1. 26 Jun, 2020 1 commit
  2. 25 Jun, 2020 2 commits
    • Manish V Badarkhe's avatar
      plat/arm: Increase size of firmware configuration area · ce4ca1a8
      Manish V Badarkhe authored
      
      
      Increased the size of firmware configuration area to accommodate
      all configs.
      
      Updated maximum size of following bootloaders due to increase
      in firmware configs size and addition of the code in the BL2.
      
      1. Increased maximum size of BL2 for Juno platform in no
         optimisation case.
      2. Reduced maximum size of BL31 for fvp and Juno platform.
      3. Reduced maximum size of BL32 for Juno platform.
      
      Change-Id: Ifba0564df0d1fe86175bed9fae87fdcf013b1831
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      ce4ca1a8
    • Manish V Badarkhe's avatar
      plat/arm: Load and populate fw_config and tb_fw_config · 82869675
      Manish V Badarkhe authored
      
      
      Modified the code to do below changes:
      
      1. Load tb_fw_config along with fw_config by BL1.
      2. Populate fw_config device tree information in the
         BL1 to load tb_fw_config.
      3. In BL2, populate fw_config information to retrieve
         the address of tb_fw_config and then tb_fw_config
         gets populated using retrieved address.
      4. Avoid processing of configuration file in case of error
         value returned from "fw_config_load" function.
      5. Updated entrypoint information for BL2 image so
         that it's arg0 should point to fw_config address.
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      Change-Id: Ife6f7b673a074e7f544ee3d1bda7645fd5b2886c
      82869675
  3. 24 Jun, 2020 6 commits
  4. 17 Jun, 2020 1 commit
    • Manish V Badarkhe's avatar
      plat/arm: Fix load address of TB_FW_CONFIG · 15865870
      Manish V Badarkhe authored
      
      
      Load address of tb_fw_config is incorrectly mentioned
      in below device trees:
      1. rdn1edge_fw_config.dts
      2. tc0_fw_config.dts
      
      Till now, tb_fw_config load-address is not being retrieved from
      device tree and hence never exeprienced any issue for tc0 and
      rdn1edge platform.
      
      For tc0 and rdn1edge platform, Load-address of tb_fw_config should
      be the SRAM base address + 0x300 (size of fw_config device tree)
      Hence updated these platform's fw_config.dts accordingly to reflect
      this load address change.
      
      Change-Id: I2ef8b05d49be10767db31384329f516df11ca817
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      15865870
  5. 09 Jun, 2020 3 commits
    • Madhukar Pappireddy's avatar
      plat/fvp: Add support for dynamic description of secure interrupts · 452d5e5e
      Madhukar Pappireddy authored
      
      
      Using the fconf framework, the Group 0 and Group 1 secure interrupt
      descriptors are moved to device tree and retrieved in runtime. This
      feature is enabled by the build flag SEC_INT_DESC_IN_FCONF.
      
      Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      452d5e5e
    • Andre Przywara's avatar
      GICv3: GIC-600: Detect GIC-600 at runtime · b4ad365a
      Andre Przywara authored
      
      
      The only difference between GIC-500 and GIC-600 relevant to TF-A is the
      differing power management sequence.
      A certain GIC implementation is detectable at runtime, for instance by
      checking the IIDR register. Let's add that test before initiating the
      GIC-600 specific sequence, so the code can be used on both GIC-600 and
      GIC-500 chips alike, without deciding on a GIC chip at compile time.
      
      This means that the GIC-500 "driver" is now redundant. To allow minimal
      platform support, add a switch to disable GIC-600 support.
      
      Change-Id: I17ea97d9fb05874772ebaa13e6678b4ba3415557
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      b4ad365a
    • Manish Pandey's avatar
      dualroot: add chain of trust for secure partitions · 44f1aa8e
      Manish Pandey authored
      
      
      A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP)
      owned Secure Partitions(SP). A similar support for Platform owned SP can
      be added in future. The certificate is also protected against anti-
      rollback using the trusted Non-Volatile counter.
      
      To avoid deviating from TBBR spec, support for SP CoT is only provided
      in dualroot.
      Secure Partition content certificate is assigned image ID 31 and SP
      images follows after it.
      
