This patch makes the necessary changes to enable ARM platform to
successfully integrate CryptoCell during Trusted Board Boot. The
changes are as follows:
* A new build option `ARM_CRYPTOCELL_INTEG` is introduced to select
the CryptoCell crypto driver for Trusted Board boot.
* The TrustZone filter settings for Non Secure DRAM is modified
to allow CryptoCell to read this memory. This is required to
authenticate BL33 which is loaded into the Non Secure DDR.
* The CSS platforms are modified to use coherent stacks in BL1 and BL2
when CryptoCell crypto is selected. This is because CryptoCell makes
use of DMA to transfer data and the CryptoCell SBROM library allocates
buffers on the stack during signature/hash verification.
Change-Id: I1e6f6dcd1899784f1edeabfa2a9f279bbfb90e31
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
For rk3399, the L2ACTLR[14] is 0 by default, as ACE CCI-500 doesn't
support WriteEvict. and you will hit the condition L2ACTLR[3] with 0,
as the Evict transactions should propagate to CCI-500 since it has
snoop filters.
Maybe this erratum applies to all Cortex-A53 cores so far, especially
if RK3399's A53 is a r0p4. we should enable it to avoid data corruption,
Change-Id: Ib86933f1fc84f8919c8e43dac41af60fd0c3ce2f
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
A recent commit 030567e6f5 added U()/ULL()
macro to TF constants. This has caused some signed-unsigned comparison
warnings / errors in the TF static analysis.
This patch addresses these issues by migrating impacted variables from
signed ints to unsigned ints and vice verse where applicable.
Change-Id: I4b4c739a3fa64aaf13b69ad1702c66ec79247e53
Signed-off-by: David Cunado <david.cunado@arm.com>
On Juno AArch32, the L2 cache may contain garbage after the warm reset
from AArch64 to AArch32. This is all fine until the MMU is configured
and the data caches enabled. To avoid fetching stale data from the L2
unified cache, invalidate it before the warm reset to AArch32 state.
Change-Id: I7d27e810692c02c3e83c9f31de67f6bae59a960a
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Before BL2 loads the SCP ram firmware, `SCP_BOOT_CFG_ADDR` specifies
the primary core. After the SCP ram firmware has started executing,
`SCP_BOOT_CFG_ADDR` is modified. This is not normally an issue but
the Juno AArch32 boot flow is a special case. BL1 does a warm reset
into AArch32 and the core jumps to the `sp_min` entrypoint. This is
effectively a `RESET_TO_SP_MIN` configuration. `sp_min` has to be
able to determine the primary core and hence we need to restore
`SCP_BOOT_CFG_ADDR` to the cold boot value before `sp_min` runs.
This magically worked when booting on A53 because the core index was
zero and it just so happened to match with the new value in
`SCP_BOOT_CFG_ADDR`.
Change-Id: I105425c680cf6238948625c1d1017b01d3517c01
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
For some reason, HDCP key decrytion can't open source in ATF, so we
build it as hdcp.bin. Besides declare the handler for decrypting.
Change-Id: Ia67ff2442ab43cb3ee4875b3d59cc1608e854b4b
Signed-off-by: Ziyuan Xu <xzy.xu@rock-chips.com>
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
Use TF_CFLAGS instead of CFLAGS, to allow CFLAGS to be overriden from
the make command line.
Change-Id: I3e5726c04bcd0176f232581b8be2c94413374ac7
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
These errata are only applicable to AArch64 state. See the errata notice
for more details:
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.epm048406/index.html
Introduce the build options ERRATA_A53_835769 and ERRATA_A53_843419.
Enable both of them for Juno.
Apply the 835769 workaround as following:
* Compile with -mfix-cortex-a53-835769
* Link with --fix-cortex-a53-835769
Apply the 843419 workaround as following:
* Link with --fix-cortex-a53-843419
The erratum 843419 workaround can lead the linker to create new sections
suffixed with "*.stub*" and 4KB aligned. The erratum 835769 can lead the
linker to create new "*.stub" sections with no particular alignment.
Also add support for LDFLAGS_aarch32 and LDFLAGS_aarch64 in Makefile for
architecture-specific linker options.
Change-Id: Iab3337e338b7a0a16b0d102404d9db98c154f8f8
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
SPE is only supported in non-secure state. Accesses to SPE specific
registers from SEL1 will trap to EL3. During a world switch, before
`TTBR` is modified the SPE profiling buffers are drained. This is to
avoid a potential invalid memory access in SEL1.
SPE is architecturally specified only for AArch64.
Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Currently, ROTPK_NOT_DEPLOYED flag is set in plat_get_rotpk_info().
It is up to users how to retrieve ROTPK if the ROT verification is
desired. This is not nice.
This commit improves plat_get_rotpk_info() implementation and automates
the ROTPK deployment. UniPhier platform has no ROTPK storage, so it
should be embedded in BL1/BL2, like ARM_ROTPK_LOCATION=devel_rsa case.
This makes sense because UniPhier platform implements its internal ROM
i.e. BL1 is used as updatable pseudo ROM.
Things work like this:
- ROT_KEY (default: $(BUILD_PLAT)/rot_key.pem) is created if missing.
Users can override ROT_KEY from the command line if they want to
use a specific ROT key.
- ROTPK_HASH is generated based on ROT_KEY.
- ROTPK_HASH is included by uniphier_rotpk.S and compiled into BL1/BL2.
- ROT_KEY is input to cert_create tool.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
On ARM platforms before exiting from SP_MIN ensure that
the default console is switched to the runtime serial port.
Change-Id: I0ca0d42cc47e345d56179eac16aa3d6712767c9b
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
With GCC 6.2 compiler, more C undefined behaviour is being flagged as
warnings, which result in build errors in ARM TF build.
This patch addresses issue caused by enums with values that exceed
maximum value for an int. For these cases the enum is converted to
a set of defines.
Change-Id: I5114164be10d86d5beef3ea1ed9be5863855144d
Signed-off-by: David Cunado <david.cunado@arm.com>
The patch fb7d32e588 migrated the CPU
libraries to have unique defines, prefixing them with the CPU name.
This patch migrates the hikey960 platform port to use the A53 specific
defines.
Change-Id: Id76f544b0b236bbd4974ab5ffa1203f073c20021
Signed-off-by: David Cunado <david.cunado@arm.com>
In CPU off callback function, the old code uses the function
hisi_test_pwrdn_allcores() to check if all CPUs in cluster have been
powered off and if it's valid then power off the whole cluster. But the
function hisi_test_pwrdn_allcores() only maintains the different power
states only for CPU suspend/resume flow, so it cannot return correct
states for CPU on/off flow.
This patch is to change use hisi_test_cpu_down() to check if all CPUs
have been powered off, so that can power off the whole cluster properly
when all CPUs in cluster have been hotplugged off.
Signed-off-by: Tao Wang <kevin.wangtao@hisilicon.com>
Signed-off-by: Leo Yan <leo.yan@linaro.org>
The ARM_PLAT_MT bit enables the support for MT bit in
MPIDR format. This means that the level 0 affinity
represents the thread and CPU / Cluster levels are
at affinity level 1 and 2 respectively.
This was not catered for in the scpi 'css_scp_get_power_state, API.
Since the SCPI driver can only cater for single threaded CPUs,
this patch fixes the problem by catering for this shift by
effectively ignoring the Thread (level 0) affinity level.
Change-Id: If44f55c9fb2773c8d3f8a9bbcf5420a6f7409dfe
Signed-off-by: jagadeesh ujja <jagadeesh.ujja@arm.com>
Main fixes:
* Added explicit casts (e.g. 0U) to integers in order for them to be
compatible with whatever operation they're used in [Rule 10.1]
* Force operands of an operator to the same type category [Rule 10.4]
* Added curly braces ({}) around if/while statements in order to
make them compound [Rule 15.6]
* Added parentheses [Rule 12.1]
* Voided non C-library functions whose return types are not used [Rule 17.7]
Change-Id: I91404edec2e2194b1ce2672d2a3fc6a1f5bf41f1
Signed-off-by: Anthony Zhou <anzhou@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Main fixes:
* Include header file for function declarations [Rule 8.4]
* Move global object into function [Rule 8.9]
Change-Id: I1bc9f3f0ebd4ffc0b8444ac856cd97b0cb56bda4
Signed-off-by: Anthony Zhou <anzhou@nvidia.com>
Main fixes:
* Use int32_t replace int, use uint32_t replace unsign int [Rule 4.6]
* Added explicit casts (e.g. 0U) to integers in order for them to be
compatible with whatever operation they're used in [Rule 10.1]
* Force operands of an operator to the same type category [Rule 10.4]
* Fixed assert/if statements conditions to be essentially boolean [Rule 14.4]
* Added curly braces ({}) around if statements in order to
make them compound [Rule 15.6]
* Convert macros form headers to unsigned ints
Change-Id: I8051cc16499cece2039c9751bd347645f40f0901
Signed-off-by: Anthony Zhou <anzhou@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Main fixes:
* Added explicit casts (e.g. 0U) to integers in order for them to be
compatible with whatever operation they're used in [Rule 10.1]
* Convert object type to match the type of function parameters
[Rule 10.3]
* Added curly braces ({}) around if statements in order to
make them compound [Rule 15.6]
* Expressions resulting from the expansion of macro parameters
shall be enclosed in parentheses[Rule 20.7]
Change-Id: I5cf83caafcc1650b545ca731bf3eb8f0bfeb362b
Signed-off-by: Anthony Zhou <anzhou@nvidia.com>
Main fixes:
* Fixed if/while statement conditional to be essentially boolean [Rule 14.4]
* Added curly braces ({}) around if/for/while statements in order to
make them compound [Rule 15.6]
* Added explicit casts (e.g. 0U) to integers in order for them to be
compatible with whatever operation they're used in [Rule 10.1]
Change-Id: Ic72b248aeede6cf18bf85051188ea7b8fd8ae829
Signed-off-by: Anthony Zhou <anzhou@nvidia.com>
This patch moves the GPU reset state check, during VideoMem resize, to the
common SiP handler, to reduce code duplication.
Change-Id: I3818c5f104b809da83dc2a61d6a8149606f81c13
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch fixes the logic to check if the command written to the
MC_CLIENT_HOTRESET_CTRLx registers, was accepted by the hardware module.
Change-Id: If94fff9424555cb4688042eda17b4b20f4eb399a
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds explicit casts (U(x)) to integers in the tegra_def.h
headers, to make them compatible with whatever operation they're used
in [MISRA-C Rule 10.1]
Change-Id: Ic5fc611aad986a2c6e6e6f625e0753ab9b69eb02
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch makes all the defines in the CPU libraries unique,
by prefixing them with the CPU name.
NOTE: PLATFORMS USING THESE MACROS WILL HAVE TO UPDATE THEIR CODE
TO START USING THE UPDATED NAMES
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch enables the 'sign-compare' flag, to enable warning/errors
for comparisons between signed/unsigned variables. The warning has
been enabled for all the Tegra platforms, to start with.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Since the type of ADC value is always unsigned int, don't
need to check the value with negative value.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Initial commit for Socionext UniPhier SoC support. BL1, Bl2, and
BL31 are supported. Refer to docs/plat/socionext-uniphier.md for
more detais.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The 'impl' variable is guarded by the symbol DEBUG, but used in an INFO
level print statement. INFO is defined based on LOG_LEVEL. Hence, builds
would fail when
- DEBUG=0 && LOG_LEVEL>=LOG_LEVEL_INFO with a variable used but not defined
- DEBUG=1 && LOG_LEVEL<LOG_LEVEL_INFO with a variable defined but not used
Fixing this by guarding impl with the same condition that guards INFO.
FixesARM-software/tf-issues#490
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
unlike rk3399 and rk3368, there are some rockchip 64bit SOC
do not have CPUPD, and pmu_cpuson_entrypoint() is common
function for rockchip platform, so we need to check wakeup
cpu when resume.
Change-Id: I6313e8a9d7c16b03e033414f0cb281646c2159ff
Signed-off-by: Lin Huang <hl@rock-chips.com>
with PMU_PERILP_PD_EN bit enable, the soc will shutdown
cm0, crypto, dcf, imem(normal SRAM), dmac, bootrom, efuse_con,
spi, i2c, uart, saradc, tsadc when suspend, we have M0 code
need to run when suspend in normal SRAM, so we need to take
care of that.
Change-Id: I8c066637e5b81d4b1d53197450b9d592cbe00793
Signed-off-by: Lin Huang <hl@rock-chips.com>
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
This moves the DRAM restore code to PMUSRAM. This is so that the
voltage domain that contains the SRAM that it was stored in before may
be turned off during system suspend.
Change-Id: Id761181a30caadd12f1ce061d1034f3159a76d28
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
This converts two functions to use for-loops. This saves a bit of
space to help moving DRAM resume code to PMUSRAM.
Change-Id: Ie6ca490cf50c2ec83335cf1845b337c3e8a47496
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
The removed if statement would make the same check that the for loop
it is in does to break out of the for loop, so it doesn't make any
sense to keep it there.
Change-Id: I819c29f9182e6de1fc47e418aed15ad38e8f9fa9
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
This removes the mmio_... function calls to set the multicast bit for
the PHY registers when overriding the write leveling values. These are
not needed since multicast is set by default when calling the
function, and it's also better not to leave the side effect of
disabling multicast when exiting the function.
Change-Id: I83e089a2a2d55268b3832f36724c3b2c4be81082
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
This removes the phy_dll_bypass_set function as it is unneeded. The
values that function sets are saved during suspend, so the proper
values will be restored on resume.
Change-Id: I17542206c56e639ce8cb6375233145167441d4e2
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
This removes the space allocation for the unused PHY register space.
For instance in PHY registers 0-127, only 0-90 are used, so don't save
the 91-127 registers. This saves about 1.6KB of space.
Change-Id: I0c9f6d9bed8f0c1f3b8b805dfb10cf0c06208919
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
the function pmu_cpuon_entrypoint() need to run in the pmusram,
we just copy bin file to pmusram before, now we add pmusram section
and link pmu_cpuon_entrypoint() to pmusram directly
Change-Id: Iae31e4c01c480c8e6f565a8f588332b478efdb16
Signed-off-by: Lin Huang <hl@rock-chips.com>
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
The differential signal of DQS need keep low level
before gate training. It need enable RPULL and disable
PHY side ODT to ensure it when do gate training.
But it can not access the PHY registers to do it when
perform DFS.So the workaroud as below: It is ensure that
the PHY's read gate is landing somewhere in the incoming
DQS's pulses before it starts searching for pre-amble window.
It need get the rddqs_delay_ps to calculate the start point
of gate training for DFS.
Change-Id: I79eabcf4ec9a9c8f4539f68a51f22afba49c72fe
Signed-off-by: Lin Huang <hl@rock-chips.com>
Support BL31 on HiKey960 platform. Implement PSCI.
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
BL2 loads MCU firmware & BL31 on hikey960 platform. The MCU firmware
is used to implement low power feature.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Support BL1 on HiKey960 platform. When recovery mode is detected,
BL1 loads NS BL1U that flushs images into UFS. When normal boot
mode is detected, BL1 loads BL2.
Fix for https://github.com/ARM-software/tf-issues/issues/486
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
This patch adds the memory map region for the SCMI payload memory
and maps the Juno core indices to SCMI power domains via the
`plat_css_core_pos_to_scmi_dmn_id_map` array.
Change-Id: I0d2bb2a719ff5b6a9d8e22e91e1625ab14453665
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch adds the SCMI driver for communicating with SCP. The power
domain management and system power management protocol of the SCMI
specification[1] is implemented in the driver. The SCP power management
abstraction layer for SCMI for CSS power management is also added.
A new buid option `CSS_USE_SCMI_DRIVER` is introduced to select SCMI
driver over SCPI.
[1] ARM System Control and Management Interface v1.0 (SCMI)
Document number: ARM DEN 0056A
Change-Id: I67265615a17e679a2afe810b9b0043711ba09dbb
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
ARM GIC-600 IP complies with ARM GICv3 architecture, but among others,
implements a power control register in the Redistributor frame. This
register must be programmed to mark the frame as powered on, before
accessing other registers in the frame. Rest of initialization sequence
remains the same.
The driver provides APIs for Redistributor power management, and
overrides those in the generic GICv3 driver. The driver data is shared
between generic GICv3 driver and that of GIC-600.
For FVP platform, the GIC-600 driver is chosen when FVP_USE_GIC_DRIVER
is set to FVP_GIC600. Also update user guide.
Change-Id: I321b2360728d69f6d4b0a747b2cfcc3fe5a20d67
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Both Cortex-A75 and Cortex-A55 CPUs use the ARM DynamIQ Shared Unit
(DSU). The power-down and power-up sequences are therefore mostly
managed in hardware, and required software operations are considerably
simpler.
Change-Id: I68b30e6e1ebe7c041d5e67f39c59f08575fc7ecc
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch is to enable CPU suspend/resume and system level's
suspend/resume; also enable system power off state.
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
The cluster 0 doesn't rely on PSCI to enable it; so enable CCI port
for cluster 0 in BL31 platform setup flow.
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Fix for CPU topology so present the CPU core numbers for two clusters;
Base on this fixing, the PSCI can maintain correct power states.
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Support BL31 and PSCI. Enable multiple cores in PSCI.
Change-Id: I66c39e1e9c4c45ac41a0142ed2070d79a3ac5ba3
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Signed-off-by: Dan Handley <dan.handley@arm.com>
BL2 is used to load BL31 and SCP_BL2. In HiKey platform, SCP_BL2
is the mcu firmware that is used to scale cpu frequency and switch
low power mode.
Change-Id: I1621aa65bea989fd125ee8502fd56ef72362bf97
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Signed-off-by: Dan Handley <dan.handley@arm.com>
Initialize regulators, pins and eMMC in BL1. Only SRAM could be used in BL1.
So BL2 will be loaded from eMMC into SRAM later.
Change-Id: I8e7ef82ffa29a3c647c9d2d2981e8759ee85d833
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Signed-off-by: Dan Handley <dan.handley@arm.com>
Since ARM_DRAM2_BASE is above the 32-bit limit, the condition
is always false. Wrap this condition in an ifndef to avoid
warnings during compilation.
Change-Id: Ideabb6c65de6c62474ed03eb29df4b049d5316be
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
This function was removed long ago. Remove remaining
pragma reference.
Change-Id: I66c556863d47dc17d2ffdc6c23aa524df6aade80
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
The default case is impossible to hit as the `power_level`
is already checked earlier. Avoids a clang warning.
Change-Id: I707463c843adc748ee9aa1d2313f9ab7dab3a8ab
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
This options enables an implementation of SHA-256 that has a smaller
code footprint (~1.6 KB less) but is also ~30% slower. For ARM
platforms, code size is currently considered more important than
execution speed in the mbed TLS crypto module.
Added a small note about this option to the documentation of the
authentication framework.
Change-Id: I4c0b221ea5d3466465261316ba07b627fa01b233
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The header tbbr_oid.h contains OIDs obtained by ARM Ltd.
so there is no good reason to use platform_oid.h
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Platforms aligned with TBBR are supposed to use their own OIDs, but
defining the same macros with different OIDs does not provide any
value (at least technically).
For easier use of TBBR, this commit allows platforms to reuse the OIDs
obtained by ARM Ltd. This will be useful for non-ARM vendors that
do not need their own extension fields in their certificate files.
The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h
Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by
defining USE_TBBR_DEFS as 1. USE_TBBR_DEFS is 0 by default to keep the
backward compatibility.
For clarification, I inserted a blank line between headers from the
include/ directory (#include <...>) and ones from a local directory
(#include "..." ).
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The commit abd2aba99e introduced a
regression to the AArch32 sp_min Juno build. This patch fixes that.
Change-Id: I4b141717684d6aee60c761ea17f23170aa6708c3
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Add support for firmware upgrade on AArch32.
This patch has been tested on the FVP models.
NOTE: Firmware upgrade on Juno AArch32 is not currently supported.
Change-Id: I1ca8078214eaf86b46463edd14740120af930aec
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Co-Authored-By: Yatharth Kochar <yatharth.kochar@arm.com>
This patch adds `TRUSTED_BOARD_BOOT` support for AArch32 mode.
To build this patch the "mbedtls/include/mbedtls/bignum.h"
needs to be modified to remove `#define MBEDTLS_HAVE_UDBL`
when `MBEDTLS_HAVE_INT32` is defined. This is a workaround
for "https://github.com/ARMmbed/mbedtls/issues/708"
NOTE: TBBR support on Juno AArch32 is not currently supported.
Change-Id: I86d80e30b9139adc4d9663f112801ece42deafcf
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Co-Authored-By: Yatharth Kochar <yatharth.kochar@arm.com>
A previous patch superseded the MBEDTLS_KEY_ALG. This patch updates
the ARM platforms to use the new TF_MBEDTLS_KEY_ALG define.
Change-Id: Ie0e1bc272e127e879ac58e7cfcbe268751d7688e
Signed-off-by: David Cunado <david.cunado@arm.com>
For SoCs T132 and T210, the header file 'platform_def.h' used to include
'tegra_def.h' and vice versa. This patch breaks this circular dependency
by making 'tegra_def.h' independent.
Change-Id: I45a00a84e6ab8b93d5e9242a9ff65f03e9102a96
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
We used to have the following circular dependency in the FVP platform
header files:
+-> arm_def.h ---> platform_def.h ---> fvp_def.h --+
|__________________________________________________|
This patch breaks it by not including 'arm_def.h' from 'fvp_def.h'.
Change-Id: I280d906559e3343dd38764029e77c0ea768b4fec
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
A new file added as part of arm-trusted-firmware#927 was missing the
SPDX license identifier - this patch adds the missing identifier.
Change-Id: Id1355f2bdca930b7e65bb54eff7e6c764ebb0d96
Signed-off-by: David Cunado <david.cunado@arm.com>
This reverts commit b6dcbf588a.
This function wasn't used when it was removed, but it is needed to
compile the new changes proposed for Rockchip platforms.
Change-Id: Ia5bfe1f8398e08431f96923e2f059a83e5cb78d4
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
In AArch64, privileged exception levels control the execution state
(a.k.a. register width) of the immediate lower Exception Level; i.e.
whether the lower exception level executes in AArch64 or AArch32 state.
For an exception level to have its execution state changed at run time,
it must request the change by raising a synchronous exception to the
higher exception level.
This patch implements and adds such a provision to the ARM SiP service,
by which an immediate lower exception level can request to switch its
execution state. The execution state is switched if the request is:
- raised from non-secure world;
- raised on the primary CPU, before any secondaries are brought online
with CPU_ON PSCI call;
- raised from an exception level immediately below EL3: EL2, if
implemented; otherwise NS EL1.
If successful, the SMC doesn't return to the caller, but to the entry
point supplied with the call. Otherwise, the caller will observe the SMC
returning with STATE_SW_E_DENIED code. If ARM Trusted Firmware is built
for AArch32, the feature is not supported, and the call will always
fail.
For the ARM SiP service:
- Add SMC function IDs for both AArch32 and AArch64;
- Increment the SiP service minor version to 2;
- Adjust the number of supported SiP service calls.
Add documentation for ARM SiP service.
FixesARM-software/tf-issues#436
Change-Id: I4347f2d6232e69fbfbe333b340fcd0caed0a4cea
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
To make software license auditing simpler, use SPDX[0] license
identifiers instead of duplicating the license text in every file.
NOTE: Files that have been imported by FreeBSD have not been modified.
[0]: https://spdx.org/
Change-Id: I80a00e1f641b8cc075ca5a95b10607ed9ed8761a
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Replace all instances of checks with the new macro.
Change-Id: I0eec39b9376475a1a9707a3115de9d36f88f8a2a
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch implements the handler to calculate the cluster and
system power states for the Tegra210 SoC. The power states
returned by this handler are used by the PSCI library to decide
cache maintenance operations - cluster v cpu.
Change-Id: I93e4139d4cd8a086b51f328e9a76e91428ebcdab
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch fixes the logic used to calculate the end of NS memory
aperture. The functions allows zero sized NS apertures as that is
a valid requirement for some use cases. e.g. VPR resize.
Change-Id: Ie966e0ea2f9c6888d21c38e734003704094b3720
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The video memory carveout has to be re-sized depending on the Video
content. This requires the NS world to send us new base/size values.
Before setting up the new region, we must zero out the previous memory
region, so that the video frames are not leaked to the outside world.
This patch adds the logic to zero out the previous memory carveout
region.
Change-Id: I471167ef7747154440df5c1a5e015fbeb69d9043
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Earlier, we were setting "System Suspend" as the power state for all system
states. This caused incorrect system state during a cluster power down.
This patch fixes this anomaly and sets the correct power state during a
cluster/system power down.
Change-Id: Ibd002930e0ae103e381e0a19670c3c4d057e7cb7
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds max retries for all ARI requests and asserts
if the ARI request is still busy.
Change-Id: I454ad9b557bb59e513e4c0c6f071275c87d0e07a
Signed-off-by: Steven Kao <skao@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds the Tegra micro-seconds controller to the
memory map. This allows us to use the delay_timer functionality.
Change-Id: Ia8b148a871949bfede539974cacbe0e93ec7e77c
Signed-off-by: Steven Kao <skao@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch moves the platform delay timer init to early BL31
platform setup, so that platforms can use the udelay/mdelay
routines in the early init code.
Change-Id: I6fe20b76176ea22589539c180c5b6f9d09eda8de
Signed-off-by: Steven Kao <skao@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
utils.h is included in various header files for the defines in it.
Some of the other header files only contain defines. This allows the
header files to be shared between host and target builds for shared defines.
Recently types.h has been included in utils.h as well as some function
prototypes.
Because of the inclusion of types.h conflicts exist building host tools
abd these header files now. To solve this problem,
move the defines to utils_def.h and have this included by utils.h and
change header files to only include utils_def.h and not pick up the new
types.h being introduced.
FixesARM-software/tf-issues#461
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
Remove utils_def.h from utils.h
This patch removes utils_def.h from utils.h as it is not required.
And also makes a minor change to ensure Juno platform compiles.
Change-Id: I10cf1fb51e44a8fa6dcec02980354eb9ecc9fa29
One assert depends on code that is conditionally compiled based on the
DEBUG define. This patch modifies the conditional inclusion of such code
so that it is based on the ENABLE_ASSERTIONS build option.
Change-Id: Ic5659a3db8632593b9d2e83dac6d30afd87c131d
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch enables the assert in the context save routine
by default, for all flavours of the build.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch changes the platform Makefile to set `ENABLE_ASSERTIONS` to
1 instead of the deprecated option `ASM_ASSERTION`. This also pulls in
C assertions in release mode.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
rk3328 is a Quad-core soc and Cortex-a53 inside!
This patch supports the following functions:
1、power up/off cpus
2、suspend/resume cpus
3、suspend/resume system
4、reset system
5、power off system
Change-Id: I60687058d13912c6929293b06fed9c6bc72bdc84
Signed-off-by: tony.xie <tony.xie@rock-chips.com>
The CSS power management layer previously allowed to suspend system
power domain level via both PSCI CPU_SUSPEND and PSCI SYSTEM_SUSPEND
APIs. System suspend via PSCI CPU_SUSPEND was always problematic to
support because of issues with targeting wakeup interrupts to
suspended cores before the per-cpu GIC initialization is done. This
is not the case for PSCI SYSTEM_SUSPEND API because all the other
cores are expected to be offlined prior to issuing system suspend and
PSCI CPU_ON explicit calls will be made to power them on. Hence the Juno
platform used to downgrade the PSCI CPU_SUSPEND request for system
power domain level to cluster level by overriding the default
`plat_psci_pm_ops` exported by CSS layer.
Given the direction the new CSS platforms are evolving, it is best to
limit the system suspend only via PSCI SYSTEM_SUSPEND API for all
CSS platforms. This patch makes changes to allow system suspend
only via PSCI SYSTEM_SUSPEND API. The override of `plat_psci_ops`
for Juno is removed.
Change-Id: Idb30eaad04890dd46074e9e888caeedc50a4b533
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch sanity checks the SMMU context created by the platform
code. The first entry contains the size of the array; which the
driver now verifies before moving on with the save.
This patch also fixes an error in the calculation of the size of
the context that gets copied to TZDRAM.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds support for SP_MIN on JUNO platform.
The changes include addition of AArch32 assembly files,
JUNO specific SP_MIN make file and miscellaneous changes
in ARM platform files to enable support for SP_MIN.
Change-Id: Id1303f422fc9b98b9362c757b1a4225a16fffc0b
Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Following steps are required to boot JUNO in AArch32 state:
1> BL1, in AArch64 state, loads BL2.
2> BL2, in AArch64 state, initializes DDR.
Loads SP_MIN & BL33 (AArch32 executable)images.
Calls RUN_IMAGE SMC to go back to BL1.
3> BL1 writes AArch32 executable opcodes, to load and branch
at the entrypoint address of SP_MIN, at HI-VECTOR address and
then request for warm reset in AArch32 state using RMR_EL3.
This patch makes following changes to facilitate above steps:
* Added assembly function to carry out step 3 above.
* Added region in TZC that enables Secure access to the
HI-VECTOR(0xFFFF0000) address space.
* AArch32 image descriptor is used, in BL2, to load
SP_MIN and BL33 AArch32 executable images.
A new flag `JUNO_AARCH32_EL3_RUNTIME` is introduced that
controls above changes. By default this flag is disabled.
NOTE: BL1 and BL2 are not supported in AArch32 state for JUNO.
Change-Id: I091d56a0e6d36663e6d9d2bb53c92c672195d1ec
Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
If there is a pending interrupt, it is possible for the AP to come out
of the final WFI before SCP has a chance to act on it. Prevent this
by disabling the GIC CPU interface before issuing a WFI.
Previously, SCP would not wait on WFI before taking an action but
would shut down the core or system regardless.
Change-Id: Ib0bcf69a515d540ed4f73c11e40ec7c863e39c92
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
The build option `ENABLE_ASSERTIONS` should be used instead. That way
both C and ASM assertions can be enabled or disabled together.
All occurrences of `ASM_ASSERTION` in common code and ARM platforms have
been replaced by `ENABLE_ASSERTIONS`.
ASM_ASSERTION has been removed from the user guide.
Change-Id: I51f1991f11b9b7ff83e787c9a3270c274748ec6f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch fixes the size used to save the context, when the
device enters System Suspend.
Reported by: David Cunado
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
ARM platforms have migrated to the translation tables library v2.
However, for testing purposes, it can be useful to temporarily switch
back to the old version.
This patch introduces the option `ARM_XLAT_TABLES_LIB_V1`, that switches
to v1 of the library when is set to 1. By default, it is 0, so that ARM
platforms use the new version unless specifically stated.
Updated User Guide.
Change-Id: I53d3c8dd97706f6af9c6fca0364a88ef341efd31
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
On Tegra systems, there are multiple software components that
require to interact with MCE. The components can either be 32-bit
or 64-bit payloads. This patch supports MCE SMC functions ID for
AARCH32 and AARCH64 architectures to support such clients.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Not having U or ULL as a suffix for these enums causes
a lot of unnecessary MISRA issues. This patch adds U or
ULL suffix to these common enums to reduce number of
MISRA issues.
Signed-off-by: Anthony Zhou <anzhou@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch stops initialising the same UART console, as a "crash"
console. The normal and the crash consoles use the same UART port
and hence the crash console init function now only checks if the
console is ready to be used.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds support for fake system suspend (SC7).
This is a debug mode, to ensure that a different code path is
executed for cases like pre-silicon development, where a
full-fledged SC7 is not possible in early stages.
This particular patch ensures that, if fake system suspend is
enabled (denoted by tegra_fake_system_suspend variable
having a non-zero value), instead of calling WFI, a request
for a warm reset is made for starting the SC7 exit procedure.
This ensures that the code path of kernel->ATF and back to
kernel is executed without depending on other components
involved in SC7 code path.
Additionally, this patch also adds support for SMC call
from kernel, enabling fake system suspend mode.
Signed-off-by: Vignesh Radhakrishnan <vigneshr@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
During boot, USB3 and flash media (SDMMC/SATA) devices need access to
IRAM. Because these clients connect to the MC and do not have a direct
path to the IRAM, the MC implements AHB redirection during boot to allow
path to IRAM. In this mode, accesses to a programmed memory address aperture
are directed to the AHB bus, allowing access to the IRAM. The AHB aperture
is defined by the IRAM_BASE_LO and IRAM_BASE_HI registers, which are
initialized to disable this aperture. Once bootup is complete, we must
program IRAM base/top, thus disabling access to IRAM.
This patch provides functionality to disable this access. The tegra port
calls this new function before jumping to the non-secure world during
cold boot.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
GCC version 4.8 (and presumably earlier) warn when non-standard types are
used for bitfield definitions when -pedantic is enabled. This prevents TF
from being built with such toolchains, since -Werror -pedantic options are
used.
gcc-4.9 removed this warning; -pedantic is intended to cause gcc to emit a
warning in all cases required by the standard, but the standard does not
require a warning in this case.
See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57773
Signed-off-by: Stephen Warren <swarren@nvidia.com>
This patch adds flexibility to the code to initialise multiple SMMU
devices. The base address macro name has been changed to make it
explicit that we support multiple SMMUs.
Change-Id: Id4854fb010ebeb699512d79c769de24050c2ad69
Signed-off-by: Pritesh Raithatha <praithatha@nvidia.com>
Signed-off-by: Krishna Reddy <vdumpa@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch empowers the platforms to provide an array with the
registers that must be saved/restored across System Suspend.
Original-change-by: Pritesh Raithatha <praithatha@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch enables the 'xlat_table_v2' library for the Tegra Memory
Controller driver. This library allows us to dynamically map/unmap
memory regions, with MMU enabled.
The Memory Controller driver maps/unmaps non-overlapping Video Memory
region, to clean it of any secure contents, before it resizes the
region.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch makes the default implementation of plat_core_pos_by_mpidr()
as weakly linked, so that platforms can override it with their own.
Tegra186, for one, does not have CPU IDs 2 and 3, so it has its own
implementation of plat_core_pos_by_mpidr().
Change-Id: I7a5319869c01ede3775386cb95af1431792f74b3
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch empowers the platforms to provide the settings (e.g. stream ID,
security setting, transaction overrides) required by the Memory Controller
driver. This allows the platforms to program the Memory Controller as per
their needs and makes the driver scalable.
Original-change-by: Pritesh Raithatha <praithatha@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This ARI call enables the EDBGREQ feature in the CCPLEX,
which will cause the CPUs to enter debug state instead of
vectoring to sw (ie MCA handler) upon receiving an async
abort signal.
Change-Id: Ifcb0e11446b6ac55179e3350d8f02b60ba32c94d
Signed-off-by: Rich Wiley <rwiley@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch updates the ARI header file to v3.1.
Change-Id: I3e58cf50d27fb6e72062bb9d9782b75296b32025
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch fixes the variable width to store the TZDRAM base
address used to resume from System Suspend.
Change-Id: Ib67eda64b09f26fb2f427f0d624f057081473132
Signed-off-by: Steven Kao <skao@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds a config to the memory controller driver to enable SMMU
device init during boot. Tegra186 platforms keeps it enabled by default,
but future platforms might not support it.
Change-Id: Iebe1c60a25fc1cfb4c97a507e121d6685a49cb83
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds a new SMC function ID to read the refclk and coreclk
clock counter values from the Activity Monitor. The non-secure world
requires this information to calculate the CPU's frequency.
Formula: "freq = (delta_coreclk / delta_refclk) * refclk_freq"
The following CPU registers have to be set by the non-secure driver
before issuing the SMC:
X1 = MPIDR of the target core
X2 = MIDR of the target core
Change-Id: I296d835def1f5788c17640c0c456b8f8f0e90824
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds a new config to enable MC settings for the AFIW
and AFIR devices. Platforms must enable this config on their own.
Change-Id: I53b450117e4764ea76d9347ee2928f9be178b107
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch moves the smmu driver introduced by the Tegra186 port
to tegra/common so that future chips can (re)use it.
Change-Id: Ia44c7f2a62fb2d8869db3a44742a8c6b13c49036
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch splits the MCE driver into public and private interfaces
to allow usage of common functionality across multiple SoCs.
Change-Id: Ib58080e730d72f11ff79507d8e0acffb2ad5c606
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The printf() isn't used by the firmware itself, just by the tools under
the ./tools/ folder. Then tf_printf will unconditionally print.
Remove the unused print_dram_status_info() function.
Change-Id: Ie699ccb54a5be9a2cbbd7b8d4193b57075a2f57a
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
Zynqmp implements a version of the Cortex A53 affected by errata 855873.
Enable the workaround for the errata and silence the warning: "WARNING:
BL31: cortex_a53: errata workaround for 855873 was missing!".
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
This patch moves the TSA block's macros from memctrl_v2.h to
tegra_def.h in the Tegra186 tree.
Change-Id: I8b45dd3905c5d1f33ffb36d8b2de72aeb06674aa
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch moves the chip specific memory controller driver defines to
the appropriate tegra_def.h files, for future compatibility.
Change-Id: I3179fb771d8b32e913ca29bd94af95f4b2fc1961
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch moves the MCE's configurable parameters to tegra_def.h for
the Tegra186 SoC, to allow forward compatiblity.
Change-Id: If8660c1c09908a4064dbb67d5ca4fb78389cab13
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Remove stream ID overrides for AON. AON drives its own stream ID when
accesing IOVA memory. However, it needs to use a physical stream ID when
accesing GSC memory. Overriding stream ids prevents AON from accessing
GSC memory, so remove them to allow AON to access GSCs.
Change-Id: Ia2b11014d9780c4546b5e781621ae4cd413735cc
Signed-off-by: Mustafa Yigit Bilgen <mbilgen@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch reverts the APE overrides added for chip verification.
Change-Id: Ib85560934d63f6e41e95ef6898a341f24761a517
Signed-off-by: Vivek Aseeja <vaseeja@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch updates wake time of the cpu to use the MSBs and zero
out the LSB's. Only 24 out of 32 bits are currently passed
through the PSCI interface. Previously all the LSB's were used.
