This feature is enabled by default using STM32MP_DDR_FIP_IO_STORAGE.
DDR firmware binary is loaded from FIP to SRAM1 which needs to be
mapped.
Only half of the SRAM1 will be allocated to TF-A.
RISAB3 has to be configured to allow access to SRAM1.
Add image ID and update maximum number on platform side also.
Fill related descriptor information, add policy and update numbers.
DDR_TYPE variable is used to identify binary file, and image is now
added in the fiptool command line.
The DDR PHY firmware is not in TF-A repository. It can be found at
https://github.com/STMicroelectronics/stm32-ddr-phy-binary
To ease the selection of the firmware path, STM32MP_DDR_FW_PATH is added
to platform.mk file.
Change-Id: I09ab0a5c63406055a7b5ccd16d65e443de47ca2f
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Maxime Méré <maxime.mere@foss.st.com>
* changes:
refactor(docs): update RSE docs to match the example CCA token
refactor(qemu): use the example CCA platform token from iat-verifier
refactor(fvp): use the example CCA platform token from iat-verifier
Until now, the attestation token size was limited by the size of the
shared buffer between RMM and TF-A. With this change, RMM can now
request the token in pieces, so they fit in the shared buffer. A new
output parameter was added to the SMC call, which will return (along
with the size of bytes copied into the buffer) the number of bytes
of the token that remain to be retrieved.
TF-A will keep an offset variable that will indicate the position in
the token where the next call will retrieve bytes from. This offset
will be increased on every call by adding the number number of bytes
copied. If the received hash size is not 0, TF-A will reset the
offset to 0 and copy from that position on.
The SMC call will now return at most the size of the shared buffer
in bytes on every call. Therefore, from now on, multiple SMC calls
may be needed to be issued if the token size exceeds the shared
buffer size.
Change-Id: I591f7013d06f64e98afaf9535dbea6f815799723
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Fixed a few typos in the cot binding document.
Change-Id: I043187b3f4b516db944e82569307834df2c3c72a
Signed-off-by: sah01 <sahil@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
I originally added myself here because I had experience with the rk3399
code, when there were no other maintainers and that was the only
supported Rockchip SoC. Nowadays there are maintainers from the actual
manufacturer and most changes concern other SoCs, so I don't think it
makes sense for me to still be on here.
Change-Id: Id75089e62cf1a8b4cf1a27903808922968520636
Signed-off-by: Julius Werner <jwerner@chromium.org>
Update the test files to eliminate the use of preprocessor macros,
as the tool now requires processed output. The documentation has
also been revised accordingly.
Additionally, remove the Device Tree Source test files that were
added to test the #ifdef conditions.
Change-Id: I13a682db20e5e44170fc25a2e2dbedd45b9c7321
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Previously the max GPT block size was set to 2MB as a conservative
default. For workloads making use of SMMU in Normal world, and has
a Stage 2 block mapping of large sizes like 512MB or 1GB, then a
max GPT block size of 2MB may result in performance regression.
Hence this patch changes the default max GPT block size from 2MB to 512MB.
Change-Id: If90f12f494ec0f44d3e5974df8d58fcb528cfd34
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
* changes:
feat(fvp): allow SIMD context to be put in TZC DRAM
docs(simd): introduce CTX_INCLUDE_SVE_REGS build flag
feat(fvp): add Cactus partition manifest for EL3 SPMC
chore(simd): remove unused macros and utilities for FP
feat(el3-spmc): support simd context management upon world switch
feat(trusty): switch to simd_ctx_save/restore apis
feat(pncd): switch to simd_ctx_save/restore apis
feat(spm-mm): switch to simd_ctx_save/restore APIs
feat(simd): add rules to rationalize simd ctxt mgmt
feat(simd): introduce simd context helper APIs
feat(simd): add routines to save, restore sve state
feat(simd): add sve state to simd ctxt struct
feat(simd): add data struct for simd ctxt management
Cortex-A720 erratum 2792132 is a Cat B erratum that is present
in revision r0p0, r0p1 and is fixed in r0p2.
The workaround is to set bit[26] of the CPUACTLR2_EL1 to 1.
SDEN documentation:
https://developer.arm.com/documentation/SDEN2439421/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I8d11fe65a2ab5f79244cc3395d0645f77256304c
This patch documents the support for the newly introduced
CTX_INCLUDE_SVE_REGS build flag. Since this build flag is influenced
by other build flags, the relevant sections have been updated with
proper guidance.
This patch also documents the SEPARATE_SIMD_SECTION build flag.