      The CoT for secure partition look like below.
      +------------------+       +-------------------+
      | ROTPK/ROTPK Hash |------>| Trusted Key       |
      +------------------+       | Certificate       |
                                 | (Auth Image)      |
                                /+-------------------+
                               /                   |
                              /                    |
                             /                     |
                            /                      |
                           L                       v
      +------------------+       +-------------------+
      | Trusted World    |------>| SiP owned SPs     |
      | Public Key       |       | Content Cert      |
      +------------------+       | (Auth Image)      |
                              /   +-------------------+
                             /                      |
                            /                      v|
      +------------------+ L     +-------------------+
      | SP_PKG1 Hash     |------>| SP_PKG1           |
      |                  |       | (Data Image)      |
      +------------------+       +-------------------+
              .                           .
              .                           .
              .                           .
      +------------------+       +-------------------+
      | SP_PKG8 Hash     |------>| SP_PKG8           |
      |                  |       | (Data Image)      |
      +------------------+       +-------------------+
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: Ia31546bac1327a3e0b5d37e8b99c808442d5e53f
      44f1aa8e
  6. 08 Jun, 2020 1 commit
    • Manish Pandey's avatar
      plat/arm: do not include export header directly · 81de5bf7
      Manish Pandey authored
      
      
      As per "include/export/README", TF-A code should never include export
      headers directly. Instead, it should include a wrapper header that
      ensures the export header is included in the right manner.
      
      "tbbr_img_def_exp.h" is directly included in TF-A code, this patch
      replaces it with its  wrapper header "tbbr_img_def.h".
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: I31c1a42e6a7bcac4c396bb17e8548567ecd8147d
      81de5bf7
  7. 01 Jun, 2020 1 commit
  8. 27 May, 2020 2 commits
    • Usama Arif's avatar
      plat/arm: Introduce TC0 platform · f5c58af6
      Usama Arif authored
      
      
      This patch adds support for Total Compute (TC0) platform. It is an
      initial port and additional features are expected to be added later.
      
      TC0 has a SCP which brings the primary Cortex-A out of reset
      which starts executing BL1. TF-A optionally authenticates the SCP
      ram-fw available in FIP and makes it available for SCP to copy.
      
      Some of the major features included and tested in this platform
      port include TBBR, PSCI, MHUv2 and DVFS.
      
      Change-Id: I1675e9d200ca7687c215009eef483d9b3ee764ef
      Signed-off-by: default avatarUsama Arif <usama.arif@arm.com>
      f5c58af6
    • Manish V Badarkhe's avatar
      Fix the build error for dualroot chain of trust. · b58956e9
      Manish V Badarkhe authored
      
      
      Fixed build error for dualroot chain of trust.
      Build error were thrown as below while compiling the code for
      dualroot chain of trust:
      
      aarch64-none-elf-ld.bfd: ./build/fvp/debug/bl1/tbbr_cot_bl1.o:
      (.bss.auth_img_flags+0x0): multiple definition of `auth_img_flags';
      ./build/fvp/debug/bl1/cot.o:(.bss.auth_img_flags+0x0): first defined here
      
      aarch64-none-elf-ld.bfd: ./build/fvp/debug/bl1/tbbr_cot_bl1.o:
      (.rodata.cot_desc_size+0x0): multiple definition of `cot_desc_size';
      ./build/fvp/debug/bl1/cot.o:(.rodata.cot_desc_size+0x0): first defined here
      
      aarch64-none-elf-ld.bfd: ./build/fvp/debug/bl1/tbbr_cot_bl1.o:
      (.rodata.cot_desc_ptr+0x0): multiple definition of `cot_desc_ptr';
      ./build/fvp/debug/bl1/cot.o:(.rodata.cot_desc_ptr+0x0): first defined here
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      Change-Id: I1a426c4e7f5f8013d71dafc176c7467c1b329757
      b58956e9
  9. 25 May, 2020 1 commit
    • J-Alves's avatar
      SPCI is now called PSA FF-A · 662af36d
      J-Alves authored
      
      
      SPCI is renamed as PSA FF-A which stands for Platform Security
      Architecture Firmware Framework for A class processors.
      This patch replaces the occurrence of SPCI with PSA FF-A(in documents)
      or simply FFA(in code).
      
      Change-Id: I4ab10adb9ffeef1ff784641dfafd99f515133760
      Signed-off-by: default avatarJ-Alves <joao.alves@arm.com>
      662af36d
  10. 21 May, 2020 2 commits
  11. 19 May, 2020 2 commits
  12. 15 May, 2020 1 commit
  13. 05 May, 2020 6 commits
    • Andre Przywara's avatar
      arm_fpga: Read UART address from DT · dee3042c
      Andre Przywara authored
      
      
      The arm_fpga port requires a DTB, to launch a BL33 payload.
      To make this port more flexible, we can also use the information in the
      DT to configure the console driver.
      For a start, find the DT node pointed to by the stdout-path property, and
      read the base address from there.
      This assumes for now that the stdout-path points to a PL011 UART.
      
