To make room for all image measurements using the
RME+SPM+TBB+MEASURED_BOOT test configuration, the Event Log's maximum
size has been significantly increased.
Change-Id: I0b9948dab893e14677bca0afa07167648a6c2729
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Maximum entries for MMAP and XLAT have been increased in order to
support the configuration SPM+RME, along with MEASURED_BOOT and
TRUSTED_BOARD_BOOT.
Change-Id: Ic0a0aefecb49d7ccc71357c4bd94e7bd2e5f57c4
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
To allow the SPD to access the Event Log on RME systems with
TrustZone Controller, the Event Log region needs to be configured
into the TZC. This change will enable read-write access of this
region from the secure world, which is currently denied.
Change-Id: I0c32977386f3d7c22f310b2b9404d48e8e6cac29
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
CCA CoT uses 'core-swd-cert' for signing all secure software, so when
using cert_create tool to generate its certificate, it throws an
error: "tools/cert_create/cert_create: unrecognized option
'--tos-fw-key-cert'".
The issue has not been seen so far since "SPM+RME+TBB+Measured-Boot"
combination is not tested in CI/local-setup. It is now resolved by
guarding usage of '--tos-fw-key-cert' for non-CCA CoTs.
Change-Id: I5e61d851a71c251920171cf410cbd0129e0e0aad
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
When BL31 software is sending data through a communication channel,
there's a chance that the final portion of the data could become
disrupted, if another software (BL32/RMM) starts setting up the
channel at the same time. To solve this issue, make sure to flush the
console data from BL31, before initializing BL32/RMM. This makes sure
that the communication stays reliable.
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Change-Id: Icb8003e068b0b93bc4672e05f69001d9694a175c
The implementation of code changes manages the transmit FIFO (TxFIFO)
in the UART driver. The added code snippet includes a sequence of
instructions that ensures efficient handling of data transmission
and synchronization with the host software.
The code first checks the TxFIFO empty flag to determine whether
there is data available for transmission. If the TxFIFO is not empty,
the code waits until it becomes empty, ensuring that the transmit
operation is synchronized with the availability of data.
Subsequently, the code monitors the transmit operation's activity
status. It waits until the transmit operation becomes inactive,
indicating the completion of the previous transmission.
This synchronization step ensures that new data can be added to the
TxFIFO without causing any loss of transmission time.
Update console_flush() function, the function waits for the
Transmitter FIFO to empty and checks the transmitter's active state.
If the transmitter is in an active state, it means it is currently
shifting out a character.
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Change-Id: I9d6c05bdfb9270924b40bf1f6ecb5fe541a2242e
The commit f123b91fdd ("fix(versal): fix BLXX memory
limits for user defined values") and commit a80da3899a
("fix(versal-net): fix BLXX memory limits for user defined
values") fixed issue regarding linker alignment section.
But removing -1 logic is not reflected in plat_fdt() memory
reservation code.
That's why remove +1 from prepare_dtb() not to generate a reserved
memory node with bigger size which ends up with reserving more
space than actually requested by a full featured bootloader or OS.
Change-Id: I0a646cee7d5a55157a6eb1b672c2edbe89e6a57f
Signed-off-by: Michal Simek <michal.simek@amd.com>
Bump the certifi package to a later version following an advisory [1]
affecting versions >= 2015.4.28, < 2023.7.22.
[1] https://github.com/advisories/GHSA-xqr8-7jwr-rhp7
Change-Id: Ida6ff7f0b1228728474de8695dca42303de2b305
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
move the gpc reg offset, bit define & macro to a separate header
file for code reuse.
This fixes suspend to mem on i.MX8M Plus too, since the register
layout is different there.
Change-Id: Ibec60c3a68ffa8c378de5334577a7b0e463ca875
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Signed-off-by: Marek Vasut <marex@denx.de> # Upgrade to latest, update commit message
Similar to the FVP and QEMU, the Arm FPGA systems come with different
CPU cores, and gain new features over time.
Add a list of ARMv9.2 features that require TF-A enablement to be usable
from non-secure world. Their existence will be detected at runtime, so
supporting all those features is not required for using the build.
This fixes the Linux kernel booting on a ARMv9.2 FPGA core.
Change-Id: Ie93c32b13ce4f9968081bf38296cd45edad0a928
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Memory reservation in dtb will be done only when TF-A runs from
ddr and dtb load address is provided.
Otherwise prepare_dtb will simply return.
Empty definition of prepare_dtb is removed.
Signed-off-by: Amit Nagal <amit.nagal@amd.com>
Change-Id: Ie8a3ec51d60a7389831cfe6a112f722777930623
In absence of definition, PLAT_OCM_BASE is always 0
and IS_TFA_IN_OCM(x) always returns true irrespective
of address passed to it. Reasoning is as mentioned in
Refer section 4.2.3 in
https://gcc.gnu.org/onlinedocs/gcc-3.0.2/cpp_4.html
Due to this,functionality for reservation of TF-A DDR memory in
dtb is never executed.
