The board features the Hi3798C V200 with an integrated quad-core
64-bit ARM Cortex A53 processor and high performance Mali T720 GPU,
making it capable of running any commercial set-top solution based on
Linux or Android. Its high performance specification also supports a
premium user experience with up to H.265 HEVC decoding of 4K video at
60 frames per second.
SOC Hisilicon Hi3798CV200
CPU Quad-core ARM Cortex-A53 64 bit
DRAM DDR3/3L/4 SDRAM interface, maximum 32-bit data width 2 GB
USB Two USB 2.0 ports One USB 3.0 ports
CONSOLE USB-micro port for console support
ETHERNET 1 GBe Ethernet
PCIE One PCIe 2.0 interfaces
JTAG 8-Pin JTAG
EXPANSION INTERFACE Linaro 96Boards Low Speed Expansion slot
DIMENSION Standard 160×120 mm 96Boards Enterprice Edition form factor
WIFI 802.11AC 2*2 with Bluetooth
CONNECTORS One connector for Smart Card One connector for TSI
The platform boot sequence is as follows:
l-loader --> arm_trusted_firmware --> u-boot
U-Boot is also upstream in the project's master branch.
Make sure you are using the correct branch on each one of these
repositories. The definition of "correct" might change over time (at
this moment in time this would be the "latest" branch).
Build Line:
make CROSS_COMPILE=aarch64-linux-gnu- all fip SPD=none DEBUG=1
PLAT=poplar BL33=/path/to/u-boot.bin
Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org> Signed-off-by: Leo Yan <leo.yan@linaro.org> Signed-off-by: Alex Elder <elder@linaro.org> Tested-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org> Tested-by: Leo Yan <leo.yan@linaro.org> Tested-by: Alex Elder <elder@linaro.org>
This fix modifies the order of system includes to meet the ARM TF coding
standard. There are some exceptions to this change in order to retain
header groupings and where there are headers within #if statements.
This fix modifies the order of system includes to meet the ARM TF coding
standard. There are some exceptions in order to retain header groupings,
minimise changes to imported headers, and where there are headers within
the #if and #ifndef statements.
Victor Chong [Sat, 27 May 2017 15:14:25 +0000 (00:14 +0900)]
hikey: Remove unnecessary code
PLATFORM_LINKER_FORMAT
and
PLATFORM_LINKER_ARCH
defines are removed from
plat/hisilicon/hikey/include/platform_def.h
since there are already defined in
include/plat/common/common_def.h
which is included by
plat/hisilicon/hikey/hikey_def.h
which is included by
plat/hisilicon/hikey/include/platform_def.h
The line
$(eval $(call FIP_ADD_IMG,SCP_BL2,--scp-fw))
is removed from
plat/hisilicon/hikey/platform.mk
to clear the warning below:
Makefile:544: warning: overriding commands for target `check_SCP_BL2'
plat/hisilicon/hikey/platform.mk:19: warning: ignoring old commands for target `check_SCP_BL2'
$(eval $(call FIP_ADD_IMG,SCP_BL2,--scp-fw))
already exists in
Makefile
and applies to plat hikey so is redundant in
plat/hisilicon/hikey/platform.mk
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Victor Chong [Sat, 27 May 2017 15:14:37 +0000 (00:14 +0900)]
hikey960: platform.mk: Remove FIP_ADD_IMG SCP_BL2
The line
$(eval $(call FIP_ADD_IMG,SCP_BL2,--scp-fw))
is removed from
plat/hisilicon/hikey960/platform.mk
to clear the warning below:
Makefile:544: warning: overriding commands for target `check_SCP_BL2'
plat/hisilicon/hikey960/platform.mk:13: warning: ignoring old commands for
target `check_SCP_BL2'
$(eval $(call FIP_ADD_IMG,SCP_BL2,--scp-fw))
already exists in
Makefile
and applies to plat hikey960 so is redundant in
plat/hisilicon/hikey960/platform.mk
Signed-off-by: Victor Chong <victor.chong@linaro.org> Acked-by: Haojian Zhuang <haojian.zhuang@linaro.org>
This patch updates the User Guide is to state that Linaro
release 17.04 is supported.
Additionally, the following fixes are made to the User Guide:
- Removed out of date reference to Linaro release 16.06.
- Updated the Juno variant coverage to include r2.
Change-Id: Iebbced3356f8c6b3c2bff2df62574db9f937ca7b Signed-off-by: David Cunado <david.cunado@arm.com>
David Cunado [Tue, 27 Jun 2017 16:31:12 +0000 (17:31 +0100)]
Update Foundation, AEM and Cortex Models versions
Trusted Firmware has been tested as part of its CI system against Cortex
and Foundation models in the 11.0 Model release available on
developer.arm.com. Trusted Firmware has also been tested against the v8.5
AEM model.
