RD-Fremont platforms include Runtime Security Engine (RSE) as the
hardware crypto module. Add rse_measured_boot driver based platform
hooks to measure and record firmware image measurements.
Additionally, add support for measured boot at BL1 and BL2 boot stages
on RD-Fremont platforms. The patch adds the RSE measured boot metadata
that includes firmware image IDs, measurement slot number and other
information. It also initializes the AP communication with RSE over
AP-RSE root MHUv3 channel to pass firmware image measurements to RSE to
support extended measurements.
Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: Ia1b0bf673e865b31862cb8af79c4c71a5ba4dbea
Arm reference design FVP platforms such as RD-Fremont do not implement
the CCA_FW_NVCOUNTER. Update firmware such that the implementation will
return TRUSTED_FW_NVCOUNTER when the caller requests the CCA NV counter.
This allows the platforms to use the CCA CoT on FVP platforms.
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: Ifab724fae63857056b3eeb44eeefc15c4c610eed
Use the delegated attestation driver to fetch platform attestation token
and Realm attestation key from RSE over the AP-RSE comms interface.
Signed-off-by: Rohit Mathew <Rohit.Mathew@arm.com>
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: Id0cfd82ef79598cd8368ba017c145bf34d502e65
Add a generic Arm CCA attestation library driver to interface with the
PSA delegated attestation partition APIs that use RSE to fetch the
platform attestation token and Realm attestation key.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: I882273e97567cc068f90d2ef089410f3a93c6b00
Define platform specific API to fetch base address for secure or root
MHUv3 between AP-RSE invoke rse-comms driver initialization bl31
platform setup stage.
Signed-off-by: Rohit Mathew <Rohit.Mathew@arm.com>
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: Id79bcdb2fda6cdf394f4e02f67d1c1a44d5ddf23
Add a helper function to initialize rse_comms on RD-Fremont platforms
with AP-RSE MHUv3 postbox and mailbox register frames.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: Ic390517a8810df195a2582793b81afdbff5ffa15
Unless platforms include lib/psa into platform specific makefile the
rse_comms throws build error on its own:
CC drivers/arm/rse/rse_comms_protocol.c
drivers/arm/rse/rse_comms.c:13:10: fatal error: psa/client.h: No such file or directory
13 | #include <psa/client.h>
So add PLAT_INCLUDES entry to include the lib/psa to rse_comms.mk.
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: I4cbcbbaf20285990239d605f0b3b3dc92bea61e6
Define and use a new scmi_channel_plat_info_t structure specific to
third generation Neoverse platforms in order to use MHUv3 doorbell
channels. The structure uses the existing mhu_ring_doorbell method for
ring_doorbell implementation.
Signed-off-by: Shriram K <shriram.k@arm.com>
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: Icf3be5305df94ba944038a4d4fdf0ccf32168650
GPC SMMU does granule protection checks (GPC) for accesses originating
from the system control block and GIC on RD-Fremont platforms. The GPC
check on this is disabled by the boot firmware. Configure the GPC SMMU
to enable GPC.
The transactions on GPC SMMU should be allowed during boot stages so
don't perform smmuv3_security_init() for this SMMU instance.
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: I3400c57fe264582a45c6a26f9dae8c669e8a8047
SMMUv3 with RME on RD-Fremont platform variants supports Root and Realm
register pages. The page offset for Root and Realm register pages is a
platform configurable option. Update the Root registers page offset for
RD-Fremont platform variants.
Signed-off-by: Rohit Mathew <Rohit.Mathew@arm.com>
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Change-Id: Ib3df7d7b9e54219d49b4d77a1fc5846096f1c78c
MTE2 is an optional feature that could be part of platforms based on Arm
V8.5 or above. If this feature is implemented on the platform, lower ELs
could potentially access the feature registers leading to EL3 traps.
Therefore, set MTE2 build option to '2' to enable the feature only if
its implemented on the platform.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: Idc04b7f3851a2481e4c6bea426a3f09be145b899
Enable SVE support for non secure and secure worlds for RD-Fremont
variants.
