- 23 Mar, 2021 6 commits
-
-
Ying-Chun Liu (PaulLiu) authored
Adds bl2 with FIP to the build required for mbed Linux booting where we do: BootROM -> SPL -> BL2 -> OPTEE -> u-boot If NEED_BL2 is specified then BL2 will be built and BL31 will have its address range modified upwards to accommodate. BL31 must be loaded from a FIP in this case. If NEED_BL2 is not specified then the current BL31 boot flow is unaffected and u-boot SPL will load and execute BL31 directly. Signed-off-by:
Bryan O'Donoghue <bryan.odonoghue@linaro.org> Signed-off-by:
Ying-Chun Liu (PaulLiu) <paulliu@debian.org> Change-Id: I655343b3b689b1fc57cfbedda4d3dc2fbd549a96
-
Ying-Chun Liu (PaulLiu) authored
This patch enables Trusted Boot on the i.MX8MM with BL2 doing image verification from a FIP prior to hand-over to BL31. Signed-off-by:
-
Ying-Chun Liu (PaulLiu) authored
Signed-off-by:
-
Ying-Chun Liu (PaulLiu) authored
Adds a number of definitions consistent with the established WaRP7 equivalents specifying number of io_handles and block devices. Signed-off-by:
-
Ying-Chun Liu (PaulLiu) authored
Signed-off-by:
-
Ying-Chun Liu (PaulLiu) authored
Allows for exporting of FIP related methods cleanly in a private header. Signed-off-by:
-
- 19 Mar, 2021 1 commit
-
-
Tejas Patel authored
BIT24 of IPI command header is used to determine if caller is secure or non-secure. Mark BIT24 of IPI command header as non-secure if SMC caller is non-secure. Signed-off-by:
Tejas Patel <tejas.patel@xilinx.com> Signed-off-by:
Abhyuday Godhasara <abhyuday.godhasara@xilinx.com> Change-Id: Iec25af8f4b202093f58e858ee47cd9cd46890267
-
- 16 Mar, 2021 1 commit
-
-
Michal Simek authored
Versal is a72 based that's why there is no reason to build low level assemble code for a53. Signed-off-by:Michal Simek <michal.simek@xilinx.com> Change-Id: Iff9cf2582102d951825b87fd9af18e831ca717d6
-
- 15 Mar, 2021 1 commit
-
-
Olivier Deprez authored
The FF-A v1.0 spec allows two configurations for the number of EC/vCPU instantiated in a Secure Partition: -A MultiProcessor (MP) SP instantiates as many ECs as the number of PEs. An EC is pinned to a corresponding physical CPU. -An UniProcessor (UP) SP instantiates a single EC. The EC is migrated to the physical CPU from which the FF-A call is originating. This change permits exercising the latter case within the TF-A-tests framework. Signed-off-by:Olivier Deprez <olivier.deprez@arm.com> Change-Id: I7fae0e7b873f349b34e57de5cea496210123aea0
-
- 10 Mar, 2021 1 commit
-
-
Usama Arif authored
Signed-off-by:Usama Arif <usama.arif@arm.com> Change-Id: Ie199c60553477c43d1665548ae78cdfd1aa7ffcf
-
- 09 Mar, 2021 1 commit
-
-
Heiko Stuebner authored
Compiling BL31 for the Rockchip platform now produces a message about the deprecation of gic_common.c. Follow the advice and use include gicv2.mk instead. Signed-off-by:Heiko Stuebner <heiko.stuebner@theobroma-systems.com> Change-Id: I396b977d57975dba27cfed801ad5264bbbde2b5e
-
- 08 Mar, 2021 1 commit
-
-
Roger Lu authored
The case for value "VCOREFS_SMC_CMD_INIT" is not terminated by a "break" statement. Signed-off-by:Roger Lu <roger.lu@mediatek.com> Change-Id: I56cc7c1648e101c0da6e77e592e6edbd5d37724e
-
- 03 Mar, 2021 6 commits
-
-
Xi Chen authored
1 Only enable domain D0 and D1:PCIe access 0xC0000000~0xC4000000; 2 Only enable domain D0 and D3(SCP) access 0x50000000~0x51400000; Signed-off-by:Xi Chen <xixi.chen@mediatek.com> Change-Id: Ic4f9e6d85bfd1cebdb24ffc1d14309c89c103b2a
-
Roger Lu authored
Change-Id: I4bd4612a7c7727a5be70957ae940e5f51c7ca5e6 Signed-off-by: -
Roger Lu authored
