Device memory region specified in an SP manifest are now validated
against the device memory defined in the SPMC manifest. Therefore
we need to add the device memory used in the tf-a-tests to the SPMC
manifests.
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Change-Id: I47376e67c700705d12338d7078292618a15d5546
Change the header of the license to have 2024, and
replace spaces for a tab.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: If98161ad35e1ead30e1e0d3ddb4cc6348e83d6ee
* changes:
fix(bl1): add missing `__RW_{START,END}__` symbols
fix(fvp): don't check MPIDRs with the power controller in BL1
fix(arm): only expose `arm_bl2_dyn_cfg_init` to BL2
fix(cm): hide `cm_init_context_by_index` from BL1
fix(bl1): add missing spinlock dependency
HW_CONFIG is the hardware description consumed primarly by the Linux
kernel, and for the FVP platform, TF-A runtime firmware (BL31). Due to
both needing it, two copies of this file are made in Trusted DRAM and
SRAM. The copy in Trusted DRAM is a workaround stemming from memory
constraints in SRAM. We temporarily map the range of memory in Trusted
DRAM into BL31 to allow it to consume the configuration. In principle,
however, BL31 execution should be limited to SRAM, hence reduce the
maximum size of the HW_CONFIG to 16KB in order to accommodate it in
SRAM. This is possible since in practice, the HW_CONFIG on FVP is only
about 11KB.
Change-Id: Idb5dc0637b402562b7177a2b4e2464c4f3f67da7
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Ensure consistency across all Arm platforms, even those that may already
have an existing macro for this purpose.
Change-Id: I07cd4cfcacf2c991717f4c115cb0babd2c614d6f
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
The core platform layer requires an implementation for the
`plat_core_pos_by_mpidr` function. This implementation is currently
missing in BL1, which causes undefined reference errors when linking
with LTO.
The FVP platform source file providing this implementation is the
`fvp_topology.c` file, so this change adds it to the BL1 sources for the
FVP.
However, the implementation of this function reaches out to the FVP
power controller driver - `fvp_pm.c` - to validate the MPIDR, and this
file has at least two other dependencies:
- `spe.c`
- `arm_gicvX.c`
Pulling these in correctly is no simple job, so I am simply removing the
power controller validation in BL1 builds.
Change-Id: I56ddf1d799f5fe7f5b0fb2b046f7fe8232b07b27
Signed-off-by: Chris Kay <chris.kay@arm.com>
The `arm_bl2_dyn_cfg_init` function is intended exclusively for BL2 - it
should not be compiled for any other bootloader image. This change hides
it for all but BL2.
Change-Id: I9fa95094dcc30f9fa4cc7bc5b3119ceae82df1ea
Signed-off-by: Chris Kay <chris.kay@arm.com>
FFA_RXTX_MAP now requires the buffers to be in non-secure memory. This
patch ensures that a region of non-secure memory is available so that
tftf tests can pass.
Change-Id: I9daf3182e0dcb73d2bf5a5baffb1b4b78c724dcb
Signed-off-by: Karl Meakin <karl.meakin@arm.com>
This patch modifies the boot manifest to add console information to
be passed from EL3 to RMM.
Boot manifest version is bumped to v0.3
Signed-off-by: Harry Moulton <harry.moulton@arm.com>
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: Iedc4e640fb7a4450ce5ce966ae76936d1b7b742d
Currently, tf-a has been refactored to support the multi UARTs (boot and
runtime UARTs). As a result, the SP_MIN UART related code has been
removed, and the macros are no longer used.
Therefore, this patch removes these unused UART macros.
Change-Id: I496349f876ba918fcafa7ed6c65d149914762290
Signed-off-by: Leo Yan <leo.yan@arm.com>
On the i.MX8M SoCs, TF-A doesn't itself initialize the UART, but depends
on BL2 to set it up beforehand. To allow using the same TF-A binary on
boards with different UART assignment, TF-A On i.MX8M M/N/P supports
dynamically determining the UART in use. The code is also applicable to
the i.MX8MQ, so enable it there too.
Change-Id: I9ba70f7068e762da979bd103390fa006c3a5d480
Signed-off-by: Leonard Göhrs <l.goehrs@pengutronix.de>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Generate SGI to mailbox driver if IPI FIQ occurs due to agents
other than PMC.
