1. 17 Jun, 2020 2 commits
  2. 15 Jun, 2020 1 commit
    • Manish Pandey's avatar
      tbbr: add chain of trust for Secure Partitions · 68758dd6
      Manish Pandey authored
      with sha 44f1aa8e
      
      , support for Silicon Provider(SiP) owned Secure
      Partition(SP) was added for dualroot CoT. This patch extends this
      support for tbbr CoT.
      
      Earlier tbbr CoT for SPs was left to avoid adding new image types in
      TBBR which could possibly be seen as deviation from specification.
      But with further discussions it is understood that TBBR being a
      *minimal* set of requirements that can be extended as long as we don't
      violate any of the musts, which is the case with adding SP support.
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: I1b9e3ebdd7d653f1fd4cc3bd910a69871b55ecbb
      68758dd6
  3. 09 Jun, 2020 2 commits
    • Andre Przywara's avatar
      GICv3: GIC-600: Detect GIC-600 at runtime · b4ad365a
      Andre Przywara authored
      
      
      The only difference between GIC-500 and GIC-600 relevant to TF-A is the
      differing power management sequence.
      A certain GIC implementation is detectable at runtime, for instance by
      checking the IIDR register. Let's add that test before initiating the
      GIC-600 specific sequence, so the code can be used on both GIC-600 and
      GIC-500 chips alike, without deciding on a GIC chip at compile time.
      
      This means that the GIC-500 "driver" is now redundant. To allow minimal
      platform support, add a switch to disable GIC-600 support.
      
      Change-Id: I17ea97d9fb05874772ebaa13e6678b4ba3415557
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      b4ad365a
    • Manish Pandey's avatar
      dualroot: add chain of trust for secure partitions · 44f1aa8e
      Manish Pandey authored
      
      
      A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP)
      owned Secure Partitions(SP). A similar support for Platform owned SP can
      be added in future. The certificate is also protected against anti-
      rollback using the trusted Non-Volatile counter.
      
      To avoid deviating from TBBR spec, support for SP CoT is only provided
      in dualroot.
      Secure Partition content certificate is assigned image ID 31 and SP
      images follows after it.
      
      The CoT for secure partition look like below.
      +------------------+       +-------------------+
      | ROTPK/ROTPK Hash |------>| Trusted Key       |
      +------------------+       | Certificate       |
                                 | (Auth Image)      |
                                /+-------------------+
                               /                   |
                              /                    |
                             /                     |
                            /                      |
                           L                       v
      +------------------+       +-------------------+
      | Trusted World    |------>| SiP owned SPs     |
      | Public Key       |       | Content Cert      |
      +------------------+       | (Auth Image)      |
                              /   +-------------------+
                             /                      |
                            /                      v|
      +------------------+ L     +-------------------+
      | SP_PKG1 Hash     |------>| SP_PKG1           |
      |                  |       | (Data Image)      |
      +------------------+       +-------------------+
              .                           .
              .                           .
              .                           .
      +------------------+       +-------------------+
      | SP_PKG8 Hash     |------>| SP_PKG8           |
      |                  |       | (Data Image)      |
      +------------------+       +-------------------+
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: Ia31546bac1327a3e0b5d37e8b99c808442d5e53f
      44f1aa8e
  4. 03 Jun, 2020 2 commits
  5. 01 Jun, 2020 1 commit
    • Etienne Carriere's avatar
      drivers: stm32_reset adapt interface to timeout argument · 45c70e68
      Etienne Carriere authored
      
      
      Changes stm32mp1 reset driver to API to add a timeout argument
      to stm32mp_reset_assert() and stm32mp_reset_deassert() and
      a return value.
      
      With a supplied timeout, the functions wait the target reset state
      is reached before returning. With a timeout of zero, the functions
      simply load target reset state in SoC interface and return without
      waiting.
      
      Helper functions stm32mp_reset_set() and stm32mp_reset_release()
      use a zero timeout and return without a return code.
      
      This change updates few stm32 drivers and plat/stm32mp1 blé_plat_setup.c
      accordingly without any functional change.
      functional change.
      
      Change-Id: Ia1a73a15125d3055fd8739c125b70bcb9562c27f
      Signed-off-by: default avatarEtienne Carriere <etienne.carriere@st.com>
      45c70e68
  6. 19 May, 2020 1 commit
  7. 11 May, 2020 6 commits
  8. 05 May, 2020 1 commit
    • Andre Przywara's avatar
      plat/stm32: Use generic fdt_get_reg_props_by_name() · 7ad6d362
      Andre Przywara authored
      
      
      The STM32 platform port parse DT nodes to find base address to
      peripherals. It does this by using its own implementation, even though
      this functionality is generic and actually widely useful outside of the
      STM32 code.
      
      Re-implement fdt_get_reg_props_by_name() on top of the newly introduced
      fdt_get_reg_props_by_index() function, and move it to fdt_wrapper.c.
      This is removes the assumption that #address-cells and #size-cells are
      always one.
      
      Change-Id: I6d584930262c732b6e0356d98aea50b2654f789d
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      7ad6d362
  9. 29 Apr, 2020 1 commit
    • Andre Przywara's avatar
      plat/stm32: Implement fdt_read_uint32_default() as a wrapper · be858cff
      Andre Przywara authored
      
      
      The STM32 platform code uses its own set of FDT helper functions,
      although some of them are fairly generic.
      
