- 25 Jun, 2020 3 commits
-
-
johpow01 authored
Cortex A77 erratum 1800714 is a Cat B erratum, present in older revisions of the Cortex A77 processor core. The workaround is to set a bit in the ECTLR_EL1 system register, which disables allocation of splintered pages in the L2 TLB. Since this is the first errata workaround implemented for Cortex A77, this patch also adds the required cortex_a77_reset_func in the file lib/cpus/aarch64/cortex_a77.S. This errata is explained in this SDEN: https://static.docs.arm.com/101992/0010/Arm_Cortex_A77_MP074_Software_Developer_Errata_Notice_v10.pdf Signed-off-by:
John Powell <john.powell@arm.com> Change-Id: I844de34ee1bd0268f80794e2d9542de2f30fd3ad
-
Manish V Badarkhe authored
Increased the size of firmware configuration area to accommodate all configs. Updated maximum size of following bootloaders due to increase in firmware configs size and addition of the code in the BL2. 1. Increased maximum size of BL2 for Juno platform in no optimisation case. 2. Reduced maximum size of BL31 for fvp and Juno platform. 3. Reduced maximum size of BL32 for Juno platform. Change-Id: Ifba0564df0d1fe86175bed9fae87fdcf013b1831 Signed-off-by:Manish V Badarkhe <Manish.Badarkhe@arm.com>
-
Manish V Badarkhe authored
Modified the code to do below changes: 1. Load tb_fw_config along with fw_config by BL1. 2. Populate fw_config device tree information in the BL1 to load tb_fw_config. 3. In BL2, populate fw_config information to retrieve the address of tb_fw_config and then tb_fw_config gets populated using retrieved address. 4. Avoid processing of configuration file in case of error value returned from "fw_config_load" function. 5. Updated entrypoint information for BL2 image so that it's arg0 should point to fw_config address. Signed-off-by:
Louis Mayencourt <louis.mayencourt@arm.com> Change-Id: Ife6f7b673a074e7f544ee3d1bda7645fd5b2886c
-
- 24 Jun, 2020 6 commits
-
-
Manish V Badarkhe authored
Updated 'fconf_load_config' function to return the error. Error from 'fconf_load_config" gets handled by BL1 in subsequent patches. Signed-off-by: -
Manish V Badarkhe authored
Modified the `fconf_load_config` function so that it can additionally support loading of tb_fw_config along with fw_config. Signed-off-by:
-
Manish V Badarkhe authored
Cleaned up confused naming between TB_FW and FW_CONFIG. Signed-off-by:
-
Louis Mayencourt authored
fw_config image is authenticated using secure boot framework by adding it into the single root and dual root chain of trust. The COT for fw_config image looks as below: +------------------+ +-------------------+ | ROTPK/ROTPK Hash |------>| Trusted Boot fw | +------------------+ | Certificate | | (Auth Image) | /+-------------------+ / | / | / | / | L v +------------------+ +-------------------+ | fw_config hash |------>| fw_config | | | | (Data Image) | +------------------+ +-------------------+ Signed-off-by: -
Manish V Badarkhe authored
Updated cert_tool to add hash information of fw_config image into the existing "trusted boot fw" certificate. Signed-off-by: -
Manish V Badarkhe authored
Added support in fiptool to include fw_config image in FIP. Signed-off-by:
-
- 23 Jun, 2020 1 commit
-
-
J-Alves authored
Change handler of FFA version interface: - Return SPMD's version if the origin of the call is secure; - Return SPMC's version if origin is non-secure. Signed-off-by:J-Alves <joao.alves@arm.com> Change-Id: I0d1554da79b72b1e02da6cc363a2288119c32f44
-
- 22 Jun, 2020 4 commits
-
-
johpow01 authored
Cortex A76 erratum 1800710 is a Cat B erratum, present in older revisions of the Cortex A76 processor core. The workaround is to set a bit in the ECTLR_EL1 system register, which disables allocation of splintered pages in the L2 TLB. This errata is explained in this SDEN: https://static.docs.arm.com/sden885749/g/Arm_Cortex_A76_MP052_Software_Developer_Errata_Notice_v20.pdf Signed-off-by:
-
johpow01 authored
