1. 24 Jun, 2020 1 commit
  2. 09 Jun, 2020 3 commits
    • Madhukar Pappireddy's avatar
      plat/fvp: Add support for dynamic description of secure interrupts · 452d5e5e
      Madhukar Pappireddy authored
      
      
      Using the fconf framework, the Group 0 and Group 1 secure interrupt
      descriptors are moved to device tree and retrieved in runtime. This
      feature is enabled by the build flag SEC_INT_DESC_IN_FCONF.
      
      Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      452d5e5e
    • Andre Przywara's avatar
      GICv3: GIC-600: Detect GIC-600 at runtime · b4ad365a
      Andre Przywara authored
      
      
      The only difference between GIC-500 and GIC-600 relevant to TF-A is the
      differing power management sequence.
      A certain GIC implementation is detectable at runtime, for instance by
      checking the IIDR register. Let's add that test before initiating the
      GIC-600 specific sequence, so the code can be used on both GIC-600 and
      GIC-500 chips alike, without deciding on a GIC chip at compile time.
      
      This means that the GIC-500 "driver" is now redundant. To allow minimal
      platform support, add a switch to disable GIC-600 support.
      
      Change-Id: I17ea97d9fb05874772ebaa13e6678b4ba3415557
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      b4ad365a
    • Manish Pandey's avatar
      dualroot: add chain of trust for secure partitions · 44f1aa8e
      Manish Pandey authored
      
      
      A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP)
      owned Secure Partitions(SP). A similar support for Platform owned SP can
      be added in future. The certificate is also protected against anti-
      rollback using the trusted Non-Volatile counter.
      
      To avoid deviating from TBBR spec, support for SP CoT is only provided
      in dualroot.
      Secure Partition content certificate is assigned image ID 31 and SP
      images follows after it.
      
      The CoT for secure partition look like below.
      +------------------+       +-------------------+
      | ROTPK/ROTPK Hash |------>| Trusted Key       |
      +------------------+       | Certificate       |
                                 | (Auth Image)      |
                                /+-------------------+
                               /                   |
                              /                    |
                             /                     |
                            /                      |
                           L                       v
      +------------------+       +-------------------+
      | Trusted World    |------>| SiP owned SPs     |
      | Public Key       |       | Content Cert      |
      +------------------+       | (Auth Image)      |
                              /   +-------------------+
                             /                      |
                            /                      v|
      +------------------+ L     +-------------------+
      | SP_PKG1 Hash     |------>| SP_PKG1           |
      |                  |       | (Data Image)      |
      +------------------+       +-------------------+
              .                           .
              .                           .
              .                           .
      +------------------+       +-------------------+
      | SP_PKG8 Hash     |------>| SP_PKG8           |
      |                  |       | (Data Image)      |
      +------------------+       +-------------------+
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: Ia31546bac1327a3e0b5d37e8b99c808442d5e53f
      44f1aa8e
  3. 08 Jun, 2020 1 commit
    • Manish Pandey's avatar
      plat/arm: do not include export header directly · 81de5bf7
      Manish Pandey authored
      
      
      As per "include/export/README", TF-A code should never include export
      headers directly. Instead, it should include a wrapper header that
      ensures the export header is included in the right manner.
      
      "tbbr_img_def_exp.h" is directly included in TF-A code, this patch
      replaces it with its  wrapper header "tbbr_img_def.h".
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: I31c1a42e6a7bcac4c396bb17e8548567ecd8147d
      81de5bf7
  4. 01 Jun, 2020 1 commit
  5. 25 May, 2020 1 commit
    • J-Alves's avatar
      SPCI is now called PSA FF-A · 662af36d
      J-Alves authored
      
      
      SPCI is renamed as PSA FF-A which stands for Platform Security
      Architecture Firmware Framework for A class processors.
      This patch replaces the occurrence of SPCI with PSA FF-A(in documents)
      or simply FFA(in code).
      
      Change-Id: I4ab10adb9ffeef1ff784641dfafd99f515133760
      Signed-off-by: default avatarJ-Alves <joao.alves@arm.com>
      662af36d
  6. 21 May, 2020 2 commits
  7. 19 May, 2020 1 commit
  8. 15 May, 2020 1 commit
  9. 05 May, 2020 2 commits
    • Andre Przywara's avatar
      fdt/wrappers: Introduce code to find UART DT node · 60e2e27d
      Andre Przywara authored
      
      
      The stdout-path property in the /chosen node of a DTB points to a device
      node, which is used for boot console output.
      On most (if not all) ARM based platforms this is the debug UART.
      The ST platform code contains a function to parse this property and
      chase down eventual aliases to learn the node offset of this UART node.
      
