Merge "feat(handoff): enhance transfer list library" into integration
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index 091456d..b29c752 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -636,6 +636,10 @@
Cortex-A710 CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and
r2p1 of the CPU and is still open.
+- ``ERRATA_A710_2778471``: This applies errata 2778471 workaround to Cortex-A710
+ CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and r2p1 of the
+ CPU and is still open.
+
For Neoverse N2, the following errata build flags are defined :
- ``ERRATA_N2_2002655``: This applies errata 2002655 workaround to Neoverse-N2
@@ -757,6 +761,10 @@
CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and r2p1 of the
CPU and is still open.
+- ``ERRATA_X2_2778471``: This applies errata 2778471 workaround to Cortex-X2
+ CPU. This needs to be enabled for revisions r0p0, r1p0, r2p0 and r2p1 of the
+ CPU and it is still open.
+
For Cortex-X3, the following errata build flags are defined :
- ``ERRATA_X3_2070301``: This applies errata 2070301 workaround to the Cortex-X3
@@ -832,6 +840,12 @@
Cortex-A510 CPU. This needs to be applied to revision r0p0, r0p1, r0p2,
r0p3, r1p0, r1p1 and r1p2. It is fixed in r1p3.
+For Cortex-A520, the following errata build flags are defined :
+
+- ``ERRATA_A520_2630792``: This applies errata 2630792 workaround to
+ Cortex-A520 CPU. This needs to applied for revisions r0p0, r0p1 of the
+ CPU and is still open.
+
For Cortex-A715, the following errata build flags are defined :
- ``ERRATA_A715_2701951``: This applies erratum 2701951 workaround to Cortex-A715
diff --git a/drivers/renesas/common/io/io_rcar.c b/drivers/renesas/common/io/io_rcar.c
index 0c49ec9..66662c1 100644
--- a/drivers/renesas/common/io/io_rcar.c
+++ b/drivers/renesas/common/io/io_rcar.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, Renesas Electronics Corporation. All rights reserved.
+ * Copyright (c) 2015-2023, Renesas Electronics Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -84,6 +84,29 @@
#define RCAR_COUNT_LOAD_BL33 (2U)
#define RCAR_COUNT_LOAD_BL33X (3U)
+#define CHECK_IMAGE_AREA_CNT (7U)
+#define BOOT_BL2_ADDR (0xE6304000U)
+#define BOOT_BL2_LENGTH (0x19000U)
+
+typedef struct {
+ uintptr_t dest;
+ uintptr_t length;
+} addr_loaded_t;
+
+static addr_loaded_t addr_loaded[CHECK_IMAGE_AREA_CNT] = {
+ [0] = {BOOT_BL2_ADDR, BOOT_BL2_LENGTH},
+ [1] = {BL31_BASE, RCAR_TRUSTED_SRAM_SIZE},
+#ifndef SPD_NONE
+ [2] = {BL32_BASE, BL32_SIZE}
+#endif
+};
+
+#ifndef SPD_NONE
+static uint32_t addr_loaded_cnt = 3;
+#else
+static uint32_t addr_loaded_cnt = 2;
+#endif
+
static const plat_rcar_name_offset_t name_offset[] = {
{BL31_IMAGE_ID, 0U, RCAR_ATTR_SET_ALL(0, 0, 0)},
@@ -281,10 +304,11 @@
uintptr_t dram_start, dram_end;
uintptr_t prot_start, prot_end;
int32_t result = IO_SUCCESS;
+ int n;
- dram_start = legacy ? DRAM1_BASE : DRAM_40BIT_BASE;
+ dram_start = legacy ? DRAM1_NS_BASE : DRAM_40BIT_BASE;
- dram_end = legacy ? DRAM1_BASE + DRAM1_SIZE :
+ dram_end = legacy ? DRAM1_NS_BASE + DRAM1_NS_SIZE :
DRAM_40BIT_BASE + DRAM_40BIT_SIZE;
prot_start = legacy ? DRAM_PROTECTED_BASE : DRAM_40BIT_PROTECTED_BASE;
@@ -301,13 +325,54 @@
if (dst >= prot_start && dst < prot_end) {
ERROR("BL2: dst address is on the protected area.\n");
result = IO_FAIL;
+ goto done;
}
if (len > prot_start || (dst < prot_start && dst > prot_start - len)) {
ERROR("BL2: %s[%d] loaded data is on the protected area.\n",
__func__, __LINE__);
result = IO_FAIL;
+ goto done;
+ }
+
+ if (addr_loaded_cnt >= CHECK_IMAGE_AREA_CNT) {
+ ERROR("BL2: max loadable non secure images reached\n");
