According to recently firmware handsoff spec [1]'s "Register usage at handoff
boundary", Transfer List's signature value was changed from 0x40_b10b
(3 bytes) to 4a0f_b10b (4 bytes).
As updating of TL's signature, register value of x1/r1 should be:
In aarch32's r1 value should be
R1[23:0]: set to the TL signature (4a0f_b10b -> masked range value: 0f_b10b)
R1[31:24]: version of the register convention == 1
and
In aarch64's x1 value should be
X1[31:0]: set to the TL signature (4a0f_b10b)
X1[39:32]: version of the register convention == 1
X1[63:40]: MBZ
(See the [2] and [3]).
Therefore, it requires to separate mask and shift value for register
convention version field when sets each r1/x1.
This patch fix two problems:
1. breaking X1 value with updated specification in aarch64
- change of length of signature field.
2. previous error value set in R1 in arm32.
- length of signature should be 24, but it uses 32bit signature.
This change is breaking change. It requires some patch for other
softwares (u-boot[4], optee[5]).
Link: https://github.com/FirmwareHandoff/firmware_handoff [1]
Link: https://github.com/FirmwareHandoff/firmware_handoff/issues/32 [2]
Link: 5aa7aa1d3a [3]
Link: https://lists.denx.de/pipermail/u-boot/2024-July/558628.html [4]
Link: https://github.com/OP-TEE/optee_os/pull/6933 [5]
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: Ie417e054a7a4c192024a2679419e99efeded1705
Since commit ec0088bbab ("feat(gpt): add support for large GPT
mappings"), the platform needs to reserve space for the bitlock,
immediately after the L0 GPT table. Add two pages to the L0 GPT reserve.
This could be optimized later by moving the bitlock somewhere else,
because it really only needs (1 << PPS.T) / (512M * 8) = 256 bytes for
the QEMU virt platform.
Fix two more comments in qemu_pas_def.h since we're here.
Change-Id: I2b0b8de38f4b5058735ed16f1cdc50e6b2d52ad9
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
QEMU has dynamic memory configuration based on -m parameter. The
hard-coded values in TF-A are not accurate when starting the model with
this parameter. This is not a problem when loading boot images as the
lower addresses are the same. However, it can be a problem when starting
up the secondary CPUs with a rather high non-secure entry point. So fix
this by removing the plat_psci_ops_t validate_ns_entrypoint assignment
to allow any non-secure entry point.
Change-Id: I95e92b71e0f4fa5f94444ea0cd2cb42e56faa472
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
In [1], the example CCA platform token has been updated to fix a small
problem with the description of one of the software components, and to
provide a more realistic breakdown of the expected components in the CCA
TCB.
This change replaces the static CCA platform token in QEMU.
[1] https://review.trustedfirmware.org/c/TF-M/tf-m-tools/+/28493
Change-Id: I8ce49e6ecf83c426dee9024e782a8da457316959
Signed-off-by: Thomas Fossati <thomas.fossati@linaro.org>
In this patch, we are trying to introduce the wrapper macro
CREATE_FEATURE_PRESENT to get the following capability and
align it for all the features:
-> is_feat_xx_present(): Does Hardware implement the feature.
-> uniformity in naming the function across multiple features.
-> improved readability
The is_feat_xx_present() is implemented to check if the hardware
implements the feature and does not take into account the
ENABLE_FEAT_XXX flag enabled/disabled in software.
- CREATE_FEATURE_PRESENT(name, idreg, shift, mask, idval)
The wrapper macro reduces the function to a single line and
creates the is_feat_xx_present function that checks the
id register based on the shift and mask values and compares
this against a determined idvalue.
Change-Id: I7b91d2c9c6fbe55f94c693aa1b2c50be54fb9ecc
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Update the RMM manifest to v0.3: pass the console information to RMM.
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Change-Id: I55093cd0c12f9c6a7569d7e524f7d301acbb2a45
From QEMU change:
> In previous versions of the Arm architecture, the frequency of the
> generic timers as reported in CNTFRQ_EL0 could be any IMPDEF value,
> and for QEMU we picked 62.5MHz, giving a timer tick period of 16ns.
> In Armv8.6, the architecture standardized this frequency to 1GHz.
This change stops TF-A from hardcoding 62.5MHz frequency. Instead value
stored in CNTFRQ_EL0 would be used. As a result we get 62.5MHz on older
cores and 1GHz on newer ones.
Change-Id: I7d414ce6d3708e598bbb5a6f79eb2d4ec8e15ac4
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Changes all occurrences of "RSS" and "rss" in the code and build files
to "RSE" and "rse".
