1. 01 Jul, 2021 1 commit
    • Sandrine Bailleux's avatar
      refactor(measured boot): remove weak definition of plat_get_measured_boot_data() · c04cb15c
      Sandrine Bailleux authored
      
      
      Weak definitions are confusing and should be avoided if possible.
      Thus, turn plat_get_measured_boot_data() into a strong definition that
      platforms must provide (if they need measured boot).
      
      We could have moved the old weak implementation under plat/common as a
      sane, default implementation that platforms may pull in if it suits
      them. However, this implementation right now simply measures BL2,
      which is not enough to get a complete measured boot flow, so this
      patch just removes it.
      
      This change only affects the Arm FVP platform, as no other upstream
      platform implements measured boot at the moment.
      
      Change-Id: If8680a39ae0ef1044ee981315439d5e0c8461229
      Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      c04cb15c
  2. 22 Jun, 2021 1 commit
  3. 16 Jun, 2021 2 commits
  4. 08 Jun, 2021 2 commits
  5. 04 Jun, 2021 5 commits
    • Yann Gautier's avatar
      fix(io_stm32image): invalidate cache on local buf · a5bcf824
      Yann Gautier authored
      
      
      When retrieving data from stm32 image file, the header is removed with
      a memcpy that shifts the data to overwrite the useless header for next
      binary.
      
      STM32 binary from boot device:
      |-------------------------------------|
      | header | payload                    |
      |-------------------------------------|
      
      After the memcpy:
      |-------------------------------------|
      | payload                    | remain |
      |-------------------------------------|
      
      But the remaining data after the shifted payload is still in
      the cache. As it is of no use for anyone, just invalidate the cache
      at this address.
      This is required if the DDR is mapped secure in BL2, and the secure
      access is forbidden in BL33, or else TZC-400 issues an error.
      
      Change-Id: Ice2af3b1ca49eccb79bfc62db60437e259d344ca
      Signed-off-by: default avatarYann Gautier <yann.gautier@st.com>
      a5bcf824
    • Yann Gautier's avatar
      refactor(io_stm32image): add header size variable · b6561c12
      Yann Gautier authored
      
      
      A variable hdr_sz is created in stm32image_partition_read() function.
      It just represents the size of the stm32 image header but it really
      improves the readability of the function.
      
      Change-Id: I95ec62a78a4b6c6a75b0d8c8aa0faef8bee424da
      Signed-off-by: default avatarYann Gautier <yann.gautier@st.com>
      b6561c12
    • Nicolas Le Bayon's avatar
      fix(io_stm32image): uninitialized variable warning · c1d732d0
      Nicolas Le Bayon authored
      
      
      Fixes implementation against build warning reported by GCC:
      
      drivers/st/io/io_stm32image.c: In function ‘stm32image_partition_read’:
      drivers/st/io/io_stm32image.c:249:6: error: ‘result’ may be used
      uninitialized in this function [-Werror=maybe-uninitialized]
        int result;
            ^~~~~~
      
      Actually, by construction the current implementation of function
      stm32image_partition_read() does not mandate result to be initialized
      since it always reaches the exit point with a valid value in 'result'.
      Yet, this change prevents compiler from complaining and is more robust
      against future changes in the implementation.
      
      Change-Id: I383575edb605b7535398952a5fdfc266c0068c71
      Signed-off-by: default avatarEtienne Carriere <etienne.carriere@st.com>
      Signed-off-by: default avatarNicolas Le Bayon <nicolas.le.bayon@st.com>
      Signed-off-by: default avatarYann Gautier <yann.gautier@st.com>
      c1d732d0
    • Vyacheslav Yurkov's avatar
      feat(drivers/st): manage boot part in io_mmc · f3d2750a
      Vyacheslav Yurkov authored
      
      
      Use dedicated read function for boot partition
      Signed-off-by: default avatarVyacheslav Yurkov <uvv.mail@gmail.com>
      Change-Id: If75df7691fce0797205365736fc6e4e3429efdca
      f3d2750a
    • Vyacheslav Yurkov's avatar
      feat(drivers/mmc): boot partition read support · 5014b52d
      Vyacheslav Yurkov authored
      
      
      Added a public function to read blocks from a current boot partition.
      switch between partitions has to respect eMMC partition switch timing.
      Signed-off-by: default avatarVyacheslav Yurkov <uvv.mail@gmail.com>
      Change-Id: I55b0c910314253e5647486609583fd290dadd30a
      5014b52d
  6. 02 Jun, 2021 1 commit
    • Pali Rohár's avatar
      fix(plat/marvell/a3720/uart): fix UART parent clock rate determination · 5a91c439
      Pali Rohár authored
      
      
      The UART code for the A3K platform assumes that UART parent clock rate
      is always 25 MHz. This is incorrect, because the xtal clock can also run
      at 40 MHz (this is board specific).
      
