CTX_INCLUDE_EL2_REGS is used to save/restore EL2 registers and
it should be only used when there is SPMD or RME enabled.
Make CTX_INCLUDE_EL2_REGS an internal macro and remove
from documentation.
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Change-Id: I6a70edfd88163423ff0482de094601cf794246d6
This patch documents the actions taken by Hafnium SPMC in response
to non-secure and secure interrupts.
Change-Id: I97687f188ca97aeb255e3e5b55d44ddf5d66b6e0
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This patch documents the support for partition runtime models, call
chains and schedule modes in Hafnium SPMC.
Change-Id: I91d5718bb2c21d475499e402f6f27076930336cb
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
* changes:
docs: add top level section numbering
docs(build): clarify getting started section
docs(build): clarify docs building instructions
fix(docs): prevent a sphinx warning
fix(docs): prevent a virtual environment from failing a build
Top level sections are not numbered. Adding numbers makes referring to
sections easier. For example the Maintainers page changes from
"about/3.1" to simply "1.3.1".
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: If90a18ee8d6a6858d58f0687f31ea62b69399e04
S-EL0 partitions already support indirect messaging and notifications
so add that to supported features.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I08e04593653ba38a2b82395f6f2d3ca7b212d494
Add documentation to build and run TF-A with RMM,
Linux kernel and TFTF Realm Payload.
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Change-Id: I951b41a144aabe0fec16eb933d7f005a65f06fb2
Current RAS framework in TF-A only supports handling errors originating
from NS world but the HANDLE_EA_EL3_FIRST flag configures it for all
lower Els. To make the current design of RAS explicit, rename this macro
to HANDLE_EA_EL3_FIRST_NS and set EA bit in scr_el3 only when
switching to NS world.
Note: I am unaware of any platform which traps errors originating in
Secure world to EL3, if there is any such platform then it need to
be explicitly implemented in TF-A
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: If58eb201d8fa792c16325c85c26056e9b409b750
Added action in response to Non-secure interrupt attribute to the
partition manifest.
Change-Id: I1d4f85e58b2f1fea7230dffc6a4361f7fd65be15
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Add documentation how to build EL3 SPMC,
briefly describes all FF-A interfaces,
SP boot flow, SP Manifest, Power Management,
Boot Info Protocol, Runtime model and state
transition and Interrupt Handling.
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Change-Id: I630df1d50a4621b344a09e462563eacc90109de4
RAS_TRAP_LOWER_EL_ERR_ACCESS was used to prevent access to RAS error
record registers (RAS ERR* & RAS ERX*) from lower EL's in any security
state. To give more fine grain control per world basis re-purpose this
macro to RAS_TRAP_NS_ERR_REC_ACCESS, which will enable the trap only
if Error record registers are accessed from NS.
This will also help in future scenarios when RAS handling(in Firmware
first handling paradigm)can be offloaded to a secure partition.
This is first patch in series to refactor RAS framework in TF-A.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ifa7f60bc8c82c9960adf029001bc36c443016d5d
Return values contained in 'smc_result' structure
are shifted down by one register:
X1 written by RMM is returned to NS in X0 and
X5 is returned in X4.
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Change-Id: I92907ac3ff3bac8554643ae7c198a4a758c38cb3
Adds a dispatcher for ProvenCore based on the test secure payload
dispatcher.
Signed-off-by: Florian Lugou <florian.lugou@provenrun.com>
Change-Id: I978afc3af6a6f65791655685a7bc80070673c9f3
This patch adds documentation for the missing RMM-EL3
runtime services:
* RMM_RMI_REQ_COMPLETE
* RMM_GTSI_DELEGATE
* RMM_GTSI_UNDELEGATE
This patch also fixes a couple of minor bugs on return codes
for delegate/undelegate internal APIs.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: Ic721005e7851e838eebaee7865ba78fadc3309e4
This patch documents the RMM-EL3 Boot and runtime interfaces.
Note that for the runtime interfaces, some services are not
documented in this patch and will be added on a later doc patch.
These services are:
* RMMD_GTSI_DELEGATE
* RMMD_GTSI_UNDELEGATE
* RMMD_RMI_REQ_COMPLETE
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I8fcc89d91fe5a334c2f68c6bfd1fd672a8738b5c
- Add security state attribute to memory and device regions.
- Rename device region reg attribution to base-address aligned with
memory regions.
- Add pages-count field to device regions.
- Refresh interrupt attributes description in device regions.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I901f48d410edb8b10f65bb35398b80f18105e427
Updated following sections to document implementation of the FF-A boot
information protocol:
- Describing secure partitions.
- Secure Partition Packages.
- Passing boot data to the SP.
Also updated description of the manifest field 'gp-register-num'.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I5c856437b60cdf05566dd636a01207c9b9f42e61
This patch adds support for forwarding the following PSCI messages
received by the SPMC at EL3 to the S-EL1 SP if the SP has indicated
that it wishes to receive the appropriate message via its manifest.
1. A PSCI CPU_OFF message in response to a cpu hot unplug request
from the OS.
2. A message to indicate warm boot of a cpu in response to a cpu
hot plug request from the OS.
3. A PSCI CPU_SUSPEND message in response to a cpu idle event
initiated from the OS.
4. A message to indicate warm boot of a cpu from a shallow power
state in response to a cpu resume power event.
This patch also implements the FFA_SECONDARY_EP_REGISTER function to
enable the SP specify its secondary entrypoint.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I375d0655b2c6fc27445facc39213d1d0678557f4
Added a description for the newly introduced 'ns-load-address' property
in the dtb-registry node of FCONF.
