With recently introduced dualroot CoT for SPs where they are owned
either by SiP or by Platform. SiP owned SPs index starts at SP_PKG1_ID
while Plat owned SPs index starts at SP_PKG5_ID.
This patch modifies SP makefile generator script to take CoT as an
argument and if it is "dualroot" then generates SP_PKG in order
mentioned above, otherwise generates it sequentially.
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: Iffad1131787be650a9462f6f8cc09b603cddb3b8
For Arm platforms SPs are loaded by parsing tb_fw_config.dts and
adding them to SP structure sequentially, which in-turn is appended to
loadable image list.
With recently introduced dualroot CoT for SPs where they are owned
either by SiP or by Platform. SiP owned SPs index starts at SP_PKG1_ID
and Plat owned SPs index starts at SP_PKG5_ID. As the start index of SP
depends on the owner, there should be a mechanism to parse owner of a SP
and put it at the correct index in SP structure.
This patch adds support for parsing a new optional field "owner" and
based on it put SP details(UUID & Load-address) at the correct index in
SP structure.
Change-Id: Ibd255b60d5c45023cc7fdb10971bef6626cb560b
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
For dualroot CoT there are two sets of SP certificates, one owned by
Silicon Provider(SiP) and other owned by Platform. Each certificate can
have a maximum of 4 SPs.
This patch reduces the number of SiP owned SPs from 8 to 4 and adds
the remaining 4 to Plat owned SP.
Plat owned SP certificate is signed using Platform RoT key and
protected against anti-rollback using the Non-trusted Non-volatile
counter.
Change-Id: Idc3ddd87d6d85a5506a7435f45a6ec17c4c50425
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Add support to generate a certificate named "plat-sp-cert" for Secure
Partitions(SP) owned by Platform.
Earlier a single certificate file "sip-sp-cert" was generated which
contained hash of all 8 SPs, with this change SPs are divided into
two categories viz "SiP owned" and "Plat owned" containing 4 SPs each.
Platform RoT key pair is used for signing.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I5bd493cfce4cf3fc14b87c8ed1045f633d0c92b6
Adding support for QTI CHIP SC7180 on ATF
Change-Id: I0d82d3a378036003fbd0bc4784f61464bb76ea82
Signed-off-by: Saurabh Gorecha <sgorecha@codeaurora.org>
Co-authored-by: Maulik Shah <mkshah@codeaurora.org>
MISRA defect cleanup and general code cleanup in mem_region.c and
semihosting.c. This task also called for cleanup of the ARM NOR flash
driver but that was removed at some point since the Jira task was
created. This patch fixes all MISRA defects in these files except for a
few "Calling function "console_flush()" which returns error information
without testing the error information." errors which can't really be
avoided.
Defects Fixed
File Line Rule
lib/semihosting/semihosting.c 70 MISRA C-2012 Rule 14.4 (required)
lib/semihosting/semihosting.c 197 MISRA C-2012 Rule 14.3 (required)
lib/semihosting/semihosting.c 210 MISRA C-2012 Rule 14.4 (required)
lib/utils/mem_region.c 128 MISRA C-2012 Rule 12.1 (advisory)
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I21a039d1cfccd6aa4301da09daec15e373305a80
Add sdei support for i.MX8MM, this is to let jailhouse Hypervisor
could use SDEI to do hypervisor management, after physical IRQ
has been disabled routing.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Change-Id: I5fd697fee22df151e13d0f1335e8ac8a7bae6189
If the user tries to change BUILD_BASE to put the build products outside
the build tree the compile will fail due to hard coded assumptions that
$BUILD_BASE is a relative path. Fix by using $(abspath $(BUILD_BASE))
to rationalize to an absolute path every time and remove the relative
path assumptions.
This patch also adds documentation that BUILD_BASE can be specified by
the user.
Signed-off-by: Grant Likely <grant.likely@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib1af874de658484aaffc672f30029b852d2489c8
These broken links were found with the help of this command:
$> sphinx-build -M linkcheck . build
A sample broken link is reported as follows:
(line 80) -local- firmware-design.rst#secure-el1-payloads-and-dispatchers
Change-Id: I5dcefdd4b8040908658115647e957f6c2c5da7c2
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This patch fixes BL31 linker error
"relocation R_AARCH64_ABS32 against `a local symbol'
can not be used when making a shared object"
when Position Independent Executable (PIE) support
is enabled with ENABLE_PIE=1 build option.
