Fixes for the following MISRA violations:
- Missing explicit parentheses on sub-expression
- An identifier or macro name beginning with an
underscore, shall not be declared
- Type mismatch in BL1 SMC handlers and tspd_main.c
Change-Id: I7a92abf260da95acb0846b27c2997b59b059efc4
Signed-off-by: Zelalem <zelalem.aweke@arm.com>
The TBBR implementation extracts hashes from certificates and stores
them in static buffers. TF-A supports 3 variants of SHA right now:
SHA-256, SHA-384 and SHA-512. When support for SHA-512 was added in
commit 9a3088a5f5 ("tbbr: Add build flag
HASH_ALG to let the user to select the SHA"), the hash buffers got
unconditionally increased from 51 to 83 bytes each. We can reduce that
space if we're using SHA-256 or SHA-384.
This saves some BSS space in both BL1 and BL2:
- BL1 with SHA-256: saving 168 bytes.
- BL1 with SHA-384: saving 80 bytes.
- BL2 with SHA-256: saving 384 bytes.
- BL2 with SHA-384: saving 192 bytes.
Change-Id: I0d02e5dc5f0162e82339c768609c9766cfe7e2bd
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The TBBR implementation extracts public keys from certificates and
stores them in static buffers. DER-encoded ECDSA keys are only 91 bytes
each but were each allocated 294 bytes instead. Reducing the size of
these buffers saves 609 bytes of BSS in BL2 (294 - 91 = 203 bytes for
each of the 3 key buffers in use).
Also add a comment claryfing that key buffers are tailored on RSA key
sizes when both ECDSA and RSA keys are used.
Change-Id: Iad332856e7af1f9814418d012fba3e1e9399f72a
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
The function names follow the naming convention used by the existing
ARM SCPI client.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: I543bae7d46e206eb405dbedfcf7aeba88a12ca48
Instead, pass back the error to the calling function. This allows
platform code to fall back to another PSCI implementation if
scpi_wait_ready() or a later SCPI command fails.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: Ib4411e63c2512857f09ffffe1c405358dddeb4a6
On systems that have multiple platform components that can interpret the
SCMI messages, there is a need to support multiple SCMI channels (one
each to those platform components). Extend the existing SCMI interface
that currently supports only a single SCMI channel to support multiple
SCMI channels.
Change-Id: Ice4062475b903aef3b5e5bc37df364c9778a62c5
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
In order to allow the MHUv2 driver to be usable with multiple MHUv2
controllers, use the base address of the controller from the platform
information instead of the MHUV2_BASE_ADDR macro.
Change-Id: I4dbab87b929fb0568935e6c8b339ce67937f8cd1
Signed-off-by: Aditya Angadi <aditya.angadi@arm.com>
Introduce the Firmware CONfiguration Framework (fconf).
The fconf is an abstraction layer for platform specific data, allowing
a "property" to be queried and a value retrieved without the requesting
entity knowing what backing store is being used to hold the data.
The default backing store used is C structure. If another backing store
has to be used, the platform integrator needs to provide a "populate()"
function to fill the corresponding C structure.
The "populate()" function must be registered to the fconf framework with
the "FCONF_REGISTER_POPULATOR()". This ensures that the function would
be called inside the "fconf_populate()" function.
A two level macro is used as getter:
- the first macro takes 3 parameters and converts it to a function
call: FCONF_GET_PROPERTY(a,b,c) -> a__b_getter(c).
- the second level defines a__b_getter(c) to the matching C structure,
variable, array, function, etc..
Ex: Get a Chain of trust property:
1) FCONF_GET_PROPERY(tbbr, cot, BL2_id) -> tbbr__cot_getter(BL2_id)
2) tbbr__cot_getter(BL2_id) -> cot_desc_ptr[BL2_id]
Change-Id: Id394001353ed295bc680c3f543af0cf8da549469
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Fix code that violates the MISRA rule:
MISRA C-2012 Rule 11.9: Literal "0" shall not be used as
null pointer constant.
The fix explicitly checks whether a pointer is NULL.
Change-Id: Ibc318dc0f464982be9a34783f24ccd1d44800551
Signed-off-by: Zelalem <zelalem.aweke@arm.com>
In order to access MG SRAM, the amb bridge needs to be configured which is
done in bl2 platform init.
For MG CM3, the image is only loaded to its SRAM and the CM3 itself is
left in reset. It is because the next stage bootloader (e.g. u-boot)
will trigger action which will take it out of reset when needed. This
can happen e.g. when appropriate device-tree setup (which has enabled
802.3 auto-neg) will be chosen. In other cases the MG CM3 should not be
running.
