Split the smmuv3_init() to separate smmuv3_security_init() from it in
order to allow skipping the default deny policy on reset for certain
SMMUv3 implementations.
Additionally, fix a couple of MISRA warnings.
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: I2127943e709dd1ded34145bd022c930e351bbb4a
The SMMU_S_INIT register definition in the Arm SMMUv3 specification
says that if SMMUv3 has REALM_IMPL == 1 then it is root firmware’s
responsibility to write to INV_ALL before enabling granule protection
checks. So fix this flow during smmuv3 init.
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: Ied9325e1658950c04f06c62485eeab3f28ca1285
Address the coding style issue that arose from patch [1], which
was inadvertently overlooked during the CI check.
[1]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/26263
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I280766fddf0e9e366bb2376c52a6907093b0d958
* changes:
docs: update FVP TC2 model version and build (11.23/17)
fix(tc): increase BL2 maximum size limit
refactor(tc): update platform tests
feat(rss): add defines for 'type' range and use them in psa_call()
feat(rss): adjust parameter packing to match TF-M changes
refactor(tc): remap console logs
This patch does following two changes
- Create a separate routine for saving/restoring GIC el2 system registers
- To access ICC_SRE_EL2 register there was a workaround to set
SCR_EL3.NS before accessing it. This was required because SCR_EL3.EEL2
was zero. But with commit f105dd5fa this bit has been set to one early
on in booting process for a system with FEAT_SEL2 present and S-EL2
enabled.
However, we still need the workaround for a system which needs
save/restore of EL2 registers without secure EL2 being enabled e.g.
system with Non-secure and Realm world present.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I8d55c3dc6a17c4749748822d4a738912c1e13298
Fixes a dangling pointer bug in `spmc_ffa_console_log`.
`chars` was assigned to an array which went out of scope at the end of
the `if`/`else` block.
The solution is to `memcmpy` from the temporary array into `chars`,
which is now an array.
Signed-off-by: Karl Meakin <karl.meakin@arm.com>
Change-Id: I67d19ea25d09b72f38fcc67dab4acf449aa8f1b1
Exclude the threat of power analysis side-channel attacks
from consideration in the TF-A generic threat model.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I5b245f33609fe8948e473ce4484898db5ff8db4d
On FVP's the default SRAM size is severly restrictive. However, more
recent models support larger SRAM configurations (> 256 Kb). We
introduced the flag FVP_TRUSTED_SRAM_SIZE to allow for TF to handle
different configurations.
BL31 automatically benefits from this optimisation since it starts from
the bottom of shared memory, and runs up to the end of SRAM. Increase
the size of all BL2 builds in proportion to FVP_TRUSTED_SRAM_SIZE so
that BL2 covers around a third of SRAM.
Change-Id: Idf37e8cb86507ea44b97ac8b3b90fffefe13f57a
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Update the FVP TC2 model version and build (11.23/17) to match
the version used for testing in TF-A OpenCI.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ic7411ee4863428b7dfbe43cf39abfc2269f3c3ae
Increase the size of BL2 to build TC2 with GPT support enabled
and a config modification of mbedTLS.
Change-Id: I6d2f466144f2bbffd3387bc40bc86ab733febce1
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Update the TC's platform test Makefile and related common definitions
to correspond to newer TF-M code (commit hash: 4ab7a20).
Change-Id: I6ef3effe194a780a0533f9c0c2eab9d0f4efc1fc
Signed-off-by: David Vincze <david.vincze@arm.com>
Remap TF-A console logs from SoC UART2 (S1 terminal) to CSS
secure (UART1_AP terminal) and Linux logs from SoC UART2
(S1 terminal) to CSS non-secure (UART_AP terminal) to align
with the latest FVP TC2 model (version 11.23/17).
Change-Id: I7206e64b65346bfdcc48d6acd3792b436041e45f
Signed-off-by: Annam Sai Manisha <annam.saimanisha@arm.com>
Add a second SDS region on the TC platform for communication with RSS.
RSS needs to share data with AP during early boot over shared memory
to support DPE. Reserve a memory region right after the SCMI secure
payload areas from unused memory.
Change-Id: I3a3a6ea5ce76531595c88754418602133a283c42
Signed-off-by: David Vincze <david.vincze@arm.com>
Update SDS driver calls to align with recent
changes [1] of the SDS driver.
- The driver now requires us to explicitly pass
the SDS region id to act on.
