- 24 Jun, 2020 2 commits
-
-
Manish V Badarkhe authored
Cleaned up confused naming between TB_FW and FW_CONFIG. Signed-off-by:
Louis Mayencourt <louis.mayencourt@arm.com> Signed-off-by:
Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I9e9f6e6ca076d38fee0388f97d370431ae067f08
-
Louis Mayencourt authored
fw_config image is authenticated using secure boot framework by adding it into the single root and dual root chain of trust. The COT for fw_config image looks as below: +------------------+ +-------------------+ | ROTPK/ROTPK Hash |------>| Trusted Boot fw | +------------------+ | Certificate | | (Auth Image) | /+-------------------+ / | / | / | / | L v +------------------+ +-------------------+ | fw_config hash |------>| fw_config | | | | (Data Image) | +------------------+ +-------------------+ Signed-off-by:
-
- 22 Jun, 2020 2 commits
-
-
Sandeep Tripathy authored
It is desired to have the peripheral writes completed to clear the interrupt condition and de-assert the interrupt request to GIC before EOI write. Failing which spurious interrupt will occurred. A barrier is needed to ensure peripheral register write transfers are complete before EOI is done. GICv2 memory mapped DEVICE nGnR(n)E writes are ordered from core point of view. However these writes may pass over different interconnects, bridges, buffers leaving some rare chances for the actual write to complete out of order. GICv3 ICC EOI system register writes have no ordering against nGnR(n)E memory writes as they are over different interfaces. Hence a dsb can ensure from core no writes are issued before the previous writes are *complete*. Signed-off-by:Sandeep Tripathy <sandeep.tripathy@broadcom.com> Change-Id: Ie6362009e2f91955be99dca8ece14ade7b4811d6
-
Sheetal Tigadoli authored
Signed-off-by:Sheetal Tigadoli <sheetal.tigadoli@broadcom.com> Change-Id: Iaf6deaeee2069720518221157edbb052bc42850a
-
- 17 Jun, 2020 4 commits
-
-
Etienne Carriere authored
This change implements SCMI channels for reading a SCMI message from a shared memory and call the SCMI message drivers to route the message to the target platform services. SMT refers to the shared memory management protocol which is used to get/put message/response in shared memory. SMT is a 28byte header stating shared memory state and exchanged protocol data. The processing entry for a SCMI message can be a secure interrupt or fastcall SMCCC invocation. SMT description in this implementation is based on the OP-TEE project [1] itself based in the SCP-firmware implementation [2]. Link: [1] https://github.com/OP-TEE/optee_os/commit/a58c4d706d2333d2b21a3eba7e2ec0cb257bca1d Link: [2] https://github.com/ARM-software/SCP-firmware.git Change-Id: I416c7dab5c67954c6fe80bae8d8cdfdcda66873e Signed-off-by:
Etienne Carriere <etienne.carriere@linaro.org>
-
Etienne Carriere authored
Adds SCMI reset domain protocol support in the SCMI message drivers as defined in SCMI specification v2.0 [1]. Not all the messages defined in the specification are supported. scmi_msg_get_rd_handler() sanitizes the message_id value against any speculative use of reset domain ID as a index since by SCMI specification, IDs are indices. This implementation is based on the OP-TEE project implementation [2] itself based on the SCP-firmware implementation [3] of the SCMI protocol server side. Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf Link: [2] https://github.com/OP-TEE/optee_os/commit/56a1f10ed99d683ee3a8af29b6147a59a99ef3e0 Link: [3] https://github.com/ARM-software/SCP-firmware.git Change-Id: If7cf13de40a815dedb40dcd5af8b6bb6725d9078 Signed-off-by:
-
Etienne Carriere authored
Adds SCMI clock protocol support in the SCMI message drivers as defined in SCMI specification v2.0 [1] for clock protocol messages. Platform can provide one of the plat_scmi_clock_*() handler for the supported operations set/get state/rate and others. scmi_msg_get_clock_handler() sanitizes the message_id value against any speculative use of clock ID as a index since by SCMI specification, IDs are indices. This implementation is based on the OP-TEE project implementation [2] itself based on the SCP-firmware implementation [3] of the SCMI protocol server side. Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf Link: [2] https://github.com/OP-TEE/optee_os/commit/a7a9e3ba71dd908aafdc4c5ed9b29b15faa9692d Link: [3] https://github.com/ARM-software/SCP-firmware.git Change-Id: Ib56e096512042d4f7b9563d1e4181554eb8ed02c Signed-off-by:
-
Etienne Carriere authored
