Increase the size of cactus-tertiary partition to match update in
manifest. Part of effort to use cactus-tertiary partition in StMM/HOB
testing.
Dependent on
https://review.trustedfirmware.org/c/TF-A/tf-a-tests/+/35383
Signed-off-by: Kathleen Capella <kathleen.capella@arm.com>
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I5b91400848e2cf5d04d1c7442874a7a4b9847399
This patch allocates level 0 GPT at the top of SRAM
for FVP. This helps to meet L0 GPT alignment requirements
and prevent the occurrence of possible unused gaps in SRAM.
Load addresses for FVP TB_FW, SOC_FW and TOS_FW DTBs are
defined in fvp_fw_config.dts via ARM_BL_RAM_BASE macro.
Change-Id: Iaa52e302373779d9fdbaf4e1ba40c10aa8d1f8bd
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Support StandaloneMm running with FF-A as S-EL0 SP
when TF-A is built with EL3 SPMC partition manager.
For this
1. add manifest file describing StandaloneMm partition.
2. add number of page mapping area.
3. StandaloneMm should use SRAM with 512K.
while enabling, StandaloneMm, BL1 image requires more size:
aarch64-none-elf/bin/ld: BL31 image has exceeded its limit.
aarch64-none-elf/bin/ld: region `RAM' overflowed by 16384 bytes
So, when using SRAM size with 512K configuration,
increase size limit of BL1 binary.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: Idaa1db510340ebb812cfd13588610b2eea941918
This patch adds the SP partition manifest to boot Cactus SP on
EL3 SPMC to be used with FVP platform.
Change-Id: I88b36f6ac21ebba7fa93aef75dad74bb9ee5c944
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Align the naming of nv_counter to nv_ctr in the DTBs
so that they match with the static C files. Update the
binding documentation accordingly. This renaming is beneficial
for the upcoming conversion tool that will convert CoT DT files
to C files.
Change-Id: If65d51ad9fc6445b1ae9937f1691becf8742cf01
Signed-off-by: Xialin Liu <Xialin.Liu@ARM.com>
OP-TEE enables the use case of a secure interrupt triggered by the UART
driver. This interrupt is routed by FFA_INTERRUPT interface to OP-TEE.
Define the UART interrupt in the FF-A device region node.
Without this change, OPTEE panics at the boot with the following:
| I/TC: No non-secure external DT
| I/TC: manifest DT found
| I/TC: OP-TEE version: 4.3.0-23-gfcd8750677db
| I/TC: WARNING: This OP-TEE configuration might be insecure!
| I/TC: WARNING: Please check https://optee.readthedocs.io/en/latest/architecture/porting_guidelines.html
| I/TC: Primary CPU initializing
| E/TC:0 0 assertion '!res' failed at core/drivers/hfic.c:56 <hfic_op_enable>
| E/TC:0 0 Panic at core/kernel/assert.c:28 <_assert_break>
| E/TC:0 0 TEE load address @ 0x6284000
Change-Id: Icddcdfd032315aeee65ba3100f3a6b470a74435d
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
To enable device memory sharing test make memory region for UART0
and 1 a NS device region so that it can be shared by tf-a-tests
to the cactus SP.
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Change-Id: Iadfe02a65f5d4a8b60296f07c4943dd31f201453
Provide manifest to boot OP-TEE at S-EL1 running SPMC with secure EL2
disabled and TF-A at secure EL3 running SPMD.
Change-Id: If8547b5a514fb48eec88a8d56d718f1c1591cf1f
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Update the memory size allocated to optee at EL1 to 0xd80000 to match
the size specified by mem-size in optee manifest.
Change-Id: I6826a56d0f68a6a2b5181f849a741a9bf1f0829b
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
The memory regions that Linux kernel can share including TX/RX buffers
encompass the entire DRAM. Update it accordingly. Without this,
when the Linux kernel call FFA_RXTX_MAP, it fails sometime and the
below error from the secure world appears:
| ERROR: arch_other_world_vm_configure_rxtx_map: send page is invalid
| (expected 0x87, got 0x7c)
Change-Id: Idb40907af2e0c1d4e60979b4948db2fc70971145
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
OPTEE now supports FF-A v1.1, lets us bump the FF-A version in the
OPTEE FF-A manifest.
Change-Id: Ia51cbe1af619895945240004a4163a4c4bda2ee5
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Without the mem-size attribute, the OPTEE boot panics with below
error:
| get_sec_mem_from_manifest:1594 Can't read "mem-size" from FF-A
| manifest at 0x6281000: error -1
| Panic at core/arch/arm/kernel/boot.c:1596 <get_sec_mem_from_manifest>
| TEE load address @ 0x6284000
| Call stack:
| 0x0628c7fc
| 0x06298788
| 0x0628c480
Adding the mem-size attribute fixes the boot. This is OPTEE specific
extension.
