- 24 Jun, 2020 2 commits
-
-
Louis Mayencourt authored
fw_config image is authenticated using secure boot framework by adding it into the single root and dual root chain of trust. The COT for fw_config image looks as below: +------------------+ +-------------------+ | ROTPK/ROTPK Hash |------>| Trusted Boot fw | +------------------+ | Certificate | | (Auth Image) | /+-------------------+ / | / | / | / | L v +------------------+ +-------------------+ | fw_config hash |------>| fw_config | | | | (Data Image) | +------------------+ +-------------------+ Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com> Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I08fc8ee95c29a95bb140c807dd06e772474c7367
-
Manish V Badarkhe authored
Moved BL2 configuration nodes from fw_config to newly created tb_fw_config device tree. fw_config device tree's main usage is to hold properties shared across all BLx images. An example is the "dtb-registry" node, which contains the information about the other device tree configurations (load-address, size). Also, Updated load-address of tb_fw_config which is now located after fw_config in SRAM. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: Ic398c86a4d822dacd55b5e25fd41d4fe3888d79a
-
- 17 Jun, 2020 1 commit
-
-
Manish V Badarkhe authored
Load address of tb_fw_config is incorrectly mentioned in below device trees: 1. rdn1edge_fw_config.dts 2. tc0_fw_config.dts Till now, tb_fw_config load-address is not being retrieved from device tree and hence never exeprienced any issue for tc0 and rdn1edge platform. For tc0 and rdn1edge platform, Load-address of tb_fw_config should be the SRAM base address + 0x300 (size of fw_config device tree) Hence updated these platform's fw_config.dts accordingly to reflect this load address change. Change-Id: I2ef8b05d49be10767db31384329f516df11ca817 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
-
- 09 Jun, 2020 3 commits
-
-
Madhukar Pappireddy authored
Using the fconf framework, the Group 0 and Group 1 secure interrupt descriptors are moved to device tree and retrieved in runtime. This feature is enabled by the build flag SEC_INT_DESC_IN_FCONF. Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
Andre Przywara authored
The only difference between GIC-500 and GIC-600 relevant to TF-A is the differing power management sequence. A certain GIC implementation is detectable at runtime, for instance by checking the IIDR register. Let's add that test before initiating the GIC-600 specific sequence, so the code can be used on both GIC-600 and GIC-500 chips alike, without deciding on a GIC chip at compile time. This means that the GIC-500 "driver" is now redundant. To allow minimal platform support, add a switch to disable GIC-600 support. Change-Id: I17ea97d9fb05874772ebaa13e6678b4ba3415557 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Manish Pandey authored
A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP) owned Secure Partitions(SP). A similar support for Platform owned SP can be added in future. The certificate is also protected against anti- rollback using the trusted Non-Volatile counter. To avoid deviating from TBBR spec, support for SP CoT is only provided in dualroot. Secure Partition content certificate is assigned image ID 31 and SP images follows after it. The CoT for secure partition look like below. +------------------+ +-------------------+ | ROTPK/ROTPK Hash |------>| Trusted Key | +------------------+ | Certificate | | (Auth Image) | /+-------------------+ / | / | / | / | L v +------------------+ +-------------------+ | Trusted World |------>| SiP owned SPs | | Public Key | | Content Cert | +------------------+ | (Auth Image) | / +-------------------+ / | / v| +------------------+ L +-------------------+ | SP_PKG1 Hash |------>| SP_PKG1 | | | | (Data Image) | +------------------+ +-------------------+ . . . . . . +------------------+ +-------------------+ | SP_PKG8 Hash |------>| SP_PKG8 | | | | (Data Image) | +------------------+ +-------------------+ Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ia31546bac1327a3e0b5d37e8b99c808442d5e53f
-
- 08 Jun, 2020 1 commit
-
-
Manish Pandey authored
As per "include/export/README", TF-A code should never include export headers directly. Instead, it should include a wrapper header that ensures the export header is included in the right manner. "tbbr_img_def_exp.h" is directly included in TF-A code, this patch replaces it with its wrapper header "tbbr_img_def.h". Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: I31c1a42e6a7bcac4c396bb17e8548567ecd8147d
-
- 01 Jun, 2020 1 commit
-
-
Jimmy Brisson authored
This should allow git to easily track file moves Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com> Change-Id: I1592cf39a4f94209c560dc6d1a8bc1bfb21d8327
-
- 27 May, 2020 2 commits
-
-
Usama Arif authored
This patch adds support for Total Compute (TC0) platform. It is an initial port and additional features are expected to be added later. TC0 has a SCP which brings the primary Cortex-A out of reset which starts executing BL1. TF-A optionally authenticates the SCP ram-fw available in FIP and makes it available for SCP to copy. Some of the major features included and tested in this platform port include TBBR, PSCI, MHUv2 and DVFS. Change-Id: I1675e9d200ca7687c215009eef483d9b3ee764ef Signed-off-by: Usama Arif <usama.arif@arm.com>
