- 06 Mar, 2020 4 commits
-
-
Masahiro Yamada authored
Currently, the ROM region is needlessly too large. The on-chip SRAM region of the next SoC will start from 0x04000000, and this will cause the region overlap. Mapping 0x04000000 for the ROM is enough. Change-Id: I85ce0bb1120ebff2e3bc7fd13dc0fd15dfff5ff6 Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
Sumit Garg authored
Enable encryption IO layer to be stacked above FIP IO layer for optional encryption of Bl31 and BL32 images in case ENCRYPT_BL31 or ENCRYPT_BL32 build flag is set. Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Change-Id: I24cba64728861e833abffc3d5d9807599c49feb6
-
Sumit Garg authored
Secure FLASH0 memory map looks like: - Offset: 0 to 256K -> bl1.bin - Offset: 256K to 4.25M -> fip.bin FLASH1 is normally used via UEFI/edk2 to keep varstore. Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Change-Id: I6883f556c22d6a5d3fa3846c703bebc2abe36765
-
Sumit Garg authored
TBBR spec advocates for optional encryption of firmwares (see optional requirement: R060_TBBR_FUNCTION). So add an IO abstaction layer to support firmware decryption that can be stacked above any underlying IO/ packaging layer like FIP etc. It aims to provide a framework to load any encrypted IO payload. Also, add plat_get_enc_key_info() to be implemented in a platform specific manner as handling of encryption key may vary from one platform to another. Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Change-Id: I9892e0ddf00ebecb8981301dbfa41ea23e078b03
-
- 05 Mar, 2020 2 commits
-
-
Andre Przywara authored
Since commit ac71344e we have the UART base address in the generic console_t structure. For most platforms the platform-specific struct console is gone, so we *must* use the embedded base address, since there is no storage behind the generic console_t anymore. Replace the usage of CONSOLE_T_DRVDATA with CONSOLE_T_BASE to fix this. Change-Id: I6d2ab0bc2c845c71f98b9dd64d89eef3252f4591 Reported-by: Varun Wadekar <vwadekar@nvidia.com> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Varun Wadekar authored
Commit ac71344e moved the base address for the MMIO aperture of the console inside the console_t struct. As a result, the driver should now save the MMIO base address to console_t at offset marked by the CONSOLE_T_BASE macro. This patch updates the SPE console driver to use the CONSOLE_T_BASE macro to save/access the MMIO base address. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com> Change-Id: I42afc2608372687832932269108ed642f218fd40
-
- 04 Mar, 2020 1 commit
-
-
Manish Pandey authored
This patch implements loading of Secure Partition packages using existing framework of loading other bl images. The current framework uses a statically defined array to store all the possible image types and at run time generates a link list and traverse through it to load different images. To load SPs, a new array of fixed size is introduced which will be dynamically populated based on number of SPs available in the system and it will be appended to the loadable images list. Change-Id: I8309f63595f2a71b28a73b922d20ccba9c4f6ae4 Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
-
- 03 Mar, 2020 4 commits
-
-
Max Shvetsov authored
Added SPMD_SPM_AT_SEL2 build command line parameter. Set to 1 to run SPM at S-EL2. Set to 0 to run SPM at S-EL1 (pre-v8.4 or S-EL2 is disabled). Removed runtime EL from SPM core manifest. Change-Id: Icb4f5ea4c800f266880db1d410d63fe27a1171c0 Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com> Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
Max Shvetsov authored
Renamed the structure according to a SPMD refactoring introduced in <c585d07aa> since this structure is used to service both EL1 and EL2 as opposed to serving only EL1. Change-Id: I23b7c089e53f617157a4b4e6443acce50d85c3b5 Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
Manish Pandey authored
Add load address and UUID in fw config dts for Cactus and Ivy which are example SP's in tf-test repository. For prototype purpose these information is added manually but later on it will be updated at compile time from SP layout file and SP manifests provided by platform. Change-Id: I41f485e0245d882c7b514bad41fae34036597ce4 Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
-
Olivier Deprez authored
Use the firmware configuration framework to retrieve information about Secure Partitions to facilitate loading them into memory. To load a SP image we need UUID look-up into FIP and the load address where it needs to be loaded in memory. This patch introduces a SP populator function which gets UUID and load address from firmware config device tree and updates its C data structure. Change-Id: I17faec41803df9a76712dcc8b67cadb1c9daf8cd Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
-
- 27 Feb, 2020 2 commits
-
-
Louis Mayencourt authored
MISRA C-2012 Rule 20.7: Macro parameter expands into an expression without being wrapped by parentheses. MISRA C-2012 Rule 12.1: Missing explicit parentheses on sub-expression. MISRA C-2012 Rule 18.4: Essential type of the left hand operand is not the same as that of the right operand. Include does not provide any needed symbols. Change-Id: Ie1c6451cfbc8f519146c28b2cf15c50b1f36adc8 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
-
Abdul Halim, Muhammad Hadi Asyrafi authored
Modify RSU driver error code for backward-compatibility with Linux RSU driver Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com> Change-Id: Ib9e38d4017efe35d3aceeee27dce451fbd429fb5
-
- 26 Feb, 2020 1 commit
-
-
Masahiro Yamada authored