Change-Id: Ieefb9f0db4009fe0179b18d30da153ce3f9e134c
Signed-off-by: Tanmay Shah <tanmay.shah@amd.com>
Currently both FEAT_MTE and FEAT_MTE_PERM aren't used for enabling
of any feature bits in EL3. So remove both FEAT handling.
All mte regs that are currently context saved/restored are needed
only when FEAT_MTE2 is enabled, so move to usage of FEAT_MTE2 and
remove FEAT_MTE usage.
BREAKING CHANGE: Any platform or downstream code trying to use
SCR_EL3.ATA bit(26) will see failures as this is now moved to be
used only with FEAT_MTE2 with
commit@ef0d0e5478a3f19cbe70a378b9b184036db38fe2
Change-Id: Id01e154156571f7792135639e17dc5c8d0e17cf8
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
* changes:
style(imx8m): add parenthesis to CSU_HP_REG
feat(imx8mp): restrict peripheral access to secure world
feat(imx8mp): set and lock almost all peripherals as non-secure
feat(imx8mm): restrict peripheral access to secure world
feat(imx8mm): set and lock almost all peripherals as non-secure
feat(imx8m): add defines for csu_sa access security
feat(imx8m): add imx csu_sa enum type defines for imx8m
fix(imx8m): fix CSU_SA_REG to work with all sa registers
prevent changing clock frequency already set in BootBlock based on PLL value
Change-Id: I8b4b53448cc8e703fd88ad6166f85a4fe3ba9e46
Signed-off-by: Margarita Glushkin <rutigl@gmail.com>
This patch gives i.MX8ULP's HIFI4 DSP R/W access to the
following additional resources (peripherals):
1) LPUART7
2) IOMUXC1
3) PCC4
4) CGC1
Doing this allows the firmware running on the DSP to
set up serial communication, which also requires doing
pinctrl and clock management-related operations.
Access to the aforementioned resources is given by
configuring the XRDC module.
Change-Id: Ie3ca9f22bb625b2463870158875f503c3c1d6452
Signed-off-by: Laurentiu Mihalcea <laurentiu.mihalcea@nxp.com>
Reviewed-by: Ye Li <ye.li@nxp.com>
* changes:
feat(rpi): add Raspberry Pi 5 support
fix(rpi): consider MT when calculating core index from MPIDR
refactor(rpi): move register definitions out of rpi_hw.h
refactor(rpi): add platform macro for the crash UART base address
refactor(rpi): split out console registration logic
refactor(rpi): move more platform-specific code into common
Cortex-A720 erratum 2926083 is a Cat B erratum that is present
in revisions r0p0, r0p1 and is fixed in r0p2. The errata is only
present when SPE (Statistical Profiling Extension) is implemented
and enabled.
The workaround is to set bits[58:57] of the CPUACTLR_EL1 to 'b11
when SPE is "implemented and enabled".
SDEN documentation:
https://developer.arm.com/documentation/SDEN2439421/latest
Change-Id: I30182c3893416af65b55fca9a913cb4512430434
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Change the MCKPROT control management. Now, the MCU subsystem
is done in the BL32 using the dedicated clock function.
If using OP-TEE, you will need the corresponding commit [1].
This should be integrated in OP-TEE tag 4.2.0.
[1] e07f9212d5 plat-stm32mp1: shared_resource: disable MCKPROT if
not needed
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I59f90ace750aa93f674389f881e2fe14ad334a72
Deprecation notice was sent to the community and no objection was
raised, so removing mbedtls 2.x support.
Change-Id: Id3eb98b55692df98aabe6a7c5a5ec910222c8abd
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
To be inline with CSU_SA_REG and CSU_HPCONTROL_REG.
Change-Id: Ia7332096312df41a8cf994d58fad76a99493dd02
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
This restricts and locks all security relevant peripherals to only be
changeable by the secure world. Otherwise the normal world can simply
change the access settings and defeat all security measures put in
place.
Change-Id: I248ef8dd67f1de7e528c3da456311bb138b77540
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
This sets and locks all peripheral type-1 masters, except CAAM, access
as non-secure, so that they can't access secure world resources from the
normal world.
The CAAM itself is TrustZone aware and handles memory access between the
normal world and the secure world on its own. Pinning it as non-secure
access results in bus aborts if the secure memory region is protected by
the TZASC380.