Cortex A76 erratum 1791580 is a Cat B erratum present in earlier revisions of the Cortex A76. The workaround is to set a bit in the implementation defined CPUACTLR2 register, which forces atomic store operations to write-back memory to be performed in the L1 data cache. This errata is explained in this SDEN: https://static.docs.arm.com/sden885749/g/Arm_Cortex_A76_MP052_Software_Developer_Errata_Notice_v20.pdf Signed-off-by:
-
Sandeep Tripathy authored
It is desired to have the peripheral writes completed to clear the interrupt condition and de-assert the interrupt request to GIC before EOI write. Failing which spurious interrupt will occurred. A barrier is needed to ensure peripheral register write transfers are complete before EOI is done. GICv2 memory mapped DEVICE nGnR(n)E writes are ordered from core point of view. However these writes may pass over different interconnects, bridges, buffers leaving some rare chances for the actual write to complete out of order. GICv3 ICC EOI system register writes have no ordering against nGnR(n)E memory writes as they are over different interfaces. Hence a dsb can ensure from core no writes are issued before the previous writes are *complete*. Signed-off-by:Sandeep Tripathy <sandeep.tripathy@broadcom.com> Change-Id: Ie6362009e2f91955be99dca8ece14ade7b4811d6
-
Sheetal Tigadoli authored
Signed-off-by:Sheetal Tigadoli <sheetal.tigadoli@broadcom.com> Change-Id: Iaf6deaeee2069720518221157edbb052bc42850a
-
- 17 Jun, 2020 4 commits
-
-
Etienne Carriere authored
This change implements SCMI channels for reading a SCMI message from a shared memory and call the SCMI message drivers to route the message to the target platform services. SMT refers to the shared memory management protocol which is used to get/put message/response in shared memory. SMT is a 28byte header stating shared memory state and exchanged protocol data. The processing entry for a SCMI message can be a secure interrupt or fastcall SMCCC invocation. SMT description in this implementation is based on the OP-TEE project [1] itself based in the SCP-firmware implementation [2]. Link: [1] https://github.com/OP-TEE/optee_os/commit/a58c4d706d2333d2b21a3eba7e2ec0cb257bca1d Link: [2] https://github.com/ARM-software/SCP-firmware.git Change-Id: I416c7dab5c67954c6fe80bae8d8cdfdcda66873e Signed-off-by:
Etienne Carriere <etienne.carriere@linaro.org>
-
Etienne Carriere authored
Adds SCMI reset domain protocol support in the SCMI message drivers as defined in SCMI specification v2.0 [1]. Not all the messages defined in the specification are supported. scmi_msg_get_rd_handler() sanitizes the message_id value against any speculative use of reset domain ID as a index since by SCMI specification, IDs are indices. This implementation is based on the OP-TEE project implementation [2] itself based on the SCP-firmware implementation [3] of the SCMI protocol server side. Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf Link: [2] https://github.com/OP-TEE/optee_os/commit/56a1f10ed99d683ee3a8af29b6147a59a99ef3e0 Link: [3] https://github.com/ARM-software/SCP-firmware.git Change-Id: If7cf13de40a815dedb40dcd5af8b6bb6725d9078 Signed-off-by:
-
Etienne Carriere authored
Adds SCMI clock protocol support in the SCMI message drivers as defined in SCMI specification v2.0 [1] for clock protocol messages. Platform can provide one of the plat_scmi_clock_*() handler for the supported operations set/get state/rate and others. scmi_msg_get_clock_handler() sanitizes the message_id value against any speculative use of clock ID as a index since by SCMI specification, IDs are indices. This implementation is based on the OP-TEE project implementation [2] itself based on the SCP-firmware implementation [3] of the SCMI protocol server side. Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf Link: [2] https://github.com/OP-TEE/optee_os/commit/a7a9e3ba71dd908aafdc4c5ed9b29b15faa9692d Link: [3] https://github.com/ARM-software/SCP-firmware.git Change-Id: Ib56e096512042d4f7b9563d1e4181554eb8ed02c Signed-off-by:
-
Etienne Carriere authored