Change-Id: Ief8e8a55a6363fd42b23491d000b097b0c48453b
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
With the transition to mailman3, the URLs of TF-A and TF-A Tests
mailing lists have changed. However, we still refer to the old
location, which are now dead links.
Update all relevant links throughout the documentation.
There is one link referring to a specific thread on the TF-A mailing
list in the SPM documentation, for which I had to make a guess as to
what's the equivalent mailman3 URL. The old URL scheme indicates that
the thread dates from February 2020 but beyond that, I could not make
sense of the thread id within the old URL so I picked the most likely
match amongst the 3 emails posted on the subject in this time period.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Reported-by: Kuohong Wang <kuohong.wang@mediatek.com>
Change-Id: I83f4843afd1dd46f885df225931d8458152dbb58
Introduce build flag for enabling the secure partition
manager core, SPMC_AT_EL3. When enabled, the SPMC module
will be included into the BL31 image. By default the
flag is disabled.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I5ea1b953e5880a07ffc91c4dea876a375850cf2a
Following updates done
- Clarification on building Hafnium
- New test suite "Invalid memory access"
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I04a934a648d53a860f06cd6cf3776ee534675bd9
Extract the UUID from the SP layout JSON file if the optional 'uuid'
field exists otherwise fall back to the current method for extracting
the SP UUID from the partition manifest file.
This change gives a way to decouple TF-A's dependency on the SP
manifest file's format which is tied to the SPMC.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I13af066c1de58bfb9c3fd470ee137ea0275cd98c
Document `boot-order` field from FF-A partitions manifest, in accordance
to Hafnium's (SPM) implementation.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I9fd070100ee52e0d465d2cce830cc91d78bddfc0
- Overview of FF-A v1.1 notifications feature, and list of all
the new related interface.
- FFA_RXTX_UNMAP now implemented, so provided description.
- FF-A v1.1 interfaces documented: FFA_SPM_ID_GET and
FFA_SECONDARY_EP_REGISTER.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: If40b4d2b2473f81ecfb2ddbf14852c3f10682867
As spm_mm cannot handle SVE/SME usage in NS world so its better to give
compilation error when ENABLE_SVE_FOR_NS=1 or ENABLE_SME_FOR_NS=1.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I69dbb272ca681bb020501342008eda20d4c0b096
This patch expands the RME documentation with description of TF-A
changes for RME. It also modifies some other parts of TF-A documentation
to account for RME changes.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I9e6feeee235f0ba4b767d239f15840f1e0c540bb
This patch adds some documentation for the GPT library as well as adds
code owners for it.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: If1cd79626eadb27e1024d731b26ee2e20af74a66
This patch adds a brief description of S-EL0 partition support in the
SPMC using ARMv8.1 FEAT_VHE.
Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>
Change-Id: Ie079265476604f62d5f2a66684f01341000969d0
MPMM - the Maximum Power Mitigation Mechanism - is an optional
microarchitectural feature present on some Armv9-A cores, introduced
with the Cortex-X2, Cortex-A710 and Cortex-A510 cores.
MPMM allows the SoC firmware to detect and limit high activity events
to assist in SoC processor power domain dynamic power budgeting and
limit the triggering of whole-rail (i.e. clock chopping) responses to
overcurrent conditions.
This feature is enabled via the `ENABLE_MPMM` build option.
Configuration can be done via FCONF by enabling `ENABLE_MPMM_FCONF`, or
by via the plaform-implemented `plat_mpmm_topology` function.
Change-Id: I77da82808ad4744ece8263f0bf215c5a091c3167
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change makes AMU auxiliary counters configurable on a per-core
basis, controlled by `ENABLE_AMU_AUXILIARY_COUNTERS`.
Auxiliary counters can be described via the `HW_CONFIG` device tree if
the `ENABLE_AMU_FCONF` build option is enabled, or the platform must
otherwise implement the `plat_amu_topology` function.
A new phandle property for `cpu` nodes (`amu`) has been introduced to
the `HW_CONFIG` specification to allow CPUs to describe the view of
their own AMU:
```
cpu0: cpu@0 {
...
amu = <&cpu0_amu>;
};
```
Multiple cores may share an `amu` handle if they implement the
same set of auxiliary counters.
AMU counters are described for one or more AMUs through the use of a new
`amus` node:
```
amus {
cpu0_amu: amu-0 {
#address-cells = <1>;
#size-cells = <0>;
counter@0 {
reg = <0>;
enable-at-el3;
};
counter@n {
reg = <n>;
...
};
};
};
```
This structure describes the **auxiliary** (group 1) AMU counters.
Architected counters have architecturally-defined behaviour, and as
such do not require DTB entries.
These `counter` nodes support two properties:
- The `reg` property represents the counter register index.
- The presence of the `enable-at-el3` property determines whether
the firmware should enable the counter prior to exiting EL3.
Change-Id: Ie43aee010518c5725a3b338a4899b0857caf4c28
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change adds some documentation on the AMU and its purpose. This is
expanded on in later patches.
Change-Id: If2834676790938d8da5ea2ceba37b674f6cc0f01
Signed-off-by: Chris Kay <chris.kay@arm.com>
Making tb_fw_config ready to pass the Event Log base address
and size information to BL2.
Change-Id: I5dd0e79007e3848b5d6d0e69275a46c2e9807a98
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
