1. 22 Jul, 2021 1 commit
    • Abdellatif El Khlifi's avatar
      feat: adding the diphda platform · bf3ce993
      Abdellatif El Khlifi authored
      
      
      This commit enables trusted-firmware-a with Trusted Board Boot support
      for the Diphda 64-bit platform.
      
      Diphda uses a FIP image located in the flash. The FIP contains the
      following components:
      
      - BL2
      - BL31
      - BL32
      - BL32 SPMC manifest
      - BL33
      - The TBB certificates
      
      The board boot relies on CoT (chain of trust). The trusted-firmware-a
      BL2 is extracted from the FIP and verified by the Secure Enclave
      processor. BL2 verification relies on the signature area at the
      beginning of the BL2 image. This area is needed by the SecureEnclave
      bootloader.
      
      Then, the application processor is released from reset and starts by
      executing BL2.
      
      BL2 performs the actions described in the trusted-firmware-a TBB design
      document.
      Signed-off-by: default avatarRui Miguel Silva <rui.silva@arm.com>
      Signed-off-by: default avatarAbdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
      Change-Id: Iddb1cb9c2a0324a9635e23821c210ac81dfc305d
      bf3ce993
  2. 29 Jun, 2021 1 commit
  3. 01 Jun, 2021 1 commit
    • Manoj Kumar's avatar
      fix(morello): initialise CNTFRQ in Non Secure CNTBaseN · 7f2d23d9
      Manoj Kumar authored
      
      
      Morello exhibits the behavior similar to Juno wherein CNTBaseN.CNTFRQ
      can be written but does not reflect the value of the CNTFRQ register
      in CNTCTLBase frame. This doesn't follow ARM ARM in that the value
      updated in CNTCTLBase.CNTFRQ is not reflected in CNTBaseN.CNTFRQ.
      
      Hence enable the workaround (applied to Juno) for Morello that updates
      the CNTFRQ register in the Non Secure CNTBaseN frame.
      
      Change-Id: Iabe53bf3c25152052107e08321323e4bde5fbef4
      Signed-off-by: default avatarManoj Kumar <manoj.kumar3@arm.com>
      7f2d23d9
  4. 19 May, 2021 1 commit
    • Manish V Badarkhe's avatar
      feat(hw_crc): add support for HW computed CRC · a1cedadf
      Manish V Badarkhe authored
      
      
      Added support for HW computed CRC using Arm ACLE intrinsics.
      These are built-in intrinsics available for ARMv8.1-A, and
      onwards.
      These intrinsics are enabled via '-march=armv8-a+crc' compile
      switch for ARMv8-A (supports CRC instructions optionally).
      
      HW CRC support is enabled unconditionally in BL2 for all Arm
      platforms.
      
      HW CRC calculation is verified offline to ensure a similar
      result as its respective ZLib utility function.
      
      HW CRC calculation support will be used in the upcoming
      firmware update patches.
      
      Change-Id: Ia2ae801f62d2003e89a9c3e6d77469b5312614b3
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      a1cedadf
  5. 29 Apr, 2021 1 commit
  6. 28 Apr, 2021 2 commits
    • David Horstmann's avatar
      refactor(plat/arm): store UUID as a string, rather than ints · 7d111d99
      David Horstmann authored
      
      
      NOTE: Breaking change to the way UUIDs are stored in the DT
      
      Currently, UUIDs are stored in the device tree as
      sequences of 4 integers. There is a mismatch in endianness
      between the way UUIDs are represented in memory and the way
      they are parsed from the device tree. As a result, we must either
      store the UUIDs in little-endian format in the DT (which means
      that they do not match up with their string representations)
      or perform endianness conversion after parsing them.
      
      Currently, TF-A chooses the second option, with unwieldy
      endianness-conversion taking place after reading a UUID.
      
      To fix this problem, and to make it convenient to copy and
      paste UUIDs from other tools, change to store UUIDs in string
      format, using a new wrapper function to parse them from the
      device tree.
      
      Change-Id: I38bd63c907be14e412f03ef0aab9dcabfba0eaa0
      Signed-off-by: default avatarDavid Horstmann <david.horstmann@arm.com>
      7d111d99
    • Manish V Badarkhe's avatar
      refactor(plat/arm): replace FIP base and size macro with a generic name · 49e9ac28
      Manish V Badarkhe authored
      
      
      Replaced PLAT_ARM_FIP_BASE and PLAT_ARM_FIP_MAX_SIZE macro with a
      generic name PLAT_ARM_FLASH_IMAGE_BASE and PLAT_ARM_FLASH_IMAGE_MAX_SIZE
      so that these macros can be reused in the subsequent GPT based support
      changes.
      
