- 22 Jun, 2020 8 commits
-
-
Manish Pandey authored
* changes: Tegra: sanity check NS address and size before use Tegra: memctrl_v2: fixup sequence to resize video memory
-
Madhukar Pappireddy authored
-
Mark Dykes authored
-
Manish Pandey authored
* changes: drivers/scmi-msg: smt entry points for incoming messages drivers/scmi-msg: support for reset domain protocol drivers/scmi-msg: support for clock protocol drivers/scmi-msg: driver for processing scmi messages
-
Sandrine Bailleux authored
-
Sandeep Tripathy authored
It is desired to have the peripheral writes completed to clear the interrupt condition and de-assert the interrupt request to GIC before EOI write. Failing which spurious interrupt will occurred. A barrier is needed to ensure peripheral register write transfers are complete before EOI is done. GICv2 memory mapped DEVICE nGnR(n)E writes are ordered from core point of view. However these writes may pass over different interconnects, bridges, buffers leaving some rare chances for the actual write to complete out of order. GICv3 ICC EOI system register writes have no ordering against nGnR(n)E memory writes as they are over different interfaces. Hence a dsb can ensure from core no writes are issued before the previous writes are *complete*. Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com> Change-Id: Ie6362009e2f91955be99dca8ece14ade7b4811d6
-
Olivier Deprez authored
-
Sheetal Tigadoli authored
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com> Change-Id: Iaf6deaeee2069720518221157edbb052bc42850a
-
- 21 Jun, 2020 1 commit
-
-
Varun Wadekar authored
This patch updates the 'bl31_check_ns_address()' helper function to check that the memory address and size passed by the NS world are not zero. The helper fucntion also returns the error code as soon as it detects inconsistencies, to avoid multiple error paths from kicking in for the same input parameters. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com> Change-Id: I46264f913954614bedcbde12e47ea0c70cd19be0
-
- 19 Jun, 2020 3 commits
-
-
Alexei Fedorov authored
This patch adds BRANCH_PROTECTION = 4 'bti' build option which turns on branch target identification mechanism. Change-Id: I32464a6b51726a100519f449a95aea5331f0e82d Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
Varun Wadekar authored
This patch provides the platform level support to enable GICv3 drivers on future Tegra platforms. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com> Change-Id: I966a4502b2a4a7bd1ce66da843997c9ed605c59f
-
Varun Wadekar authored
The previous sequence used by the driver to program the new memory aperture settings and clear the non-overlapping memory was faulty. The sequence locked the non-overlapping regions twice, leading to faults when trying to clear it. This patch modifies the sequence to follow these steps: * move the previous memory region to a new firewall register * program the new memory aperture settings * clean the non-overlapping memory This patch also maps the non-overlapping memory as Device memory to follow guidance from the arch. team. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com> Change-Id: I7cf6e05b2dd372103dc7229e37b1b3fc269a57ae
-
- 17 Jun, 2020 7 commits
-
-
Manish Pandey authored
* changes: ddr: a80x0: add DDR 32-bit ECC mode support ble: ap807: improve PLL configuration sequence ble: ap807: clean-up PLL configuration sequence ddr: a80x0: add DDR 32-bit mode support plat: marvell: mci: perform mci link tuning for all mci interfaces plat: marvell: mci: use more meaningful name for mci link tuning plat: marvell: a8k: remove wrong or unnecessary comments plat: marvell: ap807: enable snoop filter for ap807 plat: marvell: ap807: update configuration space of each CP plat: marvell: ap807: use correct address for MCIx4 register plat: marvell: add support for PLL 2.2GHz mode plat: marvell: armada: make a8k_common.mk and mss_common.mk more generic marvell: armada: add extra level in marvell platform hierarchy
-
Etienne Carriere authored
This change implements SCMI channels for reading a SCMI message from a shared memory and call the SCMI message drivers to route the message to the target platform services. SMT refers to the shared memory management protocol which is used to get/put message/response in shared memory. SMT is a 28byte header stating shared memory state and exchanged protocol data. The processing entry for a SCMI message can be a secure interrupt or fastcall SMCCC invocation. SMT description in this implementation is based on the OP-TEE project [1] itself based in the SCP-firmware implementation [2]. Link: [1] https://github.com/OP-TEE/optee_os/commit/a58c4d706d2333d2b21a3eba7e2ec0cb257bca1d Link: [2] https://github.com/ARM-software/SCP-firmware.git Change-Id: I416c7dab5c67954c6fe80bae8d8cdfdcda66873e Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
-
Sandrine Bailleux authored
-
Etienne Carriere authored