      Introduce a slightly more generalised version of this ST platform function
      in the generic fdt_wrappers code. This will be useful for other platforms
      as well.
      
      Change-Id: Ie6da47ace7833861b5e35fe8cba49835db3659a5
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      60e2e27d
    • Andre Przywara's avatar
      plat/stm32: Use generic fdt_get_reg_props_by_name() · 7ad6d362
      Andre Przywara authored
      
      
      The STM32 platform port parse DT nodes to find base address to
      peripherals. It does this by using its own implementation, even though
      this functionality is generic and actually widely useful outside of the
      STM32 code.
      
      Re-implement fdt_get_reg_props_by_name() on top of the newly introduced
      fdt_get_reg_props_by_index() function, and move it to fdt_wrapper.c.
      This is removes the assumption that #address-cells and #size-cells are
      always one.
      
      Change-Id: I6d584930262c732b6e0356d98aea50b2654f789d
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      7ad6d362
  10. 30 Apr, 2020 2 commits
    • Andre Przywara's avatar
      arm: fconf: Fix GICv3 dynamic configuration · 364ad245
      Andre Przywara authored
      
      
      At the moment the fconf_populate_gicv3_config() implementation is
      somewhat incomplete: First it actually fails to store the retrieved
      information (the local addr[] array is going nowhere), but also it makes
      quite some assumptions about the device tree passed to it: it needs to
      use two address-cells and two size-cells, and also requires all five
      register regions to be specified, where actually only the first two
      are mandatory according to the binding (and needed by our code).
      
      Fix this by introducing a proper generic function to retrieve "reg"
      property information from a DT node:
      We retrieve the #address-cells and #size-cells properties from the
      parent node, then use those to extract the right values from the "reg"
      property. The function takes an index to select one region of a reg
      property.
      
      This is loosely based on the STM32 implementation using "reg-names",
      which we will subsume in a follow-up patch.
      
      Change-Id: Ia59bfdf80aea4e36876c7b6ed4d153e303f482e8
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      364ad245
    • Louis Mayencourt's avatar
      fconf: Update dyn_config compatible string · 592c396d
      Louis Mayencourt authored
      
      
      Dynamic configuration properties are fconf properties. Modify the
      compatible string from "arm,.." to "fconf,.." to reflect this.
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      Change-Id: I85eb75cf877c5f4d3feea3936d4c348ca843bc6c
      592c396d
  11. 29 Apr, 2020 1 commit
    • Andre Przywara's avatar
      fdt/wrappers: Replace fdtw_read_cells() implementation · ff4e6c35
      Andre Przywara authored
      Our fdtw_read_cells() implementation goes to great lengths to
      sanity-check every parameter and result, but leaves a big hole open:
      The size of the storage the value pointer points at needs to match the
      number of cells given. This can't be easily checked at compile time,
      since we lose the size information by using a void pointer.
      Regardless the current usage of this function is somewhat wrong anyways,
      since we use it on single-element, fixed-length properties only, for
      which the DT binding specifies the size.
      Typically we use those functions dealing with a number of cells in DT
      context to deal with *dynamically* sized properties, which depend on
      other properties (#size-cells, #clock-cells, ...), to specify the number
      of cells needed.
      
      Another problem with the current implementation is the use of
      ambiguously sized types (uintptr_t, size_t) together with a certain
      expectation about their size. In general there is no relation between
      the length of a DT property and the bitness of the code that parses the
      DTB: AArch64 code could encounter 32-bit addresses (where the physical
      address space is limited to 4GB [1]), while AArch32 code could read
      64-bit sized properties (/memory nodes on LPAE systems, [2]).
      
      To make this more clear, fix the potential issues and also align more
      with other DT users (Linux and U-Boot), introduce functions to explicitly
      read uint32 and uint64 properties. As the other DT consumers, we do this
      based on the generic "read array" function.
      Convert all users to use either of those two new functions, and make
      sure we never use a pointer to anything other than uint32_t or uint64_t
      variables directly.
      
      This reveals (and fixes) a bug in plat_spmd_manifest.c, where we write
      4 bytes into a uint16_t variable (passed via a void pointer).
      