This patch updates the user guide documentation to reflect the version of
the Foundation, AEM and Cortex Models that Trusted Firmware has been
tested against.
Change-Id: I3b5b4d1e4220bda1dcc88aa9cfa01fa711ed92cd Signed-off-by: David Cunado <david.cunado@arm.com>
Caesar Wang [Mon, 19 Jun 2017 06:02:52 +0000 (14:02 +0800)]
rockchip/rk3399: fixes the typo and the WARNINGS during suspend/resume
This patch fixes the two things as follows:
1) rk3399_flash_l2_b" seems to be a typo. That's "flush", not "flash".
2) fixes the warnings log.
We always hit the warnings thing during the suspend, as below log:
..
[ 51.022334] CPU5: shutdown
[ 51.025069] psci: CPU5 killed.
INFO: sdram_params->ddr_freq = 928000000
WARNING: rk3399_flash_l2_b:reg 28830380,wait
When the L2 completes the clean and invalidate sequence, it asserts the
L2FLUSHDONE signal. The SoC can now deassert L2FLUSHREQ signal and then
the L2 deasserts L2FLUSHDONE.
Then, a loop without a delay isn't really great to measure time. We should
probably add a udelay(10) or so in there and then maybe replace the WARN()
after the loop. In the actual tests, the L2 cache will take ~4ms by
default for big cluster.
In the real world that give 10ms for the enough margin, like the
ddr/cpu/cci frequency and other factors that will affect it.
Change-Id: I55788c897be232bf72e8c7b0e10cf9b06f7aa50d Signed-off-by: Caesar Wang <wxt@rock-chips.com>
Douglas Raillard [Wed, 28 Jun 2017 14:23:03 +0000 (15:23 +0100)]
Convert documentation to reStructuredText
Due to recent issues in the rendering of the documentation on GitHub and
some long-standing issues like the lack of automatic table of content in
Markdown, the documentation has been converted to reStructuredText.
Basic constructs looks pretty similar to Markdown.
Automatically convert GitHub markdown documentation to reStructuredText
using pandoc.
Change-Id: If20b695acedc6d1b49c8d9fb64efd6b6ba23f4a9 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Soby Mathew [Fri, 2 Jun 2017 16:44:07 +0000 (17:44 +0100)]
Use CryptoCell to set/get NVcounters and ROTPK
This patch implements the platform APIs plat_get_rotpk_info,
plat_get_nv_ctr, plat_set_nv_ctr to invoke CryptoCell SBROM
APIs when ARM_CRYPTOCELL_INT is set.
Soby Mathew [Mon, 5 Jun 2017 14:55:59 +0000 (15:55 +0100)]
Do basic CryptoCell LCS check
This patch implements the basic lifecycle state check when CryptoCell
SBROM is initialized. Currently the check ensures that if the lifecycle
state is Security Disabled (SD), the boot process does not proceed
further.
Soby Mathew [Wed, 10 May 2017 10:50:30 +0000 (11:50 +0100)]
ARM plat changes to enable CryptoCell integration
This patch makes the necessary changes to enable ARM platform to
successfully integrate CryptoCell during Trusted Board Boot. The
changes are as follows:
* A new build option `ARM_CRYPTOCELL_INTEG` is introduced to select
the CryptoCell crypto driver for Trusted Board boot.
* The TrustZone filter settings for Non Secure DRAM is modified
to allow CryptoCell to read this memory. This is required to
authenticate BL33 which is loaded into the Non Secure DDR.
* The CSS platforms are modified to use coherent stacks in BL1 and BL2
when CryptoCell crypto is selected. This is because CryptoCell makes
use of DMA to transfer data and the CryptoCell SBROM library allocates
buffers on the stack during signature/hash verification.
Soby Mathew [Wed, 10 May 2017 10:49:58 +0000 (11:49 +0100)]
Add CC crypto driver to the Auth module
This patch adds a crypto driver which utilizes the ARM® TrustZone®
CryptoCell-712 to verify signature and hash during Trusted Board Boot. Along
with this driver, the CryptoCell SBROM library is required to successfully
build the BL image. The path to this library is specified via
the `CCSBROM_LIB_PATH` variable. Please note that, mbedTLS is still required
to do the X509 certificate ASN.1 parsing and CryptoCell is only utilized for
signature and hash verification.
