The only platform to use this is fvp_r. As this platform is now gone, so
is the need for this library. Support for it never went out of
"experimental" so it does not appear to be finished.
Change-Id: I76499b92ca4368651330f17dc80803991158cc36
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
A potential problem with clang version < 17 can cause resolving nested
'cfi_startproc' to fail compilation.
So add a variant of check_errara/reset_macros that is compatible with
clang version < 17 to ignore `cfi_startproc` and `cfi_endproc`.
This wouldn't cause any performance issue and will not affect any
functional behaviour.
Change-Id: I46147af2dd0accd5be14ddb26dea03bb2f87cba8
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
The platform has not been maintained for some years and is generally
broken. Remove it to avoid confusion.
Change-Id: I93d832d51e114689ec79969af5d96071a03f4a88
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
* changes:
fix(psci): avoid altering function parameters
fix(services): avoid altering function parameters
fix(common): ignore the unused function return value
fix(psci): modify variable conflicting with external function
fix(delay-timer): create unique variable name
Adding support for this framework at the handoff boundary between
firmware stage BL2 and BL31 on TC.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I8e29b859e57a732e53f7532a5869ed4c8665b161
The stpmic2_dump_regulators() function now uses LOG_LEVEL instead of
EVENT_LOG_LEVEL to align with general logging conventions.
Additionally, the guard has been moved inside the function, removing
unnecessary preprocessor checks where the function is used and thereby
improving consistency.
Change-Id: I087de124e6795a599b4f91a7613c6dfa3f76bb7a
Signed-off-by: Boerge Struempfel <boerge.struempfel@gmail.com>
Refactor `arm_bl31_early_platform_setup` to accept generic u_register_t
values, enabling support for firmware handoff boot arguments in
common code. This simplifies the interface for early platform setup.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: Iff20300d2372e1a9825827ddccbd1b3bc6751e40
Refactor `arm_bl2_early_platform_setup` to accept generic u_register_t
values, enabling support for firmware handoff boot arguments in
common code. This simplifies the interface for early platform setup.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: Ie0dbe4d32bbef22bd185fdafe50091a2ea5f550f
* changes:
fix(psci): add const qualifier
fix(el3-runtime): add const qualifier
fix(bl31): add const qualifier
fix(console): typecast expressions to match data type
fix(arm-drivers): typecast expressions to match data type
fix(arm-drivers): align essential type categories
fix(arm-drivers): typecast expression to match data type
Some platforms do not support FEAT_MEC. Hence, they do not provide
an interface to update the update of the key corresponding to a
MECID.
This patch adds a condition in order to verify FEAT_MEC is present
before calling the corresponding platform hook, thus preventing it
from being called when the platform does not support the feature.
Change-Id: Ib1eb9e42f475e27ec31529569e888b93b207148c
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
The direct message response received by the SPMD upon a CPU_OFF power
management operation must be a framework message. If message indicates
SPMC denied the CPU_OFF operation, SPMD shall panic.
However, if SPMC does not support receiving power management
related framework messages from SPMD, it will return FFA_ERROR.
In such case, SPMD takes an implementation defined choice to ignore the
the FFA_ERROR and proceed with power management operation.
Change-Id: I18b9ee3fb8fd605bcd4aaa6802c969e9d36ccbe1
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
- Define information structures for SMMU, root complex,
root port and BDF mappings.
- Add entries for SMMU and PCIe root complexes to Boot manifest.
- Update RMMD_MANIFEST_VERSION_MINOR from 4 to 5.
Change-Id: I0a76dc18edbaaff40116f376aeb56c750d57c7c1
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
* changes:
refactor(arm): simplify early platform setup functions
feat(bl32): enable r3 usage for boot args
feat(handoff): add lib to sp-min sources
feat(handoff): add 32-bit variant of SRAM layout
feat(handoff): add 32-bit variant of ep info
fix(aarch32): avoid using r12 to store boot params
fix(arm): reinit secure and non-secure tls
refactor(handoff): downgrade error messages
Refactor `arm_sp_min_early_platform_setup` to accept generic
`u_register_r` values to support receiving firmware handoff boot
arguments in common code. This has the added benefit of simplifying the
interface into common early platform setup.
Change-Id: Idfc3d41f94f2bf3a3a0c7ca39f6b9b0013836e3a
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
The bit is already implicitly zero so no functional change. Adding it
helps fully describe how we expect FEAT_TRF to behave.
Change-Id: If7a7881e2b50188222ce46265b432d658a664c75
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Implement safer version of 'strnlen' function
to handle NULL terminated strings with additional
bound checking and secure version of string copy function
to support better security and avoid destination
buffer overflow.
Change-Id: I93916f003b192c1c6da6a4f78a627c8885db11d9
Signed-off-by: Jit Loon Lim <jit.loon.lim@altera.com>
Signed-off-by: Girisha Dengi <girisha.dengi@intel.com>
With this addition, TF-A now has an SMC call to handle the
update of MEC keys associated to MECIDs.
The behavior of this newly added call is empty for now until an
implementation for the MPE (Memory Protection Engine) driver is
available. Only parameter sanitization has been implemented.
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I2a969310b47e8c6da1817a79be0cd56158c6efc3
add the Infineon Optiga SLB9670 TPM2.0 GPIO SPI
configuration data, as well as chip reset and the
GPIO SPI bitbang driver initialization. This code
supports use with the rpi3 platform, with availibility
to add configuration parameters for other platforms
Change-Id: Ibdffb28fa0b3b5a18dff2ba5d4ea305633740763
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Add tpm2 drivers to tf-a with adequate framework
-implement a fifo spi interface that works
with discrete tpm chip.
-implement tpm command layer interfaces that are used
to initialize, start and make measurements and
close the interface.