+ result = IO_FAIL;
+ goto done;
+ }
+
+ addr_loaded[addr_loaded_cnt].dest = dst;
+ addr_loaded[addr_loaded_cnt].length = len;
+ for (n = 0; n < addr_loaded_cnt; n++) {
+ /*
+ * Check if next image invades a previous loaded image
+ *
+ * IMAGE n: area from previous image: dest| IMAGE n |length
+ * IMAGE n+1: area from next image: dst | IMAGE n |len
+ *
+ * 1. check:
+ * | IMAGE n |
+ * | IMAGE n+1 |
+ * 2. check:
+ * | IMAGE n |
+ * | IMAGE n+1 |
+ * 3. check:
+ * | IMAGE n |
+ * | IMAGE n+1 |
+ */
+ if (((dst >= addr_loaded[n].dest) &&
+ (dst <= addr_loaded[n].dest + addr_loaded[n].length)) ||
+ ((dst + len >= addr_loaded[n].dest) &&
+ (dst + len <= addr_loaded[n].dest + addr_loaded[n].length)) ||
+ ((dst <= addr_loaded[n].dest) &&
+ (dst + len >= addr_loaded[n].dest + addr_loaded[n].length))) {
+ ERROR("BL2: next image overlap a previous image area.\n");
+ result = IO_FAIL;
+ goto done;
+ }
}
+ addr_loaded_cnt++;
+
done:
if (result == IO_FAIL) {
ERROR("BL2: Out of range : dst=0x%lx len=0x%lx\n", dst, len);
@@ -533,13 +598,6 @@
rcar_read_certificate((uint64_t) cert, &len, &dst);
- /* Baylibre: HACK */
- if (spec->offset == BL31_IMAGE_ID && len < RCAR_TRUSTED_SRAM_SIZE) {
- WARN("%s,%s\n", "r-car ignoring the BL31 size from certificate",
- "using RCAR_TRUSTED_SRAM_SIZE instead");
- len = RCAR_TRUSTED_SRAM_SIZE;
- }
-
current_file.partition = partition;
current_file.no_load = noload;
current_file.offset = offset;
diff --git a/include/lib/cpus/aarch64/cortex_a520.h b/include/lib/cpus/aarch64/cortex_a520.h
index 4176981..1c5f886 100644
--- a/include/lib/cpus/aarch64/cortex_a520.h
+++ b/include/lib/cpus/aarch64/cortex_a520.h
@@ -15,6 +15,11 @@
#define CORTEX_A520_CPUECTLR_EL1 S3_0_C15_C1_4
/*******************************************************************************
+ * CPU Auxiliary Control register 1 specific definitions.
+ ******************************************************************************/
+#define CORTEX_A520_CPUACTLR_EL1 S3_0_C15_C1_0
+
+/*******************************************************************************
* CPU Power Control register specific definitions
******************************************************************************/
#define CORTEX_A520_CPUPWRCTLR_EL1 S3_0_C15_C2_7
diff --git a/include/lib/cpus/aarch64/cortex_a710.h b/include/lib/cpus/aarch64/cortex_a710.h
index 432e17a..9df8d47 100644
--- a/include/lib/cpus/aarch64/cortex_a710.h
+++ b/include/lib/cpus/aarch64/cortex_a710.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -39,6 +39,11 @@
#define CORTEX_A710_CPUACTLR2_EL1_BIT_36 (ULL(1) << 36)
/*******************************************************************************
+ * CPU Auxiliary Control register 3 specific definitions.
+ ******************************************************************************/
+#define CORTEX_A710_CPUACTLR3_EL1 S3_0_C15_C1_2
+
+/*******************************************************************************
* CPU Auxiliary Control register 5 specific definitions.
******************************************************************************/
#define CORTEX_A710_CPUACTLR5_EL1 S3_0_C15_C8_0
diff --git a/include/lib/cpus/aarch64/cortex_x2.h b/include/lib/cpus/aarch64/cortex_x2.h
index 863b8c8..0f97b1e 100644
--- a/include/lib/cpus/aarch64/cortex_x2.h
+++ b/include/lib/cpus/aarch64/cortex_x2.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -28,6 +28,11 @@
#define CORTEX_X2_CPUECTLR2_EL1_PF_MODE_CNSRV ULL(0x9)
/*******************************************************************************
+ * CPU Auxiliary Control register 3 specific definitions.
