To allow for generic handling of a wakeup, this hook is no longer
expected to call wfi itself. Update the name everywhere to reflect this
expectation so that future platform implementers don't get misled.
Change-Id: Ic33f0b6da74592ad6778fd802c2f0b85223af614
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
In order for directories to be automatically created when used as a
dependency, they must end with a forward slash (`/`). This is because we
have a pattern rule (`%/`) to create a directory anywhere where a
directory is required as a direct dependency.
Change-Id: Ib632d59da0745f6cadb0a839a62360aeca25c178
Signed-off-by: Chris Kay <chris.kay@arm.com>
Fix the build break for i.MX8MQ to make it boot
with basic function enabled.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I2ff7976e3fb7960d6876d26fe0b4a78e51219ae2
Add the HAB secure boot support for the i.MX8MQ to
fix the build break.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I806de2dc42806e008355cc185065e774570362f0
The commit d76f012ea8 ("refactor(imx8m): replace magic number with
enum type") also hardcodes the domain permissions configuration for the
UARTs, causing a regression for any board using a boot console different
from UART2. Indeed, previously, the RDC_PDAP_UARTn registers were set to
the reset value (0xff), meaning all domains were enabled for read and
write access.
This patch fixes this regression by ensuring that the console always has
read/write access enabled for domain 0.
Tested on a i.MX8MN BSH SMM S2 PRO board.
Fixes: d76f012ea8 ("refactor(imx8m): replace magic number with enum type")
Change-Id: I2670bf485372f32ef45cebb72a7694a9a800f417
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
This patch replaces the magic numbers of the UART base addresses with
the corresponding macros defined in the appropriate platform file.
Change-Id: Ie6a4555a659e9f722a8d819958ad9a2dee7c3aa0
Signed-off-by: Dario Binacchi <dario.binacchi@amarulasolutions.com>
This commit streamlines directory creation by introducing a single
pattern rule to automatically make directories for which there is a
dependency.
We currently use several macros to generate rules to create directories
upon dependence, which is a significant amount of code and a lot of
redundancy. The rule introduced by this change represents a catch-all:
any rule dependency on a path ending in a forward slash is automatically
created.
Now, rules can rely on an unordered dependency (`|`) on `$$(@D)/` which,
when secondary expansion is enabled, expands to the directory of the
target being built, e.g.:
build/main.o: main.c | $$(@D)/ # automatically creates `build/`
Change-Id: I7e554efa2ac850e779bb302fd9c7fbb239886c9f
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change introduces a few helper variables for dealing with verbose
and silent build modes: `silent`, `verbose`, `q` and `s`.
The `silent` and `verbose` variables are boolean values determining
whether the build system has been configured to run silently or
verbosely respectively (i.e. with `--silent` or `V=1`).
These two modes cannot be used together - if `silent` is truthy then
`verbose` is always falsy. As such:
make --silent V=1
... results in a silent build.
In addition to these boolean variables, we also introduce two new
variables - `s` and `q` - for use in rule recipes to conditionally
suppress the output of commands.
When building silently, `s` expands to a value which disables the
command that follows, and `q` expands to a value which supppresses
echoing of the command:
$(s)echo 'This command is neither echoed nor executed'
$(q)echo 'This command is executed but not echoed'
When building verbosely, `s` expands to a value which disables the
command that follows, and `q` expands to nothing:
$(s)echo 'This command is neither echoed nor executed'
$(q)echo 'This command is executed and echoed'
In all other cases, both `s` and `q` expand to a value which suppresses
echoing of the command that follows:
$(s)echo 'This command is executed but not echoed'
$(q)echo 'This command is executed but not echoed'
The `s` variable is predominantly useful for `echo` commands, where you
always want to suppress echoing of the command itself, whilst `q` is
more useful for all other commands.
Change-Id: I8d8ff6ed714d3cb401946c52955887ed7dca602b
Signed-off-by: Chris Kay <chris.kay@arm.com>
Building the default upstream configuration for the imx8mq-evk is no longer
possible: The linker will complain that the TF-A image will no longer
fit On-Chip SRAM.
