Zelalem [Wed, 12 Feb 2020 16:37:03 +0000 (10:37 -0600)]
coverity: fix MISRA violations
Fixes for the following MISRA violations:
- Missing explicit parentheses on sub-expression
- An identifier or macro name beginning with an
underscore, shall not be declared
- Type mismatch in BL1 SMC handlers and tspd_main.c
Max Shvetsov [Tue, 11 Feb 2020 12:41:08 +0000 (12:41 +0000)]
Fixes ROTPK hash generation for ECDSA encryption
Forced hash generation used to always generate hash via RSA encryption.
This patch changes encryption based on ARM_ROTPK_LOCATION.
Also removes setting KEY_ALG based on ARM_ROTPL_LOCATION - there is no
relation between these two.
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: Id727d2ed06176a243719fd0adfa0cae26c325005
Olivier Deprez [Tue, 11 Feb 2020 08:34:47 +0000 (08:34 +0000)]
Merge changes from topic "spmd" into integration
* changes:
SPMD: enable SPM dispatcher support
SPMD: hook SPMD into standard services framework
SPMD: add SPM dispatcher based upon SPCI Beta 0 spec
SPMD: add support to run BL32 in TDRAM and BL31 in secure DRAM on Arm FVP
SPMD: add support for an example SPM core manifest
SPMD: add SPCI Beta 0 specification header file
Achin Gupta [Fri, 11 Oct 2019 14:49:00 +0000 (15:49 +0100)]
SPMD: hook SPMD into standard services framework
This patch adds support to initialise the SPM dispatcher as a standard
secure service. It also registers a handler for SPCI SMCs exported by
the SPM dispatcher.
Achin Gupta [Fri, 11 Oct 2019 14:41:16 +0000 (15:41 +0100)]
SPMD: add SPM dispatcher based upon SPCI Beta 0 spec
This patch adds a rudimentary SPM dispatcher component in EL3.
It does the following:
- Consumes the TOS_FW_CONFIG to determine properties of the SPM core
component
- Initialises the SPM core component which resides in the BL32 image
- Implements a handler for SPCI calls from either security state. Some
basic validation is done for each call but in most cases it is simply
forwarded as-is to the "other" security state.
Achin Gupta [Fri, 11 Oct 2019 14:15:19 +0000 (15:15 +0100)]
SPMD: add support to run BL32 in TDRAM and BL31 in secure DRAM on Arm FVP
This patch reserves and maps the Trusted DRAM for SPM core execution.
It also configures the TrustZone address space controller to run BL31
in secure DRAM.
Achin Gupta [Fri, 11 Oct 2019 13:54:48 +0000 (14:54 +0100)]
SPMD: add support for an example SPM core manifest
This patch repurposes the TOS FW configuration file as the manifest for
the SPM core component which will reside at the secure EL adjacent to
EL3. The SPM dispatcher component will use the manifest to determine how
the core component must be initialised. Routines and data structure to
parse the manifest have also been added.
Manish Pandey [Mon, 10 Feb 2020 13:32:43 +0000 (13:32 +0000)]
Merge changes from topics "rddaniel", "rdn1edge_dual" into integration
* changes:
plat/arm: add board support for rd-daniel platform
plat/arm/sgi: move GIC related constants to board files
platform/arm/sgi: add multi-chip mode parameter in HW_CONFIG dts
board/rdn1edge: add support for dual-chip configuration
drivers/arm/scmi: allow use of multiple SCMI channels
drivers/mhu: derive doorbell base address
plat/arm/sgi: include AFF3 affinity in core position calculation
plat/arm/sgi: add macros for remote chip device region
plat/arm/sgi: add chip_id and multi_chip_mode to platform variant info
plat/arm/sgi: move bl31_platform_setup to board file
Manish Pandey [Tue, 7 Jan 2020 17:05:28 +0000 (17:05 +0000)]
SPM: modify sptool to generate individual SP blobs
Currently sptool generates a single blob containing all the Secure
Partitions, with latest SPM implementation, it is desirable to have
individual blobs for each Secure Partition. It allows to leverage
packaging and parsing of SP on existing FIP framework. It also allows
SP packages coming from different sources.