Change-Id: Ie2d9d1bf6e3003dd47526a124f64e6ad555d2371
Signed-off-by: Krishna Sitaraman <ksitaraman@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The TEGRA_ARI_COPY_MISCREG_AA64_RST ARI should be called with
request_lo/hi set to zero. MTS automatically takes the reset
vector from MISCREG_AA64_RST register and does not need it to
be passed as parameters. This patch updates the API and the
caller function accordingly.
Change-Id: Ie3e3402d93951102239d988ca9f0cdf94f290d2f
Signed-off-by: Krishna Sitaraman <ksitaraman@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
When entering C7, ATF disables caches and flushes the L1 cache. However,
wake_time[cpu] can still remain in the L2 cache, causing later reads to it
to fetch from DRAM. This will read stale values.
Fix this by aligning wake_time[cpu] to cache lines, and explicitly cleaning it
before disabling caches.
Change-Id: Id73d095b479677595a6b3dd0abb240a1fef5f311
Signed-off-by: Mustafa Yigit Bilgen <mbilgen@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch updates the ARI header to version 3.0
Change-Id: I7cfe0c61c80a6b78625232135dd63393602d32fe
Signed-off-by: Krishna Sitaraman <ksitaraman@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The TZRAM memory loses its state during "System Suspend". This patch
check if TZRAM base address contains valid data, to decide if the system
is exiting from "System Suspend". To enable TZDRAM encryption, the Memory
Controller's TZDRAM base/size registers would be populated by the BPMP
when the system "wakes up".
Change-Id: I5fc8ba1ae3bce12f0ece493f6f9f5f4d92a46344
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This change adds function to invoke for MISC_CCPLEX ARI calls and
the corresponding smc handler. This can be used to enable/disable
Coresight clock gating.
Change-Id: I4bc17aa478a46c29bfe17fd74f839a383ee2b644
Signed-off-by: Krishna Sitaraman <ksitaraman@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch fixes the incorrect return value that was being passed
back for the ENUM_FEATURES ARI call.
Change-Id: I3842c6ce27ea24698608830cf4c12cfa7ff64421
Signed-off-by: Krishna Sitaraman <ksitaraman@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch clears the unused or reserved ARI input registers
before issuing the actual ARI command.
Change-Id: I454b86566bfe088049a5c63527c1323d7b25248a
Signed-off-by: Krishna Sitaraman <ksitaraman@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
If SCP_BL2 is passed in from the command line, it is recognized by
make_helpers/tbbr/tbbr_tools.mk, and the cert_create tool generates
the corresponding key and content certificates.
On the other hand, the top-level Makefile does not care SCP_BL2, so
the --scp-fw option is not passed to the fiptool. As far as I see
plat/arm/css/common/css_common.mk, it looks like a platform's job to
add $(eval $(call FIP_ADD_IMG,SCP_BL2,--scp-fw)).
We can make the top-level Makefile kind enough to take care of it.
This is useful when we want to have optional SCP_BL2 firmware.
Adjust css_common.mk so that Juno still requires SCP_BL2 by default.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The rockchip_pd_pwr_down_wfi function is currently unused, which may
trigger compiler warnings or errors. Remove it.
Change-Id: I7e1b0ae092e8855528ac2065ecefc8bd45305f31
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
Some header files using the ULL() macro were not directly including
utils.h where the macro definition resides. As a consequence, a linker
script with values using this macro did not see the macro definition
and kept the "ULL(<value>)" call in the preprocessed file, which lead to
link error.
Files using ULL() macro now include utils.h directly.
Change-Id: I433a7f36bd21a156c20e69bc2a2bb406140ebdf9
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
This function fills the buffer (first argument) with the specified
number of bytes (second argument) from the trusted entropy source.
This function will be used to initialize the stack protector canary.
Change-Id: Iff15aaf4778c13fa883ecb5528fcf9b8479d4489
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Introduce new build option ENABLE_STACK_PROTECTOR. It enables
compilation of all BL images with one of the GCC -fstack-protector-*
options.
A new platform function plat_get_stack_protector_canary() is introduced.
It returns a value that is used to initialize the canary for stack
corruption detection. Returning a random value will prevent an attacker
from predicting the value and greatly increase the effectiveness of the
protection.
A message is printed at the ERROR level when a stack corruption is
detected.
To be effective, the global data must be stored at an address
lower than the base of the stacks. Failure to do so would allow an
attacker to overwrite the canary as part of an attack which would void
the protection.
FVP implementation of plat_get_stack_protector_canary is weak as
there is no real source of entropy on the FVP. It therefore relies on a
timer's value, which could be predictable.
Change-Id: Icaaee96392733b721fa7c86a81d03660d3c1bc06
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
This API makes sure that all the characters sent to the crash console
are output before returning from it.
Porting guide updated.
Change-Id: I1785f970a40f6aacfbe592b6a911b1f249bb2735
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
It is needed to add placeholders for this function because, as this is
not a `plat_xxx()` function, there aren't weak definitions of it in any
file.
If `console_flush()` is used and there isn't an implementation of
`console_core_flush()` in any file, the compilation will fail.
Change-Id: I50eb56d085c4c9fbc85d40c343e86af6412f3020
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch switches to the functions which identify the underlying
platform in order to calculate the chip SKU.
Change-Id: I20cf5623465289ccfab28d6578efcf762bfeb456
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch runs the MCE firmware's version check only if the underlying
platform has the capability to the run the firmware. MCE firmware is not
running on simulation platforms, identified by v0.3 or v0.6, read from the
Tegra Chip ID value.
Change-Id: I3b1788b1ee2a0d4464017bb879ac5792cb7022b8
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch uses helper functions to read the chips's major and minor
version values.
Change-Id: I5b2530a31af5ab3778a8aa63380def4e9f9ee6ec
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds all the UART controllers to the memory map.
Change-Id: I035e55ca7bff0a96115102f2295981f9e3a5da6b
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Commit f3d3b316f8 replaced
plat_get_syscnt_freq by plat_get_syscnt_freq2 on all the
upstream platforms. This patch modifies the Tegra186 code
which is not present usptream, yet.
Change-Id: Ieda6168050a7769680a3a94513637fed03463a2d
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch disables TCU prefetch for all the contexts in order
to improve SMMU performance.
Change-Id: I82ca49a0e396d9f064f5c62a5f00c4b2101d8459
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch overrides the default handlers to get BL31 arguments from the
previous bootloader. The previous bootloader stores the pointer to the
arguments in PMC secure scratch register #53.
BL31 is the first component running on the CPU, as there isn't a previous
bootloader. We set the RESET_TO_BL31 flag to enable the path which assumes
that there are no input parameters passed by the previous bootloader.
Change-Id: Idacc1df292a70c9c1cb4d5c3a774bd796175d5e8
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch removes duplicate code from the platform's SiP handler
routine for processing Video Memory Carveout region requests and
uses the common SiP handler instead.
Change-Id: Ib307de017fd88d5ed3c816288327cae750a67806
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch enables the configuration settings for the TZRAM
aperture by programming the base/size of the aperture and
restricting access to it. We allow only the CPU to read/write
by programming the access configuration registers to 0.
Change-Id: Ie16ad29f4c5ec7aafa972b0a0230b4790ad5619e
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Commit c073fda1c6 upstream changed the
return type for `plat_get_syscnt_freq()` from uint64_t to unsigned
long long.
This patch modifies the return type for the Tegra186 platform.
Change-Id: Ic9e5c364b90972265576e271582a4347e5eaa6eb
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch enables ECC and Parity Protection for Cortex-A57 CPUs during boot,
for Tegra186 A02p SKUs.
Change-Id: I8522a6cb61f5e4fa9e0471f558a0c3ee8078370e
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Uncore perfmon appears to the CPU as a set of uncore perfmon registers
which can be read and written using the ARI interface. The MCE code
sequence handles reads and writes to these registers by manipulating
the underlying T186 uncore hardware.
To access an uncore perfmon register, CPU software writes the ARI
request registers to specify
* whether the operation is a read or a write,
* which uncore perfmon register to access,
* the uncore perfmon unit, group, and counter number (if necessary),
* the data to write (if the operation is a write).
It then initiates an ARI request to run the uncore perfmon sequence in
the MCE and reads the resulting value of the uncore perfmon register
and any status information from the ARI response registers.
The NS world's MCE driver issues MCE_CMD_UNCORE_PERFMON_REQ command
for the EL3 layer to start the entire sequence. Once the request
completes, the NS world would receive the command status in the X0
register and the command data in the X1 register.
Change-Id: I20bf2eca2385f7c8baa81e9445617ae711ecceea
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch implements the `get_target_pwr_state` handler for Tegra186
SoCs. The SoC port uses this handler to find out the cluster/system
state during CPU_SUSPEND, CPU_OFF and SYSTEM_SUSPEND calls.
The MCE firmware controls the power state of the CPU/CLuster/System,
so we query it to get the state and act accordingly.
Change-Id: I86633d8d79aec7dcb405d2301ac69910f93110fe
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds a helper function to the MCE driver to allow its
clients to issue UPDATE_CSTATE_INFO requests, without having to
setup the CPU context struct.
We introduced a struct to encapsulate the request parameters, that
clients can pass on to the MCE driver. The MCE driver gets the
parameters from the struct and programs the hardware accordingly.
Change-Id: I02bce57506c4ccd90da82127805d6b564375cbf1
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Juno platform Makefile is responsible for enabling all the relevant
errata. As the Juno platform port does not know which revision of Juno
the TF
is compiled for, the revision of the cores are unknown and so all errata
up to this date are needed on at least one revision of Juno.
Change-Id: I38e1d6efc17e703f2bd55e0714f8d8fa4778f696
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
This patch resets the CPU power state info when we online any CPU. The
NS world software would re-init the CPU power state after the CPU gets
online anyways. This allows us to maintain proper CPU/cluster power
states in the MCE firmware at all times.
Change-Id: Ib24054f53df720a4f88d67b2cb5a2e036e475e14
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch fixes the "Recursion in included headers" error flagged by
Coverity.
Fixes coverity errors "31858: Recursion in included headers" and
"31857: Recursion in included headers"
Change-Id: Icf8838434b1808b396e743e47f59adc452546364
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch fixes the logic to calculate the higher bits for TZRAM's base/end
addresses.
Fixes coverity error "31853: Wrong operator used (CONSTANT_EXPRESSION_RESULT)"
Change-Id: Iff62ef18cba59cd41ad63a5c71664872728356a8
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch modifies some of the functions in ARM platform layer to cater
for the case when multi-threading `MT` is set in MPIDR. A new build flag
`ARM_PLAT_MT` is added, and when enabled, the functions accessing MPIDR
now assume that the `MT` bit is set for the platform and access the bit
fields accordingly.
Also, a new API plat_arm_get_cpu_pe_count is added when `ARM_PLAT_MT` is
enabled, returning the PE count within the physical cpu corresponding to
`mpidr`.
Change-Id: I04ccf212ac3054a60882761f4087bae299af13cb
Signed-off-by: Summer Qin <summer.qin@arm.com>
This patch fixes the programming logic for the Video memory carveout's
size. The Memory Controller expects the size in terms of MBs instead
of bytes.
Change-Id: Ia8261b737448bae9a435fe21ab336126785d4279
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch removes stream ID override for the Security Engine
hardware block as its stream ID is programmed by the NS world
driver.
Original change by Mallikarjun Kasoju <mkasoju@nvidia.com>
Change-Id: Ia6523c1a1bb0a82bdeb878feb55670813899bdac
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch resets the power state info for CPUs when onlining,
as we set deepest power when offlining a core but that may not
be requested by non-secure sw which controls idle states. It
will re-init this info from non-secure software when the core
come online.
Original change by Prashant Gaikwad <pgaikwad@nvidia.com>
Change-Id: Id6c2fa2b821c7705aafbb561a62348c36fd3abd8
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The Tegra simulation environment has limited capabilities. This patch
checks the chip's major and minor versions to decide the features to
enable/disable - MCE firmware version checking is disabled and limited
Memory Controller settings are enabled
Change-Id: I258a807cc3b83cdff14a9975b4ab4f9d1a9d7dcf
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch checks that the system is running with the supported MCE
firmware during boot. In case the firmware version does not match the
interface header version, then the system halts.
Change-Id: Ib82013fd1c1668efd6f0e4f36cd3662d339ac076
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch fixes the programming sequence for 'System Suspend' and
'Quasi power down' state entry. The device needs to update the
required power state before querying the MCE firmware to see the
entry to that power state is allowed.
Original change by Allen Yu <alleny@nvidia.com>
Change-Id: I65e03754322188af913fabf41f29d1c3595afd85
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch programs the default CPU wake mask during CPU_SUSPEND. This
reduces the CPU_SUSPEND latency as the system has to send one less SMC
before issuing the actual suspend request.
Original change by Krishna Sitaraman <ksitaraman@nvidia.com>
Change-Id: I1f9351dde4ab30936070e9f42c2882fa691cbe46
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch clears the system cstate when offlining a CPU core as we
need to update the sytem cstate to SC7 only when we enter system
suspend.
Original change by Prashant Gaikwad <pgaikwad@nvidia.com>
Change-Id: I1cff9bbab4db7d390a491c8939aea5db6c6b5c59
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch enables overrides for APE domains to allow the chip verification
software harness (MODS) to execute its test cases.
Original change by Harvey Hsieh <hhsieh@nvidia.com>
Change-Id: I09b22376068c5b65d89c2a53154ccb2c60d955bd
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds a new interface to allow for making an ARI call that
will enable LATIC for the chip verification software harness.
LATIC allows some MINI ISMs to be read in the CCPLEX. The ISMs are
used for various measurements relevant ot particular locations in
Silicon. They are small counters which can be polled to determine
how fast a particular location in the Silicon is.
Original change by Guy Sotomayor <gsotomayor@nvidia.com>
Change-Id: Ifb49b8863a009d4cdd5d1ba38a23b5374500a4b3
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds support to save the BL31 state to the TZDRAM
before entering system suspend. The TZRAM loses state during
system suspend and so we need to copy the entire BL31 code to
TZDRAM before entering the state.
In order to restore the state on exiting system suspend, a new
CPU reset handler is implemented which gets copied to TZDRAM
during boot. TO keep things simple we use this same reset handler
for booting secondary CPUs too.
Change-Id: I770f799c255d22279b5cdb9b4d587d3a4c54fad7
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch reprograms MSS to make ROC deal with ordering of
MC traffic after boot and system suspend exit. This is needed
as device boots with MSS having all control but POR wants ROC
to deal with the ordering. Performance is expected to improve
with ROC but since no one has really tested the performance,
keep the option configurable for now by introducing a platform
level makefile variable.
Change-Id: I2e782fea138ccf9d281eb043a6b2c3bb97c839a7
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds the chip level support for System Suspend entry
and exit. As part of the entry sequence we first query the MCE
firmware to check if it is safe to enter system suspend. Once
we get a green light, we save hardware block settings and enter
the power state. As expected, all the hardware settings are
restored once we exit the power state.
Change-Id: I6d192d7568d6a555eb10efdfd45f6d79c20f74ea
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The memory controller loses its settings when the device enters system
suspend state.
This patch adds a handler to restore the Video Memory settings in the
memory controller, which would be called after exiting the system suspend
state.
Change-Id: I1ac12426d7290ac1452983d3c9e05fabbf3327fa
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds a device driver for the SMMU hardware block on
Tegra186 SoCs. We use the generic ARM SMMU-500 IP block on
Tegra186. The driver only supports saving the SMMU settings
before entering system suspend. The MC driver and the NS world
clients take care of programming their own settings.
Change-Id: Iab5a90310ee10f6bc8745451ce50952ab3de7188
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Replace the occurrences of signed condition codes where it was
unnecessary by an unsigned test as the unsigned tests allow the full
range of unsigned values to be used without inverting the result with
some large operands.
This reverts commit ee2c909947e0a9c4a2562689a7bfc863bc4794f9.
Change-Id: Ibaa5e8dfae6ad65bada3cda5f683d181fee37e53
Acked-by: Varun Wadekar <vwadekar@nvidia.com>
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
This patch adds support for the SC8 system power off state. This
state keeps the sensor subsystem powered ON while powering down
the remaining parts of the SoC. The CPUs and DRAM are powered down
as part of this state entry and perform a cold boot when exiting SC8.
Change-Id: Iba65c661a7fe077a0d696f114bab3b4595e19a0d
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch disables the DCO operations when we turn OFF a
CPU. DCO operations are still ON when a CPU enters a power
down suspend state.
Change-Id: I954a800209ffcc9ab43a77f04040608cbbbd9055
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch registers all the FIQ interrupt sources during platform
setup. Currently we support AON and TOP watchdog timer interrupts.
Change-Id: Ibccd866f00d6b08b574f765538525f95b49c5549
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
For all APE clients (APER, APEW, APEDMAR, APEDMAW) set NO_OVERRIDE
for MC_SID_CFG as ACAST/ADAST will be setup with the required SIDs
ie. 0x7F & 0x1E.
Original change by Nitin Kumbhar <nkumbhar@nvidia.com>
Change-Id: Idec981b3537cc95dac6ec37cdaa38bc45b16d232
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch sets the Memory Controller's TXN_OVERRIDE registers
for most write clients to CGID_ADR. This ensures ordering is maintained.
In some cases WAW ordering problems could occur. There are different
settings for Tegra version A01 v A02.
Original changes by Alex Waterman <alexw@nvidia.com>
Change-Id: I82ea02afa43a24250ed56985757b83e78e71178c
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The GPU is the real consumer of the video protected memory region
and it needs to be in reset to pick up the new region.
This patch checks if the GPU is in reset before we program the new
video protected memory region settings.
Change-Id: I44f553bfcf07b1975abad53b245954be966c8aeb
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch fixes the incorrect override settings for the SCE
hardware block.
Original change by Pekka Pessi <ppessi@nvidia.com>
Change-Id: I33db55d6004331988b52ca70157aab1409f4829f
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch fixes the logic used to calculate the CPU index for
storing the per-cpu wake times. We use the MIDR register to
calculate the CPU index now. This allows us to store values for
Denver/A57 CPUs properly.
Change-Id: I9df0377afd4b92bbdaea495c0df06a9780a99d09
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch supports the TEGRA_SIP_NEW_VIDEOMEM_REGION SiP call to
program new video memory carveout settings from the NS world.
Change-Id: If9ed818fe71e6cb7461f225090105a4d8883b7a2
Signed-off-by: Wayne Lin <wlin@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds support for the C6 and C7 CPU_SUSPEND states. C6 is
an idle state while C7 is a powerdown state.
The MCE block takes care of the entry/exit to/from these core power
states and hence we call the corresponding MCE handler to process
these requests. The NS driver passes the tentative time that the
core is expected to stay in this state as part of the power_state
parameter, which we store in a per-cpu array and pass it to the
MCE block.
Change-Id: I152acb11ab93d91fb866da2129b1795843dfa39b
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch programs the Memory controller's control registers
to disable non-secure accesses to the TZRAM. In case these
registers are already programmed by the BL2/BL30, then the
driver just bails out.
Change-Id: Ia1416988050e3d067296373060c717a260499122
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds support for the newer platform handler functions. Commit
I6db74b020b141048b6b8c03e1bef7ed8f72fd75b merges the upstream code which
has already moved all the upstream supported platforms over to these
handler functions.
Change-Id: I621eff038f3c0dc1b90793edcd4dd7c71b196045
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch implements the 'prepare_system_reset' handler to
issue the 'system reset' command to the MCE.
Change-Id: I83d8d0b4167aac5963d640fe77d5754dc7ef05b1
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch implements the CPU_OFF handler for powering down
a CPU using the MCE driver.
Change-Id: I8d455005d0b547cc61cc7778bfe9eb84b7e5480c
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The System Counter Frequency has been updated to 31.25MHz after
some experiments as the previous value was too high.
Change-Id: I79986ee1c0c88700a3a2b1dbff2d3f00c0c412b9
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Tegra186 has an on-die, 320KB, "System RAM" memory. Out of the total
size, 256KB are allocated for the CPU TrustZone binaries - EL3 monitor
and Trusted OS.
This patch changes the base address for bl31.bin to the SysRAM base
address. The carveout is too small for the Trusted OS, so we relocate
only the monitor binary.
Change-Id: Ib4b667ff2a7a619589851338f9d0bfb02078c575
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch issues the 'System Off' ARI to power off the entire
system from the 'prepare_system_off' handler.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch add code to power on/off the secondary CPUs on the Tegra186
chip. The MCE block is the actual hardware that takes care of the
power on/off sequence. We pass the constructed CPU #, depending on the
MIDR_IMPL field, to the MCE CPU handlers.
This patch also programs the reset vector addresses to allow the
CPUs to power on through the monitor and then jump to the linux
world.
Change-Id: Idc164586cda91c2009d66f3e09bf4464de9662db
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds the new SiP SMC calls to allow the NS world to
interact with the MCE hardware block on Tegra186 chips.
Change-Id: I79c6b9f76d68a87abd57a940613ec070562d2eac
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The CPU Complex (CCPLEX) Power Manager (Denver MCE, or DMCE) is an
offload engine for BPMP to do voltage related sequencing and for
hardware requests to be handled in a better latency than BPMP-firmware.
There are two interfaces to the MCEs - Abstract Request Interface (ARI)
and the traditional NVGINDEX/NVGDATA interface.
MCE supports various commands which can be used by CPUs - ARM as well
as Denver, for power management and reset functionality. Since the
linux kernel is the master for all these scenarios, each MCE command
can be issued by a corresponding SMC. These SMCs have been moved to
SiP SMC space as they are specific to the Tegra186 SoC.
Change-Id: I67bee83d2289a8ab63bc5556e5744e5043803e51
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Tegra186 is the newest SoC in the Tegra family which consists
of two CPU clusters - Denver and A57. The Denver cluster hosts
two next gen Denver15 CPUs while the A57 cluster hosts four ARM
Cortex-A57 CPUs. Unlike previous Tegra generations, all the six
cores on this SoC would be available to the system at the same
time and individual clusters can be powered down to conserve
power.
Change-Id: Id0c9919dbf5186d2938603e0b11e821b5892985e
Signed-off-by: Wayne Lin <wlin@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds driver for the Memory Controller (v2) in the newer
Tegra SoCs. The newer hardware uses ARM's SMMU hardware instead of
the proprietary block in the past.
Change-Id: I78359da780dc840213b6e99954e45e34428d4fff
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch opens up the interfaces to read the chip's major/minor versions
for all Tegra drivers to use.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
These source file definitions should be defined in generic
Makefiles so that all platforms can benefit. Ensure that the
symbols are properly marked as weak so they can be overridden
by platforms.
NOTE: This change is a potential compatibility break for
non-upstream platforms.
Change-Id: I7b892efa9f2d6d216931360dc6c436e1d10cffed
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
The NVidia Tegra 210 SoC contains Cortex-A53 CPUs which are affected by
erratum 855873.
Enable the workaround that TF provides to fix this erratum.
Change-Id: I6cef4ac60ae745e9ce299ee22c93b9d2c4f6c5f2
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The Mediatek 8173 SoC contains Cortex-A53 CPUs which are affected by
erratum 855873.
Enable the workaround that TF provides to fix this erratum.
Change-Id: I6e1c7822c320d81bdd46b8942d1d755883dac1f5
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
ARM erratum 855873 applies to all Cortex-A53 CPUs.
The recommended workaround is to promote "data cache clean"
instructions to "data cache clean and invalidate" instructions.
For core revisions of r0p3 and later this can be done by setting a bit
in the CPUACTLR_EL1 register, so that hardware takes care of the promotion.
As CPUACTLR_EL1 is both IMPLEMENTATION DEFINED and can be trapped to EL3,
we set the bit in firmware.
Also we dump this register upon crashing to provide more debug
information.
Enable the workaround for the Juno boards.
Change-Id: I3840114291958a406574ab6c49b01a9d9847fec8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Modify ARM common makefile to use version 2 of the translation tables
library and include the new header in C files.
Simplify header dependencies related to this library to simplify the
change.
The following table contains information about the size increase in
bytes for BL1 after applying this patch. The code has been compiled for
different configurations of FVP in AArch64 mode with compiler GCC 4.9.3
20150413. The sizes have been calculated with the output of `nm` by
adding the size of all regions and comparing the total size before and
after the change. They are sumarized in the table below:
text bss data total
Release +660 -20 +88 +728
Debug +740 -20 +242 +962
Debug (LOG_LEVEL=50) +1120 -20 +317 +1417
Change-Id: I539e307f158ab71e3a8b771640001fc1bf431b29
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
TLBI instructions for EL3 won't have the desired effect under specific
circumstances in Cortex-A57 r0p0. The workaround is to execute DSB and
TLBI twice each time.
Even though this errata is only needed in r0p0, the current errata
framework is not prepared to apply run-time workarounds. The current one
is always applied if compiled in, regardless of the CPU or its revision.
This errata has been enabled for Juno.
The `DSB` instruction used when initializing the translation tables has
been changed to `DSB ISH` as an optimization and to be consistent with
the barriers used for the workaround.
Change-Id: Ifc1d70b79cb5e0d87e90d88d376a59385667d338
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The files affected by this patch don't really depend on `xlat_tables.h`.
By changing the included file it becomes easier to switch between the
two versions of the translation tables library.
Change-Id: Idae9171c490e0865cb55883b19eaf942457c4ccc
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch enables the SEPARATE_CODE_AND_RODATA build flag for all
Tegra platforms, to allow setting proper MMU attributes for the RO
data and the code.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The linux kernel v3.10 does not use System Suspend function ID, whereas
v4.4 uses it. This means affinity levels 0/1 will have different state id
values during System Suspend entry. This patch updates the assert criteria
to check both the state id values.
Change-Id: I07fcaf99501cc9622e40d0a2c1eb4a4a160be10a
Signed-off-by: Harvey Hsieh <hhsieh@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch allows the NS world to pass 64-bit base address for
the Video Memory carveout region.
Change-Id: I7e47cc1f5425bd39c6763755b801517013e1e0cd
Signed-off-by: Harvey Hsieh <hhsieh@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch increases the ADDR_SPACE_SIZE macro (virtual address)
to 35 bits, to support max memory of 32G, for all Tegra platforms.
Change-Id: I8e6861601d3a667d7428988c7596b0adebfa0548
Signed-off-by: Steven kao <skao@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Some platforms might want to keep the uart console disabled
during boot. This patch checks if the platform supports a
console, before calling console_init().
Change-Id: Icc9c59cb979d91fd0a72e4732403b3284bdd2dfc
Signed-off-by: Damon Duan <danield@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch modifies the TZDRAM base address to the new aperture
allocated by the bootloader.
Change-Id: Id158d15b1ec9aa681136d258e90fbba930aebf92
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch sets the core power state during cluster power down,
so that the 'get_target_pwr_state' handler can calculate the
proper states for all the affinity levels.
Change-Id: If4adb001011208916427ee1623c6c923bed99985
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch fixes the 'tegra_soc_get_target_pwr_state' handler used to
calculate the proper state for each of the affinity levels.
Change-Id: Id16bd15b96f0fc633ffeac2d7a390592fbd0454b
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch removes the console_init() from runtime_setup() as we already
initialize it earlier and disables/enables it across "System Suspend".
Change-Id: I992d3ca56ff4797faf83e8d7fa52c0ef3e1c3367
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds support to identify the underlying platform
on which we are running. The currently supported platforms
are actual silicon and simulation platforms.
Change-Id: Iadf96e79ec663b3dbd1a18e9bb95ffcdb82fc8af
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch makes the default MP definitions of plat_get_my_stack()
and plat_set_my_stack() as weak so that they can be overridden by
the AArch32 Secure Payload if it requires.
Change-Id: I3b6ddff5750443a776505e3023ff2934227592b6
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Remove struct rockchip_pm_ops_cb and instead of using weak functions
implement; in this way we want the codes look clear and simple;
Change-Id: Ib9e8a5e932fdfc2b3e6a1ec502c40dfe720ac400
Signed-off-by: tony.xie <tony.xie@rock-chips.com>
This patch implements a per-soc handler to calculate the target
power state for the cluster/system. A weak implementation of the
handler is provided for platforms to use by default.
For SoCs with multiple CPU clusters, this handler would provide
the individual cluster/system state, allowing the PSCI service to
flush caches during cluster/system power down.
Change-Id: I568cdb42204f9841a8430bd9105bd694f71cf91d
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds support to relocate the BL32 image from the NS
memory to TZDRAM during cold boot. The NS memory buffer is
cleared out after the process completes.
Change-Id: I1a033ffe73b8c309449f874d5187708d0a8846d2
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch implements handlers which platforms can override to
get the BL31 arguments passed by the previous bootloader.
Change-Id: I6b9628a984644ce1b5de5aa6d7cd890e57241d89
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch returns pointer to the BL32 entrypoint info only if
it is valid.
Change-Id: I71ce3c4626681753c94f3a7bbaa50c26c74874cb
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch configures the TZDRAM fence during early platform
setup to allow the memory controller to enable DRAM encryption
before the TZDRAM actually gets used.
Change-Id: I0169ef9dda75699527b4e30c9e617a9036ba1d76
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch restores the TZRAM fence and the access permissions
on exiting the "System Suspend" state.
Change-Id: Ie313fca5a861c73f80df9639b01115780fb6e217
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch enables L2 ECC and Parity Protection for ARM Cortex-A57 CPUs
for Tegra SoCs.
Change-Id: I038fcd529991d0201a4951ce2730ab71b1c980f9
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch modifies the secure IRQ registration process to allow platforms
to specify the target CPUs as well as the owner of the IRQ. IRQs "owned"
by the EL3 would return INTR_TYPE_EL3 whereas those owned by the Trusted
OS would return INTR_TYPE_S_EL1 as a result.
Change-Id: I528f7c8220d0ae0c0f354e78d69e188abb666ef6
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds a handler for FIQ interrupts triggered when
the CPU is in the NS world. The handler stores the NS world's
context along with ELR_EL3/SPSR_EL3.
The NS world driver issues an SMC initially to register it's
handler. The monitor firmware stores this handler address and
jumps to it when the FIQ interrupt fires. Upon entry into the
NS world the driver then issues another SMC to get the CPU
context when the FIQ fired. This allows the NS world driver to
determine the CPU state and call stack when the interrupt
fired. Generally, systems register watchdog interrupts as FIQs
which are then used to get the CPU state during hangs/crashes.
Change-Id: I733af61a08d1318c75acedbe9569a758744edd0c
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Tegra chips support multiple FIQ interrupt sources. These interrupts
are enabled in the GICD/GICC interfaces by the tegra_gic driver. A
new FIQ handler would be added in a subsequent change which can be
registered by the platform code.
This patch adds the GIC programming as part of the tegra_gic_setup()
which now takes an array of all the FIQ interrupts to be enabled for
the platform. The Tegra132 and Tegra210 platforms right now do not
register for any FIQ interrupts themselves, but will definitely use
this support in the future.
Change-Id: I0ea164be901cd6681167028fea0567399f18d4b8
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds a platform handler to calculate the proper target power
level at the specified affinity level.
Tegra platforms assign a local state value in order of decreasing depth
of the power state i.e. for two power states X & Y, if X < Y then X
represents a shallower power state than Y. As a result, the coordinated
target local power state for a power domain will be the maximum of the
requested local power state values.
Change-Id: I67360684b7f5b783fcfdd605b96da5375fa05417
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch includes platform_def.h required to access UART macros -
"TEGRA_BOOT_UART_CLK_IN_HZ" and "TEGRA_CONSOLE_BAUDRATE" from
tegra_helpers.S.
Change-Id: Ieb63968a48dc299d03e81ddeb1ccc871cf3397a1
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch removes the restriction of allowing SiP calls only from the
non-secure world. The secure world can issue SiP calls as a result of
this patch now.
Change-Id: Idd64e893ae8e114bba0196872d3ec544cac150bf
Signed-off-by: Wayne Lin <wlin@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds a weak handler for early platform setup which
can be overriden by the soc-specific handlers to perform any
early setup tasks.
Change-Id: I1a7a98d59b2332a3030c6dca5a9b7be977177326
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds support to relocate BL3-1 code to BL31_BASE in case
we cold boot to a different address. This is particularly useful to
maintain compatibility with legacy BL2 code.
This patch also checks to see if the image base address matches either
the TZDRAM or TZSRAM base.
Change-Id: I72c96d7f89076701a6ac2537d4c06565c54dab9c
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This change disables the cache non-temporal hints for A57 and
A53 CPUs on Tegra.
Change-Id: I279d95aec5afbc3ca3cc4b34aa16de3f2c83a4fc
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Sorry to miss the security configuration for SRAM, if we don't support
it, somebody may modify the comment of SRAM in the non-secure space.
Let's fix this issue.
Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
The F1 CAS latency setting was not bit shifted, which resulted in
setting the DRAM additive latency value instead.
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
On resume, we use the DFS hardware to switch frequency index,
followed by a full training sequence on that index. Leaving
the DFS training modules enabled causes issues with the full
training done at resume. We also only needs these enabled
during a call to ddr_set_rate during runtime, so there's no
issue disabling them at the end of ddr_set_rate.
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
This moves the setting of the DQS drive strength to the M0 to minimize
the impact on DDR transactions. We need to have the DQS drive strength
changed for data training, which is triggered by the M0, but it also
needs to be changed back when data training is finished.
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
This removes an optimization to not recalculate parameters if the
frequency index being switched to hold the next frequency. This is
because some registers do not have a copy per frequency index, so this
optimization might be causing problems.
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
We were getting far off values on resume for the RX_CAL_DQS values.
This saves and restores the values for suspend/resume until the root
of the problem is figured out
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
These macros were accidentally deleted in a previous cleanup. This
slipped through because the code using them is currently unused, but
that may change in the future.
Signed-off-by: Julius Werner <jwerner@chromium.org>
This patch shuffles the M0 Makefile flags around a bit trying to make
their purpose clearer and remove duplication. Since all three build
steps (compiling, assembling, linking) actually call GCC, remove the
misleading aliases $(AS) and $(LD) to avoid confusion that those tools
might be called directly. Split flags into a common group that has
meaning for all three steps and separate variables specific to each
step. Remove -nostartfiles which is a strict subset of -nostdlib.
Also add explicit parameters for -mfloat-abi=soft, -fomit-frame-pointer
and -fno-common. If omitted these settings depend on the toolchain's
built-in default and cause various problems if they resolve to
unexpected values.
Signed-off-by: Julius Werner <jwerner@chromium.org>
The goal is that make clear the secure and SoC codes. Now cleaning them
will help secure code extensions for RK3399 in the future.
Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
Maybe the coreboot will reference the BL31 parameters (e.g the TZRAM_BASE
and TZRAM_SIZE for DDR secure regions), we can split them and don't have
to hardcode the range in two places.
Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
Move the BL31 loaded base address 0x10000 to 0x1000, and configure
the the memory range 0~1MB is secure, the goal is that make sure
the BL31 image will be not modified.
Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
So far, there are more and more features are supported on the RK3399,
meanwhile, these features are increasingly being defined and intertwined.
It's time to clean up and make them clearer.
Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
This removes waiting for vblank on the M0 during ddrfreq transitions.
That will now be done in the kernel to allow scheduling to be done on
the CPU core that changes the ddr frequency. Waiting for vblank in
the M0 would have the CPU core that waits on the M0 spin looping for
up to 16ms (1 frame for the display).
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
we will set PMU_CRU_GATEDIS_CON0 when idle port, it will enable
all clock, for save power consumption, we need to restore old value
when finish it.
Signed-off-by: Lin Huang <hl@rock-chips.com>
As rk3399 TRM1.1 document show, when set PMU_CRU_GATEDIS_CON0/1
register, it need set the write_mask bit (bit16 ~ bit31), but as
we test, it not need it. So need to correct the setting way, otherwise
it will set wrong value to this register.
Signed-off-by: Lin Huang <hl@rock-chips.com>
We found that the DUT will be hanged if we don't set the bit_1 of the
PMUCRU_GATEDIS_CON0. But, from the TRM, there is weird that the bit_1
is set the clk_center1_gating_dis, not clk_pmum0_gating_dis. Is the
TRM incorrect? We need to check it with the IC team and re-clean the
commit message and explain it tomorrow.
Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
This patch do following things:
1. Request hresetn_cm0s_pmu_req first then request
poresetn_cm0s_pmu_req during M0 enable.
2. Do not diable M0 clock for ddr dvfs.
3. Correct the clk_pmum0_gating_dis bit, it is BIT0 not BIT1
4. do not set/clear hclk_noc_pmu_en in M0 code, it does not relate
to the M0 clock.
Signed-off-by: Lin Huang <hl@rock-chips.com>
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
When vop is disabled and we read the vop register the system will
hang, so check vop status when we wait for the DMA finish flag to
avoid this sitiuation. This is done by checking for standby, DMA stop
mode, and disabled window states. Any one of these will prevent the
DMA finish flag from triggering.
Signed-off-by: Lin Huang <hl@rock-chips.com>
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
There is system timer in m0, we can use it to implement a set of
stopwatch functions for measuring timeouts.
Signed-off-by: Lin Huang <hl@rock-chips.com>
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
The phy pll needs to get 2X frequency to the DDR, so set the
pll_postdiv to 0.
Signed-off-by: Lin Huang <hl@rock-chips.com>
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
This fixes a hang with setting the DRAM rate based on a race condition
with the M0 which sets the DRAM rate. The AP can also starve the M0,
so this also delays the AP reads to the DONE parameter for the M0.
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
This enables per CS training at 666MHz and above for ddrfreq per
vendor recommendation. Since the threshold was used for latency was
the same value, this also adds a new value for that.
