1. 29 Mar, 2021 9 commits
    • Omkar Anand Kulkarni's avatar
      plat/sgi: allow usage of secure partions on rdn2 platform · c0d55ef7
      Omkar Anand Kulkarni authored
      
      
      Add the secure partition mmap table and the secure partition boot
      information to support secure partitions on RD-N2 platform. In addition
      to this, add the required memory region mapping for accessing the
      SoC peripherals from the secure partition.
      Signed-off-by: default avatarOmkar Anand Kulkarni <omkar.kulkarni@arm.com>
      Change-Id: I2c75760d6c8c3da3ff4885599be420e924aeaf3c
      c0d55ef7
    • Aditya Angadi's avatar
      board/rdv1mc: initialize tzc400 controllers · f97b5795
      Aditya Angadi authored
      
      
      A TZC400 controller is placed inline on DRAM channels and regulates
      the secure and non-secure accesses to both secure and non-secure
      regions of the DRAM memory. Configure each of the TZC controllers
      across the Chips.
      
      For use by secure software, configure the first chip's trustzone
      controller to protect the upper 16MB of the memory of the first DRAM
      block for secure accesses only. The other regions are configured for
      non-secure read write access. For all the remote chips, all the DRAM
      regions are allowed for non-secure read and write access.
      Signed-off-by: default avatarAditya Angadi <aditya.angadi@arm.com>
      Change-Id: I809f27eccadfc23ea0ef64e2fd87f95eb8f195c1
      f97b5795
    • Aditya Angadi's avatar
      plat/sgi: allow access to TZC controller on all chips · 21803491
      Aditya Angadi authored
      
      
      On a multi-chip platform, the boot CPU on the first chip programs the
      TZC controllers on all the remote chips. Define a memory region map for
      the TZC controllers for all the remote chips and include it in the BL2
      memory map table.
      
      In addition to this, for SPM_MM enabled multi-chip platforms, increase
      the number of mmap entries and xlat table counts for EL3 execution
      context as well because the shared RAM regions and GIC address space of
      remote chips are accessed.
      Signed-off-by: default avatarAditya Angadi <aditya.angadi@arm.com>
      Change-Id: I6f0b5fd22f9f28046451e382eef7f1f9258d88f7
      21803491
    • Aditya Angadi's avatar
      plat/sgi: define memory regions for multi-chip platforms · 05b5c417
      Aditya Angadi authored
      
      
      For multi-chip platforms, add a macro to define the memory regions on
      chip numbers >1 and its associated access permissions. These memory
      regions are marked with non-secure access.
      Signed-off-by: default avatarAditya Angadi <aditya.angadi@arm.com>
      Change-Id: If3d6180fd8ea61f45147c39d3140d694abf06617
      05b5c417
    • Thomas Abraham's avatar
      plat/sgi: allow access to nor2 flash and system registers from s-el0 · 5dae6bc7
      Thomas Abraham authored
      
      
      Allow the access of system registers and nor2 flash memory region
      from s-el0. This allows the secure parititions residing at s-el0
      to access these memory regions.
      Signed-off-by: default avatarThomas Abraham <thomas.abraham@arm.com>
      Change-Id: I3887a86770de806323fbde0d20fdc96eec6e0c3c
      5dae6bc7
    • Thomas Abraham's avatar
      plat/sgi: define default list of memory regions for dmc620 tzc · b4d548f1
      Thomas Abraham authored
      
      
      Define a default DMC-620 TZC memory region configuration and use it to
      specify the TZC memory regions on sgi575, rdn1edge and rde1edge
      platforms. The default DMC-620 TZC memory regions are defined
      considering the support for secure paritition as well.
      Signed-off-by: default avatarThomas Abraham <thomas.abraham@arm.com>
      Change-Id: Iedee3e57d0d3de5b65321444da51ec990d3702db
      b4d548f1
    • Thomas Abraham's avatar
      plat/sgi: improve macros defining cper buffer memory region · d306eb80
      Thomas Abraham authored
      
      
      Remove the 'ARM_' prefix from the macros defining the CPER buffer memory
      and replace it with 'CSS_SGI_' prefix. These macros are applicable only
      for platforms supported within plat/sgi. In addition to this, ensure
      that these macros are defined only if the RAS_EXTENSION build option is
      enabled.
      Signed-off-by: default avatarThomas Abraham <thomas.abraham@arm.com>
      Change-Id: I44df42cded18d9d3a4cb13e5c990e9ab3194daee
      d306eb80
    • Thomas Abraham's avatar
      plat/sgi: refactor DMC-620 error handling SMC function id · 513ba5c9
      Thomas Abraham authored
      
