This patch adds a basic el3 spmd logical partition to the fvp platform
via a platform specific smc handler. One of the use cases for el3
logical partitions is to have the ability to translate sip calls into
ff-a direct requests via the use of spmd logical partitions. The smc
handler creates a direct request based on the incoming smc parameters
and forwards the call as a direct request from the spmd logical
partition to the target secure partition.
Change-Id: If8ba9aab8203924bd00fc1dcdf9cd05a9a04a147
This patch changes spmd.mk to include one or more SPMD logical
partitions specific to a platform. It also adds a basic SPMD logical
partition to fvp.
Change-Id: I2075e0458c92813913b28cbf4cfffc1f151e65cf
Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>
This patch adds the necessary CPU library code to support the Gelas CPU
Change-Id: I13ec4a8bb7055c1ebd0796a4a1378983d930fcb3
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Align entire TF-A to use Arm in copyright header.
Change-Id: Ief9992169efdab61d0da6bd8c5180de7a4bc2244
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Make PMC IPI channel for Versal NET as secure so that NS
systems cannot directly access or modify secure systems.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I75ba8796859dcb35644f3e144d7dc5926755ef78
Make PMC IPI channel for Versal as secure so that NS systems
cannot directly access or modify secure systems.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I22148653fa2d27941cb3031ac790892cee0d1796
Add redundant macro call to increase security by making
code glitch immune as security operations might be
called with the IPI command.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I84d84cca258b7cd981f62816c51032341e19095c
Currently security flag is set to SECURE by default and
is changed to NON_SECURE if NS system is detected. In this
case NS system may access secure system if condition check
gets skipped due to glitches.
So, initialize security_flag to NON_SECURE_FLAG and switch
to SECURE_FLAG if the TrustZone bit is detected to be
in more secure state.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I7af54465bd8744ba97a58c02607631ee23619d47
The build flags to enable the Arm(R) Ethos(TM)-N NPU driver are in arm
platform specific make files i.e. plat/arm/common/arm_common.mk. These
flags are renamed and moved to ethosn_npu.mk. Other source and make
files are changed to reflect the changes in these flags.
Signed-off-by: Rajasekaran Kalidoss <rajasekaran.kalidoss@arm.com>
Change-Id: I6fd20225343c574cb5ac1f0f32ff2fc28ef37ea6
Add common/debug.h and libfdt.h files to the common file
for XILINX_OF_BOARD_DTB_ADDR configuration.
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Change-Id: I577cc018eda34e186e48594a62c54eb55f11bbd3
The PSCI_FEATURES call implementation in TF-A always indicates support
for SMCCC_VERSION, but only BL31 ensures that the corresponding Arm
Architecture Service (arm_arch_svc) is really included in the build.
For SP_MIN only stm32mp1 currently includes it in the platform-specific
make file.
This means that it is easily possible to build configurations that
violate the PSCI/SMCCC specification. On Linux this leads to incorrect
detection of the SMC Calling Convention when using SP_MIN:
[ 0.000000] psci: SMC Calling Convention v65535.65535
Fix this by always including the Arm Architecture Service in SP_MIN
builds. This allows Linux to detect the convention correctly:
[ 0.000000] psci: SMC Calling Convention v1.4
Change-Id: Iaa3076c162b7a55633ec1e27eb5c44d22f8eb2a1
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
added the missing Neoverse N2 flag required for
enabling Neoverse N2 CPU in Errata ABI
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I06c6fa67e2f1ccc053f1b1b9261e189c56f4347a
As per the current code base, PM_CLOCK_SETRATE and PM_CLOCK_GETRATE
APIs are not supported for the runtime operations in the firmware and
the TF-A it is already returning an error when there is any request
to access these APIs. So, just removing the unused code to avoid the
confusion around these APIs.
Also, there is no issue with the backward compatibility as these APIs
were never used since implemented. Hence no need to bump up the
version of the feature check API as well.
Signed-off-by: Ronak Jain <ronak.jain@amd.com>
Change-Id: I444f973e62cd25aae2e7f697d808210b265106ad
Switch from IMX_BOOT_UART_BASE=0 to IMX_BOOT_UART_BASE=auto to make it
more obvious that the detection is based on the runtime autodetection.
In addition this moves the evaluation of IMX_BOOT_UART_BASE into the
makefile which removes the ugly conditional compilation as well.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I92c13607bf81c6267f4b6aee829d74902b7f72d2
RD-N2 platform variants have Neoverse N2 CPU that supports RAS
extensions. N2 CPU has error node that captures the faults occurring on
L1, L2 tag and data RAMs. This node captures the error information in
its error records and generates fault handling interrupt on error event.
