Fix MISRA C2012-17.8:
A function parameter should not be modified
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I08ed4c6768c7988a98de21da181b97b0885139de
This corrects the MISRA violation C2012-12.1:
The precedence of operators within expressions should be made explicit
While at it put the test on one line.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Id19231faaf033c1e7dbe703690e0dddc7aa8f346
Add braces to correct MISRA C2012 15.6 warning:
The body of an iteration-statement or a selection-statement shall be a
compound-statement.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I4041b0080b678f5ffdbe074e3cee9ac0afd5e176
Coverity Issue 21268351
Fixed unused value of xspi read while reading training values from
xspi during warm reset.
Signed-off-by: Maninder Singh <maninder.singh_1@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I779587afedb1c73d174a132bbfbcb21bf45bdff8
rss_comms_init() should return with success (0) in case of an internal
MHU_ERR_ALREADY_INIT error code which is harmless (occurs when
rss_comms_init() is called multiple times in a row).
Change-Id: Ibb1fef48a60866e80d3a389128cb8eef1332ea01
Signed-off-by: David Vincze <david.vincze@arm.com>
Returning enum usb_status in an enum usb_action function is wrong as
they have different meanings. However, usb_dwc2_ep0_out_start() and
usb_dwc2_activate_setup() only return USBD_OK so we will never get to
there. Replace these checks with asserts in case the code changes in
future.
This also silences a warning when compiling with -Wextra.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I73dfd5c189a357544c15ceb3f4268da82ce272b9
On release builds EMMC_TRACE doesn't expand to anything. Some
conditionals with no braces end up with empty bodies. This produces a
warning when compiling with -Werror=empty-body (enabled by -Wextra).
Since TF-A coding guidelines require braces to comply with MISRA
guidelines anyway, add them in the whole file.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ib4e691efc7acdb8fb8692278c7a9772fc894f77f
secure_boot_api_f is defined to take uint32_t, uint32_t, and void *
parameters. However rom_secure_boot_api_f is defined to take uint32_t *,
uint32_t *, void *. These are incompatible and cause a warning when
compiling with -Wextra. Align the rom definition to the more generic
definition from where it's called.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ia030803b3c2335d220aff09fc0eef5c7615276aa
TF-A wants to eventually enable -Wold-style-definition globally. Convert
the rare few instances where this is still the case.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I9c450fc875cf097e6de2ed577ea3b085821c9f5e
Compiling with -Wimplicit-fallthrough=3 (enabled by -Wextra) produces
many warnings about fallthrough comments either missing or being wrong.
Unify the comments so we comply with -Wextra.
Note that Coverity recommends against using the __attribute__ directive.
Also, zlib does not build with a higher value of -Wimplicit-fallthrough.
Finally, compilers strip comments before expanding macros. As such,
checkpatch's fallthrough annotation (or higher levels of the flag) isn't
really possible.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I060cf4f8dc04c02cbb45cf4ceb69569a8369ccee
The platform.mk can add extra MbedTLS source files to LIBMBEDTLS_SRC.
Change-Id: Ida9abfd59d8b02eae23ec0a7f326db060b42bf49
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
Fixed coverity issue for "shifting by a negtive value", returned
before go to the next shifting code.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I00171b057b8948cb9e9ec5d9405b2e32aba568fb
Coverity Issue detail:
underrun-local: Underrunning array bin[i].cl[k].caslat
at element index -1 (byte offset -1)
using index j (which evaluates to -1).
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I1ec4833bbd5db1ac51436eac606484eefc4338ee
In function "desc_length", LSB byte of the first word of the
descriptor will be anded with 0x7F, to get the number of words
constructing the descriptor.
LSB byte of the first word of the descriptor is auto-incremented
with each add_word used while constructing the descriptor.
But if function "desc_add_word" is called more than
MAX_DESC_SIZE_WORDS times, then only the function "desc_length",
can return number of words greater than MAX_DESC_SIZE_WORDS.
This is the condition when core can overwrite the out of bound
memory.
Hence, the following fix is needed:
- Before adding any new word to the descriptor, a check for
max word length needs to be added, into these functions:
"desc_add_word" & "desc_add_ptr".
Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: If896cd2e02ecde72fb09c5147119dec4f2f84bc3
Fixed the following coverity issues:
Using uninitialized value cmd_id1, cmd_id2.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I8cd430ec015fc617521db455a6ffe16b33f42b78
Updated the event log driver's function to accept metadata as an
argument, to remove the platform function usage from the event log
driver to make it a standalone driver.
