refactor(sgi): rewrite address space size definitions
The value of the macro CSS_SGI_REMOTE_CHIP_MEM_OFFSET can be different
across all the Neoverse reference design platforms. This value depends
on the number of address bits used per chip. So let all platforms define
CSS_SGI_ADDR_BITS_PER_CHIP which specifies the number of address bits
used per chip.
In addition to this, reuse the definition of CSS_SGI_ADDR_BITS_PER_CHIP
for single chip platforms and CSS_SGI_REMOTE_CHIP_MEM_OFFSET for multi-
chip platforms to determine the maximum address space size. Also,
increase the RD-N2 multi-chip address space per chip from 4TB to 64TB.
The patch 8c980a4 created a 4KB shared region from the 32MB
Realm region for RMM-EL3 communication. But this meant that BL2
needs to map a region of 32MB - 4KB, which required more xlat
tables at runtime. This patch maps the entire 32MB region in BL2
which is more memory efficient in terms of xlat tables needed.
On STM32MP13, USART1 and USART2 addresses are 0x4C000000 and 0x4C001000.
Whereas on STM32MP15, the addresses were 0x5C000000 and 0x4000E000.
Use dedicated flags to choose the correct address, that could be use
for early or crash console.
Merge changes from topic "jas/rmm-el3-ifc" into integration
* changes:
docs(rmmd): document EL3-RMM Interfaces
feat(rmmd): add support to create a boot manifest
fix(rme): use RMM shared buffer for attest SMCs
feat(rmmd): add support for RMM Boot interface
Mark Brown [Mon, 9 May 2022 12:26:36 +0000 (13:26 +0100)]
feat(sme): fall back to SVE if SME is not there
Due to their interrelationship in the architecture the SVE and SME
features in TF-A are mutually exclusive. This means that a single binary
can't be shared between systems with and without SME if the system
without SME does support SVE, SVE will not be initialised so lower ELs
will run into trouble trying to use it. This unusual behaviour for TF-A
which normally gracefully handles situations where features are enabled
but not supported on the current hardware.
Address this by calling the SVE enable and disable functions if SME is
not supported rather than immediately exiting, these perform their own
feature checks so if neither SVE nor SME is supported behaviour is
unchanged.
Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I2c606202fa6c040069f44e29d36b5abb48391874
This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, among others, to pass a boot manifest to RMM. The buffer is
composed a single memory page be used by a later EL3 <-> RMM interface
by all CPUs.
The RMM boot manifest is not implemented by this patch.
In addition to that, this patch also enables support for RMM when
RESET_TO_BL31 is enabled.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I855cd4758ee3843eadd9fb482d70a6d18954d82a
feat(arm): forbid running RME-enlightened BL31 from DRAM
According to Arm CCA security model [1],
"Root world firmware, including Monitor, is the most trusted CCA
component on application PE. It enforces CCA security guarantees for
not just Realm world, but also for Secure world and for itself.
It is expected to be small enough to feasibly fit in on-chip memory,
and typically needs to be available early in the boot process when
only on-chip memory is available."
For these reasons, it is expected that "monitor code executes entirely
from on-chip memory."
This precludes usage of ARM_BL31_IN_DRAM for RME-enlightened firmware.
[1] Arm DEN0096 A.a, section 7.3 "Use of external memory by CCA".
Yann Gautier [Thu, 30 Jun 2022 09:33:27 +0000 (11:33 +0200)]
feat(stm32mp15): manage OP-TEE shared memory
On STM32MP15, there is currently an OP-TEE shared memory area at the end
of the DDR. But this area will in term be removed. To allow a smooth
transition, a new flag is added (STM32MP15_OPTEE_RSV_SHM). It reflects
the OP-TEE flag: CFG_CORE_RESERVED_SHM. The flag is enabled by default
(no behavior change). It will be set to 0 when OP-TEE is aligned, and
then later be removed.
Daniel Boulby [Thu, 9 Jun 2022 11:04:30 +0000 (12:04 +0100)]
fix(sptool): fix concurrency issue for SP packages
Add dependency between rules to generate SP packages and their dtb files
to ensure the dtb files are built before the sptool attempts to generate
the SP package.
Change-Id: I071806f4aa09f39132e3e1990c91d71dc9acd728 Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
* changes:
feat(synquacer): add FWU Multi Bank Update support
feat(synquacer): add TBBR support
feat(synquacer): add BL2 support
refactor(synquacer): move common source files
Jassi Brar [Mon, 23 May 2022 18:16:01 +0000 (13:16 -0500)]
feat(synquacer): add FWU Multi Bank Update support
Add FWU Multi Bank Update support. This reads the platform metadata
and update the FIP base address so that BL2 can load correct BL3X
based on the boot index.