Change-Id: I816ea14e3a7174eace068ec44e3cc09998d0337e
Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
This patch adds 'calc_hash' function using Mbed TLS library
required for Measured Boot support.
Change-Id: Ifc5aee0162d04db58ec6391e0726a526f29a52bb
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
The Secure Configuration Register is 64-bits in AArch64 and 32-bits in
AArch32. Use u_register_t instead of unsigned int to reflect this.
Change-Id: I51b69467baba36bf0cfaec2595dc8837b1566934
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
SPI-NOR framework is based on SPI-MEM framework using
spi_mem_op execution interface.
It implements read functions and allows NOR configuration
up to quad mode.
Default management is 1 data line but it can be overridden
by platform.
It also includes specific quad mode configuration for
Spansion, Micron and Macronix memories.
Change-Id: If49502b899b4a75f6ebc3190f6bde1013651197f
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Christophe Kerello <christophe.kerello@st.com>
This framework supports SPI-NAND and is based on the
SPI-MEM framework for SPI operations. It uses a common high
level access using the io_mtd.
It is limited to the read functionalities.
Default behavior is the basic one data line operation
but it could be overridden by platform.
Change-Id: Icb4e0887c4003a826f47c876479dd004a323a32b
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Christophe Kerello <christophe.kerello@st.com>
The raw NAND framework supports SLC NAND devices.
It introduces a new high level interface (io_mtd) that
defines operations a driver can register to the NAND framework.
This interface will fill in the io_mtd device specification:
- device_size
- erase_size
that could be used by the io_storage interface.
NAND core source file integrates the standard read loop that
performs NAND device read operations using a skip bad block strategy.
A platform buffer must be defined in case of unaligned
data. This buffer must fit to the maximum device page size
defined by PLATFORM_MTD_MAX_PAGE_SIZE.
The raw_nand.c source file embeds the specific NAND operations
to read data.
The read command is a raw page read without any ECC correction.
This can be overridden by a low level driver.
No generic support for write or erase command or software
ECC correction.
NAND ONFI detection is available and can be enabled using
NAND_ONFI_DETECT=1.
For non-ONFI NAND management, platform can define required
information.
Change-Id: Id80e9864456cf47f02b74938cf25d99261da8e82
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Christophe Kerello <christophe.kerello@st.com>
IO seek offset can be set to values above UINT32_MAX, this change
changes the seek offset argument from 'ssize_t' to 'signed long long'.
Fixing platform seek functions to match the new interface update.
Change-Id: I25de83b3b7abe5f52a7b0fee36f71e60cac9cfcb
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
NOTE for platform integrators:
API `plat_psci_stat_get_residency()` third argument
`last_cpu_idx` is changed from "signed int" to the
"unsigned int" type.
Issue / Trouble points
1. cpu_idx is used as mix of `unsigned int` and `signed int` in code
with typecasting at some places leading to coverity issues.
2. Underlying platform API's return cpu_idx as `unsigned int`
and comparison is performed with platform specific defines
`PLAFORM_xxx` which is not consistent
Misra Rule 10.4:
The value of a complex expression of integer type may only be cast to
a type that is narrower and of the same signedness as the underlying
type of the expression.
Based on above points, cpu_idx is kept as `unsigned int` to match
the API's and low-level functions and platform defines are updated
where ever required
Signed-off-by: Deepika Bhavnani <deepika.bhavnani@arm.com>
Change-Id: Ib26fd16e420c35527204b126b9b91e8babcc3a5c
In further patches, we wish to enable -wredundant-decls check as
part of warning flags by default.
Change-Id: I43410d6dbf40361a503c16d94ccf0f4cf29615b7
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Now that DDR drivers are mostly cleaned up , move them out of staging.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Change-Id: I9de63f847a0ef9ac27a79fb0f848c351fd7f4da6
The SCU connects one to four Cortex-A5/Cortex-A9 processors
to the memory system through the AXI interfaces.
The SCU functions are to:
- maintain data cache coherency between the Cortex-A5/Cortex-A9
processors
- initiate L2 AXI memory accesses
- arbitrate between Cortex-A5/Cortex-A9 processors requesting
L2 accesses
- manage ACP accesses.
Snoop Control Unit will enable to snoop on other CPUs caches.
