In this patch, we are trying to introduce the wrapper macro
CREATE_FEATURE_PRESENT to get the following capability and
align it for all the features:
-> is_feat_xx_present(): Does Hardware implement the feature.
-> uniformity in naming the function across multiple features.
-> improved readability
The is_feat_xx_present() is implemented to check if the hardware
implements the feature and does not take into account the
ENABLE_FEAT_XXX flag enabled/disabled in software.
- CREATE_FEATURE_PRESENT(name, idreg, shift, mask, idval)
The wrapper macro reduces the function to a single line and
creates the is_feat_xx_present function that checks the
id register based on the shift and mask values and compares
this against a determined idvalue.
Change-Id: I7b91d2c9c6fbe55f94c693aa1b2c50be54fb9ecc
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
When BL2 is enabled as the entrypoint in the reset vector, none of the
TL initialisation ordinarily performed in BL1 will have been done. This
change ensures that BL2 has a secure TL to pass information onto BL31
through.
Change-Id: I553b0b7aac9390cd6a2d63471b81ddc72cc40a60
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Leverage the framework between BL1 and BL2. Migrate all handoff
structures to the TL.
Change-Id: I79ff3a319596b5656184cde10b5204b10a4d03bb
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Add support for the firmware handoff framework between BL2 and BL31.
Create a transfer list in trusted SRAM, leveraging the larger SRAM sizes
in recent models. Load the HW_CONFIG as a TE along with entry point
parameters for BL31 execution.
Change-Id: I7c4c6e8353ca978a13520fb3e15fb2803f0f1d0e
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
As of now, GPT setup is being handled from BL2 for plat/arm platforms.
However, for platforms having a separate entity to load firmware images,
it is possible for BL31 to setup the GPT. In order to address this
concern, move the GPT setup implementation from arm_bl2_setup.c file to
arm_common.c. Additionally, rename the API from arm_bl2_gpt_setup to
arm_gpt_setup to make it boot stage agnostic.
Signed-off-by: Rohit Mathew <Rohit.Mathew@arm.com>
Change-Id: I35d17a179c8746945c69db37fd23d763a7774ddc
For RME-enabled platforms, initializing L0 and L1 tables and enabling
GPC checks is necessary. For systems using BL2 to load firmware images,
the GPT initialization has to be done in BL2 prior to the image load.
The common Arm platform code currently implements this in the
"arm_bl2_plat_gpt_setup" function, relying on the FVP platform's
specifications (PAS definitions, GPCCR_PPS, and GPCCR_PGS).
Different Arm platforms may have distinct PAS definitions, GPCCR_PPS,
GPCCR_PGS, L0/L1 base, and size. To accommodate these variations,
introduce the "plat_arm_get_gpt_info" API. Platforms must implement
this API to provide the necessary data for GPT setup on RME-enabled
platforms. It is essential to note that these additions are relevant to
platforms under the plat/arm hierarchy that will reuse the
"arm_bl2_plat_gpt_setup" function.
As a result of these new additions, migrate data related to the FVP
platform to its source and header files.
Signed-off-by: Rohit Mathew <Rohit.Mathew@arm.com>
Change-Id: I4f4c8894c1cda0adc1f83e7439eb372e923f6147
In accordance with common naming conventions, macros specifying the base
address of a region typically use the prefix "BASE" combined with the
region name, rather than "ADDR_BASE."
Currently, the macros defining the base addresses for L0 and L1 GPT
tables within `arm_def.h` are named "ARM_L0_GPT_ADDR_BASE" and
"ARM_L1_GPT_ADDR_BASE" respectively. To adhere to the established naming
convention, rename these macros as "ARM_L1_GPT_BASE" and
"ARM_L0_GPT_BASE" respectively.
Signed-off-by: Rohit Mathew <Rohit.Mathew@arm.com>
Change-Id: Ibd50a58a1f63ba97d2df141f41a21a89ef97d6fb
CryptoCell-712 and CryptoCell-713 drivers have been deprecated since
TF-A v2.9 and their removal was announced for TF-A v2.10 release.
