Currently the EL1 part of the context structure (el1_sysregs_t),
is coupled with feature flags reducing the context memory allocation
for platforms, that don't enable/support all the architectural
features at once.
Similar to the el2 context optimization commit-"d6af234" this patch
further improves this section by converting the assembly context-offset
entries into a c structure. It relies on garbage collection of the
linker removing unreferenced structures from memory, as well as aiding
in readability and future maintenance. Additionally, it eliminates
the #ifs usage in 'context_mgmt.c' source file.
Change-Id: If6075931cec994bc89231241337eccc7042c5ede
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Refactor console_flush() and console_switch_state(CONSOLE_FLAG_RUNTIME)
to bl31_main(). This has been done per the recommendation in TF-A
mailing list. These calls need to be the last calls, after any runtime
initialization has been done, before BL31 exits.
All platforms that override the generic implementation of
bl31_plat_runtime_setup() have been refactored. The console_flush()
and console_switch_state() calls have been removed as they become
part of bl31_main() function.
Any platform that don't need to make any change to the generic (weak)
implementation of bl31_plat_runtime_setup() don't need to override it
in their platforms.
Change-Id: I6d04d6daa9353daeaa7e3df9e9adf6f322a917b8
Signed-off-by: Salman Nabi <salman.nabi@arm.com>
TF-A plans to move the console_flush() and
console_switch_state(CONOSLE_FLAG_RUNTIME) calls to bl31_main() just
before BL31 exits.
For now we are mimicking the generic implementation by calling flush
and changing the console state to runtime at the end of
bl31_plat_runtime_setup() for each platform. This is so that each
platform can test it prior to moving flush and switch to bl31_main().
This patch affects Nvidia platform only.
Change-Id: I78c148f50e8ee881e1816cab6eeea3765dc469e5
Signed-off-by: Salman Nabi <salman.nabi@arm.com>
The toolchain refactor change introduces the `${toolchain}-${tool}-id`
variables, which provide identifiers for all of the toolchain tools used
by the build system. This change replaces the various conditions that
are in use to identify these tools based on the path with a standard set
of comparisons against these new identifier variables.
Change-Id: Ib60e592359fa6e415c19a012e68d660f87436ca7
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change migrates the values of `CC`, `CPP`, `AS` and other toolchain
variables to the new `$(toolchain)-$(tool)` variables, which were
introduced by the toolchain refactor patch. These variables should be
equivalent to the values that they're replacing.
Change-Id: I644fe4ce82ef1894bed129ddb4b6ab94fb04985d
Signed-off-by: Chris Kay <chris.kay@arm.com>
The error code for plat_core_pos_by_mpidr() for an invalid mpidr should
be -1 as mandated by portig guide, but for tegra t186 return value is
PSCI_E_NOT_PRESENT (-7) even though the comment at top of function says
that it should return -1.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I2b69bc1a56f7966f21b2a3c89c515ebde41e3eb8
This patch removes RAS_FFH_SUPPORT macro which is the combination of
ENABLE_FEAT_RAS and HANDLE_EA_EL3_FIRST_NS. Instead introduce an
internal macro FFH_SUPPORT which gets enabled when platforms wants
to enable lower EL EA handling at EL3. The internal macro FFH_SUPPORT
will be automatically enabled if HANDLE_EA_EL3_FIRST_NS is enabled.
FFH_SUPPORT along with ENABLE_FEAT_RAS will be used in source files
to provide equivalent check which was provided by RAS_FFH_SUPPORT
earlier. In generic code we needed a macro which could abstract both
HANDLE_EA_EL3_FIRST_NS and RAS_FFH_SUPPORT macros that had limitations.
Former was tied up with NS world only while the latter was tied to RAS
feature.
This is to allow Secure/Realm world to have their own FFH macros
in future.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ie5692ccbf462f5dcc3f005a5beea5aa35124ac73
With commit@f5211420b(refactor(cpufeat): refactor arch feature build
options all mandatory options are enabled with
'make_helpers/arch_features.mk' so avoid enabling of mandatory features
in platform makefile.
Use correct Arch Major/Minor to get all the mandatory features enabled
by default.
Change-Id: Ia214aa75dc9caea949f697ecafb1ef1812c6d899
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
The ability to read a character from the console constitutes an attack
vector into TF-A, as it gives attackers a means to inject arbitrary
data into TF-A. It is dangerous to keep that feature enabled if not
strictly necessary, especially in production firmware builds.
Thus, we need a way to disable this feature. Moreover, when it is
disabled, all related code should be eliminated from the firmware
binaries, such that no remnant/dead getc() code remains in memory,
which could otherwise be used as a gadget as part of a bigger security
attack.
This patch disables getc() feature by default. For legitimate getc()
use cases [1], it can be explicitly enabled by building TF-A with
ENABLE_CONSOLE_GETC=1.
