- 24 Feb, 2020 7 commits
-
-
Sandrine Bailleux authored
The dualroot chain of trust involves 2 root-of-trust public keys: - The classic ROTPK. - The platform ROTPK (a.k.a. PROTPK). Use the cookie argument as a key ID for plat_get_rotpk_info() to return the appropriate one. This only applies if we are using the dualroot CoT ; if using the TBBR one, the behaviour is unchanged. Change-Id: I400707a87ec01afd5922b68db31d652d787f79bd Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Sandrine Bailleux authored
The cookie will be leveraged in the next commit. Change-Id: Ie8bad275d856d84c27466461cf815529dd860446 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Sandrine Bailleux authored
- Use the development PROTPK if using the dualroot CoT. Note that unlike the ROTPK, the PROTPK key hash file is not generated from the key file, instead it has to be provided. This might be enhanced in the future. - Define a CoT build flag for the platform code to provide different implementations where needed. Change-Id: Iaaf25183b94e77a99a5d8d875831d90c102a97ea Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Sandrine Bailleux authored
When using the new dualroot chain of trust, a new root of trust key is needed to authenticate the images belonging to the platform owner. Provide a development one to deploy this on Arm platforms. Change-Id: I481145e09aa564822d474cb47d38ec211dd24efd Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Sandrine Bailleux authored
The build system needs to drive the cert_create tool in a slightly different manner when using the dualroot chain of trust. - It needs to pass it the platform root of trust key file. - It must not try to generate the Non-Trusted Firmware Key Certificate, which is not part of the dualroot CoT. Change-Id: Ibcc821c5735765523730f861ae8230208f41302b Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Sandrine Bailleux authored
Selection of the chain of trust is done through the COT build option: > make COT=dualroot Change-Id: Id87c7a5116bdd13bdb29645ecf31d111ad094c1e Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
Sandrine Bailleux authored
This new chain of trust defines 2 independent signing domains: 1) One for the silicon firmware (BL1, BL2, BL31) and optionally the Trusted OS. It is rooted in the Silicon ROTPK, just as in the TBBR CoT. 2) One for the Normal World Bootloader (BL33). It is rooted in a new key called Platform ROTPK, or PROTPK for short. In terms of certificates chain, - Signing domain 1) is similar to what TBBR advocates (see page 21 of the TBBR specification), except that the Non-Trusted World Public Key has been removed from the Trusted Key Certificate. - Signing domain 2) only contains the Non-Trusted World Content certificate, which provides the hash of the Non-Trusted World Bootloader. Compared to the TBBR CoT, there's no Non-Trusted World Key certificate for simplicity. Change-Id: I62f1e952522d84470acc360cf5ee63e4c4b0b4d9 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-
- 21 Feb, 2020 5 commits
-
-
joanna.farley authored
-
joanna.farley authored
-
Mark Dykes authored
-
Mark Dykes authored
-
joanna.farley authored
* changes: Tegra: spe: uninit console on a timeout Tegra: handler to check support for System Suspend Tegra: bpmp_ipc: improve cyclomatic complexity Tegra: platform handler to relocate BL32 image Tegra: common: improve cyclomatic complexity Tegra210: secure PMC hardware block Tegra: delay_timer: support for physical secure timer include: move MHZ_TICKS_PER_SEC to utils_def.h Tegra194: memctrl: lock mc stream id security config Tegra210: resume PMC hardware block for all platforms Tegra: macro for legacy WDT FIQ handling Tegra186: enable higher performance non-cacheable load forwarding Tegra210: enable higher performance non-cacheable load forwarding cpus: higher performance non-cacheable load forwarding
-
- 20 Feb, 2020 17 commits
-
-
Varun Wadekar authored
There are chances a denial-of-service attack, if an attacker removes the SPE firmware from the system. The console driver would end up waiting for the firmware to respond indefinitely. The console driver must detect such scenarios and uninit the interface as a result. This patch adds a timeout to the interaction with the SPE firmware and uninits the interface if it times out. Change-Id: I06f27a858baed25711d41105b4110865f1a01727 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
