Juan Pablo Conde [Tue, 28 Jun 2022 20:56:32 +0000 (16:56 -0400)]
docs(security): update info on use of OpenSSL 3.0
OpenSSL 3.0 is a pre-requisite since v2.7 and can be installed
on the operating system by updating the previous version.
However, this may not be convenient for everyone, as some may
want to keep their previous versions of OpenSSL.
This update on the docs shows that there is an alternative to
install OpenSSL on the system by using a local build of
OpenSSL 3.0 and pointing both the build and run commands to
that build.
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: Ib9ad9ee5c333f7b04e2747ae02433aa66e6397f3
Cortex-A78C erratum 2132064 is a cat B erratum that applies to revisions
r0p1 and r0p2 and is still open.
This patch implements workaround option 2 that places the data
prefetcher in the most conservative mode to greatly reduce prefetches
by writing the following bits to the value indicated:
ecltr[7:6], PF_MODE = 2'b11
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2004089/latest
Add an empty line just before the "Build Host" title.
Without this, the title is not properly recognized, it does not get
added to the table of contents and the underlining characters appear
as dashes, as can be seen here:
Merge changes Iec22dcab,Ib88b4b5d,I50cd6b82,If1167785,I9b3a08ef, ... into integration
* changes:
feat(imx8m): keep pu domains in default state during boot stage
feat(imx8m): add the PU power domain support on imx8mm/mn
feat(imx8m): add the anamix pll override setting
feat(imx8m): add the ddr frequency change support for imx8m family
feat(imx8mn): enable dram retention suuport on imx8mn
feat(imx8mm): enable dram retention suuport on imx8mm
feat(imx8m): add dram retention flow for imx8m family
Johann Neuhauser [Wed, 16 Feb 2022 16:12:34 +0000 (17:12 +0100)]
feat(stm32mp15-fdts): add support for STM32MP157C based DHCOM SoM on PDK2 board
This is an SoM in SODIMM-200 format on an evaluation board called
"DHCOM Premium Developer Kit #2" (DHCOM PDK2 for short). The SoM features an
STM32MP157C SoC with 1 GB DDR3, 8 GB eMMC, microSD and 2 MB SPI flash.
The baseboard has multiple UART, USB, SPI, and I2C ports/headers and several
other interfaces that are not important for TF-A.
These dts(i) files are based on DHCOM dt's from Linux 5.16 and U-Boot 2022.01.
The DRAM calibration values are taken from U-Boot 2022.01 and are optimized for
industrial temperature range above 85° C.
TF-A on this board was fully tested with the latest OP-TEE developer setup.
Change-Id: I696c01742954d761fbad312cd1059e3ab01fa93c Signed-off-by: Johann Neuhauser <jneuhauser@dh-electronics.com>
refactor(arm): add debug logs to show the reason behind skipping firmware config loading
Added debug logs to show the reason behind skipping firmware
configuration loading, and also a few debug strings were corrected.
Additionally, a panic will be triggered if the configuration sanity
fails.
Change-Id: I6bbd67b72801e178a14cbe677a8831b25a907d0c Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Daniel Boulby [Wed, 6 Jul 2022 13:33:13 +0000 (14:33 +0100)]
fix(cpus): workaround for Neoverse-N2 erratum 2388450
Neoverse-N2 erratum 2388450 is a cat B erratum that applies to
revision r0p0 and is fixed in r0p1. The workaround is to set
bit[40] of CPUACTLR2_EL1 to disable folding of demand requests into
older prefetches with L2 miss requests outstanding.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1982442/latest
Change-Id: I6dd949c79cea8dbad322e569aa5de86cf8cf9639 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
refactor(sgi): rewrite address space size definitions
The value of the macro CSS_SGI_REMOTE_CHIP_MEM_OFFSET can be different
across all the Neoverse reference design platforms. This value depends
on the number of address bits used per chip. So let all platforms define
CSS_SGI_ADDR_BITS_PER_CHIP which specifies the number of address bits
used per chip.
In addition to this, reuse the definition of CSS_SGI_ADDR_BITS_PER_CHIP
for single chip platforms and CSS_SGI_REMOTE_CHIP_MEM_OFFSET for multi-
chip platforms to determine the maximum address space size. Also,
increase the RD-N2 multi-chip address space per chip from 4TB to 64TB.
Manoj Kumar [Thu, 23 Jun 2022 11:30:37 +0000 (12:30 +0100)]
fix(morello): move BL31 to run from DRAM space
The EL3 runtime firmware has been running from internal trusted
SRAM space on the Morello platform. Due to unavailability of tag
support for the internal trusted SRAM this becomes a problem if
we enable capability pointers in BL31.