See [1].
As the release is approaching, this patch deletes these drivers' code as
well as all references to them in the documentation and Arm platforms
code (Nuvoton platform is taken care in a subsequent patch). Associated
build options (ARM_CRYPTOCELL_INTEG and PLAT_CRYPTOCELL_BASE) have also
been removed and thus will have no effect if defined.
This is a breaking change for downstream platforms which use these
drivers.
[1] https://trustedfirmware-a.readthedocs.io/en/v2.9/about/release-information.html#removal-of-deprecated-drivers
Note that TF-A v3.0 release later got renumbered into v2.10.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Idabbc9115f6732ac1a0e52b273d3380677a39813
In certain instances a platform may need to make modifications to an
image after it has been loaded by BL2. The existing common
implementation is a thin wrapper for a more generic arm post image
handler. To enable platforms to make changes to images when
they're loaded, move this into platform code.
Change-Id: I44025391056adb2d8a8eb4ea5984257b02027181
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Current interface partition_init accepts GPT image id and parses the
GPT image but doesn't return any error on failure.
So use gpt_partition_init which implicitly initialises with GPT image
ID and returns a value.
Change-Id: I63280aa672388f1f8d9dc377ae13002c9f861f03
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
This patch builds on the previous patch by implementing
support for reading NS DRAM layout of FVP model from
HW_CONFIG Device tree.
Macro _RMMD_MANIFEST_VERSION is renamed to
SET_RMMD_MANIFEST_VERSION to suppress MISRA-C
"rule MC3R1.D4.5: (advisory) Identifiers in
the same name space with overlapping visibility
should be typographically unambiguous" warning
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Change-Id: Ifc2461b4441a1efdd4b7c656ab4d15e62479f77b
This patch adds support for setting configuration of DRAM banks
for FVP model in RMM-EL3 Boot Manifest structure.
Structure 'rmm_manifest' is extended with 'plat_dram' structure
which contains information about platform's DRAM layout:
- number of DRAM banks;
- pointer to 'dram_bank[]' array;
- check sum: two's complement 64-bit value of the sum of
data in 'plat_dram' and 'dram_bank[] array.
Each 'dram_bank' structure holds information about DRAM
bank base address and its size. This values must be aligned
to 4KB page size.
The patch increases Boot Manifest minor version to 2 and
removes 'typedef rmm_manifest_t' as per
"3.4.15.1. Avoid anonymous typedefs of structs/enums in headers" of
https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-style.html
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Change-Id: I5176caa5780e27d1e0daeb5dea3e40cf6ad5fd12
This patch adds support for RMM granules allocation
in FVP 2nd DRAM 2GB bank at 0x880000000 base address.
For ENABLE_RME = 1 case it also removes "mem=1G"
Linux kernel command line option in fvp-base-psci-common.dsti
to allow memory layout discovery from the FVP device tree.
FVP parameter 'bp.dram_size' - size of main memory in gigabytes
documented in docs/components/realm-management-extension.rst
is changed from 2 to 4.
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Change-Id: I174da4416ad5a8d41bf0ac89f356dba7c0cd3fe7
Subsequent patches will provide a solution to do the BL2 hash measurement
and recording in BL1 itself, hence in preparation to adopt that solution
remove the logic of passing BL2 hash measurement to BL2 component
via TB_FW config.
Change-Id: Iff9b3d4c6a236a33b942898fcdf799cbab89b724
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This patch updates and refactors the GPT library and fixes bugs.
- Support all combinations of PGS, PPS, and L0GPTSZ parameters.
- PPS and PGS are set at runtime, L0GPTSZ is read from GPCCR_EL3.
- Use compiler definitions to simplify code.
- Renaming functions to better suit intended uses.
- MMU enabled before GPT APIs called.
- Add comments to make function usage more clear in GPT library.
- Added _rme suffix to file names to differentiate better from the
GPT file system code.
- Renamed gpt_defs.h to gpt_rme_private.h to better separate private
and public code.
