base and adapted here.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I406b4de156a67132e6a5523370115aaac933f18d
This warning can only be removed if the version is newer than v1.6.0.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I472a8e552305b563447e8148074a5c0970b429e3
Remove stm32mp_incr_shrefcnt(), stm32mp_decr_shrefcnt(),
stm32mp_incr_refcnt() and stm32mp_decr_refcnt() that are unused.
The file is then just removed.
Change-Id: I09ee23c02317df5d8f71cbc355d3ed4a67ce2749
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Due to stm32mp_shres_helpers.h removal, the debug.h header is no more
included. It should then be added to stm32mp1_boot_device.c.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I397911ac05fdff464c010cf3b2e04320a781b4aa
Add support for enabling the FWU multi bank boot feature on the
platform.
Currently, this feature is supported on the STM32MP157C-DK2 board,
which boots off a uSD card. Also, support has been enabled when
booting from a FIP image.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: Ia69e858461e2daf599d41d66d7ff2ccae0c341c2
With the FWU Multi Bank update feature, the platform can boot from one
of multiple banks(partitions). Pass the value of bank from which the
platform has booted as boot index to the Update Agent. The Update
Agent will match this boot index value against the active_index field
in the metadata, and update the metadata if there is a mismatch.
Fow now, the mechanism to pass the boot index is platform specific. On
the STM32MP1 platform, the boot index value is passed through a
memorey mapped TAMP register on the SoC.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: I0aa665ff9c1db95be8ae19ed8de6d866587d6850
Add support for reading the FWU metadata partition. The metadata
partition stores information on the current active bank along with
information on all the FWU updatable images on the platform. This
information is then used to identify the image to be booted.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: I66bc5ac718c21a49c504e698b5b1f5c4daed2d08
With the FWU multi bank boot feature enabled, the platform can boot
from one of the multiple banks(partitions) containing the firmware
images. The bank whose firmware components are to be booted is read
from the FWU metadata structure -- the image to be booted is thus
derived by reading the metadata.
Read the metadata and set the image spec of the corresponding image
type to point to the partition from which the image is to be booted.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: I3dfdc7e9202859e917ec4e1f7d1855aad42c6b70
Add GUID's for identifying the firmware image type. With the FWU
multi bank boot feature enabled, these GUID values are used to
identify the firmware image to be booted. This is done by matching
GUID values of images in the io policy table with the Image GUID value
that is read from the FWU metadata structure.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: Id9751f02f95fc48ef68e4e3f9f0ddbf6d6319d3c
With the FWU multi bank feature enabled, the identification of
firmware image type is done using the image type GUID instead of
binary_type field.
Add GUID values for the FIP image which can be updated through
the FWU firmware update feature. The GUID values are used in
identifying the firmware images.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: If7d9356aa8d2bb3fbcbc87100e6972f1a1862921
The metadata structure copy is passed to the platform routine to set
the image source to boot the platform from. This is done by reading
the metadata structure. Pass the metadata as a read-only copy to the
routine -- the routine only needs to consume the metadata values and
should not be able to update the metadata fields.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: I399cad99ab89c71483e5a32a1de0e22df304f8b0
* changes:
feat(stm32mp1): add helper to enable high speed mode in low voltage
refactor(stm32mp1): add helpers for IO compensation cells
feat(stm32mp1): use clk_enable/disable functions
feat(stm32mp1): add timeout in IO compensation
Increase the stack size to avoid stack overflow
when the LOG_LEVEL compile option is set high.
Signed-off-by: Hideyuki Nitta <hideyuki.nitta.jf@hitachi.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: I25047322763bff148dba13848a3a40f4c7cf90b7
Fixed an issue where the CPU and Cluster could not be turned OFF
when the SYSTEM_OFF has executed.
Signed-off-by: Hideyuki Nitta <hideyuki.nitta.jf@hitachi.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: Id476f815b58246ae0574c04ccb3eb201d09039b9
The LS1043A reference design board (RDB) is a computing, evaluation,
and development platform that supports the Layerscape LS1043A
architecture processor.
