Move codes that previously were part of system_manager driver into
firewall driver which are more appropriate based on their functionalities.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I35e9d792f35ee7491c2f306781417a0c8faae3fd
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Refactor NOC header to be shareable across both Stratix 10 and Agilex
platforms. This patch also removes redundant NOC declarations in system
manager header file.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I6348b67a8b54c2ad19327d6b8c25ae37d25e4b4a
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
In order to modularize software libraries and platform drivers,
we create makefile helpers to treat a folder as a basic compile
unit.
Each module has a build rule (rules.mk) to describe driver and software
library source codes to be built in.
Signed-off-by: Leon Chen <leon.chen@mediatek.com>
Change-Id: Ib2113b259dc97937b7295b265509025b43b14077
Currently, HW-config is loaded into non-secure memory, which mean
a malicious NS-agent could tamper with it. Ideally, this shouldn't
be an issue since no software runs in non-secure world at this time
(non-secure world has not been started yet).
It does not provide a guarantee though since malicious external
NS-agents can take control of this memory region for update/corruption
after BL2 loads it and before BL31/BL32/SP_MIN consumes it. The threat
is mapped to Threat ID#3 (Bypass authentication scenario) in threat
model [1].
Hence modified the code as below -
1. BL2 loads the HW_CONFIG into secure memory
2. BL2 makes a copy of the HW_CONFIG in the non-secure memory at an
address provided by the newly added property(ns-load-address) in
the 'hw-config' node of the FW_CONFIG
3. SP_MIN receives the FW_CONFIG address from BL2 via arg1 so that
it can retrieve details (address and size) of HW_CONFIG from
FW_CONFIG
4. A secure and non-secure HW_CONFIG address will eventually be used
by BL31/SP_MIN/BL32 and BL33 components respectively
5. BL31/SP_MIN dynamically maps the Secure HW_CONFIG region and reads
information from it to local variables (structures) and then
unmaps it
6. Reduce HW_CONFIG maximum size from 16MB to 1MB; it appears
sufficient, and it will also create a free space for any future
components to be added to memory
[1]: https://trustedfirmware-a.readthedocs.io/en/latest/threat_model/threat_model.html
Change-Id: I1d431f3e640ded60616604b1c33aa638b9a1e55e
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Not all K3 platforms support low power mode, so to allow these
features to be included for platforms that do in build and
therefore reported in the PSCI caps, define K3_PM_SYSTEM_SUSPEND
flag that can be set during build that will cause appropriate
space and functionality to be included in build for system
suspend support.
Change-Id: I821fbbd5232d91de6c40f63254b855e285d9b3e8
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Increase the lite platform SEC_SRAM_SIZE to 128k to allow space
for GIC context.
Change-Id: I6414309757ce9a9b7b3a9233a401312bfc459a3b
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Add necessary K3 PSCI handlers to enable system suspend to be reported
in the PSCI capabilities when asked during OS boot.
Additionally, have the handlers provide information that all domains
should be off and also have the power domain suspend handler invoke the
TISCI_MSG_ENTER_SLEEP message to enter system suspend.
Change-Id: I351a16167770e9909e8ca525ee0d74fa93331194
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
Add functions to save and restore GICv3 redist and dist contexts during
low power mode and then call these during the suspend entry and finish
psci handlers.
Change-Id: I26c2c0f3b7fc925de3b349499fa42d2405441577
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
This TISCI API must be used to trigger entry into system suspend, and
this is done through the use of TI_SCI_MSG_ENTER_SLEEP. Introduce a
method to send this message.
Change-Id: Id7af5fb2a34623ad69e76764f389ff4d8d259fba
Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
* changes:
fix(versal): fix coverity scan warnings
feat(versal): get version for ATF related EEMI APIs
feat(versal): enhance PM_IOCTL EEMI API to support additional arg
feat(versal): add common interfaces to handle EEMI commands
The patch does below things.
1. As per current implementation, when Linux send a request to ATF to
get the version of APIs which are implemented in ATF then ATF wasn't
returning any version because there is a check for LIBPM module id.
The ATF is used to return version for the APIs which are implemented
in the firmware only.
Hence moved this switch-case before checking module id to get ATF
version.
Also, no need to pass Linux request to the firmware for the APIs
which are implemented in ATF instead return success after updating
version.
2. As per current implementation, higher 16-bit is used for ATF
version and lower 16-bit is used for firmware version. Now, removed
16-bit shift operation and send complete word i.e. 32-bit to Linux
user as there is no user who checks ATF version.
3. Add bit mask support in the feature check PM EEMI API for QUERY and
IOCTL ids.
Change-Id: Icdca3de6659f3b673b81a423ed79a3c20b678768
Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Signed-off-by: Tanmay Shah <tanmay.shah@xilinx.com>
Currently, SMC handler is limited to parsing 5 arguments (1 API ID + 4
32-bit command args). Extend this handling to support one more 32-bit
command argument which is necessary to support new IOCTL IDs for
secure read/write interface.
Note that, this change is completely transparent and does not affect
existing functionality of any of the EEMI APIs.
Change-Id: I72016620eeeaf598f14853512120bfb30bb9a3e9
Signed-off-by: Izhar Ameer Shaikh <izhar.ameer.shaikh@xilinx.com>
Signed-off-by: Tanmay Shah <tanmay.shah@xilinx.com>
This change adds common interfaces to handle commands from firmware driver
to power management controller. It removes big chunk of source line of code
that was handling each command separately and doing same repetitive work.
EEMI - Embedded Energy Management Interface is Xilinx proprietary
protocol to allow communication between power management controller
and different processing clusters.
As of now, Each EEMI command has its own implementation in TF-A.
This is redundant. Essentially most EEMI command implementation
in TF-A does same work. It prepares payload received from kernel, sends
payload to firmware, receives response from firmware and send response
back to kernel.
The same functionality can be achieved if common interface is used among
multiple EEMI commands. This change divides platform management related
SMCCC requests into 4 categories.
1) EEMI commands required for backward compatibility.
Some EEMI commands are still required for backward compatibility
until removed completely or its use is changed to accommodate
common interface
2) EEMI commands that require for PSCI interface and accessed from debugfs
For example EEMI calls related to CPU suspend/resume
3) TF-A specific requests
Functionality such as getting TF-A version and getting callback
data for platform management is handled by this interface
4) Common interface for rest of EEMI commands
This handlers performs payload and firmware response transaction job for
rest of EEMI commands. Also it parses module ID from SMC payload and inserts
in IPI request. If not module ID is found, then default is LIBPM_MODULE_ID.
This helps in making common path in TF-A for all the modules in PLM firmware
Change-Id: I57a2787c7fff9f2e1d1f9003b3daab092632d57e
Signed-off-by: Tanmay Shah <tanmay.shah@xilinx.com>
When using SCPI as the PSCI backend, firmware can wake up the CPUs and
cluster from sleep, so CPU idle states are available for the rich OS to
use. In that case, advertise them to the rich OS via the DTB.
Change-Id: I718ef6ef41212fe5213b11b4799613adbbe6e0eb
Signed-off-by: Samuel Holland <samuel@sholland.org>
Use the encoding recommended by the PSCI specification: four bits for
the power state at each power level.
SCPI provides no way to handshake an exit from a standby state, so the
only possible standby state is the architectural WFI state. Since WFI
can be used outside of PSCI, we do not allow passing in standby states.
Change-Id: I4b3b84e5c255ee58a25255a0cab5d7623425086e
Signed-off-by: Samuel Holland <samuel@sholland.org>
Aligning the PSCI and SCPI power states avoids some code to translate
between the two. This also makes room for an intermediate power state,
for future firmware capability growth.
Change-Id: I26691085f277a96bd405e3305ab0fe390a92b418
Signed-off-by: Samuel Holland <samuel@sholland.org>
Currently, if any step of the DTB patching process fails, the whole
process is aborted. However, this causes some problems:
- If any step modifies the DTB (including fdt_open_into), the dcache
must still be cleaned, even if some later step fails.
- The DTB may need changes in multiple places; if one patch fails (for
example due to missing nodes), we should still apply other patches.
- Similarly, if some patch fails, we should still run fdt_pack to
clean up after ourselves.
Change-Id: If1af2e58e5a7edaf542354bb8a261dd1c3da1ad0
Signed-off-by: Samuel Holland <samuel@sholland.org>
Idle states are advertised to the rich OS by declaring them in the DTB.
Since the availability of idle states depends on which PSCI
implementation was chosen, the DTB must be updated after PSCI setup.
Move this operation to bl31_plat_runtime_setup, the platform hook
which happens at the right time. Defining this hook overrides the weak
definition from plat/common, so copy over the code from there, too.
Change-Id: I42a83edb9cb28e1803d17dc2d73dbc879d885222
Signed-off-by: Samuel Holland <samuel@sholland.org>
So far the H616 was the only Allwinner SoC needed to amend the DTB, to
reserve the DRAM portion that BL31 occupies.
To allow other SoCs to modify the DTB as well, without duplicating code,
move the DTB change routines into Allwinner common code, and generalise
the current code to allow other modifications.
No functional change intended.
Change-Id: I080ea07b6470367f3c2573a4368f8ef5196d411c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Samuel Holland <samuel@sholland.org>
Depending on the shell used, the grep command can fail, leading to
a wrong dtc version detection. Correct that by adding quotes.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I329ec929559c94bf1bf99b127662c9d978e067cf
* changes:
refactor(stm32mp1-fdts): remove nvmem_layout node
refactor(stm32mp1): drop the "st,stm32-nvmem-layout" node
refactor(st): remove useless includes
The current implementation uses plat_arm API under generic code.
"plat_arm" API is a convention used with Arm common platform layer
and is reserved for that purpose. In addition, the function has a
weak definition which is not encouraged in TF-A.
Henceforth, removing the weak API with a configurable macro "TWED_DELAY"
of numeric data type in generic code and simplifying the implementation.
By default "TWED_DELAY" is defined to zero, and the delay value need to
be explicitly set by the platforms during buildtime.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I25cd6f628e863dc40415ced3a82d0662fdf2d75a
As part of the RFC:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/13651,
this patch adds the 'cm_prepare_el3_exit_ns' function. The function is
a wrapper to 'cm_prepare_el3_exit' function for Non-secure state.
When EL2 sysregs context exists (CTX_INCLUDE_EL2_REGS is
enabled) EL1 and EL2 sysreg values are restored from the context
instead of directly updating the registers.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I9b071030576bb05500d54090e2a03b3f125d1653
Used MBEDTLS_CONFIG_FILE macro for including mbedTLS
configuration.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I374b59a31df3ab1e69481b2c37a6f7455a106b6e
The reported function raises a error when compilers assert the flag
`-Warray-parameter=`, signaling that an array-type argument was promoted
to a pointer-type argument. We observed this behaviour with the gcc 11.2
version.
plat/xilinx/common/pm_service/pm_ipi.c:263:34: error: argument 1 of type 'uint32_t *'
{aka 'unsigned int *'} declared as a pointer [-Werror=array-parameter=]
263 | uint32_t calculate_crc(uint32_t *payload, uint32_t bufsize)
| ~~~~~~~~~~^~~~~~~
In file included from plat/xilinx/common/pm_service/pm_ipi.c:16:
plat/xilinx/common/include/pm_ipi.h:30:33: note: previously declared as an array 'uint32_t[8]'
{aka 'unsigned int[8]'}
30 | uint32_t calculate_crc(uint32_t payload[PAYLOAD_ARG_CNT], uint32_t buffersize);
| ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~
cc1.real: all warnings being treated as errors
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I7329f2e76ee0ca5faba71eb50babd20a796fee64
In some implementations of dtc tool (e.g. with yocto), there can be a 'v'
at the beginning of the version, and a '+' at the end. Just keep numbers
then, with a grep -o.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I180e97ab75ba3e5ceacb4b1961a1f22788b428a3
HSD #1509626040:
This patch is to add the flexibility for BL2 and BL31
to choose different UART output port at platform_def.h
using parameter PLAT_INTEL_UART_BASE
This patch also fixing the plat_helpers.S where the
UART BASE is hardcoded to PLAT_UART0_BASE. It is then
switched to CRASH_CONSOLE_BASE.
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Change-Id: Iccfa7ec64e4955b531905778be4da803045d3c8f
HSD #16014059592:
Add support for ROM Patch SHA384 mailbox SMC call.
Signed-off-by: Kris Chaplin <kris.chaplin@linux.intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ide9a7af41a089980745cb7216a9bf85e7fbd84e3
There are plans to contribute a generic MHU driver to the TF-A code
base in the short term.
In preparation for this, rename the Corstone-700 MHU driver source
files and prefix them with the name of the platform to avoid any
ambiguity or name clashes with the upcoming generic MHU driver. Also
rename the header guard accordingly.
This renaming is inline with other platform-specific MHU drivers, such
as the ones used on Broadcom [1], Socionext [2] or Amlogic [3] platforms.
[1] plat/brcm/common/brcm_mhu.h
[2] plat/socionext/synquacer/drivers/mhu/sq_mhu.h
[3] plat/amlogic/common/aml_mhu.c
Change-Id: I8a5e5b16e7c19bf931a90422dfca8f6a2a0663b4
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
If we reboot 3 times in trial mode, BL2 will select previous boot image.