Change-Id: I07852c4a65239c6a9c6de18a95c61aac429bec1c
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
* changes:
feat(tc): enable trbe errata flags for Cortex-A520 and X4
feat(cm): asymmetric feature support for trbe
refactor(errata-abi): move EXTRACT_PARTNUM to arch.h
feat(cpus): workaround for Cortex-A520(2938996) and Cortex-X4(2726228)
feat(tc): make SPE feature asymmetric
feat(cm): handle asymmetry for SPE feature
feat(cm): support for asymmetric feature among cores
feat(cpufeat): add new feature state for asymmetric features
This patch implements errata functions for two errata, both of them
disable TRBE as a workaround. This patch doesn't have functions
that disable TRBE but only implemented helper functions that are
used to detect cores affected by Errata 2938996(Cortex-A520) & 2726228(Cortex-X4)
Cortex-X4 SDEN documentation:
https://developer.arm.com/documentation/SDEN2432808/latest
Cortex-A520 SDEN Documentation:
https://developer.arm.com/documentation/SDEN-2444153/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I8f886a1c21698f546a0996c719cc27dc0a23633a
Introduce a new feature state CHECK_ASYMMETRIC to cater for the features
which are asymmetric across cores. This state is useful for platforms
which has architectural asymmetric cores (A feature is only present in
one type of core e.g. big).
This state is similar to FEAT_STATE_CHECK (dynamic detection) except
that feature state is also checked on each core during warmboot path and
override the context (just for asymmetric features) which was setup by
core executing CPU_ON call.
Only Non-secure context will be re-checked as secure and realm context
is created on same core.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ic78a0b6ca996e0d7881c43da1a6a0c422f528ef3
The problem that this resolves is a bit involved; the following
must be met at the same time for some function <to_be_wrapped>:
* to_be_wrapped must be specified as part of the romlib
* to_be_wrapped must _not_ be referenced by any translation unit
in TF-A
* to_be_wrapped must be referenced by a translation unit in a
dependent library, mbedtls for example.
Under these circumstances, to_be_wrapped will not be wrapped, and
will instead reference its original definition while simultaneously
residing in romlib.
This is a side effect of two issues with romlib prior to this patch:
1 to_be_wrapped is expected to wrap by duplicating its definition.
This causes any condition that links against both the base and
wrapper functions to be a link error (duplicate symbol definition).
2 to_be_wrapped is in its own translation unit
This causes the wrappers to be used by TF-A in an as needed.
The duplicate function definitions can be worked around using the
linker's `--wrap` flag, which redirects all references to a symbol
to resolve to `__wrap_<symbol>` and the original symbol to be
available as `__real_<symbol>`. Most of the changes handle creating
this arguments and passing them to the linker.
Further, once you use the linker's wrap, you will encounter another
issue: if TF-A does not use a function, its wrapper is not present.
This causes link issues when a library and not TF-A uses the wrapper.
Note that this issue would have been resolved previously by ignoring
the wrapper and using the base definition.
This further issue is worked around by concatenating the assembly for
all of the wrappers into a single translation unit. It's possible to
work around this issue in a few other ways, including reordering the
libraries passed to the linker to place libwrapper.a last or grouping
the libraries so that symbols from later libraries may be resolved
with prior libraries.
I chose the translation unit concatenation approach as it revealed
that a jumptable has duplicate symbols within it.
Change-Id: Ie57b5ae69bde2fc8705bdc7a93fae3ddb5341ed9
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
* changes:
docs: add binding for vm availability messages
docs: fix discrepancies in value type of manifest fields
docs: update ff-a manifest bindings
chore(docs): remove hafnium specific documentation
rk3588 is an Octa-core soc with Cortex-a55/a76 inside.
This patch supports the following functions:
1. basic platform setup
2. power up/off cpus
3. suspend/resume cpus
4. suspend/resume system
5. reset system
6. power off system
Signed-off-by: XiaoDong Huang <derrick.huang@rock-chips.com>
Change-Id: I598109f15a2efd5b33aedd176cf708c08cb1dcf4
SPs can subscribe to get notified when a VM is created or destroyed.
This patch adds a binding to the SP manifest to represent this.
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Change-Id: Ib23655575f471a22bcf261f70f2c4124a3f292c3
* changes:
docs(xilinx): update SMC documentation in TF-A
feat(xilinx): add feature check function for TF-A specific APIs
feat(xilinx): update SiP SVC version number
feat(xilinx): update TF-A to passthrough all PLM commands
fix(xilinx): fix logic to read ipi response
In order to avoid the complexity of supporting value types smaller
than u32 and avoid discrepancies for the various manifest fields
among different projects, the value type for relevant fields are
upgraded to u32.
