* changes:
feat(intel): platform enablement for Agilex5 SoC FPGA
feat(intel): ccu driver for Agilex5 SoC FPGA
feat(intel): vab support for Agilex5 SoC FPGA
feat(intel): sdmmc/nand/combo-phy/qspi driver for Agilex5 SoC FPGA
feat(intel): ddr driver for Agilex5 SoC FPGA
feat(intel): power manager for Agilex5 SoC FPGA
feat(intel): cold/warm reset and smp support for Agilex5 SoC FPGA
feat(intel): reset manager support for Agilex5 SoC FPGA
feat(intel): mailbox and SMC support for Agilex5 SoC FPGA
feat(intel): system manager support for Agilex5 SoC FPGA
feat(intel): memory controller support for Agilex5 SoC FPGA
feat(intel): clock manager support for Agilex5 SoC FPGA
feat(intel): mmc support for Agilex5 SoC FPGA
feat(intel): uart support for Agilex5 SoC FPGA
feat(intel): pinmux, peripheral and Handoff support for Agilex5 SoC FPGA
* changes:
docs(imx9): add imx93 platform
feat(imx93): add OPTEE support
feat(imx93): protect OPTEE memory to secure access only
feat(imx93): add cpuidle and basic suspend support
feat(imx93): add reset & poweroff support
feat(imx93): allow SoC masters access to system TCM
feat(imx93): update the ocram trdc config for did10
feat(imx93): add the basic support
feat(imx93): add the trdc driver
build(changelog): add new scopes for nxp imx platform
This patch is used to implement sdmmc/nand/combo-phy
driver to support Cadence IP for Agilex5 SoC FPGA.
1. Added SDMMC/NAND/COMBO-PHY support.
2. Updated product name -> Agilex5
3. Updated QSPI base address
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Change-Id: I6db689d2b784c9f59a25701ab34517f6f6b0a0e6
Currently, Measured Boot RSS driver gathers data from platform calls,
specifically RSS metadata. Generally, the driver should use the least
amount of platform calls possible, and the platform should provide the
data directly to the driver via the driver interface.
For this purpose, RSS Measured Boot driver interface APIs were updated
and platform calls were removed from RSS Measured Boot driver.
Change-Id: I6c797d9ac2d70215f32a084a7643884b399ee28c
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Use tst instead of ands to check USART_CR1_UE bit is set. If not exit
the flush function.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ibd2e18f6d8837073d0bbcb150e993985d3c0dd6f
* changes:
fix(n1sdp): fix spi_ids range for n1sdp multichip boot
fix(gicv3): move invocation of gicv3_get_multichip_base function
fix(gic600): fix gic600 maximum SPI ID
gicv3_get_multichip_base in case of GICV3_IMPL_GIC600_MULTICHIP flag
being set, only works if the id belongs to SPI range.
Moving invocation of the function after confirming that the
intr_num belongs to SPI range.
Signed-off-by: sahil <sahil@arm.com>
Change-Id: I429eb473a7aeccb30309b1ffa5994663393ba0a2
According to GIC-600 TRM, it supports up to 960 SPIs. With the
starting SPI_ID of 32, the maximum SPI_ID should be 991. This patch
fixes the value of GIC600_SPI_ID_MAX which is currently configured
to be 960.
Signed-off-by: sahil <sahil@arm.com>
Change-Id: I441f9a607d160db8533f2a03e02afd1a9bab991e
Trusted Board Boot supports multiple hash algorithms, including SHA-256,
SHA-384, and SHA-512. These algorithms produce hashes of different
lengths, so the resulting DER-encoded hash objects are also of different
lengths. However, the common Trusted Board Boot code only stores the
contents of the object, not its length. Before commit
f47547b354, this was harmless: ASN.1
objects are self-delimiting, and any excess padding was ignored.
f47547b354 changed the code to reject
excess padding. However, this breaks using a shorter hash in a build
that supports longer hashes: the shorter hash will have padding after
it, and verify_hash() will reject it. This was found by an Arm
customer: TF-A v2.9 refused to boot, even though TF-A v2.6 (which did
not have f47547b354) worked just fine.
Storing the length of the hash turns out to be quite difficult.
