Trusted Services had removed secure storage and added two new
trusted services - Protected Storage and Internal Trusted Storage.
Hence we are removing secure storage and adding support for the
internal trusted storage.
And enable external SP images in BL2 config for TC, so that
we do not have to modify this file whenever the list of SPs
changes. It is already implemented for fvp in the below commit.
commit 33993a3737
Author: Balint Dobszay <balint.dobszay@arm.com>
Date: Fri Mar 26 15:19:11 2021 +0100
feat(fvp): enable external SP images in BL2 config
Change-Id: I3e0a0973df3644413ca5c3a32f36d44c8efd49c7
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
Describe the boot using FIP, and how to compile it.
The STM32IMAGE boot chain is still available but it is not recommended.
Update the build command lines, for FIP.
The memory mapping is also updated.
Change-Id: I2b1e0df5500b6213d33dc558b0e0da38340a4d79
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Currently the list of SP UUIDs loaded by BL2 is hardcoded in the DT.
This is a problem when building a system with other SPs (e.g. from
Trusted Services). This commit implements a workaround to enable adding
SP UUIDs to the list at build time.
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Change-Id: Iff85d3778596d23d777dec458f131bd7a8647031
Addition of documents for platforms based on
NXP SoC LX2160A.
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Change-Id: I39ac5a9eb0b668d26301a0a24a1e6bf87f245f02
This patch adds the necessary files to support
the SolidRun CN913X CEx7 Evaluation Board.
Because the DRAM connectivity and SerDes settings
is shared with the CN913X DB - reuse relevant
board-specific files.
Change-Id: I75a4554a4373953ca3fdf3b04c4a29c2c4f8ea80
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
It was enabled in commit 3c7dcdac5c ("marvell/a3700: Prevent SError
accessing PCIe link while it is down") with a workaround for a bug found
in U-Boot and Linux kernel driver pci-aardvark.c (PCIe controller driver
for Armada 37xx SoC) which results in SError interrupt caused by AXI
SLVERR on external access (syndrome 0xbf000002) and immediate kernel
panic.
Now when proper patches are in both U-Boot and Linux kernel projects,
this workaround in TF-A should not have to be enabled by default
anymore as it has unwanted side effects like propagating all external
aborts, including non-fatal/correctable into EL3 and making them as
fatal which cause immediate abort.
Add documentation for HANDLE_EA_EL3_FIRST build option into Marvell
Armada build section.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Ic92b65bf9923505ab682830afb66c2f6cec70491
Add missing documentation for MSS_SUPPORT and SCP_BL2 build options used
on Marvell platforms.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I852f60569a9a49269ae296c56cc83eb438528bee
The Tegra132 platforms have reached their end of life and are
no longer used in the field. Internally and externally, all
known programs have removed support for this legacy platform.
This change removes this platform from the Tegra tree as a result.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I72edb689293e23b63290cdcaef60468b90687a5a
This renames tc0 platform folder and files to tc, and introduces
TARGET_PLATFORM variable to account for the differences between
TC0 and TC1.
Signed-off-by: Usama Arif <usama.arif@arm.com>
Change-Id: I5b4a83f3453afd12542267091b3edab4c139c5cd
Update documentation and group platform specific build options into
their own subsections.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I05927d8abf9f811493c49b856f06329220e7d8bb
This commit enables trusted-firmware-a with Trusted Board Boot support
for the Diphda 64-bit platform.
Diphda uses a FIP image located in the flash. The FIP contains the
following components:
- BL2
- BL31
- BL32
- BL32 SPMC manifest
- BL33
- The TBB certificates
The board boot relies on CoT (chain of trust). The trusted-firmware-a
BL2 is extracted from the FIP and verified by the Secure Enclave
processor. BL2 verification relies on the signature area at the
beginning of the BL2 image. This area is needed by the SecureEnclave
bootloader.
Then, the application processor is released from reset and starts by
executing BL2.
BL2 performs the actions described in the trusted-firmware-a TBB design
document.
Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Change-Id: Iddb1cb9c2a0324a9635e23821c210ac81dfc305d
This patch adds the option HARDEN_SLS_ALL that can be used to enable
the -mharden-sls=all, which mitigates the straight-line speculation
vulnerability. Enable this by adding the option HARDEN_SLS_ALL=1,
default this will be disabled.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I0d498d9e96903fcb879993ad491949f6f17769b2
* changes:
fix(plat/marvell/a3k): Fix building uart-images.tgz.bin archive
refactor(plat/marvell/a3k): Rename *_CFG and *_SIG variables
refactor(plat/marvell/a3k): Rename DOIMAGETOOL to TBB
refactor(plat/marvell/a3k): Remove useless DOIMAGEPATH variable
fix(plat/marvell/a3k): Fix check for external dependences
fix(plat/marvell/a8k): Add missing build dependency for BLE target
fix(plat/marvell/a8k): Correctly set include directories for individual targets
fix(plat/marvell/a8k): Require that MV_DDR_PATH is correctly set
Old Marvell a3700_utils and mv-ddr tarballs do not have to work with
latest TF-A code base. Marvell do not provide these old tarballs on
Extranet anymore. Public version on github repository contains all
patches and is working fine, so for public TF-A builds use only public
external dependencies from git.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: Iee5ac6daa9a1826a5b80a8d54968bdbb8fe72f61
Target mrvl_flash depends on external mv_ddr source code which is not
part of TF-A project. Do not expect that it is pre-downloaded at some
specific location and require user to specify correct path to mv_ddr
source code via MV_DDR_PATH build option.
TF-A code for Armada 37x0 platform also depends on mv_ddr source code
and already requires passing correct MV_DDR_PATH build option.