      Also we change the implementation of the function to better align with
      other libfdt users, by using the right types (fdt32_t) and common
      variable names (*prop, prop_names).
      
      [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi#n874
      [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/boot/dts/ecx-2000.dts
      
      
      
      Change-Id: I718de960515117ac7a3331a1b177d2ec224a3890
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      ff4e6c35
  12. 28 Apr, 2020 1 commit
    • Andre Przywara's avatar
      fdt/wrappers: Generalise fdtw_read_array() · 6e3a89f4
      Andre Przywara authored
      
      
      Currently our fdtw_read_array() implementation requires the length of
      the property to exactly match the requested size, which makes it less
      flexible for parsing generic device trees.
      Also the name is slightly misleading, since we treat the cells of the
      array as 32 bit unsigned integers, performing the endianess conversion.
      
      To fix those issues and align the code more with other DT users (Linux
      kernel or U-Boot), rename the function to "fdt_read_uint32_array", and
      relax the length check to only check if the property covers at least the
      number of cells we request.
      This also changes the variable names to be more in-line with other DT
      users, and switches to the proper data types.
      
      This makes this function more useful in later patches.
      
      Change-Id: Id86f4f588ffcb5106d4476763ecdfe35a735fa6c
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      6e3a89f4
  13. 23 Apr, 2020 1 commit
  14. 15 Apr, 2020 1 commit
  15. 07 Apr, 2020 2 commits
    • Alexei Fedorov's avatar
      FVP: Add support for GICv4 extension · e6e10ecc
      Alexei Fedorov authored
      
      
      This patch adds support for GICv4 extension for FVP platform.
      
      Change-Id: Ia389b61266af669b1ca9b999a8b76476cab214f4
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      e6e10ecc
    • Manish V Badarkhe's avatar
      Increase maximum size of BL2 image · 9dfe46c2
      Manish V Badarkhe authored
      
      
      Increased the maximum size of BL2 image in order to
      accommodate the BL2 image when TF-A build with no compiler
      optimization for ARM platform.
      
      Note: As of now, "no compiler optimization" build works
      only when TRUSTED_BOOT_BOARD option is set to 0.
      
      This change is verified using below CI configuration:
      1. juno-no-optimize-default:juno-linux.uboot
      2. fvp-no-optimize-default,fvp-default:fvp-tftf-fip.tftf-aemv8a-debug
      
      Change-Id: I5932621237f8acd1b510682388f3ba78eae90ea4
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      9dfe46c2
  16. 02 Apr, 2020 1 commit
  17. 31 Mar, 2020 1 commit
  18. 30 Mar, 2020 1 commit
    • Alexei Fedorov's avatar
      TF-A GICv3 driver: Introduce makefile · a6ea06f5
      Alexei Fedorov authored
      
      
      This patch moves all GICv3 driver files into new added
      'gicv3.mk' makefile for the benefit of the generic driver
      which can evolve in the future without affecting platforms.
      The patch adds GICv3 driver configuration flags
      'GICV3_IMPL', 'GICV3_IMPL_GIC600_MULTICHIP' and
      'GICV3_OVERRIDE_DISTIF_PWR_OPS' described in
      'GICv3 driver options' section of 'build-option.rst'
      document.
      
      NOTE: Platforms with GICv3 driver need to be modified to
      include 'drivers/arm/gic/v3/gicv3.mk' in their makefiles.
      
      Change-Id: If055f6770ff20f5dee5a3c99ae7ced7cdcac5c44
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      a6ea06f5
  19. 25 Mar, 2020 1 commit
  20. 19 Mar, 2020 2 commits
    • Manish Pandey's avatar
      fvp: use two instances of Cactus at S-EL1 · 161dbc43
      Manish Pandey authored
      
      
      To demonstrate communication between SP's two instances of Cactus at
      S-EL1 has been used.
      This patch replaces Ivy SP with cactus-secondary SP which aligns with
      changes in tf-a-tests repository.
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: Iee84f1f7f023b7c4f23fbc13682a42614a7f3707
      161dbc43
    • Olivier Deprez's avatar
      spmc: manifest changes to support two sample cactus secure partitions · 3d5ed6de
      Olivier Deprez authored
      
