1. 06 Mar, 2020 4 commits
  2. 05 Mar, 2020 2 commits
  3. 04 Mar, 2020 1 commit
    • Manish Pandey's avatar
      SPMD: loading Secure Partition payloads · cb3b5344
      Manish Pandey authored
      
      
      This patch implements loading of Secure Partition packages using
      existing framework of loading other bl images.
      
      The current framework uses a statically defined array to store all the
      possible image types and at run time generates a link list and traverse
      through it to load different images.
      
      To load SPs, a new array of fixed size is introduced which will be
      dynamically populated based on number of SPs available in the system
      and it will be appended to the loadable images list.
      
      Change-Id: I8309f63595f2a71b28a73b922d20ccba9c4f6ae4
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      cb3b5344
  4. 03 Mar, 2020 4 commits
  5. 27 Feb, 2020 2 commits
  6. 26 Feb, 2020 1 commit
    • Masahiro Yamada's avatar
      uniphier: prepare uniphier_soc_info() for next SoC · dd53cfe1
      Masahiro Yamada authored
      
      
      The revision register address will be changed in the next SoC.
      
      The LSI revision is needed in order to know where the revision
      register is located, but you need to read out the revision
      register for that. This is impossible.
      
      We need to know the revision register address by other means.
      Use BL_CODE_BASE, where the base address of the TF image that is
      currently running. If it is bigger than 0x80000000 (i.e. the DRAM
      base is 0x80000000), we assume it is a legacy SoC.
      
      Change-Id: I9d7f4325fe2085a8a1ab5310025e5948da611256
      Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      dd53cfe1
  7. 25 Feb, 2020 15 commits
  8. 24 Feb, 2020 2 commits
    • Petre-Ionut Tudor's avatar
      Read-only xlat tables for BL31 memory · 60e8f3cf
      Petre-Ionut Tudor authored
      
      
      This patch introduces a build flag which allows the xlat tables
      to be mapped in a read-only region within BL31 memory. It makes it
      much harder for someone who has acquired the ability to write to
      arbitrary secure memory addresses to gain control of the
      translation tables.
      
      The memory attributes of the descriptors describing the tables
      themselves are changed to read-only secure data. This change
      happens at the end of BL31 runtime setup. Until this point, the
      tables have read-write permissions. This gives a window of
      opportunity for changes to be made to the tables with the MMU on
      (e.g. reclaiming init code). No changes can be made to the tables
      with the MMU turned on from this point onwards. This change is also
      enabled for sp_min and tspd.
      
      To make all this possible, the base table was moved to .rodata. The
      penalty we pay is that now .rodata must be aligned to the size of
      the base table (512B alignment). Still, this is better than putting
      the base table with the higher level tables in the xlat_table
      section, as that would cost us a full 4KB page.
      
      Changing the tables from read-write to read-only cannot be done with
      the MMU on, as the break-before-make sequence would invalidate the
      descriptor which resolves the level 3 page table where that very
      descriptor is located. This would make the translation required for
      writing the changes impossible, generating an MMU fault.
      
      The caches are also flushed.
      Signed-off-by: default avatarPetre-Ionut Tudor <petre-ionut.tudor@arm.com>
      Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
      60e8f3cf
    • Julius Werner's avatar
      mt8173: Add support for new watchdog SMC · e9cf1bcc
      Julius Werner authored
      
      
      This patch adds support for a new SMC that can be used to control the
      watchdog. This allows for a cleaner separation of responsibilities where
      all watchdog operations have to go through Trusted Firmware and we could
      no longer have kernel and firmware poking concurrently at the same
      register block.
      Signed-off-by: default avatarJulius Werner <jwerner@chromium.org>
      Signed-off-by: default avatarEvan Benn <evanbenn@chromium.org>
      Change-Id: I4844a3559d5c956a53a74a61dd5bc2956f0cce7b
      e9cf1bcc
  9. 20 Feb, 2020 9 commits
    • Varun Wadekar's avatar
      Tegra: spe: uninit console on a timeout · 8a47fe43
      Varun Wadekar authored
      
      
      There are chances a denial-of-service attack, if an attacker
      removes the SPE firmware from the system. The console driver
      would end up waiting for the firmware to respond indefinitely.
      The console driver must detect such scenarios and uninit the
      interface as a result.
      
      This patch adds a timeout to the interaction with the SPE
      firmware and uninits the interface if it times out.
      
      Change-Id: I06f27a858baed25711d41105b4110865f1a01727
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      8a47fe43
    • Varun Wadekar's avatar
      Tegra: handler to check support for System Suspend · 5d52aea8
      Varun Wadekar authored
      
      
      Tegra210 SoCs need the sc7entry-fw to enter System Suspend mode,
      but there might be certain boards that do not have this firmware
      blob. To stop the NS world from issuing System suspend entry
      commands on such devices, we ned to disable System Suspend from
      the PSCI "features".
      
      This patch removes the System suspend handler from the Tegra PSCI
      ops, so that the framework will disable support for "System Suspend"
      from the PSCI "features".
      