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Change-Id: I82b423cc84f0471fdb6fa7c393fc5fe411d25c06
Change the backup register used to store FWU parameters from 21 to 10.
This is chosen to have a Read/Write secure and Read non-secure register.
The mapping is also changed: only the first 4 bits will be used to store
the FWU index. The 4 next bits will be used to store count info. The
other bits are reserved.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Change-Id: I9249768287ec5688ba2d8711ce04d429763543d7
Simplify the DT parsing by removing the parsing of the nvmem layout node
with "st,stm32-nvmem-layout" compatible.
The expected OTP NAME can directly be found in a sub-node named
NAME@ADDRESS of the BSEC node, the NVMEM provider node.
This patch also removes this specific binding introduced for TF-A.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: Ic703385fad1bec5bef1cee583fbe9fbbf6aea216
The stm32mp_dt.c file does not need anything from DDR header files.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ibfe23204d68ee2e863cd2eda3d725baa830b729a
Add a dummy realm attestation key to RMMD, and return it on request.
The realm attestation key is requested with an SMC with the following
parameters:
* Fid (0xC400001B2).
* Attestation key buffer PA (the realm attestation key is copied
at this address by the monitor).
* Attestation key buffer length as input and size of realm
attesation key as output.
* Type of elliptic curve.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I12d8d98fd221f4638ef225c9383374ddf6e65eac
Add QDS support for ls1088a.
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: York Sun <york.sun@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I6c7a7a23fa6b9ba01c011a7e6237f8063d45e261
The LS1088A reference design board provides a comprehensive platform
that enables design and evaluation of the product (LS1088A processor).
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: York Sun <york.sun@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: If4ca24fcee7a4c2c514303853955f1b00298c0e5
LS1088A is a cost-effective, powerefficient, and highly integrated
SoC device featuring eight extremely power-efficient 64-bit ARM
Cortex-A53 cores with ECC-protected L1 and L2 cache memories for
high reliability, running up to 1.6 GHz.
This patch is to add ls1088a SoC support in TF-A.
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: rocket <rod.dorris@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Id9ebcdad1beab07ea81a41955edd4f471d6cf090
Refine the code to be compatible with new CCN504 which is used
by ls2088a.
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I2e2b3bbb9392862b04bf8a89dfb9575bf4be974a
Support CHASSIS 3.0(such as SoC LS1088A).
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I60843bc4d604f0de1d91c6d3ad5eb4921cdcc91a
Add base address definiton for Chassis 3 platforms.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I6041b93c9e9bb49af60743bd277ac7cc6f1b9da8
Set the receiver gain to max value to recover
cold temp marginality issue for phy-gen2
Signed-off-by: Pankit Garg <pankit.garg@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: If639fa3ed404cf6e1b8abcc2b7137db1fdd0b2c2
Fix build issue of mmap_add_ddr_region_dynamically():
ls_bl2_el3_setup.c:(.text.bl2_plat_preload_setup+0x28): undefined
reference to mmap_add_ddr_region_dynamically
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I74a8b4c2337fc0646d6acb16ce61755c5efbdf38
Add a dummy platform token to RMMD and return it on request. The
platform token is requested with an SMC with the following parameters:
* Fid (0xC40001B3).
* Platform token PA (the platform token is copied at this address by
the monitor). The challenge object needs to be passed by
the caller in this buffer.
* Platform token len.
* Challenge object len.
When calling the SMC, the platform token buffer received by EL3 contains
the challenge object. It is not used on the FVP and is only printed to
the log.
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: I8b2f1d54426c04e76d7a3baa6b0fbc40b0116348
* changes:
feat(stm32mp1): select platform compilation either by flag or DT
feat(stm32mp1-fdts): add support for STM32MP13 DK board
feat(stm32mp1-fdts): add DDR support for STM32MP13
feat(stm32mp1-fdts): add st-io_policies node for STM32MP13
feat(stm32mp1): updates for STM32MP13 device tree compilation
feat(stm32mp1-fdts): add DT files for STM32MP13
feat(dt-bindings): add TZC400 bindings for STM32MP13
feat(stm32mp1): add "Boot mode" management for STM32MP13
feat(stm32mp1): manage HSLV on STM32MP13
feat(stm32mp1): add sdmmc compatible in platform define
feat(st-sdmmc2): allow compatible to be defined in platform code
feat(stm32mp1): update IO compensation on STM32MP13
feat(stm32mp1): call pmic_voltages_init() in platform init
feat(st-pmic): add pmic_voltages_init() function
feat(stm32mp1): update CFG0 OTP for STM32MP13
feat(stm32mp1): usb descriptor update for STM32MP13
feat(st-clock): add clock driver for STM32MP13
feat(dt-bindings): add bindings for STM32MP13
feat(stm32mp1): get CPU info from SYSCFG on STM32MP13
feat(stm32mp1): use only one filter for TZC400 on STM32MP13
feat(stm32mp1): add a second fixed regulator
feat(stm32mp1): adaptations for STM32MP13 image header
feat(stm32mp1): update boot API for header v2.0
feat(stm32mp1): update IP addresses for STM32MP13
feat(stm32mp1): add part numbers for STM32MP13
feat(stm32mp1): chip rev. Z is 0x1001 on STM32MP13
feat(stm32mp1): update BACKUP_BOOT_MODE for STM32MP13
feat(stm32mp1): stm32mp_is_single_core() for STM32MP13
feat(stm32mp1): remove unsupported features on STM32MP13
feat(stm32mp1): update memory mapping for STM32MP13
feat(stm32mp1): introduce new flag for STM32MP13
feat(st): update stm32image tool for header v2
To choose either STM32MP13 or STM32MP15, one of the two flags can be
set to 1 in the make command line. Or the platform selection can be
done with device tree name, if it begins with stm32mp13 or stm32mp15.
Change-Id: I72f42665c105b71a84b4952ef3fcd6c06ae4598c
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add dedicated device tree files for STM32MP13.
Add new DDR compatible for STM32MP13x.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Change-Id: Ib1bb9ad8cb2ab9f5f81549635d6604093aeb99d3
Add new APIs to enter and exit "boot mode".
In this mode a potential tamper won't block access or reset
the secure IPs needed while boot, without this mode a dead
lock may occurs.
Change-Id: Iad60d4a0420ec125b842a285f73a20eb54cd1828
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
On STM32MP13, the high speed mode for pads in low voltage is different
from STM32MP15. Each peripheral supporting the feature has its own
register.
Special care is taken for SDMMC peripherals. The HSLV mode is enabled
only if the max voltage for the pads is lower or equal to 1.8V.
Change-Id: Id94d2cca17dd4aca4d764230a643b2bb9a5f3342
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add DT_SDMMC2_COMPAT define in stm32mp1_def.h file in platform.
It allows the use of the compatible in platform code.
Change-Id: I535ad67dd133bab59cf81881adaef42d8e88632c
Signed-off-by: Yann Gautier <yann.gautier@st.com>
On STM32MP13, two new SD1 and SD2 IO compensations cells are added,
for SDMMC1 and SDMMC2. They have to be managed the same way as the
main compensation cell.
Change-Id: Ib7aa648d65fc98e1613bfb46b0e7dd568fd21002
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The nominal voltage for VDDCPU when Cortex-A7 runs at 650MHz is 1.25V
on STM32MP13. VDDCORE should be set at 1.25V as well.
This is necessary, as the PMIC values in its NVMEM are 1.2V.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I3c24fe4cd68c7bf143cf9318ab38a15d6d41b5d2
This field is now declared on the 10 LSB bits on STM32MP13.
Several possible values are specified in the Reference Manual, and
indicate an open or closed device. Other values lead to a system panic.
Change-Id: I697124a21db66a56e7e223d601aa7cf44bb183c4
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Update USB and DFU descriptor used for STM32MP13x
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Change-Id: I6e8111d279f49400a72baa12ff39f140d97e1c70
Add new clock driver for STM32MP13. Split the include file to manage
either STM32MP13 or STM32MP15.
Change-Id: Ia568cd12b1d5538809204f0fd2224d51e5d1e985
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@st.com>
The IDC register from DBGMCU is duplicated in SYSCFG. As SYSCFG is
always accessible, get chip ID and revision ID from there on STM32MP13.
Change-Id: Ib0b6e8f68a2934a45ec0012f69db6c12a60adb17
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The ERXCTLR_EL1 register reads are RES0 for some error records
leading to a false assert on a read back.
This patch removes the assert on reading back the ERXCTLR_EL1
register to fix this issue.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I0cab30b12656a800ba87b8bb94b4c67a2331dee6
On STM32MP13, there is only 1 DDR port, hence only 1 TZC400 filter.
Change-Id: I4f6750022cdaf658cd209a4bf48a6cdb0717020e
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Increase the fixed regulator number that needs to be
2 for STM32MP13.
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Change-Id: Ica990fe9a6494b76aed763d2d353f5234fed7cea
The header must now include by default at least an extra padding
header, increasing the size of the header to 512 bytes (0x200).
This header will be placed at the end of SRAM3 by BootROM, letting
the whole SYSRAM to TF-A.
The boot context is now placed in SRAM2, hence this memory has to be
mapped in BL2 MMU. This mapping is done for all SRAMs in a 2MB area.
Change-Id: I50fcd43ecd0ba2076292b057566efe6809b9971a
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add the new field for the new header v2.0.
Force MP13 platform to use v2.0.
Removing unused fields in boot_api_context_t for STM32MP13.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: Iac81aad9a939c1f305184e335e0a907ac69071df
Add the IP addresses that are STM32MP13 and update the ones for
which the base address has changed.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Iea71a491da36f721bfd3fbfb010177e2a6a57281
Add the new part numbers and adapt the functions that use them.
There is no package number in OTP as they all share the same GPIO
banks.
This part is then stubbed for STM32MP13.
Change-Id: I13414326b140119aece662bf8d82b387dece0dcc
Signed-off-by: Yann Gautier <yann.gautier@st.com>
On STM32MP13, the chip revision Z is 0x1001, contrary to STM32MP15,
for which it was 0x2001.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: If65482e824b169282abb5e26ca91e16ef7640b52
The backup register used on STM32MP15 to save the boot interface for
the next boot stage was 20. It is now saved in backup register 30
on STM32MP13.
Change-Id: Ibd051ff2eca7202184fa428ed57ecd4ae7388bd8
Signed-off-by: Yann Gautier <yann.gautier@st.com>
STM32MP13 is a single Cortex-A7 CPU, always return true in
stm32mp_is_single_core() function.
Change-Id: Icf36eaa887bdf314137eda07c5751cea8c950143
Signed-off-by: Yann Gautier <yann.gautier@st.com>
* GPIO: On STM32MP13, there are no banks GPIOJ, GPIOK and GPIOZ.
* STM32MP13 is a single Cortex-A7 CPU: remove reset from MPU1
and reset from MCU traces
* There is no MCU on STM32MP13. Put MCU security management
under STM32MP15 flag.
* The authentication feature is not supported yet on STM32MP13,
put the code under SPM32MP15 flag.
* On STM32MP13, the monotonic counter is managed in ROM code, keep
the monotonic counter update just for STM32MP15.
* SYSCFG: put registers not present on STM32MP13 under STM32MP15
flag, as the code that manages them.
* PMIC: use ldo3 during DDR configuration only for STM32MP15
* Reset UART pins on USB boot is no more required.
Change-Id: Iceba59484a9bb02828fe7e99f3ecafe69c837bc7
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@st.com>
SYSRAM is only 128KB and starts at 0x2FFE0000.
SRAMs are added.
BL2 code and DTB sizes are also reduced to fit in 128KB.
Change-Id: I25da99ef5c08f8008ff00d38248d61b6045adad4
Signed-off-by: Yann Gautier <yann.gautier@st.com>
STM32MP13 is a variant of STM32MP1, with a single Cortex-A7, and no
Cortex-M4.
There is only one DDR port.
SP_min is not supported, only OP-TEE can be used as monitor.
STM32MP13 uses the header v2.0 format for stm32image generation
for BL2.
Change-Id: Ie5b0e3230c5e064fe96f3561fc5b3208914dea53
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The stm32image tool is updated to manage new header v2.0 for BL2
images.
Add new structure for the header v2.0 management.
Adapt to keep compatibility with v1.0.
Add the header version major and minor in the command line
when executing the tool, as well as binary type (0x10 for BL2).
Change-Id: I70c187e8e7e95b57ab7cfad63df314307a78f1d6
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
This patch applies CVE-2022-23960 workarounds for Cortex-A75,
Cortex-A73, Cortex-A72 & Cortex-A57. This patch also implements
the new SMCCC_ARCH_WORKAROUND_3 and enables necessary discovery
hooks for Coxtex-A72, Cortex-A57, Cortex-A73 and Cortex-A75 to
enable discovery of this SMC via SMC_FEATURES. SMCCC_ARCH_WORKAROUND_3
is implemented for A57/A72 because some revisions are affected by both
CVE-2022-23960 and CVE-2017-5715 and this allows callers to replace
SMCCC_ARCH_WORKAROUND_1 calls with SMCCC_ARCH_WORKAROUND_3. For details
of SMCCC_ARCH_WORKAROUND_3, please refer SMCCCv1.4 specification.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ifa6d9c7baa6764924638efe3c70468f98d60ed7c
Update WA for Errata A-050426 as Commands for
PEX (PEX1..PEX6) , lnx1_e1000#0, lnx1_xfi and
lnx2_xfi has been moved to PBI phase.