However, it turns out that hashes verified by verify_hash() always come
from the ROTPK or an X.509 certificate extension. Furthermore, _all_
X.509 certificate extensions used by Trusted Board Boot are ASN.1
DER encoded, so it is possible to reject padding in get_ext(). Padding
after the ROTPK is harmless, and it is better to ignore that padding
than to refuse to boot the system.
Change-Id: I28a19d7783e6036b65e86426d78c8e5b2ed6f542
Fixes: f47547b354 ("fix(auth): reject invalid padding in digests")
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
* changes:
fix(spi-nand): add Quad Enable management
fix(st-clock): disabling CKPER clock is not functional on stm32mp13
fix(st-uart): skip console flush if UART is disabled
fix(st): flush UART at the end of uart_read()
fix(stm32mp1): use the BSEC nodes compatible for stm32mp13
fix(stm32mp13-fdts): correct the BSEC nodes compatible
fix(stm32mp1-fdts): move /omit-if-no-ref/ to overlay files
fix(stm32mp1): properly check PSCI functions return
* changes:
feat(fvp): mock support for CCA NV ctr
feat(auth): add CCA NV ctr to CCA CoT
feat(build): pass CCA NV ctr option to cert_create
feat(cert-create): add new option for CCA NV ctr
The framework currently supports QE feature only for Macronix devices.
Kioxia devices also support this feature, but this feature can not be
set based on the manufacturer ID as Kioxia first SPI NAND generation
does not support the QE feature when the second generation does.
Use a flag to manage QE feature. This flag will be added at board level
to manage the device.
Change-Id: I7a3683a2df8739967b17b4abbec32c51bf206b93
Signed-off-by: Christophe Kerello <christophe.kerello@foss.st.com>
The mask used to configure the CKPER MUX was wrong and unnecessary.
Change-Id: I40098f2a27b9e5ba8706ab5377d23f578c09838b
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Check the USART_CR1_UE bit and if it is 0, the UART is not enabled,
or not clocked (but the read won't freeze the bus and will return 0).
In this case skip the console flush.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I5d1ef7e51612b4795e314b2f2da04a514b6c96a0
The cpu_macros.S file is loaded with lots of definitions for the cpu_ops
structure. However, since they are defined as .equ directives they are
inaccessible for C code. Convert them to #defines, put them into order,
refactor them for readability, and extract them to a separate file to
make this possible.
This has the benefit of removing some Aarch differences and a lot of
duplicate code.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I72861794b6c9131285a9297d5918822ed718b228
Modifying the CCA CoT description to put the CCA content certificate
under the new CCA NV counter.
Change-Id: Ib962cef5eaa15bb9ccce86012f21327d29d4adad
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
* changes:
build!: check boolean flags are not empty
fix(build): add a default value for INVERTED_MEMMAP
fix(a5ds): add default value for ARM_DISABLE_TRUSTED_WDOG
fix(st-crypto): move flag control into source code
fix(stm32mp1): always define PKA algos flags
fix(stm32mp1): remove boolean check on PLAT_TBBR_IMG_DEF
EL3's context is poorly defined as it is and polluting it further is not
a good idea. Put it back as it was before the function call.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I9d13c9517962b501246989fd2126d08410191784
This patch adds a helper API to explicitly refresh SBSA secure watchdog
timer. Please refer section A.3 of the following spec:
https://developer.arm.com/documentation/den0029/latest/
Change-Id: I2d0943792aea0092bee1e51d74b908348587e66b
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Remove the control from the include file to avoid compilation
issue. Add the check in the source code instead.
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Change-Id: I533f829607f76389399a3e8dbc3c6095278562ab
Host must only set UICCMD if HCS.UCRDY is set to 1.
At present, SW polls for UCRDY only before sending DME_GET.
Generalise this behaviour for DME_SET, DME_LINKSTARTUP,
DME_HIBERNATE_EXIT by moving polling logic inside ufshc_send_uic_cmd.
Signed-off-by: Rohit Ner <rohitner@google.com>
Change-Id: Iece777f803a660fdd144a073834c221e889371a6
Have only one definition for REGISTER_CRYPTO_LIB macro, with all the
possible fields. Worst case adds 4 u64 to crypto_lib_desc.