In order to make the i.MX8MQ Image buildable again, let's make the DRAM
retention feature optional: It was added in v2.9 and it's possible to
boot the systems without it. Users that make space elsewhere and wish to
enable it can use the newly introduced IMX_DRAM_RETENTION parameter to
configure it. The parameter is added to all i.MX8M variants, but only
for i.MX8MQ, we disable it by default, as that's the one that currently
has binary size problems.
Change-Id: I714f8ea96f18154db02390ba500f4a2dc5329ee7
Fixes: dd108c3c1f ("feat(imx8mq): add the dram retention support for imx8mq")
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Optionally take params from BL2 to offer more flexibility to BL2 on
where and if a BL32 image is expected. This uses imx_bl31_params_parse()
to check if arg0 can safely be accessed as a pointer and actually
contains a bl_params_t structure. If not, the hardcoded parameter
values are used as before.
Change-Id: I44537ba2baa7543e459e5691b69df14b0bd6e942
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Optionally take params from BL2 to offer more flexibility to BL2 on
where and if a BL32 image is expected. This uses imx_bl31_params_parse()
to check if arg0 can safely be accessed as a pointer and actually
contains a bl_params_t structure. If not, the hardcoded parameter
values are used as before.
Change-Id: Ia12d35778f4d550860e517f2a1f5c5d062f3283a
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Optionally take params from BL2 to offer more flexibility to BL2 on
where and if a BL32 image is expected. This uses imx_bl31_params_parse()
to check if arg0 can safely be accessed as a pointer and actually
contains a bl_params_t structure. If not, the hardcoded parameter
values are used as before.
Change-Id: I06b3012c67e43ea1e42946d863226bd93ccd4638
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
So far the i.MX BL31 doesn't take any parameters. This means the BL32
image base address and whether or not a BL32 image is used at all has to
be hardcoded in BL31.
This adds a helper function that allows to take params from BL2 safely.
On i.MX BL2 is usually U-Boot SPL which passes random values in arg0,
so make sure arg0 is within the internal SRAM range before accessing it
as a pointer. Also make sure arg0 is sufficiently aligned and the header
type and version is correct.
Change-Id: Idab8013a1d6dabf50a83c75f3e6f831de4a537e9
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
On the i.MX8M SoCs, TF-A doesn't itself initialize the UART, but depends
on BL2 to set it up beforehand. To allow using the same TF-A binary on
boards with different UART assignment, TF-A On i.MX8M M/N/P supports
dynamically determining the UART in use. The code is also applicable to
the i.MX8MQ, so enable it there too.
Change-Id: I9ba70f7068e762da979bd103390fa006c3a5d480
Signed-off-by: Leonard Göhrs <l.goehrs@pengutronix.de>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
* changes:
style(imx8m): add parenthesis to CSU_HP_REG
feat(imx8mp): restrict peripheral access to secure world
feat(imx8mp): set and lock almost all peripherals as non-secure
feat(imx8mm): restrict peripheral access to secure world
feat(imx8mm): set and lock almost all peripherals as non-secure
feat(imx8m): add defines for csu_sa access security
feat(imx8m): add imx csu_sa enum type defines for imx8m
fix(imx8m): fix CSU_SA_REG to work with all sa registers
To be inline with CSU_SA_REG and CSU_HPCONTROL_REG.
Change-Id: Ia7332096312df41a8cf994d58fad76a99493dd02
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
This restricts and locks all security relevant peripherals to only be
changeable by the secure world. Otherwise the normal world can simply
change the access settings and defeat all security measures put in
place.
Change-Id: I248ef8dd67f1de7e528c3da456311bb138b77540
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
This sets and locks all peripheral type-1 masters, except CAAM, access
as non-secure, so that they can't access secure world resources from the
normal world.
The CAAM itself is TrustZone aware and handles memory access between the
normal world and the secure world on its own. Pinning it as non-secure
access results in bus aborts if the secure memory region is protected by
the TZASC380.
