Soby Mathew [Tue, 22 Mar 2022 16:19:39 +0000 (16:19 +0000)]
feat(rme): add dummy platform token to RMMD
Add a dummy platform token to RMMD and return it on request. The
platform token is requested with an SMC with the following parameters:
* Fid (0xC40001B3).
* Platform token PA (the platform token is copied at this address by
the monitor). The challenge object needs to be passed by
the caller in this buffer.
* Platform token len.
* Challenge object len.
When calling the SMC, the platform token buffer received by EL3 contains
the challenge object. It is not used on the FVP and is only printed to
the log.
Soby Mathew [Tue, 22 Mar 2022 13:58:52 +0000 (13:58 +0000)]
refactor(rme): reorg existing RMMD EL3 service FIDs
This patch reworks the GTSI service implementation in RMMD
such that it is made internal to RMMD. This rework also
lays the ground work for additional RMMD services which
can be invoked from RMM.
The rework renames some of the FID macros to make it
more suited for adding more RMMD services. All the RMM-EL31
service SMCs are now routed via rmmd_rmm_el3_handler().
Bipin Ravi [Thu, 24 Feb 2022 05:45:50 +0000 (23:45 -0600)]
fix(security): apply SMCCC_ARCH_WORKAROUND_3 to A73/A75/A72/A57
This patch applies CVE-2022-23960 workarounds for Cortex-A75,
Cortex-A73, Cortex-A72 & Cortex-A57. This patch also implements
the new SMCCC_ARCH_WORKAROUND_3 and enables necessary discovery
hooks for Coxtex-A72, Cortex-A57, Cortex-A73 and Cortex-A75 to
enable discovery of this SMC via SMC_FEATURES. SMCCC_ARCH_WORKAROUND_3
is implemented for A57/A72 because some revisions are affected by both
CVE-2022-23960 and CVE-2017-5715 and this allows callers to replace
SMCCC_ARCH_WORKAROUND_1 calls with SMCCC_ARCH_WORKAROUND_3. For details
of SMCCC_ARCH_WORKAROUND_3, please refer SMCCCv1.4 specification.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com> Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ifa6d9c7baa6764924638efe3c70468f98d60ed7c
In anticipation of Spectre BHB workaround mitigation patches, we
disable the RECLAIM_INIT_CODE for FVP platform. Since the spectre
BHB mitigation workarounds inevitably increase the size of the various
segments due to additional instructions and/or macros, these segments
cannot be fit in the existing memory layout designated for BL31 image.
The issue is specifically seen in complex build configs for FVP
platform. One such config has TBB with Dual CoT and test secure
payload dispatcher(TSPD) enabled. Even a small increase in individual
segment size in order of few bytes might lead to build fails due to
alignment requirements(PAGE_ALIGN to 4KB).
This is needed to workaround the following build failures observed
across multiple build configs:
aarch64-none-elf-ld.bfd: BL31 init has exceeded progbits limit.
aarch64-none-elf-ld.bfd: /work/workspace/workspace/tf-worker_ws_2/trusted_firmware/build/fvp/debug/bl31/bl31.elf section coherent_ram will not fit in region RAM
aarch64-none-elf-ld.bfd: BL31 image has exceeded its limit.
aarch64-none-elf-ld.bfd: region RAM overflowed by 4096 bytes
Merge changes from topic "revert-14286-uart_segregation-VURJFOWMTM" into integration
* changes:
Revert "feat(sgi): deviate from arm css common uart related defi..."
Revert "feat(sgi): route TF-A logs via secure uart"
Revert "feat(sgi): add page table translation entry for secure uart"
Revert "feat(sgi): deviate from arm css common uart related defi..."
Revert submission 14286-uart_segregation
Reason for revert: Need to wait for companion patches in CI and UEFI/Linux to be upstreamed.
Reverted Changes:
I8574b31d5:feat(sgi): add page table translation entry for se...
I8896ae05e:feat(sgi): route TF-A logs via secure uart
I39170848e:feat(sgi): deviate from arm css common uart relate...
