The commit 3eb2d67 optimizes the memory map for BL2 when TSP
is not present. But this also broke OP-TEE as it was reusing
the TSP mapping. This patch fixes this problem by adding a
separate mapping for OP-TEE in the BL2 memory map table.
Change-Id: I130a2ea552b7b62d8478081feb1f4ddf5292a118
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch ensures that the ARM_MAP_TSP_SEC_MEM memory region is mapped
in BL2 only if the TSPD has been included in the build. This saves one
entry in the plat_arm_mmap[] array and avoids to map extra memory when
it's not needed.
Change-Id: I6ae60822ff8f0de198145925b0b0d45355179a94
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
This patch fixes the PLAT_LOG_LEVEL_ASSERT to 40 which corresponds
to LOG_LEVEL_INFO. Having this level of log for assertions means that the
`assert()` will not generate the strings implied in the expression taken
as parameter. This allows to save some memory when Juno is built for
LOG_LEVEL = LOG_LEVEL_VERBOSE and DEBUG = 1.
FixesARM-software/tf-issues#511
Change-Id: Id84a40f803ab07a5a8f6e587167af96694a07d04
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
zero_normalmem only can zero memory when caches are enabled
and the target memory is a normal memory, otherwise an abort is
generated. In the case of EL3_PAYLOAD_BASE bl2_platform_setup was
calling zero_normalmem with device memory and it generated an abort.
Change-Id: If013603f209a12af488a9c54481f97a8f395b26a
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
The current definition of ARM_INSTANTIATE_LOCK macro includes a
semicolon, which means it's omitted where it's used. This is anomalous
for a C statement in global scope.
Fix this by removing semicolon from the definition; and where it's a
NOP, declare a file-scoped variable explicitly tagged as unused to avoid
compiler warning.
No functional changes.
Change-Id: I2c1d92ece4777e272a025011e03b8003f3543335
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
If SPD_opteed is defined map ARM_OPTEE_PAGEABLE_LOAD_MEM in bl2 to
allow loading of OP-TEE paged part.
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
At present, the MPIDR validation on FVP relies on MT bit set along
with shifted affinities. This currently is additionally dependent
on the FVP model being of variant C. This however should be based
on the presence of MT bit alone.
This patch makes the change to always assume that the affinities
are shifted in the FVP model when MT bit is present.
Change-Id: I09fcb0126e1b38d29124bdeaf3450a60b95d485d
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
The nor_XXXXX functions may fail due to different reasons, and it
is convenient to do a full check to detect any failure. It is also
a good idea to have a specific function to do a full status check,
because new checks can be added to this function and they will be
incorporated automatically to any function calling it.
Change-Id: I54fed913e37ef574c1608e94139a519426348d12
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
NOR memory only supports setting bits to 1. To clear a bit, set to zero,
the NOR memory needs to be erased.
Change-Id: Ia82eb15a5af9a6d4fc7e5ea2b58e6db87226b351
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
The status register bits remain until explicitly cleared, which means
that a command can be incorrectly considered to have generated an error -
for example, after reset the status register contents may be unknown or
if a previous command had failed.
This patch clears the status register before beginning any command to
be sure that the status register only represents information about the
current operation.
Change-Id: I9e98110ee24179937215461c00b6543a3467b350
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
lock/unlock operation must wait until WSM bit
is set. Since we do not allow to loop forever then these functions
must return an error if WSM bit isn't enabled after a number of tries.
Change-Id: I21c9e292b514b28786ff4a225128bcd8c1bfa999
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
Trusted OS may have extra images to be loaded. Load them one by one
and do the parsing. In this patch, ARM TF need to load up to 3 images
for optee os: header, pager and paged images. Header image is the info
about optee os and images. Pager image include pager code and data.
Paged image include the paging parts using virtual memory.
Change-Id: Ia3bcfa6d8a3ed7850deb5729654daca7b00be394
Signed-off-by: Summer Qin <summer.qin@arm.com>
Since Trusted OS firmware may have extra images, need to
assign new uuid and image id for them.
The TBBR chain of trust has been extended to add support
for the new images within the existing Trusted OS firmware
content certificate.
Change-Id: I678dac7ba1137e85c5779b05e0c4331134c10e06
Signed-off-by: Summer Qin <summer.qin@arm.com>
Revision C of the Base FVP has the same memory map as earlier revisions,
but has the following differences:
- Implements CCI550 instead of CCI400,
- Has a single instantiation of SMMUv3,
- CPU MPIDs are shifted left by one level, and has MT bit set in them.
The correct interconnect to program is chosen at run time based on the
FVP revision. Therefore, this patch implements FVP functions for
interconnect programming, rather than depending on ARM generic ones. The
macros used have been renamed to reflect this change.
