GitLab

Change-Id: Ie0a94783d0c8e111ae19fd592304e6485f04ca29
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

Add support for multiple Cryptocell revisions which
use different APIs.

This commit only refactors the existing code in preperation to the addition
of another Cryptocell revisions later on.
Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com>
Change-Id: I16d80b31afb6edd56dc645fee5ea619cc74f09b6

Code using Cryptocell specific APIs was used as part of the
arm common board ROT support, instead of being abstracted
in Cryptocell specific driver code, creating two problems:
- Any none arm board that uses Cryptocell wuld need to
  copy and paste the same code.
- Inability to cleanly support multiple versions of Cryptocell
  API and products.

Move over Cryptocell specific API calls into the Cryptocell
driver, creating abstraction API where needed.
Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com>
Change-Id: I9e03ddce90fcc47cfdc747098bece86dbd11c58e

This patch introduces an additional precautionary step to further
enhance protection against variant 4. During the context initialisation
before we enter the various BL stages, the SPSR.SSBS bit is explicitly
set to zero. As such, speculative loads/stores are by default disabled
for all BL stages when they start executing. Subsequently, each BL
stage, can choose to enable speculative loads/stores or keep them
disabled.

This change doesn't affect the initial execution context of BL33 which
is totally platform dependent and, thus, it is intentionally left up to
each platform to initialise.

For Arm platforms, SPSR.SSBS is set to zero for BL33 too. This means
that, for Arm platforms, all BL stages start with speculative
loads/stores disabled.

Change-Id: Ie47d39c391d3f20fc2852fc59dbd336f8cacdd6c
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>

BL31 used to take a single bl31_params_t parameter structure with entry
point information in arg0. In commit 72600226

 (Add new version of image
loading.) this API was changed to a more flexible linked list approach,
and the old parameter structure was copied into all platforms that still
used the old format. This duplicated code unnecessarily among all these
platforms.

This patch adds a helper function that platforms can optionally link to
outsource the task of interpreting arg0. Many platforms are just
interested in the BL32 and BL33 entry point information anyway. Since
some platforms still need to support the old version 1 parameters, the
helper will support both formats when ERROR_DEPRECATED == 0. This allows
those platforms to drop a bunch of boilerplate code and asynchronously
update their BL2 implementation to the newer format.

Change-Id: I9e6475adb1a7d4bccea666118bd1c54962e9fc38
Signed-off-by: Julius Werner <jwerner@chromium.org>

This patch adds a new include/export/ directory meant for inclusion in
third-party code. This is useful for cases where third-party code needs
to interact with TF-A interfaces and data structures (such as a custom
BL2-implementation like coreboot handing off to BL31). Directly
including headers from the TF-A repository avoids having to duplicate
all these definitions (and risk them going stale), but with the current
header structure this is not possible because handoff API definitions
are too deeply intertwined with other TF code/headers and chain-include
other headers that will not be available in the other environment.

The new approach aims to solve this by separating only the parts that
are really needed into these special headers that are self-contained and
will not chain-include other (non-export) headers. TF-A code should
never include them directly but should instead always include the
respective wrapper header, which will include the required prerequisites
(like <stdint.h>) before including the export header. Third-party code
can include the export headers via its own wrappers that make sure the
necessary definitions are available in whatever way that environment can
provide them.

Change-Id: Ifd769320ba51371439a8e5dd5b79c2516c3b43ab
Signed-off-by: Julius Werner <jwerner@chromium.org>

It's not a good idea to use u_register_t for the members of
aapcs64_params_t and aapcs32_params_t, since the width of that type
always depends on the current execution environment. This would cause
problems if e.g. we used this structure to set up the entry point of an
AArch32 program from within an AArch64 program. (It doesn't seem like
any code is doing that today, but it's probably still a good idea to
write this defensively. Also, it helps with my next patch.)

Change-Id: I12c04a85611f2b6702589f3362bea3e6a7c9f776
Signed-off-by: Julius Werner <jwerner@chromium.org>

The watchdog is configured with a default value of 256 seconds in order
to implement the Trusted Board Boot Requirements.

For the FVP and Juno platforms, the FWU process relies on a watchdog
reset. In order to automate the test of FWU, the length of this process
needs to be as short as possible. Instead of waiting for those 4 minutes
to have a reset by the watchdog, tell it to reset immediately.

There are no side effects as the value of the watchdog's load register
resets to 0xFFFFFFFF.

Tested on Juno.

Change-Id: Ib1aea80ceddc18ff1e0813a5b98dd141ba8a3ff2
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

This patch adds some common helper code to support a lightweight
platform parameter passing framework between BLs that has already been
used on Rockchip platforms but is more widely useful to others as well.
It can be used as an implementation for the SoC firmware configuration
file mentioned in the docs, and is primarily intended for platforms
that only require a handful of values to be passed and want to get by
without a libfdt dependency. Parameters are stored in a linked list and
the parameter space is split in generic and vendor-specific parameter
types. Generic types will be handled by this code whereas
vendor-specific types have to be handled by a vendor-specific handler
function that gets passed in.

