Disable the reliance of ARM_LINUX_KERNEL_AS_BL33 on PRELOADED_BL33_BASE
so that a Linux Kernel can be loaded and booted from the fip as BL33.
Change-Id: I0437eec852cf17e0ed37a7ff77fcc4e66b1cea7a
Signed-off-by: Salman Nabi <salman.nabi@arm.com>
Statically allocate 'gpt_bitlock' array of fine-grained
'bitlock_t' data structures in arm_bl31_setup.c.
The amount of memory needed for this array is controlled
by 'RME_GPT_BITLOCK_BLOCK' build option and 'PLAT_ARM_PPS'
macro defined in platform_def.h which specifies the size
of protected physical address space in bytes.
'PLAT_ARM_PPS' takes values from 4GB to 4PB supported by
Arm architecture.
Change-Id: Icf620b5039e45df6828d58fca089cad83b0bc669
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
PSCI OS initiated is usually implemented with the extended state id
format, however this does not have to be the case. When this is the
case, the original format will carry the requested power level in
the PowerLevel field. To validate that the requested power state is
valid we must save it so that later when we call
psci_is_last_cpu_to_idle_at_pwrlvl() it checks the right level (instead
of a default 0).
This came up when testing 01959a1656 for
all configurations.
Change-Id: Iaab88c1910467282ae524861446283acddd9d977
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
In RESET_TO_BL31, the SPMC manifest base address that is utilized by
bl32_image_ep_info has to be statically defined as DT is not available.
Common arm code sets this to the top of SRAM using macros but it can be
different for some platforms. Hence, introduce the macro
PLAT_ARM_SPMC_MANIFEST_BASE that could be re-defined by platform as per
their use-case. Platforms that utilize arm_def.h would use the existing
value from arm common code.
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: I4491749ad2b5794e06c9bd11ff61e2e64f21a948
Move platform.mk inclusion in top level Makefile to permit a platform
specifying BRANCH_PROTECTION option.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I1f662f82cd949eedfdbb61b9f66de15c46fb3106
Similarly to BL1 and BL31, use EL3_PAS macro from xlat_tables header
(depends on ENABLE_RME) in BL2 to define MAP_BL2_TOTAL.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I59a3b297efd2eacd082a297de6b579b7c9052883
print ni-tower discovery tree to understand ni-tower hierarchy which
might be useful during debugging.
Change-Id: Ib49fef9c63f7740e04b4d8371c1083bd040f6e09
Signed-off-by: Jagdish Gediya <jagdish.gediya@arm.com>
Signed-off-by: Icen.Zeyada <Icen.Zeyada2@arm.com>
No longer hard code SHA-256 hashed dev rotpks, instead
use the algorithm given by HASH_ALG. This means that
we no longer need the plat_arm_configs (once the protpk and
swd_rotpk are also updated to use HASH_ALG).
The rot public key is now generated at build time, as is
the header for the key.
Also support some default 3k and 4k RSA keys.
Change-Id: I33538124aeb4fa7d67918d878d17f2a84d3a6756
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Mbed-TLS requires platforms to allocate it a heap for it's own internal
usage. This heap is typically between shared by BL1 and BL2 to conserve
memory.The base address and size of the heap are conveyed from BL1 to
BL2 through the config TB_FW_CONFIG.
This slightly awkward approach necessitates declaring a placeholder node
in the DTS. At runtime, this node is populated with the actual values of
the heap information. Instead, since this is dynamic information, and
simple to represent through C structures, transmit it to later stages
using the firmware handoff framework.
With this migration, remove references to TB_FW_CONFIG when firmware
handoff is enabled, as it is no longer needed. The setup code now relies
solely on TL structures to configure the TB firmware
Change-Id: Iff00dc742924a055b8bd304f15eec03ce3c6d1ef
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
The initialization logic for the secure transfer list is currently
scattered and duplicated across platform setup code. This not only leads
to inefficiency but also complicates access to transfer lists from other
parts of the code without invoking setup functions. For instance,
arm_bl2_setup_next_ep_info acts as a thin wrapper in arm_bl2_setup.c to
provide access to the secure transfer list.
To streamline the interface, all setup code has been consolidated into a
central location.
Change-Id: I99d2a567ff39df88baa57e7e08607fccb8af189c
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Fix dangling comments around define guards, addressing leftovers from
fe94a21a6 ("fix(arm): move HW_CONFIG relocation into BL31") which
implicitly removed constraints on using HW_CONFIG with RESET_TO_BL2.