Additionally, this patch initializes SMMUv3 as part of FVP early
platform setup.
New ARM config flags are introduced for feature queries at run time.
Change-Id: Ic7b7f080953a51fceaf62ce7daa6de0573801f09
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The CCI crash dump macros assumes CCI base at build time. Since this
can't be the case for CCI on FVP, choose not to register dump CCI
registers for FVP.
Change-Id: I7374a037e7fd0a85b138e84b3cf0aa044262da97
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
ARM CPUs with multi-threading implementation has more than one
Processing Element in a single physical CPU. Such an implementation will
reflect the following changes in the MPIDR register:
- The MT bit set;
- Affinity levels pertaining to cluster and CPUs occupy one level
higher than in a single-threaded implementation, and the lowest
affinity level pertains to hardware threads. MPIDR affinity level
fields essentially appear shifted to left than otherwise.
The FVP port henceforth assumes that both properties above to be
concomitant on a given FVP platform.
To accommodate for varied MPIDR formats at run time, this patch
re-implements the FVP platform-specific functions that translates MPIDR
values to a linear indices, along with required validation. The same
treatment is applied for GICv3 MPIDR hashing function as well.
An FVP-specific build option FVP_MAX_PE_PER_CPU is introduced which
specifies the maximum number of threads implemented per CPU. For
backwards compatibility, its value defaults to 1.
Change-Id: I729b00d3e121d16ce9a03de4f9db36dfac580e3f
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
The DEVICE2 memory range is needed to access the Root of Trust Public
Key registers. This is not needed when Trusted Board Boot is disabled
so it's safer to not map it in this case. This also saves one level-2
page table in each of BL1 and BL2 images.
Also add some comments.
Change-Id: I67456b44f3fd5e145f6510a8499b7fdf720a7273
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
On ARM CSS platforms, the SCP_BL2/2U image is loaded below
BL1 read-write data. This same memory is used to load BL31
later on. But sufficient checks were not done to ensure that the
SCP_BL2 would not overwrite BL1 rw data. This patch adds the
required CASSERT checks to prevent overwrite into BL1 or BL2
memory by load of SCP_BL2/2U. Also the size of BL31 is increased
and SCP_BL2/2U size is decreased to accomodate it within the
allocated region.
Change-Id: I23b28b5e1589e91150852a06452bd52b273216ee
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
The SCP_BL2 is transferred to SCP during BL2 image load and authenticate
sequence. The Boot-Over-MHU (BOM) protocol is used as transport for this. After
the SCP boots using the transferred image, the AP CPU waits till the `READY`
message is received from SCP. This patch separates the API for transport of
image from the wait for `READY` message and also moves the related files to
the `css/drivers` folder. The previous API `scp_bootloader_transfer` is
renamed to `css_scp_boot_image_xfer` to reflect the css naming convention.
This reorganisation also allows easier switch to a different transport
(eg: Shared Data Structure based transfer) in future
Change-Id: I8a96f9c4616ffde6dbfdf7c18f6f6f8bfa40bbf0
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Recent patches to reduce the memory footprint of BL images have
resulted in saving several pages of memory. This patch reduces
the BL2 size limit by 20KB for Juno when ARM_BOARD_OPTIMISE_MEM=1
so that more free space can be freed up for Trusted OS (BL32). Also
SCP_BL2/SCP_BL2U size is now restricted to 80K.
Change-Id: I1573d7a34e24d15e4abce8a14da40dbb5dc81e37
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This fix modifies the order of #includes in ARM standard platforms
to meet the ARM TF coding standard.
Change-Id: Ide19aad6233babda4eea2d17d49e523645fed1b2
Signed-off-by: Isla Mitchell <isla.mitchell@arm.com>
This patch implements the platform APIs plat_get_rotpk_info,
plat_get_nv_ctr, plat_set_nv_ctr to invoke CryptoCell SBROM
APIs when ARM_CRYPTOCELL_INT is set.
Change-Id: I693556b3c7f42eceddd527abbe6111e499f55c45
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch makes the necessary changes to enable ARM platform to
successfully integrate CryptoCell during Trusted Board Boot. The
changes are as follows:
* A new build option `ARM_CRYPTOCELL_INTEG` is introduced to select
the CryptoCell crypto driver for Trusted Board boot.
* The TrustZone filter settings for Non Secure DRAM is modified
to allow CryptoCell to read this memory. This is required to
authenticate BL33 which is loaded into the Non Secure DDR.
* The CSS platforms are modified to use coherent stacks in BL1 and BL2
when CryptoCell crypto is selected. This is because CryptoCell makes
use of DMA to transfer data and the CryptoCell SBROM library allocates
buffers on the stack during signature/hash verification.