Change-Id: I512cf693d51dc3c0b9d2c1bfde4f89414e273049
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Setting 2MB shared memory and following 64MB secure memory.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Ia992d21f205d305a6fff92fc11435634ce7c9d21
Timing CFG 0 and Timing CFG 4 are ddr controller registers that
have been affected by 1d phy training during cold boot. They are
needed to be stored and restored along with phy training values.
Signed-off-by: Maninder Singh <maninder.singh_1@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I29c55256e74456515aaeb098e2e0e3475697a466
we need to apply the value of CDD write to write for the write to
read CDD delay calculations. Since the current implementation always
provide a negative value of CDDwr so a value of zero was selected.
Signed-off-by: Maninder Singh <maninder.singh_1@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I6829997d2ea6ba6cddaaab8332b82b8c66752d7e
The code managing legacy boot (without FIP) that was under
STM32MP_USE_STM32IMAGE flag is remove.
Change-Id: I04452453ed84567b0de39e900594a81526562259
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Remove deprecated authentication mode to use the FIP authentication
based on TBBR requirements. It will use the new crypto library.
Change-Id: I95c7baa64ba42c370ae136f59781f2a7a4c7f507
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Correct the warning due to comparison between signed and
unsigned variable.
drivers/auth/mbedtls/mbedtls_x509_parser.c: In function 'get_ext':
drivers/auth/mbedtls/mbedtls_x509_parser.c:120:30:
error: comparison of integer expressions of different
signedness: 'int' and 'size_t' {aka 'unsigned int'}
[-Werror=sign-compare]
120 | if ((oid_len == strlen(oid_str)) && !strcmp(oid, oid_str)) {
| ^~
Change-Id: Ic12527f5f92a34e925bee3047c168eacf5e99d8a
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
In some platform the digest of the public key saved in the OTP is not
the digest of the exact same public key buffer needed to check the
signature. Typically, platform checks signature using the DER ROTPK
whereas some others add some related information. Add a new platform
weak function to transform the public key buffer used by
verify_signature to a platform specific public key.
Mark this new weak function as deprecated as it will be replaced
by another framework implementation.
Change-Id: I71017b41e3eca9398cededf317ad97e9b511be5f
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Remove unused mode for HASH driver. The driver will only be
used in BL2 scope.
Change-Id: I1fce09cdaa9da0c11554ac5f73433b4bee776011
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
This driver manages the STM32 Random Number Generator
peripheral.
Change-Id: I4403ebb2dbdaa8df993a4413f1ef48eeba00427c
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Add code to be able to use STMicroelectronics SAES IP. This driver
can manage many AES algorithms (CBC, ECB, CCM, GCM). It will be used
by the authenticated decryption framework (AES-GCM only).
Change-Id: Ibd4030719fb12877dcecd5d2c395d13b4b15c260
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Add code to be able to use STMicroelectronics PKA peripheral
in the authentication framework.
Change-Id: Ifeafe84c68db483cd18674f2280576cc065f92ee
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Introduce new flag to manage hardware version.
STM32MP15 currently uses the HASH_V2 and STM32MP13 uses the HASH_V4.
For STM32_HASH_V4: remove MD5 algorithm (no more supported) and
add SHA384 and SHA512.
For STM32_HASH_V2: no change.
Change-Id: I3a9ae9e38249a2421c657232cb0877004d04dae1
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
When spi_id_max is 5119, the expression `(spi_id_max - 4096U + 1U >> 5)`
evaluates to 32 leading to undefined behavior when using it to left
shift 1. Fix this undefined behavior.
Reported-by coverity scan:
https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/RMB4U7COL6IONZWEGF2FWXOQ6FPDIT4U/
```
large_shift: In expression 1 << (spi_id_max - 4096U + 1U >> 5), left
shifting by more than 31 bits has undefined behavior. The shift
amount, spi_id_max - 4096U + 1U >> 5, is as much as 32.