The following changes are introduced when getc() is disabled:
- The multi-console framework no longer provides the console_getc()
function.
- If the console driver selected by the platform attempts to register
a getc() callback into the multi-console framework then TF-A will
now fail to build.
If registered through the assembly function finish_console_register():
- On AArch64, you'll get:
Error: undefined symbol CONSOLE_T_GETC used as an immediate value.
- On AArch32, you'll get:
Error: internal_relocation (type: OFFSET_IMM) not fixed up
If registered through the C function console_register(), this requires
populating a struct console with a getc field, which will trigger:
error: 'console_t' {aka 'struct console'} has no member named 'getc'
- All console drivers which previously registered a getc() callback
have been modified to do so only when ENABLE_CONSOLE_GETC=1.
[1] Example of such use cases would be:
- Firmware recovery: retrieving a golden BL2 image over the console in
order to repair a broken firmware on a bricked board.
- Factory CLI tool: Drive some soak tests through the console.
Discussed on TF-A mailing list here:
https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/YS7F6RCNTWBTEOBLAXIRTXWIOYINVRW7/
Change-Id: Icb412304cd23dbdd7662df7cf8992267b7975cc5
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>
Align entire TF-A to use Arm in copyright header.
Change-Id: Ief9992169efdab61d0da6bd8c5180de7a4bc2244
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Per SMCCC documentation, bits [23:17] must be zero for Fast
SMCs. Other values are reserved for future use. Ensure that
these bits are zeroes for TEGRA_SIP_PMC_COMMANDS.
Commit f8a35797 introduced a check to return error if these
bits are not zero, thus breaking Tegra210 platforms. This
patch fixes the anomaly.
Change-Id: I19edc3b33c999a6fee6b86184233fba146316466
Signed-off-by: Kalyani Chidambaram Vaidyanathan <kalyanic@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The current usage of RAS_EXTENSION in TF-A codebase is to cater for two
things in TF-A :
1. Pull in necessary framework and platform hooks for Firmware first
handling(FFH) of RAS errors.
2. Manage the FEAT_RAS extension when switching the worlds.
FFH means that all the EAs from NS are trapped in EL3 first and signaled
to NS world later after the first handling is done in firmware. There is
an alternate way of handling RAS errors viz Kernel First handling(KFH).
Tying FEAT_RAS to RAS_EXTENSION build flag was not correct as the
feature is needed for proper handling KFH in as well.
This patch breaks down the RAS_EXTENSION flag into a flag to denote the
CPU architecture `ENABLE_FEAT_RAS` which is used in context management
during world switch and another flag `RAS_FFH_SUPPORT` to pull in
required framework and platform hooks for FFH.
Proper support for KFH will be added in future patches.
BREAKING CHANGE: The previous RAS_EXTENSION is now deprecated. The
equivalent functionality can be achieved by the following
2 options:
- ENABLE_FEAT_RAS
- RAS_FFH_SUPPORT
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I1abb9ab6622b8f1b15712b12f17612804d48a6ec
Commit 3e14df6f6 removed the code to clear the CPU registers X0 - X3,
which affected the Tegra platforms. Tegra platforms rely on the boot
parameters passed through custom mechanisms and do not use these
general purpose registers, but maintained sanity checks to support
legacy bootloaders. These sanity checks went out of sync due to the
code cleanup from bl31_entrypoint().
This patch removes the checks and calls the SOC specific handlers to
retrieve the boot parameters.
Change-Id: I0cf4d9c0370c33ff7715b48592b6bc0602f3c93e
Signed-off-by: Kalyani Chidambaram Vaidyanathan <kalyanic@nvidia.com>
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch implements the pwr_domain_off_early handler for
Tegra platforms.
Powering off the boot core on some Tegra platforms is not
allowed and the SOC specific helper functions for Tegra194,
Tegra210 and Tegra186 implement this restriction.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I9d06e0eee12314764adb0422e023a5bec6ed9c1e
This patch introduces a workaround to support the legacy SMC FID
0xC2FEFE00 to maintain compatibility with older software components.
Change-Id: Icf2ef9cfa6b28c09bbab325a642d0b3b20b23535
Signed-off-by: Kalyani Chidambaram Vaidyanathan <kalyanic@nvidia.com>
This patch appends the chip's major revision to the chip id value
to form the SoC version value expected by the SMCCC_GET_SOC_VERSION
function ID.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I09118f446f6b8198588826d4a161bd97dcb6a581
Some of our specialized sections are not prefixed with the conventional
period. The compiler uses input section names to derive certain other
section names (e.g. `.rela.text`, `.relacpu_ops`), and these can be
difficult to select in linker scripts when there is a lack of a
delimiter.
This change introduces the period prefix to all specialized section
names.
BREAKING-CHANGE: All input and output linker section names have been
prefixed with the period character, e.g. `cpu_ops` -> `.cpu_ops`.
