Increase the size of cactus-tertiary partition to match update in
manifest. Part of effort to use cactus-tertiary partition in StMM/HOB
testing.
Dependent on
https://review.trustedfirmware.org/c/TF-A/tf-a-tests/+/35383
Signed-off-by: Kathleen Capella <kathleen.capella@arm.com>
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I5b91400848e2cf5d04d1c7442874a7a4b9847399
When using ARM_LINUX_KERNEL_AS_BL33, set defaults for the below for
increased build time efficiency:
PRELOADED_BL33_BASE=0x80080000
This address supports older kernels before v5.7
ARM_PRELOADED_DTB_BASE=0x87F00000 (only in RESET_TO_BL31)
1MiB before the address 0x88000000 in FVP. 1MiB seems enough for the
device tree blob (DTB).
Change-Id: I0396b597485e163b43f7c6677c04fcc08db55aa8
Signed-off-by: Salman Nabi <salman.nabi@arm.com>
Disable the reliance of ARM_LINUX_KERNEL_AS_BL33 on PRELOADED_BL33_BASE
so that a Linux Kernel can be loaded and booted from the fip as BL33.
Change-Id: I0437eec852cf17e0ed37a7ff77fcc4e66b1cea7a
Signed-off-by: Salman Nabi <salman.nabi@arm.com>
Add initrd properties to the device tree blob at build time, giving
users the ability to run a linux kernel and successfully boot it to
the terminal. Users can boot a linux kernel in a normal flow as well
as in RESET_TO_BL31. This function is an extension of the build time
option "ARM_LINUX_KERNEL_AS_BL33=1".
The build time options INITRD_SIZE or INITRD_PATH will trigger the
insertion of initrd properties in to the DTB. If both options are
provided then the INITRD_SIZE will take precedence.
The available options are:
INITRD_SIZE: Provide the initrd size in dec or hex (hex format must
precede with '0x'.
Example: INITRD_SIZE=0x1000000
INITRD_PATH: Provide an initrd path for the build time to find its
exact size.
INITRD_BASE: A required build time option that sets the initrd base
address in hex format. A default value can be set by the platform.
Example: INITRD_BASE=0x90000000
Change-Id: Ief8de5f00c453509bcc6e978e0a95d768f1f509c
Signed-off-by: Salman Nabi <salman.nabi@arm.com>
ESR_EL3 value is updated when an exception is taken to EL3 and its value
does not change until a new exception is taken to EL3. We need to save
ESR in context memory only when we expect nested exception in EL3.
The scenarios where we would expect nested EL3 execution are related
with FFH_SUPPORT, namely
1.Handling pending async EAs at EL3 boundry
- It uses CTX_SAVED_ESR_EL3 to preserve origins esr_el3
2.Double fault handling
- Introduce an explicit storage (CTX_DOUBLE_FAULT_ESR) for esr_el3
to take care of DobuleFault.
As the ESR context has been removed, read the register directly instead
of its context value in RD platform.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I7720c5f03903f894a77413a235e3cc05c86f9c17
* changes:
feat(drtm): retrieve DLME image authentication features
feat(drtm): log No-Action Event in Event Log for DRTM measurements
feat(fvp): add stub function to retrieve DLME image auth features
feat(drtm): introduce plat API for DLME authentication features
feat(drtm): ensure event types aligns with DRTM specification v1.1
fix(drtm): add missing DLME data regions for min size requirement
feat(fvp): add stub platform function to get ACPI table region size
feat(drtm): add platform API to retrieve ACPI tables region size
`CTX_INCLUDE_SVE_REGS` should not be enabled when building with
SPD=spmd and SPMD_SPM_AT_SEL2=1 both been used.
Unfortunately a check at top level makefile ignored this, now its been
fixed at top level makefile. Ensure correct combination are handled,
otherwise it will lead to build failures.