This patch requires RCW to include PBI commands
to write commands in BIST mode for PEX, lnx1_e1000,
lnx1_xfi and lnx2_xfi IP blocks.
Signed-off-by: Wasim Khan <wasim.khan@nxp.com>
Change-Id: I27c2b055c82c0b58df83449f9082bfbfdeb65115
In anticipation of Spectre BHB workaround mitigation patches, we
disable the RECLAIM_INIT_CODE for FVP platform. Since the spectre
BHB mitigation workarounds inevitably increase the size of the various
segments due to additional instructions and/or macros, these segments
cannot be fit in the existing memory layout designated for BL31 image.
The issue is specifically seen in complex build configs for FVP
platform. One such config has TBB with Dual CoT and test secure
payload dispatcher(TSPD) enabled. Even a small increase in individual
segment size in order of few bytes might lead to build fails due to
alignment requirements(PAGE_ALIGN to 4KB).
This is needed to workaround the following build failures observed
across multiple build configs:
aarch64-none-elf-ld.bfd: BL31 init has exceeded progbits limit.
aarch64-none-elf-ld.bfd: /work/workspace/workspace/tf-worker_ws_2/trusted_firmware/build/fvp/debug/bl31/bl31.elf section coherent_ram will not fit in region RAM
aarch64-none-elf-ld.bfd: BL31 image has exceeded its limit.
aarch64-none-elf-ld.bfd: region RAM overflowed by 4096 bytes
Change-Id: Idfab539e9a40f4346ee11eea1e618c97e93e19a1
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Pass NS-load address as ~0UL to the 'set_config_info' function while
updating FW_CONFIG device tree information since it is always loaded
into secure memory.
Change-Id: Ieeaf9c97085128d7b7339d34495bdd58cd9fcf8a
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Pass NS-load address as ~0UL to the 'set_config_info' function while
updating FW_CONFIG device tree information since it is always loaded
into secure memory.
Change-Id: I64e8531e0ad5cda63f14d838efb9da9cf20beea8
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Pass NS-load address as ~0UL to the 'set_config_info' function while
updating FW_CONFIG device tree information since it is always loaded
into secure memory.
Change-Id: Ia33adfa9e7b0392f62056053a2df7db321a74e22
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This allows TF-A's a3700_system_reset() function to try Warm reset
method when CM3 reset method is not implemented by WTMI firmware.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I7303197373e1a8ca5a44ba0b1e90b48855d6c0c3
* changes:
Revert "feat(sgi): deviate from arm css common uart related defi..."
Revert "feat(sgi): route TF-A logs via secure uart"
Revert "feat(sgi): add page table translation entry for secure uart"
Revert submission 14286-uart_segregation
Reason for revert: Need to wait for companion patches in CI and UEFI/Linux to be upstreamed.
Reverted Changes:
I8574b31d5:feat(sgi): add page table translation entry for se...
I8896ae05e:feat(sgi): route TF-A logs via secure uart
I39170848e:feat(sgi): deviate from arm css common uart relate...
Change-Id: I28a370dd8b3a37087da621460eccc1acd7a30287
Revert submission 14286-uart_segregation
Reason for revert: Need to wait for companion patches in CI and UEFI/Linux to be upstreamed.
Reverted Changes:
I8574b31d5:feat(sgi): add page table translation entry for se...
I8896ae05e:feat(sgi): route TF-A logs via secure uart
I39170848e:feat(sgi): deviate from arm css common uart relate...
Change-Id: I7c488aed9fcb70c55686d705431b3fe017b8927d
Revert submission 14286-uart_segregation
Reason for revert: Need to wait for companion patches in CI and UEFI/Linux to be upstreamed.
Reverted Changes:
I8574b31d5:feat(sgi): add page table translation entry for se...
I8896ae05e:feat(sgi): route TF-A logs via secure uart
I39170848e:feat(sgi): deviate from arm css common uart relate...
Change-Id: I9bec02496f826e184c6efa643f869b2eb3b52539
DFD (Design for Debug) is a debugging tool, which scans flip-flops and
dumps to internal RAM on the WDT reset. After system reboots, those
values could be showed for debugging.
BUG=b:222217317
TEST=build pass
Signed-off-by: Rex-BC Chen <rex-bc.chen@mediatek.com>
Change-Id: I659ea1e0789cf135a71a13b752edaa35123e0941
When trying to boot from an SD card with STM32MP_EMMC_BOOT enabled,
booting fails with:
ERROR: Got unexpected value for active boot partition, 0
ASSERT: plat/st/common/bl2_stm32_io_storage.c:285
because SD cards don't provide a boot partition. So only try reading
from such a partition when booting from eMMC.
Fixes: 214c8a8d08 ("feat(plat/st): add STM32MP_EMMC_BOOT option")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Change-Id: I354b737a3ae3ea577e83dfeb7096df22275d852d
* changes:
feat(sgi): add page table translation entry for secure uart
feat(sgi): route TF-A logs via secure uart
feat(sgi): deviate from arm css common uart related definitions
Updated makefile so that build can accept absolute mbedTLS path.
Change-Id: Ife73266a01d7ed938aafc5e370240023237ebf61
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Updating call order for arm_console_boot_init() and arm_bl31_early_platform_setup().
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: If932fff2ee4282a0aacf8751fa81e7665b886467
Patch [1] introduces a mechanism to provide the platform
specified mbedTLS config file, but that result in build failure
for Broadcom platform.
This build failure is due to the absence of the mbedTLS configuration
file i.e. brcm_mbedtls_config.h in the TF-A source code repository.
"fatal error: brcm_mbedtls_config.h: No such file or directory"
This problem was resolved by removing the 'brcm_mbedtls_config.h' entry
from the broadcom platform makefile, allowing this platform to use
the default mbedtls_config.h file.
[1]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/13726
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I7cc2efc049aefd3ebce1ae513df9b265fe31ded6
Add page table translation entry for secure uart so that logs from
secure partition can be routed via the same.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I8574b31d5d138d9f94972deb903124f8c5b70ce4
Route the boot, runtime and crash stage logs via secure UART port
instead of the existing use of non-secure UART. This aligns with the
security state the PE is in when logs are put out. In addition to this,
this allows consolidation of the UART related macros across all the
variants of the Neoverse reference design platforms.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I8896ae05eaedf06dead520659375af0329f31015
The Neoverse reference design platforms will migrate to use different
set of secure and non-secure UART ports. This implies that the board
specific macros defined in the common Arm platform code will no longer
be usable for Neoverse reference design platforms.
In preparation for migrating to a different set of UART ports, add a
Neoverse reference design platform specific copy of the board
definitions. The value of these definitions will be changed in
subsequent patches.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I39170848ecd81a7c1bbd3689bd905e45f9435f5c
* changes:
build(intel): enable access to on-chip ram in BL31 for N5X
fix(intel): make FPGA memory configurations platform specific
fix(intel): fix ECC Double Bit Error handling
build(intel): define a macro for SIMICS build
build(intel): add N5X as a new Intel platform
build(intel): initial commit for crypto driver
Remove reserved range for platform provider owned SPs if the dual root
CoT is disabled and allow SPs to populate the range up to MAX_SP_IDS.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: Ib4ec18f6530d2515ada21d2c0c388d55aa479d26
Following I2d274fa897171807e39b0ce9c8a28824ff424534:
Remove GICD registers S2 mapping from OP-TEE partition when it runs in a
secure partition on top of Hafnium.
The partition is not meant to access the GIC directly but use the
Hafnium provided interfaces.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I1a38101f6ae9911662828734a3c9572642123f32
Fix coding style violations and alignments:
- Remove additional newlines in headers
- Remove additional newlines in code
- Add newline to separate variable from the code
- Use the same indentation in platform.mk
- Align function parameters
- Use tabs for indentation in kernel-doc format
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Change-Id: I0b12804ff63bc19778e8f21041f9accba5b488b9
This adds the ncore ccu access and enable access to the
on-chip ram for N5X device in BL31.
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I713f6e93d33b6e91705547477ca32cfba5c8c13d
Define FPGA_CONFIG_SIZE and FPGA_CONFIG_ADDR in
platform-specific header. This is due to different
allocated sizes between platforms.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Iac4fbf4d4940cdf31834a9d4332f9292870dee76
SError and Abort are handled in Linux (EL1) instead of
EL3. This patch adds some functionality that complements the
use cases by Linux as follows:
- Provide SMC for ECC DBE notification to EL3
- Determine type of reset needed and service the request in
place of Linux
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I43d02c77f28004a31770be53599a5a42de412211
SIMICS builds have different UART configurations compared
to hardware build. Hence, this patch defines a macro to
differentiate between both.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Iadecd5445e06611486ac3c6a214a6d0dc8ccd27b
This commit adds a new Intel platform called N5X.
This preliminary patch only have Bl31 support.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ib31f9c4a5a0dabdce81c1d5b0d4776188add7195
This patch adds driver for Intel FPGA's Crypto Services.
These services are provided by Intel platform
Secure Device Manager(SDM) and are made accessible by
processor components (ie ATF).
Below is the list of enabled features:
- Send SDM certificates
- Efuse provision data dump
- Encryption/decryption service
- Hardware IP random number generator
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: If7604cd1cacf27a38a9a29ec6b85b07385e1ea26
* changes:
fix(zynqmp): query node status to power up APU
feat(zynqmp): pm_api_clock_get_num_clocks cleanup
feat(zynqmp): add feature check support
fix(zynqmp): use common interface for eemi apis
feat(zynqmp): add support to get info of xilfpga
feat(zynqmp): pass ioctl calls to firmware
When the atf-handoff-params are updated we are returning
FSBL_HANDOFF_SUCCESS, but the return condition is wrongly
updated and added a error log which is incorrect.
Fixing the incorrect log message.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I44ebbb861831b86afcb87f09ddb2e23614393c28
Add the possibility to configure console UART baudrate, it can be passed
as a command line parameter with STM32MP_UART_BAUDRATE. The default value
remains 115200.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I000df70c10b2b4dac1449556596f9820c36cf243
If APU is in suspending state and if wakeup request comes then
PMUFW returns error which is not handled at ATF side.
To fix this, get the APU node status before calling wakeup and
return error if found in suspending state.
Here, we can not handle the error code of pm_req_wakeup() from PMUFW
because ATF is already calling pm_client_wakeup() before calling
pm_req_wakeup().
Signed-off-by: Ravi Patel <ravi.patel@xilinx.com>
Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Change-Id: I18d47384e46e22ae49e804093ad0641b7a6349e2
There is no reason to have even one additional useless line that's why
remove it.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Change-Id: Icc3c74249dfe64173aa5c88fb0f9ffe7576fc2aa
This API returns version of supported APIs.
Here, there are three cases to check API version by using feature
check implementation.
1. Completely implemented in TF-A: I mean the EEMI APIs which are
completely implemented in the TF-A only. So check those IDs and
return appropriate version for the same. Right now, it is base
version.
2. Completely implemented in firmware: I mean the EEMI APIs which are
completely implemented in the firmware only. Here, TF-A only passes
Linux request to the firmware to get the version of supported API. So
check those IDs and send request to firmware to get the version and
return to Linux if the version is supported or return the error code
if the feature is not supported.
3. Partially implemented (Implemented in TF-A and firmware both):
First check dependent EEMI API version with the expected version in
the TF-A. If the dependent EEMI API is supported in firmware then
return its version and check with the expected version in the TF-A.
If the version matches then check for the actual requested EEMI API
version. If the version is supported then return version of API
implemented in TF-A.
Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Change-Id: I73f20d8222c518df1cda7879548b408b130b5b2e
Currently all EEMI API has its own implementation in TF-A which is
redundant. Most EEMI API implementation in TF-A does same work. It
prepares payload received from kernel, sends payload to firmware,
receives response from firmware and send response back to kernel.
So use common interface for EEMI APIs which has similar functionality.
This will optimize TF-A code.
Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Change-Id: I07325644a1fae80211f2588d5807c21973f6d48f
Adds support to get the xilfpga library version and feature list info.
Signed-off-by: Nava kishore Manne <nava.manne@xilinx.com>
Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Change-Id: Iff10ad2628a6a90230c18dc3aebf9dde89f53ecd
Firmware supports new IOCTL for different purposes. To avoid
maintaining new IOCTL IDs in ATF, pass IOCTL call to firmware
for IOCTL IDs implemented in firmware.
