SPMD: fix boundary check if manifest is page aligned
while mapping SPMC manifest page in the SPMD translation regime the
mapped size was resolved to zero if SPMC manifest base address is PAGE
aligned, causing SPMD to abort.
To fix the problem change mapped size to PAGE_SIZE if manifest base is
PAGE aligned.
Merge changes I9feae1fc,I5cbe7192,I1867ece3,I85c2434a,If8edeeec, ... into integration
* changes:
plat: marvell: armada: mcbin: squash several IO windows into one
plat: marvell: armada: fix BL32 extra parameters usage
drivers: marvell: Fix the LLC SRAM driver
plat: marvell: armada: a8k: change CCU LLC SRAM mapping
plat: marvell: armada: adjust trusted DRAM size to match OP-TEE OS
drivers: marvell: mg_conf_cm3: pass comphy lane number to AP FW
plat: marvell: armada: move mg conf related code to appropriate driver
marvell: comphy: start AP FW when comphy AP mode selected
drivers: marvell: mg_conf_cm3: add basic driver
tools: doimage: change the binary image alignment to 16
tools: doimage: migrate to mbedtls v2.8 APIs
plat/arm: Fix build failure due to increase in BL2 size
BL2 size gets increased due to the libfdt library update and
that eventually cause no-optimization build failure for BL2 as below:
aarch64-none-elf-ld.bfd: BL2 image has exceeded its limit.
aarch64-none-elf-ld.bfd: region `RAM' overflowed by 4096 bytes
Makefile:1070: recipe for target 'build/fvp/debug/bl2/bl2.elf' failed
make: *** [build/fvp/debug/bl2/bl2.elf] Error 1
Fixed build failure by increasing BL2 image size limit by 4Kb.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I92a57eb4db601561a98e254b64994bb921a88db3
- Fix the line address macro
- LLC invalidate and enable before ways lock for allocation
- Add support for limited SRAM size allocation
- Add SRAM RW test function
Change-Id: I1867ece3047566ddd7931bd7472e1f47fb42c8d4 Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
plat: marvell: armada: a8k: change CCU LLC SRAM mapping
The LLC SRAM will be enabled in OP-TEE OS for usage as secure storage.
The CCU have to prepare SRAM window, but point to the DRAM-0 target
until the SRAM is actually enabled.
This patch changes CCU SRAM window target to DRAM-0
Remove dependence between LLC_SRAM and LLC_ENABLE and update the
build documentation.
The SRAМ base moved to follow the OP-TEE SHMEM area (0x05400000)
Change-Id: I85c2434a3d515ec37da5ae8eb729e3280f91c456 Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
drivers: marvell: mg_conf_cm3: pass comphy lane number to AP FW
Since the AP process can be enabled on different setups, the information
about used comphy lane should be passed to AP FW. For instance:
- A8K development board uses comphy lane 2 for eth 0
- cn913x development board uses comphy lane 4 for eth 0
Change-Id: Icf001fb3eea4d9c24c09384e49844ecaf8655ad2 Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
Replace deprecated mbedtls_sha256 with mbedtls_sha256_ret
The mbedtls_pk_parse_key does not work correctly anymore
with the DER buffer embedded in the secure image extentson
using the buffer size as the the key length.
Move to mbedtls_pk_parse_subpubkey API that handles such
case correctly.
The DER format already contains the key length, so there
is no particular reason to supply it to the key parser.
Update the doimage version to 3.3
Change-Id: I0ec5ee84b7d1505b43138e0b7a6bdba44a6702b6 Signed-off-by: Konstantin Porotchkin <kostap@marvell.com>
plat/arm, dts: Update platform device tree for CoT
Included cot_descriptors.dtsi in platform device tree
(fvp_tb_fw_config.dts).
Also, updated the maximum size of tb_fw_config to 0x1800
in order to accomodate the device tree for CoT descriptors.
Follow up patch will parse the device tree for these CoT descriptors
and fill the CoT descriptor structures at runtime instead of using
static CoT descriptor structures in the code base.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I90122bc713f6842b82fb019b04caf42629b4f45a
Andre Przywara [Wed, 8 Jul 2020 12:01:00 +0000 (13:01 +0100)]
arm_fpga: Predefine DTB and BL33 load addresses
The memory layout for the FPGA is fairly uniform for most of the FPGA
images, and we already assume that DRAM starts at 2GB by default.
