* changes:
feat(arm): move GPT setup to common BL source
feat(arm): retrieve GPT related data from platform
refactor(arm): rename L0/L1 GPT base macros
This feature provides support to context save the
SCXTNUM_ELx register. FEAT_CSV2_3 implies the implementation
of FEAT_CSV2_2. FEAT_CSV2_3 is supported in AArch64 state only
and is an optional feature in Arm v8.0 implementations.
This patch adds feature detection for v8.9 feature FEAT_CSV2_3,
adds macros for ID_AA64PFR0_EL1.CSV2 bits [59:56] for detecting
FEAT_CSV2_3 and macro for ENABLE_FEAT_CSV2_3.
Change-Id: Ida9f31e832b5f11bd89eebd6cc9f10ddad755c14
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
developer.trustedfirmware.org is deprecated so we cannot use its issues
tracker anymore. Instead, the project will now make use of the issues
tracker associated with the project's Github mirror at [1].
Reflect this change in TF-A documentation.
[1] https://github.com/TrustedFirmware-A/trusted-firmware-a/issues
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I912f7dafc74368dba4e61ba4c9f358d5bf8346a9
In i.MX8MM/MQ it is possible to have two copies of bootloader in
SD/eMMC and switch between them. The switch is triggered either
by the BootROM in case the bootloader image is faulty OR can be
enforced by the user, and there is API introduced in
9ce232fe ("feat(plat/imx8m): add SiP call for secondary boot"),
which leverages this SoC feature.
However neither i.MX8MP nor i.MX8MN have a dedicated bit
which indicates what boot image set is currently booted.
According to AN12853 [1] "i.MX ROMs Log Events", it is
possible to determine whether fallback event occurred
by parsing the BootROM event log. In case ROM event ID 0x51 is
present,fallback event did occur and secondary boot image was booted.
Knowing which boot image was booted might be useful for reliable
bootloader A/B updates, detecting fallback event might be used for
making decision if boot firmware rollback is required.
This patche introduces implementation, that replicates the same
imx_src_handler() behaviour as on i.MX8MM/MQ SoCs.
The code is based on original U-Boot implementation [2].
[1]: https://www.nxp.com/webapp/Download?colCode=AN12853
[2]: a5ee05cf71
Change-Id: I9a4c5229aa0e53fa23b5261459da99cb3ce6bdbe
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
commit@0a33adc058080433f73bde73895266068990245c
Deprecated CTX_INCLUDE_MTE_REGS but missed its usage in
context save and restore path.
Change-Id: I30544abdff2cf92ff05d2d4df46ffc6ff10611de
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
As of now, GPT setup is being handled from BL2 for plat/arm platforms.
However, for platforms having a separate entity to load firmware images,
it is possible for BL31 to setup the GPT. In order to address this
concern, move the GPT setup implementation from arm_bl2_setup.c file to
arm_common.c. Additionally, rename the API from arm_bl2_gpt_setup to
arm_gpt_setup to make it boot stage agnostic.
Signed-off-by: Rohit Mathew <Rohit.Mathew@arm.com>
Change-Id: I35d17a179c8746945c69db37fd23d763a7774ddc
For RME-enabled platforms, initializing L0 and L1 tables and enabling
GPC checks is necessary. For systems using BL2 to load firmware images,
the GPT initialization has to be done in BL2 prior to the image load.
The common Arm platform code currently implements this in the
"arm_bl2_plat_gpt_setup" function, relying on the FVP platform's
specifications (PAS definitions, GPCCR_PPS, and GPCCR_PGS).
Different Arm platforms may have distinct PAS definitions, GPCCR_PPS,
GPCCR_PGS, L0/L1 base, and size. To accommodate these variations,
introduce the "plat_arm_get_gpt_info" API. Platforms must implement
this API to provide the necessary data for GPT setup on RME-enabled
platforms. It is essential to note that these additions are relevant to
platforms under the plat/arm hierarchy that will reuse the
"arm_bl2_plat_gpt_setup" function.
As a result of these new additions, migrate data related to the FVP
platform to its source and header files.
Signed-off-by: Rohit Mathew <Rohit.Mathew@arm.com>
Change-Id: I4f4c8894c1cda0adc1f83e7439eb372e923f6147
In accordance with common naming conventions, macros specifying the base
address of a region typically use the prefix "BASE" combined with the
region name, rather than "ADDR_BASE."
Currently, the macros defining the base addresses for L0 and L1 GPT
tables within `arm_def.h` are named "ARM_L0_GPT_ADDR_BASE" and
"ARM_L1_GPT_ADDR_BASE" respectively. To adhere to the established naming
convention, rename these macros as "ARM_L1_GPT_BASE" and
"ARM_L0_GPT_BASE" respectively.
Signed-off-by: Rohit Mathew <Rohit.Mathew@arm.com>
Change-Id: Ibd50a58a1f63ba97d2df141f41a21a89ef97d6fb
The current documentation of the FEATURE_DETECTION build option seems
to suggest that this macro enables the dynamic runtime checking of
features, although this is done regardless of this debug feature.
FEATURE_DETECTION just adds the detect_arch_features() function to the
build and calls it early on, plus it enables the CPU errata order
checking.
Simplify the description of the FEATURE_DETECTION macro to make this
clear, and move the dynamic feature detection description into a
separate section, before all the specific ENABLE_FEAT_xxx explanations.
