Similarly to BL1 and BL31, use EL3_PAS macro from xlat_tables header
(depends on ENABLE_RME) in BL2 to define MAP_BL2_TOTAL.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I59a3b297efd2eacd082a297de6b579b7c9052883
If TRANSFER_LIST is enabled, hand off TPM event log via TL instead
of DT; otherwise fallback to legacy way if TRANSFER_LIST is off or
errors observed.
Moreover, for updating the TL from secure to non-secure
memory before existing EL3, replace memcpy with function
transfer_list_relocate() for more accuracy.
Change-Id: I1d6bcf573f91efe99380bc89195198a8583b1def
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
print ni-tower discovery tree to understand ni-tower hierarchy which
might be useful during debugging.
Change-Id: Ib49fef9c63f7740e04b4d8371c1083bd040f6e09
Signed-off-by: Jagdish Gediya <jagdish.gediya@arm.com>
Signed-off-by: Icen.Zeyada <Icen.Zeyada2@arm.com>
Set console baurate to 38400 for fvp as well for code
simplicity.
Change-Id: I58ba6b7043541f6eb67e32257307da4eba0bb28a
Signed-off-by: Jagdish Gediya <jagdish.gediya@arm.com>
Signed-off-by: Icen.Zeyada <Icen.Zeyada2@arm.com>
remove redundant macro UARTCLK_FREQ and replace it with TC_UARTCLK
in dts.
Change-Id: Id463a9ddc1588278e552ffca3dfb738676229ce7
Signed-off-by: Jagdish Gediya <jagdish.gediya@arm.com>
Signed-off-by: Icen.Zeyada <Icen.Zeyada2@arm.com>
SMCCC_ARCH_FEATURE_AVAILABILITY [1] is a call to query firmware about
the features it is aware of and enables. This is useful when a feature
is not enabled at EL3, eg due to an older FW image, but it is present in
hardware. In those cases, the EL1 ID registers do not reflect the usable
feature set and this call should provide the necessary information to
remedy that.
The call itself is very lightweight - effectively a sanitised read of
the relevant system register. Bits that are not relevant to feature
enablement are masked out and active low bits are converted to active
high.
The implementation is also very simple. All relevant, irrelevant, and
inverted bits combined into bitmasks at build time. Then at runtime the
masks are unconditionally applied to produce the right result. This
assumes that context managers will make sure that disabled features
do not have their bits set and the registers are context switched if
any fields in them make enablement ambiguous.
Features that are not yet supported in TF-A have not been added. On
debug builds, calling this function will fail an assert if any bits that
are not expected are set. In combination with CI this should allow for
this feature to to stay up to date as new architectural features are
added.
If a call for MPAM3_EL3 is made when MPAM is not enabled, the call
will return INVALID_PARAM, while if it is FEAT_STATE_CHECK, it will
return zero. This should be fairly consistent with feature detection.
The bitmask is meant to be interpreted as the logical AND of the
relevant ID registers. It would be permissible for this to return 1
while the ID returns 0. Despite this, this implementation takes steps
not to. In the general case, the two should match exactly.
Finally, it is not entirely clear whether this call replies to SMC32
requests. However, it will not, as the return values are all 64 bits.
[1]: https://developer.arm.com/documentation/den0028/galp1/?lang=en
Co-developed-by: Charlie Bareham <charlie.bareham@arm.com>
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I1a74e7d0b3459b1396961b8fa27f84e3f0ad6a6f
In preparation for SMCCC_ARCH_FEATURE_AVAILABILITY, it is useful for
context to be directly related to the underlying system. Currently,
certain bits like SCR_EL3.APK are always set with the understanding that
they will only take effect if the feature is present.
However, that is problematic for SMCCC_ARCH_FEATURE_AVAILABILITY (an
SMCCC call to report which features firmware enables), as simply reading
the enable bit may contradict the ID register, like the APK bit above
for a system with no Pauth present.