- Implement plat_sds_get_regions() platform function
which is used by the driver to get SDS region
information per platform.
[1]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/24609/
Change-Id: I3447855fbe7427376d5f7aa0ba7356fe2f14d567
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Update SDS driver calls to align with recent
changes [1] of the SDS driver.
- The driver now requires us to explicitly pass
the SDS region id to act on.
- Implement plat_sds_get_regions() platform function
which is used by the driver to get SDS region
information per platform.
[1]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/24609/
Change-Id: I942599edb4d9734c0455f67c6b5673aace62e444
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Update SDS driver calls to align with recent
changes [1] of the SDS driver.
- The driver now requires us to explicitly pass
the SDS region id to act on.
- Implement plat_sds_get_regions() platform function
which is used by the driver to get SDS region
information per platform.
[1]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/24609/
Change-Id: I67aebfe0e2a82d1f5fc2d26653698a552350b387
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Update SDS driver calls to align with recent
changes [1] of the SDS driver.
- The driver now requires us to explicitly pass
the SDS region id to act on.
- Implement plat_sds_get_regions() platform function
which is used by the driver to get SDS region
information per platform.
[1]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/24609/
Change-Id: Ifa4595278e094849bea2796ead58e85de98baaf9
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Extend the SDS driver to be able to handle multiple
SDS regions:
- AP-SCP
- AP-RSS
Change-Id: Id303840b248c383b3f960227cbf6333d1cc75e65
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Use cache clean and invalidate of data and allocation tags by PA to PoPA
maintenance instruction (dc cigdpapa) in the GPT library upon changing
the PAS for a memory region. This is required to flush allocation tags
when MTE2 (and above) is implemented.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I4b70afb297f693b1d446839607922c47111ce063
Add support for feat mte2. tfsr_el2 is available only with mte2,
however currently its context_save/restore is done with mte rather than
mte2, so introduce 'is_feat_mte2_supported' to check mte2.
Change-Id: I108d9989a8f5b4d1d2f3b9865a914056fa566cf2
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
This model has been subsumed by the `FVP_Base` model, which is now
available publicly. We no longer have a need to test the Foundation
model, and can shave off a few minutes of CI time by removing it.
Change-Id: Iaa0f23f2efd9ba431d06c8da2be14b76f6974b0a
Signed-off-by: Chris Kay <chris.kay@arm.com>
* changes:
Revert "fix(ti): do not take system power reference in bl31_platform_setup()"
refactor(ti): remove ti_sci_init function
fix(k3): increment while reading trail bytes
Remove any residual RSS usage in the FVP platform, complementing the
changes made in commit dea307fd6c.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I9ced272503456361610ec0c7783d270349233926
Explain that platforms are free to define their own Chain of Trust (CoT)
based on their needs but default ones are provided in TF-A source code:
TBBR, dualroot and CCA.
Give a brief overview of the use case for each of these CoTs.
Simplified diagrams are also provided for the TBBR and dualroot CoTs -
CCA CoT is missing such a diagram right now, it should be provided as a
future improvement.
Also do some cosmetic changes along the way.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I7c4014d4d12d852b0ae5632ba9c71a9ad266080a
To properly update pyproject.toml & docs/conf.py, we should manage
several digits for version number (the 10 for VERSION_MINOR), and the
VERSION_PATCH.
Change-Id: I612338fd2896f3fe614f23d14f56d58d43318a11
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Having a comment at the end of VERSION_PATCH definition line prevent
the release script to work properly. Move it on the previous line.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I4008ccbccd512edf33f67c645b38937ad1af9777
qemu/qemu_sbsa platforms support wide selection of cpu cores. From
Cortex-A57 (v8.0) to Neoverse-N2 (v9.0) one. Only the last one (and
'max' which supports everything possible) supports FEAT_SB.
Runtime check for ENABLE_FEAT_SB does not work in our case and we want
to have working platform.
Change-Id: Ic27d5af20ad76ae44c4211d28694e91ec62bddc1
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
In gicv3_main.c the function is_sgi_ppi() returns true when its
sgi/ppi or false when the interrupt number matches an spi interrupt.
Introducing a new API is_valid_interrupt() which validates if
an interrupt number matches SGI/PPI or SPI as a valid interrupt,
any other interrupt number is considered invalid and panics.
Change-Id: Idce8f5432a94c8d300b9408cf5b2502c60e13318
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