Change-Id: I51c13c5266d5975fbd944ef4961328e72f82fc1c
Signed-off-by: Chris Kay <chris.kay@arm.com>
TF-A wants to eventually enable -Wold-style-definition globally. Convert
the rare few instances where this is still the case.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I9c450fc875cf097e6de2ed577ea3b085821c9f5e
Current RAS framework in TF-A only supports handling errors originating
from NS world but the HANDLE_EA_EL3_FIRST flag configures it for all
lower Els. To make the current design of RAS explicit, rename this macro
to HANDLE_EA_EL3_FIRST_NS and set EA bit in scr_el3 only when
switching to NS world.
Note: I am unaware of any platform which traps errors originating in
Secure world to EL3, if there is any such platform then it need to
be explicitly implemented in TF-A
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: If58eb201d8fa792c16325c85c26056e9b409b750
The ERXCTLR_EL1 register reads are RES0 for some error records
leading to a false assert on a read back.
This patch removes the assert on reading back the ERXCTLR_EL1
register to fix this issue.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I0cab30b12656a800ba87b8bb94b4c67a2331dee6
Use long instead of long long on aarch64 for 64_t stdint types.
Introduce inttypes.h to properly support printf format specifiers for
fixed width types for such change.
Change-Id: I0bca594687a996fde0a9702d7a383055b99f10a1
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
This has been introduced to simplify dependencies on the FDT wrappers.
We generally want to avoid pulling in components on a file-by-file
basis, particularly as we are trying to draw conceptual boxes around
components in preparation for transitioning the build system to CMake,
where dependencies are modelled on libraries rather than files.
Signed-off-by: Chris Kay <chris.kay@arm.com>
Change-Id: Idb7ee05a9b54a8caa3e07f36e608867e20b6dcd5
The Tegra132 platforms have reached their end of life and are
no longer used in the field. Internally and externally, all
known programs have removed support for this legacy platform.
This change removes this platform from the Tegra tree as a result.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I72edb689293e23b63290cdcaef60468b90687a5a
Put default ea handler implementation into function plat_default_ea_handler()
which just print verbose information and panic, so it can be called also
from overwritten / weak function plat_ea_handler() implementation.
Replace every custom implementation of printing verbose error message of
external aborts in custom plat_ea_handler() functions by a common
implementation from plat_default_ea_handler() function.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I15897f61b62b4c3c29351e693f51d4df381f3b98
Use the macros that are now defined in include/lib/smccc.h.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Ibe3c17acd2482b7779318c8a922a138dcace5554
Renamed SMC API from "plat_smccc_feature_available" to
"plat_is_smccc_feature_available" as per the current implementation.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ib0fa400816fba61039c2029a9e127501a6a36811
And from crash_console_flush.
We ignore the error information return by console_flush in _every_
place where we call it, and casting the return type to void does not
work around the MISRA violation that this causes. Instead, we collect
the error information from the driver (to avoid changing that API), and
don't return it to the caller.
Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Use common ehf file for generic frameworks like SDEI, RAS and
extend plat specific defines using 'PLAT_EHF_DESC'.
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Change-Id: I8a8161c6030f8d226a8bdf0301e7fe6139f019a4
If the CPU doesn't run from BL31_BASE, the firmware needs to be
copied from load address to BL31_BASE during cold boot. The size
should be the actual size of the code, which is indicated by the
__RELA_END__ linker variable.
This patch updates the copy routine to use this variable as a
result.
Signed-off-by: anzhou <anzhou@nvidia.com>
Change-Id: Ie3a48dd54cda1dc152204903d609da3117a0ced9
The the GIC CPU interface should be disabled after cpu off. The
Tegra power management code should mark the connected core as asleep
as part of the CPU off sequence.
This patch disables the GICC after CPU off as a result.
Signed-off-by: anzhou <anzhou@nvidia.com>
Change-Id: Ib1a3d8903f5e6d55bd2ee0c16134dbe2562235ea
This patch moves the BL31_SIZE to the Tegra SoC specific
tegra_def.h. This helps newer platforms configure the size of
the memory available for BL31.
Signed-off-by: anzhou <anzhou@nvidia.com>
Change-Id: I43c60b82fa7e43d5b05d87fbe7d673d729380d82
This patch sanity checks the power state type before use,
from the platform's PSCI handler.
Verified with TFTF Standard Test Suite.
Change-Id: Icd45faac6c023d4ce7f3597b698d01b91a218124
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The delay_timer driver for Tegra uses the CNTPS_TVAL_EL1 secure, physical,
decrementing timer as the source. The current logic incorrectly marks this
as an incrementing timer, by negating the timer value.
This patch fixes the anomaly and updates the driver to remove this logic.