This patch is to clean up these cases. Add a check for PAuth's presence
so that the APK bit remains unset if not present. Also move SPE and TRBE
enablement to only the NS context. They already only enable the features
for NS only and disable them for Secure and Realm worlds. This change
only makes these worlds' context read 0 for easy bitmasking.
There's only a single snag on SPE and TRBE. Currently, their fields have
the same values and any world asymmetry is handled by hardware. Since we
don't want to do that, the buffers' ownership will change if we just set
the fields to 0 for non-NS worlds. Doing that, however, exposes Secure
state to a potential denial of service attack - a malicious NS can
enable profiling and call an SMC. Then, the owning security state will
change and since no SPE/TRBE registers are contexted, Secure state will
start generating records. Always have NS world own the buffers to
prevent this.
Finally, get rid of manage_extensions_common() as it's just a level of
indirection to enable a single feature.
Change-Id: I487bd4c70ac3e2105583917a0e5499e0ee248ed9
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
New slew rate applied.
SDMMC:
- for SD card and eMMC:
- clk at 2.
- cmd and data at 1.
- for Wifi
- clk at 1.
- cmd and data at 0.
SDMMC1:
- for dk board:
- clk at 2.
- cmd and data at 1.
- for eval board:
- clk at 3.
- cmd and data at 2.
Change-Id: I2dfa62aca08a613e0532746050246fc8dc476ff8
Signed-off-by: Christophe Kerello <christophe.kerello@foss.st.com>
These DT files will be used by STM32MP2 boards. They embed DDR
parameters for LPDDR4 1x16Gb 1*32bits, at 800MHz or 1200MHz.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I4017e44b3e9d01735d76518666d05405c2bd976b
This resolves Dependabot vulnerability alert #19, resolving a DoS issue
in a dependency of pytest.
Change-Id: I2959da88d3d0422e15d25df5820dfd91f474d6ca
Signed-off-by: Chris Kay <chris.kay@arm.com>
Create a common BL2 API to add a TE for TPM event log.
Change-Id: I459e70f40069aa9ea0625977e0bad8ec316439e6
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
The commit with Change-Id:Ie417e054a7a4c192024a2679419e99efeded1705
updated the register convention r1/x1 values but missing necessary
changes in BL31.
As a result, a system panic observed during setup for BL32 when
TRANSFER_LIST is enabled due to unexpected arguments.
This patch is to fix this issue for qemu.
Change-Id: I42e581c5026f0f66d3b114204b4dff167a9bc6ae
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
The commit with Change-Id:Ie417e054a7a4c192024a2679419e99efeded1705
updated the register convention r1/x1 values but missing necessary
changes in BL31.
As a result, a system panic observed during setup for BL32 when
TRANSFER_LIST is enabled due to unexpected arguments.
This patch is to fix this issue for optee.
Change-Id: I13e116e7cb5a7d89fafc11d20295cffbf24793ab
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
SPE and TRBE don't have an outright EL3 disable, there are only
constraints on what's allowed. Since we only enable them for NS at the
moment, we want NS to own the buffers even when the feature should be
"disabled" for a world. This means that when we're running in NS
everything is as normal but when running in S/RL then tracing is
prohibited (since the buffers are owned by NS). This allows us to fiddle
with context a bit more without having to context switch registers.
Change-Id: Ie1dc7c00e4cf9bcc746f02ae43633acca32d3758
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
FF-A memory management protocol v1.1 specifies not only
FFA_MEM_PERM_GET_SMC32/FFA_MEM_PERM_SET_SMC32 but also
FFA_MEM_PERM_GET_SMC64/FFA_MEM_PERM_SET_SMC64.
Change former FFA_MEM_PERM_GET/SET definitions to separate operations
and add handler for FFA_MEM_PERM_GET/SET_SMC64 in spmc_smc_handler().
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I175063654703db26c1ffc3cfd7fa428b94d2bfc9
The EDKII/StandaloneMm module runs as a S-EL0 partition
on top of the EL3 FF-A SPMC.