      Change-Id: I88fdbd53e1966578af4f1e8e9d5fef42c27b1173
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      49e9ac28
  7. 26 Apr, 2021 1 commit
  8. 20 Apr, 2021 1 commit
    • Mikael Olsson's avatar
      Add SiP service to configure Arm Ethos-N NPU · 76a21174
      Mikael Olsson authored
      
      
      By default the Arm Ethos-N NPU will boot up in secure mode. In this mode
      the non-secure world cannot access the registers needed to use the NPU.
      To still allow the non-secure world to use the NPU, a SiP service has
      been added that can delegate non-secure access to the registers needed
      to use it.
      
      Only the HW_CONFIG for the Arm Juno platform has been updated to include
      the device tree for the NPU and the platform currently only loads the
      HW_CONFIG in AArch64 builds.
      Signed-off-by: default avatarMikael Olsson <mikael.olsson@arm.com>
      Change-Id: I65dfd864042ed43faae0a259dcf319cbadb5f3d2
      76a21174
  9. 09 Apr, 2021 1 commit
    • Manish Pandey's avatar
      plat/arm: don't provide NT_FW_CONFIG when booting hafnium · 2b6fc535
      Manish Pandey authored
      
      
      NT_FW_CONFIG file is meant to be passed from BL31 to be consumed by
      BL33, fvp platforms use this to pass measured boot configuration and
      the x0 register is used to pass the base address of it.
      
      In case of hafnium used as hypervisor in normal world, hypervisor
      manifest is expected to be passed from BL31 and its base address is
      passed in x0 register.
      
      As only one of NT_FW_CONFIG or hypervisor manifest base address can be
      passed in x0 register and also measured boot is not required for SPM so
      disable passing NT_FW_CONFIG.
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: Ifad9d3658f55ba7d70f468a88997d5272339e53e
      2b6fc535
  10. 06 Apr, 2021 2 commits
    • Heyi Guo's avatar
      plat/arm/arm_image_load: refine plat_add_sp_images_load_info · abe6ce1d
      Heyi Guo authored
      
      
      Refine the function plat_add_sp_images_load_info() by saving the
      previous node and only setting its next link when the current node is
      valid. This can reduce the check for the next node and simply the
      total logic.
      Signed-off-by: default avatarHeyi Guo <guoheyi@linux.alibaba.com>
      Change-Id: I4061428bf49ef0c3816ac22aaeb2e50315531f88
      abe6ce1d
    • Heyi Guo's avatar
      plat/arm/arm_image_load: fix bug of overriding the last node · 47fe4c4f
      Heyi Guo authored
      
      
      The traverse flow in function plat_add_sp_images_load_info() will find
      the last node in the main load info list, with its
      next_load_info==NULL. However this node is still useful and should not
      be overridden with SP node info.
      
      The bug will cause below error on RDN2 for spmd enabled:
      
      ERROR:   Invalid NT_FW_CONFIG DTB passed
      
      Fix the bug by only setting the next_load_info of the last node in the
      original main node list.
      Signed-off-by: default avatarHeyi Guo <guoheyi@linux.alibaba.com>
      Change-Id: Icaee5da1f2d53b29fdd6085a8cc507446186fd57
      47fe4c4f
  11. 09 Feb, 2021 2 commits
    • Andre Przywara's avatar
      plat/arm: Remove ARM_LINUX_KERNEL_AS_BL33 relying on RESET_TO_BL31 · e27340a7
      Andre Przywara authored
      
      
      So far the ARM platform Makefile would require that RESET_TO_BL31 is set
      when we ask for the ARM_LINUX_KERNEL_AS_BL33 feature.
      There is no real technical reason for that, and the one place in the
      code where this was needed has been fixed.
      
      Remove the requirement of those two options to be always enabled
      together.
      This enables the direct kernel boot feature for the Foundation FVP
      (as described in the documentation), which requires a BL1/FIP
      combination to boot, so cannot use RESET_TO_BL31.
      
      Change-Id: I6814797b6431b6614d684bab3c5830bfd9481851
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      e27340a7
    • Andre Przywara's avatar
      plat/arm: Always allow ARM_LINUX_KERNEL_AS_BL33 · c99b8c89
      Andre Przywara authored
      
      
      At the moment we have the somewhat artifical limitation of
      ARM_LINUX_KERNEL_AS_BL33 only being used together with RESET_TO_BL31.
      