      This allows to remove platform specific addresses from the image. We
      keep the original base address for the crash console.
      
      Change-Id: I46a990de2315f81cae4d7913ae99a07b0bec5cb1
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      dee3042c
    • Andre Przywara's avatar
      arm_fpga: Read GICD and GICR base addresses from DT · 1a0f9366
      Andre Przywara authored
      
      
      Since we use a DTB with all platform information to pass this on to a
      kernel loaded as BL33, we can as well make use of it for our own
      purposes.
      
      Every DT would contain a node for the GIC(v3) interrupt controller, so
      we can read the base address for the distributor and redistributors from
      there.
      
      This avoids hard coding this information in the code and allows for a more
      flexible binary.
      
      Change-Id: Ic530e223a21a45bc30a07a21048116d5af69e972
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      1a0f9366
    • Andre Przywara's avatar
      fdt/wrappers: Introduce code to find UART DT node · 60e2e27d
      Andre Przywara authored
      
      
      The stdout-path property in the /chosen node of a DTB points to a device
      node, which is used for boot console output.
      On most (if not all) ARM based platforms this is the debug UART.
      The ST platform code contains a function to parse this property and
      chase down eventual aliases to learn the node offset of this UART node.
      
      Introduce a slightly more generalised version of this ST platform function
      in the generic fdt_wrappers code. This will be useful for other platforms
      as well.
      
      Change-Id: Ie6da47ace7833861b5e35fe8cba49835db3659a5
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      60e2e27d
    • Andre Przywara's avatar
      arm_fpga: Read generic timer counter frequency from DT · 670c66af
      Andre Przywara authored
      
      
      The ARM Generic Timer DT binding describes an (optional) property to
      declare the counter frequency. Its usage is normally discouraged, as the
      value should be read from the CNTFRQ_EL0 system register.
      
      However in our case we can use it to program this register in the first
      place, which avoids us to hard code a counter frequency into the code.
      We keep some default value in, if the DT lacks that property for
      whatever reason.
      
      Change-Id: I5b71176db413f904f21eb16f3302fbb799cb0305
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      670c66af
    • Andre Przywara's avatar
      plat/stm32: Use generic fdt_get_reg_props_by_name() · 7ad6d362
      Andre Przywara authored
      
      
      The STM32 platform port parse DT nodes to find base address to
      peripherals. It does this by using its own implementation, even though
      this functionality is generic and actually widely useful outside of the
      STM32 code.
      
      Re-implement fdt_get_reg_props_by_name() on top of the newly introduced
      fdt_get_reg_props_by_index() function, and move it to fdt_wrapper.c.
      This is removes the assumption that #address-cells and #size-cells are
      always one.
      
      Change-Id: I6d584930262c732b6e0356d98aea50b2654f789d
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      7ad6d362
    • Andre Przywara's avatar
      arm_fpga: Use Generic UART · 93bb7a0a
      Andre Przywara authored
      
      
      The SCP firmware on the ARM FPGA initialises the UART already. This allows
      us to treat the PL011 as an SBSA Generic UART, which does not require
      any further setup.
      
      This in particular removes the need for any baudrate and base clock related
      settings to be hard coded into the BL31 image.
      
      Change-Id: I16fc943526267356b97166a7068459e06ff77f0f
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      93bb7a0a
  14. 30 Apr, 2020 2 commits
    • Andre Przywara's avatar
      arm: fconf: Fix GICv3 dynamic configuration · 364ad245
      Andre Przywara authored
      
      
      At the moment the fconf_populate_gicv3_config() implementation is
      somewhat incomplete: First it actually fails to store the retrieved
      information (the local addr[] array is going nowhere), but also it makes
      quite some assumptions about the device tree passed to it: it needs to
      use two address-cells and two size-cells, and also requires all five
      register regions to be specified, where actually only the first two
      are mandatory according to the binding (and needed by our code).
      
      Fix this by introducing a proper generic function to retrieve "reg"
      property information from a DT node:
      We retrieve the #address-cells and #size-cells properties from the
      parent node, then use those to extract the right values from the "reg"
      property. The function takes an index to select one region of a reg
      property.
      
      This is loosely based on the STM32 implementation using "reg-names",
      which we will subsume in a follow-up patch.
      
