This patch changes Cortex Demeter to Neoverse Demeter.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I7306d09ca60e101d0a96c9ceff9845422d75c160
This patch adds the basic CPU library code to support the Hunter CPU
in TF-A. This CPU is based on the Makalu core so that library code
was adapted as the basis for this patch.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I956b2dc0f43da7cec3e015252392e2694363e1b3
It looks safer and cleaner approach to record the measurement taken by
BL1 straightaway in TCG Event Log instead of deferring these recordings
to BL2.
Hence pull in the full-fledged measured boot driver into BL1 that
replaces the former ad-hoc platform interfaces i.e.
bl1_plat_set_bl2_hash, bl2_plat_get_hash.
As a result of this change the BL1 of Arm FVP platform now do the
measurements and recordings of below images:
1. FW_CONFIG
2. TB_FW_CONFIG
3. BL2
Change-Id: I798c20336308b5e91b547da4f8ed57c24d490731
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This patch adds the necessary changes needed to build
and load RMM image for the FVP platform. RMM image is
loaded by BL2 after BL32 (if BL32 exists) and before BL33.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I1ac9eade84c2e35c7479a322ca1d090b4e626819
This patch adds the basic CPU library code to support the Hayes CPU
in TF-A. This CPU is based on the Klein core so that library code
has been adapted for use here.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: If0e0070cfa77fee8f6eebfee13d3c4f209ad84fc
This patch adds the basic CPU library code to support the Demeter
CPU. This CPU is based on the Makalu-ELP core so that CPU lib code
was adapted to create this patch.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ib5740b748008a72788c557f0654d8d5e9ec0bb7f
This patch renames the Matterhorn, Matterhorn ELP, and Klein CPUs to
Cortex A710, Cortex X2, and Cortex A510 respectively.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I056d3114210db71c2840a24562b51caf2546e195
ELP processors can sometimes have different MIDR values or features so
we are adding the "_arm" suffix to differentiate the reference
implementation from other future versions.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ieea444288587c7c18a397d279ee4b22b7ad79e20
Currently, BLs are mapping the GIC memory region as read-write
for all cores on boot-up.
This opens up the security hole where the active core can write
the GICR frame of fused/inactive core. To avoid this issue, disable
the GICR frame of all inactive cores as below:
1. After primary CPU boots up, map GICR region of all cores as
read-only.
2. After primary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
3. After secondary CPU boots up, map its GICR region as read-write
and initialize its redistributor interface.
4. All unused/fused core's redistributor regions remain read-only and
write attempt to such protected regions results in an exception.
As mentioned above, this patch offers only the GICR memory-mapped
region protection considering there is no facility at the GIC IP
level to avoid writing the redistributor area.
These changes are currently done in BL31 of Arm FVP and guarded under
the flag 'FVP_GICR_REGION_PROTECTION'.
As of now, this patch is tested manually as below:
1. Disable the FVP cores (core 1, 2, 3) with core 0 as an active core.
2. Verify data abort triggered by manually updating the ‘GICR_CTLR’
register of core 1’s(fused) redistributor from core 0(active).
Change-Id: I86c99c7b41bae137b2011cf2ac17fad0a26e776d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Enable basic support for Neoverse-N2 CPUs.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I498adc2d9fc61ac6e1af8ece131039410872e8ad
This patch adds dependencies to the generated configuration
files that are included in the FIP. This fixes occasional
build errors that occur when the FIP happens to be built first.
Change-Id: I5a2bf724ba3aee13954403b141f2f19b4fd51d1b
Signed-off-by: Anders Dellien <anders.dellien@arm.com>
Using the Fconf, register base address of the various nv-counters
(currently, trusted, non-trusted nv-counters) are moved to the
device tree and retrieved during run-time. This feature is
enabled using the build option COT_DESC_IN_DTB.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I236f532e63cea63b179f60892cb406fc05cd5830
SP804 TIMER is not platform specific, and current code base adds
multiple defines to use this driver. Like FVP_USE_SP804_TIMER and
FVP_VE_USE_SP804_TIMER.
This patch removes platform specific build flag and adds generic
flag `USE_SP804_TIMER` to be set to 1 by platform if needed.
Change-Id: I5ab792c189885fd1b98ddd187f3a38ebdd0baba2
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Provide manifest and build options to boot OP-TEE as a
guest S-EL1 Secure Partition on top of Hafnium in S-EL2.
