The version 2 of the FWU metadata structure is designed such that the
information on the updatable images can be omitted from the metadata
structure. Add a config flag, PSA_FWU_METADATA_FW_STORE_DESC, which is
used to select whether the metadata structure has this information
included or not. It's value is set to 1 by default.
Change-Id: Id6c99455db768edd59b0a316051432a900d30076
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Update the links for accessing the FWU Multi Bank update specification
to point to the latest revision of the specification.
Change-Id: I25f35556a94ca81ca0a7463aebfcbc2d84595e8f
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
For a feature to be used at lower ELs, EL3 generally needs to disable
the trap so that lower ELs can access the system registers associated
with the feature. Lower ELs generally check ID registers to dynamically
detect if a feature is present (in HW) or not while EL3 Firmware relies
statically on feature build macros to enable a feature.
If a lower EL accesses a system register for a feature that EL3 FW is
unaware of, EL3 traps the access and panics. This happens mostly with
EL2 but sometimes VMs can also cause EL3 panic.
To provide platforms with capability to mitigate this problem, UNDEF
injection support has been introduced which injects a synchronous
exception into the lower EL which is supposed to handle the
synchronous exception.
The current support is only provided for aarch64.
The implementation does the following on encountering sys reg trap
- Get the target EL, which can be either EL2 or EL1
- Update ELR_ELx with ELR_EL3, so that after UNDEF handling in lower EL
control returns to original location.
- ESR_ELx with EC_UNKNOWN
- Update ELR_EL3 with vector address of sync exception handler with
following possible causes
- Current EL with SP0
- Current EL with SPx
- Lower EL using AArch64
- Re-create SPSR_EL3 which will be used to generate PSTATE at ERET
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I1b7bf6c043ce7aec1ee4fc1121c389b490b7bfb7
Following utility functions/bit definitions done
- Write a helper function to return the presence of following features
- FEAT_UAO
- FEAT_EBEP
- FEAT_SEBEP
- FEAT_SSBS
- FEAT_NMI
- FEAT_PAN
- Add definition of some missing bits of SPSR.
- Add GCSCR_EL1 register encoding and accessor function.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ifcead0dd8e3b32096e4ab810dde5d582a889785a
This change updates the Node Version Manager version file to the latest
long-term release version of Node.js, v20.11.1, and the Node.js Package
Manager package file to require Node.js version v20 or later.
Additionally, all Node.js modules have been updated, as some packages
required additional accommodations to be made compatible with this
version of Node.js.
As part of this, the `.commitlintrc.js` has been rewritten from CommonJS
to ECMAScript. There should be no impact on the behaviour of Commitlint,
but this was was a requirement to allow Commitlint to continue using it
for configuration.
Change-Id: I7043faabc516c58edda9e58848b0569e2158b271
Signed-off-by: Chris Kay <chris.kay@arm.com>
While loading partition entries, calculate CRC using tf_crc32() for each
entry to find the full CRC value of the partition entry array.
The start of the GPT partition entry array is located at the LBA
indicated by the partition entry array LBA field in the GPT header. The
size of the partition entry array is indicated by the size of partition
entry multiplied by the number of partition entries.
Compare the calculated CRC with the partition entry array CRC in the GPT
header, error out if the values do not match.
Change-Id: I4bfed8cf903125c1ef3fac2f0f4c0fb87d63aa78
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Alter the function parameter to pass the full GPT header to be filled
instead of the starting LBA of the array of partion entries to
load_partition_gpt()
Change-Id: Ib3dde62d5b9996e74157714634bea748bd3b55aa
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
* changes:
refactor(tc): correlate secure world addresses with platform_def
feat(tc): add memory node in the device tree
feat(tc): pass the DTB address to BL33 in R0
feat(tc): add arm_ffa node in dts
chore(tc): add dummy entropy to speed up the Linux boot
feat(tc): choose the DPU address and irq based on the target
feat(tc): add SCMI power domain and IOMMU toggles
refactor(tc): move the FVP RoS to a separate file
feat(tc): factor in FVP/FPGA differences
feat(tc): introduce an FPGA subvariant and TC3 CPUs
feat(tc): add TC3 platform definitions
refactor(tc): sanitise the device tree
feat(tc): add PMU entry
feat(tc): allow booting from DRAM
chore(tc): remove unused hdlcd
feat(tc): add firmware update secure partition
feat(tc): add spmc manifest with trusty sp
refactor(tc): unify all the spmc manifests
feat(arm): add trusty_sp_fw_config build option
fix(tc): do not enable MPMM and Aux AMU counters always
fix(tc): correct interrupts
feat(tc): interrupt numbers for `smmu_700`
feat(tc): enable gpu/dpu scmi power domain and also gpu perf domain
They are very scattered, hard to read, and especially hard to track
down. As a result some are duplicate and some are overridden in the
downstream as it's simpler.
