GitLab

Adds SCMI reset domain protocol support in the SCMI message drivers
as defined in SCMI specification v2.0 [1]. Not all the messages
defined in the specification are supported.

scmi_msg_get_rd_handler() sanitizes the message_id value
against any speculative use of reset domain ID as a index since by
SCMI specification, IDs are indices.

This implementation is based on the OP-TEE project implementation [2]
itself based on the SCP-firmware implementation [3] of the SCMI
protocol server side.

Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
Link: [2] https://github.com/OP-TEE/optee_os/commit/56a1f10ed99d683ee3a8af29b6147a59a99ef3e0
Link: [3] https://github.com/ARM-software/SCP-firmware.git



Change-Id: If7cf13de40a815dedb40dcd5af8b6bb6725d9078
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

Adds SCMI clock protocol support in the SCMI message drivers as
defined in SCMI specification v2.0 [1] for clock protocol messages.

Platform can provide one of the plat_scmi_clock_*() handler for the
supported operations set/get state/rate and others.

scmi_msg_get_clock_handler() sanitizes the message_id value
against any speculative use of clock ID as a index since by
SCMI specification, IDs are indices.

This implementation is based on the OP-TEE project implementation [2]
itself based on the SCP-firmware implementation [3] of the SCMI
protocol server side.

Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
Link: [2] https://github.com/OP-TEE/optee_os/commit/a7a9e3ba71dd908aafdc4c5ed9b29b15faa9692d
Link: [3] https://github.com/ARM-software/SCP-firmware.git



Change-Id: Ib56e096512042d4f7b9563d1e4181554eb8ed02c
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

This change introduces drivers to allow a platform to create a basic
SCMI service and register handlers for client request (SCMI agent) on
system resources. This is the first piece of the drivers: an entry
function, the SCMI base protocol support and helpers for create
the response message.

With this change, scmi_process_message() is the entry function to
process an incoming SCMI message. The function expect the message
is already copied from shared memory into secure memory. The message
structure stores message reference and output buffer reference where
response message shall be stored.

scmi_process_message() calls the SCMI protocol driver according to
the protocol ID in the message. The SCMI protocol driver will call
defined platform handlers according to the message content.

This change introduces only the SCMI base protocol as defined in
SCMI specification v2.0 [1]. Not all the messages defined
in the specification are supported.

The SCMI message implementation is derived from the OP-TEE project [2]
itself based on the SCP-firmware implementation [3] of the SCMI protocol
server side.

Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
Link: [2] https://github.com/OP-TEE/optee_os/commit/ae8c8068098d291e6e55744dbc237ec39fd9840a
Link: [3] https://github.com/ARM-software/SCP-firmware/tree/v2.6.0



Change-Id: I639c4154a39fca60606264baf8d32452641f45e9
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

* changes:
  tbbr: add chain of trust for Secure Partitions
  cert_create: extend Secure partition support for tbbr CoT

with sha 44f1aa8e

, support for Silicon Provider(SiP) owned Secure
Partition(SP) was added for dualroot CoT. This patch extends this
support for tbbr CoT.

Earlier tbbr CoT for SPs was left to avoid adding new image types in
TBBR which could possibly be seen as deviation from specification.
But with further discussions it is understood that TBBR being a
*minimal* set of requirements that can be extended as long as we don't
violate any of the musts, which is the case with adding SP support.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I1b9e3ebdd7d653f1fd4cc3bd910a69871b55ecbb

with sha 0792dd7d

, support to generate certificate for Secure
Partitions was added for dualroot CoT only, this patch extends
this support for tbbr CoT.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I451c0333536dd1cbe17861d454bdb0dc7a17c63f

The RK3368 has two clusters of 4 cores and it's cluster id starts at
bit 8 of the MPIDR.  To convert from the cluster id (0 or 1) to the
lowest CPU-ID in the respective cluster, we thus need to shift by 6
(i.e. shift by 8 to extract the cluster-id and multiply by 4).

This change is required to ensure the PSCI support can index the
per-cpu entry-address array correctly.
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com>
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Change-Id: I64a76038f090a85a47067f09f750e96e3946e756

The Denver CPUs implement support for PMUv3 for ARMv8.1 and expect the
PMCR_EL0 to be saved in non-secure context.

This patch disables cycle counter when event counting is prohibited
immediately on entering the secure world to avoid leaking useful
information about the PMU counters. The context saving code later
saves the value of PMCR_EL0 to the non-secure world context.

Verified with 'PMU Leakage' test suite.

 ******************************* Summary *******************************
 > Test suite 'PMU Leakage'
                                                                 Passed
 =================================
 Tests Skipped : 2
 Tests Passed  : 2
 Tests Failed  : 0
 Tests Crashed : 0
 Total tests   : 4
 =================================
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I3675e2b99b44ed23d86e29a5af1b496e80324875

* changes:
  dualroot: add chain of trust for secure partitions
  sptool: append cert_tool arguments.
  cert_create: add SiP owned secure partitions support

Using the fconf framework, the Group 0 and Group 1 secure interrupt
descriptors are moved to device tree and retrieved in runtime. This
feature is enabled by the build flag SEC_INT_DESC_IN_FCONF.

Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

The only difference between GIC-500 and GIC-600 relevant to TF-A is the
differing power management sequence.
A certain GIC implementation is detectable at runtime, for instance by
checking the IIDR register. Let's add that test before initiating the
GIC-600 specific sequence, so the code can be used on both GIC-600 and
GIC-500 chips alike, without deciding on a GIC chip at compile time.

This means that the GIC-500 "driver" is now redundant. To allow minimal
platform support, add a switch to disable GIC-600 support.