Change-Id: Ib033019b3b8c26bf4b8b50f89b7a6d1a772e5e51
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Various SPMC projects within trustefirmware.org have decided to adhere
to a common FF-A manifest binding document. The one hosted in the
readthedocs portal of TF-A project will be considered as the reference.
Hence, this binding document is updated to reflect new additions made
to binding document hosted in Hafnium project. Eventually, all other
binding document are going to be removed.
Also, few fields were incorrectly identified as mandatory. Necessary
corrections are made in this patch.
Change-Id: I2eadd77487c770e49605285bbd72027c5e72e385
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
All the relevant documentation for Hafnium as the chosen Secure
Partition Manager has been moved to hafnium project[1].
This patch removes the redundant sections without any loss of
information.
This patch adds links to documentation of each of the SPM projects.
[1] https://hafnium.readthedocs.io/en/latest/secure-partition-manager/index.html
Change-Id: I52caf7dc50f4aa253c68309cac0915b7d368939d
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Add the RMM option description in the build-options document.
Signed-off-by: Jaylyn Ren <Jaylyn.Ren2@arm.com>
Change-Id: Idb884e2707a2bdc686f676d16f0ff2f0e001a17d
This commit adds a command create-from-yaml to tlc, which
creates a transfer list from a yaml file. It also changes
the files structure of the fixtures in the unit tests so
they are in a directory called trusted-firmware-a. This
is necessary because blob file paths in the yaml file are
relative to the root of TF-A.
The blob files are not verified by TLC, so it can be used
to load arbitrary binary information into the transfer
list. The authenticity of the transfer list must be
ensured by the loader.
Change-Id: Idf704ce5d9b7e28b31f471ac337e4aef33d0ad8a
Signed-off-by: Charlie Bareham <charlie.bareham@arm.com>
Cortex-A720 erratum 2844092 is a Cat B erratum that is present
in revisions r0p0, r0p1 and is fixed in r0p2.
The workaround is to set bit[11] of CPUACTLR4_EL1 register.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-2439421/latest
Change-Id: I3d8eacb26cba42774f1f31c3aae2a0e6fecec614
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Cortex-X4 erratum 2816013 is a Cat B erratum that applies
to all revisions <= r0p1 and is fixed in r0p2. This erratum
is only present when memory tagging is enabled.
The workaround is to set CPUACTLR5_EL1[14] to 1.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-2432808/latest
Change-Id: I546044bde6e5eedd0abf61643d25e2dd2036df5c
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Updated documentation for new SMC SiP calling conventions for Platform
Management specific SiP Service calls.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: Iee09d3d843c6bb3f82aad6df703542ba1eb63c6c
Transfer List Compiler is a command line tool that enables the static
generation of TL's compliant with version 0.9 of the firmware handoff
specification. The intent of this tool is to support information passing
via the firmware handoff framework to bootloaders that run without
preceding images (i.e. `RESET_TO_BL31`).
It currently allows for TL's to be statically generated from blobs of
data, and modified by removing/adding TE's. Future work will provide
support for TL generation from configuration file.
Change-Id: Iff670842e34c9ad18eac935248ee2aece43dc533
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Co-authored-by: Charlie Bareham <charlie.bareham@arm.com>
Update Versal platform to enable runtime detection of variants instead
of relying on the build argument VERSAL_PLATFORM.
Integrate functionality for identifying the board variant during
runtime, allowing dynamic adjustment of CPU and UART clock values
accordingly.
Print the runtime board information during boot.
This advancement streamlines the build process by eliminating
dependencies on variant-specific builds, enabling the use of a single
binary for multiple variants.
Removing all the platform related constants for versal_virt,SPP,EMU as
they are not used.
Change-Id: I8c1a1d391bd1a8971addc1f56f8309a3fb75aa6d
Signed-off-by: Amey Avinash Raghatate <AmeyAvinash.Raghatate@amd.com>
Signed-off-by: Maheedhar Bollapalli <MaheedharSai.Bollapalli@amd.com>
This patch disables trapping to EL3 when the FEAT_FGT2
specific trap registers are accessed by setting the
SCR_EL3.FGTEn2 bit
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I6d2b614affb9067b2bc3d7bf0ae7d169d031592a
This patch enables FEAT_Debugv8p9 and prevents EL1/0 from
trapping to EL3 when accessing MDSELR_EL1 register by
setting the MDCR_EL3.EBWE bit.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I3613af1dd8cb8c0d3c33dc959f170846c0b9695a
