This patch fixes the build time condition deciding whether the
read-write data should be relocated from ROM to RAM. It was incorrectly
using __DATA_ROM_START__, which is a linker symbol and not a compiler
build flag. As a result, the relocation code was always compiled out.
This bug has been introduced by the following patch:
"Rationalize reset handling code"
Change-Id: I1c8d49de32f791551ab4ac832bd45101d6934045
In order to handle secure/non-secure interrupts, overload the plat_ic_*
functions and copy GIC helper functions from arm_gic.c. Use arm_gic.c
as the reference to add Tegra's GIC helper functions.
Now that Tegra has its own GIC implementation, we have no use for
plat_gic.c and arm_gic.c files.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
The validation of the caching enable state in bl1_main() was
incorrect resulting in the state not being checked. Using the right
operator fixes this.
Change-Id: I2a99478f420281a1dcdf365d3d4fd8394cd21b51
mpidr_set_aff_inst() is left shifting an int constant and an
unsigned char value to construct an MPIDR. For affinity level 3 a
shift of 32 would result in shifting out of the 32-bit type and
have no effect on the MPIDR.
These values need to be extended to unsigned long before shifting
to ensure correct results for affinity level 3.
Change-Id: I1ef40afea535f14cfd820c347a065a228e8f4536
Add SP804 delay timer support to the FVP BSP.
This commit simply provides the 3 constants needed by the SP804
delay timer driver and calls sp804_timer_init() in
bl2_platform_setup(). The BSP does not currently use the delay
timer functions.
Note that the FVP SP804 is a normal world accessible peripheral
and should not be used by the secure world after transition
to the normal world.
Change-Id: I5f91d2ac9eb336fd81943b3bb388860dfb5f2b39
Co-authored-by: Dan Handley <dan.handley@arm.com>
Add a delay timer driver for the ARM SP804 dual timer.
This driver only uses the first timer, called timer 1 in the
SP804 Technical Reference Manual (ARM DDI 0271D).
To use this driver, the BSP must provide three constants:
* The base address of the SP804 dual timer
* The clock multiplier
* The clock divider
The BSP is responsible for calling sp804_timer_init(). The SP804
driver instantiates a constant timer_ops_t and calls the generic
timer_init().
Change-Id: I49ba0a52bdf6072f403d1d0a20e305151d4bc086
Co-authored-by: Dan Handley <dan.handley@arm.com>
The API is simple. The BSP or specific timer driver creates an
instance of timer_ops_t, fills in the timer specific data, then calls
timer_init(). The timer specific data includes a function pointer
to return the timer value and a clock multiplier/divider. The ratio
of the multiplier and the divider is the clock frequency in MHz.
After that, mdelay() or udelay() can be called to delay execution for
the specified time (milliseconds or microseconds, respectively).
Change-Id: Icf8a295e1d25874f789bf28b7412156329dc975c
Co-authored-by: Dan Handley <dan.handley@arm.com>
This patch adds support to reserve a memory carveout region in the
DRAM on Tegra SoCs. The memory controller provides specific registers
to specify the aperture's base and size. This aperture can also be
changed dynamically in order to re-size the memory available for
DRM video playback. In case of the new aperture not overlapping
the previous one, the previous aperture has to be cleared before
setting up the new one. This means we do not "leak" any video data
to the NS world.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds support to run a Trusted OS during boot time. The
previous stage bootloader passes the entry point information in
the 'bl32_ep_info' structure, which is passed over to the SPD.
The build system expects the dispatcher to be passed as an input
parameter using the 'SPD=<dispatcher>' option. The Tegra docs have
also been updated with this information.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
For CSS based platforms, the constants MHU_SECURE_BASE and
MHU_SECURE_SIZE used to define the extents of the Trusted Mailboxes.
As such, they were misnamed because the mailboxes are completely
unrelated to the MHU hardware.
This patch removes the MHU_SECURE_BASE and MHU_SECURE_SIZE #defines.