      
      When using the SPM Dispatcher, the SPMC sits as a BL32 component
      (BL32_IMAGE_ID). The SPMC manifest is passed as the TOS fw config
      component (TOS_FW_CONFIG_ID). It defines platform specific attributes
      (memory range and physical CPU layout) as well as the attributes for
      each secure partition (mostly load address). This manifest is passed
      to the SPMC on boot up. An SP package contains the SP dtb in the SPCI
      defined partition manifest format. As the SPMC manifest was enriched
      it needs an increase of tos_fw-config max-size in fvp_fw_config dts.
      Signed-off-by: default avatarOlivier Deprez <olivier.deprez@arm.com>
      Change-Id: Ia1dce00c6c4cbaa118fa56617980d32e2956a94e
      3d5ed6de
  21. 17 Mar, 2020 1 commit
    • Madhukar Pappireddy's avatar
      FVP: In BL31/SP_MIN, map only the needed DRAM region statically · 493545b3
      Madhukar Pappireddy authored
      
      
      Rather than creating entry in plat_arm_mmap array to map the
      entire DRAM region in BL31/SP_MIN, only map a smaller region holding
      HW_CONFIG DTB. Consequently, an increase in number of sub-translation
      tables(level-2 and level-3) i.e., MAX_XLAT_TABLES is necessary to map
      the new region in memory.
      
      In order to accommodate the increased code size in BL31 i.e.,
      PROGBITS, the max size of BL31 image is increased by 0x1000(4K).
      
      Change-Id: I540b8ee550588e22a3a9fb218183d2ab8061c851
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      493545b3
  22. 16 Mar, 2020 1 commit
    • Louis Mayencourt's avatar
      fconf: Clean Arm IO · a6de824f
      Louis Mayencourt authored
      
      
      Merge the previously introduced arm_fconf_io_storage into arm_io_storage. This
      removes the duplicate io_policies and functions definition.
      
      This patch:
      - replace arm_io_storage.c with the content of arm_fconf_io_storage.c
      - rename the USE_FCONF_BASED_IO option into ARM_IO_IN_DTB.
      - use the ARM_IO_IN_DTB option to compile out io_policies moved in dtb.
      - propagate DEFINES when parsing dts.
      - use ARM_IO_IN_DTB to include or not uuid nodes in fw_config dtb.
      - set the ARM_IO_IN_DTB to 0 by default for fvp. This ensure that the behavior
        of fvp stays the same as it was before the introduction of fconf.
      
      Change-Id: Ia774a96d1d3a2bccad29f7ce2e2b4c21b26c080e
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      a6de824f
  23. 12 Mar, 2020 2 commits
    • Max Shvetsov's avatar
      SPMD: Add support for SPCI_ID_GET · ac03ac5e
      Max Shvetsov authored
      
      
      This patch introduces the `SPCI_ID_GET` interface which will return the
      ID of the calling SPCI component. Returns 0 for requests from the
      non-secure world and the SPCI component ID as specified in the manifest
      for secure world requests.
      
      Change-Id: Icf81eb1d0e1d7d5c521571e04972b6e2d356e0d1
      Signed-off-by: default avatarMax Shvetsov <maksims.svecovs@arm.com>
      Signed-off-by: default avatarMarc Bonnici <marc.bonnici@arm.com>
      ac03ac5e
    • Madhukar Pappireddy's avatar
      plat/arm/fvp: populate pwr domain descriptor dynamically · 6138ffbc
      Madhukar Pappireddy authored
      
      
      The motivation behind this patch and following patches is to extract
      information about the platform in runtime rather than depending on
      compile time macros such as FVP_CLUSTER_COUNT. This partially enables
      us to use a single binary for a family of platforms which all have
      similar hardware capabilities but differ in configurations.
      
      we populate the data structure describing the power domain hierarchy
      of the platform dynamically by querying the number of clusters and cpus
      using fconf getter APIs. Compile time macro such as FVP_CLUSTER_COUNT
      is still needed as it determines the size of related data structures.
      
      Note that the cpu-map node in HW_CONFIG dts represents a logical
      hierarchy of power domains of CPU. However, in reality, the power
      domains may not have been physically built in such hierarchy.
      
      Change-Id: Ibcbb5ca7b2c969f8ad03ab2eab289725245af7a9
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      6138ffbc
  24. 11 Mar, 2020 2 commits
    • Madhukar Pappireddy's avatar
      fconf: Extract topology node properties from HW_CONFIG dtb · 4682461d
      Madhukar Pappireddy authored
      
      
      Create, register( and implicitly invoke) fconf_populate_topology()
      function which extracts the topology related properties from dtb into
      the newly created fconf based configuration structure 'soc_topology'.
      Appropriate libfdt APIs are added to jmptbl.i file for use with USE_ROMLIB
      build feature.
      
