Andre Przywara [Sat, 25 Jan 2020 00:58:35 +0000 (00:58 +0000)]
pl011: Use generic console_t data structure
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: I7a23327394d142af4b293ea7ccd90b843c54587c Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Sat, 25 Jan 2020 00:58:35 +0000 (00:58 +0000)]
meson: Use generic console_t data structure
Since now the generic console_t structure holds the UART base address as
well, let's use that generic location and drop the UART driver specific
data structure at all.
Change-Id: I07a07677153d3671ced776671e4f107824d3df16 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Andre Przywara [Sat, 25 Jan 2020 00:54:38 +0000 (00:54 +0000)]
console: Integrate UART base address in generic console_t
*All* UART drivers in TF-A are storing their base address as a uintptr_t
pointer in the first location of the UART specific driver data.
Since the base address is a pretty natural and generic data item, we
should integrate this into the generic console_t structure.
That will not only allow to remove a lot of seemingly UART specific data
structures, but also enables to simplify runtime choices between different
UARTs, since they can share the same pointer.
This patch just adds the new member, the existing data structures will
be handled on a per-UART base in follow-up patches.
Change-Id: I59ce49471ccc8f3b870f2cfd8a72ebfd0cb14d12 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Varun Wadekar [Wed, 20 Jun 2018 00:07:08 +0000 (17:07 -0700)]
Tegra: spe: uninit console on a timeout
There are chances a denial-of-service attack, if an attacker
removes the SPE firmware from the system. The console driver
would end up waiting for the firmware to respond indefinitely.
The console driver must detect such scenarios and uninit the
interface as a result.
This patch adds a timeout to the interaction with the SPE
firmware and uninits the interface if it times out.
Varun Wadekar [Tue, 26 Jun 2018 23:07:50 +0000 (16:07 -0700)]
Tegra: handler to check support for System Suspend
Tegra210 SoCs need the sc7entry-fw to enter System Suspend mode,
but there might be certain boards that do not have this firmware
blob. To stop the NS world from issuing System suspend entry
commands on such devices, we ned to disable System Suspend from
the PSCI "features".
This patch removes the System suspend handler from the Tegra PSCI
ops, so that the framework will disable support for "System Suspend"
from the PSCI "features".
Original change by: kalyani chidambaram <kalyanic@nvidia.com>
Varun Wadekar [Wed, 20 Jun 2018 23:12:50 +0000 (16:12 -0700)]
Tegra: bpmp_ipc: improve cyclomatic complexity
Code complexity is a good indication of maintainability versus
testability of a piece of software.
ISO26262 introduces the following thresholds:
complexity < 10 is accepted
10 <= complexity < 20 has to be justified
complexity >= 20 cannot be accepted
Rationale is that number of test cases to fully test a piece of
software can (depending on the coverage metrics) grow exponentially
with the number of branches in the software.
This patch removes redundant conditionals from 'ipc_send_req_atomic'
handler to reduce the McCabe Cyclomatic Complexity for this function
Varun Wadekar [Wed, 20 Jun 2018 21:30:59 +0000 (14:30 -0700)]
Tegra: platform handler to relocate BL32 image
This patch provides platforms an opportunity to relocate the
BL32 image, during cold boot. Tegra186 platforms, for example,
relocate BL32 images to TZDRAM memory as the previous bootloader
relies on BL31 to do so.
Varun Wadekar [Wed, 20 Jun 2018 20:43:43 +0000 (13:43 -0700)]
Tegra: common: improve cyclomatic complexity
Code complexity is a good indication of maintainability versus
testability of a piece of software.
ISO26262 introduces the following thresholds:
complexity < 10 is accepted
10 <= complexity < 20 has to be justified
complexity >= 20 cannot be accepted
Rationale is that number of test cases to fully test a piece of
software can (depending on the coverage metrics) grow exponentially
with the number of branches in the software.
This patch removes redundant conditionals from 'bl31_early_platform_setup'
handler to reduce the McCabe Cyclomatic Complexity for this function.
This patch sets the "secure" bit to mark the PMC hardware block
as accessible only from the secure world. This setting must be
programmed during cold boot and System Resume.
The sc7entry-fw, running on the COP, needs access to the PMC block
to enter System Suspend state, so "unlock" the PMC block before
passing control to the COP.
Varun Wadekar [Mon, 18 Jun 2018 23:15:51 +0000 (16:15 -0700)]
Tegra: delay_timer: support for physical secure timer
This patch modifies the delay timer driver to switch to the ARM
secure physical timer instead of using Tegra's on-chip uS timer.
The secure timer is not accessible to the NS world and so eliminates
an important attack vector, where the Tegra timer source gets switched
off from the NS world leading to a DoS attack for the trusted world.
