This commit adds authentication binary support for STM32MP1.
It prints the bootrom authentication result if signed
image is used and authenticates the next loaded STM32 images.
It also enables the dynamic translation table support
(PLAT_XLAT_TABLES_DYNAMIC) to use bootrom services.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: Iba706519e0dc6b6fae1f3dd498383351f0f75f51
This BSEC service is a platform specific service. Implementation
moved to the platform part.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I1f70ed48a446860498ed111acce01187568538c9
Patch introduce the macro NS_IMAGE_MAX_SIZE to simplify the image size
calculation. Use of additional parenthesis removes the possibility of
improper calculations due nested macro expansion for subtraction.
In case of platforms with DRAM window over 32bits, patch also removes
potential problems with type casting, as meminfo.image_size is uint32_t
but macro calculations were done in 64bit space.
Signed-off-by: Radoslaw Biernacki <radoslaw.biernacki@linaro.org>
Change-Id: I2d05a2d9dd6000dba6114df53262995cf85af018
This commit change the plat/qemu directory structure into:
`-- plat
`-- qemu
|-- common (files shared with all qemu subplatforms)
|-- qemu (original qemu platform)
|-- qemu_sbsa (new sqemu_sbsa platform)
|-- subplat1
`-- subplat2
This opens the possibility of adding new qemu sub-platforms which reuse
existing common platform code. The first platform which will leverage new
structure will be SBSA platform.
Signed-off-by: Radoslaw Biernacki <radoslaw.biernacki@linaro.org>
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Id0d8133e1fffc1b574b69aa2770ebc02bb837a9b
Both kernel and U-Boot use a SMC call to the secure monitor to get the
chip ID. This call is translated by BL31 to a call to the SCP to
retrieve the ID. Add a new SiP call and the backing SCPI command.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ib128f5645ee92866e7ebbcd550dacd33f573524b
To initialise the arch timer configuration and some clock prescaler, we
need to do two MMIO access *once*, early during boot.
As tempting as it may sound, plat_reset_handler() is not the right place
to do this, as it will be called on every CPU coming up, both for
secondary cores as well as during warmboots. So this access will be done
multiple times, and even during a rich OS' runtime. Whether doing so anyway
is actually harmful is hard to say, but we should definitely avoid this if
possible.
Move the initialisation of these registers to C code in
bl1_early_platform_setup(), where it will still be executed early enough
(before enabling the console), but only once during the whole boot
process.
Change-Id: I081c41a5476d424411411488ff8f633e87d3bcc5
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
To allow sharing the driver between the RPi3 and RPi4, move the random
number generator driver into the generic driver directory.
Change-Id: Iae94d7cb22c6bce3af9bff709d76d4caf87b14d1
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
With the incoming support for the Raspberry Pi 4 boards, one directory
to serve both versions will not end up well.
Create an additional layer by inserting a "rpi" directory betweeen /plat
and rpi3, so that we can more easily share or separate files between the
two later.
Change-Id: I75adbb054fe7902f34db0fd5e579a55612dd8a5f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
As the PSCI "power" management functions for the Raspberry Pi 3 port
will be shared with the upcoming RPi4 support, we need to prepare them
for dealing with the GIC interrupt controller.
Splitting this code just for those simple calls to the generic GIC
routines does not seem worthwhile, so just use a #define the protect the
GIC code from being included by the existing RPi3 code.
Change-Id: Iaca6b0214563852b28ad4a088ec45348ae8be40d
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The QEMU platform port scans its device tree to advertise PSCI as the
CPU enable method. It does this by scanning *every* node in the DT and
check whether its compatible string starts with "arm,cortex-a". Then it
sets the enable-method to PSCI, if it doesn't already have one.
Other platforms might want to use this functionality as well, so let's
move it out of the QEMU platform directory and make it more robust by
fixing some shortcomings:
- A compatible string starting with a certain prefix is not a good way
to find the CPU nodes. For instance a "arm,cortex-a72-pmu" node will
match as well and is in turn favoured with an enable-method.
- If the DT already has an enable-method, we won't change this to PSCI.
Those two issues will for instance fail on the Raspberry Pi 4 DT.
To fix those problems, we adjust the scanning method:
The DT spec says that all CPU nodes are subnodes of the mandatory
/cpus node, which is a subnode of the root node. Also each CPU node has
to have a device_type = "cpu" property. So we find the /cpus node, then
scan for a subnode with the proper device_type, forcing the
enable-method to "psci".
We have to restart this search after a property has been patched, as the
node offsets might have changed meanwhile.
This allows this routine to be reused for the Raspberry Pi 4 later.