      Original change by: kalyani chidambaram <kalyanic@nvidia.com>
      
      Change-Id: Ie029f82f55990a8b3a6debb73e95e0e218bfd1f5
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      5d52aea8
    • Varun Wadekar's avatar
      Tegra: bpmp_ipc: improve cyclomatic complexity · 21368290
      Varun Wadekar authored
      
      
      Code complexity is a good indication of maintainability versus
      testability of a piece of software.
      
      ISO26262 introduces the following thresholds:
      
          complexity < 10 is accepted
          10 <= complexity < 20 has to be justified
          complexity >= 20 cannot be accepted
      
      Rationale is that number of test cases to fully test a piece of
      software can (depending on the coverage metrics) grow exponentially
      with the number of branches in the software.
      
      This patch removes redundant conditionals from 'ipc_send_req_atomic'
      handler to reduce the McCabe Cyclomatic Complexity for this function
      
      Change-Id: I20fef79a771301e1c824aea72a45ff83f97591d5
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      21368290
    • Varun Wadekar's avatar
      Tegra: platform handler to relocate BL32 image · 6f47acdb
      Varun Wadekar authored
      
      
      This patch provides platforms an opportunity to relocate the
      BL32 image, during cold boot. Tegra186 platforms, for example,
      relocate BL32 images to TZDRAM memory as the previous bootloader
      relies on BL31 to do so.
      
      Change-Id: Ibb864901e43aca5bf55d8c79e918b598c12e8a28
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      6f47acdb
    • Varun Wadekar's avatar
      Tegra: common: improve cyclomatic complexity · ee21281a
      Varun Wadekar authored
      
      
      Code complexity is a good indication of maintainability versus
      testability of a piece of software.
      
      ISO26262 introduces the following thresholds:
      
          complexity < 10 is accepted
          10 <= complexity < 20 has to be justified
          complexity >= 20 cannot be accepted
      
      Rationale is that number of test cases to fully test a piece of
      software can (depending on the coverage metrics) grow exponentially
      with the number of branches in the software.
      
      This patch removes redundant conditionals from 'bl31_early_platform_setup'
      handler to reduce the McCabe Cyclomatic Complexity for this function.
      
      Change-Id: Ifb628e33269b388f9323639cd97db761a7e049c4
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      ee21281a
    • kalyani chidambaram's avatar
      Tegra210: secure PMC hardware block · 37f76024
      kalyani chidambaram authored
      
      
      This patch sets the "secure" bit to mark the PMC hardware block
      as accessible only from the secure world. This setting must be
      programmed during cold boot and System Resume.
      
      The sc7entry-fw, running on the COP, needs access to the PMC block
      to enter System Suspend state, so "unlock" the PMC block before
      passing control to the COP.
      
      Change-Id: I00e39a49ae6b9f8c8eafe0cf7ff63fe6a67fdccf
      Signed-off-by: default avatarkalyani chidambaram <kalyanic@nvidia.com>
      37f76024
    • Varun Wadekar's avatar
      Tegra: delay_timer: support for physical secure timer · dd4f0885
      Varun Wadekar authored
      
      
      This patch modifies the delay timer driver to switch to the ARM
      secure physical timer instead of using Tegra's on-chip uS timer.
      
      The secure timer is not accessible to the NS world and so eliminates
      an important attack vector, where the Tegra timer source gets switched
      off from the NS world leading to a DoS attack for the trusted world.
      
      This timer is shared with the S-EL1 layer for now, but later patches
      will mark it as exclusive to the EL3 exception mode.
      
      Change-Id: I2c00f8cb4c48b25578971c626c314603906ad7cc
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      dd4f0885
    • Varun Wadekar's avatar
      include: move MHZ_TICKS_PER_SEC to utils_def.h · d4b29105
      Varun Wadekar authored
      
      
      This patch moves the MHZ_TICKS_PER_SEC macro to utils_def.h
      for other platforms to use.
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      Change-Id: I6c4dc733f548d73cfdb3515ec9ad89a9efaf4407
      d4b29105
    • Pritesh Raithatha's avatar
      Tegra194: memctrl: lock mc stream id security config · 56e7d6a7
      Pritesh Raithatha authored
      
      
      This patch locks most of the stream id security config registers as
      per HW guidance.
      
      This patch keeps the stream id configs unlocked for the following
      clients, to allow some platforms to still function, until they make
      the transition to the latest guidance.
      
      - ISPRA
      - ISPFALR
      - ISPFALW
      - ISPWA
      - ISPWA1
      - ISPWB
      - XUSB_DEVR
      - XUSB_DEVW
      - XUSB_HOSTR
      - XUSB_HOSTW
      - VIW
      - VIFALR
      - VIFALW
      
      Change-Id: I66192b228a0a237035938f498babc0325764d5df
      Signed-off-by: default avatarPritesh Raithatha <praithatha@nvidia.com>
      56e7d6a7