The default DRAM2 base address for Arm platforms
is 0x880000000. However, on some platforms the
firmware may want to move the start address to
a different value.
To support this introduce PLAT_ARM_DRAM2_BASE that
defaults to 0x880000000; but can be overridden by
a platform (e.g. in platform_def.h).
Change-Id: I0d81195e06070bc98f376444b48ada2db1666e28
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
For security DMA should be blocked at the SMMU by default
unless explicitly enabled for a device. SMMU is disabled
after reset with all streams bypassing the SMMU, and
abortion of all incoming transactions implements a default
deny policy on reset.
This patch also moves "bl1_platform_setup()" function from
arm_bl1_setup.c to FVP platforms' fvp_bl1_setup.c and
fvp_ve_bl1_setup.c files.
Change-Id: Ie0ffedc10219b1b884eb8af625bd4b6753749b1a
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
The workaround for Cortex-A76 errata #1286807 is implemented
in this patch.
Change-Id: I6c15af962ac99ce223e009f6d299cefb41043bed
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The workarounds for errata 1257314, 1262606, 1262888 and 1275112 are
added to the Cortex-A76 cpu specific file. The workarounds are disabled
by default and have to be explicitly enabled by the platform integrator.
Change-Id: I70474927374cb67725f829d159ddde9ac4edc343
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch is a preparation for the subsequent changes in
SMMUv3 driver. It introduces a new "smmuv3_poll" function
and replaces inline functions for accessing SMMU registers
with mmio read/write operations. Also the infinite loop
for the poll has been replaced with a counter based timeout.
Change-Id: I7a0547beb1509601f253e126b1a7a6ab3b0307e7
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Similar to bl31_warm_entrypoint, sp_min-based platforms may need
that for special resume handling.
Therefore move it from the private header to the sp_min platform header.
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Change-Id: I40d9eb3ff77cff88d47c1ff51d53d9b2512cbd3e
This patch forces all cacheable atomic instructions to be near, which
improves performance in highly contended parallelized use-cases.
Change-Id: I93fac62847f4af8d5eaaf3b52318c30893e947d3
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
The BL1 stage setup code for ARM platforms sets up the SP805 watchdog
controller as the secure watchdog. But not all ARM platforms use SP805
as the secure watchdog controller.
So introduce two new ARM platform code specific wrapper functions to
start and stop the secure watchdog. These functions then replace the
calls to SP805 driver in common BL1 setup code. All the ARM platforms
implement these wrapper functions by either calling into SP805 driver
or the SBSA watchdog driver.
Change-Id: I1a9a11b124cf3fac2a84f22ca40acd440a441257
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Add a driver for configuring the SBSA Generic Watchdog which aids in
the detection of errant system behaviour.
Change-Id: I5a1e7149c69fd8b85be7dfbcf511f431339946f4
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Under certain near idle conditions, DSU may miss response transfers on
the ACE master or Peripheral port, leading to deadlock. This workaround
disables high-level clock gating of the DSU to prevent this.
Change-Id: I820911d61570bacb38dd325b3519bc8d12caa14b
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Under specific conditions, the processor might issue an eviction and an
L2 cache clean operation to the interconnect in the wrong order. Set
the CPUACTLR.ENDCCASCI bit to 1 to avoid this.
Change-Id: Ide7393adeae04581fa70eb9173b742049fc3e050
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
The implementation of the heap function plat_get_mbedtls_heap() becomes
mandatory for platforms supporting TRUSTED_BOARD_BOOT.
The shared Mbed TLS heap default weak function implementation is
converted to a helper function get_mbedtls_heap_helper() which can be
used by the platforms for their own function implementation.
Change-Id: Ic8f2994e25e3d9fcd371a21ac459fdcafe07433e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
This changes the auth_img_desc_t struct to have pointers to struct
arrays instead of struct arrays. This saves memory as many of these
were never used, and can be NULL pointers. Note the memory savings are
only when these arrays are not initialised, as it is assumed these
arrays are fixed length. A possible future optimisation could allow for
variable length.
memory diff:
bl1: bl2:
text text
-12 -12
bss bss
-1463 0
data data
-56 -48
rodata rodata
-5688 -2592
total total
-7419 -2652
Change-Id: I8f9bdedf75048b8867f40c56381e3a6dc6402bcc
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
When Trusted Board Boot is enabled, we need to specify the Chain of
Trust (CoT) of the BL1 and BL2 images. A CoT consists of an array
of image descriptors. The authentication module assumes that each
image descriptor in this array is indexed by its unique image
identifier. For example, the Trusted Boot Firmware Certificate has to
be at index [TRUSTED_BOOT_FW_CERT_ID].