      However there does not seem to be a good technical reason for that,
      it was probably just to differentate between two different boot flows.
      
      Move the initial register setup for ARM_LINUX_KERNEL_AS_BL33 out of the
      RESET_TO_BL31 #ifdef, so that we initialise the registers in any case.
      
      This allows to use a preloaded kernel image when using BL1 and FIP.
      
      Change-Id: I832df272d3829f077661f4ee6d3dd9a276a0118f
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      c99b8c89
  12. 28 Oct, 2020 1 commit
    • David Horstmann's avatar
      Use constant stack size with RECLAIM_INIT_CODE · 3ed5606b
      David Horstmann authored
      
      
      Currently, when RECLAIM_INIT_CODE is set, the
      stacks are scaled to ensure that the entirety
      of the init section can be reclaimed as stack.
      
      This causes an issue in lib/psci/aarch64/psci_helpers.S,
      where the stack size is used for cache operations in
      psci_do_pwrdown_cache_maintenance(). If the stacks
      are scaled, then the PSCI code may fail to invalidate
      some of the stack memory before power down.
      
      Resizing stacks is also not good for stability in general,
      since code that works with a small number of cores may
      overflow the stack when the number of cores is increased.
      
      Change to make every stack be PLATFORM_STACK_SIZE big,
      and allow the total stack to be smaller than the
      init section.
      
      Any pages of the init section not reclaimed as
      stack will be set to read-only and execute-never,
      for security.
      
      Change-Id: I10b3884981006431f2fcbec3864c81d4a8c246e8
      Signed-off-by: default avatarDavid Horstmann <david.horstmann@arm.com>
      3ed5606b
  13. 12 Oct, 2020 1 commit
    • Jimmy Brisson's avatar
      Increase type widths to satisfy width requirements · d7b5f408
      Jimmy Brisson authored
      
      
      Usually, C has no problem up-converting types to larger bit sizes. MISRA
      rule 10.7 requires that you not do this, or be very explicit about this.
      This resolves the following required rule:
      
          bl1/aarch64/bl1_context_mgmt.c:81:[MISRA C-2012 Rule 10.7 (required)]<None>
          The width of the composite expression "0U | ((mode & 3U) << 2U) | 1U |
          0x3c0U" (32 bits) is less that the right hand operand
          "18446744073709547519ULL" (64 bits).
      
      This also resolves MISRA defects such as:
      
          bl2/aarch64/bl2arch_setup.c:18:[MISRA C-2012 Rule 12.2 (required)]
          In the expression "3U << 20", shifting more than 7 bits, the number
          of bits in the essential type of the left expression, "3U", is
          not allowed.
      
      Further, MISRA requires that all shifts don't overflow. The definition of
      PAGE_SIZE was (1U << 12), and 1U is 8 bits. This caused about 50 issues.
      This fixes the violation by changing the definition to 1UL << 12. Since
      this uses 32bits, it should not create any issues for aarch32.
      
      This patch also contains a fix for a build failure in the sun50i_a64
      platform. Specifically, these misra fixes removed a single and
      instruction,
      
          92407e73        and     x19, x19, #0xffffffff
      
      from the cm_setup_context function caused a relocation in
      psci_cpus_on_start to require a linker-generated stub. This increased the
      size of the .text section and caused an alignment later on to go over a
      page boundary and round up to the end of RAM before placing the .data
      section. This sectionn is of non-zero size and therefore causes a link
      error.
      
      The fix included in this reorders the functions during link time
      without changing their ording with respect to alignment.
      
      Change-Id: I76b4b662c3d262296728a8b9aab7a33b02087f16
      Signed-off-by: default avatarJimmy Brisson <jimmy.brisson@arm.com>
      d7b5f408
  14. 09 Oct, 2020 1 commit
    • Jimmy Brisson's avatar
      Don't return error information from console_flush · 831b0e98
      Jimmy Brisson authored
      
      
      And from crash_console_flush.
      
      We ignore the error information return by console_flush in _every_
      place where we call it, and casting the return type to void does not
      work around the MISRA violation that this causes. Instead, we collect
      the error information from the driver (to avoid changing that API), and
      don't return it to the caller.
      
      Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1
      Signed-off-by: default avatarJimmy Brisson <jimmy.brisson@arm.com>
      831b0e98
  15. 15 Sep, 2020 1 commit
  16. 10 Sep, 2020 1 commit
  17. 02 Sep, 2020 1 commit
    • Alexei Fedorov's avatar
      plat/arm: Introduce and use libc_asm.mk makefile · e3f2b1a9
      Alexei Fedorov authored
      Trace analysis of FVP_Base_AEMv8A 0.0/6063 model
      running in Aarch32 mode with the build options
      listed below:
      TRUSTED_BOARD_BOOT=1 GENERATE_COT=1
      ARM_ROTPK_LOCATION=devel_ecdsa KEY_ALG=ecdsa
      ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_ecdsa.pem
      shows that when auth_signature() gets called
      71.99% of CPU execution time is spent in memset() function
      written in C using single byte write operations,
      see lib\libc\memset.c.
      This patch introduces new libc_asm.mk makefile which
      replaces C memset() implementation with assembler
      version giving the following results:
      - for Aarch32 in auth_signature() call memset() CPU time
      reduced to 20.56%.
      The number of CPU instructions (Inst) executed during
      TF-A boot stage before start of BL33 in RELEASE builds
      for different versions is presented in the tables below,
      where:
      - C TF-A: existing TF-A C code;
      - C musl: "lightweight code" C "implementation of the
        standard library for Linux-based systems"
      https://git.musl-libc.org/cgit/musl/tree/src/string/memset.c
      - Asm Opt: assemler version from "Arm Optimized Routines"
        project
      https://github.com/ARM-software/optimized-routines/blob/
      master/string/arm/memset.S
      - Asm Linux: assembler version from Linux kernel
      https://github.com/torvalds/linux/blob/master/arch/arm/lib/memset.S
      
      
      - Asm TF-A: assembler version from this patch
      
      Aarch32:
      +-----------+------+------+--------------+----------+
      | Variant   | Set  | Size |    Inst 	 |  Ratio   |
      +-----------+------+------+--------------+----------+
      | C TF-A    | T32  | 16   | 2122110003   | 1.000000 |
      | C musl    | T32  | 156  | 1643917668   | 0.774662 |
      | Asm Opt   | T32  | 84   | 1604810003   | 0.756233 |
      | Asm Linux | A32  | 168  | 1566255018   | 0.738065 |
      | Asm TF-A  | A32  | 160  | 1525865101   | 0.719032 |
      +-----------+------+------+--------------+----------+
      
      AArch64:
      +-----------+------+------------+----------+
      | Variant   | Size |    Inst    |  Ratio   |
      +-----------+------+------------+----------+
      | C TF-A    | 28   | 2732497518 | 1.000000 |
      | C musl    | 212  | 1802999999 | 0.659836 |
      | Asm TF-A  | 140  | 1680260003 | 0.614917 |
      +-----------+------+------------+----------+
      
      This patch modifies 'plat\arm\common\arm_common.mk'
      by overriding libc.mk makefile with libc_asm.mk and
      does not effect other platforms.
      
      Change-Id: Ie89dd0b74ba1079420733a0d76b7366ad0157c2e
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      e3f2b1a9
  18. 28 Aug, 2020 2 commits
  19. 26 Aug, 2020 1 commit
  20. 18 Aug, 2020 2 commits
    • Manish V Badarkhe's avatar
      Add wrapper for AT instruction · 86ba5853
      Manish V Badarkhe authored
      
      
      In case of AT speculative workaround applied, page table walk
      is disabled for lower ELs (EL1 and EL0) in EL3.
      Hence added a wrapper function which temporarily enables page
      table walk to execute AT instruction for lower ELs and then
      disables page table walk.
      
      Execute AT instructions directly for lower ELs (EL1 and EL0)
      assuming page table walk is enabled always when AT speculative
      workaround is not applied.
      
      Change-Id: I4ad4c0bcbb761448af257e9f72ae979473c0dde8
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      86ba5853
    • Manish V Badarkhe's avatar
      plat/arm: remove common code for soc-id feature · 7f03d80d
      Manish V Badarkhe authored
      
      
      Removed common code for soc-id feature which is applicable
      for all arm platforms.
      
      In subsequent patches, added a platform based functions
      for FVP and Juno to retrieve the soc-id information.
      
      Change-Id: Idb632a935758a6caff2ca03a6eab8f663da8a93a
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      7f03d80d
  21. 14 Aug, 2020 2 commits
    • Manish Pandey's avatar
      plat/arm: enable support for Plat owned SPs · 990d972f
      Manish Pandey authored
      
      
      For Arm platforms SPs are loaded by parsing tb_fw_config.dts and
      adding them to SP structure sequentially, which in-turn is appended to
      loadable image list.
      