Change-Id: Iedf3d67481dc35d56aa7b291749b999a56d6e85e
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
This restricts and locks all security relevant peripherals to only be
changeable by the secure world. Otherwise the normal world can simply
change the access settings and defeat all security measures put in
place.
Change-Id: I484a2c8164e58b68256d829470e00d5ec473e266
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
This sets and locks all peripheral type-1 masters, except CAAM, access
as non-secure, so that they can't access secure world resources from the
normal world.
The CAAM itself is TrustZone aware and handles memory access between the
normal world and the secure world on its own. Pinning it as non-secure
access results in bus aborts if the secure memory region is protected by
the TZASC380.
Change-Id: Idba4d8a491ccce0491489c61e73545baab1889c4
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
Cortex-A715 erratum 2413290 is a Cat B erratum that is present
only in revision r1p0 and is fixed in r1p1. The errata is only
present when SPE(Statistical Profiling Extension) is enabled.
The workaround is to set bits[58:57] of the CPUACTLR_EL1 to 'b11
when SPE is enabled, ENABLE_SPE_FOR_NS=1.
SDEN documentation:
https://developer.arm.com/documentation/SDEN2148827/latest
Change-Id: Iaeb258c8b0a92e93d70b7dad6ba59d1056aeb135
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
The Raspberry Pi 5 is a single-board computer based on BCM2712 that
contains four Arm Cortex-A76 cores.
This change introduces minimal BL31 support with PSCI that has been
validated to boot Linux and a private EDK2 build.
It's a drop-in replacement for the custom TF-A armstub now included in
the EEPROM images.
Change-Id: Id72a0370f54e71ac97c3daa1bacedacb7dec148f
Signed-off-by: Mario Bălănică <mariobalanica02@gmail.com>
RPi 5 has newer Armv8.2 cores where the MT bit is set to indicate that
the lowest affinity level represents a thread, but there is only one
thread per core.
To deal with this, simply right shift MPIDR by one affinity level to get
the cluster and core IDs back into Aff1 and Aff0 as expected.
Change-Id: I2bafba38f82fd9a6ef6f2fdf2c089b754279a6de
Signed-off-by: Mario Bălănică <mariobalanica02@gmail.com>
Detection of the UART in use and GPIO code only apply to RPi 3 and 4.
RPi 5 has a dedicated PL011 debug port.
Change-Id: Iddf8aea01278e2b79b4e7c476740f1add8c419f0
Signed-off-by: Mario Bălănică <mariobalanica02@gmail.com>
In preparation for RPi 5 support, which will reuse most of the RPi 4
logic except for DTB patching.
Change-Id: I6f6ef96933711a1798757a3389adae1b8ee3de6c
Signed-off-by: Mario Bălănică <mariobalanica02@gmail.com>
* changes:
feat(tc): group components into certificates
feat(dice): add cert_id argument to dpe_derive_context()
refactor(sds): modify log level for region validity
feat(tc): add dummy TRNG support to be able to boot pVMs
feat(tc): get the parent component provided DPE context_handle
feat(tc): share DPE context handle with child component
feat(tc): add DPE context handle node to device tree
feat(tc): add DPE backend to the measured boot framework
feat(auth): add explicit entries for key OIDs
feat(dice): add DPE driver to measured boot
feat(dice): add client API for DICE Protection Environment
feat(dice): add QCBOR library as a dependency of DPE
feat(dice): add typedefs from the Open DICE repo
docs(changelog): add 'dice' scope
refactor(tc): align image identifier string macros
refactor(fvp): align image identifier string macros
refactor(imx8m): align image identifier string macros
refactor(qemu): align image identifier string macros
fix(measured-boot): add missing image identifier string
refactor(measured-boot): move metadata size macros to a common header
refactor(measured-boot): move image identifier strings to a common header
This patch resolves the MISRA issues reported in mailing list.
It addresses the following MISRA Rules violations - Rule 15.7 and
Rule 2.4.
* As per Rule 15.7, All if.. else if constructs should be terminated
with an else statement and hence the conditional block
has been changed to switch..case. Updated get_el_str() to include
all EL cases.
* As per Rule 2.4, A project should not contain unused tag declarations,
hence intr_type_desc tag is removed.
* bl31_lib_init is only used in translation unit and hence it's
declaration is removed from bl31.h and the definition is made static to
maintain visibility.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ica1d3041566baf51befcad5fd3714189117ba193
