Use positive logic (pm_up instead of pm_down) to check whether PMU
services are available. This change also puts the variable into the
BSS section rather than the Data section as the variable is now
initialized to 0 rather than 1.
Signed-off-by: Will Wong <WILLW@xilinx.com>
Signed-off-by: Stefan Krsmanovic <stefan.krsmanovic@aggios.com>
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
If we can't find the FSBL handoff struct don't panic and just use the
defaults instead.
We still print a warning to the user to let them know what we couldn't
find it.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Siva Durga Prasad Paladugu <sivadur@xilinx.com>
Instead of calling panic() in fsbl_atf_handover() return the error
status so that bl31_early_platform_setup() can act accordingly.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Type "entry_point_info_t" is used in zynqmp_private.h. It is defined
in "bl_common.h". The header file which defines the type should be
included.
Signed-off-by: Wendy Liang <jliang@xilinx.com>
Added SHA to calculate SHA3 hash,RSA to encrypt data with
public key and decrypt with private key and AES to do symmetric
encryption with User key or device key.
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Read ipdisable reg which needs to be used for cg/eg/ev device detection.
ATF runs in EL3 that's why this read can be done directly.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
This patch corrects the SVD mask for getting chip ID
using 0xe is wrong and 0x7 is correct.
Signed-off-by: Siva Durga Prasad Paladugu <sivadur@xilinx.com>
psci system_reset and system_off calls now retrieve shutdown scope on
the fly. The default scope is system, but it can be changed by calling
pm_system_shutdown(2, scope)
Until full support for different restart scopes becomes available with
PSCI 1.1 this change allows users to set the reboot scope to match
their application needs.
Possible scope values:
0 - APU subsystem: does not affect RPU, PMU or PL
1 - PS only: shutdown/restart entire PS without affecting PL
2 - System: shutdown/restart applies to entire system
Signed-off-by: Siva Durga Prasad Paladugu <sivadur@xilinx.com>
Signed-off-by: Davorin Mista <davorin.mista@aggios.com>
The PM_INIT_FINALIZE PM API is required to inform the PFW that APU is
done with requesting nodes and that not-requested nodes can be powered
down. If PM is not enabled, this call will never be made and PFW will
never power down any of the nodes which APU can use.
Signed-off-by: Filip Drazic <filip.drazic@aggios.com>
This patch adds pm_secure_rsaaes() API to provide access to
the xilsecure library for loading secure images
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Read boot mode register using pm_mmio_read if pmu is
present otherwise access it directly using mmio_read_32().
Signed-off-by: Siva Durga Prasad Paladugu <sivadur@xilinx.com>
Acked-by: Michal Simek <michal.simek@xilinx.com>
The pm_req_wakeup PM API accepts start address (64-bit unsiged integer)
and a flag stating if address should be used. To save an argument
of the SMC call, flag is encoded in the LSB of the address, since
addresses are word aligned.
Decode start address and use-address flag in the PM SMC handler and
pass them to pm_req_wakeup.
Signed-off-by: Filip Drazic <filip.drazic@aggios.com>
Acked-by: Will Wong <willw@xilinx.com>
Call to pm_client_wakeup from pm_req_wakeup prevented the PM API
call to be used to wake up non-APU processor (e.g. from higher ELs),
since it clears power down request for specified APU processor.
Move this function out of pm_client_wakeup to allow passing wake up
requests to the PMU for other processor in the system.
Signed-off-by: Filip Drazic <filip.drazic@aggios.com>
Acked-by: Will Wong <willw@xilinx.com>
NODE_EXTERN is the slave node which represents an external wake
source.
Signed-off-by: Mirela Simonovic <mirela.simonovic@aggios.com>
Acked-by: Will Wong <willw@xilinx.com>
Beside standard suspend-to-RAM state, Zynq MPSoC supports
suspend-to-RAM state with additional power savings, called
power-off suspend-to-RAM. If this mode is set, only NODE_EXTERN
must be set as wake source. Standard suspend-to-RAM procedure
is unchanged.
This patch adds support for setting suspend mode from higher
ELs and ensuring that all conditions for power-off suspend mode
are set.
Signed-off-by: Siva Durga Prasad Paladugu <siva.durga.paladugu@xilinx.com>
Signed-off-by: Filip Drazic <filip.drazic@aggios.com>
pm_get_node_status API function returns 3 values:
-status: Current power state of the node
-requirements: Current requirements for the node
-usage: Current usage of the node
The last two values only apply to slave nodes.
Signed-off-by: Anes Hadziahmetagic <anes.hadziahmetagic@aggios.com>
Signed-off-by: Filip Drazic <filip.drazic@aggios.com>
Acked-by: Will Wong <willw@xilinx.com>
The MT bit in MPIDR is always set for SGI platforms and so the
core position calculation code is updated to take into account
the thread affinity value as well.