Change-Id: I2801c8b4a89cffafff14c788319ad106b03ffef0
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Without the FF-A manifest boot info node, the OPTEE boot as S-EL1 VM
crashes currently with the below error:
| WARNING: Stage-2 page fault: pc=0x628c41c, vmid=0x8001, vcpu=0,
| vaddr=0xd00000, ipaddr=0xd00000, mode=0x1 0x7c
| NOTICE: Injecting Data Abort exception into VM 0x8001.
Adding the boot info node fixes the OPTEE boot.
While at it, also update copyright year in the file.
Change-Id: I1fd0bf4e38bb95deedc74fa04d1e6bb057424c04
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Adding support for Dualroot CoT in DTB. This makes it possible for BL2
to retrieve its chain of trust description from a configuration file in
DTB format. With this, the CoT description may be updated without
rebuilding BL2 image.
This feature can be enabled by building BL2 with COT_DESC_IN_DTB=1 and
COT=dualroot. The default behavior remains to embed the CoT description
into BL2 image.
Change-Id: I343931b145aa8a53b0a5d4b8aefb273ffb5a9163
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
This extends the SPM's NS ranges for linux to do
the RXTX map.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I99b4f2c0355edb88be2484b445b97701e166cbfd
Device memory region specified in an SP manifest are now validated
against the device memory defined in the SPMC manifest. Therefore
we need to add the device memory used in the tf-a-tests to the SPMC
manifests.
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Change-Id: I47376e67c700705d12338d7078292618a15d5546
Change the header of the license to have 2024, and
replace spaces for a tab.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: If98161ad35e1ead30e1e0d3ddb4cc6348e83d6ee
Ensure consistency across all Arm platforms, even those that may already
have an existing macro for this purpose.
Change-Id: I07cd4cfcacf2c991717f4c115cb0babd2c614d6f
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
FFA_RXTX_MAP now requires the buffers to be in non-secure memory. This
patch ensures that a region of non-secure memory is available so that
tftf tests can pass.
Change-Id: I9daf3182e0dcb73d2bf5a5baffb1b4b78c724dcb
Signed-off-by: Karl Meakin <karl.meakin@arm.com>
Adding support for CCA CoT in DTB. This makes it possible for BL2
to retrieve its chain of trust description from a configuration file
in DTB format. With this, the CoT description may be updated without
rebuilding BL2 image. This feature can be enabled by building BL2
with COT_DESC_IN_DTB=1 and COT=cca. The default behaviour remains to
embed the CoT description into BL2 image.
Change-Id: I5912aad5ae529281a93a76e6b8f4b89d867445fe
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Bump the required FF-A version in framework and manifests to v1.2 as
upstream feature development goes.
Signed-off-by: Kathleen Capella <kathleen.capella@arm.com>
Change-Id: I09d936d4aad89965cfd13f58741d647223b63a34
This patch introduces an SiP SMC call for FVP platform to set an
interrupt pending. This is needed for testing purposes.
Change-Id: I3dc68ffbec36d90207c30571dc1fa7ebfb75046e
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The SPMC (Hafnium) looks for secure and non-secure ranges
in its manifest.
Those relate with ranges that can be used by SPs in their
FF-A manifests.
The NS memory that is not used by SPs will be assigned
to the NWd, for it to share memory with SPs as needed.
Thus, this limits the memory the NWd can share with SPs,
to prevent NWD VMs from sharing memory that belongs
to other critical components.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Iad03eb138a57068fbb18c53141bdf6bf9c171b28
Updated the code to get and set the 'tpm_event_log_max_size' property
in the event_log.dtsi.
In this change, the maximum Event Log buffer size allocated by BL1 is
passed to BL2, rather than both relying on the maximum Event Log buffer
size macro.
Change-Id: I7aa6256390872171e362b6f166f3f7335aa6e425
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Rob Hughes <robert.hughes@arm.com>
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I557bca7dd32c3be084bbba11d84dfa2818cb6791
Provided both the root and secure addresses for TOS_FW config
in case of RME enabled systems where root address is in Root
SRAM and secure address is in Trusted DRAM.
Non-RME systems are unaffected by this change.
Change-Id: Ifb927c90fa5a68fe5362980858b4ddc5403ac95b
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
In line with the previous patch, the name of the member of the
hw_config DTB info structure has been renamed.
Change-Id: I6689e416fecd66faa515e820f1c4b23bcb65bfb1
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Add an example manifest for the EL3 SPMC on the FVP Platform
that allows booting the TSP example partition.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ie7f40328e0313abb5b1a121dfdc22a5f7387587f
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Add the TPM event log node to the SPMC manifest such that the TF-A
measured boot infrastructure fills the properties with event log address
for components measured by BL2 at boot time.
For a SPMC there is a particular interest with SP measurements.
