Alexei Fedorov [Fri, 13 Nov 2020 12:36:49 +0000 (12:36 +0000)]
TSP: Fix GCC 11.0.0 compilation error.
This patch fixes the following compilation error
reported by aarch64-none-elf-gcc 11.0.0:
bl32/tsp/tsp_main.c: In function 'tsp_smc_handler':
bl32/tsp/tsp_main.c:393:9: error: 'tsp_get_magic'
accessing 32 bytes in a region of size 16
[-Werror=stringop-overflow=]
393 | tsp_get_magic(service_args);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
bl32/tsp/tsp_main.c:393:9: note: referencing argument 1
of type 'uint64_t *' {aka 'long long unsigned int *'}
In file included from bl32/tsp/tsp_main.c:19:
bl32/tsp/tsp_private.h:64:6: note: in a call to function 'tsp_get_magic'
64 | void tsp_get_magic(uint64_t args[4]);
| ^~~~~~~~~~~~~
by changing declaration of tsp_get_magic function from
void tsp_get_magic(uint64_t args[4]);
to
uint128_t tsp_get_magic(void);
which returns arguments directly in x0 and x1 registers.
In bl32\tsp\tsp_main.c the current tsp_smc_handler()
implementation calls tsp_get_magic(service_args);
, where service_args array is declared as
uint64_t service_args[2];
and tsp_get_magic() in bl32\tsp\aarch64\tsp_request.S
copies only 2 registers in output buffer:
/* Store returned arguments to the array */
stp x0, x1, [x4, #0]
David Horstmann [Wed, 14 Oct 2020 14:17:49 +0000 (15:17 +0100)]
Use constant stack size with RECLAIM_INIT_CODE
Currently, when RECLAIM_INIT_CODE is set, the
stacks are scaled to ensure that the entirety
of the init section can be reclaimed as stack.
This causes an issue in lib/psci/aarch64/psci_helpers.S,
where the stack size is used for cache operations in
psci_do_pwrdown_cache_maintenance(). If the stacks
are scaled, then the PSCI code may fail to invalidate
some of the stack memory before power down.
Resizing stacks is also not good for stability in general,
since code that works with a small number of cores may
overflow the stack when the number of cores is increased.
Change to make every stack be PLATFORM_STACK_SIZE big,
and allow the total stack to be smaller than the
init section.
Any pages of the init section not reclaimed as
stack will be set to read-only and execute-never,
for security.
Change-Id: I10b3884981006431f2fcbec3864c81d4a8c246e8 Signed-off-by: David Horstmann <david.horstmann@arm.com>
Andre Przywara [Fri, 16 Oct 2020 17:19:03 +0000 (18:19 +0100)]
aarch64/arm: Add compiler barrier to barrier instructions
When issuing barrier instructions like DSB or DMB, we must make sure
that the compiler does not undermine out efforts to fence off
instructions. Currently the compiler is free to move the barrier
instruction around, in respect to former or later memory access
statements, which is not what we want.
Add a compiler barrier to the inline assembly statement in our
DEFINE_SYSOP_TYPE_FUNC macro, to make sure memory accesses are not
reordered by the compiler.
This is in line with Linux' definition:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm64/include/asm/barrier.h
Since those instructions share a definition, apart from DSB and DMB this
now also covers some TLBI instructions. Having a compiler barrier there
also is useful, although we probably have stronger barriers in place
already.
Change-Id: If6fe97b13a562643a643efc507cb4aad29daa5b6 Reported-by: Alexandru Elisei <alexandru.elisei@arm.com> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch is used to fix remaining non compliant code for Intel
SoCFPGA's mailbox and sip driver. These changes include:
- Change non-interface required uint32_t into unsigned int
- Change non-negative variable to unsigned int
- Remove obsolete variable initialization to 0
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I3a16c7621a5fc75eb614d97d72e44c86e7d53bf5
This patch is used to fix remaining non compliant code for Intel
SocFPGA's mailbox driver. These changes include:
- adding integer literal for unsigned constant
- fix non-boolean controlling expression
- add braces even on conditional single statement bodies
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I0f8fd96a3540f35ee102fd2f2369b76fa73e39e1
Change the main loop inside mailbox poll function from while(1) to a
retry counter named sdm_loop. This is to limit the maximum possible
looping of the function and prevent unexpected behaviour.
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I63afad958fe5f656f6333b60d5a8b4c0ada3b23d
Chee Hong Ang [Sun, 10 May 2020 16:40:18 +0000 (00:40 +0800)]
intel: mailbox: Read mailbox response even there is an error
Mailbox driver should read the response data if the response length
in the response header is non-zero even the response header indicates
error (non-zero).