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
This patch sets the frequency configuration of the next DRAM DFS index
to the configuration of the current index. This does not perform a
frequency transition. It just configures registers so the training on
resume for both indices will be correct.
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
We used dcf do ddr frequency scaling, but we just include a dcf
binary, it hard to maintain later, we have M0 compile flow in ATF,
and M0 can also work for ddr frequency scaling, so let's use it.
Signed-off-by: Lin Huang <hl@rock-chips.com>
Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
Since the ATF project, we usually use the mmio_read_32 and
mmio_write_32. And the mmio_write_32, the firse parameter
is ADDR, the second is VALUE. In order to style consistency:
1/ rename readl/writel to mmio_read_32/mmio_write_32
2/ for keeping the same with mmio_write_32 in the ATF project,
swap the order of the parameters for M0 mmio_write_32
Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
Signed-off-by: Lin Huang <hl@rock-chips.com>
when dram frequency below 260MHz, phy master dll may unlock, so
let phy master dll working at dll bypass mode when frequency is
below 260MHz.
Signed-off-by: Lin Huang <hl@rock-chips.com>
we can reuse the dram config from loader, so we can remove dram_init()
and dts_timing_receive() funciton in dram.c, add the dram_set_odt_pd()
function to get the odt and auto power down parameter from kernel.
This also removes the dcf_code_init function to allow the system to
actually boot.
Signed-off-by: Lin Huang <hl@rock-chips.com>
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
This patch adds the pwr_domain_power_down_wfi() handler for Tegra
platforms which in turn executes the soc specific `power_down_wfi`
handler.
Change-Id: I5deecc09959db3c3d73f928f5c871966331cfd95
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch maps the TZDRAM carveout used by the BL31. In the near
future BL31 would be running from the TZRAM for security and
performance reasons. The only downside to this solution is that
the TZRAM loses its state in System Suspend. So, we map the TZDRAM
carveout that the BL31 would use to save its state before entering
System Suspend.
Change-Id: Id5bda7e9864afd270cf86418c703fa61c2cb095f
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch increases the BL31 image size for all Tegra platforms to
256KB, so that we can relocate BL31 to TZSRAM on supported chips.
Change-Id: I467063c68632b53b5d4ef8ff1f76f5988096bd9c
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch uses the Memory controller driver's handler to restore
its settings and moves the other chip specific code to their own
'pwr_domain_on_finish' handlers.
Change-Id: I3c9d23bdab9e2e3c05034ff6812cf941ccd7a75e
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch moves the code to disable DCO operations out from common
CPU files. This allows the platform code to call thsi API as and
when required. There are certain CPU power down states which require
the DCO to be kept ON and platforms can decide selectively now.
Change-Id: Icb946fe2545a7d8c5903c420d1ee169c4921a2d1
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch enables the PSCI_EXTENDED_STATE_ID macro. Tegra platforms
have moved on to using the extended state ID for CPU_SUSPEND, where
the NS world passes the state ID and wakeup time as part of the
state ID field.
Change-Id: Ie8b0fec285d8b2330bc26ff239a4f628425c9fcf
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The platform power states, PLAT_MAX_RET_STATE and PLAT_MAX_OFF_STATE,
can change on Tegra SoCs and so should be defined per-soc.
This patch moves these macro definitions to individual SoC's tegra_def.h
files.
Change-Id: Ib9b2752bc4d79cef6f79bee49882d340f71977a2
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch introduces a function to secure the on-chip TZRAM memory. The
Tegra132 and Tegra210 chips do not have a compelling use case to lock the
TZRAM. The trusted OS owns the TZRAM aperture on these chips and so it
can take care of locking the aperture. This might not be true for future
chips and this patch makes the TZRAM programming flexible.
Change-Id: I3ac9f1de1b792ccd23d4ded274784bbab2ea224a
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch enables the runtime console for all Tegra platforms
before exiting BL31. This would enable debug/error prints to be
always displayed on the UART console.
Change-Id: Ic48d61d05b0ab07973d6fc2dc6b68733a42a3f63
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch introduces a power down handler which can be overriden
by SoCs to customise the power down process. The current SoCs do
not have a way of powering down the entire system as external PMIC
chips are involved in the process.
But future SoCs will have a way to power off the entire system
without talking to an external PMIC.
Change-Id: Ie7750714141a29cb0a1a616fafc531c4f11d0985
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch implements a handler for common SiP calls. A weak
implementation for the SoC-specific handler has been provided
which can be overridden by SoCs to implement any custom SiP
calls.
Change-Id: I45122892a84ea35d7b44be0f35dc15f6bb95193e
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The BL2 fills in the UART controller ID to be used as the normal as
well as the crash console on Tegra platforms. The controller ID to
UART controller base address mapping is handled by each Tegra SoC
the base addresses might change across Tegra chips.
This patch adds the handler to parse the platform params to get the
UART ID for the per-soc handlers.
Change-Id: I4d167b20a59aaf52a31e2a8edf94d8d6f89598fa
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds another member, tzdram_base, to the plat_params_from_bl2 struct
in order to store the TZDRAM carveout base address used to load the Trusted OS.
The monitor programs the memory controller with the TZDRAM base and size in order
to deny any accesses from the NS world.
Change-Id: If39b8674d548175d7ccb6525c18d196ae8a8506c
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch renames the current Memory Controller driver files to
"_v1". This is done to add a driver for the new Memory Controller
hardware (v2).
Change-Id: I668dbba42f6ee0db2f59a7103f0ae7e1d4684ecf
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch checks that the pointers to BL3-3 and BL3-2 ep_info
structs are valid before accessing them. Add some INFO prints
in the BL3-1 setup path for early debugging purposes.
Change-Id: I62b23fa870f1b2fb783c8de69aab819f1749d15a
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch modifies platform_get_core_pos() to use the Cluster ID
field as well to calculate the final index value. This helps the
system to store CPU data for multi-cluster configurations.
Change-Id: I76e35f723f741e995c6c9156e9d61b0b2cdd2709
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch enables the processor retention and L2/CPUECTLR read/write
access from the NS world only for Cortex-A57 CPUs on the Tegra SoCs.
Change-Id: I9941a67686ea149cb95d80716fa1d03645325445
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch moves these address translation helper macros to individual
Tegra SoC makefiles to provide more control.
Change-Id: Ieab53c457c73747bd0deb250459befb5b7b9363f
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch converts the common SiP handler to SoC specific SiP
handler. T210 and T132 have different SiP SMCs and so it makes
sense to move the SiP handler to soc/t132 and soc/t210 folders.
Change-Id: Idfe48384d63641137d74a095432df4724986b241
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The Flow Controller hardware block is not present across all Tegra
SoCs, hence include the driver files from SoC specific makefiles.
T132/T210 are the SoCs which include this hardware block while future
SoCs have removed it.
Change-Id: Iaca25766a4fa51567293d10cf14dae968b0fae80
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
On Juno, the secure privileged invasive debug authentication signal
(SPIDEN) is controlled by board SCC registers, which by default enable
SPIDEN. Disable secure privileged external debug in release builds by
programming the appropriate Juno SoC registers.
Change-Id: I61045f09a47dc647bbe95e1b7a60e768f5499f49
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
This patch introduces the following three platform interfaces:
* void plat_psci_stat_accounting_start(const psci_power_state_t *state_info)
This is an optional hook that platforms can implement in order
to perform accounting before entering a low power state. This
typically involves capturing a timestamp.
* void plat_psci_stat_accounting_stop(const psci_power_state_t *state_info)
This is an optional hook that platforms can implement in order
to perform accounting after exiting from a low power state. This
typically involves capturing a timestamp.
* u_register_t plat_psci_stat_get_residency(unsigned int lvl,
const psci_power_state_t *state_info,
unsigned int last_cpu_index)
This is an optional hook that platforms can implement in order
to calculate the PSCI stat residency.
If any of these interfaces are overridden by the platform, it is
recommended that all of them are.
By default `ENABLE_PSCI_STAT` is disabled. If `ENABLE_PSCI_STAT`
is set but `ENABLE_PMF` is not set then an alternative PSCI stat
collection backend must be provided. If both are set, then default
weak definitions of these functions are provided, using PMF to
calculate the residency.
NOTE: Previously, platforms did not have to explicitly set
`ENABLE_PMF` since this was automatically done by the top-level
Makefile.
Change-Id: I17b47804dea68c77bc284df15ee1ccd66bc4b79b
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Replace all use of memset by zeromem when zeroing moderately-sized
structure by applying the following transformation:
memset(x, 0, sizeof(x)) => zeromem(x, sizeof(x))
As the Trusted Firmware is compiled with -ffreestanding, it forbids the
compiler from using __builtin_memset and forces it to generate calls to
the slow memset implementation. Zeromem is a near drop in replacement
for this use case, with a more efficient implementation on both AArch32
and AArch64.
Change-Id: Ia7f3a90e888b96d056881be09f0b4d65b41aa79e
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Introduce zeromem_dczva function on AArch64 that can handle unaligned
addresses and make use of DC ZVA instruction to zero a whole block at a
time. This zeroing takes place directly in the cache to speed it up
without doing external memory access.
Remove the zeromem16 function on AArch64 and replace it with an alias to
zeromem. This zeromem16 function is now deprecated.
Remove the 16-bytes alignment constraint on __BSS_START__ in
firmware-design.md as it is now not mandatory anymore (it used to comply
with zeromem16 requirements).
Change the 16-bytes alignment constraints in SP min's linker script to a
8-bytes alignment constraint as the AArch32 zeromem implementation is now
more efficient on 8-bytes aligned addresses.
Introduce zero_normalmem and zeromem helpers in platform agnostic header
that are implemented this way:
* AArch32:
* zero_normalmem: zero using usual data access
* zeromem: alias for zero_normalmem
* AArch64:
* zero_normalmem: zero normal memory using DC ZVA instruction
(needs MMU enabled)
* zeromem: zero using usual data access
Usage guidelines: in most cases, zero_normalmem should be preferred.
There are 2 scenarios where zeromem (or memset) must be used instead:
* Code that must run with MMU disabled (which means all memory is
considered device memory for data accesses).
* Code that fills device memory with null bytes.
Optionally, the following rule can be applied if performance is
important:
* Code zeroing small areas (few bytes) that are not secrets should use
memset to take advantage of compiler optimizations.
Note: Code zeroing security-related critical information should use
zero_normalmem/zeromem instead of memset to avoid removal by
compilers' optimizations in some cases or misbehaving versions of GCC.
FixesARM-software/tf-issues#408
Change-Id: Iafd9663fc1070413c3e1904e54091cf60effaa82
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
With GCC 6.2 compiler, more C undefined behaviour is being flagged as
warnings, which result in build errors in ARM TF build.
The specific issue that this patch resolves is the use of (1 << 31),
which is predominantly used in case statements, where 1 is represented
as a signed int. When shifted to msb the behaviour is undefined.
The resolution is to specify 1 as an unsigned int using a convenience
macro ULL(). A duplicate macro MAKE_ULL() is replaced.
FixesARM-software/tf-issues#438
Change-Id: I08e3053bbcf4c022ee2be33a75bd0056da4073e1
Signed-off-by: David Cunado <david.cunado@arm.com>
One nasty part of ATF is some of boolean macros are always defined
as 1 or 0, and the rest of them are only defined under certain
conditions.
For the former group, "#if FOO" or "#if !FOO" must be used because
"#ifdef FOO" is always true. (Options passed by $(call add_define,)
are the cases.)
For the latter, "#ifdef FOO" or "#ifndef FOO" should be used because
checking the value of an undefined macro is strange.
For AARCH32/AARCH64, these macros are defined in the top-level
Makefile as follows:
ifeq (${ARCH},aarch32)
$(eval $(call add_define,AARCH32))
else
$(eval $(call add_define,AARCH64))
endif
This means only one of the two is defined. So, AARCH32/AARCH64
belongs to the latter group where we should use #ifdef or #ifndef.
The conditionals are mostly coded correctly, but I see some mistakes.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
One nasty part of ATF is some of boolean macros are always defined
as 1 or 0, and the rest of them are only defined under certain
conditions.
For the former group, "#if FOO" or "#if !FOO" must be used because
"#ifdef FOO" is always true. (Options passed by $(call add_define,)
are the cases.)
For the latter, "#ifdef FOO" or "#ifndef FOO" should be used because
checking the value of an undefined macro is strange.
Here, IMAGE_BL* is handled by make_helpers/build_macro.mk like
follows:
$(eval IMAGE := IMAGE_BL$(call uppercase,$(3)))
$(OBJ): $(2)
@echo " CC $$<"
$$(Q)$$(CC) $$(TF_CFLAGS) $$(CFLAGS) -D$(IMAGE) -c $$< -o $$@
This means, IMAGE_BL* is defined when building the corresponding
image, but *undefined* for the other images.
So, IMAGE_BL* belongs to the latter group where we should use #ifdef
or #ifndef.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
We have lots of duplicated defines (and comment blocks too).
Move them to include/plat/common/common_def.h.
While we are here, suffix the end address with _END instead of
_LIMIT. The _END is a better fit to indicate the linker-derived
real end address.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The usage of _LIMIT seems odd here, so rename as follows:
BL_CODE_LIMIT --> BL_CODE_END
BL_RO_DATA_LIMIT --> BL_RO_DATA_END
BL1_CODE_LIMIT --> BL1_CODE_END
BL1_RO_DATA_LIMIT --> BL1_RO_DATA_END
Basically, we want to use _LIMIT and _END properly as follows:
*_SIZE + *_MAX_SIZE = *_LIMIT
*_SIZE + *_SIZE = *_END
The _LIMIT is generally defined by platform_def.h to indicate the
platform-dependent memory constraint. So, its typical usage is
ASSERT(. <= BL31_LIMIT, "BL31 image has exceeded its limit.")
in a linker script.
On the other hand, _END is used to indicate the end address of the
compiled image, i.e. we do not know it until the image is linked.
Here, all of these macros belong to the latter, so should be
suffixed with _END.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
We are duplicating this macro define, and it is useful enough
to be placed in the common place.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Commit 0029624fe2 ("Add
PLAT_xxx_ADDR_SPACE_SIZE definition") deprecates 'ADDR_SPACE_SIZE' in
favor of PLAT_(PHY|VIRT)_ADDRESS_SPACE_SIZE. Migrate the zynqmp platform
to use the new interface.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Depending on the compiler used, it might try to link in libc even though
it's not required. Stop it from doing that.
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
The platform.mk sets build options required for ZynqMP, but users
can still change them from the command line, like:
make PLAT=zynqmp RESET_TO_BL31=0 CROSS_COMPILE=...
Then, the makefile shows an error message in that case:
Using BL31 as the reset vector is only one option supported on ZynqMP.
Please set RESET_TO_BL31 to 1.
If the option is not user-configurable, the makefile can specify
"override" to prevent users from changing it. We do not need the
error message for the case that never happens.
Likewise, ENABLE_PLAT_COMPAT := 0 and PROGRAMMABLE_RESET_ADDRESS := 1
are mandatory to avoid build error.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Acked-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Before adding a base address and a size to compute the end
address of an image to copy or authenticate, check this
won't result in an integer overflow. If it does then consider
the input arguments are invalid.
As a result, bl1_plat_mem_check() can now safely assume the
end address (computed as the sum of the base address and size
of the memory region) doesn't overflow, as the validation is
done upfront in bl1_fwu_image_copy/auth(). A debug assertion
has been added nonetheless in the ARM implementation in order
to help catching such problems, should bl1_plat_mem_check()
be called in a different context in the future.
Fixes TFV-1: Malformed Firmware Update SMC can result in copy
of unexpectedly large data into secure memory
Change-Id: I8b8f8dd4c8777705722c7bd0e8b57addcba07e25
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Dan Handley <dan.handley@arm.com>
ASM_ASSERT failure and panic messages are suppressed at present. This
patch enables printing the PC location for panic messages, and file name
and line number upon assembly assert failure.
Change-Id: I80cb715988e7ce766f64da1e1d7065a74a096a0c
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The previous code required that a certificate be signed with the ROT
key before the platform's NV counter could be updated with the value
in the certificate. This implies that the Non-Trusted NV counter was
not being updated for Non-Trusted content certificates, as they cannot
be signed with the ROT key in the TBBR CoT scheme.
The code is reworked to only allow updating the platform's Trusted NV
counter when a certificate protected by the Trusted NV counter is
signed with the ROT key.
Content certificates protected by the Non-Trusted NV counter are
allowed to update the platform's Non-Trusted NV counter, assuming
that the certificate value is higher than the platform's value.
A new optional platform API has been introduced, named
plat_set_nv_ctr2(). Platforms may choose to implement it and perform
additional checks based on the authentication image descriptor before
modifying the NV counters. A default weak implementation is available
that just calls into plat_set_nv_ctr().
FixesARM-software/tf-issues#426
Change-Id: I4fc978fd28a3007bc0cef972ff1f69ad0413b79c
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Earlier patches introduced GIC Redistributor power management for ARM
platforms. This patch modifies FVP power management to power down
Redistributor during CPU power on/off.
Change-Id: I2adb9c50a7dd750019fe3b4e576b5d5fc364bffb
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
As with other ARM platform GIC APIs, these directly invoke the GICv3
driver APIs for Redistributor power management.
For the sake of uniform GIC API, empty stubs are placed for those GIC
drivers that lack Redistributor component.
Change-Id: Iad0d760d4dbca790998f7768cda621ff3b15a864
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch enables TRUSTED_BOARD_BOOT (Authentication and FWU)
support, for AArch64, when LOAD_IMAGE_V2 is enabled.
This patch also enables LOAD_IMAGE_V2 for ARM platforms.
Change-Id: I294a2eebce7a30b6784c80c9d4ac7752808ee3ad
Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>
Some files have incorrect copyright notices, this patch fixes all
files with deviations from the standard notice.
Change-Id: I66b73e78a50a235acb55f1e2ec2052a42c0570d2
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The capabilities exposed by the PSCI generic layer depends on the hooks
populated by the platform in `plat_arm_psci_pm_ops`. Currently ARM
Standard platforms statically define this structure. However, some
platforms may want to modify the hooks at runtime before registering
them with the generic layer.
This patch introduces a new ARM platform layer API
`plat_arm_psci_override_pm_ops` which allows the platform to probe
the power controller and modify `plat_arm_psci_pm_ops` if required.
Consequently, 'plat_arm_psci_pm_ops' is no longer qualified as
`const` on ARM Standard platforms.
Change-Id: I7dbb44b7bd36c20ec14ded5ee45a96816ca2ab9d
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch introduces an additional layer of abstraction between
CSS power management hooks and the SCPI driver. A new set of APIs
are introduced in order to abstract out power management operations
from underlying communication mechanism with the SCP.
The SCPI and the associated MHU drivers are moved into a `drivers`
folder in CSS. The new SCP communication abstraction layer is added
in the `drivers/scp` folder. The existing CSS power management
uses the new APIs to reflect this abstraction.
Change-Id: I7d775129fc0558e9703c2724523fb8f0a916838c
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
There are many instances in ARM Trusted Firmware where control is
transferred to functions from which return isn't expected. Such jumps
are made using 'bl' instruction to provide the callee with the location
from which it was jumped to. Additionally, debuggers infer the caller by
examining where 'lr' register points to. If a 'bl' of the nature
described above falls at the end of an assembly function, 'lr' will be
left pointing to a location outside of the function range. This misleads
the debugger back trace.
This patch defines a 'no_ret' macro to be used when jumping to functions
from which return isn't expected. The macro ensures to use 'bl'
instruction for the jump, and also, for debug builds, places a 'nop'
instruction immediately thereafter (unless instructed otherwise) so as
to leave 'lr' pointing within the function range.
Change-Id: Ib34c69fc09197cfd57bc06e147cc8252910e01b0
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch makes following miscellaneous fixes:
* pl011_console.S: Fixed the bit mask used to check if the
transmit FIFO is full or empty.
* smcc_macros.S: Added `_fsxc` suffix while updating the SPSR.
By default the assembler assumes `_fc` suffix which does not
update all the fields in SPSR. By adding `_fsxc` suffix all
the fields gets updated.
* platform_helpers.S: Removed the weak definition for
`plat_my_core_pos()` as this is a mandatory function which
needs to be defined by all platforms.
Change-Id: I8302292533c943686fff8d7c749a07132c052a3b
Signed-off-by: Yatharth Kochar <yatharth.kochar@arm.com>
Commit b91d935fee
("Add CFI debug frame information for ASM functions") modifies the
assembly macros 'func' and 'endfunc' to include CFI debug frame
information.
The rockchip platform uses a custom version of the 'func' macro with the
common 'endfunc' macro. The custom macro wasn't updated in
b91d935fee resulting in the following
build error:
plat/rockchip/rk3399/drivers/pmu/plat_pmu_macros.S: Assembler messages:
plat/rockchip/rk3399/drivers/pmu/plat_pmu_macros.S:155: Error: .cfi_endproc without corresponding .cfi_startproc
Makefile:532: recipe for target 'build/rk3399/release/bl31/plat_helpers.o' failed
make: *** [build/rk3399/release/bl31/plat_helpers.o] Error 1
Fixing this by updating the sram_func macro in the rk3399 port.
Fixes: b91d935fee ("Add CFI debug frame information for ASM functions")
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Add dependency information in the user guide for ARM_RECOM_STATE_ID_ENC
that needs to be set when using PSCI_EXTENDED_STATE_ID on ARM
platforms. Also clarify the build error message.
Change-Id: Id125a0299b179f5f222bca4e2503204bf89a3c59
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
The callback IRQ is delivered to the NS OS. Provide an interface to
allow the NS OS to obtain the callback data from the secure HW.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
The IPI hardware is secure and managed by ATF, nevertheless we deliver
the IRQ to the rich OS. The IRQ is needed to receive PM callbacks.
Enable the IPI interrupt when the rich OS probes the API version.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Use the PMUFW get_chipid call to obtain IDCODE and version register.
Cc: Michal Simek <michal.simek@xilinx.com>
Cc: Siva Durga Prasad Paladugu <sivadur@xilinx.com>
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
On ZynqMP the FSBL will configure the system counter. Hence, remove the
initialization of the system counter with hardcoded values from the ATF
and use the setup provided by the bootloader.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
The silicon ID does not change at runtime. Skip the IO access if the
ID has been read before.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
We have do something for clocks gate.
Fox example as the below:
susped:
clk_gate_con_save();
clk_gate_con_disable();
resume:
clk_gate_con_restore();
--
SO, add the plls_suspend_prepare() and plls_resume_finish() are not
necessary to S2R, that will save S2R time if remove them.
BRANCH=none
BUG=chrome-os-partner:58870,chrome-os-partner:55934
TEST=build kevin, two dogfooders with suspend_stress_test
passing 3000 cycles and still going on.
Change-Id: Icfbabc0b3ea8d2b5108d4f3de99a803b6d459669
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
The CA53 and CM0 WDT clock gating in rk3399 SGRF, and ATF is in charge of
it because the kernel can't touch SGRF.
Basically the WDT didn't stop at suspend time, it just switched from the
24M to the 32k clock. That meant that the WDT would fire if you slept for
long enough. In other word, the watchdog timer over count will increase to
750 (24*1000/32) times.
The RK3399 HW watchdog interval is 21 seconds. When machine enters the
suspend, the watchdog will reset the system after 35.7 (750/21) hours.
BUG=chrome-os-partner:59257
TEST=daisydog checked and set value, powerd_dbus_suspend to verify.
Change-Id: I88bb2a05b7d67d5ffd292f9d05d033ae9a6a3593
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
This patch adds dependency rule generation and inclusion to the M0
Makefile, so that M0 objects will get correctly remade with an
incremental build if a header file they included changed.
Change-Id: I2067bd9fd4d9dad3e77a09cbf09c7b4db3c1eda5
Signed-off-by: Julius Werner <jwerner@chromium.org>
The dependencies in the M0 Makefile are not correctly laid out, which
may lead to errors with make -j if the binary target gets evaluated
before the target that creates the directory. In addition, the M0
Makefile just calls mkdir without using the platform-independent macros
from the main ARM TF build system. This patch fixes those issues,
removes some unused (and broken) M0 build targets and merges the two M0
output directories into one (since there's no real point splitting it up
and it creates more hassle).
Change-Id: Ia5002479cf9c57fea7aefa8ca88e373df3a51f61
Signed-off-by: Julius Werner <jwerner@chromium.org>
The RK3399 supports close the center logic enter power mode,
so we can close PD_CENTER to save more power during suspend.
Therefore, we need to support save/restore the DDR PHY and
controller registers during suspend/resume.
Also, need CL (http://crosreview.com/397399) to check disabling
center logic.
Change-Id: I288defd8e9caa3846d9fa663a33e4d51df1aaa5d
Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
This patch intend to support save the registers of the DDR controller
and PHY before suspend, and restore them after resume.
Change-Id: Ia10b476c0b837628ac0f365416a7118292753e96
Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
This changes the style of dmc register accesses to be a read/write on
a base address plus a register offset instead of reinterpretting a
base address as a struct and accessing members within that struct.
Change-Id: Iead097cd6afdb830d8bc193608cd39d01ce5a6bc
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
This renames dram.c and dram.h to dfs.c and dfs.h respectively. This
is to make room for common functionality between frequency scaling and
suspend code for the DRAM in a pair of common files named dram.c and
dram.h. It also removes a duplicate enum definition from
dram_spec_timing.h
Change-Id: Ibfa1041f8781401f9d27901fe8c61862bcb05562
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
This moves the PMU register definitions into another file for use in
later patches.
Change-Id: I8b5f1e7938b63ada6a743cf9661c3e474e96e4e4
Signed-off-by: Derek Basehore <dbasehore@chromium.org>
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
The default value of L2CTLR_DATA_RAM_LATENCY is 2, depends to
the test result on rk3399, the A72 will need lower voltage for
high frequency if it's set to be 5, and almost no effect on performance.
Change-Id: I99a6a43edcc0c58f7775c10f4b85669dc3eff66d
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
Due to the PMU design, the PMU may not clear the WAKEUP bit after
wakeup, therefore, the state machine at the power mode may enter
the infinite loop during WFI.
There is a solution that we can use the M0 to monitor the WAKEUP
bit and clear it during power mode, then the state machine will be
recovered immediately. Then, the DUT can exit the WFI normally.
Change-Id: I303628553b728c214bf2d436bd3122032b5e669c
Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
This CL supports add M0 source code to built into the bl31.bin, the
goal is that we can load the M0 code binary into SRAM and execute it.
We need the M0 help us to clean the power_mode_en bit during the AP
PMU enter the state machine with interrupt, and avoid to the AP can
not exit the loop forever.
Change-Id: I844582c54a1f0d44ca41290d44618df58679f341
Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
Add the common extra.ld.S and customized rk3399.ld.S to extend
to more features for different platforms.
For example, we can add SRAM section and specific address to
load there if we need it, and the common bl31.ld.S not need to
be modified.
Therefore, we can remove the unused codes which copying explicitly
from the function pmusram_prepare(). It looks like more clear.
Change-Id: Ibffa2da5e8e3d1d2fca80085ebb296ceb967fce8
Signed-off-by: Xing Zheng <zhengxing@rock-chips.com>
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
This patch adds ARM SiP service for use by ARM standard platforms.
This service is added to support the SMC interface for the Performance
measurement framework(PMF).
Change-Id: I26f5712f9ab54f5f721dd4781e35a16f40aacc44
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
As the new RK3399TRM v1.1, there are some wrong set for CRU_CLKSEL_CON
register.
As the CRU_CLKSEL_CON96~107 high 16-bit isn't write mask and the
CRU_CLKSEL_CON offset is 0x100,not 0x80.
Change-Id: Ie127e9de74b87100af9a0150aad43e89e4972529
This prevents a warning being emitted in the console during FVP
configuration setup when using the Foundation FVP 9.6 onwards.
Change-Id: I685b8bd0dbd0119af4b0cb3f7d708fcc08e99561
This patch adds ARM Cortex-A32 MPCore Processor support
in the CPU specific operations framework. It also includes
this support for the Base FVP port.
Change-Id: If3697b88678df737c29f79cf3fa1ea2cb6fa565d
This patch adds support in SP_MIN to receive generic and
platform specific arguments from BL2.
The new signature is as following:
void sp_min_early_platform_setup(void *from_bl2,
void *plat_params_from_bl2);
ARM platforms have been modified to use this support.
Note: Platforms may break if using old signature.
Default value for RESET_TO_SP_MIN is changed to 0.
Change-Id: I008d4b09fd3803c7b6231587ebf02a047bdba8d0
This patch adds ARM platform changes in BL2 for AArch32 state.
It instantiates a descriptor array for ARM platforms describing
image and entrypoint information for `SCP_BL2`, `BL32` and `BL33`.
It also enables building of BL2 for ARCH=aarch32.
Change-Id: I60dc7a284311eceba401fc789311c50ac746c51e
This patch adds ARM platform changes in BL1 for AArch32 state.
It also enables building of BL1 for ARCH=aarch32.
Change-Id: I079be81a93d027f37b0f7d8bb474b1252bb4cf48
This patch adds common changes to support AArch32 state in
BL1 and BL2. Following are the changes:
* Added functions for disabling MMU from Secure state.
* Added AArch32 specific SMC function.
* Added semihosting support.
* Added reporting of unhandled exceptions.
* Added uniprocessor stack support.
* Added `el3_entrypoint_common` macro that can be
shared by BL1 and BL32 (SP_MIN) BL stages. The
`el3_entrypoint_common` is similar to the AArch64
counterpart with the main difference in the assembly
instructions and the registers that are relevant to
AArch32 execution state.
* Enabled `LOAD_IMAGE_V2` flag in Makefile for
`ARCH=aarch32` and added check to make sure that
platform has not overridden to disable it.
Change-Id: I33c6d8dfefb2e5d142fdfd06a0f4a7332962e1a3
This patch adds changes in ARM platform code to use new
version of image loading.
Following are the major changes:
-Refactor the signatures for bl31_early_platform_setup()
and arm_bl31_early_platform_setup() function to use
`void *` instead of `bl31_params_t *`.
-Introduce `plat_arm_bl2_handle_scp_bl2()` to handle
loading of SCP_BL2 image from BL2.
-Remove usage of reserve_mem() function from
`arm_bl1_early_platform_setup()`
-Extract BL32 & BL33 entrypoint info, from the link list
passed by BL2, in `arm_bl31_early_platform_setup()`
-Provides weak definitions for following platform functions:
plat_get_bl_image_load_info
plat_get_next_bl_params
plat_flush_next_bl_params
bl2_plat_handle_post_image_load
-Instantiates a descriptor array for ARM platforms
describing image and entrypoint information for
`SCP_BL2`, `BL31`, `BL32` and `BL33` images.
All the above changes are conditionally compiled using the
`LOAD_IMAGE_V2` flag.
Change-Id: I5e88b9785a3df1a2b2bbbb37d85b8e353ca61049
This patch implements CSS platform hook to support NODE_HW_STATE PSCI
API. The platform hook queries SCP to obtain CSS power state. Power
states returned by SCP are then converted to expected PSCI return codes.
Juno's PSCI operation structure is modified to use the CSS
implementation.
Change-Id: I4a5edac0e5895dd77b51398cbd78f934831dafc0
This patch adds the function scpi_get_css_power_state to perform the
'Get CSS Power State' SCP command and handle its response. The function
parses SCP response to obtain power states of requested cluster and CPUs
within.
Change-Id: I3ea26e48dff1a139da73f6c1e0893f21accaf9f0
This patch implements FVP platform hook to support NODE_HW_STATE PSCI
API. The platform hook validates the given MPIDR and reads corresponding
status from FVP power controller, and returns expected values for the
PSCI call.
Change-Id: I286c92637da11858db2c8aba8ba079389032de6d
We must guarantee that writes have become effective before returning to
the caller. Hence, wait for PMUFW signaling completion of the FW call
before returning to the rich OS.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Add support to provide silicon id to non-secure
software through SMC.
Signed-off-by: Siva Durga Prasad Paladugu <sivadur@xilinx.com>
[ sb
Move zynqmp_get_silicon_id outside of compile guards to avoid build
errors.
]
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
This patch adds pm_fpga_load() and pm_fpga_get_status() API's to provide
the Access to the xilfpga library to load the bitstream into zynqmp
PL region.
Signed-off-by: Nava kishore Manne <navam@xilinx.com>
During system suspend, identify slaves which are configured
as wake sources and call pm_set_wakeup_source API for each of them.
Identifying if device may wake the system is done by checking if any
interrupt of that device is enabled in GICD_ISENABLER when the APU is
about to enter SUSPEND_TO_RAM state. If such interrupt is found,
pm_set_wakeup_source is called with corresponding PM node ID as
argument.
Signed-off-by: Filip Drazic <filip.drazic@aggios.com>
The state argument of the pm_self_suspend API encodes the state to
which the APU intends to suspend. The state can be:
- PM_APU_STATE_CPU_IDLE - processor power down, all memories remain
on
- PM_APU_STATE_SUSPEND_TO_RAM - all processors powered down, L2$
powered down, all OCM banks in retention and DDR in
self-refresh.
The calls for setting requirements for L2$ and OCM banks are now
redundant and removed.
Signed-off-by: Filip Drazic <filip.drazic@aggios.com>
[ sb
- remove redundant #defines
]
Signed-off-by: Sören Brinkmann <soren.brinkmann@xilinx.com>
Implementation is based on arm_validate_power_state().
This function is called during CPU_SUSPEND PSCI call to validate
power_state parameter. If state is valid this function populate it
in req_state array as power domain level specific local state.
ATF platform migration guide chapter 2.2 defines this function as
mandatory for PSCIv1.0 CPU_SUSPEND support.
Signed-off-by: Stefan Krsmanovic <stefan.krsmanovic@aggios.com>
When moving the ATF into the DRAM address space an additional
translation table is required.
Reported-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
The OCM space was reorganized to use the space more efficiently. Adjust
the default ATF location to be aligned with other ZynqMP software
components.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Arm provided error injection support. To enable this error injection,
we need to set L2DEIEN in L2ACTLR_EL1 register and L1DEIEN in
CPUACTLR_EL1 register.
This is needed for our cortexa53 edac linux driver testing.
These registers need write access from non secure EL1 i.e linux
at the time of setting the above bits.
Signed-off-by: Naga Sureshkumar Relli <nagasure@xilinx.com>
ZynqMP only supports builds with RESET_TO_BL31=1. Set this option
through the platform makefile on default.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
As the checkpatch reports the warning or error.
plat/rockchip/common/plat_pm.c:96:
ERROR: do not set execute permissions for source files
plat/rockchip/rk3399/drivers/pmu/pmu.c:294:
ERROR: do not set execute permissions for source files
plat/rockchip/common/plat_pm.c:286: WARNING: line over 80 characters
plat/rockchip/common/plat_pm.c:287: WARNING: line over 80 characters
Change-Id: Ib347da21c56551c31df3f90f03777b13c75d5c26
for compatible 32bit and 64bit, we use 0x82xxxxxx as function ID,
we modify SIP call function return value to 32 bit.
Change-Id: Ib99b03a9ea423853aaa296dcc634ee82c622a552
For save power cosumption, if gpio power supply shut down, we need to
set gpio2 ~ gpio4 to input and HiZ status when suspend, and recovery
they status when rusume. we do it base on apio pass from loader.
Change-Id: I59fd2395e5e37e63425472a39f519822c9197e4c
some specific board need to disable/enable specific gpio when
suspend/resume, so we add this function, bootloader can pass the
specific gpio, and we can handle these gpios in bl31 suspend/resuem
function.
Change-Id: I373b03ef9202ee4a05a2b9caacdfa01b47ee2177
We may need gpio pull mode later, so add this function.
Besides fix a set pull mode bug, and save gpio clock gate,
when operate the gpio, we will enable gpio clock, when
finish gpio operate, restore gpio clock gate status.
Change-Id: Ia1d602804f571a17f5ddc499908663b968b02974
As rk3399 reported the d8/octane scores drop 10% with cpu idle.
The root cause is thc cpu cluster enter the slow mode.
We don't need switch the clock to 24MHz if cpu cluster enter the
retention mode. In order to improve performance, it just needs for
cluster enter powering off mode.
Also, we shouldn't do anything for hlvl if the system is off.
Change-Id: I2a02962a01343abd0cba47ed63192c1cdf88b119
For the PMU design, we don't expect to get the interrupts before enter
the power mode. Since that will cause the confusion for the state
machine in the power mode.
Change-Id: Id8dee79ae617a66271b5caf92caf35f520f45099
If we don't enable the Schmitt trigger on the 32 kHz clock then systems
won't always resume from suspend properly. Presumably anything else in
the system that relies on the 32 kHz clock also will have problems
without the Schmitt trigger enabled.
Enable it always since having the 32 kHz clock on GPIO0_A0 isn't
exactly an optional feature, so all boards using rk3399 will need this.
Change-Id: Idc18c6cd1adc5be5f60efd9cb805d83d5cd40129
add auto_pd_dis_freq parameter, we can pass a frequency from kernel
to disable or enable ddr auto power down function.
Change-Id: Ie30914701336c59047c380381c6b75dd76a89562
add dram driver, and kernel can through sip function talk to bl31 to
do ddr frequency scaling. and ddr auto powerdown.
Change-Id: I0d0f2869aed95e336c6e23ba96a9310985c84840
In a previous change we mistakenly thought that PMU_24M_EN_CFG directly
controlled whether the PMU counts ran off the 32k vs. 24M clock.
Apparently that's not true. Real logic is now documented in code.
Also in the previous change we mistaknely though that PMU_24M_EN_CFG was
normally supposed to be 1 and we should "restore" it at resume time.
This is a terrible idea and made the system totally unreliable after
resume. Apparently PMU_24M_EN_CFG should always be 0 with all the
current code and settings.
Let's fix the above two problems. While we're changing all of this,
let's also:
1. Init at boot time. Many of these counts are used when the system is
running normally. We want the behavior at boot to match the behavior
after suspend/resume.