This patch adds reference implementation to demonstrate firmware-first
error handling of 1-bit CE that occur on CPU. On error event the error
handler reads the error records and ELx context information and forwards
it to secure partition. Secure partition creates a CPER record from this
error information. Finally the handler notifies the OS about the RAS
error using the SDEI notification mechanism.
Signed-off-by: Omkar Anand Kulkarni <omkar.kulkarni@arm.com>
Change-Id: I769550efee10b9a3d89056bca4bfeb2db4708998
To handle the core corrected errors in the firmware, the FHI PPI
interrupt has to be enabled on all the cores. At boot, when the RAS
framework is initialized, only primary core is up and hence core FHI PPI
interrupt is enabled only on primary core. This patch adds support to
configure and enable core FHI interrupt for all the secondary cores as
part of their boot sequence.
Signed-off-by: Omkar Anand Kulkarni <omkar.kulkarni@arm.com>
Change-Id: I4b25152cb498fe975b9c770babb25aa9e01f9656
In ZynqMP, the function zynqmp_config_setup() is common between bl31
and bl32(TSP). This function initializes IPI configuration and
prints the chip idcode and revision on the console, which is already
done in bl31 and redundant in bl32(TSP).
Remove the legacy code, reading the chip idcode and
revision information through direct register read.
Change-Id: I5da8e75a597ac9c4e1b56346e065d29e2be8787f
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
TSP(bl32) requires secure interrupts to be handled at S-EL1.
Enable the ZynqMP to handle secure interrupts in S-EL1 by setting
GICV2_G0_FOR_EL3 to 0 in case of SPD=tspd build option.
For ZYNQMP_WDT_RESTART build option GICV2_G0_FOR_EL3 needs to be
enabled and thus for ZynqMP GICV2_G0_FOR_EL3 is set to 1 by default.
On GICv2, when GICV2_G0_FOR_EL3 is set to 1, Group 0 interrupts
target EL3. This allows GICv2 platforms to enable features requiring
EL3 interrupt type.
This also means that all GICv2 Group 0 interrupts are delivered
to EL3, and the Secure Payload interrupts needs to be synchronously
handed over to Secure EL1 for handling.
Change-Id: I7eb72c6588ab41730a74ece261050840646de037
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
In tf-a-ci-scripts repo, change commit 8ffa3d571b(ci(static-checks):
correct include order for *.S macro headers) provides a fix related
to header file include order in assembly files. With the above fix,
improper header order in assembly files has been detected.
Reorder the header includes in assembly files as per the update
in tf-a-ci-scripts.
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Change-Id: I4a4f3c5bb73886dae234160b893470443f1424fc
In commit b9d26cd3c4 ("chore(xilinx): replace fsbl with xbl"),
function and variable names were changed, but the corresponding
function name in the functional documentation comments is not updated.
Update the function and variable names as per the above commit.
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Change-Id: I7b777c21fe3673d29f809bf923eba38749f2c024
On systems with SCP (running crust) scpi_system_reboot action
performs board-level (PMIC) reboot. This doesn't preserve RAM content
on A64 PinePhone at least.
warm/soft system reset without RAM reset is required to get
pstore (persistent storage) in RAM working with Linux kernel. That is
very useful for oops/panic logging for post mortem analysis.
scpi_system_reset action performs reset via SoC reset (using watchdog)
and RAM content is preserved in this case. Linux kernel detects
system_reset2 support and uses it for warm reset automatically.
Change-Id: I1c21aa8f27c8e0395e2326034788693b59b80bc4
Signed-off-by: Andrey Skvortsov <andrej.skvortzov@gmail.com>
Adds a dummy implementation of the plat_mboot_measure_key() function for
QEMU platform.
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Change-Id: I64c1c751348c04cd359c075fc15a0d180ff55918
Added dummy implementation of 'plat_mboot_measure_key'
function for IMX platform.
Change-Id: Ib41fd86a9da330f62561707bda7d16f2825c0a7f
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Implemented 'plat_mboot_measure_key' platform function for TC platform
to measure and publicise the public key information via RSS.
Change-Id: I10d90e921b135e729d5450d5a7468d0598072e60
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Implemented 'plat_mboot_measure_key' platform function for FVP platform
to measure and publish the public key information via RSS.
Change-Id: I0c9d6d6ac3650a939437e9331ed3c9246f242830
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Added public key-OID information in the RSS metadata structure.