This patch modifies sptool so that it takes number of SP payload pairs
as input and generates number of SP blobs instead of a single blob.
Each SP blob can optionally have its own header containing offsets and
sizes of different payloads along with a SP magic number and version.
It is also associated in FIP with a UUID, provided by SP owner.
Alexei Fedorov [Thu, 6 Feb 2020 17:11:03 +0000 (17:11 +0000)]
Make PAC demangling more generic
At the moment, address demangling is only used by the backtrace
functionality. However, at some point, other parts of the TF-A
codebase may want to use it.
The 'demangle_address' function is replaced with a single XPACI
instruction which is also added in 'do_crash_reporting()'.
board/rde1edge: fix incorrect topology tree description
RD-E1-Edge platform consists of two clusters with eight CPUs each and
two processing elements (PE) per CPU. Commit a9fbf13e049e (plat/arm/sgi:
move topology information to board folder) defined the RD-E1-Edge
topology tree to have two clusters with eight CPUs each but PE per CPU
entries were not added. This patch fixes the topology tree accordingly.
plat/arm/sgi: move GIC related constants to board files
In preparation for adding support for Reference Design platforms
which have different base addresses for GIC Distributor or
Redistributor, move GIC related base addresses to individual platform
definition files.
Introduce macro 'CSS_SGI_CHIP_COUNT' to allow Arm CSS platforms with
multi-chip support to define number of chiplets on the platform. By
default, this flag is set to 1 and does not affect the existing single
chip platforms.
For multi-chip platforms, override the default value of
CSS_SGI_CHIP_COUNT with the number of chiplets supported on the
platform. As an example, the command below sets the number of chiplets
to two on the RD-N1-Edge multi-chip platform:
export CROSS_COMPILE=<path-to-cross-compiler>
make PLAT=rdn1edge CSS_SGI_CHIP_COUNT=2 ARCH=aarch64 all
board/rdn1edge: add support for dual-chip configuration
RD-N1-Edge based platforms can operate in dual-chip configuration
wherein two rdn1edge SoCs are connected through a high speed coherent
CCIX link.
This patch adds a function to check if the RD-N1-Edge platform is
operating in multi-chip mode by reading the SID register's NODE_ID
value. If operating in multi-chip mode, initialize GIC-600 multi-chip
operation by overriding the default GICR frames with array of GICR
frames and setting the chip 0 as routing table owner.
The address space of the second RD-N1-Edge chip (chip 1) starts from the
address 4TB. So increase the physical and virtual address space size to
43 bits to accommodate the multi-chip configuration. If the multi-chip
mode configuration is detected, dynamically add mmap entry for the
peripherals memory region of the second RD-N1-Edge SoC. This is required
to let the BL31 platform setup stage to configure the devices in the
second chip.
PLATFORM_CORE_COUNT macro is set to be multiple of CSS_SGI_CHIP_COUNT
and topology changes are added to represent the dual-chip configuration.
In order the build the dual-chip platform, CSS_SGI_CHIP_COUNT macro
should be set to 2:
export CROSS_COMPILE=<path-to-cross-compiler>
make PLAT=rdn1edge CSS_SGI_CHIP_COUNT=2 ARCH=aarch64 all
Aditya Angadi [Tue, 31 Dec 2019 08:53:53 +0000 (14:23 +0530)]
drivers/arm/scmi: allow use of multiple SCMI channels
On systems that have multiple platform components that can interpret the
SCMI messages, there is a need to support multiple SCMI channels (one
each to those platform components). Extend the existing SCMI interface
that currently supports only a single SCMI channel to support multiple
SCMI channels.
Aditya Angadi [Tue, 31 Dec 2019 04:44:32 +0000 (10:14 +0530)]
drivers/mhu: derive doorbell base address
In order to allow the MHUv2 driver to be usable with multiple MHUv2
controllers, use the base address of the controller from the platform
information instead of the MHUV2_BASE_ADDR macro.
plat/arm/sgi: include AFF3 affinity in core position calculation
AFF3 bits of MPIDR corresponds to Chip-Id in Arm multi-chip platforms.
