Crash reporting via the default consoles registered by MULTI_CONSOLE_API
has been broken since commit d35cc34 (Console: Use callee-saved
registers), which was introduced to allow console drivers written in C.
It's not really possible with the current crash reporting framework to
support console drivers in C, however we should make sure that the
existing assembly drivers that do support crash reporting continue to
work through the MULTI_CONSOLE_API.
This patch fixes the problem by creating custom console_putc() and
console_flush() implementations for the crash reporting case that do not
use the stack. Platforms that want to use this feature will have to link
plat/common/aarch64/crash_console_helpers.S explicitly.
Also update the documentation to better reflect the new reality (of this
being an option rather than the expected default for most platforms).
Change-Id: Id0c761e5e2fddaf25c277bc7b8ab603946ca73cb
Signed-off-by: Julius Werner <jwerner@chromium.org>
Commit e74afb652 (Deprecate weak crash console functions) deprecated the
default inclusion of weak definitions for plat_crash_console functions
in plat/common/aarch64/platform_helpers.S. The code was later copied out
to plat/common/aarch64/crash_console_helpers.S so platforms can link it
explicitly if they want to. However, since deprecation does not mean
removal, the same code is also still duplicated in platform_helpers.S.
The duplicated code contains both empty stubs for the !MULTI_CONSOLE_API
case, and a real implementation that used to work but was broken by
commit d35cc34 (Console: Use callee-saved registers) for
MULTI_CONSOLE_API. It's not great to have both of these duplicated in
two files, so this patch splits them up: in platform_helpers.S we'll
only keep the empty stubs (guarded by !ERROR_DEPRECATED), which should
not regress functionality since the MULTI_CONSOLE_API implementation was
already broken anyway. In crash_console_helpers.S, we'll only keep the
MULTI_CONSOLE_API version, which is enough both as an implementation in
itself and as a sample for how to reimplement these functions in a
platform-specific file.
Change-Id: I83d95a90ab6aac597dc2ea2f2797ac2c8ed075d4
Signed-off-by: Julius Werner <jwerner@chromium.org>
Secure world execution nearly always expect a controlled exit to
Non-secure world. SDEI interrupts, although targets EL3, occur on behalf
of Non-secure world, and may have higher priority than Secure world
interrupts. Therefore they might preempt Secure execution, and yield
execution to Non-secure SDEI handler. Upon completion of SDEI event
handling (regardless of whether it's COPLETE or COMPLETE_AND_RESUME), we
must resume Secure execution if it was preempted.
Change-Id: I6edd991032588588427ba2fe6c3d7668f7080e3d
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The headers forked at some point in the past and have diverged a lot. In
order to make it easier to share code between TF-A-Tests and TF-A, this
patch synchronises most of the definitions in the mentioned headers.
This is not a complete sync, it has to be followed by more cleanup.
This patch also removes the read helpers for the AArch32 instructions
ats1cpr and ats1hr (they are write-only).
Change-Id: Id13ecd7aeb83bd2318cd47156d71a42f1c9f6ba2
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This patch adds support to build a combined BL1
and ROMLIB binary file with the right page
alignment in Juno. When USE_ROMLIB=1 is set for
Juno, it generates the combined file
bl1_romlib.bin which needs to be used instead of
bl1.bin
Change-Id: I407efbe48d3e522fa6ef855538a9587193cb1919
Signed-off-by: Sathees Balya <sathees.balya@arm.com>
Register functions have to be added to the
jump table to allow patching in the
future
Change-Id: I57a885f7fc6290ea74a6096aea5b1867b2098eb7
Signed-off-by: Sathees Balya <sathees.balya@arm.com>
This change allows patching of functions in the
romlib. This can be done by adding "patch" at the
end of the jump table entry for the function that
needs to be patched in the file jmptbl.i.