-
Manish V Badarkhe authored
Fixed build error for dualroot chain of trust. Build error were thrown as below while compiling the code for dualroot chain of trust: aarch64-none-elf-ld.bfd: ./build/fvp/debug/bl1/tbbr_cot_bl1.o: (.bss.auth_img_flags+0x0): multiple definition of `auth_img_flags'; ./build/fvp/debug/bl1/cot.o:(.bss.auth_img_flags+0x0): first defined here aarch64-none-elf-ld.bfd: ./build/fvp/debug/bl1/tbbr_cot_bl1.o: (.rodata.cot_desc_size+0x0): multiple definition of `cot_desc_size'; ./build/fvp/debug/bl1/cot.o:(.rodata.cot_desc_size+0x0): first defined here aarch64-none-elf-ld.bfd: ./build/fvp/debug/bl1/tbbr_cot_bl1.o: (.rodata.cot_desc_ptr+0x0): multiple definition of `cot_desc_ptr'; ./build/fvp/debug/bl1/cot.o:(.rodata.cot_desc_ptr+0x0): first defined here Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I1a426c4e7f5f8013d71dafc176c7467c1b329757
-
- 25 May, 2020 1 commit
-
-
J-Alves authored
SPCI is renamed as PSA FF-A which stands for Platform Security Architecture Firmware Framework for A class processors. This patch replaces the occurrence of SPCI with PSA FF-A(in documents) or simply FFA(in code). Change-Id: I4ab10adb9ffeef1ff784641dfafd99f515133760 Signed-off-by: J-Alves <joao.alves@arm.com>
-
- 21 May, 2020 2 commits
-
-
Madhukar Pappireddy authored
We query the UART base address and clk frequency in runtime using fconf getter APIs. Change-Id: I5f4e84953be5f384472bf90720b706d45cb86260 Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
Madhukar Pappireddy authored
This patch introduces the populate function which leverages a new driver to extract base address and clk frequency properties of the uart serial node from HW_CONFIG device tree. This patch also introduces fdt helper API fdtw_translate_address() which helps in performing address translation. Change-Id: I053628065ebddbde0c9cb3aa93d838619f502ee3 Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 19 May, 2020 2 commits
-
-
laurenw-arm authored
Query the GICD and GICR base addresses in runtime using fconf getter APIs. Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Change-Id: I309fb2874f3329ddeb8677ddb53ed4c02199a1e9
-
Manish V Badarkhe authored
CoT used for BL1 and BL2 are moved to tbbr_cot_bl1.c and tbbr_cot_bl2.c respectively. Common CoT used across BL1 and BL2 are moved to tbbr_cot_common.c. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I2252ac8a6960b3431bcaafdb3ea4fb2d01b79cf5
-
- 15 May, 2020 1 commit
-
-
Balint Dobszay authored
This patch introduces dynamic configuration for SDEI setup and is supported when the new build flag SDEI_IN_FCONF is enabled. Instead of using C arrays and processing the configuration at compile time, the config is moved to dts files. It will be retrieved at runtime during SDEI init, using the fconf layer. Change-Id: If5c35a7517ba00a9f258d7f3e7c8c20cee169a31 Signed-off-by: Balint Dobszay <balint.dobszay@arm.com> Co-authored-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 05 May, 2020 6 commits
-
-
Andre Przywara authored
The arm_fpga port requires a DTB, to launch a BL33 payload. To make this port more flexible, we can also use the information in the DT to configure the console driver. For a start, find the DT node pointed to by the stdout-path property, and read the base address from there. This assumes for now that the stdout-path points to a PL011 UART. This allows to remove platform specific addresses from the image. We keep the original base address for the crash console. Change-Id: I46a990de2315f81cae4d7913ae99a07b0bec5cb1 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Andre Przywara authored
Since we use a DTB with all platform information to pass this on to a kernel loaded as BL33, we can as well make use of it for our own purposes. Every DT would contain a node for the GIC(v3) interrupt controller, so we can read the base address for the distributor and redistributors from there. This avoids hard coding this information in the code and allows for a more flexible binary. Change-Id: Ic530e223a21a45bc30a07a21048116d5af69e972 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Andre Przywara authored
The stdout-path property in the /chosen node of a DTB points to a device node, which is used for boot console output. On most (if not all) ARM based platforms this is the debug UART. The ST platform code contains a function to parse this property and chase down eventual aliases to learn the node offset of this UART node. Introduce a slightly more generalised version of this ST platform function in the generic fdt_wrappers code. This will be useful for other platforms as well. Change-Id: Ie6da47ace7833861b5e35fe8cba49835db3659a5 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Andre Przywara authored
The ARM Generic Timer DT binding describes an (optional) property to declare the counter frequency. Its usage is normally discouraged, as the value should be read from the CNTFRQ_EL0 system register. However in our case we can use it to program this register in the first place, which avoids us to hard code a counter frequency into the code. We keep some default value in, if the DT lacks that property for whatever reason. Change-Id: I5b71176db413f904f21eb16f3302fbb799cb0305 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Andre Przywara authored