      The frequency of the xtal clock is determined by a value on a strapping
      pin during SOC reset. The code to determine this frequency is already in
      A3K's comphy driver.
      
      Move the get_ref_clk() function from the comphy driver to a separate
      file and use it for UART parent clock rate determination.
      Signed-off-by: default avatarPali Rohár <pali@kernel.org>
      Change-Id: I8bb18a2d020ef18fe65aa06ffa4ab205c71be92e
      5a91c439
  7. 01 Jun, 2021 2 commits
    • Guo Yi's avatar
      fix(plat/marvell/armada): select correct pcie reference clock source · 371648e1
      Guo Yi authored
      
      
      when comphy is in pcie mode, correct reference clock need be
      selected according to SAR register that reflect the CPx_MPP boot
      strapping pins. Either from external or from internal
      Signed-off-by: default avatarGuo Yi <yguo@cavium.com>
      Reviewed-by: default avatarKostya Porotchkin <kostap@marvell.com>
      Change-Id: I99ed64a141e85174cc0f8e9dab5886ab2506efa1
      371648e1
    • Pali Rohár's avatar
      fix(plat/marvell/a3720/uart): fix configuring UART clock · b9185c75
      Pali Rohár authored
      
      
      When configuring the UART_BAUD_REG register, the function
      console_a3700_core_init() currently only changes the baud divisor field,
      leaving other fields to their previous value.
      
      This is incorrect, because the baud divisor is computed with the
      assumption that the parent clock rate is 25 MHz, and since the other
      fields in this register configure the parent clock, which could have
      been changed by U-Boot or Linux.
      
      Fix this function to also configure the other fields so that the UART
      parent clock is selected to be the xtal clock.
      
      For example without this change TF-A prints only
      
          ERROR: a3700_system_off needs to be implemented
      
      followed by garbage after plat_crash_console_init() is called.
      
      After applying this change instead of garbage it also print crash info:
      
          PANIC at PC : 0x0000000004023800
      Signed-off-by: default avatarPali Rohár <pali@kernel.org>
      Change-Id: I72f338355cc60d939b8bb978d9c7fdd576416b81
      b9185c75
  8. 28 May, 2021 1 commit
    • Pali Rohár's avatar
      fix(plat/marvell/a3720/uart): fix UART clock rate value and divisor calculation · 66a77528
      Pali Rohár authored
      
      
      UART parent clock is by default the platform's xtal clock, which is
      25 MHz.
      
      The value defined in the driver, though, is 25.8048 MHz. This is a hack
      for the suboptimal divisor calculation
        Divisor = UART clock / (16 * baudrate)
      which does not use rounding division, resulting in a suboptimal value
      for divisor if the correct parent clock rate was used.
      
      Change the code for divisor calculation to
        Divisor = Round(UART clock / (16 * baudrate))
      and change the parent clock rate value to 25 MHz.
      
      The final UART divisor for default baudrate 115200 is not affected by
      this change.
      
      (Note that the parent clock rate should not be defined via a macro,
      since the xtal clock can also be 40 MHz. This is outside of the scope of
      this fix, though.)
      Signed-off-by: default avatarPali Rohár <pali@kernel.org>
      Change-Id: Iaa401173df87aec94f2dd1b38a90fb6ed0bf0ec6
      66a77528
  9. 27 Apr, 2021 1 commit
    • Manish V Badarkhe's avatar
      fix(driver/auth): avoid NV counter upgrade without certificate validation · a2a5a945
      Manish V Badarkhe authored
      
      
      Platform NV counter get updated (if cert NV counter > plat NV counter)
      before authenticating the certificate if the platform specifies NV
      counter method before signature authentication in its CoT, and this
      provides an opportunity for a tempered certificate to upgrade the
      platform NV counter. This is theoretical issue, as in practice none
      of the standard CoT (TBBR, dualroot) or upstream platforms ones (NXP)
      exercised this issue.
      
      To fix this issue, modified the auth_nvctr method to do only NV
      counter check, and flags if the NV counter upgrade is needed or not.
      Then ensured that the platform NV counter gets upgraded with the NV
      counter value from the certificate only after that certificate gets
      authenticated.
      
      This change is verified manually by modifying the CoT that specifies
      certificate with:
      1. NV counter authentication before signature authentication
         method
      2. NV counter authentication method only
      
      Change-Id: I1ad17f1a911fb1035a1a60976cc26b2965b05166
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      a2a5a945
  10. 20 Apr, 2021 24 commits