The old implementation in tf-a (plat/layerscape/board/ls1043/) is removed,
and this patch is adding it back, it is using the unified software
component and architecture with all the other Layerscape platforms.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Change-Id: I83eee2f9254267b148960b05e25b6c9ba86cf07e
The LS1043A processor was NXP's first quad-core, 64-bit Arm based
processor for embedded networking.
The old implementation in tf-a (plat/layerscape/board/ls1043/) is removed,
and this patch is adding it back, it is using the unified software
component and architecture with all the other Layerscape platforms.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: rocket <rod.dorris@nxp.com>
Change-Id: Ia3877530fae6479bd4a33bbe46b0c0d28ab43160
Remove old implementation for Layerscape ls1043a platform, and
will added it back with unified software architecture of all
Layerscape platforms.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: If038c19ab04d70050ec8e6ab2097b1c4f8324e87
Increate SoC name length as it is not enough for some
SoC personalities.
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I2142b4b5162dd3c9ab3afefcdc859063836d8bcc
Use STM32MP_HEADER_RESERVED_SIZE macro instead of a fixed value 0x3000
in linker script.
Change-Id: I2702285c15aebaa1304a891c8aaabc949a912ba6
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This new function is used to fill the register(s) responsible to enable
high speed mode for pad in low voltage (<2.7V).
Change-Id: Ib8abc6628bdf51bbe6a866bc6a9bcdeb4a84a8f4
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add enable_io_comp_cell and disable_io_comp_cell local helpers
to enable or disable an IO compensation cell.
Change-Id: I65295298a7ece572ae939e2db93d10b188de0f9e
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Use the clock framework functions in SYSCFG driver instead of dedicated
functions.
Change-Id: Ifb50a5207e8cecef1c80d86e2de4d70ab6bf8b8b
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Use a timeout during IO compensation enable function, when
waiting for ready status. If timeout expires, print a warning
message, to indicate that the SoC recommendation is not followed.
Change-Id: I98c7dcb1364b832f4f4b5fc9a0b85a3741a8af4b
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Added some RCPM2 register offset definiton for register: IPSTPCR,
IPSTPACKR and POWMGTDCR, also added OVRD bit definiton of register
POWMGTDCR.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I301bc1401e053c2089b5eb3672c6e649c805a2ab
total_dram_size should be signed value because it is equal to return
value of init_ddr(), so if it is lower or equal zero, report
error as DDR is not initialized correctly.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Idbc40da103f60f10cb18c5306e97b764c1a9d372
Add helper function to disable the load-store prefetch.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I36d7be37e0b800ab1e5842a56cfd04d779338868
* changes:
feat(stm32mp1): enable BL2_IN_XIP_MEM to remove relocation sections
refactor(stm32mp1): reduce MMU memory regions and split XLAT by context
feat(st): map 2MB for ROM code
fix(stm32mp1): restrict DEVICE2 mapping in BL2
Total Compute has ETE and TRBE tracing components and they have
to be enabled to capture the execution trace of the processor.
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
Change-Id: I3c86c11be2c655a61ecefa3eb2e4e3951577a113
Because the BL2 is not relocated, the usage of BL2_IN_XIP_MEM
can be used. It reduces the binary size by removing all relocation
sections. XIP will not be used when STM32MP_USE_STM32IMAGE is
defined. Introduce new definitions for SEPARATE_CODE_AND_RODATA.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: Ifd76f14e5bc98990bf84e0bfd4ee0b4e49a9a293
Simplify the BL2 MMU mapping and reduce the memory regions
number. Split the XLAT define between BL2 and BL32 as binaries
do not share the same tables anymore.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: Iaf09e72b4cc29acbe376f6f1cd2a8116c793ba26
This allows reducing MMU tables, and as there is nothing after ROM code
in memory mapping, this has no impact.
Change-Id: If51facb96a523770465cb06eb1ab400f75d26db3
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Only NAND memory map area can be of interest for BL2 in the
DEVICE2 area. Map DEVICE2 under STM32MP_RAW_NAND flag.
Change-Id: I7e3b39579e4a2525b25cb1987d6ec38038d0de2b
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change BL31 load address to 0x970000. This was done by Change-Id
I96d572fc. But then changed back to 0x960000 by Change-Id I8308c629.