Unique image identifiers may not necessarily be consecutive. Also,
a given BL image might not use all image descriptors. For example, BL1
does not need any of the descriptors related to BL31. As a result, the
CoT array might contain holes, which unnecessarily takes up space in
the BL binary.
Using pointers to auth_img_desc_t structs (rather than structs
themselves) means these unused elements only use 1 pointer worth of
space, rather than one struct worth of space. This patch also changes
the code which accesses this array to reflect the change to pointers.
Image descriptors not needed in BL1 or BL2 respectively are also
ifdef'd out in this patch. For example, verifying the BL31 image is
the responsibility of BL2 so BL1 does not need any of the data
structures describing BL31.
memory diff:
bl1: bl2:
text text
-20 -20
bss bss
-1463 0
data data
-256 -48
rodata rodata
-5240 -1952
total total
-6979 -2020
Change-Id: I163668b174dc2b9bbb183acec817f2126864aaad
Signed-off-by: Joel Hutton <Joel.Hutton@Arm.com>
The Cortex-A12's primary part number is 0xC0D not 0xC0C, so
fix that to make the A12's cpu operations findable.
Change-Id: I4440a039cd57a2fe425fd8a8ec5499ca8e895e31
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
ARMv7 and Cortex-A32(ARMv8/aarch32) uses "arm-linux-gnueabi" toolchain which
has both soft-float and hard-float variants and so there could be scenarios
where soft-float toolchain is used.Even though TF-A documentation recommends
to use hard-float toolchain for aarch32 but there are external projects where
we cannot mandate the selection of toolchain and for those projects at least
the build should not fail.
Current TF-A source fails to build with soft-float toolchain because assembler
does not recognizes "vmsr" instruction which is required to enable floating
point unit.
To avoid this piece of code being compiled with soft-float toolchain add
predefined macro guard " __SOFTFP__" exposed by soft-float toolchain.
Change-Id: I76ba40906a8d622dcd476dd36ab4d277a925996c
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Types tzc_action_t and tzc_region_attributes_t are deprecated.
Change-Id: Ieefeb8521a0e1130f39d09b5c0d2728f05084773
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
The old version of the macro is deprecated.
Commit cc5859ca19 ("Multi-console: Deprecate the
`finish_console_register` macro") provides more details.
Change-Id: I3d1cdf6496db7d8e6cfbb5804f508ff46ae7e67e
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
This gives each Secure Partition complete freedom on its address space.
Previously, the memory used by the exception vectors was reserved and
couldn't be used. Also, it always had to be mapped, forcing SPM to
generate translation tables that included the exception vectors as well
as the Partition memory regions. With this change, partitions can reduce
their address space size easily.
Change-Id: I67fb5e9bdf2870b73347f23bff702fab0a8f8711
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
In order to configure and boot SCP, BL31 has to compute and send
the SHA-256 of the firmware data via scpi. Luckily Amlogic GXL SOC
has a DMA facility that could be used to offload SHA-256
computations. This adds basic support of this hardware SHA-256
engine.
Signed-off-by: Remi Pommarel <repk@triplefau.lt>
Improved support for W=1 compilation flag by solving missing-prototypes
and old-style-definition warnings.
The libraries are compiling with warnings (which turn into errors with
the Werror flag).
Outside of libraries, some warnings cannot be fixed without heavy
structural changes.
Change-Id: I1668cf99123ac4195c2a6a1d48945f7a64c67f16
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
This patch applies the new MSR instruction to directly set the
PSTATE.SSBS bit which controls speculative loads. This new instruction
is available at Neoverse N1 core so it's utilised.
Change-Id: Iee18a8b042c90fdb72d2b98f364dcfbb17510728
Signed-off-by: John Tsichritzis <john.tsichritzis@arm.com>
This erratum can only be worked around on revisions >= r3p0 because the
register that needs to be accessed only exists in those revisions[1].