Change-Id: Iedf3d67481dc35d56aa7b291749b999a56d6e85e
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
This restricts and locks all security relevant peripherals to only be
changeable by the secure world. Otherwise the normal world can simply
change the access settings and defeat all security measures put in
place.
Change-Id: I484a2c8164e58b68256d829470e00d5ec473e266
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
This sets and locks all peripheral type-1 masters, except CAAM, access
as non-secure, so that they can't access secure world resources from the
normal world.
The CAAM itself is TrustZone aware and handles memory access between the
normal world and the secure world on its own. Pinning it as non-secure
access results in bus aborts if the secure memory region is protected by
the TZASC380.
Change-Id: Idba4d8a491ccce0491489c61e73545baab1889c4
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
This enables the usage of speaking defines instead of magic numbers:
CSU_SA(CSU_SA_SDMA1, 1, LOCKED)
becomes:
CSU_SA(CSU_SA_SDMA1, NON_SEC_ACCESS, LOCKED)
Change-Id: Idcabcda677bf7840084a2ea66d321b50aa0b2b20
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
This ports the missing enum defines for the central security unit found
in NXPs i.MX8M socs. The defines itself where imported from NXP's
downstream version of the trusted-firmware-a version 2.8[1].
[1]: https://github.com/nxp-imx/imx-atf/commit/0c52279fc4
Change-Id: Iad0c5d3733e9d29ead86334ba4bc5ce915018142
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
The csu found in the imx8mp has 3 csu_sa registers, before the fix not
all of them could be addressed.
The defines itself was imported from NXP's downstream version of the
trusted-firmware-a version 2.8[1].
[1]: https://github.com/nxp-imx/imx-atf/commit/0c52279fc4
Change-Id: Ia3653118bba82df9244c819a5c5f37bdc4e89c49
Signed-off-by: Ji Luo <ji.luo@nxp.com>
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
The i.MX8MP exists in multiple SKUs, some of which lack the NPU or VPU.
Yet, we unconditionally enable NPU and VPU power domains in upstream
TF-A, causing it to hang on such SoCs, unless patched.
Enabling all power domains is an idiosyncrasy of the i.MX8MP support,
which we don't have on i.MX8MQ, i.MX8MM or i.MX8MN. Therefore let's drop
unconditional powering on of all power domains.
As only exception, we will keep enabling the USB power domains. These
are enabled in the BootROM if booting over SDPS and boot firmware may
expect them to be enabled for non-SDPS recovery too. As USB is
available unconditionally on the current i.MX8MP variants, this is
deemed acceptable and reduces the chance of breaking existing systems.
Fixes: a775ef25c3 ("plat: imx8mp: Add the basic support for i.MX8MP")
Change-Id: Idc6e8f770d240f4d929dffa91f9ccf8c476c6c12
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
The TF-A does have a official PRELOADED_BL33_BASE define which is used
to tell the TF-A where to jump and that no bl33 loading is requied. Use
this to make the platform specific PLAT_NS_IMAGE_OFFSET configurable.
This becomes necessary if one would like to place the bl33 code to other
places.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I9d462c0e9df8e6d2ad78ee770bfa59e680739a51
The 3200 MTps DRAM and its 800 MHz PLL setting in U-Boot is set to
M=300 P=9 S=0 , so 24 MHz * 300 / 9 / 2^0 = 800 MHz ~ 3200 MTps (x4) .
Make sure the PLL settings are aligned across software components.
Signed-off-by: Marek Vasut <marex@denx.de>
Change-Id: I163f81696be213acf6ecebe89ff2c76d41484cc5
The new MX8M DDR tool 3.31 now generates a programming file which uses
data rate 3734 instead of 3733 or 3732 . Handle another rounding option .
