Manish Pandey [Mon, 22 Jun 2020 14:24:31 +0000 (14:24 +0000)]
Merge changes from topic "scmi-msg" into integration
* changes:
drivers/scmi-msg: smt entry points for incoming messages
drivers/scmi-msg: support for reset domain protocol
drivers/scmi-msg: support for clock protocol
drivers/scmi-msg: driver for processing scmi messages
It is desired to have the peripheral writes completed to clear the
interrupt condition and de-assert the interrupt request to GIC before
EOI write. Failing which spurious interrupt will occurred.
A barrier is needed to ensure peripheral register write transfers are
complete before EOI is done.
GICv2 memory mapped DEVICE nGnR(n)E writes are ordered from core point
of view. However these writes may pass over different interconnects,
bridges, buffers leaving some rare chances for the actual write to
complete out of order.
GICv3 ICC EOI system register writes have no ordering against nGnR(n)E
memory writes as they are over different interfaces.
Hence a dsb can ensure from core no writes are issued before the previous
writes are *complete*.
Varun Wadekar [Wed, 3 Jun 2020 04:16:00 +0000 (21:16 -0700)]
Tegra: sanity check NS address and size before use
This patch updates the 'bl31_check_ns_address()' helper function to
check that the memory address and size passed by the NS world are not
zero.
The helper fucntion also returns the error code as soon as it detects
inconsistencies, to avoid multiple error paths from kicking in for the
same input parameters.
Varun Wadekar [Wed, 3 Jun 2020 04:08:38 +0000 (21:08 -0700)]
Tegra: memctrl_v2: fixup sequence to resize video memory
The previous sequence used by the driver to program the new memory
aperture settings and clear the non-overlapping memory was faulty.
The sequence locked the non-overlapping regions twice, leading to
faults when trying to clear it.
This patch modifies the sequence to follow these steps:
* move the previous memory region to a new firewall register
* program the new memory aperture settings
* clean the non-overlapping memory
This patch also maps the non-overlapping memory as Device memory to
follow guidance from the arch. team.
Manish Pandey [Wed, 17 Jun 2020 19:44:51 +0000 (19:44 +0000)]
Merge changes I80316689,I23cac4fb,If911e7de,I169ff358,I4e040cd5, ... into integration
* changes:
ddr: a80x0: add DDR 32-bit ECC mode support
ble: ap807: improve PLL configuration sequence
ble: ap807: clean-up PLL configuration sequence
ddr: a80x0: add DDR 32-bit mode support
plat: marvell: mci: perform mci link tuning for all mci interfaces
plat: marvell: mci: use more meaningful name for mci link tuning
plat: marvell: a8k: remove wrong or unnecessary comments
plat: marvell: ap807: enable snoop filter for ap807
plat: marvell: ap807: update configuration space of each CP
plat: marvell: ap807: use correct address for MCIx4 register
plat: marvell: add support for PLL 2.2GHz mode
plat: marvell: armada: make a8k_common.mk and mss_common.mk more generic
marvell: armada: add extra level in marvell platform hierarchy
drivers/scmi-msg: smt entry points for incoming messages
This change implements SCMI channels for reading a SCMI message from a
shared memory and call the SCMI message drivers to route the message
to the target platform services.
SMT refers to the shared memory management protocol which is used
to get/put message/response in shared memory. SMT is a 28byte header
stating shared memory state and exchanged protocol data.
The processing entry for a SCMI message can be a secure interrupt
or fastcall SMCCC invocation.
SMT description in this implementation is based on the OP-TEE
project [1] itself based in the SCP-firmware implementation [2].
drivers/scmi-msg: support for reset domain protocol
Adds SCMI reset domain protocol support in the SCMI message drivers
as defined in SCMI specification v2.0 [1]. Not all the messages
defined in the specification are supported.
scmi_msg_get_rd_handler() sanitizes the message_id value
against any speculative use of reset domain ID as a index since by
SCMI specification, IDs are indices.
This implementation is based on the OP-TEE project implementation [2]
itself based on the SCP-firmware implementation [3] of the SCMI
protocol server side.
Adds SCMI clock protocol support in the SCMI message drivers as
defined in SCMI specification v2.0 [1] for clock protocol messages.
Platform can provide one of the plat_scmi_clock_*() handler for the
supported operations set/get state/rate and others.
scmi_msg_get_clock_handler() sanitizes the message_id value
against any speculative use of clock ID as a index since by
SCMI specification, IDs are indices.