Change-Id: Ib84fc0096c92d9b3d56366c0e1d77b6d83098221
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Adding PSA Crypto MBedTLS specific jump table to allow use of ROMLIB, to
be included when PSA_CRYPTO=1 and enabled.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Iff7f0e3c5cba6b89f1732f6c80d3060498e3675d
DLME image authentication features are currently not supported on FVP.
This patch introduces a stub function in fvp_drtm_stub.c as a
placeholder for retrieving DLME image authentication features.
Change-Id: I6d274834245774c5442d67ee93fcd641f3a9cd1a
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Introduces a stub platform function for FVP to retrieve the ACPI table
region size.
Change-Id: Icbf1ae0cb89c393502de2c2f4f66df6b510e6b81
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
The current code is incredibly resilient to updates to the spec and
has worked quite well so far. However, recent implementations expose a
weakness in that this is rather slow. A large part of it is written in
assembly, making it opaque to the compiler for optimisations. The
future proofness requires reading registers that are effectively
`volatile`, making it even harder for the compiler, as well as adding
lots of implicit barriers, making it hard for the microarchitecutre to
optimise as well.
We can make a few assumptions, checked by a few well placed asserts, and
remove a lot of this burden. For a start, at the moment there are 4
group 0 counters with static assignments. Contexting them is a trivial
affair that doesn't need a loop. Similarly, there can only be up to 16
group 1 counters. Contexting them is a bit harder, but we can do with a
single branch with a falling through switch. If/when both of these
change, we have a pair of asserts and the feature detection mechanism to
guard us against pretending that we support something we don't.
We can drop contexting of the offset registers. They are fully
accessible by EL2 and as such are its responsibility to preserve on
powerdown.
Another small thing we can do, is pass the core_pos into the hook.
The caller already knows which core we're running on, we don't need to
call this non-trivial function again.
Finally, knowing this, we don't really need the auxiliary AMUs to be
described by the device tree. Linux doesn't care at the moment, and any
information we need for EL3 can be neatly placed in a simple array.
All of this, combined with lifting the actual saving out of assembly,
reduces the instructions to save the context from 180 to 40, including a
lot fewer branches. The code is also much shorter and easier to read.
Also propagate to aarch32 so that the two don't diverge too much.
Change-Id: Ib62e6e9ba5be7fb9fb8965c8eee148d5598a5361
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
MPMM is a core-specific microarchitectural feature. It has been present
in every Arm core since the Cortex-A510 and has been implemented in
exactly the same way. Despite that, it is enabled more like an
architectural feature with a top level enable flag. This utilised the
identical implementation.
This duality has left MPMM in an awkward place, where its enablement
should be generic, like an architectural feature, but since it is not,
it should also be core-specific if it ever changes. One choice to do
this has been through the device tree.
This has worked just fine so far, however, recent implementations expose
a weakness in that this is rather slow - the device tree has to be read,
there's a long call stack of functions with many branches, and system
registers are read. In the hot path of PSCI CPU powerdown, this has a
significant and measurable impact. Besides it being a rather large
amount of code that is difficult to understand.
Since MPMM is a microarchitectural feature, its correct placement is in
the reset function. The essence of the current enablement is to write
CPUPPMCR_EL3.MPMM_EN if CPUPPMCR_EL3.MPMMPINCTL == 0. Replacing the C
enablement with an assembly macro in each CPU's reset function achieves
the same effect with just a single close branch and a grand total of 6
instructions (versus the old 2 branches and 32 instructions).
Having done this, the device tree entry becomes redundant. Should a core
that doesn't support MPMM arise, this can cleanly be handled in the
reset function. As such, the whole ENABLE_MPMM_FCONF and platform hooks
mechanisms become obsolete and are removed.