This timer is shared with the S-EL1 layer for now, but later patches
will mark it as exclusive to the EL3 exception mode.
Tegra194: memctrl: lock mc stream id security config
This patch locks most of the stream id security config registers as
per HW guidance.
This patch keeps the stream id configs unlocked for the following
clients, to allow some platforms to still function, until they make
the transition to the latest guidance.
Tegra210: resume PMC hardware block for all platforms
The PMC hardware block resume handler was called for Tegra210
platforms, only if the sc7entry-fw was present on the device.
This would cause problems for devices that do not support this
firmware.
This patch fixes this logic and resumes the PMC block even if
the sc7entry-fw is not present on the device.
Varun Wadekar [Wed, 13 Jun 2018 21:54:01 +0000 (14:54 -0700)]
Tegra: macro for legacy WDT FIQ handling
This patch adds the macro to enable legacy FIQ handling to the common
Tegra makefile. The default value of this macro is '0'. Platforms that
need this support should enable it from their makefiles.
This patch also helps fix violation of Rule 20.9.
Rule 20.9 "All identifiers used in the controlling expression of #if
of #elif preprocessing directives shall be #define'd before
evaluation"
The CPUACTLR_EL1 register on Cortex-A57 CPUs supports a bit to enable
non-cacheable streaming enhancement. Platforms can set this bit only
if their memory system meets the requirement that cache line fill
requests from the Cortex-A57 processor are atomic.
This patch adds support to enable higher performance non-cacheable load
forwarding for such platforms. Platforms must enable this support by
setting the 'A57_ENABLE_NONCACHEABLE_LOAD_FWD' flag from their
makefiles. This flag is disabled by default.
board/rdn1edge: use CREATE_SEQ helper macro to compare chip count
Use CREATE_SEQ helper macro to create sequence of valid chip counts
instead of manually creating the sequence. This allows a scalable
approach to increase the valid chip count sequence in the future.
Add `CREATE_SEQ` function to generate sequence of numbers starting from
1 to allow easy comparison of a user defined macro with non-zero
positive numbers.
Rui Silva [Wed, 9 Oct 2019 11:54:30 +0000 (12:54 +0100)]
corstone700: fdts: using DDR memory and XIP rootfs
This patch allows to use DDR address in memory node because on FPGA we
typically use DDR instead of shared RAM.
This patch also modifies the kernel arguments to allow the rootfs to be
mounted from a direct mapping of the QSPI NOR flash using the physmap
driver in the kernel. This allows to support CRAMFS XIP.
Zelalem [Wed, 12 Feb 2020 16:37:03 +0000 (10:37 -0600)]
coverity: fix MISRA violations
Fixes for the following MISRA violations:
- Missing explicit parentheses on sub-expression
- An identifier or macro name beginning with an
underscore, shall not be declared
- Type mismatch in BL1 SMC handlers and tspd_main.c
Mark Dykes [Tue, 18 Feb 2020 16:24:33 +0000 (16:24 +0000)]
Merge changes I4e95678f,Ia7c28704,I1bb04bb4,I93d96dca,I50aef5dd into integration
* changes:
Fix boot failures on some builds linked with ld.lld.
trusty: generic-arm64-smcall: Support gicr address
trusty: Allow gic base to be specified with GICD_BASE
trusty: Allow getting trusty memsize from BL32_MEM_SIZE instead of TSP_SEC_MEM_SIZE
Fix clang build if CC is not in the path.
Alexei Fedorov [Mon, 17 Feb 2020 13:38:35 +0000 (13:38 +0000)]
FVP: Fix BL31 load address and image size for RESET_TO_BL31=1
When TF-A is built with RESET_TO_BL31=1 option, BL31 is the
first image to be run and should have all the memory allocated
to it except for the memory reserved for Shared RAM at the start
of Trusted SRAM.
This patch fixes FVP BL31 load address and its image size for
RESET_TO_BL31=1 option. BL31 startup address should be set to
0x400_1000 and its maximum image size to the size of Trusted SRAM
minus the first 4KB of shared memory.
Loading BL31 at 0x0402_0000 as it is currently stated in
'\docs\plat\arm\fvp\index.rst' causes EL3 exception when the
image size gets increased (i.e. building with LOG_LEVEL=50)
but doesn't exceed 0x3B000 not causing build error.
The TBBR implementation extracts hashes from certificates and stores
them in static buffers. TF-A supports 3 variants of SHA right now:
SHA-256, SHA-384 and SHA-512. When support for SHA-512 was added in
commit 9a3088a5f509084e60d9c55bf53985c5ec4ca821 ("tbbr: Add build flag
HASH_ALG to let the user to select the SHA"), the hash buffers got
unconditionally increased from 51 to 83 bytes each. We can reduce that
space if we're using SHA-256 or SHA-384.