Change-Id: I00cae16cc923d9f8bb96a9b2a2933b9a79b06139
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
To allow sharing the driver between the RPi3 and RPi4, move the mailbox
driver into the generic driver directory.
Change-Id: I463e49acf82b02bf004f3d56482b7791f3020bc0
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The existing Raspberry Pi 3 port sports a number of memory regions,
which are used for several purposes. The upcoming RPi4 port will not use
all of those, so make the SHARED_RAM region optional, by only mapping it
if it has actually been defined. This helps to get a cleaner RPi4 port.
Change-Id: Id69677b7fb6ed48d9f238854b610896785db8cab
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
With the advent of Raspberry Pi 4 support, we need to separate some
board specific headers between the RPi3 and RPi4.
Rename and move the "rpi3_hw.h" header, so that .c files just include
rpi_hw.h, and automatically get the correct version.
Change-Id: I03b39063028d2bee1429bffccde71dddfe2dcde8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The location of the MMIO window is different between a Raspberry Pi 3
and 4: the former has it just below 1GB, the latter below 4GB.
The relative location of the peripherals is mostly compatible though.
To allow sharing code between the two models, let's rename the symbol
used for the MMIO base to the more generic RPI_IO_BASE name.
Change-Id: I3c2762fb30fd56cca743348e79d72ef8c60ddb03
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
To be able to share code more easily between the existing Raspberry Pi 3
and the upcoming Raspberry Pi 4 platform, move some code which is not
board specific into a "common" directory.
Change-Id: I9211ab2d754b040128fac13c2f0a30a5cc8c7f2c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch provides the following features and makes modifications
listed below:
- Individual APIAKey key generation for each CPU.
- New key generation on every BL31 warm boot and TSP CPU On event.
- Per-CPU storage of APIAKey added in percpu_data[]
of cpu_data structure.
- `plat_init_apiakey()` function replaced with `plat_init_apkey()`
which returns 128-bit value and uses Generic timer physical counter
value to increase the randomness of the generated key.
The new function can be used for generation of all ARMv8.3-PAuth keys
- ARMv8.3-PAuth specific code placed in `lib\extensions\pauth`.
- New `pauth_init_enable_el1()` and `pauth_init_enable_el3()` functions
generate, program and enable APIAKey_EL1 for EL1 and EL3 respectively;
pauth_disable_el1()` and `pauth_disable_el3()` functions disable
PAuth for EL1 and EL3 respectively;
`pauth_load_bl31_apiakey()` loads saved per-CPU APIAKey_EL1 from
cpu-data structure.
- Combined `save_gp_pauth_registers()` function replaces calls to
`save_gp_registers()` and `pauth_context_save()`;
`restore_gp_pauth_registers()` replaces `pauth_context_restore()`
and `restore_gp_registers()` calls.
- `restore_gp_registers_eret()` function removed with corresponding
code placed in `el3_exit()`.
- Fixed the issue when `pauth_t pauth_ctx` structure allocated space
for 12 uint64_t PAuth registers instead of 10 by removal of macro
CTX_PACGAKEY_END from `include/lib/el3_runtime/aarch64/context.h`
and assigning its value to CTX_PAUTH_REGS_END.
- Use of MODE_SP_ELX and MODE_SP_EL0 macro definitions
in `msr spsel` instruction instead of hard-coded values.
- Changes in documentation related to ARMv8.3-PAuth and ARMv8.5-BTI.
Change-Id: Id18b81cc46f52a783a7e6a09b9f149b6ce803211
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
The code managing the console is the same for all the platforms
currently supported. Since it is unlikely to change in the future move
the code to an external file in the common directory.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I6df555ea82d483b4f08a4a1e2cb0a7488fbaa015
Some of the platform (ie. Agilex) make use of CCU IPs which will only be
initialized during bl2_el3_early_platform_setup. Any operation to the
cache beforehand will crash the platform. Hence, this will provide an
option to skip the data cache invalidation upon bl2 entry at EL3
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I2c924ed0589a72d0034714c31be8fe57237d1f06
Disable gic cpu interface for powered down cpu. This patch also removes
core reset during power off as core reset will be done during power on
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I2ca96d876b6e71e56d24a9a7e184b6d6226b8673
As part of the code refactoring fix the order of the include files
across all the source files.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ice72f687cc26ee881a9051168149467688100cfb
Make the header guards more generic and contextually remove the
GXBB_BL31_PLAT_PARAM_VAL value that is unused on the GXL platform.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I842fa2e084e71280ae17b39c67877e844821a171
Some cores support only AArch64 from EL1 and above, e.g. A76, N1 etc. If
TF-A is compiled with CTX_INCLUDE_AARCH32_REGS=0 so as to properly
handle those cores, only the AArch64 cores' assembly is included in the
TF-A binary. In other words, for FVP, TF-A assumes that AArch64 only
cores will never exist in the same cluster with cores that also support
AArch32.