Signed-off-by: Marek Vasut <marex@denx.de>
Change-Id: I97a69650c12d78dfff9dcdb23e27fd6590f57fc0
Always map the BL32 memory can interfere with the BL33 mapping if the
BL33 is not aware of the mapping, e.g. different memory tagging
secure/non-secure. Therefore map the memory only if BL32 (opteed,
trusty) is enabled and BL33 is aware of this memory mapping.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I9c2bf78aa6e88c93e749a9248724186fee9df864
Port the workaround from the downstream imx-atf [1]:
| commit 1990081264f40822d1564f4562f05bbbc0c2941b
| Author: Ji Luo <ji.luo@nxp.com>
| Date: Thu May 20 16:26:55 2021 +0800
|
| MA-19071 imx8mn: workaround for errata ERR050362
|
| Configure the force_incr programmable bit in GPV_5 of PL301_display,
| which fixes partial write issue. This workaround was done in MCU FW
| before, move it to TF-A now as MCU should not touch secure world.
|
| Change-Id: I2e5bbc764640afeab6ac2f4b202939b59bd3b3f2
| Signed-off-by: Ji Luo <ji.luo@nxp.com>
[1] https://github.com/nxp-imx/imx-atf.git
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: Iaff5f1faa143204d64c075b288f8dd13eb2902d8
Allow non-privileged access to all SNVS registers in case of no TEE is
available.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I44686a3639a68c72c7eacc80691c294d5c32c9ae
move the gpc reg offset, bit define & macro to a separate header
file for code reuse.
This fixes suspend to mem on i.MX8M Plus too, since the register
layout is different there.
Change-Id: Ibec60c3a68ffa8c378de5334577a7b0e463ca875
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Signed-off-by: Marek Vasut <marex@denx.de> # Upgrade to latest, update commit message
* changes:
feat(qemu): add dummy plat_mboot_measure_key() function
docs(rss): update RSS doc for signer-ID
feat(imx): add dummy 'plat_mboot_measure_key' function
feat(tc): implement platform function to measure and publish Public Key
feat(auth): measure and publicise the Public Key
feat(fvp): implement platform function to measure and publish Public Key
feat(fvp): add public key-OID information in RSS metadata structure
feat(auth): add explicit entries for key OIDs
feat(rss): set the signer-ID in the RSS metadata
feat(auth): create a zero-OID for Subject Public Key
docs: add details about plat_mboot_measure_key function
feat(measured-boot): introduce platform function to measure and publish Public Key
Switch from IMX_BOOT_UART_BASE=0 to IMX_BOOT_UART_BASE=auto to make it
more obvious that the detection is based on the runtime autodetection.
In addition this moves the evaluation of IMX_BOOT_UART_BASE into the
makefile which removes the ugly conditional compilation as well.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I92c13607bf81c6267f4b6aee829d74902b7f72d2
Added dummy implementation of 'plat_mboot_measure_key'
function for IMX platform.
Change-Id: Ib41fd86a9da330f62561707bda7d16f2825c0a7f
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Provide a helper to detect the enabled UART device during runtime. This
lower the integration effort and make it more straight forward for
'simple' use-cases with a single UART enabled. If multiple UARTs are
enabled the first enabled is returned.
