The function stm32mp_is_closed_device() is replaced with
stm32mp_check_closed_device(), which return an uint32_t, either
STM32MP_CHIP_SEC_OPEN or STM32MP_CHIP_SEC_CLOSED.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Ie0790cdc36c4b6522083bc1f0e7c38e8061e6adf
In order to ease the introduction of a new BSEC3 driver for STM32MP25,
the BSEC2 driver is reworked. Unused functions are removed. The
bsec_base global variable is removed in favor of the macro BSEC_BASE.
A rework is also done around function checking the state of BSEC.
Change-Id: I1ad76cb67333ab9a8fa1d65db34d74a712bf1190
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This is something commonly asked by Linux kernel DT maintainers [1].
The mentioned doc is not upstreamed, but may be checked with dtbs_check.
While at it align some nodes with Linux or OP-TEE.
[1] https://lore.kernel.org/linux-arm-kernel/20231125184422.12315-1-krzysztof.kozlowski@linaro.org/
Change-Id: I63e983c2a00eda3cd8b81c66c0cd1a97cf8249b7
Signed-off-by: Yann Gautier <yann.gautier@st.com>
When building BL1 with SEPARATE_CODE_AND_RODATA=0, symbol names
__RO_{START|END}__ are ignored by memory map dump script.
Fix it by including the symbol in regular expression.
While at it, update the copyright year to current.
Change-Id: Iafeab75c5711429ea0b744510caf27dd8784a29a
Signed-off-by: Sekhar Nori <nsekhar@ti.com>
Cortex-A78C erratum 2683027 is a cat B erratum that applies to
revisions r0p1 - r0p2 and is still open. The workaround is to
execute a specific code sequence in EL3 during reset.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN-2004089/latest
Change-Id: I2bf9e675f48b62b4cd203100f7df40f4846aafa8
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Cortex-X3 erratum 2266875 is a Cat B erratum that applies to
all revisions <= r1p0 and is fixed in r1p1. The workaround is to
set CPUACTLR_EL1[22]=1 which will cause the CFP instruction to
invalidate all branch predictor resources regardless of context.
SDEN Documentation:
https://developer.arm.com/documentation/2055130/latest
Change-Id: I9c610777e222f57f520d223bb03fc5ad05af1077
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Cortex-X3 erratum 2302506 is a cat B erratum that applies to
revisions r0p0-r1p1 and is fixed in r1p2. The workaround is to
set bit[0] of CPUACTLR2 which will force PLDW/PFRM ST to behave
like PLD/PRFM LD and not cause invalidation to other PE caches.
There might be a small performance degradation to this workaround
for certain workloads that share data.
SDEN can be found here:
https://developer.arm.com/documentation/2055130/latest
Change-Id: I048b830867915b88afa36582c6da05734a56d22a
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Enable handoff to BL31 and BL32 using transfer list.
Encode TL_TAG_OPTEE_PAGABLE_PART as transfer entry.
Fallback to default handoff args when transfer list is disabled or
fails to archieve args from transfer entries.
Refactor handoff from BL2 to BL33.
Minor fixes of comment style.
Change-Id: I55d92ca7f5c4727bacc9725a7216c0ac70d16aec
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Enable handoff to OP-TEE using transfer list.
Create transfer list when loading OP-TEE image via non-secure SMC call.
Fallback to default handoff args when transfer list is disabled or
transfer list signature does not exist.
Change-Id: I94bb5b7fdfbb8829016a9d5d9ef5aff993d7cc99
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Silence warning from sp_mk_generator that 'is not' operator
is not meant for integers. This replaces the referred instance
with '!='.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I0d31ad65466dbeafebbfc929e506c3e290913aca
* changes:
feat(stm32mp2): put back core 1 in wfi after debugger's halt
feat(stm32mp2): add plat_my_core_pos
fix(stm32mp2): correct early/crash console init
Add support for FFA_CONSOLE_LOG in EL3 SPMC,
Disallow forwarding FFA_CONSOLE_LOG across worlds.
Add support for FFA_CONSOLE_LOG in FFA_FEATURES.
Input parameters:
w0/x0 - FFA_CONSOLE_LOG_32/64
w1/x1 - Character count
w2/x2-w7/x7 - 24 or 48 characters depending upon whether a SMC32 or
SMC64 FID was used.
