1. 14 Sep, 2020 1 commit
  2. 17 Aug, 2020 1 commit
    • Andre Przywara's avatar
      plat/allwinner: Only enable DRIVEVBUS if really needed · 93fa305c
      Andre Przywara authored
      
      
      The DRIVEVBUS power rail of the AXP803 PMIC is mostly used to supply
      the USB bus power on micro USB sockets, when used in host mode. As this
      is a dynamic operation, and mostly we want micro USB sockets to act in
      client mode initially, BL31 should not actually enable this power line.
      However, on some boards DRIVEVBUS is used to supply power to normal
      USB-A sockets. Failing to activate this line there results in
      non-functional USB in U-Boot on those boards.
      
      For that reason we were enabling DRIVEVBUS so far, as it did not seem to
      cause any harm to the other boards. However it turns out that on the
      Pinephone (and other systems with a battery), actually enabling DRIVEVBUS
      unconditionally causes serious problems (reboot loop).
      
      To accommodate both use cases, without reverting to a build time option,
      check the default OTG configuration in the devicetree. For boards with
      USB-A sockets this is set to "host", on boards with micro-B sockets to
      "otg". Depending on this setting, we either enable DRIVEVBUS or leave it
      alone.
      
      This fixes TF-A on the Pinephone and potentially other battery powered
      devices.
      
      Change-Id: Iec0e07f218b2b4393bf4e05c3386261f8ed19e9f
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      93fa305c
  3. 12 Aug, 2020 1 commit
    • Manish Pandey's avatar
      dualroot: add chain of trust for Platform owned SPs · 2947412d
      Manish Pandey authored
      
      
      For dualroot CoT there are two sets of SP certificates, one owned by
      Silicon Provider(SiP) and other owned by Platform. Each certificate can
      have a maximum of 4 SPs.
      
      This patch reduces the number of SiP owned SPs from 8 to 4 and adds
      the remaining 4 to Plat owned SP.
      Plat owned SP certificate is signed using Platform RoT key and
      protected against anti-rollback using the Non-trusted Non-volatile
      counter.
      
      Change-Id: Idc3ddd87d6d85a5506a7435f45a6ec17c4c50425
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      2947412d
  4. 31 Jul, 2020 1 commit
    • Manish Pandey's avatar
      tbbr/dualroot: rename SP package certificate file · 03a5225c
      Manish Pandey authored
      
      
      Currently only single signing domain is supported for SP packages but
      there is plan to support dual signing domains if CoT is dualroot.
      
      SP_CONTENT_CERT_ID is the certificate file which is currently generated
      and signed with trusted world key which in-turn is derived from Silicon
      provider RoT key.
      To allow dual signing domain for SP packages, other certificate file
      will be derived from Platform owned RoT key.
      
      This patch renames "SP_CONTENT_CERT_ID" to "SIP_SP_CONTENT_CERT_ID" and
      does other related changes.
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: I0bc445a3ab257e2dac03faa64f46e36a9fed5e93
      03a5225c
  5. 29 Jul, 2020 1 commit
  6. 27 Jul, 2020 1 commit
  7. 21 Jul, 2020 2 commits
  8. 20 Jul, 2020 1 commit
    • Alexei Fedorov's avatar
      TF-A GICv2 driver: Introduce makefile · 1322dc94
      Alexei Fedorov authored
      
      
      This patch moves all GICv2 driver files into new added
      'gicv2.mk' makefile for the benefit of the generic driver
      which can evolve in the future without affecting platforms.
      
      NOTE: Usage of 'drivers/arm/gic/common/gic_common.c' file
      is now deprecated and platforms with GICv2 driver need to
      be modified to include 'drivers/arm/gic/v2/gicv2.mk' in
      their makefiles.
      
      Change-Id: Ib10e71bdda0e5c7e80a049ddce2de1dd839602d1
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      1322dc94
  9. 16 Jul, 2020 1 commit
    • johpow01's avatar
      IO Driver Misra Cleanup · d471bd9c
      johpow01 authored
      
      
      This patch cleans up MISRA C violations in the IO driver files.  Some
      things did not make sense to fix or would require sweeping changes
      but the simple issues have been resolved.
      
      Defects Fixed
      
      File                        Line Rule
      drivers/io/io_fip.c         39   MISRA C-2012 Rule 5.6 (required)
      drivers/io/io_fip.c         52   MISRA C-2012 Rule 8.9 (advisory)
      drivers/io/io_fip.c         60   MISRA C-2012 Rule 5.9 (advisory)
      drivers/io/io_fip.c         285  MISRA C-2012 Rule 8.9 (advisory)
      drivers/io/io_fip.c         336  MISRA C-2012 Rule 15.4 (advisory)
      drivers/io/io_fip.c         340  MISRA C-2012 Rule 15.4 (advisory)
      drivers/io/io_fip.c         342  MISRA C-2012 Rule 15.4 (advisory)
      drivers/io/io_memmap.c      30   MISRA C-2012 Rule 5.6 (required)
      drivers/io/io_memmap.c      32   MISRA C-2012 Rule 5.9 (advisory)
      drivers/io/io_memmap.c      85   MISRA C-2012 Rule 11.8 (required)
      drivers/io/io_semihosting.c 66   MISRA C-2012 Rule 11.8 (required)
      drivers/io/io_storage.c     73   MISRA C-2012 Rule 5.9 (advisory)
      drivers/io/io_storage.c     116  MISRA C-2012 Rule 13.4 (advisory)
      Signed-off-by: default avatarJohn Powell <john.powell@arm.com>
      Change-Id: Id9b1b2b684588d4eaab674ed4ed04f3950dd21f4
      d471bd9c
  10. 13 Jul, 2020 1 commit
  11. 11 Jul, 2020 1 commit
  12. 10 Jul, 2020 5 commits
  13. 09 Jul, 2020 1 commit
  14. 08 Jul, 2020 5 commits
  15. 07 Jul, 2020 1 commit
    • Varun Wadekar's avatar
      drivers: arm: gicv3: auto-detect presence of GIC600-AE · 8e570b71
      Varun Wadekar authored
      
      
      This patch adds the IIDR value for GIC600-AE to the gicv3_is_gic600()
      helper function. This helps platforms supporting this version of the
      GIC600 interrupt controller to function with the generic GIC driver.
      
