1. 24 Feb, 2020 4 commits
    • Sandrine Bailleux's avatar
      plat/arm: Provide some PROTK files for development · 32e26c06
      Sandrine Bailleux authored
      
      
      When using the new dualroot chain of trust, a new root of trust key is
      needed to authenticate the images belonging to the platform owner.
      Provide a development one to deploy this on Arm platforms.
      
      Change-Id: I481145e09aa564822d474cb47d38ec211dd24efd
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      32e26c06
    • Sandrine Bailleux's avatar
      Build system: Changes to drive cert_create for dualroot CoT · 53b985a0
      Sandrine Bailleux authored
      
      
      The build system needs to drive the cert_create tool in a slightly
      different manner when using the dualroot chain of trust.
      
       - It needs to pass it the platform root of trust key file.
      
       - It must not try to generate the Non-Trusted Firmware Key Certificate,
         which is not part of the dualroot CoT.
      
      Change-Id: Ibcc821c5735765523730f861ae8230208f41302b
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      53b985a0
    • Sandrine Bailleux's avatar
      cert_create: Define the dualroot CoT · a9d5c273
      Sandrine Bailleux authored
      
      
      Selection of the chain of trust is done through the COT build option:
      
      > make COT=dualroot
      
      Change-Id: Id87c7a5116bdd13bdb29645ecf31d111ad094c1e
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      a9d5c273
    • Sandrine Bailleux's avatar
      Introduce a new "dualroot" chain of trust · 5ab8b717
      Sandrine Bailleux authored
      
      
      This new chain of trust defines 2 independent signing domains:
      
      1) One for the silicon firmware (BL1, BL2, BL31) and optionally the
         Trusted OS. It is rooted in the Silicon ROTPK, just as in the TBBR
         CoT.
      
      2) One for the Normal World Bootloader (BL33). It is rooted in a new key
         called Platform ROTPK, or PROTPK for short.
      
      In terms of certificates chain,
      
      - Signing domain 1) is similar to what TBBR advocates (see page 21 of
        the TBBR specification), except that the Non-Trusted World Public Key
        has been removed from the Trusted Key Certificate.
      
      - Signing domain 2) only contains the Non-Trusted World Content
        certificate, which provides the hash of the Non-Trusted World
        Bootloader. Compared to the TBBR CoT, there's no Non-Trusted World
        Key certificate for simplicity.
      
      Change-Id: I62f1e952522d84470acc360cf5ee63e4c4b0b4d9
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      5ab8b717
  2. 21 Feb, 2020 5 commits
  3. 20 Feb, 2020 17 commits
    • Varun Wadekar's avatar
      Tegra: spe: uninit console on a timeout · 8a47fe43
      Varun Wadekar authored
      
      
      There are chances a denial-of-service attack, if an attacker
      removes the SPE firmware from the system. The console driver
      would end up waiting for the firmware to respond indefinitely.
      The console driver must detect such scenarios and uninit the
      interface as a result.
      
      This patch adds a timeout to the interaction with the SPE
      firmware and uninits the interface if it times out.
      
      Change-Id: I06f27a858baed25711d41105b4110865f1a01727
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      8a47fe43
    • Varun Wadekar's avatar
      Tegra: handler to check support for System Suspend · 5d52aea8
      Varun Wadekar authored
      
      
      Tegra210 SoCs need the sc7entry-fw to enter System Suspend mode,
      but there might be certain boards that do not have this firmware
      blob. To stop the NS world from issuing System suspend entry
      commands on such devices, we ned to disable System Suspend from
      the PSCI "features".
      
      This patch removes the System suspend handler from the Tegra PSCI
      ops, so that the framework will disable support for "System Suspend"
      from the PSCI "features".
      
      Original change by: kalyani chidambaram <kalyanic@nvidia.com>
      
      Change-Id: Ie029f82f55990a8b3a6debb73e95e0e218bfd1f5
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      5d52aea8
    • Varun Wadekar's avatar
      Tegra: bpmp_ipc: improve cyclomatic complexity · 21368290
      Varun Wadekar authored
      
      
      Code complexity is a good indication of maintainability versus
      testability of a piece of software.
      