      
      The macros defining the SMC function ids for DMC-620 error handling are
      listed in the sgi_base_platform_def.h header file. But these macros are
      not applicable for all platforms supported under plat/sgi. So move these
      macro definitions to sgi_ras.c file in which these are consumed. While
      at it, remove the AArch32 and error injection function ids as these are
      unused.
      Signed-off-by: default avatarThomas Abraham <thomas.abraham@arm.com>
      Change-Id: I249b54bf4c1b1694188a1e3b297345b942f16bc9
      513ba5c9
    • Thomas Abraham's avatar
      plat/sgi: refactor SDEI specific macros · a8834474
      Thomas Abraham authored
      
      
      The macros specific to SDEI defined in the sgi_base_platform_def.h are
      not applicable for all the platforms supported by plat/sgi. So refactor
      the SDEI specific macros into a new header file and include this file on
      only on platforms it is applicable on.
      Signed-off-by: default avatarThomas Abraham <thomas.abraham@arm.com>
      Change-Id: I0cb7125334f02a21cae1837cdfd765c16ab50bf5
      a8834474
  2. 15 Mar, 2021 1 commit
    • Olivier Deprez's avatar
      SPM: declare third cactus instance as UP SP · e96fc8e7
      Olivier Deprez authored
      
      
      The FF-A v1.0 spec allows two configurations for the number of EC/vCPU
      instantiated in a Secure Partition:
      -A MultiProcessor (MP) SP instantiates as many ECs as the number of PEs.
      An EC is pinned to a corresponding physical CPU.
      -An UniProcessor (UP) SP instantiates a single EC. The EC is migrated to
      the physical CPU from which the FF-A call is originating.
      This change permits exercising the latter case within the TF-A-tests
      framework.
      Signed-off-by: default avatarOlivier Deprez <olivier.deprez@arm.com>
      Change-Id: I7fae0e7b873f349b34e57de5cea496210123aea0
      e96fc8e7
  3. 10 Mar, 2021 1 commit
  4. 01 Mar, 2021 1 commit
  5. 17 Feb, 2021 1 commit
  6. 16 Feb, 2021 1 commit
  7. 15 Feb, 2021 1 commit
    • Andre Przywara's avatar
      plat/arm: juno: Condition Juno entropy source with CRC instructions · eb18ce32
      Andre Przywara authored
      
      
      The Juno Trusted Entropy Source has a bias, which makes the generated
      raw numbers fail a FIPS 140-2 statistic test.
      
      To improve the quality of the numbers, we can use the CPU's CRC
      instructions, which do a decent job on conditioning the bits.
      
      This adds a *very* simple version of arm_acle.h, which is typically
      provided by the compiler, and contains the CRC instrinsics definitions
      we need. We need the original version by using -nostdinc.
      
      Change-Id: I83d3e6902d6a1164aacd5060ac13a38f0057bd1a
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      eb18ce32
  8. 11 Feb, 2021 2 commits
    • Andre Przywara's avatar
      plat/arm: juno: Refactor juno_getentropy() · 543f0d8b
      Andre Przywara authored
      
      
      Currently we use the Juno's TRNG hardware entropy source to initialise
      the stack canary. The current function allows to fill a buffer of any
      size, but we will actually only ever request 16 bytes, as this is what
      the hardware implements. Out of this, we only need at most 64 bits for
      the canary.
      
      In preparation for the introduction of the SMCCC TRNG interface, we
      can simplify this Juno specific interface by making it compatible with
      the generic one: We just deliver 64 bits of entropy on each call.
      This reduces the complexity of the code. As the raw entropy register
      readouts seem to be biased, it makes sense to do some conditioning
      inside the juno_getentropy() function already.
      Also initialise the TRNG hardware, if not already done.
      
      Change-Id: I11b977ddc5417d52ac38709a9a7b61499eee481f
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      543f0d8b
    • Vijayenthiran Subramaniam's avatar
      plat/arm/rdn2: update TZC base address · 4e8060d2
      Vijayenthiran Subramaniam authored
      
      
      Update TZC base address to align with the recent changes in the platform
      memory map.
      Signed-off-by: default avatarVijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
      Change-Id: I0d0ad528a2e236607c744979e1ddc5c6d426687a
      4e8060d2
  9. 09 Feb, 2021 4 commits
    • Manish V Badarkhe's avatar
      plat/arm: fvp: Protect GICR frames for fused/unused cores · f98630fb
      Manish V Badarkhe authored
      
      
      Currently, BLs are mapping the GIC memory region as read-write
      for all cores on boot-up.
      
