- 24 Mar, 2021 34 commits
-
-
Pankaj Gupta authored
NXP SoC supports two TBB mode: - MBED_TLS based -- ROTK key hash is placed as part of the BL2 binary at section: --- .rodata.nxp_rotpk_hash -- Supporting non-volatile counter via SFP. -- platform function used by TFA common authentication code. - NXP CSF based -- ROTK key deployment vary from MBEDTLS Signed-off-by:Ruchika Gupta <ruchika.gupta@nxp.com> Signed-off-by:
Pankaj Gupta <pankaj.gupta@nxp.com> Change-Id: Ib0f0bf024fd93de906c5d4f609383ae9e02b2fbc
-
Pankaj Gupta authored
All of the NXP SoC, needs fip_fuse image to be loaded additionally as part of preparation for Trusted board boot - fip_fuse.bin contains an image for auto fuse provisioning. - Auto fuse provisioning is based on the input file with values for: -- SRK Hash -- OTPMK -- misc. refer board manual for more details. Signed-off-by: -
Pankaj Gupta authored
Few of the NXP SoC like LX2160A, needs ddr-phy images to be loaded additionally before DDR initialization - fip_ddr.bin is created containing upto 6 ddr images. - With TRUSTED_BOARD_BOOT = 1, fip_ddr.bin is authenticated first before loading and starting DDR initialization. - To successfully compile this image, platform-defined header files needs to be defined: -- include/common/tbbr/tbbr_img_def.h uses: --- plat_tbbr_img_def.h: platform specific new FIP image macros. -- include/tools/share/firmware_image_package.h uses: --- plat_def_fip_uuid.h: platform specific new UUID macros. ---- Added UUID for DDR images to create FIP-DDR. ---- Added UUID for FUSE provisioning images to create FIP-fuse. -- include/tools/share/tbbr_oid.h uses: --- platform_oid.h: platform specific new OID macros. Signed-off-by: -
Pankaj Gupta authored
function load_img(), is dependent on: - Recursively calling load_image() defined in common/bl_common.c - for each image in the fip. Signed-off-by: -
Pankaj Gupta authored
SMC call handling at EL3 due SIP and SVC calls. Signed-off-by:
rocket <rod.dorris@nxp.com> Signed-off-by:
-
Pankaj Gupta authored
Signed-off-by:
-
Pankaj Gupta authored
Signed-off-by:
-
Pankaj Gupta authored
bl31-data file written in assembly helps to manage data at bl31. Signed-off-by:
-
Pankaj Gupta authored
Signed-off-by: -
Pankaj Gupta authored
NXP tool to create pbl from bl2 binary: - RCW is prepended to BL2.bin - If TRUSTED_BOARD_BOOT=1, pre-append the CSF header to be understood by NXP boot-rom. Signed-off-by: -
Pankaj Gupta authored
NXP SMMU driver API for NXP SoC. - Currently it supports by-passing SMMU, called only when NXP CAAM is enabled. - (TBD) AMQ based SMMU access control: Access Management Qualifiers (AMQ) advertised by a bus master for a given transaction. Signed-off-by: -
Pankaj Gupta authored
Chain of trust(CoT) is enabled on NXP SoC in two ways: - Using MbedTLS, parsing X509 Certificates. - Using NXP internal method parsing CSF header Signed-off-by:
-
Pankaj Gupta authored
NXP has hardware crypto accelerator called CAAM. - Work with Job ring - Jobs are submitted to CAAM in the form of 64 word descriptor. Signed-off-by:
-
Pankaj Gupta authored
SD & eMMC driver support for NXP SoC. Signed-off-by:
-
Pankaj Gupta authored
NXP QuadSPI driver support NXP SoC. - Supporting QSPI flash Signed-off-by: -
Kuldeep Singh authored
Flexspi driver now introduces read/write/erase APIs for complete flash size, FAST-READ are by default used and IP bus is used for erase, read and write using flexspi APIs. Framework layer is currently embedded in driver itself using flash_info defines. Test cases are also added to confirm flash functionality currently under DEBUG flag. Signed-off-by:
Ashish Kumar <Ashish.Kumar@nxp.com> Signed-off-by:
Kuldeep Singh <kuldeep.singh@nxp.com> Change-Id: I755c0f763f6297a35cad6885f84640de50f51bb0
-
Pankaj Gupta authored
GIC api used by NXP SoC is based on: - arm provided drivers: /drivers/arm/gic Signed-off-by: -
Pankaj Gupta authored
NXP General Purpose Input/Output driver support for NXP platforms. Signed-off-by: -
Pankaj Gupta authored
NXP Central Security Unit(CSU) for NXP SoC. CSU is used for: - Access permissions for peripheral that donot have their own access control. - Locking of individual CSU settings until the next POR - General purpose security related control bits Refer NXP SoC manuals fro more details. Signed-off-by: -
Pankaj Gupta authored
Driver for NXP IP for Power Management Unit. Signed-off-by: -
Pankaj Gupta authored
DDR driver for NXP layerscape SoC(s): - lx2160aqds - lx2162aqds - lx2160ardb - Other Board with SoC(s) like ls1046a, ls1043a etc; -- These other boards are not verified yet. Signed-off-by:
Rajesh Bhagat <rajesh.bhagat@nxp.com> Signed-off-by:
York Sun <york.sun@nxp.com> Signed-off-by:
Udit Agarwal <udit.agarwal@nxp.com> Signed-off-by:
-
Pankaj Gupta authored
NXP I2C driver support for NXP SoC(s). Signed-off-by:
-
Pankaj Gupta authored