Define the MBEDTLS_CHECK_RETURN_WARNING macro in mbedTLS configuration
file to get compile-time warnings for mbedTLS functions we call and do
not check the return value of. Right now, this does not flag anything
but it could help catching bugs in the future.
This was a new feature introduced in mbed TLS 2.28.0 release.
Manish Pandey [Fri, 24 Jun 2022 10:44:06 +0000 (12:44 +0200)]
Merge changes from topic "lw/cca_cot" into integration
* changes:
feat(arm): retrieve the right ROTPK for cca
feat(arm): add support for cca CoT
feat(arm): provide some swd rotpk files
build(tbbr): drive cert_create changes for cca CoT
refactor(arm): add cca CoT certificates to fconf
feat(fiptool): add cca, core_swd, plat cert in FIP
feat(cert_create): define the cca chain of trust
feat(cca): introduce new "cca" chain of trust
build(changelog): add new scope for CCA
refactor(fvp): increase bl2 size when bl31 in DRAM
Yann Gautier [Mon, 20 Jun 2022 09:43:17 +0000 (11:43 +0200)]
feat(stm32mp1): optionally use paged OP-TEE
STM32MP13 can encrypt the DDR. OP-TEE is then fully in DDR, and there
is no need for paged image on STM32MP13. The management of the paged
OP-TEE is made conditional, and will be kept only for STM32MP15.
Yann Gautier [Mon, 20 Jun 2022 09:24:22 +0000 (11:24 +0200)]
feat(optee): check paged_image_info
For OP-TEE without pager, the paged image may not be present in OP-TEE
header. We could then pass NULL for paged_image_info to the function
parse_optee_header(). It avoids creating a useless struct for that
non existing image. But we should then avoid assigning header_ep args
that depend on paged_image_info.
Yann Gautier [Tue, 21 Jun 2022 13:12:27 +0000 (15:12 +0200)]
fix(st-clock): correctly check ready bit
The function clk_oscillator_wait_ready() was wrongly checking the set
bit and not the ready bit. Correct that by using osc_data->gate_rdy_id
when calling _clk_stm32_gate_wait_ready().
Nishant Sharma [Tue, 30 Nov 2021 09:31:48 +0000 (09:31 +0000)]
feat(plat/arm/sgi): read isolated cpu mpid list from sds
Add support to read the list of isolated CPUs from SDS and publish this
list via the non-trusted firmware configuration file for the next stages
of boot software to use.
Isolated CPUs are those that are not to be used on the platform for
various reasons. The isolated CPU list is an array of MPID values of the
CPUs that have to be isolated.
Manish Pandey [Tue, 21 Jun 2022 12:11:47 +0000 (14:11 +0200)]
Merge changes from topic "mb/gic600-errata" into integration
* changes:
refactor(arm): update BL2 base address
refactor(nxp): use DPG0 mask from Arm GICv3 header
fix(gic600): implement workaround to forward highest priority interrupt
Nishant Sharma [Tue, 30 Nov 2021 09:38:46 +0000 (09:38 +0000)]
feat(board/rdn2): add a new 'isolated-cpu-list' property
Add a new property named 'isolated-cpu-list' to list the CPUs that are
to be isolated and not used by the platform. The data represented by
this property is formatted as below.
strutct isolated_cpu_mpid_list {
uint64_t count;
uint64_t mpid_list[MAX Number of PE];
}
Also, the property is pre-initialized to 0 to reserve space for the
property in the dtb. The data for this property is read from SDS and
updated during boot. The number of entries in this list is equal to the
maximum number of PEs present on the platform.
Manish Pandey [Tue, 21 Jun 2022 10:42:08 +0000 (12:42 +0200)]
Merge changes from topic "uart_segregation_v2" into integration
* changes:
feat(sgi): add page table translation entry for secure uart
feat(sgi): route TF-A logs via secure uart
feat(sgi): deviate from arm css common uart related definitions
Firmware buffer has already been mapped when loading 1D firmware,
so the same buffer address will be re-mapped when loading 2D
firmware. Move the buffer mapping to be out of load_fw().
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Idb29d504bc482a1e7ca58bc51bec09ffe6068324
Olivier Deprez [Wed, 15 Jun 2022 09:18:48 +0000 (11:18 +0200)]
feat(spm): add tpm event log node to spmc manifest
Add the TPM event log node to the SPMC manifest such that the TF-A
measured boot infrastructure fills the properties with event log address
for components measured by BL2 at boot time.
