TZC is being replaced by MSF module on TC3. For fixing boot failure on
TC3, don't enable TZC module on the TC3 platform.
Change-Id: I4434cb28bf523be8dd882f5f8799223642822ee2
Signed-off-by: Tintu Thomas <tintu.thomas@arm.com>
Signed-off-by: Leo Yan <leo.yan@arm.com>
The target_locality attribute is meant to specify that
a certain SW component is expected to run and thereby
send DPE commands from a given security domain. The DPE
service must be capable of determining the locality of
a client on his own. RSE determines the client's locality
based on the MHU channel used for communication.
If the expected locality (specified by the parent component)
is not matching with the determined locality by DPE
service then command fails.
The goal is to protect against spoofing when a
context_handle is stolen and used by a component
that should not have access.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I96d255de231611cfed10eef4335a47b91c2c94de
The new name is more generic. The goal to add here
all platform dependent defines / data / config which
is DPE related.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I5b521932c45d8a9c43ea2344dde83c210801cfee
Add TC specific stubs for both soc_css_init_nic400 and
soc_css_init_pcie. We do not require any initialisation of these
components for TC platforms.
Change-Id: If0129acd1050a56878cb9c3041a033192c88da57
Signed-off-by: Jackson Cooper-Driver <jackson.cooper-driver@arm.com>
Signed-off-by: Leo Yan <leo.yan@arm.com>
Fix the code related error message when user provides RESET_TO_BL31=1 to
the make command but fails to provide "ARM_PRELOADED_DTB_BASE" macro at
the same command line. Remove the line break from the error string
causing the code error.
Additionally, make doesn't parse quote marks in strings, thus remove
quote marks within error strings in this file.
Change-Id: Ic131b6febebfb420ed588fe4fb0853cbdae0afb8
Signed-off-by: Salman Nabi <salman.nabi@arm.com>
Newer cores implemented in the FPGAs used by Arm Ltd. support more
ARMv9 features.
Enable TCR2, MTE, MTE2, SME and SME2 as "enable if available" (:=2), so
any users of those features in lower ELs will not trigger a trap into
BL31.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: Id99ecb7c5d6a25b77f7cc5fcad63f60027a4fd5a
The Arm FPGA platform builds a final AXF file, which is an ELF file
containing some required trampolines and binaries, like the DTB. This is
more a "container with load addresses" than an object or executable
file, but it's still built with the linker tool.
Commit acf0076ae2 ("build(fpga): correctly handle gcc as linker for
LTO") pulled in ${TF_LDFLAGS} when building this AXF file, which
includes "--gc-sections". That strips the kernel trampoline off that
file, making the board hang when the kernel is loaded at 0x80200000
(the recommended load address for "newer" kernels).
Drop the usage of TF_LDFLAGS altogether, since we need none of the
options specified there for our special linker step. Instead collect
the needed options (like -nostdlib) in a separate variable, and just
account for the slight syntax differences between GCC and clang.
"--strip-debug" turns out to be redundant, since "-s" already strips
more symbols, so remove that from the list.
Change-Id: I1349d58fa93973ba3add8cab2272259abdea84e0
Fixes: acf0076ae2 ("build(fpga): correctly handle gcc as linker for LTO")
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The device memory described in the SP manifest has to be described in
the SPMC manifest as well. In this case, OP-TEE includes this UART
device in its SP manifest. Hence, this commit adds it in the SPMC
manifest.
Change-Id: I0f84d7b105c072dd021f0f2d215adf6bcdf5f98f
Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
Signed-off-by: Leo Yan <leo.yan@arm.com>
This changeset adds the multicore support for the Corstone-1000 FVP.
It adds the PSCI CPU_ON and CPU_ON_FINISH power domain functionalities
for the secondary cores.
Change-Id: Ie66b3dc43abadec88323999052357e2a9cdfd950
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
In [1], the example CCA platform token has been updated to fix a small
problem with the description of one of the software components, and to
provide a more realistic breakdown of the expected components in the CCA
TCB.
This change replaces the static CCA platform token in the Total Compute
platform.
[1] https://review.trustedfirmware.org/c/TF-M/tf-m-tools/+/28493
Change-Id: I792e693cc994fc1e856f713fd97bac4930b28e1e
Signed-off-by: Thomas Fossati <thomas.fossati@linaro.org>
Most newer CPU's have DSU and CPU power control core-off bit which
means before turning off CPUs from base power controller we need to
turn individual cores off from CPU Power control.
However there are certain older CPU's that don't have DSU and
don't support CPUPWRCTRL_EL1, so populate them as a list
and ignore setting core-off bit for those older CPU's as all newer
CPU's have them.