- Renamed gpt_core.c to gpt_rme.c to better conform to TF-A precedent.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I4cbb23b0f81e697baa9fb23ba458aa3f7d1ed919
When RME is enabled, during configuration of the TrustZone controller,
Root regions are initially configured as Secure regions, and Realm
regions as Non-secure regions. Then later these regions are configured
as Root and Realm regions respectively in the GPT. According to the RME
architecture reference manual, Root firmware must ensure that Granule
Protection Check is enabled before enabling any stage of translation.
Therefore initializations are done as follows when RME is enabled :
Initialize/enable the TrustZone controller (plat_arm_security_setup) -->
Initialize/enable GPC (arm_bl2_plat_gpt_setup) -->
enable MMU (enable_mmu_el3)
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I91094e8259079437bee02de1f65edb9ad51e43cf
When FEAT_RME is enabled, memory is divided into four Physical
Address Spaces (PAS): Root, Realm, Secure and Non-secure.
This patch introduces new carveouts for the Trusted SRAM and DRAM
for the FVP platform accordingly.
The following new regions are introduced with this change:
ARM_MAP_L0_GPT_REGION: Trusted SRAM region used to store Level 0
Granule Protection Table (GPT). This region resides in the Root PAS.
ARM_MAP_GPT_L1_DRAM: DRAM region used to store Level 1 GPT. It
resides in the Root PAS.
ARM_MAP_RMM_DRAM: DRAM region used to store RMM image. It
resides in the Realm PAS.
The L0 GPT is stored on Trusted SRAM next to firmware configuration
memory. The DRAM carveout when RME is enable is modified as follow:
--------------------
| |
| AP TZC (~28MB) |
--------------------
| |
| REALM (32MB) |
--------------------
| |
| EL3 TZC (3MB) |
--------------------
| L1 GPT + SCP TZC |
| (~1MB) |
0xFFFF_FFFF --------------------
During initialization of the TrustZone controller, Root regions
are configured as Secure regions. Then they are later reconfigured
to Root upon GPT initialization.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: If2e257141d51f51f715b70d4a06f18af53607254
If FEAT_RME is enabled, EL3 runs in the Root world as opposed to
Secure world. This patch changes EL3 memory region attributes for
Arm platforms accordingly.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Ie176f8b440ff34330e4e44bd3bf8d9703b3892ff
Currently the SP package loading mechanism is only enabled when S-EL2
SPMC is selected. Remove this limitation.
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Change-Id: I5bf5a32248e85a26d0345cacff7d539eed824cfc
Added firmware update support in Arm platforms by using
FWU platform hooks and compiling FWU driver in BL2
component.
Change-Id: I71af06c09d95c2c58e3fd766c4a61c5652637151
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Added GPT parser support in BL2 for Arm platforms to get the entry
address and length of the FIP in the GPT image.
Also, increased BL2 maximum size for FVP platform to successfully
compile ROM-enabled build with this change.
Verified this change using a patch:
https://review.trustedfirmware.org/c/ci/tf-a-ci-scripts/+/9654
Change-Id: Ie8026db054966653b739a82d9ba106d283f534d0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
There was a collision between the name of the typedef in the CASSERT and
something else, so we make the name of the typedef unique to the
invocation of DEFFINE_SVC_UUID2 by appending the name that's passed into
the macro. This eliminates the following MISRA violation:
bl1/bl1_main.c:233:[MISRA C-2012 Rule 5.6 (required)] Identifier
"invalid_svc_uuid" is already used to represent a typedef.
This also resolves MISRA rule 5.9.
These renamings are as follows:
* tzram -> secram. This matches the function call name as it has
sec_mem in it's name
* fw_config_base -> config_base. This file does not mess with
hw_conig, so there's little chance of confusion
Change-Id: I8734ba0956140c8e29b89d0596d10d61a6ef351e
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
In BL2, fw_config's population happened before the cache gets
enabled.
Hence to boost the performance, moved fw_config's population
after cache gets enabled (i.e. after MMU gets enabled).