Soby Mathew [Wed, 10 May 2017 10:48:40 +0000 (11:48 +0100)]
Add headers to enable CryptoCell integration
This patch adds header files with required declarations and
macro definitions to enable integration with CryptoCell SBROM
version `CC712 – Release 1.0.0.1061`. These headers enable ARM
Trusted Firmware to build and link with CryptoCell SBROM
library.
Douglas Raillard [Thu, 22 Jun 2017 14:03:50 +0000 (15:03 +0100)]
Document CFLAGS make option
CFLAGS content can be set on the command line to allow passing extra
options to the compiler. Its content is appended after the options set
by the Makefile (TF_CFLAGS).
The Makefiles must use TF_CFLAGS instead of CFLAGS, as the latter can be
completely overriden by setting it on the command line.
Also tell about LDFLAGS in the "Debugging options" section.
Change-Id: Iaf27b424002898ef3040133f78cb133983a37aee Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Douglas Raillard [Thu, 22 Jun 2017 13:44:48 +0000 (14:44 +0100)]
Introduce TF_LDFLAGS
Use TF_LDFLAGS from the Makefiles, and still append LDFLAGS as well to
the compiler's invocation. This allows passing extra options from the
make command line using LDFLAGS.
Document new LDFLAGS Makefile option.
Change-Id: I88c5ac26ca12ac2b2d60a6f150ae027639991f27 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Caesar Wang [Wed, 28 Jun 2017 00:40:26 +0000 (08:40 +0800)]
rockchip: enable A53's erratum 855873 for rk3399
For rk3399, the L2ACTLR[14] is 0 by default, as ACE CCI-500 doesn't
support WriteEvict. and you will hit the condition L2ACTLR[3] with 0,
as the Evict transactions should propagate to CCI-500 since it has
snoop filters.
Maybe this erratum applies to all Cortex-A53 cores so far, especially
if RK3399's A53 is a r0p4. we should enable it to avoid data corruption,
Change-Id: Ib86933f1fc84f8919c8e43dac41af60fd0c3ce2f Signed-off-by: Caesar Wang <wxt@rock-chips.com>
Douglas Raillard [Thu, 22 Jun 2017 14:36:02 +0000 (15:36 +0100)]
Fix broken link in documentation
Fix link in docs/firmware-update.md and docs/change-log.md:
https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Image-Terminology
Change-Id: I2d51d373fd0f7da59b548cd6bed52c47772014fd Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
David Cunado [Wed, 21 Jun 2017 15:52:45 +0000 (16:52 +0100)]
Resolve signed-unsigned comparison issues
A recent commit 030567e6f51731982a7e71cbd387de93bc0e35fd added U()/ULL()
macro to TF constants. This has caused some signed-unsigned comparison
warnings / errors in the TF static analysis.
This patch addresses these issues by migrating impacted variables from
signed ints to unsigned ints and vice verse where applicable.
Change-Id: I4b4c739a3fa64aaf13b69ad1702c66ec79247e53 Signed-off-by: David Cunado <david.cunado@arm.com>
juno: Invalidate all caches before warm reset to AArch32 state.
On Juno AArch32, the L2 cache may contain garbage after the warm reset
from AArch64 to AArch32. This is all fine until the MMU is configured
and the data caches enabled. To avoid fetching stale data from the L2
unified cache, invalidate it before the warm reset to AArch32 state.
juno/aarch32: Restore `SCP_BOOT_CFG_ADDR` to the cold boot value
Before BL2 loads the SCP ram firmware, `SCP_BOOT_CFG_ADDR` specifies
the primary core. After the SCP ram firmware has started executing,
`SCP_BOOT_CFG_ADDR` is modified. This is not normally an issue but
the Juno AArch32 boot flow is a special case. BL1 does a warm reset
into AArch32 and the core jumps to the `sp_min` entrypoint. This is
effectively a `RESET_TO_SP_MIN` configuration. `sp_min` has to be
able to determine the primary core and hence we need to restore
`SCP_BOOT_CFG_ADDR` to the cold boot value before `sp_min` runs.
This magically worked when booting on A53 because the core index was
zero and it just so happened to match with the new value in
`SCP_BOOT_CFG_ADDR`.
Etienne Carriere [Thu, 22 Jun 2017 20:10:32 +0000 (22:10 +0200)]
psci: minor fixes in lib
Call svc_suspend_finish if registered.
psci_get_stat() is static to psci_stat.c
Fix types used in comparison.
Fix coding style (empty line between variable definition and instructions
block).
Douglas Raillard [Mon, 19 Jun 2017 14:38:02 +0000 (15:38 +0100)]
Apply workarounds for A53 Cat A Errata 835769 and 843419
These errata are only applicable to AArch64 state. See the errata notice
for more details:
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.epm048406/index.html
Introduce the build options ERRATA_A53_835769 and ERRATA_A53_843419.
