Once the Public Key has been verified, call 'plat_mboot_measure_key'
to measure and publicise it.
Change-Id: I46ea71dcbba96db3706602ccd89f22596ae68416
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Implemented 'plat_mboot_measure_key' platform function for FVP platform
to measure and publish the public key information via RSS.
Change-Id: I0c9d6d6ac3650a939437e9331ed3c9246f242830
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Added public key-OID information in the RSS metadata structure.
Change-Id: I5ee5d41519980091296deaa1882fdfe9ae6766c0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Key-OIDs that authenticate BL31, BL31(SOC)-FW config, and HW config
images have been explicitly entered.
Implementations of signer-ID consume these entries.
Change-Id: I24c9085ed5f266af06d40fb73302e35d857a9d5b
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Calculate a hash of the public key and put that into the signer-ID
field of the relevant RSS metadata. The signer-ID metadata is mandatory
in the Arm CCA attestation scheme.
Change-Id: Ic846d8bf882cfea8581d3523a3461c919462df30
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Created an explicit zero-OID which can be used for Subject
Public Key that do not have their own key identifier.
With this, all keys (including the subject public key) have
a proper key OID string so we don't need to make a special
case of null pointers when it comes to handling key OIDs.
Change-Id: Ice6923951699b6e253d7fd87e4c1b912470e0391
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Added details of 'plat_mboot_measure_key' function in the porting-guide.
Change-Id: Id62211abc0ba13a0f581dc8e24c7b367afe2dcf5
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Added a platform function to measure and publish Public Key information.
Subsequent patches define this function for the FVP and TC platforms to
measure Public Key and publishes it to RSS if MEASURED_BOOT is
enabled.
Change-Id: I1f61f44c7a83bb4cbafbd1af97b5adeb8398e8e8
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Provide a helper to detect the enabled UART device during runtime. This
lower the integration effort and make it more straight forward for
'simple' use-cases with a single UART enabled. If multiple UARTs are
enabled the first enabled is returned.
The auto-detection is enabled by setting IMX_BOOT_UART_BASE=0 to keep
the backward compatibility. For more advanced use-cases (multiple UARTs
are enabled) the user still has to provide the correct base address.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Change-Id: I300a167e1a10f9aa991c8d1c3efe2c6b23f56c47
Check that the size of desc->emad_count is 4, not that sizeof(int) is
nonzero. Also improve a comment.
Change-Id: I8bf69b637158ddffe2d08aed3d9879a4d7fd3514
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
* changes:
refactor(psci): extract cm_prepare_el3_exit_ns() to a common location
refactor(cm): set MDCR_EL3/CPTR_EL3 bits in respective feat_init_el3() only
fix(cm): set MDCR_EL3.{NSPBE, STE} explicitly
refactor(cm): factor out EL2 register setting when EL2 is unused
PSCI on and suspend wakeup both end with a cm_prepare_el3_exit_ns() call.
Since they are equivalent to the caller, move the call to just after the
*_finish calls to deduplicate it.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I05c16dc6613aba357d20cc39cc43aab803d675e0
These bits (MDCR_EL3.{NSTB, NSTBE, TTRF, TPM}, CPTR_EL3.TTA) only affect
EL2 (and lower) execution. Each feat_init_el3() is called long before
any lower EL has had a chance to execute, so setting the bits at reset
is redundant. Removing them from reset code also improves readability of
the immutable EL3 state.
Preserve the original intention for the TTA bit of "enabled for NS and
disabled everywhere else" (inferred from commit messages d4582d3088 and
2031d6166a and the comment). This is because CPTR_EL3 will be contexted
and so everyone will eventually get whatever NS has anyway.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I3d24b45d3ea80882c8e450b2d9db9d5531facec1
With the introduction of FEAT_RME MDCR_EL3 bits NSPB and NSPBE depend on
each other. The enable code relies on the register being initialised to
zero and omits to reset NSPBE. However, this is not obvious. Reset the
bit explicitly to document this.
Similarly, reset the STE bit , since it's part of the feature enablement.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I3714507bae10042cdccd2b7bc713b31d4cdeb02f
A bunch of registers need to be initialized when EL2 is unused. There
are a lot of them which makes cm_prepare_el3_exit() quite unreadable.
Put them in their own function to improve this.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: If07954ed799643f89f177411d4266bb7c21cd394
Neoverse V2 erratum 2801372 is a Cat B erratum that applies to
all revisions <=r0p1 and is fixed in r0p2. The workaround is to
insert a dsb before the isb in the power down sequence.