The address of the Trusted Mailboxes is now relative to the base of
the Trusted SRAM.
This patch also introduces a new constant, SCP_COM_SHARED_MEM_BASE,
which is the address of the first memory region used for communication
between AP and SCP. This is used by the BOM and SCPI protocols.
Change-Id: Ib200f057b19816bf05e834d111271c3ea777291f
Add a comment explaining what the SCP boot configuration information
is on CSS based platforms like Juno. Also express its address
relatively to the base of the Trusted SRAM rather than hard-coding it.
Change-Id: I82cf708a284c8b8212933074ea8c37bdf48b403b
The 'ARM_TSP_RAM_LOCATION_ID' option specified in the user guide
corresponds to the internal definition not visible to the final
user. The proper build option is 'ARM_TSP_RAM_LOCATION'. This
patch fixes it.
FixesARM-software/tf-issues#308
Change-Id: Ica8cb72c0c5e8b3503f60b5357d16698e869b1bd
This patch introduces a new platform build option, called
PROGRAMMABLE_RESET_ADDRESS, which tells whether the platform has
a programmable or fixed reset vector address.
If the reset vector address is fixed then the code relies on the
platform_get_entrypoint() mailbox mechanism to figure out where
it is supposed to jump. On the other hand, if it is programmable
then it is assumed that the platform code will program directly
the right address into the RVBAR register (instead of using the
mailbox redirection) so the mailbox is ignored in this case.
Change-Id: If59c3b11fb1f692976e1d8b96c7e2da0ebfba308
The attempt to run the CPU reset code as soon as possible after reset
results in highly complex conditional code relating to the
RESET_TO_BL31 option.
This patch relaxes this requirement a little. In the BL1, BL3-1 and
PSCI entrypoints code, the sequence of operations is now as follows:
1) Detect whether it is a cold or warm boot;
2) For cold boot, detect whether it is the primary or a secondary
CPU. This is needed to handle multiple CPUs entering cold reset
simultaneously;
3) Run the CPU init code.
This patch also abstracts the EL3 registers initialisation done by
the BL1, BL3-1 and PSCI entrypoints into common code.
This improves code re-use and consolidates the code flows for
different types of systems.
NOTE: THE FUNCTION plat_secondary_cold_boot() IS NOW EXPECTED TO
NEVER RETURN. THIS PATCH FORCES PLATFORM PORTS THAT RELIED ON THE
FORMER RETRY LOOP AT THE CALL SITE TO MODIFY THEIR IMPLEMENTATION.
OTHERWISE, SECONDARY CPUS WILL PANIC.
Change-Id: If5ecd74d75bee700b1bd718d23d7556b8f863546
This patch removes the FIRST_RESET_HANDLER_CALL build flag and its
use in ARM development platforms. If a different reset handling
behavior is required between the first and subsequent invocations
of the reset handling code, this should be detected at runtime.
On Juno, the platform reset handler is now always compiled in.
This means it is now executed twice on the cold boot path, first in
BL1 then in BL3-1, and it has the same behavior in both cases. It is
also executed twice on the warm boot path, first in BL1 then in the
PSCI entrypoint code.
Also update the documentation to reflect this change.
NOTE: THIS PATCH MAY FORCE PLATFORM PORTS THAT USE THE
FIRST_RESET_HANDLER_CALL BUILD OPTION TO FIX THEIR RESET HANDLER.
Change-Id: Ie5c17dbbd0932f5fa3b446efc6e590798a5beae2
This patch fixes the incorrect bit width used to extract the wakeup
reason from PSYSR in platform_get_entrypoint() function. This defect
did not have any observed regression.
Change-Id: I42652dbffc99f5bf50cc86a5878f28d730720d9a
On ARM standard platforms, snoop and DVM requests used to be enabled
for the primary CPU's cluster only in the first EL3 bootloader.