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I2c6840f6f3f2f8f64595a0e0aa6e12084a37ce6e
An upcoming change to the RME support code will use atomic instructions
introduced in Armv8.1 in order to implement bitlocks. In order to do
this, the code needs to be built with appropriate -march compiler flag
(otherwise the assembler complains about invalid instructions). One way
to do this is specifying ARM_ARCH_MAJOR/MINOR version greater than 8.0,
which is what the main Makefile does when ENABLE_RME is set.
Allow the main Makefile to override the ARM_ARCH_MAJOR/MINOR variables
on the QEMU platform, so that it can also build the bitlock functions.
This only affects firmware built with ENABLE_RME, which is an
experimental feature both in TF-A and QEMU. The QEMU platform code
doesn't support booting an ENABLE_RME firmware on non-RME CPUs at the
moment.
As a result of this change, when ENABLE_RME is set,
make_helpers/arch_features.mk sets ENABLE_TRF_FOR_NS to 1, which needs
to be overridden by the QEMU Makefile.
Change-Id: I695fc98b21d07f6c84003d9e36a57cad2a3c806e
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
QEMU supports FEAT_ECV since commit 2808d3b38a52 ("target/arm: Implement
FEAT_ECV CNTPOFF_EL2 handling"), in the v9.0.0 release. Enable
auto-detecting the feature on the QEMU platforms, in order to set
SCR.ECVEN. Without this, EL2 gets undefined instruction exceptions when
trying to access the new CNTPOFF register.
Change-Id: I555a5f9a9a84fd23e64ca85219ed1599204c6bb2
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Flush the FIFO before switching to runtime. This is so that there are
no lingering chars in the FIFO when we move to the runtime console.
TF-A plans to refactor the console_Switch_state(CONSOLE_FLAG_RUNTIME)
and console_flush() calls and make them the last calls in bl31_main()
(before BL31 exits). Until then they are being left as the last calls
in bl31_plat_runtime_setup() for testing before refactoring.
This patch affects the QEMU platform only.
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Change-Id: I6188d73dd3f3c97f41bb25de543f8c46a972adf0
qemu/qemu_sbsa platforms support wide selection of cpu cores. From
Cortex-A57 (v8.0) to Neoverse-N2 (v9.0) one. Only the last one (and
'max' which supports everything possible) supports FEAT_SB.
Runtime check for ENABLE_FEAT_SB does not work in our case and we want
to have working platform.
Change-Id: Ic27d5af20ad76ae44c4211d28694e91ec62bddc1
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Enable handoff to BL31 and BL32 using transfer list.
Encode TL_TAG_OPTEE_PAGABLE_PART as transfer entry.
Fallback to default handoff args when transfer list is disabled or
fails to archieve args from transfer entries.
Refactor handoff from BL2 to BL33.
Minor fixes of comment style.
Change-Id: I55d92ca7f5c4727bacc9725a7216c0ac70d16aec
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
When an external RMM is not provided during make invocation, include the
Test Realm Payload (TRP) to the FIP.
Change-Id: I15d396cf268a08d79da63075aadb4172238eb225
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
When RME is enabled, jump to the RMM image before BL33. When using
semihosting rather than FIP, the image called "rmm.bin" is loaded from
the runtime directory.
Change-Id: I15863410b1e505aa502276b339b22a2ddcb0b745
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
When RME is enabled, call the GPT library to setup the granule
protection tables and partition the physical address space.
Change-Id: Ib466c4579ff55fcff9307550e6d26d432674779a
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Reserve some space in DRAM for RMM, and some space in SRAM for the GPT
tables. Create the page table mappings.
Change-Id: I3822e7e505e86eb0fa15b1b5b6298e4122b17181
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
With RME, mappings for EL3 use MT_ROOT rather than MT_SECURE. Update the
mapping types to select the right memory type: EL3_PAS is MT_ROOT when
RME is enabled, MT_SECURE otherwise.
Change-Id: I93e287009515b64e833a6f69545766be4c87e473
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Since QEMU doesn't yet emulate hardware attestation, provide hardcoded
key and token to demonstrate attestation for RME. They are copied from
the mock values for the FVP platform.
Change-Id: I9ce686955345854e9409af5c3aad2a648adea226
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
We have to handle wide selection of cpu cores in one TF-A binary:
- v8.0: a53, a57, a72
- v8.2: a55, a76, n1
- v8.4: v1
- v9.0: a710, n2
And then we have QEMU's hybrid: 'max' which has everything QEMU can
emulate.