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Change-Id: I928f705f43c0f46ac74b84428b830276cc4c9640
intel: common: Change how mailbox handles job id & buffer
This patch modifies several basic mailbox driver features to prepare for
FCS enablement:
- Job id management for asynchronous response
- SDM command buffer full
Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: I78168dfb6c521d70d9cba187356b7a3c8e9b62d2
Chee Hong Ang [Fri, 24 Apr 2020 13:51:00 +0000 (21:51 +0800)]
intel: clear 'PLAT_SEC_ENTRY' in early platform setup
Ensure 'PLAT_SEC_ENTRY' is cleared during early platform
setup. This is to prevent the slave CPU cores jump to the stale
entry point after warm reset when using U-Boot SPL as first
stage boot loader.
Signed-off-by: Chee Hong Ang <chee.hong.ang@intel.com>
Change-Id: I3294ce2f74aa691d0cf311fa30f27f9d4fb8800a
Richard Gong [Mon, 13 Apr 2020 14:40:43 +0000 (09:40 -0500)]
intel: SIP: increase FPGA_CONFIG_SIZE to 32 MB
Increase INTEL_SIP_SMC_FPGA_CONFIG_SIZE from 16 to 32MB. We need higher
pre-reserved memory size between Intel service layer and secure monitor
software so we can handle JIC file authorization.
Signed-off-by: Richard Gong <richard.gong@intel.com>
Change-Id: Ibab4e42e4b7b93a4cf741e60ec9439359ba0a64c
Varun Wadekar [Sat, 24 Oct 2020 02:29:31 +0000 (02:29 +0000)]
Merge changes I5ae9d08b,I5cbbd7eb,Idb389223 into integration
* changes:
plat: marvell: armada: Building ${DOIMAGETOOL} is only for a8k
plat: marvell: armada: Fix including plat/marvell/marvell.mk file
plat: marvell: armada: a3k: When WTP is empty do not define variables and targets which depends on it
Manish Pandey [Wed, 21 Oct 2020 21:14:42 +0000 (21:14 +0000)]
Merge changes from topic "tc0_sel2_spmc" into integration
* changes:
plat: tc0: Configure TZC with secure world regions
plat: tc0: Enable SPMC execution at S-EL2
plat: tc0: Add TZC DRAM1 region for SPMC and trusted OS
plat: arm: Make BL32_BASE platform dependent when SPD_spmd is enabled
plat: tc0: Disable SPE
Manish Pandey [Wed, 21 Oct 2020 21:03:14 +0000 (21:03 +0000)]
Merge changes from topic "tc0_sel2_spmc" into integration
* changes:
lib: el3_runtime: Fix SPE system registers in el2_sysregs_context
lib: el3_runtime: Conditionally save/restore EL2 NEVE registers
lib: el3_runtime: Fix aarch32 system registers in el2_sysregs_context
Pali Rohár [Wed, 21 Oct 2020 09:50:40 +0000 (11:50 +0200)]
plat: marvell: armada: Building ${DOIMAGETOOL} is only for a8k
Currently a3k target is misusing ${DOIMAGETOOL} target for building flash
and UART images. It is not used for building image tool.
So move ${DOIMAGETOOL} target from common marvell include file into a8k
include file and add correct invocation of ${MAKE} into a3k for building
flash and UART images.
Part of this change is also checks that MV_DDR_PATH for a3k was specified
by user as this option is required for building a3k flash and UART images.
plat: arm: Make BL32_BASE platform dependent when SPD_spmd is enabled
To support platforms without Trusted DRAM this patch defines
PLAT_ARM_SPMC_BASE and enables platform to use either Trusted DRAM or
DRAM region behind TZC.
lib: el3_runtime: Fix SPE system registers in el2_sysregs_context
Include EL2 registers related to SPE in EL2 context save/restore
routines if architecture supports it and platform wants to use these
features in Secure world.
lib: el3_runtime: Conditionally save/restore EL2 NEVE registers
Include EL2 registers related to Nested Virtualization in EL2 context
save/restore routines if architecture supports it and platform wants to
use these features in Secure world.
lib: el3_runtime: Fix aarch32 system registers in el2_sysregs_context
AArch64-only platforms do not implement AArch32 at EL1 and higher ELs.
In such cases the build option CTX_INCLUDE_AARCH32_REGS is set to 0.
So don't save/restore aarch32 system registers in el2_sysregs_context
save/restore routines if CTX_INCLUDE_AARCH32_REGS is set to 0.
Pali Rohár [Mon, 19 Oct 2020 15:10:11 +0000 (17:10 +0200)]
plat: marvell: armada: Fix including plat/marvell/marvell.mk file
Include file plat/marvell/marvell.mk for platform A3700 was included two
times. Once from file plat/marvell/armada/a3k/common/a3700_common.mk and
second time from common file plat/marvell/armada/common/marvell_common.mk.
