BL2 requires the ability to access the TCG Event Log during
Measured Boot. Currently the Platform hangs since the Event Log
is not exposed to BL2's mmap. Define a RPI3_BL1_RW region to be
added to the BL2 Image, if Measured Boot is enabled.
Change-Id: Ic236a80e73ea342b4590cfb65bafbb8ffac17085
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
In BL1 and BL2 add support for the use of an Infineon Optiga SLB 9670
TPM2.0.
The platform utilizes the gpio_spi.c driver to bit-bang gpio pins in
order to send commands and receive responses to/from the TPM.
In BL1 & BL2:
-utilize TPM commands to initialize the gpio pins for "spi"
communication, and extend image hashes to the TPM's PCR 0,
at the end of the measured boot phase for the bootloader,
the TPM locality is released.
-Bl1 executes a tpm_startup command in order to flush the TPM.
Change-Id: I2f2fa28f60a262a0aa25a674c72a9904b3cf4d8a
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
At the end of BL2 measured boot, write the address
and size of the TCG Event Log to NT_FW_CONFIG so
that the log can be consumed later by BL33.
-add dynamic configuration helpers for the fdt
-write the eventlog address and size to the fdt
Change-Id: I099dd9cc96d740ae13cb8b8e8c6b9f2e6c02accc
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Add Measured Boot support using the Event Log backend for the rpi3
platform.
-Implement measured boot infrastructure in BL1 & BL2, including
the init, measure image, and finish phases.
-Pass the eventlog addr and size from BL1 to BL2 using the
image entry point args.
-dump the eventlog after measuring BL2, and after all images are
measured in BL2.
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Change-Id: I7c040c4a2d001a933fefb0b16f0fdf2a43a11be9
In order for directories to be automatically created when used as a
dependency, they must end with a forward slash (`/`). This is because we
have a pattern rule (`%/`) to create a directory anywhere where a
directory is required as a direct dependency.
Change-Id: Ib632d59da0745f6cadb0a839a62360aeca25c178
Signed-off-by: Chris Kay <chris.kay@arm.com>
The rpi3 does not initialize the generic timer in BL1, which is now
required to use the delay timer in the dTPM driver. This change sets the
counter frequency register (CNTFRQ) with the rpi3's system counter
frequency value, as a prerequisite for timer initialization, and then
initializes the generic timer all during BL1 setup.
Change-Id: I4e2475b63ce4a97653202f94f506b5d3edc4c1a7
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
This change introduces a few helper variables for dealing with verbose
and silent build modes: `silent`, `verbose`, `q` and `s`.
The `silent` and `verbose` variables are boolean values determining
whether the build system has been configured to run silently or
verbosely respectively (i.e. with `--silent` or `V=1`).
These two modes cannot be used together - if `silent` is truthy then
`verbose` is always falsy. As such:
make --silent V=1
... results in a silent build.
In addition to these boolean variables, we also introduce two new
variables - `s` and `q` - for use in rule recipes to conditionally
suppress the output of commands.
When building silently, `s` expands to a value which disables the
command that follows, and `q` expands to a value which supppresses
echoing of the command:
$(s)echo 'This command is neither echoed nor executed'
$(q)echo 'This command is executed but not echoed'
When building verbosely, `s` expands to a value which disables the
command that follows, and `q` expands to nothing:
$(s)echo 'This command is neither echoed nor executed'
$(q)echo 'This command is executed and echoed'
In all other cases, both `s` and `q` expand to a value which suppresses
echoing of the command that follows:
$(s)echo 'This command is executed but not echoed'
$(q)echo 'This command is executed but not echoed'
The `s` variable is predominantly useful for `echo` commands, where you
always want to suppress echoing of the command itself, whilst `q` is
more useful for all other commands.
Change-Id: I8d8ff6ed714d3cb401946c52955887ed7dca602b
Signed-off-by: Chris Kay <chris.kay@arm.com>
Detection of the UART in use and GPIO code only apply to RPi 3 and 4.
RPi 5 has a dedicated PL011 debug port.
Change-Id: Iddf8aea01278e2b79b4e7c476740f1add8c419f0
Signed-off-by: Mario Bălănică <mariobalanica02@gmail.com>
In preparation for RPi 5 support, which will reuse most of the RPi 4
logic except for DTB patching.
Change-Id: I6f6ef96933711a1798757a3389adae1b8ee3de6c
Signed-off-by: Mario Bălănică <mariobalanica02@gmail.com>
The toolchain refactor change introduces the `${toolchain}-${tool}-id`
variables, which provide identifiers for all of the toolchain tools used
by the build system. This change replaces the various conditions that
are in use to identify these tools based on the path with a standard set
of comparisons against these new identifier variables.
Change-Id: Ib60e592359fa6e415c19a012e68d660f87436ca7
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change migrates the values of `CC`, `CPP`, `AS` and other toolchain
variables to the new `$(toolchain)-$(tool)` variables, which were
introduced by the toolchain refactor patch. These variables should be
equivalent to the values that they're replacing.