For a SPMC there is a particular interest with SP measurements.
In the particular case of Hafnium SPMC, the tpm event log node is not
yet consumed, but the intent is later to pass this information to an
attestation SP.
Rohit Mathew [Mon, 13 Dec 2021 15:40:25 +0000 (15:40 +0000)]
feat(sgi): route TF-A logs via secure uart
Route the boot, runtime and crash stage logs via secure UART port
instead of the existing use of non-secure UART. This aligns with the
security state the PE is in when logs are put out. In addition to this,
this allows consolidation of the UART related macros across all the
variants of the Neoverse reference design platforms.
Rohit Mathew [Mon, 13 Dec 2021 13:50:15 +0000 (13:50 +0000)]
feat(sgi): deviate from arm css common uart related definitions
The Neoverse reference design platforms will migrate to use different
set of secure and non-secure UART ports. This implies that the board
specific macros defined in the common Arm platform code will no longer
be usable for Neoverse reference design platforms.
In preparation for migrating to a different set of UART ports, add a
Neoverse reference design platform specific copy of the board
definitions. The value of these definitions will be changed in
subsequent patches.
fix(measured-boot): clear the entire digest array of Startup Locality event
According to TCG PC Client Platform Firmware Profile Specification
(Section 10.2.2, TCG_PCR_EVENT2 Structure, and 10.4.5 EV_NO_ACTION Event
Types), all EV_NO_ACTION events shall set TCG_PCR_EVENT2.digests to all
0x00's for each allocated Hash algorithm.
Right now, this is not enforced. Only part of the buffer is zeroed due
to the wrong macro being used for the size of the buffer in the clearing
operation (TPM_ALG_ID instead of TCG_DIGEST_SIZE). This could confuse
a TPM event log parser.
Also, add an assertion to ensure that the Event Log size is large enough
before writing the Event Log header.
Change-Id: I6d4bc3fb28fd10c227e33c8c7bb4a40b08c3fd5e Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
laurenw-arm [Tue, 31 May 2022 21:39:09 +0000 (16:39 -0500)]
refactor(measured-boot): mb algorithm selection
With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algorithms, so now there can be more than one hash algorithm in a build.
Therefore the logic for selecting the measured boot hash algorithm needs
to be updated and the coordination of algorithm selection added. This is
done by:
- Adding MBOOT_EL_HASH_ALG for Event Log to define the hash algorithm
to replace TPM_HASH_ALG, removing reference to TPM.
- Adding MBOOT_RSS_HASH_ALG for RSS to define the hash algorithm to
replace TPM_HASH_ALG.
- Coordinating MBOOT_EL_HASH_ALG and MBOOT_RSS_HASH_ALG to define the
Measured Boot configuration macros through defining
TF_MBEDTLS_MBOOT_USE_SHA512 to pull in SHA-512 support if either
backend requires a stronger algorithm than SHA-256.
Bipin Ravi [Wed, 8 Jun 2022 20:27:00 +0000 (15:27 -0500)]
fix(errata): workaround for Cortex-A77 erratum 2356587
Cortex-A77 erratum 2356587 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[0] of
CPUACTLR2_EL1 to force PLDW/PFRM ST to behave like PLD/PRFM LD and not
cause invalidations to other PE caches.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1152370/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I243cfd587bca06ffd2a7be5bce28f8d2c5e68230
Bipin Ravi [Tue, 14 Jun 2022 22:09:23 +0000 (17:09 -0500)]
fix(errata): workaround for Neoverse-V1 erratum 2372203
Neoverse-V1 erratum 2372203 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[40] of
CPUACTLR2_EL1 to disable folding of demand requests into older
prefetches with L2 miss requests outstanding.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401781/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ice8c2e5a0152972a35219c8245a2e07e646d0557
fix(measured-boot): fix verbosity level of RSS digests traces
Most traces displayed by log_measurement() use the INFO verbosity
level. Only the digests are unconditionally printed, regardless of
the verbosity level. As a result, when the verbosity level is set
lower than INFO (typically in release mode), only the digests are
printed, which look weird and out of context.
