GIC600 erratum 2384374 is a Category B erratum. Part 1 is fixed
in this patch, and the Part 1 failure mode is described as
'If the packet to be sent is a SET packet, then a higher priority SET
may not be sent when it should be until an unblocking event occurs.'
This is handled by calling gicv3_apply_errata_wa_2384374() in the
ehf_deactivate_priority() path, so that when EHF restores the priority
to the original priority, the interrupt packet buffered
in the GIC can be sent.
gicv3_apply_errata_wa_2384374() is the workaround for
the Part 2 of erratum 2384374 which flush packets from the GIC buffer
and is being used in this patch.
SDEN can be found here:
https://developer.arm.com/documentation/sden892601/latest/
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I4bb6dcf86c94125cbc574e0dc5119abe43e84731
Update all references to DRTM beta0 to be 1.0 instead.
Signed-off-by: Stuart Yoder <stuart.yoder@arm.com>
Change-Id: Ieda70f26f3be42f4705e9b267706674c94f120f2
The DRTM 1.0 spec changed the Firmware hash algorithm field
size from 32-bits to 16-bits.
Signed-off-by: Stuart Yoder <stuart.yoder@arm.com>
Change-Id: I713e32e01b1983bf21d97c93bbb28c77dc94a541
Change the names of some FWU metadata structure members to have them
align with the wording used in the corresponding specification. Use
the GUID type instead of UUID as the fields described in the
specification are GUIDs. Make corresponding changes to the code that
accesses these fields. No functional changes are introduced by the
patch.
Change-Id: Id3544ed1633811b0eeee2bf99477f9b7e6667044
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
The GPT partition uses GUID values for identification of partition
types and partitions. Change the relevant functions to use GUID values
instead of UUID's.
Change-Id: I30df66a8a02fb502e04b0285f34131b65977988e
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Add a function fwu_get_alternate_boot_bank() to return a valid bank to
boot from. This function can be called by a platform to get an
alternate bank to try to boot the platform in the unlikely scenario of
the active bank being in an invalid state, or if the number of times
the platform boots in trial state exceeds a pre-set count.
Change-Id: I4bcd88e68e334c452882255bf028e01b090369d1
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
The version 2 of the FWU metadata structure has a field bank_state in
the top level of the structure which can be used to check if a given
bank is in the either of Trial State, Accepted State, or in an Invalid
State. This is different from the binary states of Valid/Accepted
States that the bank could be in, as defined in the earlier version of
the specification.
Replace the fwu_is_trial_run_state() API with
fwu_get_active_bank_state() to get the state the current active bank
is in. The value returned by this API is then used by the caller to
take appropriate action.
Change-Id: I764f486840a3713bfe5f8e03d0634bfe09b23590
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
The latest version of the FWU specification [1] has changes to the
metadata structure. This is version 2 of the structure.
Primary changes include
- bank_state field in the top level structure
- Total metadata size in the top level structure
- Image description structures now optional
- Number of banks and images per bank values part of the structure
Make changes to the structure to align with version 2 of the structure
defined in the specification. These changes also remove support for
version 1 of the metadata structure.
[1] - https://developer.arm.com/documentation/den0118/latest/
Change-Id: I84b4e742e463cae92375dde8b4603b4a581d62d8
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Update the links for accessing the FWU Multi Bank update specification
to point to the latest revision of the specification.
Change-Id: I25f35556a94ca81ca0a7463aebfcbc2d84595e8f
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Datastore symbol used by EL3 SPMC is not relocated at
boot time when using ENABLE_PIE=1.
Use linker script markers instead of symbol.
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Change-Id: If22d2fc8deacc74c73d7dc51bb70093935d9fa2b
For a feature to be used at lower ELs, EL3 generally needs to disable
the trap so that lower ELs can access the system registers associated
with the feature. Lower ELs generally check ID registers to dynamically
detect if a feature is present (in HW) or not while EL3 Firmware relies
statically on feature build macros to enable a feature.
If a lower EL accesses a system register for a feature that EL3 FW is
unaware of, EL3 traps the access and panics. This happens mostly with
EL2 but sometimes VMs can also cause EL3 panic.
To provide platforms with capability to mitigate this problem, UNDEF
injection support has been introduced which injects a synchronous
exception into the lower EL which is supposed to handle the
synchronous exception.
The current support is only provided for aarch64.
The implementation does the following on encountering sys reg trap
- Get the target EL, which can be either EL2 or EL1
- Update ELR_ELx with ELR_EL3, so that after UNDEF handling in lower EL
control returns to original location.
