This patch provides the following changes:
- Adds definition for FEAT_MTE3 value in ID_AA64PFR1_EL1 register
- Enables Memory Tagging Extension for FEAT_MTE3.
Change-Id: I735988575466fdc083892ec12c1aee89b5faa472
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Enable basic support for Neoverse-N2 CPUs.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I498adc2d9fc61ac6e1af8ece131039410872e8ad
This patch provides the changes listed below:
- Adds new bit fields definitions for SCTLR_EL1/2 registers
- Corrects the name of SCTLR_EL1/2.[20] bit field from
SCTLR_UWXN_BIT to SCTLR_TSCXT_BIT
- Adds FEAT_PANx bit field definitions and their possible
values for ID_AA64MMFR1_EL1 register.
- Adds setting of SCTLR_EL1.SPAN bit to preserve PSTATE.PAN
on taking an exception to EL1 in spm_sp_setup() function
(services\std_svc\spm_mm\spm_mm_setup.c)
Change-Id: If51f20e7995c649126a7728a4d0867041fdade19
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This errata workaround did not work as intended and was revised in
subsequent SDEN releases so we are reverting this change.
This is the patch being reverted:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4686
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I8554c75d7217331c7effd781b5f7f49b781bbebe
This errata workaround did not work as intended and was revised in
subsequent SDEN releases so we are reverting this change.
This is the patch being reverted:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4684
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I560749a5b55e22fbe49d3f428a8b9545d6bdaaf0
Currently, when RECLAIM_INIT_CODE is set, the
stacks are scaled to ensure that the entirety
of the init section can be reclaimed as stack.
This causes an issue in lib/psci/aarch64/psci_helpers.S,
where the stack size is used for cache operations in
psci_do_pwrdown_cache_maintenance(). If the stacks
are scaled, then the PSCI code may fail to invalidate
some of the stack memory before power down.
Resizing stacks is also not good for stability in general,
since code that works with a small number of cores may
overflow the stack when the number of cores is increased.
Change to make every stack be PLATFORM_STACK_SIZE big,
and allow the total stack to be smaller than the
init section.
Any pages of the init section not reclaimed as
stack will be set to read-only and execute-never,
for security.
Change-Id: I10b3884981006431f2fcbec3864c81d4a8c246e8
Signed-off-by: David Horstmann <david.horstmann@arm.com>
When issuing barrier instructions like DSB or DMB, we must make sure
that the compiler does not undermine out efforts to fence off
instructions. Currently the compiler is free to move the barrier
instruction around, in respect to former or later memory access
statements, which is not what we want.
Add a compiler barrier to the inline assembly statement in our
DEFINE_SYSOP_TYPE_FUNC macro, to make sure memory accesses are not
reordered by the compiler.
This is in line with Linux' definition:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/include/asm/barrier.h
Since those instructions share a definition, apart from DSB and DMB this
now also covers some TLBI instructions. Having a compiler barrier there
also is useful, although we probably have stronger barriers in place
already.
Change-Id: If6fe97b13a562643a643efc507cb4aad29daa5b6
Reported-by: Alexandru Elisei <alexandru.elisei@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
To support platforms without Trusted DRAM this patch defines
PLAT_ARM_SPMC_BASE and enables platform to use either Trusted DRAM or
DRAM region behind TZC.
Change-Id: Icaa5c7d33334258ff27e8e0bfd0812c304e68ae4
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Retrieve peripheral base address from a define instead of
parsing the device tree. The goal is to improve execution time.
Signed-off-by: Pascal Paillet <p.paillet@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I2588c53ad3d4abcc3d7fe156458434a7940dd72b
Usually, C has no problem up-converting types to larger bit sizes. MISRA
rule 10.7 requires that you not do this, or be very explicit about this.
This resolves the following required rule:
bl1/aarch64/bl1_context_mgmt.c:81:[MISRA C-2012 Rule 10.7 (required)]<None>
The width of the composite expression "0U | ((mode & 3U) << 2U) | 1U |
0x3c0U" (32 bits) is less that the right hand operand
"18446744073709547519ULL" (64 bits).