Change-Id: I1d0475b21a1625bb3519f513ba109284f973ffdf
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
* changes:
refactor(cpus): declare runtime errata correctly
perf(cpus): make reset errata do fewer branches
perf(cpus): inline the init_cpu_data_ptr function
perf(cpus): inline the reset function
perf(cpus): inline the cpu_get_rev_var call
perf(cpus): inline cpu_rev_var checks
refactor(cpus): register DSU errata with the errata framework's wrappers
refactor(cpus): convert checker functions to standard helpers
refactor(cpus): convert the Cortex-A65 to use the errata framework
fix(cpus): declare reset errata correctly
The existing DSU errata workarounds hijack the errata framework's inner
workings to register with it. However, that is undesirable as any change
to the framework may end up missing these workarounds. So convert the
checks and workarounds to macros and have them included with the
standard wrappers.
The only problem with this is the is_scu_present_in_dsu weak function.
Fortunately, it is only needed for 2 of the errata and only on 3 cores.
So drop it, assuming the default behaviour and have the callers handle
the exception.
Change-Id: Iefa36325804ea093e938f867b9a6f49a6984b8ae
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
* changes:
fix(rdn2): add LCA multichip data for RD-N2-Cfg2
fix(rdv3): add LCA multichip data for RD-V3-Cfg2
feat(gic): add support for local chip addressing
To pass SMMUv3 Realm Page 0 address to RMM
in Boot Manifest, BL31 needs to read SMMU_ROOT_IDR0
register. BL31 at EL3 runs in Root mode, but
CoreSight and peripherals at DEVICE0_BASE
(0x2000_0000) including SMMUv3 at 0x2B40_0000 are
mapped as MT_SECURE which results in RAZ access
to all SMMUv3 registers after enabling MMU.
This patch changes MT_SECURE mapping to EL3_PAS
resulting in MT_SECURE (ENABLE_RME = 0), and
MT_ROOT (ENABLE_RME = 1).
Change-Id: I3d9ae7c86e4836dd6722fa64116a14d8c8aed8da
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
* changes:
refactor(rse)!: remove rse_comms_init
refactor(arm): switch to rse_mbx_init
refactor(rse): put MHU code in a dedicated file
refactor(tc): add plat_rse_comms_init
refactor(arm)!: rename PLAT_MHU_VERSION flag
When RESET_TO_BL31 was enabled, CNTFRQ_EL0 was left uninitialized,
leading to incorrect system counter frequency settings. This
impacted timer-dependent components, such as SMMUv3, causing
initialization failures and unpredictable behavior.
To fix this, CNTFRQ_EL0 is now explicitly set using
plat_get_syscnt_freq2(), ensuring the correct system timer
frequency and proper initialization of dependent components.
Signed-off-by: Lokesh B V <Lokesh.BV@Arm.com>
Change-Id: I808b17d25c87c4dce1bc2c8171a800b69b5c2908
* changes:
fix(qemu): statically allocate bitlocks array
feat(qemu): update for renamed struct memory_bank
feat(fvp): increase GPT PPS to 1TB
feat(gpt): statically allocate bitlocks array
chore(gpt): define PPS in platform header files
feat(fvp): allocate L0 GPT at the top of SRAM
feat(fvp): change size of PCIe memory region 2
feat(rmm): add PCIe IO info to Boot manifest
feat(fvp): define single Root region
The rse_comms_init() function will be removed. The new function to use
is rse_mbx_init() for the MHU mailbox initialization.
Change-Id: I1932500ef71b6e895f0ee164ee9c2b58becf4409
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The same way it is done for neoverse_rd, create a plat_rse_comms_init()
function to call rse_comms_init().
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I12f3b8a38a5369decb4b97f8aceeb0dc81cbea28
In order to support a platform without MHU in RSE, update the flag
PLAT_MHU_VERSION. It is renamed PLAT_MHU and can take the following
entries: NO_MHU, MHUv1, MHUv2, MHUv3...
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ia72e590088ce62ba8c9009f341b6135926947bee
Wait for it to have been created. This is the same issue as
commit db69d11829.