Change-Id: I19d61812fed6fa4b668875e5bf4eafd1a8a660f6
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
The value assigned for the mbedtls heap size for large
rsa keys was too small when PSA_CRYPTO is set to 1,
leading to run-time failures if one was to attempt
to use a large RSA key with PSA_CRYPTO=1.
Change-Id: Id9b2648ae911879f483f1b88301f28694af0721d
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Change the name of these confs to be version agnostic,
we will later use these configs to enforce the mbedtls
minimum version
Change-Id: I1f665c2471877ecc833270c511749ff845046f10
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
For firmware handoff, ensure the device tree (dt) is loaded into memory
before setting the entry point arguments for the next bootloader stage.
This allows the dt to be found and its address passed as an argument.
Change-Id: Ifedd7c573e2d4f6d68c596907d9d6c6a3eded317
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
This patch disables trapping to EL3 when the FEAT_D128
specific registers are accessed by setting the SCR_EL3.D128En bit.
If FEAT_D128 is implemented, then FEAT_SYSREG128 is implemented.
With FEAT_SYSREG128 certain system registers are treated as 128-bit,
so we should be context saving and restoring 128-bits instead of 64-bit
when FEAT_D128 is enabled.
FEAT_SYSREG128 adds support for MRRS and MSRR instruction which
helps us to read write to 128-bit system register.
Refer to Arm Architecture Manual for further details.
Change the FVP platform to default to handling this as a dynamic option
so the right decision can be made by the code at runtime.
Change-Id: I1a53db5eac29e56c8fbdcd4961ede3abfcb2411a
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
This commit introduces BL31 to the RD-1 AE platform. The RD-1 AE
platform incorporates an SCP for CPU power control.
Additinaly introducing the memory descriptor provides BL image
information that gets used by BL2 to load the images
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Divin Raj <divin.raj@arm.com>
Change-Id: I035cbfd09f254aa47483ad35676f1cb3ffb661bd
Currently, the BL2 base overflow check asserts for all cases,
but this check is only necessary if not reset to BL2 case.
Therefore, adding a condition for this check.
Signed-off-by: Divin Raj <divin.raj@arm.com>
Change-Id: Ia129921d76bcd32058ea0767db0319e6724be8ab
This commit introduces a new ARM platform-specific build option called
`ARM_FW_CONFIG_LOAD_ENABLE`. This option enables the loading of the
`fw_config` device tree when resetting to the BL2 scenario.
Additionally, the FW_CONFIG image reference has been added to the
fdts/tbbr_cot_descriptors.dtsi file in order to use in the scenario of
RESET_TO_BL2.
Signed-off-by: Divin Raj <divin.raj@arm.com>
Change-Id: I11de497b7dbb1386ed84d939d6fd2a11856e9e1b
* changes:
feat(neoverse-rd): allow RESET_TO_BL31 for third gen platforms
feat(arm): setup GPT in BL31 in RESET_TO_BL31 boot flow
feat(neoverse-rd): enable RESET_TO_BL31 for RD-V3
feat(neoverse-rd): add a routine to update NT_FW_CONFIG in BL31
The Yocto team has requested that we do not use Poetry from within the
Makefile, as Yocto does not have network access during the build
process.
We want to maintain the current behaviour, so this change makes our use
of Poetry contigent on it being available in the environment.
Additionally, explicitly passing an empty toolchain parameter now allows
a tool to be *disabled* (e.g. passing `POETRY=` will prevent the build
system from trying to use Poetry).
Change-Id: Ibf552a3fee1eaadee767a1b948b559700083b401
Signed-off-by: Chris Kay <chris.kay@arm.com>
In the normal boot flow, BL2 sets up the Granule Protection Tables
(GPT). As BL2 is not a part of RESET_TO_BL31, BL31 needs to set up GPT
for CPUs supporting FEAT_RME.
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: I9ad16bd93ea9fbad422dd56e2ba1d600a30eea30
Make the process of compiling a TL from DT source flexible. Provide a
top level recipe to make it easier for developers to build a transfer
list. Clean up integration of TLC into the build system.
Change-Id: I4466e27a457dfd5bf709dc3a360a2b63bf6030ce
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
The default mbedTLS configuration enables hash algorithms based on
the HASH_ALG or MBOOT_EL_HASH_ALG selected. However, the Arm ROTPK
is always embedded as a SHA256 hash in BL1 and BL2. In the future,
we may need to adjust this to use the HASH_ALG algorithm for
embedding the ROTPK hash.