Revert "feat(sgi): route TF-A logs via secure uart"
Revert submission 14286-uart_segregation
Reason for revert: Need to wait for companion patches in CI and UEFI/Linux to be upstreamed.
Reverted Changes:
I8574b31d5:feat(sgi): add page table translation entry for se...
I8896ae05e:feat(sgi): route TF-A logs via secure uart
I39170848e:feat(sgi): deviate from arm css common uart relate...
Revert "feat(sgi): add page table translation entry for secure uart"
Revert submission 14286-uart_segregation
Reason for revert: Need to wait for companion patches in CI and UEFI/Linux to be upstreamed.
Reverted Changes:
I8574b31d5:feat(sgi): add page table translation entry for se...
I8896ae05e:feat(sgi): route TF-A logs via secure uart
I39170848e:feat(sgi): deviate from arm css common uart relate...
Rex-BC Chen [Thu, 2 Dec 2021 06:03:44 +0000 (14:03 +0800)]
feat(mt8186): add DFD control in SiP service
DFD (Design for Debug) is a debugging tool, which scans flip-flops and
dumps to internal RAM on the WDT reset. After system reboots, those
values could be showed for debugging.
Bipin Ravi [Thu, 3 Feb 2022 05:03:28 +0000 (23:03 -0600)]
refactor(el3-runtime): change Cortex-A76 implementation of CVE-2018-3639
Re-factored the prior implementation of workaround for CVE-2018-3639
using branch and link instruction to save vector space to include the
workaround for CVE-2022-23960.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ib3fe949583160429b5de8f0a4a8e623eb91d87d4
Merge changes from topic "uart_segregation" into integration
* changes:
feat(sgi): add page table translation entry for secure uart
feat(sgi): route TF-A logs via secure uart
feat(sgi): deviate from arm css common uart related definitions
fix(brcm): fix the build failure with mbedTLS config
Patch [1] introduces a mechanism to provide the platform
specified mbedTLS config file, but that result in build failure
for Broadcom platform.
This build failure is due to the absence of the mbedTLS configuration
file i.e. brcm_mbedtls_config.h in the TF-A source code repository.
"fatal error: brcm_mbedtls_config.h: No such file or directory"
This problem was resolved by removing the 'brcm_mbedtls_config.h' entry
from the broadcom platform makefile, allowing this platform to use
the default mbedtls_config.h file.
Rohit Mathew [Mon, 13 Dec 2021 15:40:25 +0000 (15:40 +0000)]
feat(sgi): route TF-A logs via secure uart
Route the boot, runtime and crash stage logs via secure UART port
instead of the existing use of non-secure UART. This aligns with the
security state the PE is in when logs are put out. In addition to this,
this allows consolidation of the UART related macros across all the
variants of the Neoverse reference design platforms.
Rohit Mathew [Mon, 13 Dec 2021 13:50:15 +0000 (13:50 +0000)]
feat(sgi): deviate from arm css common uart related definitions
The Neoverse reference design platforms will migrate to use different
set of secure and non-secure UART ports. This implies that the board
specific macros defined in the common Arm platform code will no longer
be usable for Neoverse reference design platforms.
In preparation for migrating to a different set of UART ports, add a
Neoverse reference design platform specific copy of the board
definitions. The value of these definitions will be changed in
subsequent patches.
The previous delegating/undelegating sequence was incorrect as per the
specification DDI0615, "Architecture Reference Manual Supplement, The
Realm Management Extension (RME), for Armv9-A" Sections A1.1.1 and
A1.1.2
Off topic:
- cleaning the gpt_is_gpi_valid and gpt_check_pass_overlap
Change-Id: Idb64d0a2e6204f1708951137062847938ab5e0ac Signed-off-by: Robert Wakim <robert.wakim@arm.com>
Merge changes I713f6e93,Iac4fbf4d,I43d02c77,Iadecd544,Ib31f9c4a, ... into integration
* changes:
build(intel): enable access to on-chip ram in BL31 for N5X
fix(intel): make FPGA memory configurations platform specific
fix(intel): fix ECC Double Bit Error handling
build(intel): define a macro for SIMICS build
build(intel): add N5X as a new Intel platform
build(intel): initial commit for crypto driver
Olivier Deprez [Tue, 25 May 2021 09:56:01 +0000 (11:56 +0200)]
fix(fvp): op-tee sp manifest doesn't map gicd
Following I2d274fa897171807e39b0ce9c8a28824ff424534:
Remove GICD registers S2 mapping from OP-TEE partition when it runs in a
secure partition on top of Hafnium.
