Coverity Issue detail:
underrun-local: Underrunning array bin[i].cl[k].caslat
at element index -1 (byte offset -1)
using index j (which evaluates to -1).
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I1ec4833bbd5db1ac51436eac606484eefc4338ee
In function "desc_length", LSB byte of the first word of the
descriptor will be anded with 0x7F, to get the number of words
constructing the descriptor.
LSB byte of the first word of the descriptor is auto-incremented
with each add_word used while constructing the descriptor.
But if function "desc_add_word" is called more than
MAX_DESC_SIZE_WORDS times, then only the function "desc_length",
can return number of words greater than MAX_DESC_SIZE_WORDS.
This is the condition when core can overwrite the out of bound
memory.
Hence, the following fix is needed:
- Before adding any new word to the descriptor, a check for
max word length needs to be added, into these functions:
"desc_add_word" & "desc_add_ptr".
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: If896cd2e02ecde72fb09c5147119dec4f2f84bc3
Fixed the following coverity issues:
Using uninitialized value cmd_id1, cmd_id2.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I8cd430ec015fc617521db455a6ffe16b33f42b78
Updated the event log driver's function to accept metadata as an
argument, to remove the platform function usage from the event log
driver to make it a standalone driver.
Change-Id: I512cf693d51dc3c0b9d2c1bfde4f89414e273049
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Setting 2MB shared memory and following 64MB secure memory.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Ia992d21f205d305a6fff92fc11435634ce7c9d21
Timing CFG 0 and Timing CFG 4 are ddr controller registers that
have been affected by 1d phy training during cold boot. They are
needed to be stored and restored along with phy training values.
Signed-off-by: Maninder Singh <maninder.singh_1@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I29c55256e74456515aaeb098e2e0e3475697a466
we need to apply the value of CDD write to write for the write to
read CDD delay calculations. Since the current implementation always
provide a negative value of CDDwr so a value of zero was selected.
Signed-off-by: Maninder Singh <maninder.singh_1@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I6829997d2ea6ba6cddaaab8332b82b8c66752d7e
The code managing legacy boot (without FIP) that was under
STM32MP_USE_STM32IMAGE flag is remove.
Change-Id: I04452453ed84567b0de39e900594a81526562259
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Remove deprecated authentication mode to use the FIP authentication
based on TBBR requirements. It will use the new crypto library.
Change-Id: I95c7baa64ba42c370ae136f59781f2a7a4c7f507
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Correct the warning due to comparison between signed and
unsigned variable.
drivers/auth/mbedtls/mbedtls_x509_parser.c: In function 'get_ext':
drivers/auth/mbedtls/mbedtls_x509_parser.c:120:30:
error: comparison of integer expressions of different
signedness: 'int' and 'size_t' {aka 'unsigned int'}
[-Werror=sign-compare]
120 | if ((oid_len == strlen(oid_str)) && !strcmp(oid, oid_str)) {
| ^~
Change-Id: Ic12527f5f92a34e925bee3047c168eacf5e99d8a
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
In some platform the digest of the public key saved in the OTP is not
the digest of the exact same public key buffer needed to check the
signature. Typically, platform checks signature using the DER ROTPK
whereas some others add some related information. Add a new platform
weak function to transform the public key buffer used by
verify_signature to a platform specific public key.
Mark this new weak function as deprecated as it will be replaced
by another framework implementation.
Change-Id: I71017b41e3eca9398cededf317ad97e9b511be5f
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Remove unused mode for HASH driver. The driver will only be
used in BL2 scope.
Change-Id: I1fce09cdaa9da0c11554ac5f73433b4bee776011
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
This driver manages the STM32 Random Number Generator
peripheral.
Change-Id: I4403ebb2dbdaa8df993a4413f1ef48eeba00427c
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Add code to be able to use STMicroelectronics SAES IP. This driver
can manage many AES algorithms (CBC, ECB, CCM, GCM). It will be used
by the authenticated decryption framework (AES-GCM only).
Change-Id: Ibd4030719fb12877dcecd5d2c395d13b4b15c260
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Add code to be able to use STMicroelectronics PKA peripheral
in the authentication framework.
Change-Id: Ifeafe84c68db483cd18674f2280576cc065f92ee
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Introduce new flag to manage hardware version.
STM32MP15 currently uses the HASH_V2 and STM32MP13 uses the HASH_V4.
For STM32_HASH_V4: remove MD5 algorithm (no more supported) and
add SHA384 and SHA512.
For STM32_HASH_V2: no change.
Change-Id: I3a9ae9e38249a2421c657232cb0877004d04dae1
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
When spi_id_max is 5119, the expression `(spi_id_max - 4096U + 1U >> 5)`
evaluates to 32 leading to undefined behavior when using it to left
shift 1. Fix this undefined behavior.
