- 09 Feb, 2021 2 commits
-
-
Manish V Badarkhe authored
Currently, BLs are mapping the GIC memory region as read-write for all cores on boot-up. This opens up the security hole where the active core can write the GICR frame of fused/inactive core. To avoid this issue, disable the GICR frame of all inactive cores as below: 1. After primary CPU boots up, map GICR region of all cores as read-only. 2. After primary CPU boots up, map its GICR region as read-write and initialize its redistributor interface. 3. After secondary CPU boots up, map its GICR region as read-write and initialize its redistributor interface. 4. All unused/fused core's redistributor regions remain read-only and write attempt to such protected regions results in an exception. As mentioned above, this patch offers only the GICR memory-mapped region protection considering there is no facility at the GIC IP level to avoid writing the redistributor area. These changes are currently done in BL31 of Arm FVP and guarded under the flag 'FVP_GICR_REGION_PROTECTION'. As of now, this patch is tested manually as below: 1. Disable the FVP cores (core 1, 2, 3) with core 0 as an active core. 2. Verify data abort triggered by manually updating the ‘GICR_CTLR’ register of core 1’s(fused) redistributor from core 0(active). Change-Id: I86c99c7b41bae137b2011cf2ac17fad0a26e776d Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
-
Manish V Badarkhe authored
GIC memory region is not getting used in BL1 and BL2. Hence avoid its mapping in BL1 and BL2 that freed some page table entries to map other memory regions in the future. Retains mapping of CCN interconnect region in BL1 and BL2 overlapped with the GIC memory region. Change-Id: I880dd0690f94b140e59e4ff0c0d436961b9cb0a7 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
-
- 08 Dec, 2020 4 commits
-
-
Olivier Deprez authored
The primary VM concept is removed from the SPMC. Update the SPMC manifests with number of Execution Contexts and SP workspace size for the first Secure Partition (as it is done for NWd secondary VMs and other SPs). Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I3b9c52666f7dfe74ab1f7d2148ad0070ee44b54e
-
Olivier Deprez authored
The chosen node is no longer required as the SPMC implements a specific boot flow which no longer requires this node. Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: Ib566b602a7f83003a1b2d0ba5f6ebf4d8b7a9156
-
Olivier Deprez authored
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I0981c43e2ef8172138f65d95eac7b20f8969394e
-
Olivier Deprez authored
The PVM concept is removed from the SPMC so the device-memory node which is specifying the device memory range for the PVM is no longer applicable. Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: If0cb956e0197028b24ecb78952c66ec454904516
-
- 30 Nov, 2020 1 commit
-
-
Javier Almansa Sobrino authored
Enable basic support for Neoverse-N2 CPUs. Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com> Change-Id: I498adc2d9fc61ac6e1af8ece131039410872e8ad
-
- 21 Oct, 2020 1 commit
-
-
Olivier Deprez authored
For the first partition, mark first 2GB as device memory excluding the Trusted DRAM region reserved for the SPMC. Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I3ff110b3facf5b6d41ac2519ff6ca5e30a0a502b
-
- 20 Oct, 2020 1 commit
-
-
Arunachalam Ganapathy authored
To support platforms without Trusted DRAM this patch defines PLAT_ARM_SPMC_BASE and enables platform to use either Trusted DRAM or DRAM region behind TZC. Change-Id: Icaa5c7d33334258ff27e8e0bfd0812c304e68ae4 Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
-
- 09 Oct, 2020 1 commit
-
-
Jimmy Brisson authored
And from crash_console_flush. We ignore the error information return by console_flush in _every_ place where we call it, and casting the return type to void does not work around the MISRA violation that this causes. Instead, we collect the error information from the driver (to avoid changing that API), and don't return it to the caller. Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1 Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