Supports dram/mainpll/26m off when system suspend Signed-off-by: -
Roger Lu authored
Signed-off-by: -
Roger Lu authored
Low Power Management (LPM) helps find a suitable configuration for letting system entering idle or suspend with the most resources off. Change-Id: Ie6a7063b666cf338cff5bc972c9025b26de482eb Signed-off-by: -
Venkatesh Yadav Abbarapu authored
Add support for ZU43DR, ZU46DR and ZU47DR to the list of zynqmp devices. The ZU43DR, ZU46DR and ZU47DR RFSoC silicon id values are 0x7d, 0x78 and 0x7f. Signed-off-by:
Sandeep Gundlupet Raju <sandeep.gundlupet-raju@xilinx.com> Signed-off-by:
Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com> Acked-by:
-
- 02 Mar, 2021 1 commit
-
-
Tejas Patel authored
Return timeout error if, IPI is not acked in specified timeout. Signed-off-by:
-
- 01 Mar, 2021 3 commits
-
-
johpow01 authored
Add basic support for Makalu CPU. Signed-off-by:John Powell <john.powell@arm.com> Change-Id: I4e85d425eedea499adf585eb8ab548931185043d
-
Masahisa Kojima authored
This commit fixes the wrong memory type, secure NOR flash shall be mapped as MT_DEVICE. Signed-off-by:Masahisa Kojima <masahisa.kojima@linaro.org> Change-Id: I9c9ed51675d84ded675bb56b2e4ec7a08184c602
-
Masahisa Kojima authored
sbsa-ref in QEMU may create up to 512 cores. This commit prepares the MP information to support 512 cores. The number of xlat tables for spm_mm is also increased. Signed-off-by:
-
- 25 Feb, 2021 2 commits
-
-
Konstantin Porotchkin authored
This patch cleans up the MSS SRAM if it was used for MSS image copy (secure boot mode). Change-Id: I23f600b512050f75e63d59541b9c21cef21ed313 Signed-off-by:
Konstantin Porotchkin <kostap@marvell.com> Reviewed-on: https://sj1git1.cavium.com/c/IP/SW/boot/atf/+/30099 Reviewed-by:
Stefan Chulski <stefanc@marvell.com> Tested-by:
sa_ip-sw-jenkins <sa_ip-sw-jenkins@marvell.com>
-
Konstantin Porotchkin authored
Map IO WIN to CP1 and CP2 at all stages including the BLE. Do not map CP1/CP2 if CP_NUM is lower than 2 and 3 accordingly. This patch allows access to CP1/CP2 internal registers at BLE stage if CP1/CP2 are connected. Signed-off-by:
Nadav Haklai <nadavh@marvell.com> Reviewed-by:
Yi Guo <yi.guo@cavium.com> Reviewed-by:
Ofer Heifetz <oferh@marvell.com>
-
- 24 Feb, 2021 2 commits
-
-
Konstantin Porotchkin authored
The CP MSS IRAM is only accessible by CM3 CPU and MSS DMA. In secure boot mode the MSS DMA is unable to directly load the MSS FW image from DRAM to IRAM. This patch adds support for using the MSS SRAM as intermediate storage. The MSS FW image is loaded by application CPU into the MSS SRAM first, then transferred to MSS IRAM by MSS DMA. Such change allows the CP MSS image load in secure mode. Change-Id: Iee7a51d157743a0bdf8acb668ee3d599f760a712 Signed-off-by:
Grzegorz Jaszczyk <jaszczyk@marvell.com>
-
Venkatesh Yadav Abbarapu authored
Removing the custom crash implementation and use plat/common/aarch64/crash_console_helpers.S. Signed-off-by:
-
- 17 Feb, 2021 1 commit
-
-
Aditya Angadi authored
Rename rd_n1e1_edge_scmi_plat_info array to plat_rd_scmi_info as the same array is used to provide SCMI platform info across mulitple RD platforms and is not resitricted to only RD-N1 and RD-E1 platforms. Signed-off-by:Aditya Angadi <aditya.angadi@arm.com> Change-Id: I42ba33e0afa3003c731ce513c6a5754b602ec01f
-
- 16 Feb, 2021 1 commit
-
-
Andre Przywara authored
Now that we have a framework for the SMCCC TRNG interface, and the existing Juno entropy code has been prepared, add the few remaining bits to implement this interface for the Juno Trusted Entropy Source. We retire the existing Juno specific RNG interface, and use the generic one for the stack canary generation. Change-Id: Ib6a6e5568cb8e0059d71740e2d18d6817b07127d Signed-off-by:Andre Przywara <andre.przywara@arm.com>