      This opens up the security hole where the active core can write
      the GICR frame of fused/inactive core. To avoid this issue, disable
      the GICR frame of all inactive cores as below:
      
      1. After primary CPU boots up, map GICR region of all cores as
         read-only.
      2. After primary CPU boots up, map its GICR region as read-write
         and initialize its redistributor interface.
      3. After secondary CPU boots up, map its GICR region as read-write
         and initialize its redistributor interface.
      4. All unused/fused core's redistributor regions remain read-only and
         write attempt to such protected regions results in an exception.
      
      As mentioned above, this patch offers only the GICR memory-mapped
      region protection considering there is no facility at the GIC IP
      level to avoid writing the redistributor area.
      
      These changes are currently done in BL31 of Arm FVP and guarded under
      the flag 'FVP_GICR_REGION_PROTECTION'.
      
      As of now, this patch is tested manually as below:
      1. Disable the FVP cores (core 1, 2, 3) with core 0 as an active core.
      2. Verify data abort triggered by manually updating the ‘GICR_CTLR’
         register of core 1’s(fused) redistributor from core 0(active).
      
      Change-Id: I86c99c7b41bae137b2011cf2ac17fad0a26e776d
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      f98630fb
    • Manish V Badarkhe's avatar
      plat/arm: fvp: Do not map GIC region in BL1 and BL2 · e0cea783
      Manish V Badarkhe authored
      
      
      GIC memory region is not getting used in BL1 and BL2.
      Hence avoid its mapping in BL1 and BL2 that freed some
      page table entries to map other memory regions in the
      future.
      
      Retains mapping of CCN interconnect region in BL1 and BL2
      overlapped with the GIC memory region.
      
      Change-Id: I880dd0690f94b140e59e4ff0c0d436961b9cb0a7
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      e0cea783
    • Andre Przywara's avatar
      plat/arm: Remove ARM_LINUX_KERNEL_AS_BL33 relying on RESET_TO_BL31 · e27340a7
      Andre Przywara authored
      
      
      So far the ARM platform Makefile would require that RESET_TO_BL31 is set
      when we ask for the ARM_LINUX_KERNEL_AS_BL33 feature.
      There is no real technical reason for that, and the one place in the
      code where this was needed has been fixed.
      
      Remove the requirement of those two options to be always enabled
      together.
      This enables the direct kernel boot feature for the Foundation FVP
      (as described in the documentation), which requires a BL1/FIP
      combination to boot, so cannot use RESET_TO_BL31.
      
      Change-Id: I6814797b6431b6614d684bab3c5830bfd9481851
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      e27340a7
    • Andre Przywara's avatar
      plat/arm: Always allow ARM_LINUX_KERNEL_AS_BL33 · c99b8c89
      Andre Przywara authored
      
      
      At the moment we have the somewhat artifical limitation of
      ARM_LINUX_KERNEL_AS_BL33 only being used together with RESET_TO_BL31.
      
      However there does not seem to be a good technical reason for that,
      it was probably just to differentate between two different boot flows.
      
      Move the initial register setup for ARM_LINUX_KERNEL_AS_BL33 out of the
      RESET_TO_BL31 #ifdef, so that we initialise the registers in any case.
      
      This allows to use a preloaded kernel image when using BL1 and FIP.
      
      Change-Id: I832df272d3829f077661f4ee6d3dd9a276a0118f
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      c99b8c89
  10. 08 Feb, 2021 1 commit
  11. 05 Feb, 2021 1 commit
  12. 03 Feb, 2021 1 commit
  13. 02 Feb, 2021 1 commit
  14. 29 Jan, 2021 3 commits
    • Pranav Madhu's avatar
      plat/arm/board: enable AMU for RD-N2 · f7bab276
      Pranav Madhu authored
      
      
      AMU counters are used for monitoring the CPU performance. RD-N2 platform
      has architected AMU available for each core. Enable the use of AMU by
      non-secure OS for supporting the use of counters for processor
      performance control (ACPI CPPC).
      
      Change-Id: I5cc749cf63c18fc5c7563dd754c2f42990a97e23
      Signed-off-by: default avatarPranav Madhu <pranav.madhu@arm.com>
      f7bab276
    • Pranav Madhu's avatar
      plat/arm/board: enable AMU for RD-V1 · c9bf2cf5
      Pranav Madhu authored
      
      
      AMU counters are used for monitoring the CPU performance. RD-V1 platform
      has architected AMU available for each core. Enable the use of AMU by
      non-secure OS for supporting the use of counters for processor
      performance control (ACPI CPPC).
      