2. Init CPU counts to be 1 us. Although old code was trying to set this
to 1 ms (1000x slower) at suspend/resume time, we've been testing the
kernel with 1 us for a long time now. That's because the kernel (at
boot time) set these values to 24. Let's keep at 24 until we know
that's wrong.
3. Init GPU counts to be 1 us. Old code wasn't touching the GPU, but as
documented in comments it makes sense to init here. Do it.
4. Document the crap out of this code, since the SoC's behavior is
confusing and poorly documented in the TRM.
5. Increase some stabilization times to 30 ms (from 3 ms). It's unclear
that a full 30 ms is needed, but let's be safe for now.
This also inits the counts for the GPU.
(Thanks to Doug's patch that come from https://crosreview.com/372381)
Change-Id: Id1bc159a5a99916aeab043895e5c4585c4adab22
This patch adds a WFI instruction in the default implementations of
plat_error_handler() and plat_panic_handler(). This potentially reduces
power consumption by allowing the hardware to enter a low-power state.
The same change has been made to the FVP and Juno platform ports.
Change-Id: Ia4e6e1e5bf1ed42efbba7d0ebbad7be8d5f9f173
The pmusgrf reset-hold bits needs to be released, since the
pmusgrf reset-hold bits needs to be held.
Change-Id: Ia1eccc8fba18294f26b4cc07d47bc5e513dd9a1f
Sometimes this will cause the long delay for suspend/resume.
Since the 24M OCS will be turned off in power mode.
Also, remove the ERROR_DEPRECATED config define.
Change-Id: I78f21c35912c2250972e551695cdacc7bc4c020a
This patch updates some things for rk3399, as following:
1) Add the new file to handle the pwm. (e.g. the pwm regulator)
Make sure that good deal with the pwm related things.
Also, remove some pwm setting for pmu.c.
2) Set the plls slow mode and bypass in suspend, and restore them.
Change-Id: I112806700bf433c87763aac23d22fa7e6a7f5264
This patch implements the support for SP_MIN in FVP. The SP_MIN platform
APIs are implemented and the required makefile support is added for FVP.
Change-Id: Id50bd6093eccbd5e38894e3fd2b20d5baeac5452
This patch adds AArch32 support for FVP and implements common platform APIs
like `plat_get_my_stack`, `plat_set_my_stack`, `plat_my_core_cos` for AArch32.
Only Multi Processor(MP) implementations of these functions are considered in
this patch. The ARM Standard platform layer helpers are implemented for
AArch32 and the common makefiles are modified to cater for both AArch64 and
AArch32 builds. Compatibility with the deprecated platform API is not
supported for AArch32.
Change-Id: Iad228400613eec91abf731b49e21a15bcf2833ea
This patch migrates the upstream platform makefiles to include the
console drivers from the new location in ARM Trusted Firmware code
base.
Change-Id: I866d6c4951e475de1f836ce8a8c1d5e6da9577e3
1. Remove the AP_PWROFF in ATF, should configure it in kernel.
2. Save and restore the PWMs pin/regs for suspend/resume.
3. The pmusgrf reset-hold bits needs to be released. since the
pmusgrf reset-hold bits needs to be held.
4. Configure the PMU power up/down cycles about delay 3ms.
5. With the MMIO register block as one big mapping.
6. Fix the build error with psci_entrypoint since PSCI lib updated.
Fixes the commit
9ec78bd ("rockchip: support the suspend/resume for rk3399").
Change-Id: I112806700bf433c87763aac23d22fa7e6a7f5264
Compile option `ARM_BOARD_OPTIMISE_MMAP` has been renamed to
`ARM_BOARD_OPTIMISE_MEM` because it now applies not only to defines
related to the translation tables but to the image size as well.
The defines `PLAT_ARM_MAX_BL1_RW_SIZE`, `PLAT_ARM_MAX_BL2_SIZE` and
`PLAT_ARM_MAX_BL31_SIZE` have been moved to the file board_arm_def.h.
This way, ARM platforms no longer have to set their own values if
`ARM_BOARD_OPTIMISE_MEM=0` and they can specify optimized values
otherwise. The common sizes have been set to the highest values used
for any of the current build configurations.
This is needed because in some build configurations some images are
running out of space. This way there is a common set of values known
to work for all of them and it can be optimized for each particular
platform if needed.
The space reserved for BL2 when `TRUSTED_BOARD_BOOT=0` has been
increased. This is needed because when memory optimisations are
disabled the values for Juno of `PLAT_ARM_MMAP_ENTRIES` and
`MAX_XLAT_TABLES` are higher. If in this situation the code is
compiled in debug mode and with "-O0", the code won't fit.
Change-Id: I70a3d8d3a0b0cad1d6b602c01a7ea334776e718e
Previously the definition of `plat_get_syscnt_freq2()` in `arm_common.c` was
conditionally defined based on the ERROR_DEPRECATED flag. This patch makes
this function available irrespective of the flag and removes the deprecated
`plat_get_syscnt_freq()` definition.
Change-Id: I250ca787ca1b5e867096c6ba8f2bb444db44c97b
The PRELOADED_BL33_BASE build option allows to preload a BL33 and bypass its
loading by BL2. In ARM standard platforms, the conditional behaviour of
PRELOADED_BL33_BASE is moved within the implementation of
`plat_get_ns_image_entrypoint()` so that all callers may benefit from this
feature.
Change-Id: Iea060e204ec72f8081087837854535c4e320da4e
This patch moves the `arm_common.c` file from `plat/arm/common/aarch64/`
to the parent directory since the functions implemented in the file are
not AArch64 specific. The platform makefiles are also modified for this
change.
Change-Id: I776d2e4958f59041476cf2f53a9adb5b2d304ee0
The `plat_psci_common.c` was moved to the new location `plat/common`
and a stub file was retained at previous location for compatibility. This
patch modifies the platform makefiles to include the file from the new
location.
Change-Id: Iabddeeb824e9a5d72d176d7c644735966c8c0699
This patch moves the PSCI services and BL31 frameworks like context
management and per-cpu data into new library components `PSCI` and
`el3_runtime` respectively. This enables PSCI to be built independently from
BL31. A new `psci_lib.mk` makefile is introduced which adds the relevant
PSCI library sources and gets included by `bl31.mk`. Other changes which
are done as part of this patch are:
* The runtime services framework is now moved to the `common/` folder to
enable reuse.
* The `asm_macros.S` and `assert_macros.S` helpers are moved to architecture
specific folder.
* The `plat_psci_common.c` is moved from the `plat/common/aarch64/` folder
to `plat/common` folder. The original file location now has a stub which
just includes the file from new location to maintain platform compatibility.
Most of the changes wouldn't affect platform builds as they just involve
changes to the generic bl1.mk and bl31.mk makefiles.
NOTE: THE `plat_psci_common.c` FILE HAS MOVED LOCATION AND THE STUB FILE AT
THE ORIGINAL LOCATION IS NOW DEPRECATED. PLATFORMS SHOULD MODIFY THEIR
MAKEFILES TO INCLUDE THE FILE FROM THE NEW LOCATION.
Change-Id: I6bd87d5b59424995c6a65ef8076d4fda91ad5e86
This patch reworks type usage in generic code, drivers and ARM platform files
to make it more portable. The major changes done with respect to
type usage are as listed below:
* Use uintptr_t for storing address instead of uint64_t or unsigned long.
* Review usage of unsigned long as it can no longer be assumed to be 64 bit.
* Use u_register_t for register values whose width varies depending on
whether AArch64 or AArch32.
* Use generic C types where-ever possible.
In addition to the above changes, this patch also modifies format specifiers
in print invocations so that they are AArch64/AArch32 agnostic. Only files
related to upcoming feature development have been reworked.
Change-Id: I9f8c78347c5a52ba7027ff389791f1dad63ee5f8
1.Fixes the suspend/resume some bugs.
2.Add the power domain for saving power consumption.
3.Add cpu clusters suspend for rk3399 SoCs
Change-Id: Id602779016b41d6281f4ba40a20229d909b28e46
Software executing in the normal world and in the trusted world at
exception levels lower than EL3 will request runtime services using the
SMC instruction.
See the documentation here:
https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/
rt-svc-writers-guide.md
This to be implemented as an EL3 Runtime Service in rockchip BL31
platform port, using the "SiP Service Call" range as specified in the
SMC Calling Convention.
This doesn't support any SMC yet, we will support it in later.
Change-Id: I0a638dd0b653c28b08f79d89f77ed7c69864017d
On ARM CSS platforms, the whole flash used to be mapped as executable.
This is not required, given that the flash is used to store the BL1
and FIP images and:
- The FIP is not executed in place, its images are copied to RAM
and executed from there.
- BL1 is executed in place from flash but only its code needs to be
mapped as executable and platform code takes care of re-mapping
BL1's read-only section as executable.
Therefore, this patch now maps the flash as non-executable by default
on these platforms. This increases security by restricting the
executable region to what is strictly needed.
This patch also adds some comments to clarify the memory mapping
attributes on these platforms.
Change-Id: I4db3c145508bea1f43fbe0f6dcd551e1aec1ecd3
This patch adds some verbose traces in the arm_setup_page_tables()
function to print the extents of the different memory regions it maps.
Change-Id: Ia3ae1053e7ebf3579601ff9238b0e3791eb1e9e4
The arm_setup_page_tables() function used to expect a single set of
addresses defining the extents of the whole read-only section, code
and read-only data mixed up, which was mapped as executable.
This patch changes this behaviour. arm_setup_page_tables() now
expects 2 separate sets of addresses:
- the extents of the code section;
- the extents of the read-only data section.
The code is mapped as executable, whereas the data is mapped as
execute-never. New #defines have been introduced to identify the
extents of the code and the read-only data section. Given that
all BL images except BL1 share the same memory layout and linker
script structure, these #defines are common across these images.
The slight memory layout differences in BL1 have been handled by
providing values specific to BL1.
Note that this patch also affects the Xilinx platform port, which
uses the arm_setup_page_tables() function. It has been updated
accordingly, such that the memory mappings on this platform are
unchanged. This is achieved by passing null values as the extents
of the read-only data section so that it is ignored. As a result,
the whole read-only section is still mapped as executable.
FixesARM-software/tf-issues#85
Change-Id: I1f95865c53ce6e253a01286ff56e0aa1161abac5
This patch changes the base address of the "total" Trusted SRAM region
seen by the BL2U image. It used to start just after BL2U's read-only
section (i.e. at address BL2U_RO_LIMIT), it now starts from the base
address of the BL2U image (i.e. at address BL2U_BASE). In other words,
the "total" memory region now includes BL2U's own read-only section.
This does not change BL2U's resulting memory mappings because the
read-only section was already mapped in BL2U, it just wasn't part of
this total memory region.
Change-Id: I2da16ac842469023b41904eaa8d13ed678d65671
At the moment, on ARM platforms, BL1 maps everything from BL1_RO_BASE
to BL1_RO_LIMIT. BL1_RO_LIMIT, as defined in the porting guide, is
the maximum address in Trusted ROM that BL1's actual content _can_
occupy. The actual portion of ROM occupied by BL1 can be less than
that, which means that BL1 might map more Trusted ROM than it actually
needs to.
This patch changes BL1's memory mappings on ARM platforms to restrict
the region of Trusted ROM it maps. It uses the symbols exported by
the linker to figure out the actual extents of BL1's ROM footprint.
This change increases the number of page tables used on FVP by 1.
On FVP, we used to map the whole Trusted ROM. As it is 64MB large,
we used to map it as blocks of 2MB using level-2 translation table
entries. We now need a finer-grained mapping, which requires an
additional level-3 translation table.
On ARM CSS platforms, the number of translation tables is unchanged.
The BL1 image resides in flash at address 0x0BEC0000. This address is
not aligned on a 2MB-boundary so a level-3 translation table was
already required to map this memory.
Change-Id: I317a93fd99c40e70d0f13cc3d7a570f05c6c61eb
This patch introduces a new header file: include/lib/utils.h.
Its purpose is to provide generic macros and helper functions that
are independent of any BL image, architecture, platform and even
not specific to Trusted Firmware.
For now, it contains only 2 macros: ARRAY_SIZE() and
IS_POWER_OF_TWO(). These were previously defined in bl_common.h and
xlat_tables.c respectively.
bl_common.h includes utils.h to retain compatibility for platforms
that relied on bl_common.h for the ARRAY_SIZE() macro. Upstream
platform ports that use this macro have been updated to include
utils.h.
Change-Id: I960450f54134f25d1710bfbdc4184f12c049a9a9
This patch introduces the arm_setup_page_tables() function to
set up page tables on ARM platforms. It replaces the
arm_configure_mmu_elx() functions and does the same thing except
that it doesn't enable the MMU at the end. The idea is to reduce
the amount of per-EL code that is generated by the C preprocessor
by splitting the memory regions definitions and page tables creation
(which is generic) from the MMU enablement (which is the only per-EL
configuration).
As a consequence, the call to the enable_mmu_elx() function has been
moved up into the plat_arch_setup() hook. Any other ARM standard
platforms that use the functions `arm_configure_mmu_elx()` must be
updated.
Change-Id: I6f12a20ce4e5187b3849a8574aac841a136de83d
The per-cpu stacks should be aligned to the cache-line size and
the `declare_stack` helper in asm_macros.S macro assumed a
cache-line size of 64 bytes. The platform defines the cache-line
size via CACHE_WRITEBACK_GRANULE macro. This patch modifies
`declare_stack` helper macro to derive stack alignment from the
platform defined macro.
Change-Id: I1e1b00fc8806ecc88190ed169f4c8d3dd25fe95b
This patch enables optional PSCI functions `PSCI_STAT_COUNT` and
`PSCI_STAT_RESIDENCY` for ARM standard platforms. The optional platform
API 'translate_power_state_by_mpidr()' is implemented for the Juno
platform. 'validate_power_state()' on Juno downgrades PSCI CPU_SUSPEND
requests for the system power level to the cluster power level.
Hence, it is not suitable for validating the 'power_state' parameter
passed in a PSCI_STAT_COUNT/RESIDENCY call.
Change-Id: I9548322676fa468d22912392f2325c2a9f96e4d2
Add build time option 'cadence1' for ZYNQMP_CONSOLE to select the 2nd
UART available in the SoC.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
In GICv3 mode, the non secure group1 interrupts are signalled via the
FIQ line in EL3. To support waking up from CPU_SUSPEND to standby on
these systems, EL3 should route FIQ to EL3 temporarily before wfi and
restore the original setting after resume. This patch makes this change
for the CSS platforms in the `css_cpu_standby` psci pm ops hook.
Change-Id: Ibf3295d16e2f08da490847c1457bc839e1bac144
NODE_IPI_APU is the node ID of APU's IPI device. If APU should be
woken-up on an IPI from FPD power down, this node shall be set as
the wake-up source upon suspend.
Signed-off-by: Mirela Simonovic <mirela.simonovic@aggios.com>
Building TF with ERROR_DEPRECATED=1 fails because of a missing
semi-column. This patch fixes this syntax error.
Change-Id: I98515840ce74245b0a0215805f85c8e399094f68
Replaced placeholder implementation of plat_set_nv_ctr for FVP
platforms by a working one.
On FVP, the mapping of region DEVICE2 has been changed from RO to RW
to prevent exceptions when writing to the NV counter, which is
contained in this region.
Change-Id: I56a49631432ce13905572378cbdf106f69c82f57
This patch adds ARM Cortex-A73 MPCore Processor support
in the CPU specific operations framework. It also includes
this support for the Base FVP port.
Change-Id: I0e26b594f2ec1d28eb815db9810c682e3885716d
We add plat parameter structs to support BL2 to pass variable-length,
variable-type parameters to BL31. The parameters are structured as a
link list. During bl31 setup time, we travse the list to process each
parameter. throuth this way, we can get the reset or power off gpio
parameter, and do hardware control in BL31. This structure also can
pass other parameter to BL31 in future.
There are 5 groups of GPIO (GPIO0~GPIO4), totally have 122 GPIOs
on rk3399 platform.
The pull direction(pullup or pulldown) for all of GPIOs are
software-programmable.
At the moment, we add the gpio basic driver since reset or power off
the devices from gpio configuration for BL31.
Powering up cores didn't wait for the PMUFW to complete the request,
which could result in cores failing to power up in Linux.
Reported-by: Koteswararao Nayudu <kotin@xilinx.com>
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
This patch adds support to select CCN driver for FVP during build.
A new build option `FVP_INTERCONNECT_DRIVER` is added to allow
selection between the CCI and CCN driver. Currently only the CCN-502
variant is supported on FVP.
The common ARM CCN platform helper file now verifies the cluster
count declared by platform is equal to the number of root node
masters exported by the ARM Standard platform.
Change-Id: I71d7b4785f8925ed499c153b2e9b9925fcefd57a
The revision field may change between silicon revisions without changing
the mapping to a part. This avoids errors like:
ERROR: Incorrect XILINX IDCODE 0x14738093, maskid 0x4600093
NOTICE: ATF running on XCZUUNKN/EP108 v3/RTL5.1 at 0xfffe5000
on parts with a newer revision.
Reported-by: Love Kumar <love.kumar@xilinx.com>
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Acked-by: Alistair Francis <alistair.francis@xilinx.com>
Tested-by: Love Kumar <love.kumar@xilinx.com>
Access to APU_PWRCTRL register is protected during suspend/wakeup pocedure
in order to save valid state. If more than one CPU is accessing this register
it can be left in corrupted state during read-modify-write process.
Signed-off-by: Stefan Krsmanovic <stefan.krsmanovic@aggios.com>
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
DEFINE_BAKERY_LOCK() macro is used to put lock in coherent memory region.
ARM Trusted Firmware design guide, chapter 11 states that bakery_lock data
structures should be allocated in coherent memory region because it is
accessed by multiple CPUs with mismatched shareability, cacheability and
memory attributes.
Signed-off-by: Stefan Krsmanovic <stefan.krsmanovic@aggios.com>
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Functions pm_ipi_send and pm_ipi_send_sync are declared in pm_ipi.h
Signed-off-by: Filip Drazic <filip.drazic@aggios.com>
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
The GIC area is specified larger than it needs to be and can be reduced.
Which allows reducing the structures required for the translation tables
as well.
This results in a reduction of memory footprint of ca. 4k.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Added a build flag to select the generic delay timer on FVP instead
of the SP804 timer. By default, the generic one will be selected. The
user guide has been updated.
Change-Id: Ica34425c6d4ed95a187b529c612f6d3b26b78bc6
Added plat_get_syscnt_freq2, which is a 32 bit variant of the 64 bit
plat_get_syscnt_freq. The old one has been flagged as deprecated.
Common code has been updated to use this new version. Porting guide
has been updated.
Change-Id: I9e913544926c418970972bfe7d81ee88b4da837e
Due to the changes in Mediatek platform common code, we need to move
plat related SiP functions to plat folder.
Change-Id: I6b14b988235205a5858b4bf49043bc79d0512b06
Signed-off-by: Jimmy Huang <jimmy.huang@mediatek.com>
This patch adds some debug assertions ensuring that array indices
are within the bounds of the array.
Change-Id: I96ee81d14834c1e92cdfb7e60b49995cdacfd93a
This patch adds to support the suspend/resume for rk3399 SoCs.
Signed-off-by: Shengfei xu <xsf@rock-chips.com>
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
This patch changes the default driver for FVP platform from the deprecated
GICv3 legacy to the GICv3 only driver. This means that the default build of
Trusted Firmware will not be able boot Linux kernel with GICv2 FDT blob. The
user guide is also updated to reflect this change of default GIC driver for
FVP.
Change-Id: Id6fc8c1ac16ad633dabb3cd189b690415a047764
This patch removes support for legacy Versatile Express memory map for the
GIC peripheral in the FVP platform. The user guide is also updated for the
same.
Change-Id: Ib8cfb819083aca359e5b46b5757cb56cb0ea6533
This patch puts the definition of `plat_get_syscnt_freq()`
under `#ifdef ARM_SYS_CNTCTL_BASE` in arm_common.c file.
This is the fix for compilation error introduced by commit-id
`749ade4`, for platforms that use arm_common.c but do not
provide a memory mapped interface to the generic counter.
FixesARM-software/tf-issues#395
Change-Id: I2f2b10bd9500fa15308541ccb15829306a76a745
Parse the parameter structure the FSBL populates, to populate the bl32
and bl33 image structures.
Cc: Sarat Chand Savitala <saratcha@xilinx.com>
Cc: petalinux-dev@xilinx.com
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
[ SB
- pass pointers to structs instead of structs
- handle execution state parameter
- populate bl32 SPSR
- add documentation
- query bootmode and consider missing handoff parameters an error when
not in JTAG boot mode
]
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Provide a function to retrieve the bootmode.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Drop the current configuration options for selecting the location of
the ATF and TSP (ZYNQMP_ATF_LOCATION, ZYNQMP_TSP_RAM_LOCATION).
The new configuration provides one default setup (ATF in OCM,
BL32 in DRAM). Additionally, the new configuration options
- ZYNQMP_ATF_MEM_BASE
- ZYNQMP_ATF_MEM_SIZE
- ZYNQMP_BL32_MEM_BASE
- ZYNQMP_BL32_MEM_SIZE
can be used to freely configure the memory locations used for ATF and
secure payload.
Also, allow setting the BL33 entry point via PRELOADED_BL33_BASE.
Cc: petalinux-dev@xilinx.com
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Acked-by: Alistair Francis <alistair.francis@xilinx.com>
This patch has the following change for rk3399.
* Set the uart to 115200 since the loader decide to set
uart baud to 115200Hz. So the ATF also should set uart baud to 115200.
* We need ensure the bl31 base is greater than 4KB since there are have
the shared mem for coreboot.(Note: the previous vesion was tested with uboot)
Otherwise, we will happen the exception crash since the ddr area won't
to work from the shared ram address in some cases.
For example, the exception crash:
CBFS: Found @ offset 19c80 size 24074
exception _sync_sp_el0
ELR = 0x0000000000008000
ESR = 0x0000000002000000
SPSR = 0x600003cc
FAR = 0xffffffff00000000
SP = 0x00000000ff8ed230
...
X29 = 0x00000000ff8c1fc0
X30 = 0x000000000030e3b0
exception death
Change-Id: I8bc557c6bcaf6804d2a313b38667d3e2517881d7
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
This patch moves the definition for `plat_get_syscnt_freq()`
from arm_bl31_setup.c to arm_common.c. This could be useful
in case a delay timer needs to be installed based on the
generic timer in other BLs.
This patch also modifies the return type for this function
from `uint64_t` to `unsigned long long` within ARM and other
platform files.
Change-Id: Iccdfa811948e660d4fdcaae60ad1d700e4eda80d
The bit mapping in I(E|D|S)R are equal, consolidate the #defines.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
It is up to the platform to implement the new plat_crash_print_regs macro to
report all relevant platform registers helpful for troubleshooting.
plat_crash_print_regs merges or calls previously defined plat_print_gic_regs
and plat_print_interconnect_regs macros for each existing platforms.
NOTE: THIS COMMIT REQUIRES ALL PLATFORMS THAT ENABLE THE `CRASH_REPORTING`
BUILD FLAG TO MIGRATE TO USE THE NEW `plat_crash_print_regs()` MACRO. BY
DEFAULT, `CRASH_REPORTING` IS ENABLED IN DEBUG BUILDS FOR ALL PLATFORMS.
Fixes: arm-software/tf-issues#373
Signed-off-by: Gerald Lejeune <gerald.lejeune@st.com>
In mt8173, there are totally 10 non-cpu mtcmos, so we cannot tell
if SPM finished the power control flow by 10 status bits of PASR_PDP_3.
So, extend PASR_PDP_3 status bits from 10 to 20 so that we can
make sure if the control action has been done precisely.
Change-Id: Ifd4faaa4173c6e0543aa8471149adb9fe7fadedc
Signed-off-by: Fan Chen <fan.chen@mediatek.com>
This patch modifies the upstream platform port makefiles to use the new
xlat_tables library files. This patch also makes mmap region setup common
between AArch64 and AArch32 for FVP platform port. The file `fvp_common.c`
is moved from the `plat/arm/board/fvp/aarch64` folder to the parent folder
as it is not specific to AArch64.
Change-Id: Id2e9aac45e46227b6f83cccfd1e915404018ea0b
This patch fixes the compilation error in Rockchip rk3368 platform port when
it is built in release mode.
FixesARM-software/tf-issues#389
Change-Id: I1a3508ac3a620289cf700e79db8f08569331ac53
To avoid confusion the build option BL33_BASE has been renamed to
PRELOADED_BL33_BASE, which is more descriptive of what it does and
doesn't get mistaken by similar names like BL32_BASE that work in a
completely different way.
NOTE: PLATFORMS USING BUILD OPTION `BL33_BASE` MUST CHANGE TO THE NEW
BUILD OPTION `PRELOADED_BL33_BASE`.
Change-Id: I658925ebe95406edf0325f15aa1752e1782aa45b
The BL33 address is now set in arm_bl31_early_platform_setup() so
that the preloaded BL33 boot option is available when RESET_TO_BL31
is also used.
Change-Id: Iab93e3916f9199c3387886b055c7cd2315efed29
Previously, when building TF without SPD support, BL2 tried to load a
BL32 image from the FIP and fails to find one, which resulted on
warning messages on the console. Even if there is a BL32 image in the
FIP it shouldn't be loaded because there is no way to transfer
control to the Secure Payload without SPD support.
The Makefile has been modified to pass a define of the form
SPD_${SPD} to the source code the same way it's done for PLAT. The
define SPD_none is then used to undefine BL32_BASE when BL32 is not
used to prevent BL2 from trying to load a BL32 image and failing,
thus removing the warning messages mentioned above.
FixesARM-software/tf-issues#287
Change-Id: Ifeb6f1c26935efb76afd353fea88e87ba09e9658
The Xilinx Zynq UltraScale+ MPSOC containes a quad A53 cluster. This
patch adds the platform port for that SoC.
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
This patch adds to support the RK3368 and RK3399 SoCs.
RK3368/RK3399 is one of the Rockchip family SoCs, which is an
multi-cores ARM SoCs.
This patch adds support to boot the Trusted Firmware on RK3368/RK3399
SoCs, and adds support to boot secondary CPUs, enter/exit core
power states for all CPUs in the slow/fast clusters.
This is the initial version for rockchip SoCs.(RK3368/RK3399 and next SoCs)
* Support arm gicv2 & gicv3.
* Boot up multi-cores CPU.
* Add generic CPU helper functions.
* Support suspend/resume.
* Add system_off & system_reset implementation.
* Add delay timer platform implementation.
* Support the new porting interface for the PSCI implementation.
Change-Id: I704bb3532d65e8c70dbd99b512c5e6e440ea6f43
Signed-off-by: Tony Xie <tony.xie@rock-chips.com>
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
Signed-off-by: Shengfei xu <xsf@rock-chips.com>
This patch modifies the return type of the platform API
`plat_get_ns_image_entrypoint()` from `unsigned long` to
`uintptr_t` in accordance with the coding guidelines.
Change-Id: Icb4510ca98b706aa4d535fe27e203394184fb4ca
BL31 usually handles confidential stuff, its memory must not be
read/write accessible from non-secure world. This patch protects
the BL31 memory range from non-secure read/write access.
Change-Id: I442fb92b667bb2f9a62d471a90508b1ba4489911
Signed-off-by: Jimmy Huang <jimmy.huang@mediatek.com>
This patch adds support to program TrustZone protection on ARM platforms that
implement a DMC-500. arm_dmc_500.c has been added which implements the
arm_dmc_tzc_setup() function. This function relies on constants related to TZC
programming that are exported by each platform to program TrustZone protection
using the DMC-500 TrustZone controller driver. This function should be called
from plat_arm_security_setup() which is implemented by each platform.
Change-Id: I5400bdee9e4b29155fd11296a40693d512312f29
This patch adds support for non-volatile counter authentication to
the Authentication Module. This method consists of matching the
counter values provided in the certificates with the ones stored
in the platform. If the value from the certificate is lower than
the platform, the boot process is aborted. This mechanism protects
the system against rollback.
The TBBR CoT has been updated to include this method as part of the
authentication process. Two counters are used: one for the trusted
world images and another for the non trusted world images.
** NEW PLATFORM APIs (mandatory when TBB is enabled) **
int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr);
This API returns the non-volatile counter value stored
in the platform. The cookie in the first argument may be
used to select the counter in case the platform provides
more than one (i.e. TBSA compliant platforms must provide
trusted and non-trusted counters). This cookie is specified
in the CoT.
int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr);
This API sets a new counter value. The cookie may be
used to select the counter to be updated.
An implementation of these new APIs for ARM platforms is also
provided. The values are obtained from the Trusted Non-Volatile
Counters peripheral. The cookie is used to pass the extension OID.
This OID may be interpreted by the platform to know which counter
must return. On Juno, The trusted and non-trusted counter values
have been tied to 31 and 223, respectively, and cannot be modified.
** IMPORTANT **
THIS PATCH BREAKS THE BUILD WHEN TRUSTED_BOARD_BOOT IS ENABLED. THE
NEW PLATFORM APIs INTRODUCED IN THIS PATCH MUST BE IMPLEMENTED IN
ORDER TO SUCCESSFULLY BUILD TF.
Change-Id: Ic943b76b25f2a37f490eaaab6d87b4a8b3cbc89a
This patch adds an option to the ARM common platforms to load BL31 in the
TZC secured DRAM instead of the default secure SRAM.
To enable this feature, set `ARM_BL31_IN_DRAM` to 1 in build options.
If TSP is present, then setting this option also sets the TSP location
to DRAM and ignores the `ARM_TSP_RAM_LOCATION` build flag.
To use this feature, BL2 platform code must map in the DRAM used by
BL31. The macro ARM_MAP_BL31_SEC_DRAM is provided for this purpose.
Currently, only the FVP BL2 platform code maps in this DRAM.
Change-Id: If5f7cc9deb569cfe68353a174d4caa48acd78d67
Added a new platform porting function plat_panic_handler, to allow
platforms to handle unexpected error situations. It must be
implemented in assembly as it may be called before the C environment
is initialized. A default implementation is provided, which simply
spins.
Corrected all dead loops in generic code to call this function
instead. This includes the dead loop that occurs at the end of the
call to panic().
All unnecesary wfis from bl32/tsp/aarch64/tsp_exceptions.S have
been removed.
Change-Id: I67cb85f6112fa8e77bd62f5718efcef4173d8134
This patch adds big core ARMPLL control in system suspend flow.
Change-Id: I27a45dbbb360f17ff0b524a125630358ee2277e2
Signed-off-by: Louis Yu <louis.yu@mediatek.com>
Signed-off-by: Jimmy Huang <jimmy.huang@mediatek.com>
We no longer need to control power signal via gpio during system off,
thus remove gpio driver support from platform code.
Change-Id: I6dfec129fa163330951f37b45b71ba5b90355c3b
Signed-off-by: Jimmy Huang <jimmy.huang@mediatek.com>
MT8173 platform code is incompatible with RESET_TO_BL31, add #error
directive to prevent the case.
We also move mt8173_def.h and plat_private.h to include directory, and
remove some unnecessary code.
Change-Id: I47b8d0a506820a4ea1fbe8c8fb0ec6c68d88feb5
Signed-off-by: Jimmy Huang <jimmy.huang@mediatek.com>
This patch fixes inconsistencies in bl1_tbbr_image_descs[]
and miscellaneous fixes in Firmware Update code.
Following are the changes:
* As part of the original FWU changes, a `copied_size`
field was added to `image_info_t`. This was a subtle binary
compatibility break because it changed the size of the
`bl31_params_t` struct, which could cause problems if
somebody used different versions of BL2 or BL31, one with
the old `image_info_t` and one with the new version.
This patch put the `copied_size` within the `image_desc_t`.
* EXECUTABLE flag is now stored in `ep_info.h.attr` in place
of `image_info.h.attr`, associating it to an entrypoint.
* The `image_info.image_base` is only relevant for secure
images that are copied from non-secure memory into secure
memory. This patch removes initializing `image_base` for
non secure images in the bl1_tbbr_image_descs[].
* A new macro `SET_STATIC_PARAM_HEAD` is added for populating
bl1_tbbr_image_descs[].ep_info/image_info.h members statically.
The version, image_type and image attributes are now
populated using this new macro.
* Added PLAT_ARM_NVM_BASE and PLAT_ARM_NVM_SIZE to avoid direct
usage of V2M_FLASH0_XXX in plat/arm/common/arm_bl1_fwu.c.
* Refactoring of code/macros related to SECURE and EXECUTABLE flags.
NOTE: PLATFORM PORTS THAT RELY ON THE SIZE OF `image_info_t`
OR USE the "EXECUTABLE" BIT WITHIN `image_info_t.h.attr`
OR USE THEIR OWN `image_desc_t` ARRAY IN BL1, MAY BE
BROKEN BY THIS CHANGE. THIS IS CONSIDERED UNLIKELY.
Change-Id: Id4e5989af7bf0ed263d19d3751939da1169b561d
`board_arm_def.h` contains multiple definitions of
`PLAT_ARM_MMAP_ENTRIES` and `MAX_XLAT_TABLES` that are optimised for
memory usage depending upon the chosen build configuration. To ease
maintenance of these constants, this patch replaces their multiple
definitions with a single set of definitions that will work on all ARM
platforms.
Platforms can override the defaults with optimal values by enabling the
`ARM_BOARD_OPTIMISE_MMAP` build option. An example has been provided in
the Juno ADP port.
Additionally, `PLAT_ARM_MMAP_ENTRIES` is increased by one to accomodate
future ARM platforms.
Change-Id: I5ba6490fdd1e118cc9cc2d988ad7e9c38492b6f0
The common topology description helper funtions and macros for
ARM Standard platforms assumed a dual cluster system. This is not
flexible enough to scale to multi cluster platforms. This patch does
the following changes for more flexibility in defining topology:
1. The `plat_get_power_domain_tree_desc()` definition is moved from
`arm_topology.c` to platform specific files, that is `fvp_topology.c`
and `juno_topology.c`. Similarly the common definition of the porting
macro `PLATFORM_CORE_COUNT` in `arm_def.h` is moved to platform
specific `platform_def.h` header.
2. The ARM common layer porting macros which were dual cluster specific
are now removed and a new macro PLAT_ARM_CLUSTER_COUNT is introduced
which must be defined by each ARM standard platform.
3. A new mandatory ARM common layer porting API
`plat_arm_get_cluster_core_count()` is introduced to enable the common
implementation of `arm_check_mpidr()` to validate MPIDR.
4. For the FVP platforms, a new build option `FVP_NUM_CLUSTERS` has been
introduced which allows the user to specify the cluster count to be
used to build the topology tree within Trusted Firmare. This enables
Trusted Firmware to be built for multi cluster FVP models.
Change-Id: Ie7a2e38e5661fe2fdb2c8fdf5641d2b2614c2b6b
The shared memory region on ARM platforms contains the mailboxes and,
on Juno, the payload area for communication with the SCP. This shared
memory may be configured as normal memory or device memory at build
time by setting the platform flag 'PLAT_ARM_SHARED_RAM_CACHED' (on
Juno, the value of this flag is defined by 'MHU_PAYLOAD_CACHED').
When set as normal memory, the platform port performs the corresponding
cache maintenance operations. From a functional point of view, this is
the equivalent of setting the shared memory as device memory, so there
is no need to maintain both options.
This patch removes the option to specify the shared memory as normal
memory on ARM platforms. Shared memory is always treated as device
memory. Cache maintenance operations are no longer needed and have
been replaced by data memory barriers to guarantee that payload and
MHU are accessed in the right order.
Change-Id: I7f958621d6a536dd4f0fa8768385eedc4295e79f
All files including plat/mediatek/mt8173/drivers/gpio/gpio.h were
using system includes instead of user includes, which may cause the
wrong version of the header to be included. Said includes have been
changed to user includes to make sure that the included file is the
wanted one.
Change-Id: I29bdfe96fbd9a7900875e2357bbb43f3ea431fa5
ARM Trusted Firmware supports 2 different interconnect peripheral
drivers: CCI and CCN. ARM platforms are implemented using either of the
interconnect peripherals.
This patch adds a layer of abstraction to help ARM platform ports to
choose the right interconnect driver and corresponding platform support.
This is as described below:
1. A set of ARM common functions have been implemented to initialise an
interconnect and for entering/exiting a cluster from coherency. These
functions are prefixed as "plat_arm_interconnect_". Weak definitions of
these functions have been provided for each type of driver.
2.`plat_print_interconnect_regs` macro used for printing CCI registers is
moved from a common arm_macros.S to cci_macros.S.
3. The `ARM_CONFIG_HAS_CCI` flag used in `arm_config_flags` structure
is renamed to `ARM_CONFIG_HAS_INTERCONNECT`.
Change-Id: I02f31184fbf79b784175892d5ce1161b65a0066c
Current code mandates loading of SCP_BL2/SCP_BL2U images for all
CSS platforms. On future ARM CSS platforms, the Application
Processor (AP) might not need to load these images. So, these
items can be removed from the FIP on those platforms.
BL2 tries to load SCP_BL2/SCP_BL2U images if their base
addresses are defined causing boot error if the images are not
found in FIP.
This change adds a make flag `CSS_LOAD_SCP_IMAGES` which if set
to `1` does:
1. Adds SCP_BL2, SCP_BL2U images to FIP.
2. Defines the base addresses of these images so that AP loads
them.
And vice-versa if it is set to `0`. The default value is set to
`1`.
Change-Id: I5abfe22d5dc1e9d80d7809acefc87b42a462204a
Prior to this patch, it was assumed that on all ARM platforms the bare
minimal security setup required is to program TrustZone protection. This
would always be done by programming the TZC-400 which was assumed to be
present in all ARM platforms. The weak definition of
platform_arm_security_setup() in plat/arm/common/arm_security.c
reflected these assumptions.
In reality, each ARM platform either decides at runtime whether
TrustZone protection needs to be programmed (e.g. FVPs) or performs
some security setup in addition to programming TrustZone protection
(e.g. NIC setup on Juno). As a result, the weak definition of
plat_arm_security_setup() is always overridden.