-tpm drivers are built using their own make file
to allow for ease in porting across platforms,
and across different interfaces.
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Change-Id: Ie1a189f45c80f26f4dea16c3bd71b1503709e0ea
When using a tpm breakout board with rpi3, we elected to bit-bang
gpio pins to emulate a spi interface, this implementation required a
driver to interface with the platform specific pins and emulate spi
functionality. The generic driver provides the ability to pass in a
gpio_spi_data structure that contains the necessary gpio pins in
order to simulate spi operations (get_access, start, stop, xfer).
Change-Id: I88919e8a294c05e0cabb8224e35ae5c1ba5f2413
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Cortex-A510 erratum 2971420 applies to revisions r0p1, r0p2, r0p3,
r1p0, r1p1, r1p2 and r1p3, and is still open.
Under some conditions, data might be corrupted if Trace Buffer
Extension (TRBE) is enabled. The workaround is to disable trace
collection via TRBE by programming MDCR_EL3.NSTB[1] to the opposite
value of SCR_EL3.NS on a security state switch. Since we only enable
TRBE for non-secure world, the workaround is to disable TRBE by
setting the NSTB field to 00 so accesses are trapped to EL3 and
secure state owns the buffer.
SDEN: https://developer.arm.com/documentation/SDEN-1873361/latest/
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ia77051f6b64c726a8c50596c78f220d323ab7d97
Cortex-A715 erratum 2804830 applies to r0p0, r1p0, r1p1 and r1p2,
and is fixed in r1p3.
Under some conditions, writes of a 64B-aligned, 64B granule of
memory might cause data corruption without this workaround. See SDEN
for details.
Since this workaround disables write streaming, it is expected to
have a significant performance impact for code that is heavily
reliant on write streaming, such as memcpy or memset.
SDEN: https://developer.arm.com/documentation/SDEN-2148827/latest/
Change-Id: Ia12f6c7de7c92f6ea4aec3057b228b828d48724c
Signed-off-by: John Powell <john.powell@arm.com>
Introduce the 32-bit variant of the SRAM layout used by BL1 to
communicate available free SRAM to BL2. This layout was added to the
specification in:
https://github.com/FirmwareHandoff/firmware_handoff/pull/54.
Change-Id: I559fb8a00725eaedf01856af42d73029802aa095
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Add the 32-bit version of the entry_point_info structure used to pass
the boot arguments for future executables, added to the spec under the
PR: https://github.com/FirmwareHandoff/firmware_handoff/pull/54.
Change-Id: Id98e0f98db6ffd4790193e201f24e62101450e20
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
This patch provides architectural support for further use of
Memory Encryption Contexts (MEC) by declaring the necessary
registers, bits, masks, helpers and values and modifying the
necessary registers to enable FEAT_MEC.
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I670dbfcef46e131dcbf3a0b927467ebf6f438fa4
This corrects the MISRA violation C2012-5.7:
A tag name shall be a unique identifier.
Renamed the variable to ensure uniqueness.
Change-Id: Ibadebf8fd5206eb079535d2775d1877b42f1eab7
Signed-off-by: Nithin G <nithing@amd.com>
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
This corrects the MISRA violation C2012-10.4:
Both operands of an operator in which the usual arithmetic conversions
are performed shall have the same essential type category.
The condition is explicitly checked against 0U, appending 'U' and
typecasting for unsigned comparison.
Change-Id: I4276035b3e7a223e80712e023457662689a011a1
Signed-off-by: Nithin G <nithing@amd.com>
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
Perform sanity checks on the launch features received via DRTM parameters.
Return INVALID_PARAMETERS if they are incorrect.
Change-Id: I7e8068154028d1c8f6b6b45449616bb5711ea76e
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Introduce a new EXTRACT_FIELD macro to simplify the extraction
of specific fields from a value by shifting the value right
and applying the mask.
Change-Id: Iae9573d6d23067bbde13253e264e4f6f18b806c2
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
tspd compiles with `arch_helpers.h` and when FEAT_D128 is enabled
read/writes to D128 impacted registers will provide 128-bit
mrrs/msrr read/write implementation.
However FEAT_D128 implementation with SCR_EL3.D128en is set only
for lower-EL Non-Secure world. When tspd is chosen as the SPD target,
it builds tsp as well. This S-EL1 payload, used for testing,
inadvertently uses mrrs/msrr read/write implementation in
`modify_el1_common_regs` helper function. This eventually leads
to a panic.
Group all D128 impacted registers and avoid using mrrs/msrr read/write
implementation for tspd builds.
Change-Id: Ic0ed3a901ffa65f9447cae08951defbadee3e02a
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Certain erratum workarounds like Neoverse N1 1542419, need a part
of their mitigation done in EL3 and the rest in lower EL. But currently
such workarounds return HIGHER_EL_MITIGATION which indicates that the
erratum has already been mitigated by a higher EL(EL3 in this case)
which causes the lower EL to not apply it's part of the mitigation.
This patch fixes this issue by adding support for split workarounds
so that on certain errata we return AFFECTED even though EL3 has
applied it's workaround. This is done by reusing the chosen field of
erratum_entry structure into a bitfield that has two bitfields -
Bit 0 indicates that the erratum has been enabled in build,
Bit 1 indicates that the erratum is a split workaround and should
return AFFECTED instead of HIGHER_EL_MITIGATION.
SDEN documentation:
https://developer.arm.com/documentation/SDEN885747/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Iec94d665b5f55609507a219a7d1771eb75e7f4a7
These bits were missed with the original implementation. They are set if
supported, so we need to ignore them.
Change-Id: I3a94017bacdc54bfc14f0add972240148da3b41d
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