```
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I5e77a78b81a6d0367875e7ea432a82b6ba0e587c
Platform must define the maximum size of the message
over MHU.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I91a6c132c946f4465178910b8ea83544f562e837
Without setting the correct size of sw_type the metadata won't
be propagated to RSS through rss_measured_boot_extend_measurement()
API.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I4066d4762689c96ac2ac8e8b8db5d2b1f108b550
Adding PLAT_* prefix to indicate that the
platform needs to provide this definition.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I0bd02be405fd8b1e625bd2b82647ebb2b58265fc
Clear the MHU message buffer to remove assets from memory.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I730e7b044eaf0bf517532a12146e4f542949544e
Remove an assert, which checks whether output buffer is
provided, because in measured boot there is no output.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I08db9c2eea1da2d7120c9872ffbf8d8ee45c8e08
Reorganized a few Event Log functions into multiple functions so that
they can be used for the upcoming DRTM feature. This change mainly
implements below new functions -
1. event_log_buf_init - called by 'event_log_init' to initialise Event
Log buffer
2. event_log_write_specid_event - called by 'event_log_fixed_header' to
write specification id event to Event Log buffer
3. event_log_measure and event_log_record - called by
'event_log_measure_and_record' to measure and record the measurement
to the Event Log buffer
Change-Id: I1aabb57f79bead726fcf36d59839702cd6a3521d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Updated mbedTLS driver to include mbedTLS functions necessary for a
DRTM supported build.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: If0120374a971519cf84f93e0c59e1a320a72cd97
Updated crypto module to include crypto calls necessary for a
DRTM supported build.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Change-Id: I4f945997824393f46864b7fb7fd380308a025452
The Arm(R) Ethos(TM)-N NPU driver now supports configuring the SMMU
streams that the NPU shall use and will therefore no longer delegate
access to these registers to the non-secure world. In order for the
driver to support this, the device tree parsing has been updated to
support parsing the allocators used by the NPU and what SMMU stream that
is associated with each allocator.
To keep track of what NPU device each allocator is associated with, the
resulting config from the device tree parsing will now group the NPU
cores and allocators into their respective NPU device.
The SMC API has been changed to allow the caller to specify what
allocator the NPU shall be configured to use and the API version has
been bumped to indicate this change.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I6ac43819133138614e3f55a014e93466fe3d5277
Moving putchar() out of libc and adding a weak dummy
implementation in libc.
This is to remove libc's dependencies to the platform
driver.
Signed-off-by: Claus Pedersen <claustbp@google.com>
Change-Id: Ib7fefaec0babb783def614ea23521f482fa4a28a
Provide a new makefile as a convenience for platform makefiles to pull
in the list of source files and headers for the RSS communication
driver.
Change-Id: I188a1a8f4e77318cdc87c3155b280090c46ce813
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Unit Attention Condition (UAC) gets set on a warm reset. Sending any
command (other than INQUIRY and REPORT LUNs) clears UAC, so its good to
add some retries when UAC is encountered
Signed-off-by: Anand Saminathan <anans@google.com>
Change-Id: Ia03b916d68565d0f3d25086b7f6d8c51d557b64f
The current comms protocol (where arguments and return data is embedded
into the MHU message) is now protocol v0. Protocol v1 embeds pointers
into the message, and has the RSS retrieve the data via DMA.
Change-Id: I08d7f09c4eaea673769fde9eee194447a99f1b78
Signed-off-by: Raef Coles <raef.coles@arm.com>
If the flag STM32MP_RECONFIGURE_CONSOLE is set in BL32, the UART init
should be skipped if the UART clock is set to zero. This will be used
when configuring the default console, after an early console has been
configured.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Icbc640c7bdd6342f9c3ec1586a0d0c64127b18b8
Add the pincontrol configuration and clock enable in UART driver
with information found in the device tree.
This patch avoids an issue on STM32MP13x platform because the UART
configuration is reset by the ROM code for UART serial boot
(STM32MP_UART_PROGRAMMER=1).
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I575fd0e1026b857059abcfd4a3166eb3a239e1fd
Move the definition of DT_UART_COMPAT in stm32mp1_def.h to be used
in several files.
Change-Id: I74d0350bcd971df9b15697f2b9ec04061d6a7656
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Yann Gautier
Maninder Singh
David Vincze
Boyan Karatotev
Mate Toth-Pal
Jiafei Pan
Pankaj Gupta
Manish V Badarkhe
Lionel Debieve
Nicolas Toromanoff
Sandrine Bailleux
Vijayenthiran Subramaniam
Tamas Ban
Mikael Olsson
Claus Pedersen
Anand Saminathan
Raef Coles
Yann Gautier
Patrick Delaunay