Put all variables at the top of the platform makefile. Also drop setting
variables that don't change from their default values
(CTX_INCLUDE_EL2_REGS, ARCH, ENABLE_FEAT_RAS, SDEI_SUPPORT,
EL3_EXCEPTION_HANDLING, HANDLE_EA_EL3_FIRST_NS, ENABLE_SPE_FOR_NS).
While we're at it, add some variables that are necessary. SPMD
requires MTE registers to be saved, BRANCH_PROTECTION, as well as
running at SEL2. All of our CPUs are Armv8.7 compliant so we can have
ARM_ARCH_MINOR=7 (and drop ENABLE_TRF_FOR_NS which it includes).
Finally, drop the override directives as there's no reason to prohibit
experimentation (even if incorrect).
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I6ac596934952aab8abf5d4db5220e13a4941a10c
Similarly to the memory node in the NS device tree, platform_def already
defines all the necessary values to populate the spmc manifest and NS
related entries automatically. Use the macros directly so any changes
can propagate automatically.
The result of this is that TC3 and above get correct secure world
manifests automatically. They were previously broken.
One "breaking" change is that the FWU region moves. This should have
happened previously but it was missed when the secure portion of DRAM
was increased, leaving it in secure memory. This was caught when going
over the definitions and correlating them should prevent this in the
future.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I1415e402be8c70f5e22f28eabddcb53298c57a11
Now that tf-a passes the DTB address to BL33, its location doesn't
matter. Since we declare a fixed size for it (32K) put it at the start
of ram to not fragment memory. This has the added benefit of
"supporting" larger kernel sizes which are breaking with the current
location.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ib0e4e5cf780bd58a49a34d72085b0a0914c340ed
With new TC revisions, memory banks move around which requires an update
in platform_def. It also requires an update in the device tree which
doesn't come naturally. To avoid this, add the memory node such that it
uses the macros defined in platform_def.
By doing this we can put u-boot out of its misery in trying to come up
with the correct memory node and tf-a's device tree becomes complete.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ia92cc6931abb12be2856ac3fb1455e4f3005b326
The DTB that tf-a loads is already used in BL33 directly with the
address hardcoded. As this address is prone to changing, pass it forward
so we can avoid breakage in the future.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I7a42f72ecc00814b9f0a4bf5605d70cb53ce2ff4
For u-boot to use the device tree itself it needs to know about the
arm_ffa module. This is not relevant to linux but it doesn't hurt as it
won't use it.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I6e75659e4950c62ce7377dc7941225eb5d7a3d8d
If the kernel is post 5.19 and is configured with
CONFIG_RANDOM_TRUST_BOOTLOADER=y then entropy can be passed to
Linux via the device tree. This avoids delaying the Linux boot
waiting for entropy. This is particularly noticeable when
booting android but also speeds up the generation of the ssl
certificates.
Signed-off-by: Ben Horgan <ben.horgan@arm.com>
Change-Id: I4c6136c54f0e971802a2a9de9f88cd32b610dce9
Currently there are two configurations for DPU
Config 1: Address - 0x2CC0_0000 IRQ - 101
Config 2: Address - 0x40_0000_0000 IRQ - 547
Config 1 is used by all FPGA and TC0, TC1 and TC2 FVPs
Config 2 is used by TC3 FVP currently
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
Change-Id: If0097441b6ab90f58911df032e45f6bf06fc7909
Compile-time controls have been added for the following:
* SCMI power domain use for DPU and GPU.