This is very important when it comes to synchronizing data between
CPUs. As an example, there is a high chance that data might be
cache'd and other CPUs can't see the change. In such cases,
if snoop control unit is enabled, data is synchoronized immediately
between CPUs and the changes are visible to other CPUs.
This driver provides functionality to enable SCU as well as enabling
user to know the following
- number of CPUs present
- is a particular CPU operating in SMP mode or AMP mode
- data cache size of a particular CPU
- does SCU has ACP port
- is L2CPRESENT
Change-Id: I0d977970154fa60df57caf449200d471f02312a0
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
On some platforms the UART might have already been initialised, for
instance by firmware running before TF-A or by a separate management
processor. In this case it would not be need to initialise it again
(doing so could create spurious characters). But more importantly this
saves us from knowing the right baudrate and the right base clock rate
for the UART. This can lead to more robust and versatile firmware builds.
Allow to skip the 16550 UART initialisation and baud rate divisor
programming, by interpreting an input clock rate of "0" to signify this
case. This will just skip the call to console_16550_core_init, but still
will register the console properly.
Users should just pass 0 as the second parameter, the baudrate (third
parameter) will then be ignored as well.
Fix copy & paste typos in comments for the console_16550_register()
function on the way.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: I9f8fca5b358f878fac0f31dc411358fd160786ee
Previously, the A64/H5 and H6 platforms' PMIC setup code was entirely
independent. However, some H6 boards also need early regulator setup.
Most of the register interface and all of the device tree traversal code
can be reused between the AXP803 and AXP805. The main difference is the
hardware bus interface, so that part is left to the platforms. The
remainder is moved into a driver.
I factored out the bits that were obviously specific to the AXP803;
additional changes for compatibility with other PMICs can be made as
needed.
The only functional change is that rsb_init() now checks the PMIC's chip
ID register against the expected value. This was already being done in
the H6 version of the code.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: Icdcf9edd6565f78cccc503922405129ac27e08a2
This adds the new regulator list, as well as changes to make the switch
(equivalent to DC1SW on the AXP803) work on both PMICs.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: I9a1eac8ddfc54b27096c10a8eebdd51aaf9b8311
Add support for powering off the SGMII COMPHY (on lanes 0 and 1).
This is needed sometimes on Turris Mox when using KEXEC.
There is also another benefit of a little energy saving when the given
network interface is down.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Change-Id: I55ae0fe3627e7cc0f65c78a00771939d8bf5399f
When USB3 is on lane 2 and indirect register access is used, the polling
at the end of the mvebu_a3700_comphy_usb3_power_on function is
incorrect.
The LOOPBACK_REG0 register should not be used at all. Instead we have to
write the LANE_STATUS1 register address (with offset
USB3PHY_LANE2_REG_BASE_OFFSET) into the indirect address register and
then we should poll indirect data register.
This fixes problems on Turris Mox, which uses lane 2 for USB3.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Change-Id: I968b0cccee5ddbe10a2b5614e52e52d87682aacd
Add the support needed to enable using CryptoCell integration with
with RSA 3K support.
Signed-off-by: Gilad Ben-Yossef <gilad.benyossef@arm.com>
Change-Id: I95527cb0c41ae012109e8968dd20a4ae9fe67f17
As supporting architectures aside from AArch32 and AArch64 is not a
concern, keeping identical definitions in two places for a large part
of the libc seems counterproductive
The int128 types were left un-unified as __int128 is not supported by
gcc on AArch32
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Change-Id: Idf08e6fab7e4680d9da62d3c57266ea2d80472cf
-Wlogical-op prevents common errors with using numerical constants where
a boolean one is expected as well as when the operands of a logical
operator are the same. While these are perfectly valid behavior, they
can be a sign that something is slightly off.
This patch adds this warning to gcc and it's closest equivalent to
clang, while also fixing any warnings that enabling them causes.
Change-Id: Iabadfc1e6ee0c44eef6685a23b0aed8abef8ce89
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Variable shadowing is, according to the C standard, permitted and valid
behaviour. However, allowing a local variable to take the same name as a
global one can cause confusion and can make refactoring and bug hunting
more difficult.
This patch moves -Wshadow from WARNING2 into the general warning group
so it is always used. It also fixes all warnings that this introduces
by simply renaming the local variable to a new name
Change-Id: I6b71bdce6580c6e58b5e0b41e4704ab0aa38576e
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
Arm's GIC-600 features a Power Register (GICR_PWRR),
which needs to be programmed to enable redistributor
operation. Section 3.6.1 in the GIC-600 TRM describes
the power-up and power-down sequence in pseudo code,
which deviates from the current TF-A implementation
in drivers/arm/gic/v3/gic600.c.