The partition is not meant to access the GIC directly but use the
Hafnium provided interfaces.
Michal Simek [Wed, 9 Mar 2022 07:53:20 +0000 (08:53 +0100)]
fix(xilinx): fix coding style violations
Fix coding style violations and alignments:
- Remove additional newlines in headers
- Remove additional newlines in code
- Add newline to separate variable from the code
- Use the same indentation in platform.mk
- Align function parameters
- Use tabs for indentation in kernel-doc format
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Change-Id: I0b12804ff63bc19778e8f21041f9accba5b488b9
Boon Khai Ng [Fri, 21 May 2021 14:56:37 +0000 (22:56 +0800)]
build(intel): enable access to on-chip ram in BL31 for N5X
This adds the ncore ccu access and enable access to the
on-chip ram for N5X device in BL31.
Signed-off-by: Boon Khai Ng <boon.khai.ng@intel.com> Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I713f6e93d33b6e91705547477ca32cfba5c8c13d
Sieu Mun Tang [Mon, 28 Feb 2022 07:24:59 +0000 (15:24 +0800)]
fix(intel): make FPGA memory configurations platform specific
Define FPGA_CONFIG_SIZE and FPGA_CONFIG_ADDR in
platform-specific header. This is due to different
allocated sizes between platforms.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com> Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Iac4fbf4d4940cdf31834a9d4332f9292870dee76
Sieu Mun Tang [Mon, 7 Mar 2022 04:13:04 +0000 (12:13 +0800)]
fix(intel): fix ECC Double Bit Error handling
SError and Abort are handled in Linux (EL1) instead of
EL3. This patch adds some functionality that complements the
use cases by Linux as follows:
- Provide SMC for ECC DBE notification to EL3
- Determine type of reset needed and service the request in
place of Linux
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com> Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I43d02c77f28004a31770be53599a5a42de412211
SIMICS builds have different UART configurations compared
to hardware build. Hence, this patch defines a macro to
differentiate between both.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com> Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Iadecd5445e06611486ac3c6a214a6d0dc8ccd27b
Sieu Mun Tang [Mon, 7 Mar 2022 04:04:59 +0000 (12:04 +0800)]
build(intel): add N5X as a new Intel platform
This commit adds a new Intel platform called N5X.
This preliminary patch only have Bl31 support.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com> Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ib31f9c4a5a0dabdce81c1d5b0d4776188add7195
Sieu Mun Tang [Wed, 2 Mar 2022 03:04:09 +0000 (11:04 +0800)]
build(intel): initial commit for crypto driver
This patch adds driver for Intel FPGA's Crypto Services.
These services are provided by Intel platform
Secure Device Manager(SDM) and are made accessible by
processor components (ie ATF).
Below is the list of enabled features:
- Send SDM certificates
- Efuse provision data dump
- Encryption/decryption service
- Hardware IP random number generator
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com> Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: If7604cd1cacf27a38a9a29ec6b85b07385e1ea26
Cortex-A710 erratum 2282622 is a Cat B erratum that applies to revisions
r0p0, r1p0, and r2p0, and is fixed in r2p1. The workaround is to set
CPUACTLR2_EL1[0] to 1, which will force PLDW/PFRM ST to behave like
PLD/PRFM LD and not cause invalidations to other PE caches.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ic48409822536e9eacc003300036a1f0489593020
Merge changes I18d47384,Icc3c7424,I73f20d82,I07325644,Iff10ad26, ... into integration
* changes:
fix(zynqmp): query node status to power up APU
feat(zynqmp): pm_api_clock_get_num_clocks cleanup
feat(zynqmp): add feature check support
fix(zynqmp): use common interface for eemi apis
feat(zynqmp): add support to get info of xilfpga
feat(zynqmp): pass ioctl calls to firmware
Yann Gautier [Wed, 9 Feb 2022 16:35:45 +0000 (17:35 +0100)]
fix(st-pmic): add static const to pmic_ops
The static was found by sparse tool:
drivers/st/pmic/stm32mp_pmic.c:456:18: warning: symbol 'pmic_ops'
was not declared. Should it be static?
