CryptoCell-712 and CryptoCell-713 drivers have been deprecated. Remove
their usage on Nuvoton npcm845x platform (maintainers confirmed that
this removal is fine with them).
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I0e3f3431558aaea1e0f2740e7088cdc155d06af2
CryptoCell-712 and CryptoCell-713 drivers have been deprecated since
TF-A v2.9 and their removal was announced for TF-A v2.10 release.
See [1].
As the release is approaching, this patch deletes these drivers' code as
well as all references to them in the documentation and Arm platforms
code (Nuvoton platform is taken care in a subsequent patch). Associated
build options (ARM_CRYPTOCELL_INTEG and PLAT_CRYPTOCELL_BASE) have also
been removed and thus will have no effect if defined.
This is a breaking change for downstream platforms which use these
drivers.
[1] https://trustedfirmware-a.readthedocs.io/en/v2.9/about/release-information.html#removal-of-deprecated-drivers
Note that TF-A v3.0 release later got renumbered into v2.10.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Idabbc9115f6732ac1a0e52b273d3380677a39813
There are various SMC calls which pass mpidr as an argument which is
currently tested at random places in SMC call path.
To make the mpidr validation check consistent across SMC calls, do
this check as part of SMC argument validation.
This patch introduce a helper function is_valid_mpidr() to validate
mpidr and call it as part of validating SMC arguments at starting of
SMC handlers (which expect mpidr as an argument).
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I11ea50e22caf17896cf4b2059b87029b2ba136b1
This patch removes RAS_FFH_SUPPORT macro which is the combination of
ENABLE_FEAT_RAS and HANDLE_EA_EL3_FIRST_NS. Instead introduce an
internal macro FFH_SUPPORT which gets enabled when platforms wants
to enable lower EL EA handling at EL3. The internal macro FFH_SUPPORT
will be automatically enabled if HANDLE_EA_EL3_FIRST_NS is enabled.
FFH_SUPPORT along with ENABLE_FEAT_RAS will be used in source files
to provide equivalent check which was provided by RAS_FFH_SUPPORT
earlier. In generic code we needed a macro which could abstract both
HANDLE_EA_EL3_FIRST_NS and RAS_FFH_SUPPORT macros that had limitations.
Former was tied up with NS world only while the latter was tied to RAS
feature.
This is to allow Secure/Realm world to have their own FFH macros
in future.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ie5692ccbf462f5dcc3f005a5beea5aa35124ac73
Newer platforms such as Neoverse V2 with GICv4.1 will report
0x3 instead of 0x1 in ID_AA64PFR0_EL1.
Update the logic to not accidentially take the GICv2 path
when printing the GIC registers.
Change-Id: Ia0d546cc5dcaa0dcad49a75b5921b0df5e176d34
Signed-off-by: Moritz Fischer <moritzf@google.com>
This patch introduces an SiP SMC call for FVP platform to set an
interrupt pending. This is needed for testing purposes.
Change-Id: I3dc68ffbec36d90207c30571dc1fa7ebfb75046e
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This patch introduces handler to add support for SiP calls to be
handled at EL3 for Arm platforms.
Consequently, the support for SPMD LSP is moved to corresponding
Arm platform SiP source file. This will allow us to add support
for a new SiP call in subsequent patch.
Change-Id: Ie29cb57fc622f96be3b67bebf34ce37cc82947d8
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Removing ARM_ROTPK_KEY_LEN definition and comparison in full key .S
files since there is little value in comparing the defined value with a
static size. This becomes more maintenance than value addition.
Removing defines no longer required and general clean up of .S full key
files.
Change-Id: Id286b7078ab9e190e37a43804e2a8d1b0934c235
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Add full key support for ECDSA P384 and P256.
New .S files and p384 pem file created along with new
plat_get_rotpk_info() flag ARM_ROTPK_DEVEL_FULL_DEV_ECDSA_KEY_ID.
