Current RAS framework in TF-A only supports handling errors originating
from NS world but the HANDLE_EA_EL3_FIRST flag configures it for all
lower Els. To make the current design of RAS explicit, rename this macro
to HANDLE_EA_EL3_FIRST_NS and set EA bit in scr_el3 only when
switching to NS world.
Note: I am unaware of any platform which traps errors originating in
Secure world to EL3, if there is any such platform then it need to
be explicitly implemented in TF-A
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: If58eb201d8fa792c16325c85c26056e9b409b750
get_el_str() was implemented under ENABLE_BACKTRACE macro but being
used at generic places too, this causes multiple definition of this
function.
Remove duplicate definition of this function and move it out of
backtrace scope. Also, this patch fixes a small bug where in default
case S-EL1 is returned which ideally should be EL1, as there is no
notion of security state in EL string.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib186ea03b776e2478eff556065449ebd478c3538
When pointer authentication is used the frame record return address
includes the pointer authentication code hence it must be masked out
when willing to compare the pointer value with another address or
checking its validity. The stack unwind function missed one case of
adjusting the return address leading to a misinterpreted corrupted stack
frame error message.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I435140937d5fd0f43da27c77d96056b7606d87e9
New helper functions are created to handle data & prefetch aborts
in AARCH32. They call platform functions, just like what
report_exception is doing.
As extended MSR/MRS instructions (to access lr_abt in monitor mode)
are only available if CPU (Armv7) has virtualization extension,
the functions branch to original report_exception handlers if this is
not the case.
Those new helpers are created mainly to distinguish data and prefetch
aborts, as they both share the same mode.
This adds 40 bytes of code.
Change-Id: I5dd31930344ad4e3a658f8a9d366a87a300aeb67
Signed-off-by: Yann Gautier <yann.gautier@st.com>
FEAT_RNG_TRAP introduces support for EL3 trapping of reads of the
RNDR and RNDRRS registers, which is enabled by setting the
SCR_EL3.TRNDR bit. This patch adds a new build flag
ENABLE_FEAT_RNG_TRAP that enables the feature.
This feature is supported only in AArch64 state from Armv8.5 onwards.
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: Ia9f17aef3444d3822bf03809036a1f668c9f2d89
Adding interface for stand-alone semantic version of TF-A
for exporting to RSS attestation, and potentially other areas
as well.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ib4a2c47aa1e42a3b850185e674c90708a05cda53
This change adds "FEAT_TRBE" to be part of feature detection mechanism.
Previously feature enablement flags were of boolean type, containing
either 0 or 1. With the introduction of feature detection procedure
we now support three states for feature enablement build flags(0 to 2).
Accordingly, "ENABLE_TRBE_FOR_NS" flag is now modified from boolean
to numeric type to align with the feature detection.
Change-Id: I53d3bc8dc2f6eac63feef22dfd627f3a48480afc
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
This change adds "FEAT_BRBE" to be part of feature detection mechanism.
Previously feature enablement flags were of boolean type, possessing
either 0 or 1. With the introduction of feature detection procedure
we now support three states for feature enablement build flags(0 to 2).
Accordingly, "ENABLE_BRBE_FOR_NS" flag is now modified from boolean
to numeric type to align with the feature detection.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I1eb52863b4afb10b808e2f0b6584a8a210d0f38c
Enable the SPMC to handle calls to FFA_PARTITION_INFO_GET.
This allows the normal world to discover which partitions
are running in the secure world including logical partitions
in EL3.
This implementation supports both the v1.0 and v1.1
implementations of the Partition Info Get Descriptor.
The SPMC populates the appropriate descriptor in the
partitions RX buffer, if requested, according to the
version of FF-A that the caller is using.
Additionally rename the common/uuid UUID_H include guard
due to a conflict with another header file.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I0a85f1dae50fae1fe47a3cafb765fbe9f40619e1
This change adds a new utility function - `fdtw_find_or_add_subnode`
to find a subnode. If the subnode is not present, the function adds
it in the flattened device tree.
