From 8b27eb7d91d97d707af94fff11ea02963ee2c3c0 Mon Sep 17 00:00:00 2001
From: Ziad Elhanafy <ziad.elhanafy@arm.com>
Date: Wed, 2 Oct 2024 14:38:10 +0100
Subject: [PATCH 1/3] feat(rd1ae): add support for OP-TEE SPMC

Add support for loading and booting OP-TEE as SPMC running at
S-EL1 for RD-1 AE platform.

Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Change-Id: If29f56bb19fe7f370208ef5a6f60bfff4346ea93
---
 .../platform/rd1ae/fdts/rd1ae_fw_config.dts   |  6 +++++
 .../rd1ae/fdts/rd1ae_optee_spmc_manifest.dts  | 27 +++++++++++++++++++
 .../platform/rd1ae/include/platform_def.h     |  9 ++++++-
 .../automotive_rd/platform/rd1ae/platform.mk  |  7 ++++-
 .../rd1ae/rd1ae_bl2_mem_params_desc.c         | 26 +++++++++++++++++-
 .../platform/rd1ae/rd1ae_bl31_setup.c         | 11 ++++++++
 .../automotive_rd/platform/rd1ae/rd1ae_plat.c |  1 +
 7 files changed, 84 insertions(+), 3 deletions(-)
 create mode 100644 plat/arm/board/automotive_rd/platform/rd1ae/fdts/rd1ae_optee_spmc_manifest.dts

diff --git a/plat/arm/board/automotive_rd/platform/rd1ae/fdts/rd1ae_fw_config.dts b/plat/arm/board/automotive_rd/platform/rd1ae/fdts/rd1ae_fw_config.dts
index 53cd3b0fa..89e30e9f5 100644
--- a/plat/arm/board/automotive_rd/platform/rd1ae/fdts/rd1ae_fw_config.dts
+++ b/plat/arm/board/automotive_rd/platform/rd1ae/fdts/rd1ae_fw_config.dts
@@ -12,6 +12,12 @@
 	dtb-registry {
 		compatible = "fconf,dyn_cfg-dtb_registry";
 
+		tos_fw-config {
+			load-address = <0x0 0x70000>;
+			max-size = <0x1000>;
+			id = <TOS_FW_CONFIG_ID>;
+		};
+
 		hw-config {
 			load-address = <0x0 0x83000000>;
 			max-size = <0x8000>;
diff --git a/plat/arm/board/automotive_rd/platform/rd1ae/fdts/rd1ae_optee_spmc_manifest.dts b/plat/arm/board/automotive_rd/platform/rd1ae/fdts/rd1ae_optee_spmc_manifest.dts
new file mode 100644
index 000000000..c28cadf67
--- /dev/null
+++ b/plat/arm/board/automotive_rd/platform/rd1ae/fdts/rd1ae_optee_spmc_manifest.dts
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/dts-v1/;
+
+/ {
+	compatible = "arm,ffa-core-manifest-1.0";
+	#address-cells = <2>;
+	#size-cells = <1>;
+
+	/*
+	 * BL32 image details needed by SPMC
+	 */
+
+	attribute {
+		spmc_id = <0x8000>;
+		maj_ver = <0x1>;
+		min_ver = <0x0>;
+		exec_state = <0x0>;
+		load_address = <0x0 0xffc00000>;
+		entrypoint = <0x0 0xffc00000>;
+		binary_size = <0x00400000>;
+	};
+};
diff --git a/plat/arm/board/automotive_rd/platform/rd1ae/include/platform_def.h b/plat/arm/board/automotive_rd/platform/rd1ae/include/platform_def.h
index 44c8ee3c9..b71be401c 100644
--- a/plat/arm/board/automotive_rd/platform/rd1ae/include/platform_def.h
+++ b/plat/arm/board/automotive_rd/platform/rd1ae/include/platform_def.h
@@ -45,6 +45,9 @@
 #define PLAT_CSS_MHU_BASE			UL(0x2A920000)
 #define PLAT_ARM_NSTIMER_FRAME_ID		U(0)
 