Change-Id: I578b257eca41070bb4f4791ef429f2b8a66b1eb3
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Rather than returning 0 or 1, the above function returns bool false
or true. No functional change.
Change-Id: Iea904ffc368568208fa8203e0d2e0cdaa500b1e0
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
BL31 image has grown with feature addition over time. In particular the
RESET_TO_BL2 + ENABLE_PIE + DEBUG combination of options lead to BL31
image overlap head of BL2 image. In this configuration BL2 is meant to
stay resident as PE reset occurs from BL2. Apply changes similar to [1]
such that BL2 start address is pushed forward and leaves more room for
BL31 end of image.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/15486/9/include/plat/arm/common/arm_def.h#530
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I027e23780fb77ca9fe81aa47231da649c7a030ee
To allow the SPD to access the Event Log on RME systems with
TrustZone Controller, the Event Log region needs to be configured
into the TZC. This change will enable read-write access of this
region from the secure world, which is currently denied.
Change-Id: I0c32977386f3d7c22f310b2b9404d48e8e6cac29
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
The build flags to enable the Arm(R) Ethos(TM)-N NPU driver are in arm
platform specific make files i.e. plat/arm/common/arm_common.mk. These
flags are renamed and moved to ethosn_npu.mk. Other source and make
files are changed to reflect the changes in these flags.
Signed-off-by: Rajasekaran Kalidoss <rajasekaran.kalidoss@arm.com>
Change-Id: I6fd20225343c574cb5ac1f0f32ff2fc28ef37ea6
To handle the core corrected errors in the firmware, the FHI PPI
interrupt has to be enabled on all the cores. At boot, when the RAS
framework is initialized, only primary core is up and hence core FHI PPI
interrupt is enabled only on primary core. This patch adds support to
configure and enable core FHI interrupt for all the secondary cores as
part of their boot sequence.
Signed-off-by: Omkar Anand Kulkarni <omkar.kulkarni@arm.com>
Change-Id: I4b25152cb498fe975b9c770babb25aa9e01f9656
Added a platform function to measure and publish Public Key information.
Subsequent patches define this function for the FVP and TC platforms to
measure Public Key and publishes it to RSS if MEASURED_BOOT is
enabled.
Change-Id: I1f61f44c7a83bb4cbafbd1af97b5adeb8398e8e8
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Adjusted BL31 maximum size as per total SRAM size.
Change-Id: Ifdfdedb8af3e001cebba8e60c973f3c72be11652
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
BL32_LIMIT has been increased from 2MB to 4MB to accommodate
the latest tee.bin (it is around ~2.1MB).
Change-Id: I47b770bf23c23d38931a2b3316d076b829338d70
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Co-developed-by: Juan Pablo Conde <juanpablo.conde@arm.com>
This patch does the following:
1. Configures SBSA secure watchdog timer as Group0 interrupt for
TC platform while keeping it as Group1 secure interrupt for
other CSS based SoCs.
2. Programs the watchdog timer to trigger periodically
3. Provides a Group0 interrupt handler for TC platform port to
deactivate the EL3 interrupt due to expiry of secure watchdog
timer and refresh it explicitly.
Change-Id: I3847d6eb7347c6ea0e527b97b096119ca1e6701b
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Following discussions in the reviews of the patch that introduced
plat_convert_pk() function [1], it was decided to deprecate it to
avoid weak function declaration.
A new optional function pointer convert_pk is added to crypto_lib_desc_t.
A new function crypto_mod_convert_pk() will either call
crypto_lib_desc.convert_pk() if it is defined, or do the same
as what was done by the weak function otherwise.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/17174
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I9358867f8bfd5e96b5ee238c066877da368e43c6
Compared the full ROTPK with the ROTPK obtained from the certificate
when the platform supports full ROTPK instead of hash of ROTPK.
Additionally, changed the code to verify the ROTPK before relying on
it for signature verification.
Change-Id: I52bb9deb1a1dd5b184d3156bddad14c238692de7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Updated the code to get and set the 'tpm_event_log_max_size' property
in the event_log.dtsi.