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Change-Id: Idf3ceddc57761ac015763d4a8b004877bcad766a
Some platforms require extra firmware to implement CPU_SUSPEND, or only
have working CPU_SUSPEND in certain configurations. On these platforms,
CPU idle states should only be listed in the devicetree when they are
actually available. Add a function BL31 can use to dynamically supply
this idle state information.
Change-Id: I64fcc288303faba8abec4f59efd13a04220d54dc
Signed-off-by: Samuel Holland <samuel@sholland.org>
The devicetree specification[1] defines the generic DT properties
"mac-address" and "local-mac-address", that allow to set the MAC address
for a network device. This is needed because many platform network
devices do not define a method for obtaining a unique MAC address, and
many devices lack the non-volatile storage to hold such a number.
Some platforms (for instance Allwinner) derive the MAC address from
another unique SoC property, for instance some serial number. To allow
those MAC address to be set by TF-A, add a function that finds the DT
node of a network device (by using the "ethernet<x>" alias), then adding
the "local-mac-address" property into that node, setting it to a user
provided address. Platforms can use this function to generate MAC
addresses in a platform specific way, and store them in the DT.
DT consumers like U-Boot or the Linux kernel will automatically pick up
the address from that property and program the MAC device accordingly.
[1] https://devicetree-specification.readthedocs.io/en/latest/chapter4-device-bindings.html#local-mac-address-property
Change-Id: I3f5766cc575fa9718f9ca23e8269b11495c43be2
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The current implementation uses plat_arm API under generic code.
"plat_arm" API is a convention used with Arm common platform layer
and is reserved for that purpose. In addition, the function has a
weak definition which is not encouraged in TF-A.
Henceforth, removing the weak API with a configurable macro "TWED_DELAY"
of numeric data type in generic code and simplifying the implementation.
By default "TWED_DELAY" is defined to zero, and the delay value need to
be explicitly set by the platforms during buildtime.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I25cd6f628e863dc40415ced3a82d0662fdf2d75a
This patch adds architectural features detection procedure to ensure
features enabled are present in the given hardware implementation.
It verifies whether the architecture build flags passed during
compilation match the respective features by reading their ID
registers. It reads through all the enabled feature specific ID
registers at once and panics in case of mismatch(feature enabled
but not implemented in PE).
Feature flags are used at sections (context_management,
save and restore routines of registers) during context switch.
If the enabled feature flag is not supported by the PE, it causes an
exception while saving or restoring the registers guarded by them.
With this mechanism, the build flags are validated at an early
phase prior to their usage, thereby preventing any undefined action
under their control.
This implementation is based on tristate approach for each feature and
currently FEAT_STATE=0 and FEAT_STATE=1 are covered as part of this
patch. FEAT_STATE=2 is planned for phase-2 implementation and will be
taken care separately.
The patch has been explicitly tested, by adding a new test_config
with build config enabling majority of the features and detected
all of them under FVP launched with parameters enabling v8.7 features.
Note: This is an experimental procedure and the mechanism itself is
guarded by a macro "FEATURE_DETECTION", which is currently being
disabled by default.
The "FEATURE_DETECTION" macro is documented and the platforms are
encouraged to make use of this diagnostic tool by enabling this
"FEATURE_DETECTION" flag explicitly and get used to its behaviour
during booting before the procedure gets mandated.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: Ia23d95430fe82d417a938b672bfb5edc401b0f43
Measured-Boot and Trusted-Boot are orthogonal to each other and hence
removed dependency of Trusted-Boot on Measured-Boot by making below
changes -
1. BL1 and BL2 main functions are used for initializing Crypto module
instead of the authentication module
2. Updated Crypto module registration macro for MEASURED_BOOT with only
necessary callbacks for calculating image hashes
3. The 'load_auth_image' function is now used for the image measurement
during Trusted or Non-Trusted Boot flow
Change-Id: I3570e80bae8ce8f5b58d84bd955aa43e925d9fff
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Use long instead of long long on aarch64 for 64_t stdint types.