When a platform needs to program TrustZone protection and implements the
TZC-400 peripheral, it uses the arm_tzc_setup() function to do so. It is
also possible to program TrustZone protection through other peripherals
that include a TrustZone controller e.g. DMC-500. The programmer's
interface is slightly different across these various peripherals.
In order to satisfy the above requirements, this patch makes the
following changes to the way security setup is done on ARM platforms.
1. arm_security.c retains the definition of arm_tzc_setup() and has been
renamed to arm_tzc400.c. This is to reflect the reliance on the
TZC-400 peripheral to perform TrustZone programming. The new file is
not automatically included in all platform ports through
arm_common.mk. Each platform must include it explicitly in a platform
specific makefile if needed.
This approach enables introduction of similar library code to program
TrustZone protection using a different peripheral. This code would be
used by the subset of ARM platforms that implement this peripheral.
2. Due to #1 above, existing platforms which implements the TZC-400 have been
updated to include the necessary files for both BL2, BL2U and BL31
images.
Change-Id: I513c58f7a19fff2e9e9c3b95721592095bcb2735
Current code assumes `SCP_COM_SHARED_MEM_BASE` as the base address
for BOM/SCPI protocol between AP<->SCP on all CSS platforms. To
cater for future ARM platforms this is made platform specific.
Similarly, the bit shifts of `SCP_BOOT_CONFIG_ADDR` are also made
platform specific.
Change-Id: Ie8866c167abf0229a37b3c72576917f085c142e8
Functions to configure the MMU in S-EL1 and EL3 on ARM platforms
expect each platform to export its memory map in the `plat_arm_mmap`
data structure. This approach does not scale well in case the memory
map cannot be determined until runtime. To cater for this possibility,
this patch introduces the plat_arm_get_mmap() API. It returns a
reference to the `plat_arm_mmap` by default but can be overridden
by a platform if required.
Change-Id: Idae6ad8fdf40cdddcd8b992abc188455fa047c74
Each ARM Compute Subsystem based platform implements a System Security
Control (SSC) Registers Unit. The SSC_VERSION register inside it carries
information to identify the platform. This enables ARM Trusted Firmware
to compile in support for multiple ARM platforms and choose one at
runtime. This patch adds macros to enable access to this register.
Each platform is expected to export its PART_NUMBER separately.
Additionally, it also adds juno part number.
Change-Id: I2b1d5f5b65a9c7b76c6f64480cc7cf0aef019422
This patch moves the definition of some macros used only on
ARM platforms from common headers to platform specific headers.
It also forces all ARM standard platforms to have distinct
definitions (even if they are usually the same).
1. `PLAT_ARM_TZC_BASE` and `PLAT_ARM_NSTIMER_FRAME_ID` have been
moved from `css_def.h` to `platform_def.h`.
2. `MHU_BASE` used in CSS platforms is moved from common css_def.h
to platform specific header `platform_def.h` on Juno and
renamed as `PLAT_ARM_MHU_BASE`.
3. To cater for different sizes of BL images, new macros like
`PLAT_ARM_MAX_BL31_SIZE` have been created for each BL image. All
ARM platforms need to define them for each image.
Change-Id: I9255448bddfad734b387922aa9e68d2117338c3f
Replaced a long dash in a comment by the ASCII character '-'. Support
for multibyte character in the source character set is not enforced by
the C99 standard. To maximize compatibility with C processing tools
(e.g. compilers or static code analysis tools), they should be removed.
Change-Id: Ie318e380d3b44755109f042a76ebfd2229f42ae3
The debug prints used to debug translation table setup in xlat_tables.c
used the `printf()` standard library function instead of the stack
optimized `tf_printf()` API. DEBUG_XLAT_TABLE option was used to enable
debug logs within xlat_tables.c and it configured a much larger stack
size for the platform in case it was enabled. This patch modifies these
debug prints within xlat_tables.c to use tf_printf() and modifies the format
specifiers to be compatible with tf_printf(). The debug prints are now enabled
if the VERBOSE prints are enabled in Trusted Firmware via LOG_LEVEL build
option.
The much larger stack size definition when DEBUG_XLAT_TABLE is defined
is no longer required and the platform ports are modified to remove this
stack size definition.
Change-Id: I2f7d77ea12a04b827fa15e2adc3125b1175e4c23
We found sometimes mtcmos operation is too long in spm (>1ms),
so update a new version to fix it.
I verified with 5 hours power_LoadTest, every mtcmos control
can finish in 500us (average is 100~200us).
Change-Id: I47b712bf9898870f4abcecbea47e01b9786231d4
Signed-off-by: Fan Chen <fan.chen@mediatek.com>
1. Set more wakeup source
2. Update PCM code for control logic
Change-Id: I2ad06bd85bd1c75a22c838eab4cf5566c443b89a
Signed-off-by: Weiyi Lu <weiyi.lu@mediatek.com>
1. Add SiP calls for subsystem power on/off and check support
2. Add subsystem power control related initialization in
bl31_plat_setup.c
3. Add subsystem power on/off and power ack waiting functions
4. Update PCM code for subsystem physical power control logic
Change-Id: Ia0ebb1964c8f9758159bcf17c1813d76ef52cf64
Signed-off-by: yt.lee <yt.lee@mediatek.com>
1. add power control for both big and Little cluster in MCDI
2. fix incorrect PCM_HOTPLUG_VALID_MASK in spm_hotplug.c
3. check the power status of cpus in cluster before setting the cputop
power control
Change-Id: Ifa85306a8bc218098667247904d281494c2f7bfe
Signed-off-by: Weiyi Lu <weiyi.lu@mediatek.com>
Move SPM related PLL settings to spm_boot_init in ARM TF SPM driver
Change-Id: I414b896caae072570c8de33a25e06db4ae011f57
Signed-off-by: yt.lee <yt.lee@mediatek.com>
This patch updates SPM driver settings and PCM code to fix USB remote
wake up problem.
Change-Id: I07a81cc64b1d226d111380580d09ae25879f4285
Signed-off-by: yt.lee <yt.lee@mediatek.com>
This patch enables dynamic clock management control to reduce power
consumption in various components.
Change-Id: I8f66d9b72c8b1d70169ffe46cc361b16a0dadb77
Signed-off-by: Jimmy Huang <jimmy.huang@mediatek.com>
The PL011 TRM (ARM DDI 0183G) specifies that the UART must be
disabled before any of the control registers are programmed. The
PL011 driver included in TF does not disable the UART, so the
initialization in BL2 and BL31 is violating this requirement
(and potentially in BL1 if the UART is enabled after reset).
This patch modifies the initialization function in the PL011
console driver to disable the UART before programming the
control registers.
Register clobber list and documentation updated.
FixesARM-software/tf-issues#300
Change-Id: I839b2d681d48b03f821ac53663a6a78e8b30a1a1
Currently, Trusted Firmware on ARM platforms unlocks access to the
timer frame registers that will be used by the Non-Secure world. This
unlock operation should be done by the Non-Secure software itself,
instead of relying on secure firmware settings.
This patch adds a new ARM specific build option 'ARM_CONFIG_CNTACR'
to unlock access to the timer frame by setting the corresponding
bits in the CNTACR<N> register. The frame id <N> is defined by
'PLAT_ARM_NSTIMER_FRAME_ID'. Default value is true (unlock timer
access).
Documentation updated accordingly.
FixesARM-software/tf-issues#170
Change-Id: Id9d606efd781e43bc581868cd2e5f9c8905bdbf6
Migrate all direct usage of __attribute__ to usage of their
corresponding macros from cdefs.h.
e.g.:
- __attribute__((unused)) -> __unused
Signed-off-by: Soren Brinkmann <soren.brinkmann@xilinx.com>
This patch enables the ARM Cortex-A72 support in BL1 and BL31 on FVP.
This allows the same TF binaries to run on a Cortex-A72 based FVP
without recompiling them.
Change-Id: I4eb6bbad9f0e5d8704613f7c685c3bd22b45cf47
This patch adds support for ARM Cortex-A35 processor in the CPU
specific framework, as described in the Cortex-A35 TRM (r0p0).
Change-Id: Ief930a0bdf6cd82f6cb1c3b106f591a71c883464
The fip_create tool specifies images in the command line using the
ARM TF naming convention (--bl2, --bl31, etc), while the cert_create
tool uses the TBBR convention (--tb-fw, --soc-fw, etc). This double
convention is confusing and should be aligned.
This patch updates the fip_create command line options to follow the
TBBR naming convention. Usage examples in the User Guide have been
also updated.
NOTE: users that build the FIP by calling the fip_create tool directly
from the command line must update the command line options in their
scripts. Users that build the FIP by invoking the main ARM TF Makefile
should not notice any difference.
Change-Id: I84d602630a2585e558d927b50dfde4dd2112496f
fvp_pwr_domain_on() used to program the CPUs mailbox. This changed
with commit 804040d10 but the comment documenting this code still
refers to the mailbox programming. This patch removes this out-dated
information.
Change-Id: Ibfe2a426bdda6e71f20c83a99cb223ceca9c559c
The current FWU_SMC_UPDATE_DONE implementation incorrectly passes
an unused framework cookie through to the 1st argument in the
platform function `bl1_plat_fwu_done`. The intent is to allow
the SMC caller to pass a cookie through to this function.
This patch fixes FWU_SMC_UPDATE_DONE to pass x1 from the caller
through to `bl1_plat_fwu_done`. The argument names are updated
for clarity.
Upstream platforms currently do not use this argument so no
impact is expected.
Change-Id: I107f4b51eb03e7394f66d9a534ffab1cbc09a9b2
This patch removes the dash character from the image name, to
follow the image terminology in the Trusted Firmware Wiki page:
https://github.com/ARM-software/arm-trusted-firmware/wiki
Changes apply to output messages, comments and documentation.
non-ARM platform files have been left unmodified.
Change-Id: Ic2a99be4ed929d52afbeb27ac765ceffce46ed76
This patch replaces all references to the SCP Firmware (BL0, BL30,
BL3-0, bl30) with the image terminology detailed in the TF wiki
(https://github.com/ARM-software/arm-trusted-firmware/wiki):
BL0 --> SCP_BL1
BL30, BL3-0 --> SCP_BL2
bl30 --> scp_bl2
This change affects code, documentation, build system, tools and
platform ports that load SCP firmware. ARM plaforms have been
updated to the new porting API.
IMPORTANT: build option to specify the SCP FW image has changed:
BL30 --> SCP_BL2
IMPORTANT: This patch breaks compatibility for platforms that use BL2
to load SCP firmware. Affected platforms must be updated as follows:
BL30_IMAGE_ID --> SCP_BL2_IMAGE_ID
BL30_BASE --> SCP_BL2_BASE
bl2_plat_get_bl30_meminfo() --> bl2_plat_get_scp_bl2_meminfo()
bl2_plat_handle_bl30() --> bl2_plat_handle_scp_bl2()
Change-Id: I24c4c1a4f0e4b9f17c9e4929da815c4069549e58
Firmware update feature needs a new FIP called `fwu_fip.bin` that
includes Secure(SCP_BL2U, BL2U) and Normal world(NS_BL2U) images
along with the FWU_CERT certificate in order for NS_BL1U to load
the images and help the Firmware update process to complete.
This patch adds the capability to support the new target `fwu_fip`
which includes above mentioned FWU images in the make files.
The new target of `fwu_fip` and its dependencies are included for
compilation only when `TRUSTED_BOARD_BOOT` is defined.
Change-Id: Ie780e3aac6cbd0edfaff3f9af96a2332bd69edbc
This patch adds support for Firmware update in BL2U for ARM
platforms such that TZC initialization is performed on all
ARM platforms and (optionally) transfer of SCP_BL2U image on
ARM CSS platforms.
BL2U specific functions are added to handle early_platform and
plat_arch setup. The MMU is configured to map in the BL2U
code/data area and other required memory.
Change-Id: I57863295a608cc06e6cbf078b7ce34cbd9733e4f
This patch adds Firmware Update support for ARM platforms.
New files arm_bl1_fwu.c and juno_bl1_setup.c were added to provide
platform specific Firmware update code.
BL1 now includes mmap entry for `ARM_MAP_NS_DRAM1` to map DRAM for
authenticating NS_BL2U image(For both FVP and JUNO platform).
Change-Id: Ie116cd83f5dc00aa53d904c2f1beb23d58926555
Firmware update(a.k.a FWU) feature is part of the TBB architecture.
BL1 is responsible for carrying out the FWU process if platform
specific code detects that it is needed.
This patch adds support for FWU feature support in BL1 which is
included by enabling `TRUSTED_BOARD_BOOT` compile time flag.
This patch adds bl1_fwu.c which contains all the core operations
of FWU, which are; SMC handler, image copy, authentication, execution
and resumption. It also adds bl1.h introducing #defines for all
BL1 SMCs.
Following platform porting functions are introduced:
int bl1_plat_mem_check(uintptr_t mem_base, unsigned int mem_size,
unsigned int flags);
This function can be used to add platform specific memory checks
for the provided base/size for the given security state.
The weak definition will invoke `assert()` and return -ENOMEM.
__dead2 void bl1_plat_fwu_done(void *cookie, void *reserved);
This function can be used to initiate platform specific procedure
to mark completion of the FWU process.
The weak definition waits forever calling `wfi()`.
plat_bl1_common.c contains weak definitions for above functions.
FWU process starts when platform detects it and return the image_id
other than BL2_IMAGE_ID by using `bl1_plat_get_next_image_id()` in
`bl1_main()`.
NOTE: User MUST provide platform specific real definition for
bl1_plat_mem_check() in order to use it for Firmware update.
Change-Id: Ice189a0885d9722d9e1dd03f76cac1aceb0e25ed
As of now BL1 loads and execute BL2 based on hard coded information
provided in BL1. But due to addition of support for upcoming Firmware
Update feature, BL1 now require more flexible approach to load and
run different images using information provided by the platform.
This patch adds new mechanism to load and execute images based on
platform provided image id's. BL1 now queries the platform to fetch
the image id of the next image to be loaded and executed. In order
to achieve this, a new struct image_desc_t was added which holds the
information about images, such as: ep_info and image_info.
This patch introduces following platform porting functions:
unsigned int bl1_plat_get_next_image_id(void);
This is used to identify the next image to be loaded
and executed by BL1.
struct image_desc *bl1_plat_get_image_desc(unsigned int image_id);
This is used to retrieve the image_desc for given image_id.
void bl1_plat_set_ep_info(unsigned int image_id,
struct entry_point_info *ep_info);
This function allows platforms to update ep_info for given
image_id.
The plat_bl1_common.c file provides default weak implementations of
all above functions, the `bl1_plat_get_image_desc()` always return
BL2 image descriptor, the `bl1_plat_get_next_image_id()` always return
BL2 image ID and `bl1_plat_set_ep_info()` is empty and just returns.
These functions gets compiled into all BL1 platforms by default.
Platform setup in BL1, using `bl1_platform_setup()`, is now done
_after_ the initialization of authentication module. This change
provides the opportunity to use authentication while doing the
platform setup in BL1.
In order to store secure/non-secure context, BL31 uses percpu_data[]
to store context pointer for each core. In case of BL1 only the
primary CPU will be active hence percpu_data[] is not required to
store the context pointer.
This patch introduce bl1_cpu_context[] and bl1_cpu_context_ptr[] to
store the context and context pointers respectively. It also also
re-defines cm_get_context() and cm_set_context() for BL1 in
bl1/bl1_context_mgmt.c.
BL1 now follows the BL31 pattern of using SP_EL0 for the C runtime
environment, to support resuming execution from a previously saved
context.
NOTE: THE `bl1_plat_set_bl2_ep_info()` PLATFORM PORTING FUNCTION IS
NO LONGER CALLED BY BL1 COMMON CODE. PLATFORMS THAT OVERRIDE
THIS FUNCTION MAY NEED TO IMPLEMENT `bl1_plat_set_ep_info()`
INSTEAD TO MAINTAIN EXISTING BEHAVIOUR.
Change-Id: Ieee4c124b951c2e9bc1c1013fa2073221195d881
This patch adds support for secure setup of the SoC on CSS
platforms in BL1.
This change is required to provide memory access to normal
world images that take part in upcoming Firmware Update feature.
Change-Id: Ib202fb6cb82622c1874b700637d82ea72575e6fe
This patch overrides the default weak definition of
`bl31_plat_runtime_setup()` for ARM Standard platforms to
specify a BL31 runtime console. ARM Standard platforms are
now expected to define `PLAT_ARM_BL31_RUN_UART_BASE` and
`PLAT_ARM_BL31_RUN_UART_CLK_IN_HZ` macros which is required
by `arm_bl31_plat_runtime_setup()` to initialize the runtime
console.
The system suspend resume helper `arm_system_pwr_domain_resume()`
is fixed to initialize the runtime console rather than the boot
console on resumption from system suspend.
FixesARM-software/tf-issues#220
Change-Id: I80eafe5b6adcfc7f1fdf8b99659aca1c64d96975
It is not ideal for BL31 to continue to use boot console at
runtime which could be potentially uninitialized. This patch
introduces a new optional platform porting API
`bl31_plat_runtime_setup()` which allows the platform to perform
any BL31 runtime setup just prior to BL31 exit during cold boot.
The default weak implementation of this function will invoke
`console_uninit()` which will suppress any BL31 runtime logs.
On the ARM Standard platforms, there is an anomaly that
the boot console will be reinitialized on resumption from
system suspend in `arm_system_pwr_domain_resume()`. This
will be resolved in the following patch.
NOTE: The default weak definition of `bl31_plat_runtime_setup()`
disables the BL31 console. To print the BL31 runtime
messages, platforms must override this API and initialize a
runtime console.
FixesARM-software/tf-issues#328
Change-Id: Ibaf8346fcceb447fe1a5674094c9f8eb4c09ac4a
The `plat/nvidia/tegra/include/tegra_private.h` file uses resources
from psci.h (for example, psci_power_state_t) but does not explicitly
include psci.h. This does not currently cause a problem since psci.h
is indirectly included via other headers. However, this may not be
the case in future.
This patch explicitly includes psci.h from tegra_private.h
Change-Id: Ia991147898dbd117c1d3496a95850995a5554c05
Suport for ARM GIC v2.0 and v3.0 drivers has been reworked to create three
separate drivers instead of providing a single driver that can work on both
versions of the GIC architecture. These drivers correspond to the following
software use cases:
1. A GICv2 only driver that can run only on ARM GIC v2.0 implementations
e.g. GIC-400
2. A GICv3 only driver that can run only on ARM GIC v3.0 implementations
e.g. GIC-500 in a mode where all interrupt regimes use GICv3 features
3. A deprecated GICv3 driver that operates in legacy mode. This driver can
operate only in the GICv2 mode in the secure world. On a GICv3 system, this
driver allows normal world to run in either GICv3 mode (asymmetric mode)
or in the GICv2 mode. Both modes of operation are deprecated on GICv3
systems.
ARM platforms implement both versions of the GIC architecture. This patch adds a
layer of abstraction to help ARM platform ports chose the right GIC driver and
corresponding platform support. This is as described below:
1. A set of ARM common functions have been introduced to initialise the GIC and
the driver during cold and warm boot. These functions are prefixed as
"plat_arm_gic_". Weak definitions of these functions have been provided for
each type of driver.
2. Each platform includes the sources that implement the right functions
directly into the its makefile. The FVP can be instantiated with different
versions of the GIC architecture. It uses the FVP_USE_GIC_DRIVER build option
to specify which of the three drivers should be included in the build.
3. A list of secure interrupts has to be provided to initialise each of the
three GIC drivers. For GIC v3.0 the interrupt ids have to be further
categorised as Group 0 and Group 1 Secure interrupts. For GIC v2.0, the two
types are merged and treated as Group 0 interrupts.
The two lists of interrupts are exported from the platform_def.h. The lists
are constructed by adding a list of board specific interrupt ids to a list of
ids common to all ARM platforms and Compute sub-systems.
This patch also makes some fields of `arm_config` data structure in FVP redundant
and these unused fields are removed.
Change-Id: Ibc8c087be7a8a6b041b78c2c3bd0c648cd2035d8
This patch adds platform helpers for the new GICv2 and GICv3 drivers in
plat_gicv2.c and plat_gicv3.c. The platforms can include the appropriate
file in their build according to the GIC driver to be used. The existing
plat_gic.c is only meant for the legacy GIC driver.
In the case of ARM platforms, the major changes are as follows:
1. The crash reporting helper macro `arm_print_gic_regs` that prints the GIC CPU
interface register values has been modified to detect the type of CPU
interface being used (System register or memory mappped interface) before
using the right interface to print the registers.
2. The power management helper function that is called after a core is powered
up has been further refactored. This is to highlight that the per-cpu
distributor interface should be initialised only when the core was originally
powered down using the CPU_OFF PSCI API and not when the CPU_SUSPEND PSCI API
was used.
3. In the case of CSS platforms, the system power domain restore helper
`arm_system_pwr_domain_resume()` is now only invoked in the `suspend_finish`
handler as the system power domain is always expected to be initialized when
the `on_finish` handler is invoked.
Change-Id: I7fc27d61fc6c2a60cea2436b676c5737d0257df6
This patch modifies the Tegra port to support the new platform
APIs so that we can disable the compat layer. This includes
modifications to the power management and platform topology code.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch fixes several issues with the SP804 delay timer on FVP:
* By default, the SP804 dual timer on FVP runs at 32 KHz. In order
to run the timer at 35 MHz (as specified in the FVP user manual)
the Overwrite bit in the SP810 control register must be set.
* The CLKMULT and CLKDIV definitions are mixed up:
delta(us) = delta(ticks) * T(us) = delta(ticks) / f(MHz)
From the delay function:
delta_us = (delta * ops->clk_mult) / ops->clk_div;
Matching both expressions:
1 / f(MHz) = ops->clk_mult / ops->clk_div
And consequently:
f(MHz) = ops->clk_div / ops->clk_mult
Which, for a 35 MHz timer, translates to:
ops->clk_div = 35
ops->clk_mult = 1
* The comment in the delay timer header file has been corrected:
The ratio of the multiplier and the divider is the clock period
in microseconds, not the frequency.
Change-Id: Iffd5ce0a5a28fa47c0720c0336d81b678ff8fdf1
This patch adds watchdog support on ARM platforms (FVP and Juno).
A secure instance of SP805 is used as Trusted Watchdog. It is
entirely managed in BL1, being enabled in the early platform setup
hook and disabled in the exit hook. By default, the watchdog is
enabled in every build (even when TBB is disabled).
A new ARM platform specific build option `ARM_DISABLE_TRUSTED_WDOG`
has been introduced to allow the user to disable the watchdog at
build time. This feature may be used for testing or debugging
purposes.
Specific error handlers for Juno and FVP are also provided in this
patch. These handlers will be called after an image load or
authentication error. On FVP, the Table of Contents (ToC) in the FIP
is erased. On Juno, the corresponding error code is stored in the
V2M Non-Volatile flags register. In both cases, the CPU spins until
a watchdog reset is generated after 256 seconds (as specified in
the TBBR document).
Change-Id: I9ca11dcb0fe15af5dbc5407ab3cf05add962f4b4
FVP and Juno platforms include a NOR flash memory to store and
load the FIP, the kernel or a ramdisk. This NOR flash is arranged
as 2 x 16 bit flash devices and can be programmed using CFI
standard commands.
This patch provides a basic API to write single 32 bit words of
data into the NOR flash. Functions to lock/unlock blocks against
erase or write operations are also provided.
Change-Id: I1da7ad3105b1ea409c976adc863954787cbd90d2
Normally, in the FVP port, secondary CPUs are immediately powered
down if they are powered on at reset. However, when booting an EL3
payload, we need to keep them powered on as the requirement is for
all CPUs to enter the EL3 payload image. This patch puts them in a
holding pen instead of powering them off.
Change-Id: I6526a88b907a0ddb820bead72f1d350a99b1692c
By default, only the primary CPU is powered on by SCP on CSS
platforms. Secondary CPUs are then powered on later using PSCI
calls.
However, it is possible to power on more than one CPU at boot time
using platform specific settings. In this case, several CPUs will
enter the Trusted Firmware and execute the cold boot path code.
This is currently not supported and secondary CPUs will panic.
This patch preserves this behaviour in the normal boot flow.
However, when booting an EL3 payload, secondary CPUs are now held in
a pen until their mailbox is populated, at which point they jump to
this address. Note that, since all CPUs share the same mailbox, they
will all be released from their holding pen at the same time and the
EL3 payload is responsible to arbitrate execution between CPUs if
required.
Change-Id: I83737e0c9f15ca5e73afbed2e9c761bc580735b9
This patch adds support for booting EL3 payloads on CSS platforms,
for example Juno. In this scenario, the Trusted Firmware follows
its normal boot flow up to the point where it would normally pass
control to the BL31 image. At this point, it jumps to the EL3
payload entry point address instead.
Before handing over to the EL3 payload, the data SCP writes for AP
at the beginning of the Trusted SRAM is restored, i.e. we zero the
first 128 bytes and restore the SCP Boot configuration. The latter
is saved before transferring the BL30 image to SCP and is restored
just after the transfer (in BL2). The goal is to make it appear that
the EL3 payload is the first piece of software to run on the target.
The BL31 entrypoint info structure is updated to make the primary
CPU jump to the EL3 payload instead of the BL31 image.
The mailbox is populated with the EL3 payload entrypoint address,
which releases the secondary CPUs out of their holding pen (if the
SCP has powered them on). The arm_program_trusted_mailbox() function
has been exported for this purpose.
The TZC-400 configuration in BL2 is simplified: it grants secure
access only to the whole DRAM. Other security initialization is
unchanged.
This alternative boot flow is disabled by default. A new build option
EL3_PAYLOAD_BASE has been introduced to enable it and provide the EL3
payload's entry point address. The build system has been modified
such that BL31 and BL33 are not compiled and/or not put in the FIP in
this case, as those images are not used in this boot flow.
Change-Id: Id2e26fa57988bbc32323a0effd022ab42f5b5077
This patch modifies the prototype of the bl1_plat_prepare_exit()
platform API to pass the address of the entry point info structure
received from BL2. The structure contains information that can be
useful, depending on the kind of clean up or bookkeeping operations
to perform.
The weak implementation of this function ignores this argument to
preserve platform backwards compatibility.
NOTE: THIS PATCH MAY BREAK PLATFORM PORTS THAT ARE RELYING ON THE
FORMER PROTOTYPE OF THE BL1_PLAT_PREPARE_EXIT() API.
Change-Id: I3fc18f637de06c85719c4ee84c85d6a4572a0fdb
This patch renames the tegra_fc_cpu_idle() function to a more appropriate
tegra_fc_cpu_powerdn() to better reflect its usage.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The default reset values for the L2 Data & Tag RAM latencies on the
Cortex-A72 on Juno R2 are not suitable. This patch modifies
the Juno platform reset handler to configure the right settings
on Juno R2.
Change-Id: I20953de7ba0619324a389e0b7bbf951b64057db8
This patch splits the Juno reset handler in 4 distinct pieces:
- Detection of the board revision;
- Juno R0 specific handler;
- Juno R1 specific handler;
- Juno R2 specific handler.
Depending on the board revision, the appropriate handler is called.
This makes the code easier to understand and maintain.
This patch is mainly cosmetic. The only functional change introduced
is that the Juno platform reset handler will now spin infinitely if
the board revision is not recognised. Previously, it would have
assumed that it was running on Juno R1 in this case.
Change-Id: I54ed77c4665085ead9d1573316c9c884d7d3ffa0
BL2 is responsible for loading BL32 and passing a pointer to the
BL32 entrypoint info to BL31 in the BL31 parameters. If no BL32
image is loaded, a NULL pointer is passed. The platform is
responsible for accessing BL31 parameters and extracting the
corresponding BL32 EP info.
In ARM platforms, arm_bl31_early_platform_setup() dereferences the
pointer to the BL32 EP info without checking first if the pointer
is NULL. This will cause an exception if a BL32 entrypoint has not
been populated by BL2. FVP and Juno are not affected because they
always define BL32_BASE, irrespective of whether a BL32 image is
included in the FIP or not.
This patches fixes the issue by checking the BL32 ep_info pointer
before trying to access the data.
If `RESET_TO_BL31` is enabled, the BL32 entrypoint is not
populated if BL32_BASE is not defined.
NOTE: Maintainers of partner platforms should check for this issue
in their ports.
FixesARM-software/tf-issues#320
Change-Id: I31456155503f2765766e8b7cd30ab4a40958fb96
This patch adds a per-soc system reset handler for Tegra chips. The
handler gets executed before the actual system resets. This allows
for custom handling of the system reset sequence on each SoC.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Cortex-A72 library support is now compiled into the Juno platform port to go
with the existing A53/A57 support. This enables a single set of Juno TF
binaries to run on Juno R0, R1 and R2 boards.
Change-Id: I4a601dc4f671e98bdb19d98bbb66f02f0d8b7fc7
Patch 7e26fe1f deprecates IO specific return definitions in favour
of standard errno codes. This patch removes those definitions
and its usage from the IO framework, IO drivers and IO platform
layer. Following this patch, standard errno codes must be used
when checking the return value of an IO function.
Change-Id: Id6e0e9d0a7daf15a81ec598cf74de83d5768650f
This patch adds the capability to power down at system power domain level
on Juno via the PSCI SYSTEM SUSPEND API. The CSS power management helpers
are modified to add support for power management operations at system
power domain level. A new helper for populating `get_sys_suspend_power_state`
handler in plat_psci_ops is defined. On entering the system suspend state,
the SCP powers down the SYSTOP power domain on the SoC and puts the memory
into retention mode. On wakeup from the power down, the system components
on the CSS will be reinitialized by the platform layer and the PSCI client
is responsible for restoring the context of these system components.
According to PSCI Specification, interrupts targeted to cores in PSCI CPU
SUSPEND should be able to resume it. On Juno, when the system power domain
is suspended, the GIC is also powered down. The SCP resumes the final core
to be suspend when an external wake-up event is received. But the other
cores cannot be woken up by a targeted interrupt, because GIC doesn't
forward these interrupts to the SCP. Due to this hardware limitation,
we down-grade PSCI CPU SUSPEND requests targeted to the system power domain
level to cluster power domain level in `juno_validate_power_state()`
and the CSS default `plat_arm_psci_ops` is overridden in juno_pm.c.
A system power domain resume helper `arm_system_pwr_domain_resume()` is
defined for ARM standard platforms which resumes/re-initializes the
system components on wakeup from system suspend. The security setup also
needs to be done on resume from system suspend, which means
`plat_arm_security_setup()` must now be included in the BL3-1 image in
addition to previous BL images if system suspend need to be supported.
Change-Id: Ie293f75f09bad24223af47ab6c6e1268f77bcc47
This patch implements the necessary topology changes for supporting
system power domain on CSS platforms. The definition of PLAT_MAX_PWR_LVL and
PLAT_NUM_PWR_DOMAINS macros are removed from arm_def.h and are made platform
specific. In addition, the `arm_power_domain_tree_desc[]` and
`arm_pm_idle_states[]` are modified to support the system power domain
at level 2. With this patch, even though the power management operations
involving the system power domain will not return any error, the platform
layer will silently ignore any operations to the power domain. The actual
power management support for the system power domain will be added later.
Change-Id: I791867eded5156754fe898f9cdc6bba361e5a379
This patch adds an optional API to the platform port:
void plat_error_handler(int err) __dead2;
The platform error handler is called when there is a specific error
condition after which Trusted Firmware cannot continue. While panic()
simply prints the crash report (if enabled) and spins, the platform
error handler can be used to hand control over to the platform port
so it can perform specific bookeeping or post-error actions (for
example, reset the system). This function must not return.
The parameter indicates the type of error using standard codes from
errno.h. Possible errors reported by the generic code are:
-EAUTH : a certificate or image could not be authenticated
(when Trusted Board Boot is enabled)
-ENOENT : the requested image or certificate could not be found
or an IO error was detected
-ENOMEM : resources exhausted. Trusted Firmware does not use
dynamic memory, so this error is usually an indication
of an incorrect array size
A default weak implementation of this function has been provided.
It simply implements an infinite loop.
Change-Id: Iffaf9eee82d037da6caa43b3aed51df555e597a3
This patch is a complete rework of the main Makefile. Functionality
remains the same but the code has been reorganized in sections in
order to improve readability and facilitate adding future extensions.
A new file 'build_macros.mk' has been created and will contain common
definitions (variables, macros, etc) that may be used from the main
Makefile and other platform specific makefiles.
A new macro 'FIP_ADD_IMG' has been introduced and it will allow the
platform to specify binary images and the necessary checks for a
successful build. Platforms that require a BL30 image no longer need
to specify the NEED_BL30 option. The main Makefile is now completely
unaware of additional images not built as part of Trusted Firmware,
like BL30. It is the platform responsibility to specify images using
the macro 'FIP_ADD_IMG'. Juno uses this macro to include the BL30
image in the build.
BL33 image is specified in the main Makefile to preserve backward
compatibility with the NEED_BL33 option. Otherwise, platform ports
that rely on the definition of NEED_BL33 might break.
All Trusted Board Boot related definitions have been moved to a
separate file 'tbbr_tools.mk'. The main Makefile will include this
file unless the platform indicates otherwise by setting the variable
'INCLUDE_TBBR_MK := 0' in the corresponding platform.mk file. This
will keep backward compatibility but ideally each platform should
include the corresponding TBB .mk file in platform.mk.
Change-Id: I35e7bc9930d38132412e950e20aa2a01e2b26801
Currently all ARM CSS platforms which include css_helpers.S use the same
strong definition of `plat_arm_calc_core_pos`. This patch allows these CSS
platforms to define their own strong definition of this function.
* Replace the strong definition of `plat_arm_calc_core_pos` in
css_helpers.S with a utility function `css_calc_core_pos_swap_cluster`
does the same thing (swaps cluster IDs). ARM CSS platforms may choose
to use this function or not.
* Add a Juno strong definition of `plat_arm_calc_core_pos`, which uses
`css_calc_core_pos_swap_cluster`.
Change-Id: Ib5385ed10e44adf6cd1398a93c25973eb3506d9d
This patch adds an optional API to the platform port:
void bl1_plat_prepare_exit(void);
This function is called prior to exiting BL1 in response to the
RUN_IMAGE_SMC request raised by BL2. It should be used to perform
platform specific clean up or bookkeeping operations before
transferring control to the next image.
A weak empty definition of this function has been provided to
preserve platform backwards compatibility.
Change-Id: Iec09697de5c449ae84601403795cdb6aca166ba1
This patch does the following reorganization to psci power management (PM)
handler setup for ARM standard platform ports :
1. The mailbox programming required during `plat_setup_psci_ops()` is identical
for all ARM platforms. Hence the implementation of this API is now moved
to the common `arm_pm.c` file. Each ARM platform now must define the
PLAT_ARM_TRUSTED_MAILBOX_BASE macro, which in current platforms is the same
as ARM_SHARED_RAM_BASE.
2. The PSCI PM handler callback structure, `plat_psci_ops`, must now be
exported via `plat_arm_psci_pm_ops`. This allows the common implementation
of `plat_setup_psci_ops()` to return a platform specific `plat_psci_ops`.
In the case of CSS platforms, a default weak implementation of the same is
provided in `css_pm.c` which can be overridden by each CSS platform.
3. For CSS platforms, the PSCI PM handlers defined in `css_pm.c` are now
made library functions and a new header file `css_pm.h` is added to export
these generic PM handlers. This allows the platform to reuse the
adequate CSS PM handlers and redefine others which need to be customized
when overriding the default `plat_arm_psci_pm_ops` in `css_pm.c`.
Change-Id: I277910f609e023ee5d5ff0129a80ecfce4356ede
This patch fixes the relative path to the 'bl1_private.h' header file
included from 'arm_bl1_setup.c'. Note that, although the path was
incorrect, it wasn't causing a compilation error because the header
file still got included through an alternative include search path.
Change-Id: I28e4f3dbe50e3550ca6cad186502c88a9fb5e260
This patch adds a device driver which can be used to program the following
aspects of ARM CCN IP:
1. Specify the mapping between ACE/ACELite/ACELite+DVM/CHI master interfaces and
Request nodes.
2. Add and remove master interfaces from the snoop and dvm
domains.
3. Place the L3 cache in a given power state.
4. Configuring system adress map and enabling 3 SN striping mode of memory
controller operation.
Change-Id: I0f665c6a306938e5b66f6a92f8549b529aa8f325
Currently, the non-overlapping video memory carveout region is cleared after
disabling the MMU at EL3. If at any exception level the carveout region is being
marked as cacheable, this zeroing of memory will not have an affect on the
cached lines. Hence, we first invalidate the dirty lines and update the memory
and invalidate again so that both caches and memory is zeroed out.
Change-Id: If3b2d139ab7227f6799c0911d59e079849dc86aa
This patch corrects the watchdog register setting. To update watchdog
register, the watchdog mode key must be set to make the register
configurable.
Change-Id: I9ca98ea4012f7f220b116013461030de4638ce0b
Signed-off-by: Jimmy Huang <jimmy.huang@mediatek.com>
This patch update Mediatek port to use the `DEFINE_BAKERY_LOCK` macro instead of
specifying the exact data structure to use for a bakery lock and the input
linker section that it should be allocated to.
Change-Id: I2116dbe27010bb46d7cc64fafef55c7240c4c721
Currently, on ARM platforms(ex. Juno) non-secure access to specific
peripheral regions, config registers which are inside and outside CSS
is done in the soc_css_security_setup(). This patch separates the CSS
security setup from the SOC security setup in the css_security_setup().
The CSS security setup involves programming of the internal NIC to
provide access to regions inside the CSS. This is needed only in
Juno, hence Juno implements it in its board files as css_init_nic400().