* SMMU-700: planned rework required to use IOMMU correctly
for DPU and GPU.
These will allow easier experimentation in the future without
ad-hoc changes needed in the dts file for any sort of analysis
that requires testing different paths.
For TC3 however, the DPU is in an always on power domain so SCMI power
domains are not supported.
Co-developed-by: Tintu Thomas <tintu.thomas@arm.com>
Signed-off-by: Kshitij Sisodia <kshitij.sisodia@arm.com>
Change-Id: If6179a3e4784c1b69f0338a8d52b552452c0eac1
In trying to use the same DTS for the FVP and FPGA subvariants we need
to keep track of what is different. Move the FVP RoS, which is different
to the FPGA's, to reduce the number of ifdefs and make FVP-only changes
easier.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ib7999d3e39de55ab4a30e68dd81f95120be15a8c
Even though the FVP and FPGA are meant to be identical their RoS's (rest
of system) are different. Factor these in so the device tree works for
both. The differences are:
* addresses of GIC and UART
* displays (FPGA uses 4k)
* ethernet devices and SD card (it's non removable on the FPGA)
Their frequencies are also different. The FVP simulates certain
frequencies but isn't very sensitive when we disregard them. To keep
code similar, update them with the FPGA values. This keeps working on
FVP even if slightly incorrect.
Also add an option for the DPU to either use fixed clocks or SCMI set
clocks, hidden behind a flag. This is useful during bringup and because
SCMI may not necessarily work on FPGA.
Co-developed-by: Kshitij Sisodia <kshitij.sisodia@arm.com>
Co-developed-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Co-developed-by: Usama Arif <usama.arif@arm.com>
Co-developed-by: Angel Rodriguez Garcia <angel.rodriguezgarcia@arm.com>
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ic7a4bfc302673a3a6571757e23a9e6184fba2a13
TC is getting an FPGA port alongside the FVP. It is meant to be
identical, but the core configurations on TC2 differ (there are 14 in an
odd arrangement).
Introduce these differences and gate them behind a new TARGET_FLAVOUR
flag which defaults to FVP for compatibility.
While updating CPUs, it's a good time to do TC3 too. It has different
cores in a different configuration again, so it needs different capacity
values. Those have been derived using GeekBench 6.0 ST on the FPGA.
Finally GPU and DPU power domains are 1 above the CPUs so make that
relative.
In the end, the big/mid/little configurations are:
* TC2 FVP: 1/3/4
* TC2 FPGA: 2/3/5/4 (the 3 is a big "min" core)
* TC3 both: 2/4/2 (with new capacities)
Co-developed-by: Tintu Thomas <tintu.thomas@arm.com>
Co-developed-by: Kshitij Sisodia <kshitij.sisodia@arm.com>
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I3c3a10d6727f5010fd9026a404df27e9262dff6b
TC3 is a little different from TC2:
* new address for its second DRAM bank
* new CPUs
* a few interrupts have changed
* new SCP MHU base address.
* utility space address (needed for MPAM) is different
* no CMN (and therefore cmn-pmu)
* the uart clock is different
This requires the dts to be different between revisions for the first
time. Introduce a tc_vers.dtsi that includes only definitions for things
that are different.
Signed-off-by: Tintu Thomas <tintu.thomas@arm.com>
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I2940d87a69ea93502b7f5a22a539e4b70a63e827
We have lots of errors in our device tree when running dt-validate.
Remove the majority so that dt-validate-ing is useful now.