Adds SCMI reset domain protocol support in the SCMI message drivers as defined in SCMI specification v2.0 [1]. Not all the messages defined in the specification are supported. scmi_msg_get_rd_handler() sanitizes the message_id value against any speculative use of reset domain ID as a index since by SCMI specification, IDs are indices. This implementation is based on the OP-TEE project implementation [2] itself based on the SCP-firmware implementation [3] of the SCMI protocol server side. Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf Link: [2] https://github.com/OP-TEE/optee_os/commit/56a1f10ed99d683ee3a8af29b6147a59a99ef3e0 Link: [3] https://github.com/ARM-software/SCP-firmware.git Change-Id: If7cf13de40a815dedb40dcd5af8b6bb6725d9078 Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
-
Etienne Carriere authored
Adds SCMI clock protocol support in the SCMI message drivers as defined in SCMI specification v2.0 [1] for clock protocol messages. Platform can provide one of the plat_scmi_clock_*() handler for the supported operations set/get state/rate and others. scmi_msg_get_clock_handler() sanitizes the message_id value against any speculative use of clock ID as a index since by SCMI specification, IDs are indices. This implementation is based on the OP-TEE project implementation [2] itself based on the SCP-firmware implementation [3] of the SCMI protocol server side. Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf Link: [2] https://github.com/OP-TEE/optee_os/commit/a7a9e3ba71dd908aafdc4c5ed9b29b15faa9692d Link: [3] https://github.com/ARM-software/SCP-firmware.git Change-Id: Ib56e096512042d4f7b9563d1e4181554eb8ed02c Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
-
Etienne Carriere authored
This change introduces drivers to allow a platform to create a basic SCMI service and register handlers for client request (SCMI agent) on system resources. This is the first piece of the drivers: an entry function, the SCMI base protocol support and helpers for create the response message. With this change, scmi_process_message() is the entry function to process an incoming SCMI message. The function expect the message is already copied from shared memory into secure memory. The message structure stores message reference and output buffer reference where response message shall be stored. scmi_process_message() calls the SCMI protocol driver according to the protocol ID in the message. The SCMI protocol driver will call defined platform handlers according to the message content. This change introduces only the SCMI base protocol as defined in SCMI specification v2.0 [1]. Not all the messages defined in the specification are supported. The SCMI message implementation is derived from the OP-TEE project [2] itself based on the SCP-firmware implementation [3] of the SCMI protocol server side. Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf Link: [2] https://github.com/OP-TEE/optee_os/commit/ae8c8068098d291e6e55744dbc237ec39fd9840a Link: [3] https://github.com/ARM-software/SCP-firmware/tree/v2.6.0 Change-Id: I639c4154a39fca60606264baf8d32452641f45e9 Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
-
Manish V Badarkhe authored
Load address of tb_fw_config is incorrectly mentioned in below device trees: 1. rdn1edge_fw_config.dts 2. tc0_fw_config.dts Till now, tb_fw_config load-address is not being retrieved from device tree and hence never exeprienced any issue for tc0 and rdn1edge platform. For tc0 and rdn1edge platform, Load-address of tb_fw_config should be the SRAM base address + 0x300 (size of fw_config device tree) Hence updated these platform's fw_config.dts accordingly to reflect this load address change. Change-Id: I2ef8b05d49be10767db31384329f516df11ca817 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
-
- 16 Jun, 2020 2 commits
-
-
Manish Pandey authored
* changes: Tegra194: ras: verbose prints for SErrors Prevent RAS register access from lower ELs Tegra194: SiP: clear RAS corrected error records Tegra194: add RAS exception handling
-
Sandrine Bailleux authored
-
- 15 Jun, 2020 3 commits
-
-
Manish Pandey authored
* changes: tbbr: add chain of trust for Secure Partitions cert_create: extend Secure partition support for tbbr CoT
-
Sandrine Bailleux authored
Change-Id: I3726f42f8f3de0cd88bd77a0f9d92a710649d18c Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Manish Pandey authored
with sha 44f1aa8e , support for Silicon Provider(SiP) owned Secure Partition(SP) was added for dualroot CoT. This patch extends this support for tbbr CoT. Earlier tbbr CoT for SPs was left to avoid adding new image types in TBBR which could possibly be seen as deviation from specification. But with further discussions it is understood that TBBR being a *minimal* set of requirements that can be extended as long as we don't violate any of the musts, which is the case with adding SP support. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: I1b9e3ebdd7d653f1fd4cc3bd910a69871b55ecbb
-
- 12 Jun, 2020 4 commits
-
-
David Pu authored
This patch provides verbose prints for RAS SErrors handled by the firmware, for improved debugging. Change-Id: Iaad8d183054d884f606dc4621da2cc6b2375bcf9 Signed-off-by: David Pu <dpu@nvidia.com> Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch adds a build config 'RAS_TRAP_LOWER_EL_ERR_ACCESS' to set SCR_EL3.TERR during CPU boot. This bit enables trapping RAS register accesses from EL1 or EL2 to EL3. RAS_TRAP_LOWER_EL_ERR_ACCESS is disabled by default. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com> Change-Id: Ifb0fb0afedea7dd2a29a0b0491a1161ecd241438