The const was also missing.
When the atf-handoff-params are updated we are returning
FSBL_HANDOFF_SUCCESS, but the return condition is wrongly
updated and added a error log which is incorrect.
Fixing the incorrect log message.
Yann Gautier [Wed, 2 Mar 2022 13:31:55 +0000 (14:31 +0100)]
refactor(st): configure UART baudrate
Add the possibility to configure console UART baudrate, it can be passed
as a command line parameter with STM32MP_UART_BAUDRATE. The default value
remains 115200.
Yann Gautier [Mon, 28 Feb 2022 17:28:06 +0000 (18:28 +0100)]
feat(st-uart): manage oversampling by 8
UART oversampling by 8 allows higher baud rates for UART. This is
required when (UART freq / baudrate) <= 16. In this case the OVER8 bit
needs to be enabled in CR1 register. And the BRR register management is
different:
USARTDIV = (2 * UART freq / baudrate) (with div round nearest)
BRR[15:4] = USARTDIV[15:4]
BRR[3] = 0
BRR[2:0] = USARTDIV[3:0] >> 1
Yann Gautier [Mon, 28 Feb 2022 16:29:49 +0000 (17:29 +0100)]
fix(st-uart): correctly fill BRR register
To get the nearest divisor for BRR register, we use:
Divisor = (Uart clock + (baudrate / 2)) / baudrate
But lsl was wrongly used instead of lsr to have the division by 2.
Yann Gautier [Fri, 4 Mar 2022 10:08:47 +0000 (11:08 +0100)]
fix(st-clock): initialize pllcfg table
The issue was found by Coverity:
CID 376582: (UNINIT)
Using uninitialized value "*pllcfg[_PLL4]" when calling
"stm32mp1_check_pll_conf".
CID 376582: (UNINIT)
Using uninitialized value "*pllcfg[_PLL3]" when calling
"stm32mp1_check_pll_conf".
Ronak Jain [Tue, 21 Dec 2021 09:39:59 +0000 (01:39 -0800)]
feat(zynqmp): add feature check support
This API returns version of supported APIs.
Here, there are three cases to check API version by using feature
check implementation.
1. Completely implemented in TF-A: I mean the EEMI APIs which are
completely implemented in the TF-A only. So check those IDs and
return appropriate version for the same. Right now, it is base
version.
2. Completely implemented in firmware: I mean the EEMI APIs which are
completely implemented in the firmware only. Here, TF-A only passes
Linux request to the firmware to get the version of supported API. So
check those IDs and send request to firmware to get the version and
return to Linux if the version is supported or return the error code
if the feature is not supported.
3. Partially implemented (Implemented in TF-A and firmware both):
First check dependent EEMI API version with the expected version in
the TF-A. If the dependent EEMI API is supported in firmware then
return its version and check with the expected version in the TF-A.
If the version matches then check for the actual requested EEMI API
version. If the version is supported then return version of API
implemented in TF-A.
Ronak Jain [Fri, 21 Jan 2022 07:11:18 +0000 (23:11 -0800)]
fix(zynqmp): use common interface for eemi apis
Currently all EEMI API has its own implementation in TF-A which is
redundant. Most EEMI API implementation in TF-A does same work. It
prepares payload received from kernel, sends payload to firmware,
receives response from firmware and send response back to kernel.
So use common interface for EEMI APIs which has similar functionality.
This will optimize TF-A code.