The STM32 platform port parse DT nodes to find base address to peripherals. It does this by using its own implementation, even though this functionality is generic and actually widely useful outside of the STM32 code. Re-implement fdt_get_reg_props_by_name() on top of the newly introduced fdt_get_reg_props_by_index() function, and move it to fdt_wrapper.c. This is removes the assumption that #address-cells and #size-cells are always one. Change-Id: I6d584930262c732b6e0356d98aea50b2654f789d Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Andre Przywara authored
The SCP firmware on the ARM FPGA initialises the UART already. This allows us to treat the PL011 as an SBSA Generic UART, which does not require any further setup. This in particular removes the need for any baudrate and base clock related settings to be hard coded into the BL31 image. Change-Id: I16fc943526267356b97166a7068459e06ff77f0f Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
- 30 Apr, 2020 2 commits
-
-
Andre Przywara authored
At the moment the fconf_populate_gicv3_config() implementation is somewhat incomplete: First it actually fails to store the retrieved information (the local addr[] array is going nowhere), but also it makes quite some assumptions about the device tree passed to it: it needs to use two address-cells and two size-cells, and also requires all five register regions to be specified, where actually only the first two are mandatory according to the binding (and needed by our code). Fix this by introducing a proper generic function to retrieve "reg" property information from a DT node: We retrieve the #address-cells and #size-cells properties from the parent node, then use those to extract the right values from the "reg" property. The function takes an index to select one region of a reg property. This is loosely based on the STM32 implementation using "reg-names", which we will subsume in a follow-up patch. Change-Id: Ia59bfdf80aea4e36876c7b6ed4d153e303f482e8 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Louis Mayencourt authored
Dynamic configuration properties are fconf properties. Modify the compatible string from "arm,.." to "fconf,.." to reflect this. Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com> Change-Id: I85eb75cf877c5f4d3feea3936d4c348ca843bc6c
-
- 29 Apr, 2020 1 commit
-
-
Andre Przywara authored
Our fdtw_read_cells() implementation goes to great lengths to sanity-check every parameter and result, but leaves a big hole open: The size of the storage the value pointer points at needs to match the number of cells given. This can't be easily checked at compile time, since we lose the size information by using a void pointer. Regardless the current usage of this function is somewhat wrong anyways, since we use it on single-element, fixed-length properties only, for which the DT binding specifies the size. Typically we use those functions dealing with a number of cells in DT context to deal with *dynamically* sized properties, which depend on other properties (#size-cells, #clock-cells, ...), to specify the number of cells needed. Another problem with the current implementation is the use of ambiguously sized types (uintptr_t, size_t) together with a certain expectation about their size. In general there is no relation between the length of a DT property and the bitness of the code that parses the DTB: AArch64 code could encounter 32-bit addresses (where the physical address space is limited to 4GB [1]), while AArch32 code could read 64-bit sized properties (/memory nodes on LPAE systems, [2]). To make this more clear, fix the potential issues and also align more with other DT users (Linux and U-Boot), introduce functions to explicitly read uint32 and uint64 properties. As the other DT consumers, we do this based on the generic "read array" function. Convert all users to use either of those two new functions, and make sure we never use a pointer to anything other than uint32_t or uint64_t variables directly. This reveals (and fixes) a bug in plat_spmd_manifest.c, where we write 4 bytes into a uint16_t variable (passed via a void pointer). Also we change the implementation of the function to better align with other libfdt users, by using the right types (fdt32_t) and common variable names (*prop, prop_names). [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi#n874 [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/boot/dts/ecx-2000.dts Change-Id: I718de960515117ac7a3331a1b177d2ec224a3890 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
- 28 Apr, 2020 1 commit
-
-
Andre Przywara authored