The auto-detection is enabled by setting IMX_BOOT_UART_BASE=0 to keep
the backward compatibility. For more advanced use-cases (multiple UARTs
are enabled) the user still has to provide the correct base address.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I300a167e1a10f9aa991c8d1c3efe2c6b23f56c47
Starting with GCC >= 12.x the -Wall option includes -Werror=array-bounds
checks. Per default GCC treats all memory accesses below 4096 as NULL,
so access to ROMAPI causes the following warning:
------------
In file included from plat/imx/imx8m/imx8mq/imx8mq_bl31_setup.c:20:
In function 'mmio_read_8',
inlined from 'imx8mq_soc_info_init' at plat/imx/imx8m/imx8mq/imx8mq_bl31_setup.c:70:16,
inlined from 'bl31_platform_setup' at plat/imx/imx8m/imx8mq/imx8mq_bl31_setup.c:206:2:
include/lib/mmio.h:19:16: error: array subscript 0 is outside array bounds of 'volatile uint8_t[0]' {aka 'volatile unsigned char[]'} [-Werror=array-bounds]
19 | return *(volatile uint8_t*)addr;
| ^~~~~~~~~~~~~~~~~~~~~~~~
In function 'mmio_read_8',
inlined from 'imx8mq_soc_info_init' at plat/imx/imx8m/imx8mq/imx8mq_bl31_setup.c:74:16,
inlined from 'bl31_platform_setup' at plat/imx/imx8m/imx8mq/imx8mq_bl31_setup.c:206:2:
include/lib/mmio.h:19:16: error: array subscript 0 is outside array bounds of 'volatile uint8_t[0]' {aka 'volatile unsigned char[]'} [-Werror=array-bounds]
19 | return *(volatile uint8_t*)addr;
| ^~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
------------
This comes arguably from us somewhat abusing pointers to access MMIO
memory regions, which is not really covered by the C language.
Replace the pointer-dereferencing mmio_read_8() with an implementation
that uses inline assembly, to directly generate an 8-bit load
instruction. This avoids the compiler thinking that this access is using
a pointer it needs to jealously look after.
Change-Id: Iab39f6f615d51d3e8a1c54a1262d1e6ec208811d
Reported-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is running at EL3 exception level
These two scenarios are not exactly same even though first implicitly
means second to be true. To distinguish between these two use cases we
introduce new macros.
BL2_AT_EL3 is renamed to RESET_TO_BL2 to better convey both 1. and 2.
Additional macro BL2_RUNS_AT_EL3 is added to cover all scenarious where
BL2 runs at EL3 (including four world systems).
BREAKING CHANGE: BL2_AT_EL3 renamed to RESET_TO_BL2 across the
repository.
Change-Id: I477e1d0f843b44b799c216670e028fcb3509fb72
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>
Use non-fast wakeup stop mode for system suspend support, so
the SOC can enter DSM mode by default.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I37828d4e66ee2ebd48e7adca054b93c520cb2c82
A53 core's power up ack need to be used when system resume
from DSM mode.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I47fb33c0582ae5f483ffaa887f95e27bd47875f7
Add the anamix PLL override setting for DSM mode support,
so that the PLL can be power down in DSM mode to save power.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: Ibe954bc7c4a7b453ace13f8e4b6a335e6d4856c3
This new workaround takes advantage of the per core IMR
registers in GPC in order to unmask the IRQ0, still generated
by the 12bit in IOMUX_GPR register (which now remains always set),
so it can only wake up one core at the time.Also, this entire
workaround has now been moved here in TF-A, allowing the kernel
side to be minimal.
Another advantage this workaround brings is the removal of the
50us delay (which was necessary before in gic_raise_softirq in
kernel) by allowing the core that is waking up to mask his own
IRQ0 in the suspend finish callback.
One important change here is the way the cores are woken up in
dram_dvfs_handler. Since the wake up mechanism has changed from
asserting the 12th bit in IOMUX_GPR and leaving the IMR1 1st bit
on for each core to exactly the reverse, that is, leaving the
IOMUX_GPR 12th bit always set and then masking/unmasking the IMR1
1st bit for each independent core, we need to use the imx_gpc_core_wake
to wake up the cores.
Also, the 50us udelay is moved to TF-A (inside imx_pwr_domain_off)
from kernel(gic_raise_softirq), since the new cpuidle workaround
does not need it in order to clean the IOMUX_GPC 12bit. For now,
the udelay seems to be still needed in order to delay the affinity
info OFF for the dying core. This is something that needs further
investigation.
Signed-off-by: Abel Vesa <abel.vesa@nxp.com>
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I9f17ff6fc3452b8225a50b232964712aafeab78a
Add the dram retention support for i.MX8MQ. As there is
no enough ocram space available before entering TF-A,
so the timing info need to be copied from dram into ocram.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: Id8264c342fd62e297b1969cba5ed505450c78a25