Signed-off-by: Amit Nagal <amit.nagal@amd.com>
Change-Id: Iafb6b7c6aec29bba22f8f7a8395f9caf97548157
Update the memory layout for both BL31 and BL32 FW based on
the 1GB DRAM space of the AST2700 EVB.
Minor:
- Use SZ_xx macro to define size for better readability
Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Change-Id: I6d8285bd675321f615bb67cdd27bb4b6cb4c8b16
The generic threat model used to list threats in no particular order.
Reorganize threats so that they are grouped by mitigating entity. For
example, threats mitigated by the boot firmware (i.e. BL1 and BL2) are
now clubbed together, ditto for those mitigated by the runtime EL3
firmware. Note that some generic threats apply to all firmware images
so these get grouped in their own section as well.
The motivations for this refactoring are the following:
- Clarify the scope of the threats.
In particular, as the boot firmware is typically transient, threats
applying to those images can only be exploited during a short
period of time before the runtime firmware starts.
A note has been added to this effect.
- Helping developers implement mitigations in the right place.
- Some vendors have their own solution for booting their device and
only leverage the runtime firmware from the TF-A project. Thus,
they are not interested in the threat model of TF-A's boot
firmware. Isolating the latter in a specific section helps them
focus on what is important for them.
To avoid unnecessary churn, the threats ids have been kept the same.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Id8616fd0e4b37cd400b1ad3372beb3455234d4dc
The fact that RME is out of the generic threat model's scope is just
another assumption we make about the target of evaluation so mention
it there.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I839ec5427f36b085148338030e8b1b85191d4245
To avoid duplicate symbol errors when compiling bootloader images which
pull in the same source file multiple times, sort source files before
generating bootloader image build rules in order to remove duplicates.
Change-Id: I03a60d9f752f8fe85f17ec14e265fd4a6223de32
Signed-off-by: Chris Kay <chris.kay@arm.com>
Similarly to the earlier patch enabling BL-specific additions to include
directories, preprocessor definitions and toolchain flags, this change
allows platforms to add options common to all images.
This is required because some platforms inject dependencies via the
`<platform_def.h>` header, and we don't currently have a clean way to
model that in build system code.
Change-Id: Ib0b38f9236cba6f56745cb3c756dfc81547da8bd
Signed-off-by: Chris Kay <chris.kay@arm.com>
Adding basic CPU library code to support Nevis CPU
Change-Id: I399cc9b7b2d907b02b76ea2a3e5abb54e28fbf6c
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Currently 'pauth_helpers.S' is added if pauth is enabled from main
level makefile.
Change-Id: I33800e280daea6dba6d11e2c494101b369cd8a0b
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
* changes:
refactor(cpus): convert the Cortex-A57 to use cpu helpers
refactor(cpus): convert the Cortex-A57 to use the errata framework
refactor(cpus): reorder Cortex-A57 errata by ascending order
refactor(cpus): add Cortex-A57 errata framework information
refactor(cpus): convert the Cortex-A53 to use cpu helpers
refactor(cpus): convert the Cortex-A53 to use the errata framework
refactor(cpus): reorder Cortex-A53 errata by ascending order
Remove blanket assumption of empty data segment area to avoid
issues while writing descriptors.
Signed-off-by: Rohit Ner <rohitner@google.com>
Change-Id: If6ff0426c44c949af1065082ed8a23ed936b5f3e
This involves replacing:
* the reset_func with the standard cpu_reset_func_{start,end} to apply
errata automatically
* the <cpu>_errata_report with the errata_report_shim to report errata
automatically
...and for each erratum:
* the prologue with the workaround_<type>_start to do the checks and
framework registration automatically
* the epilogue with the workaround_<type>_end
* the checker function with the check_erratum_<type> to make it more
descriptive
It is important to note that the errata workaround sequences remain
unchanged and preserve their git blame.
At this point the binary output of all errata was checked with the
script from commit 19136. All reported discrepancies involve errata
with no workaround in the cpu file or errata that did not previously
have a workaround function and now do. The non temporal hint erratum has
been converted to a numeric erratum.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ib321ab01362c5954fe78e7349229c1437b3da847
Errata report order is enforced to be in ascending order. To achieve
this with the errata framework this has to be done at the definition
level.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ia98976797fc0811f30c7dbf714e94b36e3c2263e
Manish V Badarkhe
Manish Pandey
Joanna Farley
Olivier Deprez
dependabot[bot]
Prasad Kummari
Yann Gautier
Sandrine Bailleux
Michal Simek
sahil
Harrison Mutai
Madhukar Pappireddy
Jacky Bai
Marek Vasut
Andre Przywara
Amit Nagal
Chia-Wei Wang
Chris Kay
Bipin Ravi
Juan Pablo Conde
Govindraj Raja
Rohit Ner
Boyan Karatotev