Fix a number of typos and misspellings in TF-A
documentation and comments.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Change-Id: I34c5a28c3af15f28d1ccada4d9866aee6af136ee
Provide missed command line parameters such as KEY_ALG, HASH_ALG
and KEY_SIZE while generating the FWU certificate.
Signed-off-by: Gilad Ben Yossef <Gilad.BenYossef@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I017fa3fff844f4262ae2441cbc9fee909d357fb3
Currently, when RECLAIM_INIT_CODE is set, the
stacks are scaled to ensure that the entirety
of the init section can be reclaimed as stack.
This causes an issue in lib/psci/aarch64/psci_helpers.S,
where the stack size is used for cache operations in
psci_do_pwrdown_cache_maintenance(). If the stacks
are scaled, then the PSCI code may fail to invalidate
some of the stack memory before power down.
Resizing stacks is also not good for stability in general,
since code that works with a small number of cores may
overflow the stack when the number of cores is increased.
Change to make every stack be PLATFORM_STACK_SIZE big,
and allow the total stack to be smaller than the
init section.
Any pages of the init section not reclaimed as
stack will be set to read-only and execute-never,
for security.
Change-Id: I10b3884981006431f2fcbec3864c81d4a8c246e8
Signed-off-by: David Horstmann <david.horstmann@arm.com>
When issuing barrier instructions like DSB or DMB, we must make sure
that the compiler does not undermine out efforts to fence off
instructions. Currently the compiler is free to move the barrier
instruction around, in respect to former or later memory access
statements, which is not what we want.
Add a compiler barrier to the inline assembly statement in our
DEFINE_SYSOP_TYPE_FUNC macro, to make sure memory accesses are not
reordered by the compiler.
This is in line with Linux' definition:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/include/asm/barrier.h
Since those instructions share a definition, apart from DSB and DMB this
now also covers some TLBI instructions. Having a compiler barrier there
also is useful, although we probably have stronger barriers in place
already.
Change-Id: If6fe97b13a562643a643efc507cb4aad29daa5b6
Reported-by: Alexandru Elisei <alexandru.elisei@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch is used to fix remaining non compliant code for Intel
SoCFPGA's mailbox and sip driver. These changes include:
- Change non-interface required uint32_t into unsigned int
- Change non-negative variable to unsigned int
- Remove obsolete variable initialization to 0
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I3a16c7621a5fc75eb614d97d72e44c86e7d53bf5
This patch is used to fix remaining non compliant code for Intel
SocFPGA's mailbox driver. These changes include:
- adding integer literal for unsigned constant
- fix non-boolean controlling expression
- add braces even on conditional single statement bodies
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I0f8fd96a3540f35ee102fd2f2369b76fa73e39e1
Attempt to restart the mailbox if the mailbox driver not able
to write any data into the mailbox command buffer.
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Change-Id: Ia45291c985844dec9da82839cac701347534d32b
Allow mailbox command that is larger than mailbox command FIFO buffer
size to be sent to SDM in multiple chunks.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I683d5f1d04c4fdf57d11ecae6232b7ed3fc49e26
Change the main loop inside mailbox poll function from while(1) to a
retry counter named sdm_loop. This is to limit the maximum possible
looping of the function and prevent unexpected behaviour.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I63afad958fe5f656f6333b60d5a8b4c0ada3b23d
For each count down of time out counter, wait for number of
miliseconds to ensure the time out duration is predictive.
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Change-Id: I0e92dd1ef1da0ef504ec86472cf0d3c88528930b
Mailbox driver should read the response data if the response length
in the response header is non-zero even the response header indicates
error (non-zero).
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Change-Id: I928f705f43c0f46ac74b84428b830276cc4c9640
This patch factorizes mailbox read response from SDM into a function.
Also fix the logic to support reading larger than 16 words response from
SDM.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ie035ecffbbc42e12dd68061c403904c28c3b70e5
This patch modifies several basic mailbox driver features to prepare for
FCS enablement:
- Job id management for asynchronous response
- SDM command buffer full
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I78168dfb6c521d70d9cba187356b7a3c8e9b62d2
Sort and rearrange definitions in both mailbox and sip header to
increase readability and maintainability.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I5544c2f17efdf3174757c55afd8cc1062fbae856
Rename variables to improve readability of mailbox read response and
mailbox poll response flow.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Icd33ff1d2abb28eeead15e4eb9c7f9629f8cb402
Ensure 'PLAT_SEC_ENTRY' is cleared during early platform
setup. This is to prevent the slave CPU cores jump to the stale
entry point after warm reset when using U-Boot SPL as first
stage boot loader.
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Change-Id: I3294ce2f74aa691d0cf311fa30f27f9d4fb8800a
Increase INTEL_SIP_SMC_FPGA_CONFIG_SIZE from 16 to 32MB. We need higher
pre-reserved memory size between Intel service layer and secure monitor
software so we can handle JIC file authorization.