This implementation is based on the OP-TEE project implementation [2]
itself based on the SCP-firmware implementation [3] of the SCMI
protocol server side.
Etienne Carriere [Thu, 28 Nov 2019 08:13:34 +0000 (09:13 +0100)]
drivers/scmi-msg: driver for processing scmi messages
This change introduces drivers to allow a platform to create a basic
SCMI service and register handlers for client request (SCMI agent) on
system resources. This is the first piece of the drivers: an entry
function, the SCMI base protocol support and helpers for create
the response message.
With this change, scmi_process_message() is the entry function to
process an incoming SCMI message. The function expect the message
is already copied from shared memory into secure memory. The message
structure stores message reference and output buffer reference where
response message shall be stored.
scmi_process_message() calls the SCMI protocol driver according to
the protocol ID in the message. The SCMI protocol driver will call
defined platform handlers according to the message content.
This change introduces only the SCMI base protocol as defined in
SCMI specification v2.0 [1]. Not all the messages defined
in the specification are supported.
The SCMI message implementation is derived from the OP-TEE project [2]
itself based on the SCP-firmware implementation [3] of the SCMI protocol
server side.
Load address of tb_fw_config is incorrectly mentioned
in below device trees:
1. rdn1edge_fw_config.dts
2. tc0_fw_config.dts
Till now, tb_fw_config load-address is not being retrieved from
device tree and hence never exeprienced any issue for tc0 and
rdn1edge platform.
For tc0 and rdn1edge platform, Load-address of tb_fw_config should
be the SRAM base address + 0x300 (size of fw_config device tree)
Hence updated these platform's fw_config.dts accordingly to reflect
this load address change.
Change-Id: I2ef8b05d49be10767db31384329f516df11ca817 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Manish Pandey [Wed, 10 Jun 2020 15:19:53 +0000 (16:19 +0100)]
tbbr: add chain of trust for Secure Partitions
with sha 44f1aa8, support for Silicon Provider(SiP) owned Secure
Partition(SP) was added for dualroot CoT. This patch extends this
support for tbbr CoT.
Earlier tbbr CoT for SPs was left to avoid adding new image types in
TBBR which could possibly be seen as deviation from specification.
But with further discussions it is understood that TBBR being a
*minimal* set of requirements that can be extended as long as we don't
violate any of the musts, which is the case with adding SP support.
Varun Wadekar [Fri, 12 Jun 2020 17:11:28 +0000 (10:11 -0700)]
Prevent RAS register access from lower ELs
This patch adds a build config 'RAS_TRAP_LOWER_EL_ERR_ACCESS' to set
SCR_EL3.TERR during CPU boot. This bit enables trapping RAS register
accesses from EL1 or EL2 to EL3.
RAS_TRAP_LOWER_EL_ERR_ACCESS is disabled by default.
Varun Wadekar [Thu, 21 Mar 2019 15:23:05 +0000 (08:23 -0700)]
Tegra194: SiP: clear RAS corrected error records
This patch introduces a function ID to clear all the RAS error
records for corrected errors.
Per latest requirement, ARM RAS corrected errors will be reported to
lower ELs via interrupts and cleared via SMC. This patch provides
required function to clear RAS error status.
This patch also sets up all required RAS Corrected errors in order to
route RAS corrected errors to lower ELs.
Change-Id: I554ba1d0797b736835aa27824782703682c91e51 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com> Signed-off-by: David Pu <dpu@nvidia.com>
Philipp Tomsich [Wed, 5 Jul 2017 10:20:44 +0000 (12:20 +0200)]
rockchip: rk3368: fix PLAT_RK_CLST_TO_CPUID_SHIFT
The RK3368 has two clusters of 4 cores and it's cluster id starts at
bit 8 of the MPIDR. To convert from the cluster id (0 or 1) to the
lowest CPU-ID in the respective cluster, we thus need to shift by 6
(i.e. shift by 8 to extract the cluster-id and multiply by 4).
This change is required to ensure the PSCI support can index the
per-cpu entry-address array correctly.
Signed-off-by: Philipp Tomsich <philipp.tomsich@theobroma-systems.com> Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Change-Id: I64a76038f090a85a47067f09f750e96e3946e756
Varun Wadekar [Sun, 24 May 2020 23:26:22 +0000 (16:26 -0700)]
cpus: denver: disable cycle counter when event counting is prohibited
The Denver CPUs implement support for PMUv3 for ARMv8.1 and expect the
PMCR_EL0 to be saved in non-secure context.