In the past the StandaloneMm partition received its boot information through
the use of a device tree (DT) passed through the FF-A boot protocol.
The StandaloneMm itself converted the DT into a HOB.
To better match the UEFI PI spec,
the EL3 SPMC must now produce the HOB including the PHIT
(Phase Handoff Information Table) as first item in the HOB list.
The SPMC then passes the HOB through the FF-A boot protocol for
the StandaloneMm consumption.
This discards the use of a DT between the SPMC and
the StandaloneMm partition.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I22fb02c710169bd5a5ba1d1f60dce977a5a59ab6
When StandaloneMm used with SPM_MM, TF-A should create
PHIT Hob to boot it.
This patch supports Hob creation for StandaloneMm in synquacer platform.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: Ifa3ae1f0aa37f389aabb14f48be307502ae6fc2c
The commit
1922875233 ("fix(spm-mm): carve out NS buffer TZC400 region")
removes overlaps of ns shared buffer in secure memory region.
Unfortunately, this separation increases 1 region and over maximum
number of TZC programmable regions when they include
extended memory map regions (DRAM3 to DRAM6).
This causes boot failure of StandaloneMm with spmc_el3 && sp_el0 with
ASSERT: drivers/arm/tzc/tzc400.c:256.
To fix this, like SPM_MM, exclude setting extended memory map regions when
it uses SPMC_AT_EL3 && SPC_AT_EL3_SEL0_SP.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I2d40bea066ca030050dfe951218cd17171010676
Support StandaloneMm running with FF-A as S-EL0 SP
when TF-A is built with EL3 SPMC partition manager.
For this
1. add manifest file describing StandaloneMm partition.
2. add number of page mapping area.
3. StandaloneMm should use SRAM with 512K.
while enabling, StandaloneMm, BL1 image requires more size:
aarch64-none-elf/bin/ld: BL31 image has exceeded its limit.
aarch64-none-elf/bin/ld: region `RAM' overflowed by 16384 bytes
So, when using SRAM size with 512K configuration,
increase size limit of BL1 binary.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: Idaa1db510340ebb812cfd13588610b2eea941918
According to Platform Initialization (PI) Specification [1] and
Discussion on edk2 mailing list [2],
StandaloneMm shouldn't create Hob but it should be passed from TF-A.
IOW, TF-A should pass boot information via PHIT Hob to initialise
StandaloneMm properly.
This patch applies using transfer list with PHIT Hob list [3] for
delivering boot information to StandaloneMm.
Link: https://uefi.org/sites/default/files/resources/PI_Spec_1_6.pdf [1]
Link: https://edk2.groups.io/g/devel/topic/103675962#114283 [2]
Link: https://github.com/FirmwareHandoff/firmware_handoff [3]
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I3df71a7679abf9859612afc8a5be7b2381007311
The combination of ENABLE_RME=1 + ENABLE_PIE=1 build options is
prevented currently for no good reason. ENABLE_PIE in a 4 worlds
configuration is mostly for building BL31 with PIE support.
BL1 / BL2 (BL2_RUNS_AT_EL3=1) remain non-PIE. BL32 (TSP) is PIE capable
but typically unused in this configuration. TRP doesn't support PIE
but is loaded in place so isn't affected by this option.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ia60e295534a92cb1b4e3eb88b3e240aea4f4fe1d
This is a small change adding accessor functions for the Debug Power
Control register (DBGPRCR_EL1) to the common architectural helpers.
Change-Id: I72261fbf0395d900347b46af320093ed946aa73d
Signed-off-by: Chris Kay <chris.kay@arm.com>
* changes:
feat(mbedtls): optimize SHA256 for reduced memory footprint
refactor(arm): rename ARM_ROTPK_HEADER_LEN
docs(arm): update docs to reflect rotpk key changes
feat(arm): use provided algs for (swd/p)rotpk
feat(arm): use the provided hash alg to hash rotpk
By default, the ECDSA Brainpool regular and ECDSA Brainpool twisted
algorithms support 256-bit sized keys. Not defining this leads to
an error indicating that '256' is not a valid key size for ECDSA
Brainpool. KEY_SIZES matrix must have a value in its table to avoid
problems when KEY_SIZE is defined.