Introduce inttypes.h to properly support printf format specifiers for
fixed width types for such change.
Change-Id: I0bca594687a996fde0a9702d7a383055b99f10a1
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
When we use our fdt_read_uint32* helper functions, we output a warning
on not finding the requested property.
However non-existing properties are not that uncommon, and *trying* to
read such a property is actually a nice way of checking its existence.
Since we already return a specific error value in this case, the caller
can easily check this and give a more specific error message, if needed.
When the caller decides to properly handle the error (fallback, default
value, etc), a message on the console is quite misleading.
Demote the message to a VERBOSE, so normal builds will not spam the
console with pointless messages.
Change-Id: I7a279a4ee0147c5f4a0503d0a8745c6cfea58be5
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
For platforms where we don't know the number of cores at compile time,
the size of the GIC redistributor frame is then also undetermined, since
it depends on this number of cores.
On top of this the GICR base address can also change, when an unknown
number of ITS frames (including zero) take up space between the
distributor and redistributor.
So while those two adjustments are done for independent reasons, the
code for doing so is very similar, so we should utilise the existing
fdt_adjust_gic_redist() function.
Add an (optional) gicr_base parameters to the prototype, so callers can
choose to also adjust this base address later, if needed.
Change-Id: Id39c0ba83e7401fdff1944e86950bb7121f210e8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This change adds a new utility function - `fdtw_for_each_cpu` - to
invoke a callback for every CPU node listed in a flattened device tree
(FDT) with the node identifier and the MPIDR of the core it describes.
Signed-off-by: Chris Kay <chris.kay@arm.com>
Change-Id: Iabb5c0f0c9d11928a4a7a41cdc7d1e09aadeb2bc
This has been introduced to simplify dependencies on the FDT wrappers.
We generally want to avoid pulling in components on a file-by-file
basis, particularly as we are trying to draw conceptual boxes around
components in preparation for transitioning the build system to CMake,
where dependencies are modelled on libraries rather than files.
Signed-off-by: Chris Kay <chris.kay@arm.com>
Change-Id: Idb7ee05a9b54a8caa3e07f36e608867e20b6dcd5
It looks safer and cleaner approach to record the measurement taken by
BL1 straightaway in TCG Event Log instead of deferring these recordings
to BL2.
Hence pull in the full-fledged measured boot driver into BL1 that
replaces the former ad-hoc platform interfaces i.e.
bl1_plat_set_bl2_hash, bl2_plat_get_hash.
As a result of this change the BL1 of Arm FVP platform now do the
measurements and recordings of below images:
1. FW_CONFIG
2. TB_FW_CONFIG
3. BL2
Change-Id: I798c20336308b5e91b547da4f8ed57c24d490731
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Right now, the assumption is that the platform post-load hook takes
care of measuring the image that just got loaded. This is how it's
implemented on FVP.
This patch moves the measurement into the generic code
instead. load_auth_image() now calls plat_mboot_measure_image(),
which is a new platform interface introduced in this patch to measure
an image. This is called just after authenticating the image.
Implement plat_mboot_measure_image() for the Arm FVP platform. The code
is copied straight from the post-load hook.
As a result, the FVP specific implementation of
arm_bl2_plat_handle_post_image_load() is no longer needed. We can go
back to using the Arm generic implementation of it.
Change-Id: I7b4b8d28941a865e10af9d0eadaf2e4850942090
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Renamed hw_crc32 to tf_crc32 to make the file and function
name more generic so that the same name can be used in upcoming
software CRC32 implementation.