+#define PLAT_ARM_SPMC_BASE		        UL(0xFFC00000)
+#define PLAT_ARM_SPMC_SIZE		        UL(0x00400000)
+
 #define SOC_CSS_SEC_UART_BASE			UL(0x2A410000)
 #define SOC_CSS_NSEC_UART_BASE			UL(0x2A400000)
 #define SOC_CSS_UART_SIZE			UL(0x10000)
@@ -115,10 +118,14 @@
 						MT_SECURE)
 
 #define RD1AE_MAP_NS_DRAM1	MAP_REGION_FLAT(ARM_DRAM1_BASE,	\
-						ARM_DRAM1_SIZE,	\
+						ARM_DRAM1_SIZE - PLAT_ARM_SPMC_SIZE, \
 						MT_MEMORY | MT_RW | \
 						MT_NS)
 
+#define RD1AE_MAP_S_DRAM1	MAP_REGION_FLAT(PLAT_ARM_SPMC_BASE, \
+						PLAT_ARM_SPMC_SIZE,	\
+						MT_MEMORY | MT_RW | MT_SECURE)
+
 #define RD1AE_DEVICE_BASE	(0x20000000)
 #define RD1AE_DEVICE_SIZE	(0x20000000)
 #define RD1AE_MAP_DEVICE	MAP_REGION_FLAT(RD1AE_DEVICE_BASE, \
diff --git a/plat/arm/board/automotive_rd/platform/rd1ae/platform.mk b/plat/arm/board/automotive_rd/platform/rd1ae/platform.mk
index 35cd8a19d..6773ae02b 100644
--- a/plat/arm/board/automotive_rd/platform/rd1ae/platform.mk
+++ b/plat/arm/board/automotive_rd/platform/rd1ae/platform.mk
@@ -32,6 +32,7 @@ ENABLE_MPAM_FOR_LOWER_ELS		:=	1
 GIC_ENABLE_V4_EXTN			:=	1
 GICV3_SUPPORT_GIC600			:=	1
 HW_ASSISTED_COHERENCY			:=	1
+NEED_BL32				:=	yes
 PLAT_MHU_VERSION			:=	1
 RESET_TO_BL2				:=	1
 SVE_VECTOR_LEN				:=	128
@@ -68,15 +69,19 @@ endif
 
 # Add the FDT_SOURCES and options for Dynamic Config
 FDT_SOURCES	+=	${RD1AE_BASE}/fdts/${PLAT}_fw_config.dts	\
-			fdts/${PLAT}.dts
+			fdts/${PLAT}.dts				\
+			${RD1AE_BASE}/fdts/${PLAT}_optee_spmc_manifest.dts
 
 FW_CONFIG	:=	${BUILD_PLAT}/fdts/${PLAT}_fw_config.dtb
 HW_CONFIG	:=	${BUILD_PLAT}/fdts/${PLAT}.dtb
+TOS_FW_CONFIG	:=	${BUILD_PLAT}/fdts/${PLAT}_optee_spmc_manifest.dtb
 
 # Add the FW_CONFIG to FIP and specify the same to certtool
 $(eval $(call TOOL_ADD_PAYLOAD,${FW_CONFIG},--fw-config,${FW_CONFIG}))
 # Add the HW_CONFIG to FIP and specify the same to certtool
 $(eval $(call TOOL_ADD_PAYLOAD,${HW_CONFIG},--hw-config,${HW_CONFIG}))
+# Add the TOS_FW_CONFIG to FIP and specify the same to certtool
+$(eval $(call TOOL_ADD_PAYLOAD,${TOS_FW_CONFIG},--tos-fw-config,${TOS_FW_CONFIG}))
 
 ifeq (${TRUSTED_BOARD_BOOT},1)
 FIP_BL2_ARGS	:=	tb-fw
diff --git a/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_bl2_mem_params_desc.c b/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_bl2_mem_params_desc.c
index 30cc90f09..8d0b96f2b 100644
--- a/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_bl2_mem_params_desc.c
+++ b/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_bl2_mem_params_desc.c
@@ -36,7 +36,7 @@ static bl_mem_params_node_t bl2_mem_params_descs[] = {
 		.image_info.image_base = BL31_BASE,
 		.image_info.image_max_size = BL31_LIMIT - BL31_BASE,
 