Functions patched in the jump table list will be
built as part of the BL image and the romlib
version will not be used
Change-Id: Iefb200cb86e2a4b61ad3ee6180d3ecc39bad537f
Signed-off-by: Sathees Balya <sathees.balya@arm.com>
This reverts commit 6f512a3dfd.
According to the 'Cortex-A57 MPCore Software Developers Errata Notice':
This bug will only affect secure AArch64 EL3. If the above
conditions occur, the CPU will not invalidate the targeted EL3 TLB
entries and incorrect translations might occur.
For this reason it is not needed in AArch32.
Change-Id: I6f7b333817515499723e8f306145790ad6af9975
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Provide new APIs to add new regions without specifying the base VA.
- `mmap_add_region_alloc_va` adds a static region to mmap choosing as
base VA the first possible address after all the currently mapped
regions. It is aligned to an appropriate boundary in relation to the
size and base PA of the requested region. No attempt is made to fill
any unused VA holes.
- `mmap_add_dynamic_region_alloc_va` it adds a region the same way as
`mmap_add_region_alloc_va` does, but it's dynamic instead of static.
- `mmap_add_alloc_va` takes an array of non const `mmap_region_t`,
maps them in the same way as `mmap_add_region_alloc_va` and fills
their `base_va` field. A helper macro has been created to help create
the array, called `MAP_REGION_ALLOC_VA`.
Change-Id: I5ef3f82ca0dfd0013d2e8034aa22f13ca528ba37
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Remove the platform common plat_arm_security_setup function to allow
platform specific implementations of the security setup function
implemented in the board directory of the platform.
For use by secure software, configure region0 of DMC-620 trustzone
controller to protect the upper 16MB of memory of the first DRAM block
from non-secure accesses.
Change-Id: I9a8c19656702c4fa4f6917b3655b692d443bb568
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
ARM CoreLink DMC-620 Dynamic Memory Controller includes a TZC controller
to setup secure or non-secure regions of DRAM memory. The TZC controller
allows to setup upto eight such regions of memory in DRAM. This driver
provides helper functions to setup the TZC controller within DMC-620.
Change-Id: Iee7692417c2080052bdb7b1c2873a024bc5d1d10
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
RCAR_RPC_HYPERFLASH_LOCKED can be set to 0 as a build option if the
user needs to allow u-boot to reprogram the ATF firmware using a FIP
image (as a faster alternative of toggling numerous DIP switches on
the board and using ascii-xfer of srec files)
The code being controlled with this commit should only be re-enabled for
debugging (_never_ on a product release)
Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez.ortiz@gmail.com>
It's better to have them in a separate file instead of having them spread
across the Makefile. This is what the stack protector is already doing.
Change-Id: Id30742c0af10de5ea6d10674ca25bf52b0f2b262
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The default Raspberry Pi 3 memory mapping for ATF is geared towards
the use of uboot + Linux. This creates issues when trying to use
ATF with an UEFI payload and Windows on ARM64.
We therefore introduce new build option RPI3_USE_UEFI_MAP, that
enables the build process to use an alternate memory mapping that
is compatible with UEFI + Windows (as well as UEFI + Linux).
FixesARM-software/tf-issues#649
Signed-off-by: Pete Batard <pete@akeo.ie>
Migrate Marvell platforms from legacy console API to
multi-console API.
Change-Id: I647f5f49148b463a257a747af05b5f0c967f267c
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Now that MULTI_CONSOLE_API is enabled for the STM32MP1 platform,
we can remove the non MULTI_CONSOLE_API parts in the driver.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
When compiling assembly files, stdint.h is not included.
UINT32_C and UINT64_C are then not defined.
A new GENMASK macro for assembly is then created.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
According to "openssl" manual:
-K key
The actual key to use: this must be represented as a string
comprised only of hex digits. If only the key is specified,
the IV must additionally specified using the -iv option.
When both a key and a password are specified, the key given
with the -K option will be used and the IV generated from the
password will be taken.
It does not make much sense to specify both key and password.
This patch removes "-k 0" parameter from the encryption command
since we are already using "-K" and "-iv" for the key and IV.