Signed-off-by: Rajan Vaja <rajan.vaja@xilinx.com>
Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Change-Id: Ie14697c8da9581b0f695f4d33f05161ece558385
Update the MAX_XLAT_TABLES as the memory map has been
added for the dtb to accomodate in DDR address.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I46225673f40f123cdab38efefb038604da119b58
Remove the time stamp and system counter configuration, as
this configuration is already done by the first stage bootloader.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I41554dc2e14d97954bff299df9740a5efa30fad9
With gcc-11, the -Wformat-signedness warning complains about enum values
that should be printed as unsigned values. But the current version of
compiler used in CI states that this parameter is signed. Just cast the
value then.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ic0655e5ba9c44fe6abcd9958d7a9972f5de3b7ef
* changes:
fix(intel): null pointer handling for resp_len
fix(intel): define macros to handle buffer entries
fix(intel): change SMC return arguments for INTEL_SIP_SMC_MBOX_SEND_CMD
fix(intel): always set doorbell to SDM after sending command
fix(intel): fix bit masking issue in intel_secure_reg_update
fix(intel): fix ddr address range checker
build(changelog): add new scope for Intel platform
Change resource_req to 0 to disable 26MHz clock.
SPM firmware will pull-down SRCLKENA0 after 26MHz off while suspending.
TEST=verify 26MHz clock off using the oscilloscope.
BUG=b:215639203
Signed-off-by: Jason-ch Chen <jason-ch.chen@mediatek.com>
Change-Id: I05702d14a015cabccd6d4af0e3f2a534fbe4dd12
* changes:
fix(nxp-crypto): refine code to avoid hang issue for some of toolchain
build(changelog): add new scope for nxp crypto
fix(lx2): drop erratum A-009810
Platforms which support Realm world cannot boot up
properly if measured boot is enabled at build time.
An assertions occurs due to the missing RMM entry
in the event_log_metadata array.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I172f10a440797f7c9e1bc79dc72242b40c2521ea
Previous changes from commit #6a659448 updates resp_len from an integer
type to unsigned integer pointer type. This patch adds proper handling
in case resp_len is a null pointer. Resp_len with value 0 are also
changed to NULL to match the type change.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I75b3e3bfbb188d8e7b329ba3b948c23e31dec490
This patch defines a macro to handle Secure Device Manager's (SDM)
pointer to command & response buffer entries and convert them to the
correct physical address.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I4cf9f1d90e0d5ae4e1a2ce84165864b48c2862e7
'INTEL_SIP_SMC_MBOX_SEND_CMD' SMC runtime service will only return
mailbox status and the argument's length back to the caller
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Change-Id: I50d2ae74845794cab7bf0858e742b5a70e0ea868
This patch fixes the mailbox stall issue when sending mailbox command
that is larger than mailbox command FIFO size.
Large mailbox command will be sent to SDM in multiple chunks. HPS will
set doorbell to SDM when command FIFO full (is_doorbell_triggered will
be set to 1) to notify SDM to read the command data from FIFO, so that
HPS can continue to send the next chunk of command data.
However, HPS will not set the doorbell to SDM at the end if the doorbell
have been set earlier due to FIFO full. This will cause SDM mailbox
service stall because it is still waiting for last chunk of command data.
This patch fixes the code to always set the doorbell to SDM at the end
to get rid of stall issue.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Change-Id: Idbe62410a00d92a30c7aeaa26d53d79a910cac0a
intel_secure_reg_update function should apply mask to the value before
write into register.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Change-Id: I84bbd06e24b8666528b53030e8359743d438eb5b
This patch fix address range checker to make sure that it does not
errors out on NULL address with size 0. Non-secure software will send
this NULL address if the SMC call doesn't need to pass any address buffer.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I7e492c562a311ba989570c4ed465f845333ec865
This patch fixes the code issue detected by Klocwork scan. Pointer
'bl_mem_params' returned from call to function 'get_bl_mem_params_node'
may be NULL and the NULL pointer may be caused the system crash. Update
the code to assert if unexpected NULL pointer is returned.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Change-Id: I00f3132a6104618cadce26aa303c0b46b5921d5b
Request ownership and direct access to QSPI by default in BL2.
Previously, this is only done on QSPI boot mode.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ie222bbf9d719f2f70f89d4739c285efe6df4c955
The erratum A-009810 should not be applied to LX2, the impaction is
that it can cause system reboot when linux tried to power down, so remove
it.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I5e24229cf8512eff28b315ebcdf18de555c40c74
* changes:
docs(layerscape): add ls1046a soc and board support
feat(ls1046aqds): add board ls1046aqds support
feat(ls1046afrwy): add ls1046afrwy board support
feat(ls1046ardb): add ls1046ardb board support
feat(ls1046a): add new SoC platform ls1046a
fix(nxp-tools): fix tool location path for byte_swape
fix(nxp-qspi): fix include path for QSPI driver
build(changelog): add new scopes for NXP layerscape platforms
* changes:
feat(stm32mp1): enable format-signedness warning
fix(stm32mp1): correct types in messages
fix(st-pmic): correct verbose message
fix(st-sdmmc2): correct cmd_idx type in messages
fix(st-fmc): fix type in message
fix(mtd): correct types in messages
fix(usb): correct type in message
fix(tzc400): correct message with filter
fix(psci): correct parent_node type in messages
fix(libc): correct some messages
fix(fconf): correct image_id type in messages
fix(bl2): correct messages with image_id
Currently only the lowest 2 DRAM region were configured in the
TrustZone Controller, but the platform supports 6 regions spanning the
whole address space.
Configuring all of them to allow tests to access memory also in those
higher memory regions.
FVP memory map:
https://developer.arm.com/documentation/100964/1116/Base-Platform/Base---memory/Base-Platform-memory-map
Note that last row is wrong, describing a non-existing 56bit address,
all region labels should be shifted upward.
Issue has been reported and next release will be correct.
Change-Id: I695fe8e24aff67d75e74635ba32a133342289eb4
Signed-off-by: Federico Recanati <federico.recanati@arm.com>
Add initial support for RD-Edmunds platform. This platform is considered
as a variant of RD-N2 platform with only major change being the CPU
which is Demeter instead of Neoverse-N2.
Signed-off-by: Tony K Nadackal <tony.nadackal@arm.com>
Change-Id: I939d9eac652fa9e76ad002ee5e6107aa79baa013
Add the flag -Wformat-signedness to TF_CFLAGS for STM32MP1.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I6af18778902b0a4dae1c08735d2d070ef3d137ce
Secure enclave decides the boot bank based on the firmware update
state of the system and updates the boot bank information at a given
location in the flash. In this commit, bl2 reads the given flash
location to indentify the bank from which it should load fip from.
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: I7f0f4ffc97189c9deb99db44afcd966082ffbf21
A53 AP BootROM is just 16 kB long and is mapped to address range
0xFFFF0000-0xFFFF4000. RVBAR_EL3 register has value 0xFFFF0000.
A53 AP BootROM itself is in the BootROM window which is 1 MB long and
mapped to address range 0xFFF00000-0xFFFFFFFF.
CM3 BootROM is not accessible from A53 core.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I5d4a4c7b1e7550c4738c67a872d341f945d48bbc
More space in the flash is reserved up front for metadata
parser and UEFI variables. That requires change in the flash
base address of where images are present.
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: Ieaabe09374d707de18d36505c69b6c9a8c2ec2e9
This change implements platform specific psci reset
for the corstone1000.
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: I25f77234506416c3376ff4a028f6ea40ebe68437
ls1046aqds board is full function board to evaluate ls1046a platform.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Signed-off-by: York Sun <york.sun@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: Id1befe37a25f7c379e76791538348fd03bba78f7
The LS1046A Freeway board (FRWY) is a high-performance computing,
evaluation, and development platform that supports the LS1046A
architecture processor capable of support more than 32,000 CoreMark
performance. The FRWY-LS1046A board supports the LS1046A processor,
onboard DDR4 memory, multiple Gigabit Ethernet, USB3.0 and M2_Type_E
interfaces for Wi-Fi, FRWY-LS1046A-AC includes the Wi-Fi card.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Signed-off-by: York Sun <york.sun@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I9a9680689e6f17bf4cc76fd5d1883eed6ace5149
The LS1046A reference design board (RDB) is a high-performance
computing, evaluation, and development platform that supports
the Layerscape LS1046A architecture processor.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Signed-off-by: York Sun <york.sun@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: Ib7a01b309e0b0acc7f38e22b138e9e181dff244a
The LS1046A is a cost-effective, power-efficient, and highly
integrated system-on-chip (SoC) design that extends the reach
of the NXP value-performance line of QorIQ communications
processors. Featuring power-efficient 64-bit Arm Cortex A72
cores with ECC-protected L1 and L2 cache memories for high
reliability, running up to 1.8 GHz.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: rocket <rod.dorris@nxp.com>
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Change-Id: I208d9bf1702410463c2b2630d31d0cd4eb7e8837
These changes are required to accommodate 3MB for OP-TEE and this
is required for SP's part of optee
Added size macro's for better readability of the code
Moved uboot execution memory from CVM to DDR
Change-Id: I16657c6e336fe7c0fffdee1617d10af8a2c76732
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
diphda platform is now being renamed to corstone1000.
These changes are to replace all the instances and traces
of diphda corstone1000.
Change-Id: I330f3a112d232b99b4721b6bf0236253b068dbba
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Add helper functions to generate event log for imx8mm
when MEASURED_BOOT=1.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: Ifc947d749055787fbda0b39170aa2eb8865b7802
The PIE compilation is used only for BL32, move the ENABLE_PIE to
sp_min-stm32mp1.mk file. Override PIE flags, as sp_min.mk file is
included after the flags are set in Makefile.
The BL2_IN_XIP_MEM was added for a feature not yet upstreamed.
It is then removed from platform.mk file.
Change-Id: If055e51e0f160f99cd4e4cf68ca718d4d693119c
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
tamp_bkpr() returns a register address. So use uintptr_t instead of
uin32_t.
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Change-Id: I5eddfa525465313dadfec18d128248a968ba74e2
Add the SZ_* macros from 32 to 2G.
This allows removing some defines in raw NAND driver
and STM32MP1 boot device selection code.
Change-Id: I3c4d4959b0f43e785eeb37a43d03b2906b7fcfbc
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Arpita S.K <Arpita.S.K@arm.com>
Actually BL31_LIMIT is set to 0xffffffff but that doesn't work correctly
with bl31.ld since ". = ALIGN(((1) << (12)));" will try to fill aligned up
to 0x100000000 included, but the RAM size is 0xffffffff, so this leads to
this build error:
```
bl31.elf section `coherent_ram' will not fit in region `RAM'
/home/br-user/git/upstream/ci-tests/zynqmp_zcu102/host/bin/aarch64-buildroot-linux-uclibc-ld: region `RAM' overflowed by 1 byte
```
So let's move BR31_LIMIT to 0x100000000 giving 1 byte more room to fill RAM
up to the end.
Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
Change-Id: Ic0edb8ed159e013f60598a9dd4f50adbf656b38d
Add board support for variant 2 of RD-N2 platform which is a four chip
variant with 4 cores on each chip. The "CSS_SGI_PLATFORM_VARIANT" value
is 2 for multi-chip variant. The "CSS_SGI_CHIP_COUNT_MACRO" can be in
the range [1, 4] for multi-chip variant.
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Change-Id: I6412106e80e2f17704c796226c2ee9fe808705ba
Add support for the PSCI CPU_ON call to allow booting secondary CPU
cores. On cold boot they need to be booted with a special register
sequence. Also, the "boot remapper" needs to be configured to point to
the BL31_BASE, so the CPUs actually start executing BL31 after reset.
Change-Id: I406c508070ccb046bfdefd51554f12e1db671fd4
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Booting e.g. Linux in the non-secure world does not work with the
msm8916 port yet because essential hardware is not made available to
the non-secure world. Add more platform initialization to:
- Initialize the GICv2 and mark secure interrupts.
Only secure SGIs/PPIs so far. Override the GICD_PIDR2_GICV2
register address in platform_def.h to avoid a failing assert()
because of a (hardware) mistake in Qualcomm's GICv2 implementation.
- Make a timer frame available to the non-secure world.
The "Qualcomm Timer" (QTMR) implements the ARM generic timer
specification, so the standard defines (CNTACR_BASE etc)
can be used.
- Make parts of the "APCS" register region available to the
non-secure world, e.g. for CPU frequency control implemented
in Linux.
- Initialize a platform-specific register to route all SMMU context
bank interrupts to the non-secure interrupt pin, since all control
of the SMMUs is left up to the non-secure world for now.
Change-Id: Icf676437b8e329dead06658e177107dfd0ba4f9d
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Introduce the bare mimimum base of the msm8916 BL31 port. This is
pretty much just a standard platform "skeleton" with CPU/memory
initialization and an UART driver. This allows booting into
e.g. U-Boot with working UART output.
Note that the plat/qti/msm8916 port is completely separate and does not
make use of anything in plat/qti/common at the moment. The main reason
for that is that plat/qti/common is heavily focused around having a
binary "qtiseclib" component, while the MSM8916 port is fully
open-source (and therefore somewhat limited to publicly documented
functionality).
In the future it might be possible to re-use some of the open-source
parts in plat/qti/common (e.g. spmi_arb.c or pm_ps_hold.c) but it's
not strictly required for the basic functionality supported so far.