However, 0x970000 is the correct value thus we change it back again.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Change-Id: Ia0db4877123b89072f723d18e2bcce25ef38f47d
Disabled CRYPTO_SUPPORT option for Renesas platform as it does not
follow the TF-A authentication mechanism where Trusted-Boot mandates
Crypto module support.
Change-Id: I3aa771e983e3dde083dd8a861f25c0714ffd707f
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
As Measured-Boot and Trusted-Boot are orthogonal, removed
Trusted-Boot's dependency on Measured-Boot by allowing them
to apply the Crypto module changes independently using the
CRYPTO_SUPPORT build flag.
Change-Id: I5a420e5d84f3fefe0c0092d822dab981e6390bbf
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
* changes:
refactor(st-ddr): move basic tests in a dedicated file
refactor(st-ddr): reorganize generic and specific elements
feat(stm32mp1): allow configuration of DDR AXI ports number
refactor(st-ddr): update parameter array initialization
feat(st-ddr): add read valid training support
refactor(stm32mp1): remove the support of calibration result
fix(st-ddr): correct DDR warnings
As the UART is already initialized, no need to check for UART clock
or reset in next BL. An issue can appear if the next BL device tree
(e.g HW_CONFIG) doesn't use the same clocks or resets (like SCMI ones).
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I044ef2386abe2d3dba5a53c3685440d64ca50a4f
This patch includes the errata workaround for erratum
1868343 for the Morello platform.
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Change-Id: Ifea8148e10946db2276560f90bf2f32bf12b9dcc
* changes:
feat(plat/rcar3): update IPL and Secure Monitor Rev.3.0.3
feat(plat/rcar3): modify type for Internal function argument
feat(plat/rcar3): modify sequence for update value for WUPMSKCA57/53
fix(plat/rcar3): fix to bit operation for WUPMSKCA57/53
These basic tests are generic and should be used independently of the
driver, depending on the plaftorm characteristics.
Change-Id: I38161b659ef2a23fd30a56e1c9b1bd98461a2fe4
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@foss.st.com>
stm32mp_ddrctl structure contains DDRCTRL registers definitions.
stm32mp_ddr_info contains general DDR information extracted from DT.
stm32mp_ddr_size moves to the generic side.
stm32mp1_ddr_priv contains platform private data.
stm32mp_ddr_dt_get_info() and stm32mp_ddr_dt_get_param() allow to
retrieve data from DT. They are located in new generic c/h files in
which stm32mp_ddr_param structure is declared. Platform makefile
is updated.
Adapt driver with this new classification.
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Change-Id: I4187376c9fff1a30e7a94407d188391547107997
A new flag STM32MP_DDR_DUAL_AXI_PORT is added, and enabled by default.
It will allow choosing single or dual AXI ports for DDR.
Change-Id: I48826a66a6f4d18df87e081c0960af89ddda1b9d
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Refactor the GPIO code to use a small lookup table instead of redundant or
repetitive code.
Signed-off-by: Jona Stubbe <tf-a@jona-stubbe.de>
Change-Id: Icf60385095efc1f506e4215d497b60f90e16edfd
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
On closed chips, it is not allowed to open debug. The BSEC debug
register can not be rewritten.
On open chips, the debug is already open, no need to rewrite this
register. This part of code is just removed.
An INFO message is displayed if debug is disabled.
The freeze of the watchdog during debug is also removed.
In case of debug, this must be managed by the software that enables
the debugger.
Change-Id: I19fbd3c487bb1018db30fd599cfa94fe5090899f
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Add function headers to improve readability.
Add asserts when required.
Use RCC_BASE address.
Change-Id: Ia545293f00167b6276331a986ea7aa08c006e004
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
According to ST Application note AN5256 [1], the minimum reset pulse
duration should be set to 31ms on boards powered with discrete
regulators.
[1] https://www.st.com/resource/en/application_note/dm00561921.pdf
Change-Id: Ib6ed029ee8a4b95f75a80948fdd2154b4ebe484f
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
We don't use mbox drivers which are implemented in these files for
mcdi, so remove related files from mcdi folder.
