In order to support a platform without MHU in RSE, update the flag
PLAT_MHU_VERSION. It is renamed PLAT_MHU and can take the following
entries: NO_MHU, MHUv1, MHUv2, MHUv3...
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ia72e590088ce62ba8c9009f341b6135926947bee
* changes:
fix(cpus): clear CPUPWRCTLR_EL1.CORE_PWRDN_EN_BIT on reset
chore(docs): drop the "wfi" from `pwr_domain_pwr_down_wfi`
chore(psci): drop skip_wfi variable
feat(arm): convert arm platforms to expect a wakeup
fix(cpus): avoid SME related loss of context on powerdown
feat(psci): allow cores to wake up from powerdown
refactor: panic after calling psci_power_down_wfi()
refactor(cpus): undo errata mitigations
feat(cpus): add sysreg_bit_toggle
Support Agilex5 B0 jtag id for fpga reconfig.
Change-Id: I4efb5a046a0f11009a1f08412ff0e48f376c94e1
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
This patch will enable vcore dvfsrc.
- VCORE DVFS is the feature to change VCORE/DDR Freq for power saving
- When there are no requests for using Vcore/DRAM, Vcore DVFS will
- lower the voltage and frequency of Vcore/DRAM to achieve power saving.
Signed-off-by: Kunlong Wang <kunlong.wang@mediatek.corp-partner.google.com>
Change-Id: I972eb2da1b8526f4ce2927cd662a6fc3ef2f2401
Now that all errata flags are all conveniently in a single list we can
make sweeping decisions about their values. The first use-case is to
enable all errata in TF-A. This is useful for CI runs where it is
impractical to list every single one. This should help with the long
standing issue of errata not being built or tested.
Also add missing CPUs with errata to `ENABLE_ERRATA_ALL` to enable all
errata builds in CI.
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I2b456d304d7bf3215c7c4f4fd70b56ecbcb09979
* changes:
feat(rdv3): enable the support to fetch dynamic config
feat(rdv3): add dts files to enable hafnium as BL32
feat(rdv3): define SPMC manifest base address
feat(arm): add a macro for SPMC manifest base address
feat(rdv3): add carveout for BL32 image
feat(rdv3): introduce platform handler for Group0 interrupt
feat(neoverse-rd): use larger stack size when S-EL2 spmc is enabled
fix(neoverse-rd): set correct SVE vector lengths
This region is defined in LPM driver. Prefer managing this region in
LPM driver and remove it from plat_mmap and platform_def.h.
Change-Id: I57bfaad88a28d4f29e2b132ba080bc7d5b8248d8
Signed-off-by: Gavin Liu <gavin.liu@mediatek.com>
Update missing SiP SCM ID definitions. Those definitons are required
when linking to the proprietary library.
Change-Id: I6b912cee9bcceac774ff2228a1e335073a1d5ea7
Signed-off-by: Yidi Lin <yidilin@chromium.org>
These changes align the project with the latest directory structure
and ensure consistency in header references.
Signed-off-by: Wenzhen Yu <wenzhen.yu@mediatek.com>
Change-Id: I7f3c42cbd9a803064bbfed67cd8f309638da8441
To enable the support to load Hafnium as BL32, BL31 needs firmware
configuration info to get BL32 manifest load location. The load address
of BL32 is passed via firmware config info.
Add the support to get the address using fconf framework from dynamic
config info.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: I3a2a5706789ed290dc7f4a67e62e03751b930c02
On RD-V3 platform and variants, Hafnium is used as SPMC running at
S-EL2 and manage SP running at S-EL0. Hafnium is loaded and configured
as BL32 image. SP is loaded by SP load framework and configured by
Hafnium.
Add the dts files needed to enable load and configuration of hafnium and
SP.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: I7de72052323ff9106d7bedbaaf5ece3272e9a6cd
ARM_SPMC_MANIFEST_BASE defines the base address of the SPMC manifest
used by BL32. In the non-RESET_TO_BL31 case, it is defined relative to
the top of Trusted SRAM. However, for RESET_TO_BL31, the
PLAT_ARM_SPMC_MANIFEST_BASE macro can be used to set it to a different
location which is then used to populate ARM_SPMC_MANIFEST_BASE.