This also resolves MISRA defects such as:
bl2/aarch64/bl2arch_setup.c:18:[MISRA C-2012 Rule 12.2 (required)]
In the expression "3U << 20", shifting more than 7 bits, the number
of bits in the essential type of the left expression, "3U", is
not allowed.
Further, MISRA requires that all shifts don't overflow. The definition of
PAGE_SIZE was (1U << 12), and 1U is 8 bits. This caused about 50 issues.
This fixes the violation by changing the definition to 1UL << 12. Since
this uses 32bits, it should not create any issues for aarch32.
This patch also contains a fix for a build failure in the sun50i_a64
platform. Specifically, these misra fixes removed a single and
instruction,
92407e73 and x19, x19, #0xffffffff
from the cm_setup_context function caused a relocation in
psci_cpus_on_start to require a linker-generated stub. This increased the
size of the .text section and caused an alignment later on to go over a
page boundary and round up to the end of RAM before placing the .data
section. This sectionn is of non-zero size and therefore causes a link
error.
The fix included in this reorders the functions during link time
without changing their ording with respect to alignment.
Change-Id: I76b4b662c3d262296728a8b9aab7a33b02087f16
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
And from crash_console_flush.
We ignore the error information return by console_flush in _every_
place where we call it, and casting the return type to void does not
work around the MISRA violation that this causes. Instead, we collect
the error information from the driver (to avoid changing that API), and
don't return it to the caller.
Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
This patch updates the MIDR value for rainier cpu.
Change-Id: I99a5d96f757239cf65b2688095c4ec66cd991cf9
Signed-off-by: Jagadeesh Ujja <jagadeesh.ujja@arm.com>
Cortex A77 erratum 1925769 is a Cat B erratum, present in older
revisions of the Cortex A77 processor core. The workaround is to
set bit 8 in the ECTLR_EL1 register, there is a small performance cost
(<0.5%) for setting this bit.
SDEN can be found here:
https://documentation-service.arm.com/static/5f7c35d0d3be967f7be46d33
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I9cf0e0b5dc1e3e32e24279d2632c759cc7bd7ce9
Update the libfdt source files, the upstream commit is 73e0f143b73d
("libfdt: fdt_strerror(): Fix comparison warning").
This brings us the fixes for the signed/unsigned comparison warnings,
so platforms can enable -Wsign-compare now.
Change-Id: I303d891c82ffea0acefdde27289339db5ac5a289
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch migrates the mbedcrypto dependency for TF-A
to mbedTLS repo v2.24.0 which is the latest release tag.
The relevant documentation is updated to reflect the
use of new version.
Change-Id: I116f44242e8c98e856416ea871d11abd3234dac1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
We now have code to detect the CPU topology at runtime, and can also
populate the CPU nodes in a devicetree accordingly. This is used by the
ARM FPGA port, for instance.
But also a GICv3 compatible interrupt controller provides MMIO frames
per core, so the size of this region needs to be adjusted in the DT,
to match the number of cores as well.
Provide a generic function to find the GICv3 interrupt controller in
the DT, then adjust the "reg" entry to match the number of detected
cores. Since the size of the GICR frame per cores differs between
GICv4 and GICv3, this size is supplied as a parameter to the function.
The caller should determine the applicable value by either hardcoding
it or by observing GICR_TYPER.VLPIS.
Change-Id: Ic2a6445c2c5381a36bf24263f52fcbefad378c05
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
A GICv3 interrupt controller will be instantiated for a certain number
of cores. This will result in the respective number of GICR frames. The
last frame will have the "Last" bit set in its GICR_TYPER register.
For platforms with a topology unknown at build time (the Arm FPGAs, for
instance), we need to learn the number of used cores at runtime, to size
the GICR region in the devicetree accordingly.
Add a generic function that iterates over all GICR frames until it
encounters one with the "Last" bit set. It returns the number of cores
the GICv3 has been configured for.