-
- 15 Feb, 2021 1 commit
-
-
Andre Przywara authored
The Juno Trusted Entropy Source has a bias, which makes the generated raw numbers fail a FIPS 140-2 statistic test. To improve the quality of the numbers, we can use the CPU's CRC instructions, which do a decent job on conditioning the bits. This adds a *very* simple version of arm_acle.h, which is typically provided by the compiler, and contains the CRC instrinsics definitions we need. We need the original version by using -nostdinc. Change-Id: I83d3e6902d6a1164aacd5060ac13a38f0057bd1a Signed-off-by:
-
- 12 Feb, 2021 1 commit
-
-
Pankaj Gupta authored
NXP specifc macro SET_NXP_MAKE_FLAG is added. NXP has pool of multiple IPs. This macro helps: - In soc.mk, this macro help the selected IP source files to be included for that SoC. -- The set of IPs required for one NXP SoC is different to the set of IPs required by another NXP SoC. - For the same SoC, -- For one feature, the IP may be required in both BL2 and BL31. -- Without the above feature, that IP may be required in one. This macro help in selecting the inclusion of source and header files to: --- BL2 only --- BL31 only --- COMM (used by BL2 and BL31) Signed-off-by:Pankaj Gupta <pankaj.gupta@nxp.com> Change-Id: I2cdb13b89aa815fc5219cf8bfb9666d0a9f78765
-
- 11 Feb, 2021 4 commits
-
-
Andre Przywara authored
Currently we use the Juno's TRNG hardware entropy source to initialise the stack canary. The current function allows to fill a buffer of any size, but we will actually only ever request 16 bytes, as this is what the hardware implements. Out of this, we only need at most 64 bits for the canary. In preparation for the introduction of the SMCCC TRNG interface, we can simplify this Juno specific interface by making it compatible with the generic one: We just deliver 64 bits of entropy on each call. This reduces the complexity of the code. As the raw entropy register readouts seem to be biased, it makes sense to do some conditioning inside the juno_getentropy() function already. Also initialise the TRNG hardware, if not already done. Change-Id: I11b977ddc5417d52ac38709a9a7b61499eee481f Signed-off-by: -
Konstantin Porotchkin authored
The DRAM port code issues a dummy write to SPD page-0 i2c address in order to select this page for the forthcoming read transaction. If the write buffer length supplied to i2c_write is not zero, this call is translated to 2 bus transations: - set the target offset - write the data to the target However no actual data should be transferred to SPD page-0 in order to select it. Actually, the second transation never receives an ACK from the target device, which caused the following error report: ERROR: Status 30 in write transaction This patch sets the buffer length in page-0 select writes to zero, leading to bypass the data transfer to the target device. Issuing the target offset command to SPD page-0 address effectively selects this page for the read operation. Change-Id: I4bf8e8c09da115ee875f934bc8fbc9349b995017 Signed-off-by:
Moti Buskila <motib@marvell.com>
-
Konstantin Porotchkin authored
Add initialization for TRNG-IP-76 driver and support SMC call 0xC200FF11 used for reading HW RNG value by secondary bootloader software for KASLR support. Signed-off-by:
-
Vijayenthiran Subramaniam authored
Update TZC base address to align with the recent changes in the platform memory map. Signed-off-by:Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com> Change-Id: I0d0ad528a2e236607c744979e1ddc5c6d426687a