Change-Id: I7b2a52707f607dc3859c6bbcd2b145b7987cb4ed
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Signed-off-by: Vishwanatha HG <vishwanatha.hg@arm.com>
Instead of instantiating a local copy of GICv3 driver data for SGI
platforms, reuse the existing instance of GICv3 driver data available
in the arm common platform code.
Change-Id: If6f38e15d1f0e20cea96fff98091da300015d295
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Signed-off-by: Vishwanatha HG <vishwanatha.hg@arm.com>
Flush the indirect branch predictor and RSB on entry to EL3 by issuing
a newly added instruction for Denver CPUs. Support for this operation
can be determined by comparing bits 19:16 of ID_AFR0_EL1 with 0b0001.
To achieve this without performing any branch instruction, a per-cpu
vbar is installed which executes the workaround and then branches off
to the corresponding vector entry in the main vector table. A side
effect of this change is that the main vbar is configured before any
reset handling. This is to allow the per-cpu reset function to override
the vbar setting.
Change-Id: Ief493cd85935bab3cfee0397e856db5101bc8011
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This reverts commit 2f18aa1fa3.
It is causing some tests to fail. Until the cause is found and fixed, it
is needed to remove this commit from master.
Change-Id: Ic5ff7a841903a15613e00379e87cbbd8a0e85152
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
This allows secure partitions to access these registers. This is
needed in some cases. For example, it has been reported that in order
to implement secure storage services, a secure partition needs to
encrypt/decrypt some authentication variables, which requires FP/SIMD
support.
Note that SPM will not do any saving/restoring of these registers on
behalf of the SP. This falls under the SP's responsibility.
Also note that if the SP gets preempted, it might not get a chance to
save/restore FP/SIMD registers first. This patch does not address this
problem. It only serves as a temporary solution to unblock development
on the secure partition side.
Change-Id: I3b8ccdebdac0219f6ac96ad66ab2be0be8374ad3
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
In the porting guide, fix the function name and the argument type to
reflect the code.
Change-Id: Iac8d69af403194de5586bc0d5890da531e3c8da2
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The instructions to boot the bootwrapped kernel were outdated.
Also, the bootwrapped kernel boot flow isn't really useful. It was meant
to be a replacement for the Trusted Firmware-A, not to be used as the next
step during boot.
The instructions have been removed in favour of the new build option
ARM_LINUX_KERNEL_AS_BL33. This new system directly boots the Linux
kernel from BL31, and requires RESET_TO_BL31 to be 1. Also, the kernel
has to be preloaded in memory, so PRELOADED_BL33_BASE has to be set to its
address. This way, the runtime services of the Trusted Firmware-A are
available for the kernel in the least possible amount of time.
This new system requires the DTB to be patched so that the kernel knows
where the ramdisk is. A short script to add this information to the DTB
has been added to the User Guide. The information related to it can be
found in the following file in the Linux kernel tree:
``Documentation/devicetree/bindings/chosen.txt``
Change-Id: Ide135580959e09f6aa8e4425f37ea55d97439178
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
SGI-575's NSRAM is neither in the same place nor the same size as Juno's.
Change-Id: Id6d692e9c7e9c1360014bb525eda966ebe29c823
Signed-off-by: Chris Kay <chris.kay@arm.com>
The bounds check in ARM_CASSERT_MMAP does not take into account the
array sentinel in plat_arm_mmap. This commit fixes this, and adds an
additional check to ensure the number of entries in the array is
within the bounds of PLAT_ARM_MMAP_ENTRIES.
Change-Id: Ie6df10c0aa0890d62826bc3224ad7b3e36fd53e2
Signed-off-by: Chris Kay <chris.kay@arm.com>
There are three calls to mmap_add_region() that always occur in
arm_setup_page_tables(), and two further calls based on whether coherent
memory is enabled, and whether SPM is enabled in BL31.
This commit adapts the ARM_BL_REGIONS definition to match the number of
calls made inside arm_setup_page_tables() so that the MAX_MMAP_REGIONS
is realigned with what is actually occurring.
Change-Id: I7adc05951abccf2cbd5c86280eb874911e6a1566
Signed-off-by: Chris Kay <chris.kay@arm.com>
Normally, BL33 needs to contain a boot loader like U-Boot or UEFI that
eventually gives control to the OS. However, in some cases, this boot
sequence may be too slow. For example, when doing tests in a
cycle-accurate emulator, the user may only be interested in the
interaction between the Trusted Firmware and the OS, not in the boot
process itself.