NXP Security Monitor IP provides hardware anchored - current security state of the SoC. - Tamper detect etc. Signed-off-by:
-
Pankaj Gupta authored
NXP Security Fuse Processor is used to read and write fuses. - Fuses once written, are cannot be un-done. - Used as trust anchor for monotonic counter, different platform keys etc. Signed-off-by:
-
Pankaj Gupta authored
CCN API(s) to be used NXP SoC(s) are added. These API(s) based on ARM CCN driver - driver/arm/ccn CCI API(s) to be used NXP SoC(s) are added. These API(s) based on ARM CCI driver - driver/arm/cci Signed-off-by: -
Pankaj Gupta authored
NXP TZC-400 API(s) to configure ddr regions are based on: - drivers/arm/tzc Signed-off-by: -
Pankaj Gupta authored
NXP Timer Apis are based on: - drivers/delay_timer Signed-off-by: -
Pankaj Gupta authored
NXP SoC needs Device Configuration driver to fetch the current SoC configuration. Signed-off-by: -
Pankaj Gupta authored
NXP SoCs, supports two types of UART controller: - PL011 - using ARM drivers sources - 16550 - using TI drivers source Signed-off-by: -
Pankaj Gupta authored
Generic framework is added to include platform defined UUID. This framework is added for the following: - All NXP SoC based platforms needed additional fip-fuse.bin - NXP SoC lx2160a based platforms requires additional fip-ddr.bin Signed-off-by: -
Pankaj Gupta authored
Conditional definition for the macro MAX_NUMBER_IDS. This will allow to update this definition by the platform specific implementation. Since, NXP SoC lx2160a based platforms requires additional FIP DDR to be loaded before initializing the DDR. It requires addition of defines for DDR image IDs. A dedicated header plat_tbbr_img_def.h is added to the platform folder - plat/nxp/common/include/default/ Inclusion of this header file will depend on the compile time flag PLAT_TBBR_IMG_DEF. Signed-off-by: -
Pankaj Gupta authored
Incorrect value is picked for TF_MBEDTLS_USE_RSA defination, even if the TF_MBEDTLS_RSA is enabled. Due to which PK_DER_LEN is defined incorrectly. Signed-off-by: -
Pankaj Gupta authored
Changes to 'tools/cert_create' folder, to include platform defined certificates, keys, and extensions. NXP SoC lx2160a : based platforms requires additional FIP DDR to be loaded before initializing the DDR. To enable chain of trust on these platforms, FIP DDR image needs to be authenticated, additionally. Platform specific folder 'tools/nxp/cert_create_helper' is added to support platform specific macros and definitions. Signed-off-by: -
Pankaj Gupta authored
Platforms, which requires additional images to be verified using TBBR; such that their key certificate is tied to TRUSTED_KEY_CERT. For such platforms, if make commands runs twice: - Once with targets as bl2 & fip.bin, and - Again to build the target as the additional image. then, if path to the TRUSTED_KEY_CERT varies in the makefile with make-target of the additional image, then there would be two location where "trusted_key.crt" will be created. This patch helps overriding the TRUSTED_KEY_CERT from any .mk in the platform's makefile structure. Signed-off-by:
-
- 23 Mar, 2021 3 commits
-
-
André Przywara authored
-
Andre Przywara authored
The devicetree binding document[1] for the /reserved-memory node demands that the number of address and size-cells in the reserved-memory node must match those values in the root node. So far we were forcing a 64-bit address along with a 32-bit size. Adjust the code to query the cells values from the root node, and populate the newly created /reserved-memory node accordingly. This fixes the fdt_add_reserved_memory() function when called on a devicetree which does not use the 2/1 pair. Linux is picky about this and will bail out the parsing routine, effectively ignoring the reserved-memory node: [ 0.000000] OF: fdt: Reserved memory: unsupported node format, ignoring [1] Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt in the Linux kernel source tree Change-Id: Ie126ebab4f3fedd48e12c9ed4bd8fa123acc86d3 Signed-off-by:Andre Przywara <andre.przywara@arm.com>
-
Olivier Deprez authored
-
- 19 Mar, 2021 3 commits
-
-
Madhukar Pappireddy authored
-
Tejas Patel authored
BIT24 of IPI command header is used to determine if caller is secure or non-secure. Mark BIT24 of IPI command header as non-secure if SMC caller is non-secure. Signed-off-by:
Tejas Patel <tejas.patel@xilinx.com> Signed-off-by:
Abhyuday Godhasara <abhyuday.godhasara@xilinx.com> Change-Id: Iec25af8f4b202093f58e858ee47cd9cd46890267
-
J-Alves authored
FF-A specification states that error codes should be typed int32_t. SPMD's uses uint64_t for return values, which if assigned with a signed type would have sign extension, and change the size of the return from 32-bit to 64-bit. Signed-off-by:J-Alves <joao.alves@arm.com> Change-Id: I288ab2ffec8330a2fe1f21df14e22c34bd83ced3
-