It caused following warning every time was make called:
plat/marvell/marvell.mk:51: warning: overriding recipe for target 'mrvl_clean'
plat/marvell/marvell.mk:51: warning: ignoring old recipe for target 'mrvl_clean'
Change in this commit removes inclusion of plat/marvell/marvell.mk file in
common file plat/marvell/armada/common/marvell_common.mk. As a80x0 platform
needs this include file, add it also into a80x0 platform specific include
file lat/marvell/armada/a8k/common/a8k_common.mk.
Also moves inclusion of plat/marvell/marvell.mk file in a3700 platform file
plat/marvell/armada/a3k/common/a3700_common.mk at correct place. Global
plat/marvell/marvell.mk expects that variables DOIMAGEPATH and DOIMAGETOOL
are already defined, but it defines MARVELL_SECURE_BOOT variable which is
needed by plat/marvell/armada/a3k/common/a3700_common.mk.
There are no references to AARCH32, AARCH64 and
__ASSEMBLY__ macros in the TF-A code hence
removed the deprecated information mentioning about
these macros in the document.
Change-Id: I472ab985ca2e4173bae23ff7b4465a9b60bc82eb Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Pali Rohár [Thu, 8 Oct 2020 13:19:26 +0000 (15:19 +0200)]
plat: marvell: armada: Fix dependences for target fip
For building fip image it is not needed to build target mrvl_flash. This
fip image contains only bl2, bl31 and bl33 (u-boot.bin) images and
therefore it does not depend on Marvell wtmi and wtp A3700-utils.
So remove mrvl_flash dependency for fip target to allow building fip image
without need to build mrvl_flash and therefore specify and provide Marvell
wmi and wtp A3700-utils.
This changes fixes compilation of fip image for A3700 platform by command:
make CROSS_COMPILE=aarch64-linux-gnu- BL33=/path/u-boot/u-boot.bin \
DEBUG=0 LOG_LEVEL=0 USE_COHERENT_MEM=0 PLAT=a3700 fip
Marvell boot image can be still build by 'mrvl_flash' target.
Saurabh Gorecha [Wed, 14 Oct 2020 18:41:15 +0000 (00:11 +0530)]
plat:qti Mandate SMC implementaion and bug fix
implementation of SMC call SMCCC_ARCH_SOC_ID
adding debugging logs in mem assign call.
Checking range of param in mem_assign call is from CB_MEM_RAM
or CB_MEM_RESERVED.
Pali Rohár [Thu, 15 Oct 2020 11:50:28 +0000 (13:50 +0200)]
plat: marvell: armada: a3k: When WTP is empty do not define variables and targets which depends on it
Some of targets (e.g. mrvl_flash) depends on WTP build option. Other
targets (e.g. fip) can be build also without WTP build option as they do
not depend on it.
This change put all A3720 variables and targets which depends on WTP into
conditional if-endif section, so they are not defined when user has not
supplied WTP build option.
Target mrvl_flash is defined also when WTP was not specified and in this
case it just print error message to help user.
Variables which do not depend on WTP are moved to the top of
a3700_common.mk file.
Merge changes from topic "stm32mp1_plat_updates" into integration
* changes:
docs: update STM32MP1 with versions details
stm32mp1: get peripheral base address from a define
stm32mp1: add finished good variant in board identifier
Yann Gautier [Tue, 13 Oct 2020 09:27:05 +0000 (11:27 +0200)]
docs: update STM32MP1 with versions details
After introducing the new STM32MP1 SoC versions in patch [1], the
document describing STM32MP1 platform is updated with the information
given in the patch commit message.
Nicolas Le Bayon [Mon, 23 Sep 2019 09:18:32 +0000 (11:18 +0200)]
stm32mp1: add asserts in get_cpu_package() and get_part_number()
Change-Id: I2b702698d6be93da5ac86da1cbc98b3838315a5a Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com> Signed-off-by: Yann Gautier <yann.gautier@st.com>
Lionel Debieve [Fri, 17 May 2019 14:01:18 +0000 (16:01 +0200)]
stm32mp1: add support for new SoC profiles
Update to support new part numbers.
