Set OCRAM as secure region and required privileged access in BL31 to
prevent software running in normal world (non-secure) accessing memory
region in OCRAM which may contain sensitive information (e.g. FSBL,
handoff data)
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ib6b24efd69f49cd3f9aa4ef2ea9f1af5ce582bd6
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Move codes that previously were part of system_manager driver into
firewall driver which are more appropriate based on their functionalities.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I35e9d792f35ee7491c2f306781417a0c8faae3fd
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Refactor NOC header to be shareable across both Stratix 10 and Agilex
platforms. This patch also removes redundant NOC declarations in system
manager header file.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I6348b67a8b54c2ad19327d6b8c25ae37d25e4b4a
Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
HSD #1509626040:
This patch is to add the flexibility for BL2 and BL31
to choose different UART output port at platform_def.h
using parameter PLAT_INTEL_UART_BASE
This patch also fixing the plat_helpers.S where the
UART BASE is hardcoded to PLAT_UART0_BASE. It is then
switched to CRASH_CONSOLE_BASE.
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Change-Id: Iccfa7ec64e4955b531905778be4da803045d3c8f
HSD #16014059592:
Add support for ROM Patch SHA384 mailbox SMC call.
Signed-off-by: Kris Chaplin <kris.chaplin@linux.intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ide9a7af41a089980745cb7216a9bf85e7fbd84e3
This adds the ncore ccu access and enable access to the
on-chip ram for N5X device in BL31.
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I713f6e93d33b6e91705547477ca32cfba5c8c13d
Define FPGA_CONFIG_SIZE and FPGA_CONFIG_ADDR in
platform-specific header. This is due to different
allocated sizes between platforms.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Iac4fbf4d4940cdf31834a9d4332f9292870dee76
SError and Abort are handled in Linux (EL1) instead of
EL3. This patch adds some functionality that complements the
use cases by Linux as follows:
- Provide SMC for ECC DBE notification to EL3
- Determine type of reset needed and service the request in
place of Linux
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I43d02c77f28004a31770be53599a5a42de412211
SIMICS builds have different UART configurations compared
to hardware build. Hence, this patch defines a macro to
differentiate between both.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Iadecd5445e06611486ac3c6a214a6d0dc8ccd27b
This commit adds a new Intel platform called N5X.
This preliminary patch only have Bl31 support.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ib31f9c4a5a0dabdce81c1d5b0d4776188add7195
This patch adds driver for Intel FPGA's Crypto Services.
These services are provided by Intel platform
Secure Device Manager(SDM) and are made accessible by
processor components (ie ATF).
Below is the list of enabled features:
- Send SDM certificates
- Efuse provision data dump
- Encryption/decryption service
- Hardware IP random number generator
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: If7604cd1cacf27a38a9a29ec6b85b07385e1ea26
Previous changes from commit #6a659448 updates resp_len from an integer
type to unsigned integer pointer type. This patch adds proper handling
in case resp_len is a null pointer. Resp_len with value 0 are also
changed to NULL to match the type change.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I75b3e3bfbb188d8e7b329ba3b948c23e31dec490
This patch defines a macro to handle Secure Device Manager's (SDM)
pointer to command & response buffer entries and convert them to the
correct physical address.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I4cf9f1d90e0d5ae4e1a2ce84165864b48c2862e7
'INTEL_SIP_SMC_MBOX_SEND_CMD' SMC runtime service will only return
mailbox status and the argument's length back to the caller
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Change-Id: I50d2ae74845794cab7bf0858e742b5a70e0ea868
This patch fixes the mailbox stall issue when sending mailbox command
that is larger than mailbox command FIFO size.
Large mailbox command will be sent to SDM in multiple chunks. HPS will
set doorbell to SDM when command FIFO full (is_doorbell_triggered will
be set to 1) to notify SDM to read the command data from FIFO, so that
HPS can continue to send the next chunk of command data.
However, HPS will not set the doorbell to SDM at the end if the doorbell
have been set earlier due to FIFO full. This will cause SDM mailbox
service stall because it is still waiting for last chunk of command data.