While at it, correct some MISRA violations:
MC3R1.R12.1: (advisory) The precedence of operators within expressions
should be made explicit.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I1342a20e6eef2354753182c2a81ff959e03e5c81
Following discussions in the reviews of the patch that introduced
plat_convert_pk() function [1], it was decided to deprecate it to
avoid weak function declaration.
A new optional function pointer convert_pk is added to crypto_lib_desc_t.
A new function crypto_mod_convert_pk() will either call
crypto_lib_desc.convert_pk() if it is defined, or do the same
as what was done by the weak function otherwise.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/17174
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I9358867f8bfd5e96b5ee238c066877da368e43c6
Compared the full ROTPK with the ROTPK obtained from the certificate
when the platform supports full ROTPK instead of hash of ROTPK.
Additionally, changed the code to verify the ROTPK before relying on
it for signature verification.
Change-Id: I52bb9deb1a1dd5b184d3156bddad14c238692de7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Add initial configuration parameters for Rasperry Pi 3's sdhost
controller, and then configure and use those parameters.
This change allows warm reboots of UEFI on Raspberry Pi 3B+ where
existing code often fails with "unknown error". See discussion at:
https://github.com/pftf/RPi3/issues/24
The basic idea is that some initial configuration parameters
(clock rate, bus width) aren't configured into the hardware before
commands start being sent. I suspect that the particular setting
that matters is the "slow card" bit, but the initial clock setting
also seemed wrong to me.
Change-Id: I526def340def143f23f3422f1fc14c12c937ca7f
Signed-off-by: Rob Newberry <robthedude@mac.com>
To be able to further restrict the memory access for the Arm(R)
Ethos(TM)-N NPU, separate read-only and read/write NSAIDs for the
non-protected and protected memory have been added to the Juno
platform's TZMP1 TZC configuration for the NPU.
The platform definition has been updated accordingly and the NPU driver
will now only give read/write access to the streams that require it.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I5a173500fc1943a5cd406a3b379e1f1f554eeda6
When the Arm(R) Ethos(TM)-N NPU driver is built with TZMP1 support, the
NPU should use the firmware that has been loaded into the protected
memory by BL2. The Linux Kernel NPU driver in the non-secure world is
not allowed to configure the NPU to do this in a TZMP1 build so the SiP
service will now configure the NPU to boot with the firmware in the
protected memory.
BREAKING CHANGE: The Linux Kernel NPU driver can no longer directly
configure and boot the NPU in a TZMP1 build. The API version has
therefore been given a major version bump with this change.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I65d00f54b3ade3665d7941e270da7a3dec02281a
The SiP service for the Arm(R) Ethos(TM)-N NPU driver will now handle
setting up the address extension and attribute control for the NPU's
streams. The non-secure world will still be allowed to read the address
extension for stream0 but non-secure access to all other streams have
been removed.
The API version has been given a minor bump with this change to indicate
the added functionality.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I2b041ca4a0a2b5cd6344a4ae144f75e137c72592
The SiP service for the Arm(R) Ethos(TM)-N NPU driver will now handle
setting up the NPU's event and aux control registers during the SMC
reset call. The aux control register will no longer be accessible by the
non-secure world.
The API version has been given a minor bump with this change to indicate
the added functionality.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I5b099e25978aa4089c384eb17c5060c5b4eaf373
When the Arm(R) Ethos(TM)-N NPU firmware is loaded by BL2 into protected
memory, the Linux kernel NPU driver cannot access the firmware. To still
allow the kernel driver to access some information about the firmware,
SMC calls have been added so it can check compatibility and get the
necessary information to map the firmware into the SMMU for the NPU.
The API version has been given a minor version bump with this change to
indicate the added functionality.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: Idb076b7bcf54ed7e8eb39be80114dc1d1c45336d
Doing all the SMC call handling in a single function and using specific
names for the x1-4 parameters is no longer practical for upcoming
additions to the SiP service. Handling of the different SMC functions
have therefore been split into separate functions.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: If28da8df0f13c449d1fdb2bd9d792d818ec5e1af
When the Arm(R) Ethos(TM)-N NPU driver is built with TZMP1 support, it
will now validate the NPU firmware binary that BL2 is expected to load
into the protected memory location specified by
ARM_ETHOSN_NPU_IMAGE_BASE.