In other words, if the platform reset into BL1 then CCI coherency
would be enabled by BL1 only, and not by BL3-1 again.
However, this doesn't cater for platforms that use BL3-1 along with
a non-TF ROM bootloader that doesn't enable snoop and DVM requests.
In this case, CCI coherency is never enabled.
This patch modifies the function bl31_early_platform_setup() on
ARM standard platforms so that it always enables snoop and DVM
requests regardless of whether earlier bootloader stages have
already done it. There is no harm in executing this code twice.
ARM Trusted Firmware Design document updated accordingly.
Change-Id: Idf1bdeb24d2e1947adfbb76a509f10beef224e1c
T210 is the latest chip in the Tegra family of SoCs from NVIDIA. It is an
ARM v8 dual-cluster (A57/A53) SoC, with any one of the clusters being active
at a given point in time.
This patch adds support to boot the Trusted Firmware on T210 SoCs. The patch
also adds support to boot secondary CPUs, enter/exit core power states for
all CPUs in the slow/fast clusters. The support to switch between clusters
is still not available in this patch and would be available later.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch adds driver for the 16550 UART interface. The driver is exposed
as a console, which platforms can use to dump their boot/crash logs.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch fixes the incorrect bit width used to extract the primary
cpu id from `ap_data` exported by scp at SCP_BOOT_CFG_ADDR in
platform_is_primary_cpu().
Change-Id: I14abb361685f31164ecce0755fc1a145903b27aa
The ARM GIC driver treats the entire contents of the GICC_HPPIR as the interrupt
ID instead of just bits[9:0]. This could result in an SGI being treated as a
Group 1 interrupt on a GICv2 system.
This patch introduces a mask to retrieve only the ID from a read of GICC_HPPIR,
GICC_IAR and similar registers. The value read from these registers is masked
with this constant prior to use as an interrupt ID.
FixesARM-software/tf-issues#306
Change-Id: Ie3885157de33b71df9781a41f6ef015a30c4608d
Fix the return type of the FVP `plat_arm_topology_setup` function
to be `void` instead of `int` to match the declaration in
`plat_arm.h`.
This does not result in any change in behavior.
Change-Id: I62edfa7652b83bd26cffb7d167153959b38e37e7
There are couple of issues with how the interrupt routing framework in BL3_1
handles spurious interrupts.
1. In the macro 'handle_interrupt_exception', if a spurious interrupt is
detected by plat_ic_get_pending_interrupt_type(), then execution jumps to
'interrupt_exit_\label'. This macro uses the el3_exit() function to return to
the original exception level. el3_exit() attempts to restore the SPSR_EL3 and
ELR_EL3 registers with values from the current CPU context. Since these
registers were not saved in this code path, it programs stale values into
these registers. This leads to unpredictable behaviour after the execution of
the ERET instruction.
2. When an interrupt is routed to EL3, it could be de-asserted before the
GICC_HPPIR is read in plat_ic_get_pending_interrupt_type(). There could be
another interrupt pending at the same time e.g. a non-secure interrupt. Its
type will be returned instead of the original interrupt. This would result in
a call to get_interrupt_type_handler(). The firmware will panic if the
handler for this type of interrupt has not been registered.
This patch fixes the first problem by saving SPSR_EL3 and ELR_EL3 early in the
'handle_interrupt_exception' macro, instead of only doing so once the validity
of the interrupt has been determined.
The second problem is fixed by returning execution back to the lower exception
level through the 'interrupt_exit_\label' label instead of treating it as an
error condition. The 'interrupt_error_\label' label has been removed since it is
no longer used.
FixesARM-software/tf-issues#305
Change-Id: I81c729a206d461084db501bb81b44dff435021e8
In the debug build of the function get_power_on_target_afflvl(), there is a
check to ensure that the CPU is emerging from a SUSPEND or ON_PENDING state.