Change-Id: I95a1fb9f13f9b18fa8e915eb4ae2f15264f1b060
On Juno and FVP platforms, the Non-Secure System timer corresponds
to frame 1. However, this is a platform-specific decision and it
shouldn't be hard-coded. Hence, this patch introduces
PLAT_ARM_NSTIMER_FRAME_ID which should be used by all ARM platforms
to specify the correct non-secure timer frame.
Change-Id: I6c3a905d7d89200a2f58c20ce5d1e1d166832bba
This patch replaces the `ARM_TZC_BASE` constant with `PLAT_ARM_TZC_BASE` to
support different TrustZone Controller base addresses across ARM platforms.
Change-Id: Ie4e1c7600fd7a5875323c7cc35e067de0c6ef6dd
ARM TF configures all interrupts as non-secure except those which
are present in irq_sec_array. This patch updates the irq_sec_array
with the missing secure interrupts for ARM platforms.
It also updates the documentation to be inline with the latest
implementation.
FixesARM-software/tf-issues#312
Change-Id: I39956c56a319086e3929d1fa89030b4ec4b01fcc
The previous logic in the memctrl driver was not catering to cases
where the new memory region lied inside the older region. This patch
fixes the if/elseif/elseif logic in the driver to take care of this
case.
Reported by: Vikram Kanigiri <vikram.kanigiri@arm.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch programs the CPUECTLR_EL1 and L2ECTLR_EL1 registers,
so that the core waits for 512 generic timer CNTVALUEB ticks before
entering retention state, after executing a WFI instruction.
This functionality is configurable and can be enabled for platforms
by setting the newly defined 'ENABLE_L2_DYNAMIC_RETENTION' and
'ENABLE_CPU_DYNAMIC_RETENTION' flag.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Use constant macro defined in platform_def.h to replace hardcoded value.
This patch fix following assert in new psci-1.0 framework.
ASSERT: populate_power_domain_tree <183> : j == PLATFORM_CORE_COUNT
Change-Id: I9b7eda525479464a8c3805b6fe14ffb10debaf72
Signed-off-by: Jimmy Huang <jimmy.huang@mediatek.com>
1. SEJ should not be one of the wake up sources
BUG=chrome-os-partner:38426
TEST=powerd_dbus_suspend
Change-Id: If8f3f19a885e66d7c10b472c2e3182a5affa4773
Signed-off-by: kenny liang <kenny.liang@mediatek.com>
This patch adds the necessary documentation updates to porting_guide.md
for the changes in the platform interface mandated as a result of the new
PSCI Topology and power state management frameworks. It also adds a
new document `platform-migration-guide.md` to aid the migration of existing
platform ports to the new API.
The patch fixes the implementation and callers of
plat_is_my_cpu_primary() to use w0 as the return parameter as implied by
the function signature rather than x0 which was used previously.
Change-Id: Ic11e73019188c8ba2bd64c47e1729ff5acdcdd5b
This patch implements the platform power managment handler to verify
non secure entrypoint for ARM platforms. The handler ensures that the
entry point specified by the normal world during CPU_SUSPEND, CPU_ON
or SYSTEM_SUSPEND PSCI API is a valid address within the non secure
DRAM.
Change-Id: I4795452df99f67a24682b22f0e0967175c1de429
Now that the FVP mailbox is no longer zeroed, the function
platform_mem_init() does nothing both on FVP and on Juno. Therefore,
this patch pools it as the default implementation on ARM platforms.
Change-Id: I007220f4531f15e8b602c3368a1129a5e3a38d91
Since there is a unique warm reset entry point, the FVP and Juno
port can use a single mailbox instead of maintaining one per core.
The mailbox gets programmed only once when plat_setup_psci_ops()
is invoked during PSCI initialization. This means mailbox is not
zeroed out during wakeup.
Change-Id: Ieba032a90b43650f970f197340ebb0ce5548d432
This patch adds support to the Juno and FVP ports for composite power states
with both the original and extended state-id power-state formats. Both the
platform ports use the recommended state-id encoding as specified in
Section 6.5 of the PSCI specification (ARM DEN 0022C). The platform build flag
ARM_RECOM_STATE_ID_ENC is used to include this support.
By default, to maintain backwards compatibility, the original power state
parameter format is used and the state-id field is expected to be zero.
Change-Id: Ie721b961957eaecaca5bf417a30952fe0627ef10
This patch migrates ARM reference platforms, Juno and FVP, to the new platform
API mandated by the new PSCI power domain topology and composite power state
frameworks. The platform specific makefiles now exports the build flag
ENABLE_PLAT_COMPAT=0 to disable the platform compatibility layer.
Change-Id: I3040ed7cce446fc66facaee9c67cb54a8cd7ca29
This patch defines deprecated platform APIs to enable Trusted
Firmware components like Secure Payload and their dispatchers(SPD)
to continue to build and run when platform compatibility is disabled.
This decouples the migration of platform ports to the new platform API
from SPD and enables them to be migrated independently. The deprecated
platform APIs defined in this patch are : platform_get_core_pos(),
platform_get_stack() and platform_set_stack().
The patch also deprecates MPIDR based context management helpers like
cm_get_context_by_mpidr(), cm_set_context_by_mpidr() and cm_init_context().
A mechanism to deprecate APIs and identify callers of these APIs during
build is introduced, which is controlled by the build flag WARN_DEPRECATED.
If WARN_DEPRECATED is defined to 1, the users of the deprecated APIs will be
flagged either as a link error for assembly files or compile time warning
for C files during build.
Change-Id: Ib72c7d5dc956e1a74d2294a939205b200f055613
This commit does the switch to the new PSCI framework implementation replacing
the existing files in PSCI folder with the ones in PSCI1.0 folder. The
corresponding makefiles are modified as required for the new implementation.
The platform.h header file is also is switched to the new one
as required by the new frameworks. The build flag ENABLE_PLAT_COMPAT defaults
to 1 to enable compatibility layer which let the existing platform ports to
continue to build and run with minimal changes.
The default weak implementation of platform_get_core_pos() is now removed from
platform_helpers.S and is provided by the compatibility layer.
Note: The Secure Payloads and their dispatchers still use the old platform
and framework APIs and hence it is expected that the ENABLE_PLAT_COMPAT build
flag will remain enabled in subsequent patch. The compatibility for SPDs using
the older APIs on platforms migrated to the new APIs will be added in the
following patch.
Change-Id: I18c51b3a085b564aa05fdd98d11c9f3335712719
The new PSCI topology framework and PSCI extended State framework introduces
a breaking change in the platform port APIs. To ease the migration of the
platform ports to the new porting interface, a compatibility layer is
introduced which essentially defines the new platform API in terms of the
old API. The old PSCI helpers to retrieve the power-state, its associated
fields and the highest coordinated physical OFF affinity level of a core
are also implemented for compatibility. This allows the existing
platform ports to work with the new PSCI framework without significant
rework. This layer will be enabled by default once the switch to the new
PSCI framework is done and is controlled by the build flag ENABLE_PLAT_COMPAT.
Change-Id: I4b17cac3a4f3375910a36dba6b03d8f1700d07e3
The state-id field in the power-state parameter of a CPU_SUSPEND call can be
used to describe composite power states specific to a platform. The current PSCI
implementation does not interpret the state-id field. It relies on the target
power level and the state type fields in the power-state parameter to perform
state coordination and power management operations. The framework introduced
in this patch allows the PSCI implementation to intepret generic global states
like RUN, RETENTION or OFF from the State-ID to make global state coordination
decisions and reduce the complexity of platform ports. It adds support to
involve the platform in state coordination which facilitates the use of
composite power states and improves the support for entering standby states
at multiple power domains.
The patch also includes support for extended state-id format for the power
state parameter as specified by PSCIv1.0.
The PSCI implementation now defines a generic representation of the power-state
parameter. It depends on the platform port to convert the power-state parameter
(possibly encoding a composite power state) passed in a CPU_SUSPEND call to this
representation via the `validate_power_state()` plat_psci_ops handler. It is an
array where each index corresponds to a power level. Each entry contains the
local power state the power domain at that power level could enter.
The meaning of the local power state values is platform defined, and may vary
between levels in a single platform. The PSCI implementation constrains the
values only so that it can classify the state as RUN, RETENTION or OFF as
required by the specification:
* zero means RUN
* all OFF state values at all levels must be higher than all RETENTION
state values at all levels
* the platform provides PLAT_MAX_RET_STATE and PLAT_MAX_OFF_STATE values
to the framework
The platform also must define the macros PLAT_MAX_RET_STATE and
PLAT_MAX_OFF_STATE which lets the PSCI implementation find out which power
domains have been requested to enter a retention or power down state. The PSCI
implementation does not interpret the local power states defined by the
platform. The only constraint is that the PLAT_MAX_RET_STATE <
PLAT_MAX_OFF_STATE.
For a power domain tree, the generic implementation maintains an array of local
power states. These are the states requested for each power domain by all the
cores contained within the domain. During a request to place multiple power
domains in a low power state, the platform is passed an array of requested
power-states for each power domain through the plat_get_target_pwr_state()
API. It coordinates amongst these states to determine a target local power
state for the power domain. A default weak implementation of this API is
provided in the platform layer which returns the minimum of the requested
power-states back to the PSCI state coordination.
Finally, the plat_psci_ops power management handlers are passed the target
local power states for each affected power domain using the generic
representation described above. The platform executes operations specific to
these target states.
The platform power management handler for placing a power domain in a standby
state (plat_pm_ops_t.pwr_domain_standby()) is now only used as a fast path for
placing a core power domain into a standby or retention state should now be
used to only place the core power domain in a standby or retention state.
The extended state-id power state format can be enabled by setting the
build flag PSCI_EXTENDED_STATE_ID=1 and it is disabled by default.
Change-Id: I9d4123d97e179529802c1f589baaa4101759d80c
This patch introduces new platform APIs and context management helper APIs
to support the new topology framework based on linear core position. This
framework will be introduced in the follwoing patch and it removes the
assumption that the MPIDR based affinity levels map directly to levels
in a power domain tree. The new platforms APIs and context management
helpers based on core position are as described below:
* plat_my_core_pos() and plat_core_pos_by_mpidr()
These 2 new mandatory platform APIs are meant to replace the existing
'platform_get_core_pos()' API. The 'plat_my_core_pos()' API returns the
linear index of the calling core and 'plat_core_pos_by_mpidr()' returns
the linear index of a core specified by its MPIDR. The latter API will also
validate the MPIDR passed as an argument and will return an error code (-1)
if an invalid MPIDR is passed as the argument. This enables the caller to
safely convert an MPIDR of another core to its linear index without querying
the PSCI topology tree e.g. during a call to PSCI CPU_ON.
Since the 'plat_core_pos_by_mpidr()' API verifies an MPIDR, which is always
platform specific, it is no longer possible to maintain a default implementation
of this API. Also it might not be possible for a platform port to verify an
MPIDR before the C runtime has been setup or the topology has been initialized.
This would prevent 'plat_core_pos_by_mpidr()' from being callable prior to
topology setup. As a result, the generic Trusted Firmware code does not call
this API before the topology setup has been done.
The 'plat_my_core_pos' API should be able to run without a C runtime.
Since this API needs to return a core position which is equal to the one
returned by 'plat_core_pos_by_mpidr()' API for the corresponding MPIDR,
this too cannot have default implementation and is a mandatory API for
platform ports. These APIs will be implemented by the ARM reference platform
ports later in the patch stack.
* plat_get_my_stack() and plat_set_my_stack()
These APIs are the stack management APIs which set/return stack addresses
appropriate for the calling core. These replace the 'platform_get_stack()' and
'platform_set_stack()' APIs. A default weak MP version and a global UP version
of these APIs are provided for the platforms.
* Context management helpers based on linear core position
A set of new context management(CM) helpers viz cm_get_context_by_index(),
cm_set_context_by_index(), cm_init_my_context() and cm_init_context_by_index()
are defined which are meant to replace the old helpers which took MPIDR
as argument. The old CM helpers are implemented based on the new helpers to
allow for code consolidation and will be deprecated once the switch to the new
framework is done.
Change-Id: I89758632b370c2812973a4b2efdd9b81a41f9b69
On Tegra SoCs, the TZDRAM contains the BL31 and BL32 images. This patch
uses only the actual memory available for BL31 instead of mapping the
entire TZDRAM.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The TZDRAM base on the reference platform has been bumped up due to
some BL2 memory cleanup. Platforms can also use a different TZDRAM
base by setting TZDRAM_BASE=<value> in the build command line.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch removes the bootargs pointer from the platform params
structure. Instead the bootargs are passed by the BL2 in the
bl32_ep_info struct which is a part of the EL3 params struct.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The Memory Select Switch Controller routes any CPU transactions to
the appropriate slave depending on the transaction address. During
system suspend, it loses all config settings and hence the CPU has
to restore them during resume.
This patch restores the controller's settings for enabling WRAP to
INCR burst type conversions on the master ports, for any incoming
requests from the AXI slave ports.
Tested by performing multiple system suspend cycles.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch modifies the 'BUILD_PLAT' makefile variable to point to the soc
specific build directory in order to allow each Tegra soc to have its own
build directory. This way we can keep the build outputs separate and can
keep multiple soc specific builds alive at the same time.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch implements support for T132 (Denver CPU) based Tegra
platforms.
The following features have been added:
* SiP calls to switch T132 CPU's AARCH mode
* Complete PSCI support, including 'System Suspend'
* Platform specific MMIO settings
* Locking of CPU vector registers
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The validate_power_state() handler checks the power_state for a valid afflvl
and state id. Although the afflvl check is common, the state ids are implementation
defined.
This patch moves the handler to the tegra/soc folder to allow each SoC to validate
the power_state for supported parameters.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch moves the inclusion of CPU code (A53, A57) to T210's
makefile. This way we can reduce code size for Tegra platforms by
including only the required CPU files.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
A new config, ENABLE_NS_L2_CPUECTRL_RW_ACCESS, allows Tegra platforms to
enable read/write access to the L2 and CPUECTRL registers. T210 is the
only platform that needs to enable this config for now.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch locks access to the PMC registers which hold the CPU reset
vector addresses. The PMC registers are used by the warmboot code and
must be locked during boot/resume to avoid booting into custom firmware
installed by unknown parties e.g. hackers.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The PMC Scratch22 register contains the CPU reset vector to
be used by the warmboot code to power up the CPU while resuming
from system suspend. This patch locks this PMC register to avoid
any further writes.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch checks if the target CPU is already online before
proceeding with it's power ON sequence.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch de-asserts the CPU reset signals for each CPU as
part of it's power on sequence. This is needed to get rid of
the wait in BPMP firmware during SC7 exit.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch fixes the delay loop used to wake up the BPMP during SC7 exit.
The earlier loop would fail just when the timer was about to wrap-around
(e.g. when TEGRA_TMRUS_BASE is 0xfffffffe, the target value becomes 0,
which would cause the loop to exit before it's expiry).
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch introduces the backend required for implementing the delay
timer API. Tegra has an on-chip free flowing us timer which can be
used as the delay timer.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch sets the 'USE_COHERENT_MEM' flag to '0', so that the
coherent memory region will not be included in the memory map.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch implements the get_sys_suspend_power_state() handler required by
the PSCI SYSTEM_SUSPEND API. The intent of this handler is to return the
appropriate State-ID field which can be utilized in `affinst_suspend()` to
suspend to system affinity level.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The authentication framework deprecates plat_match_rotpk()
in favour of plat_get_rotpk_info(). This patch removes
plat_match_rotpk() from the platform port.
Change-Id: I2250463923d3ef15496f9c39678b01ee4b33883b
This patch modifies the Trusted Board Boot implementation to use
the new authentication framework, making use of the authentication
module, the cryto module and the image parser module to
authenticate the images in the Chain of Trust.
A new function 'load_auth_image()' has been implemented. When TBB
is enabled, this function will call the authentication module to
authenticate parent images following the CoT up to the root of
trust to finally load and authenticate the requested image.
The platform is responsible for picking up the right makefiles to
build the corresponding cryptographic and image parser libraries.
ARM platforms use the mbedTLS based libraries.
The platform may also specify what key algorithm should be used
to sign the certificates. This is done by declaring the 'KEY_ALG'
variable in the platform makefile. FVP and Juno use ECDSA keys.
On ARM platforms, BL2 and BL1-RW regions have been increased 4KB
each to accommodate the ECDSA code.
REMOVED BUILD OPTIONS:
* 'AUTH_MOD'
Change-Id: I47d436589fc213a39edf5f5297bbd955f15ae867
This patch adds a CoT based on the Trusted Board Boot Requirements
document*. The CoT consists of an array of authentication image
descriptors indexed by the image identifiers.
A new header file with TBBR image identifiers has been added.
Platforms that use the TBBR (i.e. ARM platforms) may reuse these
definitions as part of their platform porting.
PLATFORM PORT - IMPORTANT:
Default image IDs have been removed from the platform common
definitions file (common_def.h). As a consequence, platforms that
used those common definitons must now either include the IDs
provided by the TBBR header file or define their own IDs.
*The NVCounter authentication method has not been implemented yet.
Change-Id: I7c4d591863ef53bb0cd4ce6c52a60b06fa0102d5
This patch extends the platform port by adding an API that returns
either the Root of Trust public key (ROTPK) or its hash. This is
usually stored in ROM or eFUSE memory. The ROTPK returned must be
encoded in DER format according to the following ASN.1 structure:
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING
}
In case the platform returns a hash of the key:
DigestInfo ::= SEQUENCE {
digestAlgorithm AlgorithmIdentifier,
keyDigest OCTET STRING
}
An implementation for ARM development platforms is provided in this
patch. When TBB is enabled, the ROTPK hash location must be specified
using the build option 'ARM_ROTPK_LOCATION'. Available options are:
- 'regs' : return the ROTPK hash stored in the Trusted
root-key storage registers.
- 'devel_rsa' : return a ROTPK hash embedded in the BL1 and
BL2 binaries. This hash has been obtained from the development
RSA public key located in 'plat/arm/board/common/rotpk'.
On FVP, the number of MMU tables has been increased to map and
access the ROTPK registers.
A new file 'board_common.mk' has been added to improve code sharing
in the ARM develelopment platforms.
Change-Id: Ib25862e5507d1438da10773e62bd338da8f360bf
The Trusted firmware code identifies BL images by name. The platform
port defines a name for each image e.g. the IO framework uses this
mechanism in the platform function plat_get_image_source(). For
a given image name, it returns the handle to the image file which
involves comparing images names. In addition, if the image is
packaged in a FIP, a name comparison is required to find the UUID
for the image. This method is not optimal.
This patch changes the interface between the generic and platform
code with regard to identifying images. The platform port must now
allocate a unique number (ID) for every image. The generic code will
use the image ID instead of the name to access its attributes.
As a result, the plat_get_image_source() function now takes an image
ID as an input parameter. The organisation of data structures within
the IO framework has been rationalised to use an image ID as an index
into an array which contains attributes of the image such as UUID and
name. This prevents the name comparisons.
A new type 'io_uuid_spec_t' has been introduced in the IO framework
to specify images identified by UUID (i.e. when the image is contained
in a FIP file). There is no longer need to maintain a look-up table
[iname_name --> uuid] in the io_fip driver code.
Because image names are no longer mandatory in the platform port, the
debug messages in the generic code will show the image identifier
instead of the file name. The platforms that support semihosting to
load images (i.e. FVP) must provide the file names as definitions
private to the platform.
The ARM platform ports and documentation have been updated accordingly.
All ARM platforms reuse the image IDs defined in the platform common
code. These IDs will be used to access other attributes of an image in
subsequent patches.
IMPORTANT: applying this patch breaks compatibility for platforms that
use TF BL1 or BL2 images or the image loading code. The platform port
must be updated to match the new interface.
Change-Id: I9c1b04cb1a0684c6ee65dee66146dd6731751ea5
In order to handle secure/non-secure interrupts, overload the plat_ic_*
functions and copy GIC helper functions from arm_gic.c. Use arm_gic.c
as the reference to add Tegra's GIC helper functions.
Now that Tegra has its own GIC implementation, we have no use for
plat_gic.c and arm_gic.c files.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Add SP804 delay timer support to the FVP BSP.
This commit simply provides the 3 constants needed by the SP804
delay timer driver and calls sp804_timer_init() in
bl2_platform_setup(). The BSP does not currently use the delay
timer functions.
Note that the FVP SP804 is a normal world accessible peripheral
and should not be used by the secure world after transition
to the normal world.
Change-Id: I5f91d2ac9eb336fd81943b3bb388860dfb5f2b39
Co-authored-by: Dan Handley <dan.handley@arm.com>
This patch adds support to reserve a memory carveout region in the
DRAM on Tegra SoCs. The memory controller provides specific registers
to specify the aperture's base and size. This aperture can also be
changed dynamically in order to re-size the memory available for
DRM video playback. In case of the new aperture not overlapping
the previous one, the previous aperture has to be cleared before
setting up the new one. This means we do not "leak" any video data
to the NS world.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds support to run a Trusted OS during boot time. The
previous stage bootloader passes the entry point information in
the 'bl32_ep_info' structure, which is passed over to the SPD.
The build system expects the dispatcher to be passed as an input
parameter using the 'SPD=<dispatcher>' option. The Tegra docs have
also been updated with this information.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
For CSS based platforms, the constants MHU_SECURE_BASE and
MHU_SECURE_SIZE used to define the extents of the Trusted Mailboxes.
As such, they were misnamed because the mailboxes are completely
unrelated to the MHU hardware.
This patch removes the MHU_SECURE_BASE and MHU_SECURE_SIZE #defines.
The address of the Trusted Mailboxes is now relative to the base of
the Trusted SRAM.
This patch also introduces a new constant, SCP_COM_SHARED_MEM_BASE,
which is the address of the first memory region used for communication
between AP and SCP. This is used by the BOM and SCPI protocols.
Change-Id: Ib200f057b19816bf05e834d111271c3ea777291f
This patch removes the FIRST_RESET_HANDLER_CALL build flag and its
use in ARM development platforms. If a different reset handling
behavior is required between the first and subsequent invocations
of the reset handling code, this should be detected at runtime.
On Juno, the platform reset handler is now always compiled in.
This means it is now executed twice on the cold boot path, first in
BL1 then in BL3-1, and it has the same behavior in both cases. It is
also executed twice on the warm boot path, first in BL1 then in the
PSCI entrypoint code.
Also update the documentation to reflect this change.
NOTE: THIS PATCH MAY FORCE PLATFORM PORTS THAT USE THE
FIRST_RESET_HANDLER_CALL BUILD OPTION TO FIX THEIR RESET HANDLER.
Change-Id: Ie5c17dbbd0932f5fa3b446efc6e590798a5beae2
This patch fixes the incorrect bit width used to extract the wakeup
reason from PSYSR in platform_get_entrypoint() function. This defect
did not have any observed regression.
Change-Id: I42652dbffc99f5bf50cc86a5878f28d730720d9a
On ARM standard platforms, snoop and DVM requests used to be enabled
for the primary CPU's cluster only in the first EL3 bootloader.
In other words, if the platform reset into BL1 then CCI coherency
would be enabled by BL1 only, and not by BL3-1 again.
However, this doesn't cater for platforms that use BL3-1 along with
a non-TF ROM bootloader that doesn't enable snoop and DVM requests.
In this case, CCI coherency is never enabled.
This patch modifies the function bl31_early_platform_setup() on
ARM standard platforms so that it always enables snoop and DVM
requests regardless of whether earlier bootloader stages have
already done it. There is no harm in executing this code twice.
ARM Trusted Firmware Design document updated accordingly.
Change-Id: Idf1bdeb24d2e1947adfbb76a509f10beef224e1c
T210 is the latest chip in the Tegra family of SoCs from NVIDIA. It is an
ARM v8 dual-cluster (A57/A53) SoC, with any one of the clusters being active
at a given point in time.
This patch adds support to boot the Trusted Firmware on T210 SoCs. The patch
also adds support to boot secondary CPUs, enter/exit core power states for
all CPUs in the slow/fast clusters. The support to switch between clusters
is still not available in this patch and would be available later.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch fixes the incorrect bit width used to extract the primary
cpu id from `ap_data` exported by scp at SCP_BOOT_CFG_ADDR in
platform_is_primary_cpu().
Change-Id: I14abb361685f31164ecce0755fc1a145903b27aa
Fix the return type of the FVP `plat_arm_topology_setup` function
to be `void` instead of `int` to match the declaration in
`plat_arm.h`.
This does not result in any change in behavior.
Change-Id: I62edfa7652b83bd26cffb7d167153959b38e37e7
There has been a breaking change in the communication protocols used
between the AP cores and the SCP on CSS based platforms like Juno.
This means both the AP Trusted Firmware and SCP firmware must be
updated at the same time.
In case the user forgets to update the SCP ROM firmware, this patch
detects when it still uses the previous version of the communication
protocol. It will then output a comprehensive error message that helps
trouble-shoot the issue.
Change-Id: I7baf8f05ec0b7d8df25e0ee53df61fe7be0207c2
The communication protocol used between the AP cores and the SCP
in CSS-based platforms like Juno has undergone a number of changes.
This patch makes the required modifications to the SCP Boot Protocol,
SCPI Protocol and MHU driver code in shared CSS platform code so that
the AP cores are still able to communicate with the SCP.
This patch focuses on the mandatory changes to make it work. The
design of this code needs to be improved but this will come in
a subsequent patch.
The main changes are:
- MHU communication protocol
- The command ID and payload size are no longer written into the
MHU registers directly. Instead, they are stored in the payload
area. The MHU registers are now used only as a doorbell to kick
off messages. Same goes for any command result, the AP has to
pick it up from the payload area.
- SCP Boot Protocol
- The BL3-0 image is now expected to embed a checksum. This
checksum must be passed to the SCP, which uses it to check the
integrity of the image it received.
- The BL3-0 image used to be transferred a block (4KB)
at a time. The SCP now supports receiving up to 128KB at a
time, which is more than the size of the BL3-0 image.
Therefore, the image is now sent in one go.
- The command IDs have changed.
- SCPI Protocol
- The size of the SCPI payload has been reduced down from 512
bytes to 256 bytes. This changes the base address of the
AP-to-SCP payload area.
- For commands that have a response, the response is the same SCPI
header that was sent, except for the size and the status, which
both must be updated appropriately. Success/Failure of a command
is determined by looking at the updated status code.
- Some command IDs have changed.
NOTE: THIS PATCH BREAKS COMPATIBILITY WITH FORMER VERSIONS OF THE SCP
FIRMWARE AND THUS REQUIRES AN UPDATE OF THIS BINARY. THE LATEST SCP
BINARY CAN BE OBTAINED FROM THE ARM CONNECTED COMMUNITY WEBSITE.
Change-Id: Ia5f6b95fe32401ee04a3805035748e8ef6718da7
Move the Juno port from plat/juno to plat/arm/board/juno. Also rename
some of the files so they are consistently prefixed with juno_.
Update the platform makefiles accordingly.
Change-Id: I0af6cb52a5fee7ef209107a1188b76a3c33a2a9f
Major update to the Juno platform port to use the common platform code
in (include/)plat/arm/* and (include/)plat/common/*. This mainly
consists of removing duplicated code but also introduces some small
behavioural changes where there was unnecessary variation between the
FVP and Juno ports. See earlier commit titled `Add common ARM and CSS
platform code` for details.
Also move the ARM SoC specific security setup (i.e. NIC-400 and PCIe
initialization) from BL1 to `plat_arm_security_setup()` in BL2,
where the other security setup is done.
Change-Id: Ic9fe01bae8ed382bfb04fc5839a4cfff332eb124
Move the FVP port from plat/fvp to plat/arm/board/fvp. Also rename
some of the files so they are consistently prefixed with fvp_.
Update the platform makefiles accordingly.
Change-Id: I7569affc3127d66405f1548fc81b878a858e61b7
Major update to the FVP platform port to use the common platform code
in (include/)plat/arm/* and (include/)plat/common/*. This mainly
consists of removing duplicated code but also introduces some small
behavioural changes where there was unnecessary variation between the
FVP and Juno ports. See earlier commit titled `Add common ARM and CSS
platform code` for details.
Also add support for Foundation FVP version 9.1 during FVP config
setup to prevent a warning being emitted in the console.
Change-Id: I254ca854987642ce09d1b924c9fd410a6e13e3bc
This major change pulls out the common functionality from the
FVP and Juno platform ports into the following categories:
* (include/)plat/common. Common platform porting functionality that
typically may be used by all platforms.
* (include/)plat/arm/common. Common platform porting functionality
that may be used by all ARM standard platforms. This includes all
ARM development platforms like FVP and Juno but may also include
non-ARM-owned platforms.
* (include/)plat/arm/board/common. Common platform porting
functionality for ARM development platforms at the board
(off SoC) level.
* (include/)plat/arm/css/common. Common platform porting
functionality at the ARM Compute SubSystem (CSS) level. Juno
is an example of a CSS-based platform.
* (include/)plat/arm/soc/common. Common platform porting
functionality at the ARM SoC level, which is not already defined
at the ARM CSS level.
No guarantees are made about the backward compatibility of
functionality provided in (include/)plat/arm.
Also remove any unnecessary variation between the ARM development
platform ports, including:
* Unify the way BL2 passes `bl31_params_t` to BL3-1. Use the
Juno implementation, which copies the information from BL2 memory
instead of expecting it to persist in shared memory.
* Unify the TZC configuration. There is no need to add a region
for SCP in Juno; it's enough to simply not allow any access to
this reserved region. Also set region 0 to provide no access by
default instead of assuming this is the case.
* Unify the number of memory map regions required for ARM
development platforms, although the actual ranges mapped for each
platform may be different. For the FVP port, this reduces the
mapped peripheral address space.
These latter changes will only be observed when the platform ports
are migrated to use the new common platform code in subsequent
patches.
Change-Id: Id9c269dd3dc6e74533d0e5116fdd826d53946dc8
Some assembly files containing macros are included like header files
into other assembly files. This will cause assembler errors if they
are included multiple times.
Add header guards to assembly macro files to avoid assembler errors.
Change-Id: Ia632e767ed7df7bf507b294982b8d730a6f8fe69
The required platform constant PLATFORM_CACHE_LINE_SIZE is
unnecessary since CACHE_WRITEBACK_GRANULE effectively provides the
same information. CACHE_WRITEBACK_GRANULE is preferred since this
is an architecturally defined term and allows comparison with the
corresponding hardware register value.
Replace all usage of PLATFORM_CACHE_LINE_SIZE with
CACHE_WRITEBACK_GRANULE.
Also, add a runtime assert in BL1 to check that the provided
CACHE_WRITEBACK_GRANULE matches the value provided in CTR_EL0.
Change-Id: If87286be78068424217b9f3689be358356500dcd
In order for the symbol table in the ELF file to contain the size of
functions written in assembly, it is necessary to report it to the
assembler using the .size directive.
To fulfil the above requirements, this patch introduces an 'endfunc'
macro which contains the .endfunc and .size directives. It also adds
a .func directive to the 'func' assembler macro.
The .func/.endfunc have been used so the assembler can fail if
endfunc is omitted.
FixesARM-Software/tf-issues#295
Change-Id: If8cb331b03d7f38fe7e3694d4de26f1075b278fc
Signed-off-by: Kévin Petit <kevin.petit@arm.com>
For Juno r0, the platform reset handler needs to:
- Implement the workaround for defect #831273
- Increase the L2 Data and Tag RAM latencies for Cortex-A57.
Defect #831273 does not affect Juno r1. Also, the default value
for the L2 Tag RAM latency for Cortex-A57 is suitable on Juno r1.
The L2 Data RAM latency for Cortex-A57 still needs to be
increased, though.
This patch modifies the Juno platform reset handler to detect
the board revision and skip the unnecessary steps on Juno r1.
The behaviour on Juno r0 is unchanged.
Change-Id: I27542917223e680ef923ee860900806ffcd0357b
This patch updates the FVP and Juno platform ports to use the common
driver for ARM Cache Coherent Interconnects.
Change-Id: Ib142f456b9b673600592616a2ec99e9b230d6542
This patch defines the ARRAY_SIZE macro for calculating number of elements
in an array and uses it where appropriate.
Change-Id: I72746a9229f0b259323972b498b9a3999731bc9b
Cortex-A57 erratum #806969 applies to revision r0p0 of the CPU
but does not manifest itself on Juno r0. It is not applicable
to Juno r1 in any case.
This patch modifies the Juno platform Makefile to no longer
compile this erratum workaround in.
Change-Id: I32b16835b2ac897e639e869ab2b78b62a51a0139
This patch modifies the declarations of the functions printf() et al.
and adds the right GCC attribute to request the compiler to check
the type of the arguments passed to these functions against the given
format string. This will ensure that the compiler outputs warning
messages like the following whenever it detects an inconsistency:
file.c:42: warning: format ‘%d’ expects type ‘int’, but argument 3 has type ‘long int’
It also fixes the type mismatch inconsistencies that it revealed
across the code base.
NOTE: THIS PATCH MAY FORCE PLATFORM PORTS OR SP/SPDS THAT USE THE
PRINTF FAMILY OF FUNCTIONS TO FIX ANY TYPE MISMATCH INCONSISTENCIES.
Change-Id: If36bb54ec7d6dd2cb4791d89b02a24ac13fd2df6
All coding style violations have been fixed in a previous patch and
since then, each individual patch has been checked in this regard.
However, the latest version of the checkpatch.pl script from the Linux
kernel is more advanced and it is able to flag new errors in the
Trusted Firmware codebase. This patch fixes them.
Change-Id: I1f332f2440984be85d36b231bb83260368987077
By default the SMMU for the DMA-330 is configured to mark some stream IDs
as always belonging to the Secure world. As a result, if EL1 software turns
the SMMU on, certain Non-Secure accesses get rewritten as Secure, making
them bypass translation and access Secure physical addresses directly.
Since the current Juno board firmware configures the DMA-330 hardware as
Non-Secure, rewrite the SMMU's default SSD table as well to prevent any
unexpected behaviour in EL1.
Change-Id: Iaa81d883eecf28d80eb182b9ce475684bf9c718c
This patch removes the plat_get_max_afflvl() platform API
and instead replaces it with a platform macro PLATFORM_MAX_AFFLVL.
This is done because the maximum affinity level for a platform
is a static value and it is more efficient for it to be defined
as a platform macro.
NOTE: PLATFORM PORTS NEED TO BE UPDATED ON MERGE OF THIS COMMIT
FixesARM-Software/tf-issues#265
Change-Id: I31d89b30c2ccda30d28271154d869060d50df7bf
This patch defines MAX_MMAP_REGIONS separately for each BL stage
as per its requirements. This minimizes the size of the mmap[]
array.
FixesARM-Software/tf-issues#201
Change-Id: I19b15e1a91a8365b2ecf24e2cd71937cb73916b2
This patch adds support to authenticate the Trusted Key certificate
and the BL3-x certificates and images at BL2.
Change-Id: I69a8c13a14c8da8b75f93097d3a4576aed71c5dd
This patch moves fvp_io_setup() to bl2_early_platform_setup() in order
to allow BL2 to use the IO framework before bl2_platform_setup().
Change-Id: I75e1a772ab5f9b4727f6727822a2527c30f3c63d
This patch adds support to authenticate the BL2 content certificate
and image using the authentication module in BL1.
The FIP driver has been extended to include the BL2 certificate
UUID.
FVP and Juno ports include the BL2 certificate FIP file
definition.
Change-Id: I32680e9bd123c8db4a4193c14448c9b32b0e9325
This patch implements an authentication module based on the
PolarSSL library (v1.3.9) to verify the Chain of Trust when
Trusted Boot is enabled.
PolarSSL sources must be fetched separately. The POLARSSL_DIR
build option may be used to indicate the path to the PolarSSL
main directory (this directory must contain the 'include' and
'library' subdirectories).
To be able to build PolarSSL sources as a part of the Trusted
Firmware build process, the DISABLE_PEDANTIC flag in polarssl.mk
will tell the build system to remove the -pedantic option from
the CFLAGS.
Inclusion of PolarSSL increases the memory requirements of the BL1
and BL2 images. The following are the changes made to the FVP and
Juno platforms to cater for this when TRUSTED_BOARD_BOOT is
defined:
Changes on FVP:
- BL1 and BL2 stacks have been increased to 4 KB
- BL1(rw) section has been increased to 32 KB.
- BL2 memory region has been increased to 112 KB
Changes on Juno:
- BL1 and BL2 stacks have been increased to 4 KB
- BL1(rw) section has been increased to 32 KB.
- Trusted ROM region in Flash has been increased to 128 KB.
- BL2 memory region has been increased to 116 KB
Change-Id: Ie87d80d43408eb6239c4acd0ec5ab2120e4e9e80
This patch adds the function plat_match_rotpk() to the platform
porting layer to provide a Root Of Trust Public key (ROTPK)
verification mechanism. This function is called during the
Trusted Board Boot process and receives a supposed valid copy
of the ROTPK as a parameter, usually obtained from an external
source (for instance, a certificate). It returns 0 (success) if
that key matches the actual ROTPK stored in the system or any
other value otherwise.
The mechanism to access the actual ROTPK stored in the system
is platform specific and should be implemented as part of this
function. The format of the ROTPK is also platform specific
(to save memory, some platforms might store a hash of the key
instead of the whole key).
TRUSTED_BOARD_BOOT build option has been added to allow the user
to enable the Trusted Board Boot features. The implementation of
the plat_match_rotpk() funtion is mandatory when Trusted Board
Boot is enabled.
For development purposes, FVP and Juno ports provide a dummy
function that returns always success (valid key). A safe trusted
boot implementation should provide a proper matching function.
Documentation updated accordingly.
Change-Id: I74ff12bc2b041556c48533375527d9e8c035b8c3
This patch adds a tool that generates all the necessary elements
to establish the chain of trust (CoT) between the images.
The tool reads the binary images and signing keys and outputs the
corresponding certificates that will be used by the target at run
time to verify the authenticity of the images.
Note: the platform port must provide the file platform_oid.h. This
file will define the OIDs of the x509 extensions that will be added
to the certificates in order to establish the CoT.