To support capability pointers in BL31 it has to be run from the
main DDR memory space. This patch updates the Morello platform
configuration such that BL31 is loaded and run from DDR space.
The patch 8c980a4 created a 4KB shared region from the 32MB
Realm region for RMM-EL3 communication. But this meant that BL2
needs to map a region of 32MB - 4KB, which required more xlat
tables at runtime. This patch maps the entire 32MB region in BL2
which is more memory efficient in terms of xlat tables needed.
MISRA Violation: MISRA-C:2012 R.10.1
1) The expression of non-boolean essential type is being interpreted as a
boolean value for the operator.
2) The operand to the operator does not have an essentially unsigned type.
On STM32MP13, USART1 and USART2 addresses are 0x4C000000 and 0x4C001000.
Whereas on STM32MP15, the addresses were 0x5C000000 and 0x4000E000.
Use dedicated flags to choose the correct address, that could be use
for early or crash console.
Merge changes from topic "jas/rmm-el3-ifc" into integration
* changes:
docs(rmmd): document EL3-RMM Interfaces
feat(rmmd): add support to create a boot manifest
fix(rme): use RMM shared buffer for attest SMCs
feat(rmmd): add support for RMM Boot interface
Mark Brown [Mon, 9 May 2022 12:26:36 +0000 (13:26 +0100)]
feat(sme): fall back to SVE if SME is not there
Due to their interrelationship in the architecture the SVE and SME
features in TF-A are mutually exclusive. This means that a single binary
can't be shared between systems with and without SME if the system
without SME does support SVE, SVE will not be initialised so lower ELs
will run into trouble trying to use it. This unusual behaviour for TF-A
which normally gracefully handles situations where features are enabled
but not supported on the current hardware.
Address this by calling the SVE enable and disable functions if SME is
not supported rather than immediately exiting, these perform their own
feature checks so if neither SVE nor SME is supported behaviour is
unchanged.
Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I2c606202fa6c040069f44e29d36b5abb48391874
This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, among others, to pass a boot manifest to RMM. The buffer is
composed a single memory page be used by a later EL3 <-> RMM interface
by all CPUs.
The RMM boot manifest is not implemented by this patch.
In addition to that, this patch also enables support for RMM when
RESET_TO_BL31 is enabled.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I855cd4758ee3843eadd9fb482d70a6d18954d82a
feat(arm): forbid running RME-enlightened BL31 from DRAM
According to Arm CCA security model [1],
"Root world firmware, including Monitor, is the most trusted CCA
component on application PE. It enforces CCA security guarantees for
not just Realm world, but also for Secure world and for itself.
It is expected to be small enough to feasibly fit in on-chip memory,
and typically needs to be available early in the boot process when
only on-chip memory is available."
For these reasons, it is expected that "monitor code executes entirely
from on-chip memory."
This precludes usage of ARM_BL31_IN_DRAM for RME-enlightened firmware.
[1] Arm DEN0096 A.a, section 7.3 "Use of external memory by CCA".
Yann Gautier [Thu, 30 Jun 2022 09:33:27 +0000 (11:33 +0200)]
feat(stm32mp15): manage OP-TEE shared memory
On STM32MP15, there is currently an OP-TEE shared memory area at the end
of the DDR. But this area will in term be removed. To allow a smooth
transition, a new flag is added (STM32MP15_OPTEE_RSV_SHM). It reflects
the OP-TEE flag: CFG_CORE_RESERVED_SHM. The flag is enabled by default
(no behavior change). It will be set to 0 when OP-TEE is aligned, and
then later be removed.
Daniel Boulby [Thu, 9 Jun 2022 11:04:30 +0000 (12:04 +0100)]
fix(sptool): fix concurrency issue for SP packages
Add dependency between rules to generate SP packages and their dtb files
to ensure the dtb files are built before the sptool attempts to generate
the SP package.
Change-Id: I071806f4aa09f39132e3e1990c91d71dc9acd728 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
* changes:
feat(synquacer): add FWU Multi Bank Update support
feat(synquacer): add TBBR support
feat(synquacer): add BL2 support
refactor(synquacer): move common source files
Jassi Brar [Mon, 23 May 2022 18:16:01 +0000 (13:16 -0500)]
feat(synquacer): add FWU Multi Bank Update support
Add FWU Multi Bank Update support. This reads the platform metadata
and update the FIP base address so that BL2 can load correct BL3X
based on the boot index.