      A new property which describes the power domain levels is added to the
      HW_CONFIG device tree source files.
      
      This patch also fixes a minor bug in the common device tree file
      fvp-base-gicv3-psci-dynamiq-common.dtsi
      As this file includes fvp-base-gicv3-psci-common.dtsi, it is necessary
      to delete all previous cluster node definitons because DynamIQ based
      models have upto 8 CPUs in each cluster. If not deleted, the final dts
      would have an inaccurate description of SoC topology, i.e., cluster0
      with 8 or more core nodes and cluster1 with 4 core nodes.
      
      Change-Id: I9eb406da3ba4732008a66c01afec7c9fa8ef59bf
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      4682461d
    • Madhukar Pappireddy's avatar
      fconf: necessary modifications to support fconf in BL31 & SP_MIN · 26d1e0c3
      Madhukar Pappireddy authored
      
      
      Necessary infrastructure added to integrate fconf framework in BL31 & SP_MIN.
      Created few populator() functions which parse HW_CONFIG device tree
      and registered them with fconf framework. Many of the changes are
      only applicable for fvp platform.
      
      This patch:
      1. Adds necessary symbols and sections in BL31, SP_MIN linker script
      2. Adds necessary memory map entry for translation in BL31, SP_MIN
      3. Creates an abstraction layer for hardware configuration based on
         fconf framework
      4. Adds necessary changes to build flow (makefiles)
      5. Minimal callback to read hw_config dtb for capturing properties
         related to GIC(interrupt-controller node)
      6. updates the fconf documentation
      
      Change-Id: Ib6292071f674ef093962b9e8ba0d322b7bf919af
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      26d1e0c3
  25. 10 Mar, 2020 1 commit
  26. 03 Mar, 2020 2 commits
  27. 25 Feb, 2020 1 commit
    • Alexei Fedorov's avatar
      FVP: Fix incorrect GIC mapping · b3c431f3
      Alexei Fedorov authored
      
      
      This patch fixes incorrect setting for DEVICE1_SIZE
      for FVP platforms with more than 8 PEs.
      The current value of 0x200000 supports only 8 PEs
      and causes exception for FVP platforms with the greater
      number of PEs, e.g. FVP_Base_Cortex_A65AEx8 with 16 PEs
      in one cluster.
      
      Change-Id: Ie6391509fe6eeafb8ba779303636cd762e7d21b2
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      b3c431f3
  28. 24 Feb, 2020 2 commits
    • Petre-Ionut Tudor's avatar
      Read-only xlat tables for BL31 memory · 60e8f3cf
      Petre-Ionut Tudor authored
      
      
      This patch introduces a build flag which allows the xlat tables
      to be mapped in a read-only region within BL31 memory. It makes it
      much harder for someone who has acquired the ability to write to
      arbitrary secure memory addresses to gain control of the
      translation tables.
      
      The memory attributes of the descriptors describing the tables
      themselves are changed to read-only secure data. This change
      happens at the end of BL31 runtime setup. Until this point, the
      tables have read-write permissions. This gives a window of
      opportunity for changes to be made to the tables with the MMU on
      (e.g. reclaiming init code). No changes can be made to the tables
      with the MMU turned on from this point onwards. This change is also
      enabled for sp_min and tspd.
      
      To make all this possible, the base table was moved to .rodata. The
      penalty we pay is that now .rodata must be aligned to the size of
      the base table (512B alignment). Still, this is better than putting
      the base table with the higher level tables in the xlat_table
      section, as that would cost us a full 4KB page.
      
      Changing the tables from read-write to read-only cannot be done with
      the MMU on, as the break-before-make sequence would invalidate the
      descriptor which resolves the level 3 page table where that very
      descriptor is located. This would make the translation required for
      writing the changes impossible, generating an MMU fault.
      
      The caches are also flushed.
      Signed-off-by: default avatarPetre-Ionut Tudor <petre-ionut.tudor@arm.com>
      Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
      60e8f3cf
    • Sandrine Bailleux's avatar
      plat/arm: Pass cookie argument down to arm_get_rotpk_info() · 88005701
      Sandrine Bailleux authored
      
      
      The cookie will be leveraged in the next commit.
      
      Change-Id: Ie8bad275d856d84c27466461cf815529dd860446
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      88005701
  29. 19 Feb, 2020 1 commit