      ISO26262 introduces the following thresholds:
      
          complexity < 10 is accepted
          10 <= complexity < 20 has to be justified
          complexity >= 20 cannot be accepted
      
      Rationale is that number of test cases to fully test a piece of
      software can (depending on the coverage metrics) grow exponentially
      with the number of branches in the software.
      
      This patch removes redundant conditionals from 'ipc_send_req_atomic'
      handler to reduce the McCabe Cyclomatic Complexity for this function
      
      Change-Id: I20fef79a771301e1c824aea72a45ff83f97591d5
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      21368290
    • Varun Wadekar's avatar
      Tegra: platform handler to relocate BL32 image · 6f47acdb
      Varun Wadekar authored
      
      
      This patch provides platforms an opportunity to relocate the
      BL32 image, during cold boot. Tegra186 platforms, for example,
      relocate BL32 images to TZDRAM memory as the previous bootloader
      relies on BL31 to do so.
      
      Change-Id: Ibb864901e43aca5bf55d8c79e918b598c12e8a28
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      6f47acdb
    • Varun Wadekar's avatar
      Tegra: common: improve cyclomatic complexity · ee21281a
      Varun Wadekar authored
      
      
      Code complexity is a good indication of maintainability versus
      testability of a piece of software.
      
      ISO26262 introduces the following thresholds:
      
          complexity < 10 is accepted
          10 <= complexity < 20 has to be justified
          complexity >= 20 cannot be accepted
      
      Rationale is that number of test cases to fully test a piece of
      software can (depending on the coverage metrics) grow exponentially
      with the number of branches in the software.
      
      This patch removes redundant conditionals from 'bl31_early_platform_setup'
      handler to reduce the McCabe Cyclomatic Complexity for this function.
      
      Change-Id: Ifb628e33269b388f9323639cd97db761a7e049c4
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      ee21281a
    • kalyani chidambaram's avatar
      Tegra210: secure PMC hardware block · 37f76024
      kalyani chidambaram authored
      
      
      This patch sets the "secure" bit to mark the PMC hardware block
      as accessible only from the secure world. This setting must be
      programmed during cold boot and System Resume.
      
      The sc7entry-fw, running on the COP, needs access to the PMC block
      to enter System Suspend state, so "unlock" the PMC block before
      passing control to the COP.
      
      Change-Id: I00e39a49ae6b9f8c8eafe0cf7ff63fe6a67fdccf
      Signed-off-by: default avatarkalyani chidambaram <kalyanic@nvidia.com>
      37f76024
    • Varun Wadekar's avatar
      Tegra: delay_timer: support for physical secure timer · dd4f0885
      Varun Wadekar authored
      
      
      This patch modifies the delay timer driver to switch to the ARM
      secure physical timer instead of using Tegra's on-chip uS timer.
      
      The secure timer is not accessible to the NS world and so eliminates
      an important attack vector, where the Tegra timer source gets switched
      off from the NS world leading to a DoS attack for the trusted world.
      
      This timer is shared with the S-EL1 layer for now, but later patches
      will mark it as exclusive to the EL3 exception mode.
      
      Change-Id: I2c00f8cb4c48b25578971c626c314603906ad7cc
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      dd4f0885
    • Varun Wadekar's avatar
      include: move MHZ_TICKS_PER_SEC to utils_def.h · d4b29105
      Varun Wadekar authored
      
      
      This patch moves the MHZ_TICKS_PER_SEC macro to utils_def.h
      for other platforms to use.
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      Change-Id: I6c4dc733f548d73cfdb3515ec9ad89a9efaf4407
      d4b29105
    • Pritesh Raithatha's avatar
      Tegra194: memctrl: lock mc stream id security config · 56e7d6a7
      Pritesh Raithatha authored
      
      
      This patch locks most of the stream id security config registers as
      per HW guidance.
      
      This patch keeps the stream id configs unlocked for the following
      clients, to allow some platforms to still function, until they make
      the transition to the latest guidance.
      