Change-Id: I79f033c50dfc1c275aba7122725868811abcc4f8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch adds CPU support for the Rainier CPU which is
derived from Neoverse N1 r4p0 CPU and implements the
Morello capability architecture.
Change-Id: Ic6b796481da5a66504ecb0648879446edf4c69fb
Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Cortex A77 erratum 1508412 is a Cat B Errata present in r0p0 and r1p0.
The workaround is a write sequence to several implementation defined
registers based on A77 revision.
This errata is explained in this SDEN:
https://static.docs.arm.com/101992/0010/Arm_Cortex_A77_MP074_Software_Developer_Errata_Notice_v10.pdf
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I217993cffb3ac57c313db8490e7b8a7bb393379b
This patch allows the system to fallback to a default CPU library
in case the MPID does not match with any of the supported ones.
This feature can be enabled by setting SUPPORT_UNKNOWN_MPID build
option to 1 (enabled by default only on arm_fpga platform).
This feature can be very dangerous on a production image and
therefore it MUST be disabled for Release images.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I0df7ef2b012d7d60a4fd5de44dea1fbbb46881ba
Depending on compiler, the issue about bool or uint*_t not defined can
appear.
Correct this by adding stdbool.h and stdint.h includes in etzpc.h.
Change-Id: If1419dc511efbe682459fa4a776481fa52a38aa3
Signed-off-by: Yann Gautier <yann.gautier@st.com>
nand_wait_ready is called with a millisecond delay
but the timeout used a micro second. Fixing the conversion
in the timeout call.
The prototype of the function is also changed to use an unsigned int
parameter.
Change-Id: Ia3281be7980477dfbfdb842308d35ecd8b926fb8
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
There is one dtsi file per SoC version:
- STM32MP151: common part for all version, Single Cortex-A7
- STM32MP153: Dual Cortex-A7
- STM32MP157: + GPU and DSI, but not needed for TF-A
The STM32MP15xC include a cryptography peripheral, add it in a dedicated
file.
There are 4 packages available, for which the IOs number change. Have one
file for each package. The 2 packages AB and AD are added.
STM32157A-DK1 and STM32MP157C-DK2 share most of their features, a common
dkx file is then created.
Some reordering is done in other files, and realign with kernel DT files.
The DDR files are generated with our internal tool, no changes in the
registers values.
Change-Id: I9f2ef00306310abe34b94c2f10fc7a77a10493d1
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Builds in Debug mode with Measured Boot enabled might run out of trusted
SRAM. This patch allows to change the Log Level at which the Measured Boot
driver will dump the event log, so the latter can be accessed even on
Release builds if necessary, saving space on RAM.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I133689e313776cb3f231b774c26cbca4760fa120
From commit: 21571b1d140ae7bb44e94c0afba2ec61456b275b
Made small changes to fit into TF-A project
Change-Id: I991f653a7ace04f9c84bcda78ad8d7114ea18e93
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Implemented a parser which populates the properties of
the CoT descriptors as per the binding document [1].
'COT_DESC_IN_DTB' build option is disabled by default and can
be enabled in future for all Arm platforms by making necessary
changes in the memory map.
Currently, this parser is tested only for FVP platform.
[1]:
https://trustedfirmware-a.readthedocs.io/en/latest/components/cot-binding.html
Change-Id: I2f911206087a1a2942aa728de151d2ac269d27cc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
It uses the existing implementation of snprintf() function
Change-Id: Ie59418564c2e415222e819cf322c34e9a4d1f336
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
From commit: 21571b1d140ae7bb44e94c0afba2ec61456b275b
Made small changes to fit into TF-A project
Change-Id: I07fd7fe1037857f6b299c35367c104fb51fa5cfa
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The API can be used to invoke a 'stop_func' callback for all
other cores from any initiating core. Optionally it can also
wait for other cores to power down. There may be various use
of such API by platform. Ex: Platform may use this to power
down all other cores from a crashed core.