-		.next_handoff_image_id = BL33_IMAGE_ID,
+		.next_handoff_image_id = BL32_IMAGE_ID,
 	},
 	/* Fill HW_CONFIG related information */
 	{
@@ -48,6 +48,30 @@ static bl_mem_params_node_t bl2_mem_params_descs[] = {
 			VERSION_2, image_info_t, IMAGE_ATTRIB_SKIP_LOADING),
 		.next_handoff_image_id = INVALID_IMAGE_ID,
 	},
+	/* Fill BL32 related information */
+	{
+		.image_id = BL32_IMAGE_ID,
+
+		SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP,
+			VERSION_2, entry_point_info_t, SECURE | EXECUTABLE),
+		.ep_info.pc = BL32_BASE,
+
+		SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
+			VERSION_2, image_info_t, 0),
+		.image_info.image_base = BL32_BASE,
+		.image_info.image_max_size = BL32_LIMIT - BL32_BASE,
+
+		.next_handoff_image_id = BL33_IMAGE_ID,
+	},
+	/* Fill TOS_FW_CONFIG related information */
+	{
+		.image_id = TOS_FW_CONFIG_ID,
+		SET_STATIC_PARAM_HEAD(ep_info, PARAM_IMAGE_BINARY,
+			VERSION_2, entry_point_info_t, SECURE | NON_EXECUTABLE),
+		SET_STATIC_PARAM_HEAD(image_info, PARAM_IMAGE_BINARY,
+			VERSION_2, image_info_t, IMAGE_ATTRIB_SKIP_LOADING),
+		.next_handoff_image_id = INVALID_IMAGE_ID,
+	},
 	/* Fill BL33 related information */
 	{
 		.image_id = BL33_IMAGE_ID,
diff --git a/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_bl31_setup.c b/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_bl31_setup.c
index ce7bad75a..6cfe34a2e 100644
--- a/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_bl31_setup.c
+++ b/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_bl31_setup.c
@@ -26,3 +26,14 @@ const plat_psci_ops_t *plat_arm_psci_override_pm_ops(plat_psci_ops_t *ops)
 {
 	return css_scmi_override_pm_ops(ops);
 }
+
+#if defined(SPD_spmd) && (SPMC_AT_EL3 == 0)
+/*
+ * A dummy implementation of the platform handler for Group0 secure interrupt.
+ */
+int plat_spmd_handle_group0_interrupt(uint32_t intid)
+{
+	(void)intid;
+	return -1;
+}
+#endif /* defined(SPD_spmd) && (SPMC_AT_EL3 == 0) */
diff --git a/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_plat.c b/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_plat.c
index e917330b0..229ab241a 100644
--- a/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_plat.c
+++ b/plat/arm/board/automotive_rd/platform/rd1ae/rd1ae_plat.c
@@ -19,6 +19,7 @@ const mmap_region_t plat_arm_mmap[] = {
 #if IMAGE_BL2
 	RD1AE_MAP_NS_DRAM1,
 #endif
+	RD1AE_MAP_S_DRAM1,
 	{0}
 };
 

From 428f4169ab241c0a67171505549f16d790043f5d Mon Sep 17 00:00:00 2001
From: Ziad Elhanafy <ziad.elhanafy@arm.com>
Date: Mon, 15 Jul 2024 09:18:45 +0100
Subject: [PATCH 2/3] docs(rd1ae): update documentation to include BL32

Update the boot sequence in the RD-1 AE documentation
to include BL32 (OP-TEE).

Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Change-Id: I25fdc114bb71d3ad7e1bb2d845f758d6af037e3d
---
 docs/plat/arm/automotive_rd/index.rst | 36 +++++++++++++++++++++------
 1 file changed, 29 insertions(+), 7 deletions(-)

diff --git a/docs/plat/arm/automotive_rd/index.rst b/docs/plat/arm/automotive_rd/index.rst
index d0db6ac56..04ca2b91e 100644
--- a/docs/plat/arm/automotive_rd/index.rst
+++ b/docs/plat/arm/automotive_rd/index.rst
@@ -11,15 +11,34 @@ Further information on RD1-AE is available at `rd1ae`_
 Boot Sequence
 -------------
 