For calculating linear core position of CPU cores from slave chips, AFF3
bits has to be used. Update `plat_arm_calc_core_pos` assembly function
to include AFF3 bits in calculation.
plat/arm/sgi: add macros for remote chip device region
Some of the Reference Design platforms like RD-N1-Edge can operate in
multi-chip configuration wherein two or more SoCs are connected through
a high speed coherent CCIX link. For the RD platforms, the remote chip
address space is at the offset of 4TB per chip. In order for the primary
chip to access the device memory region on the remote chip, the required
memory region entries need to be added as mmap entry. This patch adds
macros related to the remote chip device memory region.
plat/arm/sgi: add chip_id and multi_chip_mode to platform variant info
Multi-chip platforms have two or more identical chips connected using a
high speed coherent link. In order to identify such platforms,
add chip_id and multi_chip_mode information in the platform variant
info structure. The values of these two new elements is populated
during boot.
Louis Mayencourt [Thu, 24 Oct 2019 14:18:46 +0000 (15:18 +0100)]
fconf: Move platform io policies into fconf
Use the firmware configuration framework to store the io_policies
information inside the configuration device tree instead of the static
structure in the code base.
The io_policies required by BL1 can't be inside the dtb, as this one is
loaded by BL1, and only available at BL2.
This change currently only applies to FVP platform.
Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Louis Mayencourt [Tue, 17 Dec 2019 13:17:25 +0000 (13:17 +0000)]
fconf: Add dynamic config DTBs info as property
This patch introduces a better separation between the trusted-boot
related properties, and the dynamic configuration DTBs loading
information.
The dynamic configuration DTBs properties are moved to a new node:
`dtb-registry`. All the sub-nodes present will be provided to the
dynamic config framework to be loaded. The node currently only contains
the already defined configuration DTBs, but can be extended for future
features if necessary.
The dynamic config framework is modified to use the abstraction provided
by the fconf framework, instead of directly accessing the DTBs.
The trusted-boot properties are kept under the "arm,tb_fw" compatible
string, but in a separate `tb_fw-config` node.
The `tb_fw-config` property of the `dtb-registry` node simply points
to the load address of `fw_config`, as the `tb_fw-config` is currently
part of the same DTB.
Change-Id: Iceb6c4c2cb92b692b6e28dbdc9fb060f1c46de82 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Louis Mayencourt [Thu, 17 Oct 2019 13:46:51 +0000 (14:46 +0100)]
fconf: Load config dtb from bl1
Move the loading of the dtb from arm_dym_cfg to fconf. The new loading
function is not associated to arm platform anymore, and can be moved
to bl_main if wanted.
Change-Id: I847d07eaba36d31d9d3ed9eba8e58666ea1ba563 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Introduce the Firmware CONfiguration Framework (fconf).
The fconf is an abstraction layer for platform specific data, allowing
a "property" to be queried and a value retrieved without the requesting
entity knowing what backing store is being used to hold the data.
The default backing store used is C structure. If another backing store
has to be used, the platform integrator needs to provide a "populate()"
function to fill the corresponding C structure.
The "populate()" function must be registered to the fconf framework with
the "FCONF_REGISTER_POPULATOR()". This ensures that the function would
be called inside the "fconf_populate()" function.
A two level macro is used as getter:
- the first macro takes 3 parameters and converts it to a function
call: FCONF_GET_PROPERTY(a,b,c) -> a__b_getter(c).
- the second level defines a__b_getter(c) to the matching C structure,
variable, array, function, etc..
Ex: Get a Chain of trust property:
1) FCONF_GET_PROPERY(tbbr, cot, BL2_id) -> tbbr__cot_getter(BL2_id)
2) tbbr__cot_getter(BL2_id) -> cot_desc_ptr[BL2_id]
Change-Id: Id394001353ed295bc680c3f543af0cf8da549469 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Commit 8f73663b5963 ("plat/arm: Support for Cortex A5 in FVP Versatile
Express platform") has conditioned the enabling of the Advanced SIMD
and floating point features to platforms that have:
intel: Include address range check for SiP Mailbox
This patch modify current address range checker in SiP driver to also
accept input size.