TEST=build pass
BUG=b:202871018
Signed-off-by: Rex-BC Chen <rex-bc.chen@mediatek.com>
Change-Id: Idea5ebe5b25f91066ebd653cdcdafe65ca292b0f
For somewhat historical reasons we are doing some initial PMIC regulator
setup in BL31, as U-Boot does not (yet) have a PMIC driver. This worked
fine so far, but there is at least one board (OrangePi 3) that gets upset,
because the Ethernet PHY needs some *coordinated* bringup of *two*
regulators.
To avoid custom hacks, let's introduce a build option to keep doing the
regulator setup in TF-A. Defining SUNXI_SETUP_REGULATORS to 0 will break
support for some devices on some boards in U-Boot (Ethernet and HDMI),
but will allow to bring up the OrangePi 3 in Linux correctly. We keep
the default at 1 to not change the behaviour for all other boards.
After U-Boot gained proper PMIC support at some point in the future, we
will probably change the default to 0, to get rid of the less optimal
PMIC code in TF-A.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: Ie8e2583d0396f6eeaae8ffe6b6190f27db63e2a7
Use regulator framework to get CPU and VDD power supplies.
Change-Id: Ice745fb21ff10e71ef811e747165499c2e19253e
Signed-off-by: Pascal Paillet <p.paillet@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
print_pmic_info_and_debug() prints the PMIC version ID and displays
regulator information if debug is enabled.
It is under DEBUG flag and called after initialize_pmic() in BL2.
Change-Id: Ib81a625740b7ec6abb49cfca05e44c69efaa4718
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
SYSCFG can be initialized later, after console is up, to display the
warnings or messages it could issue.
PMIC should be initialized earlier, before SYSCFG init.
Change-Id: Icc3a1366083a1b1fde7f0e173645449b4c04c49b
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This is mainly a clock interface with clk_ops callbacks.
Those callbacks are: enable, disable, get_rate, set_parent,
and is_enabled.
This framework is compiled for STM32MP1.
Change-Id: I5119a2aeaf103ceaae7a60d9e423caf0c148d794
Signed-off-by: Ludovic Barre <ludovic.barre@st.com>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@st.com>
Currently only UART0 is handled as console device, fix the
code to support UART1 as console also.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: Ifcd3c331cf6ce4afb0074357c92fc4addb9438b6
Currently only UART0 is handled as console device, fix the
code to support UART1 as console also.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I08f69b65b78b967ceb7159f4a467aa5982b1f791
Add MCDI related drivers to handle CPU powered on/off in CPU suspend.
TEST=build pass
BUG=b:202871018
Change-Id: I85aaaf3a0e992a39d17c58f3d9d5ff1b5770f748
Signed-off-by: Garmin.Chang <Garmin.Chang@mediatek.com>
Implement PSCI platform operations to support CPU hotplug and MCDI.
TEST=bringup 8 CPUs successfully on kernel stage.
BUG=b:202871018
Change-Id: Ibd5423b70b3ca3f91edaa48d7ca5bc094e751510
Signed-off-by: Garmin.Chang <Garmin.Chang@mediatek.com>
In mt8186 suspend/resume flow, ATF has to communicate with a subsys by
read/write the subsys registers. However, the register region of subsys
doesn't include in the MMU mapping region. It triggers MMU faults.
This patch extends the MMU region 0 size to cover all mt8186 HW modules.
This patch also remove MMU region 1 because region 0 covers region 1.
TEST=build pass
BUG=b:202871018
Signed-off-by: Rex-BC Chen <rex-bc.chen@mediatek.com>
Change-Id: I520c51338578bd68756cd02603ce6783f93daf51
DCM means dynamic clock management, and it can dynamically
slow down or gate clocks during CPU or bus idle.
1. Add MCUSYS related DCM drivers.
2. Enable MCUSYS related DCM by default.
TEST=build pass
BUG=b:202871018
Signed-off-by: Edward-JW Yang <edward-jw.yang@mediatek.corp-partner.google.com>
Change-Id: Idc669364c89cde0974d2940bd12987ee833d1965
EMI MPU stands for external memory interface memory protect unit.
MT8186 supports 32 regions and 16 domains.
We add basic driver currently, and will add more settings for
EMI MPU in next patch.