Change-Id: I7b4375df0f947b3bd1e55b0b52b21edb6e6d175b
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
From the new binding, the RCC become secured based on the new
compatible. This must be done only from the secure OS initialisation.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I7f0a62f22bfcca638ddaefc9563df00f89f01653
Add an early UART console to ease debug before UART is fully configured.
This is done under flag STM32MP_EARLY_CONSOLE in the first STM32MP1
platform function called (bl2_el3_early_platform_setup()). It uses the
parameters defined for crash console: STM32MP_DEBUG_USART* macros.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Id6be62368723a0499e97bbf56fb52c166fcbdfad
* changes:
feat(stm32mp1): warn when debug enabled on secure chip
fix(stm32mp1): rework switch/case for MISRA
feat(st): disable authentication based on part_number
* changes:
feat(st-gpio): do not apply secure config in BL2
feat(st): get pin_count from the gpio-ranges property
feat(st-gpio): allow to set a gpio in output mode
refactor(st-gpio): code improvements
The Event Log sources are added to the source-list of BL1 and BL2
images in the Event Log Makefile. It doesn't seem correct since
some platforms only compile Event Log sources for BL2.
Hence, moved compilation decision of Event Log sources to the
platform makefile.
Change-Id: I1cb96e24d6bea5e091d08167f3d1470d22b461cc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
The "ngpios" property is deprecated and may be removed.
Use the "gpio-ranges" property where the last parameter of that
property is the number of available pins within that range.
Signed-off-by: Fabien Dessenne <fabien.dessenne@foss.st.com>
Change-Id: I28295412c7cb1246fc753cff0d447b6fdcdc4c0f
Add a banner that inform user that debug is enabled
on a secure chip.
Change-Id: Ib618ac1332b40a1af72d0b60750eea4fc36a8014
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Avoid the use of return inside switch/case in stm32mp_is_single_core().
Although this MISRA rulre might not be enforced, we align on what is done
for stm32mp_is_auth_supported().
Change-Id: I00a5ec1b18c55b4254af00c9c5cf5a4dce104175
Signed-off-by: Yann Gautier <yann.gautier@st.com>
STM32MP15xA and STM32MP15xD chip part numbers don't
support the secure boot.
All functions linked to secure boot must not be used
and signed binaries are not allowed on such chip.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I5b85f322f5eb3b64415e1819bd00fb2c99f20695
The monotonic counter is stored in an OTP fuse.
A check is done in TF-A.
If the TF-A version is incremented, then the counter will be updated
in the corresponding OTP.
Change-Id: I6e7831300ca9efbb35b4c87706f2dcab35affacb
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Mathieu Belou <mathieu.belou@st.com>
Use dt_find_otp_name() to retrieve platform OTP information
from device tree, directly or through stm32_get_otp_index() and
stm32_get_otp_value() platform services.
String definitions replace hard-coded values, they are used to call
this new function.
Change-Id: I81213e4a9ad08fddadc2c97b064ae057a4c79561
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Rename driver file to BSEC2.
Split header file in IP and feature parts.
Add functions to access BSEC scratch register.
Several corrections and improvements.
Probe the driver earlier, especially to check debug features.
Change-Id: I1981536398d598d67a19d2d7766dacc18de72ec1
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Used by driver parsing this node to get information.
Change-Id: I50623a497157adf7b9da6fafe8d79f6ff58c0ebc
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
This patch adds the basic CPU library code to support the Poseidon CPU
in TF-A. Poseidon is derived from HunterELP core, an implementation of
v9.2 architecture. Currently, Hunter CPU the predecessor to HunterELP,
is supported in TF-A. Accordingly the Hunter CPU library code has been
as the base and adapted here.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I406b4de156a67132e6a5523370115aaac933f18d
This warning can only be removed if the version is newer than v1.6.0.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I472a8e552305b563447e8148074a5c0970b429e3
Remove stm32mp_incr_shrefcnt(), stm32mp_decr_shrefcnt(),
stm32mp_incr_refcnt() and stm32mp_decr_refcnt() that are unused.
The file is then just removed.
Change-Id: I09ee23c02317df5d8f71cbc355d3ed4a67ce2749
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Due to stm32mp_shres_helpers.h removal, the debug.h header is no more
included. It should then be added to stm32mp1_boot_device.c.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I397911ac05fdff464c010cf3b2e04320a781b4aa
Add support for enabling the FWU multi bank boot feature on the
platform.
Currently, this feature is supported on the STM32MP157C-DK2 board,
which boots off a uSD card. Also, support has been enabled when
booting from a FIP image.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: Ia69e858461e2daf599d41d66d7ff2ccae0c341c2
With the FWU Multi Bank update feature, the platform can boot from one
of multiple banks(partitions). Pass the value of bank from which the
platform has booted as boot index to the Update Agent. The Update
Agent will match this boot index value against the active_index field
in the metadata, and update the metadata if there is a mismatch.
Fow now, the mechanism to pass the boot index is platform specific. On
the STM32MP1 platform, the boot index value is passed through a
memorey mapped TAMP register on the SoC.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: I0aa665ff9c1db95be8ae19ed8de6d866587d6850
Add support for reading the FWU metadata partition. The metadata
partition stores information on the current active bank along with
information on all the FWU updatable images on the platform. This
information is then used to identify the image to be booted.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: I66bc5ac718c21a49c504e698b5b1f5c4daed2d08
With the FWU multi bank boot feature enabled, the platform can boot
from one of the multiple banks(partitions) containing the firmware
images. The bank whose firmware components are to be booted is read
from the FWU metadata structure -- the image to be booted is thus
derived by reading the metadata.
Read the metadata and set the image spec of the corresponding image
type to point to the partition from which the image is to be booted.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: I3dfdc7e9202859e917ec4e1f7d1855aad42c6b70
Add GUID's for identifying the firmware image type. With the FWU
multi bank boot feature enabled, these GUID values are used to
identify the firmware image to be booted. This is done by matching
GUID values of images in the io policy table with the Image GUID value
that is read from the FWU metadata structure.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: Id9751f02f95fc48ef68e4e3f9f0ddbf6d6319d3c
With the FWU multi bank feature enabled, the identification of
firmware image type is done using the image type GUID instead of
binary_type field.
Add GUID values for the FIP image which can be updated through
the FWU firmware update feature. The GUID values are used in
identifying the firmware images.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: If7d9356aa8d2bb3fbcbc87100e6972f1a1862921
The metadata structure copy is passed to the platform routine to set
the image source to boot the platform from. This is done by reading
the metadata structure. Pass the metadata as a read-only copy to the
routine -- the routine only needs to consume the metadata values and
should not be able to update the metadata fields.
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Change-Id: I399cad99ab89c71483e5a32a1de0e22df304f8b0
* changes:
feat(stm32mp1): add helper to enable high speed mode in low voltage
refactor(stm32mp1): add helpers for IO compensation cells
feat(stm32mp1): use clk_enable/disable functions
feat(stm32mp1): add timeout in IO compensation
Increase the stack size to avoid stack overflow
when the LOG_LEVEL compile option is set high.
Signed-off-by: Hideyuki Nitta <hideyuki.nitta.jf@hitachi.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: I25047322763bff148dba13848a3a40f4c7cf90b7
Fixed an issue where the CPU and Cluster could not be turned OFF
when the SYSTEM_OFF has executed.
Signed-off-by: Hideyuki Nitta <hideyuki.nitta.jf@hitachi.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: Id476f815b58246ae0574c04ccb3eb201d09039b9
The LS1043A reference design board (RDB) is a computing, evaluation,
and development platform that supports the Layerscape LS1043A
architecture processor.
The old implementation in tf-a (plat/layerscape/board/ls1043/) is removed,
and this patch is adding it back, it is using the unified software
component and architecture with all the other Layerscape platforms.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Change-Id: I83eee2f9254267b148960b05e25b6c9ba86cf07e
The LS1043A processor was NXP's first quad-core, 64-bit Arm based
processor for embedded networking.
The old implementation in tf-a (plat/layerscape/board/ls1043/) is removed,
and this patch is adding it back, it is using the unified software
component and architecture with all the other Layerscape platforms.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: rocket <rod.dorris@nxp.com>
Change-Id: Ia3877530fae6479bd4a33bbe46b0c0d28ab43160
Remove old implementation for Layerscape ls1043a platform, and
will added it back with unified software architecture of all
Layerscape platforms.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: If038c19ab04d70050ec8e6ab2097b1c4f8324e87
Increate SoC name length as it is not enough for some
SoC personalities.
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I2142b4b5162dd3c9ab3afefcdc859063836d8bcc
Use STM32MP_HEADER_RESERVED_SIZE macro instead of a fixed value 0x3000
in linker script.
Change-Id: I2702285c15aebaa1304a891c8aaabc949a912ba6
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This new function is used to fill the register(s) responsible to enable
high speed mode for pad in low voltage (<2.7V).
Change-Id: Ib8abc6628bdf51bbe6a866bc6a9bcdeb4a84a8f4
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add enable_io_comp_cell and disable_io_comp_cell local helpers
to enable or disable an IO compensation cell.
Change-Id: I65295298a7ece572ae939e2db93d10b188de0f9e
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Use the clock framework functions in SYSCFG driver instead of dedicated
functions.
Change-Id: Ifb50a5207e8cecef1c80d86e2de4d70ab6bf8b8b
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Use a timeout during IO compensation enable function, when
waiting for ready status. If timeout expires, print a warning
message, to indicate that the SoC recommendation is not followed.
Change-Id: I98c7dcb1364b832f4f4b5fc9a0b85a3741a8af4b
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Added some RCPM2 register offset definiton for register: IPSTPCR,
IPSTPACKR and POWMGTDCR, also added OVRD bit definiton of register
POWMGTDCR.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I301bc1401e053c2089b5eb3672c6e649c805a2ab
total_dram_size should be signed value because it is equal to return
value of init_ddr(), so if it is lower or equal zero, report
error as DDR is not initialized correctly.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Idbc40da103f60f10cb18c5306e97b764c1a9d372
Add helper function to disable the load-store prefetch.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I36d7be37e0b800ab1e5842a56cfd04d779338868
* changes:
feat(stm32mp1): enable BL2_IN_XIP_MEM to remove relocation sections
refactor(stm32mp1): reduce MMU memory regions and split XLAT by context
feat(st): map 2MB for ROM code
fix(stm32mp1): restrict DEVICE2 mapping in BL2
Total Compute has ETE and TRBE tracing components and they have
to be enabled to capture the execution trace of the processor.
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
Change-Id: I3c86c11be2c655a61ecefa3eb2e4e3951577a113
Because the BL2 is not relocated, the usage of BL2_IN_XIP_MEM
can be used. It reduces the binary size by removing all relocation
sections. XIP will not be used when STM32MP_USE_STM32IMAGE is
defined. Introduce new definitions for SEPARATE_CODE_AND_RODATA.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: Ifd76f14e5bc98990bf84e0bfd4ee0b4e49a9a293
Simplify the BL2 MMU mapping and reduce the memory regions
number. Split the XLAT define between BL2 and BL32 as binaries
do not share the same tables anymore.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: Iaf09e72b4cc29acbe376f6f1cd2a8116c793ba26
This allows reducing MMU tables, and as there is nothing after ROM code
in memory mapping, this has no impact.
Change-Id: If51facb96a523770465cb06eb1ab400f75d26db3
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Only NAND memory map area can be of interest for BL2 in the
DEVICE2 area. Map DEVICE2 under STM32MP_RAW_NAND flag.
Change-Id: I7e3b39579e4a2525b25cb1987d6ec38038d0de2b
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change BL31 load address to 0x970000. This was done by Change-Id
I96d572fc. But then changed back to 0x960000 by Change-Id I8308c629.
However, 0x970000 is the correct value thus we change it back again.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Change-Id: Ia0db4877123b89072f723d18e2bcce25ef38f47d
Disabled CRYPTO_SUPPORT option for Renesas platform as it does not
follow the TF-A authentication mechanism where Trusted-Boot mandates
Crypto module support.
Change-Id: I3aa771e983e3dde083dd8a861f25c0714ffd707f
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
As Measured-Boot and Trusted-Boot are orthogonal, removed
Trusted-Boot's dependency on Measured-Boot by allowing them
to apply the Crypto module changes independently using the
CRYPTO_SUPPORT build flag.
Change-Id: I5a420e5d84f3fefe0c0092d822dab981e6390bbf
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
* changes:
refactor(st-ddr): move basic tests in a dedicated file
refactor(st-ddr): reorganize generic and specific elements
feat(stm32mp1): allow configuration of DDR AXI ports number
refactor(st-ddr): update parameter array initialization
feat(st-ddr): add read valid training support
refactor(stm32mp1): remove the support of calibration result
fix(st-ddr): correct DDR warnings
As the UART is already initialized, no need to check for UART clock
or reset in next BL. An issue can appear if the next BL device tree
(e.g HW_CONFIG) doesn't use the same clocks or resets (like SCMI ones).
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I044ef2386abe2d3dba5a53c3685440d64ca50a4f
This patch includes the errata workaround for erratum
1868343 for the Morello platform.
