When the TF-A is placed in DDR memory range, the DDR memory range is
getting explicitly reserved in the default device tree by TF-A.
This creates an error condition in the use case where Device tree is
not present or it is present at a different location.
To fix this, a new build time parameter, XILINX_OF_BOARD_DTB_ADDR, is
introduced. The TF-A will reserve the DDR memory only when a valid
DTB address is provided to XILINX_OF_BOARD_DTB_ADDR during build.
Now the user has options, either manually reserve the desired
DDR address range for TF-A in device tree or let TF-A access and modify
the device tree, to reserve the DDR address range, in runtime using
the build parameter.
Change-Id: I846fa373ba9f7c984eda3a55ccaaa622082cad81
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
When we reach sysreg_handler64 from any trap handling we are entering
this path from lower EL and thus we should be calling lower_el_panic
reporting mechanism to print panic report.
Make report_elx_panic available through assembly func elx_panic which
could be used for reporting any lower_el_panic.
Change-Id: Ieb260cf20ea327a59db84198b2c6a6bfc9ca9537
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Current panic call invokes do_panic which calls el3_panic, but now panic
handles only panic from EL3 anid clear separation to use lower_el_panic()
which handles panic from lower ELs.
So now we can remove do_panic and just call el3_panic for all panics.
Change-Id: I739c69271b9fb15c1176050877a9b0c0394dc739
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
In spite of the fact that makefile [1] indicates that DRTM_SUPPORT is
an experimental feature, it is better to mention the same in the
documentation of the build option as well.
[1]:
https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/Makefile#n897
Change-Id: Ibfa328ec8ed685ce715d144d979ba37e4f49f82e
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Some of our specialized sections are not prefixed with the conventional
period. The compiler uses input section names to derive certain other
section names (e.g. `.rela.text`, `.relacpu_ops`), and these can be
difficult to select in linker scripts when there is a lack of a
delimiter.
This change introduces the period prefix to all specialized section
names.
BREAKING-CHANGE: All input and output linker section names have been
prefixed with the period character, e.g. `cpu_ops` -> `.cpu_ops`.
Change-Id: I51c13c5266d5975fbd944ef4961328e72f82fc1c
Signed-off-by: Chris Kay <chris.kay@arm.com>
Added few missed links for Security Advisories.
Change-Id: I9cab72b70a518273cbb1a291142f452198427127
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Add support for custom sip service.
Bare minimum implementation for custom_smc_handler is provided
by platform. Actual definition for custom_smc_handler will be provided
by custom pkg.
This feature is going to be used by external libraries. For example
for checking it's status.
The similar approach is also used by qti/{sc7180,sc7280} platforms
by providing a way to select QTISECLIB_PATH.
This code is providing a generic way how to wire any code
via custom $(CUSTOM_PKG_PATH)/custom_pkg.mk makefile with also an
option to wire custom SMC. SMC functionality depends on "package".
Change-Id: Icedffd582f76f89fc399b0bb2e05cdaee9b743a0
Signed-off-by: Amit Nagal <amit.nagal@amd.com>
Due to size constraints in OCM memory range keeping the bl31 with
DEBUG=1 overlaps with the memory range from other Firmware thus
affecting the bootflow on target.
bl31 binary can not be placed in OCM memory range when built with
DEBUG=1.
With DEBUG=1, by default bl31 is moved to DDR memory range
0x1000-0x7FFFF.
The user can provide a custom DDR memory range during build time using
the build parameters ZYNQMP_ATF_MEM_BASE and ZYNQMP_ATF_MEM_SIZE.
Change-Id: I167d5eadbae7c6d3ec9b32f494b0b1a819bea5b0
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Certain links to Juno documentation point to a location that were
removed at some point, or are unused. Fix links to point to the latest
available version on Arm's public documentation site, and remove those
that are no longer being used.
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Change-Id: I59202767db8834e9c302b2826f3faee47d3a5edd
Update the python dependencies for building the project's Sphinx
documentation. Sphinx plugins are updated to the latest version, while
Sphinx itself is only updated to 5.3.0 (latest 5.x.x revision) due to
sphinx-rtd-theme not supporting any higher (both require incompatible
versions of docutils). Myst-parser is also updated to the latest version
to prevent a docutils clash as well.
The effect of this is to bump certifi to version 2022.12.7 and wheel to
0.38.4 as suggested by dependabot.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I0ced5b127494255ce01aa7f51665bfcba161d135
TF-A carries its own compiler-rt so higher versions of the compilers may
not necessarily work. Because TF-A is only tested on the specified
versions in the CI, any breakage remains unknown. Update the
prerequisites guide to make it more apparent that this is the case.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ia5da9c5ff505ead99f579f3f5fbe3a480d697c1d
* changes:
feat(spmd): map SPMC manifest region as EL3_PAS
feat(fvp): update device tree with load addresses of TOS_FW config
refactor(fvp): rename the DTB info structure member
feat(fconf): rename 'ns-load-address' to 'secondary-load-address'
There were some late comments to the prior change (18635) which are
address in this commit. There was also an invalid return value check
which was changed and the wrong result was being returned via the SMC
call for loading OP-TEE which is now fixed.