Change-Id: I644fe4ce82ef1894bed129ddb4b6ab94fb04985d
Signed-off-by: Chris Kay <chris.kay@arm.com>
Rather than validating the type of interrupts supported by the
platform interrupt controller, the interrupt management framework can
directly use helper utilities implemented by the generic interrupt
controller driver.
Change-Id: I735f8d2742a2c7974d11c0a5ddc771ad807c635c
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Add initial configuration parameters for Rasperry Pi 3's sdhost
controller, and then configure and use those parameters.
This change allows warm reboots of UEFI on Raspberry Pi 3B+ where
existing code often fails with "unknown error". See discussion at:
https://github.com/pftf/RPi3/issues/24
The basic idea is that some initial configuration parameters
(clock rate, bus width) aren't configured into the hardware before
commands start being sent. I suspect that the particular setting
that matters is the "slow card" bit, but the initial clock setting
also seemed wrong to me.
Change-Id: I526def340def143f23f3422f1fc14c12c937ca7f
Signed-off-by: Rob Newberry <robthedude@mac.com>
Currently Tf-A uses whatever openssl binary is on the system to sign
images. However if OPENSSL_DIR is specified in the build flags this can
lead to linking issues as the system binary can end up being linked
against shared libraries provided in OPENSSL_DIR/lib if both binaries
(the system's and the on in OPENSSL_DIR/bin) are the same version.
This patch ensures that the binary used is always the one given by
OPENSSL_DIR to avoid those link issues.
Signed-off-by: Salome Thirot <salome.thirot@arm.com>
Change-Id: Ib534e06ebc8482e4391e376d3791a87968de4a99
Coverity build periodically throws below errors(non-consistently)
for 'QEMU' and 'RPI3' platforms.
/bin/sh: 1: cannot create build/qemu/debug/rot_key.pem: Directory
nonexistent
plat/qemu/qemu/platform.mk:86: recipe for target 'build/qemu/debug/
rot_key.pem' failed
make: *** [build/qemu/debug/rot_key.pem] Error 2
/bin/sh: 1: cannot create /work/workspace/workspace/tf-coverity/build
/rpi3/debug/rot_key.pem: Directory nonexistent
plat/rpi/rpi3/platform.mk:214: recipe for target '/work/workspace/
workspace/tf-coverity/build/rpi3/debug/rot_key.pem' failed
make: *** [/work/workspace/workspace/tf-coverity/build/rpi3/debug/
rot_key.pem] Error 2
Issue seems to be occurred when 'ROT key' is generated before creating
the platform build folder(for e.g.build/qemu/debug).
Changes are made to fix this issue by adding orderly dependancy of
the platform folder for the 'ROT key' creation which ensures that
platform folder is created before generating 'ROT key'.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I20c82172dde84e4c7f2373c0bd095d353f845d38
CoT used for BL1 and BL2 are moved to tbbr_cot_bl1.c
and tbbr_cot_bl2.c respectively.
Common CoT used across BL1 and BL2 are moved to
tbbr_cot_common.c.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I2252ac8a6960b3431bcaafdb3ea4fb2d01b79cf5
We simulate the PSCI CPU_OFF operation by reseting the core via RMR.
For secondaries, that already puts them in the holding pen waiting for a
"warm boot" request as part of PSCI CPU_ON. For the BSP, we have to add
logic to distinguish a regular boot from a CPU_OFF state, where, like the
secondaries, the BSP needs to wait foor a "warm boot" request as part
of CPU_ON.
Testing done:
- ACS suite now passes more tests (since it repeatedly
calls code on secondaries via CPU_ON).
- Linux testing including offlining/onlineing CPU0, e.g.
"echo 0 > /sys/devices/system/cpu/cpu0/online".
Change-Id: Id0ae11a0ee0721b20fa2578b54dadc72dcbd69e0
Link: https://developer.trustedfirmware.org/T686
Signed-off-by: Andrei Warkentin <andrey.warkentin@gmail.com>
[Andre: adapt to unified plat_helpers.S, smaller fixes]
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The plat_helpers.S file was almost identical between its RPi3 and RPi4
versions. Unify the two files, moving it into the common/ directory.
This adds a plat_rpi_get_model() function, which can be used to trigger
RPi4 specific action, detected at runtime. We use that to do the RPi4
specific L2 cache initialisation.
Change-Id: I2295704fd6dde7c76fe83b6d98c7bf998d4bf074
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
So far the Raspberry Pi 3 build needs the GPIO driver just for BL2.
Upcoming changes will require some GPIO code in BL1 and BL31 also, so
move those driver files into the common source section.