Change-Id: I2692269676db3f3b27eed499fc029fffb67969be
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Currently only single signing domain is supported for SP packages but
there is plan to support dual signing domains if CoT is dualroot.
SP_CONTENT_CERT_ID is the certificate file which is currently generated
and signed with trusted world key which in-turn is derived from Silicon
provider RoT key.
To allow dual signing domain for SP packages, other certificate file
will be derived from Platform owned RoT key.
This patch renames "SP_CONTENT_CERT_ID" to "SIP_SP_CONTENT_CERT_ID" and
does other related changes.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I0bc445a3ab257e2dac03faa64f46e36a9fed5e93
Following merge of patchset [1] the spm_mm_boot_info_t structure is
included in few platform files unconditionally even when SPM_MM option
is disabled.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/2647
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I68bc034c9348b5d9bcfd2e5217b781df5ad1b369
The command line for BL33 payloads is typically taken from the DTB. On
"normal" systems the bootloader will put the right version in there, but
we typically don't use one on the FPGAs.
To avoid editing (and possibly re-packaging) the DTB for every change in
the command line, try to read it from some "magic" memory location
instead. It can be easily placed there by the tool that uploads the
other payloads to the FPGA's memory. BL31 will then replace the existing
command line in the DTB with that new string.
To avoid reading garbage, check the memory location for containing a
magic value. This is conveniently chosen to be a simple ASCII string, so
it can just preceed the actual command line in a text file:
--------------------------------
CMD:console=ttyAMA0,38400n8 debug loglevel=8
--------------------------------
Change-Id: I5923a80332c9fac3b4afd1a6aaa321233d0f60da
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Provide manifest and build options to boot OP-TEE as a
guest S-EL1 Secure Partition on top of Hafnium in S-EL2.
Increase ARM_SP_MAX_SIZE to cope with OP-TEE debug build image.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Idd2686fa689a78fe2d05ed92b1d23c65e2edd4cb
Openssl directory path is hardcoded to '/usr' in the makefile
of certificate generation and firmware encryption tool using
'OPENSSL_DIR' variable.
Hence changes are done to make 'OPENSSL_DIR' variable as
a build option so that user can provide openssl directory
path while building the certificate generation and firmware
encryption tool.
Also, updated the document for this newly created build option
Change-Id: Ib1538370d2c59263417f5db3746d1087ee1c1339
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
The purpose of rx_training had changed after last update. Currently it
is not supposed to help with providing static parameters for porting
layer. Instead, it aims to suit the parameters per connection.
Change-Id: I2a146b71e2e20bd264c090a9a627d0b6bc56e052
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
Add references to the OcteonTX2 CN913x family.
Change-Id: I172a8e3d061086bf4843acad014c113c80359e01
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
As the preparation for adding the CN913x SoC family support
introduce code that enable SVC and the frequency handling
specific for the AP807 North Bridge.
Change-Id: Ibe34a511b49cd9671a2e53b77bdcfc644bb915e3
Signed-off-by: Alex Evraev <alexev@marvell.com>
Update AVS settings and remove unused macros.
This is a preparation patch for adding CN913x SoC
family support.
Change-Id: Ib1dd70885a316ed5763d0f4730d0e4734da117b7
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
Add CN913x case to bl2_plat_get_cp_count.
Fix loading of cp1/2 image. This is a preparation
patch for adding CN913x SoC family support.
Change-Id: Id84a30203d20572fc0dfd3f91ea395c199a85fe9
Signed-off-by: Ben Peled <bpeled@marvell.com>
Add support for “AVS reduction” feature at this mode for
7040 Dual Cluster operation mode at CPU=1600MHz
Change-Id: Ia72b10e0ccfad07568bf4c089ea3990173ae24b2
Signed-off-by: Alex Evraev <alexev@marvell.com>
the twin-die combined memory device should be treated as
X8 device and not as X16 one. This patch is required to
re-enable compilation after BLE (mv-ddr-marvell) firmware upgrade.
Change-Id: I41257ff2825164ebca85a84bbb8462d7b3447b97
Signed-off-by: Moti Buskila <motib@marvell.com>
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
This patch fixes a bug where wrong panic was caused when the number
of SP was same as max limit.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I9ace62d8d5bcdc410eeacdd9d33d55a7be5fcc8e