In this change, the maximum Event Log buffer size allocated by BL1 is
passed to BL2, rather than both relying on the maximum Event Log buffer
size macro.
Change-Id: I7aa6256390872171e362b6f166f3f7335aa6e425
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
The FCONF parsing of the HW_CONFIG for the Arm(R) Ethos(TM)-N NPU now
supports reading the address of the reserved memory setup for the NPU so
the address can be used in the SiP service for the NPU.
Change-Id: I0968255a966e84896b00ea935d6aa3d5232c5f7b
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
BL2_AT_EL3 is an overloaded macro which has two uses:
1. When BL2 is entry point into TF-A(no BL1)
2. When BL2 is running at EL3 exception level
These two scenarios are not exactly same even though first implicitly
means second to be true. To distinguish between these two use cases we
introduce new macros.
BL2_AT_EL3 is renamed to RESET_TO_BL2 to better convey both 1. and 2.
Additional macro BL2_RUNS_AT_EL3 is added to cover all scenarious where
BL2 runs at EL3 (including four world systems).
BREAKING CHANGE: BL2_AT_EL3 renamed to RESET_TO_BL2 across the
repository.
Change-Id: I477e1d0f843b44b799c216670e028fcb3509fb72
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Signed-off-by: Maksims Svecovs <maksims.svecovs@arm.com>
Reserved 4KB area for Event Log in DRAM1. This area is used by BL2
to copy Event Log from internal SRAM to this carved out DRAM region
in the subsequent patch.
Change-Id: I7b405775c66d249e31edf7688d95770e6c05c175
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Some of our specialized sections are not prefixed with the conventional
period. The compiler uses input section names to derive certain other
section names (e.g. `.rela.text`, `.relacpu_ops`), and these can be
difficult to select in linker scripts when there is a lack of a
delimiter.
This change introduces the period prefix to all specialized section
names.
BREAKING-CHANGE: All input and output linker section names have been
prefixed with the period character, e.g. `cpu_ops` -> `.cpu_ops`.
Change-Id: I51c13c5266d5975fbd944ef4961328e72f82fc1c
Signed-off-by: Chris Kay <chris.kay@arm.com>
This patch builds on the previous patch by implementing
support for reading NS DRAM layout of FVP model from
HW_CONFIG Device tree.
Macro _RMMD_MANIFEST_VERSION is renamed to
SET_RMMD_MANIFEST_VERSION to suppress MISRA-C
"rule MC3R1.D4.5: (advisory) Identifiers in
the same name space with overlapping visibility
should be typographically unambiguous" warning
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Change-Id: Ifc2461b4441a1efdd4b7c656ab4d15e62479f77b
This patch adds support for setting configuration of DRAM banks
for FVP model in RMM-EL3 Boot Manifest structure.
Structure 'rmm_manifest' is extended with 'plat_dram' structure
which contains information about platform's DRAM layout:
- number of DRAM banks;
- pointer to 'dram_bank[]' array;
- check sum: two's complement 64-bit value of the sum of
data in 'plat_dram' and 'dram_bank[] array.
Each 'dram_bank' structure holds information about DRAM
bank base address and its size. This values must be aligned
to 4KB page size.
The patch increases Boot Manifest minor version to 2 and
removes 'typedef rmm_manifest_t' as per
"3.4.15.1. Avoid anonymous typedefs of structs/enums in headers" of
https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-style.html
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Change-Id: I5176caa5780e27d1e0daeb5dea3e40cf6ad5fd12
with reference to feature 04c730 (feat(cpus): make cache ops conditional),
booting with caches in debug recovery means SCTLR_C_BIT will be 0.
Wrap the assert for the d-cache enabled check in CONDITIONAL_CMO and
plat_can_cmo calls to allow booting with d-cache disabled.