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Change-Id: I4f9dc8a38d419f299c021535d5f1bcc6883106f9
The DSU contains system control registers in the SCU and L3 logic to
control the functionality of the cluster. If "DIRECT CONNECT" L3
memory system variant is used, there won't be any L3 cache,
snoop filter, and SCU logic present hence no system control register
will be present. Hence check SCU presence before accessing DSU register
for DSU_936184 errata.
Signed-off-by: Pramod Kumar <pramod.kumar@broadcom.com>
Change-Id: I1ffa8afb0447ae3bd1032c9dd678d68021fe5a63
This patch creates and populates the /cpus node in a device tree
based on the existing topology. It uses the minimum required nodes
and properties to satisfy the binding as specified in
https://www.kernel.org/doc/Documentation/devicetree/bindings/arm/cpus.txt
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I03bf4e9a6427da0a3b8ed013f93d7bc43b5c4df0
This patch introduces support for PN9 variant for some
Denver based platforms.
Original change by: Hemant Nigam <hnigam@nvidia.com>
Signed-off-by: Kalyani Chidambaram Vaidyanathan <kalyanic@nvidia.com>
Change-Id: I331cd3a083721fd1cd1b03f4a11b32fd306a21f3
Using the Fconf, register base address of the various nv-counters
(currently, trusted, non-trusted nv-counters) are moved to the
device tree and retrieved during run-time. This feature is
enabled using the build option COT_DESC_IN_DTB.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I236f532e63cea63b179f60892cb406fc05cd5830
Created a header file defining the id of the various nv-counters
used in the system.
Also, updated the device tree to add 'id' property for the trusted
and non-trusted nv-counters.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ia41a557f7e56ad4ed536aee11c7a59e078ae07c0
'EHF' is used by RAS, SDEI, SPM_MM common frameworks.
If platform needs to plug-in specific handlers then
'PLAT_EHF_DESC' can be used to populate platform specific
priority levels.
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Change-Id: I37af7e0e48111f87b6982604bf5c15db3e05755d
FF-A interface to handle SPMC to SPMD direct messages requests.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: Ia707a308c55561a31dcfa86e554ea1c9e23f862a
As per latest mailing communication [1], we decided to
update AT speculative workaround implementation in order to
disable page table walk for lower ELs(EL1 or EL0) immediately
after context switching to EL3 from lower ELs.
Previous implementation of AT speculative workaround is available
here: 45aecff00
AT speculative workaround is updated as below:
1. Avoid saving and restoring of SCTLR and TCR registers for EL1
in context save and restore routine respectively.
2. On EL3 entry, save SCTLR and TCR registers for EL1.
3. On EL3 entry, update EL1 system registers to disable stage 1
page table walk for lower ELs (EL1 and EL0) and enable EL1
MMU.
4. On EL3 exit, restore SCTLR and TCR registers for EL1 which
are saved in step 2.
[1]:
https://lists.trustedfirmware.org/pipermail/tf-a/2020-July/000586.html
Change-Id: Iee8de16f81dc970a8f492726f2ddd57e7bd9ffb5
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
SCTLR and TCR registers of EL1 plays role in enabling/disabling of
page table walk for lower ELs (EL0 and EL1).
Hence re-arranged EL1 context offsets to have SCTLR and TCR registers
values one after another in the stack so that these registers values
can be saved and restored using stp and ldp instruction respectively.
Change-Id: Iaa28fd9eba82a60932b6b6d85ec8857a9acd5f8b
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
In case of AT speculative workaround applied, page table walk
is disabled for lower ELs (EL1 and EL0) in EL3.
Hence added a wrapper function which temporarily enables page
table walk to execute AT instruction for lower ELs and then
disables page table walk.
Execute AT instructions directly for lower ELs (EL1 and EL0)
assuming page table walk is enabled always when AT speculative
workaround is not applied.