As a temporary workaround, a separate mbedTLS configuration has
been created for Arm platforms to explicitly set SHA256 defines,
rather than relying on the default configuration. This adjustment
is reflected in the mbedTLS configuration file for the TC platform
as well as in the PSA Crypto configuration file.
Change-Id: Ib3128ce7b0fb5c0858624ecbc998d456968beddf
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This change fixes several breakages that were introduced in some build
configurations by the introduction of the cot-dt2c tool.
Some Python environments cannot be managed directly via `pip`, and
invocations of `make`, including `make distclean`, would cause errors
along the lines of:
error: externally-managed-environment
× This environment is externally managed
╰─> To install Python packages system-wide, try apt install
python3-xyz, where xyz is the package you are trying to
install.
This change has been resolved by ensuring that calls to the cot-dt2c
tool from the build system happen exclusively through Poetry, which
automatically sets up a virtual environment that *can* be modified.
Some environments saw the following error when building platforms where
the cot-dt2c tool was used:
make: *** No rule to make target '<..>/debug/bl2_cot.c', needed
by '<..>/debug/bl2/bl2_cot.o'. Stop.
Additionally, environments with a more recent version of Python saw the
following error:
File "<...>/lib/python3.12/site-packages/cot_dt2c/cot_parser.py",
line 637, in img_to_c
if ifdef:
^^^^^
NameError: name 'ifdef' is not defined
Both of these errors have now been resolved by modifications to the
build system and the cot-dt2c tool to enable preprocessing of the device
tree source file before it is processed by the tool.
As a consequence of this change, the `pydevicetree` library is no longer
vendored into the repository tree, and we instead pull it in via a
dependency in Poetry.
This change also resolves several MyPy warnings and errors related to
missing type hints.
Change-Id: I72b2d01caca3fcb789d3fe2549f318a9c92d77d1
Signed-off-by: Chris Kay <chris.kay@arm.com>
Integrate the cot-dt2c tool into build process
for TBBR configuration
Change-Id: I42ccbc96c5c8fd21266200e427306a80236a78aa
Signed-off-by: Xialin Liu <Xialin.Liu@ARM.com>
Change the makefile to call the cot-dt2c tool
during the build for Arm platform
Change-Id: Idb7c02cca6b9ddd87f575a42c88e7b2660b896e0
Signed-off-by: Xialin Liu <Xialin.Liu@ARM.com>
Separate the bl1 and bl2 CoT into individual C files for the
upcoming tool, i.e. the CoT device tree-to-source file generator.
Change-Id: I0d24791991b3539c7aef9a562920dc62fecdc69a
Signed-off-by: Xialin Liu <Xialin.Liu@ARM.com>
NI-Tower's component's registers are need to be accessed from
kernel NI-PMU driver so enable NS access to it.
Change-Id: I83a8b3a1d2778baf767ff93263e246d127ef8114
Signed-off-by: Jagdish Gediya <jagdish.gediya@arm.com>
Signed-off-by: Leo Yan <leo.yan@arm.com>
Refactor DT relocation logic from BL2 to BL31 for non-secure DRAM.
Previously, BL2 was responsible for copying the DT into SRAM and DRAM,
resulting in duplicate code in BL31 to cater for the `RESET_TO_BL31`
case. By moving the re-location logic to BL31, we simplify handling of
the non-secure DT and TL.
Change-Id: Id239f9410669afe4b223fa8d8bb093084a0e5e1b
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Fix BL31 crashes caused by incorrect placement of firmware handoff code
within an assert. The function call has been removed from the assert to
ensure it’s executed even when assertions are disabled.
Change-Id: I668f5c08af33327e8ff0e22887c3da109bd6be31
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Fix the code related error message when user provides RESET_TO_BL31=1 to
the make command but fails to provide "ARM_PRELOADED_DTB_BASE" macro at
the same command line. Remove the line break from the error string
causing the code error.
Additionally, make doesn't parse quote marks in strings, thus remove
quote marks within error strings in this file.
Change-Id: Ic131b6febebfb420ed588fe4fb0853cbdae0afb8
Signed-off-by: Salman Nabi <salman.nabi@arm.com>
Add support for BL2 to get the Dualroot chain of trust description
through the Firmware Configuration Framework (FCONF). This makes it
possible to export the part of the Dualroot chain of trust enforced by
BL2 in BL2's configuration file (TB_FW_CONFIG DTB file). BL2 will parse
it when setting up the platform.