Prepopulate PRELOADED_BL33_BASE and FPGA_PRELOADED_DTB_BASE to some
sane default values, to simplify building some stock image.
If people want to deviate from that, they can always override those
addresses on the make command line.
Change-Id: I2238fafb3f8253a01ad2d88d45827c141d9b29dd Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Thu, 25 Jun 2020 12:10:38 +0000 (13:10 +0100)]
arm_fpga: Support more CPU clusters
The maximum number of clusters is currently set to 2, which is quite
limiting. As there are FPGA images with 4 clusters, let's increase the
limit to 4.
Change-Id: I9a85ca07ebbd2a018ad9668536d867ad6b75e537 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Updated the CoT binding document to show chain of trust relationship
with the help of 'authentication method' and 'authentication data'
instead of showing content of certificate and fixed rendering issue
while creating html page using this document.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ib48279cfe786d149ab69ddc711caa381a50f9e2b
Etienne Carriere [Wed, 13 May 2020 08:19:50 +0000 (10:19 +0200)]
stm32mp1: register shared resource per GPIO bank/pin
Introduce helper functions stm32mp_register_secure_gpio() and
stm32mp_register_non_secure_gpio() for drivers to register a
GPIO pin as secure or non-secure.
These functions are stubbed when shared resource driver is not
embedded in the BL image so that drivers do not bother whether they
shall register or not their resources.
Etienne Carriere [Wed, 13 May 2020 08:16:21 +0000 (10:16 +0200)]
stm32mp1: register shared resource per IOMEM address
Introduce helper functions stm32mp_register_secure_periph_iomem()
and stm32mp_register_non_secure_periph_iomem() for drivers to
register a resource as secure or non-secure based on its SoC
interface registers base address.
These functions are stubbed when shared resources driver is not
embedded (!STM32MP_SHARED_RESOURCES) so that drivers embedded
in other BL stages do not bother whether they shall register or
not their resources.
Define helper functions stm32mp_register_secure_periph() and
stm32mp_register_non_secure_periph() for platform drivers to
register a shared resource assigned to respectively secure
or non-secure world.
Some resources are related to clock resources. When a resource is
registered as secure, ensure its clock dependencies are also
registered as secure. Registering a non-secure resource does not
mandate its clock dependencies are also registered as non-secure.
Etienne Carriere [Wed, 13 May 2020 09:49:49 +0000 (11:49 +0200)]
drivers: st: clock: register parent of secure clocks
Introduce stm32mp1_register_clock_parents_secure() in stm32mp1
clock driver to allow platform shared resources to register as
secure the parent clocks of a clock registered as secure.
Etienne Carriere [Wed, 13 May 2020 13:51:56 +0000 (15:51 +0200)]
stm32mp1: shared resources: add trace messages
Define from helper functions to get a human readable string
identifier from a shared resource enumerated ID. Use them to
make debug traces more friendly peripheral registering functions.
drivers: arm: gicv3: auto-detect presence of GIC600-AE
This patch adds the IIDR value for GIC600-AE to the gicv3_is_gic600()
helper function. This helps platforms supporting this version of the
GIC600 interrupt controller to function with the generic GIC driver.
Verified with tftf-validation test suite
******************************* Summary *******************************
> Test suite 'Framework Validation'
Passed
> Test suite 'Timer framework Validation'
Passed
=================================
Tests Skipped : 0
Tests Passed : 6
Tests Failed : 0
Tests Crashed : 0
Total tests : 6
=================================
NOTICE: Exiting tests.
corstone700: splitting the platform support into FVP and FPGA
This patch performs the following:
- Creating two corstone700 platforms under corstone700 board:
fvp and fpga
- Since the FVP and FPGA have IP differences, this commit provides a specific DTS for each platform
- The platform can be specified using the TARGET_PLATFORM Makefile variable
(possible values are: fvp or fpga)
- Allowing to use u-boot by:
- Enabling NEED_BL33 option
- Fixing non-secure image base: For no preloaded bl33 we want to
have the NS base set on shared ram. Setup a memory map region
for NS in shared map and set the bl33 address in the area.
- Setting the SYS_COUNTER_FREQ_IN_TICKS based on the selected
platform
- Setting ARM_MAP_SHARED_RAM and ARM_MAP_NS_SHARED_RAM to use MT_MEMORY
Change-Id: I4c8ac3387acb1693ab617bcccab00d80e340c163 Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
fiptool: return zero status on help and help <command>
Querying the 'fiptool' for help or help <command> should return 0
return status (success) and not 1 (failure). In the other hand, if tool is
executed with any other command (not help) where command's parameters are
either missing or wrong, then the tool should return non-zero (failure). Now,
the 'usage' function caller is the one that passes the return status.