Increase ARM_SP_MAX_SIZE to cope with OP-TEE debug build image.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Idd2686fa689a78fe2d05ed92b1d23c65e2edd4cb
This patch adds support for Measured Boot functionality
to FVP platform code. It also defines new properties
in 'tpm_event_log' node to store Event Log address and
it size
'tpm_event_log_sm_addr'
'tpm_event_log_addr'
'tpm_event_log_size'
in 'event_log.dtsi' included in 'fvp_tsp_fw_config.dts'
and 'fvp_nt_fw_config.dts'. The node and its properties
are described in binding document
'docs\components\measured_boot\event_log.rst'.
Change-Id: I087e1423afcb269d6cfe79c1af9c348931991292
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch moves all GICv2 driver files into new added
'gicv2.mk' makefile for the benefit of the generic driver
which can evolve in the future without affecting platforms.
NOTE: Usage of 'drivers/arm/gic/common/gic_common.c' file
is now deprecated and platforms with GICv2 driver need to
be modified to include 'drivers/arm/gic/v2/gicv2.mk' in
their makefiles.
Change-Id: Ib10e71bdda0e5c7e80a049ddce2de1dd839602d1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Passed the address of fw_config instead of soc_fw_config
as arg1 to BL31 from BL2 for ARM fvp platform.
BL31 then retrieve load-address of other device trees
from fw_config device tree.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ib7e9581cd765d76111dcc3b7e0dafc12503c83c1
Moved BL2 configuration nodes from fw_config to newly
created tb_fw_config device tree.
fw_config device tree's main usage is to hold properties shared
across all BLx images.
An example is the "dtb-registry" node, which contains the
information about the other device tree configurations
(load-address, size).
Also, Updated load-address of tb_fw_config which is now located
after fw_config in SRAM.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ic398c86a4d822dacd55b5e25fd41d4fe3888d79a
Using the fconf framework, the Group 0 and Group 1 secure interrupt
descriptors are moved to device tree and retrieved in runtime. This
feature is enabled by the build flag SEC_INT_DESC_IN_FCONF.
Change-Id: I360c63a83286c7ecc2426cd1ff1b4746d61e633c
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The only difference between GIC-500 and GIC-600 relevant to TF-A is the
differing power management sequence.
A certain GIC implementation is detectable at runtime, for instance by
checking the IIDR register. Let's add that test before initiating the
GIC-600 specific sequence, so the code can be used on both GIC-600 and
GIC-500 chips alike, without deciding on a GIC chip at compile time.
This means that the GIC-500 "driver" is now redundant. To allow minimal
platform support, add a switch to disable GIC-600 support.
Change-Id: I17ea97d9fb05874772ebaa13e6678b4ba3415557
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This should allow git to easily track file moves
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Change-Id: I1592cf39a4f94209c560dc6d1a8bc1bfb21d8327
We query the UART base address and clk frequency in runtime
using fconf getter APIs.
Change-Id: I5f4e84953be5f384472bf90720b706d45cb86260
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Query the GICD and GICR base addresses in runtime using fconf getter
APIs.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I309fb2874f3329ddeb8677ddb53ed4c02199a1e9
This patch adds support for GICv4 extension for FVP platform.
Change-Id: Ia389b61266af669b1ca9b999a8b76476cab214f4
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
As GCC manual says, -D option defines a macro as 1, if =<value> is omitted.
-D <name>
Predefine <name> as a macro, with definition 1.
The same applied with Clang, too.
In the context of -D option, =1 is always redundant.
Change-Id: I487489a1ea3eb51e734741619c1e65dab1420bc4
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
-D is a preprocessor flag that defines a macro. So, adding it to
BL*_CPPFLAGS makes more sense. You can reference it not only from
.c files but also from .S files.
Change-Id: Ib4f2f27a3ed3eae476a6a32da7ab5225ad0649de
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This patch moves all GICv3 driver files into new added
'gicv3.mk' makefile for the benefit of the generic driver
which can evolve in the future without affecting platforms.
The patch adds GICv3 driver configuration flags
'GICV3_IMPL', 'GICV3_IMPL_GIC600_MULTICHIP' and
'GICV3_OVERRIDE_DISTIF_PWR_OPS' described in
'GICv3 driver options' section of 'build-option.rst'
document.
NOTE: Platforms with GICv3 driver need to be modified to
include 'drivers/arm/gic/v3/gicv3.mk' in their makefiles.