+ ******************************************************************************/
+#define CORTEX_X2_CPUACTLR3_EL1 S3_0_C15_C1_2
+
+/*******************************************************************************
* CPU Power Control register specific definitions
******************************************************************************/
#define CORTEX_X2_CPUPWRCTLR_EL1 S3_0_C15_C2_7
diff --git a/lib/cpus/aarch64/cortex_a520.S b/lib/cpus/aarch64/cortex_a520.S
index 6c2f33e..92f13f4 100644
--- a/lib/cpus/aarch64/cortex_a520.S
+++ b/lib/cpus/aarch64/cortex_a520.S
@@ -21,6 +21,11 @@
#error "Cortex A520 supports only AArch64. Compile with CTX_INCLUDE_AARCH32_REGS=0"
#endif
+workaround_reset_start cortex_a520, ERRATUM(2630792), ERRATA_A520_2630792
+ sysreg_bit_set CORTEX_A520_CPUACTLR_EL1, BIT(38)
+workaround_reset_end cortex_a520, ERRATUM(2630792)
+
+check_erratum_ls cortex_a520, ERRATUM(2630792), CPU_REV(0, 1)
/* ----------------------------------------------------
* HW will do the cache maintenance while powering down
* ----------------------------------------------------
diff --git a/lib/cpus/aarch64/cortex_a710.S b/lib/cpus/aarch64/cortex_a710.S
index f3931d7..b99fbb3 100644
--- a/lib/cpus/aarch64/cortex_a710.S
+++ b/lib/cpus/aarch64/cortex_a710.S
@@ -193,6 +193,12 @@
check_erratum_ls cortex_a710, ERRATUM(2768515), CPU_REV(2, 1)
+workaround_reset_start cortex_a710, ERRATUM(2778471), ERRATA_A710_2778471
+ sysreg_bit_set CORTEX_A710_CPUACTLR3_EL1, BIT(47)
+workaround_reset_end cortex_a710, ERRATUM(2778471)
+
+check_erratum_ls cortex_a710, ERRATUM(2778471), CPU_REV(2, 1)
+
workaround_reset_start cortex_a710, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
#if IMAGE_BL31
/*
diff --git a/lib/cpus/aarch64/cortex_x2.S b/lib/cpus/aarch64/cortex_x2.S
index 258288c..d018182 100644
--- a/lib/cpus/aarch64/cortex_x2.S
+++ b/lib/cpus/aarch64/cortex_x2.S
@@ -133,6 +133,12 @@
check_erratum_ls cortex_x2, ERRATUM(2768515), CPU_REV(2, 1)
+workaround_reset_start cortex_x2, ERRATUM(2778471), ERRATA_X2_2778471
+ sysreg_bit_set CORTEX_X2_CPUACTLR3_EL1, BIT(47)
+workaround_reset_end cortex_x2, ERRATUM(2778471)
+
+check_erratum_ls cortex_x2, ERRATUM(2778471), CPU_REV(2, 1)
+
workaround_reset_start cortex_x2, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
#if IMAGE_BL31
/*
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index bbf44b4..68d6ef8 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk
@@ -625,6 +625,11 @@
# still open.
CPU_FLAG_LIST += ERRATA_A710_2768515
+# Flag to apply erratum 2778471 workaround during reset. This erratum applies
+# to revisions r0p0, r1p0, r2p0, r2p1 of the Cortex-A710 cpu and is still
+# open.
+CPU_FLAG_LIST += ERRATA_A710_2778471
+
# Flag to apply erratum 2002655 workaround during reset. This erratum applies
# to revisions r0p0 of the Neoverse-N2 cpu and is fixed in r0p1.
CPU_FLAG_LIST += ERRATA_N2_2002655
@@ -760,6 +765,10 @@
# still open.
CPU_FLAG_LIST += ERRATA_X2_2768515
+# Flag to apply erratum 2778471 workaround during reset. This erratum applies
+# to revisions r0p0, r1p0, r2p0, r2p1 of the Cortex-X2 cpu and it is still open.