As the RD-V3 platform and its variants have a different SRAM layout
compared to that defined in arm_def.h, define the
PLAT_ARM_SPMC_MANIFEST_BASE macro to an address suitable for this
platform and its variants.
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: I36e1eb21ab3d1c68bddb52c62198fcdfc40d8993
In RESET_TO_BL31, the SPMC manifest base address that is utilized by
bl32_image_ep_info has to be statically defined as DT is not available.
Common arm code sets this to the top of SRAM using macros but it can be
different for some platforms. Hence, introduce the macro
PLAT_ARM_SPMC_MANIFEST_BASE that could be re-defined by platform as per
their use-case. Platforms that utilize arm_def.h would use the existing
value from arm common code.
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: I4491749ad2b5794e06c9bd11ff61e2e64f21a948
Added `-Wl,--whole-archive` option to the LDLIBS in the platfrom.mk to
ensure that the symbols within the library are not stripped during the
linking process.
Change-Id: I35c728d3ccc98489183285a96f703e02dc7505d3
Signed-off-by: Gavin Liu <gavin.liu@mediatek.com>
Edk2 converts StMM GUID to UUID format, which is used in FF-A and linux
kernel. StMM manifest currently provides GUID format. Correcting this to
UUID format.
Change-Id: Ie94728e5ea74d3d9935e0af9a2a601cbafe5ad3d
Signed-off-by: Jerry Wang <Jerry.Wang4@arm.com>
* changes:
feat(tc): get entropy with PSA Crypto API
feat(psa): add interface with RSE for retrieving entropy
fix(psa): guard Crypto APIs with CRYPTO_SUPPORT
feat(tc): enable trng
feat(tc): initialize the RSE communication in earlier phase
Add and map the carveout for loading Hafnium as BL32 image. Also define
PLAT_ARM_SP_MAX_SIZE as 3 MB for secure partitions.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: I2845eb6807a127c9f6b92de2dabc9a58d25bd4d4
This patch introduces a handler for RD-V3 variants to handle Group0
secure interrupts. Currently, it is empty but serves as a placeholder
for future Group0 interrupt sources.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: Ifa418094f6075a6cdc33e63eec1825103bbf6d68
Larger stack size is needed when S-EL2 SPMC is enabled. This is required
because BL31 xlat map framework makes more nested calls when this
feature is enabled.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: Ib3f2abf38b576ba96402dab4ba995d8b648b4cc7
Affected platforms: RD-N2, RD-V1, RD-V1-MC, RD-V3 and their
configurations.
Previously, the SVE vector lengths for these platforms were
being taken from the default configuration. This commit updates
their respective platform.mk files to specify the correct vector
lengths.
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: I8919257e2cec5c0e819424ff44a623dc3ab1a368
The PSA Crypto API is available with sending messages to RSE. Change
to invoke PSA Crypto API for getting entropy.
Change-Id: I4b2dc4eb99606c2425b64949d9c3f5c576883758
Signed-off-by: Leo Yan <leo.yan@arm.com>
Signed-off-by: Icen Zeyada <Icen.Zeyada2@arm.com>
Enable the trng on the platform, which can be used by other features.
`rng-seed` has been removed and enabled `FEAT_RNG_TRAP` to trap to EL3
when accessing system registers RNDR and RNDRRS
Change-Id: Ibde39115f285e67d31b14863c75beaf37493deca
Signed-off-by: Leo Yan <leo.yan@arm.com>
Signed-off-by: Icen Zeyada <Icen.Zeyada2@arm.com>
Add MediaTek SMMU power driver. This driver tracks the reference
counter for power domain access on SMMU hardware, including
Multimedia SMMU and APU SMMU. The PM get/put commands may come from
linux(EL1) and hypervisor(EL2).
Change-Id: I60f83c4e3d87059b0549b2ed8c68367be3bfbbc5
Signed-off-by: Yong Wu <yong.wu@mediatek.com>
Move the RSE MHU channel initialization to the platform setup phase,
this allows the services (e.g. TRNG service) to talk to RSE during the
service init function.
Change-Id: Id0ff6e49117008463f11b2dc3c585daca00f609c
Signed-off-by: Leo Yan <leo.yan@arm.com>
Signed-off-by: Icen Zeyada <Icen.Zeyada2@arm.com>
To allow for generic handling of a wakeup, this hook is no longer
expected to call wfi itself. Update the name everywhere to reflect this
expectation so that future platform implementers don't get misled.