-BL2 –> BL31 –> BL33
+The boot process starts from RSE (Runtime Security Engine) that loads the
+Application Processor (AP) BL2 image and signals the System Control Processor (SCP)
+to power up the AP. The AP then runs AP BL2
 
-The boot process starts from RSE (Runtime Security Engine) that loads the BL2 image
-and signals the System Control Processor (SCP) to power up the Application Processor (AP).
-The AP then runs BL2, which loads the rest of the images, including the runtime firmware
-BL31, and proceeds to execute it. Finally, it passes control to the non-secure world
-BL33 (u-boot).
+The primary compute boot flow follows the following steps:
 
-BL2 performs the actions described in the `Trusted Board Boot (TBB)`_ document.
+1. AP BL2:
+
+   * Performs the actions described in the `Trusted Board Boot (TBB)`_ document.
+   * Copies the AP BL31 image from Secure Flash to Secure SRAM
+   * Copies the AP BL32 (OP-TEE) image from Secure Flash to Secure DRAM
+   * Copies the AP BL33 (U-Boot) image from Secure Flash to Normal DRAM
+   * Transfers the execution to AP BL31
+
+2. AP BL31:
+
+   * Initializes Trusted Firmware-A Services
+   * Transfers the execution to AP BL32 and then transfers the execution to AP BL33
+   * During runtime, acts as the Secure Monitor, handling SMC calls,
+     and context switching between secure and non-secure worlds.
+
+3. AP BL32:
+
+   * Initializes OP-TEE environment
+   * Initializes Secure Partitions
+   * Transfers the execution back to AP BL31
+   * During runtime, it facilitates secure communication between the
+     normal world environment (e.g. Linux) and the Trusted Execution Environment.
 
 Build Procedure (TF-A only)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -41,6 +60,9 @@ Build Procedure (TF-A only)
       COT=tbbr \
       ARM_ROTPK_LOCATION=devel_rsa \
       ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \
+      BL32=<path to optee binary> \
+      SPD=spmd \
+      SPMD_SPM_AT_SEL2=0 \
       BL33=<path to u-boot binary> \
 
 *Copyright (c) 2024, Arm Limited. All rights reserved.*

From 6e1bf7e97f7389f59c2ea0d28cfeef5399db7881 Mon Sep 17 00:00:00 2001
From: Ziad Elhanafy <ziad.elhanafy@arm.com>
Date: Mon, 15 Jul 2024 14:07:06 +0100
Subject: [PATCH 3/3] feat(rd1ae): add Generic Timer in device tree

Add a node for AP_REFCLK Non-Secure Generic Timer in device tree, which
acts as a system timer to fix the failure of SystemReady IR ACS BSA
test case 402.

Refer to https://github.com/ARM-software/bsa-acs/blob/v23.09_REL1.0.6\
/docs/arm_bsa_testcase_checklist.rst?plain=1#L115
for more information.

Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Signed-off-by: David Hu <david.hu2@arm.com>
Change-Id: I3e63a5ecfd8c6211f917ca3844b8b7bda208d83a
---
 fdts/rd1ae.dts | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/fdts/rd1ae.dts b/fdts/rd1ae.dts
index 3060b5a72..6e821aeb7 100644
--- a/fdts/rd1ae.dts
+++ b/fdts/rd1ae.dts
@@ -255,6 +255,21 @@
 		#size-cells = <2>;
 		ranges;
 
+		timer@2a810000 {
+			compatible = "arm,armv7-timer-mem";
+			reg = <0x0 0x2a810000 0 0x10000>;
+			#address-cells = <2>;
+			#size-cells = <2>;
+			clock-frequency = <250000000>;
+			ranges;
+
+			frame@2a830000 {
+				frame-number = <0>;
+				interrupts = <GIC_SPI 77 IRQ_TYPE_LEVEL_HIGH>;
+				reg = <0x0 0x2a830000 0x0 0x10000>;
+			};
+		};
+
 		gic: interrupt-controller@30000000 {
 			compatible = "arm,gic-v3";
 			reg = <0x0 0x30000000 0 0x10000>,	// GICD