fix(gic600): implement workaround to forward highest priority interrupt
If the interrupt being targeted is released from the CPU before the
CLEAR command is sent to the CPU then a subsequent SET command may not
be delivered in a finite time. To workaround this, issue an unblocking
event by toggling GICR_CTLR.DPG* bits after clearing the cpu group
enable (EnableGrp* bits of GIC CPU interface register)
This fix is implemented as per the errata 2384374-part 2 workaround
mentioned here:
https://developer.arm.com/documentation/sden892601/latest/
Change-Id: I13926ceeb7740fa4c05cc5b43170e7ce49598f70 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Michal Simek [Wed, 15 Jun 2022 12:19:56 +0000 (14:19 +0200)]
fix(zynqmp): move bl31 with DEBUG=1 back to OCM
By default placing bl31 to addrexx 0x1000 is not good. Because this
location is used by U-Boot SPL. That's why move TF-A back to OCM where it
should be placed. BL31_BASE address exactly matches which requested address
for U-BOOT SPL boot flow.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Change-Id: I608c1b88baffec538c6ae528f057820e34971c4c
The cca chain of trust involves 3 root-of-trust public keys:
- The CCA components ROTPK.
- The platform owner ROTPK (PROTPK).
- The secure world ROTPK (SWD_ROTPK).
Use the cookie argument as a key ID for plat_get_rotpk_info() to return
the appropriate one.
When using the new cca chain of trust, a new root of trust key is needed
to authenticate the images belonging to the secure world. Provide a
development one to deploy this on Arm platforms.
This chain of trust is targeted at Arm CCA solutions and defines 3
independent signing domains:
1) CCA signing domain. The Arm CCA Security Model (Arm DEN-0096.A.a) [1]
refers to the CCA signing domain as the provider of CCA components
running on the CCA platform. The CCA signing domain might be independent
from other signing domains providing other firmware blobs.
The CCA platform is a collective term used to identify all hardware and
firmware components involved in delivering the CCA security guarantee.
Hence, all hardware and firmware components on a CCA enabled system that
a Realm is required to trust.
In the context of TF-A, this corresponds to BL1, BL2, BL31, RMM and
associated configuration files.
The CCA signing domain is rooted in the Silicon ROTPK, just as in the
TBBR CoT.
2) Non-CCA Secure World signing domain. This includes SPMC (and
associated configuration file) as the expected BL32 image as well as
SiP-owned secure partitions. It is rooted in a new SiP-owned key called
Secure World ROTPK, or SWD_ROTPK for short.
3) Platform owner signing domain. This includes BL33 (and associated
configuration file) and the platform owner's secure partitions. It is
rooted in the Platform ROTPK, or PROTPK.
Bipin Ravi [Wed, 8 Jun 2022 21:28:46 +0000 (16:28 -0500)]
fix(errata): workaround for Neoverse-V1 erratum 2294912
Neoverse-V1 erratum 2294912 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[0] of
CPUACTLR2_EL1 to force PLDW/PFRM ST to behave like PLD/PRFM LD and not
cause invalidations to other PE caches.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401781/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ia7afb4c42fe66b36fdf38a7d4281a0d168f68354
refactor(context mgmt): refactor EL2 context save and restore functions
This patch splits the el2_sysregs_context_save/restore functions
into multiple functions based on features. This will allow us to
selectively save and restore EL2 context registers based on
features enabled for a particular configuration.
For now feature build flags are used to decide which registers
to save and restore. The long term plan is to dynamically check
for features that are enabled and then save/restore registers
accordingly. Splitting el2_sysregs_context_save/restore functions
into smaller assembly functions makes that task easier. For more
information please take a look at:
https://trustedfirmware-a.readthedocs.io/en/latest/design_documents/context_mgmt_rework.html
Replay-protected memory block access is enabled by writing 0x3
to PARTITION_ACCESS (bit[2:0]). Instead the driver is using the
first boot partition, which does not provide any playback protection.
Additionally, it unconditionally activates the first boot partition,
potentially breaking boot for SoCs that consult boot partitions,
require boot ack or downgrading to an old bootloader if the first
partition happens to be the inactive one.
Also, neither enabling or disabling the RPMB observes the
PARTITION_SWITCH_TIME. As there are no in-tree users for these
functions, drop them for now until a properly functional implementation
is added. That one will likely share most code with the existing boot
partition switch, which doesn't suffer from the described issues.
Change-Id: Ia4a3f738f60a0dbcc33782f868cfbb1e1c5b664a Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Merge changes from topic "stm32mp-emmc-boot-fip" into integration
* changes:
feat(stm32mp1): extend STM32MP_EMMC_BOOT support to FIP format
refactor(mmc): replace magic value with new PART_CFG_BOOT_PARTITION_NO_ACCESS
refactor(mmc): export user/boot partition switch functions
projects / arm-tf.git / log