This change introduces drivers to allow a platform to create a basic SCMI service and register handlers for client request (SCMI agent) on system resources. This is the first piece of the drivers: an entry function, the SCMI base protocol support and helpers for create the response message. With this change, scmi_process_message() is the entry function to process an incoming SCMI message. The function expect the message is already copied from shared memory into secure memory. The message structure stores message reference and output buffer reference where response message shall be stored. scmi_process_message() calls the SCMI protocol driver according to the protocol ID in the message. The SCMI protocol driver will call defined platform handlers according to the message content. This change introduces only the SCMI base protocol as defined in SCMI specification v2.0 [1]. Not all the messages defined in the specification are supported. The SCMI message implementation is derived from the OP-TEE project [2] itself based on the SCP-firmware implementation [3] of the SCMI protocol server side. Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf Link: [2] https://github.com/OP-TEE/optee_os/commit/ae8c8068098d291e6e55744dbc237ec39fd9840a Link: [3] https://github.com/ARM-software/SCP-firmware/tree/v2.6.0 Change-Id: I639c4154a39fca60606264baf8d32452641f45e9 Signed-off-by:
-
- 09 Jun, 2020 2 commits
-
-
Andre Przywara authored
The only difference between GIC-500 and GIC-600 relevant to TF-A is the differing power management sequence. A certain GIC implementation is detectable at runtime, for instance by checking the IIDR register. Let's add that test before initiating the GIC-600 specific sequence, so the code can be used on both GIC-600 and GIC-500 chips alike, without deciding on a GIC chip at compile time. This means that the GIC-500 "driver" is now redundant. To allow minimal platform support, add a switch to disable GIC-600 support. Change-Id: I17ea97d9fb05874772ebaa13e6678b4ba3415557 Signed-off-by:Andre Przywara <andre.przywara@arm.com>
-
Manish Pandey authored
A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP) owned Secure Partitions(SP). A similar support for Platform owned SP can be added in future. The certificate is also protected against anti- rollback using the trusted Non-Volatile counter. To avoid deviating from TBBR spec, support for SP CoT is only provided in dualroot. Secure Partition content certificate is assigned image ID 31 and SP images follows after it. The CoT for secure partition look like below. +------------------+ +-------------------+ | ROTPK/ROTPK Hash |------>| Trusted Key | +------------------+ | Certificate | | (Auth Image) | /+-------------------+ / | / | / | / | L v +------------------+ +-------------------+ | Trusted World |------>| SiP owned SPs | | Public Key | | Content Cert | +------------------+ | (Auth Image) | / +-------------------+ / | / v| +------------------+ L +-------------------+ | SP_PKG1 Hash |------>| SP_PKG1 | | | | (Data Image) | +------------------+ +-------------------+ . . . . . . +------------------+ +-------------------+ | SP_PKG8 Hash |------>| SP_PKG8 | | | | (Data Image) | +------------------+ +-------------------+ Signed-off-by:Manish Pandey <manish.pandey2@arm.com> Change-Id: Ia31546bac1327a3e0b5d37e8b99c808442d5e53f
-
- 06 Jun, 2020 4 commits
-
-
Alex Leibovich authored
Remove pll powerdown from pll configuration sequence to improve stability. Remove redundant cases, which no longer exist. Also get rid of irrelevant definition of CPU_2200_DDR_1200_RCLK_1200, which is not used by 806/807. Change-Id: If911e7dee003dfb9a42fafd7ffe34662f026fd23 Signed-off-by:Alex Leibovich <alexl@marvell.com>
-
Grzegorz Jaszczyk authored
The mci_initialize function name was misleading. The function itself doesn't initialize MCI in general but performs MCI link tuning for performance improvement. Change-Id: I13094ad2235182a14984035bbe58013ebde84a7e Signed-off-by:Grzegorz Jaszczyk <jaz@semihalf.com>
-
Grzegorz Jaszczyk authored
By default all external CPs start with configuration address space set to 0xf200_0000. To overcome this issue, go in the loop and initialize the CP one by one, using temporary window configuration which allows to access each CP and update its configuration space according to decoding windows scheme defined for each platform. In case of cn9130 after this procedure bellow addresses will be used: CP0 - f2000000 CP1 - f4000000 CP2 - f6000000 When the re-configuration is done there is need to restore previous decoding window configuration(init_io_win). Change-Id: I1a652bfbd0bf7106930a7a4e949094dc9078a981 Signed-off-by: -