The revision register address will be changed in the next SoC. The LSI revision is needed in order to know where the revision register is located, but you need to read out the revision register for that. This is impossible. We need to know the revision register address by other means. Use BL_CODE_BASE, where the base address of the TF image that is currently running. If it is bigger than 0x80000000 (i.e. the DRAM base is 0x80000000), we assume it is a legacy SoC. Change-Id: I9d7f4325fe2085a8a1ab5310025e5948da611256 Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 25 Feb, 2020 15 commits
-
-
Alexei Fedorov authored
This patch fixes incorrect setting for DEVICE1_SIZE for FVP platforms with more than 8 PEs. The current value of 0x200000 supports only 8 PEs and causes exception for FVP platforms with the greater number of PEs, e.g. FVP_Base_Cortex_A65AEx8 with 16 PEs in one cluster. Change-Id: Ie6391509fe6eeafb8ba779303636cd762e7d21b2 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
Andre Przywara authored
Now that different UARTs share the same console_t struct, we can simplify the console selection for the Marvell platforms: We share the same console_t pointers, just change the name of the console register functions, depending on the selected platform. Change-Id: I6fe3e49fd7f208a9b3372c5deef43236a12867bc Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Andre Przywara authored
Since now the generic console_t structure holds the UART base address as well, let's use that generic location and drop the UART driver specific data structure at all. Change-Id: I7a23327394d142af4b293ea7ccd90b843c54587c Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Andre Przywara authored
Since now the generic console_t structure holds the UART base address as well, let's use that generic location and drop the UART driver specific data structure at all. Change-Id: I07a07677153d3671ced776671e4f107824d3df16 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Andre Przywara authored
Since now the generic console_t structure holds the UART base address as well, let's use that generic location and drop the UART driver specific data structure at all. Change-Id: Ia9d996bb45ff3a7f1b240f12fd75805b48a048e9 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Andre Przywara authored
Since now the generic console_t structure holds the UART base address as well, let's use that generic location and drop the UART driver specific data structure at all. Change-Id: I75dbfafb67849833b3f7b5047e237651e3f553cd Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Andre Przywara authored
Since now the generic console_t structure holds the UART base address as well, let's use that generic location and drop the UART driver specific data structure at all. Change-Id: I9f8b55414ab7965e431e3e86d182eabd511f32a4 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Andre Przywara authored
Since now the generic console_t structure holds the UART base address as well, let's use that generic location and drop the UART driver specific data structure at all. Change-Id: Ifd6aff1064ba1c3c029cdd8a83f715f7a9976db5 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Andre Przywara authored
Since now the generic console_t structure holds the UART base address as well, let's use that generic location and drop the UART driver specific data structure at all. Change-Id: Iea6ca26ff4903c33f0fad27fec96fdbabd4e0a91 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Andre Przywara authored
Since now the generic console_t structure holds the UART base address as well, let's use that generic location and drop the UART driver specific data structure at all. Change-Id: I836e26ff1771abf21fd460d0ee40e90a452e9b43 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Andre Przywara authored
Since now the generic console_t structure holds the UART base address as well, let's use that generic location and drop the UART driver specific data structure at all. Change-Id: I89c3ab2ed85ab941d8b38ced48474feb4aaa8b7e Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Andre Przywara authored
Since now the generic console_t structure holds the UART base address as well, let's use that generic location and drop the UART driver specific data structure at all. Change-Id: I5c2fe3b6a667acf80c808cfec4a64059a2c9c25f Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Andre Przywara authored
Since now the generic console_t structure holds the UART base address as well, let's use that generic location and drop the UART driver specific data structure at all. Change-Id: I058f793e4024fa7291e432f5be374a77faf16f36 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Abdul Halim, Muhammad Hadi Asyrafi authored
This patch comes as fixes for 'intel: Fix Coverity Scan Defects' patch. Revert changing argument type from uint32_t to uint64_t to fix incompatible cast issue. Fix said bug by using intermediate uint32_t array as a more appropriate solution. Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com> Change-Id: I344cdabd432cf0a0389b225c934b35d12f4c631d
-
Tien Hock, Loh authored
This initializes the EMAC PHY in both Stratix 10 and Agilex, without this, EMAC PHY wouldn't work correctly. Change-Id: I7e6b9e88fd9ef472884fcf648e6001fcb7549ae6 Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
-
- 24 Feb, 2020 2 commits
-
-
Petre-Ionut Tudor authored