This patch disables cycle counter when event counting is prohibited
immediately on entering the secure world to avoid leaking useful
information about the PMU counters. The context saving code later
saves the value of PMCR_EL0 to the non-secure world context.
plat/fvp: Add support for dynamic description of secure interrupts
Using the fconf framework, the Group 0 and Group 1 secure interrupt
descriptors are moved to device tree and retrieved in runtime. This
feature is enabled by the build flag SEC_INT_DESC_IN_FCONF.
Andre Przywara [Wed, 25 Mar 2020 15:50:38 +0000 (15:50 +0000)]
GICv3: GIC-600: Detect GIC-600 at runtime
The only difference between GIC-500 and GIC-600 relevant to TF-A is the
differing power management sequence.
A certain GIC implementation is detectable at runtime, for instance by
checking the IIDR register. Let's add that test before initiating the
GIC-600 specific sequence, so the code can be used on both GIC-600 and
GIC-500 chips alike, without deciding on a GIC chip at compile time.
This means that the GIC-500 "driver" is now redundant. To allow minimal
platform support, add a switch to disable GIC-600 support.
Change-Id: I17ea97d9fb05874772ebaa13e6678b4ba3415557 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Manish Pandey [Wed, 27 May 2020 21:40:10 +0000 (22:40 +0100)]
dualroot: add chain of trust for secure partitions
A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP)
owned Secure Partitions(SP). A similar support for Platform owned SP can
be added in future. The certificate is also protected against anti-
rollback using the trusted Non-Volatile counter.
To avoid deviating from TBBR spec, support for SP CoT is only provided
in dualroot.
Secure Partition content certificate is assigned image ID 31 and SP
images follows after it.
Manish Pandey [Mon, 8 Jun 2020 23:16:08 +0000 (23:16 +0000)]
Merge changes from topic "fix-agilex-initialization" into integration
* changes:
plat: intel: Additional instruction required to enable global timer
plat: intel: Fix CCU initialization for Agilex
plat: intel: Add FPGAINTF configuration to when configuring pinmux
plat: intel: set DRVSEL and SMPLSEL for DWMMC
plat: intel: Fix clock configuration bugs
Tien Hock Loh [Mon, 11 May 2020 08:11:55 +0000 (01:11 -0700)]
plat: intel: Fix CCU initialization for Agilex
The CCU initialization loop uses the wrong units, this fixes that. This
also fixes snoop filter register set bits should be used instead of
overwriting the register
Signed-off-by: Tien Hock Loh <tien.hock.loh@intel.com>
Change-Id: Ia15eeeae5569b00ad84120182170d353ee221b31
Hugh Cole-Baker [Mon, 8 Jun 2020 21:24:36 +0000 (22:24 +0100)]
rockchip: increase FDT buffer size
The size of buffer currently used to store the FDT passed from U-Boot as
a platform parameter is not large enough to store some RK3399 device
trees. The largest RK3399 device tree currently in U-Boot (for the
Pinebook Pro) is about 70KB in size when passed to TF-A, so increase the
buffer size to 128K which gives some headroom for possibly larger FDTs
in future.
Tien Hock Loh [Mon, 11 May 2020 08:11:23 +0000 (01:11 -0700)]
plat: intel: Fix clock configuration bugs
This fixes a few issues on the Agilex clock configuration:
- Set clock manager into boot mode before configuring clock
- Fix wrong divisor used when calculating vcocalib
- PLL sync configuration should be read and then written
- Wait PLL lock after PLL sync configuration is done
- Clear interrupt bits instead of set interrupt bits after configuration
Signed-off-by: Tien Hock Loh <tien.hock.loh@intel.com>
Change-Id: I54c1dc5fe9b102e3bbc1237a92d8471173b8af70
Manish Pandey [Fri, 22 May 2020 11:27:28 +0000 (12:27 +0100)]
cert_create: add SiP owned secure partitions support
Add support to generate certificate "sip-sp-cert" for Secure
Partitions(SP) owned by Silicon provider(SiP).
To avoid deviation from TBBR specification the support is only added for
dualroot CoT and not for TBBR CoT.
A single certificate file is generated containing hash of individual
packages. Maximum 8 secure partitions are supported.
Following new options added to cert_tool:
--sip-sp-cert --> SiP owned Secure Partition Content Certificate
--sp-pkg1 --> Secure Partition Package1 file
--sp-pkg2
.....
--sp-pkg8
Trusted world key pair is used for signing.
Going forward, this feature can be extended for Platfrom owned
Partitions, if required.