Note: unfortunately there is no mechanism to identify if a DSU is
present and CPUPWRCTRL_EL1 is supported through any CPU control
registers and CPUPWRCTRL_EL1 is supported only for ARM64 platforms
and not available in ARM32 platforms.
Change-Id: Iba6c3c8db60dbeb177cead7ebc65df8265860da7
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
This change introduces a few helper variables for dealing with verbose
and silent build modes: `silent`, `verbose`, `q` and `s`.
The `silent` and `verbose` variables are boolean values determining
whether the build system has been configured to run silently or
verbosely respectively (i.e. with `--silent` or `V=1`).
These two modes cannot be used together - if `silent` is truthy then
`verbose` is always falsy. As such:
make --silent V=1
... results in a silent build.
In addition to these boolean variables, we also introduce two new
variables - `s` and `q` - for use in rule recipes to conditionally
suppress the output of commands.
When building silently, `s` expands to a value which disables the
command that follows, and `q` expands to a value which supppresses
echoing of the command:
$(s)echo 'This command is neither echoed nor executed'
$(q)echo 'This command is executed but not echoed'
When building verbosely, `s` expands to a value which disables the
command that follows, and `q` expands to nothing:
$(s)echo 'This command is neither echoed nor executed'
$(q)echo 'This command is executed and echoed'
In all other cases, both `s` and `q` expand to a value which suppresses
echoing of the command that follows:
$(s)echo 'This command is executed but not echoed'
$(q)echo 'This command is executed but not echoed'
The `s` variable is predominantly useful for `echo` commands, where you
always want to suppress echoing of the command itself, whilst `q` is
more useful for all other commands.
Change-Id: I8d8ff6ed714d3cb401946c52955887ed7dca602b
Signed-off-by: Chris Kay <chris.kay@arm.com>
Improve the restart handling of DPE. In the case of a restart
scenario where only that core is restarted which executes
the DPE client, but the core executes the DPE service
remains up and running. In this case, client needs to save
a valid context handle to be able to send commands again
to the DPE service during the new boot sequence.
BL1 saves a valid parent context handle to SDS
before passing the execution to BL2. This handle
can be used in case of a restart scenario when AP
is restarted but RSE is not. Because in that case
RSE does not save an initial context handle to SDS,
which meant to be used by AP during the boot process.
By then the very first initial context handle is
invalidated because it was already used in the
previous boot cycle by BL1.
BL2 does not need to do this, because the cold
boot starts with BL1.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Id14eefd2ec758f89f672af176e4f5386a397fa35
SCP_BL2 is part of CCA's TCB. The SCP_BL1 is loaded
by RSE. It has already added to the platform
attestation token. SCP_BL2 was missed, so it is
fixed now.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ic87743564136f03a901c90ff1ec614f5965b9a47
RD-Fremont platforms include Runtime Security Engine (RSE) as the
hardware crypto module. Add rse_measured_boot driver based platform
hooks to measure and record firmware image measurements.
Additionally, add support for measured boot at BL1 and BL2 boot stages
on RD-Fremont platforms. The patch adds the RSE measured boot metadata
that includes firmware image IDs, measurement slot number and other
information. It also initializes the AP communication with RSE over
AP-RSE root MHUv3 channel to pass firmware image measurements to RSE to
support extended measurements.
Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: Ia1b0bf673e865b31862cb8af79c4c71a5ba4dbea
Arm reference design FVP platforms such as RD-Fremont do not implement
the CCA_FW_NVCOUNTER. Update firmware such that the implementation will
return TRUSTED_FW_NVCOUNTER when the caller requests the CCA NV counter.
This allows the platforms to use the CCA CoT on FVP platforms.
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: Ifab724fae63857056b3eeb44eeefc15c4c610eed
Use the delegated attestation driver to fetch platform attestation token
and Realm attestation key from RSE over the AP-RSE comms interface.
Signed-off-by: Rohit Mathew <Rohit.Mathew@arm.com>
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: Id0cfd82ef79598cd8368ba017c145bf34d502e65
Define platform specific API to fetch base address for secure or root
MHUv3 between AP-RSE invoke rse-comms driver initialization bl31
platform setup stage.
Signed-off-by: Rohit Mathew <Rohit.Mathew@arm.com>
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: Id79bcdb2fda6cdf394f4e02f67d1c1a44d5ddf23
Add a helper function to initialize rse_comms on RD-Fremont platforms
with AP-RSE MHUv3 postbox and mailbox register frames.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: Ic390517a8810df195a2582793b81afdbff5ffa15
Define and use a new scmi_channel_plat_info_t structure specific to
third generation Neoverse platforms in order to use MHUv3 doorbell
channels. The structure uses the existing mhu_ring_doorbell method for
ring_doorbell implementation.