Change-Id: Idff8f70c50ca700a4328a27b49d5e1f14d2095eb
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
All firmware banks should be part of the same non-volatile storage
as per PSA FWU specification, hence avoid checking for any alternate
boot source when PSA FWU is enabled.
Change-Id: I5b016e59e87f1cbfc73f4cd29fce6017c24f88b3
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
The function read_uuid() zeroes the UUID destination buffer
on error. However, it mistakenly uses the dest pointer
that has been incremented many times during the parsing,
leading to an out-of-bounds write.
To fix this, retain a pointer to the start of the buffer,
and use this when clearing it instead.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Change-Id: Iee8857be5d3f383ca2eab86cde99a43bf606f306
Existing macro ERROR() prints string "ERROR" followed by string
specified by caller. Therefore via this existing macro it is not
possible to end incomplete / existing line by a newline character.
This change adds a new macro ERROR_NL() which prints just a newline
character without any prefix. Implementation of this macro is done via a
new function tf_log_newline() which based on supplied log level either
return or print newline character.
If needed in future based on this tf_log_newline() function can be
defined also macros for other log levels.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I05414ca177f94cdc0f6077394d9c4af4a4382306
Added support for HW computed CRC using Arm ACLE intrinsics.
These are built-in intrinsics available for ARMv8.1-A, and
onwards.
These intrinsics are enabled via '-march=armv8-a+crc' compile
switch for ARMv8-A (supports CRC instructions optionally).
HW CRC support is enabled unconditionally in BL2 for all Arm
platforms.
HW CRC calculation is verified offline to ensure a similar
result as its respective ZLib utility function.
HW CRC calculation support will be used in the upcoming
firmware update patches.
Change-Id: Ia2ae801f62d2003e89a9c3e6d77469b5312614b3
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
TF-A does not have the capability to read UUIDs in string form
from the device tree. This capability is useful for readability,
so add a wrapper function, fdtw_read_uuid() to parse UUIDs from
the DT.
This function should parse a string of the form:
"aabbccdd-eeff-4099-8877-665544332211"
to the byte sequence in memory:
[aa bb cc dd ee ff 40 99 88 77 66 55 44 33 22 11]
Change-Id: I99a92fbeb40f4f4713f3458b36cb3863354d2bdf
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The devicetree binding document[1] for the /reserved-memory node demands
that the number of address and size-cells in the reserved-memory node
must match those values in the root node. So far we were forcing a
64-bit address along with a 32-bit size.
Adjust the code to query the cells values from the root node, and
populate the newly created /reserved-memory node accordingly.
This fixes the fdt_add_reserved_memory() function when called on a
devicetree which does not use the 2/1 pair. Linux is picky about this
and will bail out the parsing routine, effectively ignoring the
reserved-memory node:
[ 0.000000] OF: fdt: Reserved memory: unsupported node format, ignoring
[1] Documentation/devicetree/bindings/reserved-memory/reserved-memory.txt
in the Linux kernel source tree
Change-Id: Ie126ebab4f3fedd48e12c9ed4bd8fa123acc86d3
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Make the aarch64's el3_panic() function print a newline character after
PC address, otherwise the output can get mangled in one line with output
from other firmware. Here is an example of how the output of el3_panic()
got mangled with Linux' console output:
ERROR: Unhandled External Abort received on 0x80000001 at EL3!
ERROR: exception reason=1 syndrome=0x92000210
PANIC at PC : 0x0000000004027400[13438.473133] rcu: INFO: rcu_sched detected stalls on CPUs/tasks:
[13438.479255] rcu: 1-...0: (4 ticks this GP) idle=35e/1/0x4000000000000000 softirq=146459/146459 fqs=2625
The aarch32 version of this function already does this.
Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I9f0d032c6cd1e2be7a1837f9c8e8244d30633993
Usually, C has no problem up-converting types to larger bit sizes. MISRA
rule 10.7 requires that you not do this, or be very explicit about this.
