GitLab

The BL3-1 firmware code is stored in TZSRAM on Tegra194 platforms. This
memory loses power when we enter System Suspend and so its contents are
stored to TZDRAM, before entry. This opens up an attack vector where the
TZDRAM contents might be tampered with when we are in the System Suspend
mode. To mitigate this attack the SE engine calculates the hash of entire
TZSRAM and stores it in PMC scratch, before we copy data to TZDRAM. The
WB0 code will validate the TZDRAM and match the hash with the one in PMC
scratch.

This patch adds driver for the SE engine, with APIs to calculate the hash
and store to PMC scratch registers.

Change-Id: I04cc0eb7f54c69d64b6c34fc2ff62e4cfbdd43b2
Signed-off-by: Jeetesh Burman <jburman@nvidia.com>

This patch saves the TZDRAM base and size values to secure scratch
registers, for the WB0. The WB0 reads these values and uses them to
verify integrity of the TZDRAM aperture.

Change-Id: I2f5fd11c87804d20e2698de33be977991c9f6f33
Signed-off-by: Jeetesh Burman <jburman@nvidia.com>

armclang displays warnings for extra parentheses, leading to
build failures as warnings are treated as errors.
This patch removes the extra parentheses to fix this issue.

Change-Id: Id2fd6a3086590436eecabc55502f40752a018131
Signed-off-by: Kalyani Chidambaram <kalyanic@nvidia.com>

Change-Id: I9b69f2731b0d43ead4cacfa9844c6137c57f5aec
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

* changes:
  stm32mp1: platform.mk: support generating multiple images in one build
  stm32mp1: platform.mk: migrate to implicit rules
  stm32mp1: platform.mk: derive map file name from target name
  stm32mp1: platform.mk: generate linker script with fixed name
  stm32mp1: platform.mk: use PHONY for the appropriate targets

* changes:
  Factor xlat_table sections in linker scripts out into a header file
  xlat_tables_v2: use ARRAY_SIZE in REGISTER_XLAT_CONTEXT_FULL_SPEC
  xlat_tables_v2: merge REGISTER_XLAT_CONTEXT_{FULL_SPEC,RO_BASE_TABLE}

TF-A has so many linker scripts, at least one linker script for each BL
image, and some platforms have their own ones. They duplicate quite
similar code (and comments).

When we add some changes to linker scripts, we end up with touching
so many files. This is not nice in the maintainability perspective.

When you look at Linux kernel, the common code is macrofied in
include/asm-generic/vmlinux.lds.h, which is included from each arch
linker script, arch/*/kernel/vmlinux.lds.S

TF-A can follow this approach. Let's factor out the common code into
include/common/bl_common.ld.h

As a start point, this commit factors out the xlat_table section.

Change-Id: Ifa369e9b48e8e12702535d721cc2a16d12397895
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

With this, it is clearer that .base_table_entries and .tables_num
are the array size of .base_table and .tables, respectively.

Change-Id: I634e65aba835ab9908cc3919355df6bc6e18d42a
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

xlat_tables_v2_helpers.h defines two quite similar macros,
REGISTER_XLAT_CONTEXT_FULL_SPEC and REGISTER_XLAT_CONTEXT_RO_BASE_TABLE.

Only the difference is the section of _ctx_name##_base_xlat_table.

Parameterize it and unify these two macros.

The base xlat table goes into the .bss section by default.
If PLAT_RO_XLAT_TABLES is defined, it goes into the .rodata section.

Change-Id: I8b02f4da98f0c272e348a200cebd89f479099c55
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

* changes:
  plat/arm: Pass cookie argument down to arm_get_rotpk_info()
  plat/arm: Add support for dualroot CoT
  plat/arm: Provide some PROTK files for development

* changes:
  Build system: Changes to drive cert_create for dualroot CoT
  cert_create: Define the dualroot CoT
  Introduce a new "dualroot" chain of trust

This patch provides separation of GICD, GICR accessor
functions and adds new macros for GICv3 registers access
as a preparation for GICv3.1 and GICv4 support.
NOTE: Platforms need to modify to include both
'gicdv3_helpers.c' and 'gicrv3_helpers.c' instead of the
single helper file previously.

Change-Id: I1641bd6d217d6eb7d1228be3c4177b2d556da60a
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

* changes:
  Tegra186: store TZDRAM base/size to scratch registers
  Tegra186: add SE support to generate SHA256 of TZRAM
  Tegra186: add support for bpmp_ipc driver
  Tegra210: disable ERRATA_A57_829520
  Tegra194: memctrl: add support for MIU4 and MIU5
  Tegra194: memctrl: remove support to reconfigure MSS
  Tegra: fiq_glue: remove bakery locks from interrupt handler
  Tegra210: SE: add context save support
  Tegra210: update the PMC blacklisted registers
  Tegra: disable CPUACTLR access from lower exception levels
  cpus: denver: fixup register used to store return address

This patch saves the TZDRAM base and size values to secure scratch
registers, for the WB0. The WB0 reads these values and uses them to
verify integrity of the TZDRAM aperture.