      With recently introduced dualroot CoT for SPs where they are owned
      either by SiP or by Platform. SiP owned SPs index starts at SP_PKG1_ID
      and Plat owned SPs index starts at SP_PKG5_ID. As the start index of SP
      depends on the owner, there should be a mechanism to parse owner of a SP
      and put it at the correct index in SP structure.
      
      This patch adds support for parsing a new optional field "owner" and
      based on it put SP details(UUID & Load-address) at the correct index in
      SP structure.
      
      Change-Id: Ibd255b60d5c45023cc7fdb10971bef6626cb560b
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      990d972f
    • Jimmy Brisson's avatar
      Prevent colliding identifiers · d74c6b83
      Jimmy Brisson authored
      
      
      There was a collision between the name of the typedef in the CASSERT and
      something else, so we make the name of the typedef unique to the
      invocation of DEFFINE_SVC_UUID2 by appending the name that's passed into
      the macro. This eliminates the following MISRA violation:
      
          bl1/bl1_main.c:233:[MISRA C-2012 Rule 5.6 (required)] Identifier
          "invalid_svc_uuid" is already used to represent a typedef.
      
      This also resolves MISRA rule 5.9.
      
      These renamings are as follows:
        * tzram -> secram. This matches the function call name as it has
        sec_mem in it's  name
        * fw_config_base -> config_base. This file does not mess with
        hw_conig, so there's little chance of confusion
      
      Change-Id: I8734ba0956140c8e29b89d0596d10d61a6ef351e
      Signed-off-by: default avatarJimmy Brisson <jimmy.brisson@arm.com>
      d74c6b83
  22. 10 Aug, 2020 1 commit
    • Alexei Fedorov's avatar
      plat/arm: Reduce size of BL31 binary · fa1fdb22
      Alexei Fedorov authored
      
      
      BL31 binary size is aligned to 4KB because of the
      code in include\plat\arm\common\arm_reclaim_init.ld.S:
          __INIT_CODE_UNALIGNED__ = .;
          . = ALIGN(PAGE_SIZE);
          __INIT_CODE_END__ = .;
      with all the zero data after the last instruction of
      BL31 code to the end of the page.
      This causes increase in size of BL31 binary stored in FIP
      and its loading time by BL2.
      This patch reduces the size of BL31 image by moving
      page alignment from __INIT_CODE_END__ to __STACKS_END__
      which also increases the stack size for secondary CPUs.
      
      Change-Id: Ie2ec503fc774c22c12ec506d74fd3ef2b0b183a9
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      fa1fdb22
  23. 31 Jul, 2020 1 commit
    • Manish Pandey's avatar
      tbbr/dualroot: rename SP package certificate file · 03a5225c
      Manish Pandey authored
      
      
      Currently only single signing domain is supported for SP packages but
      there is plan to support dual signing domains if CoT is dualroot.
      
      SP_CONTENT_CERT_ID is the certificate file which is currently generated
      and signed with trusted world key which in-turn is derived from Silicon
      provider RoT key.
      To allow dual signing domain for SP packages, other certificate file
      will be derived from Platform owned RoT key.
      
      This patch renames "SP_CONTENT_CERT_ID" to "SIP_SP_CONTENT_CERT_ID" and
      does other related changes.
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: I0bc445a3ab257e2dac03faa64f46e36a9fed5e93
      03a5225c
  24. 30 Jul, 2020 1 commit
  25. 26 Jul, 2020 1 commit
  26. 24 Jul, 2020 1 commit
  27. 23 Jul, 2020 4 commits
  28. 21 Jul, 2020 2 commits
  29. 29 Jun, 2020 1 commit
  30. 25 Jun, 2020 1 commit
    • Manish V Badarkhe's avatar
      plat/arm: Load and populate fw_config and tb_fw_config · 82869675
      Manish V Badarkhe authored
      
      
      Modified the code to do below changes:
      
      1. Load tb_fw_config along with fw_config by BL1.
      2. Populate fw_config device tree information in the
         BL1 to load tb_fw_config.
      3. In BL2, populate fw_config information to retrieve
         the address of tb_fw_config and then tb_fw_config
         gets populated using retrieved address.
      4. Avoid processing of configuration file in case of error
         value returned from "fw_config_load" function.
      5. Updated entrypoint information for BL2 image so
         that it's arg0 should point to fw_config address.
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      Change-Id: Ife6f7b673a074e7f544ee3d1bda7645fd5b2886c
      82869675