-
Varun Wadekar authored
This patch introduces a function ID to clear all the RAS error records for corrected errors. Per latest requirement, ARM RAS corrected errors will be reported to lower ELs via interrupts and cleared via SMC. This patch provides required function to clear RAS error status. This patch also sets up all required RAS Corrected errors in order to route RAS corrected errors to lower ELs. Change-Id: I554ba1d0797b736835aa27824782703682c91e51 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com> Signed-off-by: David Pu <dpu@nvidia.com>
-
David Pu authored
This patch adds all Tegra194 RAS nodes definitions and support to handle all uncorrectable RAS errors. Change-Id: I109b5a8dbca91d92752dc282c4ca30f273c475f9 Signed-off-by: David Pu <dpu@nvidia.com> Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 11 Jun, 2020 2 commits
-
-
Manish Pandey authored
with sha 0792dd7d , support to generate certificate for Secure Partitions was added for dualroot CoT only, this patch extends this support for tbbr CoT. Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: I451c0333536dd1cbe17861d454bdb0dc7a17c63f
-
Madhukar Pappireddy authored
-
- 09 Jun, 2020 10 commits
-
-
Madhukar Pappireddy authored
-
Madhukar Pappireddy authored
-
Philipp Tomsich authored
The RK3368 has two clusters of 4 cores and it's cluster id starts at bit 8 of the MPIDR. To convert from the cluster id (0 or 1) to the lowest CPU-ID in the respective cluster, we thus need to shift by 6 (i.e. shift by 8 to extract the cluster-id and multiply by 4). This change is required to ensure the PSCI support can index the per-cpu entry-address array correctly. Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com> Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com> Change-Id: I64a76038f090a85a47067f09f750e96e3946e756
-
Varun Wadekar authored
The Denver CPUs implement support for PMUv3 for ARMv8.1 and expect the PMCR_EL0 to be saved in non-secure context. This patch disables cycle counter when event counting is prohibited immediately on entering the secure world to avoid leaking useful information about the PMU counters. The context saving code later saves the value of PMCR_EL0 to the non-secure world context. Verified with 'PMU Leakage' test suite. ******************************* Summary ******************************* > Test suite 'PMU Leakage' Passed ================================= Tests Skipped : 2 Tests Passed : 2 Tests Failed : 0 Tests Crashed : 0 Total tests : 4 ================================= Signed-off-by: Varun Wadekar <vwadekar@nvidia.com> Change-Id: I3675e2b99b44ed23d86e29a5af1b496e80324875
-
Manish Pandey authored
* changes: dualroot: add chain of trust for secure partitions sptool: append cert_tool arguments. cert_create: add SiP owned secure partitions support
-
Mark Dykes authored
-
Madhukar Pappireddy authored
Using the fconf framework, the Group 0 and Group 1 secure interrupt descriptors are moved to device tree and retrieved in runtime. This feature is enabled by the build flag SEC_INT_DESC_IN_FCONF. Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
Andre Przywara authored
The only difference between GIC-500 and GIC-600 relevant to TF-A is the differing power management sequence. A certain GIC implementation is detectable at runtime, for instance by checking the IIDR register. Let's add that test before initiating the GIC-600 specific sequence, so the code can be used on both GIC-600 and GIC-500 chips alike, without deciding on a GIC chip at compile time. This means that the GIC-500 "driver" is now redundant. To allow minimal platform support, add a switch to disable GIC-600 support. Change-Id: I17ea97d9fb05874772ebaa13e6678b4ba3415557 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Manish Pandey authored
A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP) owned Secure Partitions(SP). A similar support for Platform owned SP can be added in future. The certificate is also protected against anti- rollback using the trusted Non-Volatile counter. To avoid deviating from TBBR spec, support for SP CoT is only provided in dualroot. Secure Partition content certificate is assigned image ID 31 and SP images follows after it. The CoT for secure partition look like below. +------------------+ +-------------------+ | ROTPK/ROTPK Hash |------>| Trusted Key | +------------------+ | Certificate | | (Auth Image) | /+-------------------+ / | / | / | / | L v +------------------+ +-------------------+ | Trusted World |------>| SiP owned SPs | | Public Key | | Content Cert | +------------------+ | (Auth Image) | / +-------------------+ / | / v| +------------------+ L +-------------------+ | SP_PKG1 Hash |------>| SP_PKG1 | | | | (Data Image) | +------------------+ +-------------------+ . . . . . . +------------------+ +-------------------+ | SP_PKG8 Hash |------>| SP_PKG8 | | | | (Data Image) | +------------------+ +-------------------+ Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ia31546bac1327a3e0b5d37e8b99c808442d5e53f
-
Sandrine Bailleux authored
-