This patch fixes the code to always set the doorbell to SDM at the end
to get rid of stall issue.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Change-Id: Idbe62410a00d92a30c7aeaa26d53d79a910cac0a
intel_secure_reg_update function should apply mask to the value before
write into register.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Change-Id: I84bbd06e24b8666528b53030e8359743d438eb5b
This patch fix address range checker to make sure that it does not
errors out on NULL address with size 0. Non-secure software will send
this NULL address if the SMC call doesn't need to pass any address buffer.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I7e492c562a311ba989570c4ed465f845333ec865
This patch fixes the code issue detected by Klocwork scan. Pointer
'bl_mem_params' returned from call to function 'get_bl_mem_params_node'
may be NULL and the NULL pointer may be caused the system crash. Update
the code to assert if unexpected NULL pointer is returned.
Signed-off-by: Siew Chin Lim <elly.siew.chin.lim@intel.com>
Change-Id: I00f3132a6104618cadce26aa303c0b46b5921d5b
Request ownership and direct access to QSPI by default in BL2.
Previously, this is only done on QSPI boot mode.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ie222bbf9d719f2f70f89d4739c285efe6df4c955
Create a dedicated static struct mmc_device_info mmc_info mmc_info
instead of having this in stack.
A boot issue has been seen on some platform when applying patch [1].
[1] 13f3c5166f ("mmc:prevent accessing to the released space in case of wrong usage")
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Id52c0be61a30f453a551385883eaf3cbe32b04b9
This patch is used to fix remaining non compliant code for Intel
SoCFPGA's mailbox and sip driver. These changes include:
- Change non-interface required uint32_t into unsigned int
- Change non-negative variable to unsigned int
- Remove obsolete variable initialization to 0
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I3a16c7621a5fc75eb614d97d72e44c86e7d53bf5
This patch is used to fix remaining non compliant code for Intel
SocFPGA's mailbox driver. These changes include:
- adding integer literal for unsigned constant
- fix non-boolean controlling expression
- add braces even on conditional single statement bodies
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I0f8fd96a3540f35ee102fd2f2369b76fa73e39e1
Attempt to restart the mailbox if the mailbox driver not able
to write any data into the mailbox command buffer.
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Change-Id: Ia45291c985844dec9da82839cac701347534d32b
Allow mailbox command that is larger than mailbox command FIFO buffer
size to be sent to SDM in multiple chunks.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I683d5f1d04c4fdf57d11ecae6232b7ed3fc49e26
Change the main loop inside mailbox poll function from while(1) to a
retry counter named sdm_loop. This is to limit the maximum possible
looping of the function and prevent unexpected behaviour.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I63afad958fe5f656f6333b60d5a8b4c0ada3b23d
For each count down of time out counter, wait for number of
miliseconds to ensure the time out duration is predictive.
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Change-Id: I0e92dd1ef1da0ef504ec86472cf0d3c88528930b
Mailbox driver should read the response data if the response length
in the response header is non-zero even the response header indicates
error (non-zero).
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Change-Id: I928f705f43c0f46ac74b84428b830276cc4c9640
This patch factorizes mailbox read response from SDM into a function.
Also fix the logic to support reading larger than 16 words response from
SDM.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ie035ecffbbc42e12dd68061c403904c28c3b70e5
This patch modifies several basic mailbox driver features to prepare for
FCS enablement:
- Job id management for asynchronous response
- SDM command buffer full
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I78168dfb6c521d70d9cba187356b7a3c8e9b62d2
Sort and rearrange definitions in both mailbox and sip header to
increase readability and maintainability.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I5544c2f17efdf3174757c55afd8cc1062fbae856
Rename variables to improve readability of mailbox read response and
mailbox poll response flow.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Icd33ff1d2abb28eeead15e4eb9c7f9629f8cb402
Ensure 'PLAT_SEC_ENTRY' is cleared during early platform
setup. This is to prevent the slave CPU cores jump to the stale
entry point after warm reset when using U-Boot SPL as first
stage boot loader.
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Change-Id: I3294ce2f74aa691d0cf311fa30f27f9d4fb8800a
Increase INTEL_SIP_SMC_FPGA_CONFIG_SIZE from 16 to 32MB. We need higher
pre-reserved memory size between Intel service layer and secure monitor
software so we can handle JIC file authorization.