Signed-off-by: Shriram K <shriram.k@arm.com>
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: Icf3be5305df94ba944038a4d4fdf0ccf32168650
GPC SMMU does granule protection checks (GPC) for accesses originating
from the system control block and GIC on RD-Fremont platforms. The GPC
check on this is disabled by the boot firmware. Configure the GPC SMMU
to enable GPC.
The transactions on GPC SMMU should be allowed during boot stages so
don't perform smmuv3_security_init() for this SMMU instance.
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: I3400c57fe264582a45c6a26f9dae8c669e8a8047
SMMUv3 with RME on RD-Fremont platform variants supports Root and Realm
register pages. The page offset for Root and Realm register pages is a
platform configurable option. Update the Root registers page offset for
RD-Fremont platform variants.
Signed-off-by: Rohit Mathew <Rohit.Mathew@arm.com>
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: Ib3df7d7b9e54219d49b4d77a1fc5846096f1c78c
MTE2 is an optional feature that could be part of platforms based on Arm
V8.5 or above. If this feature is implemented on the platform, lower ELs
could potentially access the feature registers leading to EL3 traps.
Therefore, set MTE2 build option to '2' to enable the feature only if
its implemented on the platform.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: Idc04b7f3851a2481e4c6bea426a3f09be145b899
Enable SVE support for non secure and secure worlds for RD-Fremont
variants.
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: Idcb309d031a1e10740dd365bb65570f8d2ce3a05
Set build-option ENABLE_FEAT_AMU to 2 so that AMU is enabled if the
feature is implemented on the platform. This would ensure that lower ELs
could access system registers relevant to AMU registers without causing
a trap to EL3.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I567ac9b0d76b613593d37ea45b4955b423ff5e6c
Set build-option ENABLE_FEAT_MPAM to 2 so that access to MPAM related
registers from lower ELs don't trap to EL3.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I4c5753c415461e5ffc79e371ae00cc6e6dd087f9
RD-Fremont-Cfg2 supports 8 DRAM banks compared to RD-Fremont and
RD-Fremont-Cfg1, which only support 2. So add PAS entries for
all the DRAM banks in the PAS table for RD-Fremont-Cfg2, ensuring proper
access controls to these regions.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: Ib09b44569ea088f35529a1c983d3db727d86e262
Since GPT setup has been delegated to the platform, add an
implementation for plat_bl2_gpt_setup in accordance with the
specification for RD-Fremont variants.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I1ff47249ce304f1c188850282d92c64cae463383
This update incorporates essential device tree (DTS) files for
RD-Fremont variants. The inclusion covers DTS for platform and config
ID, NT_FW_CONFIG, and TB_FW_CONFIG, enhancing device tree support for
RD-Fremont within the project.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: Ibf898f963d971fe9b07cfa518244c47a8aced81e
Add board support for RD-Fremont-Cfg2 platform, which is a quad chip
variant of RD-Fremont. Each chip has reduced core count of four CPUs as
compared to single chip RD-Fremont platform.
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I9b79f0eef210afecaa15e381414479027617e44a
Add the required source and header files to support RD-Fremont-Cfg1,
which is a variant of RD-Fremont. RD-Fremont-Cfg1 hosts a smaller mesh
and lower number of cores when compared with RD-Fremont.
Signed-off-by: Shriram K <shriram.k@arm.com>
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I720b0e76174123c8aab64b39e9468b28614607b9
Add the required source and header files to support RD-Fremont.
Additionally, create a makefile for building the platform.
Co-developed-by: Harry Moulton <harry.moulton@arm.com>
Signed-off-by: Harry Moulton <harry.moulton@arm.com>
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I03b6913b08d488c86a5f4638ef6cd8b0f5c43a9a
RD-Fremont-Cfg2, the quad-chip variant of RD-Fremont supports 8 DRAM
banks compared to RD-Fremont and RD-Fremont-Cfg1, which only support 2.
Therefore, define PAS entry mappings for all the DRAM banks, so that
they could be utilized on the multichip variant.