For powering on a redistributor, the pseudo code suggests
to loop over the whole sequence (check for transition,
write request bit) instead of just looping over the
ready bit read as TF-A does in gic600_pwr_on().
This patch fixes GIC-600 power up sequence according
to the TRM.
Change-Id: I445c480e96ba356b69a2d8e5308ffe6c0a97f45b
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Previous implementation of timers assumed that clk_div has pretty
representation in MHz (10MHz, 100MHz, etc). Unusual frequencies
(99.99MHz) were causing assertion error and made udelay unusable.
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: Ic915fff224369d113fd9f8edbcfff169fca8beac
Add support to configure GIC-600's multichip routing table registers.
Introduce a new gic600 multichip structure in order to support platforms
to pass their GIC-600 multichip information such as routing table owner,
SPI blocks ownership.
This driver is currently experimental and the driver api may change in
the future.
Change-Id: Id409d0bc07843e271ead3fc2f6e3cb38b317878d
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Instead of retry polling, timer of 1ms is used to poll
Signed-off-by: Deepika Bhavnani <deepika.bhavnani@arm.com>
Change-Id: I7e028dc68138d2888e3cf0cbed744f5e6bc6ff42
Currently for Armv7 plaforms the quotient calculated in pl011
uart init code is moved to register r1.
This patch moves the quotient to register r2 as done for other
platforms in the udiv instruction. Value of register r2 is then
used to calculate the values for IBRD and FBRD register
Change-Id: Ie6622f9f0e6d634378b471df5d02823b492c8a24
Signed-off-by: Avinash Mehta <avinash.mehta@arm.com>
Change-Id: I84f8a99be2dcdf7c51fbecdb324df8e2f32cc855
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
In the SD Specification, Power Up Diagram of Card figure, the Timeout
value for initialization process (ACMD41 command retries) is 1 second.
Align to match MMC cards (in mmc_send_op_cond()) and Linux kernel code,
and set the delay between ACMD41 command retries to 10ms.
Change-Id: I2e07cb9944e7d7b72f2d4b13e0505e6751458091
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This patch provides declaration and definition of new GICv3 driver
API: gicv3_rdistif_probe().This function delegates the responsibility
of discovering the corresponding Redistributor base frame to each CPU
itself. It is a modified version of gicv3_rdistif_base_addrs_probe()
and is executed by each CPU in the platform unlike the previous
approach in which only the Primary CPU did the discovery of all the
Redistributor frames for every CPU.
The flush operations as part of gicv3_driver_init() function are
made necessary even for platforms with WARMBOOT_ENABLE_DCACHE_EARLY
because the GICv3 driver data structure contents are accessed by CPU
with D-Cache turned off during power down operations.
Change-Id: I1833e81d3974b32a3e4a3df4766a33d070982268
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This commit adds authentication binary support for STM32MP1.
It prints the bootrom authentication result if signed
image is used and authenticates the next loaded STM32 images.
It also enables the dynamic translation table support
(PLAT_XLAT_TABLES_DYNAMIC) to use bootrom services.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: Iba706519e0dc6b6fae1f3dd498383351f0f75f51
This BSEC service is a platform specific service. Implementation
moved to the platform part.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I1f70ed48a446860498ed111acce01187568538c9
The driver manages the HASH processor IP on STM32MP1
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I3b67c80c16d819f86b951dae29a6c465e51ad585
The block size of some storage device is 4096-byte long, such as UFS. But
PARTITION_BLOCK_SIZE is defined as 512-byte long. So replace it by
PLAT_PARTITION_BLOCK_SIZE. Make it configurable in platform.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
Change-Id: Iada05f7c646d0a0f2c0d3b8545540b3cb7153de3
Zelalem
Sandrine Bailleux
Chiaki Fujii
Yusuke Goda
Samuel Holland
Aditya Angadi
Louis Mayencourt
Grzegorz Jaszczyk
Alexei Fedorov
Lionel Debieve
Yann Gautier
Deepika Bhavnani
Madhukar Pappireddy
Marek Vasut
Vishnu Banavath
Andre Przywara
Marek Behún
Gilad Ben-Yossef
Bence Szépkúti
Justin Chadwell
Max Shvetsov
Vijayenthiran Subramaniam
Avinash Mehta
Nicolas Le Bayon
Haojian Zhuang