Change-Id: I32bd0c713e2837563d32131fb0beddb5533c0792
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
* changes:
fix(cpus): clear CPUPWRCTLR_EL1.CORE_PWRDN_EN_BIT on reset
chore(docs): drop the "wfi" from `pwr_domain_pwr_down_wfi`
chore(psci): drop skip_wfi variable
feat(arm): convert arm platforms to expect a wakeup
fix(cpus): avoid SME related loss of context on powerdown
feat(psci): allow cores to wake up from powerdown
refactor: panic after calling psci_power_down_wfi()
refactor(cpus): undo errata mitigations
feat(cpus): add sysreg_bit_toggle
- Increase PPS for FVP from 64GB to 1TB.
- GPT L0 table for 1TB PPS requires 8KB memory.
- Set FVP_TRUSTED_SRAM_SIZE to 384 with ENABLE_RME=1
option.
- Add 256MB of PCIe memory region 1 and 3GB of
PCIe memory region 2 to FVP PAS regions array.
Change-Id: Icadd528576f53c55b5d461ff4dcd357429ba622a
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Statically allocate 'gpt_bitlock' array of fine-grained
'bitlock_t' data structures in arm_bl31_setup.c.
The amount of memory needed for this array is controlled
by 'RME_GPT_BITLOCK_BLOCK' build option and 'PLAT_ARM_PPS'
macro defined in platform_def.h which specifies the size
of protected physical address space in bytes.
'PLAT_ARM_PPS' takes values from 4GB to 4PB supported by
Arm architecture.
Change-Id: Icf620b5039e45df6828d58fca089cad83b0bc669
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
This patch allocates level 0 GPT at the top of SRAM
for FVP. This helps to meet L0 GPT alignment requirements
and prevent the occurrence of possible unused gaps in SRAM.
Load addresses for FVP TB_FW, SOC_FW and TOS_FW DTBs are
defined in fvp_fw_config.dts via ARM_BL_RAM_BASE macro.
Change-Id: Iaa52e302373779d9fdbaf4e1ba40c10aa8d1f8bd
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
- Add PCIe and SMMUv3 related information to DTS for
configurations with ENABLE_RME=1.
- Add entries for PCIe IO memory regions to Boot manifest
- Update RMMD_MANIFEST_VERSION_MINOR from 3 to 4.
- Read PCIe related information from DTB and write it to
Boot manifest.
- Rename structures that used to describe DRAM layout
and now describe both DRAM and PCIe IO memory regions:
- ns_dram_bank -> memory_bank
- ns_dram_info -> memory_info.
Change-Id: Ib75d1af86076f724f5c330074e231f1c2ba8e21d
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
For FVP model define single Root PAS which
includes EL3 DRAM data, L1 GPTs and SCP TZC.
This allows to decrease the number of PAS
regions passed to GPT library and use GPT
mapping with Contiguous descriptor of
larger block size.
Change-Id: I70f6babaebc14e5e0bce033783ec423c8a26c542
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Now that all errata flags are all conveniently in a single list we can
make sweeping decisions about their values. The first use-case is to
enable all errata in TF-A. This is useful for CI runs where it is
impractical to list every single one. This should help with the long
standing issue of errata not being built or tested.
Also add missing CPUs with errata to `ENABLE_ERRATA_ALL` to enable all
errata builds in CI.
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I2b456d304d7bf3215c7c4f4fd70b56ecbcb09979
* changes:
feat(rdv3): enable the support to fetch dynamic config
feat(rdv3): add dts files to enable hafnium as BL32
feat(rdv3): define SPMC manifest base address
feat(arm): add a macro for SPMC manifest base address
feat(rdv3): add carveout for BL32 image
feat(rdv3): introduce platform handler for Group0 interrupt
feat(neoverse-rd): use larger stack size when S-EL2 spmc is enabled
fix(neoverse-rd): set correct SVE vector lengths
PSCI OS initiated is usually implemented with the extended state id
format, however this does not have to be the case. When this is the
case, the original format will carry the requested power level in
the PowerLevel field. To validate that the requested power state is
valid we must save it so that later when we call
psci_is_last_cpu_to_idle_at_pwrlvl() it checks the right level (instead
of a default 0).