Signed-off-by: Jeffrey Kardatzke <jkardatzke@google.com>
Change-Id: I883ddf966662549a3ef9c801a2d4f47709422332
The 'ns-load-address' property has been renamed to 'secondary-load-
address' in order to make it more generic. It can be used to copy
the configuration to any location, be it root, secure, or non-secure.
Change-Id: I122508e155ccd99082296be3f6b8db2f908be221
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Make the language around the explanation for booting via secure flash
clearer. Provide details into the intent of the options given to QEMU.
Change-Id: Ia573b900aaa2346cad4f82191110b978f9bd5481
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
As the max ESPI can be 5119, so enlarge the intr_num range of
structure interrupt_prop_t. After the patch the ESPI can be add to
this macro:
define PLATFORM_G1S_PROPS(grp) \
INTR_PROP_DESC(197 - 32 + 4576, GIC_HIGHEST_SEC_PRIORITY, (grp), GIC_INTR_CFG_EDGE), \
INTR_PROP_DESC(199 - 32 + 4576, GIC_HIGHEST_SEC_PRIORITY, (grp), GIC_INTR_CFG_EDGE)
The firmware-design.rst will be updated accordingly.
Signed-off-by: Ming Huang <huangming@linux.alibaba.com>
Change-Id: Ic923868bb1b00c017410dc2aeabfda58ee54782f
In order to support the ability to target a SPI interrupt to a
particular core, an impdef field "interrupts-target" has been added to
associate and interrupt id with an mpidr. The field is optional and if
not provided, existing SPMC behavior of routing to boot strap core is
maintained.
Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>
Change-Id: I78ccfb45cd9b411cca4b36ff940064fc9dcd1622
* changes:
docs(rme): update RMM-EL3 Boot Manifest structure description
feat(rme): read DRAM information from FVP DTB
feat(rme): set DRAM information in Boot Manifest platform data
Add support for JTAG Debug Communication Channel(DCC), using the dcc
console driver, for Versal NET platform.
UART0/UART1 is not configured when the JTAG DCC is used as console for
the platform.
Though DCC is not using any UART, VERSAL_NET_UART_BASE needs
to be defined in the platform code. If its not defined, build errors
are observed.
Now VERSAL_NET_UART_BASE by default points to UART0 base.
Check for valid console(pl011, pl011_0, pl011_1, dcc) is
being done in the platform makefile, the error condition in
setting the value of VERSAL_NET_UART_BASE is redundant, thus the error
message is removed from the code.
Change-Id: I1085433055abea13526230cff4d4183ff7a01477
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
This adds the ability to load the OP-TEE image via an SMC called from
non-secure userspace rather than loading it during boot. This should
only be utilized on platforms that can ensure security is maintained up
until the point the SMC is invoked as it breaks the normal barrier
between the secure and non-secure world.
Signed-off-by: Jeffrey Kardatzke <jkardatzke@google.com>
Change-Id: I21cfa9699617c493fa4190f01d1cbb714e7449cc
This patch updates description of RMM-EL3 Boot Manifest
structure and its corresponding diagram and tables with DRAM
layout data.
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Change-Id: I1b092bc1ad5f1c7909d25c1a0dc89c2b210ada27
Fixed few typos in the measured boot POC document.
Change-Id: I122c069bbde51febed12c54e2c4a4985b009ef5f
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Also, the `run-time-model` field is removed from SP manifest binding
as it is not supported by Hafnium(SPMC).
Change-Id: Id8a91b2608791667e6285b3c5b879ec84612149d
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Cortex-A510 erratum 2684597 is a Cat B erratum that applies to revisions
r0p0, r0p1, r0p2, r0p3, r1p0, r1p1 and r1p2. It is fixed in r1p3. The
workaround is to execute a TSB CSYNC and DSB before executing WFI for
power down.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1873361/latesthttps://developer.arm.com/documentation/SDEN1873351/latest
Change-Id: Ic0b24b600bc013eb59c797401fbdc9bda8058d6d
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Neoverse V1 erratum 2779461 is a Cat B erratum that applies to
all revisions <=r1p2 and is still open.
The workaround sets CPUACTLR3_EL1[47] bit to 1. Setting this
bit might have a small impact on power and negligible impact
on performance.
SDEN documentation:https://developer.arm.com/documentation/SDEN1401781/latest
Change-Id: I367cda1779684638063d7292fda20ca6734e6f10
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
Cortex-A78 erratum 2779479 is a Cat B erratum that applies to
all revisions <= r1p2 and is still open.
The workaround is to set the CPUACTLR3_EL1[47] bit to 1. Setting this
bit might have a small impact on power and negligible impact
on performance.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1401784/latest
Change-Id: I3779fd1eff3017c5961ffa101b357918070b3b36
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
Cortex-A78C erratum 2772121 is a Cat B erratum that applies to
all revisions <=r0p2 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1707916/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I0e190dabffc20c4d3b9b98d1abeb50f308b80bb9