This errata is explained in SDEN 2332927 available at:
https://developer.arm.com/documentation/SDEN2332927
Change-Id: I8716b9785a67270a72ae329dc49a2f2239dfabff
Signed-off-by: Moritz Fischer <moritzf@google.com>
interrupt exception handler in vector entry is used as a asm macro
(added as inline code) instead of a function call. Since we have limited
space (0x80) for a vector entry there is a chance that it may overflow
in the future.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ieb59f249c58b52e56e0217268fa4dc40b420f8d3
Adjusted BL2 maximum size as per total SRAM size.
Change-Id: Ic3b398574a17e8a784e7c4dbe3fe69d1fb2b5e16
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Maintainers for AMD platform ports has been updated.
"Amit Nagal" and "Akshay Belsare" are added to the list.
Change-Id: Ia64e1ec6c2f80515054730d307d41b0060d3dcc7
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
commit@7794d6c8f8c44acc14fbdc5ada5965310056be1e added a march utility
but the details were not updated in docs.
Update docs to provide a glimpse of march utility added.
Change-Id: I696cb9a701a30d7bf36a1ecd38a80d07df1fd551
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
* changes:
docs(msm8916): document new platforms
feat(msm8916): add port for MDM9607
refactor(msm8916): handle single core platforms
feat(msm8916): add port for MSM8939
feat(msm8916): power on L2 caches for secondary clusters
feat(msm8916): initialize CCI-400 for multiple clusters
refactor(msm8916): handle multiple CPU clusters
feat(msm8916): add port for MSM8909
feat(msm8916): clear CACHE_LOCK for MMU-500 r2p0+
style(msm8916): add missing braces to while statements
Document the new platform build options for the MSM8916 port which now
supports multiple similar Qualcomm SoCs:
- Snapdragon 410 (PLAT=msm8916) as before
- Snapdragon 615 (PLAT=msm8939)
- Snapdragon 210 (PLAT=msm8909)
- Snapdragon X5 Modem (PLAT=mdm9607)
The latter two use AArch32-only ARM Cortex-A7 cores that only support
using BL32/SP_MIN and not BL31 on AArch64.
Change-Id: I9fffe60dd0ad2acc18f006f11e91854b9e8dcb8f
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
The Qualcomm X5 Modem (MDM9607) SoC is very similar to the existing
MSM8916, except for:
- Single core ARM Cortex-A7
- No GPU
- MMU-500 r2p4 instead of r0p0 (need to clear CACHE_LOCK bit)
- Different default BL31/BL33 address and UART number
Make the existing MSM8916 platform port usable for MDM9607 as well by
adding some minimal if statements where necessary plus the platform
make files for mdm9607.
Change-Id: I4dd02c8e29af6282d8d828c3027c5e333459ba36
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Some Qualcomm modem platforms (MDM*) are quite similar to MSM8916
except that there is just a single CPU core. This requires some special
handling:
- There is no GPU so the GPU SMMU also does not exist.
- Looking closely at dumps of the MMIO register regions reveals that
some of the register addresses are slightly different.
Add the necessary checks for this to allow building for those
platforms.
No functional change for existing platforms.
Change-Id: I0380ac3734876243e970a55d8bec5a8247175343
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
The Qualcomm Snapdragon 615 (MSM8939) SoC is very similar to the
existing MSM8916, except for:
- Two clusters with ARM Cortex-A53 cores
- CCI-400
Make the existing MSM8916 platform port usable for MSM8939 as well by
adding some minimal if statements where necessary plus the platform
make files for msm8939.
Change-Id: I8cda83dc642f62222f984a42eec14de5df4c11e3
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
On platforms with multiple CPU clusters the L2 cache will be only on
for the cluster of the boot CPU. Add the necessary sequence to power it
up for secondary clusters similar to the CPU boot sequence.
No functional change for platforms with a single cluster. The new code
is discarded entirely in this case.
Change-Id: I3d3bce519a8a10ef5278d74d81acf59123e00454
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
The MSM8939 SoC is very similar to MSM8916 but uses an ARM CCI-400
for cache coherence between the two CPU clusters. Add the necessary
code to initialize it with the existing driver.
No functional change for platforms with a single cluster. The CCI
related code is discarded entirely in this case.
Change-Id: I041d60222d8d2aeca53b392934c87280c66b0db0
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Some Qualcomm platforms similar to MSM8916 have multiple CPU clusters.
In this case, some of the hardware blocks are duplicated and must be
configured separately.
Refactor the code to handle additional clusters by introducing loops
and some conditionals.
No functional change for existing single cluster platforms.