Enable both of them for Juno.
Apply the 835769 workaround as following:
* Compile with -mfix-cortex-a53-835769
* Link with --fix-cortex-a53-835769
Apply the 843419 workaround as following:
* Link with --fix-cortex-a53-843419
The erratum 843419 workaround can lead the linker to create new sections
suffixed with "*.stub*" and 4KB aligned. The erratum 835769 can lead the
linker to create new "*.stub" sections with no particular alignment.
Also add support for LDFLAGS_aarch32 and LDFLAGS_aarch64 in Makefile for
architecture-specific linker options.
Change-Id: Iab3337e338b7a0a16b0d102404d9db98c154f8f8 Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
aarch32: Apply workaround for errata 813419 of Cortex-A57
TLBI instructions for monitor mode won't have the desired effect under
specific circumstances in Cortex-A57 r0p0. The workaround is to
execute DSB and TLBI twice each time.
Even though this errata is only needed in r0p0, the current errata
framework is not prepared to apply run-time workarounds. The current one
is always applied if compiled in, regardless of the CPU or its revision.
The `DSB` instruction used when initializing the translation tables has
been changed to `DSB ISH` as an optimization and to be consistent with
the barriers used for the workaround.
NOTE: This workaround is present in AArch64 TF and already enabled by
default on Juno.
dp-arm [Tue, 23 May 2017 08:32:49 +0000 (09:32 +0100)]
aarch64: Enable Statistical Profiling Extensions for lower ELs
SPE is only supported in non-secure state. Accesses to SPE specific
registers from SEL1 will trap to EL3. During a world switch, before
`TTBR` is modified the SPE profiling buffers are drained. This is to
avoid a potential invalid memory access in SEL1.
SPE is architecturally specified only for AArch64.
David Cunado [Thu, 13 Apr 2017 21:38:29 +0000 (22:38 +0100)]
Fully initialise essential control registers
This patch updates the el3_arch_init_common macro so that it fully
initialises essential control registers rather then relying on hardware
to set the reset values.
The context management functions are also updated to fully initialise
the appropriate control registers when initialising the non-secure and
secure context structures and when preparing to leave EL3 for a lower
EL.
This gives better alignement with the ARM ARM which states that software
must initialise RES0 and RES1 fields with 0 / 1.
This patch also corrects the following typos:
"NASCR definitions" -> "NSACR definitions"
Change-Id: Ia8940b8351dc27bc09e2138b011e249655041cfc Signed-off-by: David Cunado <david.cunado@arm.com>
Soby Mathew [Thu, 15 Jun 2017 15:18:45 +0000 (16:18 +0100)]
Exit early if size zero for cache helpers
This patch enables cache helper functions `flush_dcache_range`,
`clean_dcache_range` and `invalidate_dcache_range` to exit early
if the size argument specified is zero
Soby Mathew [Thu, 15 Jun 2017 15:11:48 +0000 (16:11 +0100)]
Fix issues in FWU code
This patch fixes the following issues in Firmware Update (FWU) code:
1. The FWU layer maintains a list of loaded image ids and
while checking for image overlaps, INVALID_IMAGE_IDs were not
skipped. The patch now adds code to skip INVALID_IMAGE_IDs.
2. While resetting the state corresponding to an image, the code
now resets the memory used by the image only if the image were
copied previously via IMAGE_COPY smc. This prevents the invalid
zeroing of image memory which are not copied but are directly
authenticated via IMAGE_AUTH smc.
Masahiro Yamada [Wed, 14 Jun 2017 11:38:12 +0000 (20:38 +0900)]
uniphier: embed ROTPK hash into BL1/BL2
Currently, ROTPK_NOT_DEPLOYED flag is set in plat_get_rotpk_info().
It is up to users how to retrieve ROTPK if the ROT verification is
desired. This is not nice.
This commit improves plat_get_rotpk_info() implementation and automates
the ROTPK deployment. UniPhier platform has no ROTPK storage, so it
should be embedded in BL1/BL2, like ARM_ROTPK_LOCATION=devel_rsa case.
This makes sense because UniPhier platform implements its internal ROM
i.e. BL1 is used as updatable pseudo ROM.
Things work like this:
- ROT_KEY (default: $(BUILD_PLAT)/rot_key.pem) is created if missing.
Users can override ROT_KEY from the command line if they want to
use a specific ROT key.
- ROTPK_HASH is generated based on ROT_KEY.
- ROTPK_HASH is included by uniphier_rotpk.S and compiled into BL1/BL2.
projects / arm-tf.git / log