This also renames all mentioning of:
"... to align with the FEATURE_DETECTIION mechanism ..."
with:
"... to align with the ENABLE_FEAT mechanism ..."
in the description of each feature.
Change-Id: I5f4dd2d1e43bd440687b7cee551d02ec853d4e23
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
* changes:
build: remove the `NM` variable
build: prefer `gcc-ar` over `ar`
build: add `--no-warn-rwx-segments` when linking with GCC
build: always use the C compiler to assemble
build: always use the C compiler to preprocess
fix(rcar): fix implicit rule invocations in tools
Currently CTX_INCLUDE_MTE_REGS is used for dual purpose,
to enable allocation tags register and to context save and restore
them and also to check if mte feature is available.
To make it more meaningful, remove CTX_INCLUDE_MTE_REGS
and introduce FEAT_MTE. This would enable allocation tags register
when FEAT_MTE is enabled and also supported from platform.
Also arch features can be conditionally enabled disabled based on
arch version from `make_helpers/arch_features.mk`
Change-Id: Ibdd2d43874634ad7ddff93c7edad6044ae1631ed
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Add compilation and initialization of BSEC peripheral, to access OTP
fuses. Add the definition of OTP fuses.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: If6403838b1e2c04c59effc8545b381aced5f7cda
This driver is used for the new version of the BSEC peripheral used
on STM32MP25.
Change-Id: I38ca0db22d06704769c994c6806ccd80b17dde6e
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
* changes:
feat(stm32mp2-fdts): add board ID OTP in STM32MP257F-EV1
feat(stm32mp2-fdts): add OTP nodes in STM32MP251 SoC DT file
fix(stm32mp2): add missing include
feat(st): do not directly call BSEC functions in common code
feat(st): use stm32_get_otp_value_from_idx() in BL31
refactor(st): update test for closed chip
refactor(st-bsec): improve BSEC driver
refactor(st): use dashes for BSEC node names
Update nand driver to match GHRD design, fix row
address calculation method and other misc updates.
Signed-off-by: Girisha Dengi <girisha.dengi@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I1cb3dda43e767ba243fbe89bfa18818db321c5c2
* changes:
fix(xilinx): add console_flush() before shutdown
fix(xilinx): fix sending sgi to linux
feat(xilinx): add new state to identify cpu power down
feat(xilinx): request cpu power down from reset
feat(xilinx): power down all cores on receiving cpu pwrdwn req
feat(xilinx): add handler for power down req sgi irq
feat(xilinx): add wrapper to handle cpu power down req
fix(versal-net): use arm common GIC handlers
fix(xilinx): rename macros to align with ARM
As a part of removing DeviceTree from EDK2, we move functions to TF-A:
- counting the number of memory nodes
- checking NUMA node id
- checking the memory address
Signed-off-by: Xiong Yining <xiongyining1480@phytium.com.cn>
Signed-off-by: Chen Baozi <chenbaozi@phytium.com.cn>
Change-Id: Ib7bce3a65c817a5b3bef6c9e0a459c7ce76c7e35
Update the version to match release versioning scheme.
No functional change.
Signed-off-by: Hieu Nguyen <hieu.nguyen.dn@renesas.com>
Change-Id: Ib481fade925f74dbea1dd2b39c1abfab888379e4
Add cache operations because BL2 disabled MMU at the end of the boot
process, but did not clean/invalidate for the cache used by MMU.
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: Id4070b46103ca2b50788b3a99f6961a35df24418
This commit changes ENABLE_STACK_PROTECTOR value to "strong" for
enabling the stack protector by canary.
Signed-off-by: Koichi Yamaguchi <koichi.yamaguchi.zb@hitachi.com>
Signed-off-by: Toshiyuki Ogasahara <toshiyuki.ogasahara.bo@hitachi.com>
Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com>
Change-Id: Ice351d23c98daf12737a5e65cef743035d62dabe
Software supply chain attacks aim to inject malicious code into a
software product. There are several ways a malicious code can be
injected into a software product (open-source project).
These include:
- Malicious code commits
- Malicious dependencies
- Malicious toolchains
This document provides analysis of software supply chain attack
threats for the TF-A project
Change-Id: I03545d65a38dc372f3868a16c725b7378640a771
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Add a check in pre-commit hook to check the
- copyright header is present for the authors organisation.
- the copyright year for the copyright header is updated.
The author email id is parsed to get the organization. Depending upon
the parsed info, the copyright header for the organization is checked
if its present in the file(s) or not.
If the copyright header is present in the file(s) then the copyright
year is checked.
If the copyright header is not present or the copyright year in the
header is not updated it is highlighted to the author
which the user then needs to incorporate in the change accordingly.
To enable this check, the case statement in
.husky/pre-commit.copyright needs to be modified to add the domain
from the email id and corresponding copyright header of the
organisation.
Change-Id: I4dedb68248b3dae997d887dd380155fe326d071d
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
* changes:
feat(arm): add COT_DESC_IN_DTB option for CCA CoT
feat(fvp): add CCA CoT in DTB support
docs(arm): update TBBR CoT dtsi file name in doc
feat(dt-bindings): introduce CCA CoT, rename TBBR
Added a threat model for PSA firmware update as well as TBBR FWU aka
firmware recovery.
Change-Id: I2396e13144076d7294f61f6817e1a8646225c6c2
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