Change-Id: I5ee5d41519980091296deaa1882fdfe9ae6766c0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
With errata conversion in place for Cortex_A72 cpu,
build fails with undefined reference to functions defined
in cpu_helpers.S file.
Including the same to handle build issues related to
Stingray platform.
Change-Id: I2bab3e5ca0811d83cd9ee43ac33d557afe6575a8
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Provide a helper to detect the enabled UART device during runtime. This
lower the integration effort and make it more straight forward for
'simple' use-cases with a single UART enabled. If multiple UARTs are
enabled the first enabled is returned.
The auto-detection is enabled by setting IMX_BOOT_UART_BASE=0 to keep
the backward compatibility. For more advanced use-cases (multiple UARTs
are enabled) the user still has to provide the correct base address.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I300a167e1a10f9aa991c8d1c3efe2c6b23f56c47
Adjusted BL2 maximum size as per total SRAM size.
Change-Id: Ic3b398574a17e8a784e7c4dbe3fe69d1fb2b5e16
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
The Qualcomm X5 Modem (MDM9607) SoC is very similar to the existing
MSM8916, except for:
- Single core ARM Cortex-A7
- No GPU
- MMU-500 r2p4 instead of r0p0 (need to clear CACHE_LOCK bit)
- Different default BL31/BL33 address and UART number
Make the existing MSM8916 platform port usable for MDM9607 as well by
adding some minimal if statements where necessary plus the platform
make files for mdm9607.
Change-Id: I4dd02c8e29af6282d8d828c3027c5e333459ba36
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Some Qualcomm modem platforms (MDM*) are quite similar to MSM8916
except that there is just a single CPU core. This requires some special
handling:
- There is no GPU so the GPU SMMU also does not exist.
- Looking closely at dumps of the MMIO register regions reveals that
some of the register addresses are slightly different.
Add the necessary checks for this to allow building for those
platforms.
No functional change for existing platforms.
Change-Id: I0380ac3734876243e970a55d8bec5a8247175343
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
The Qualcomm Snapdragon 615 (MSM8939) SoC is very similar to the
existing MSM8916, except for:
- Two clusters with ARM Cortex-A53 cores
- CCI-400
Make the existing MSM8916 platform port usable for MSM8939 as well by
adding some minimal if statements where necessary plus the platform
make files for msm8939.
Change-Id: I8cda83dc642f62222f984a42eec14de5df4c11e3
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
On platforms with multiple CPU clusters the L2 cache will be only on
for the cluster of the boot CPU. Add the necessary sequence to power it
up for secondary clusters similar to the CPU boot sequence.
No functional change for platforms with a single cluster. The new code
is discarded entirely in this case.
Change-Id: I3d3bce519a8a10ef5278d74d81acf59123e00454
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
The MSM8939 SoC is very similar to MSM8916 but uses an ARM CCI-400
for cache coherence between the two CPU clusters. Add the necessary
code to initialize it with the existing driver.
No functional change for platforms with a single cluster. The CCI
related code is discarded entirely in this case.
Change-Id: I041d60222d8d2aeca53b392934c87280c66b0db0
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Some Qualcomm platforms similar to MSM8916 have multiple CPU clusters.
In this case, some of the hardware blocks are duplicated and must be
configured separately.
Refactor the code to handle additional clusters by introducing loops
and some conditionals.
No functional change for existing single cluster platforms.
Change-Id: I5b4b1ad2a1adde559d5b79b7698afe73733b2e90
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
The Qualcomm Snapdragon 210 (MSM8909) SoC is very similar to the
existing MSM8916, except for:
- ARM Cortex-A7 instead of Cortex-A53 (AArch32-only)
- MMU-500 r2p0 instead of r0p0 (need to clear CACHE_LOCK bit)
- Different default BL31 address and UART number
Make the existing MSM8916 platform port usable for MSM8909 as well by
adding some minimal if statements where necessary plus the platform
make files for msm8909.
Change-Id: I8eca5bd8f2486cc2174562fb5de28f8dffa0d874
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Newer Qualcomm platforms similar to MSM8916 use MMU-500 r2p0+ instead
of MMU-500 r0p0. On these versions it is necessary to clear the
SMMU_sACR.CACHE_LOCK bit to allow the normal world to write to
SMMU_CBn_ACTLR. Without this Linux shows a warning and is unable to
workaround the errata in MMU-500:
arm-smmu 1e00000.iommu: Failed to disable prefetcher
[errata #841119 and #826419], check ACR.CACHE_LOCK
Handle this dynamically at runtime by enabling all the necessary SMMU
clocks and check the IDR7 register for MMU-500 r2p0+. This must be
applied to both SMMUs on the platform: APPS and GPU.