Juno has been updated with a new BL31 memory mapping to allow the SiP
service to read the protected memory that contains the NPU firmware
binary.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I633256ab7dd4f8f5a6f864c8c98a66bf9dfc37f3
The SiP service in the Arm(R) Ethos(TM)-N NPU driver requires that there
is at least one NPU available. If there is no NPU available, the driver
is either used incorrectly or the HW config is incorrect.
To ensure that the SiP service is not incorrectly used, a setup handler
has been added to the service that will validate that there is at least
one NPU available.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I8139a652f265cfc0db4a37464f39f1fb92868e10
To workaround Arm(R) Ethos(TM)-N NPU erratum 2838783, the NPU has been
configured to allow being woken up by both secure and non-secure events
to make sure that an event always wakes up the NPU.
The API version has been given a minor version bump with this change to
indicate that this fix is included.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I429cdd6bf1e633b4dedf2e94af28937dd892a0ba
For the TZC to allow the Arm(R) Ethos(TM)-N NPU to access the buffers
allocated in a protected memory region, it must include the correct
NSAID for that region in its transactions to the memory. This change
updates the SiP service to configure the NSAIDs specified by a platform
define. When doing a protected access the SiP service now configures the
NSAIDs specified by the platform define. For unprotected access the
NSAID is set to zero.
Signed-off-by: Rajasekaran Kalidoss <rajasekaran.kalidoss@arm.com>
Signed-off-by: Rob Hughes <robert.hughes@arm.com>
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I3360ef33705162aba5c67670386922420869e331
The non-secure world delegation of the register needed to determine if
the Arm(R) Ethos(TM)-N NPU is active or sleeping will be removed in the
future. In preparation for the change, a new SMC call has been added to
allow the non-secure world to ask the SiP service for the state instead.
A minor API version bump has been done with this change to indicate
support for the new functionality.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I1338341be385cf1891f4809efb7083fae6d928bc
Adds a reset type argument for the soft and hard reset SMC calls to
indicate whether to perform a full reset and setup or only halt the
Arm(R) Ethos(TM)-N NPU. For use in cases where the NPU will not be
used but must be put into a known state, such as suspending the NPU
as part of power management.
Signed-off-by: Joshua Pimm <joshua.pimm@arm.com>
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I6018af85a28b0e977166ec29d26f04739123140c
The purpose of this patch is to address the T241 erratum T241-FABRIC-4,
which causes unexpected behavior in the GIC when multiple transactions
are received simultaneously from different sources. This hardware issue
impacts NVIDIA server platforms that use more than two T241 chips
interconnected. Each chip has support for 320 {E}SPIs.
This issue occurs when multiple packets from different GICs are
incorrectly interleaved at the target chip. The erratum text below
specifies exactly what can cause multiple transfer packets susceptible
to interleaving and GIC state corruption. GIC state corruption can
lead to a range of problems, including kernel panics, and unexpected
behavior.
Erratum documentation:
https://developer.nvidia.com/docs/t241-fabric-4/nvidia-t241-fabric-4-errata.pdf
The workaround is to ensure that MMIO accesses target the GIC on the
socket that holds the data, for example SPI ranges owned by the socket’s
GIC. This ensures that the GIC will not utilize the inter-socket AXI
Stream interface for servicing these GIC MMIO accesses.
This patch updates the functions that use the GICD_In{E} registers to
ensure that the accesses are directed to the chip that owns the SPI,
instead of using the global alias.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I04e33ba64eb306bd5fdabb56e63cbe273d8cd632
Fix compilation error when scmi base in enabled.
The following compilation error is visible:
drivers/scmi-msg/base.c: In function 'discover_list_protocols':
include/lib/utils_def.h:70:20: error: comparison of distinct
pointer types lacks a cast [-Werror]
70 | (void)(&_x == &_y); \
| ^~
drivers/scmi-msg/base.c:154:25: note: in expansion of macro 'MIN'
154 | count = MIN(count - a2p->skip,
msg->out_size - sizeof(p2a));
Change-Id: I79e60d4bc9c4f6e78a76099a36ebf4fe5212a7d1
Signed-off-by: Michal Simek <michal.simek@amd.com>