TEST=build pass
BUG=b:202871018
Signed-off-by: Penny Jan <penny.jan@mediatek.corp-partner.google.com>
Change-Id: Ia9e5030164e40e060a05e8f91d2ac88258c2e98e
Warnings about header files include order were triggered by CI.
Correct the include order to mathc CI requirements.
Change-Id: Iaca959add924e0e1fa2e56fab2348f0ee36e5fa7
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Cortex X2 erratum 2083908 is a Cat B erratum present in the Cortex
X2 core. It applies to revision r2p0 and is still open.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775100
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Id9dca2b042bf48e75fb3013ab37d1c5925824728
SoC UART1 is internally connected to MCP UART1 so this
cannot be used as AP runtime UART instead we use the
IOFPGA UART0 as the AP runtime UART.
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Change-Id: Iecefb0d2cb875b3ecf97e0983b06f6e914835021
This patch adds support to load nt_fw_config
with the information from plat_info sds
structure which is then passed from BL2 to BL33.
Signed-off-by: sah01 <sahil@arm.com>
Change-Id: I2242da7404c72a4f9c2e3d7f3b5c154890a78526
Different platform_info sds struct definition will be used
for fvp and soc.
Signed-off-by: sahil <sahil@arm.com>
Change-Id: I92f0e1b2d0d755ad0405ceebfeb78d6e4c67013d
This patch adds all SOC and FVP related changes required to boot
a standard TBBR style boot on Morello.
Signed-off-by: sahil <sahil@arm.com>
Change-Id: Ib8f7f326790b13082cbe8db21a980e048e3db88c
Based on the SCC configuration value obtained from the SDS
platform information structure configure DMC-Bing Server or
Client mode after zeroing out the memory.
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Change-Id: I0555fa06c9c1906264848f4e32ca413b4742cdee
For Morello SoC, we use ECC capability for the RDIMMs
which require the entire DDR memory space to be zeroed
out before it can be accessed.
Change-Id: Icbe9916f9a2d3c4ce839d8bf7f867efa18f33e23
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
The same folder "plat/arm/board/morello" is going to be
used by both Morello FVP and Morello SoC platforms.
TARGET_PLATFORM build flag has been introduced to
differentiate between the two platforms
Change-Id: I3e94da372a3f1ba810b4259b85dd4c204306c359
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
There might be several platforms which use the
TARGET_PLATFORM build option to differentiate the code
between the platform variants.
Use of TARGET_PLATFORM in the common code leads to build
failures instead use PLAT build option.
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Change-Id: I9724caf875bd56225e035ecffa8b9ca1a50d3401
Protect the UART instance used for serial boot
with UART used for console.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Change-Id: Ieee1557b34e7baa81594c3fbf0513191737027bf
Use stm32mp_uart_console_setup() in SP_min setup.
Adapt the function stm32mp_uart_console_setup() for BL32 (no reset, add
CONSOLE_FLAG_RUNTIME under DEBUG.
Change-Id: Ib2d35c8d285dafb680aa218872ad679cbf43d0ed
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Use newly created function stm32mp_uart_console_setup().
And remove now useless code.
Change-Id: Ib8d0319d3f4f54309848bc225b58608cea73bad9
Signed-off-by: Yann Gautier <yann.gautier@st.com>
To ease console configuration, a dedicated function is created:
stm32mp_uart_console_setup(). The code will also be common for the
different BLs.
Change-Id: Idf3cad756f125ca2313cf30b1311637a9df8f27f
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add function stm32_get_boot_interface to get the current boot interface
from information saved in the TAMP register.
Change-Id: I23af43c68eeaebe4c45920a57d739117aea3fbb1
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
The function stm32_save_boot_interface()is moved to stm32mp1_private.c
file. The files stm32mp1_context.{c,h} are removed.
As return is always 0, change the function to return void.
Call it earlier, to be able to use it when configuring console.
Change-Id: I8986e1257dc8e8708eab044a51ea1f2426b16597
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Those pins are configured by ROM code, for serial boot use cases.
Their configs are reset if the boot is done on UART, but not on USB.
This should then be done in TF-A. This has to be done after clock
init, and before console is configured.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I29a9694e25fcf1665360dd71f73937f769c43b52
Add set_gpio_reset_cfg() to set a pin in its reset configuration:
analog, no-pull, speed low, and its secure configuration, thanks to
stm32_gpio_is_secure_at_reset().
