* changes:
refactor(el3-spmc): move function call out of loop
refactor(el3-spmc): crash instead of reading OOB
fix(el3-spmc): prevent total_page_count overflow
* changes:
fix(spi-nand): add Quad Enable management
fix(st-clock): disabling CKPER clock is not functional on stm32mp13
fix(st-uart): skip console flush if UART is disabled
fix(st): flush UART at the end of uart_read()
fix(stm32mp1): use the BSEC nodes compatible for stm32mp13
fix(stm32mp13-fdts): correct the BSEC nodes compatible
fix(stm32mp1-fdts): move /omit-if-no-ref/ to overlay files
fix(stm32mp1): properly check PSCI functions return
Add APU watchdog timeout control.
Change-Id: I21d65a88d20b6b2752a75f74487b5fe6596ebdf7
Signed-off-by: Chungying Lu <chungying.lu@mediatek.com>
Signed-off-by: Karl Li <karl.li@mediatek.com>
Add emi mpu protection of APU secure memory.
Change-Id: I949cfce97565d8a313caae4ea41af60a171042a6
Signed-off-by: Chungying Lu <chungying.lu@mediatek.com>
Signed-off-by: Karl Li <karl.li@mediatek.com>
Apusys rcx is a subsys in apusys, and it is a basic domain of APU and
it connects several components in APU.
The devapc control of apusys rcx is also inside APU and it can only be
set when APU is powered on.
Then apusys kernel driver will trigger rcx devapc init by ATF smc call.
Change-Id: If4249f22a08690b1e4f5aa5f0cbfb54ccacf90e1
Signed-off-by: Karl Li <karl.li@mediatek.com>
Signed-off-by: Chungying Lu <chungying.lu@mediatek.com>
Add APU backup/restore function when power on/off.
Change-Id: Id0451bd12f402e1acabeb5c12266a2e01836e9dd
Signed-off-by: Chungying Lu <chungying.lu@mediatek.com>
Signed-off-by: Karl Li <karl.li@mediatek.com>
Add APU bootup control smc call.
The steps of bootup flow:
1. set up APU config.
2. reset APU.
3. set up APU boot config.
4. boot APU.
Change-Id: I9e930070a64c7c4dcaa3a8b3d28b897823e9f53c
Signed-off-by: Chungying Lu <chungying.lu@mediatek.com>
Signed-off-by: Karl Li <karl.li@mediatek.com>
Enable apusys mailbox mpu protect.
Change-Id: Idbf67084037b7ecf4926f57a901075f98540ee57
Signed-off-by: Karl Li <karl.li@mediatek.com>
Signed-off-by: Chungying Lu <chungying.lu@mediatek.com>
Enable apusys domain remap to protect no-protect memory.
- Remap request which from domain 5 to domain 14.
- Remap request which from domain 7 to domain 14.
Change-Id: Iccd188e3b8edbe916fa9767c841a844b66c6011f
Signed-off-by: Karl Li <karl.li@mediatek.com>
Signed-off-by: Chungying Lu <chungying.lu@mediatek.com>
Apusys ao devapc is a set of control registers inside APU, and it
controls the access permission of APU ao domain.
Moreover, apusys ao devapc must be set after apusys power init, so
we need to place the drivers in TF-A instead of coreboot.
Change-Id: Ife849c32d4dd9dca15432d4b8a51753fde61b148
Signed-off-by: Karl Li <karl.li@mediatek.com>
Signed-off-by: Chungying Lu <chungying.lu@mediatek.com>
The information is already available inline. No functional change
intended.
Change-Id: I13d2ad62a9315b233d7a5fd3ffcaac3dd01b055c
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Hopefully this will be a tiny speedup. No functional change intended.
Change-Id: Ia052c7f9b24d5ece6209a6fa2903b1271215ece7
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
If it is called on an invalid mtd, out-of-bounds memory reads are
likely. Checks elsewhere in the code ensure that the mtd has been
validated before calling this function.
Change-Id: If598680a5b79e1786a6e0a213779ec80cbf37494
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
size_t is not guaranteed to be 64 bits, although it happens to be 64
bits on all systems that el3-spmc supports.
Change-Id: Ieae11722a15448641de50233597ac35869eab574
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Adding a static helper function plat_get_nv_ctr_addr() to be used by
both plat_set_nv_ctr() and plat_get_nv_ctr() to return the
non-volatile counter address stored in the platform.
Change-Id: I5124c19e4537bb369724aa0160cc55a3cb1ab7eb
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
QEMU provides GIC information in DeviceTree (on platform version 0.1+).
Read it and provide to next firmware level via SMC.
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Change-Id: I383919bd172acc8873292a0c5e4469651dc96fb9
QEMU provides platform version information via DT. We want to use it
in firmware to handle differences between platform versions.
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Change-Id: I8def66dac9dd5d7ab0e459baa40e27a11b65f0ba
At the moment, TF-A does not need to access VAs or PAs larger than
48 bits, so this patch just enables proper detection of support
for 4KB and 16KB granularity with 52 bits address support.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: Iccebbd5acc21f09dbb234ef21a802300e290ec18
* changes:
feat(fvp): mock support for CCA NV ctr
feat(auth): add CCA NV ctr to CCA CoT
feat(build): pass CCA NV ctr option to cert_create
feat(cert-create): add new option for CCA NV ctr
Add a new page in TF-A documentation for clarifying the process to
elect a new maintainer. This builds on top of the Trusted Firmware
process [1], with the following TF-A specific details:
- Must have contributed to the project for at least a couple of years.
- Must dedicate at least 2 hours a week for maintainer duties.