Tegra210 SoCs need the sc7entry-fw to enter System Suspend mode, but there might be certain boards that do not have this firmware blob. To stop the NS world from issuing System suspend entry commands on such devices, we ned to disable System Suspend from the PSCI "features". This patch removes the System suspend handler from the Tegra PSCI ops, so that the framework will disable support for "System Suspend" from the PSCI "features". Original change by: kalyani chidambaram <kalyanic@nvidia.com> Change-Id: Ie029f82f55990a8b3a6debb73e95e0e218bfd1f5 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
Code complexity is a good indication of maintainability versus testability of a piece of software. ISO26262 introduces the following thresholds: complexity < 10 is accepted 10 <= complexity < 20 has to be justified complexity >= 20 cannot be accepted Rationale is that number of test cases to fully test a piece of software can (depending on the coverage metrics) grow exponentially with the number of branches in the software. This patch removes redundant conditionals from 'ipc_send_req_atomic' handler to reduce the McCabe Cyclomatic Complexity for this function Change-Id: I20fef79a771301e1c824aea72a45ff83f97591d5 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch provides platforms an opportunity to relocate the BL32 image, during cold boot. Tegra186 platforms, for example, relocate BL32 images to TZDRAM memory as the previous bootloader relies on BL31 to do so. Change-Id: Ibb864901e43aca5bf55d8c79e918b598c12e8a28 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
Code complexity is a good indication of maintainability versus testability of a piece of software. ISO26262 introduces the following thresholds: complexity < 10 is accepted 10 <= complexity < 20 has to be justified complexity >= 20 cannot be accepted Rationale is that number of test cases to fully test a piece of software can (depending on the coverage metrics) grow exponentially with the number of branches in the software. This patch removes redundant conditionals from 'bl31_early_platform_setup' handler to reduce the McCabe Cyclomatic Complexity for this function. Change-Id: Ifb628e33269b388f9323639cd97db761a7e049c4 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
kalyani chidambaram authored
This patch sets the "secure" bit to mark the PMC hardware block as accessible only from the secure world. This setting must be programmed during cold boot and System Resume. The sc7entry-fw, running on the COP, needs access to the PMC block to enter System Suspend state, so "unlock" the PMC block before passing control to the COP. Change-Id: I00e39a49ae6b9f8c8eafe0cf7ff63fe6a67fdccf Signed-off-by: kalyani chidambaram <kalyanic@nvidia.com>
-
Varun Wadekar authored
This patch modifies the delay timer driver to switch to the ARM secure physical timer instead of using Tegra's on-chip uS timer. The secure timer is not accessible to the NS world and so eliminates an important attack vector, where the Tegra timer source gets switched off from the NS world leading to a DoS attack for the trusted world. This timer is shared with the S-EL1 layer for now, but later patches will mark it as exclusive to the EL3 exception mode. Change-Id: I2c00f8cb4c48b25578971c626c314603906ad7cc Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch moves the MHZ_TICKS_PER_SEC macro to utils_def.h for other platforms to use. Signed-off-by: Varun Wadekar <vwadekar@nvidia.com> Change-Id: I6c4dc733f548d73cfdb3515ec9ad89a9efaf4407
-
Pritesh Raithatha authored
This patch locks most of the stream id security config registers as per HW guidance. This patch keeps the stream id configs unlocked for the following clients, to allow some platforms to still function, until they make the transition to the latest guidance. - ISPRA - ISPFALR - ISPFALW - ISPWA - ISPWA1 - ISPWB - XUSB_DEVR - XUSB_DEVW - XUSB_HOSTR - XUSB_HOSTW - VIW - VIFALR - VIFALW Change-Id: I66192b228a0a237035938f498babc0325764d5df Signed-off-by: Pritesh Raithatha <praithatha@nvidia.com>
-
kalyani chidambaram authored
The PMC hardware block resume handler was called for Tegra210 platforms, only if the sc7entry-fw was present on the device. This would cause problems for devices that do not support this firmware. This patch fixes this logic and resumes the PMC block even if the sc7entry-fw is not present on the device. Change-Id: I6f0eb7878126f624ea98392f583ed45a231d27db Signed-off-by: Kalyani Chidambaram <kalyanic@nvidia.com>