Manish Pandey [Mon, 8 Jun 2020 13:48:09 +0000 (14:48 +0100)]
plat/arm: do not include export header directly
As per "include/export/README", TF-A code should never include export
headers directly. Instead, it should include a wrapper header that
ensures the export header is included in the right manner.
"tbbr_img_def_exp.h" is directly included in TF-A code, this patch
replaces it with its wrapper header "tbbr_img_def.h".
Alex Leibovich [Sun, 10 Feb 2019 13:08:25 +0000 (15:08 +0200)]
ble: ap807: clean-up PLL configuration sequence
Remove pll powerdown from pll configuration sequence to improve
stability. Remove redundant cases, which no longer exist.
Also get rid of irrelevant definition of CPU_2200_DDR_1200_RCLK_1200,
which is not used by 806/807.
Change-Id: If911e7dee003dfb9a42fafd7ffe34662f026fd23 Signed-off-by: Alex Leibovich <alexl@marvell.com>
plat: marvell: mci: use more meaningful name for mci link tuning
The mci_initialize function name was misleading. The function itself
doesn't initialize MCI in general but performs MCI link tuning for
performance improvement.
Change-Id: I13094ad2235182a14984035bbe58013ebde84a7e Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
plat: marvell: ap807: update configuration space of each CP
By default all external CPs start with configuration address space set to
0xf200_0000. To overcome this issue, go in the loop and initialize the
CP one by one, using temporary window configuration which allows to access
each CP and update its configuration space according to decoding
windows scheme defined for each platform.
In case of cn9130 after this procedure bellow addresses will be used:
CP0 - f2000000
CP1 - f4000000
CP2 - f6000000
When the re-configuration is done there is need to restore previous
decoding window configuration(init_io_win).
Change-Id: I1a652bfbd0bf7106930a7a4e949094dc9078a981 Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
plat: marvell: armada: make a8k_common.mk and mss_common.mk more generic
As a preparation for upcoming support for CN9130 platform, which is
classified as OcteonTx2 product but inherits functionality from a8k,
allow to use a8k_common.mk and mss_common.mk from outside of
PLAT_FAMILY_BASE.
Above is done by introducing BOARD_DIR which needs to be set by each
platform, before including a8k_common.mk and mss_common.mk. This will
allow to use mentioned mk files not only for platforms located under
previously defined PLAT_FAMILY_BASE.
Change-Id: I22356c99bc0419a40ae11e42f37acd50943ea134 Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com>
marvell: armada: add extra level in marvell platform hierarchy
This commit is a preparation for upcoming support for OcteonTX and
OcteonTX2 product families. Armada platform related files (docs,
plat, include/plat) are moved to the new "armada" sub-folder.
Change-Id: Icf03356187078ad6a2e56c9870992be3ca4c9655 Signed-off-by: Grzegorz Jaszczyk <jaz@semihalf.com> Signed-off-by: Marcin Wojtas <mw@semihalf.com>
dts: stm32mp157c: fix etzpc node location in DTSI file
Fix etzpc node location in stm32mp157c DTSI file as requested during the
patch review. The comment was addressed then fixup change discarded while
rebasing.
Use ETZPC driver to configure secure aware interfaces to assign
them to non-secure world. Sp_min also configures BootROM resources
and SYSRAM to assign both to secure world only.
Define stm32mp15 SoC identifiers for the platform specific DECPROT
instances.
ETZPC stands for Extended TrustZone Protection Controller. It is a
resource conditional access device. It is mainly based on Arm TZPC.
ST ETZPC exposes memory mapped DECPROT cells to set access permissions
to SoC peripheral interfaces as I2C, SPI, DDR controllers, and some
of the SoC internal memories.
ST ETZPC exposes memory mapped TZMA cells to set access permissions
to some SoC internal memories.
Marcin Wojtas [Tue, 12 May 2020 16:19:33 +0000 (18:19 +0200)]
marvell: drivers: mochi: specify stream ID for SD/MMC
This patch enables the stream ID for the SD/MMC
controllers via dedicated unit register. Thanks to this
change it is possible to configure properly the
IOMMU in OS and use the SD/MMC interface in a guest
Virtual Machine.
Change-Id: I99cbd2c9882eb558ba01405d3d8a3e969f06e082 Signed-off-by: Marcin Wojtas <mw@semihalf.com> Signed-off-by: Tomasz Nowicki <tn@semihalf.com>
Marcin Wojtas [Tue, 2 Jun 2020 13:12:06 +0000 (15:12 +0200)]
marvell: a8k: enable BL31 cache by default
BL31_CACHE_DISABLE flag was introduced as a work-around
for the older SoC revisions. Since it is not relevant in the
newest versions, toggle it to be disabled by default.