This resolves the following required rule:
bl1/aarch64/bl1_context_mgmt.c:81:[MISRA C-2012 Rule 10.7 (required)]<None>
The width of the composite expression "0U | ((mode & 3U) << 2U) | 1U |
0x3c0U" (32 bits) is less that the right hand operand
"18446744073709547519ULL" (64 bits).
This also resolves MISRA defects such as:
bl2/aarch64/bl2arch_setup.c:18:[MISRA C-2012 Rule 12.2 (required)]
In the expression "3U << 20", shifting more than 7 bits, the number
of bits in the essential type of the left expression, "3U", is
not allowed.
Further, MISRA requires that all shifts don't overflow. The definition of
PAGE_SIZE was (1U << 12), and 1U is 8 bits. This caused about 50 issues.
This fixes the violation by changing the definition to 1UL << 12. Since
this uses 32bits, it should not create any issues for aarch32.
This patch also contains a fix for a build failure in the sun50i_a64
platform. Specifically, these misra fixes removed a single and
instruction,
92407e73 and x19, x19, #0xffffffff
from the cm_setup_context function caused a relocation in
psci_cpus_on_start to require a linker-generated stub. This increased the
size of the .text section and caused an alignment later on to go over a
page boundary and round up to the end of RAM before placing the .data
section. This sectionn is of non-zero size and therefore causes a link
error.
The fix included in this reorders the functions during link time
without changing their ording with respect to alignment.
Change-Id: I76b4b662c3d262296728a8b9aab7a33b02087f16
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
And from crash_console_flush.
We ignore the error information return by console_flush in _every_
place where we call it, and casting the return type to void does not
work around the MISRA violation that this causes. Instead, we collect
the error information from the driver (to avoid changing that API), and
don't return it to the caller.
Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Coverity raised an eyebrow over our GICR frame size calculation:
========
CID 362942: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
Potentially overflowing expression "nr_cores * gicr_frame_size" with type
"unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic,
and then used in a context that expects an expression of type "uint64_t"
(64 bits, unsigned).
========
Even with a GICv4 (256KB frame size) we need 16384 cores to overflow
32-bit, so it's not a practical issue.
But it's also easy to fix, so let's just do that: cast gicr_frame_size
to an unsigned 64-bit integer, so that the multiplication is done in the
64-bit realm.
Change-Id: Iad10e19b9e58d5fbf9d13205fbcef0aac5ae48af
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
We now have code to detect the CPU topology at runtime, and can also
populate the CPU nodes in a devicetree accordingly. This is used by the
ARM FPGA port, for instance.
But also a GICv3 compatible interrupt controller provides MMIO frames
per core, so the size of this region needs to be adjusted in the DT,
to match the number of cores as well.
Provide a generic function to find the GICv3 interrupt controller in
the DT, then adjust the "reg" entry to match the number of detected
cores. Since the size of the GICR frame per cores differs between
GICv4 and GICv3, this size is supplied as a parameter to the function.
The caller should determine the applicable value by either hardcoding
it or by observing GICR_TYPER.VLPIS.
Change-Id: Ic2a6445c2c5381a36bf24263f52fcbefad378c05
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Re-order code (put panic and report_exception at the end of the file).
Export asm_print_* functions.
Add asm_print_line_dec macro, and asm_print_newline func.
Align comments in both AARCH32 and AARCH64 files.
Add blank lines in AARCH64 files to align with AARCH32.
Change-Id: I8e299a27c1390f71f04e260cd4a0e59b2384eb19
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This patch creates and populates the /cpus node in a device tree
based on the existing topology. It uses the minimum required nodes
and properties to satisfy the binding as specified in
https://www.kernel.org/doc/Documentation/devicetree/bindings/arm/cpus.txt
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I03bf4e9a6427da0a3b8ed013f93d7bc43b5c4df0
In case of AT speculative workaround applied, page table walk
is disabled for lower ELs (EL1 and EL0) in EL3.