Do this by renaming nodes to conform to spec, making addresses lowercase
with no 0x at the front, and removing nodes that shouldn't be there.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I1840f0f5de34a56ee240c07eff08d73c856b338e
TC has PMUs with interrupts in all cores and Linux needs to be told
about them.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ice0e6dab396b90c05f4b9668623ba7b3556a53ac
In some occasions it is useful to boot with the rest of system (RoS)
disabled. With no RoS there's no flash so we need to put images
somewhere and that's in the DRAM1 bank. If we want to access it it needs
to be mapped to memory.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I45e0fbb016e8f615d41b6ad9da0d1e7b466ece72
The hdlcd device tree node is not in use for any TC incarnation. The DPU
replaces it. So drop it.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I5393435e36d8307bef909a6519cb40305b77f0cf
Firmware update is a trusted service secure partition that implements
the PSA firmware update specification. It executes in the secure world
in total compute platform. To make it fit with Op-tee we need to reduce
its available memory.
Also, reserve 4 MB for stmm communication used for firmware update.
The firmware update secure partition and u-boot communicates using the
stmm communication layer and it needs a dedicated memory region.
Co-developed-by: Sergio Alves <sergio.dasilvalves@arm.com>
Co-developed-by: Davidson K <davidson.kumaresan@arm.com>
Signed-off-by: Tudor Cretu <tudor.cretu@arm.com>
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I0427549845f6c7650b8ef4e450d387fe9702a847
The manifests describe the same hardware layout with only the secure
partitions being different. Factor it out so it can be shared and only
add the VM information separately.
This has some deliberate side effects: the test configuration gets the
full secure memory address space and drops the 0x7000000 region as that
was accidentally copied over from the FVP platform and doesn't apply to
TC.
Also optee unconditionally gets the smaller mem_size as it's been
working fine and simplifies the manifest.
Small touch up is that mem_size-s are now in hex but otherwise the same
number.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Iea23f9769235eea32afa374952b9a0e4f6d3e9a1
Also increase add PLAT_ARM_SP_MAX_SIZE to override the default
ARM_SP_MAX_SIZE to support Trusty image and move OPTEE_SP_FW_CONFIG
documentation to build-internals.rst as it's not externally set-able.
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ief90ae9113d32265ee2200f35f3e517b7b9a4bea
There are requirements in which the MPMM and Auxiliary AMU counters have
to be disabled. Hence removing the "override" here which helps in
disabling them during the build.
Change-Id: I2c0a808d5d9968082a508a9206e34f7a57f2e33a
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
The gic and trbe0 are listed as active high, but the spec says they are
triggered on active low. Correct according to the spec.
While we're at it, convert all interrupts to use the macros so hopefully
no such confusion happens again.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I2fc01cf0a34b031b95219b9656b613a19a2e9b2a
The scmi-perf-domain property is a custom property while we
wait for proper support in the kernel for using the scmi_pm_domain
driver and scmi_perf_domain driver at the same time.
GPU operating points are now in the SCP firmware.
Change-Id: Ib6d8f52c8bf69194b1d2da4e065a34c4a341c221
Signed-off-by: Ben Horgan <ben.horgan@arm.com>
This is an effort to optimise the unused members in the cpu_context_t
structure. TF-A statically allocates memory for context entry for
each wolrd per PE. Some of the members in this struct are not used
for all the build combinations.
RMM in particular, is not using this context member and henceforth
removing them.
Change-Id: Ia5bf9c8dfef6e856ba6d88fa678876c704d42858
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Similar to the refactoring process followed for EL2 system registers,
moving the save and restore routines of EL1 system registers into C
file, thereby reducing assembly code.
Change-Id: Ib59fbbe2eef2aa815effe854cf962fc4ac62a2ae
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
This change includes adding new CORSTONE1000_WITH_BL32 preprocessor
flag on the basis of NEED_BL32 flag. This flag allows us to run the
TF-A with or without loading BL32 image. This feature is required to
add the support of Corstone-1000 FVP in TF-A open CI.
After this, we can run the TF-A tftf tests with or without
executing BL32 image, which is optee in case of Corstone-1000.
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Change-Id: Idacbd3883473473841481a2032314db8c9715b1f
Default values for toolchain tools are instead provided by the main
toolchain makefile, rather than a parent makefile. This was an oversight
from a previous version of the original toolchain refactor patch.
Change-Id: I75752ed7874b36e1c679d94292a2664e234c484b
Signed-off-by: Chris Kay <chris.kay@arm.com>