Add new STM32 MPUs Part = STM32MP151F, STM32MP153F, STM32MP157F,
STM32MP151D, STM32MP153D, STM32MP157D
The STM32MP1 series is available in 3 different lines which are pin-to-pin
compatible:
- STM32MP157: Dual Cortex-A7 cores, Cortex-M4 core @ 209 MHz,
3D GPU, DSI display interface and CAN FD
- STM32MP153: Dual Cortex-A7 cores, Cortex-M4 core @ 209 MHz
and CAN FD
- STM32MP151: Single Cortex-A7 core, Cortex-M4 core @ 209 MHz
Each line comes with a security option (cryptography & secure boot)
& a Cortex-A frequency option :
- A Basic + Cortex-A7 @ 650 MHz
- C Secure Boot + HW Crypto + Cortex-A7 @ 650 MHz
- D Basic + Cortex-A7 @ 800 MHz
- F Secure Boot + HW Crypto + Cortex-A7 @ 800 MHz
Remove useless variable in stm32mp_is_single_core().
stm32mp1: add finished good variant in board identifier
Update the board info with the new coding including the finished good
variant:
Board: MBxxxx Var<CPN>.<FG> Rev.<Rev>-<BOM>
The OTP 59 coding is:
bit [31:16] (hex) => MBxxxx
bit [15:12] (dec) => Variant CPN (1....15)
bit [11:8] (dec) => Revision board (index with A = 1, Z = 26)
bit [7:4] (dec) => Variant FG : finished good (NEW)
bit [3:0] (dec) => BOM (01, .... 255)
Change-Id: I4fbc0c84596419d1bc30d166311444ece1d9123f Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com> Signed-off-by: Yann Gautier <yann.gautier@st.com>
Jimmy Brisson [Tue, 4 Aug 2020 21:18:52 +0000 (16:18 -0500)]
Increase type widths to satisfy width requirements
Usually, C has no problem up-converting types to larger bit sizes. MISRA
rule 10.7 requires that you not do this, or be very explicit about this.
This resolves the following required rule:
bl1/aarch64/bl1_context_mgmt.c:81:[MISRA C-2012 Rule 10.7 (required)]<None>
The width of the composite expression "0U | ((mode & 3U) << 2U) | 1U |
0x3c0U" (32 bits) is less that the right hand operand
"18446744073709547519ULL" (64 bits).
This also resolves MISRA defects such as:
bl2/aarch64/bl2arch_setup.c:18:[MISRA C-2012 Rule 12.2 (required)]
In the expression "3U << 20", shifting more than 7 bits, the number
of bits in the essential type of the left expression, "3U", is
not allowed.
Further, MISRA requires that all shifts don't overflow. The definition of
PAGE_SIZE was (1U << 12), and 1U is 8 bits. This caused about 50 issues.
This fixes the violation by changing the definition to 1UL << 12. Since
this uses 32bits, it should not create any issues for aarch32.
This patch also contains a fix for a build failure in the sun50i_a64
platform. Specifically, these misra fixes removed a single and
instruction,
from the cm_setup_context function caused a relocation in
psci_cpus_on_start to require a linker-generated stub. This increased the
size of the .text section and caused an alignment later on to go over a
page boundary and round up to the end of RAM before placing the .data
section. This sectionn is of non-zero size and therefore causes a link
error.
The fix included in this reorders the functions during link time
without changing their ording with respect to alignment.
Change-Id: I76b4b662c3d262296728a8b9aab7a33b02087f16 Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Alexei Fedorov [Tue, 6 Oct 2020 14:54:12 +0000 (15:54 +0100)]
TF-A: Add HASH_ALG default value to defaults.mk
This patch adds default value of 'sha256' for HASH_ALG
build flag to 'make_helpers\defaults.mk', according to
'docs\getting_started\build-options.rst'.
This fixes Measured Boot driver error when TF-A uses
default HASH_ALG value and TPM_HASH_ALG is set to
sha384 or sha512.
In the function gicv2_set_spi_routing, the signed value proc_num is cast
to unsigned int before being compared to other unsigned values in two
assert calls. The value proc_num can be a negative value, and once the
negative value is cast to unsigned it becomes a very large number which
will trigger the assert. This patch changes the assert cast so that the
unsigned values are cast to signed instead, keeping the same functionality
but allowing proc_num to be negative.
This bug can be seen when running the SDEI RM_ANY routing mode test in
TFTF on the Juno platform.
This patch also makes the usage of the proc_num variable in other gicv2
functions more clear.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: If1b98eebb00bd9b73862e5e995e5e68c168170a6
Jimmy Brisson [Wed, 5 Aug 2020 18:44:05 +0000 (13:44 -0500)]
Don't return error information from console_flush
And from crash_console_flush.
We ignore the error information return by console_flush in _every_
place where we call it, and casting the return type to void does not
work around the MISRA violation that this causes. Instead, we collect
the error information from the driver (to avoid changing that API), and
don't return it to the caller.
Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1 Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
In heavy parallel builds, it has sometimes been seen issues with the
tool not generated before it was needed. Change some rules order and
dependency to solve that.
projects / arm-tf.git / log