Align entire TF-A to use Arm in copyright header.
Change-Id: Ief9992169efdab61d0da6bd8c5180de7a4bc2244
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
* changes:
feat(qemu): add dummy plat_mboot_measure_key() function
docs(rss): update RSS doc for signer-ID
feat(imx): add dummy 'plat_mboot_measure_key' function
feat(tc): implement platform function to measure and publish Public Key
feat(auth): measure and publicise the Public Key
feat(fvp): implement platform function to measure and publish Public Key
feat(fvp): add public key-OID information in RSS metadata structure
feat(auth): add explicit entries for key OIDs
feat(rss): set the signer-ID in the RSS metadata
feat(auth): create a zero-OID for Subject Public Key
docs: add details about plat_mboot_measure_key function
feat(measured-boot): introduce platform function to measure and publish Public Key
* changes:
fix(cpus): workaround for Neoverse N2 erratum 2779511
fix(errata-abi): added Neoverse N2 to Errata ABI list
fix(cpus): workaround for Neoverse N2 erratum 2743014
fix(docs): updated certain Neoverse N2 erratum status in docs
refactor(cpus): convert Neoverse N2 to use CPU helpers
refactor(cpus): convert Neoverse N2 to framework
refactor(cpus): reorder Neoverse N2 errata by ascending order
Neoverse N2 erratum 2779511 is a Cat B erratum that applies to
all revisions <=r0p2 and is fixed in r0p3. The workaround is to
set bit[47] of CPUACTLR3_EL1
SDEN documentation:
https://developer.arm.com/documentation/SDEN1982442/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Iaa0e30de8473ecb1df1fcca3a45904aac2e419b3
Neoverse N2 erratum 2743014 is a Cat B erratum that applies to
all revisions <=r0p2 and is fixed in r0p3. The workaround is to
set CPUACTLR5_EL1[56:55] to 2'b01.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1982442/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ie7e1be5dea9d1f74738f9fed0fb58bfd41763192
Testing:
- Manual comparison of disassembly with and without conversion.
- Using the test script in gerrit - 19136
- Building with errata and stepping through from ArmDS and running tftf.
Change-Id: I126f09de44b16e8bbb7e32477b880b4650eef23b
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
To handle the core corrected errors in the firmware, the FHI PPI
interrupt has to be enabled on all the cores. At boot, when the RAS
framework is initialized, only primary core is up and hence core FHI PPI
interrupt is enabled only on primary core. This patch adds support to
configure and enable core FHI interrupt for all the secondary cores as
part of their boot sequence.
Signed-off-by: Omkar Anand Kulkarni <omkar.kulkarni@arm.com>
Change-Id: I4b25152cb498fe975b9c770babb25aa9e01f9656
Key-OIDs that authenticate BL31, BL31(SOC)-FW config, and HW config
images have been explicitly entered.
Implementations of signer-ID consume these entries.
Change-Id: I24c9085ed5f266af06d40fb73302e35d857a9d5b
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Calculate a hash of the public key and put that into the signer-ID
field of the relevant RSS metadata. The signer-ID metadata is mandatory
in the Arm CCA attestation scheme.
Change-Id: Ic846d8bf882cfea8581d3523a3461c919462df30
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Created an explicit zero-OID which can be used for Subject
Public Key that do not have their own key identifier.
With this, all keys (including the subject public key) have
a proper key OID string so we don't need to make a special
case of null pointers when it comes to handling key OIDs.
Change-Id: Ice6923951699b6e253d7fd87e4c1b912470e0391
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Adding an helper macro for bit field insert(bic) instruction
to group all the operations related to it.
Change-Id: Idfd06c7f38faf52090f62b458d2d96c2682f63fe
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Added a platform function to measure and publish Public Key information.
Subsequent patches define this function for the FVP and TC platforms to
measure Public Key and publishes it to RSS if MEASURED_BOOT is
enabled.
Change-Id: I1f61f44c7a83bb4cbafbd1af97b5adeb8398e8e8
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
These bits (MDCR_EL3.{NSTB, NSTBE, TTRF, TPM}, CPTR_EL3.TTA) only affect
EL2 (and lower) execution. Each feat_init_el3() is called long before
any lower EL has had a chance to execute, so setting the bits at reset
is redundant. Removing them from reset code also improves readability of
the immutable EL3 state.