Hence added a wrapper function which temporarily enables page
table walk to execute AT instruction for lower ELs and then
disables page table walk.
Execute AT instructions directly for lower ELs (EL1 and EL0)
assuming page table walk is enabled always when AT speculative
workaround is not applied.
Change-Id: I4ad4c0bcbb761448af257e9f72ae979473c0dde8
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This patch introduces the populate function which leverages
a new driver to extract base address and clk frequency properties
of the uart serial node from HW_CONFIG device tree.
This patch also introduces fdt helper API fdtw_translate_address()
which helps in performing address translation.
Change-Id: I053628065ebddbde0c9cb3aa93d838619f502ee3
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Currently BL2 passes TOS_FW_CONFIG address and size through registers to
BL31. This corresponds to SPMC manifest load address and size. The SPMC
manifest is mapped in BL31 by dynamic mapping. This patch removes BL2
changes from generic code (which were enclosed by SPD=spmd) and retrieves
SPMC manifest size directly from within SPMD. The SPMC manifest load
address is still passed through a register by generic code.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I35c5abd95c616ae25677302f0b1d0c45c51c042f
The stdout-path property in the /chosen node of a DTB points to a device
node, which is used for boot console output.
On most (if not all) ARM based platforms this is the debug UART.
The ST platform code contains a function to parse this property and
chase down eventual aliases to learn the node offset of this UART node.
Introduce a slightly more generalised version of this ST platform function
in the generic fdt_wrappers code. This will be useful for other platforms
as well.
Change-Id: Ie6da47ace7833861b5e35fe8cba49835db3659a5
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The STM32 platform port parse DT nodes to find base address to
peripherals. It does this by using its own implementation, even though
this functionality is generic and actually widely useful outside of the
STM32 code.
Re-implement fdt_get_reg_props_by_name() on top of the newly introduced
fdt_get_reg_props_by_index() function, and move it to fdt_wrapper.c.
This is removes the assumption that #address-cells and #size-cells are
always one.
Change-Id: I6d584930262c732b6e0356d98aea50b2654f789d
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment the fconf_populate_gicv3_config() implementation is
somewhat incomplete: First it actually fails to store the retrieved
information (the local addr[] array is going nowhere), but also it makes
quite some assumptions about the device tree passed to it: it needs to
use two address-cells and two size-cells, and also requires all five
register regions to be specified, where actually only the first two
are mandatory according to the binding (and needed by our code).
Fix this by introducing a proper generic function to retrieve "reg"
property information from a DT node:
We retrieve the #address-cells and #size-cells properties from the
parent node, then use those to extract the right values from the "reg"
property. The function takes an index to select one region of a reg
property.
This is loosely based on the STM32 implementation using "reg-names",
which we will subsume in a follow-up patch.
Change-Id: Ia59bfdf80aea4e36876c7b6ed4d153e303f482e8
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The STM32 platform code uses its own set of FDT helper functions,
although some of them are fairly generic.
Remove the implementation of fdt_read_uint32_default() and implement it
on top of the newly introduced fdt_read_uint32() function, then convert
all users over.
This also fixes two callers, which were slightly abusing the "default"
semantic.
Change-Id: I570533362b4846e58dd797a92347de3e0e5abb75
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Our fdtw_read_cells() implementation goes to great lengths to
sanity-check every parameter and result, but leaves a big hole open:
The size of the storage the value pointer points at needs to match the
number of cells given. This can't be easily checked at compile time,
since we lose the size information by using a void pointer.
Regardless the current usage of this function is somewhat wrong anyways,
since we use it on single-element, fixed-length properties only, for
which the DT binding specifies the size.
Typically we use those functions dealing with a number of cells in DT
context to deal with *dynamically* sized properties, which depend on
other properties (#size-cells, #clock-cells, ...), to specify the number
of cells needed.