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I7b73c3636859f97fcc57f81cf68b42efc727922e
Sort the compilation flags in platform.mk when checking and defining
them for C files.
Change-Id: I5a08399c89ede4c0bd8697045706122732205db5
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Thanks to dyn_cfg_dtb_info_get_index(), we can check if TOS_FW_CONFIG
is inside the FIP partition. If not we can skip its treatment when
populating FIP images.
Change-Id: If5623eabd1ba484549d4a908d4a6f43325b36875
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Modify the type of the variable that stores the value for MPIDR
in the internal function from uint64_t to u_register_t.
Signed-off-by: Koichi Yamaguchi <koichi.yamaguchi.zb@hitachi.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Change-Id: Ib5bda93d5432e0412132bddf41ead8ee3fcf9e46
Add new function so that the value of bit at WUPMSKCA57/53,
which points to CPU other than the BOOT CPU, is 1 at initialization.
Modify sequence so that value of each bit for CPU at WUPMSKCA57/53 is
basically 0 and target bit value is changed to 1 only when CPU_OFF.
Signed-off-by: Koichi Yamaguchi <koichi.yamaguchi.zb@hitachi.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Change-Id: Id5dafc04e1dbaf265c8b67b903c335bb1af49914
With new gcc11.2 by default the -mbranch-protection is
set to "standard" which is leading to increase the text
section by 4Kb. As the ZynqMP uses the ARMv8 architecture,
so there is no impact when we disable the branch protection.
These instructions do not provide the branch protection in
architectures before Armv8.3-A.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Change-Id: I36f7a55abf99f50df2ee265255598d83b1f480c6
Implemented a platform function 'plat_mboot_measure_critical_data' to
measure critical data and record its measurement using the Event Log
driver.
'bl2_plat_mboot_finish' function invokes this platform function
immediately after populating the critical data.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ia198295c6e07ab26d436eab1ff90df2cf28303af
It doesn't look correct to use mbed TLS defines directly in the Event
Log driver as this driver may use another Crypto library in future.
Hence mbed TLS Crypto dependency on Event Log driver is removed by
introducing generic Crypto defines and uses those in the Event Log
driver to call Crypto functions.
Also, updated mbed TLS glue layer to map these generic Crypto defines
to mbed TLS library defines.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ibc9c751f60cbce4d3f3cf049b7c53b3d05cc6735
SynQuacer SoC contains a Cortex-M3 System Control Processor(SCP)
which manages system power.
This commit modifies the PSCI system_off handling to call SCMI,
same as other PSCI calls. System power-off is done by turing off
the ATX power supply through GPIO, this operation is transferred
to SCP.
Note that this commit modifies only the SCMI case, obsolete SCPI
implementation is not updated.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Change-Id: I6c1009e67cccd1eb5d14c338c3df9103d63709dd
The GTimer implemented on SynQuacer has similar issue found on Juno
wherein CNTBaseN.CNTFRQ can be written but does not reflect the value
of the CNTFRQ register in CNTCTLBase frame. This doesn't follow ARM ARM
in that the value updated in CNTCTLBase.CNTFRQ is not reflected
in CNTBaseN.CNTFRQ.
Hence enable the workaround (applied to Juno) for SynQuacer that updates
the CNTFRQ register in the Non Secure CNTBaseN frame.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Change-Id: I5204fb57f28c0945812814f008c4905ef0882e2b
Handle boot from UART with STM32CubeProgammer based on mmap io
for STM32MP15.
Depends-On: Iba84e8dfd67b9f30416efb0f6778e48ba1f75dad
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Change-Id: Ibd719dd46a11da78633728675ef6639635b6cf67
Add a file to support the STMicroelectronics tool STM32CubeProgrammer
over UART in BL2 for STM32MP15x platform.
This tools is based on protocol defined in AN5275,
"USB DFU/USART protocols used in STM32MP1 Series bootloaders"
based on STM32 MCU protocols (AN3155, "USART protocol used
in the STM32 bootloader").
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Change-Id: I956c95d8de0a94d1eb8e61f043651dae7b838170