Sami Mujawar [Thu, 23 Apr 2020 08:28:37 +0000 (09:28 +0100)]
Fix makefile to build on a Windows host PC
The TF-A firmware build system is capable of building on both Unix like
and Windows host PCs. The commit ID 7ff088 "Enable MTE support" updated
the Makefile to conditionally enable the MTE support if the AArch64
architecture revision was greater than 8.5. However, the Makefile changes
were dependent on shell commands that are only available on unix shells,
resulting in build failures on a Windows host PC.
This patch fixes the Makefile by using a more portable approach for
comparing the architecture revision.
Change-Id: Icb56cbecd8af5b0b9056d105970ff4a6edd1755a Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
plat/arm: Add assert for the valid address of dtb information
Added assert in the code to check valid address of dtb information
structure retrieved from fw_config device tree.
This patch fixes coverity defect:360213.
Also, removed conditional calling of "fconf_populate" as "fconf_populate"
function already checks the validity of the device tree address received
and go to panic in case of address is NULL.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ib83e4e84a95e2456a12c7a2bb3fe70461d882cba
Samuel Holland [Sun, 29 Dec 2019 22:12:12 +0000 (16:12 -0600)]
allwinner: Disable NS access to PRCM power control registers
The non-secure world has no business accessing the CPU power switches in
the PRCM; those are handled by TF-A or the SCP. Only allow access to the
clock control part of the PRCM.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Change-Id: I657b97f4ea8a0073448ad3343fbc66ba168ed89e
Manish Pandey [Fri, 26 Jun 2020 13:59:38 +0000 (13:59 +0000)]
Merge changes Ib9c82b85,Ib348e097,I4dc315e4,I58a8ce44,Iebc03361, ... into integration
* changes:
plat: marvell: armada: a8k: add OP-TEE OS MMU tables
drivers: marvell: add support for mapping the entire LLC to SRAM
plat: marvell: armada: add LLC SRAM CCU setup for AP806/AP807 platforms
plat: marvell: armada: reduce memory size reserved for FIP image
plat: marvell: armada: platform definitions cleanup
plat: marvell: armada: a8k: check CCU window state before loading MSS BL2
drivers: marvell: add CCU driver API for window state checking
drivers: marvell: align and extend llc macros
plat: marvell: a8k: move address config of cp1/2 to BL2
plat: marvell: armada: re-enable BL32_BASE definition
plat: marvell: a8k: extend includes to take advantage of the phy_porting_layer
marvell: comphy: initialize common phy selector for AP mode
marvell: comphy: update rx_training procedure
plat: marvell: armada: configure amb for all CPs
plat: marvell: armada: modify PLAT_FAMILY name for 37xx SoCs
Andre Przywara [Thu, 25 Jun 2020 12:10:13 +0000 (13:10 +0100)]
arm_fpga: Fix MPIDR topology checks
The plat_core_pos_by_mpidr() implementation for the Arm FPGA port has
some issues, which leads to problems when matching GICv3 redistributors
with cores:
- The power domain tree was not taking multithreading into account, so
we ended up with the wrong mapping between MPIDRs and core IDs.
- Before even considering an MPIDR, we try to make sure Aff2 is 0.
Unfortunately this is the cluster ID when the MT bit is set.
- We mask off the MT bit in MPIDR, before basing decisions on it.
- When detecting the MT bit, we are properly calculating the thread ID,
but don't account for the shift in the core and cluster ID checks.
Those problems lead to early rejections of MPIDRs values, in particular
when called from the GIC code. As a result, CPU_ON for secondary cores
was failing for most of the cores.
Fix this by properly handling the MT bit in plat_core_pos_by_mpidr(),
also pulling in FPGA_MAX_PE_PER_CPU when populating the power domain
tree.