-
- 05 Oct, 2020 2 commits
-
-
Jimmy Brisson authored
Change-Id: Ieb411e2f8092fa82062e619305b680673a8f184f Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
-
Jimmy Brisson authored
Change-Id: Ic0ca51a855660509264ff0d084c068e1421ad09a Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
-
- 15 Sep, 2020 2 commits
-
-
Olivier Deprez authored
According to [1] and in context of FF-A v1.0 a secure partition must have either one EC (migratable UP) or a number of ECs equal to the number of PEs (pinned MP). Adjust the SPMC manifest such that the number of ECs is equal to the number of PEs. [1] https://trustedfirmware-a.readthedocs.io/en/latest/components/ secure-partition-manager.html#platform-topology Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: Ie8c7d96ae7107cb27f5b97882d8f476c18e026d4
-
Manish V Badarkhe authored
Increased BL2 maximum size when CoT descriptors are placed in device tree. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I6466d2841e189e7f15eb4f1a8db070542893cb5b
-
- 10 Sep, 2020 1 commit
-
-
Ruari Phipps authored
UUID's in the device tree files were stored in little endian. So to keep all entries in these files RFC 4122 compliant, store them in big endian then convert it to little endian when they are read so they can be used in the UUID data structure. Signed-off-by: Ruari Phipps <ruari.phipps@arm.com> Change-Id: I5674159b82b245104381df10a4e3291160d9b3b5
-
- 02 Sep, 2020 1 commit
-
-
Anders Dellien authored
This patch adds dependencies to the generated configuration files that are included in the FIP. This fixes occasional build errors that occur when the FIP happens to be built first. Change-Id: I5a2bf724ba3aee13954403b141f2f19b4fd51d1b Signed-off-by: Anders Dellien <anders.dellien@arm.com>
-
- 28 Aug, 2020 1 commit
-
-
Manish V Badarkhe authored
Using the Fconf, register base address of the various nv-counters (currently, trusted, non-trusted nv-counters) are moved to the device tree and retrieved during run-time. This feature is enabled using the build option COT_DESC_IN_DTB. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I236f532e63cea63b179f60892cb406fc05cd5830
-
- 20 Aug, 2020 1 commit
-
-
Olivier Deprez authored
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com> Change-Id: Icf90c2ccce75257908ba3d4703926041d64b1dd3
-
- 19 Aug, 2020 1 commit
-
-
Ruari Phipps authored
Add information about the third partition so it can be loaded into SPM when running the tests Signed-off-by: Ruari Phipps <ruari.phipps@arm.com> Change-Id: I5544e88df391ef294ddf6b5750d468d3e74892b1
-
- 18 Aug, 2020 1 commit
-
-
Manish V Badarkhe authored
Implemented platform functions to retrieve the soc-id information for FVP platform. Change-Id: Id3df02ab290a210310e8d34ec9d706a59d817517 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
-
- 17 Aug, 2020 1 commit
-
-
Madhukar Pappireddy authored
SP804 TIMER is not platform specific, and current code base adds multiple defines to use this driver. Like FVP_USE_SP804_TIMER and FVP_VE_USE_SP804_TIMER. This patch removes platform specific build flag and adds generic flag `USE_SP804_TIMER` to be set to 1 by platform if needed. Change-Id: I5ab792c189885fd1b98ddd187f3a38ebdd0baba2 Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 14 Aug, 2020 2 commits
-
-
Ruari Phipps authored
For supporting dualroot CoT for Secure Partitions a new optional field "owner" is introduced which will be used to sign the SP with corresponding signing domain. To demonstrate its usage, this patch adds owners to cactus Secure Partitions. Signed-off-by: Ruari Phipps <ruari.phipps@arm.com> Change-Id: I7b760580355fc92edf5402cecc38c38125dc1cae
-
Jimmy Brisson authored
This resolves MISRA defects such as: plat/common/plat_bl1_common.c:63:[MISRA C-2012 Rule 14.4 (required)] The condition expression "1" does not have an essentially boolean type. Change-Id: I679411980ad661191fbc834a44a5eca5494fd0e2 Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
-
- 31 Jul, 2020 1 commit
-
-
Olivier Deprez authored
