The BL31 log driver is registered before the xlat tables are initialized,
at that point the log memory is configured as device memory and can only
be accessed with up-to-32bit aligned accesses. Adjust the driver to do
just that.
The memset() call has to be replaced by a loop of 32bit writes to the log,
the memcpy() is trivial to replace with a single 32bit write of the entire
TLOG word. In the end, this even simplifies the code.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Change-Id: Ie9152e782e67d93e7236069a294df812e2b873bf
Retrieve peripheral base address from a define instead of
parsing the device tree. The goal is to improve execution time.
Signed-off-by: Pascal Paillet <p.paillet@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I2588c53ad3d4abcc3d7fe156458434a7940dd72b
Usually, C has no problem up-converting types to larger bit sizes. MISRA
rule 10.7 requires that you not do this, or be very explicit about this.
This resolves the following required rule:
bl1/aarch64/bl1_context_mgmt.c:81:[MISRA C-2012 Rule 10.7 (required)]<None>
The width of the composite expression "0U | ((mode & 3U) << 2U) | 1U |
0x3c0U" (32 bits) is less that the right hand operand
"18446744073709547519ULL" (64 bits).
This also resolves MISRA defects such as:
bl2/aarch64/bl2arch_setup.c:18:[MISRA C-2012 Rule 12.2 (required)]
In the expression "3U << 20", shifting more than 7 bits, the number
of bits in the essential type of the left expression, "3U", is
not allowed.
Further, MISRA requires that all shifts don't overflow. The definition of
PAGE_SIZE was (1U << 12), and 1U is 8 bits. This caused about 50 issues.
This fixes the violation by changing the definition to 1UL << 12. Since
this uses 32bits, it should not create any issues for aarch32.
This patch also contains a fix for a build failure in the sun50i_a64
platform. Specifically, these misra fixes removed a single and
instruction,
92407e73 and x19, x19, #0xffffffff
from the cm_setup_context function caused a relocation in
psci_cpus_on_start to require a linker-generated stub. This increased the
size of the .text section and caused an alignment later on to go over a
page boundary and round up to the end of RAM before placing the .data
section. This sectionn is of non-zero size and therefore causes a link
error.
The fix included in this reorders the functions during link time
without changing their ording with respect to alignment.
Change-Id: I76b4b662c3d262296728a8b9aab7a33b02087f16
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Chip select is retrieved from device tree and check
must be done regarding the MAX_CS defined.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Reviewed-by: Christophe KERELLO <christophe.kerello@st.com>
Change-Id: I03144b133bd51a845a4794f0f6bbd9402fc04936
FMC node bindings are modified to add EBI controller node.
FMC driver and associated device tree files are modified
to support these new bindings.
Change-Id: I4bf201e96a1aca20957e0dac3a3b87caadd05bdc
Signed-off-by: Christophe Kerello <christophe.kerello@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
In the function gicv2_set_spi_routing, the signed value proc_num is cast
to unsigned int before being compared to other unsigned values in two
assert calls. The value proc_num can be a negative value, and once the
negative value is cast to unsigned it becomes a very large number which
will trigger the assert. This patch changes the assert cast so that the
unsigned values are cast to signed instead, keeping the same functionality
but allowing proc_num to be negative.
This bug can be seen when running the SDEI RM_ANY routing mode test in
TFTF on the Juno platform.
This patch also makes the usage of the proc_num variable in other gicv2
functions more clear.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: If1b98eebb00bd9b73862e5e995e5e68c168170a6
And from crash_console_flush.
We ignore the error information return by console_flush in _every_
place where we call it, and casting the return type to void does not
work around the MISRA violation that this causes. Instead, we collect
the error information from the driver (to avoid changing that API), and
don't return it to the caller.
Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Clear interrupt flag register after each sector read to avoid
issue when checking the register status.
Without clearing the interrupt, the status read doesn't wait
properly the ready bit.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: If290e3f165b986f0e736bb1b5e4d3dad4b749d74
The polarity inversion for USB was not tested due to lack of hw design
which requires it. Currently all supported boards doesn't require USB
phy polarity inversion, therefore COMPHY_POLARITY_NO_INVERT is set for
all boards. Enable the option for the ones that need it.