Rajan Vaja [Tue, 12 Oct 2021 10:30:09 +0000 (03:30 -0700)]
feat(zynqmp): pass ioctl calls to firmware
Firmware supports new IOCTL for different purposes. To avoid
maintaining new IOCTL IDs in ATF, pass IOCTL call to firmware
for IOCTL IDs implemented in firmware.
Signed-off-by: Rajan Vaja <rajan.vaja@xilinx.com> Signed-off-by: Ronak Jain <ronak.jain@xilinx.com>
Change-Id: Ie14697c8da9581b0f695f4d33f05161ece558385
refactor(mbedtls): allow platform to specify their config file
Common mbedTLS implementation include the fixed configuration
file of mbedTLS and that does not gives flexilibility to the
platform to include their own mbedTLS configuration.
Hence changes are done so that platform can include their own
mbedTLS configuration file.
Channa Kadabi [Mon, 28 Feb 2022 21:35:16 +0000 (13:35 -0800)]
fix(ufs): don't zero out buf before ufs read
ufs_read_blocks always zeros out the buffer before passing
to UFS for DMA. We don't need to zero out buf before reading
from UFS storage, this change remove the memset in ufs_read_blocks.
Yann Gautier [Mon, 28 Feb 2022 10:39:56 +0000 (11:39 +0100)]
fix(stm32mp1): fix enum prints
With gcc-11, the -Wformat-signedness warning complains about enum values
that should be printed as unsigned values. But the current version of
compiler used in CI states that this parameter is signed. Just cast the
value then.
Merge changes I75b3e3bf,I4cf9f1d9,I50d2ae74,Idbe62410,I84bbd06e, ... into integration
* changes:
fix(intel): null pointer handling for resp_len
fix(intel): define macros to handle buffer entries
fix(intel): change SMC return arguments for INTEL_SIP_SMC_MBOX_SEND_CMD
fix(intel): always set doorbell to SDM after sending command
fix(intel): fix bit masking issue in intel_secure_reg_update
fix(intel): fix ddr address range checker
build(changelog): add new scope for Intel platform
Yann Gautier [Mon, 28 Feb 2022 10:34:05 +0000 (11:34 +0100)]
fix(st-clock): print enums as unsigned
With gcc-11, the -Wformat-signedness warning complains about enum values
that should be printed as unsigned values. Change %d to %u for several
lines in the clock driver.
fix(cert_create): let distclean Makefile target remove the cert_create tool
For some targets, Make recursively invokes itself in subdirectories.
When delegating the distclean target to tools/cert_create/Makefile,
the submake is called with the clean target instead of realclean.
Because of this, the submake never removes the cert_create executable.
A proper but more intrusive fix would
* avoid confusion about the semantics by following traditions or using
new names
https://www.gnu.org/prep/standards/standards.html#Standard-Targets
* avoid typing errors with the special $@ variable.
Something like:
In tools/cert_create/Makefile:
mostlyclean:
# Remove most objects but keep some results.
$(call SHELL_DELETE_ALL, src/build_msg.o ${OBJECTS})
clean: mostlyclean
# mostlyclean, then remove things built by Make.
$(call SHELL_DELETE,${BINARY})
distclean: clean
# clean, then remove things built by ./configure (none here).
realclean maintainer-clean: distclean
# distclean, then remove things built by autootols (none here).
johpow01 [Mon, 14 Feb 2022 03:00:10 +0000 (21:00 -0600)]
fix(errata): workaround for Cortex-A510 erratum 2250311
Cortex-A510 erratum 2250311 is a Cat B erratum that applies to revisions
r0p0, r0p1, r0p2, r0p3 and r1p0 and is fixed in r1p1.
This erratum workaround is a bit different because it interacts with a
feature supported in TFA. The typical method of implementing an errata
workaround will not work in this case as the MPMM feature would just be
re-enabled by context management at every core power on after being
disabled by the errata framework. So in addition to disabling MPMM, this
workaround also sets a flag in the MPMM runtime framework indicating
that the feature should not be enabled even if ENABLE_MPMM=1.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2397239
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I7805756e65ec90b6ef8af47e200617c9e07a3a7e
projects / arm-tf.git / log