Output parameters in case of success:
w0/x0 - FFA_SUCCESS
Output parameters in case of error:
w0/x0 - FFA_ERROR
w2/x2 - NOT_SUPPORTED: ABI is not implemented
INVALID_PARAMETERS: Parameters are incorrectly encoded
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Change-Id: I004c043729e77d1b9aa396c42d25c73d9268169a
Enable query of fip offset from QSPI on RSU boot for
Intel agilex and intel agilex5 platform
Change-Id: Iaa189c54723a8656b9691da5849fd86b9986cfa1
Signed-off-by: Mahesh Rao <mahesh.rao@intel.com>
Query the fip binary from SPT table on RSU boot on Intel Agilex series.
Change-Id: I8856b49539f33272625d4c0a8c26b81b5864c4eb
Signed-off-by: Mahesh Rao <mahesh.rao@intel.com>
As per SMCCC Section 6.2, the call count query for all the services
has been deprecated from SMCCC v1.2 onwards.
Inline with above change, AMD-Xilinx SiP service count query has
been deprecated and now onwards will return unknown function
identifier error.
Change-Id: I296d119d65549fdb01718d08351d255550e4ead0
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Coverity Scan reminded that we need to take care of MPIDR properly.
We need to make sure that we get MPIDR values from QEMU.
No MPIDR == panic() in case which should not happen.
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Change-Id: Idb5fe7d958f0bcecd3d66a643743f478538f4a8b
Added an assumption in generic threat model that platform's hardware
conforms the Platform Security Requirements specification.
Change-Id: I753287feec1cd459edfd3d1c103e0e701827cc05
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
As stated in the commit introducing the NS_TIMER_SWITCH build flag,
saving/restoring this registers causes the non-secure timer to stop
while in the secure world and non-secure timer interrupts are prevented
from asserting until we return to the non-secure world. This breaks
any realtime OS on the non-secure side that uses this timer for
realtime scheduling.
This flag is by default off, but OP-TEE SPD enables it. The K3 OP-TEE
platform makes no use of these registers and we would like to have
support for realtime OSs while also supporting the OP-TEE SPD. Disable
this flag in our platform definition.
Signed-off-by: Andrew Davis <afd@ti.com>
Change-Id: I65055512d897b93b7690fd63c734f4731a6e09e6
The core 1 is put in wfi for pen holding. If a debugger halts the
core, it causes the core to exit from wfi.
Let the core to jump back in wfi when the debugger resumes the
core's execution.
Signed-off-by: Antonio Borneo <antonio.borneo@foss.st.com>
Change-Id: I9b5607b05cdcde905dc4047af8d6f1292d53d701
This function is required, at least for bakery locks.
Change-Id: I28906c50e0a0ebff5d387a424247513ec1a599fc
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The former code, using x2 register, was removing the LPEN bit from UART
config register. So the UART clock is stopped as soon as the CA35 is in
CSleep. It was then displaying crap in Linux console.
The ands check instruction is replaced with a clearer tst instruction
directly with the bit to be tested.
Change-Id: I8a2b3ab195981dee2962e0c2f5d501d5933c17f4
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Calculate the free space as the range between the
limit and the end of the memory region *_REGION_END.
Change-Id: I9cacadea2543c9f5ddaebca82344a83678cd7d55
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
The FF-A specification has made it such that SPs
may optionally specify their load address in the manifest.
This info was being retrieved to generate some information
for the SPMC manifest. However, it is not a mandatory utility.
This change relaxes the case in which the SP manifest doesn't
have a load address.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Ic4c1b1ec6666522900c113903be45ba0eb5d0bf6
QEMU provides us with minimal information about hardware platform using
minimalistic DeviceTree. This is not a Linux DeviceTree. It is not even
a firmware DeviceTree.
Change-Id: I7b6cc5f53a4f78a9ed69bc7fc2fa1a69ea65428d
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
We want to remove use of DeviceTree from EDK2. So we move
functions to TF-A:
- counting cpu cores
- checking NUMA node id
- checking MPIDR
And then it gets passed to EDK2 via SMC calls.
Change-Id: I1c7fc234ba90ba32433b6e4aa2cf127f26da00fd
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
EL2 registers are 8 byte wide and are allocated continuous memory.