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Change-Id: Ifea8148e10946db2276560f90bf2f32bf12b9dcc
* changes:
feat(plat/rcar3): update IPL and Secure Monitor Rev.3.0.3
feat(plat/rcar3): modify type for Internal function argument
feat(plat/rcar3): modify sequence for update value for WUPMSKCA57/53
fix(plat/rcar3): fix to bit operation for WUPMSKCA57/53
These basic tests are generic and should be used independently of the
driver, depending on the plaftorm characteristics.
Change-Id: I38161b659ef2a23fd30a56e1c9b1bd98461a2fe4
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@foss.st.com>
stm32mp_ddrctl structure contains DDRCTRL registers definitions.
stm32mp_ddr_info contains general DDR information extracted from DT.
stm32mp_ddr_size moves to the generic side.
stm32mp1_ddr_priv contains platform private data.
stm32mp_ddr_dt_get_info() and stm32mp_ddr_dt_get_param() allow to
retrieve data from DT. They are located in new generic c/h files in
which stm32mp_ddr_param structure is declared. Platform makefile
is updated.
Adapt driver with this new classification.
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Change-Id: I4187376c9fff1a30e7a94407d188391547107997
A new flag STM32MP_DDR_DUAL_AXI_PORT is added, and enabled by default.
It will allow choosing single or dual AXI ports for DDR.
Change-Id: I48826a66a6f4d18df87e081c0960af89ddda1b9d
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Refactor the GPIO code to use a small lookup table instead of redundant or
repetitive code.
Signed-off-by: Jona Stubbe <tf-a@jona-stubbe.de>
Change-Id: Icf60385095efc1f506e4215d497b60f90e16edfd
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
On closed chips, it is not allowed to open debug. The BSEC debug
register can not be rewritten.
On open chips, the debug is already open, no need to rewrite this
register. This part of code is just removed.
An INFO message is displayed if debug is disabled.
The freeze of the watchdog during debug is also removed.
In case of debug, this must be managed by the software that enables
the debugger.
Change-Id: I19fbd3c487bb1018db30fd599cfa94fe5090899f
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Add function headers to improve readability.
Add asserts when required.
Use RCC_BASE address.
Change-Id: Ia545293f00167b6276331a986ea7aa08c006e004
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
According to ST Application note AN5256 [1], the minimum reset pulse
duration should be set to 31ms on boards powered with discrete
regulators.
[1] https://www.st.com/resource/en/application_note/dm00561921.pdf
Change-Id: Ib6ed029ee8a4b95f75a80948fdd2154b4ebe484f
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
We don't use mbox drivers which are implemented in these files for
mcdi, so remove related files from mcdi folder.
TEST=build pass
BUG=b:202871018
Signed-off-by: Rex-BC Chen <rex-bc.chen@mediatek.com>
Change-Id: Idea5ebe5b25f91066ebd653cdcdafe65ca292b0f
For somewhat historical reasons we are doing some initial PMIC regulator
setup in BL31, as U-Boot does not (yet) have a PMIC driver. This worked
fine so far, but there is at least one board (OrangePi 3) that gets upset,
because the Ethernet PHY needs some *coordinated* bringup of *two*
regulators.
To avoid custom hacks, let's introduce a build option to keep doing the
regulator setup in TF-A. Defining SUNXI_SETUP_REGULATORS to 0 will break
support for some devices on some boards in U-Boot (Ethernet and HDMI),
but will allow to bring up the OrangePi 3 in Linux correctly. We keep
the default at 1 to not change the behaviour for all other boards.
After U-Boot gained proper PMIC support at some point in the future, we
will probably change the default to 0, to get rid of the less optimal
PMIC code in TF-A.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: Ie8e2583d0396f6eeaae8ffe6b6190f27db63e2a7
Use regulator framework to get CPU and VDD power supplies.
Change-Id: Ice745fb21ff10e71ef811e747165499c2e19253e
Signed-off-by: Pascal Paillet <p.paillet@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
print_pmic_info_and_debug() prints the PMIC version ID and displays
regulator information if debug is enabled.
It is under DEBUG flag and called after initialize_pmic() in BL2.
Change-Id: Ib81a625740b7ec6abb49cfca05e44c69efaa4718
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
SYSCFG can be initialized later, after console is up, to display the
warnings or messages it could issue.
PMIC should be initialized earlier, before SYSCFG init.
Change-Id: Icc3a1366083a1b1fde7f0e173645449b4c04c49b
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This is mainly a clock interface with clk_ops callbacks.
Those callbacks are: enable, disable, get_rate, set_parent,
and is_enabled.
This framework is compiled for STM32MP1.
Change-Id: I5119a2aeaf103ceaae7a60d9e423caf0c148d794
Signed-off-by: Ludovic Barre <ludovic.barre@st.com>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@st.com>
Currently only UART0 is handled as console device, fix the
code to support UART1 as console also.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: Ifcd3c331cf6ce4afb0074357c92fc4addb9438b6
Currently only UART0 is handled as console device, fix the
code to support UART1 as console also.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I08f69b65b78b967ceb7159f4a467aa5982b1f791
Add MCDI related drivers to handle CPU powered on/off in CPU suspend.
TEST=build pass
BUG=b:202871018
Change-Id: I85aaaf3a0e992a39d17c58f3d9d5ff1b5770f748
Signed-off-by: Garmin.Chang <Garmin.Chang@mediatek.com>
Implement PSCI platform operations to support CPU hotplug and MCDI.
TEST=bringup 8 CPUs successfully on kernel stage.
BUG=b:202871018
Change-Id: Ibd5423b70b3ca3f91edaa48d7ca5bc094e751510
Signed-off-by: Garmin.Chang <Garmin.Chang@mediatek.com>
In mt8186 suspend/resume flow, ATF has to communicate with a subsys by
read/write the subsys registers. However, the register region of subsys
doesn't include in the MMU mapping region. It triggers MMU faults.
This patch extends the MMU region 0 size to cover all mt8186 HW modules.
This patch also remove MMU region 1 because region 0 covers region 1.
TEST=build pass
BUG=b:202871018
Signed-off-by: Rex-BC Chen <rex-bc.chen@mediatek.com>
Change-Id: I520c51338578bd68756cd02603ce6783f93daf51
DCM means dynamic clock management, and it can dynamically
slow down or gate clocks during CPU or bus idle.
1. Add MCUSYS related DCM drivers.
2. Enable MCUSYS related DCM by default.
TEST=build pass
BUG=b:202871018
Signed-off-by: Edward-JW Yang <edward-jw.yang@mediatek.corp-partner.google.com>
Change-Id: Idc669364c89cde0974d2940bd12987ee833d1965
EMI MPU stands for external memory interface memory protect unit.
MT8186 supports 32 regions and 16 domains.
We add basic driver currently, and will add more settings for
EMI MPU in next patch.
TEST=build pass
BUG=b:202871018
Signed-off-by: Penny Jan <penny.jan@mediatek.corp-partner.google.com>
Change-Id: Ia9e5030164e40e060a05e8f91d2ac88258c2e98e
Warnings about header files include order were triggered by CI.
Correct the include order to mathc CI requirements.
Change-Id: Iaca959add924e0e1fa2e56fab2348f0ee36e5fa7
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Cortex X2 erratum 2083908 is a Cat B erratum present in the Cortex
X2 core. It applies to revision r2p0 and is still open.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775100
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Id9dca2b042bf48e75fb3013ab37d1c5925824728
SoC UART1 is internally connected to MCP UART1 so this
cannot be used as AP runtime UART instead we use the
IOFPGA UART0 as the AP runtime UART.
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Change-Id: Iecefb0d2cb875b3ecf97e0983b06f6e914835021
This patch adds support to load nt_fw_config
with the information from plat_info sds
structure which is then passed from BL2 to BL33.
Signed-off-by: sah01 <sahil@arm.com>
Change-Id: I2242da7404c72a4f9c2e3d7f3b5c154890a78526
Different platform_info sds struct definition will be used
for fvp and soc.
Signed-off-by: sahil <sahil@arm.com>
Change-Id: I92f0e1b2d0d755ad0405ceebfeb78d6e4c67013d
This patch adds all SOC and FVP related changes required to boot
a standard TBBR style boot on Morello.
Signed-off-by: sahil <sahil@arm.com>
Change-Id: Ib8f7f326790b13082cbe8db21a980e048e3db88c
Based on the SCC configuration value obtained from the SDS
platform information structure configure DMC-Bing Server or
Client mode after zeroing out the memory.
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Change-Id: I0555fa06c9c1906264848f4e32ca413b4742cdee
For Morello SoC, we use ECC capability for the RDIMMs
which require the entire DDR memory space to be zeroed
out before it can be accessed.
Change-Id: Icbe9916f9a2d3c4ce839d8bf7f867efa18f33e23
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
The same folder "plat/arm/board/morello" is going to be
used by both Morello FVP and Morello SoC platforms.
TARGET_PLATFORM build flag has been introduced to
differentiate between the two platforms
Change-Id: I3e94da372a3f1ba810b4259b85dd4c204306c359
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
There might be several platforms which use the
TARGET_PLATFORM build option to differentiate the code
between the platform variants.
Use of TARGET_PLATFORM in the common code leads to build
failures instead use PLAT build option.
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Change-Id: I9724caf875bd56225e035ecffa8b9ca1a50d3401
Protect the UART instance used for serial boot
with UART used for console.
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Change-Id: Ieee1557b34e7baa81594c3fbf0513191737027bf
Use stm32mp_uart_console_setup() in SP_min setup.
Adapt the function stm32mp_uart_console_setup() for BL32 (no reset, add
CONSOLE_FLAG_RUNTIME under DEBUG.
Change-Id: Ib2d35c8d285dafb680aa218872ad679cbf43d0ed
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Use newly created function stm32mp_uart_console_setup().
And remove now useless code.
Change-Id: Ib8d0319d3f4f54309848bc225b58608cea73bad9
Signed-off-by: Yann Gautier <yann.gautier@st.com>
To ease console configuration, a dedicated function is created:
stm32mp_uart_console_setup(). The code will also be common for the
different BLs.
Change-Id: Idf3cad756f125ca2313cf30b1311637a9df8f27f
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Add function stm32_get_boot_interface to get the current boot interface
from information saved in the TAMP register.
Change-Id: I23af43c68eeaebe4c45920a57d739117aea3fbb1
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
The function stm32_save_boot_interface()is moved to stm32mp1_private.c
file. The files stm32mp1_context.{c,h} are removed.
As return is always 0, change the function to return void.
Call it earlier, to be able to use it when configuring console.
Change-Id: I8986e1257dc8e8708eab044a51ea1f2426b16597
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Those pins are configured by ROM code, for serial boot use cases.
Their configs are reset if the boot is done on UART, but not on USB.
This should then be done in TF-A. This has to be done after clock
init, and before console is configured.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I29a9694e25fcf1665360dd71f73937f769c43b52
Add set_gpio_reset_cfg() to set a pin in its reset configuration:
analog, no-pull, speed low, and its secure configuration, thanks to
stm32_gpio_is_secure_at_reset().
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I7b73c3636859f97fcc57f81cf68b42efc727922e
Sort the compilation flags in platform.mk when checking and defining
them for C files.
Change-Id: I5a08399c89ede4c0bd8697045706122732205db5
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Thanks to dyn_cfg_dtb_info_get_index(), we can check if TOS_FW_CONFIG
is inside the FIP partition. If not we can skip its treatment when
populating FIP images.
Change-Id: If5623eabd1ba484549d4a908d4a6f43325b36875
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Modify the type of the variable that stores the value for MPIDR
in the internal function from uint64_t to u_register_t.
Signed-off-by: Koichi Yamaguchi <koichi.yamaguchi.zb@hitachi.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Change-Id: Ib5bda93d5432e0412132bddf41ead8ee3fcf9e46
Add new function so that the value of bit at WUPMSKCA57/53,
which points to CPU other than the BOOT CPU, is 1 at initialization.
Modify sequence so that value of each bit for CPU at WUPMSKCA57/53 is
basically 0 and target bit value is changed to 1 only when CPU_OFF.
Signed-off-by: Koichi Yamaguchi <koichi.yamaguchi.zb@hitachi.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Change-Id: Id5dafc04e1dbaf265c8b67b903c335bb1af49914
With new gcc11.2 by default the -mbranch-protection is
set to "standard" which is leading to increase the text
section by 4Kb. As the ZynqMP uses the ARMv8 architecture,
so there is no impact when we disable the branch protection.
These instructions do not provide the branch protection in
architectures before Armv8.3-A.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Change-Id: I36f7a55abf99f50df2ee265255598d83b1f480c6
Implemented a platform function 'plat_mboot_measure_critical_data' to
measure critical data and record its measurement using the Event Log
driver.
'bl2_plat_mboot_finish' function invokes this platform function
immediately after populating the critical data.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ia198295c6e07ab26d436eab1ff90df2cf28303af
It doesn't look correct to use mbed TLS defines directly in the Event
Log driver as this driver may use another Crypto library in future.
Hence mbed TLS Crypto dependency on Event Log driver is removed by
introducing generic Crypto defines and uses those in the Event Log
driver to call Crypto functions.