Change-Id: I5b4b1ad2a1adde559d5b79b7698afe73733b2e90
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
The Qualcomm Snapdragon 210 (MSM8909) SoC is very similar to the
existing MSM8916, except for:
- ARM Cortex-A7 instead of Cortex-A53 (AArch32-only)
- MMU-500 r2p0 instead of r0p0 (need to clear CACHE_LOCK bit)
- Different default BL31 address and UART number
Make the existing MSM8916 platform port usable for MSM8909 as well by
adding some minimal if statements where necessary plus the platform
make files for msm8909.
Change-Id: I8eca5bd8f2486cc2174562fb5de28f8dffa0d874
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Newer Qualcomm platforms similar to MSM8916 use MMU-500 r2p0+ instead
of MMU-500 r0p0. On these versions it is necessary to clear the
SMMU_sACR.CACHE_LOCK bit to allow the normal world to write to
SMMU_CBn_ACTLR. Without this Linux shows a warning and is unable to
workaround the errata in MMU-500:
arm-smmu 1e00000.iommu: Failed to disable prefetcher
[errata #841119 and #826419], check ACR.CACHE_LOCK
Handle this dynamically at runtime by enabling all the necessary SMMU
clocks and check the IDR7 register for MMU-500 r2p0+. This must be
applied to both SMMUs on the platform: APPS and GPU.
While at it clean up the clock handling: Leave the SMMU clocks on
because the normal world will need it again while booting. But make
sure the vote register of the RPM co-processor does not keep these
clocks always-on. For some reasons some platforms seem to have a
non-zero reset value for GCC_RPM_SMMU_CLOCK_BRANCH_ENA_VOTE.
Change-Id: I34cf7d3f2db977b0930eb6e64a870ecaf02a7573
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
According to the coding style all conditional statements (such as if,
for, while, do) must use braces regardless of the number of the
statements in the body [1].
Fix this for the code inside plat/qti/msm8916.
[1]: https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-style.html#conditional-statement-bodies
Change-Id: I74f2e65aa2b3a65899e37dfd3f481d90fb15531c
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
* changes:
refactor(tc): print RSS interface test PSA status
test(tc): test for AP/RSS interface for ROTPK
feat(psa): interface with RSS for retrieving ROTPK
Moving all PLATFORM_TESTS into platform test makefile
Change-Id: I31821e9e69d916d12ae4c804df26f07fb523c835
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Prior to delegating handling of Group0 secure interrupt to platform
handler, SPMD framework must acknowledge the highest pending interrupt.
Moreover, once the platform has handled the interrupt successfully,
SPMD must deactivate the interrupt.
The rationale behind this decision is SPMD framework is well suited to
perform interrupt management at GIC boundary while the platform handler
is well equipped to deal with the device interface related to the
interrupt.
This patch also fixes a bug in the error code returned upon invocation
of FFA_EL3_INTR_HANDLE from normal world.
Change-Id: If8fef51899e25f966038cc01ec58c84ee25e88eb
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Adding PSA status to print statement upon failing communication
initialization, non-volatile counter, and rotpk read interface calls in
platform_tests.
Change-Id: Ia949cc2d18e93efb68f663d0c4e5500ca9021a94
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Adding new test for AP/RSS interface for reading ROTPK for
each 3 types of ROTPKs for: CCA, secure, and non-secure firmware.
Enabled by PLATFORM_TEST=rss-rotpk.
Update to print output when AP/RSS interface platform tests
pass to be able to reuse expect script functionality in CI.
Change-Id: Icc50b090e18a272378751fda104d209738b5b70c
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Adding the AP/RSS interface for reading the ROTPK.
The read interface implements the psa_call:
psa_call(RSS_CRYPTO_HANDLE, PSA_IPC_CALL,
in_vec, IOVEC_LEN(in_vec),
out_vec, IOVEC_LEN(out_vec));
where the in_vec indicates which of the 3 ROTPKs we want,
and the out_vec stores the ROTPK value we get back from RSS.
Through this service, we will be able to read any of the 3
ROTPKs used on a CCA platform:
- ROTPK for CCA firmware (BL2, BL31, RMM).
- ROTPK for secure firmware.
- ROTPK for non-secure firmware.
Change-Id: I44c615588235cc797fdf38870b74b4c422be0a72
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Manish V Badarkhe
Madhukar Pappireddy
Olivier Deprez
Bipin Ravi
Marco Felsch
Demi Marie Obenour
Manish Pandey
Boyan Karatotev
Moritz Fischer
Akshay Belsare
Maksims Svecovs
Govindraj Raja
Stephan Gerhold
Sandrine Bailleux
laurenw-arm