Change-Id: I17ea97d9fb05874772ebaa13e6678b4ba3415557
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP)
owned Secure Partitions(SP). A similar support for Platform owned SP can
be added in future. The certificate is also protected against anti-
rollback using the trusted Non-Volatile counter.

To avoid deviating from TBBR spec, support for SP CoT is only provided
in dualroot.
Secure Partition content certificate is assigned image ID 31 and SP
images follows after it.

The CoT for secure partition look like below.
+------------------+       +-------------------+
| ROTPK/ROTPK Hash |------>| Trusted Key       |
+------------------+       | Certificate       |
                           | (Auth Image)      |
                          /+-------------------+
                         /                   |
                        /                    |
                       /                     |
                      /                      |
                     L                       v
+------------------+       +-------------------+
| Trusted World    |------>| SiP owned SPs     |
| Public Key       |       | Content Cert      |
+------------------+       | (Auth Image)      |
                        /   +-------------------+
                       /                      |
                      /                      v|
+------------------+ L     +-------------------+
| SP_PKG1 Hash     |------>| SP_PKG1           |
|                  |       | (Data Image)      |
+------------------+       +-------------------+
        .                           .
        .                           .
        .                           .
+------------------+       +-------------------+
| SP_PKG8 Hash     |------>| SP_PKG8           |
|                  |       | (Data Image)      |
+------------------+       +-------------------+
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ia31546bac1327a3e0b5d37e8b99c808442d5e53f

* changes:
  plat: intel: Additional instruction required to enable global timer
  plat: intel: Fix CCU initialization for Agilex
  plat: intel: Add FPGAINTF configuration to when configuring pinmux
  plat: intel: set DRVSEL and SMPLSEL for DWMMC
  plat: intel: Fix clock configuration bugs

There are additional instruction needed to enable the global timer.
This fixes the global timer initialization
Signed-off-by: Tien Hock Loh <tien.hock.loh@intel.com>
Change-Id: Idaf2d23359aacc417e2b7d8cdf1688b5cd17ca98

The CCU initialization loop uses the wrong units, this fixes that. This
also fixes snoop filter register set bits should be used instead of
overwriting the register
Signed-off-by: Tien Hock Loh <tien.hock.loh@intel.com>
Change-Id: Ia15eeeae5569b00ad84120182170d353ee221b31

The size of buffer currently used to store the FDT passed from U-Boot as
a platform parameter is not large enough to store some RK3399 device
trees. The largest RK3399 device tree currently in U-Boot (for the
Pinebook Pro) is about 70KB in size when passed to TF-A, so increase the
buffer size to 128K which gives some headroom for possibly larger FDTs
in future.
Signed-off-by: Hugh Cole-Baker <sigmaris@gmail.com>
Change-Id: I414caf20683cd47c02ee470dfa988544f3809919

FPGAINTF wasn't enabled when configuring pinmux. This fixes the issue.
Signed-off-by: Tien Hock Loh <tien.hock.loh@intel.com>
Change-Id: I5a6aacd504901b8f7327b2f4854b8a77d0c37019

DRVSEL and SMPLSEL needs to be set so that it can properly go into full
speed mode. This needs to be done in EL3 as the registers are secured.
Signed-off-by: Tien Hock Loh <tien.hock.loh@intel.com>
Change-Id: Ia2f348e7742ff7b76da74d392ef1ce71e2f41677

This fixes a few issues on the Agilex clock configuration:
- Set clock manager into boot mode before configuring clock
- Fix wrong divisor used when calculating vcocalib
- PLL sync configuration should be read and then written
- Wait PLL lock after PLL sync configuration is done
- Clear interrupt bits instead of set interrupt bits after configuration
Signed-off-by: Tien Hock Loh <tien.hock.loh@intel.com>
Change-Id: I54c1dc5fe9b102e3bbc1237a92d8471173b8af70

To support secure boot of SP's update cert tool arguments while
generating sp_gen.mk which in turn is consumed by build system.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I2293cee9b7c684c27d387aba18e0294c701fb1cc

Add support to generate certificate "sip-sp-cert" for Secure
Partitions(SP) owned by Silicon provider(SiP).
To avoid deviation from TBBR specification the support is only added for
dualroot CoT and not for TBBR CoT.

A single certificate file is generated containing hash of individual
packages. Maximum 8 secure partitions are supported.

Following new options added to cert_tool:
 --sip-sp-cert --> SiP owned Secure Partition Content Certificate
 --sp-pkg1 --> Secure Partition Package1 file
 --sp-pkg2
 .....
 --sp-pkg8

Trusted world key pair is used for signing.

Going forward, this feature can be extended for Platfrom owned
Partitions, if required.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ia6dfbc1447cfb41b1fcbd12cf2bf7b88f409bd8d

As per "include/export/README", TF-A code should never include export
headers directly. Instead, it should include a wrapper header that
ensures the export header is included in the right manner.

"tbbr_img_def_exp.h" is directly included in TF-A code, this patch
replaces it with its  wrapper header "tbbr_img_def.h".
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I31c1a42e6a7bcac4c396bb17e8548567ecd8147d

Current value is 16, count the MAP_REGION calls gets us at least 17,
so increase the max value to 20 to have a bit of a margin.
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Change-Id: I93d0324f3d483758366e758f8f663545d365e03f

Fix etzpc node location in stm32mp157c DTSI file as requested during the
patch review. The comment was addressed then fixup change discarded while
rebasing.

Change-Id: Ie53531fec7da224de0b86c968a66aec441bfc25d
Fixes: 627298d4

 ("dts: stm32mp157c: add etzpc node")
Reported-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>

64KB was not enouth to handle fdt, bl2 shows
following error message.

"ERROR:   Invalid Device Tree at 0x10000000000: error -3"

This patch increases the size to 1MB to address above error.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Change-Id: I0726a0cea95087175451da0dba7410acd27df808