GitLab

N1SDP platform supports RDIMMs with ECC capability. To use the ECC
capability, the entire DDR memory space has to be zeroed out before
enabling the ECC bits in DMC620. Zeroing out several gigabytes of
memory from SCP is quite time consuming so functions are added that
zeros out the DDR memory from application processor which is
much faster compared to SCP. BL33 binary cannot be copied to DDR memory
before enabling ECC so this is also done by TF-A from IOFPGA-DDR3
memory to main DDR4 memory after ECC is enabled.

Original PLAT_PHY_ADDR_SPACE_SIZE was limited to 36-bits with which
the entire DDR space cannot be accessed as DRAM2 starts in base
0x8080000000. So these macros are redefined for all ARM platforms.

Change-Id: If09524fb65b421b7a368b1b9fc52c49f2ddb7846
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>

BL2U should not build when RESET_TO_SP_MIN flag is set, like BL1 and
BL2.

Change-Id: Iac516121f98611ca1f58d2b5efdec6525b06ce4e
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

During the secondary cores' cold boot path, the cores initialise the GIC
CPU interface. However this is a redundant action since 1) the cores are
powered down immediately after that, 2) the GIC CPU interface is
initialised from scratch when the secondary cores are powered up again
later.

Moreover, this part of code was introducing a bug. In a GICv3 system,
the GIC's CPU interface system registers must not be written without the
core being marked as "awake" in the redistributor. However, this
sequence was performing such accesses and this would cause those cores
to hang. The hang was caused by the DSB instruction that would never
complete because of the GIC not recognising those writes.

For the two aforementioned reasons, the entire part of the GIC CPU
interface initialisation is removed.

Change-Id: I6c33a1edda69dd5b6add16a27390a70731b5532a
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

Some cores support only AArch64 mode. In those cores, only a limited
subset of the AArch32 system registers are implemented. Hence, if TF-A
is supposed to run on AArch64-only cores, it must be compiled with
CTX_INCLUDE_AARCH32_REGS=0.

Currently, the default settings for compiling TF-A are with the AArch32
system registers included. So, if we compile TF-A the default way and
attempt to run it on an AArch64-only core, we only get a runtime panic.

Now a compile-time check has been added to ensure that this flag has the
appropriate value when AArch64-only cores are included in the build.

Change-Id: I298ec550037fafc9347baafb056926d149197d4c
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

N1SDP exhibits the behavior similar to Juno wherein CNTBaseN.CNTFRQ
can be written but does not reflect the value of the CNTFRQ register
in CNTCTLBase frame. This doesn't follow ARM ARM in that the value
updated in CNTCTLBase.CNTFRQ is not reflected in CNTBaseN.CNTFRQ.

Hence enable the workaround (applied to Juno) for N1SDP that updates
the CNTFRQ register in the Non Secure CNTBaseN frame.

Change-Id: Id89ee1bca0f25c9d62f8f794f2c4f4e618cdf092
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>

The default DRAM2 start address for Arm platforms
is 0x880000000. However, for N1SDP platform this is
0x8080000000.

Fix the DRAM2 start address by initialising
PLAT_ARM_DRAM2_BASE.

Without this fix there is a mismatch of the System
memory region view as seen by the BL31 runtime
firmware (PSCI) versus the view of the OS (which
is based on the description provided by UEFI. In
this case UEFI is correctly describing the DRAM2
start address).

This implicates in secondary cores failing to start
on some Operating Systems if the OS decides to place
the secondary start address in the mismatched region.

Change-Id: I57220e753219353dda429868b4c5e1a69944cc64
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>

The default DRAM2 base address for Arm platforms
is 0x880000000. However, on some platforms the
firmware may want to move the start address to
a different value.

To support this introduce PLAT_ARM_DRAM2_BASE that
defaults to 0x880000000; but can be overridden by
a platform (e.g. in platform_def.h).

Change-Id: I0d81195e06070bc98f376444b48ada2db1666e28
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>

For security DMA should be blocked at the SMMU by default
unless explicitly enabled for a device. SMMU is disabled
after reset with all streams bypassing the SMMU, and
abortion of all incoming transactions implements a default
deny policy on reset.
This patch also moves "bl1_platform_setup()" function from
arm_bl1_setup.c to FVP platforms' fvp_bl1_setup.c and
fvp_ve_bl1_setup.c files.

Change-Id: Ie0ffedc10219b1b884eb8af625bd4b6753749b1a
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

This patch fixes this issue:
https://github.com/ARM-software/tf-issues/issues/660



The introduced changes are the following:

1) Some cores implement cache coherency maintenance operation on the
hardware level. For those cores, such as - but not only - the DynamIQ
cores, it is mandatory that TF-A is compiled with the
HW_ASSISTED_COHERENCY flag. If not, the core behaviour at runtime is
unpredictable. To prevent this, compile time checks have been added and
compilation errors are generated, if needed.