Change-Id: If3413d44e86b99d417294ce8d33eb2fc77a6183f
Signed-off-by: Julius Werner <jwerner@chromium.org>

Change-Id: Iab767e9937f5c6c8150953fcdc3b37e8ee83fa63
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

Use v2 xlat tables library instead of v1 for marvell platforms.
Signed-off-by: Remi Pommarel <repk@triplefau.lt>
Change-Id: I838a6a878a8353e84eea9529721761b478943f0a

Update the skeleton implementation of the console interface.

The 32 bit version was outdated and has been copied from the 64 bit
version.

Change-Id: Ib3e4eb09402ffccb1a30c703a53829a7bf064dfe
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

This patch enables MTE for Normal world if the CPU suppors it. Enabling
MTE for secure world will be done later.

Change-Id: I9ef64460beaba15e9a9c20ab02da4fb2208b6f7d
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

This consists of ensuring that the left operand of each shift is
unsigned when the operation might overflow into the sign bit.

Change-Id: Iddd6f38139a4c6e500468b4fc48d04e0939f574e
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>

This patch adds 128-bit integer types int128_t and uint128_t
for "__int128" and "unsigned __int128" supported by GCC and
Clang for AArch64.

Change-Id: I0e646d026a5c12a09fd2c71dc502082052256a94
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

This patch removes incorrect SCTLR_V_BIT definition and adds
definitions for ARMv8.3-Pauth EnIB, EnDA and EnDB bits.

Change-Id: I1384c0a01f56f3d945833464a827036252c75c2e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

Change-Id: I755e4c42242d9a052570fd1132ca3d937acadb13
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

Neoverse N1 erratum 1262888 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUECTLR_EL1 system register, which disables the MMU hardware prefetcher.

[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html



Change-Id: Ib733d748e32a7ea6a2783f3d5a9c5e13eee01105
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

Neoverse N1 erratum 1262606 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR_EL1 system register, which delays instruction fetch after
branch misprediction.

[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html



Change-Id: Idd980e9d5310232d38f0ce272862e1fb0f02ce9a
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

Neoverse N1 erratum 1257314 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR3_EL1 system register, which prevents parallel
execution of divide and square root instructions.

[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html



Change-Id: I54f0f40ff9043efee40d51e796b92ed85b394cbb
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

Neoverse N1 erratum 1220197 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set two bits in the implementation defined
CPUECTLR_EL1 system register, which disables write streaming to the L2.

[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html



Change-Id: I9c3373f1b6d67d21ee71b2b80aec5e96826818e8
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

Neoverse N1 erratum 1207823 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR2_EL1 system register.

[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html



Change-Id: Ia932337821f1ef0d644db3612480462a8d924d21
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

Neoverse N1 erratum 1165347 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set two bits in the implementation defined
CPUACTLR2_EL1 system register.

[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html



Change-Id: I163d0ea00578245c1323d2340314cdc3088c450d
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

Neoverse N1 erratum 1130799 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR2_EL1 system register.

[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html



Change-Id: I252bc45f9733443ba0503fefe62f50fdea61da6d
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

Neoverse N1 erratum 1073348 is a Cat B erratum [1],
present in older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined
CPUACTLR_EL1 system register, which disables static prediction.

[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdoc-466751330-10325/index.html



Change-Id: I674126c0af6e068eecb379a190bcf7c75dcbca8e
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

The new API becomes the default one.

Change-Id: Ic1d602da3dff4f4ebbcc158b885295c902a24fec
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

N1SDP platform supports RDIMMs with ECC capability. To use the ECC
capability, the entire DDR memory space has to be zeroed out before
enabling the ECC bits in DMC620. Zeroing out several gigabytes of
memory from SCP is quite time consuming so functions are added that
zeros out the DDR memory from application processor which is
much faster compared to SCP. BL33 binary cannot be copied to DDR memory
before enabling ECC so this is also done by TF-A from IOFPGA-DDR3
memory to main DDR4 memory after ECC is enabled.

Original PLAT_PHY_ADDR_SPACE_SIZE was limited to 36-bits with which
the entire DDR space cannot be accessed as DRAM2 starts in base
0x8080000000. So these macros are redefined for all ARM platforms.

Change-Id: If09524fb65b421b7a368b1b9fc52c49f2ddb7846
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>

Rework the macro that eases the table definition: the src and msk fields
are now using MASK and SHIFT defines of each source register.
Some macros had then to be modified: _USART1_SEL, _ASS_SEL and _MSS_SEL to
_UART1_SEL, _AXIS_SEL, and _MCUS_SEL to match register fields.

Note: the mask for RCC_ASSCKSELR_AXISSRC is changed from 0x3 to 0x7
to reflect the size of the register field, even if there are only
3 possible clock sources.

The mask value is also corrected for QSPI and FMC clock selection.