This change introduces drivers to allow a platform to create a basic SCMI service and register handlers for client request (SCMI agent) on system resources. This is the first piece of the drivers: an entry function, the SCMI base protocol support and helpers for create the response message. With this change, scmi_process_message() is the entry function to process an incoming SCMI message. The function expect the message is already copied from shared memory into secure memory. The message structure stores message reference and output buffer reference where response message shall be stored. scmi_process_message() calls the SCMI protocol driver according to the protocol ID in the message. The SCMI protocol driver will call defined platform handlers according to the message content. This change introduces only the SCMI base protocol as defined in SCMI specification v2.0 [1]. Not all the messages defined in the specification are supported. The SCMI message implementation is derived from the OP-TEE project [2] itself based on the SCP-firmware implementation [3] of the SCMI protocol server side. Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf Link: [2] https://github.com/OP-TEE/optee_os/commit/ae8c8068098d291e6e55744dbc237ec39fd9840a Link: [3] https://github.com/ARM-software/SCP-firmware/tree/v2.6.0 Change-Id: I639c4154a39fca60606264baf8d32452641f45e9 Signed-off-by:
-
- 12 Jun, 2020 2 commits
-
-
Varun Wadekar authored
This patch adds a build config 'RAS_TRAP_LOWER_EL_ERR_ACCESS' to set SCR_EL3.TERR during CPU boot. This bit enables trapping RAS register accesses from EL1 or EL2 to EL3. RAS_TRAP_LOWER_EL_ERR_ACCESS is disabled by default. Signed-off-by:Varun Wadekar <vwadekar@nvidia.com> Change-Id: Ifb0fb0afedea7dd2a29a0b0491a1161ecd241438
-
David Pu authored
This patch adds all Tegra194 RAS nodes definitions and support to handle all uncorrectable RAS errors. Change-Id: I109b5a8dbca91d92752dc282c4ca30f273c475f9 Signed-off-by:
David Pu <dpu@nvidia.com> Signed-off-by:
-
- 11 Jun, 2020 1 commit
-
-
Manish Pandey authored
with sha 0792dd7d , support to generate certificate for Secure Partitions was added for dualroot CoT only, this patch extends this support for tbbr CoT. Signed-off-by:
Manish Pandey <manish.pandey2@arm.com> Change-Id: I451c0333536dd1cbe17861d454bdb0dc7a17c63f
-
- 09 Jun, 2020 3 commits
-
-
Madhukar Pappireddy authored
Using the fconf framework, the Group 0 and Group 1 secure interrupt descriptors are moved to device tree and retrieved in runtime. This feature is enabled by the build flag SEC_INT_DESC_IN_FCONF. Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c Signed-off-by:Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
Andre Przywara authored
The only difference between GIC-500 and GIC-600 relevant to TF-A is the differing power management sequence. A certain GIC implementation is detectable at runtime, for instance by checking the IIDR register. Let's add that test before initiating the GIC-600 specific sequence, so the code can be used on both GIC-600 and GIC-500 chips alike, without deciding on a GIC chip at compile time. This means that the GIC-500 "driver" is now redundant. To allow minimal platform support, add a switch to disable GIC-600 support. Change-Id: I17ea97d9fb05874772ebaa13e6678b4ba3415557 Signed-off-by:Andre Przywara <andre.przywara@arm.com>
-
Manish Pandey authored
A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP) owned Secure Partitions(SP). A similar support for Platform owned SP can be added in future. The certificate is also protected against anti- rollback using the trusted Non-Volatile counter. To avoid deviating from TBBR spec, support for SP CoT is only provided in dualroot. Secure Partition content certificate is assigned image ID 31 and SP images follows after it. The CoT for secure partition look like below. +------------------+ +-------------------+ | ROTPK/ROTPK Hash |------>| Trusted Key | +------------------+ | Certificate | | (Auth Image) | /+-------------------+ / | / | / | / | L v +------------------+ +-------------------+ | Trusted World |------>| SiP owned SPs | | Public Key | | Content Cert | +------------------+ | (Auth Image) | / +-------------------+ / | / v| +------------------+ L +-------------------+ | SP_PKG1 Hash |------>| SP_PKG1 | | | | (Data Image) | +------------------+ +-------------------+ . . . . . . +------------------+ +-------------------+ | SP_PKG8 Hash |------>| SP_PKG8 | | | | (Data Image) | +------------------+ +-------------------+ Signed-off-by:
-
- 08 Jun, 2020 1 commit
-
-
Manish Pandey authored
Add support to generate certificate "sip-sp-cert" for Secure Partitions(SP) owned by Silicon provider(SiP). To avoid deviation from TBBR specification the support is only added for dualroot CoT and not for TBBR CoT. A single certificate file is generated containing hash of individual packages. Maximum 8 secure partitions are supported. Following new options added to cert_tool: --sip-sp-cert --> SiP owned Secure Partition Content Certificate --sp-pkg1 --> Secure Partition Package1 file --sp-pkg2 ..... --sp-pkg8 Trusted world key pair is used for signing. Going forward, this feature can be extended for Platfrom owned Partitions, if required. Signed-off-by:
-
- 06 Jun, 2020 5 commits
-
-
Alex Leibovich authored
Remove pll powerdown from pll configuration sequence to improve stability. Remove redundant cases, which no longer exist. Also get rid of irrelevant definition of CPU_2200_DDR_1200_RCLK_1200, which is not used by 806/807. Change-Id: If911e7dee003dfb9a42fafd7ffe34662f026fd23 Signed-off-by:Alex Leibovich <alexl@marvell.com>
-
Grzegorz Jaszczyk authored
The mci_initialize function name was misleading. The function itself doesn't initialize MCI in general but performs MCI link tuning for performance improvement. Change-Id: I13094ad2235182a14984035bbe58013ebde84a7e Signed-off-by:Grzegorz Jaszczyk <jaz@semihalf.com>
-
Grzegorz Jaszczyk authored
By default all external CPs start with configuration address space set to 0xf200_0000. To overcome this issue, go in the loop and initialize the CP one by one, using temporary window configuration which allows to access each CP and update its configuration space according to decoding windows scheme defined for each platform. In case of cn9130 after this procedure bellow addresses will be used: CP0 - f2000000 CP1 - f4000000 CP2 - f6000000 When the re-configuration is done there is need to restore previous decoding window configuration(init_io_win). Change-Id: I1a652bfbd0bf7106930a7a4e949094dc9078a981 Signed-off-by: -
Grzegorz Jaszczyk authored
Change-Id: Icb8fe14417665d6aadd5a5ee2b77547b4ef78773 Signed-off-by: -
Grzegorz Jaszczyk authored
This commit is a preparation for upcoming support for OcteonTX and OcteonTX2 product families. Armada platform related files (docs, plat, include/plat) are moved to the new "armada" sub-folder. Change-Id: Icf03356187078ad6a2e56c9870992be3ca4c9655 Signed-off-by:
Marcin Wojtas <mw@semihalf.com>
-
- 03 Jun, 2020 1 commit
-
-
Etienne Carriere authored
ETZPC stands for Extended TrustZone Protection Controller. It is a resource conditional access device. It is mainly based on Arm TZPC. ST ETZPC exposes memory mapped DECPROT cells to set access permissions to SoC peripheral interfaces as I2C, SPI, DDR controllers, and some of the SoC internal memories. ST ETZPC exposes memory mapped TZMA cells to set access permissions to some SoC internal memories. Change-Id: I47ce20ffcfb55306dab923153b71e1bcbe2a5570 Co-developed-by:
Yann Gautier <yann.gautier@st.com> Signed-off-by:
Etienne Carriere <etienne.carriere@st.com>
-
- 02 Jun, 2020 3 commits
-
-
Jimmy Brisson authored
Enhanced Counter Virtualization, ECV, is an architecture extension introduced in ARMv8.6. This extension allows the hypervisor, at EL2, to setup self-synchronizing views of the timers for it's EL1 Guests. This patch pokes the control register to enable this extension when booting a hypervisor at EL2. Change-Id: I4e929ecdf400cea17eff1de5cf8704aa7e40973d Signed-off-by:Jimmy Brisson <jimmy.brisson@arm.com>
-
Jimmy Brisson authored