Signed-off-by: Vivek Gautam <vivek.gautam@arm.com>
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: Idcb309d031a1e10740dd365bb65570f8d2ce3a05
Set build-option ENABLE_FEAT_AMU to 2 so that AMU is enabled if the
feature is implemented on the platform. This would ensure that lower ELs
could access system registers relevant to AMU registers without causing
a trap to EL3.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I567ac9b0d76b613593d37ea45b4955b423ff5e6c
Set build-option ENABLE_FEAT_MPAM to 2 so that access to MPAM related
registers from lower ELs don't trap to EL3.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I4c5753c415461e5ffc79e371ae00cc6e6dd087f9
RD-Fremont-Cfg2 supports 8 DRAM banks compared to RD-Fremont and
RD-Fremont-Cfg1, which only support 2. So add PAS entries for
all the DRAM banks in the PAS table for RD-Fremont-Cfg2, ensuring proper
access controls to these regions.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: Ib09b44569ea088f35529a1c983d3db727d86e262
Since GPT setup has been delegated to the platform, add an
implementation for plat_bl2_gpt_setup in accordance with the
specification for RD-Fremont variants.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I1ff47249ce304f1c188850282d92c64cae463383
This update incorporates essential device tree (DTS) files for
RD-Fremont variants. The inclusion covers DTS for platform and config
ID, NT_FW_CONFIG, and TB_FW_CONFIG, enhancing device tree support for
RD-Fremont within the project.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: Ibf898f963d971fe9b07cfa518244c47a8aced81e
Add board support for RD-Fremont-Cfg2 platform, which is a quad chip
variant of RD-Fremont. Each chip has reduced core count of four CPUs as
compared to single chip RD-Fremont platform.
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I9b79f0eef210afecaa15e381414479027617e44a
Add the required source and header files to support RD-Fremont-Cfg1,
which is a variant of RD-Fremont. RD-Fremont-Cfg1 hosts a smaller mesh
and lower number of cores when compared with RD-Fremont.
Signed-off-by: Shriram K <shriram.k@arm.com>
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I720b0e76174123c8aab64b39e9468b28614607b9
Add the required source and header files to support RD-Fremont.
Additionally, create a makefile for building the platform.
Co-developed-by: Harry Moulton <harry.moulton@arm.com>
Signed-off-by: Harry Moulton <harry.moulton@arm.com>
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I03b6913b08d488c86a5f4638ef6cd8b0f5c43a9a
As RD-Fremont and its variants would need a dedicated scope for use,
define the scope 'rdfremont' under the subsection within Neoverse-RD
platforms.
Change-Id: I7066824a33edd893e187ec397298b49392ac35da
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
RD-Fremont-Cfg2, the quad-chip variant of RD-Fremont supports 8 DRAM
banks compared to RD-Fremont and RD-Fremont-Cfg1, which only support 2.
Therefore, define PAS entry mappings for all the DRAM banks, so that
they could be utilized on the multichip variant.
Signed-off-by: Rohit Mathew <Rohit.Mathew@arm.com>
Change-Id: Ief235581c0066a95528235b9821646f864e14d3a
Since the GPT setup is now delegated to the platform, each platform
needs to include PAS definitions according to its specifications. This
commit adds PAS definitions specifically tailored for RD-Fremont
variants.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I1a23029a74401fb1faa70bb6c2e66093ed08c45a
Given the differences in memory map of the third generation reference
design platforms, it is necessary to move away from the common DRAM
layout present as part of arm_def.h. Therefore, introduce definitions
and necessary carveouts within DRAM to define a new DRAM layout for
these platforms.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I79af066f41259f147febdc3c00447db5be995799
Given the differences in memory map and additional RME requirements for
the V3 CPU based platforms, it is necessary to move away from the common
SRAM layout present as part of arm_def.h. Therefore, introduce
definitions and necessary carveouts within SRAM to define a new SRAM
layout for these platforms.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I2d0ef65abde66da7523dd9e09036c7803978570c
Add firmware definitions for the third generation of platforms. The
following files are added -
- nrd_css_fw_def3.h: for CSS firmware definitions
- nrd_ros_fw_def3.h : for RoS firmware definitions
- nrd_plat_arm_def3.h: for platform port macros
All the common files for these platforms are housed under nrd3
directory.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I085d609cfe1686d28d1c467fb34d45af47e00eb6
Add RoS definitions for third generation of platforms. Common
definitions for such platforms would be housed in the nrd3 directory
under includes.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I2062c71676f27b4d17a3069b955565670f62a76c
Add CSS definitions for the third generation of reference design
platforms. Common definitions for such platforms would be housed in the
nrd3 directory under includes.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: Id271ebdf5dcc1d7b598606c313208ab85662795d
RK3566/RK3568 is a Quad-core soc and Cortex-a55 inside.
This patch supports the following functions:
1. basic platform setup
2. power up/off cpus
3. suspend/resume cpus
4. suspend/resume system
5. reset system
Signed-off-by: shengfei Xu <xsf@rock-chips.com>
Change-Id: I8b98a4d07664de26bd6078f63664cbc3d9c1c68c
Currently, if SGI is not registered by Linux and power down event from
firmware is received then it's not getting handled in TF-A and core power
down is not happening. Because of that subsystem restart or force power
down without Linux boot is not happening. So, handle power down event in
TF-A if Linux not registered SGI.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I0c23792daba6ae47004ae99e232c77e17230bcfb
Currently, only Linux registering for getting idle callback during
subsystem restart or force power down. Because of that if Linux boot
hang or someone wants to do subsystem restart before Linux boot then
it's not working. So, register for idle callback in TF-A to get idle
callback during subsystem restart or force power down to do ARM
specific steps for proper power down of core.