The new option ARM_LINUX_KERNEL_AS_BL33 allows BL33 to contain the Linux
kernel image by changing the value of registers x0-x3 to the values
expected by the kernel. This option requires the device tree blob (DTB)
to be present in memory. Its address must be specified in the newly
introduced ARM_PRELOADED_DTB_BASE build option. For now, it only supports
AArch64 kernels.
This option is only available when RESET_TO_BL31=1. For this reason
the BL33 binary must be preloaded in memory and PRELOADED_BL33_BASE must
be used.
For example, if the kernel is loaded at 0x80080000 and the DTB is loaded
at address 0x82000000, the firmware could be built like this:
CROSS_COMPILE=aarch64-linux-gnu- \
make PLAT=fvp DEBUG=1 \
RESET_TO_BL31=1 \
ARM_LINUX_KERNEL_AS_BL33=1 \
PRELOADED_BL33_BASE=0x80080000 \
ARM_PRELOADED_DTB_BASE=0x82000000 \
all fip
Change-Id: If9dc847c65ae2d0c27b51f0fd44fc06b28497db9
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The old API is deprecated and will eventually be removed.
Arm platforms now use the multi console driver for boot and runtime
consoles. However, the crash console uses the direct console API because
it doesn't need any memory access to work. This makes it more robust
during crashes.
The AArch32 port of the Trusted Firmware doesn't support this new API
yet, so it is only enabled in AArch64 builds. Because of this, the
common code must maintain compatibility with both systems. SP_MIN
doesn't have to be updated because it's only used in AArch32 builds.
The TSP is only used in AArch64, so it only needs to support the new
API without keeping support for the old one.
Special care must be taken because of PSCI_SYSTEM_SUSPEND. In Juno, this
causes the UARTs to reset (except for the one used by the TSP). This
means that they must be unregistered when suspending and re-registered
when resuming. This wasn't a problem with the old driver because it just
restarted the UART, and there were no problems associated with
registering and unregistering consoles.
The size of BL31 has been increased in builds with SPM.
Change-Id: Icefd117dd1eb9c498921181a21318c2d2435c441
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
In the multi console driver, allowing to register the same console more
than once may result in an infinte loop when putc is called.
If, for example, a boot message is trying to be printed, but the
consoles in the loop in the linked list are runtime consoles, putc will
iterate forever looking for a console that can print boot messages (or
a NULL pointer that will never come).
This loop in the linked list can occur after restoring the system from a
system suspend. The boot console is registered during the cold boot in
BL31, but the runtime console is registered even in the warm boot path.
Consoles are always added to the start of the linked list when they are
registered, so this it what should happen if they were actually
different structures:
console_list -> NULL
console_list -> BOOT -> NULL
console_list -> RUNTIME -> BOOT -> NULL
console_list -> RUNTIME -> RUNTIME -> BOOT -> NULL
In practice, the two runtime consoles are the same one, so they create
this loop:
console_list -> RUNTIME -. X -> BOOT -> NULL
^ |
`----'
This patch adds an assertion to detect this problem. The assertion will
fail whenever the same structure tries to be registered while being on
the list.
In order to assert this, console_is_registered() has been implemented.
It returns 1 if the specified console is registered, 0 if not.
Change-Id: I922485e743775ca9bd1af9cbd491ddd360526a6d
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The context management library initialises the CPU context for the
secure/non-secure worlds to zero. This leads to zeros being stored
to the actual registers when we restore the CPU context, during a
world switch. Denver CPUs dont expect zero to be written to the
implementation defined, actlr_el1 register, at any point of time.
Writing a zero to some fields of this register, results in an
UNDEFINED exception.
This patch bases the context actlr_el1 value on the actual hardware
register, to maintain parity with the expected settings
Change-Id: I1c806d7ff12daa7fd1e5c72825494b81454948f2
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
When TF is compiled for aarch32 MAX_VIRT_ADDR_SPACE_SIZE is 2^32 in some cases,
which makes the test (size) <= MAX_VIRT_ADDR_SPACE_SIZE a tautology because
uintptr_t is a 32 bit value. The cast remove the warning for clang.
Change-Id: I1345f3400f8fbbe4ffd3caa990a90e7ba593dba5
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Using variables as format strings can generate security problems when
the user can control those strings. Some compilers generate warnings
in that cases, even when the variables are constants and are not
controlled by the user.
Change-Id: I65dee1d1b66feab38cbf298290a86fa56e6cca40
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Siva Durga Prasad Paladugu
Alistair Francis
Wendy Liang
Siva Durga Prasad Paladugu
Filip Drazic
Mirela Simonovic
Anes Hadziahmetagic
Dimitris Papastamos
Vishwanatha HG
Varun Wadekar
Jeenu Viswambharan
Antonio Nino Diaz
Sandrine Bailleux
Chris Kay
Roberto Vargas
danh-arm