2) To enable this change for FVP, a logical separation has been done for
the core libraries. A system cannot contain cores of both groups, i.e.
cores that manage coherency on hardware and cores that don't do it. As
such, depending on the HW_ASSISTED_COHERENCY flag, FVP includes the
libraries only of the relevant cores.

3) The neoverse_e1.S file has been added to the FVP sources.

Change-Id: I787d15819b2add4ec0d238249e04bf0497dc12f3
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

This patch is a preparation for the subsequent changes in
SMMUv3 driver. It introduces a new "smmuv3_poll" function
and replaces inline functions for accessing SMMU registers
with mmio read/write operations. Also the infinite loop
for the poll has been replaced with a counter based timeout.

Change-Id: I7a0547beb1509601f253e126b1a7a6ab3b0307e7
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

Security sources are required if stack-protector is enabled.

Change-Id: Ia0071f60cf03d48b200fd1facbe50bd9e2f8f282
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

Change-Id: Ie649b3c367a93db057eeaee7e83fa3e43f8c2607
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

The BL1 stage setup code for ARM platforms sets up the SP805 watchdog
controller as the secure watchdog. But not all ARM platforms use SP805
as the secure watchdog controller.

So introduce two new ARM platform code specific wrapper functions to
start and stop the secure watchdog. These functions then replace the
calls to SP805 driver in common BL1 setup code. All the ARM platforms
implement these wrapper functions by either calling into SP805 driver
or the SBSA watchdog driver.

Change-Id: I1a9a11b124cf3fac2a84f22ca40acd440a441257
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>

There is a bug in the shared heap implementation for SGM. Until the bug
is solved, the default implementation is used.

Change-Id: I010911a3f00ed860f742b14daad1d99b9e7ce711
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

The implementation of the heap function plat_get_mbedtls_heap() becomes
mandatory for platforms supporting TRUSTED_BOARD_BOOT.

The shared Mbed TLS heap default weak function implementation is
converted to a helper function get_mbedtls_heap_helper() which can be
used by the platforms for their own function implementation.

Change-Id: Ic8f2994e25e3d9fcd371a21ac459fdcafe07433e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

The weak version of plat_get_mbedtls_heap() was being used.

Change-Id: I6da331a098dd1af5bb64729d5b914cfb74b8869e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

This file is used when building the cert_create tool without using
the 'standard' set of Arm OID values as defined in the TBBR
specification (see tbbr_oid.h). This configuration is enabled by
setting USE_TBBR_DEFS to 0 during build.

At the moment this will fail because the header file included by
this file was removed in commit bb41eb7a

 ("cert: move
platform_oid.h to include/tools_share for all platforms"). For
the SGM platform this means that there is no current use for
this file.

Change-Id: I3c82983ada62330f1ab6be6d6c0cf489adabae7b
Signed-off-by: Paul Beesley <paul.beesley@arm.com>

Change-Id: I0a81f4ea94d41245cd5150de341b51fc70babffe
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

Improved support for W=2 compilation flag by solving some nested-extern
and sign-compare warnings.

The libraries are compiling with warnings (which turn into errors with
the Werror flag).

Outside of libraries, some warnings cannot be fixed.

Change-Id: I06b1923857f2a6a50e93d62d0274915b268cef05
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

Improved support for W=1 compilation flag by solving missing-prototypes
and old-style-definition warnings.

The libraries are compiling with warnings (which turn into errors with
the Werror flag).

Outside of libraries, some warnings cannot be fixed without heavy
structural changes.

Change-Id: I1668cf99123ac4195c2a6a1d48945f7a64c67f16
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

Fixed the below bugs:
1) Bug related to build flag V=1: if the flag was V=0, building with
ROMLIB would fail.
2) Due to a syntax bug in genwrappers.sh, index file entries marked as
"patch" or "reserved" were ignored.
3) Added a prepending hash to constants that genwrappers is generating.
4) Due to broken dependencies, currently the inclusion functionality is
intentionally not utilised. This is why the contents of romlib/jmptbl.i
have been copied to platform specific jmptbl.i files. As a result of the
broken dependencies, when changing the index files, e.g. patching
functions, a clean build is always required. This is a known issue that
will be fixed in the future.

Change-Id: I9d92aa9724e86d8f90fcd3e9f66a27aa3cab7aaa
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

When RECLAIM_INIT_CODE is 1, the stack is used to contain the .text.init
section. This is by default enable on FVP. Due to the size increase of
the .text.init section, the stack had to be adjusted contain it.

Change-Id: Ia392341970fb86c0426cf2229b1a7295453e2e32
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

The dummy implementation of the plat_init_apiakey() platform API uses
an internal 128-bit buffer to store the initial key value used for
Pointer Authentication support.