Define the MBEDTLS_CHECK_RETURN_WARNING macro in mbedTLS configuration
file to get compile-time warnings for mbedTLS functions we call and do
not check the return value of. Right now, this does not flag anything
but it could help catching bugs in the future.
This was a new feature introduced in mbed TLS 2.28.0 release.
Manish Pandey [Fri, 24 Jun 2022 10:44:06 +0000 (12:44 +0200)]
Merge changes from topic "lw/cca_cot" into integration
* changes:
feat(arm): retrieve the right ROTPK for cca
feat(arm): add support for cca CoT
feat(arm): provide some swd rotpk files
build(tbbr): drive cert_create changes for cca CoT
refactor(arm): add cca CoT certificates to fconf
feat(fiptool): add cca, core_swd, plat cert in FIP
feat(cert_create): define the cca chain of trust
feat(cca): introduce new "cca" chain of trust
build(changelog): add new scope for CCA
refactor(fvp): increase bl2 size when bl31 in DRAM
Yann Gautier [Mon, 20 Jun 2022 09:43:17 +0000 (11:43 +0200)]
feat(stm32mp1): optionally use paged OP-TEE
STM32MP13 can encrypt the DDR. OP-TEE is then fully in DDR, and there
is no need for paged image on STM32MP13. The management of the paged
OP-TEE is made conditional, and will be kept only for STM32MP15.
Yann Gautier [Mon, 20 Jun 2022 09:24:22 +0000 (11:24 +0200)]
feat(optee): check paged_image_info
For OP-TEE without pager, the paged image may not be present in OP-TEE
header. We could then pass NULL for paged_image_info to the function
parse_optee_header(). It avoids creating a useless struct for that
non existing image. But we should then avoid assigning header_ep args
that depend on paged_image_info.
Yann Gautier [Tue, 21 Jun 2022 13:12:27 +0000 (15:12 +0200)]
fix(st-clock): correctly check ready bit
The function clk_oscillator_wait_ready() was wrongly checking the set
bit and not the ready bit. Correct that by using osc_data->gate_rdy_id
when calling _clk_stm32_gate_wait_ready().
Nishant Sharma [Tue, 30 Nov 2021 09:31:48 +0000 (09:31 +0000)]
feat(plat/arm/sgi): read isolated cpu mpid list from sds
Add support to read the list of isolated CPUs from SDS and publish this
list via the non-trusted firmware configuration file for the next stages
of boot software to use.
Isolated CPUs are those that are not to be used on the platform for
various reasons. The isolated CPU list is an array of MPID values of the
CPUs that have to be isolated.
Manish Pandey [Tue, 21 Jun 2022 12:11:47 +0000 (14:11 +0200)]
Merge changes from topic "mb/gic600-errata" into integration
* changes:
refactor(arm): update BL2 base address
refactor(nxp): use DPG0 mask from Arm GICv3 header
fix(gic600): implement workaround to forward highest priority interrupt
Nishant Sharma [Tue, 30 Nov 2021 09:38:46 +0000 (09:38 +0000)]
feat(board/rdn2): add a new 'isolated-cpu-list' property
Add a new property named 'isolated-cpu-list' to list the CPUs that are
to be isolated and not used by the platform. The data represented by
this property is formatted as below.
strutct isolated_cpu_mpid_list {
uint64_t count;
uint64_t mpid_list[MAX Number of PE];
}
Also, the property is pre-initialized to 0 to reserve space for the
property in the dtb. The data for this property is read from SDS and
updated during boot. The number of entries in this list is equal to the
maximum number of PEs present on the platform.
Manish Pandey [Tue, 21 Jun 2022 10:42:08 +0000 (12:42 +0200)]
Merge changes from topic "uart_segregation_v2" into integration
* changes:
feat(sgi): add page table translation entry for secure uart
feat(sgi): route TF-A logs via secure uart
feat(sgi): deviate from arm css common uart related definitions
Firmware buffer has already been mapped when loading 1D firmware,
so the same buffer address will be re-mapped when loading 2D
firmware. Move the buffer mapping to be out of load_fw().
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Idb29d504bc482a1e7ca58bc51bec09ffe6068324
Olivier Deprez [Wed, 15 Jun 2022 09:18:48 +0000 (11:18 +0200)]
feat(spm): add tpm event log node to spmc manifest
Add the TPM event log node to the SPMC manifest such that the TF-A
measured boot infrastructure fills the properties with event log address
for components measured by BL2 at boot time.
For a SPMC there is a particular interest with SP measurements.
In the particular case of Hafnium SPMC, the tpm event log node is not
yet consumed, but the intent is later to pass this information to an
attestation SP.
projects / arm-tf.git / log