Also, include said checker for SiP mailbox send command to ensure
referenced argument is within expected address.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ie0c3cac4c3d1a6ea0194602d9aa3541f5d9a3367
Max Shvetsov [Fri, 6 Dec 2019 11:50:12 +0000 (11:50 +0000)]
Adds option to read ROTPK from registers for FVP
Enables usage of ARM_ROTPK_LOCATION=regs for FVP board.
Removes hard-coded developer keys. Instead, setting
ARM_ROTPK_LOCATION=devel_* takes keys from default directory.
In case of ROT_KEY specified - generates a new hash and replaces the
original.
Note: Juno board was tested by original feature author and was not tested
for this patch since we don't have access to the private key. Juno
implementation was moved to board-specific file without changing
functionality. It is not known whether byte-swapping is still needed
for this platform.
Change-Id: I0fdbaca0415cdcd78f3a388551c2e478c01ed986 Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Paul Beesley [Thu, 16 May 2019 12:33:18 +0000 (13:33 +0100)]
doc: Split and expand coding style documentation
This patch expands the coding style documentation, splitting it
into two documents: the core style rules and extended guidelines.
Note that it does not redefine or change the coding style (aside
from section 4.6.2) - generally, it is only documenting the
existing style in more detail.
The aim is for the coding style to be more readable and, in turn,
for it to be followed by more people. We can use this as a more
concrete reference when discussing the accepted style with external
contributors.
Change-Id: I87405ace9a879d7f81e6b0b91b93ca69535e50ff Signed-off-by: Paul Beesley <paul.beesley@arm.com> Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>
Carlo Caione [Mon, 27 Jan 2020 15:03:28 +0000 (16:03 +0100)]
amlogic: axg: Add a build flag when using ATOS as BL32
BL2 is unconditionally setting 0 (OPTEE_AARCH64) in arg0 even when the
BL32 image is 32bit (OPTEE_AARCH32). This is causing the boot to hang
when ATOS (32bit Amlogic BL32 binary-only TEE OS) is used.
Since we are not aware of any Amlogic platform shipping a 64bit version
of ATOS we can hardcode OPTEE_AARCH32 / MODE_RW_32 when using ATOS.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Change-Id: Iaea47cf6dc48bf8a646056761f02fb81b41c78a3
Achin Gupta [Fri, 11 Oct 2019 13:32:02 +0000 (14:32 +0100)]
SPMD: add SPCI Beta 0 specification header file
This patch adds a header file with defines based on the SPCI Beta 0 spec.
It will be used by the SPM dispatcher component which will be introduced
in subsequent patches.
The checks on size and offset_address in get_entry always resolve to
false provided those fields are long long int and cannot be greater
than LONG_MAX.
When Trusted Boot is enabled, images are loaded and authenticated
following up the root of trust. This means that between the initial
console message saying that an image is being loaded, and the final one
where it says that it failed to load it, BL2 may print several messages
about other images on the chain of trust being loaded, thus it is not
always clear which image we failed loading at the end of the day.
Imre Kis [Mon, 3 Feb 2020 13:48:21 +0000 (14:48 +0100)]
doc: Remove backquotes from external hyperlinks
Since Sphinx 2.3.0 backquotes are replaced to \textasciigrave{} during
building latexpdf. Using this element in a \sphinxhref{} breaks the
build. In order to avoid this error backquotes must not be used in
external hyperlinks.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: Ie3cf454427e3d5a7b7f9829b42be45aebda7f0dd
Alexei Fedorov [Wed, 29 Jan 2020 16:21:28 +0000 (16:21 +0000)]
FDT wrappers: add functions for read/write bytes
This patch adds 'fdtw_read_bytes' and 'fdtw_write_inplace_bytes'
functions for read/write array of bytes from/to a given property.