Signed-off-by: Channagoud kadabi <kadabi@google.com>
Change-Id: I80153df493d1ec9e5e354c7c2e6a14322d22c446
Add support for ARM_ROTPK_LOCATION=devel_full_dev_rsa_key, which
implements the scenario where the platform provides the full ROTPK, as
opposed to the hash of it. This returns a 2kB development RSA key
embedded into the firmware.
The motivation for this patch is to extend our test coverage in the CI.
Right now, the authentication framework allows platforms to return
either the full ROTPK or a hash of it (*). However, the FVP platform
only supports returning a hash currently so we cannot easily exercise
the full key scenario. This patch adds that capability.
(*) Or even no key at all if it's not deployed on the platform yet, as
is typically the case on pre-production/developement platforms.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ie869cca1082410e63894e2b7dea2d31155684105
This patch adds support for RMM granules allocation
in FVP 2nd DRAM 2GB bank at 0x880000000 base address.
For ENABLE_RME = 1 case it also removes "mem=1G"
Linux kernel command line option in fvp-base-psci-common.dsti
to allow memory layout discovery from the FVP device tree.
FVP parameter 'bp.dram_size' - size of main memory in gigabytes
documented in docs/components/realm-management-extension.rst
is changed from 2 to 4.
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Change-Id: I174da4416ad5a8d41bf0ac89f356dba7c0cd3fe7
In some platform the digest of the public key saved in the OTP is not
the digest of the exact same public key buffer needed to check the
signature. Typically, platform checks signature using the DER ROTPK
whereas some others add some related information. Add a new platform
weak function to transform the public key buffer used by
verify_signature to a platform specific public key.
Mark this new weak function as deprecated as it will be replaced
by another framework implementation.
Change-Id: I71017b41e3eca9398cededf317ad97e9b511be5f
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
This patch adds the following changes to complete the existing
TRNG implementation:
1. Adds a feature specific scope for buildlog generation.
2. Updates the docs on the build flag "TRNG_SUPPORT" and its values.
3. Makefile update and improves the existing comments at few sections
for better understanding of the underlying logic.
Change-Id: I3f72f0ccd5c94005a2df87158cf23199d2160d37
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Added a platform function to check passed region is within
the Non-Secure region of DRAM.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ie5808fa6a1b6e6bc99f4185fa8acc52af0d5f14d
Added a platform function to set and get DRTM error.
Also, added a platform function to reset the system.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I471f2387f8c78b21a06af063a6fa02cda3646557
Added platform hooks to retrieve DRTM features and
address map.
Additionally, implemented these hooks for the FVP platform.
Signed-off-by: John Powell <john.powell@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I5621cc9807ffff8139ae8876250147f7b2c76759
Added necessary platform hooks for DRTM DMA protection.
These calls will be used by the subsequent DRTM implementation
patches.
DRTM platform API declarations have been listed down in a
separate header file.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Change-Id: Ib9726d1d3570800241bde702ee7006a64f1739ec
The Arm(R) Ethos(TM)-N NPU driver now supports configuring the SMMU
streams that the NPU shall use and will therefore no longer delegate
access to these registers to the non-secure world. In order for the
driver to support this, the device tree parsing has been updated to
support parsing the allocators used by the NPU and what SMMU stream that
is associated with each allocator.
To keep track of what NPU device each allocator is associated with, the
resulting config from the device tree parsing will now group the NPU
cores and allocators into their respective NPU device.
The SMC API has been changed to allow the caller to specify what
allocator the NPU shall be configured to use and the API version has
been bumped to indicate this change.
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Change-Id: I6ac43819133138614e3f55a014e93466fe3d5277
New helper functions are created to handle data & prefetch aborts
in AARCH32. They call platform functions, just like what
report_exception is doing.
As extended MSR/MRS instructions (to access lr_abt in monitor mode)
are only available if CPU (Armv7) has virtualization extension,
the functions branch to original report_exception handlers if this is
not the case.
Those new helpers are created mainly to distinguish data and prefetch
aborts, as they both share the same mode.