Signed-off-by: Richard Gong <richard.gong@intel.com>
Change-Id: Ibab4e42e4b7b93a4cf741e60ec9439359ba0a64c
Remove urgent argument from asynchrounous mailbox command as any urgent
command should always be synchronous
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Iaa64335db24df3a562470d0d1c3d6a3a71493319
Use pre-defined macros for return values and common mailbox arguments
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I5d549ee5358aebadf909f79fda55e83ee9844a0e
* changes:
plat: marvell: armada: Building ${DOIMAGETOOL} is only for a8k
plat: marvell: armada: Fix including plat/marvell/marvell.mk file
plat: marvell: armada: a3k: When WTP is empty do not define variables and targets which depends on it
For the first partition, mark first 2GB as device memory excluding
the Trusted DRAM region reserved for the SPMC.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I3ff110b3facf5b6d41ac2519ff6ca5e30a0a502b
* changes:
plat: tc0: Configure TZC with secure world regions
plat: tc0: Enable SPMC execution at S-EL2
plat: tc0: Add TZC DRAM1 region for SPMC and trusted OS
plat: arm: Make BL32_BASE platform dependent when SPD_spmd is enabled
plat: tc0: Disable SPE
* changes:
lib: el3_runtime: Fix SPE system registers in el2_sysregs_context
lib: el3_runtime: Conditionally save/restore EL2 NEVE registers
lib: el3_runtime: Fix aarch32 system registers in el2_sysregs_context
The qemu_sbsa platform uses 42bit address size but
the cortex-a53 only supports 40bit addressing, the
cpu is incompatible with the platform.
The aem_generic is also not used with qemu_sbsa, in
fact, the platform currently only properly supports
the cortex-a57 cpu.
Change-Id: I91c92533116f1c3451d01ca99824e91d3d58df14
Signed-off-by: Tomas Pilar <tomas@nuviateam.com>
Currently a3k target is misusing ${DOIMAGETOOL} target for building flash
and UART images. It is not used for building image tool.
So move ${DOIMAGETOOL} target from common marvell include file into a8k
include file and add correct invocation of ${MAKE} into a3k for building
flash and UART images.
Part of this change is also checks that MV_DDR_PATH for a3k was specified
by user as this option is required for building a3k flash and UART images.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I5ae9d08b8505460933f17836c9b6435fd6e51bb6
This includes configuration for SPMC and trusted OS.
Change-Id: Ie24df200f446b3f5b23f5f764b115c7191e6ada3
Signed-off-by: Usama Arif <usama.arif@arm.com>
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
This patch enables SPMC execution at S-EL2 by adding below changes
- Map TC0_MAP_TZC_DRAM1 for loading SPMC
- Add details of cactus test secure partitions
- Adds tc0 spmc manifest file with details on secure partitions
- Inlcude TOS_FW_CONFIG when SPM is spmd
- Increases bl2 image size
SPMC at S-EL2 is only enabled when build with SPD=spmd.
Change-Id: I4c5f70911903c232ee8ecca57f1e288d6b1cd647
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
- Reserve 32MB below ARM_AP_TZC_DRAM1_BASE for TC0_TZC_DRAM1
- Add TC0_NS_DRAM1 base and mapping
- Reserve memory region in tc0.dts
Change-Id: If2431f7f68e4255e28c86a0e89637dab7c424a13
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
To support platforms without Trusted DRAM this patch defines
PLAT_ARM_SPMC_BASE and enables platform to use either Trusted DRAM or
DRAM region behind TZC.
Change-Id: Icaa5c7d33334258ff27e8e0bfd0812c304e68ae4
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Statistical Profiling Extension is not supported by Matterhorn core
Change-Id: Iec652f1c6d6b6a9bf118ba682276a7c70a6abc0d
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Include EL2 registers related to SPE in EL2 context save/restore
routines if architecture supports it and platform wants to use these
features in Secure world.
Change-Id: Ie01a2c38fa5f6c907276eddec120fdfb222561a6
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Include EL2 registers related to Nested Virtualization in EL2 context
save/restore routines if architecture supports it and platform wants to
use these features in Secure world.
Change-Id: If006ab83bbc2576488686f5ffdff88b91adced5c
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
AArch64-only platforms do not implement AArch32 at EL1 and higher ELs.
In such cases the build option CTX_INCLUDE_AARCH32_REGS is set to 0.
So don't save/restore aarch32 system registers in el2_sysregs_context
save/restore routines if CTX_INCLUDE_AARCH32_REGS is set to 0.
Change-Id: I229cdd46136c4b4bc9623b02eb444d904e09ce5a
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Include file plat/marvell/marvell.mk for platform A3700 was included two
times. Once from file plat/marvell/armada/a3k/common/a3700_common.mk and
second time from common file plat/marvell/armada/common/marvell_common.mk.
It caused following warning every time was make called:
plat/marvell/marvell.mk:51: warning: overriding recipe for target 'mrvl_clean'
plat/marvell/marvell.mk:51: warning: ignoring old recipe for target 'mrvl_clean'
Change in this commit removes inclusion of plat/marvell/marvell.mk file in
common file plat/marvell/armada/common/marvell_common.mk. As a80x0 platform
needs this include file, add it also into a80x0 platform specific include
file lat/marvell/armada/a8k/common/a8k_common.mk.
Also moves inclusion of plat/marvell/marvell.mk file in a3700 platform file
plat/marvell/armada/a3k/common/a3700_common.mk at correct place. Global
plat/marvell/marvell.mk expects that variables DOIMAGEPATH and DOIMAGETOOL
are already defined, but it defines MARVELL_SECURE_BOOT variable which is
needed by plat/marvell/armada/a3k/common/a3700_common.mk.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I5cbbd7eb8a3376924419f9850516b2a4924be5aa
