Enable query of fip offset from QSPI on RSU boot for
Intel agilex and intel agilex5 platform
Change-Id: Iaa189c54723a8656b9691da5849fd86b9986cfa1
Signed-off-by: Mahesh Rao <mahesh.rao@intel.com>
Query the fip binary from SPT table on RSU boot on Intel Agilex series.
Change-Id: I8856b49539f33272625d4c0a8c26b81b5864c4eb
Signed-off-by: Mahesh Rao <mahesh.rao@intel.com>
As per SMCCC Section 6.2, the call count query for all the services
has been deprecated from SMCCC v1.2 onwards.
Inline with above change, AMD-Xilinx SiP service count query has
been deprecated and now onwards will return unknown function
identifier error.
Change-Id: I296d119d65549fdb01718d08351d255550e4ead0
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Coverity Scan reminded that we need to take care of MPIDR properly.
We need to make sure that we get MPIDR values from QEMU.
No MPIDR == panic() in case which should not happen.
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Change-Id: Idb5fe7d958f0bcecd3d66a643743f478538f4a8b
Added an assumption in generic threat model that platform's hardware
conforms the Platform Security Requirements specification.
Change-Id: I753287feec1cd459edfd3d1c103e0e701827cc05
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
As stated in the commit introducing the NS_TIMER_SWITCH build flag,
saving/restoring this registers causes the non-secure timer to stop
while in the secure world and non-secure timer interrupts are prevented
from asserting until we return to the non-secure world. This breaks
any realtime OS on the non-secure side that uses this timer for
realtime scheduling.
This flag is by default off, but OP-TEE SPD enables it. The K3 OP-TEE
platform makes no use of these registers and we would like to have
support for realtime OSs while also supporting the OP-TEE SPD. Disable
this flag in our platform definition.
Signed-off-by: Andrew Davis <afd@ti.com>
Change-Id: I65055512d897b93b7690fd63c734f4731a6e09e6
The core 1 is put in wfi for pen holding. If a debugger halts the
core, it causes the core to exit from wfi.
Let the core to jump back in wfi when the debugger resumes the
core's execution.
Signed-off-by: Antonio Borneo <antonio.borneo@foss.st.com>
Change-Id: I9b5607b05cdcde905dc4047af8d6f1292d53d701
This function is required, at least for bakery locks.
Change-Id: I28906c50e0a0ebff5d387a424247513ec1a599fc
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The former code, using x2 register, was removing the LPEN bit from UART
config register. So the UART clock is stopped as soon as the CA35 is in
CSleep. It was then displaying crap in Linux console.
The ands check instruction is replaced with a clearer tst instruction
directly with the bit to be tested.
Change-Id: I8a2b3ab195981dee2962e0c2f5d501d5933c17f4
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Calculate the free space as the range between the
limit and the end of the memory region *_REGION_END.
Change-Id: I9cacadea2543c9f5ddaebca82344a83678cd7d55
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
The FF-A specification has made it such that SPs
may optionally specify their load address in the manifest.
This info was being retrieved to generate some information
for the SPMC manifest. However, it is not a mandatory utility.
This change relaxes the case in which the SP manifest doesn't
have a load address.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Ic4c1b1ec6666522900c113903be45ba0eb5d0bf6
QEMU provides us with minimal information about hardware platform using
minimalistic DeviceTree. This is not a Linux DeviceTree. It is not even
a firmware DeviceTree.
Change-Id: I7b6cc5f53a4f78a9ed69bc7fc2fa1a69ea65428d
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
We want to remove use of DeviceTree from EDK2. So we move
functions to TF-A:
- counting cpu cores
- checking NUMA node id
- checking MPIDR
And then it gets passed to EDK2 via SMC calls.
Change-Id: I1c7fc234ba90ba32433b6e4aa2cf127f26da00fd
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
EL2 registers are 8 byte wide and are allocated continuous memory.
After moving MPAM_EL2 registers out of the EL2 struct, the section
of memory, assigned to MPAM registers in EL2 registers structure has
to be removed.
Henceforth, this patch addresses this issue and cleans up the unsued memory.