Signed-off-by: Rohit Mathew <Rohit.Mathew@arm.com>
Change-Id: Ief235581c0066a95528235b9821646f864e14d3a
Since the GPT setup is now delegated to the platform, each platform
needs to include PAS definitions according to its specifications. This
commit adds PAS definitions specifically tailored for RD-Fremont
variants.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I1a23029a74401fb1faa70bb6c2e66093ed08c45a
Given the differences in memory map of the third generation reference
design platforms, it is necessary to move away from the common DRAM
layout present as part of arm_def.h. Therefore, introduce definitions
and necessary carveouts within DRAM to define a new DRAM layout for
these platforms.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I79af066f41259f147febdc3c00447db5be995799
Given the differences in memory map and additional RME requirements for
the V3 CPU based platforms, it is necessary to move away from the common
SRAM layout present as part of arm_def.h. Therefore, introduce
definitions and necessary carveouts within SRAM to define a new SRAM
layout for these platforms.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I2d0ef65abde66da7523dd9e09036c7803978570c
Add firmware definitions for the third generation of platforms. The
following files are added -
- nrd_css_fw_def3.h: for CSS firmware definitions
- nrd_ros_fw_def3.h : for RoS firmware definitions
- nrd_plat_arm_def3.h: for platform port macros
All the common files for these platforms are housed under nrd3
directory.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I085d609cfe1686d28d1c467fb34d45af47e00eb6
Add RoS definitions for third generation of platforms. Common
definitions for such platforms would be housed in the nrd3 directory
under includes.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I2062c71676f27b4d17a3069b955565670f62a76c
Add CSS definitions for the third generation of reference design
platforms. Common definitions for such platforms would be housed in the
nrd3 directory under includes.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: Id271ebdf5dcc1d7b598606c313208ab85662795d
Add an explicit entry for HW_CONFIG in the BL2 CoT file for the Juno
platform, as the HW_CONFIG node has been removed from the common CoT
file.
Change-Id: I8a1a22dd1023895cfc5730101fad20a80390ce17
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Add support for BL2 to get the Dualroot chain of trust description
through the Firmware Configuration Framework (FCONF). This makes it
possible to export the part of the Dualroot chain of trust enforced by
BL2 in BL2's configuration file (TB_FW_CONFIG DTB file). BL2 will parse
it when setting up the platform.
The feature can be enabled through the COT_DESC_IN_DTB=1 option. The
default behavior (COT_DESC_IN_DTB=0) remains to hard-code the Dualroot
CoT into BL2 images.
Change-Id: I3497b1daf14be09b5ce3a74d39df7551819255c2
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Adding support for Dualroot CoT in DTB. This makes it possible for BL2
to retrieve its chain of trust description from a configuration file in
DTB format. With this, the CoT description may be updated without
rebuilding BL2 image.
This feature can be enabled by building BL2 with COT_DESC_IN_DTB=1 and
COT=dualroot. The default behavior remains to embed the CoT description
into BL2 image.
Change-Id: I343931b145aa8a53b0a5d4b8aefb273ffb5a9163
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
The usage for SMMU-700 is not consistent across TC platforms:
SMMU-700 on TC2:
| FVP | FPGA
--------+-------+------
Display | Used | Used
GPU | Used | Used
SMMU-700 on TC3:
| FVP | FPGA
--------+-------+------
Display | No | No
GPU | Used | No
This commit changes to use append mode for SMMU-700 to bind it on TC2
and TC3 separately. As a result, the TC_IOMMU_EN configuration is not
used, remove it.
Change-Id: Ic4152eb4c8ef97bf27b8a97c3c6cb86e32a2e8eb
Signed-off-by: Leo Yan <leo.yan@arm.com>
SLC WRALLOCMODE and RDALLOCMODE are configured by default to 0b01
(always alloc), configure both to mode 0b10 (use bus signal attribute
from interface).
Change-Id: Ic8cd3ee988dd0772cfb9b639dea0cc335ab70539
Signed-off-by: Jagdish Gediya <jagdish.gediya@arm.com>
Signed-off-by: Leo Yan <leo.yan@arm.com>
TC3 has 4 MCN instances, each of them have PMU registers to count
different MCN cache access events, add entries for MCN PMU so that Linux
MCN PMU perf driver can be used with perf.
Change-Id: I7e0ac5025231c3f19d5291292d4cae186accc544
Signed-off-by: Jagdish Gediya <jagdish.gediya@arm.com>
Signed-off-by: Leo Yan <leo.yan@arm.com>
MCN PMU counters are by default non-accesible from non-secure world, so
enable the non-secure access to those PMU counters so that linux perf
driver can read them. FVP has a different address space size.
Change-Id: I2a3758faca5f7cab6d3146a1beb7b289eec0294d
Signed-off-by: Jagdish Gediya <jagdish.gediya@arm.com>
Signed-off-by: Leo Yan <leo.yan@arm.com>
Tintu Thomas
Tamas Ban
Jackson Cooper-Driver
Salman Nabi
Andre Przywara
Davidson K
Harsimran Singh Tungal
Thomas Fossati
Govindraj Raja
Chris Kay
Sayanta Pattanayak
Pranav Madhu
Vivek Gautam
Rohit Mathew
Shriram K
Vijayenthiran Subramaniam
Manish V Badarkhe
laurenw-arm
Leo Yan
Jagdish Gediya