TF-A for QEMU platforms was built for v8.5 architecture. But turned out
that 'max' has v8.7 flag now (HCX) which we need to have. And this
enabled set of mandatory features which made TF-A not-bootable on
v8.0/8.2 cpus.
So I decided to follow Arm FVP way and do build for v8.0 with set of
feature flags enabled. This way we have bare minimum to make v8.0 cpus
boot. And then all features from newer cores are enabled with runtime
check which makes them boot.
Tested with BSA/SBSA ACS and Debian Linux 6.5 kernel.
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Change-Id: Ib87bdab992536c65ce0747ce1520682eafc18d39
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Both qemu and qemu-sbsa use xlat tables v2 already (activated by including it
in common/common.mk) so there is no need to include compat headers.
Change-Id: I353a6f77f5916862e54b883a9adbba027ac81359
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Implement firmware handoff from BL2 to BL33 on qemu platform
compliant to Firmware handoff specification v0.9.
Change-Id: Id8d5206a71ef6ec97cf3c97995de328ebf0600cc
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Add support to qemu "neoverse-n2" cpu for "qemu" platform.
This one has 2^48 address space so will be used by both systems.
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Change-Id: I9f0fa23a4934d9464379495225e08adc121325b4
Add support to "cortex-a55" cpu for "qemu" ('virt') platform.
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Change-Id: I2693892be735eda91494b767322935ddb63c9f48
Add support to qemu "cortex-a710" cpu for "qemu" platform.
CPU is supported by qemu/virt only as qemu/sbsa-ref memory starts at
2^40 which is limit for Cortex-A710.
Switched 'qemu' platform to be built as armv8.5 to cover features of
new cpu core.
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Change-Id: I035790eac41b2caf7f13167e53f48c16f0827754
Pointer authentication requires CTX_INCLUDE_PAUTH_REGS to be defined.
Change-Id: I4ca95d6d9e619e7a7296a2c3ecb799683bf70575
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
There is no need to have two "if" checks for same thing one after
another.
FGT, RNG, SVE, SME are aarch64 only flags.
Change-Id: I6e5850211c859dc7a4ccf6bc8dc6a8d600ffe692
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
SPM_MM is not compatible with ENABLE_SVE_FOR_NS and breaks build early:
> Including SPM Management Mode (MM) makefile
> services/std_svc/spm/spm_mm/spm_mm.mk:14: *** "Error: SPM_MM is not compatible with ENABLE_SVE_FOR_NS". Stop.
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Change-Id: Iabe181647fce00a432ae11dc4599b71619364c24
Handle coherency in one place for AArch64 mode.
Change-Id: Id3678a8f478e5ef731c81c0df30059000e380758
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Enable SVE, SME, RNG, FGT in one place.
qemu gains FGT (needed for 'max' cpu to boot Linux)
qemu_sbsa gains RNG
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Change-Id: I2e8f971ef3e42d9ebe9f20641b288cc8c40f806a
Move BL31 source list into common file.
Change-Id: Iaa27cfd8f87b691728379c87a6ff6331e87951e1
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Move BL1 and BL2 source list into common file.
Change-Id: I8f9a835f6cd1c5d67728a071860173f80f03c84e
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Keep list of supported cpu cores in one place for both platforms.
qemu_sbsa does not handle some of them but with 256MB firmware space it
does not matter.
Change-Id: I5b8f7d18dc903e86e0cc7babbc2fb3f26a1bfdfa
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Move libfdt includes into common file and use definitions from them.
Change-Id: Ic4fe784fdbedcf5e9e3804a633fcac68464f38a6
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Add sdei support for QEMU, this is to let jailhouse Hypervisor
use SDEI to do hypervisor management, after physical IRQ
has been disabled routing.
Note: To enable SDEI in QEMU, it needs to set "SDEI_SUPPORT=1
EL3_EXCEPTION_HANDLING=1" when compiling.
Signed-off-by: Dongjiu Geng <gengdongjiu1@gmail.com>
Change-Id: Ia7f9c5a0db36da03e5c6e6fb1270281f19924d77
QEMU provides platform version information via DT. We want to use it
in firmware to handle differences between platform versions.
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Change-Id: I8def66dac9dd5d7ab0e459baa40e27a11b65f0ba
Currently when we build with 'SPD=spmd SPMD_SPM_AT_SEL2=0'
options, this causes a build failure as
'plat_spmd_handle_group0_interrupt' is called irrespective of
'SPMD_SPM_AT_SEL2' usage in 'spmd_group0_interrupt_handler_nwd'
So make 'plat_spmd_handle_group0_interrupt' dummy implementation
available just when spmd is enabled and SPMC_AT_EL3 is disabled.