This patch introduces a build flag which allows the xlat tables to be mapped in a read-only region within BL31 memory. It makes it much harder for someone who has acquired the ability to write to arbitrary secure memory addresses to gain control of the translation tables. The memory attributes of the descriptors describing the tables themselves are changed to read-only secure data. This change happens at the end of BL31 runtime setup. Until this point, the tables have read-write permissions. This gives a window of opportunity for changes to be made to the tables with the MMU on (e.g. reclaiming init code). No changes can be made to the tables with the MMU turned on from this point onwards. This change is also enabled for sp_min and tspd. To make all this possible, the base table was moved to .rodata. The penalty we pay is that now .rodata must be aligned to the size of the base table (512B alignment). Still, this is better than putting the base table with the higher level tables in the xlat_table section, as that would cost us a full 4KB page. Changing the tables from read-write to read-only cannot be done with the MMU on, as the break-before-make sequence would invalidate the descriptor which resolves the level 3 page table where that very descriptor is located. This would make the translation required for writing the changes impossible, generating an MMU fault. The caches are also flushed. Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com> Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
-
Julius Werner authored
This patch adds support for a new SMC that can be used to control the watchdog. This allows for a cleaner separation of responsibilities where all watchdog operations have to go through Trusted Firmware and we could no longer have kernel and firmware poking concurrently at the same register block. Signed-off-by: Julius Werner <jwerner@chromium.org> Signed-off-by: Evan Benn <evanbenn@chromium.org> Change-Id: I4844a3559d5c956a53a74a61dd5bc2956f0cce7b
-
- 20 Feb, 2020 9 commits
-
-
Varun Wadekar authored
There are chances a denial-of-service attack, if an attacker removes the SPE firmware from the system. The console driver would end up waiting for the firmware to respond indefinitely. The console driver must detect such scenarios and uninit the interface as a result. This patch adds a timeout to the interaction with the SPE firmware and uninits the interface if it times out. Change-Id: I06f27a858baed25711d41105b4110865f1a01727 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
Tegra210 SoCs need the sc7entry-fw to enter System Suspend mode, but there might be certain boards that do not have this firmware blob. To stop the NS world from issuing System suspend entry commands on such devices, we ned to disable System Suspend from the PSCI "features". This patch removes the System suspend handler from the Tegra PSCI ops, so that the framework will disable support for "System Suspend" from the PSCI "features". Original change by: kalyani chidambaram <kalyanic@nvidia.com> Change-Id: Ie029f82f55990a8b3a6debb73e95e0e218bfd1f5 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
Code complexity is a good indication of maintainability versus testability of a piece of software. ISO26262 introduces the following thresholds: complexity < 10 is accepted 10 <= complexity < 20 has to be justified complexity >= 20 cannot be accepted Rationale is that number of test cases to fully test a piece of software can (depending on the coverage metrics) grow exponentially with the number of branches in the software. This patch removes redundant conditionals from 'ipc_send_req_atomic' handler to reduce the McCabe Cyclomatic Complexity for this function Change-Id: I20fef79a771301e1c824aea72a45ff83f97591d5 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch provides platforms an opportunity to relocate the BL32 image, during cold boot. Tegra186 platforms, for example, relocate BL32 images to TZDRAM memory as the previous bootloader relies on BL31 to do so. Change-Id: Ibb864901e43aca5bf55d8c79e918b598c12e8a28 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
Code complexity is a good indication of maintainability versus testability of a piece of software. ISO26262 introduces the following thresholds: complexity < 10 is accepted 10 <= complexity < 20 has to be justified complexity >= 20 cannot be accepted Rationale is that number of test cases to fully test a piece of software can (depending on the coverage metrics) grow exponentially with the number of branches in the software. This patch removes redundant conditionals from 'bl31_early_platform_setup' handler to reduce the McCabe Cyclomatic Complexity for this function. Change-Id: Ifb628e33269b388f9323639cd97db761a7e049c4 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
kalyani chidambaram authored
This patch sets the "secure" bit to mark the PMC hardware block as accessible only from the secure world. This setting must be programmed during cold boot and System Resume. The sc7entry-fw, running on the COP, needs access to the PMC block to enter System Suspend state, so "unlock" the PMC block before passing control to the COP. Change-Id: I00e39a49ae6b9f8c8eafe0cf7ff63fe6a67fdccf Signed-off-by: kalyani chidambaram <kalyanic@nvidia.com>
-
Varun Wadekar authored
This patch modifies the delay timer driver to switch to the ARM secure physical timer instead of using Tegra's on-chip uS timer. The secure timer is not accessible to the NS world and so eliminates an important attack vector, where the Tegra timer source gets switched off from the NS world leading to a DoS attack for the trusted world. This timer is shared with the S-EL1 layer for now, but later patches will mark it as exclusive to the EL3 exception mode. Change-Id: I2c00f8cb4c48b25578971c626c314603906ad7cc Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch moves the MHZ_TICKS_PER_SEC macro to utils_def.h for other platforms to use. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com> Change-Id: I6c4dc733f548d73cfdb3515ec9ad89a9efaf4407
-
Pritesh Raithatha authored
This patch locks most of the stream id security config registers as per HW guidance. This patch keeps the stream id configs unlocked for the following clients, to allow some platforms to still function, until they make the transition to the latest guidance. - ISPRA - ISPFALR - ISPFALW - ISPWA - ISPWA1 - ISPWB - XUSB_DEVR - XUSB_DEVW - XUSB_HOSTR - XUSB_HOSTW - VIW - VIFALR - VIFALW Change-Id: I66192b228a0a237035938f498babc0325764d5df Signed-off-by: Pritesh Raithatha <praithatha@nvidia.com>
-