      Remove the implementation of fdt_read_uint32_default() and implement it
      on top of the newly introduced fdt_read_uint32() function, then convert
      all users over.
      
      This also fixes two callers, which were slightly abusing the "default"
      semantic.
      
      Change-Id: I570533362b4846e58dd797a92347de3e0e5abb75
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      be858cff
  10. 28 Apr, 2020 1 commit
    • Andre Przywara's avatar
      plat/stm32: Use generic fdt_read_uint32_array() implementation · 52a616b4
      Andre Przywara authored
      
      
      The device tree parsing code for the STM32 platform is using its own FDT
      helper functions, some of them being rather generic.
      In particular the existing fdt_read_uint32_array() implementation is now
      almost identical to the new generic code in fdt_wrappers.c, so we can
      remove the ST specific version and adjust the existing callers.
      
      Compared to the original ST implementation the new version takes a
      pointer to the DTB as the first argument, and also swaps the order of
      the number of cells and the pointer.
      
      Change-Id: Id06b0f1ba4db1ad1f733be40e82c34f46638551a
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      52a616b4
  11. 07 Apr, 2020 3 commits
  12. 06 Apr, 2020 1 commit
  13. 03 Apr, 2020 5 commits
  14. 01 Apr, 2020 2 commits
  15. 30 Mar, 2020 1 commit
    • Alexei Fedorov's avatar
      TF-A GICv3 driver: Introduce makefile · a6ea06f5
      Alexei Fedorov authored
      
      
      This patch moves all GICv3 driver files into new added
      'gicv3.mk' makefile for the benefit of the generic driver
      which can evolve in the future without affecting platforms.
      The patch adds GICv3 driver configuration flags
      'GICV3_IMPL', 'GICV3_IMPL_GIC600_MULTICHIP' and
      'GICV3_OVERRIDE_DISTIF_PWR_OPS' described in
      'GICv3 driver options' section of 'build-option.rst'
      document.
      
      NOTE: Platforms with GICv3 driver need to be modified to
      include 'drivers/arm/gic/v3/gicv3.mk' in their makefiles.
      
      Change-Id: If055f6770ff20f5dee5a3c99ae7ced7cdcac5c44
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      a6ea06f5
  16. 26 Mar, 2020 1 commit
    • Yann Gautier's avatar
      stm32mp1: dynamically map DDR later and non-cacheable during its test · 84686ba3
      Yann Gautier authored
      
      
      A speculative accesses to DDR could be done whereas it was not reachable
      and could lead to bus stall.
      To correct this the dynamic mapping in MMU is used.
      A first mapping is done for DDR tests with MT_NON_CACHEABLE attribute,
      once DDR access is setup. It is then unmapped and a new mapping DDR is done
      with cacheable attribute (through MT_MEMORY) to speed-up BL33 (or OP-TEE)
      load.
      
      The disabling of cache during DDR tests is also removed, as now useless.
      A call to new functions stm32mp_{,un}map_ddr_non_cacheable() is done
      instead.
      
      PLAT_XLAT_TABLES_DYNAMIC is activated globally as used in BL2 and BL32.
      
      BL33 max size is also updated to take into account the secure and shared
      memory areas. Those are used in OP-TEE case.
      
      Change-Id: I22c48b4a48255ee264991c34ecbb15bfe87e67c3
      Signed-off-by: default avatarYann Gautier <yann.gautier@st.com>
      84686ba3
  17. 25 Mar, 2020 1 commit
  18. 23 Mar, 2020 3 commits
  19. 17 Mar, 2020 1 commit
    • Andre Przywara's avatar
      rpi3: gpio: Simplify GPIO setup · 0d92745e
      Andre Przywara authored
      
      
      There is really no reason to use and pass around a struct when its only
      member is the (fixed) base address.
      
      Remove the struct and just use the base address on its own inside the
      GPIO driver. Then set the base address automatically.
      
      This simplifies GPIO setup for users, which now don't need to deal with
      zeroing a struct and setting the base address anymore.
      
      Change-Id: I3060f7859e3f8ef9a24cc8fb38307b5da943f127
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      0d92745e
  20. 10 Mar, 2020 1 commit
  21. 08 Mar, 2020 1 commit
  22. 06 Mar, 2020 2 commits
    • Sumit Garg's avatar
      TBB: Add an IO abstraction layer to load encrypted firmwares · 2be57b86
      Sumit Garg authored
      
      
      TBBR spec advocates for optional encryption of firmwares (see optional
      requirement: R060_TBBR_FUNCTION). So add an IO abstaction layer to
      support firmware decryption that can be stacked above any underlying IO/
      packaging layer like FIP etc. It aims to provide a framework to load any
      encrypted IO payload.
      
      Also, add plat_get_enc_key_info() to be implemented in a platform
      specific manner as handling of encryption key may vary from one platform
      to another.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I9892e0ddf00ebecb8981301dbfa41ea23e078b03
      2be57b86
    • Sumit Garg's avatar
      drivers: crypto: Add authenticated decryption framework · 7cda17bb
      Sumit Garg authored
      
      
      Add framework for autheticated decryption of data. Currently this
      patch optionally imports mbedtls library as a backend if build option
      "DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption
      using AES-GCM algorithm.
      Signed-off-by: default avatarSumit Garg <sumit.garg@linaro.org>
      Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271
      7cda17bb