After moving MPAM_EL2 registers out of the EL2 struct, the section
of memory, assigned to MPAM registers in EL2 registers structure has
to be removed.
Henceforth, this patch addresses this issue and cleans up the unsued memory.
Change-Id: I3425b43add0755ff1f5cb803cd5fa667082e7814
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
The AMD-Xilinx Versal platform, currently only supports the OCM and
Low DDR address ranges in both physical and virtual address range.
To locate and execute TF-A from High DDR and HBM address range,
expanding the address scope is necessary.
Depending on the BL31_BASE address both the platform physical and
virtual space sizes are selected.
Change-Id: I49112bff9eda44d924c5f49ea99aed9a8d5e5774
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
* changes:
fix(rotpk): move rotpk definitions out of arm_def.h
feat(cpu): add support for Poseidon V CPU
fix(cpu): correct variant name for default Poseidon CPU
fix(rmmd): avoid TRP when external RMM is defined
The TF-A does have a official PRELOADED_BL33_BASE define which is used
to tell the TF-A where to jump and that no bl33 loading is requied. Use
this to make the platform specific PLAT_NS_IMAGE_OFFSET configurable.
This becomes necessary if one would like to place the bl33 code to other
places.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I9d462c0e9df8e6d2ad78ee770bfa59e680739a51
Add console_flush() call before shutting down in order to
ensure that console output is flushed.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I5397105d2d7bf317f199b6326593bdb1c3cc75e2
Currently in Versal NET TF-A writing 32 bits in icc_asgi1r_el1 register
to raise SGI to Linux but this register is of 64 bits. Also its writing
only CPU number and SGI number to this register but along with that it
needs to write cluster number and other information. Which is not happening
currently. So use generic function plat_ic_raise_ns_sgi() to raise SGI to
Linux.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I6f5146c8315a321b705ed2ef79e2dc927b805ffb
Currently there is only 1 state for CPU idle which is used while CPU
power down from Linux CPU idle feature. But CPU power down when firmware
send CPU power down request needs new state in self suspend to
distinguish in firmware for CPU power down from power down request or CPU
power down from Linux CPU idle. So add new state PM_STATE_CPU_OFF to
indicate CPU power down from power down request from firmware.
PM_STATE_CPU_OFF state is supported from self-suspend version 3. So
added feature check which sends new state in case of new firmware and
old state i.e. PM_STATE_CPU_IDLE in case of old firmware.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I4118e1b813e5f76fca7b7e9ca1cc598715203fb0
Send subsystem restart notification to firmware when TF-A receives
system reset PSCI call. On receiving subsystem restart call, firmware
will send CPU idle callback to TF-A for powering down all cores. Wait
for CPU idle callback from firmware and raise power down request to
all cores after it receives CPU idle callback to power down core.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I50f417ae228017f38b648740dc90b2e8f1872620
On receiving CPU power down request from firmware, TF-A raises SGI
interrupt to all active cores for entering in power down state. So add support
for power down core on receiving CPU power down request. PWRDWN_WAIT_TIMEOUT
is the timeout value in milliseconds for the other cores to transition to
power down state.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I29760a2098852c546fa5a1324262a62c3d75b391
On receiving CPU power down callback, TF-A raises SGI interrupt to all active
cores to power down each active cores. Add handler for this SGI IRQ.
By default TF-A uses SGI 6 for CPU power down request. This can be
configurable through CPU_PWRDWN_SGI build flag.
e.g., If user wants to use SGI 7 instead of SGI 6 then provide build
flag CPU_PWRDWN_SGI=7
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: Id0df32187d1de3f0af4486eb4d4930cb3ab01dbd
Firmware sends CPU power down request to TF-A through NOTIFY_CB
callback. It indicates CPU needs to power down.
Add wrapper to handle CPU power down request from firmware
through IPI callback.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: Ic4aff874dd29da057c5ffde1899c7f0e5cdf6733
Currently SGI interrupts are not received in secondary cores because
of issue in GIC configuration. In current Versal NET specific GIC
functions, redistributor configuration is not happening properly.
Because of that SGI interrupt from one processor to another processor
is not transferring. So, use common GIC handlers which will iterate
over all GIC redistributor frames and discovers per cpu redistributor
frame. Also, it initializes corresponding interface in GICv3.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I1433260b8520d6a315fdf5df86bd0688f92d211a