The feature can be enabled through the COT_DESC_IN_DTB=1 option. The
default behavior (COT_DESC_IN_DTB=0) remains to hard-code the Dualroot
CoT into BL2 images.
Change-Id: I3497b1daf14be09b5ce3a74d39df7551819255c2
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
There may be some valid configurations where a bootloader runs
before sp_min. In this case the bootloader may pass arguments through
the general purpose registers when passing control to sp_min causing
the assert to fail. Although sp_min may not use the content of the
registers requiring them to be zero seems unnecessary.
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Change-Id: I96fdc79626968830985bdd540f89e73b213de7d8
With commit af3e8e63b switching from Boot console to runtime console is
consolidated and been moved to just before exiting bl31 and removed from
platform runtime setup hooks.
For Arm platform's runtime hook has not removed switching of console
causing runtime console to be used for Runtime instrumentation logs
which is just before bl31 exit. Causing a CI sript fail as it expects
the logs on boot console.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ia3728d17635f993911099f9d6a6938e55f45de42
In the ARM recommended StateID Encoding, the index for the power
level where the calling core is last to go idle use the last niblle
of the StateId.
Even if this nibble is necessary for OS-initiated mode, it can be
used by caller even when this OSI mode is not used.
In arm_validate_power_state() function, the StateId is compared with
content of arm_pm_idle_states[] build with the arm_make_pwrstate_lvl2
macro, without Last in Level information. So it is safe to mask this
nibble for ARM platform in all the cases, and that avoids issues with
caller with use the same StateId encoding with OSI mode activated or
not (in tftf tests for example, the input(power state) parameter =
(0x40001022) and the associated power state is 0x40000022).
Change-Id: I45e8e2b8f526fb61b94cf134d7d4aa3bac4c215d
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Move pmf support to vendor-specific EL3 Monitor Service Calls. Remove
pmf call count as it's not supported in vendor-specific el3 as per
SMCCC Documentation 1.5:
https://developer.arm.com/documentation/den0028/latest
Add a deprecation notice to inform PMF is moved from arm-sip range to
vendor-specific EL3 range. PMF support from arm-sip range will be
removed and will not available after TF-A 2.12 release.
Change-Id: Ie1e14aa601d4fc3db352cd5621d842017a18e9ec
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Move debugfs to Vendor-Specific EL3 Monitor Service Calls.
Function Identifier for Vendor-Specific EL3 Monitor Service is '7' and
allocated subranges of Function identifiers to different services are:
0x87000000-0x8700FFFF-SMC32: Vendor-Specific EL3 Monitor Service Calls
0xC7000000-0xC700FFFF-SMC64: Vendor-Specific EL3 Monitor Service Calls
Amend Debugfs FID's to use this range and id.
Add a deprecation notice to inform debugfs moved from arm-sip range to
Vendor-Specific EL3 range. Debugfs support from arm-sip range will be
removed and will not be available after TF-A 2.12 release.
Reference to debugfs component level documentation:
https://trustedfirmware-a.readthedocs.io/en/latest/components/debugfs-design.html#overview
Change-Id: I97a50170178f361f70c95ed0049bc4e278de59d7
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
In this patch, we are trying to introduce the wrapper macro
CREATE_FEATURE_PRESENT to get the following capability and
align it for all the features:
-> is_feat_xx_present(): Does Hardware implement the feature.
-> uniformity in naming the function across multiple features.
-> improved readability
The is_feat_xx_present() is implemented to check if the hardware
implements the feature and does not take into account the
ENABLE_FEAT_XXX flag enabled/disabled in software.
- CREATE_FEATURE_PRESENT(name, idreg, shift, mask, idval)
The wrapper macro reduces the function to a single line and
creates the is_feat_xx_present function that checks the
id register based on the shift and mask values and compares
this against a determined idvalue.
Change-Id: I7b91d2c9c6fbe55f94c693aa1b2c50be54fb9ecc
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
When BL2 is enabled as the entrypoint in the reset vector, none of the
TL initialisation ordinarily performed in BL1 will have been done. This
change ensures that BL2 has a secure TL to pass information onto BL31
through.
Change-Id: I553b0b7aac9390cd6a2d63471b81ddc72cc40a60
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Leverage the framework between BL1 and BL2. Migrate all handoff
structures to the TL.
Change-Id: I79ff3a319596b5656184cde10b5204b10a4d03bb
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