Change-Id: Ia5f2ee313a93962e94963e2dd8a759ef6d9da369
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
The cp110 comphy has ability to invert RX and/or TX polarity. Polarity
depends on board design. Currently all supported boards doesn't require
SATA phy polarity invert, therefore COMPHY_POLARITY_NO_INVERT is set for
all boards.
Change-Id: Ifd0bc6aaf8a76a0928132b197422f3193cf020d5
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
According to erratum IPCE_COMPHY-1353 the TX_IDLE bit should
be toggled in addition to the XFI/SFI PHY reset.
Change-Id: Idd2c2abfcb2f960caa01e6d69db524c2e4734f50
Signed-off-by: Marcin Wojtas <mw@semihalf.com>
Do not force non-secure access level for PIDI masters when LLC_SRAM
is enabled. The EIP197 is located on CP0 and need to access secure
SRAM in AP LLC. This requires EIP197 DMA to have AXPROT[1]=0 and not
changed when forwarded to address decoding tables.
Change-Id: I8962db94a124350c14220ba6d0364d294ae4664a
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Added ccu window to allow access to addresses
in the range [0xf100_0000, 0xf1ff_ffff].
Change-Id: I63ee68338d674114d01cd627198dc907653493e8
Signed-off-by: Alex Leibovich <alexl@marvell.com>
This patch migrates the mbedcrypto dependency for TF-A
to mbedTLS repo v2.24.0 which is the latest release tag.
The relevant documentation is updated to reflect the
use of new version.
Change-Id: I116f44242e8c98e856416ea871d11abd3234dac1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
A GICv3 interrupt controller will be instantiated for a certain number
of cores. This will result in the respective number of GICR frames. The
last frame will have the "Last" bit set in its GICR_TYPER register.
For platforms with a topology unknown at build time (the Arm FPGAs, for
instance), we need to learn the number of used cores at runtime, to size
the GICR region in the devicetree accordingly.
Add a generic function that iterates over all GICR frames until it
encounters one with the "Last" bit set. It returns the number of cores
the GICv3 has been configured for.
Change-Id: I79f033c50dfc1c275aba7122725868811abcc4f8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
MCKPROT hardening in RCC mandates that both bits RCC[TZEN] and
RCC[MCKPROT] are enabled. This change fixes stm32mp1_rcc_is_mckprot()
to check both bits, not RCC[MCKPROT] only.
This change also updates stm32mp1_rcc_is_secure() for consistency.
Change-Id: If1f07babdcb5677906ddbf974d9dc17255d4e174
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The ICR static flags are cleared before sending a command.
The SDMMC_DCTRLR register is set to 0 if no data is expected on a given
command or on the next command in case of CMD55.
Change-Id: I5ae172a484218f53160e98b3684967c6960475a6
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The retries number should be 3.
A warning message is added in mmc_block_read(), and the code is refactored.
Change-Id: I577c7dd91c451c7580b1660042cb5fe26ee3fa12
Signed-off-by: Yann Gautier <yann.gautier@st.com>
nand_wait_ready is called with a millisecond delay
but the timeout used a micro second. Fixing the conversion
in the timeout call.
The prototype of the function is also changed to use an unsigned int
parameter.
Change-Id: Ia3281be7980477dfbfdb842308d35ecd8b926fb8
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change the detection message from WARN to INFO when macronix
NOR is detected.
Change-Id: I488696f1fb75b823e85decfcd6cd32e7b36a6c2e
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The call to fdt_get_status(node) has to be done after the DT is found
to be valid.
Fixes: 1fc2130c5 stm32mp1: update device tree and gpio functions
Change-Id: I70f803aae3dde128a9e740f54c8837b64cb1a244
Signed-off-by: Yann Gautier <yann.gautier@st.com>
While restarting a new hash computation, STR register
is not cleared. It needs to be written before each
computation.