Following merge of patchset [1] the spm_mm_boot_info_t structure is included in few platform files unconditionally even when SPM_MM option is disabled. [1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/2647 Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I68bc034c9348b5d9bcfd2e5217b781df5ad1b369
-
- 30 Jul, 2020 1 commit
-
-
Olivier Deprez authored
Provide manifest and build options to boot OP-TEE as a guest S-EL1 Secure Partition on top of Hafnium in S-EL2. Increase ARM_SP_MAX_SIZE to cope with OP-TEE debug build image. Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: Idd2686fa689a78fe2d05ed92b1d23c65e2edd4cb
-
- 22 Jul, 2020 1 commit
-
-
Alexei Fedorov authored
This patch adds support for Measured Boot functionality to FVP platform code. It also defines new properties in 'tpm_event_log' node to store Event Log address and it size 'tpm_event_log_sm_addr' 'tpm_event_log_addr' 'tpm_event_log_size' in 'event_log.dtsi' included in 'fvp_tsp_fw_config.dts' and 'fvp_nt_fw_config.dts'. The node and its properties are described in binding document 'docs\components\measured_boot\event_log.rst'. Change-Id: I087e1423afcb269d6cfe79c1af9c348931991292 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 20 Jul, 2020 1 commit
-
-
Alexei Fedorov authored
This patch moves all GICv2 driver files into new added 'gicv2.mk' makefile for the benefit of the generic driver which can evolve in the future without affecting platforms. NOTE: Usage of 'drivers/arm/gic/common/gic_common.c' file is now deprecated and platforms with GICv2 driver need to be modified to include 'drivers/arm/gic/v2/gicv2.mk' in their makefiles. Change-Id: Ib10e71bdda0e5c7e80a049ddce2de1dd839602d1 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 10 Jul, 2020 2 commits
-
-
Manish V Badarkhe authored
BL2 size gets increased due to the libfdt library update and that eventually cause no-optimization build failure for BL2 as below: aarch64-none-elf-ld.bfd: BL2 image has exceeded its limit. aarch64-none-elf-ld.bfd: region `RAM' overflowed by 4096 bytes Makefile:1070: recipe for target 'build/fvp/debug/bl2/bl2.elf' failed make: *** [build/fvp/debug/bl2/bl2.elf] Error 1 Fixed build failure by increasing BL2 image size limit by 4Kb. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I92a57eb4db601561a98e254b64994bb921a88db3
-
Manish V Badarkhe authored
Included cot_descriptors.dtsi in platform device tree (fvp_tb_fw_config.dts). Also, updated the maximum size of tb_fw_config to 0x1800 in order to accomodate the device tree for CoT descriptors. Follow up patch will parse the device tree for these CoT descriptors and fill the CoT descriptor structures at runtime instead of using static CoT descriptor structures in the code base. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I90122bc713f6842b82fb019b04caf42629b4f45a
-
- 26 Jun, 2020 1 commit
-
-
Manish V Badarkhe authored
Passed the address of fw_config instead of soc_fw_config as arg1 to BL31 from BL2 for ARM fvp platform. BL31 then retrieve load-address of other device trees from fw_config device tree. Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com> Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: Ib7e9581cd765d76111dcc3b7e0dafc12503c83c1
-
- 25 Jun, 2020 1 commit
-
-
Manish V Badarkhe authored
Increased the size of firmware configuration area to accommodate all configs. Updated maximum size of following bootloaders due to increase in firmware configs size and addition of the code in the BL2. 1. Increased maximum size of BL2 for Juno platform in no optimisation case. 2. Reduced maximum size of BL31 for fvp and Juno platform. 3. Reduced maximum size of BL32 for Juno platform. Change-Id: Ifba0564df0d1fe86175bed9fae87fdcf013b1831 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
-
- 24 Jun, 2020 3 commits
-
-
laurenw-arm authored
Query clock frequency in runtime using FCONF getter API Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Change-Id: Ie6a8a62d8d190b9994feffb167a1d48829913e9b
-
laurenw-arm authored