Change-Id: I3425b43add0755ff1f5cb803cd5fa667082e7814
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
The AMD-Xilinx Versal platform, currently only supports the OCM and
Low DDR address ranges in both physical and virtual address range.
To locate and execute TF-A from High DDR and HBM address range,
expanding the address scope is necessary.
Depending on the BL31_BASE address both the platform physical and
virtual space sizes are selected.
Change-Id: I49112bff9eda44d924c5f49ea99aed9a8d5e5774
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
* changes:
fix(rotpk): move rotpk definitions out of arm_def.h
feat(cpu): add support for Poseidon V CPU
fix(cpu): correct variant name for default Poseidon CPU
fix(rmmd): avoid TRP when external RMM is defined
The TF-A does have a official PRELOADED_BL33_BASE define which is used
to tell the TF-A where to jump and that no bl33 loading is requied. Use
this to make the platform specific PLAT_NS_IMAGE_OFFSET configurable.
This becomes necessary if one would like to place the bl33 code to other
places.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I9d462c0e9df8e6d2ad78ee770bfa59e680739a51
Add console_flush() call before shutting down in order to
ensure that console output is flushed.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I5397105d2d7bf317f199b6326593bdb1c3cc75e2
Currently in Versal NET TF-A writing 32 bits in icc_asgi1r_el1 register
to raise SGI to Linux but this register is of 64 bits. Also its writing
only CPU number and SGI number to this register but along with that it
needs to write cluster number and other information. Which is not happening
currently. So use generic function plat_ic_raise_ns_sgi() to raise SGI to
Linux.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I6f5146c8315a321b705ed2ef79e2dc927b805ffb
Currently there is only 1 state for CPU idle which is used while CPU
power down from Linux CPU idle feature. But CPU power down when firmware
send CPU power down request needs new state in self suspend to
distinguish in firmware for CPU power down from power down request or CPU
power down from Linux CPU idle. So add new state PM_STATE_CPU_OFF to
indicate CPU power down from power down request from firmware.
PM_STATE_CPU_OFF state is supported from self-suspend version 3. So
added feature check which sends new state in case of new firmware and
old state i.e. PM_STATE_CPU_IDLE in case of old firmware.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I4118e1b813e5f76fca7b7e9ca1cc598715203fb0
Send subsystem restart notification to firmware when TF-A receives
system reset PSCI call. On receiving subsystem restart call, firmware
will send CPU idle callback to TF-A for powering down all cores. Wait
for CPU idle callback from firmware and raise power down request to
all cores after it receives CPU idle callback to power down core.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I50f417ae228017f38b648740dc90b2e8f1872620
On receiving CPU power down request from firmware, TF-A raises SGI
interrupt to all active cores for entering in power down state. So add support
for power down core on receiving CPU power down request. PWRDWN_WAIT_TIMEOUT
is the timeout value in milliseconds for the other cores to transition to
power down state.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I29760a2098852c546fa5a1324262a62c3d75b391
On receiving CPU power down callback, TF-A raises SGI interrupt to all active
cores to power down each active cores. Add handler for this SGI IRQ.
By default TF-A uses SGI 6 for CPU power down request. This can be
configurable through CPU_PWRDWN_SGI build flag.
e.g., If user wants to use SGI 7 instead of SGI 6 then provide build
flag CPU_PWRDWN_SGI=7
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: Id0df32187d1de3f0af4486eb4d4930cb3ab01dbd
Firmware sends CPU power down request to TF-A through NOTIFY_CB
callback. It indicates CPU needs to power down.
Add wrapper to handle CPU power down request from firmware
through IPI callback.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: Ic4aff874dd29da057c5ffde1899c7f0e5cdf6733
Currently SGI interrupts are not received in secondary cores because
of issue in GIC configuration. In current Versal NET specific GIC
functions, redistributor configuration is not happening properly.