Change-Id: If055f6770ff20f5dee5a3c99ae7ced7cdcac5c44
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Rather than creating entry in plat_arm_mmap array to map the
entire DRAM region in BL31/SP_MIN, only map a smaller region holding
HW_CONFIG DTB. Consequently, an increase in number of sub-translation
tables(level-2 and level-3) i.e., MAX_XLAT_TABLES is necessary to map
the new region in memory.
In order to accommodate the increased code size in BL31 i.e.,
PROGBITS, the max size of BL31 image is increased by 0x1000(4K).
Change-Id: I540b8ee550588e22a3a9fb218183d2ab8061c851
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Merge the previously introduced arm_fconf_io_storage into arm_io_storage. This
removes the duplicate io_policies and functions definition.
This patch:
- replace arm_io_storage.c with the content of arm_fconf_io_storage.c
- rename the USE_FCONF_BASED_IO option into ARM_IO_IN_DTB.
- use the ARM_IO_IN_DTB option to compile out io_policies moved in dtb.
- propagate DEFINES when parsing dts.
- use ARM_IO_IN_DTB to include or not uuid nodes in fw_config dtb.
- set the ARM_IO_IN_DTB to 0 by default for fvp. This ensure that the behavior
of fvp stays the same as it was before the introduction of fconf.
Change-Id: Ia774a96d1d3a2bccad29f7ce2e2b4c21b26c080e
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Necessary infrastructure added to integrate fconf framework in BL31 & SP_MIN.
Created few populator() functions which parse HW_CONFIG device tree
and registered them with fconf framework. Many of the changes are
only applicable for fvp platform.
This patch:
1. Adds necessary symbols and sections in BL31, SP_MIN linker script
2. Adds necessary memory map entry for translation in BL31, SP_MIN
3. Creates an abstraction layer for hardware configuration based on
fconf framework
4. Adds necessary changes to build flow (makefiles)
5. Minimal callback to read hw_config dtb for capturing properties
related to GIC(interrupt-controller node)
6. updates the fconf documentation
Change-Id: Ib6292071f674ef093962b9e8ba0d322b7bf919af
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This patch provides separation of GICD, GICR accessor
functions and adds new macros for GICv3 registers access
as a preparation for GICv3.1 and GICv4 support.
NOTE: Platforms need to modify to include both
'gicdv3_helpers.c' and 'gicrv3_helpers.c' instead of the
single helper file previously.
Change-Id: I1641bd6d217d6eb7d1228be3c4177b2d556da60a
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch introduces a build flag which allows the xlat tables
to be mapped in a read-only region within BL31 memory. It makes it
much harder for someone who has acquired the ability to write to
arbitrary secure memory addresses to gain control of the
translation tables.
The memory attributes of the descriptors describing the tables
themselves are changed to read-only secure data. This change
happens at the end of BL31 runtime setup. Until this point, the
tables have read-write permissions. This gives a window of
opportunity for changes to be made to the tables with the MMU on
(e.g. reclaiming init code). No changes can be made to the tables
with the MMU turned on from this point onwards. This change is also
enabled for sp_min and tspd.
To make all this possible, the base table was moved to .rodata. The
penalty we pay is that now .rodata must be aligned to the size of
the base table (512B alignment). Still, this is better than putting
the base table with the higher level tables in the xlat_table
section, as that would cost us a full 4KB page.
Changing the tables from read-write to read-only cannot be done with
the MMU on, as the break-before-make sequence would invalidate the
descriptor which resolves the level 3 page table where that very
descriptor is located. This would make the translation required for
writing the changes impossible, generating an MMU fault.
The caches are also flushed.
Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>
Change-Id: Ibe5de307e6dc94c67d6186139ac3973516430466
* changes:
SPMD: enable SPM dispatcher support
SPMD: hook SPMD into standard services framework
SPMD: add SPM dispatcher based upon SPCI Beta 0 spec
SPMD: add support to run BL32 in TDRAM and BL31 in secure DRAM on Arm FVP
SPMD: add support for an example SPM core manifest
SPMD: add SPCI Beta 0 specification header file
This patch repurposes the TOS FW configuration file as the manifest for
the SPM core component which will reside at the secure EL adjacent to
EL3. The SPM dispatcher component will use the manifest to determine how
the core component must be initialised. Routines and data structure to
parse the manifest have also been added.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: Id94f8ece43b4e05609f0a1d364708a912f6203cb