Grzegorz Jaszczyk authored
Change-Id: Icb8fe14417665d6aadd5a5ee2b77547b4ef78773 Signed-off-by:
-
- 03 Jun, 2020 1 commit
-
-
Etienne Carriere authored
ETZPC stands for Extended TrustZone Protection Controller. It is a resource conditional access device. It is mainly based on Arm TZPC. ST ETZPC exposes memory mapped DECPROT cells to set access permissions to SoC peripheral interfaces as I2C, SPI, DDR controllers, and some of the SoC internal memories. ST ETZPC exposes memory mapped TZMA cells to set access permissions to some SoC internal memories. Change-Id: I47ce20ffcfb55306dab923153b71e1bcbe2a5570 Co-developed-by:
Yann Gautier <yann.gautier@st.com> Signed-off-by:
Etienne Carriere <etienne.carriere@st.com>
-
- 01 Jun, 2020 1 commit
-
-
Etienne Carriere authored
Changes stm32mp1 reset driver to API to add a timeout argument to stm32mp_reset_assert() and stm32mp_reset_deassert() and a return value. With a supplied timeout, the functions wait the target reset state is reached before returning. With a timeout of zero, the functions simply load target reset state in SoC interface and return without waiting. Helper functions stm32mp_reset_set() and stm32mp_reset_release() use a zero timeout and return without a return code. This change updates few stm32 drivers and plat/stm32mp1 blé_plat_setup.c accordingly without any functional change. functional change. Change-Id: Ia1a73a15125d3055fd8739c125b70bcb9562c27f Signed-off-by:
-
- 19 May, 2020 1 commit
-
-
Manish V Badarkhe authored
CoT used for BL1 and BL2 are moved to tbbr_cot_bl1.c and tbbr_cot_bl2.c respectively. Common CoT used across BL1 and BL2 are moved to tbbr_cot_common.c. Signed-off-by:
-
- 11 May, 2020 1 commit
-
-
Etienne Carriere authored
Oscillators, PLLs and some system clocks can be related straight to a parent clock. Prior this change were only oscillators and few clocks supported by this look up. This changes adds PLLs and other system clocks. This enables for flexible use of clock tree exploration when computing a clock frequency value. Change-Id: I15ec98023a7095e3120a6954de59a4799d92c66b Signed-off-by:
-
- 28 Apr, 2020 1 commit
-
-
Andre Przywara authored
The device tree parsing code for the STM32 platform is using its own FDT helper functions, some of them being rather generic. In particular the existing fdt_read_uint32_array() implementation is now almost identical to the new generic code in fdt_wrappers.c, so we can remove the ST specific version and adjust the existing callers. Compared to the original ST implementation the new version takes a pointer to the DTB as the first argument, and also swaps the order of the number of cells and the pointer. Change-Id: Id06b0f1ba4db1ad1f733be40e82c34f46638551a Signed-off-by:
-
- 07 Apr, 2020 1 commit
-
-
Alexei Fedorov authored
This patch adds support for GICv4 extension. New `GIC_ENABLE_V4_EXTN` option passed to gicv3.mk makefile was added, and enables GICv4 related changes when set to 1. This option defaults to 0. Change-Id: I30ebe1b7a98d3a54863900f37eda4589c707a288 Signed-off-by:Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 06 Apr, 2020 1 commit
-
-
Alexei Fedorov authored
This patch provides support for GICv3.1 extended PPI and SPI range. The option is enabled by setting to 1 and passing `GIC_EXT_INTID` build flag to gicv3.mk makefile. This option defaults to 0 with no extended range support. Change-Id: I7d09086fe22ea531c5df51a8a1efd8928458d394 Signed-off-by:
-
- 03 Apr, 2020 6 commits
-
-
Sheetal Tigadoli authored
Add SPI Nor flash support Change-Id: I0cde3fdb4dcad5bcaf445b3bb48e279332bd28af Signed-off-by: -
Sheetal Tigadoli authored
Add iproc spi driver Change-Id: I652efab1efd9c487974dae9cb9d98b9b8e3759c4 Signed-off-by: -
Sheetal Tigadoli authored
Add emmc driver for Broadcom platforms Change-Id: I126a6dfccd41062cb0b856f2c2fb1f724730b95e Signed-off-by: -
Sheetal Tigadoli authored
Change-Id: Icfef5b6923dc292e637001045a334c499d346fe9 Signed-off-by: -
Sheetal Tigadoli authored
Change-Id: I5daa3f2b4b9d85cb857547a588571a9aa8ad05c2 Signed-off-by: -
Sheetal Tigadoli authored
Signed-off-by:
-
- 02 Apr, 2020 1 commit
-
-
Sandrine Bailleux authored
The chain of trust array is now always accessed through a fconf getter. This gives us an ideal spot to check for out-of-bound accesses. Change-Id: Ic5ea20e43cf8ca959bb7f9b60de7c0839b390add Signed-off-by:Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 01 Apr, 2020 2 commits
-
-
Gilad Ben-Yossef authored