Also, updated mbed TLS glue layer to map these generic Crypto defines
to mbed TLS library defines.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ibc9c751f60cbce4d3f3cf049b7c53b3d05cc6735
SynQuacer SoC contains a Cortex-M3 System Control Processor(SCP)
which manages system power.
This commit modifies the PSCI system_off handling to call SCMI,
same as other PSCI calls. System power-off is done by turing off
the ATX power supply through GPIO, this operation is transferred
to SCP.
Note that this commit modifies only the SCMI case, obsolete SCPI
implementation is not updated.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Change-Id: I6c1009e67cccd1eb5d14c338c3df9103d63709dd
The GTimer implemented on SynQuacer has similar issue found on Juno
wherein CNTBaseN.CNTFRQ can be written but does not reflect the value
of the CNTFRQ register in CNTCTLBase frame. This doesn't follow ARM ARM
in that the value updated in CNTCTLBase.CNTFRQ is not reflected
in CNTBaseN.CNTFRQ.
Hence enable the workaround (applied to Juno) for SynQuacer that updates
the CNTFRQ register in the Non Secure CNTBaseN frame.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Change-Id: I5204fb57f28c0945812814f008c4905ef0882e2b
Handle boot from UART with STM32CubeProgammer based on mmap io
for STM32MP15.
Depends-On: Iba84e8dfd67b9f30416efb0f6778e48ba1f75dad
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Change-Id: Ibd719dd46a11da78633728675ef6639635b6cf67
Add a file to support the STMicroelectronics tool STM32CubeProgrammer
over UART in BL2 for STM32MP15x platform.
This tools is based on protocol defined in AN5275,
"USB DFU/USART protocols used in STM32MP1 Series bootloaders"
based on STM32 MCU protocols (AN3155, "USART protocol used
in the STM32 bootloader").
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Change-Id: I956c95d8de0a94d1eb8e61f043651dae7b838170
These registers make it is possible to do external resets of A3700
peripherals. Most peripherals are reset by clearing a particular bit,
but some need setting the bit. Reflect this via "_N" suffix in macro
names.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Iacef5e671746b831b5beea9e4fdcc59d8de84edc
Commit 4333f95 ("fix(spm_mm): do not compile if SVE/SME is enabled")
introduced a comiple time check to verify if ENABLE_SVE_FOR_NS is set to
0 when SPM_MM build is enabled. To support SPM_MM builds on SGI/RD
platforms set ENABLE_SVE_FOR_NS to 0.
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: If78ed7567f6d988795b2bc7f772a883783246964
MISRA Violation: MISRA-C:2012 R.10.6
- The value of a composite expression shall not be assigned to an object
with wider essential type
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: Ia0d13c3cfeb13d22b6fc7e8869cc713218302973
MISRA Violation: MISRA-C:2012 R.14.4
- The controlling expression of an if statement and the controlling
expression of an iteration-statement shall have essentially Boolean type.
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: I8cf821a42015858200cc0c514600012c8f61061f
MISRA Violation: MISRA-C:2012 R.17.7
- The value returned by a function having non-void return type shall be
used ((void) missing for discarded return value.).
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: I1e6a598b9fe6c571a3e5010ee832ef860dfe491d
MISRA Violation: MISRA-C:2012 R.10.3
- The value of an expression shall not be assigned to an object with a
narrower essential type or of a different essential type category
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: I9c6dd8dba40db8067b46947ceff295732648612a
MISRA Violation: MISRA-C:2012 R.7.2
- A "u" or "U" suffix shall be applied to all integer constants that are
represented in an unsigned type
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: Iaf6db75e42913ddceccb803426287d0c47d7f31d
MISRA Violation: MISRA-C:2012 R.15.7
- All if . . else if constructs shall be terminated with an else statement
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: Iea32e32b5683f7accd7fac8d557957f05ed0f5c5
MISRA Violation: MISRA-C:2012 R.15.6
- The body of an iteration-statement or a selection-statement shall be
a compound statement
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: If1ccaa2f254ac85a329295de501e2b5558e8ff43
MISRA Violation: MISRA-C:2012 R.10.1
- Operands shall not be of an inappropriate essential type.
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: I67b5788054a136be8d764472c5d85528a5c4272f
MISRA Violation: MISRA-C:2012 R.20.7
- Expressions resulting from the expansion of macro parameters shall be
enclosed in parentheses
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: Id913c556cab955c798809ad2bd08ca3e48e2231a
MISRA Violation: MISRA-C:2012 R.10.3
- The value of an expression shall not be assigned to an object with a
narrower essential type or of a different essential type category
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: I73c056ff4df2f14e04c92a49ac5c97e578e82107
MISRA Violation: MISRA-C:2012 R.10.6
- The value of a composite expression shall not be assigned to an object
with wider essential type.
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: I67ac6b6b4b643f57e76a435345540e241c9a88b9
MISRA Violation: MISRA-C:2012 R.15.6
- The body of an iteration-statement or a selection-statement shall be
a compound statement
Signed-off-by: Abhyuday Godhasara <abhyuday.godhasara@xilinx.com>
Change-Id: I82e924a77ee3afeb56fa18714e94cc4f6fff5a49
The clock and pll of mt8195 can be locked into security access
by device apc. Add clock and pll related SiP call for the access
from Kernel space.
Signed-off-by: Flora Fu <flora.fu@mediatek.com>
Change-Id: I0c1f7d6c6abdd3b976492a0b776dc5b1d1f1512b
Adds support for SPMD with SPMC at S-EL1. A new config option SPMC_OPTEE
is added to support loading the special OP-TEE images when configured
with SPD=spmd. With or without SPMC_OPTEE. It should still be possible
to load another BL32 payload implementing a SPMC, provided that entry
point is the same as load address, that is, BL32_BASE.
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Change-Id: Ie61dcd1ee564688baee1b575030e63dc2bb85121
Renamed a macro 'INVALID_ID' to 'EVLOG_INVALID_ID' to avoid its clash
with other macro names and to show it is explicitly used for Event
Log driver.
Change-Id: Ie4c92b3cd1366d9a59cd6f43221e24734865f427
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
When the console verbosity is at maximum, fconf_populate_arm_sp()
prints the UUID and load address of each secure partition. However,
the load address has not been retrieved yet at this point, which means
all partitions show a zero load address.
Move the trace after we have retrieved the SP's load address from the
device tree to make it more meaningful.
Change-Id: I58ef7df6c9107a433f61113cafd8f0855c468d40
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
sha 4ce3e99a3 introduced printf format specifiers for fixed width
types, which uses PRI*64 instead of "ll" for 64 bit values.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ic6811cc1788c698adde0807e5f8ab5290a900a26
sha 4ce3e99a3 introduced printf format specifiers for fixed width
types, which uses PRI*64 instead of "ll" for 64 bit variables.
Change-Id: I09a8d174694d4b170a6ef2e4a03df13adc829c00
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Use long instead of long long on aarch64 for 64_t stdint types.
Introduce inttypes.h to properly support printf format specifiers for
fixed width types for such change.
Change-Id: I0bca594687a996fde0a9702d7a383055b99f10a1
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
* changes:
feat(arm_fpga): write UART baud base clock frequency into DTB
feat(arm_fpga): query PL011 to learn system frequency
refactor(arm_fpga): move command line code into separate function
fix(fdt): avoid output on missing DT property
feat(arm_fpga): add ITS autodetection
feat(arm_fpga): determine GICR base by probing
feat(gicv3): introduce GIC component identification
feat(libfdt): also allow changing base address
fix(arm_fpga): avoid re-linking from executable ELF file
Correctly handle USB_DESC_TYPE_OTHER_SPEED_CONFIGURATION request
in USB driver and support a different result than
USB_DESC_TYPE_CONFIGURATION with the new optional ops
get_other_speed_config_desc().
The support of this descriptor is optionnal and is only
required when high-speed capable device which can operate at its
other possible speed.
This patch allows to remove the pbuf update in usb_core_get_desc()
and solves an issue on USB re-enumeration on STM32MP15 platform
as the result of get_config_desc() is a const array.
This issue is not see on normal use-case, as the USB enumeration
is only done in ROM code and TF-A reuse the same USB descritors.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I8edcc1e45065ab4e45d48f4bc37b49120674fdb0
Since we now autodetect the actual system frequency, which is also used
as the base for the UART baudrate generation, we should update the value
currently hard-coded in the DT. Otherwise Linux will reprogram the
divider using a potentially wrong base rate, which breaks the UART
output.
Find the DT node referenced by the UART node as the clock rate, and set
the "clock-frequency" property in that node to the detected system
frequency. This will let Linux reprogram the divider to the same value,
preserving the actual baudrate.
Change-Id: Ib5a936849f2198577b86509f032751d5386ed2f8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The Arm FPGAs run in mostly one clock domain, which is used for the CPU
cores, the generic timer, and also the UART baudrate base clock. This
single clock can have different rates, to compensate for different IP
complexity. So far most images used 10 MHz, but different rates start to
appear.
To avoid patching both the arch timer frequency and UART baud base fixed
clock in the DTB manually, we would like to set the clock rate
automatically. Fortunately the SCP firmware has the actual clock rate
hard coded, and already programs the PL011 UART baud divider register
with the correct value to achieve a 38400 bps baudrate.
So read the two PL011 baudrate divider values and re-calculate the
original base clock from there, to use as the arch timer frequency. If
the arch timer DT node contains a clock-frequency property, we use that
instead, to support overriding and disabling this autodetection.
Change-Id: I9857fbb418deb4644aeb2816f1102796f9bfd3bb
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The code dealing with finding the command line and inserting that into
the DTB is somewhat large, and drowns the other DT handlers in our
fpga_prepare_dtb() function.
Move that code into a separate function, to improve readability.
Change-Id: I828203c4bb248d38a2562fcb6afdefedf3179f8d
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Some FPGAs come with a GIC that has an ITS block configured. Since the
ITS sits between the distributor and redistributors, we can autodetect
that, and already adjust the GICR base address.
To also make this ITS usable, add an ITS node to our base DTB, and
remove that should we not find an ITS during the scan for the
redistributor. This allows to use the same TF-A binary for FPGA images
with or without an ITS.
Change-Id: I4c0417dec7bccdbad8cbca26fa2634950fc50a66
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
When an Arm Ltd GIC (Arm GIC-[567]00) is instantiated with one or more
ITSes, the ITS MMIO frames appear between the distributor and
redistributor addresses. This makes the beginning of the redistributor
region dependent on the existence and number of ITSes.
To support various FPGA images, with and without ITSes, probe the
addresses in question, to learn whether they accommodate an ITS or a
redistributor. This can be safely done by looking at the PIDR[01]
registers, which contain an ID code for each region, documented in the
Arm GIC TRMs.
We try to find all ITSes instantiated, and skip either two or four 64K
frames, depending on GICv4.1 support. At some point we will find the
first redistributor; this address we then update in the DTB.
Change-Id: Iefb88c2afa989e044fe0b36b7020b56538c60b07
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
For platforms where we don't know the number of cores at compile time,
the size of the GIC redistributor frame is then also undetermined, since
it depends on this number of cores.
On top of this the GICR base address can also change, when an unknown
number of ITS frames (including zero) take up space between the
distributor and redistributor.
So while those two adjustments are done for independent reasons, the
code for doing so is very similar, so we should utilise the existing
fdt_adjust_gic_redist() function.
Add an (optional) gicr_base parameters to the prototype, so callers can
choose to also adjust this base address later, if needed.
Change-Id: Id39c0ba83e7401fdff1944e86950bb7121f210e8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
When we build the convenience firmware package file for the Arm FPGA
boards (bl31.axf), we combine trampolines, the DTB and the actual BL31
code into one ELF file, which is more a "container with load addresses"
than an actual executable. So far ld was fine with us using bl31.elf as
an input file, but binutils 2.35 changed that and complains about
taking an *executable* ELF file as in *input* to the linker:
-----------------
aarch64-none-elf-ld.bfd: cannot use executable file 'build/arm_fpga/debug/./bl31/bl31.elf' as input to a link
-----------------
Fortunately we don't need the actual BL31 ELF file for *that* part of
the linking, so can use the just created bl31.bin binary version of it.
Actually that shrinks the file, as we needlessly included the .BSS
section in the final file before.
Using the binary works with both older and newer toolchains versions, so
let's do this unconditionally.
Change-Id: Ib7e697f8363499123f7cb860f118f182d0830768
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Replace double space with single space in stm32cubeprogrammer_usb.c.
Change-Id: I717b136119e85fe8e25dd540758525f995200458
Signed-off-by: Yann Gautier <yann.gautier@st.com>
* changes:
feat(plat/st/stm32mp1): add STM32MP_USB_PROGRAMMER target
feat(plat/st/stm32mp1): add USB DFU support for STM32MP1
feat(plat/st): add STM32CubeProgrammer support on USB
feat(drivers/st/usb): add device driver for STM32MP1
feat(plat/st): add a USB DFU stack
feat(drivers/usb): add a USB device stack
Add a support of USB as serial boot devices for STM32MP15x platform:
the FIP file is provide by STM32CubeProgrammer with the DFU protocol,
loaded in DDR at DWL_BUFFER_BASE address and then the io memmap is used.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I272c17c458ff1e9d0780f8fa22330c8a35533d19
Add the USB descriptor, the struct used for USB enumeration with
the function usb_dfu_plat_init().