Extract Timer clock frequency from the timer node in HW_CONFIG dtb. The first timer is a per-core architected timer attached to a GIC to deliver its per-processor interrupts via PPIs. Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Change-Id: I2f4b27c48e4c79208dab9f03c768d9221ba6ca86
-
Manish V Badarkhe authored
Moved BL2 configuration nodes from fw_config to newly created tb_fw_config device tree. fw_config device tree's main usage is to hold properties shared across all BLx images. An example is the "dtb-registry" node, which contains the information about the other device tree configurations (load-address, size). Also, Updated load-address of tb_fw_config which is now located after fw_config in SRAM. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: Ic398c86a4d822dacd55b5e25fd41d4fe3888d79a
-
- 09 Jun, 2020 3 commits
-
-
Madhukar Pappireddy authored
Using the fconf framework, the Group 0 and Group 1 secure interrupt descriptors are moved to device tree and retrieved in runtime. This feature is enabled by the build flag SEC_INT_DESC_IN_FCONF. Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
Andre Przywara authored
The only difference between GIC-500 and GIC-600 relevant to TF-A is the differing power management sequence. A certain GIC implementation is detectable at runtime, for instance by checking the IIDR register. Let's add that test before initiating the GIC-600 specific sequence, so the code can be used on both GIC-600 and GIC-500 chips alike, without deciding on a GIC chip at compile time. This means that the GIC-500 "driver" is now redundant. To allow minimal platform support, add a switch to disable GIC-600 support. Change-Id: I17ea97d9fb05874772ebaa13e6678b4ba3415557 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
Manish Pandey authored
A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP) owned Secure Partitions(SP). A similar support for Platform owned SP can be added in future. The certificate is also protected against anti- rollback using the trusted Non-Volatile counter. To avoid deviating from TBBR spec, support for SP CoT is only provided in dualroot. Secure Partition content certificate is assigned image ID 31 and SP images follows after it. The CoT for secure partition look like below. +------------------+ +-------------------+ | ROTPK/ROTPK Hash |------>| Trusted Key | +------------------+ | Certificate | | (Auth Image) | /+-------------------+ / | / | / | / | L v +------------------+ +-------------------+ | Trusted World |------>| SiP owned SPs | | Public Key | | Content Cert | +------------------+ | (Auth Image) | / +-------------------+ / | / v| +------------------+ L +-------------------+ | SP_PKG1 Hash |------>| SP_PKG1 | | | | (Data Image) | +------------------+ +-------------------+ . . . . . . +------------------+ +-------------------+ | SP_PKG8 Hash |------>| SP_PKG8 | | | | (Data Image) | +------------------+ +-------------------+ Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Ia31546bac1327a3e0b5d37e8b99c808442d5e53f
-
- 08 Jun, 2020 1 commit
-
-
Manish Pandey authored
As per "include/export/README", TF-A code should never include export headers directly. Instead, it should include a wrapper header that ensures the export header is included in the right manner. "tbbr_img_def_exp.h" is directly included in TF-A code, this patch replaces it with its wrapper header "tbbr_img_def.h". Signed-off-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: I31c1a42e6a7bcac4c396bb17e8548567ecd8147d
-
- 01 Jun, 2020 1 commit
-
-
Jimmy Brisson authored
This should allow git to easily track file moves Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com> Change-Id: I1592cf39a4f94209c560dc6d1a8bc1bfb21d8327
-
- 25 May, 2020 1 commit
-
-
J-Alves authored
SPCI is renamed as PSA FF-A which stands for Platform Security Architecture Firmware Framework for A class processors. This patch replaces the occurrence of SPCI with PSA FF-A(in documents) or simply FFA(in code). Change-Id: I4ab10adb9ffeef1ff784641dfafd99f515133760 Signed-off-by: J-Alves <joao.alves@arm.com>
-