However, A55 and A75 can be used as AArch64 only cores, despite
supporting AArch32, too. This patch enables A55 and A75 to exist in
clusters together with AArch64 cores.
Change-Id: I58750ad6c3d76ce77eb354784c2a42f2c179031d
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
This patch adds support for the Undefined Behaviour sanitizer. There are
two types of support offered - minimalistic trapping support which
essentially immediately crashes on undefined behaviour and full support
with full debug messages.
The full support relies on ubsan.c which has been adapted from code used
by OPTEE.
Change-Id: I417c810f4fc43dcb56db6a6a555bfd0b38440727
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Common ipi_table needs to be initialized before using any
IPI command (i.e send/receive). Move zynqmp ipi config table
initialization from sip_svc_setup() to zynqmp_config_setup().
Change-Id: Ic8aaa0728a43936cd4c6e1ed590e01ba8f0fbf5b
Signed-off-by: Tejas Patel <tejas.patel@xilinx.com>
Signed-off-by: Jolly Shah <jolly.shah@xilinx.com>
The STM32 console driver was pre-pending '\r' before '\n'.
It is now managed by the framework with the flag:
CONSOLE_FLAG_TRANSLATE_CRLF.
Remove the code in driver, and add the flag for STM32MP1.
Change-Id: I5d0d5d5c4abee0b7dc11c2f8707b1b5cf10149ab
Signed-off-by: Yann Gautier <yann.gautier@st.com>
When built for coreboot, we want to enable coreboot library to have
better integration. For example, serial console should be initialized by
coreboot_serial instead of hard-coded values.
Most coreboot configuration will enable memory console, which needs
larger XLAT_TABLES so MAX_XLAT_TABLES is increased; and to support that,
TZRAM_SIZE also need to be enlarged.
Change-Id: I08cf22df2fa26e48284e323d22ad8ce73a6ea803
Signed-off-by: Hung-Te Lin <hungte@chromium.org>
Add plat parameter structs to support BL2 to pass
variable-length, variable-type parameters to BL31.
The parameters are structured as a link list.
During BL31 setup time, we traverse the list to process
each parameter.
Signed-off-by: kenny liang <kenny.liang@mediatek.com>
Change-Id: Ie84cfc9606656fb1d2780a68cadf27e09afa6628
This patch fixes a coding error, where the size of the protected memory area
was truncated due to an incorrect typecast.
This defect was found by coverity and reported as CID 336781.
Change-Id: I41878b0a9a5e5cd78ef3393fdc7b9ea7f7403ed3
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Remove the GXBB prefix where needed and add SoC specific prefixes for
GXBB/GXL.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ic3eb3a77ca2d9c779a9dee5cee786e9c16ecdb27
Remove the GXBB prefix from the code in the common directory and add
SoC-specific prefixes in the SoC specific code.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ic983ef70b0ef23f95088dd8df488d8c42c3bc030
Add a new aml_* prefix to the SCPI related function calls.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I697812ac1c0df28cbb639a1dc3e838f1107fb739
Make the MHU code AML specific adding a new aml_* prefix and remove the
GXBB prefix from the register names.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I8f20918e29f08542bd71bd679f88e65b4efaa7d2
All the SIP/SVC related code is currently the same between GXL and GXBB.
Rename function names and register names to avoid hardcoding the GXBB
prefix.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I7e58ab68489df8d4762663fc01fb64e6899cc8bf
The header file is shared between all the SoCs. Better avoiding
hardcoding the SoC name in the function names.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I9074871bd1ed8a702c1a656e0f50f2d3c6cb0425
The efuse driver is hardcoding the GXBB prefix. No need to do that since
the driver is shared between multiple SoCs.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: I97691b0bbd55170d8216d301a3fc04feb8c2af2e
Fixing at the same time the related register names.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ib1130d50abe6088f1c0826878d1ae454a0f23008
The code is the common directory is now generic, no need to have the SoC
prefix hardcoded in the function names.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Ied3a5e506b9abd4c2d6f893bafef50019bff24f1
Lionel Debieve
Radoslaw Biernacki
Carlo Caione
kenny liang
Andre Przywara
Alexei Fedorov
Hadi Asyrafi
John Tsichritzis
Justin Chadwell
Jolly Shah
Yann Gautier
Hung-Te Lin
Varun Wadekar