This saves some BSS space in both BL1 and BL2:
- BL1 with SHA-256: saving 168 bytes.
- BL1 with SHA-384: saving 80 bytes.
- BL2 with SHA-256: saving 384 bytes.
- BL2 with SHA-384: saving 192 bytes.
The TBBR implementation extracts public keys from certificates and
stores them in static buffers. DER-encoded ECDSA keys are only 91 bytes
each but were each allocated 294 bytes instead. Reducing the size of
these buffers saves 609 bytes of BSS in BL2 (294 - 91 = 203 bytes for
each of the 3 key buffers in use).
Also add a comment claryfing that key buffers are tailored on RSA key
sizes when both ECDSA and RSA keys are used.
Khandelwal [Wed, 29 Jan 2020 16:51:42 +0000 (16:51 +0000)]
Corstone700: add support for mhuv2 in arm TF-A
Note: This patch implements in-band messaging protocol only.
ARM has launched a next version of MHU i.e. MHUv2 with its latest
subsystems. The main change is that the MHUv2 is now a distributed IP
with different peripheral views (registers) for the sender and receiver.
Another main difference is that MHUv1 duplex channels are now split into
simplex/half duplex in MHUv2. MHUv2 has a configurable number of
communication channels. There is a capability register (MSG_NO_CAP) to
find out how many channels are available in a system.
The register offsets have also changed for STAT, SET & CLEAR registers
from 0x0, 0x8 & 0x10 in MHUv1 to 0x0, 0xC & 0x8 in MHUv2 respectively.
0x0 0x4 0x8 0xC 0x1F
------------------------....-----
| STAT | | | SET | | |
------------------------....-----
Transmit Channel
The MHU controller can request the receiver to wake-up and once the
request is removed, the receiver may go back to sleep, but the MHU
itself does not actively put a receiver to sleep.
So, in order to wake-up the receiver when the sender wants to send data,
the sender has to set ACCESS_REQUEST register first in order to wake-up
receiver, state of which can be detected using ACCESS_READY register.
ACCESS_REQUEST has an offset of 0xF88 & ACCESS_READY has an offset
of 0xF8C and are accessible only on any sender channel.
This patch adds necessary changes in a new file required to support the
latest MHUv2 controller. This patch also needs an update in DT binding
for ARM MHUv2 as we need a second register base (tx base) which would
be used as the send channel base.
XiaoDong Huang [Thu, 13 Feb 2020 06:11:31 +0000 (14:11 +0800)]
rockchip: fix definition of struct param_ddr_usage
In extreme cases, the number of secure regions is one more than
non-secure regions. So array "s_base" and "s_top"s size
in struct param_ddr_usage need to be adjust to "DDR_REGION_NR_MAX + 1".
Merge changes from topic "uniphier" into integration
* changes:
uniphier: make I/O register region configurable
uniphier: make PSCI related base address configurable
uniphier: make counter control base address configurable
uniphier: make UART base address configurable
uniphier: make pinmon base address configurable
uniphier: make NAND controller base address configurable
uniphier: make eMMC controller base address configurable
Fix topology description of cpus for DynamIQ based FVP
DynamIQ based designs have upto 8 CPUs in each cluster. This
patch fixes the device tree node which describes the topology
of the CPU for DynamIQ FVP Model.
corstone700: adding support for stack protector for the FVP
Adding support for generating a semi-random number required for
enabling building TF-A with stack protector support.
TF-A for corstone-700 may now be built using ENABLE_STACK_PROTECTOR=all
Change-Id: I03e1be1a8d4e4a822cf286f3b9ad4da4337ca765 Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Merge changes from topic "uniphier" into integration
* changes:
uniphier: extend boot device detection for future SoCs
uniphier: change block_addressing flag to bool
uniphier: change the return value type of .is_usb_boot() to bool
Arve Hjønnevåg [Fri, 7 Feb 2020 22:12:35 +0000 (14:12 -0800)]
Fix boot failures on some builds linked with ld.lld.
Pad the .rodata section to 16 bytes as ld.lld does not apply the ALIGN
statement on the .data section to the LMA. Fixes boot failure on builds
where the .rodata section happens to not be 16 bytes aligned.
Arve Hjønnevåg [Fri, 15 Nov 2019 22:25:43 +0000 (14:25 -0800)]
trusty: generic-arm64-smcall: Support gicr address
Add SMC_GET_GIC_BASE_GICR option to SMC_FC_GET_REG_BASE and
SMC_FC64_GET_REG_BASE calls for returning the base address of the gic
redistributor added in gic version 3.