Because of that SGI interrupt from one processor to another processor
is not transferring. So, use common GIC handlers which will iterate
over all GIC redistributor frames and discovers per cpu redistributor
frame. Also, it initializes corresponding interface in GICv3.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I1433260b8520d6a315fdf5df86bd0688f92d211a
Use generic macro name as per common ARM GIC macro name for Versal
and Versal NET.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I2987ff2f612993fc80979f0179c04d316259ed1d
* changes:
feat(qemu): support TRP for RME
feat(qemu): load and run RMM image
feat(qemu): setup Granule Protection Table
feat(qemu): setup memory map for RME
feat(qemu): update mapping types for RME
feat(qemu): use mock attestation functions for RME
fix(qemu): increase max FIP size
When an external RMM is not provided during make invocation, include the
Test Realm Payload (TRP) to the FIP.
Change-Id: I15d396cf268a08d79da63075aadb4172238eb225
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
When RME is enabled, jump to the RMM image before BL33. When using
semihosting rather than FIP, the image called "rmm.bin" is loaded from
the runtime directory.
Change-Id: I15863410b1e505aa502276b339b22a2ddcb0b745
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
When RME is enabled, call the GPT library to setup the granule
protection tables and partition the physical address space.
Change-Id: Ib466c4579ff55fcff9307550e6d26d432674779a
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reserve some space in DRAM for RMM, and some space in SRAM for the GPT
tables. Create the page table mappings.
Change-Id: I3822e7e505e86eb0fa15b1b5b6298e4122b17181
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
With RME, mappings for EL3 use MT_ROOT rather than MT_SECURE. Update the
mapping types to select the right memory type: EL3_PAS is MT_ROOT when
RME is enabled, MT_SECURE otherwise.
Change-Id: I93e287009515b64e833a6f69545766be4c87e473
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Since QEMU doesn't yet emulate hardware attestation, provide hardcoded
key and token to demonstrate attestation for RME. They are copied from
the mock values for the FVP platform.
Change-Id: I9ce686955345854e9409af5c3aad2a648adea226
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
The max FIP size for the QEMU virt platform is currently 4MB, which
isn't enough when including a RMM in the FIP. Since the secure flash
size is actually 64MB, we can significantly increase the max FIP size.
Change-Id: Id2b5df355f8d4c90a41fec66f180e46eb7bab9f8
Fixes: a886bbeceb ("qemu: Update flash address map to keep FIP in secure FLASH0")
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
The file arm_def.h currently contains common definitions used by ARM
platforms. However, some platforms may have their own definitions,
allowing them to avoid a direct dependency on arm_def.h. For a clean
platform port of arm_def.h, none of the source files should directly
include arm_def.h; instead, they should include the platform header
which would indirectly include the required definitions.
Presently, the rotpk module has a source file that directly includes
arm_def.h. This could lead to compilation issues if the platform
incorporating the rotpk module has a separate implementation of some or
all of the definitions in arm_def.h file. To address this, move the
relevant definitions out of arm_def.h and into rotpk_def.h.
Signed-off-by: Rohit Mathew <Rohit.Mathew@arm.com>
Change-Id: I9e8b0d319391f9a167af5c69a7b2d42ac488e7b4
Enable support for Poseidon V CPUs. Poseidon V CPUs are distinguished by
a 3MB L2 cache, differing from Poseidon VN(AE) CPUs with a 2MB L2 cache.
This enhancement ensures compatibility with RD-Fremont and similar
platforms utilizing Poseidon V CPUs.
CC: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Signed-off-by: Rohit Mathew <Rohit.Mathew@arm.com>
Change-Id: Icdcc5f57c62855b2ec54c58a401d3bf09f292189
Update the Poseidon CPU variant name to "POSEIDON VNAE" in alignment
with the MIDR 0x410FD830. This adjustment reflects the accurate
designation for the default Poseidon CPU and allows for seamless support
of other variants in the future.
CC: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Signed-off-by: Rohit Mathew <Rohit.Mathew@arm.com>
Change-Id: I48183290ffc2889d6ae000d3aa423c0ee5e4d211
The Test Realm Package (TRP) is a small payload that runs at R-EL2 if an
external RMM image path is not provided. Currently, the TRP makefile is
included if RME is enabled, regardless of whether an external RMM
image path is defined or not. This fix ensures that TRP is included
only when an external RMM path is not defined.
Signed-off-by: Rohit Mathew <Rohit.Mathew@arm.com>
Change-Id: I3cc3d2a636e65071e45c5c82cc125290887ffc09