-
Varun Wadekar authored
This patch adds the macro to enable legacy FIQ handling to the common Tegra makefile. The default value of this macro is '0'. Platforms that need this support should enable it from their makefiles. This patch also helps fix violation of Rule 20.9. Rule 20.9 "All identifiers used in the controlling expression of #if of #elif preprocessing directives shall be #define'd before evaluation" Change-Id: I4f0c9917c044b5b1967fb5e79542cd3bf6e91f18 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch enables higher performance non-cacheable load forwarding for Tegra186 platforms. Change-Id: Ifceb304bfbd805f415bb6205c9679602ecb47b53 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
This patch enables higher performance non-cacheable load forwarding for Tegra210 platforms. Change-Id: I11d0ffc09aca97d37386f283f2fbd2483d51fd28 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Varun Wadekar authored
The CPUACTLR_EL1 register on Cortex-A57 CPUs supports a bit to enable non-cacheable streaming enhancement. Platforms can set this bit only if their memory system meets the requirement that cache line fill requests from the Cortex-A57 processor are atomic. This patch adds support to enable higher performance non-cacheable load forwarding for such platforms. Platforms must enable this support by setting the 'A57_ENABLE_NONCACHEABLE_LOAD_FWD' flag from their makefiles. This flag is disabled by default. Change-Id: Ib27e55dd68d11a50962c0bbc5b89072208b4bac5 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
Manish V Badarkhe authored
Removed duplicate error code present for SMCCC and used proper error code for "SMCCC_ARCH_WORKAROUND_2" call. Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Change-Id: I76fc7c88095f78a7e2c3d205838f8eaf3132ed5c
-
Sandrine Bailleux authored
-
Abdul Halim, Muhammad Hadi Asyrafi authored
Fix mailbox driver incompatible cast bug and control flow issue that was flagged by Coverity Scan. Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com> Change-Id: I3f34e98d24e40139d31cf7d5b9b973cd2d981065
-
- 19 Feb, 2020 5 commits
-
-
Manish Pandey authored
-
Sandrine Bailleux authored
* changes: rcar_gen3: plat: Minor coding style fix for rcar_version.h rcar_gen3: plat: Update IPL and Secure Monitor Rev.2.0.6 rcar_gen3: drivers: ddr: Update DDR setting for H3, M3, M3N rcar_gen3: drivers: ddr: Update DDR setting for H3, M3, M3N rcar_gen3: drivers: board: Add new board revision for M3ULCB rcar_gen3: drivers: ddr: Update DDR setting for H3, M3, M3N rcar_gen3: plat: Update IPL and Secure Monitor Rev.2.0.5 rcar_gen3: plat: Change fixed destination address of BL31 and BL32
-
Sandrine Bailleux authored
-
Sandrine Bailleux authored
-
Manish Pandey authored
-
- 18 Feb, 2020 6 commits
-
-
Manish Pandey authored
* changes: board/rdn1edge: use CREATE_SEQ helper macro to compare chip count build_macros: add create sequence helper function
-
Vijayenthiran Subramaniam authored
Use CREATE_SEQ helper macro to create sequence of valid chip counts instead of manually creating the sequence. This allows a scalable approach to increase the valid chip count sequence in the future. Change-Id: I5ca7a00460325c156b9e9e52b2bf656a2e43f82d Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
-
Vijayenthiran Subramaniam authored
Add `CREATE_SEQ` function to generate sequence of numbers starting from 1 to allow easy comparison of a user defined macro with non-zero positive numbers. Change-Id: Ibcb336a223d958154b1007d08c428fbaf1e48664 Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
-
Rui Silva authored
This patch allows to use DDR address in memory node because on FPGA we typically use DDR instead of shared RAM. This patch also modifies the kernel arguments to allow the rootfs to be mounted from a direct mapping of the QSPI NOR flash using the physmap driver in the kernel. This allows to support CRAMFS XIP. Change-Id: I4e2bc6a1f48449c7f60e00f5f1a698df8cb2ba89 Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com> Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-
Manish Pandey authored
* changes: corstone700: set UART clocks to 32MHz corstone700: clean-up as per coding style guide Corstone700: add support for mhuv2 in arm TF-A
-
Mark Dykes authored
-