[1] http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0438g/CIHEAAAD.html
Change-Id: I5d773547d7a09b5bd01dabcd19ceeaf53c186faa
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
MHU doorbell driver requires arm platform specific
macro "PLAT_CSS_MHU_BASE".
Rename it to "PLAT_MHUV2_BASE", so that platforms other than arm
can use generic MHU doorbell driver.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
This TODO was added five years ago so I assume that there is not
going to be a shutdown API added after all.
Change-Id: If0f4e2066454df773bd9bf41ed65d3a10248a2d3
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
There are some issues with synopsys MMC driver:
- CMD8 should not expect data (for SD)
- ACMD51 should expect data (Send SCR for SD)
- dw_prepare should not dictate size to be MMC_BLOCK_SIZE, block size is
now handled in the dw_prepare function
- after the CMD completes, when doing dw_read, we need to invalidate cache
and wait for the data transfer to complete
- Need to set FIFO threshold, otherwise DMA might never get the interrupt
to read or write
Signed-off-by: Tien Hock, Loh <tien.hock.loh@intel.com>
Some bugs in MMC stack needs to be fixed:
- scr cannot be local as this will cause cache issue when invalidating
after the read DMA transfer is completed
- ACMD41 needs to send voltage information in initialization, otherwise the
command is a query, thus will not initialize the controller
- when checking device state, retry until the retries counter goes to zero
before failing
Signed-off-by: Tien Hock, Loh <tien.hock.loh@intel.com>
SSBS support is determined by checking ID_AA64PFR1_EL1 and not
ID_AA64PFR0_EL1.
FixesARM-Software/tf-issues#679
Change-Id: I8ecba13b850995ec6a6ede3c2a1e02e69a3a95db
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Check for both IMPLEMENTATION_DEFINED and Architected algorithms of
Address Authentication.
Change-Id: I209dcc6087172cfef7baf8d09e0454628f02cbd0
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Fix some typos and clarify some sentences.
Change-Id: Id276d1ced9a991b4eddc5c47ad9a825e6b29ef74
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
In AArch32, execution of 2 instructions with opposite condition code
might lead to either a data corruption or a CPU deadlock. Set the bit
12 of the Diagnostic Register to prevent this.
Change-Id: I22b4f25fe933e2942fd785e411e7c0aa39d5c1f4
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Complete the MPAM enablement in TF-A for lower ELs by enabling the EL2
traps in MPAMHCR_EL2 and MPAM2_EL2.This prevents an
MPAM-unaware-hypervisor to be restricted by an MPAM-aware-guest.
Change-Id: I47bf3f833fa22baa590f83d49cc0e3f2974e698d
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
The workarounds for these errata are so closely related that it is
better to only have one patch to make it easier to understand.
Change-Id: I0287fa69aefa8b72f884833f6ed0e7775ca834e9
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
This patch provides support for using the scatterfile format as
the linker script with the 'armlink' linker for Tegra platforms.
In order to enable the scatterfile usage the following changes
have been made:
* provide mapping for ld.S symbols in bl_common.h
* include bl_common.h from all the affected files
* update the makefile rules to use the scatterfile and armlink
to compile BL31
* update pubsub.h to add sections to the scatterfile
NOTE: THIS CHANGE HAS BEEN VERIFIED WITH TEGRA PLATFORMS ONLY.
Change-Id: I7bb78b991c97d74a842e5635c74cb0b18e0fce67
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The previous commit added the infrastructure to load and save
ARMv8.3-PAuth registers during Non-secure <-> Secure world switches, but
didn't actually enable pointer authentication in the firmware.
This patch adds the functionality needed for platforms to provide
authentication keys for the firmware, and a new option (ENABLE_PAUTH) to
enable pointer authentication in the firmware itself. This option is
disabled by default, and it requires CTX_INCLUDE_PAUTH_REGS to be
enabled.
Change-Id: I35127ec271e1198d43209044de39fa712ef202a5
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Sami Mujawar
Alexei Fedorov
Soby Mathew
Heiko Stuebner
Louis Mayencourt
Aditya Angadi
Ambroise Vincent
Joel Hutton
Manish Pandey
Antonio Nino Diaz
Remi Pommarel
John Tsichritzis
Masahisa Kojima
Paul Beesley
Tien Hock, Loh
Dimitris Papastamos
Varun Wadekar