1. 09 Jun, 2020 1 commit
    • Manish Pandey's avatar
      dualroot: add chain of trust for secure partitions · 44f1aa8e
      Manish Pandey authored
      
      
      A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP)
      owned Secure Partitions(SP). A similar support for Platform owned SP can
      be added in future. The certificate is also protected against anti-
      rollback using the trusted Non-Volatile counter.
      
      To avoid deviating from TBBR spec, support for SP CoT is only provided
      in dualroot.
      Secure Partition content certificate is assigned image ID 31 and SP
      images follows after it.
      
      The CoT for secure partition look like below.
      +------------------+       +-------------------+
      | ROTPK/ROTPK Hash |------>| Trusted Key       |
      +------------------+       | Certificate       |
                                 | (Auth Image)      |
                                /+-------------------+
                               /                   |
                              /                    |
                             /                     |
                            /                      |
                           L                       v
      +------------------+       +-------------------+
      | Trusted World    |------>| SiP owned SPs     |
      | Public Key       |       | Content Cert      |
      +------------------+       | (Auth Image)      |
                              /   +-------------------+
                             /                      |
                            /                      v|
      +------------------+ L     +-------------------+
      | SP_PKG1 Hash     |------>| SP_PKG1           |
      |                  |       | (Data Image)      |
      +------------------+       +-------------------+
              .                           .
              .                           .
              .                           .
      +------------------+       +-------------------+
      | SP_PKG8 Hash     |------>| SP_PKG8           |
      |                  |       | (Data Image)      |
      +------------------+       +-------------------+
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: Ia31546bac1327a3e0b5d37e8b99c808442d5e53f
      44f1aa8e
  2. 03 Jun, 2020 1 commit
  3. 01 Jun, 2020 1 commit
    • Etienne Carriere's avatar
      drivers: stm32_reset adapt interface to timeout argument · 45c70e68
      Etienne Carriere authored
      
      
      Changes stm32mp1 reset driver to API to add a timeout argument
      to stm32mp_reset_assert() and stm32mp_reset_deassert() and
      a return value.
      
      With a supplied timeout, the functions wait the target reset state
      is reached before returning. With a timeout of zero, the functions
      simply load target reset state in SoC interface and return without
      waiting.
      
      Helper functions stm32mp_reset_set() and stm32mp_reset_release()
      use a zero timeout and return without a return code.
      
      This change updates few stm32 drivers and plat/stm32mp1 blé_plat_setup.c
      accordingly without any functional change.
      functional change.
      
      Change-Id: Ia1a73a15125d3055fd8739c125b70bcb9562c27f
      Signed-off-by: default avatarEtienne Carriere <etienne.carriere@st.com>
      45c70e68
  4. 19 May, 2020 1 commit
  5. 11 May, 2020 1 commit
  6. 28 Apr, 2020 1 commit
    • Andre Przywara's avatar
      plat/stm32: Use generic fdt_read_uint32_array() implementation · 52a616b4
      Andre Przywara authored
      
      
      The device tree parsing code for the STM32 platform is using its own FDT
      helper functions, some of them being rather generic.
      In particular the existing fdt_read_uint32_array() implementation is now
      almost identical to the new generic code in fdt_wrappers.c, so we can
      remove the ST specific version and adjust the existing callers.
      
      Compared to the original ST implementation the new version takes a
      pointer to the DTB as the first argument, and also swaps the order of
      the number of cells and the pointer.
      
      Change-Id: Id06b0f1ba4db1ad1f733be40e82c34f46638551a
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      52a616b4
  7. 07 Apr, 2020 1 commit
  8. 06 Apr, 2020 1 commit
  9. 03 Apr, 2020 6 commits
  10. 02 Apr, 2020 1 commit
  11. 01 Apr, 2020 2 commits
  12. 23 Mar, 2020 1 commit
  13. 17 Mar, 2020 1 commit
    • Andre Przywara's avatar
      rpi3: gpio: Simplify GPIO setup · 0d92745e
      Andre Przywara authored
      
      
      There is really no reason to use and pass around a struct when its only
      member is the (fixed) base address.
      