Change-Id: I4ad4c0bcbb761448af257e9f72ae979473c0dde8
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
For Arm platforms SPs are loaded by parsing tb_fw_config.dts and
adding them to SP structure sequentially, which in-turn is appended to
loadable image list.
With recently introduced dualroot CoT for SPs where they are owned
either by SiP or by Platform. SiP owned SPs index starts at SP_PKG1_ID
and Plat owned SPs index starts at SP_PKG5_ID. As the start index of SP
depends on the owner, there should be a mechanism to parse owner of a SP
and put it at the correct index in SP structure.
This patch adds support for parsing a new optional field "owner" and
based on it put SP details(UUID & Load-address) at the correct index in
SP structure.
Change-Id: Ibd255b60d5c45023cc7fdb10971bef6626cb560b
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
We relyed on the default signed-ness of constants, which is usually
signed. This can create MISRA violations, such as:
bl1/bl1_main.c:257:[MISRA C-2012 10.8 (required)] Cast of composite
expression off essential type signed to essential type unsigned
These constants were only used as unsigned, so this patch makes them
explicitly unsigned.
Change-Id: I5f1310c881e936077035fbb1d5ffb449b45de3ad
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
There was a collision between the name of the typedef in the CASSERT and
something else, so we make the name of the typedef unique to the
invocation of DEFFINE_SVC_UUID2 by appending the name that's passed into
the macro. This eliminates the following MISRA violation:
bl1/bl1_main.c:233:[MISRA C-2012 Rule 5.6 (required)] Identifier
"invalid_svc_uuid" is already used to represent a typedef.
This also resolves MISRA rule 5.9.
These renamings are as follows:
* tzram -> secram. This matches the function call name as it has
sec_mem in it's name
* fw_config_base -> config_base. This file does not mess with
hw_conig, so there's little chance of confusion
Change-Id: I8734ba0956140c8e29b89d0596d10d61a6ef351e
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
For dualroot CoT there are two sets of SP certificates, one owned by
Silicon Provider(SiP) and other owned by Platform. Each certificate can
have a maximum of 4 SPs.
This patch reduces the number of SiP owned SPs from 8 to 4 and adds
the remaining 4 to Plat owned SP.
Plat owned SP certificate is signed using Platform RoT key and
protected against anti-rollback using the Non-trusted Non-volatile
counter.
Change-Id: Idc3ddd87d6d85a5506a7435f45a6ec17c4c50425
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Add support to generate a certificate named "plat-sp-cert" for Secure
Partitions(SP) owned by Platform.
Earlier a single certificate file "sip-sp-cert" was generated which
contained hash of all 8 SPs, with this change SPs are divided into
two categories viz "SiP owned" and "Plat owned" containing 4 SPs each.
Platform RoT key pair is used for signing.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I5bd493cfce4cf3fc14b87c8ed1045f633d0c92b6
ERRATA ID: RES-3033912 - Internal Address Space Init state causes
a hang upon accesses to [0xf070_0000, 0xf07f_ffff]
Workaround: Boot Firmware (ATF) should configure CCU_RGF_WIN(4) to
split [0x6e_0000, 0xff_ffff] to values [0x6e_0000, 0x6f_ffff] and
[0x80_0000, 0xff_ffff] that cause accesses to the segment of
[0xf070_0000, 0xf07f_ffff] to act as RAZWI. Reuse common
work-around code for both AP806 and AP807.
Change-Id: Ia91a4802d02917d1682faa0c81571093d1687d97
Signed-off-by: Stefan Chulski <stefanc@marvell.com>
Alexei Fedorov
Javier Almansa Sobrino
johpow01
David Horstmann
Andre Przywara
Arunachalam Ganapathy
Saurabh Gorecha
Yann Gautier
Jimmy Brisson
Manish V Badarkhe
Jagadeesh Ujja
Manoj Kumar
laurenw-arm
Lionel Debieve
Madhukar Pappireddy
Sandeep Tripathy
Pramod Kumar
Hemant Nigam
Olivier Deprez
Manish Pandey
Stefan Chulski