This does not affect BL31 code size at all, and bl1.bin just increases
by 144 bytes, but doesn't affect the padded binary size at all.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: I7639746dc241c1e69099d85d2671c65fa0108555
The Broadcom 283x SoCs feature multiple UARTs: the mostly used
"Mini-UART", which is an 8250 compatible IP, and at least one PL011.
While the 8250 is usually used for serial console purposes, it suffers
from a design flaw, where its clock depends on the VPU clock, which can
change at runtime. This will reliably mess up the baud rate.
To avoid this problem, people might choose to use the PL011 UART for
the serial console, which is pin-mux'ed to the very same GPIO pins.
This can be done by adding "miniuart-bt" to the "dtoverlay=" line in
config.txt.
To prepare for this situation, use the newly gained freedom of sharing
one console_t pointer across different UART drivers, to introduce the
option of choosing the PL011 for the console.
This is for now hard-coded to choose the Mini-UART by default.
A follow-up patch will introduce automatic detection.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: I8cf2522151e09ff4ff94a6d396aec6fc4b091a05
In the wake of the upcoming unification of the console setup code
between RPi3 and RPi4, extend the "clock-less" setup scheme to the
RPi3. This avoid programming any clocks or baud rate registers,
which makes the port more robust against GPU firmware changes.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: Ida83a963bb18a878997e9cbd55f8ceac6a2e1c1f
There is really no reason to use and pass around a struct when its only
member is the (fixed) base address.
Remove the struct and just use the base address on its own inside the
GPIO driver. Then set the base address automatically.
This simplifies GPIO setup for users, which now don't need to deal with
zeroing a struct and setting the base address anymore.
Change-Id: I3060f7859e3f8ef9a24cc8fb38307b5da943f127
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Now that we have the armstub magic value in place, the GPU firmware will
write the kernel load address (and DTB address) into our special page,
so we can always easily access the actual location without hardcoding
any addresses into the BL31 image.
Make the compile-time defined PRELOADED_BL33_BASE macro optional, and
read the BL33 entry point from the magic location, if the macro was not
defined. We do the same for the DTB address.
This also splits the currently "common" definition of
plat_get_ns_image_entrypoint() to be separate between RPi3 and RPi4.
Change-Id: I6f26c0adc6fce2df47786b271c490928b4529abb
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment the UART input clock rate is hard coded at compile time.
This works as long as the GPU firmware always sets up the same rate,
which does not seem to be true for the Raspberry Pi 4.
In preparation for being able to change this at runtime, add a base
clock parameter to the console setup function. This is still hardcoded
for the Raspberry Pi 3.
Change-Id: I398bc2f1e9b46f7af9a84cb0b33cbe8e78f2d900
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
To initialise the arch timer configuration and some clock prescaler, we
need to do two MMIO access *once*, early during boot.
As tempting as it may sound, plat_reset_handler() is not the right place
to do this, as it will be called on every CPU coming up, both for
secondary cores as well as during warmboots. So this access will be done
multiple times, and even during a rich OS' runtime. Whether doing so anyway
is actually harmful is hard to say, but we should definitely avoid this if
possible.
Move the initialisation of these registers to C code in
bl1_early_platform_setup(), where it will still be executed early enough
(before enabling the console), but only once during the whole boot
process.
Change-Id: I081c41a5476d424411411488ff8f633e87d3bcc5
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The location of the MMIO window is different between a Raspberry Pi 3
and 4: the former has it just below 1GB, the latter below 4GB.
The relative location of the peripherals is mostly compatible though.
To allow sharing code between the two models, let's rename the symbol
used for the MMIO base to the more generic RPI_IO_BASE name.
Change-Id: I3c2762fb30fd56cca743348e79d72ef8c60ddb03
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
To be able to share code more easily between the existing Raspberry Pi 3
and the upcoming Raspberry Pi 4 platform, move some code which is not
board specific into a "common" directory.
Change-Id: I9211ab2d754b040128fac13c2f0a30a5cc8c7f2c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
To allow sharing the driver between the RPi3 and RPi4, move the random
number generator driver into the generic driver directory.
Change-Id: Iae94d7cb22c6bce3af9bff709d76d4caf87b14d1
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
To allow sharing the driver between the RPi3 and RPi4, move the mailbox
driver into the generic driver directory.
Change-Id: I463e49acf82b02bf004f3d56482b7791f3020bc0
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
With the advent of Raspberry Pi 4 support, we need to separate some
board specific headers between the RPi3 and RPi4.
Rename and move the "rpi3_hw.h" header, so that .c files just include
rpi_hw.h, and automatically get the correct version.
Change-Id: I03b39063028d2bee1429bffccde71dddfe2dcde8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
With the incoming support for the Raspberry Pi 4 boards, one directory
to serve both versions will not end up well.
Create an additional layer by inserting a "rpi" directory betweeen /plat
and rpi3, so that we can more easily share or separate files between the
two later.
Change-Id: I75adbb054fe7902f34db0fd5e579a55612dd8a5f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