The USB support is based on the usb lib and on the stm32mp1 usb driver.
The content of enumeration (the string descriptor) is identical to
ROM code to avoid the USB reset en re-enumeration needs.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I18b40649e8df83813a5a340b0eee44c9a3470e43
Add a file to support over USB the STMicroelectronics tool
STM32CubeProgrammer in BL2 for STM32MP15x platform.
This tools is based on DFU stack.
Change-Id: I48a8f772cb0e9b8be24c06847f724f0470c0f917
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Add a stack to support the Universal Serial Bus Device Class
Specification for Device Firmware Upgrade (USB DFU v1.1).
This stack is based on the USB device stack (USBD).
Change-Id: I8a56411d184882b6a9e3617c6dfb859086b8f353
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
This patch removes files that are not used by TF-R as well as
removes unused generic files from the TF-R makefile.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Idb15ac295dc77fd38735bf2844efdb73e6f7c89b
This change essentially reverts [1] by removing the BL31 workaround
forcing the dtb address when Hafnium is loaded as an Hypervisor.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/9569
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I302161d027261448113c66b7fafa9c11620b54ef
This change enables MPMM and adds, to the TC firmware configuration
device tree, the AMU counters representing the "gears" for the
Maximum Power Mitigation Mechanism feature of the Cortex-X2,
Cortex-A710 and Cortex-A510:
- Gear 0: throttle medium and high bandwidth vector and viruses.
- Gear 1: throttle high bandwidth vector and viruses.
- Gear 2: throttle power viruses only.
This ensures these counters are enabled and context-switched as
expected.
Change-Id: I6df6e0fe3a5362861aa967a78ab7c34fc4bb8fc3
Signed-off-by: Chris Kay <chris.kay@arm.com>
Including the FCONF Makefile today automatically places the FCONF
sources into the source list of the BL1 and BL2 images. This may be
undesirable if, for instance, FCONF is only required for BL31.
This change moves the BL1 and BL2 source appends out of the common
Makefile to where they are required.
BREAKING CHANGE: FCONF is no longer added to BL1 and BL2 automatically
when the FCONF Makefile (`fconf.mk`) is included. When including this
Makefile, consider whether you need to add `${FCONF_SOURCES}` and
`${FCONF_DYN_SOURCES}` to `BL1_SOURCES` and `BL2_SOURCES`.
Change-Id: Ic028eabb7437ae95a57c5bcb7821044d31755c77
Signed-off-by: Chris Kay <chris.kay@arm.com>
This has been introduced to simplify dependencies on the FDT wrappers.
We generally want to avoid pulling in components on a file-by-file
basis, particularly as we are trying to draw conceptual boxes around
components in preparation for transitioning the build system to CMake,
where dependencies are modelled on libraries rather than files.
Signed-off-by: Chris Kay <chris.kay@arm.com>
Change-Id: Idb7ee05a9b54a8caa3e07f36e608867e20b6dcd5
Increase `PLAT_ARM_MAX_BL2_SIZE` to 128KiB for the primary chip to
accommodate debug builds with log level set to verbose
(LOG_LEVEL=LOG_LEVEL_VERBOSE).
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I9dc835430f61b0d0c46a75f7a36d67f165293c8c
This patch changes Cortex Demeter to Neoverse Demeter.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I7306d09ca60e101d0a96c9ceff9845422d75c160
This patch adds the basic CPU library code to support the Hunter CPU
in TF-A. This CPU is based on the Makalu core so that library code
was adapted as the basis for this patch.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I956b2dc0f43da7cec3e015252392e2694363e1b3
'#' needs to be before TAB, otherwise comment is printed on stdout during build.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I502374ef35d91e194dc35b78d31d6884a466fab2
* changes:
feat(plat/rcar): change process for Suspend To RAM
fix(plat/rcar): change process that copy code to system ram
fix(plat/rcar): fix cache maintenance process of reading cert header
fix(plat/rcar): fix to load image when option BL2_DCACHE_ENABLE is enabled
- Added the function rcar_pwr_domain_pwr_down_wfi() for power down process.
And change the sequence to power down.
- Removed clearing the count of psci_locks (PSCI exclusive lock) during
Warm Boot.
Signed-off-by: Koichi Yamaguchi <koichi.yamaguchi.zb@hitachi.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: I684d54a798a6dccde15fbebe16c6e104cbb470ed
We need to add #include <arch.h> to platform_def.h to fix MODE_RW_64
undeclared.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Change-Id: I358bc6644243a7ea1befd87f946b4087feddd857
Audio DSP is power-off when system suspend. Remove it from
wakeup source list to prevent unnecessary wakeup.
Signed-off-by: Edward-JW Yang <edward-jw.yang@mediatek.corp-partner.google.com>
Change-Id: Id7251de9c8b9c9a4a4b2c41a310168d336035b9a
assert() is not used in release mode and complaining about unused
variable "desc".
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib919eb27532344a25be0b6ece7e239efa87be744
This change adds just comments why some checks are required. They check
that ENV variables and external repos are correctly set for TF-A builds.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I2f8af5061411c0c92d3875917f4d97b60dc2cf10
The qti sc7280 platform uses the pmk7325 PMIC, which has the same
functionality as the pm8998 driver, with the exception of the LC
PON register offsets, which are defined as:
Since it is nearly identical to the pm8998 driver, moving the above
register offset definitions to platform_def.h for the respective SoC
and reusing the rest of the functions defined in the pm8998 driver.
Renaming pm8998 driver to pm_ps_hold to make it more generic.
Change-Id: I0dda3a54579e0bbdd42c247405362a86d0607478
Signed-off-by: Shelley Chen <shchen@chromium.org>
Made measurement strings compliant to Server Base Security Guide
(SBSG, Arm DEN 0086) hence updated measurement strings for BL32, BL31,
and SCP_BL2 images. As the GPT image is not get measured by BL2 so
removed its measurement string.
Also, namespaced measurement string defines that were looking quite
generic.
Change-Id: Iaa17c0cfeee3d06dc822eff2bd553da23bd99b76
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Introduced functions to set and get Event log information
(tpm_event_log address and its size).
In FVP platform case, measured boot with Event Log backend flow
work as below
1. event_log_init function called by BL1 to initialize Event Log
module
2. arm_set_tb_fw_info function called by BL1 to set the
'tpm_event_log_addr' and 'tpm_event_log_size' properties
in tb_fw_config
3. arm_get_tb_fw_info function called by BL2 to get tpm Event Log
parameters set by BL1. These parameters used by the BL2 to
extend the tpm Event Log records, and use these parameters
to initialize Event Log using event_log_init function
4. arm_set_nt_fw_info and arm_set_tos_fw_info function called by
BL2 to set 'tpm_event_log' address and its size properties in
nt_fw_config and tos_fw_config respectively
Alongside, this patch created a separate instances of plat_mboot_init
and plat_mboot_finish APIs for BL1 and BL2.
This patch is tested using the existing measured boot test configuration
in jenkins CI.
Change-Id: Ib9eca092afe580df014541c937868f921dff9c37
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Making tb_fw_config ready to pass the Event Log base address
and size information to BL2.
Change-Id: I5dd0e79007e3848b5d6d0e69275a46c2e9807a98
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
It looks safer and cleaner approach to record the measurement taken by
BL1 straightaway in TCG Event Log instead of deferring these recordings
to BL2.
Hence pull in the full-fledged measured boot driver into BL1 that
replaces the former ad-hoc platform interfaces i.e.
bl1_plat_set_bl2_hash, bl2_plat_get_hash.
As a result of this change the BL1 of Arm FVP platform now do the
measurements and recordings of below images:
1. FW_CONFIG
2. TB_FW_CONFIG
3. BL2
Change-Id: I798c20336308b5e91b547da4f8ed57c24d490731
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Currently, the Event Log driver does platform layer work by invoking
a few platform functions in the 'event_log_finalise' call. Doing
platform work does not seem to be the driver's responsibility, hence
moved 'event_log_finalise' function's implementation to the platform
layer.
Alongside, introduced few Event Log driver functions and done
some cosmetic changes.
Change-Id: I486160e17e5b0677c734fd202af7ccd85476a551
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Subsequent patches will provide a solution to do the BL2 hash measurement
and recording in BL1 itself, hence in preparation to adopt that solution
remove the logic of passing BL2 hash measurement to BL2 component
via TB_FW config.
Change-Id: Iff9b3d4c6a236a33b942898fcdf799cbab89b724
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Right now, event_log_init() does 2 things:
1) It writes all the necessary TCG data structures in the event log buffer.
2) It writes the first measurement (BL2's).
Step 2) introduces in the TCG event log driver an assumption on what
is getting measured and in what order. Ideally, the driver should only
be concerned about generic operations, such as initializing the event
log or recording a measurement in it. As much as possible, we should
design the driver such that it could be reused in another project that
has a different measure boot flow.
For these reasons, move step 2) up to the caller, plat_mboot_init() in
this case. Make event_log_record() a public function for this purpose.
This refactoring will also help when we make BL1 record BL2's
measurement into the event log (instead of BL2). Both BL1 and BL2 will
need to call the driver's init function but only BL1 will need
recording BL2's measurement. We can handle this through different
implementations of plat_mboot_init() for BL1 and BL2, leaving the TCG
event log driver unchanged.
Change-Id: I358e097c1eedb54f82b866548dfc6bcade83d519
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Right now, the assumption is that the platform post-load hook takes
care of measuring the image that just got loaded. This is how it's
implemented on FVP.
This patch moves the measurement into the generic code
instead. load_auth_image() now calls plat_mboot_measure_image(),
which is a new platform interface introduced in this patch to measure
an image. This is called just after authenticating the image.
Implement plat_mboot_measure_image() for the Arm FVP platform. The code
is copied straight from the post-load hook.
As a result, the FVP specific implementation of
arm_bl2_plat_handle_post_image_load() is no longer needed. We can go
back to using the Arm generic implementation of it.
Change-Id: I7b4b8d28941a865e10af9d0eadaf2e4850942090
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
With the removal of the generic functions measured_boot_init()/finish(),
measured_boot.mk becomes specific to the TCG event log backend. Change
its file name to event_log.mk.
Also, the Event Log driver is one of the backend of measured boot hence
created a separate folder for it under the measured_boot directory.
Alongside done some cosmetic changes (adding a comment and fixing
identation).
Change-Id: I4ce3300e6958728dc15ca5cced09eaa01510606c
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Right now, the measured boot driver is strongly coupled with the TCG
event log driver. It would not be possible to push the measurements
somewhere else, for instance to a physical TPM.
To enable this latter use case, turn the driver's init and teardown
functions into platform hooks. Call them bl2_plat_mboot_init()/finish().
This allows each platform to implement them appropriately, depending on
the type of measured boot backend they use. For example, on a platform
with a physical TPM, the plat_mboot_init() hook would startup the TPM
and setup it underlying bus (e.g. SPI).
Move the current implementation of the init and teardown function to the
FVP platform layer.
Finally move the conditional compilation logic (#if MEASURED_BOOT) out
of bl2_main() to improve its readability. Provide a dummy implementation
in the case measured boot is not included in the build.
Change-Id: Ib6474cb5a9c1e3d4a30c7f228431b22d1a6e85e3
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
tpm_record_measurement() function name suggests that:
- It only records a measurement but does not compute it.
This is not the case, the function does both.
- It stores this measurement into a TPM (discrete chip or fTPM).
This is not the case either, the measurement is just stored into
the event log, which is a data structure hold in memory, there is
no TPM involvement here.
To better convey the intent of the function, rename it into
event_log_measure_and_record().
Change-Id: I0102eeda477d6c6761151ac96759b31b6997e9fb
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Use low to high gpio sequence to reboot/shutdown qemu machine.
Use low to high gpio pins level change which will cause an interrupt
in qemu virt platform. This change will supported with next qemu 6.1
release once patchset:
hw/arm: Make virt board secure powerdown/reset work
will be merged.
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
CC: Peter Maydell <peter.maydell@linaro.org>
Change-Id: I70979517358c3b587722b2dcb33f63d29bf79d9b
Add support for Globalscale MOCHAbin board.
Its based on Armada 7040 SoC and ships in multiple DRAM options:
* 2GB DDR4 (1CS)
* 4GB DDR4 (1CS)
* 8GB DDR4 (2CS)
Since it ships in multiple DRAM configurations, an
Armada 3k style DDR_TOPOLOGY variable is added.
Currently, this only has effect on the MOCHAbin, but
I expect more boards with multiple DRAM sizes to be
supported.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Change-Id: I8a1ec9268fed34f6a81c5cbf1e891f638d461305
In order to enable OCRAM ECC, it need to be initialized
with 64-bit writes and then a write performed to address
0x0010_0534 with the value 0x0000_0008.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Id7d4f5df65ca52f24e9251c08a75ad2006451b95
Fix the error that no "gpio_init_data" is defined when
build with "FUSE_PROG=1".
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I0ba8005725fe33c6d8e68b4d52539f5d5d749f1a