While at it clean up the clock handling: Leave the SMMU clocks on
because the normal world will need it again while booting. But make
sure the vote register of the RPM co-processor does not keep these
clocks always-on. For some reasons some platforms seem to have a
non-zero reset value for GCC_RPM_SMMU_CLOCK_BRANCH_ENA_VOTE.
Change-Id: I34cf7d3f2db977b0930eb6e64a870ecaf02a7573
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
According to the coding style all conditional statements (such as if,
for, while, do) must use braces regardless of the number of the
statements in the body [1].
Fix this for the code inside plat/qti/msm8916.
[1]: https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-style.html#conditional-statement-bodies
Change-Id: I74f2e65aa2b3a65899e37dfd3f481d90fb15531c
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Moving all PLATFORM_TESTS into platform test makefile
Change-Id: I31821e9e69d916d12ae4c804df26f07fb523c835
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Prior to delegating handling of Group0 secure interrupt to platform
handler, SPMD framework must acknowledge the highest pending interrupt.
Moreover, once the platform has handled the interrupt successfully,
SPMD must deactivate the interrupt.
The rationale behind this decision is SPMD framework is well suited to
perform interrupt management at GIC boundary while the platform handler
is well equipped to deal with the device interface related to the
interrupt.
This patch also fixes a bug in the error code returned upon invocation
of FFA_EL3_INTR_HANDLE from normal world.
Change-Id: If8fef51899e25f966038cc01ec58c84ee25e88eb
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Adding PSA status to print statement upon failing communication
initialization, non-volatile counter, and rotpk read interface calls in
platform_tests.
Change-Id: Ia949cc2d18e93efb68f663d0c4e5500ca9021a94
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Adding new test for AP/RSS interface for reading ROTPK for
each 3 types of ROTPKs for: CCA, secure, and non-secure firmware.
Enabled by PLATFORM_TEST=rss-rotpk.
Update to print output when AP/RSS interface platform tests
pass to be able to reuse expect script functionality in CI.
Change-Id: Icc50b090e18a272378751fda104d209738b5b70c
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
We limited the r/w permission of some register groups for security
concerns. These regitser groups should not be accessed by domain 3 or
domain 5.
Change-Id: I2188da88d9e10a931d87bda14dc7dca46633dcd8
Signed-off-by: Chungying Lu <chungying.lu@mediatek.corp-partner.google.com>
When the TF-A is placed in DDR memory range, the DDR memory range
needs to be explicitly reserved in the default device tree.
A new build time parameter, XILINX_OF_BOARD_DTB_ADDR, is introduced.
The TF-A will reserve the DDR memory only when a valid DTB address
is provided to XILINX_OF_BOARD_DTB_ADDR during build.
Now the user has options, either manually reserve the desired DDR
address range for TF-A in device tree or let TF-A access and modify
the device tree, to reserve the DDR address range, in runtime using
the build parameter.
Change-Id: I45a5d9a8343ea8a19ea014a70023731de94d061a
Signed-off-by: Amit Nagal <amit.nagal@amd.com>
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
When the TF-A is placed in DDR memory range, the DDR memory range
needs to be explicitly reserved in the default device tree.
A new build time parameter, XILINX_OF_BOARD_DTB_ADDR, is introduced.
The TF-A will reserve the DDR memory only when a valid DTB address
is provided to XILINX_OF_BOARD_DTB_ADDR during build.
Now the user has options, either manually reserve the desired DDR
address range for TF-A in device tree or let TF-A access and modify
the device tree, to reserve the DDR address range, in runtime using
the build parameter.
Change-Id: I4442a90e1cab5a3a115f4eeb8a7e09e247189ff0
Signed-off-by: Amit Nagal <amit.nagal@amd.com>
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Dawei Chien
Raghu Krishnamurthy
Juan Pablo Conde
Govindraj Raja
Jay Buddhabhatti
Rajasekaran Kalidoss
Akshay Belsare
Stephan Gerhold
Arvind Ram Prakash
Ronak Jain
Marco Felsch
Omkar Anand Kulkarni
Prasad Kummari
Andrey Skvortsov
Jens Wiklander
Manish V Badarkhe
Jayanth Dodderi Chidanand
rutigl@gmail.com
Maksims Svecovs
laurenw-arm
Madhukar Pappireddy
Chungying Lu
Amit Nagal