      Change-Id: Ia59bfdf80aea4e36876c7b6ed4d153e303f482e8
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      364ad245
    • Louis Mayencourt's avatar
      fconf: Update dyn_config compatible string · 592c396d
      Louis Mayencourt authored
      
      
      Dynamic configuration properties are fconf properties. Modify the
      compatible string from "arm,.." to "fconf,.." to reflect this.
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      Change-Id: I85eb75cf877c5f4d3feea3936d4c348ca843bc6c
      592c396d
  15. 29 Apr, 2020 1 commit
    • Andre Przywara's avatar
      fdt/wrappers: Replace fdtw_read_cells() implementation · ff4e6c35
      Andre Przywara authored
      Our fdtw_read_cells() implementation goes to great lengths to
      sanity-check every parameter and result, but leaves a big hole open:
      The size of the storage the value pointer points at needs to match the
      number of cells given. This can't be easily checked at compile time,
      since we lose the size information by using a void pointer.
      Regardless the current usage of this function is somewhat wrong anyways,
      since we use it on single-element, fixed-length properties only, for
      which the DT binding specifies the size.
      Typically we use those functions dealing with a number of cells in DT
      context to deal with *dynamically* sized properties, which depend on
      other properties (#size-cells, #clock-cells, ...), to specify the number
      of cells needed.
      
      Another problem with the current implementation is the use of
      ambiguously sized types (uintptr_t, size_t) together with a certain
      expectation about their size. In general there is no relation between
      the length of a DT property and the bitness of the code that parses the
      DTB: AArch64 code could encounter 32-bit addresses (where the physical
      address space is limited to 4GB [1]), while AArch32 code could read
      64-bit sized properties (/memory nodes on LPAE systems, [2]).
      
      To make this more clear, fix the potential issues and also align more
      with other DT users (Linux and U-Boot), introduce functions to explicitly
      read uint32 and uint64 properties. As the other DT consumers, we do this
      based on the generic "read array" function.
      Convert all users to use either of those two new functions, and make
      sure we never use a pointer to anything other than uint32_t or uint64_t
      variables directly.
      
      This reveals (and fixes) a bug in plat_spmd_manifest.c, where we write
      4 bytes into a uint16_t variable (passed via a void pointer).
      
      Also we change the implementation of the function to better align with
      other libfdt users, by using the right types (fdt32_t) and common
      variable names (*prop, prop_names).
      
      [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi#n874
      [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/boot/dts/ecx-2000.dts
      
      
      
      Change-Id: I718de960515117ac7a3331a1b177d2ec224a3890
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      ff4e6c35
  16. 28 Apr, 2020 1 commit
    • Andre Przywara's avatar
      fdt/wrappers: Generalise fdtw_read_array() · 6e3a89f4
      Andre Przywara authored
      
      
      Currently our fdtw_read_array() implementation requires the length of
      the property to exactly match the requested size, which makes it less
      flexible for parsing generic device trees.
      Also the name is slightly misleading, since we treat the cells of the
      array as 32 bit unsigned integers, performing the endianess conversion.
      
      To fix those issues and align the code more with other DT users (Linux
      kernel or U-Boot), rename the function to "fdt_read_uint32_array", and
      relax the length check to only check if the property covers at least the
      number of cells we request.
      This also changes the variable names to be more in-line with other DT
      users, and switches to the proper data types.
      
      This makes this function more useful in later patches.
      
      Change-Id: Id86f4f588ffcb5106d4476763ecdfe35a735fa6c
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      6e3a89f4
  17. 23 Apr, 2020 2 commits
  18. 17 Apr, 2020 1 commit
  19. 15 Apr, 2020 1 commit
  20. 14 Apr, 2020 1 commit
    • Aditya Angadi's avatar
      plat/arm/sgi: update mmap and xlat count · def3b54b
      Aditya Angadi authored
      
      
      A single chip platform requires five mmap entries and a corresponding
      number of translation tables. For every additional chip in the system,
      three additional mmap entries are required to map the shared SRAM and
      the IO regions. A corresponding number of additional translation
      tables are required as well.
      
      Change-Id: I1332a1305f2af62181387cf36954f6fb0e6f11ed
      Signed-off-by: default avatarAditya Angadi <aditya.angadi@arm.com>
      def3b54b
  21. 09 Apr, 2020 1 commit
    • Andre Przywara's avatar
      arm_fpga: Remove bogus timer initialisation · a82ea1db
      Andre Przywara authored
      
      
      The arm_fpga platform code contains an dubious line to initialise some
      timer. On closer inspection this turn out to be bogus, as this was only
      needed on some special (older) FPGA board, and is actually not needed on
      the current model. Also the base address was wrong anyways.
      
      Remove the code entirely.
      
      Change-Id: I02e71aea645051b5addb42d972d7a79f04b81106
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      a82ea1db
  22. 07 Apr, 2020 1 commit