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: If7c01f79be6958678243be844bcfdc50d59b0fb8
This patch fixes fill_l1_tbl() function bug
for RME_GPT_MAX_BLOCK build option set to 0
disabling filling L1 tables with Contiguous
descriptors.
Change-Id: I3eedd6c1bb55b7c207bb3630d1ab2fda8f72eb17
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Today, the PM_IOCTL and PM_QUERY_DATA APIs are there to maintain
backward compatibility. Now, the usage of these APIs on the Linux
side and the firmware side is updated. Hence remove the deprecated
PM_IOCTL and PM_QUERY_DATA EEMI API from the TF-A to make TF-A pass
through.
Note: Only use the newer kernel to access the deprecated features in
this patch. Otherwise, the system may not function correctly.
Change-Id: I23effb7ff62e7f83563c2b422ea64a0289fd880f
Signed-off-by: Ronak Jain <ronak.jain@amd.com>
MAP_DEVICE0 for internal (register) space access settings
flag MT_NS was changed to MT_SECURE to enable access
to the TSGEN register, otherwise it brings to MCR violation,
because access to the TSGEN register is locked and enabled
for secure only
Change-Id: Id2fe90d30342706c58064161360d8be6e0d5616b
Signed-off-by: Margarita Glushkin <rutigl@gmail.com>
Since the CoT device tree is intended solely for BL2, remove the
nodes that are not handled by BL2.
Change-Id: I977eec902f16de59743e97d15148d63934b7b863
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Add an explicit entry for HW_CONFIG in the BL2 CoT file for the Juno
platform, as the HW_CONFIG node has been removed from the common CoT
file.
Change-Id: I8a1a22dd1023895cfc5730101fad20a80390ce17
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Remove the 'HW_CONFIG' reference from the BL1 CoT file, as BL1
does not play any role in loading the hw_config image. This
reference was incorrectly added to the BL1 CoT file.
Change-Id: I9c1d9abce65844eaa1f41ab4f98d3c258ab7a8d2
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Add support for BL2 to get the Dualroot chain of trust description
through the Firmware Configuration Framework (FCONF). This makes it
possible to export the part of the Dualroot chain of trust enforced by
BL2 in BL2's configuration file (TB_FW_CONFIG DTB file). BL2 will parse
it when setting up the platform.
The feature can be enabled through the COT_DESC_IN_DTB=1 option. The
default behavior (COT_DESC_IN_DTB=0) remains to hard-code the Dualroot
CoT into BL2 images.
Change-Id: I3497b1daf14be09b5ce3a74d39df7551819255c2
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Adding support for Dualroot CoT in DTB. This makes it possible for BL2
to retrieve its chain of trust description from a configuration file in
DTB format. With this, the CoT description may be updated without
rebuilding BL2 image.
This feature can be enabled by building BL2 with COT_DESC_IN_DTB=1 and
COT=dualroot. The default behavior remains to embed the CoT description
into BL2 image.
Change-Id: I343931b145aa8a53b0a5d4b8aefb273ffb5a9163
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Add Dualroot CoT DTB, which allows Dualroot platforms to get their chain
of trust description from a configuration file, rather than hard-coding
it into the firmware source code itself.
Change-Id: I03af8f28ba7ad56b883ff5e7961500ffdb8c3957
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
The SMMU 600 is used on TC3 FPGA board with the display device, add the
device tree binding for it.
Change-Id: Iadf85873720ca47bbbda999aa7b18a9db98ae945
Signed-off-by: Ben Horgan <ben.horgan@arm.com>
Signed-off-by: Leo Yan <leo.yan@arm.com>
TC3 adds a new SMMU-700 specifically for the DPU. This is used as the
DPU SMMU instead of the existing SMMU used for the DPU. Update the
device tree to reflect this.
Change-Id: I865140f8f53bceaa8849f6583190b240eeee0539
Signed-off-by: Jackson Cooper-Driver <jackson.cooper-driver@arm.com>
Signed-off-by: Leo Yan <leo.yan@arm.com>
André Przywara
Sayanta Pattanayak
Pranav Madhu
Vivek Gautam
Rohit Mathew
Shriram K
Vijayenthiran Subramaniam
shengfei Xu
Jay Buddhabhatti
Soby Mathew
Bipin Ravi
Madhukar Pappireddy
Joanna Farley
AlexeiFedorov
Ronak Jain
rutigl
Manish V Badarkhe
laurenw-arm
Ben Horgan
Jackson Cooper-Driver
Olivier Deprez