Signed-off-by: Richard Gong <richard.gong@intel.com>
Change-Id: Ibab4e42e4b7b93a4cf741e60ec9439359ba0a64c
Remove urgent argument from asynchrounous mailbox command as any urgent
command should always be synchronous
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Iaa64335db24df3a562470d0d1c3d6a3a71493319
Use pre-defined macros for return values and common mailbox arguments
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I5d549ee5358aebadf909f79fda55e83ee9844a0e
This patch update each Intel's platform makefiles to include GICv2
makefile instead of manually sourcing individual c files. This aligns
with latest changes from commit #1322dc94f7.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ib1f446a6fc578f73a9ef86f9708ddf12d7d75f48
There are additional instruction needed to enable the global timer.
This fixes the global timer initialization
Signed-off-by: Tien Hock Loh <tien.hock.loh@intel.com>
Change-Id: Idaf2d23359aacc417e2b7d8cdf1688b5cd17ca98
The CCU initialization loop uses the wrong units, this fixes that. This
also fixes snoop filter register set bits should be used instead of
overwriting the register
Signed-off-by: Tien Hock Loh <tien.hock.loh@intel.com>
Change-Id: Ia15eeeae5569b00ad84120182170d353ee221b31
FPGAINTF wasn't enabled when configuring pinmux. This fixes the issue.
Signed-off-by: Tien Hock Loh <tien.hock.loh@intel.com>
Change-Id: I5a6aacd504901b8f7327b2f4854b8a77d0c37019
DRVSEL and SMPLSEL needs to be set so that it can properly go into full
speed mode. This needs to be done in EL3 as the registers are secured.
Signed-off-by: Tien Hock Loh <tien.hock.loh@intel.com>
Change-Id: Ia2f348e7742ff7b76da74d392ef1ce71e2f41677
This fixes a few issues on the Agilex clock configuration:
- Set clock manager into boot mode before configuring clock
- Fix wrong divisor used when calculating vcocalib
- PLL sync configuration should be read and then written
- Wait PLL lock after PLL sync configuration is done
- Clear interrupt bits instead of set interrupt bits after configuration
Signed-off-by: Tien Hock Loh <tien.hock.loh@intel.com>
Change-Id: I54c1dc5fe9b102e3bbc1237a92d8471173b8af70
Modify RSU driver error code for backward-compatibility with
Linux RSU driver
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ib9e38d4017efe35d3aceeee27dce451fbd429fb5
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: I5c2fe3b6a667acf80c808cfec4a64059a2c9c25f
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch comes as fixes for 'intel: Fix Coverity Scan Defects' patch.
Revert changing argument type from uint32_t to uint64_t to fix
incompatible cast issue. Fix said bug by using intermediate uint32_t
array as a more appropriate solution.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I344cdabd432cf0a0389b225c934b35d12f4c631d
This initializes the EMAC PHY in both Stratix 10 and Agilex,
without this, EMAC PHY wouldn't work correctly.
Change-Id: I7e6b9e88fd9ef472884fcf648e6001fcb7549ae6
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Fix mailbox driver incompatible cast bug and control flow issue that
was flagged by Coverity Scan.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I3f34e98d24e40139d31cf7d5b9b973cd2d981065
This patch modify current address range checker in SiP driver to also
accept input size.
Also, include said checker for SiP mailbox send command to ensure
referenced argument is within expected address.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ie0c3cac4c3d1a6ea0194602d9aa3541f5d9a3367
This update allows normal world to send mailbox commands through SMC
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I587bea06422da90e5907d586495cd9e3bde900f6
Introduce support for RSU that can be initiated through SMC calls.
Added features as below:
- RSU status
- RSU update
- RSU HPS notify
- RSU get sub-partition
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I78d5a07688e43da99f03d77dfd45ffb4a78f2e4c
Platform handoff structure no longer includes boot source selection.
Hence, those settings can now be configured through socfpga_plat_def.h.
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: If7ec6a03bb25156a6670ebf8f77105c370b553f6
Abdul Halim, Muhammad Hadi Asyrafi
Boon Khai Ng
Sieu Mun Tang
Siew Chin Lim
Yann Gautier
Chee Hong Ang
Richard Gong
Tien Hock Loh
Andre Przywara