      Remove the struct and just use the base address on its own inside the
      GPIO driver. Then set the base address automatically.
      
      This simplifies GPIO setup for users, which now don't need to deal with
      zeroing a struct and setting the base address anymore.
      
      Change-Id: I3060f7859e3f8ef9a24cc8fb38307b5da943f127
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      0d92745e
  14. 10 Mar, 2020 1 commit
  15. 06 Mar, 2020 2 commits
    • Sumit Garg's avatar
      TBB: Add an IO abstraction layer to load encrypted firmwares · 2be57b86
      Sumit Garg authored
      
      
      TBBR spec advocates for optional encryption of firmwares (see optional
      requirement: R060_TBBR_FUNCTION). So add an IO abstaction layer to
      support firmware decryption that can be stacked above any underlying IO/
      packaging layer like FIP etc. It aims to provide a framework to load any
      encrypted IO payload.
      
      Also, add plat_get_enc_key_info() to be implemented in a platform
      specific manner as handling of encryption key may vary from one platform
      to another.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I9892e0ddf00ebecb8981301dbfa41ea23e078b03
      2be57b86
    • Sumit Garg's avatar
      drivers: crypto: Add authenticated decryption framework · 7cda17bb
      Sumit Garg authored
      
      
      Add framework for autheticated decryption of data. Currently this
      patch optionally imports mbedtls library as a backend if build option
      "DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption
      using AES-GCM algorithm.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271
      7cda17bb
  16. 25 Feb, 2020 9 commits
  17. 07 Feb, 2020 3 commits
    • Aditya Angadi's avatar
      drivers/arm/scmi: allow use of multiple SCMI channels · 31e703f9
      Aditya Angadi authored
      
      
      On systems that have multiple platform components that can interpret the
      SCMI messages, there is a need to support multiple SCMI channels (one
      each to those platform components). Extend the existing SCMI interface
      that currently supports only a single SCMI channel to support multiple
      SCMI channels.
      
      Change-Id: Ice4062475b903aef3b5e5bc37df364c9778a62c5
      Signed-off-by: default avatarAditya Angadi <aditya.angadi@arm.com>
      31e703f9
    • Aditya Angadi's avatar
      drivers/mhu: derive doorbell base address · f8931606
      Aditya Angadi authored
      
      
      In order to allow the MHUv2 driver to be usable with multiple MHUv2
      controllers, use the base address of the controller from the platform
      information instead of the MHUV2_BASE_ADDR macro.
      
      Change-Id: I4dbab87b929fb0568935e6c8b339ce67937f8cd1
      Signed-off-by: default avatarAditya Angadi <aditya.angadi@arm.com>
      f8931606
    • Louis Mayencourt's avatar
      fconf: Move platform io policies into fconf · 0a6e7e3b
      Louis Mayencourt authored
      
      
      Use the firmware configuration framework to store the io_policies
      information inside the configuration device tree instead of the static
      structure in the code base.
      
      The io_policies required by BL1 can't be inside the dtb, as this one is
      loaded by BL1, and only available at BL2.
      
      This change currently only applies to FVP platform.
      
      Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      0a6e7e3b
  18. 30 Jan, 2020 1 commit
    • Grzegorz Jaszczyk's avatar
      plat: marvell: armada: add support for loading MG CM3 images · 81646055
      Grzegorz Jaszczyk authored
      
      
      In order to access MG SRAM, the amb bridge needs to be configured which is
      done in bl2 platform init.
      
      For MG CM3, the image is only loaded to its SRAM and the CM3 itself is
      left in reset. It is because the next stage bootloader (e.g. u-boot)
      will trigger action which will take it out of reset when needed. This
      can happen e.g. when appropriate device-tree setup (which has enabled
      802.3 auto-neg) will be chosen. In other cases the MG CM3 should not be
      running.
      
      Change-Id: I816ea14e3a7174eace068ec44e3cc09998d0337e
      Signed-off-by: default avatarGrzegorz Jaszczyk <jaz@semihalf.com>
      81646055
  19. 28 Jan, 2020 1 commit
  20. 20 Jan, 2020 4 commits