Change-Id: I2734d6808b964a2107ab3a4805110698066a04be
This patch adds support to call the reset_handler() function in BL3-1 in the
cold and warm boot paths when another Boot ROM reset_handler() has already run.
This means the BL1 and BL3-1 versions of the CPU and platform specific reset
handlers may execute different code to each other. This enables a developer to
perform additional actions or undo actions already performed during the first
call of the reset handlers e.g. apply additional errata workarounds.
Typically, the reset handler will be first called from the BL1 Boot ROM. Any
additional functionality can be added to the reset handler when it is called
from BL3-1 resident in RW memory. The constant FIRST_RESET_HANDLER_CALL is used
to identify whether this is the first version of the reset handler code to be
executed or an overridden version of the code.
The Cortex-A57 errata workarounds are applied only if they have not already been
applied.
FixesARM-software/tf-issue#275
Change-Id: Id295f106e4fda23d6736debdade2ac7f2a9a9053
This patch allows the secure payload (BL3-2) to be loaded in the
DRAM region secured by the TrustZone controller (top 16 MB of DRAM1).
The location of BL3-2 can be selected at build time by setting the
build flag FVP_TSP_RAM_LOCATION to one of the following options:
- 'tsram' : Trusted SRAM (this is the default option)
- 'tdram' : Trusted DRAM
- 'dram' : Secure region in DRAM1 (top 16MB configured by the
TrustZone controller)
The number of MMU tables in BL3-2 depends on its location in
memory: 3 in case it is loaded in DRAM, 2 otherwise.
Documentation updated accordingly.
FixesARM-software/tf-issues#212
Change-Id: I371eef3a4159f06a0c9e3c6c1f4c905b2f93803a
This patch allows the platform to validate the power_state and
entrypoint information from the normal world early on in PSCI
calls so that we can return the error safely. New optional
pm_ops hooks `validate_power_state` and `validate_ns_entrypoint`
are introduced to do this.
As a result of these changes, all the other pm_ops handlers except
the PSCI_ON handler are expected to be successful. Also, the PSCI
implementation will now assert if a PSCI API is invoked without the
corresponding pm_ops handler being registered by the platform.
NOTE : PLATFORM PORTS WILL BREAK ON MERGE OF THIS COMMIT. The
pm hooks have 2 additional optional callbacks and the return type
of the other hooks have changed.
FixesARM-Software/tf-issues#229
Change-Id: I036bc0cff2349187c7b8b687b9ee0620aa7e24dc
This patch removes the non-secure entry point information being passed
to the platform pm_ops which is not needed. Also, it removes the `mpidr`
parameter for platform pm hooks which are meant to do power management
operations only on the current cpu.
NOTE: PLATFORM PORTS MUST BE UPDATED AFTER MERGING THIS COMMIT.
Change-Id: If632376a990b7f3b355f910e78771884bf6b12e7
This patch extends the build option `USE_COHERENT_MEMORY` to
conditionally remove coherent memory from the memory maps of
all boot loader stages. The patch also adds necessary
documentation for coherent memory removal in firmware-design,
porting and user guides.
FixesARM-Software/tf-issues#106
Change-Id: I260e8768c6a5c2efc402f5804a80657d8ce38773
This patch moves the bakery locks out of coherent memory to normal memory.
This implies that the lock information needs to be placed on a separate cache
line for each cpu. Hence the bakery_lock_info_t structure is allocated in the
per-cpu data so as to minimize memory wastage. A similar platform per-cpu
data is introduced for the platform locks.
As a result of the above changes, the bakery lock api is completely changed.
Earlier, a reference to the lock structure was passed to the lock implementation.
Now a unique-id (essentially an index into the per-cpu data array) and an offset
into the per-cpu data for bakery_info_t needs to be passed to the lock
implementation.
Change-Id: I1e76216277448713c6c98b4c2de4fb54198b39e0
This patch maps the non-secure region of DRAM1 in the MMU. The
non-secure region comprises the whole DRAM1 (0x80000000 -
0xffffffff) excluding the top 16 MB (0xff000000 - 0xffffffff).
The TrustZone controller configures this 16 MB region as secure
memory, so it can not be accessed in non-secure mode.
The number of MMU tables in BL2 has been increased to 3 because
the new size of the non-secure region in DRAM requires an extra L2
table.
Change-Id: I5ad080c6e181f6b6060e15cebb1d18b7fa128cf5
This patch allows the BL3-1 NOBITS section to overlap the BL1 R/W
section since the former will always be used after the latter.
Similarly, the BL3-2 NOBITS section can overlay the BL2 image
when BL3-2 is loaded in Trusted SRAM.
Due to the current size of the images, there is no actual overlap.
Nevertheless, this reorganization may help to optimise the Trusted
SRAM usage when the images size grows.
Note that because BL3-1 NOBITS section is allowed to overlap the
BL1 R/W section, BL1 global variables will remain valid only until
execution reaches the BL3-1 entry point during a cold boot.
Documentation updated accordingly.
FixesARM-software/tf-issues#254
Change-Id: Id538f4d1c7f1f7858108280fd7b97e138572b879
In both FVP and Juno ports, IRQ #16, which is a PPI, is incorrectly
identified as secure SGI #8 through the constant IRQ_SEC_SGI_8.
This patch removes it.
FixesARM-software/tf-issues#282
Change-Id: I9e52d849611ffcd2b1f28e56dd156c5b217ed63e
This patch reassigns the crash console on Juno and FVP to use the runtime
BL3-1 console. The crash console is changed to SoC UART0 (UART2) from the
previous FPGA UART0 (UART0) on Juno. In FVP, it is changed from UART0 to
UART1.
FixesARM-software/tf-issues#256
Change-Id: I7df54f86ca00ec2652c27261dd66a94c12610816
This patch replaces the usage of the GIC private driver in Juno with
the generic ARM GIC driver. The private driver is no longer necessary
and has been removed from the Juno port.
FixesARM-software/tf-issues#253
Change-Id: I6aaabc252e5e6fb5fcf44ab6d0febd9b38791056
This patch optimizes the Cortex-A57 cluster power down sequence by not
flushing the Level1 data cache. The L1 data cache and the L2 unified
cache are inclusive. A flush of the L2 by set/way flushes any dirty
lines from the L1 as well. This is a known safe deviation from the
Cortex-A57 TRM defined power down sequence. This optimization can be
enabled by the platform through the 'SKIP_A57_L1_FLUSH_PWR_DWN' build
flag. Each Cortex-A57 based platform must make its own decision on
whether to use the optimization.
This patch also renames the cpu-errata-workarounds.md to
cpu-specific-build-macros.md as this facilitates documentation
of both CPU Specific errata and CPU Specific Optimization
build macros.
Change-Id: I299b9fe79e9a7e08e8a0dffb7d345f9a00a71480
This patch deprecates the build option to relocate the shared data
into Trusted DRAM in FVP. After this change, shared data is always
located at the base of Trusted SRAM. This reduces the complexity
of the memory map and the number of combinations in the build
options.
FixesARM-software/tf-issues#257
Change-Id: I68426472567b9d8c6d22d8884cb816f6b61bcbd3
This patch adds support on the Juno platform for entering a wfi in
response to a PSCI CPU_SUSPEND call where the state type is a
standby state.
Change-Id: I0a102dee1f8d2ad936c63ad1d1d3ad001a4a4768
This patch configures the TrustZone Controller in Juno to split
the 2GB DDR-DRAM memory at 0x80000000 into Secure and Non-Secure
regions:
- Secure DDR-DRAM: top 16 MB, except for the last 2 MB which are
used by the SCP for DDR retraining
- Non-Secure DDR-DRAM: remaining DRAM starting at base address
Build option PLAT_TSP_LOCATION selects the location of the secure
payload (BL3-2):
- 'tsram' : Trusted SRAM (default option)
- 'dram' : Secure region in the DDR-DRAM (set by the TrustZone
controller)
The MMU memory map has been updated to give BL2 permission to load
BL3-2 into the DDR-DRAM secure region.
FixesARM-software/tf-issues#233
Change-Id: I6843fc32ef90aadd3ea6ac4c7f314f8ecbd5d07b
This patch replaces direct accesses to the TZC-400 registers by the
appropiate calls to the generic driver available in the Trusted
Firmware in order to initialize the TrustZone Controller.
Functions related to the initialization of the secure memory,
like the TZC-400 configuration, have been moved to a new file
'plat_security.c'. This reorganization makes easier to set up
the secure memory from any BL stage.
TZC-400 initialization has been moved from BL1 to BL2 because BL1
does not access the non-secure memory. It is BL2's responsibility
to enable and configure the TZC-400 before loading the next BL
images.
In Juno, BL3-0 initializes some of the platform peripherals, like
the DDR controller. Thus, BL3-0 must be loaded before configuring
the TrustZone Controller. As a consequence, the IO layer
initialization has been moved to early platform initialization.
FixesARM-software/tf-issues#234
Change-Id: I83dde778f937ac8d2996f7377e871a2e77d9490e
This patch uses the IMAGE_BL<x> constants to create translation tables specific
to a boot loader stage. This allows each stage to create mappings only for areas
in the memory map that it needs.
FixesARM-software/tf-issues#209
Change-Id: Ie4861407ddf9317f0fb890fc7575eaa88d0de51c
This patch avoids the problem of crash reporting mechanism accessing
global data in BSS by 'plat_print_gic_regs' for FVP platforms. Earlier
it depended on the global 'plat_config' object for the GIC Base address
in FVP platforms which would have caused exception if it were accessed
before the BSS was initialized. It is now fixed by dynamically
querying the V2M_SYS_ID to find the FVP model type and accordingly
selecting the appropriate GIC Base address.
This patch also fixes the 'plat_print_gic_regs' to use the correct GIC
Distributor base address for printing GICD_IS_PENDR register values
for both Juno and FVP platforms.
FixesARM-Software/tf-issues#236
Change-Id: I545c7b908b3111419bf27db0575ce86acf86784b
This patch gathers miscellaneous minor fixes to the documentation, and comments
in the source code.
Change-Id: I631e3dda5abafa2d90f464edaee069a1e58b751b
Co-Authored-By: Soby Mathew <soby.mathew@arm.com>
Co-Authored-By: Dan Handley <dan.handley@arm.com>
This patch changes the UART port assignment for various BL stages
so as to make it consistent on the platform ports. The BL1, BL2 and
BL3-1 now uses UART0 on the FVP port and SoC UART0 on the Juno port.
The BL3-2 uses UART2 on the FVP port and FPGA UART0 on the Juno
port.
This provides an interim fix to ARM-software/tf-issues#220 until
support is added for changing the UART port for a BL image between
cold boot and runtime.
Change-Id: Iae5faea90be3d59e41e597b34a902f93e737505a
This patch removes the PRIMARY_CPU definition hardcoded in the
Juno port. Instead, the primary CPU is obtained at runtime by
reading the SCC General Purpose Register 1 (GPR_1), whose value
is copied by the SCP into shared memory during the boot process.
Change-Id: I3981daa92eb7142250712274cf7f655b219837f5
This patch adds the Juno platform specific handlers for PSCI
SYSTEM_OFF and SYSTEM_RESET operations.
Change-Id: Ie389adead533ec2314af44d721b4d0f306147c7d
This patch implements the TSP on Juno. It executes from on-chip Trusted
SRAM.
Also, the other bootloader images (i.e. BL1 R/W, BL2 and BL3-1) have
been moved around. The reason is, although there was enough space
overall to store the TSP in SRAM, there was no contiguous free chunk
of SRAM big enough to hold it.
This patch keeps the overall memory layout (i.e. keeping BL1 R/W at
the bottom, BL2 at the top and BL3-1 in between) but moves the base
addresses of all the bootloader images in such a way that:
- memory fragmentation is reduced enough to fit BL3-2 in;
- new base addresses are suitable for release builds as well as debug
ones;
- each image has a few extra kilobytes for future growth.
BL3-1 and BL3-2 are the images which received the biggest allocations
since they will most probably grow the most.
This patch also adds instruction synchronization barriers around the code which
handles the timer interrupt in the TSP. This ensures that the interrupt is not
acknowledged after or EOIed before it is deactivated at the peripheral.
Change-Id: I1c5b51858700027ee283ac85d18e06863a27c72e
This patch adds support for PSCI CPU_OFF and CPU_SUSPEND APIs to the Juno port
of the ARM Trusted Firmware. The maximum affinity level that can be suspended is
the cluster level (affinity level 1). Support for suspending the system level is
not present.
Change-Id: Ie2c9da0acd7d1b0d5ac64940cdf40347153e52c8
This patch adds the initial port of the ARM Trusted Firmware on the Juno
development platform. This port does not support a BL3-2 image or any PSCI APIs
apart from PSCI_VERSION and PSCI_CPU_ON. It enables workarounds for selected
Cortex-A57 (#806969 & #813420) errata and implements the workaround for a Juno
platform errata (Defect id 831273).
Change-Id: Ib3d92df3af53820cfbb2977582ed0d7abf6ef893
This patch adds CPU core and cluster power down sequences to the CPU specific
operations framework introduced in a earlier patch. Cortex-A53, Cortex-A57 and
generic AEM sequences have been added. The latter is suitable for the
Foundation and Base AEM FVPs. A pointer to each CPU's operations structure is
saved in the per-cpu data so that it can be easily accessed during power down
seqeunces.
An optional platform API has been introduced to allow a platform to disable the
Accelerator Coherency Port (ACP) during a cluster power down sequence. The weak
definition of this function (plat_disable_acp()) does not take any action. It
should be overriden with a strong definition if the ACP is present on a
platform.
Change-Id: I8d09bd40d2f528a28d2d3f19b77101178778685d
This patch adds an optional platform API (plat_reset_handler) which allows the
platform to perform any actions immediately after a cold or warm reset
e.g. implement errata workarounds. The function is called with MMU and caches
turned off. This API is weakly defined and does nothing by default but can be
overriden by a platform with a strong definition.
Change-Id: Ib0acdccbd24bc756528a8bd647df21e8d59707ff
This patch introduces a framework which will allow CPUs to perform
implementation defined actions after a CPU reset, during a CPU or cluster power
down, and when a crash occurs. CPU specific reset handlers have been implemented
in this patch. Other handlers will be implemented in subsequent patches.
Also moved cpu_helpers.S to the new directory lib/cpus/aarch64/.
Change-Id: I1ca1bade4d101d11a898fb30fea2669f9b37b956
This patch provides a workaround for the ASM_ASSERT label issue
and also reworks the use of labels in assembly macros.
If the caller of the ASM_ASSERT macro happened to use the
label '1' to jump past the ASM_ASSERT macro, it would not have
worked since the ASM_ASSERT macro internally used the same label.
Hence, as a workaround, this patch makes the label a high
number in the expectation that the caller will never use it.
Also updated the other assembly macros using numerical labels to
named lables.
Change-Id: Iec892359db84f2391ad2a83a92141c4d7049776a
This patch reworks FVP port's power management implementation to perform
platform actions only when the platform exported hook is invoked for the highest
affinity level to enter/exit the OFF state.
For example, during a CPU_OFF operation, fvp_affinst_off() is called twice: for
affinity level 0 and affinity level 1 (in that order). CPU specific operations
are deferred until the next invocation if it is determined through a call to
psci_get_max_phys_off_afflvl() that this is CPU is the last in the cluster.
Similarly, during power up if the CPU is the first in the cluster, both CPU and
cluster specific operations are performed when fvp_affinst_on_finish() is
invoked for affinity level 1. Earlier, they were done across the two invocations
of the handler.
Change-Id: I4288ed3ba1385db36a69cc2e598deb219f209b8a
This patch adds support for SYSTEM_OFF and SYSTEM_RESET PSCI
operations. A platform should export handlers to complete the
requested operation. The FVP port exports fvp_system_off() and
fvp_system_reset() as an example.
If the SPD provides a power management hook for system off and
system reset, then the SPD is notified about the corresponding
operation so it can do some bookkeeping. The TSPD exports
tspd_system_off() and tspd_system_reset() for that purpose.
Versatile Express shutdown and reset methods have been removed
from the FDT as new PSCI sys_poweroff and sys_reset services
have been added. For those kernels that do not support yet these
PSCI services (i.e. GICv3 kernel), the original dtsi files have
been renamed to *-no_psci.dtsi.
FixesARM-software/tf-issues#218
Change-Id: Ic8a3bf801db979099ab7029162af041c4e8330c8
* Move TSP platform porting functions to new file:
include/bl32/tsp/platform_tsp.h.
* Create new TSP_IRQ_SEC_PHY_TIMER definition for use by the generic
TSP interrupt handling code, instead of depending on the FVP
specific definition IRQ_SEC_PHY_TIMER.
* Rename TSP platform porting functions from bl32_* to tsp_*, and
definitions from BL32_* to TSP_*.
* Update generic TSP code to use new platform porting function names
and definitions.
* Update FVP port accordingly and move all TSP source files to:
plat/fvp/tsp/.
* Update porting guide with above changes.
Note: THIS CHANGE REQUIRES ALL PLATFORM PORTS OF THE TSP TO
BE UPDATED
FixesARM-software/tf-issues#167
Change-Id: Ic0ff8caf72aebb378d378193d2f017599fc6b78f
The TZC-400 driver previously allowed the possibility of multiple
controller instances to be present in the same executable. This
was unnecessary since there will only ever be one instance.
This change simplifies the tzc_init() function to only take the
base address argument needed by implementation, conforming to the
driver initialization model of other drivers. It also hides some
of the implementation details that were previously exposed by the
API.
The FVP port has been updated accordingly.
THIS CHANGE REQUIRES ALL PLATFORM PORTS THAT USE THE TZC-400
DRIVER TO BE UPDATED
FixesARM-software/tf-issues#181
Change-Id: I7b721edf947064989958d8f457d6462d92e742c8
Move the remaining IO storage source file (io_storage.c) from the
lib to the drivers directory. This requires that platform ports
explicitly add this file to the list of source files.
Also move the IO header files to a new sub-directory, include/io.
Change-Id: I862b1252a796b3bcac0d93e50b11e7fb2ded93d6
The intent of io_init() was to allow platform ports to provide
a data object (io_plat_data_t) to the IO storage framework to
allocate into. The abstraction was incomplete because io_plat_data_t
uses a platform defined constant and the IO storage framework
internally allocates other arrays using platform defined constants.
This change simplifies the implementation by instantiating the
supporting objects in the IO storage framework itself. There is now
no need for the platform to call io_init().
The FVP port has been updated accordingly.
THIS CHANGE REQUIRES ALL PLATFORM PORTS THAT USE THE IO STORAGE
FRAMEWORK TO BE UDPATED.
Change-Id: Ib48ac334de9e538064734334c773f8b43df3a7dc
* Create cci_init() function in CCI-400 driver to allow platform
to provide arguments needed by the driver (i.e. base address
and cluster indices for the ACE slave interfaces).
* Rename cci_(en|dis)able_coherency to
cci_(en|dis)able_cluster_coherency to make it clear that
the driver only enables/disables the coherency of CPU
clusters and not other devices connected to the CCI-400.
* Update FVP port to use new cci_init() function and remove
unnecessary CCI defintions from platform_def.h. Also rename
fvp_cci_setup() to fvp_cci_enable() to more clearly
differentiate between CCI initialization and enabling.
THIS CHANGE REQUIRES PLATFORM PORTS THAT USE THE CCI-400 DRIVER
TO BE UPDATED
FixesARM-software/tf-issues#168
Change-Id: I1946a51409b91217b92285b6375082619f607fec
This patch groups the current contents of the Trusted DRAM region at
address 0x00_0600_0000 (entrypoint mailboxes and BL3-1 parameters) in
a single shared memory area that may be allocated to Trusted SRAM
(default) or Trusted DRAM at build time by setting the
FVP_SHARED_DATA_LOCATION make variable. The size of this shared
memory is 4096 bytes.
The combination 'Shared data in Trusted SRAM + TSP in Trusted DRAM'
is not currently supported due to restrictions in the maximum number
of mmu tables that can be created.
Documentation has been updated to reflect these changes.
FixesARM-software/tf-issues#100
Change-Id: I26ff04d33ce4cacf8d770d1a1e24132b4fc53ff0
Fix the following issues with the console log output:
* Make sure the welcome string is the first thing in the log output
(during normal boot).
* Prefix each message with the BL image name so it's clear which
BL the output is coming from.
* Ensure all output is wrapped in one of the log output macros so it can
be easily compiled out if necessary. Change some of the INFO() messages
to VERBOSE(), especially in the TSP.
* Create some extra NOTICE() and INFO() messages during cold boot.
* Remove all usage of \r in log output.
FixesARM-software/tf-issues#231
Change-Id: Ib24f7acb36ce64bbba549f204b9cde2dbb46c8a3
Secure ROM at address 0x0000_0000 is defined as FVP_TRUSTED_ROM
Secure RAM at address 0x0400_0000 is defined as FVP_TRUSTED_SRAM
Secure RAM at address 0x0600_0000 is defined as FVP_TRUSTED_DRAM
BLn_BASE and BLn_LIMIT definitions have been updated and are based on
these new memory regions.
The available memory for each bootloader in the linker script is
defined by BLn_BASE and BLn_LIMIT, instead of the complete memory
region.
TZROM_BASE/SIZE and TZRAM_BASE/SIZE are no longer required as part of
the platform porting.
FVP common definitions are defined in fvp_def.h while platform_def.h
contains exclusively (with a few exceptions) the definitions that are
mandatory in the porting guide. Therefore, platform_def.h now includes
fvp_def.h instead of the other way around.
Porting guide has been updated to reflect these changes.
Change-Id: I39a6088eb611fc4a347db0db4b8f1f0417dbab05
This patch separates the stack size for each BL stage and
reduces it after stack usage analysis was done.
FixesARM-software/tf-issues#200
Change-Id: I8edc6de2551b0a6788761d121937692b2149bb29
There is no mechanism which allows the TSPD to specify what SPSR to
use when entering BL3-2 instead of BL3-3. This patch divides the
responsibility between tspd_setup() and tspd_init() for initializing
the TSPD and TSP to support the alternate BL3-2 initialization flow
where BL3-1 handsover control to BL3-2 instead of BL3-3.
SPSR generated by TSPD for TSP is preserved due the new division of
labour which fixes#174.
This patch also moves the cpu_context initialization code from
tspd_setup() to tspd_init() immediately before entering the TSP.
Instead tspd_setup() updates the BL3-2 entrypoint info structure
with the state required for initializing the TSP later.
Fixes ARM-software/TF-issues#174
Change-Id: Ida0a8a48d466c71d5b07b8c7f2af169b73f96940
The purpose of platform_is_primary_cpu() is to determine after reset
(BL1 or BL3-1 with reset handler) if the current CPU must follow the
cold boot path (primary CPU), or wait in a safe state (secondary CPU)
until the primary CPU has finished the system initialization.
This patch removes redundant calls to platform_is_primary_cpu() in
subsequent bootloader entrypoints since the reset handler already
guarantees that code is executed exclusively on the primary CPU.
Additionally, this patch removes the weak definition of
platform_is_primary_cpu(), so the implementation of this function
becomes mandatory. Removing the weak symbol avoids other
bootloaders accidentally picking up an invalid definition in case the
porting layer makes the real function available only to BL1.
The define PRIMARY_CPU is no longer mandatory in the platform porting
because platform_is_primary_cpu() hides the implementation details
(for instance, there may be platforms that report the primary CPU in
a system register). The primary CPU definition in FVP has been moved
to fvp_def.h.
The porting guide has been updated accordingly.
FixesARM-software/tf-issues#219
Change-Id: If675a1de8e8d25122b7fef147cb238d939f90b5e
Assert a valid security state using the macro sec_state_is_valid().
Replace assert() with panic() in those cases that might arise
because of runtime errors and not programming errors.
Replace panic() with assert() in those cases that might arise
because of programming errors.
FixesARM-software/tf-issues#96
Change-Id: I51e9ef0439fd5ff5e0edfef49050b69804bf14d5
This patch adds the CPUECTLR_EL1 register and the CCI Snoop Control
register to the list of registers being reported when an unhandled
exception occurs.
Change-Id: I2d997f2d6ef3d7fa1fad5efe3364dc9058f9f22c
This patch reworks the crash reporting mechanism to further
optimise the stack and code size. The reporting makes use
of assembly console functions to avoid calling C Runtime
to report the CPU state. The crash buffer requirement is
reduced to 64 bytes with this implementation. The crash
buffer is now part of per-cpu data which makes retrieving
the crash buffer trivial.
Also now panic() will use crash reporting if
invoked from BL3-1.
FixesARM-software/tf-issues#199
Change-Id: I79d27a4524583d723483165dc40801f45e627da5
This patch introduces platform APIs to initialise and
print a character on a designated crash console.
For the FVP platform, PL011_UART0 is the designated
crash console. The platform porting guide is also updated
to document the new APIs.
Change-Id: I5e97d8762082e0c88c8c9bbb479353eac8f11a66
This patch adds baud rate and UART clock frequency as parameters
to the pl011 driver api console_init(). This allows each platform
to specify UART clock and baud rate according to their specific
hardware implementation.
FixesARM-software/tf-issues#215
Change-Id: Id13eef70a1c530e709b34dd1e6eb84db0797ced2
This patch replaces the pl011 console family of functions
with their equivalents defined in assembly. The baud rate is
defined by the PL011_BAUDRATE macro and IBRD and FBRD values
for pl011 are computed statically. This patch will enable
us to invoke the console functions without the C Runtime Stack.
Change-Id: Ic3f7b7370ded38bf9020bf746b362081b76642c7
This patch removes the allocation of memory for coherent stacks, associated
accessor function and some dead code which called the accessor function. It also
updates the porting guide to remove the concept and the motivation behind using
stacks allocated in coherent memory.
FixesARM-software/tf-issues#198
Change-Id: I00ff9a04f693a03df3627ba39727e3497263fc38
This patch adds a 'flags' parameter to each exception level specific function
responsible for enabling the MMU. At present only a single flag which indicates
whether the data cache should also be enabled is implemented. Subsequent patches
will use this flag when enabling the MMU in the warm boot paths.
Change-Id: I0eafae1e678c9ecc604e680851093f1680e9cefa
The ARM_GIC_ARCH build option was supposed to default to 2 on all
platforms. However, the default value was set in the FVP makefile
so for all other platforms it wasn't even defined.
This patch moves the default value to the main Makefile. The platform
port can then override it if needed.
Change-Id: I8e2da1cce7ffa3ed18814bbdcbcf2578101f18a6
platform_get_entrypoint() did not consider that a wakeup due to
System Reset Pin (by reading the power controller's PSYSR) requires
a cold boot. As a result, the code would execute the warm boot path
and eventually panic because entrypoint mailboxes are empty.
This patch ensures that the following wake-up reasons result in cold
boot:
- Cold Power-on
- System Reset Pin (includes reset by software)
FixesARM-software/tf-issues#217
Change-Id: I65ae0a0f7a46548b575900a5aac107d352b0e2cd
This patch re-organizes the memory layout on FVP as to give the
BL3-2 image as much memory as possible.
Considering these two facts:
- not all images need to live in memory at the same time. Once
in BL3-1, the memory used by BL1 and BL2 can be reclaimed.
- when BL2 loads the BL3-1 and BL3-2 images, it only considers the
PROGBITS sections of those 2 images. The memory occupied by the
NOBITS sections will be touched only at execution of the BL3-x
images;
Then it is possible to choose the different base addresses such that
the NOBITS sections of BL3-1 and BL3-2 overlay BL1 and BL2.
On FVP we choose to put:
- BL1 and BL3-1 at the top of the Trusted RAM, with BL3-1 NOBITS
sections overlaying BL1;
- BL3-2 at the bottom of the Trusted RAM, with its NOBITS sections
overlaying BL2;
This is illustrated by the following diagram:
0x0404_0000 ------------ ------------------
| BL1 | <= | BL3-1 NOBITS |
------------ <= ------------------
| | <= | BL3-1 PROGBITS |
------------ ------------------
| BL2 | <= | BL3-2 NOBITS |
------------ <= ------------------
| | <= | BL3-2 PROGBITS |
0x0400_0000 ------------ ------------------
New platform-specific constants have been introduced to easily check
at link time that BL3-1 and BL3-2 PROGBITS sections don't overwrite
BL1 and BL2. These are optional and the platform code is free to define
them or not. If not defined, the linker won't attempt to check
image overlaying.
FixesARM-software/tf-issues#117
Change-Id: I5981d1c3d66ee70eaac8bd052630c9ac6dd8b042
Refactor the FVP gic code in plat/fvp/fvp_gic.c to be a generic ARM
GIC driver in drivers/arm/gic/arm_gic.c. Provide the platform
specific inputs in the arm_gic_setup() function so that the driver
has no explicit dependency on platform code.
Provide weak implementations of the platform interrupt controller
API in a new file, plat/common/plat_gic.c. These simply call through
to the ARM GIC driver.
Move the only remaining FVP GIC function, fvp_gic_init() to
plat/fvp/aarch64/fvp_common.c and remove plat/fvp/fvp_gic.c
FixesARM-software/tf-issues#182
Change-Id: Iea82fe095fad62dd33ba9efbddd48c57717edd21
Changed the fvp_config array in fvp_common.c into a struct and
moved into a new optional common platform header,
include/plat/common/plat_config.h. Removed the config definitions
in fvp_def.h and updated all references to the platform config.
This makes the interface to the platform config cleaner and uses
a little less RAM.
FixesARM-software/tf-issues#180
Change-Id: I58dd7b3c150f24f7ee230a26fd57c827853ba803
There was already a rudimentary mechanism to detect whether BL1
R/W data was loaded at the top or bottom of memory. Basically,
- either BL1 was loaded at the very end of the trusted RAM
- in all other cases BL1 was considered sitting at the bottom of
the memory and the memory usage structure was updated accordingly,
potentially resulting in critical memory waste.
For instance, if BL1 R/W base address was set to
(TZRAM_END - 4096 - bl1_size), it would virtually occupy the whole
memory.
This patch improves the mechanism to detect the location of BL1
to avoid such scenarios.
Change-Id: I224a9edf0fe8d34208545d84b28b63f2bb830d03
This concept is no longer required since we now support loading of
images at fixed addresses only.
The image loader now automatically detects the position of the image
inside the current memory layout and updates the layout such that
memory fragmentation is minimised.
The 'attr' field of the meminfo data structure, which used to hold
the bottom/top loading information, has been removed. Also the 'next'
field has been removed as it wasn't used anywhere.
The 'init_bl2_mem_layout()' function has been moved out of common
code and put in BL1-specific code. It has also been renamed into
'bl1_init_bl2_mem_layout'.
FixesARM-software/tf-issues#109
Change-Id: I3f54642ce7b763d5ee3b047ad0ab59eabbcf916d
The code in the FVP port which checks the platform type and
revision information in the SYS_ID register strictly supported
only the first revision of the Base and Foundation FVPs.
The current check also does not reflect the fact that the
board revision field is 'local' to the board type (HBI field).
Support for a new Foundation model is required now, and the
checking code is relaxed to allow execution (with a diagnostic)
on unrecognised revisions of the Base and Foundation FVP.
Change-Id: I7cd3519dfb56954aafe5f52ce1fcea0ee257ba9f
Making the simple mmio_read_*() and mmio_write_*() functions inline
saves 360 bytes of code in FVP release build.
FixesARM-software/tf-issues#210
Change-Id: I65134f9069f3b2d8821d882daaa5fdfe16355e2f
This patch reworks FVP specific code responsible for determining
the entry point information for BL3-2 and BL3-3 stages when BL3-1
is configured as the reset handler.
Change-Id: Ia661ff0a6a44c7aabb0b6c1684b2e8d3642d11ec
The 'plat_print_gic_regs' macro was accessing the GICC_CTLR register
using the GICD_CTLR offset. This still generates the right code in
the end because GICD_CTLR == GICC_CTLR but this patch fixes it for
the logic of the code.
Change-Id: I7b17af50e587f07bec0e4c933e346088470c96f3
The bakery lock code currently expects the calling code to pass
the MPIDR_EL1 of the current CPU.
This is not always done correctly. Also the change to provide
inline access to system registers makes it more efficient for the
bakery lock code to obtain the MPIDR_EL1 directly.
This change removes the mpidr parameter from the bakery lock
interface, and results in a code reduction of 160 bytes for the
ARM FVP port.
FixesARM-software/tf-issues#213
Change-Id: I7ec7bd117bcc9794a0d948990fcf3336a367d543
The array of affinity nodes is currently allocated for 32 entries
with the PSCI_NUM_AFFS value defined in psci.h. This is not enough
for large systems, and will substantially over allocate the array
for small systems.
This patch introduces an optional platform definition
PLATFORM_NUM_AFFS to platform_def.h. If defined this value is
used for PSCI_NUM_AFFS, otherwise a value of two times the number
of CPU cores is used.
The FVP port defines PLATFORM_NUM_AFFS to be 10 which saves
nearly 1.5KB of memory.
FixesARM-software/tf-issues#192
Change-Id: I68e30ac950de88cfbd02982ba882a18fb69c1445
This memory is not used by the FVP port and requires an additional
4KB translation table.
This patch removes the entry from the memory map and reduces the
number of allocated translation tables.
FixesARM-software/tf-issues#196
Change-Id: I5b959e4fe92f5f892ed127c40dbe6c85eed3ed72
This patch removes the reinitialisation of memory mapped system timer
registers after a warm boot for the FVP. The system timers in FVP are
in the 'Always ON' power domain which meant the reinitialisation was
redundant and it could have conflicted with the setup the normal
world has done.
The programming of CNTACR(x) and CNTNSAR, the system timer registers,
are removed from the warm boot path with this patch.
FixesARM-software/tf-issues#169
Change-Id: Ie982eb03d1836b15ef3cf1568de2ea68a08b443e
According to documentation, the Rev field is located at bit 28 in
the V2M sysid register.
FixesARM-software/tf-issues#179
Change-Id: I2abb7bdc092ccd3f41f8962dc8d8d8e44e8dfdc3
Replace the current out-of-line assembler implementations of
the system register and system instruction operations with
inline assembler.
This enables better compiler optimisation and code generation
when accessing system registers.
FixesARM-software/tf-issues#91
Change-Id: I149af3a94e1e5e5140a3e44b9abfc37ba2324476
Current ATF uses a direct physical-to-virtual mapping, that is, a physical
address is mapped to the same address in the virtual space. For example,
physical address 0x8000_0000 is mapped to 0x8000_0000 virtual. This
approach works fine for FVP as all its physical addresses fall into 0 to
4GB range. But for other platform where all I/O addresses are 48-bit long,
If we follow the same direct mapping, we would need virtual address range
from 0 to 0x8fff_ffff_ffff, which is about 144TB. This requires a
significant amount of memory for MMU tables and it is not necessary to use
that much virtual space in ATF.
The patch is to enable mapping a physical address range to an arbitrary
virtual address range (instead of flat mapping)
Changed "base" to "base_va" and added "base_pa" in mmap_region_t and
modified functions such as mmap_add_region and init_xlation_table etc.
FixesARM-software/tf-issues#158
bl2_main() was overwriting any platform set X1 parameter for BL3-1
with the value zero.
This patch ensure that any platform set value is correctly passed
to BL3-1. The FVP port adds a check to verify this parameter is
being passed correctly.
FixesARM-software/tf-issues#173
Change-Id: Ifbcda73d3d41d2b04a4baf5614e9d2d21f1717c8
Rename the ic_* platform porting functions to plat_ic_* to be
consistent with the other functions in platform.h. Also rename
bl31_get_next_image_info() to bl31_plat_get_next_image_ep_info()
and remove the duplicate declaration in bl31.h.
Change-Id: I4851842069d3cff14c0a468daacc0a891a7ede84
Previously, the enable_mmu_elX() functions were implicitly part of
the platform porting layer since they were included by generic
code. These functions have been placed behind 2 new platform
functions, bl31_plat_enable_mmu() and bl32_plat_enable_mmu().
These are weakly defined so that they can be optionally overridden
by platform ports.
Also, the enable_mmu_elX() functions have been moved to
lib/aarch64/xlat_tables.c for optional re-use by platform ports.
These functions are tightly coupled with the translation table
initialization code.
FixesARM-software/tf-issues#152
Change-Id: I0a2251ce76acfa3c27541f832a9efaa49135cc1c
FVP specific files and functions containing the word "plat" have been
renamed to use the word "fvp" to distinguish them from the common
platform functionality and porting functions.
Change-Id: I39f9673dab3ee9c74bd18b3e62b7c21027232f7d
Some platform porting functions were in BL specific header files.
These have been moved to platform.h so that all porting functions
are in the same place. The functions are now grouped by BL.
Obsolete BL headers files have been removed.
Also, the weak declaration of the init_bl2_mem_layout() function
has been moved out the header file and into the source file
(bl_common.c) using the more succinct #pragma syntax. This
mitigates the risk of 2 weak definitions being created and the
wrong one being picked up by the compiler.
Change-Id: Ib19934939fd755f3e5a5a5bceec88da684308a83
Previously, platform.h contained many declarations and definitions
used for different purposes. This file has been split so that:
* Platform definitions used by common code that must be defined
by the platform are now in platform_def.h. The exact include
path is exported through $PLAT_INCLUDES in the platform makefile.
* Platform definitions specific to the FVP platform are now in
/plat/fvp/fvp_def.h.
* Platform API declarations specific to the FVP platform are now
in /plat/fvp/fvp_private.h.
* The remaining platform API declarations that must be ported by
each platform are still in platform.h but this file has been
moved to /include/plat/common since this can be shared by all
platforms.
Change-Id: Ieb3bb22fbab3ee8027413c6b39a783534aee474a
Currently the platform code gets to define the base address of each
boot loader image. However, the linker scripts couteract this
flexibility by enforcing a fixed overall layout of the different
images. For example, they require that the BL3-1 image sits below
the BL2 image. Choosing BL3-1 and BL2 base addresses in such a way
that it violates this constraint makes the build fail at link-time.