Change-Id: Ic70914cb958249f06cb58025a24d13734a85e16e
Signed-off-by: Jeetesh Burman <jburman@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

The BL3-1 firmware code is stored in TZSRAM on Tegra186 platforms. This
memory loses power when we enter System Suspend and so its contents are
stored to TZDRAM, before entry. This opens up an attack vector where the
TZDRAM contents might be tampered with when we are in the System Suspend
mode. To mitigate this attack the SE engine calculates the hash of entire
TZSRAM and stores it in PMC scratch, before we copy data to TZDRAM. The
WB0 code will validate the TZDRAM and match the hash with the one in PMC
scratch.

This patch adds driver for the SE engine, with APIs to calculate the hash
and store SE SHA256 hash-result to PMC scratch registers.

Change-Id: Ib487d5629225d3d99bd35d44f0402d6d3cf27ddf
Signed-off-by: Jeetesh Burman <jburman@nvidia.com>

This patch enables the bpmp-ipc driver for Tegra186 platforms,
to ask BPMP firmware to toggle SE clock.

Change-Id: Ie63587346c4d9b7e54767dbee17d0139fa2818ae
Signed-off-by: Jeetesh Burman <jburman@nvidia.com>

ERRATA_A57_829520 disables "indirect branch prediction" for
EL1 on cpu reset, leading to 15% drop in CPU performance
with coremark benchmarks.

Tegra210 already has a hardware fix for ARM BUG#829520,so
this errata is not needed.

This patch disables the errata to get increased performance
numbers.

Change-Id: I0b42e8badd19a8101f6a55d80eb2d953597d3c20
Signed-off-by: Mithun Maragiri <mmaragiri@nvidia.com>

This patch adds support for memqual miu 4,5.

The MEMQUAL engine has miu0 to miu7 in which miu6 and
miu7 is hardwired to bypass SMMU. So only miu0 to miu5
support is provided.

Change-Id: Ib350334eec521e65f395f1c3205e2cdaf464ebea
Signed-off-by: Pravin <pt@nvidia.com>

As bpmp-fw is running at the same time as ATF, and
the mss client reconfiguration sequence involves performing
a hot flush resets on bpmp, there is a chance that bpmp-fw is
trying to perform accesses while the hot flush is active.

Therefore, the mss client reconfigure has been moved to
System Suspend resume fw and bootloader, and it can be
removed from here.

Change-Id: I34019ad12abea9681f5e180af6bc86f2c4c6fc74
Signed-off-by: Stefan Kristiansson <stefank@nvidia.com>

This patch removes usage of bakery_locks from the FIQ handler, as it
creates unnecessary dependency whenever the watchdog timer interrupt
fires. All operations inside the interrupt handler are 'reads', so
no need for serialization.

Change-Id: I3f675e610e4dabc5b1435fdd24bc28e424f5a8e4
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

Tegra210B01 SoCs support atomic context save for the two SE
hardware engines. Tegra210 SoCs have support for only one SE
engine and support a software based save/restore mechanism
instead.

This patch updates the SE driver to make this change.

Change-Id: Ia5e5ed75d0fe011f17809684bbc2ed2338925946
Signed-off-by: Harvey Hsieh <hhsieh@nvidia.com>

Update the list to include PMC registers that the NS world cannot
access even with smc calls.

Change-Id: I588179b56ebc0c29200b55e6d61535fd3a7a3b7e
Signed-off-by: kalyani chidambaram <kalyanic@nvidia.com>

This patch resets the macros to update the CPUACTLR_ELx to make
them generic for all exception levels.

Change-Id: I33e9b860efb543934b654a2f5d775135df7f1aa6
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

The denver_enable_dco and denver_disable_dco use register X3 to store
the return address. But X3 gets over-written by other functions,
downstream.

This patch stores the return address to X18 instead, to fix this
anomaly.

Change-Id: Ic40bfc1d9abaa7b90348843b9ecd09521bb4ee7b
Signed-off-by: Kalyani Chidambaram <kalyanic@nvidia.com>

* changes:
  docs: qemu: Add instructions to boot using FIP image
  docs: Update docs with firmware encryption feature
  qemu: Support optional encryption of BL31 and BL32 images
  qemu: Update flash address map to keep FIP in secure FLASH0
  Makefile: Add support to optionally encrypt BL31 and BL32
  tools: Add firmware authenticated encryption tool
  TBB: Add an IO abstraction layer to load encrypted firmwares
  drivers: crypto: Add authenticated decryption framework

Update qemu documentation with instructions to boot using FIP image.
Also, add option to build TF-A with TBBR and firmware encryption
enabled.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: Ib3af485d413cd595352034c82c2268d7f4cb120a

Update documentation with optional firmware encryption feature.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I26691b18e1ee52a73090954260f26f2865c4e05a

Include x509.h header file explicitly. Update docs.

Change-Id: If2e52c2cd3056654406b7b6779b67eea5cc04a48
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

In CPU resume function, CPU suspend count was printed instead of CPU
resume count.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I0c081dc03a4ccfb2129687f690667c5ceed00a5f