Currently our fdtw_read_array() implementation requires the length of the property to exactly match the requested size, which makes it less flexible for parsing generic device trees. Also the name is slightly misleading, since we treat the cells of the array as 32 bit unsigned integers, performing the endianess conversion. To fix those issues and align the code more with other DT users (Linux kernel or U-Boot), rename the function to "fdt_read_uint32_array", and relax the length check to only check if the property covers at least the number of cells we request. This also changes the variable names to be more in-line with other DT users, and switches to the proper data types. This makes this function more useful in later patches. Change-Id: Id86f4f588ffcb5106d4476763ecdfe35a735fa6c Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
- 23 Apr, 2020 2 commits
-
-
Louis Mayencourt authored
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com> Change-Id: Ib39e53eb53521b8651fb30b7bf0058f7669569d5
-
Aditya Angadi authored
RD-Daniel Config-XLR platform has four identical chips connected via a high speed coherent CCIX link. Each chip has four Neoverse cores connected via coherent CMN interconnect. Change-Id: I37d1b91f2b6ba08f61c64d0288bc16a429836c08 Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
-
- 17 Apr, 2020 1 commit
-
-
Chris Kay authored
This commit fixes an assertion that was triggering in certain contexts: ERROR: mmap_add_region_check() failed. error -22 ASSERT: lib/xlat_tables_v2/xlat_tables_core.c:790 Change-Id: Ia55b3fb4f496c8cd791ea6093d122edae0a7e92a Signed-off-by: Chris Kay <chris.kay@arm.com> Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 15 Apr, 2020 1 commit
-
-
Madhukar Pappireddy authored
By writing 0 to CLUSTERPWRDN DSU register bit 0, we send an advisory to the power controller that cluster power is not required when all cores are powered down. The AArch32 CLUSTERPWRDN register is architecturally mapped to the AArch64 CLUSTERPWRDN_EL1 register Change-Id: Ie6e67c1c7d811fa25c51e2e405ca7f59bd20c81b Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 14 Apr, 2020 1 commit
-
-
Aditya Angadi authored
A single chip platform requires five mmap entries and a corresponding number of translation tables. For every additional chip in the system, three additional mmap entries are required to map the shared SRAM and the IO regions. A corresponding number of additional translation tables are required as well. Change-Id: I1332a1305f2af62181387cf36954f6fb0e6f11ed Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
-
- 09 Apr, 2020 1 commit
-
-
Andre Przywara authored
The arm_fpga platform code contains an dubious line to initialise some timer. On closer inspection this turn out to be bogus, as this was only needed on some special (older) FPGA board, and is actually not needed on the current model. Also the base address was wrong anyways. Remove the code entirely. Change-Id: I02e71aea645051b5addb42d972d7a79f04b81106 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
- 07 Apr, 2020 3 commits
-
-
Vijayenthiran Subramaniam authored
RD-Daniel uses GIC-Clayton as its interrupt controller which is an implementation of GICv4.1 architecture. Hence for RD-Daniel, enable GICv4 extension support. Change-Id: I45ae8c82376f8fe8fc0666306822ae2db74e71b8 Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
-
Alexei Fedorov authored
This patch adds support for GICv4 extension for FVP platform. Change-Id: Ia389b61266af669b1ca9b999a8b76476cab214f4 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
Manish V Badarkhe authored
Increased the maximum size of BL2 image in order to accommodate the BL2 image when TF-A build with no compiler optimization for ARM platform. Note: As of now, "no compiler optimization" build works only when TRUSTED_BOOT_BOARD option is set to 0. This change is verified using below CI configuration: 1. juno-no-optimize-default:juno-linux.uboot 2. fvp-no-optimize-default,fvp-default:fvp-tftf-fip.tftf-aemv8a-debug Change-Id: I5932621237f8acd1b510682388f3ba78eae90ea4 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
-
- 03 Apr, 2020 1 commit
-
-
Manish Pandey authored
with commit a6ea06f5 , the way platform includes gicv3 files has been modified, this patch adapts to new method of including gicv3 files for arm_fpga platform. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ic5ccae842b39b7db06d4f23c5738b174c42edf63
-
- 02 Apr, 2020 3 commits
-
-
Sandrine Bailleux authored
The platform io policies array is now always accessed through a fconf getter. This gives us an ideal spot to check for out-of-bound accesses. Remove the assertion in plat_get_image_source(), which is now redundant. Change-Id: Iefe808d530229073b68cbd164d927b8b6662a217 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Javier Almansa Sobrino authored
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com> Change-Id: I397b642eff8a09b201f497f8d2ba39e2460c0dba
-
Masahiro Yamada authored
As GCC manual says, -D option defines a macro as 1, if =<value> is omitted. -D <name> Predefine <name> as a macro, with definition 1. The same applied with Clang, too. In the context of -D option, =1 is always redundant. Change-Id: I487489a1ea3eb51e734741619c1e65dab1420bc4 Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-
- 31 Mar, 2020 1 commit
-
-
Masahiro Yamada authored
-D is a preprocessor flag that defines a macro. So, adding it to BL*_CPPFLAGS makes more sense. You can reference it not only from .c files but also from .S files. Change-Id: Ib4f2f27a3ed3eae476a6a32da7ab5225ad0649de Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-