Change-Id: I71b2255fc0d27bfe5806511df479ab38e4e33fc4 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Merge changes from topic "fw_config_handoff" into integration
* changes:
doc: Update memory layout for firmware configuration area
plat/arm: Increase size of firmware configuration area
plat/arm: Load and populate fw_config and tb_fw_config
fconf: Handle error from fconf_load_config
plat/arm: Update the fw_config load call and populate it's information
fconf: Allow fconf to load additional firmware configuration
fconf: Clean confused naming between TB_FW and FW_CONFIG
tbbr/dualroot: Add fw_config image in chain of trust
cert_tool: Update cert_tool for fw_config image support
fiptool: Add fw_config in FIP
plat/arm: Rentroduce tb_fw_config device tree
Neoverse N1 erratum 1800710 is a Cat B erratum, present in older
revisions of the Neoverse N1 processor core. The workaround is to
set a bit in the ECTLR_EL1 system register, which disables allocation
of splintered pages in the L2 TLB.
This errata is explained in this SDEN:
https://static.docs.arm.com/sden885747/f/Arm_Neoverse_N1_MP050_Software_Developer_Errata_Notice_v21.pdf
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ie5b15c8bc3235e474a06a57c3ec70684361857a6
Cortex A77 erratum 1800714 is a Cat B erratum, present in older
revisions of the Cortex A77 processor core. The workaround is to
set a bit in the ECTLR_EL1 system register, which disables allocation
of splintered pages in the L2 TLB.
Since this is the first errata workaround implemented for Cortex A77,
this patch also adds the required cortex_a77_reset_func in the file
lib/cpus/aarch64/cortex_a77.S.
This errata is explained in this SDEN:
https://static.docs.arm.com/101992/0010/Arm_Cortex_A77_MP074_Software_Developer_Errata_Notice_v10.pdf
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I844de34ee1bd0268f80794e2d9542de2f30fd3ad
doc: Update memory layout for firmware configuration area
Captured the increase in firmware configuration area from
4KB to 8kB in memory layout document. Updated the documentation
to provide details about fw_config separately.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ifbec443ced479301be65827b49ff4fe447e9109f
plat/arm: Increase size of firmware configuration area
Increased the size of firmware configuration area to accommodate
all configs.
Updated maximum size of following bootloaders due to increase
in firmware configs size and addition of the code in the BL2.
1. Increased maximum size of BL2 for Juno platform in no
optimisation case.
2. Reduced maximum size of BL31 for fvp and Juno platform.
3. Reduced maximum size of BL32 for Juno platform.
Change-Id: Ifba0564df0d1fe86175bed9fae87fdcf013b1831 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
plat/arm: Load and populate fw_config and tb_fw_config
Modified the code to do below changes:
1. Load tb_fw_config along with fw_config by BL1.
2. Populate fw_config device tree information in the
BL1 to load tb_fw_config.
3. In BL2, populate fw_config information to retrieve
the address of tb_fw_config and then tb_fw_config
gets populated using retrieved address.
4. Avoid processing of configuration file in case of error
value returned from "fw_config_load" function.
5. Updated entrypoint information for BL2 image so
that it's arg0 should point to fw_config address.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: Ife6f7b673a074e7f544ee3d1bda7645fd5b2886c
laurenw-arm [Thu, 6 Feb 2020 17:42:18 +0000 (11:42 -0600)]
fconf: Extract Timer clock freq from HW_CONFIG dtb
Extract Timer clock frequency from the timer node in
HW_CONFIG dtb. The first timer is a per-core architected timer attached
to a GIC to deliver its per-processor interrupts via PPIs.
Redirect security incident report to TrustedFirmware.org
All projects under the TrustedFirmware.org project now use the same
security incident process, therefore update the disclosure/vulnerability
reporting information in the TF-A documentation.
------------------------------------------------------------------------
/!\ IMPORTANT /!\
Please note that the email address to send these reports to has changed.
Please do *not* use trusted-firmware-security@arm.com anymore.
Similarly, the PGP key provided to encrypt emails to the security email
alias has changed as well. Please do *not* use the former one provided
in the TF-A source tree. It is recommended to remove it from your
keyring to avoid any mistake. Please use the new key provided on
TrustedFirmware.org from now on.
------------------------------------------------------------------------
plat/arm: Update the fw_config load call and populate it's information
Modified the code to do below changes:
1. Migrates the Arm platforms to the API changes introduced in the
previous patches by fixing the fconf_load_config() call.
2. Retrieve dynamically the address of tb_fw_config using fconf
getter api which is subsequently used to write mbedTLS heap
address and BL2 hash data in the tb_fw_config DTB.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com> Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
Change-Id: I3c9d9345dcbfb99127c61d5589b4aa1532fbf4be
projects / arm-tf.git / log