-
- 09 Feb, 2021 4 commits
-
-
Manish V Badarkhe authored
Currently, BLs are mapping the GIC memory region as read-write for all cores on boot-up. This opens up the security hole where the active core can write the GICR frame of fused/inactive core. To avoid this issue, disable the GICR frame of all inactive cores as below: 1. After primary CPU boots up, map GICR region of all cores as read-only. 2. After primary CPU boots up, map its GICR region as read-write and initialize its redistributor interface. 3. After secondary CPU boots up, map its GICR region as read-write and initialize its redistributor interface. 4. All unused/fused core's redistributor regions remain read-only and write attempt to such protected regions results in an exception. As mentioned above, this patch offers only the GICR memory-mapped region protection considering there is no facility at the GIC IP level to avoid writing the redistributor area. These changes are currently done in BL31 of Arm FVP and guarded under the flag 'FVP_GICR_REGION_PROTECTION'. As of now, this patch is tested manually as below: 1. Disable the FVP cores (core 1, 2, 3) with core 0 as an active core. 2. Verify data abort triggered by manually updating the ‘GICR_CTLR’ register of core 1’s(fused) redistributor from core 0(active). Change-Id: I86c99c7b41bae137b2011cf2ac17fad0a26e776d Signed-off-by:Manish V Badarkhe <Manish.Badarkhe@arm.com>
-
Manish V Badarkhe authored
GIC memory region is not getting used in BL1 and BL2. Hence avoid its mapping in BL1 and BL2 that freed some page table entries to map other memory regions in the future. Retains mapping of CCN interconnect region in BL1 and BL2 overlapped with the GIC memory region. Change-Id: I880dd0690f94b140e59e4ff0c0d436961b9cb0a7 Signed-off-by: -
Andre Przywara authored
So far the ARM platform Makefile would require that RESET_TO_BL31 is set when we ask for the ARM_LINUX_KERNEL_AS_BL33 feature. There is no real technical reason for that, and the one place in the code where this was needed has been fixed. Remove the requirement of those two options to be always enabled together. This enables the direct kernel boot feature for the Foundation FVP (as described in the documentation), which requires a BL1/FIP combination to boot, so cannot use RESET_TO_BL31. Change-Id: I6814797b6431b6614d684bab3c5830bfd9481851 Signed-off-by: -
Andre Przywara authored
At the moment we have the somewhat artifical limitation of ARM_LINUX_KERNEL_AS_BL33 only being used together with RESET_TO_BL31. However there does not seem to be a good technical reason for that, it was probably just to differentate between two different boot flows. Move the initial register setup for ARM_LINUX_KERNEL_AS_BL33 out of the RESET_TO_BL31 #ifdef, so that we initialise the registers in any case. This allows to use a preloaded kernel image when using BL1 and FIP. Change-Id: I832df272d3829f077661f4ee6d3dd9a276a0118f Signed-off-by:
-
- 08 Feb, 2021 1 commit
-
-
Manoj Kumar authored
The structure has been modified to specify the memory size in bytes instead of Gigabytes. Signed-off-by:
Manoj Kumar <manoj.kumar3@arm.com> Signed-off-by:
Chandni Cherukuri <chandni.cherukuri@arm.com> Change-Id: I3384677d79af4f3cf55d3c353b6c20bb827b5ae7
-
- 05 Feb, 2021 1 commit
-
-
Manoj Kumar authored
This patch removes the Neoverse N1 CPU errata workaround for bug 1542419 as the bug is not present in Rainier R0P0 core. Change-Id: Icaca299b13ef830b2ee5129576aae655a6288e69 Signed-off-by:
-