One can still specify it by adding 'BL31_CACHE_DISABLE=1'
string to the build command.
Change-Id: I11b52dade3ff7f8ee643b8078c6e447c45946570 Signed-off-by: Marcin Wojtas <mw@semihalf.com>
Jimmy Brisson [Thu, 16 Apr 2020 15:48:02 +0000 (10:48 -0500)]
Enable ARMv8.6-ECV Self-Synch when booting to EL2
Enhanced Counter Virtualization, ECV, is an architecture extension introduced
in ARMv8.6. This extension allows the hypervisor, at EL2, to setup
self-synchronizing views of the timers for it's EL1 Guests. This patch pokes the
control register to enable this extension when booting a hypervisor at EL2.
Change-Id: I4e929ecdf400cea17eff1de5cf8704aa7e40973d Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Jimmy Brisson [Thu, 16 Apr 2020 15:47:56 +0000 (10:47 -0500)]
Enable ARMv8.6-FGT when booting to EL2
The Fine Grained Traps (FGT) architecture extension was added to aarch64 in
ARMv8.6. This extension primarily allows hypervisors, at EL2, to trap specific
instructions in a more fine grained manner, with an enable bit for each
instruction. This patch adds support for this extension by enabling the
extension when booting an hypervisor at EL2.
Change-Id: Idb9013ed118b6a1b7b76287237096de992ca4da3 Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Masahisa Kojima [Mon, 1 Jun 2020 20:54:13 +0000 (05:54 +0900)]
xlat_tables_v2: add base table section name parameter for spm_mm
Core spm_mm code expects the translation tables are located in the
inner & outer WBWA & shareable memory.
REGISTER_XLAT_CONTEXT2 macro is used to specify the translation
table section in spm_mm.
In the commit 363830df1c28e (xlat_tables_v2: merge
REGISTER_XLAT_CONTEXT_{FULL_SPEC,RO_BASE_TABLE}), REGISTER_XLAT_CONTEXT2
macro explicitly specifies the base xlat table goes into .bss by default.
This change affects the existing SynQuacer spm_mm implementation.
plat/socionext/synquacer/include/plat.ld.S linker script intends to
locate ".bss.sp_base_xlat_table" into "sp_xlat_table" section,
but this implementation is no longer available.
This patch adds the base table section name parameter for
REGISTER_XLAT_CONTEXT2 so that platform can specify the
inner & outer WBWA & shareable memory for spm_mm base xlat table.
If PLAT_SP_IMAGE_BASE_XLAT_SECTION_NAME is not defined, base xlat table
goes into .bss by default, the result is same as before.
Change-Id: Ie0e1a235e5bd4288dc376f582d6c44c5df6d31b2 Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
drivers: stm32_reset adapt interface to timeout argument
Changes stm32mp1 reset driver to API to add a timeout argument
to stm32mp_reset_assert() and stm32mp_reset_deassert() and
a return value.
With a supplied timeout, the functions wait the target reset state
is reached before returning. With a timeout of zero, the functions
simply load target reset state in SoC interface and return without
waiting.
Helper functions stm32mp_reset_set() and stm32mp_reset_release()
use a zero timeout and return without a return code.
Alexei Fedorov [Sat, 30 May 2020 16:33:26 +0000 (17:33 +0100)]
TF-A: Fix BL31 linker script error
The patch fixes BL31 linker script error
"Init code ends past the end of the stacks"
for platforms with number of CPUs less than 4,
which is caused by __STACKS_END__ address being
lower than __INIT_CODE_END__.
The modified BL31 linker script detects such cases
and increases the total amount of stack memory,
setting __STACKS_END__ = __INIT_CODE_END__, and
CPUs' stacks are calculated by BL31 'plat_get_my_stack'
function accordingly. For platforms with more than 4 CPUs
and __INIT_CODE_END__ < __STACKS_END__ stack memory does not
increase and allocated CPUs' stacks match the existing
implementation.
The patch removes exclusion of PSCI initialization
functions from the reclaimed .init section in
'arm_reclaim_init.ld.S' script, which increases the
size of reclaimed memory region.
As per the trustedfirmware.org Project Maintenance Process [1], the
current maintainers of the TF-A project have nominated some contributors
to become maintainers themselves. List them in the maintainers.rst file
to make this official.
projects / arm-tf.git / log