Reported-by coverity scan:
https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/RMB4U7COL6IONZWEGF2FWXOQ6FPDIT4U/
```
large_shift: In expression 1 << (spi_id_max - 4096U + 1U >> 5), left
shifting by more than 31 bits has undefined behavior. The shift
amount, spi_id_max - 4096U + 1U >> 5, is as much as 32.
```
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I5e77a78b81a6d0367875e7ea432a82b6ba0e587c
Platform must define the maximum size of the message
over MHU.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I91a6c132c946f4465178910b8ea83544f562e837
Without setting the correct size of sw_type the metadata won't
be propagated to RSS through rss_measured_boot_extend_measurement()
API.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I4066d4762689c96ac2ac8e8b8db5d2b1f108b550
Adding PLAT_* prefix to indicate that the
platform needs to provide this definition.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I0bd02be405fd8b1e625bd2b82647ebb2b58265fc
Clear the MHU message buffer to remove assets from memory.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I730e7b044eaf0bf517532a12146e4f542949544e
Remove an assert, which checks whether output buffer is
provided, because in measured boot there is no output.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I08db9c2eea1da2d7120c9872ffbf8d8ee45c8e08
Reorganized a few Event Log functions into multiple functions so that
they can be used for the upcoming DRTM feature. This change mainly
implements below new functions -
1. event_log_buf_init - called by 'event_log_init' to initialise Event
Log buffer
2. event_log_write_specid_event - called by 'event_log_fixed_header' to
write specification id event to Event Log buffer
3. event_log_measure and event_log_record - called by
'event_log_measure_and_record' to measure and record the measurement
to the Event Log buffer
Change-Id: I1aabb57f79bead726fcf36d59839702cd6a3521d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Updated mbedTLS driver to include mbedTLS functions necessary for a
DRTM supported build.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: If0120374a971519cf84f93e0c59e1a320a72cd97
Updated crypto module to include crypto calls necessary for a
DRTM supported build.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I4f945997824393f46864b7fb7fd380308a025452
The Arm(R) Ethos(TM)-N NPU driver now supports configuring the SMMU
streams that the NPU shall use and will therefore no longer delegate
access to these registers to the non-secure world. In order for the
driver to support this, the device tree parsing has been updated to
support parsing the allocators used by the NPU and what SMMU stream that
is associated with each allocator.
To keep track of what NPU device each allocator is associated with, the
resulting config from the device tree parsing will now group the NPU
cores and allocators into their respective NPU device.
The SMC API has been changed to allow the caller to specify what
allocator the NPU shall be configured to use and the API version has
been bumped to indicate this change.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I6ac43819133138614e3f55a014e93466fe3d5277
Moving putchar() out of libc and adding a weak dummy
implementation in libc.
This is to remove libc's dependencies to the platform
driver.
Signed-off-by: Claus Pedersen <claustbp@google.com>
Change-Id: Ib7fefaec0babb783def614ea23521f482fa4a28a
Provide a new makefile as a convenience for platform makefiles to pull
in the list of source files and headers for the RSS communication
driver.
Change-Id: I188a1a8f4e77318cdc87c3155b280090c46ce813
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Unit Attention Condition (UAC) gets set on a warm reset. Sending any
command (other than INQUIRY and REPORT LUNs) clears UAC, so its good to
add some retries when UAC is encountered
Signed-off-by: Anand Saminathan <anans@google.com>
Change-Id: Ia03b916d68565d0f3d25086b7f6d8c51d557b64f
The current comms protocol (where arguments and return data is embedded
into the MHU message) is now protocol v0. Protocol v1 embeds pointers
into the message, and has the RSS retrieve the data via DMA.
Change-Id: I08d7f09c4eaea673769fde9eee194447a99f1b78
Signed-off-by: Raef Coles <raef.coles@arm.com>
If the flag STM32MP_RECONFIGURE_CONSOLE is set in BL32, the UART init
should be skipped if the UART clock is set to zero. This will be used
when configuring the default console, after an early console has been
configured.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Icbc640c7bdd6342f9c3ec1586a0d0c64127b18b8
Add the pincontrol configuration and clock enable in UART driver
with information found in the device tree.
This patch avoids an issue on STM32MP13x platform because the UART
configuration is reset by the ROM code for UART serial boot
(STM32MP_UART_PROGRAMMER=1).
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I575fd0e1026b857059abcfd4a3166eb3a239e1fd
Move the definition of DT_UART_COMPAT in stm32mp1_def.h to be used
in several files.