      Verified with tftf-validation test suite
      
      ******************************* Summary *******************************
      > Test suite 'Framework Validation'
                                                                      Passed
      > Test suite 'Timer framework Validation'
                                                                      Passed
      =================================
      Tests Skipped : 0
      Tests Passed  : 6
      Tests Failed  : 0
      Tests Crashed : 0
      Total tests   : 6
      =================================
      NOTICE:  Exiting tests.
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      Change-Id: I518ae7b56f7f372e374e453287d76ca370fc3574
      8e570b71
  16. 24 Jun, 2020 2 commits
  17. 22 Jun, 2020 1 commit
    • Sandeep Tripathy's avatar
      TF-A GIC driver: Add barrier before eoi · 5eb16c47
      Sandeep Tripathy authored
      
      
      It is desired to have the peripheral writes completed to clear the
      interrupt condition and de-assert the interrupt request to GIC before
      EOI write. Failing which spurious interrupt will occurred.
      
      A barrier is needed to ensure peripheral register write transfers are
      complete before EOI is done.
      
      GICv2 memory mapped DEVICE nGnR(n)E writes are ordered from core point
      of view. However these writes may pass over different interconnects,
      bridges, buffers leaving some rare chances for the actual write to
      complete out of order.
      
      GICv3 ICC EOI system register writes have no ordering against nGnR(n)E
      memory writes as they are over different interfaces.
      
      Hence a dsb can ensure from core no writes are issued before the previous
      writes are *complete*.
      Signed-off-by: default avatarSandeep Tripathy <sandeep.tripathy@broadcom.com>
      Change-Id: Ie6362009e2f91955be99dca8ece14ade7b4811d6
      5eb16c47
  18. 19 Jun, 2020 5 commits
  19. 17 Jun, 2020 4 commits
  20. 15 Jun, 2020 1 commit
    • Manish Pandey's avatar
      tbbr: add chain of trust for Secure Partitions · 68758dd6
      Manish Pandey authored
      with sha 44f1aa8e
      
      , support for Silicon Provider(SiP) owned Secure
      Partition(SP) was added for dualroot CoT. This patch extends this
      support for tbbr CoT.
      
      Earlier tbbr CoT for SPs was left to avoid adding new image types in
      TBBR which could possibly be seen as deviation from specification.
      But with further discussions it is understood that TBBR being a
      *minimal* set of requirements that can be extended as long as we don't
      violate any of the musts, which is the case with adding SP support.
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: I1b9e3ebdd7d653f1fd4cc3bd910a69871b55ecbb
      68758dd6
  21. 09 Jun, 2020 2 commits
    • Andre Przywara's avatar
      GICv3: GIC-600: Detect GIC-600 at runtime · b4ad365a
      Andre Przywara authored
      
      
      The only difference between GIC-500 and GIC-600 relevant to TF-A is the
      differing power management sequence.
      A certain GIC implementation is detectable at runtime, for instance by
      checking the IIDR register. Let's add that test before initiating the
      GIC-600 specific sequence, so the code can be used on both GIC-600 and
      GIC-500 chips alike, without deciding on a GIC chip at compile time.
      
      This means that the GIC-500 "driver" is now redundant. To allow minimal
      platform support, add a switch to disable GIC-600 support.
      
      Change-Id: I17ea97d9fb05874772ebaa13e6678b4ba3415557
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      b4ad365a
    • Manish Pandey's avatar
      dualroot: add chain of trust for secure partitions · 44f1aa8e
      Manish Pandey authored
      
      
      A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP)
      owned Secure Partitions(SP). A similar support for Platform owned SP can
      be added in future. The certificate is also protected against anti-
      rollback using the trusted Non-Volatile counter.
      
      To avoid deviating from TBBR spec, support for SP CoT is only provided
      in dualroot.
      Secure Partition content certificate is assigned image ID 31 and SP
      images follows after it.
      
      The CoT for secure partition look like below.
      +------------------+       +-------------------+
      | ROTPK/ROTPK Hash |------>| Trusted Key       |
      +------------------+       | Certificate       |
                                 | (Auth Image)      |
                                /+-------------------+
                               /                   |
                              /                    |
                             /                     |
                            /                      |
                           L                       v
      +------------------+       +-------------------+
      | Trusted World    |------>| SiP owned SPs     |
      | Public Key       |       | Content Cert      |
      +------------------+       | (Auth Image)      |
                              /   +-------------------+
                             /                      |
                            /                      v|
      +------------------+ L     +-------------------+
      | SP_PKG1 Hash     |------>| SP_PKG1           |
      |                  |       | (Data Image)      |
      +------------------+       +-------------------+
              .                           .
              .                           .
              .                           .
      +------------------+       +-------------------+
      | SP_PKG8 Hash     |------>| SP_PKG8           |
      |                  |       | (Data Image)      |
      +------------------+       +-------------------+
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: Ia31546bac1327a3e0b5d37e8b99c808442d5e53f
      44f1aa8e
  22. 06 Jun, 2020 1 commit