The state is checked without acquiring the lock for the CPU node. The state
could be updated to ON_PENDING in psci_afflvl_on() after the target CPU has
been powered up. This results in a race condition which could cause the
check for the ON_PENDING state in get_power_on_target_afflvl() to fail.
This patch resolves this race condition by setting the state of the target
CPU to ON_PENDING before the platform port attempts to power it on. The
target CPU is thus guaranteed to read the correct the state. In case
the power on operation fails, the state of the CPU is restored to OFF.
FixesARM-software/tf-issues#302
Change-Id: I3f2306a78c58d47b1a0fb7e33ab04f917a2d5044
Device tree idle state bindings changed in kernel v3.18. This patch
updates the FVP DT files to use PSCI suspend as idle state.
The patch also updates the 'compatible' property in the PSCI node
and the 'entry-method' property in the idle-states node in the FVP
Foundation GICv2-legacy device tree.
Change-Id: Ie921d497c579f425c03d482f9d7b90e166106e2f
There has been a breaking change in the communication protocols used
between the AP cores and the SCP on CSS based platforms like Juno.
This means both the AP Trusted Firmware and SCP firmware must be
updated at the same time.
In case the user forgets to update the SCP ROM firmware, this patch
detects when it still uses the previous version of the communication
protocol. It will then output a comprehensive error message that helps
trouble-shoot the issue.
Change-Id: I7baf8f05ec0b7d8df25e0ee53df61fe7be0207c2
The communication protocol used between the AP cores and the SCP
in CSS-based platforms like Juno has undergone a number of changes.
This patch makes the required modifications to the SCP Boot Protocol,
SCPI Protocol and MHU driver code in shared CSS platform code so that
the AP cores are still able to communicate with the SCP.
This patch focuses on the mandatory changes to make it work. The
design of this code needs to be improved but this will come in
a subsequent patch.
The main changes are:
- MHU communication protocol
- The command ID and payload size are no longer written into the
MHU registers directly. Instead, they are stored in the payload
area. The MHU registers are now used only as a doorbell to kick
off messages. Same goes for any command result, the AP has to
pick it up from the payload area.
- SCP Boot Protocol
- The BL3-0 image is now expected to embed a checksum. This
checksum must be passed to the SCP, which uses it to check the
integrity of the image it received.
- The BL3-0 image used to be transferred a block (4KB)
at a time. The SCP now supports receiving up to 128KB at a
time, which is more than the size of the BL3-0 image.
Therefore, the image is now sent in one go.
- The command IDs have changed.
- SCPI Protocol
- The size of the SCPI payload has been reduced down from 512
bytes to 256 bytes. This changes the base address of the
AP-to-SCP payload area.
- For commands that have a response, the response is the same SCPI
header that was sent, except for the size and the status, which
both must be updated appropriately. Success/Failure of a command
is determined by looking at the updated status code.
- Some command IDs have changed.
NOTE: THIS PATCH BREAKS COMPATIBILITY WITH FORMER VERSIONS OF THE SCP
FIRMWARE AND THUS REQUIRES AN UPDATE OF THIS BINARY. THE LATEST SCP
BINARY CAN BE OBTAINED FROM THE ARM CONNECTED COMMUNITY WEBSITE.
Change-Id: Ia5f6b95fe32401ee04a3805035748e8ef6718da7
Update the User Guide, Porting Guide and Firmware Design documents
to align them with the recent changes made to the FVP and Juno
platform ports.
Also fix some other historical inaccuracies.
Change-Id: I37aba4805f9044b1a047996d3e396c75f4a09176
Move the Juno port from plat/juno to plat/arm/board/juno. Also rename
some of the files so they are consistently prefixed with juno_.
Update the platform makefiles accordingly.
Change-Id: I0af6cb52a5fee7ef209107a1188b76a3c33a2a9f
danh-arm
Sandrine Bailleux
Varun Wadekar
Andrew Thoelke
Ryan Harkin
Achin Gupta
Juan Castillo
Soby Mathew