Another problem with the current implementation is the use of
ambiguously sized types (uintptr_t, size_t) together with a certain
expectation about their size. In general there is no relation between
the length of a DT property and the bitness of the code that parses the
DTB: AArch64 code could encounter 32-bit addresses (where the physical
address space is limited to 4GB [1]), while AArch32 code could read
64-bit sized properties (/memory nodes on LPAE systems, [2]).
To make this more clear, fix the potential issues and also align more
with other DT users (Linux and U-Boot), introduce functions to explicitly
read uint32 and uint64 properties. As the other DT consumers, we do this
based on the generic "read array" function.
Convert all users to use either of those two new functions, and make
sure we never use a pointer to anything other than uint32_t or uint64_t
variables directly.
This reveals (and fixes) a bug in plat_spmd_manifest.c, where we write
4 bytes into a uint16_t variable (passed via a void pointer).
Also we change the implementation of the function to better align with
other libfdt users, by using the right types (fdt32_t) and common
variable names (*prop, prop_names).
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/boot/dts/allwinner/sun50i-a64.dtsi#n874
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/boot/dts/ecx-2000.dts
Change-Id: I718de960515117ac7a3331a1b177d2ec224a3890
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Currently our fdtw_read_array() implementation requires the length of
the property to exactly match the requested size, which makes it less
flexible for parsing generic device trees.
Also the name is slightly misleading, since we treat the cells of the
array as 32 bit unsigned integers, performing the endianess conversion.
To fix those issues and align the code more with other DT users (Linux
kernel or U-Boot), rename the function to "fdt_read_uint32_array", and
relax the length check to only check if the property covers at least the
number of cells we request.
This also changes the variable names to be more in-line with other DT
users, and switches to the proper data types.
This makes this function more useful in later patches.
Change-Id: Id86f4f588ffcb5106d4476763ecdfe35a735fa6c
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
At the moment, OP-TEE has no support to receive a DTB in Secure Memory
so it cannot receive TOS_FW_CONFIG_ID as it is supposed to happen on
any BL32 image. Instead, when OP-TEE is enable as BL32 payload,
NT_FW_CONFIG_ID is passed.
This MUST be reverted as soon as OP-TEE has support for receiving
DTBs from Secure Memory.
Change-Id: I9a873f42e94f2f99a60b638333e7afba1505aec9
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
This patch provides a fix for incorrect crash dump data for
lower EL when TF-A is built with HANDLE_EA_EL3_FIRST=1 option
which enables routing of External Aborts and SErrors to EL3.
Change-Id: I9d5e6775e6aad21db5b78362da6c3a3d897df977
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
This patch repurposes the TOS FW configuration file as the manifest for
the SPM core component which will reside at the secure EL adjacent to
EL3. The SPM dispatcher component will use the manifest to determine how
the core component must be initialised. Routines and data structure to
parse the manifest have also been added.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: Id94f8ece43b4e05609f0a1d364708a912f6203cb
At the moment, address demangling is only used by the backtrace
functionality. However, at some point, other parts of the TF-A
codebase may want to use it.
The 'demangle_address' function is replaced with a single XPACI
instruction which is also added in 'do_crash_reporting()'.
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
Change-Id: I4424dcd54d5bf0a5f9b2a0a84c4e565eec7329ec
Use fconf to retrieve the `disable_authentication` property.
Move this access from arm dynamic configuration to bl common.
Change-Id: Ibf184a5c6245d04839222f5457cf5e651f252b86
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Manish Pandey
Olivier Deprez
Yann Gautier
Juan Pablo Conde
laurenw-arm
Jayanth Dodderi Chidanand
Marc Bonnici
Ruchika Gupta
Samuel Holland
Andre Przywara
Manish V Badarkhe
Scott Branden
Chris Kay
David Horstmann
Pali Rohár
Jimmy Brisson
Javier Almansa Sobrino
Madhukar Pappireddy
Alexei Fedorov
Achin Gupta
Louis Mayencourt