Change-Id: I1e6f6dcd1899784f1edeabfa2a9f279bbfb90e31
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
On Juno AArch32, the L2 cache may contain garbage after the warm reset
from AArch64 to AArch32. This is all fine until the MMU is configured
and the data caches enabled. To avoid fetching stale data from the L2
unified cache, invalidate it before the warm reset to AArch32 state.
Change-Id: I7d27e810692c02c3e83c9f31de67f6bae59a960a
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Before BL2 loads the SCP ram firmware, `SCP_BOOT_CFG_ADDR` specifies
the primary core. After the SCP ram firmware has started executing,
`SCP_BOOT_CFG_ADDR` is modified. This is not normally an issue but
the Juno AArch32 boot flow is a special case. BL1 does a warm reset
into AArch32 and the core jumps to the `sp_min` entrypoint. This is
effectively a `RESET_TO_SP_MIN` configuration. `sp_min` has to be
able to determine the primary core and hence we need to restore
`SCP_BOOT_CFG_ADDR` to the cold boot value before `sp_min` runs.
This magically worked when booting on A53 because the core index was
zero and it just so happened to match with the new value in
`SCP_BOOT_CFG_ADDR`.
Change-Id: I105425c680cf6238948625c1d1017b01d3517c01
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
These errata are only applicable to AArch64 state. See the errata notice
for more details:
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.epm048406/index.html
Introduce the build options ERRATA_A53_835769 and ERRATA_A53_843419.
Enable both of them for Juno.
Apply the 835769 workaround as following:
* Compile with -mfix-cortex-a53-835769
* Link with --fix-cortex-a53-835769
Apply the 843419 workaround as following:
* Link with --fix-cortex-a53-843419
The erratum 843419 workaround can lead the linker to create new sections
suffixed with "*.stub*" and 4KB aligned. The erratum 835769 can lead the
linker to create new "*.stub" sections with no particular alignment.
Also add support for LDFLAGS_aarch32 and LDFLAGS_aarch64 in Makefile for
architecture-specific linker options.
Change-Id: Iab3337e338b7a0a16b0d102404d9db98c154f8f8
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
SPE is only supported in non-secure state. Accesses to SPE specific
registers from SEL1 will trap to EL3. During a world switch, before
`TTBR` is modified the SPE profiling buffers are drained. This is to
avoid a potential invalid memory access in SEL1.
SPE is architecturally specified only for AArch64.
Change-Id: I04a96427d9f9d586c331913d815fdc726855f6b0
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
On ARM platforms before exiting from SP_MIN ensure that
the default console is switched to the runtime serial port.
Change-Id: I0ca0d42cc47e345d56179eac16aa3d6712767c9b
Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
The ARM_PLAT_MT bit enables the support for MT bit in
MPIDR format. This means that the level 0 affinity
represents the thread and CPU / Cluster levels are
at affinity level 1 and 2 respectively.
This was not catered for in the scpi 'css_scp_get_power_state, API.
Since the SCPI driver can only cater for single threaded CPUs,
this patch fixes the problem by catering for this shift by
effectively ignoring the Thread (level 0) affinity level.
Change-Id: If44f55c9fb2773c8d3f8a9bbcf5420a6f7409dfe
Signed-off-by: jagadeesh ujja <jagadeesh.ujja@arm.com>
This patch makes all the defines in the CPU libraries unique,
by prefixing them with the CPU name.
NOTE: PLATFORMS USING THESE MACROS WILL HAVE TO UPDATE THEIR CODE
TO START USING THE UPDATED NAMES
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds the memory map region for the SCMI payload memory
and maps the Juno core indices to SCMI power domains via the
`plat_css_core_pos_to_scmi_dmn_id_map` array.
Change-Id: I0d2bb2a719ff5b6a9d8e22e91e1625ab14453665
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
This patch adds the SCMI driver for communicating with SCP. The power
domain management and system power management protocol of the SCMI
specification[1] is implemented in the driver. The SCP power management
abstraction layer for SCMI for CSS power management is also added.
A new buid option `CSS_USE_SCMI_DRIVER` is introduced to select SCMI
driver over SCPI.
[1] ARM System Control and Management Interface v1.0 (SCMI)
Document number: ARM DEN 0056A
Change-Id: I67265615a17e679a2afe810b9b0043711ba09dbb
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
ARM GIC-600 IP complies with ARM GICv3 architecture, but among others,
implements a power control register in the Redistributor frame. This
register must be programmed to mark the frame as powered on, before
accessing other registers in the frame. Rest of initialization sequence
remains the same.
The driver provides APIs for Redistributor power management, and
overrides those in the generic GICv3 driver. The driver data is shared
between generic GICv3 driver and that of GIC-600.
For FVP platform, the GIC-600 driver is chosen when FVP_USE_GIC_DRIVER
is set to FVP_GIC600. Also update user guide.