      - ISPRA
      - ISPFALR
      - ISPFALW
      - ISPWA
      - ISPWA1
      - ISPWB
      - XUSB_DEVR
      - XUSB_DEVW
      - XUSB_HOSTR
      - XUSB_HOSTW
      - VIW
      - VIFALR
      - VIFALW
      
      Change-Id: I66192b228a0a237035938f498babc0325764d5df
      Signed-off-by: default avatarPritesh Raithatha <praithatha@nvidia.com>
      56e7d6a7
    • kalyani chidambaram's avatar
      Tegra210: resume PMC hardware block for all platforms · 3414bad8
      kalyani chidambaram authored
      
      
      The PMC hardware block resume handler was called for Tegra210
      platforms, only if the sc7entry-fw was present on the device.
      This would cause problems for devices that do not support this
      firmware.
      
      This patch fixes this logic and resumes the PMC block even if
      the sc7entry-fw is not present on the device.
      
      Change-Id: I6f0eb7878126f624ea98392f583ed45a231d27db
      Signed-off-by: default avatarKalyani Chidambaram <kalyanic@nvidia.com>
      3414bad8
    • Varun Wadekar's avatar
      Tegra: macro for legacy WDT FIQ handling · b20a8b92
      Varun Wadekar authored
      
      
      This patch adds the macro to enable legacy FIQ handling to the common
      Tegra makefile. The default value of this macro is '0'. Platforms that
      need this support should enable it from their makefiles.
      
      This patch also helps fix violation of Rule 20.9.
      
      Rule 20.9 "All identifiers used in the controlling expression of #if
                 of #elif preprocessing directives shall be #define'd before
                 evaluation"
      
      Change-Id: I4f0c9917c044b5b1967fb5e79542cd3bf6e91f18
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      b20a8b92
    • Varun Wadekar's avatar
      Tegra186: enable higher performance non-cacheable load forwarding · 103ea3f4
      Varun Wadekar authored
      
      
      This patch enables higher performance non-cacheable load forwarding for
      Tegra186 platforms.
      
      Change-Id: Ifceb304bfbd805f415bb6205c9679602ecb47b53
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      103ea3f4
    • Varun Wadekar's avatar
      Tegra210: enable higher performance non-cacheable load forwarding · 8baa16f8
      Varun Wadekar authored
      
      
      This patch enables higher performance non-cacheable load forwarding for
      Tegra210 platforms.
      
      Change-Id: I11d0ffc09aca97d37386f283f2fbd2483d51fd28
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      8baa16f8
    • Varun Wadekar's avatar
      cpus: higher performance non-cacheable load forwarding · cd0ea184
      Varun Wadekar authored
      
      
      The CPUACTLR_EL1 register on Cortex-A57 CPUs supports a bit to enable
      non-cacheable streaming enhancement. Platforms can set this bit only
      if their memory system meets the requirement that cache line fill
      requests from the Cortex-A57 processor are atomic.
      
      This patch adds support to enable higher performance non-cacheable load
      forwarding for such platforms. Platforms must enable this support by
      setting the 'A57_ENABLE_NONCACHEABLE_LOAD_FWD' flag from their
      makefiles. This flag is disabled by default.
      
      Change-Id: Ib27e55dd68d11a50962c0bbc5b89072208b4bac5
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      cd0ea184
    • Manish V Badarkhe's avatar
      Use consistent SMCCC error code · af10d224
      Manish V Badarkhe authored
      
      
      Removed duplicate error code present for SMCCC and used
      proper error code for "SMCCC_ARCH_WORKAROUND_2" call.
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      Change-Id: I76fc7c88095f78a7e2c3d205838f8eaf3132ed5c
      af10d224
    • Sandrine Bailleux's avatar
    • Abdul Halim, Muhammad Hadi Asyrafi's avatar
      intel: Fix Coverity Scan Defects · a62b47b8
      Abdul Halim, Muhammad Hadi Asyrafi authored
      
      
      Fix mailbox driver incompatible cast bug and control flow issue that
      was flagged by Coverity Scan.
      Signed-off-by: default avatarAbdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
      Change-Id: I3f34e98d24e40139d31cf7d5b9b973cd2d981065
      a62b47b8
  4. 19 Feb, 2020 5 commits
  5. 18 Feb, 2020 9 commits