+CPU_FLAG_LIST += ERRATA_X2_2778471
+
# Flag to apply erratum 2070301 workaround on reset. This erratum applies
# to revisions r0p0, r1p0, r1p1 and r1p2 of the Cortex-X3 cpu and is
# still open.
@@ -834,6 +843,10 @@
# Cortex-A510 cpu and is fixed in r1p3.
CPU_FLAG_LIST += ERRATA_A510_2684597
+# Flag to apply erratum 2630792 workaround during reset. This erratum applies
+# to revisions r0p0, r0p1 of the Cortex-A520 cpu and is still open.
+CPU_FLAG_LIST += ERRATA_A520_2630792
+
# Flag to apply erratum 2331132 workaround during reset. This erratum applies
# to revisions r0p0, r0p1 and r0p2. It is still open.
CPU_FLAG_LIST += ERRATA_V2_2331132
diff --git a/plat/renesas/common/bl2_secure_setting.c b/plat/renesas/common/bl2_secure_setting.c
index 2f8b001..297b1a9 100644
--- a/plat/renesas/common/bl2_secure_setting.c
+++ b/plat/renesas/common/bl2_secure_setting.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, Renesas Electronics Corporation. All rights reserved.
+ * Copyright (c) 2015-2023, Renesas Electronics Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -107,8 +107,10 @@
/*
* Security group 0 attribute setting for master ports 3
* Security group 1 attribute setting for master ports 3
- * {SEC_GRP0CR3, 0x00000000U},
- * {SEC_GRP1CR3, 0x00000000U},
+ */
+ { SEC_GRP0CR3, 0x00003780U },
+ { SEC_GRP1CR3, 0x00003780U },
+ /*
* Security group 0 attribute setting for slave ports 0
* Security group 1 attribute setting for slave ports 0
* {SEC_GRP0COND0, 0x00000000U},
@@ -259,10 +261,51 @@
};
/* AXI settings */
-static const struct {
+struct axi_t {
uint32_t reg;
uint32_t val;
-} axi[] = {
+};
+
+static const struct axi_t axi[] = {
+ /*
+ * SRAM ptotection
+ * AXI sram protected area division
+ */
+ {AXI_SPTDIVCR0, 0x0E0E6304U},
+ {AXI_SPTDIVCR1, 0x0E0E6360U},
+ {AXI_SPTDIVCR2, 0x0E0E6360U},
+ {AXI_SPTDIVCR3, 0x0E0E6360U},
+ {AXI_SPTDIVCR4, 0x0E0E6360U},
+ {AXI_SPTDIVCR5, 0x0E0E6360U},
+ {AXI_SPTDIVCR6, 0x0E0E6360U},
+ {AXI_SPTDIVCR7, 0x0E0E6360U},
+ {AXI_SPTDIVCR8, 0x0E0E6360U},
+ {AXI_SPTDIVCR9, 0x0E0E6360U},
+ {AXI_SPTDIVCR10, 0x0E0E6360U},
+ {AXI_SPTDIVCR11, 0x0E0E6360U},
+ {AXI_SPTDIVCR12, 0x0E0E6360U},
+ {AXI_SPTDIVCR13, 0x0E0E6360U},
+ {AXI_SPTDIVCR14, 0x0E0E6360U},
+ /* AXI sram protected area setting */
+ {AXI_SPTCR0, 0x0E000E0EU},
+ {AXI_SPTCR1, 0x0E000000U},
+ {AXI_SPTCR2, 0x0E000000U},
+ {AXI_SPTCR3, 0x0E000000U},
+ {AXI_SPTCR4, 0x0E000000U},
+ {AXI_SPTCR5, 0x0E000000U},
+ {AXI_SPTCR6, 0x0E000000U},
+ {AXI_SPTCR7, 0x0E000000U},
+ {AXI_SPTCR8, 0x0E000000U},
+ {AXI_SPTCR9, 0x0E000000U},
+ {AXI_SPTCR10, 0x0E000000U},
+ {AXI_SPTCR11, 0x0E000000U},
+ {AXI_SPTCR12, 0x0E000000U},
+ {AXI_SPTCR13, 0x0E000000U},
+ {AXI_SPTCR14, 0x0E000000U},
+ {AXI_SPTCR15, 0x0E000000U}
+};
+
+static const struct axi_t axi_dram[] = {
/*
* DRAM protection
* AXI dram protected area division
@@ -299,41 +342,7 @@
{AXI_DPTCR13, 0x0E000000U},
{AXI_DPTCR14, 0x0E000000U},
{AXI_DPTCR15, 0x0E000000U},
- /*
- * SRAM ptotection
- * AXI sram protected area division
- */
- {AXI_SPTDIVCR0, 0x0E0E6304U},