It also adds 'fdt_setprop_inplace_namelen_partial' to jmptbl.i
files for builds with USE_ROMLIB=1 option.
Masahiro Yamada [Thu, 26 Dec 2019 04:26:49 +0000 (13:26 +0900)]
doc: qemu: fix and update documentation
The current URL for QEMU_EFI.fd is not found. Update the link to
point to the new one.
If you run the shell command as instructed, you will see this error:
qemu-system-aarch64: keep_bootcon: Could not open 'keep_bootcon': No such file or directory
The part "console=ttyAMA0,38400 keep_bootcon root=/dev/vda2" is the
kernel parameter, so it must be quoted.
As of writing, QEMU v4.2.0 is the latest, but it does not work for
TF-A (It has been fixed in the mainline.) QEMU v4.1.0 works fine.
With those issues addressed, I succeeded in booting the latest kernel.
Tested with QEMU v4.1.0 and Linux 5.5 (defconfig with no modification).
Update the tested versions.
Varun Wadekar [Fri, 25 May 2018 23:17:53 +0000 (16:17 -0700)]
Tegra194: mce: fix multiple MISRA issues
This patch fixes violations of the following MISRA rules
* Rule 8.5 "An external object or function shall be declared once in
one and only one file"
* Rule 10.3 "The value of an expression shall not be assigned to an
object with a narrower essential type or of a different
esential type category"
Varun Wadekar [Fri, 25 May 2018 21:34:53 +0000 (14:34 -0700)]
Tegra: bpmp: fix multiple MISRA issues
This patch fixes violations for the following MISRA rules
* Rule 5.7 "A tag name shall be a unique identifier"
* Rule 10.1 "Operands shall not be of an inappropriate essential type"
* Rule 10.3 "The value of an expression shall not be assigned to an object
with a narrower essential type or of a different essential type
category"
* Rule 10.4 "Both operands of an operator in which the usual arithmetic
conversions are performed shall have the same essential type
category"
* Rule 20.7 "Expressions resulting from the expansion of macro parameters
shall be enclosed in parentheses"
* Rule 21.1 "#define and #undef shall not be used on a reserved identifier
or reserved macro name"
Varun Wadekar [Fri, 25 May 2018 22:22:58 +0000 (15:22 -0700)]
Tegra194: se: fix multiple MISRA issues
This patch fixes violations for the following MISRA rules
* Rule 8.4 "A compatible declaration shall be visible when an object or
function with external linkage is defined"
* Rule 10.1 "Operands shall not be of an inappropriate essential type"
* Rule 10.6 "Both operands of an operator in which the usual arithmetic
conversions are perdormed shall have the same essential type
category"
* Rule 17.7 "The value returned by a function having non-void return
type shall be used"
Varun Wadekar [Thu, 17 May 2018 18:10:13 +0000 (11:10 -0700)]
Tegra: compile PMC driver for Tegra132/Tegra210 platforms
The PMC driver is used only by Tegra210 and Tegra132 platforms. This
patch removes pmc.c from the common makefile and moves it to the
platform specific makefiles.
As a result, the PMC code from common code has been moved to Tegra132
and Tegra210 platform ports.
Varun Wadekar [Thu, 17 May 2018 16:36:38 +0000 (09:36 -0700)]
Tegra: remove weakly defined platform setup handlers
This patch converts the weakly defined platform setup handlers into
actual platform specific handlers to improve code coverage numbers
and some MISRA defects.
The weakly defined handlers never get executed thus resulting in
lower coverage - function, function calls, statements, branches
and pairs.
Varun Wadekar [Tue, 15 May 2018 18:24:59 +0000 (11:24 -0700)]
Tegra: per-SoC DRAM base values
Tegra194 supports upto 64GB of DRAM, whereas the previous SoCs support
upto 32GB DRAM. This patch moves the common DRAM base/end macros to
individual Tegra SoC headers to fix this anomaly.
Move all TBBR-specific stuff out of the tool's makefile into a
sub-makefile. This will make it easier to define and select an alternate
chain of trust in the future.
projects / arm-tf.git / log