Change-Id: If65902dd21f9c139ec5da3ca87721232f73710db
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Builds in Debug mode with Measured Boot enabled might run out of trusted
SRAM. This patch allows to change the Log Level at which the Measured Boot
driver will dump the event log, so the latter can be accessed even on
Release builds if necessary, saving space on RAM.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I133689e313776cb3f231b774c26cbca4760fa120
Loop macros make it easier for developers to include new variables to
assert or define and also help code code readability on makefiles.
Change-Id: I0d21d6e67b3eca8976c4d856ac8ccc02c8bb5ffa
Signed-off-by: Leonardo Sandoval <leonardo.sandoval@linaro.org>
The DRIVEVBUS power rail of the AXP803 PMIC is mostly used to supply
the USB bus power on micro USB sockets, when used in host mode. As this
is a dynamic operation, and mostly we want micro USB sockets to act in
client mode initially, BL31 should not actually enable this power line.
However, on some boards DRIVEVBUS is used to supply power to normal
USB-A sockets. Failing to activate this line there results in
non-functional USB in U-Boot on those boards.
For that reason we were enabling DRIVEVBUS so far, as it did not seem to
cause any harm to the other boards. However it turns out that on the
Pinephone (and other systems with a battery), actually enabling DRIVEVBUS
unconditionally causes serious problems (reboot loop).
To accommodate both use cases, without reverting to a build time option,
check the default OTG configuration in the devicetree. For boards with
USB-A sockets this is set to "host", on boards with micro-B sockets to
"otg". Depending on this setting, we either enable DRIVEVBUS or leave it
alone.
This fixes TF-A on the Pinephone and potentially other battery powered
devices.
Change-Id: Iec0e07f218b2b4393bf4e05c3386261f8ed19e9f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
For dualroot CoT there are two sets of SP certificates, one owned by
Silicon Provider(SiP) and other owned by Platform. Each certificate can
have a maximum of 4 SPs.
This patch reduces the number of SiP owned SPs from 8 to 4 and adds
the remaining 4 to Plat owned SP.
Plat owned SP certificate is signed using Platform RoT key and
protected against anti-rollback using the Non-trusted Non-volatile
counter.
Change-Id: Idc3ddd87d6d85a5506a7435f45a6ec17c4c50425
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
ERRATA ID: RES-3033912 - Internal Address Space Init state causes
a hang upon accesses to [0xf070_0000, 0xf07f_ffff]
Workaround: Boot Firmware (ATF) should configure CCU_RGF_WIN(4) to
split [0x6e_0000, 0xff_ffff] to values [0x6e_0000, 0x6f_ffff] and
[0x80_0000, 0xff_ffff] that cause accesses to the segment of
[0xf070_0000, 0xf07f_ffff] to act as RAZWI. Reuse common
work-around code for both AP806 and AP807.
Change-Id: Ia91a4802d02917d1682faa0c81571093d1687d97
Signed-off-by: Stefan Chulski <stefanc@marvell.com>
Currently only single signing domain is supported for SP packages but
there is plan to support dual signing domains if CoT is dualroot.
SP_CONTENT_CERT_ID is the certificate file which is currently generated
and signed with trusted world key which in-turn is derived from Silicon
provider RoT key.
To allow dual signing domain for SP packages, other certificate file
will be derived from Platform owned RoT key.
This patch renames "SP_CONTENT_CERT_ID" to "SIP_SP_CONTENT_CERT_ID" and
does other related changes.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I0bc445a3ab257e2dac03faa64f46e36a9fed5e93
This patch fixes defects 10.3, 10.4, 10.7, 20.7
reported by MISRA-2012 scan and adds braces for
conditional statements according to the TF-A
coding style.
Change-Id: If84ed31cdd55bc8e7cdd2a5f48c0dacc25792112
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch adds support for Event Log generation required
for Measured Boot functionality.
Change-Id: I34f05a33565e6659e78499d62cc6fb00b7d6c2dc
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
The Arm GIC-Clayton IP has the same power management requirements as
the GIC-600, when it comes to powering up the redistributors before
using them.
Add the IIDR value to the existing list of implementations requiring
the power sequence.