Preserve the original intention for the TTA bit of "enabled for NS and
disabled everywhere else" (inferred from commit messages d4582d3088 and
2031d6166a and the comment). This is because CPTR_EL3 will be contexted
and so everyone will eventually get whatever NS has anyway.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I3d24b45d3ea80882c8e450b2d9db9d5531facec1
With the introduction of FEAT_RME MDCR_EL3 bits NSPB and NSPBE depend on
each other. The enable code relies on the register being initialised to
zero and omits to reset NSPBE. However, this is not obvious. Reset the
bit explicitly to document this.
Similarly, reset the STE bit , since it's part of the feature enablement.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I3714507bae10042cdccd2b7bc713b31d4cdeb02f
* changes:
refactor(tc): print RSS interface test PSA status
test(tc): test for AP/RSS interface for ROTPK
feat(psa): interface with RSS for retrieving ROTPK
Adding the AP/RSS interface for reading the ROTPK.
The read interface implements the psa_call:
psa_call(RSS_CRYPTO_HANDLE, PSA_IPC_CALL,
in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
where the in_vec indicates which of the 3 ROTPKs we want,
and the out_vec stores the ROTPK value we get back from RSS.
Through this service, we will be able to read any of the 3
ROTPKs used on a CCA platform:
- ROTPK for CCA firmware (BL2, BL31, RMM).
- ROTPK for secure firmware.
- ROTPK for non-secure firmware.
Change-Id: I44c615588235cc797fdf38870b74b4c422be0a72
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
* changes:
feat(intel): platform enablement for Agilex5 SoC FPGA
feat(intel): ccu driver for Agilex5 SoC FPGA
feat(intel): vab support for Agilex5 SoC FPGA
feat(intel): sdmmc/nand/combo-phy/qspi driver for Agilex5 SoC FPGA
feat(intel): ddr driver for Agilex5 SoC FPGA
feat(intel): power manager for Agilex5 SoC FPGA
feat(intel): cold/warm reset and smp support for Agilex5 SoC FPGA
feat(intel): reset manager support for Agilex5 SoC FPGA
feat(intel): mailbox and SMC support for Agilex5 SoC FPGA
feat(intel): system manager support for Agilex5 SoC FPGA
feat(intel): memory controller support for Agilex5 SoC FPGA
feat(intel): clock manager support for Agilex5 SoC FPGA
feat(intel): mmc support for Agilex5 SoC FPGA
feat(intel): uart support for Agilex5 SoC FPGA
feat(intel): pinmux, peripheral and Handoff support for Agilex5 SoC FPGA
* changes:
docs(imx9): add imx93 platform
feat(imx93): add OPTEE support
feat(imx93): protect OPTEE memory to secure access only
feat(imx93): add cpuidle and basic suspend support
feat(imx93): add reset & poweroff support
feat(imx93): allow SoC masters access to system TCM
feat(imx93): update the ocram trdc config for did10
feat(imx93): add the basic support
feat(imx93): add the trdc driver
build(changelog): add new scopes for nxp imx platform
This patch is used to implement sdmmc/nand/combo-phy
driver to support Cadence IP for Agilex5 SoC FPGA.
1. Added SDMMC/NAND/COMBO-PHY support.
2. Updated product name -> Agilex5
3. Updated QSPI base address
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: I6db689d2b784c9f59a25701ab34517f6f6b0a0e6
Combining the EL2 and EL3 enablement code necessitates that it must be
called at el3_exit, which is the only place with enough context to make
the decision of what needs to be set.
Decouple them to allow them to be called from elsewhere. Also take
some time to clarify and simplify AMU code.
The sanity check in the context_restore() is now wrong, as the cpu may
turn off on suspend, thus resetting the value of the counter enables.
Remove it.
Finally, this completes the migration to cm_manage_extensions_el3() and
manage_extensions_nonsecure() so manage_extensions_nonsecure_mixed() is
being removed.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I66399132364c32be66017506bb54cbadd8485577
Combining the EL2 and EL3 enablement code necessitates that it must be
called at el3_exit, which is the only place with enough context to make
the decision of what needs to be set.
Decouple them to allow them to be called from elsewhere.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I147764c42771e7d4100699ec8fae98dac0a505c0
Currently, Measured Boot RSS driver gathers data from platform calls,
specifically RSS metadata. Generally, the driver should use the least
amount of platform calls possible, and the platform should provide the
data directly to the driver via the driver interface.
For this purpose, RSS Measured Boot driver interface APIs were updated
and platform calls were removed from RSS Measured Boot driver.
Change-Id: I6c797d9ac2d70215f32a084a7643884b399ee28c
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
The FEAT_MTPMU feature disable runs very early after reset. This means,
it needs to be written in assembly, since the C runtime has not been
initialised yet.