- {AXI_SPTDIVCR1, 0x0E0E6360U},
- {AXI_SPTDIVCR2, 0x0E0E6360U},
- {AXI_SPTDIVCR3, 0x0E0E6360U},
- {AXI_SPTDIVCR4, 0x0E0E6360U},
- {AXI_SPTDIVCR5, 0x0E0E6360U},
- {AXI_SPTDIVCR6, 0x0E0E6360U},
- {AXI_SPTDIVCR7, 0x0E0E6360U},
- {AXI_SPTDIVCR8, 0x0E0E6360U},
- {AXI_SPTDIVCR9, 0x0E0E6360U},
- {AXI_SPTDIVCR10, 0x0E0E6360U},
- {AXI_SPTDIVCR11, 0x0E0E6360U},
- {AXI_SPTDIVCR12, 0x0E0E6360U},
- {AXI_SPTDIVCR13, 0x0E0E6360U},
- {AXI_SPTDIVCR14, 0x0E0E6360U},
/* AXI sram protected area setting */
- {AXI_SPTCR0, 0x0E000E0EU},
- {AXI_SPTCR1, 0x0E000000U},
- {AXI_SPTCR2, 0x0E000000U},
- {AXI_SPTCR3, 0x0E000000U},
- {AXI_SPTCR4, 0x0E000000U},
- {AXI_SPTCR5, 0x0E000000U},
- {AXI_SPTCR6, 0x0E000000U},
- {AXI_SPTCR7, 0x0E000000U},
- {AXI_SPTCR8, 0x0E000000U},
- {AXI_SPTCR9, 0x0E000000U},
- {AXI_SPTCR10, 0x0E000000U},
- {AXI_SPTCR11, 0x0E000000U},
- {AXI_SPTCR12, 0x0E000000U},
- {AXI_SPTCR13, 0x0E000000U},
- {AXI_SPTCR14, 0x0E000000U},
{AXI_SPTCR15, 0x0E000000U}
};
@@ -345,7 +354,7 @@
mmio_write_32(lifec[i].reg, lifec[i].val);
}
-/* SRAM/DRAM protection setting */
+/* SRAM protection setting */
static void axi_security_setting(void)
{
uint32_t i;
@@ -354,6 +363,15 @@
mmio_write_32(axi[i].reg, axi[i].val);
}
+/* DRAM protection setting */
+void bl2_ram_security_setting_finish(void)
+{
+ uint32_t i;
+
+ for (i = 0; i < ARRAY_SIZE(axi_dram); i++)
+ mmio_write_32(axi_dram[i].reg, axi_dram[i].val);
+}
+
void bl2_secure_setting(void)
{
lifec_security_setting();
diff --git a/plat/renesas/common/include/platform_def.h b/plat/renesas/common/include/platform_def.h
index ab071ec..8178f3a 100644
--- a/plat/renesas/common/include/platform_def.h
+++ b/plat/renesas/common/include/platform_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, Renesas Electronics Corporation. All rights reserved.
+ * Copyright (c) 2015-2023, Renesas Electronics Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -144,7 +144,8 @@
******************************************************************************/
#ifndef SPD_NONE
#define BL32_BASE U(0x44100000)
-#define BL32_LIMIT (BL32_BASE + U(0x200000))
+#define BL32_SIZE U(0x200000)
+#define BL32_LIMIT (BL32_BASE + BL32_SIZE)
#endif
/*******************************************************************************
@@ -152,7 +153,8 @@
******************************************************************************/
#define BL33_BASE DRAM1_NS_BASE
#define BL33_COMP_SIZE U(0x200000)
-#define BL33_COMP_BASE (BL33_BASE - BL33_COMP_SIZE)
+#define BL33_DECOMP_SIZE (BL33_COMP_SIZE * 32)
+#define BL33_COMP_BASE (BL33_BASE + BL33_DECOMP_SIZE)
/*******************************************************************************
* Platform specific page table and MMU setup constants
diff --git a/plat/renesas/common/include/rcar_def.h b/plat/renesas/common/include/rcar_def.h
index 2cd26ed..f1c2553 100644
--- a/plat/renesas/common/include/rcar_def.h
+++ b/plat/renesas/common/include/rcar_def.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, Renesas Electronics Corporation. All rights reserved.