This patch requires the platform code to now define a limit address
for each image. The linker scripts check that the image fits within
these bounds so they don't rely anymore on the position of a given
image in regard to the others.
FixesARM-software/tf-issues#163
Change-Id: I8c108646825da19a6a8dfb091b613e1dd4ae133c
BL1 RO and RW base address used to be fixed, respectively to the first
address of the Trusted ROM and the first address of the Trusted RAM.
Introduce new platform defines to configure the BL1 RO and RW base
addresses.
Change-Id: If26616513a47798593a4bb845a4b0fb37c867cd6
At present BL3-1 has access to all of the SRAM, including
regions that are mapped as read-only and non-cacheable by other
firmware images.
This patch restricts BL3-1 to only be able to read/write from
memory used for its own data sections
Change-Id: I26cda1b9ba803d91a9eacda768f3ce7032c6db94
Conflicts:
plat/fvp/bl31_plat_setup.c
This patch adds support in the TSP for handling S-EL1 interrupts
handed over by the TSPD. It includes GIC support in its platform port,
updates various statistics related to FIQ handling, exports an entry
point that the TSPD can use to hand over interrupts and defines the
handover protocol w.r.t what context is the TSP expected to preserve
and the state in which the entry point is invoked by the TSPD.
Change-Id: I93b22e5a8133400e4da366f5fc862f871038df39
This patch introduces a set of functions which allow generic firmware
code e.g. the interrupt management framework to access the platform
interrupt controller. APIs for finding the type and id of the highest
pending interrupt, acknowledging and EOIing an interrupt and finding
the security state of an interrupt have been added. It is assumed that
the platform interrupt controller implements the v2.0 of the ARM GIC
architecture specification. Support for v3.0 of the specification for
managing interrupts in EL3 and the platform port will be added in the
future.
Change-Id: Ib3a01c2cf3e3ab27806930f1be79db2b29f91bcf
This patch introduces a framework for registering interrupts routed to
EL3. The interrupt routing model is governed by the SCR_EL3.IRQ and
FIQ bits and the security state an interrupt is generated in. The
framework recognizes three type of interrupts depending upon which
exception level and security state they should be handled in
i.e. Secure EL1 interrupts, Non-secure interrupts and EL3
interrupts. It provides an API and macros that allow a runtime service
to register an handler for a type of interrupt and specify the routing
model. The framework validates the routing model and uses the context
management framework to ensure that it is applied to the SCR_EL3 prior
to entry into the target security state. It saves the handler in
internal data structures. An API is provided to retrieve the handler
when an interrupt of a particular type is asserted. Registration is
expected to be done once by the primary CPU. The same handler and
routing model is used for all CPUs.
Support for EL3 interrupts will be added to the framework in the
future. A makefile flag has been added to allow the FVP port choose
between ARM GIC v2 and v3 support in EL3. The latter version is
currently unsupported.
A framework for handling interrupts in BL3-1 will be introduced in
subsequent patches. The default routing model in the absence of any
handlers expects no interrupts to be routed to EL3.
Change-Id: Idf7c023b34fcd4800a5980f2bef85e4b5c29e649
The TSP used to execute from secure DRAM on the FVPs because there was
not enough space in Trusted SRAM to fit it in. Thanks to recent RAM
usage enhancements being implemented, we have made enough savings for
the TSP to execute in SRAM.
However, there is no contiguous free chunk of SRAM big enough to hold
the TSP. Therefore, the different bootloader images need to be moved
around to reduce memory fragmentation. This patch keeps the overall
memory layout (i.e. keeping BL1 R/W at the bottom, BL2 at the top and
BL3-1 in between) but moves the base addresses of all the bootloader
images in such a way that:
- memory fragmentation is reduced enough to fit BL3-2 in;
- new base addresses are suitable for release builds as well as debug
ones;
- each image has a few extra kilobytes for future growth.
BL3-1 and BL3-2 are the images which received the biggest slice
of the cake since they will most probably grow the most.
A few useful numbers for reference (valid at the time of this patch):
|-----------------------|-------------------------------
| image size (debug) | extra space for the future
--------|-----------------------|-------------------------------
BL1 R/W | 20 KB | 4 KB
BL2 | 44 KB | 4 KB
BL3-1 | 108 KB | 12 KB
BL3-2 | 56 KB | 8 KB
--------|-----------------------|-------------------------------
Total | 228 KB | 28 KB = 256 KB
--------|-----------------------|-------------------------------
Although on FVPs the TSP now executes from Trusted SRAM by default,
this patch keeps the option to execute it from Trusted DRAM. This is
controlled by the build configuration 'TSP_RAM_LOCATION'.
FixesARM-Software/tf-issues#81
Change-Id: Ifb9ef2befa9a2d5ac0813f7f79834df7af992b94
The TSP's linker script used to assume that the TSP would
execute from secure DRAM. Although it is currently the case
on FVPs, platforms are free to use any secure memory they wish.
This patch introduces the flexibility to load the TSP into any
secure memory. The platform code gets to specify the extents of
this memory in the platform header file, as well as the BL3-2 image
limit address. The latter definition allows to check in a generic way
that the BL3-2 image fits in its bounds.
Change-Id: I9450f2d8b32d74bd00b6ce57a0a1542716ab449c
TZC-400 is configured to set the last 16MB of DRAM1 as secure memory and
the rest of DRAM as non-secure. Non-secure software must not attempt to
access the 16MB secure area.
Device tree files (sources and binaries) have been updated to match this
configuration, removing that memory from the Linux physical memory map.
To use UEFI and Linux with this patch, the latest version of UEFI and
the updated device tree files are required. Check the user guide in the
documentation for more details.
Replaced magic numbers with #define for memory region definition in the
platform security initialization function.
FixesARM-software/tf-issues#149
Change-Id: Ia5d070244aae6c5288ea0e6c8e89d92859522bfe
This change adds optional reset vector support to BL3-1
which means BL3-1 entry point can detect cold/warm boot,
initialise primary cpu, set up cci and mail box.
When using BL3-1 as a reset vector it is assumed that
the BL3-1 platform code can determine the location of
the BL3-2 images, or load them as there are no parameters
that can be passed to BL3-1 at reset.
It also fixes the incorrect initialisation of mailbox
registers on the FVP platform
This feature can be enabled by building the code with
make variable RESET_TO_BL31 set as 1
FixesARM-software/TF-issues#133FixesARM-software/TF-issues#20
Change-Id: I4e23939b1c518614b899f549f1e8d412538ee570
The issues addressed in this patch are:
1. Remove meminfo_t from the common interfaces in BL3-x,
expecting that platform code will find a suitable mechanism
to determine the memory extents in these images and provide
it to the BL3-x images.
2. Remove meminfo_t and bl31_plat_params_t from all FVP BL3-x
code as the images use link-time information to determine
memory extents.
meminfo_t is still used by common interface in BL1/BL2 for
loading images
Change-Id: I4e825ebf6f515b59d84dc2bdddf6edbf15e2d60f
This patch is based on spec published at
https://github.com/ARM-software/tf-issues/issues/133
It rearranges the bl31_args struct into
bl31_params and bl31_plat_params which provide the
information needed for Trusted firmware and platform
specific data via x0 and x1
On the FVP platform BL3-1 params and BL3-1 plat params
and its constituents are stored at the start of TZDRAM.
The information about memory availability and size for
BL3-1, BL3-2 and BL3-3 is moved into platform specific data.
Change-Id: I8b32057a3d0dd3968ea26c2541a0714177820da9
This patch reworks the handover interface from: BL1 to BL2 and
BL2 to BL3-1. It removes the raise_el(), change_el(), drop_el()
and run_image() functions as they catered for code paths that were
never exercised.
BL1 calls bl1_run_bl2() to jump into BL2 instead of doing the same
by calling run_image(). Similarly, BL2 issues the SMC to transfer
execution to BL3-1 through BL1 directly. Only x0 and x1 are used
to pass arguments to BL31. These arguments and parameters for
running BL3-1 are passed through a reference to a
'el_change_info_t' structure. They were being passed value in
general purpose registers earlier.
Change-Id: Id4fd019a19a9595de063766d4a66295a2c9307e1
This patch implements the register reporting when unhandled exceptions are
taken in BL3-1. Unhandled exceptions will result in a dump of registers
to the console, before halting execution by that CPU. The Crash Stack,
previously called the Exception Stack, is used for this activity.
This stack is used to preserve the CPU context and runtime stack
contents for debugging and analysis.
This also introduces the per_cpu_ptr_cache, referenced by tpidr_el3,
to provide easy access to some of BL3-1 per-cpu data structures.
Initially, this is used to provide a pointer to the Crash stack.
panic() now prints the the error file and line number in Debug mode
and prints the PC value in release mode.
The Exception Stack is renamed to Crash Stack with this patch.
The original intention of exception stack is no longer valid
since we intend to support several valid exceptions like IRQ
and FIQ in the trusted firmware context. This stack is now
utilized for dumping and reporting the system state when a
crash happens and hence the rename.
FixesARM-software/tf-issues#79 Improve reporting of unhandled exception
Change-Id: I260791dc05536b78547412d147193cdccae7811a
The TZC configuration on FVP was incorrectly allowing both secure
and non-secure accesses to the DRAM, which can cause aliasing
problems for software. It was also not enabling virtio access on
some models.
This patch fixes both of those issues. The patch also enabless
non-secure access to the DDR RAM for all devices with defined IDs.
The third region of DDR RAM has been removed from the configuration
as this is not used in any of the FVP models.
FixesARM-software/tf-issues#150FixesARM-software/tf-issues#151
Change-Id: I60ad5daaf55e14f178affb8afd95d17e7537abd7
Instead of having a single version of the MMU setup functions for all
bootloader images that can execute either in EL3 or in EL1, provide
separate functions for EL1 and EL3. Each bootloader image can then
call the appropriate version of these functions. The aim is to reduce
the amount of code compiled in each BL image by embedding only what's
needed (e.g. BL1 to embed only EL3 variants).
Change-Id: Ib86831d5450cf778ae78c9c1f7553fe91274c2fa
The goal of these macros is to improve code readability by providing
a concise way to check whether we are running in the expected
exception level.
Change-Id: If9aebadfb6299a5196e9a582b442f0971d9909b1
This patch moves console_init() to bl32_early_platform_setup(). It
also ensures that console_init() is called in each
blX_early_platform_setup() function before the console is used
e.g. through a printf call in an assert() statement.
FixesARM-software/TF-issues#127
Change-Id: I5b1f17e0152bab674d807d2a95ff3689c5d4794e
'PL011_BASE' macro is no longer used because the right UART base
address is now directly given to the 'console_init()' function.
This patch removes it.
Change-Id: I94759c99602df4876291a56f9f6a75de337a65ec
Instead of using the system register helper functions to read
or write system registers, assembler coded functions should
use MRS/MSR instructions. This results in faster and more
compact code.
This change replaces all usage of the helper functions with
direct register accesses.
Change-Id: I791d5f11f257010bb3e6a72c6c5ab8779f1982b3
disable_mmu() cannot work as a C function as there is no control
over data accesses generated by the compiler between disabling and
cleaning the data cache. This results in reading stale data from
main memory.
As assembler version is provided for EL3, and a variant that also
disables the instruction cache which is now used by the BL1
exception handling function.
FixesARM-software/tf-issues#147
Change-Id: I0cf394d2579a125a23c2f2989c2e92ace6ddb1a6
The current code does not always use data and instruction
barriers as required by the architecture and frequently uses
barriers excessively due to their inclusion in all of the
write_*() helper functions.
Barriers should be used explicitly in assembler or C code
when modifying processor state that requires the barriers in
order to enable review of correctness of the code.
This patch removes the barriers from the helper functions and
introduces them as necessary elsewhere in the code.
PORTING NOTE: check any port of Trusted Firmware for use of
system register helper functions for reliance on the previous
barrier behaviour and add explicit barriers as necessary.
FixesARM-software/tf-issues#92
Change-Id: Ie63e187404ff10e0bdcb39292dd9066cb84c53bf
Update code base to remove variables from the .data section,
mainly by using const static data where possible and adding
the const specifier as required. Most changes are to the IO
subsystem, including the framework APIs. The FVP power
management code is also affected.
Delay initialization of the global static variable,
next_image_type in bl31_main.c, until it is realy needed.
Doing this moves the variable from the .data to the .bss
section.
Also review the IO interface for inconsistencies, using
uintptr_t where possible instead of void *. Remove the
io_handle and io_dev_handle typedefs, which were
unnecessary, replacing instances with uintptr_t.
FixesARM-software/tf-issues#107.
Change-Id: I085a62197c82410b566e4698e5590063563ed304
Reduce the number of header files included from other header
files as much as possible without splitting the files. Use forward
declarations where possible. This allows removal of some unnecessary
"#ifndef __ASSEMBLY__" statements.
Also, review the .c and .S files for which header files really need
including and reorder the #include statements alphabetically.
FixesARM-software/tf-issues#31
Change-Id: Iec92fb976334c77453e010b60bcf56f3be72bd3e
Add tag names to all unnamed structs in header files. This
allows forward declaration of structs, which is necessary to
reduce header file nesting (to be implemented in a subsequent
commit).
Also change the typedef names across the codebase to use the _t
suffix to be more conformant with the Linux coding style. The
coding style actually prefers us not to use typedefs at all but
this is considered a step too far for Trusted Firmware.
Also change the IO framework structs defintions to use typedef'd
structs to be consistent with the rest of the codebase.
Change-Id: I722b2c86fc0d92e4da3b15e5cab20373dd26786f
Move the function prototypes from gic.h into either gic_v2.h or
gic_v3.h as appropriate. Update the source files to include the
correct headers.
Change-Id: I368cfda175cdcbd3a68f46e2332738ec49048e19
Remove all usage of the vpath keyword in makefiles as it was prone
to mistakes. Specify the relative paths to source files instead.
Also reorder source files in makefiles alphabetically.
FixesARM-software/tf-issues#121
Change-Id: Id15f60655444bae60e0e2165259efac71a50928b
Make codebase consistent in its use of #include "" syntax for
user includes and #include <> syntax for system includes.
FixesARM-software/tf-issues#65
Change-Id: If2f7c4885173b1fd05ac2cde5f1c8a07000c7a33
Move the FVP power driver to a directory under the FVP platform
port as this is not a generically usable driver.
Change-Id: Ibc78bd88752eb3e3964336741488349ac345f4f0
Move almost all system include files to a logical sub-directory
under ./include. The only remaining system include directories
not under ./include are specific to the platform. Move the
corresponding source files to match the include directory
structure.
Also remove pm.h as it is no longer used.
Change-Id: Ie5ea6368ec5fad459f3e8a802ad129135527f0b3
- Use the TrustZone controller on Base FVP to program DRAM access
permissions. By default no access to DRAM is allowed if
'secure memory' is enabled on the Base FVP.
- The Foundation FVP does not have a TrustZone controller but instead
has fixed access permissions.
- Update FDTs for Linux to use timers at the correct security level.
- Starting the FVPs with 'secure memory' disabled is also supported.
Limitations:
Virtio currently uses a reserved NSAID. This will be corrected in
future FVP releases.
Change-Id: I0b6c003a7b5982267815f62bcf6eb82aa4c50a31
Remove redundant code in plat_secondary_cold_boot_setup() in
plat/fvp/aarch64/bl1_plat_helpers.S.
FixesARM-software/tf-issues#136
Change-Id: I98c0a46d95cfea33125e34e609c83dc2c97cd86e
The BL images share common stack management code which provides
one coherent and one cacheable stack for every CPU. BL1 and BL2
just execute on the primary CPU during boot and do not require
the additional CPU stacks. This patch provides separate stack
support code for UP and MP images, substantially reducing the
RAM usage for BL1 and BL2 for the FVP platform.
This patch also provides macros for declaring stacks and
calculating stack base addresses to improve consistency where
this has to be done in the firmware.
The stack allocation source files are now included via
platform.mk rather than the common BLx makefiles. This allows
each platform to select the appropriate MP/UP stack support
for each BL image.
Each platform makefile must be updated when including this
commit.
FixesARM-software/tf-issues#76
Change-Id: Ia251f61b8148ffa73eae3f3711f57b1ffebfa632
Rename the array "mmap" in plat/fvp/aarch64/plat_common.c to
"fvp_mmap", to avoid confusion with the array of the same name
in lib/arch/aarch64/xlat_tables.c
FixesARM-software/tf-issues#114
Change-Id: I61478c0070aa52d5dcf5d85af2f353f56c060cfb
Rename drivers/console/console.c to
drivers/arm/peripherals/pl011/pl011_console.c. This makes it clear
that this is a pl011 specific console implementation.
FixesARM-software/tf-issues#129
Change-Id: Ie2f8109602134c5b86993e32452c70734c45a3ed
BL3-1 architecture setup code programs the system counter frequency
into the CNTFRQ_EL0 register. This frequency is defined by the
platform, though. This patch introduces a new platform hook that
the architecture setup code can call to retrieve this information.
In the ARM FVP port, this returns the first entry of the frequency
modes table from the memory mapped generic timer.
All system counter setup code has been removed from BL1 as some
platforms may not have initialized the system counters at this stage.
The platform specific settings done exclusively in BL1 have been moved
to BL3-1. In the ARM FVP port, this consists in enabling and
initializing the System level generic timer. Also, the frequency change
request in the counter control register has been set to 0 to make it
explicit it's using the base frequency. The CNTCR_FCREQ() macro has been
fixed in this context to give an entry number rather than a bitmask.
In future, when support for firmware update is implemented, there
is a case where BL1 platform specific code will need to program
the counter frequency. This should be implemented at that time.
This patch also updates the relevant documentation.
It properly fixesARM-software/tf-issues#24
Change-Id: If95639b279f75d66ac0576c48a6614b5ccb0e84b
This reverts commit 1c297bf015
because it introduced a bug: the CNTFRQ_EL0 register was no
longer programmed by all CPUs. bl31_platform_setup() function
is invoked only in the cold boot path and consequently only
on the primary cpu.
A subsequent commit will correctly implement the necessary changes
to the counter frequency setup code.
FixesARM-software/tf-issues#125
Conflicts:
docs/firmware-design.md
plat/fvp/bl31_plat_setup.c
Change-Id: Ib584ad7ed069707ac04cf86717f836136ad3ab54
This extends the --gc-sections behaviour to the many assembler
support functions in the firmware images by placing each function
into its own code section. This is achieved by creating a 'func'
macro used to declare each function label.
FixesARM-software/tf-issues#80
Change-Id: I301937b630add292d2dec6d2561a7fcfa6fec690
This patch reworks the console driver to ensure that each bootloader stage
initializes it independently. As a result, both BL3-1 and BL2 platform code
now calls console_init() instead of relying on BL1 to perform console setup
FixesARM-software/tf-issues#120
Change-Id: Ic4d66e0375e40a2fc7434afcabc8bbb4715c14ab
This commit isolates the accessor functions in pl011.c and builds
a wrapper layer for console functions.
This also modifies the console driver to use the pl011 FIFO.
FixesARM-software/tf-issues#63
Change-Id: I3b402171cd14a927831bf5e5d4bb310b6da0e9a8
This patch adds support in the generic PSCI implementation to call a
platform specific function to enter a standby state using an example
implementation in ARM FVP port
FixesARM-software/tf-issues#94
Change-Id: Ic1263fcf25f28e09162ad29dca954125f9aa8cc9
Trusted firmware binaries loaded via semihosting used to be
opened using 'r' mode (i.e. read mode). This is fine on POSIX
conforming systems (including Linux) but for Windows it also means
that the file should be opened in text mode. 'rb' mode must be
specified instead for binary mode. On POSIX conforming systems,
'rb' mode is equivalent to 'r' mode so it does no harm.
FixesARM-software/tf-issues#69
Change-Id: Ifa53f2ecfd765f572dea5dd73191f9fe2b2c2011
Each ARM Trusted Firmware image should know in which EL it is running
and it should use the corresponding register directly instead of reading
currentEL and knowing which asm register to read/write
Change-Id: Ief35630190b6f07c8fbb7ba6cb20db308f002945
Remove the hard coding of all the MMU related registers with 0 and disable MMU
by clearing the M and C bit in SCTLR_ELx
Change-Id: I4a0b1bb14a604734b74c32eb31315d8504a7b8d8
At present, bl1_arch_setup() and bl31_arch_setup() program the counter
frequency using a value from the memory mapped generic timer. The
generic timer however is not necessarily present on all ARM systems
(although it is architected to be present on all server systems).
This patch moves the timer setup to platform-specific code and updates
the relevant documentation. Also, CNTR.FCREQ is set as the specification
requires the bit corresponding to the counter's frequency to be set when
enabling. Since we intend to use the base frequency, set bit 8.
FixesARM-software/tf-issues#24
Change-Id: I32c52cf882253e01f49056f47c58c23e6f422652
This patch removes the 'CPU present' flag that's being set but not
referred or used anywhere else.
Change-Id: Iaf82bdb354134e0b33af16c7ba88eb2259b2682a
FixesARM-software/tf-issues#41
The policy functions for each file to be loaded were implemented by
copy/pasting one method and then varying the data checked.
This patch creates a generic function to check the policy based on the
data stored in a table.
This removes the amount of duplicated code but also makes the code
simpler and more efficient.
Change-Id: I1c52eacf6f18a1442dabbb33edd03d4bb8bbeae0
Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
This change requires all platforms to now specify a list of source files
rather than object files.
New source files should preferably be specified by using the path as
well and we should add this in the future for all files so we can remove
use of vpath. This is desirable because vpath hides issues like the fact
that BL2 currently pulls in a BL1 file bl1/aarch64/early_exceptions.S
and if in the future we added bl2/aarch64/early_exceptions.S then it's
likely only one of the two version would be used for both bootloaders.
This change also removes the 'dump' build target and simply gets
bootloaders to always generate a dump file. At the same time the -x
option is added so the section headers and symbols table are listed.
FixesARM-software/tf-issues#11
Change-Id: Ie38f7be76fed95756c8576cf3f3ea3b7015a18dc
Signed-off-by: Jon Medhurst <tixy@linaro.org>
Make gicd_set_ipriorityr() actually write to the priority register.
Also correct callers of this function which want the highest priority
to use the value zero as this is the highest priority value according
to the ARM Generic Interrupt Controller Architecture Specification.
To make this easier to get right, we introduce defines for the lowest
and highest priorities for secure and non-secure interrupts.
FixesARM-software/tf-issues#21
Signed-off-by: Jon Medhurst <tixy@linaro.org>
The UART used to be initialised in bl1_platform_setup(). This is too
late because there are some calls to the assert() macro, which needs
to print some messages on the console, before that.
This patch moves the UART initialisation code to
bl1_early_platform_setup().
FixesARM-software/tf-issues#49
Change-Id: I98c83a803866372806d2a9c2e1ed80f2ef5b3bcc
At present many recoverable failures are reported as errors. This patch
modifies all such failures to be reported as warnings instead.
Change-Id: I5141653c82498defcada9b90fdf7498ba496b2f2
This patch adds the TSPD service which is responsible for managing
communication between the non-secure state and the Test Secure Payload
(TSP) executing in S-EL1.
The TSPD does the following:
1. Determines the location of the TSP (BL3-2) image and passes control
to it for initialization. This is done by exporting the 'bl32_init()'
function.
2. Receives a structure containing the various entry points into the TSP
image as a response to being initialized. The TSPD uses this
information to determine how the TSP should be entered depending on
the type of operation.
3. Implements a synchronous mechanism for entering into and returning
from the TSP image. This mechanism saves the current C runtime
context on top of the current stack and jumps to the TSP through an
ERET instruction. The TSP issues an SMC to indicate completion of the
previous request. The TSPD restores the saved C runtime context and
resumes TSP execution.
This patch also introduces a Make variable 'SPD' to choose the specific
SPD to include in the build. By default, no SPDs are included in the
build.
Change-Id: I124da5695cdc510999b859a1bf007f4d049e04f3
Co-authored-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch adds a simple TSP as the BL3-2 image. The secure payload
executes in S-EL1. It paves the way for the addition of the TSP
dispatcher runtime service to BL3-1. The TSP and the dispatcher service
will serve as an example of the runtime firmware's ability to toggle
execution between the non-secure and secure states in response to SMC
request from the non-secure state. The TSP will be replaced by a
Trusted OS in a real system.
The TSP also exports a set of handlers which should be called in
response to a PSCI power management event e.g a cpu being suspended or
turned off. For now it runs out of Secure DRAM on the ARM FVP port and
will be moved to Secure SRAM later. The default translation table setup
code assumes that the caller is executing out of secure SRAM. Hence the
TSP exports its own translation table setup function.
The TSP only services Fast SMCs, is non-reentrant and non-interruptible.
It does arithmetic operations on two sets of four operands, one set
supplied by the non-secure client, and the other supplied by the TSP
dispatcher in EL3. It returns the result according to the Secure Monitor
Calling convention standard.
This TSP has two functional entry points:
- An initial, one-time entry point through which the TSP is initialized
and prepares for receiving further requests from secure
monitor/dispatcher
- A fast SMC service entry point through which the TSP dispatcher
requests secure services on behalf of the non-secure client
Change-Id: I24377df53399307e2560a025eb2c82ce98ab3931
Co-authored-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch adds the ability to specify the base address of a UART
device for initialising the console. This allows a boot loader stage
to use a different UART device from UART0 (default) for the console.
Change-Id: Ie60b927389ae26085cfc90d22a564ff83ba62955
This patch factors out the ARM FVP specific code to create MMU
translation tables so that it is possible for a boot loader stage to
create a different set of tables instead of using the default ones.
The default translation tables are created with the assumption that
the calling boot loader stage executes out of secure SRAM. This might
not be true for the BL3_2 stage in the future.
A boot loader stage can define the `fill_xlation_tables()` function as
per its requirements. It returns a reference to the level 1
translation table which is used by the common platform code to setup
the TTBR_EL3.
This patch is a temporary solution before a larger rework of
translation table creation logic is introduced.
Change-Id: I09a075d5da16822ee32a411a9dbe284718fb4ff6
This patch adds the following support to the BL3-1 stage:
1. BL3-1 allows runtime services to specify and determine the security
state of the next image after BL3-1. This has been done by adding
the `bl31_set_next_image_type()` & `bl31_get_next_image_type()`
apis. The default security state is non-secure. The platform api
`bl31_get_next_image_info()` has been modified to let the platform
decide which is the next image in the desired security state.
2. BL3-1 exports the `bl31_prepare_next_image_entry()` function to
program entry into the target security state. It uses the apis
introduced in 1. to do so.
3. BL3-1 reads the information populated by BL2 about the BL3-2 image
into its internal data structures.
4. BL3-1 introduces a weakly defined reference `bl32_init()` to allow
initialisation of a BL3-2 image. A runtime service like the Secure
payload dispatcher will define this function if present.
Change-Id: Icc46dcdb9e475ce6575dd3f9a5dc7a48a83d21d1
This patch adds support for loading a BL3-2 image in BL2. In case a
BL3-2 image is found, it also passes information to BL3-1 about where it
is located and the extents of memory available to it. Information about
memory extents is populated by platform specific code.
The documentation has also been updated to reflect the above changes.
Change-Id: I526b2efb80babebab1318f2b02e319a86d6758b0
Co-authored-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
This patch reworks BL2 to BL3-1 hand over interface by introducing a
composite structure (bl31_args) that holds the superset of information
that needs to be passed from BL2 to BL3-1.
- The extents of secure memory available to BL3-1
- The extents of memory available to BL3-2 (not yet implemented) and
BL3-3
- Information to execute BL3-2 (not yet implemented) and BL3-3 images
This patch also introduces a new platform API (bl2_get_bl31_args_ptr)
that needs to be implemented by the platform code to export reference to
bl31_args structure which has been allocated in platform-defined memory.
The platform will initialize the extents of memory available to BL3-3
during early platform setup in bl31_args structure. This obviates the
need for bl2_get_ns_mem_layout platform API.
BL2 calls the bl2_get_bl31_args_ptr function to get a reference to
bl31_args structure. It uses the 'bl33_meminfo' field of this structure
to load the BL3-3 image. It sets the entry point information for the
BL3-3 image in the 'bl33_image_info' field of this structure. The
reference to this structure is passed to the BL3-1 image.
Also fixes issue ARM-software/tf-issues#25
Change-Id: Ic36426196dd5ebf89e60ff42643bed01b3500517
This patch increases coherent stack size for both debug and release
builds in order to accommodate stack-heavy printf() and extended EL3
functionality
Change-Id: I30ef30530a01517a97e63d703873374828c09f20
This patch moves the translation tables into their own section. This
saves space that would otherwise have been lost in padding due to page
table alignment constraints. The BL31 and BL32 bases have been
consequently adjusted.
Change-Id: Ibd65ae8a5ce4c4ea9a71a794c95bbff40dc63e65
The Firmware Image Package (FIP) driver allows for data to be loaded
from a FIP on platform storage. The FVP supports loading bootloader
images from a FIP located in NOR FLASH.
The implemented FVP policy states that bootloader images will be
loaded from a FIP in NOR FLASH if available and fall back to loading
individual images from semi-hosting.
NOTE:
- BL3-3(e.g. UEFI) is loaded into DRAM and needs to be configured
to run from the BL33_BASE address. This is currently set to
DRAM_BASE+128MB for the FVP.
Change-Id: I2e4821748e3376b5f9e467cf3ec09509e43579a0
The modified implementation uses the IO abstraction rather than
making direct semi-hosting calls. The semi-hosting driver is now
registered for the FVP platform during initialisation of each boot
stage where it is used. Additionally, the FVP platform includes a
straightforward implementation of 'plat_get_image_source' which
provides a generic means for the 'load_image' function to determine
how to access the image data.
Change-Id: Ia34457b471dbee990c7b3c79de7aee4ceea51aa6
This is intended primarily for use as a storage abstraction.
It allows operations such as image-loading to be implemented
in a platform-independent fashion. Each platform registers
a set of IO drivers during initialisation. The platform must
also provide a function that will return a device and a specifier
that can be used to access specified content.
Clients of the API will primarily use device and entity handles.
The term "entity" is deliberately vague, to allow for different
representations of content accessed using different types of
specifier, but will often be interpreted as a "file" where the
specifier will normally be its path.
This commit builds, but is intended to be paired with a sample
implementation of "load_image" using a semi-hosting driver on FVP.
Change-Id: Id3b52f1c0eb9ce76b44b99fc6b6460803668cc86
The last CPU in a cluster is responsible for issuing the cluster power
down request to the FVP power controller. If another CPU in this
cluster wakes up before the last CPU enters WFI then the cluster power
down request remains pending. If this request is not cancelled and the
newly woken up CPU enters a simple WFI later, the power controller
powers the cluster down. This leads to unpredictable behaviour.
This patch fixes this issue by ensuring that the first CPU to wake up
in a cluster writes its MPIDR to the power controller's PPONR. This
cancels any pending cluster power down request.
Change-Id: I7e787adfd6c9a0bd7308390e3309d46f35c01086
The FVP platform has a few filenames that begin with fvp_. These are
renamed to plat_ to make it easier to use the FVP port as a template.
Change-Id: I601e6256d5ef3bae81a2e1f5df6de56db5b27069
Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
Tidy up the spacing of variable definitions within the makefiles to make
them more consistent, easier to read and amend.
Change-Id: Ic6d7c8489ca4330824abb5cd1ead8f1d449d1a85
Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
Move all explicit platform or architecture specific references
into a new platform.mk file that is defined for each platform.
Change-Id: I9d6320d1ba957e0cc8d9b316b3578132331fa428
Signed-off-by: Ryan Harkin <ryan.harkin@linaro.org>
Ctags seem to have a problem with generating tags for assembler symbols
when a comment immediately follows an assembly label.
This patch inserts a single space character between the label
definition and the following comments to help ctags.
The patch is generated by the command:
git ls-files -- \*.S | xargs sed -i 's/^\([^:]\+\):;/\1: ;/1'
Change-Id: If7a3c9d0f51207ea033cc8b8e1b34acaa0926475
The GICv3 distributor can have more ports than CPUs are available in
the system. Probe all re-distributors and use the matching affinity
levels as specified by each core and re-distributor to decide which
re-distributor to use with which CPU core.
If a core cannot be matched with a re-distributor, the core panics and
is placed in an endless loop.
Change-Id: Ie393cfe07c7449a2383959e3c968664882e18afc
GIC setup code which used to be in bl31_plat_setup.c is now in fvp_gic.c
to simplify future changes to other bootloader stages. This patch moves
code from bl31_plat_setup.c to fvp_gic.c, simplifies the include file
list for bl31_plat_setup.c, moves GIC declarations from the bl31.h header
file into the platform.h, and reworks files according to coding style
guide.
Change-Id: I48d82a4ba33e7114dcc88f9ca98767a06cf8f417
ns_entry_info used to be a per-cpu array. This is a waste of space
because it is only accessed by the primary CPU on the cold boot path.
This patch reduces ns_entry_info to a single-cpu area.
Change-Id: I647c70c4e76069560f1aaad37a1d5910f56fba4c
Platform setup code has to reserve some memory for storing the
memory layout information. It is populated in early platform setup
code.
blx_get_sec_mem_layout() functions used to return a copy of this
structure. This patch modifies blx_get_sec_mem_layout() functions
so that they now directly return a pointer to their memory layout
structure. It ensures that the memory layout returned by
blx_get_sec_mem_layout() is always up-to-date and also avoids a
useless copy of the meminfo structure.
Also rename blx_get_sec_mem_layout() to blx_plat_sec_mem_layout()
to make it clear those functions are platform specific.
Change-Id: Ic7a6f9d6b6236b14865ab48a9f5eff545ce56551
In fvp_affinst_on/suspend, the non-secure entrypoint is always
expected to lie in the DRAM. This check will not be valid if
non-secure code executes directly out of flash e.g. a baremetal
test. This patch removes this check.
Change-Id: I0436e1138fc394aae8ff1ea59ebe38b46a440b61
In the previous psci implementation, the psci_afflvl_power_on_finish()
function would run into an error condition if the value of the context
id parameter in the cpu_on and cpu_suspend psci calls was != 0. The
parameter was being restored as the return value of the affinity level
0 finisher function. A non zero context id would be treated as an
error condition. This would prevent successful wake up of the cpu from
a power down state. Also, the contents of the general purpose
registers were not being cleared upon return to the non-secure world
after a cpu power up. This could potentially allow the non-secure
world to view secure data.
This patch ensures that all general purpose registers are set to ~0
prior to the final eret that drops the execution to the non-secure
world. The context id is used to initialize the general purpose
register x0 prior to re-entry into the non-secure world and is no
longer restored as a function return value. A platform helper
(platform_get_stack()) has been introduced to facilitate this change.
Change-Id: I2454911ffd75705d6aa8609a5d250d9b26fa097c
The FVP specific code that gets called after a cpu has been physically
powered on after having been turned off or suspended earlier does not
clear the PWRC.PWKUPR.WEN bit. Not doing so causes problems if: a cpu
is suspended, woken from suspend, powered down through a cpu_off call
& receives a spurious interrupt. Since the WEN bit is not cleared
after the cpu woke up from suspend, the spurious wakeup will power the
cpu on. Since the cpu_off call clears the jump address in the mailbox
this spurious wakeup will cause the cpu to crash.
This patch fixes this issue by clearing the WEN bit whenever a cpu is
powered up.
Change-Id: Ic91f5dffe1ed01d76bc7fc807acf0ecd3e38ce5b
- Add instructions for contributing to ARM Trusted Firmware.
- Update copyright text in all files to acknowledge contributors.
Change-Id: I9311aac81b00c6c167d2f8c889aea403b84450e5
This patch makes sure the C runtime environment is properly
initialised before executing any C code.
- Zero-initialise NOBITS sections (e.g. the bss section).
- Relocate BL1 data from ROM to RAM.
Change-Id: I0da81b417b2f0d1f7ef667cc5131b1e47e22571f
- Check at link-time that bootloader images will fit in memory
at run time and that they won't overlap each other.
- Remove text and rodata orphan sections.
- Define new linker symbols to remove the need for platform setup
code to know the order of sections.
- Reduce the size of the raw binary images by cutting some sections
out of the disk image and allocating them at load time, whenever
possible.
- Rework alignment constraints on sections.
- Remove unused linker symbols.
- Homogenize linker symbols names across all BLs.
- Add some comments in the linker scripts.
Change-Id: I47a328af0ccc7c8ab47fcc0dc6e7dd26160610b9
On FVP platforms, for now it is assumed that the normal-world
bootloader is already sitting in its final memory location.
Therefore, BL2 doesn't need to load it and so it doesn't need
to know the extents of the non-trusted DRAM.
Change-Id: I33177ab43ca242edc8958f2fa8d994e7cf3e0843
Also, don't invalidate the TLBs in disable_mmu() function, it's better
to do it in enable_mmu() function just before actually enabling the
MMU.
Change-Id: Ib32d6660019b0b2c17254156aad4be67ab4970e1
Global and static variables are expected to be initialised to zero
by default. This is specified by the C99 standard. This patch
removes some unnecessary initialisations of such variables.
It fixes a compilation warning at the same time:
plat/fvp/bl31_plat_setup.c:82:3: warning: missing braces around
initializer [-Wmissing-braces]
section("tzfw_coherent_mem"))) = {0};
^
plat/fvp/bl31_plat_setup.c:82:3: warning: (near initialization for
‘ns_entry_info[0]’) [-Wmissing-braces]
Note that GCC should not have emitted this warning message in the
first place. The C Standard permits braces to be elided around
subaggregate initializers. See this GCC bug report:
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=53119
Change-Id: I13cb0c344feb9803bca8819f976377741fa6bc35
blx_plat_arch_setup() should only perform platform-specific
architectural setup, e.g. enabling the MMU. This patch moves
generic architectural setup code out of blx_plat_arch_setup().
Change-Id: I4ccf56b8c4a2fa84909817779a2d97a14aaafab6