- ESR_ELx with EC_UNKNOWN
- Update ELR_EL3 with vector address of sync exception handler with
following possible causes
- Current EL with SP0
- Current EL with SPx
- Lower EL using AArch64
- Re-create SPSR_EL3 which will be used to generate PSTATE at ERET
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I1b7bf6c043ce7aec1ee4fc1121c389b490b7bfb7
Following utility functions/bit definitions done
- Write a helper function to return the presence of following features
- FEAT_UAO
- FEAT_EBEP
- FEAT_SEBEP
- FEAT_SSBS
- FEAT_NMI
- FEAT_PAN
- Add definition of some missing bits of SPSR.
- Add GCSCR_EL1 register encoding and accessor function.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ifcead0dd8e3b32096e4ab810dde5d582a889785a
* changes:
refactor(tc): correlate secure world addresses with platform_def
feat(tc): add memory node in the device tree
feat(tc): pass the DTB address to BL33 in R0
feat(tc): add arm_ffa node in dts
chore(tc): add dummy entropy to speed up the Linux boot
feat(tc): choose the DPU address and irq based on the target
feat(tc): add SCMI power domain and IOMMU toggles
refactor(tc): move the FVP RoS to a separate file
feat(tc): factor in FVP/FPGA differences
feat(tc): introduce an FPGA subvariant and TC3 CPUs
feat(tc): add TC3 platform definitions
refactor(tc): sanitise the device tree
feat(tc): add PMU entry
feat(tc): allow booting from DRAM
chore(tc): remove unused hdlcd
feat(tc): add firmware update secure partition
feat(tc): add spmc manifest with trusty sp
refactor(tc): unify all the spmc manifests
feat(arm): add trusty_sp_fw_config build option
fix(tc): do not enable MPMM and Aux AMU counters always
fix(tc): correct interrupts
feat(tc): interrupt numbers for `smmu_700`
feat(tc): enable gpu/dpu scmi power domain and also gpu perf domain
With new TC revisions, memory banks move around which requires an update
in platform_def. It also requires an update in the device tree which
doesn't come naturally. To avoid this, add the memory node such that it
uses the macros defined in platform_def.
By doing this we can put u-boot out of its misery in trying to come up
with the correct memory node and tf-a's device tree becomes complete.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ia92cc6931abb12be2856ac3fb1455e4f3005b326
Also increase add PLAT_ARM_SP_MAX_SIZE to override the default
ARM_SP_MAX_SIZE to support Trusty image and move OPTEE_SP_FW_CONFIG
documentation to build-internals.rst as it's not externally set-able.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ief90ae9113d32265ee2200f35f3e517b7b9a4bea
Similar to the refactoring process followed for EL2 system registers,
moving the save and restore routines of EL1 system registers into C
file, thereby reducing assembly code.
Change-Id: Ib59fbbe2eef2aa815effe854cf962fc4ac62a2ae
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Address the coding style issue that arose from patch [1], which
was inadvertently overlooked during the CI check.
[1]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/26263
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I280766fddf0e9e366bb2376c52a6907093b0d958
* changes:
docs: update FVP TC2 model version and build (11.23/17)
fix(tc): increase BL2 maximum size limit
refactor(tc): update platform tests
feat(rss): add defines for 'type' range and use them in psa_call()
feat(rss): adjust parameter packing to match TF-M changes
refactor(tc): remap console logs
Update the TC's platform test Makefile and related common definitions
to correspond to newer TF-M code (commit hash: 4ab7a20).
Change-Id: I6ef3effe194a780a0533f9c0c2eab9d0f4efc1fc
Signed-off-by: David Vincze <david.vincze@arm.com>
Add a second SDS region on the TC platform for communication with RSS.
RSS needs to share data with AP during early boot over shared memory
to support DPE. Reserve a memory region right after the SCMI secure
payload areas from unused memory.
Change-Id: I3a3a6ea5ce76531595c88754418602133a283c42
Signed-off-by: David Vincze <david.vincze@arm.com>
Extend the SDS driver to be able to handle multiple
SDS regions:
- AP-SCP
- AP-RSS
Change-Id: Id303840b248c383b3f960227cbf6333d1cc75e65
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Use cache clean and invalidate of data and allocation tags by PA to PoPA
maintenance instruction (dc cigdpapa) in the GPT library upon changing
the PAS for a memory region. This is required to flush allocation tags
when MTE2 (and above) is implemented.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I4b70afb297f693b1d446839607922c47111ce063
Add support for feat mte2. tfsr_el2 is available only with mte2,
however currently its context_save/restore is done with mte rather than
mte2, so introduce 'is_feat_mte2_supported' to check mte2.