Change-Id: I44114e3c1dd37b9fa1be1ba519611abd9a07764c
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>

Those functions are generic for parsing nodes from device tree
hence could be located in generic source file.

The oscillators description structure is also moved to STM32MP1 clock
driver, as it is no more used in stm32mp1_clkfunc and cannot be in a
generic file.

Change-Id: I93ba74f4eea916440fef9b160d306af1b39f17c6
Signed-off-by: Yann Gautier <yann.gautier@st.com>

Those defines are used in STM32MP1 clock driver.
It is better to put them altogether with already defined registers.

Change-Id: I6f8ad8c2477b947af6f76283a4ef5c40212d0027
Signed-off-by: Yann Gautier <yann.gautier@st.com>

Convert the R-Car Gen3 platform and both SCIF and Log drivers
to multi-console API.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Change-Id: I18556973937d150b60453f9150d54ee612571e35

The chain of trust description and the pointer pointing to its first
element were incompatible, thus requiring an explicit type cast for
the assignment.

- cot_desc was an array of
  const pointers to const image descriptors.

- cot_desc_ptr was a const pointer to
  (non-constant) pointers to const image descriptors.

Thus, trying to assign cot_desc to cot_desc_ptr (with no cast) would
generate the following compiler warning:

drivers/auth/tbbr/tbbr_cot.c:826:14: warning: initialization discards
  ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
 REGISTER_COT(cot_desc);
              ^~~~~~~~

Change-Id: Iae62dd1bdb43fe379e3843d96461d47cc2f68a06
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

Neoverse N1 erratum 1315703 is a Cat A (rare) erratum [1], present in
older revisions of the Neoverse N1 processor core.
The workaround is to set a bit in the implementation defined CPUACTLR2_EL1
system register, which will disable the load-bypass-store feature.

[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.pjdocpjdoc-466751330-1032/index.html



Change-Id: I5c708dbe0efa4daa0bcb6bd9622c5efe19c03af9
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

The workaround is added to the Cortex-A55 cpu specific file. The
workaround is disabled by default and have to be explicitly enabled by
the platform integrator.

Change-Id: I3e6fd10df6444122a8ee7d08058946ff1cc912f8
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>

This patch adds the functionality needed for platforms to provide
Branch Target Identification (BTI) extension, introduced to AArch64
in Armv8.5-A by adding BTI instruction used to mark valid targets
for indirect branches. The patch sets new GP bit [50] to the stage 1
Translation Table Block and Page entries to denote guarded EL3 code
pages which will cause processor to trap instructions in protected
pages trying to perform an indirect branch to any instruction other
than BTI.
BTI feature is selected by BRANCH_PROTECTION option which supersedes
the previous ENABLE_PAUTH used for Armv8.3-A Pointer Authentication
and is disabled by default. Enabling BTI requires compiler support
and was tested with GCC versions 9.0.0, 9.0.1 and 10.0.0.
The assembly macros and helpers are modified to accommodate the BTI
instruction.
This is an experimental feature.
Note. The previous ENABLE_PAUTH build option to enable PAuth in EL3
is now made as an internal flag and BRANCH_PROTECTION flag should be
used instead to enable Pointer Authentication.
Note. USE_LIBROM=1 option is currently not supported.

Change-Id: Ifaf4438609b16647dc79468b70cd1f47a623362e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

The default DRAM2 base address for Arm platforms
is 0x880000000. However, on some platforms the
firmware may want to move the start address to
a different value.

To support this introduce PLAT_ARM_DRAM2_BASE that
defaults to 0x880000000; but can be overridden by
a platform (e.g. in platform_def.h).

Change-Id: I0d81195e06070bc98f376444b48ada2db1666e28
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>

For security DMA should be blocked at the SMMU by default
unless explicitly enabled for a device. SMMU is disabled
after reset with all streams bypassing the SMMU, and
abortion of all incoming transactions implements a default
deny policy on reset.
This patch also moves "bl1_platform_setup()" function from
arm_bl1_setup.c to FVP platforms' fvp_bl1_setup.c and
fvp_ve_bl1_setup.c files.

Change-Id: Ie0ffedc10219b1b884eb8af625bd4b6753749b1a
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

The workaround for Cortex-A76 errata #1286807 is implemented
in this patch.

Change-Id: I6c15af962ac99ce223e009f6d299cefb41043bed
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

The workarounds for errata 1257314, 1262606, 1262888 and 1275112 are
added to the Cortex-A76 cpu specific file. The workarounds are disabled
by default and have to be explicitly enabled by the platform integrator.

Change-Id: I70474927374cb67725f829d159ddde9ac4edc343
Signed-off-by: Soby Mathew <soby.mathew@arm.com>

This patch is a preparation for the subsequent changes in
SMMUv3 driver. It introduces a new "smmuv3_poll" function
and replaces inline functions for accessing SMMU registers
with mmio read/write operations. Also the infinite loop
for the poll has been replaced with a counter based timeout.

Change-Id: I7a0547beb1509601f253e126b1a7a6ab3b0307e7
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>