Signed-off-by: Maxime Méré <maxime.mere@foss.st.com>
Change-Id: I34886659315f59a9582dcee1d92d0e24d4a4138e
Set MBEDTLS_SHA256_SMALLER as the default mbedTLS configuration
to minimize memory usage, trading off some processing speed for
a smaller footprint.
Change-Id: Ibfa6e115a0ed94096b9acdd9e237f3fb5457071d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This variable had a misleading name, as it is the length
of the header only when the ROTPK is a hash.
Also rename arm_rotpk_header to match the new pattern.
Change-Id: I36c29998eebf50c356a6ca959ec9223c8837b540
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
The hashing algorithm for the rotpk is now HASH_ALG,
not always sha-256. The public development keys are
no longer in the repository and are now generated at
run-time, updates the documentation to reflect this.
Change-Id: Ic336f7aca858e9b6a1af6d6e6dc5f4aa428da179
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
No longer hard code SHA-256 hashed rsa dev keys,
now the keys can use pair of key alg: rsa, p256, p384
and hash alg: sha256, sha384, sha512.
All public keys are now generated at build-time from the dev
keys.
Change-Id: I669438b7d1cd319962c4a135bb0e204e44d7447e
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
No longer hard code SHA-256 hashed dev rotpks, instead
use the algorithm given by HASH_ALG. This means that
we no longer need the plat_arm_configs (once the protpk and
swd_rotpk are also updated to use HASH_ALG).
The rot public key is now generated at build time, as is
the header for the key.
Also support some default 3k and 4k RSA keys.
Change-Id: I33538124aeb4fa7d67918d878d17f2a84d3a6756
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Change the data type regarding the return value of smc_handler_t
Change-Id: I208e7f131da8771ac2f41682ca0d97de468410ee
Signed-off-by: Hsin-Hsiung Wang <hsin-hsiung.wang@mediatek.com>
On the Agilex5 platform when cold reset is issued via CLI application
in the OS, it is received in the BL31 via a SMC call and handled
accordingly like flush/invalidate the caches. However, when the cold
reset is issued via an external switch these handlings are missed.
This patch addresses those missed cache operations.
Also, this patch is to restoring SCR_EL3 NS bit to its previous value
in order to avoid unintended behavior especially if subsequent code
expects the SCR_EL3 register to be in its original configuration.
Change-Id: I9737f2db649e483ba61fffa6eeb0b56a9d15074a
Signed-off-by: Girisha Dengi <girisha.dengi@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
This corrects the MISRA violation C2012-7.2:
A “u” or “U” suffix shall be applied to all integer constants that
are represented in an unsigned type.
Appended "u" suffix to integer constant to represent it as
unsigned type.
Change-Id: I08b055134d6bd0380cca1e5b6ee527d6045a76c5
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
This corrects the MISRA violation C2012-7.2:
A “u” or “U” suffix shall be applied to all integer constants that
are represented in an unsigned type.
Appended "U" suffix to integer constant to represent it as
unsigned type.
Change-Id: I76f3c5903ed21ecba4d600e879d93026fc744f6c
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
This corrects the MISRA violation C2012-15.6:
The body of an iteration-statement or a selection-statement shall
be a compound-statement.
Enclosed statement body within the curly braces.
Change-Id: I546cf47edc6332ee193b4771c88ae30553687f19
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
This corrects the MISRA violation C2012-15.6:
The body of an iteration-statement or a selection-statement shall
be a compound-statement.
Enclosed statement body within the curly braces.
Change-Id: I8de33e774178720411313021a7b157045d3cefa0
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