      Change-Id: I4003d21407953f65b3ce99eaa8f496d6052546e0
      Signed-off-by: default avatarPranav Madhu <pranav.madhu@arm.com>
      c9bf2cf5
    • Pranav Madhu's avatar
      plat/arm/sgi: allow all PSCI callbacks on RD-V1 · 92264f86
      Pranav Madhu authored
      
      
      Some of the PSCI platform callbacks were restricted on RD-V1 platform
      because the idle was not functional. Now that it is functional, remove
      all the restrictions on the use PSCI platform callbacks.
      
      Change-Id: I4cb97cb54de7ee166c30f28df8fea653b6b425c7
      Signed-off-by: default avatarPranav Madhu <pranav.madhu@arm.com>
      92264f86
  15. 20 Jan, 2021 3 commits
    • Ming Huang's avatar
      plat/arm/css/sgi: Fix assert expression issue · 0301d09c
      Ming Huang authored
      
      
      Violation of MISRA-C Rule 14.4
      Signed-off-by: default avatarMing Huang <huangming@linux.alibaba.com>
      Change-Id: I44ef50dadb54fb056a91f3de962b6e63ba6d7ac4
      0301d09c
    • Ming Huang's avatar
      plat/arm/css/sgi: Fix bl32 receive event - 0xC4000061 issue · 9feb1e2f
      Ming Huang authored
      
      
      The issue is that, when interrupt is triggered and RAS handler
      is entered, after interrupt handler finishes, TF-A will re-enter
      bl32 and then crash.
      sdei_dispatch_event() may return failing result in some cases,
      for example kernel may not have registered a handler or RAS event
      may happen early during boot. We restore the NS context when
      sdei_dispatch_event() returns failing result.
      
      error log :
      Received delegated event
      X0 :  0xC4000061
      X1 :  0x0
      X2 :  0x0
      X3 :  0x0
      Received event - 0xC4000061 on cpu 0
      UnRecognized Event - 0xC4000061
      Failed delegated event 0xC4000061, Status Invalid Parameter
      Unhandled Exception in EL3.
      x30            = 0x000000000401f700
      x0             = 0xfffffffffffffffe
      x1             = 0xfffffffffffffffe
      x2             = 0x00000000600003c0
      Signed-off-by: default avatarMing Huang <huangming@linux.alibaba.com>
      Change-Id: I9802e9a32eee0ac3b5a8bcc0362d0b0e3b71dc9f
      9feb1e2f
    • Jagadeesh Ujja's avatar
      plat/arm: css: Turn ON/OFF redistributor in sync with GIC CPU interface ON/OFF · 4d8c1819
      Jagadeesh Ujja authored
      
      
      Turn ON/OFF GIC redistributor in sync with GIC CPU interface ON/OFF.
      
      Issue :
      The Linux prompt hangs when all the cores in a cluster are turned OFF
      and we try to turn ON a core in that cluster. Previously when TF-A turns
      ON a core, TF-A first turns ON the redistributor followed by the core.
      This did not match the flow when turning OFF a core, as TF-A did not
      turn OFF redistributor when the corresponding core[s] are disabled.
      This hang is resolved by disabling redistributor as cores are disabled,
      keeping them in sync.
      Signed-off-by: default avatarJagadeesh Ujja <jagadeesh.ujja@arm.com>
      Change-Id: Ifd04fdcfd47b45e00f874f15b098471883d023f0
      4d8c1819
  16. 11 Jan, 2021 2 commits
  17. 07 Jan, 2021 1 commit
    • Pali Rohár's avatar
      Makefile: Do not mark file targets as .PHONY target · a9812206
      Pali Rohár authored
      
      
      Only non-file targets should be set a .PHONY. Otherwise if file target is
      set as .PHONY then targets which depends on those file .PHONY targets would
      be always rebuilt even when their prerequisites are not changed.
      
      File target which needs to be always rebuilt can be specified in Make
      system via having a prerequisite on some .PHONY target, instead of marking
      whole target as .PHONY. In Makefile projects it is common to create empty
      .PHONY target named FORCE for this purpose.
      
      This patch changes all file targets which are set as .PHONY to depends on
      new .PHONY target FORCE, to ensure that these file targets are always
      rebuilt (as before). Basically they are those targets which calls external
      make subprocess.
      
      After FORCE target is specified in main Makefile, remove it from other
      Makefile files to prevent duplicate definitions.
      Signed-off-by: default avatarPali Rohár <pali@kernel.org>
      Change-Id: Iee3b4e0de93879b95eb29a1745a041538412e69e
      a9812206
  18. 16 Dec, 2020 1 commit
  19. 14 Dec, 2020 2 commits
  20. 09 Dec, 2020 3 commits