The intent - as stated in the file comments - was for this buffer to
be write-protected by the MMU. Initialization of the buffer would be
performed before enabling the MMU, thus bypassing write protection
checks.

However, the key buffer ended up into its own read-write section by
mistake due to a typo on the section name ('rodata.apiakey' instead of
'.rodata.apiakey', note the leading dot). As a result, the linker
script was not pulling it into the .rodata output section.

One way to address this issue could have been to fix the section
name. However, this approach does not work well for BL1. Being the
first image in the boot flow, it typically is sitting in real ROM
so we don't have the capacity to update the key buffer at any time.

The dummy implementation of plat_init_apiakey() provided at the moment
is just there to demonstrate the Pointer Authentication feature in
action. Proper key management and key generation would have to be a
lot more careful on a production system.

Therefore, the approach chosen here to leave the key buffer in
writable memory but move it to the BSS section. This does mean that
the key buffer could be maliciously updated for intalling unintended
keys on the warm boot path but at the feature is only at an
experimental stage right now, this is deemed acceptable.

Change-Id: I121ccf35fe7bc86c73275a4586b32d4bc14698d6
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

Change-Id: If56d1e200a31bd716726d7fdc1cc0ae8a63ba3ee
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

MHU doorbell driver requires arm platform specific
macro "PLAT_CSS_MHU_BASE".
Rename it to "PLAT_MHUV2_BASE", so that platforms other than arm
can use generic MHU doorbell driver.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>

Change-Id: I7593f5ed89b9ef13b510e2259c909838c64ec56c
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

Replace all uses of 'SGI_CLARK' with 'RD_N1E1_EDGE' and
'SGI_CLARK_HELIOS' with 'RD_E1_EDGE' as per the updated product
names

Change-Id: Ib8136e421b1a46da1e5df58c6b1432d5c78d279b
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>

This feature is only supported on FVP.

Change-Id: I4e265610211d92a84bd2773c34acfbe02a1a1826
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Replace all usage of 'sgiclark' with 'rdn1e1edge' and 'sgiclarkh' with
'rde1edge' as per the updated product names.

Change-Id: I14e9b0332851798531de21d70eb54f1e5557a7bd
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>

Replace all usage of 'sgiclark' with 'rdn1e1edge' and 'sgiclarka' with
'rdn1edge' as per the updated product names.

Change-Id: Idbc157c73477ec32f507ba2d4a4e907d8813374c
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>

Cortex A5 doesnt support VFP, Large Page addressing and generic timer
which are addressed in this patch. The device tree for Cortex a5
is also included.

Change-Id: I0722345721b145dfcc80bebd36a1afbdc44bb678
Signed-off-by: Usama Arif <usama.arif@arm.com>

This patch adds support for Versatile express FVP (Fast models).
Versatile express is a family of platforms that are based on ARM v7.
Currently this port has only been tested on Cortex A7, although it
should work with other ARM V7 cores that support LPAE, generic timers,
VFP and hardware divide. Future patches will support other
cores like Cortex A5 that dont support features like LPAE
and hardware divide. This platform is tested on and only expected to
work on single core models.

Change-Id: I10893af65b8bb64da7b3bd851cab8231718e61dd
Signed-off-by: Usama Arif <usama.arif@arm.com>

Change-Id: I1adcf195c0ba739002f3a59e805c782dd292ccba
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

Change-Id: Ideb49011da35f39ff1959be6f5015fa212ca2b6b
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

The variable is renamed to PLAT_ARM_RUN_UART as
the UART is used outside BL31 as well.

Change-Id: I00e3639dfb2001758b7d24548c11236c6335f64a
Signed-off-by: Usama Arif <usama.arif@arm.com>

Rather than letting the Trusty makefile set the option to enable dynamic
translation tables, make platforms do it themselves.

This also allows platforms to replace the implementation of the
translation tables library as long as they use the same function
prototypes.

Change-Id: Ia60904f61709ac323addcb57f7a83391d9e21cd0
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

Many parts of the code were duplicating symbols that are defined in
include/common/bl_common.h. It is better to only use the definitions in
this header.

As all the symbols refer to virtual addresses, they have to be
uintptr_t, not unsigned long. This has also been fixed in bl_common.h.

Change-Id: I204081af78326ced03fb05f69846f229d324c711
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>

The BL33 image must not go past the end of DRAM.

Change-Id: I56668ab760d82332d69a8904d125d9a055aa91d5
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

PLAT_ARM_NS_IMAGE_OFFSET is in fact not an offset relative to some base
address, it is an absolute address. Rename it to avoid any confusion.

Change-Id: I1f7f5e8553cb267786afe7e5f3cd4d665b610d3f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

Change-Id: I670ea80e0331c2d4b2ccfa563a45469a43f6902d
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>