Change-Id: Ic33f0b6da74592ad6778fd802c2f0b85223af614
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Newer cores in upcoming platforms may refuse to power down. The PSCI
library is already prepared for this so convert platform code to also
allow this. This is simple - drop the `wfi` + panic and let common code
deal with the fallout. The end result will be the same (sans the
message) except the platform will have fewer responsibilities. The only
exception is for cores being signalled to power off gracefully ahead of
system reset. That path must also be terminal so replace the end with
the same psci_pwrdown_cpu_end() to behave the same as the generic
implementation. It will handle wakeups and panic, hoping that the system
gets reset from under it. The dmb is upgraded to a dsb so no functional
change.
Change-Id: I381f96bec8532bda6ccdac65de57971aac42e7e8
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Travis' and Gelas' TRMs tell us to disable SME (set PSTATE.{ZA, SM} to
0) when we're attempting to power down. What they don't tell us is that
if this isn't done, the powerdown request will be rejected. On the
CPU_OFF path that's not a problem - we can force SVCR to 0 and be
certain the core will power off.
On the suspend to powerdown path, however, we cannot do this. The TRM
also tells us that the sequence could also be aborted on eg. GIC
interrupts. If this were to happen when we have overwritten SVCR to 0,
upon a return to the caller they would experience a loss of context. We
know that at least Linux may call into PSCI with SVCR != 0. One option
is to save the entire SME context which would be quite expensive just to
work around. Another option is to downgrade the request to a normal
suspend when SME was left on. This option is better as this is expected
to happen rarely enough to ignore the wasted power and we don't want to
burden the generic (correct) path with needless context management.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I698fa8490ebf51461f6aa8bba84f9827c5c46ad4
The simplistic view of a core's powerdown sequence is that power is
atomically cut upon calling `wfi`. However, it turns out that it has
lots to do - it has to talk to the interconnect to exit coherency, clean
caches, check for RAS errors, etc. These take significant amounts of
time and are certainly not atomic. As such there is a significant window
of opportunity for external events to happen. Many of these steps are
not destructive to context, so theoretically, the core can just "give
up" half way (or roll certain actions back) and carry on running. The
point in this sequence after which roll back is not possible is called
the point of no return.
One of these actions is the checking for RAS errors. It is possible for
one to happen during this lengthy sequence, or at least remain
undiscovered until that point. If the core were to continue powerdown
when that happens, there would be no (easy) way to inform anyone about
it. Rejecting the powerdown and letting software handle the error is the
best way to implement this.
Arm cores since at least the a510 have included this exact feature. So
far it hasn't been deemed necessary to account for it in firmware due to
the low likelihood of this happening. However, events like GIC wakeup
requests are much more probable. Older cores will powerdown and
immediately power back up when this happens. Travis and Gelas include a
feature similar to the RAS case above, called powerdown abandon. The
idea is that this will improve the latency to service the interrupt by
saving on work which the core and software need to do.
So far firmware has relied on the `wfi` being the point of no return and
if it doesn't explicitly detect a pending interrupt quite early on, it
will embark onto a sequence that it expects to end with shutdown. To
accommodate for it not being a point of no return, we must undo all of
the system management we did, just like in the warm boot entrypoint.
To achieve that, the pwr_domain_pwr_down_wfi hook must not be terminal.
Most recent platforms do some platform management and finish on the
standard `wfi`, followed by a panic or an endless loop as this is
expected to not return. To make this generic, any platform that wishes
to support wakeups must instead let common code call
`psci_power_down_wfi()` right after. Besides wakeups, this lets common
code handle powerdown errata better as well.
Then, the CPU_OFF case is simple - PSCI does not allow it to return. So
the best that can be done is to attempt the `wfi` a few times (the
choice of 32 is arbitrary) in the hope that the wakeup is transient. If
it isn't, the only choice is to panic, as the system is likely to be in
a bad state, eg. interrupts weren't routed away. The same applies for
SYSTEM_OFF, SYSTEM_RESET, and SYSTEM_RESET2. There the panic won't
matter as the system is going offline one way or another. The RAS case
will be considered in a separate patch.