Change-Id: I108d9989a8f5b4d1d2f3b9865a914056fa566cf2
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
A normal world caller can emit an SMC with the SVE hint bit set such
that the callee can perform an optimization by omitting to save/restore
the SVE context. Update the SPMD to pass this information to the SPMC
when set by the caller in the SMC flags parameter.
For now, restrict this behavior to the SPMC living at S-EL2.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Icf46eb8a391dd3ddd2ee6aff8581a2f1c8a1c274
* changes:
fix(spe): invoke spe_disable during power domain off/suspend
feat(psci): add psci_do_manage_extensions API
fix(arm_fpga): halve number of PEs per core
Added SiP calls to FVP platform to protect/unprotect a
memory range.
These leverage rme features to change the PAS of a given
memory range from non-secure to secure.
The mentioned call is leveraged by the SPMC in the memory
sharing flow, when memory is shared from the normal world
onto the secure world.
More details in the SPM related patches.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Iaf15d8603a549d247ffb1fc14c16bfb94d0e178a
Cortex-A715 erratum 2561034 is a Cat B erratum that applies to
revision r1p0 and is fixed in r1p1.
The workaround is to set bit[26] in CPUACTLR2_EL1. Setting this
bit is not expected to have a significant performance impact.
SDEN documentation:
https://developer.arm.com/documentation/SDEN2148827/latest
Change-Id: I377f250a2994b6ced3ac7d93f947af6ceb690d49
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
When trying to compile USB stack for STM32MP2, the following warning
happens:
In file included from plat/st/stm32mp2/stm32mp2_usb_dfu.c:7:
include/drivers/usb_device.h:193:9: error: unknown type name 'bool'
193 | bool is_in;
Correct it by adding: #include <stdbool.h>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: If17e4e269fcdc885e42f5fcad9cfb763829786e4
Adding a new API under PSCI library,for managing all the architectural
features, required during power off or suspend cases.
Change-Id: I1659560daa43b9344dd0cc0d9b311129b4e9a9c7
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
SCR_EL3.EEL2 bit enabled denotes that the system has S-EL2 present and
enabled, Ideally this bit is constant throughout the lifetime and
should not be modified. Currently this bit is initialized in the context
mgmt code where each world copy of the SCR_EL3 register has this bit set
to 1, but for the time duration between the RESET and the first exit to
a lower EL this bit is zero.
Modifying SCR_EL3.EEL2 along with EA bit at RESET does also helps in
mitigating against ERRATA_V2_3099206.
For details on Neoverse V2 errata 3099206, refer the SDEN document
given below.
https://developer.arm.com/documentation/SDEN-2332927/latest
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: If8b2bdbb19bc65391a33dd34cc9824a0203ae4b1
Reading the SCMI mailbox status in polling mode causes a burst of bus
accesses. On certain platforms, this would not be ideal as the shared
bus on the CPU subsystem might cause contentions across all the CPUs.
So allow platforms to specify a delay to be introduced while polling.
Change-Id: Ib90ad7b5954854071cfd543f4a27a178dde3d5c6
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
The ChromeOS will use the SMC to pass some secrets from firmware to
optee.
Change-Id: Iaf3357d40a7ed22415926acd9d7979df24dd81f1
Signed-off-by: Yi Chou <yich@google.com>
Exception handling framework (EHF) changes the semantics of interrupts,
sync and async external aborts. As far as interrupts are concerned it
changes the routing model of foreign interrupts (FIQs) by changing
SCR_EL3.FIQ to 1 for both non-secure and secure except when SPMD is
used along with Hafnium/SPM at S-EL2 [1].
For NS world it means : G1S and G0 interrupts are routed to EL3
For Secure world it means : G1NS and G0 are routed to EL3
There is no upstream use case utilizing EHF and re-routing EL3
interrupts to the Secure world except when SPM_MM is present.
Modify the FIQ routing model during EHF init just for known use cases,
Always for NS world and for secure world only if SPM_MM is present.
[1]:https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/16047
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ic292bbe8dd02d560aece5802d79569d868d8500f
* changes:
feat(arm): move GPT setup to common BL source
feat(arm): retrieve GPT related data from platform
refactor(arm): rename L0/L1 GPT base macros