The Fine Grained Traps (FGT) architecture extension was added to aarch64 in ARMv8.6. This extension primarily allows hypervisors, at EL2, to trap specific instructions in a more fine grained manner, with an enable bit for each instruction. This patch adds support for this extension by enabling the extension when booting an hypervisor at EL2. Change-Id: Idb9013ed118b6a1b7b76287237096de992ca4da3 Signed-off-by: -
Masahisa Kojima authored
Core spm_mm code expects the translation tables are located in the inner & outer WBWA & shareable memory. REGISTER_XLAT_CONTEXT2 macro is used to specify the translation table section in spm_mm. In the commit 363830df (xlat_tables_v2: merge REGISTER_XLAT_CONTEXT_{FULL_SPEC,RO_BASE_TABLE}), REGISTER_XLAT_CONTEXT2 macro explicitly specifies the base xlat table goes into .bss by default. This change affects the existing SynQuacer spm_mm implementation. plat/socionext/synquacer/include/plat.ld.S linker script intends to locate ".bss.sp_base_xlat_table" into "sp_xlat_table" section, but this implementation is no longer available. This patch adds the base table section name parameter for REGISTER_XLAT_CONTEXT2 so that platform can specify the inner & outer WBWA & shareable memory for spm_mm base xlat table. If PLAT_SP_IMAGE_BASE_XLAT_SECTION_NAME is not defined, base xlat table goes into .bss by default, the result is same as before. Change-Id: Ie0e1a235e5bd4288dc376f582d6c44c5df6d31b2 Signed-off-by:
Masahisa Kojima <masahisa.kojima@linaro.org>
-
- 01 Jun, 2020 3 commits
-
-
Jimmy Brisson authored
Change-Id: I89b90cbdfc8f2aa898b4f3676a4764f060f8e138 Signed-off-by: -
Jimmy Brisson authored
This should allow git to easily track file moves Signed-off-by: -
Etienne Carriere authored
Changes stm32mp1 reset driver to API to add a timeout argument to stm32mp_reset_assert() and stm32mp_reset_deassert() and a return value. With a supplied timeout, the functions wait the target reset state is reached before returning. With a timeout of zero, the functions simply load target reset state in SoC interface and return without waiting. Helper functions stm32mp_reset_set() and stm32mp_reset_release() use a zero timeout and return without a return code. This change updates few stm32 drivers and plat/stm32mp1 blé_plat_setup.c accordingly without any functional change. functional change. Change-Id: Ia1a73a15125d3055fd8739c125b70bcb9562c27f Signed-off-by:
-
- 31 May, 2020 1 commit
-
-
Alexei Fedorov authored
The patch fixes BL31 linker script error "Init code ends past the end of the stacks" for platforms with number of CPUs less than 4, which is caused by __STACKS_END__ address being lower than __INIT_CODE_END__. The modified BL31 linker script detects such cases and increases the total amount of stack memory, setting __STACKS_END__ = __INIT_CODE_END__, and CPUs' stacks are calculated by BL31 'plat_get_my_stack' function accordingly. For platforms with more than 4 CPUs and __INIT_CODE_END__ < __STACKS_END__ stack memory does not increase and allocated CPUs' stacks match the existing implementation. The patch removes exclusion of PSCI initialization functions from the reclaimed .init section in 'arm_reclaim_init.ld.S' script, which increases the size of reclaimed memory region. Change-Id: I927773e00dd84e1ffe72f9ee534f4f2fc7b6153c Signed-off-by:Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 26 May, 2020 1 commit
-
-
Alexei Fedorov authored
This patch fixes wrong ID_AA64DFR0_EL1 register read instead of ID_AA64PFR0_EL1 to detect support for MPAM extension. It also implements get_mpam_version() function which returns MPAM version as: 0x00: None Armv8.0 or later; 0x01: v0.1 Armv8.4 or later; 0x10: v1.0 Armv8.2 or later; 0x11: v1.1 Armv8.4 or later; Change-Id: I31d776b1a1b60cb16e5e62296d70adb129d7b760 Reported-by:
Matteo Zini <matteozini96@gmail.com> Signed-off-by:
-
- 25 May, 2020 1 commit
-
-
J-Alves authored
SPCI is renamed as PSA FF-A which stands for Platform Security Architecture Firmware Framework for A class processors. This patch replaces the occurrence of SPCI with PSA FF-A(in documents) or simply FFA(in code). Change-Id: I4ab10adb9ffeef1ff784641dfafd99f515133760 Signed-off-by:
-