Masahiro Yamada [Mon, 3 Feb 2020 09:40:37 +0000 (18:40 +0900)]
uniphier: change block_addressing flag to bool
The flag, uniphier_emmc_block_addressing, is boolean logic, so
"bool' is more suitable.
uniphier_emmc_is_over_2gb() is not boolean - it returns 1 / 0
depending on the card density, or a negative value on failure.
Rename it to make it less confusing.
Max Shvetsov [Tue, 11 Feb 2020 12:41:08 +0000 (12:41 +0000)]
Fixes ROTPK hash generation for ECDSA encryption
Forced hash generation used to always generate hash via RSA encryption.
This patch changes encryption based on ARM_ROTPK_LOCATION.
Also removes setting KEY_ALG based on ARM_ROTPL_LOCATION - there is no
relation between these two.
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: Id727d2ed06176a243719fd0adfa0cae26c325005
Olivier Deprez [Tue, 11 Feb 2020 08:34:47 +0000 (08:34 +0000)]
Merge changes from topic "spmd" into integration
* changes:
SPMD: enable SPM dispatcher support
SPMD: hook SPMD into standard services framework
SPMD: add SPM dispatcher based upon SPCI Beta 0 spec
SPMD: add support to run BL32 in TDRAM and BL31 in secure DRAM on Arm FVP
SPMD: add support for an example SPM core manifest
SPMD: add SPCI Beta 0 specification header file
Achin Gupta [Fri, 11 Oct 2019 14:49:00 +0000 (15:49 +0100)]
SPMD: hook SPMD into standard services framework
This patch adds support to initialise the SPM dispatcher as a standard
secure service. It also registers a handler for SPCI SMCs exported by
the SPM dispatcher.
Achin Gupta [Fri, 11 Oct 2019 14:41:16 +0000 (15:41 +0100)]
SPMD: add SPM dispatcher based upon SPCI Beta 0 spec
This patch adds a rudimentary SPM dispatcher component in EL3.
It does the following:
- Consumes the TOS_FW_CONFIG to determine properties of the SPM core
component
- Initialises the SPM core component which resides in the BL32 image
- Implements a handler for SPCI calls from either security state. Some
basic validation is done for each call but in most cases it is simply
forwarded as-is to the "other" security state.
Achin Gupta [Fri, 11 Oct 2019 14:15:19 +0000 (15:15 +0100)]
SPMD: add support to run BL32 in TDRAM and BL31 in secure DRAM on Arm FVP
This patch reserves and maps the Trusted DRAM for SPM core execution.
It also configures the TrustZone address space controller to run BL31
in secure DRAM.
Achin Gupta [Fri, 11 Oct 2019 13:54:48 +0000 (14:54 +0100)]
SPMD: add support for an example SPM core manifest
This patch repurposes the TOS FW configuration file as the manifest for
the SPM core component which will reside at the secure EL adjacent to
EL3. The SPM dispatcher component will use the manifest to determine how
the core component must be initialised. Routines and data structure to
parse the manifest have also been added.
Manish Pandey [Mon, 10 Feb 2020 13:32:43 +0000 (13:32 +0000)]
Merge changes from topics "rddaniel", "rdn1edge_dual" into integration
* changes:
plat/arm: add board support for rd-daniel platform
plat/arm/sgi: move GIC related constants to board files
platform/arm/sgi: add multi-chip mode parameter in HW_CONFIG dts
board/rdn1edge: add support for dual-chip configuration
drivers/arm/scmi: allow use of multiple SCMI channels
drivers/mhu: derive doorbell base address
plat/arm/sgi: include AFF3 affinity in core position calculation
plat/arm/sgi: add macros for remote chip device region
plat/arm/sgi: add chip_id and multi_chip_mode to platform variant info
plat/arm/sgi: move bl31_platform_setup to board file
Manish Pandey [Tue, 7 Jan 2020 17:05:28 +0000 (17:05 +0000)]
SPM: modify sptool to generate individual SP blobs
Currently sptool generates a single blob containing all the Secure
Partitions, with latest SPM implementation, it is desirable to have
individual blobs for each Secure Partition. It allows to leverage
packaging and parsing of SP on existing FIP framework. It also allows
SP packages coming from different sources.
This patch modifies sptool so that it takes number of SP payload pairs
as input and generates number of SP blobs instead of a single blob.
Each SP blob can optionally have its own header containing offsets and
sizes of different payloads along with a SP magic number and version.
It is also associated in FIP with a UUID, provided by SP owner.
projects / arm-tf.git / log