So for A8K implement same checks for validity of MV_DDR_PATH option as
are already used by TF-A code for Armada 37x0 platform.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I792f2bfeab0cec89b1b64e88d7b2c456e22de43a
For Arm platforms PIE is enabled when RESET_TO_BL31=1 in aarch64 mode on
the similar lines enable PIE when RESET_TO_SP_MIN=1 in aarch32 mode.
The underlying changes for enabling PIE in aarch32 is submitted in
commit 4324a14bf
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib8bb860198b3f97cdc91005503a3184d63e15469
Due to the small OCRAM space used for TF-A, we will
meet imx8mq build failure caused by too small RAM size.
We CANNOT support it in TF-A CI. It does NOT mean that
imx8mq will be dropped by NXP. NXP will still actively
maintain it in NXP official release.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: Iad726ffbc4eedc5f6770612bb9750986b9324ae9
We currently use Linaro release software stack version
20.01 in the CI. Reflect that change in the docs.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I0fa9f0163afb0bf399ec503abe9af4f17231f173
Clean up instructions for building/running TF-A on the
Juno platform and add correct link to SCP binaries.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I536f98082e167edbf45f29ca23cc0db44687bb3b
This patch adds support for the crypto and secure storage secure
partitions for the Total Compute platform. These secure partitions
have to be managed by Hafnium executing at S-EL2
Change-Id: I2df690e3a99bf6bf50e2710994a905914a07026e
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
Reverting FVP versions to previous version 11.12.38 for Cortex-A32x4
and Neoverse-N2x4.
Change-Id: I81e8ad24794dd425a9e9a66dc8bb02b42191abf1
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Updated the list of supported FVP platforms as per the latest FVP
release.
Change-Id: I1abd0a7885b1133715062ee1b176733556a4820e
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Documented the build options used in Arm GPT parser enablement.
Change-Id: I9d7ef2f44b8f9d2731dd17c2639e5ed0eb6d0b3a
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This new compile option is only for Armada 3720 Development Board. When
it is set to 1 then TF-A will setup PM wake up src configuration.
By default this new option is disabled as it is board specific and no
other A37xx board has PM wake up src configuration.
Currently neither upstream U-Boot nor upstream Linux kernel has wakeup
support for A37xx platforms, so having it disabled does not cause any
issue.
Prior this commit PM wake up src configuration specific for Armada 3720
Development Board was enabled for every A37xx board. After this change it
is enabled only when compiling with build flag A3720_DB_PM_WAKEUP_SRC=1
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I09fea1172c532df639acb3bb009cfde32d3c5766
A Neoverse reference design platform can have two or more variants that
differ in core count, cluster count or other peripherals. To allow reuse
of platform code across all the variants of a platform, introduce build
option CSS_SGI_PLATFORM_VARIANT for Arm Neoverse reference design
platforms. The range of allowed values for the build option is platform
specific. The recommended range is an interval of non negative integers.
An example usage of the build option is
make PLAT=rdn2 CSS_SGI_PLATFORM_VARIANT=1
Change-Id: Iaae79c0b4d0dc700521bf6e9b4979339eafe0359
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
sgm775 is an old platform and is no longer maintained by Arm and its
fast model FVP_CSS_SGM-775 is no longer available for download.
This platform is now superseded by Total Compute(tc) platforms.
This platform is now deprecated but the source will be kept for cooling
off period of 2 release cycle before removing it completely.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I8fe1fc3da0c508dba62ed4fc60cbc1642e0f7f2a
By default the Arm Ethos-N NPU will boot up in secure mode. In this mode
the non-secure world cannot access the registers needed to use the NPU.
To still allow the non-secure world to use the NPU, a SiP service has
been added that can delegate non-secure access to the registers needed
to use it.
Only the HW_CONFIG for the Arm Juno platform has been updated to include
the device tree for the NPU and the platform currently only loads the
HW_CONFIG in AArch64 builds.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I65dfd864042ed43faae0a259dcf319cbadb5f3d2
Setting MSS_SUPPORT to 0 also removes requirement for SCP_BL2
definition.
Images build with MSS_SUPPORT=0 will not include service CPUs
FW and will not support PM, FC and other features implemented
in these FW images.
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Change-Id: Idf301ebd218ce65a60f277f3876d0aeb6c72f105
Reviewed-on: https://sj1git1.cavium.com/c/IP/SW/boot/atf/+/37769
Tested-by: sa_ip-sw-jenkins <sa_ip-sw-jenkins@marvell.com>
Reviewed-by: Stefan Chulski <stefanc@marvell.com>
Reviewed-by: Ofer Heifetz <oferh@marvell.com>
Reviewed-by: Nadav Haklai <nadavh@marvell.com>
CZ.NIC as part of Turris project released free and open source WTMI
application firmware 'wtmi_app.bin' for all Armada 3720 devices. This
firmware includes additional features like access to Hardware Random
Number Generator of Armada 3720 SoC which original Marvell's 'fuse.bin'
image does not have.
CZ.NIC's Armada 3720 Secure Firmware is available at website:
https://gitlab.nic.cz/turris/mox-boot-builder/
This change updates documentation to include steps how to build Marvell
firmware image for Espressobin with this firmware to enable Hardware
Random Number Generator on Espressobin.
In this change is fixed also URL to TF-A and U-Boot git repositories in
Espressobin build example. And as Marvell github repositories switched
default branch to master, explicit branch via -b parameter is redundant
and therefore from examples removed.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I59ee29cb6ed149264c5e4202f2af8f9ab3859418
As per the new multi-console framework, updating the JTAG DCC support.
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Change-Id: I77994ce387caf0d695986df3d01d414a920978d0