Change-Id: I321b2360728d69f6d4b0a747b2cfcc3fe5a20d67
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Both Cortex-A75 and Cortex-A55 CPUs use the ARM DynamIQ Shared Unit
(DSU). The power-down and power-up sequences are therefore mostly
managed in hardware, and required software operations are considerably
simpler.
Change-Id: I68b30e6e1ebe7c041d5e67f39c59f08575fc7ecc
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Jeenu Viswambharan <jeenu.viswambharan@arm.com>
Since ARM_DRAM2_BASE is above the 32-bit limit, the condition
is always false. Wrap this condition in an ifndef to avoid
warnings during compilation.
Change-Id: Ideabb6c65de6c62474ed03eb29df4b049d5316be
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
This function was removed long ago. Remove remaining
pragma reference.
Change-Id: I66c556863d47dc17d2ffdc6c23aa524df6aade80
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
The default case is impossible to hit as the `power_level`
is already checked earlier. Avoids a clang warning.
Change-Id: I707463c843adc748ee9aa1d2313f9ab7dab3a8ab
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
This options enables an implementation of SHA-256 that has a smaller
code footprint (~1.6 KB less) but is also ~30% slower. For ARM
platforms, code size is currently considered more important than
execution speed in the mbed TLS crypto module.
Added a small note about this option to the documentation of the
authentication framework.
Change-Id: I4c0b221ea5d3466465261316ba07b627fa01b233
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
The header tbbr_oid.h contains OIDs obtained by ARM Ltd.
so there is no good reason to use platform_oid.h
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Platforms aligned with TBBR are supposed to use their own OIDs, but
defining the same macros with different OIDs does not provide any
value (at least technically).
For easier use of TBBR, this commit allows platforms to reuse the OIDs
obtained by ARM Ltd. This will be useful for non-ARM vendors that
do not need their own extension fields in their certificate files.
The OIDs of ARM Ltd. have been moved to include/tools_share/tbbr_oid.h
Platforms can include <tbbr_oid.h> instead of <platform_oid.h> by
defining USE_TBBR_DEFS as 1. USE_TBBR_DEFS is 0 by default to keep the
backward compatibility.
For clarification, I inserted a blank line between headers from the
include/ directory (#include <...>) and ones from a local directory
(#include "..." ).
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The commit abd2aba99e introduced a
regression to the AArch32 sp_min Juno build. This patch fixes that.
Change-Id: I4b141717684d6aee60c761ea17f23170aa6708c3
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Add support for firmware upgrade on AArch32.
This patch has been tested on the FVP models.
NOTE: Firmware upgrade on Juno AArch32 is not currently supported.
Change-Id: I1ca8078214eaf86b46463edd14740120af930aec
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Co-Authored-By: Yatharth Kochar <yatharth.kochar@arm.com>
This patch adds `TRUSTED_BOARD_BOOT` support for AArch32 mode.
To build this patch the "mbedtls/include/mbedtls/bignum.h"
needs to be modified to remove `#define MBEDTLS_HAVE_UDBL`
when `MBEDTLS_HAVE_INT32` is defined. This is a workaround
for "https://github.com/ARMmbed/mbedtls/issues/708"
NOTE: TBBR support on Juno AArch32 is not currently supported.
Change-Id: I86d80e30b9139adc4d9663f112801ece42deafcf
Signed-off-by: dp-arm <dimitris.papastamos@arm.com>
Co-Authored-By: Yatharth Kochar <yatharth.kochar@arm.com>
A previous patch superseded the MBEDTLS_KEY_ALG. This patch updates
the ARM platforms to use the new TF_MBEDTLS_KEY_ALG define.
Change-Id: Ie0e1bc272e127e879ac58e7cfcbe268751d7688e
Signed-off-by: David Cunado <david.cunado@arm.com>
We used to have the following circular dependency in the FVP platform
header files:
+-> arm_def.h ---> platform_def.h ---> fvp_def.h --+
|__________________________________________________|
This patch breaks it by not including 'arm_def.h' from 'fvp_def.h'.
Change-Id: I280d906559e3343dd38764029e77c0ea768b4fec
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
A new file added as part of arm-trusted-firmware#927 was missing the
SPDX license identifier - this patch adds the missing identifier.
Change-Id: Id1355f2bdca930b7e65bb54eff7e6c764ebb0d96
Signed-off-by: David Cunado <david.cunado@arm.com>
Soby Mathew
Sandrine Bailleux
Roberto Vargas
Jeenu Viswambharan
Jens Wiklander
Isla Mitchell
Summer Qin
Dimitris Papastamos
Douglas Raillard
jagadeesh ujja
Varun Wadekar
David Wang
Antonio Nino Diaz
Masahiro Yamada
Yatharth Kochar
David Cunado