- Details about the election process. In particular, setting a
one-calendar-week deadline for other maintainers to raise
objections.
[1] https://developer.trustedfirmware.org/w/collaboration/project-maintenance-process/
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Ibef08bbbd4d18cd7aea13e01ba570972a7ee808d
* changes:
feat(cpus): wrappers to propagate AArch32 errata info
feat(cpus): add a way to automatically report errata
feat(cpus): add a concise way to implement AArch64 errata
refactor(cpus): convert print_errata_status to C
refactor(cpus): rename errata_report.h to errata.h
refactor(cpus): move cpu_ops field defines to a header
The framework currently supports QE feature only for Macronix devices.
Kioxia devices also support this feature, but this feature can not be
set based on the manufacturer ID as Kioxia first SPI NAND generation
does not support the QE feature when the second generation does.
Use a flag to manage QE feature. This flag will be added at board level
to manage the device.
Change-Id: I7a3683a2df8739967b17b4abbec32c51bf206b93
Signed-off-by: Christophe Kerello <christophe.kerello@foss.st.com>
With the current implementation of stripping the last null
byte from a string, there was no way to get the TF-M measured
boot test suite to pass. It would expect the size of the string
passed into extend measurement to be unaffected by the call.
This fix should allow passing a string with the null char
pre-stripped, allowing the tests to exclude the null char in
their test data and not have the length decremented.
Further, This patch adds an early exit if either the version
or sw_type is larger than its buffer. Without this check,
it may be possible to pass a length one more than the maximum,
and if the last element is a null, the length will be truncated
to fit. This is instead suppsed to return an error.
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Change-Id: I98e1bb53345574d4645513009883c6e7b6612531
The mask used to configure the CKPER MUX was wrong and unnecessary.
Change-Id: I40098f2a27b9e5ba8706ab5377d23f578c09838b
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Check the USART_CR1_UE bit and if it is 0, the UART is not enabled,
or not clocked (but the read won't freeze the bus and will return 0).
In this case skip the console flush.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I5d1ef7e51612b4795e314b2f2da04a514b6c96a0
Add a flush to ensure that the programmer get time to read the last
command sent.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ic1f718d2754f27945f12c04563663b46274810a7
Device tree alignment with kernel and latest binding for BSEC node:
the rev2.0 is used on STM32MP13x devices with the new compatible
compatible = "st,stm32mp13-bsec".
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I76f86f2951eff4af91d22dfb926969fd842a36ce
Device tree alignment with kernel and latest binding for BSEC node:
the rev2.0 is used on STM32MP13x devices with the new compatible
compatible = "st,stm32mp13-bsec".
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I62c4090ae5d5c1de901e6df1e8ea5d1a3296a272
To keep (as much as possible) alignment with Linux DT, move the
/omit-if-no-ref/ keywords to DT overlay files (fdts/stm32mp1*-bl*.dtsi).
This also ease checks for ST tools.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Ib467a6b65f05a84c9678799ad32e1820249b4ed1
The psci_get_pstate_* helpers return unsigned int values,
update the code accordingly. Remove the useless pstate variable.
This corrects MISRA C2012-14.4:
The controlling expression of an if statement and the controlling
expression of an iteration-statement shall have essentially Boolean
type.
Change-Id: Idc7e756f4ba2bc0d66a327763013f77f86fe16b2
Signed-off-by: Yann Gautier <yann.gautier@st.com>
AArch32 is not being ported to the errata framework. However, the
runtime errata list is needed at runtime for the upcoming errata ABI.
Add wrappers to populate this information and make it accessible in the
same way as AArch64.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I084720f34d6ed4e00e94b09babd3c90a5393298a
Using the errata framework per-cpu data structure, errata can all be
reported automatically through a single standard errata reporter which
can replace the cpu-specific ones.
This reporter can also enforce the ordering requirement of errata.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I7d2d5ac5bcb9d21aed0d560d7d23919a323ffdab
Errata implementation involves adding a lot of boilerplate to random
places with just conventions on how to do them. Copy pasting is the
usual method for doing this. The result is an error-prone and verbose
patch that is a nightmare to get through review.
Errata workarounds have a very large degree of similarity - most of them
involve setting a bit at reset. As such most of the boilerplate is not
strictly necessary. To solve this, add a collection of assembly macros
to wrap errata implementations such that only the actual mitigations
need to be written. A new erratum mitigation looks something like:
workaround_reset_start cortex_a77, ERRATUM(1925769), ERRATA_A77_1925769
sysreg_bit_set CORTEX_A77_CPUECTLR_EL1, CORTEX_A77_CPUECTLR_EL1_BIT_8
workaround_reset_end cortex_a77, ERRATUM(1925769)
check_erratum_ls cortex_a77, ERRATUM(1925769), CPU_REV(1, 1)
Note, that the long comment on every mitigation is missing. This is on
purpose, as this new format includes all of its contents into an easily
readable format.
The workaround wrappers add an erratum entry (24 bytes) to a per-cpu
data structure which can then be read by a standard reset function to
apply all errata automatically. This has the added benefit of collecting
all errata TF-A knows about in a central way, which was previously
missing. This can then be used at runtime with the errata ABI.
If an erratum doesn't fit this standard definition (eg. the
CVE_2022_23960), it can progressively be unwrapped to the old
convention. The only differences are that the naming format is slightly
more verbose and a call to add_erratum_entry is needed to inform the
framework about the errata.
Finally, the internal workaround names change a tiny bit, especially
CVEs.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Iac644f85dcf85b8279b25e83baf1e7d08b253b16