Change-Id: Iaccd38faab81671c98f9165f318145187dca9bc2
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
This patch introduces a handler for FVP platform to triage Group0
secure interrupts. Currently, it is empty but serves as a
placeholder for future Group0 interrupt sources.
Moreover, this patch also provides a dummy implementation of the
above mentioned platform hook for QEMU, corstone100, n1sdp and
hikey960 ports.
Change-Id: I01d3451408f47ac313b0af74046cce89f89b85bb
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
At the moment we only support for FEAT_RNG to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (FEAT_RNG=2), by splitting
is_armv8_5_rng_present() into an ID register reading function and a second
function to report the support status. That function considers both build
time settings and runtime information (if needed), and is used before we
access the RNDRRS system register.
Change the QEMU platform default to the now supported dynamic option (=2),
so the right decision can be made by the code at runtime.
Change-Id: I1a4a538d5ad395fead7324f297d0056bda4f84cb
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Since CPUs such as cortex-a76 are hardware-assisted coherent, coherent
memory section is not required for them and should be an optional
section.
Signed-off-by: Chen Baozi <chenbaozi@phytium.com.cn>
Change-Id: I03c8e9148ca1780b8af92024359698f4452f7129
Use the setup_page_tables() helper function to setup page tables.
Signed-off-by: Chen Baozi <chenbaozi@phytium.com.cn>
Change-Id: I0bca4e463ed68abf2ef1c79fc8e5cb2b635fcd1c
Introduce additional defines needed when compiling the QEMU platform
with SPMC at EL3.
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Change-Id: If6dbe41fa8761637e39579a1f6818dabc769c139
Supports S-EL2 SPMC + S-EL1 SP on qemu. S-EL1 SPs packaged in .pkg files
are added to the FIP as blob with an UUID. BL2 parses TB_FW_CONFIG to
know which SP blobs to load into memory.
Co-developed-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Change-Id: I4b61c4c048f31540d4f1ef9e05f0b12deb341e06
Updates the ABI between SPMD and the SPMC at S-EL1 so that the hard
coded SPMC manifest can be replaced by a proper manifest via TOS FW
Config. TOS FW Config is provided via QEMU_TOS_FW_CONFIG_DTS as a DTS
file when building. The DTS is turned into a DTB which is added to the
FIP.
Note that this is an incompatible change and requires corresponding
change in OP-TEE ("core: sel1 spmc: boot abi update").
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Change-Id: Ibabe78ef50a24f775492854ce5ac54e4d471e369
Adds support for SPMD with SPMC at S-EL1. A new config option SPMC_OPTEE
is added to support loading the special OP-TEE images when configured
with SPD=spmd. With or without SPMC_OPTEE. It should still be possible
to load another BL32 payload implementing a SPMC, provided that entry
point is the same as load address, that is, BL32_BASE.
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Change-Id: Ie61dcd1ee564688baee1b575030e63dc2bb85121
Use low to high gpio sequence to reboot/shutdown qemu machine.
Use low to high gpio pins level change which will cause an interrupt
in qemu virt platform. This change will supported with next qemu 6.1
release once patchset:
hw/arm: Make virt board secure powerdown/reset work
will be merged.
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
CC: Peter Maydell <peter.maydell@linaro.org>
Change-Id: I70979517358c3b587722b2dcb33f63d29bf79d9b
sbsa-ref in QEMU may create up to 512 cores.
This commit prepares the MP information to support 512 cores.
The number of xlat tables for spm_mm is also increased.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Change-Id: I2788eaf6d14e188e9b5d1102d359b2899e02df7c
Secure pl061 qemu driver allows to rize the GPIO pin
from the secure world to reboot and power down
virtual machine.
Do not define secure-gpio for sbsa-ref platform due to
reboot is done via sbsa-ec watchdog.
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Change-Id: I508d7c5cf4c75cb169b34b00682a76f6761d3869
levi.yun
Jean-Philippe Brucker
Jens Wiklander
Thomas Fossati
Sona Mathew
Marcin Juszkiewicz
Tamas Ban
Raymond Mao
Mark-PK Tsai
Dongjiu Geng
Govindraj Raja
Madhukar Pappireddy
Andre Przywara
Chen Baozi
Ruchika Gupta
Maxim Uvarov
Masahisa Kojima