Change-Id: I74d0350bcd971df9b15697f2b9ec04061d6a7656
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
The parameter over_sampling of stm32_uart_init_s is not required
as it can be computed dynamically from clock rate of the serial
device and the requested baudrate.
Oversampling by 8 is allowed only for higher speed
(up to clock_rate / 8) to reduce the maximum receiver tolerance
to clock deviation.
This patch update the driver, the serial init struct and the
only user, the stm32cubeprogrammer over uart support.
Change-Id: I422731089730a288defeb7fa49886db65d0902b2
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
- Removing platform dependencies from libc modules.
- Replacing panicking with actual error handling.
- Debug macros are included indirectly from assert.h. Removing
"platform_def.h" from assert.h and adding "common/debug.h"
where the macros are used.
- Removing hack for fixing PLAT_LOG_LEVEL_ASSERT to 40.
Instead removing assert with expression, as this
does not provide additional information.
Signed-off-by: Claus Pedersen <claustbp@google.com>
Change-Id: Icc201ea7b63c1277e423c1cfd13fd6816c2bc568
To initiate a reset or reboot, the nonsecure OS invokes the PSCI
SYSTEM_RESET function from any one core. As per the PSCI specification,
it is the responsibility of firmware to implement the system view of
the reset or reboot operation. For the platforms supported by CSS,
trigger the reset/reboot operation by sending an SGI to rest all CPUs
which are online. The CPUs respond to this interrupt by initiating its
powerdown sequence.
In addition to these changes, fix coding style issues that are not
directly related to the code being introduced in this patch.
Change-Id: I547253ee28ef7eefa78180d016893671a406bbfa
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
Before issuing the system power down command, set the trusted mailbox
to 0. This will ensure that in the case of a warm/cold reset, the
primary CPU executes from the cold boot sequence, clearing any stale
jump address at this location.
Change-Id: I491ef5baf7a6728acd7e90e4558939ba77b8f9bf
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
This patch adds two helper functions:
- plat_ic_raise_ns_sgi to raise a NS SGI
- plat_ic_raise_s_el1_sgi to raise a S-EL1 SGI
Signed-off-by: Florian Lugou <florian.lugou@provenrun.com>
Change-Id: I6f262dd1da1d77fec3f850eb74189e726b8e24da
The boot partition size of an eMMC is given in ext_csd register, at
offset 226 (BOOT_SIZE_MULT), which has to be multiplied by 128kB.
Add a helper function mmc_boot_part_size() to get this eMMC boot
partition size.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I0e8e0fc9632f147fa1b1b3374accb78439025403
The scratch buffer could be large. The new function allows
platform to defined its own external buffer or use the default
one.
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Change-Id: Ib7ab8ff19fa0a9cb06e364f058b91af58c3c471a
Instead of using hard-coded values in stm32_sdmmc2_read() function,
use a defined SDMMC_FIFO_SIZE, which is 64 on STM32MP1.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I1ace0a28fbddae474379f0187371b9c360ceb7b3
Although not recommended, the reset property could be made optional.
This way the driver will probe even if no reset property is provided
in an sdmmc node in DT. This reset is already optional in Linux.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I6e63ff00118d9497f505d6379982334dd62686ca
For SD-cards, CMD6 is used to switch functions, like setting high speed
mode. As it has another meaning for eMMC, and may not work on standard
capacity SD-cards, it must be checked with MMC_IS_SD_HC flag.
As ACMD6 is also used, and will have the same index, a check on
CMD/ACMD commands is done: a boolean is stored depending on previous
command. It is set to true if CMD55 is issued, for other commands
it is set to false.
Change-Id: I6c2b9c7637656f858601ec075de1cb5f57af271a
Signed-off-by: Yann Gautier <yann.gautier@st.com>
On SD-cards, Switch Function Command (CMD6) is used to switch
functions, like setting High Speed mode. It is useful for high capacity
cards to double frequency (from 25MHz by default to 50MHz).
If the SD-card is High Capacity, a CMD6 is issued after filling the
device information. If High Speed mode is supported and the switch is
OK, then the max_bus_freq can be set to 50MHz. The driver set_ios()
function should then be called to update peripheral configuration,
especially clock prescaler.
Change-Id: I2d6807aa7f9440d2b2f907a747cd3b47a2ba1545
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Pankaj Gupta
Jiafei Pan
Manish V Badarkhe
Maninder Singh
Yann Gautier
Lionel Debieve
Nicolas Toromanoff
Sandrine Bailleux
Vijayenthiran Subramaniam
Tamas Ban
Mikael Olsson
Claus Pedersen
Anand Saminathan
Raef Coles
Yann Gautier
Patrick Delaunay
Pranav Madhu
Florian Lugou
Jayanth Dodderi Chidanand