Change-Id: Ia333cedaa3207e643c95d2ec7c229f50eeab96db
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Reviewed-on: http://vgitil04.il.marvell.com:8080/60745
Reviewed-by: Igal Liberman <igall@marvell.com>
Tested-by: iSoC Platform CI <ykjenk@marvell.com>
Reviewed-by: Sharon Habet <sharonh@marvell.com>
The DCDC6 power rail is typically driving VDD_SYS in the SoC, so it is
on by default and uses the default voltage.
As there seems to be at least on board using a different voltage, add
the rail to the list of known voltage lines, so we can setup the right
voltage as early as possible.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The DCDC1 and DCDC5 power rails didn't specify the enable bits. This
isn't critical, since those rails are on by default (and are needed for
every board), but it is inconsistent.
Add the respective enable bits for those two rails.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The DRIVEVBUS pin setup was broken in two ways:
- To configure this pin as an output pin, one has to *clear* the bit in
register 0x8f. It is 0 by default, but rebooting from Linux might have
left this bit set.
- Doing this just configures the pin as an output pin, but doesn't
actually drive power to it. This is done via bit 2 in register 0x30.
Fix the routine to both properly configure the pin and drive power to
it. Add an axp_clrsetbits() helper on the way.
Now this isn't really perfect, still:
We only need to setup the PMIC power rails that are needed for U-Boot.
DRIVEVBUS typically controls the VBUS voltage for the host function of
an USB-OTG port, something we typically don't want in U-Boot (fastboot,
using the USB *device* functionality, is much more common). The
BananaPi-M64 uses the regulator in this way, but the Remix Mini PC
actually controls the power of both its USB ports via this line.
Technically we should differentiate here: if DRIVEVBUS controls a
microUSB-B socket, the power should stay off, any host-type A sockets
should be supplied, though.
For now just always enable the power, that shouldn't really hurt the
USB-OTG functionality anyway.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The legacy Allwinner ATF port used to setup some clocks, and U-Boot is
still relying on this. We don't need to setup the full set, as the SPL
is doing most of it, but it misses one clock (AHB2) and programs another
(AHB1) to quite conservative values.
Fix this up during the platform setup to improve USB and Ethernet
performance, iperf values go up by 31% in my setup with that patch.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The current secure partition design mandates that a) at a point, only
a single core can be executing in the secure partition, and b) a core
cannot be preempted by an interrupt while executing in secure
partition.
Ensure this by activating the SPM priority prior to entering the
parition. Deactivate the priority on return from the
partition.
Change-Id: Icb3473496d16b733564592eef06304a1028e4f5c
Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>
Register a priority level, PLAT_SP_PRI, for secure partition with EL3
exception handling framework(ehf) module.
The secure partition manager(SPM) would raise the core's priority to
PLAT_SP_PRI before entering the secure partition, to protect the core
from getting interrupted while in secure partition.
Change-Id: I686897f052a4371e0efa9b929c07d3ad77249e95
Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>
Add a dependency for building EL3 exception handling framework(EHF)
module with the secure partition manager(SPM).
The EHF module is needed for raising the core's running priority
before the core enters the secure partition, and lowering it
subsequently on exit from the secure partition.
Change-Id: Icbe2d0a63f00b46dc593ff3d86b676c9333506c3
Signed-off-by: Sughosh Ganu <sughosh.ganu@arm.com>
Some OSes (e.g. Ubuntu 18.04 LTS on Raspberry Pi 3) may disable the
runtime UART in a manner that prevents the system from rebooting if
ATF tries to send runtime messages there.
Also, we don't want the firmware to share the UART with normal
world, as this can be a DoS attack vector into the secure world.
This patch fixes these 2 issues by introducing new build option
RPI3_RUNTIME_UART, that disables the runtime UART by default.
FixesARM-software/tf-issues#647
Signed-off-by: Pete Batard <pete@akeo.ie>