Change-Id: Ib965dfe278c40a4fff94f65a8d445c27a2ae6fd2
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch moves all GICv2 driver files into new added
'gicv2.mk' makefile for the benefit of the generic driver
which can evolve in the future without affecting platforms.
NOTE: Usage of 'drivers/arm/gic/common/gic_common.c' file
is now deprecated and platforms with GICv2 driver need to
be modified to include 'drivers/arm/gic/v2/gicv2.mk' in
their makefiles.
Change-Id: Ib10e71bdda0e5c7e80a049ddce2de1dd839602d1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
The cause of failure is not memory shortage.
The comment for ENFILE in include/lib/libc/errno.h
/* Too many open files in system */
... is a better match to the warning message here.
Change-Id: I45a1740995d464edd8b3e32b93f1f92ba17e5874
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
- Fix the line address macro
- LLC invalidate and enable before ways lock for allocation
- Add support for limited SRAM size allocation
- Add SRAM RW test function
Change-Id: I1867ece3047566ddd7931bd7472e1f47fb42c8d4
Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
Since the AP process can be enabled on different setups, the information
about used comphy lane should be passed to AP FW. For instance:
- A8K development board uses comphy lane 2 for eth 0
- cn913x development board uses comphy lane 4 for eth 0
Change-Id: Icf001fb3eea4d9c24c09384e49844ecaf8655ad2
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
Now when mg_conf_cm3 driver is present - move all relevant code there.
Change-Id: I444d9e877c450d6ee69ca3a49b547e4c3aeac0be
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
After configuring comphy to AP mode also start AP FW.
Change-Id: Ib28977d7ee643575a818ba17f69dea0b7e8e0df4
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
Implement function which will allow to start AP FW.
Change-Id: Ie0fc8ad138bf56b10809cdc92d1e5e96a2aaf33f
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
The assignments to 'result' are unneeded.
Change-Id: I18899f10bf9bd7f219f0e47a981683d8b4701bde
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Register in the shared resources driver the secure or non-secure state
of the HASH instances. Note that only BL32 needs to register the
shared peripheral because BL2 does not embed the shared resources
driver.
Change-Id: I7f78fa8e47da71d48ef8b1dfe4d6f040fe918d8b
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Register in the shared resources driver the secure or non-secure state
of the GPIO pins.
Change-Id: Ifda473bcbbb0af799be6587961d6641edf887605
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Register in the shared resources driver the secure or non-secure state
of the IWDG instances.
Change-Id: I3a3bc9525447f6a2a465891ca3a3fd5fe664ca07
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Register in the shared resources driver the secure or non-secure
state of the PMIC.
Change-Id: Ic1f172ba62785018f8e9bb321782d725e2d2f434
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Introduce stm32mp1_register_clock_parents_secure() in stm32mp1
clock driver to allow platform shared resources to register as
secure the parent clocks of a clock registered as secure.
Change-Id: I53a9ab6aa78ee840ededce67e7b12a84e08ee843
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
This patch adds the IIDR value for GIC600-AE to the gicv3_is_gic600()
helper function. This helps platforms supporting this version of the
GIC600 interrupt controller to function with the generic GIC driver.
Verified with tftf-validation test suite
******************************* Summary *******************************
> Test suite 'Framework Validation'
Passed
> Test suite 'Timer framework Validation'
Passed
=================================
Tests Skipped : 0
Tests Passed : 6
Tests Failed : 0
Tests Crashed : 0
Total tests : 6
=================================
NOTICE: Exiting tests.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I518ae7b56f7f372e374e453287d76ca370fc3574
Cleaned up confused naming between TB_FW and FW_CONFIG.
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I9e9f6e6ca076d38fee0388f97d370431ae067f08
Marek Vasut
Yann Gautier
Jimmy Brisson
Lionel Debieve
Christophe Kerello
johpow01
Grzegorz Jaszczyk
Marcin Wojtas
Konstantin Porotchkin
Alex Leibovich
Alexei Fedorov
Andre Przywara
Etienne Carriere
Javier Almansa Sobrino
Leonardo Sandoval
Manish Pandey
Stefan Chulski
Bharat Gooty
Masahiro Yamada
Varun Wadekar
Manish V Badarkhe