Signed-off-by: anzhou <anzhou@nvidia.com>
Change-Id: I60490bdcaf0b66bf4553a6de3f4e4e32109017f4
Tegra SoCs would like the flexibility to perform chip specific actions
before we complete cold boot. This patch introduces a platform specific
'runtime_setup' handler to provide that flexibility.
Change-Id: I13b2489f631f775cae6f92acf51a240cd036ef11
Signed-off-by: Kalyani Chidambaram Vaidyanathan <kalyanic@nvidia.com>
The SVE CPU extension library reads the id_aa64pfr0_el1 register to
check if SVE is enabled. Tegra platforms disabled ENABLE_SVE_FOR_NS for
pre-8.2 platforms, but this flag can safely be enabled now that the
library can enable the feature at runtime.
This patch updates the makefile to remove "ENABLE_SVE_FOR_NS = 0"
as a result.
Change-Id: Ia2a89ac90644f8c0d39b41d321e04458ff6be6e1
Signed-off-by: Kalyani Chidambaram Vaidyanathan <kalyanic@nvidia.com>
This patch removes the unused header from the Tegra194
platform files. As a result, the TSA MMIO would be
removed from the memory map too.
Change-Id: I2d38b3da7a119f5dfd6cfd429e481f4e6ad3481e
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The driver initially contained the setup steps to help Tegra186
and Tegra194 SoCs. In order to support future SoCs and make sure
that the driver remains generic enough, some code should be moved
to SoC.
This patch creates a setup handler for a platform to implement its
initialization sequence.
Change-Id: I8bab7fd07f25e0457ead8e2d2713efe54782a59b
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The stream ID security configuration settings shall be done by the
previous level bootloader. This change removes the same settings
from the Tegra194 platform code as a result.
Change-Id: Ia170ca4c2119db8f1d0251f1c193add006f81004
Signed-off-by: Pritesh Raithatha <praithatha@nvidia.com>
The stream ID override configuration is saved during System Suspend
as part MB1 bct. This change removes the same support from the Tegra194
platform code as a result.
Change-Id: I4c19dc0d8b29190908673fb5ed7ed892af8906ab
Signed-off-by: Pritesh Raithatha <praithatha@nvidia.com>
This patch adds prints to display the completion of System Suspend
programming sequence for Tegra platforms. The console needs to
be kept alive until the very end of the System Suspend sequence as
a result.
Change-Id: I8e0e2054a272665d0a067bb894dda1605a9d2eb7
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
After enabling the strict checking mode, verify that
the strict mode has really been enabled by querying
the MCE.
If the mode is found to be disabled, the code should
assert.
Change-Id: I113ec8decb737f8208059a2a3ba3076fad77890e
Signed-off-by: Anthony Zhou <anzhou@nvidia.com>
The Memory controller expects the TZDRAM base value at 1MB granularity
and the current driver does not respect that limitation. This patch
fixes that anomaly.
Change-Id: I6b72270f331ba5081e19811df4a78623e457341a
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
In order to make sure SMC call is within 25us, this patch reduces number of RAS
errors accessed to 8 at most for each SMC call and takes a input/output
parameter to specify in progress RAS error record index.
The measured SMC call latency is about 20us under Linux test kernel driver.
Change-Id: Ia1b57c8673e0193dc341a36af0b5c09fb48f965f
Signed-off-by: David Pu <dpu@nvidia.com>
The TEGRA_GICv2_SOURCES contains the list of GIC sources required
to compile the GICv2 support for platforms.
This patch includes the TEGRA_GICv2_SOURCES macro from individual
makefiles to allow future platforms to use suport for GICv3.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I429b1a0c7764ab370675f873a50cecda871110cb
This patch adds memory barriers to the trampoline code copying TZDRAM
contents to SysRAM during exit from System Suspend. These barriers
make sure that all the copies go through before we start executing in
SysRAM.
Reported by: Nathan Tuck <ntuck@nvidia.com>
Change-Id: I3fd2964086b6c0e044cc4165051a4801440db9cd
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The Memory Controller provides a control register to check
if the video memory can be resized. The previous bootloader
might have locked this feature, which will be reflected by
this register.
This patch reads the control register before processing
a video memory resize request. An error code, -ENOTSUP,
is returned if the feature is locked.
Change-Id: Ia1d67f7a94aa15c6b18ff5c9b9b952e179596ae3
Signed-off-by: Anthony Zhou <anzhou@nvidia.com>
Jayanth Dodderi Chidanand
Salman Nabi
Chris Kay
Manish Pandey
Govindraj Raja
Sandrine Bailleux
Kalyani Chidambaram Vaidyanathan
Elyes Haouas
Varun Wadekar
Boyan Karatotev
Scott Branden
Pali Rohár
Yann Gautier
Manish V Badarkhe
Jimmy Brisson
Sandeep Tripathy
anzhou
Pritesh Raithatha
David Pu