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I2e75cabd76b1cb7a660f6b72f409ab40d2877284
This patch adds support for Measured Boot driver functionality
in common Arm platform code.
Change-Id: If049dcf8d847c39023b77c0d805a8cf5b8bcaa3e
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Added assert in the code to check valid address of dtb information
structure retrieved from fw_config device tree.
This patch fixes coverity defect:360213.
Also, removed conditional calling of "fconf_populate" as "fconf_populate"
function already checks the validity of the device tree address received
and go to panic in case of address is NULL.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ib83e4e84a95e2456a12c7a2bb3fe70461d882cba
Modified the code to do below changes:
1. Load tb_fw_config along with fw_config by BL1.
2. Populate fw_config device tree information in the
BL1 to load tb_fw_config.
3. In BL2, populate fw_config information to retrieve
the address of tb_fw_config and then tb_fw_config
gets populated using retrieved address.
4. Avoid processing of configuration file in case of error
value returned from "fw_config_load" function.
5. Updated entrypoint information for BL2 image so
that it's arg0 should point to fw_config address.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: Ife6f7b673a074e7f544ee3d1bda7645fd5b2886c
Cleaned up confused naming between TB_FW and FW_CONFIG.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I9e9f6e6ca076d38fee0388f97d370431ae067f08
When SPD=spmd and SPMD_SPM_AT_SEL2=0, that is SPMC sits at S-EL1
then there is no need for TF-A to load secure partitions individually.
In this configuration, SPMC handles secure partition loading at
S-EL1/EL0 levels.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I06a0d88a4811274a8c347ce57b56bb5f64e345df
A populate() function essentially captures the value of a property,
defined by a platform, into a fconf related c structure. Such a
callback is usually platform specific and is associated to a specific
configuration source.
For example, a populate() function which captures the hardware topology
of the platform can only parse HW_CONFIG DTB. Hence each populator
function must be registered with a specific 'config_type' identifier.
It broadly represents a logical grouping of configuration properties
which is usually a device tree source file.
Example:
> TB_FW: properties related to trusted firmware such as IO policies,
base address of other DTBs, mbedtls heap info etc.
> HW_CONFIG: properties related to hardware configuration of the SoC
such as topology, GIC controller, PSCI hooks, CPU ID etc.
This patch modifies FCONF_REGISTER_POPULATOR macro and fconf_populate()
to register and invoke the appropriate callbacks selectively based on
configuration type.
Change-Id: I6f63b1fd7a8729c6c9137d5b63270af1857bb44a
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This patch implements loading of Secure Partition packages using
existing framework of loading other bl images.
The current framework uses a statically defined array to store all the
possible image types and at run time generates a link list and traverse
through it to load different images.
To load SPs, a new array of fixed size is introduced which will be
dynamically populated based on number of SPs available in the system
and it will be appended to the loadable images list.
Change-Id: I8309f63595f2a71b28a73b922d20ccba9c4f6ae4
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Use the dtb provided by bl1 as configuration file for fconf.
Change-Id: I3f466ad9b7047e1a361d94e71ac6d693e31496d9
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Fix code that violates the MISRA rule:
MISRA C-2012 Rule 11.9: Literal "0" shall not be used as
null pointer constant.
The fix explicitly checks whether a pointer is NULL.
Change-Id: Ibc318dc0f464982be9a34783f24ccd1d44800551
Signed-off-by: Zelalem <zelalem.aweke@arm.com>
NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__.
All common C compilers pre-define the same macros to signal which
architecture the code is being compiled for: __arm__ for AArch32 (or
earlier versions) and __aarch64__ for AArch64. There's no need for TF-A
to define its own custom macros for this. In order to unify code with
the export headers (which use __aarch64__ to avoid another dependency),
let's deprecate the AARCH32 and AARCH64 macros and switch the code base
over to the pre-defined standard macro. (Since it is somewhat
unintuitive that __arm__ only means AArch32, let's standardize on only
using __aarch64__.)
Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200
Signed-off-by: Julius Werner <jwerner@chromium.org>
Use full include paths like it is done for common includes.
This cleanup was started in commit d40e0e08283a ("Sanitise includes
across codebase"), but it only cleaned common files and drivers. This
patch does the same to Arm platforms.
Change-Id: If982e6450bbe84dceb56d464e282bcf5d6d9ab9b
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
From now on, platform_def.h must include any header with definitions that
are platform-specific (like arm_def.h) and the included headers mustn't
include back platform_def.h, and shouldn't be used by other files. Only
platform_def.h should be included in other files. This will ensure that all
needed definitions are present, rather than needing to include all the
headers in all the definitions' headers just in case.
This also prevents problems like cyclic dependencies.
Change-Id: I9d3cf4d1de4b956fa035c79545222697acdaf5ca
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Enforce full include path for includes. Deprecate old paths.
The following folders inside include/lib have been left unchanged:
- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}
The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).
For example, this patch had to be created because two headers were
called the same way: e0ea0928d5 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3a2 ("drivers: add tzc380 support").
This problem was introduced in commit 4ecca33988 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.
Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.
Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This function is not related to Arm platforms and can be reused by other
platforms if needed.
Change-Id: Ia9c328ce57ce7e917b825a9e09a42b0abb1a53e8
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
- Remove references to removed build options.
- Remove support for legacy GIC driver.
- Remove support for LOAD_IMAGE_V2=0.
Change-Id: I72f8c05620bdf4a682765e6e53e2c04ca749a3d5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The patch d323af9 removed the support for coherent memory in BL1 and
BL2 for ARM platforms. But the CryptoCell SBROM integration depends
on use of coherent buffers for passing data from the AP CPU to the
CryptoCell. Hence this patch reintroduces support for coherent
memory in BL1 and BL2 if ARM_CRYPTOCELL_INTEG=1.
Change-Id: I011482dda7f7a3ec9e3e79bfb3f4fa03796f7e02
Signed-Off-by: Soby Mathew <soby.mathew@arm.com>
Add another level of abstraction of weak defs for
arm_bl2_handle_post_image_load to prevent two weak definitions
of the same function
Change-Id: Ie953786f43b0f88257c82956ffaa5fe0d19603db
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
TF won't build since no memory region is specified
for when SEPARATE_CODE_AND_RODATA=0 it still relies on
the ARM_MAP_BL_RO_DATA region which is never defined for
this case. Create memory region combining code and RO data for
when the build flag SEPARATE_CODE_AND_RODATA=0 to fix this
Change-Id: I6c129eb0833497710cce55e76b8908ce03e0a638
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Change arm_setup_page_tables() to take a variable number of memory
regions. Remove coherent memory region from BL1, BL2 and BL2U as
their coherent memory region doesn't contain anything and
therefore has a size of 0. Add check to ensure this
doesn't change without us knowing.
Change-Id: I790054e3b20b056dda1043a4a67bd7ac2d6a3bc0
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
The old API is deprecated and will eventually be removed.
Arm platforms now use the multi console driver for boot and runtime
consoles. However, the crash console uses the direct console API because
it doesn't need any memory access to work. This makes it more robust
during crashes.
The AArch32 port of the Trusted Firmware doesn't support this new API
yet, so it is only enabled in AArch64 builds. Because of this, the
common code must maintain compatibility with both systems. SP_MIN
doesn't have to be updated because it's only used in AArch32 builds.
The TSP is only used in AArch64, so it only needs to support the new
API without keeping support for the old one.
Special care must be taken because of PSCI_SYSTEM_SUSPEND. In Juno, this
causes the UARTs to reset (except for the one used by the TSP). This
means that they must be unregistered when suspending and re-registered
when resuming. This wasn't a problem with the old driver because it just
restarted the UART, and there were no problems associated with
registering and unregistering consoles.
The size reserved for BL2 has been increased.
Change-Id: Icefd117dd1eb9c498921181a21318c2d2435c441
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