In the particular case of Hafnium SPMC, the tpm event log node is not
yet consumed, but the intent is later to pass this information to an
attestation SP.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ic30b553d979532c5dad9ed6d419367595be5485e
Adding support in fconf for the cca CoT certificates for cca, core_swd,
and plat key.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I8019cbcb7ccd4de6da624aebf3611b429fb53f96
* changes:
fix(sptool): update Optee FF-A manifest
feat(sptool): delete c version of the sptool
feat(sptool): use python version of sptool
feat(sptool): python version of the sptool
refactor(sptool): use SpSetupActions in sp_mk_generator.py
feat(sptool): add python SpSetupActions framework
Change the OPTEE FF-A manifest to comply with changes to the sp pkg [1].
The sptool packs the image at the default offset of 0x4000, if it is not
provided in the arguments.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/14507
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I647950410114f7fc24926696212bb7f8101390ac
Currently, HW-config is loaded into non-secure memory, which mean
a malicious NS-agent could tamper with it. Ideally, this shouldn't
be an issue since no software runs in non-secure world at this time
(non-secure world has not been started yet).
It does not provide a guarantee though since malicious external
NS-agents can take control of this memory region for update/corruption
after BL2 loads it and before BL31/BL32/SP_MIN consumes it. The threat
is mapped to Threat ID#3 (Bypass authentication scenario) in threat
model [1].
Hence modified the code as below -
1. BL2 loads the HW_CONFIG into secure memory
2. BL2 makes a copy of the HW_CONFIG in the non-secure memory at an
address provided by the newly added property(ns-load-address) in
the 'hw-config' node of the FW_CONFIG
3. SP_MIN receives the FW_CONFIG address from BL2 via arg1 so that
it can retrieve details (address and size) of HW_CONFIG from
FW_CONFIG
4. A secure and non-secure HW_CONFIG address will eventually be used
by BL31/SP_MIN/BL32 and BL33 components respectively
5. BL31/SP_MIN dynamically maps the Secure HW_CONFIG region and reads
information from it to local variables (structures) and then
unmaps it
6. Reduce HW_CONFIG maximum size from 16MB to 1MB; it appears
sufficient, and it will also create a free space for any future
components to be added to memory
[1]: https://trustedfirmware-a.readthedocs.io/en/latest/threat_model/threat_model.html
Change-Id: I1d431f3e640ded60616604b1c33aa638b9a1e55e
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Following I2d274fa897171807e39b0ce9c8a28824ff424534:
Remove GICD registers S2 mapping from OP-TEE partition when it runs in a
secure partition on top of Hafnium.
The partition is not meant to access the GIC directly but use the
Hafnium provided interfaces.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I1a38101f6ae9911662828734a3c9572642123f32
This change essentially reverts [1] by removing the BL31 workaround
forcing the dtb address when Hafnium is loaded as an Hypervisor.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/9569
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I302161d027261448113c66b7fafa9c11620b54ef
Making tb_fw_config ready to pass the Event Log base address
and size information to BL2.
Change-Id: I5dd0e79007e3848b5d6d0e69275a46c2e9807a98
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Subsequent patches will provide a solution to do the BL2 hash measurement
and recording in BL1 itself, hence in preparation to adopt that solution
remove the logic of passing BL2 hash measurement to BL2 component
via TB_FW config.
Change-Id: Iff9b3d4c6a236a33b942898fcdf799cbab89b724
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Update UUID to little endian:
The SPMC expects a little endian representation of the UUID as an array
of four integers in the SP manifest.
Add managed exit field and cosmetic comments updates.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Icad93ca70bc27bc9d83b8cf888fe5f8839cb1288
Currently the list of SP UUIDs loaded by BL2 is hardcoded in the DT.
This is a problem when building a system with other SPs (e.g. from
Trusted Services). This commit implements a workaround to enable adding
SP UUIDs to the list at build time.
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Change-Id: Iff85d3778596d23d777dec458f131bd7a8647031
Bump the required FF-A version in framework and manifests to v1.1 as
upstream feature development goes.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I89b2bd3828a13fc4344ccd53bc3ac9c0c22ab29f
Align documentation with changes of messaging method for partition
manifest:
- Bit[0]: support for receiving direct message requests
- Bit[1]: support for sending direct messages
- Bit[2]: support for indirect messaging
- Bit[3]: support for managed exit
Change the optee_sp_manifest to align with the new messaging method
description.
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>
Change-Id: I333e82c546c03698c95f0c77293018f8dca5ba9c
The partition layout description JSON file generated by TF-A tests
declares a fourth test partition called Ivy demonstrating the
implementation of a S-EL0 partition supported by a S-EL1 shim.
Change-Id: If8562acfc045d6496dfdb3df0524b3a069357f8e
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Fix a remainder from early prototyping. OP-TEE as a secure partition
does not need specific SMC function id pass through to EL3.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I2843d1b9a5eb4c966f82790e1655fb569c2de7d4