However, there is no need for it to be initialised so soon. The PMU
state is only relevant after TF-A has relinquished control. The code
to do this is also very verbose and difficult to read. Delaying the
initialisation allows for it to happen with the rest of the PMU. Align
with FEAT_STATE in the process.
BREAKING CHANGE: This patch explicitly breaks the EL2 entry path. It is
currently unsupported.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I2aa659d026fbdb75152469f6d19812ece3488c6f
The enablement code for the PMU is scattered and difficult to track
down. Factor out the feature into its own lib/extensions folder and
consolidate the implementation. Treat it is as an architecturally
mandatory feature as it is currently.
Additionally, do some cleanup on AArch64. Setting overflow bits in
PMCR_EL0 is irrelevant for firmware so don't do it. Then delay the PMU
initialisation until the context management stage which simplifies the
early environment assembly. One side effect is that the PMU might count
before this happens so reset all counters to 0 to prevent any leakage.
Finally, add an enable to manage_extensions_realm() as realm world uses
the pmu. This introduces the HPMN fixup to realm world.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ie13a8625820ecc5fbfa467dc6ca18025bf6a9cd3
Make the default value for MTPME always be 1 to preserve the reset
behaviour on newer revisions and on older revisions where the bit is
RES0 it doesn't matter.
Before its introduction MDCR_EL3.MTPME was RES0. Upon its introduction
the field resets to 1, making the MTPMU architecturally "enabled". As
such, the logical action on TF-A's part is to "disable" it, which led to
the introduction of DISABLE_MTPMU.
This hinges on the assumption that MDCR_EL3.MTPME will always be 1
unless the above flag is set. Unfortunately this is not the case, as the
reset value is overwritten at reset with a macro that sets this bit to
0.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ie570774972f246b3aa41dc016ecbcc6fc2f581f6
manage_extensions_nonsecure() is problematic because it updates both
context and in-place registers (unlike its secure/realm counterparts).
The in-place register updates make it particularly tricky, as those
never change for the lifetime of TF-A. However, they are only set when
exiting to NS world. As such, all of TF-A's execution before that
operates under a different context. This is inconsistent and could cause
problems.
This patch Introduce a real manage_extensions_nonsecure() which only
operates on the context structure. It also introduces a
cm_manage_extensions_el3() which only operates on register in-place that
are not context switched. It is called in BL31's entrypoints so that all
of TF-A executes with the same environment once all features have been
converted.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ic579f86c41026d2054863ef44893e0ba4c591da9
Adjusted BL31 maximum size as per total SRAM size.
Change-Id: Ifdfdedb8af3e001cebba8e60c973f3c72be11652
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Adding basic CPU library code to support the Hermes CPU.
Change-Id: I61946033fe5fafb56ceb2d14d4c796d85b30457e
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
As the unit testing project uses the host machine GCC version to
compile, it is marking non-casted references as errors. This patch adds
the proper casting, so it compiles correctly for both Arm platforms and
host machines for unit testing.
Change-Id: Iee96e9117301ba28b6f164aac2cd36dc0f8b6be8
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
* changes:
feat(board/rdn2): enable base element RAM RAS support on RD-N2 platform
feat(plat/arm): add memory map entry for CPER memory region
feat(plat/arm): firmware first error handling support for base RAMs
feat(plat/arm): update common platform RAS implementation
feat(plat/sgi): remove RAS setup call from common code
refactor(plat/sgi): deprecate DMC-620 RAS support
fix(plat/common): register PLAT_SP_PRI only if not already registered
fix(plat/sgi): update PLAT_SP_PRI macro definition
fix(plat/arm): add RAS_FFH_SUPPORT check for RAS EHF priority
The current implementation of macro L/LL/UL/ULL concatenates the input
with "L"/"LL"/"UL"/"ULL" respectively.
In the case where a macro is passed to L/LL/UL/ULL as input,
the input macro name is concatenated with, rather than expanding
the input macro and then concatenating it.
The implementation of L/LL/UL/ULL is modified to two level macro,
so as to concatenate to the expansion of a macro argument.
Change 5b33ad174a "Unify type of "cpu_idx" across PSCI module."
has modified the implementation of U() to two level macros without
changing the implementation of other macros.
Change-Id: Ie93d67dff5ce96223a3faf6c98b98fcda530fc34
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
TF-A code supports SMCCC spec version 1.4 while version is still kept
1.2. Bump up the version.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ie5476c4601bd504d3f3e8433e1d672ebd0a758b1
Figuring out the naming format of errata is annoying, so add a shorthand
for the custom checker functions. Also add some more semantic macros
instead of passing around constants.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ibdcf72146738026df4ebd047bfb30790fd4a1053