This adds 40 bytes of code.
Change-Id: I5dd31930344ad4e3a658f8a9d366a87a300aeb67
Signed-off-by: Yann Gautier <yann.gautier@st.com>
- Removing platform dependencies from libc modules.
- Replacing panicking with actual error handling.
- Debug macros are included indirectly from assert.h. Removing
"platform_def.h" from assert.h and adding "common/debug.h"
where the macros are used.
- Removing hack for fixing PLAT_LOG_LEVEL_ASSERT to 40.
Instead removing assert with expression, as this
does not provide additional information.
Signed-off-by: Claus Pedersen <claustbp@google.com>
Change-Id: Icc201ea7b63c1277e423c1cfd13fd6816c2bc568
Add platform specific interrupt handler for handling the reboot of
all CPU's. On shutdown/reboot, only one CPU invoke PSCI and enter into
trusted firmware. The CPU which entered trusted firmware signals the
rest of the cores which are online using SGI to initiate power down
sequence. On receiving the SGI, the handler will power down the
GIC redistributor interface of the respective core, configure the power
control register and power down the CPU by executing wfi.
In addition to these changes, fix coding style issues that are not
directly related to the code being introduced in this patch.
Change-Id: I4917dfdc47be5ce7367bee629486a6344cdd706f
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
Add a new function to setup a SGI interrupt that will be used to trigger
a request for per-cpu power down when executing the PSCI SYSTEM_RESET
request. This will be used on CSS platform that require all the CPUs to
execute the CPU specific power down sequence to complete a warm reboot
sequence in which only the CPUs are power cycled.
Change-Id: I80da0f6c3cd0c5c442c82239ba1e1f773821a7f5
Signed-off-by: Pranav Madhu <pranav.madhu@arm.com>
This patch adds two helper functions:
- plat_ic_raise_ns_sgi to raise a NS SGI
- plat_ic_raise_s_el1_sgi to raise a S-EL1 SGI
Signed-off-by: Florian Lugou <florian.lugou@provenrun.com>
Change-Id: I6f262dd1da1d77fec3f850eb74189e726b8e24da
The patch 8c980a4 created a 4KB shared region from the 32MB
Realm region for RMM-EL3 communication. But this meant that BL2
needs to map a region of 32MB - 4KB, which required more xlat
tables at runtime. This patch maps the entire 32MB region in BL2
which is more memory efficient in terms of xlat tables needed.
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I17aa27545293d7b5bbec1c9132ea2c22bf2e7e65
This patch also adds an initial RMM Boot Manifest (v0.1) for fvp
platform.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I1374f8f9cb207028f1820953cd2a5cf6d6c3b948
This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, among others, to pass a boot manifest to RMM. The buffer is
composed a single memory page be used by a later EL3 <-> RMM interface
by all CPUs.
The RMM boot manifest is not implemented by this patch.
In addition to that, this patch also enables support for RMM when
RESET_TO_BL31 is enabled.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I855cd4758ee3843eadd9fb482d70a6d18954d82a
BL2 base address updated to provide enough space for BL31 in
Trusted SRAM when building with BL2_AT_EL3 and ENABLE_PIE options.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ieaba00d841648add855feb99b7923a4b0cccfb08
Sandrine Bailleux
Manish Pandey
Moritz Fischer
Madhukar Pappireddy
laurenw-arm
Nishant Sharma
Olivier Deprez
Manish V Badarkhe
Rajasekaran Kalidoss
Omkar Anand Kulkarni
rutigl@gmail.com
Yann Gautier
Mikael Olsson
Wing Li
Arvind Ram Prakash
Chris Kay
AlexeiFedorov
Channagoud kadabi
Nicolas Toromanoff
Jayanth Dodderi Chidanand
johpow01
Lucian Paul-Trifu
Yann Gautier
Claus Pedersen
Pranav Madhu
Florian Lugou
Soby Mathew
Javier Almansa Sobrino