Now, the CPU_SUSPEND case is more involved. First, to powerdown it must
wipe its context as it is not written on warm boot. But it cannot be
overwritten in case of a wakeup. To avoid the catch 22, save a copy that
will only be used if powerdown fails. That is about 500 bytes on the
stack so it hopefully doesn't tip anyone over any limits. In future that
can be avoided by having a core manage its own context.
Second, when the core wakes up, it must undo anything it did to prepare
for poweroff, which for the cores we care about, is writing
CPUPWRCTLR_EL1.CORE_PWRDN_EN. The least intrusive for the cpu library
way of doing this is to simply call the power off hook again and have
the hook toggle the bit. If in the future there need to be more complex
sequences, their direction can be advised on the value of this bit.
Third, do the actual "resume". Most of the logic is already there for
the retention suspend, so that only needs a small touch up to apply to
the powerdown case as well. The missing bit is the powerdown specific
state management. Luckily, the warmboot entrypoint does exactly that
already too, so steal that and we're done.
All of this is hidden behind a FEAT_PABANDON flag since it has a large
memory and runtime cost that we don't want to burden non pabandon cores
with.
Finally, do some function renaming to better reflect their purpose and
make names a little bit more consistent.
Change-Id: I2405b59300c2e24ce02e266f91b7c51474c1145f
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
This function doesn't return and its callers that don't return either
rely on this. Drop the dead attribute and add a panic() after it to make
this expectation explicit. Calling `wfi` in the powerdown sequence is
terminal so even if the function was made to return, there would be no
functional change.
This is useful for a following patch that makes psci_power_down_wfi()
return.
Change-Id: I62ca1ee058b1eaeb046966c795081e01bf45a2eb
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Arm ROTPK generation may start before the build directory is
created, causing errors like:
00:45:53.235 Can't open "/home/buildslave/workspace/tf-a-coverity/
trusted-firmware-a/build/rd1ae/debug/arm_rotpk.bin" for writing,
No such file or directory
This patch ensures the build directory is created beforehand to
prevent such issues.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I73f7d5af00efc738e95ea79c5cacecdb6a2d20c6
Booting mt8196 and grepping the logs for "errat" showed:
WARNING: BL31: cortex_a720: CPU workaround for erratum 2792132 was missing!
WARNING: BL31: cortex_a720: CPU workaround for erratum 2844092 was missing!
WARNING: BL31: cortex_a720: CPU workaround for erratum 2926083 was missing!
WARNING: BL31: cortex_a720: CPU workaround for erratum 2940794 was missing!
WARNING: BL31: cortex_x4: CPU workaround for erratum 2726228 was missing!
WARNING: BL31: cortex_x4: CPU workaround for erratum 2740089 was missing!
WARNING: BL31: cortex_x4: CPU workaround for erratum 2763018 was missing!
WARNING: BL31: cortex_x4: CPU workaround for erratum 2816013 was missing!
WARNING: BL31: cortex_x4: CPU workaround for erratum 2897503 was missing!
WARNING: BL31: cortex_x4: CPU workaround for erratum 2923985 was missing!
WARNING: BL31: cortex_x4: CPU workaround for erratum 3076789 was missing!
Set defines so that all the errata are fixed. Now the above shows:
INFO: BL31: cortex_a720: CPU workaround for erratum 2792132 was applied
INFO: BL31: cortex_a720: CPU workaround for erratum 2844092 was applied
INFO: BL31: cortex_a720: CPU workaround for erratum 2926083 was applied
INFO: BL31: cortex_a720: CPU workaround for erratum 2940794 was applied
INFO: BL31: cortex_x4: CPU workaround for erratum 2726228 was applied
INFO: BL31: cortex_x4: CPU workaround for erratum 2740089 was applied
INFO: BL31: cortex_x4: CPU workaround for erratum 2763018 was applied
INFO: BL31: cortex_x4: CPU workaround for erratum 2816013 was applied
INFO: BL31: cortex_x4: CPU workaround for erratum 2897503 was applied
INFO: BL31: cortex_x4: CPU workaround for erratum 2923985 was applied
INFO: BL31: cortex_x4: CPU workaround for erratum 3076789 was applied
Change-Id: I209784c2574b99c3c275ac60adf73896e0cdd078
Signed-off-by: Douglas Anderson <dianders@chromium.org>