This came up when testing 01959a1656 for
all configurations.
Change-Id: Iaab88c1910467282ae524861446283acddd9d977
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
To enable the support to load Hafnium as BL32, BL31 needs firmware
configuration info to get BL32 manifest load location. The load address
of BL32 is passed via firmware config info.
Add the support to get the address using fconf framework from dynamic
config info.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: I3a2a5706789ed290dc7f4a67e62e03751b930c02
On RD-V3 platform and variants, Hafnium is used as SPMC running at
S-EL2 and manage SP running at S-EL0. Hafnium is loaded and configured
as BL32 image. SP is loaded by SP load framework and configured by
Hafnium.
Add the dts files needed to enable load and configuration of hafnium and
SP.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: I7de72052323ff9106d7bedbaaf5ece3272e9a6cd
ARM_SPMC_MANIFEST_BASE defines the base address of the SPMC manifest
used by BL32. In the non-RESET_TO_BL31 case, it is defined relative to
the top of Trusted SRAM. However, for RESET_TO_BL31, the
PLAT_ARM_SPMC_MANIFEST_BASE macro can be used to set it to a different
location which is then used to populate ARM_SPMC_MANIFEST_BASE.
As the RD-V3 platform and its variants have a different SRAM layout
compared to that defined in arm_def.h, define the
PLAT_ARM_SPMC_MANIFEST_BASE macro to an address suitable for this
platform and its variants.
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: I36e1eb21ab3d1c68bddb52c62198fcdfc40d8993
In RESET_TO_BL31, the SPMC manifest base address that is utilized by
bl32_image_ep_info has to be statically defined as DT is not available.
Common arm code sets this to the top of SRAM using macros but it can be
different for some platforms. Hence, introduce the macro
PLAT_ARM_SPMC_MANIFEST_BASE that could be re-defined by platform as per
their use-case. Platforms that utilize arm_def.h would use the existing
value from arm common code.
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: I4491749ad2b5794e06c9bd11ff61e2e64f21a948
Edk2 converts StMM GUID to UUID format, which is used in FF-A and linux
kernel. StMM manifest currently provides GUID format. Correcting this to
UUID format.
Change-Id: Ie94728e5ea74d3d9935e0af9a2a601cbafe5ad3d
Signed-off-by: Jerry Wang <Jerry.Wang4@arm.com>
* changes:
feat(tc): get entropy with PSA Crypto API
feat(psa): add interface with RSE for retrieving entropy
fix(psa): guard Crypto APIs with CRYPTO_SUPPORT
feat(tc): enable trng
feat(tc): initialize the RSE communication in earlier phase
Add and map the carveout for loading Hafnium as BL32 image. Also define
PLAT_ARM_SP_MAX_SIZE as 3 MB for secure partitions.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: I2845eb6807a127c9f6b92de2dabc9a58d25bd4d4
This patch introduces a handler for RD-V3 variants to handle Group0
secure interrupts. Currently, it is empty but serves as a placeholder
for future Group0 interrupt sources.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: Ifa418094f6075a6cdc33e63eec1825103bbf6d68
Larger stack size is needed when S-EL2 SPMC is enabled. This is required
because BL31 xlat map framework makes more nested calls when this
feature is enabled.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: Ib3f2abf38b576ba96402dab4ba995d8b648b4cc7
Affected platforms: RD-N2, RD-V1, RD-V1-MC, RD-V3 and their
configurations.
Previously, the SVE vector lengths for these platforms were
being taken from the default configuration. This commit updates
their respective platform.mk files to specify the correct vector
lengths.
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: I8919257e2cec5c0e819424ff44a623dc3ab1a368