Add Crypto 713 support as crypto module and NVM counter provider. As files under include/drivers/arm/cryptocell/713/ are copied verbatim from the CryptoCell SBROM lib project they are filtered from checkpatch coding style check. Signed-off-by:Gilad Ben-Yossef <gilad@benyossef.com> Change-Id: I7c361772f00ca7d96481f81ac6cbb2704467e52c
-
Scott Branden authored
Add support to retrieve plat_toc_flags value from FIP header flags. plat_toc_flags is for platform specific use. It is stored in FIP header by fiptool using --plat-toc-flags option. Change-Id: Ibadd91b4f28e6503f4426e4efd404bbe512ad124 Signed-off-by:
Scott Branden <scott.branden@broadcom.com> Signed-off-by:
-
- 23 Mar, 2020 1 commit
-
-
Yann Gautier authored
Correct the following warning given by sparse tool: include/drivers/raw_nand.h:158:3: warning: symbol '__packed' was not declared. Should it be static? Change-Id: I03bd9a8aee5cdc5212ce5225be8033f1a6e92bd9 Signed-off-by:
-
- 17 Mar, 2020 1 commit
-
-
Andre Przywara authored
There is really no reason to use and pass around a struct when its only member is the (fixed) base address. Remove the struct and just use the base address on its own inside the GPIO driver. Then set the base address automatically. This simplifies GPIO setup for users, which now don't need to deal with zeroing a struct and setting the base address anymore. Change-Id: I3060f7859e3f8ef9a24cc8fb38307b5da943f127 Signed-off-by:
-
- 10 Mar, 2020 1 commit
-
-
Alexei Fedorov authored
This patch provides separation of GICD, GICR accessor functions and adds new macros for GICv3 registers access as a preparation for GICv3.1 and GICv4 support. NOTE: Platforms need to modify to include both 'gicdv3_helpers.c' and 'gicrv3_helpers.c' instead of the single helper file previously. Change-Id: I1641bd6d217d6eb7d1228be3c4177b2d556da60a Signed-off-by:
-
- 06 Mar, 2020 2 commits
-
-
Sumit Garg authored
TBBR spec advocates for optional encryption of firmwares (see optional requirement: R060_TBBR_FUNCTION). So add an IO abstaction layer to support firmware decryption that can be stacked above any underlying IO/ packaging layer like FIP etc. It aims to provide a framework to load any encrypted IO payload. Also, add plat_get_enc_key_info() to be implemented in a platform specific manner as handling of encryption key may vary from one platform to another. Signed-off-by:Sumit Garg <sumit.garg@linaro.org> Change-Id: I9892e0ddf00ebecb8981301dbfa41ea23e078b03
-
Sumit Garg authored
Add framework for autheticated decryption of data. Currently this patch optionally imports mbedtls library as a backend if build option "DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption using AES-GCM algorithm. Signed-off-by:
-
- 25 Feb, 2020 5 commits
-
-
Andre Przywara authored
Since now the generic console_t structure holds the UART base address as well, let's use that generic location for the coreboot memory console. This removes the base member from the coreboot specific data structure, but keeps the struct console_cbmc_t and its size member. Change-Id: I7f1dffd41392ba3fe5c07090aea761a42313fb5b Signed-off-by: -
Andre Przywara authored
Since now the generic console_t structure holds the UART base address as well, let's use that generic location and drop the UART driver specific data structure at all. Change-Id: I7a23327394d142af4b293ea7ccd90b843c54587c Signed-off-by: -
Andre Przywara authored
Since now the generic console_t structure holds the UART base address as well, let's use that generic location and drop the UART driver specific data structure at all. Change-Id: I07a07677153d3671ced776671e4f107824d3df16 Signed-off-by: -
Andre Przywara authored
*All* UART drivers in TF-A are storing their base address as a uintptr_t pointer in the first location of the UART specific driver data. Since the base address is a pretty natural and generic data item, we should integrate this into the generic console_t structure. That will not only allow to remove a lot of seemingly UART specific data structures, but also enables to simplify runtime choices between different UARTs, since they can share the same pointer. This patch just adds the new member, the existing data structures will be handled on a per-UART base in follow-up patches. Change-Id: I59ce49471ccc8f3b870f2cfd8a72ebfd0cb14d12 Signed-off-by: -
Andre Przywara authored
Since now the generic console_t structure holds the UART base address as well, let's use that generic location and drop the UART driver specific data structure at all. Change-Id: I9f8b55414ab7965e431e3e86d182eabd511f32a4 Signed-off-by:
-