+ * Copyright (c) 2015-2023, Renesas Electronics Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -31,7 +31,7 @@
#define DRAM_LIMIT ULL(0x0000010000000000)
#define DRAM1_BASE U(0x40000000)
#define DRAM1_SIZE U(0x80000000)
-#define DRAM1_NS_BASE (DRAM1_BASE + U(0x10000000))
+#define DRAM1_NS_BASE (DRAM1_BASE + U(0x08000000))
#define DRAM1_NS_SIZE (DRAM1_SIZE - DRAM1_NS_BASE)
#define DRAM_40BIT_BASE ULL(0x0400000000)
#define DRAM_40BIT_SIZE ULL(0x0400000000)
diff --git a/plat/renesas/rcar/bl2_plat_setup.c b/plat/renesas/rcar/bl2_plat_setup.c
index 81ee93e..cf77da2 100644
--- a/plat/renesas/rcar/bl2_plat_setup.c
+++ b/plat/renesas/rcar/bl2_plat_setup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2021, Renesas Electronics Corporation. All rights reserved.
+ * Copyright (c) 2018-2023, Renesas Electronics Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -68,6 +68,7 @@
extern void bl2_enter_bl31(const struct entry_point_info *bl_ep_info);
extern void bl2_system_cpg_init(void);
extern void bl2_secure_setting(void);
+extern void bl2_ram_security_setting_finish(void);
extern void bl2_cpg_init(void);
extern void rcar_io_emmc_setup(void);
extern void rcar_io_setup(void);
@@ -417,44 +418,61 @@
}
#endif
-int bl2_plat_handle_pre_image_load(unsigned int image_id)
+static uint64_t check_secure_load_area(uintptr_t base, uint32_t size,
+ uintptr_t dest, uint32_t len)
{
- u_register_t *boot_kind = (void *) BOOT_KIND_BASE;
- bl_mem_params_node_t *bl_mem_params;
+ uintptr_t free_end, requested_end;
- bl_mem_params = get_bl_mem_params_node(image_id);
-
-#if RCAR_GEN3_BL33_GZIP == 1
- if (image_id == BL33_IMAGE_ID) {
- image_decompress_prepare(&bl_mem_params->image_info);
+ /*
+ * Handle corner cases first.
+ *
+ * The order of the 2 tests is important, because if there's no space
+ * left (i.e. free_size == 0) but we don't ask for any memory
+ * (i.e. size == 0) then we should report that the memory is free.
+ */
+ if (len == 0U) {
+ WARN("BL2: load data size is zero\n");
+ return 0; /* A zero-byte region is always free */
}
-#endif
-
- if (image_id != BL31_IMAGE_ID)
- return 0;
-
- if (is_ddr_backup_mode() == RCAR_COLD_BOOT)
- goto cold_boot;
-
- *boot_kind = RCAR_WARM_BOOT;
- flush_dcache_range(BOOT_KIND_BASE, sizeof(*boot_kind));
+ if (size == 0U) {
+ goto err;
+ }
- console_flush();
- bl2_plat_flush_bl31_params();
+ /*
+ * Check that the end addresses don't overflow.
+ * If they do, consider that this memory region is not free, as this
+ * is an invalid scenario.
+ */
+ if (check_uptr_overflow(base, size - 1U)) {
+ goto err;
+ }
+ free_end = base + (size - 1U);
- /* will not return */
- bl2_enter_bl31(&bl_mem_params->ep_info);
+ if (check_uptr_overflow(dest, len - 1U)) {
+ goto err;
+ }
+ requested_end = dest + (len - 1U);
-cold_boot:
- *boot_kind = RCAR_COLD_BOOT;
- flush_dcache_range(BOOT_KIND_BASE, sizeof(*boot_kind));
+ /*
+ * Finally, check that the requested memory region lies within the free
+ * region.
+ */
+ if ((dest < base) || (requested_end > free_end)) {
+ goto err;
+ }
return 0;
+
+err:
+ ERROR("BL2: load data is outside the loadable area.\n");
+ ERROR("BL2: dst=0x%lx, len=%d(0x%x)\n", dest, len, len);
+ return 1;
}
-static uint64_t rcar_get_dest_addr_from_cert(uint32_t certid, uintptr_t *dest)
+static uint64_t rcar_get_dest_addr_from_cert(uint32_t certid, uintptr_t *dest,
+ uint32_t *len)
{
- uint32_t cert, len;
+ uint32_t cert;
int ret;
ret = rcar_get_certificate(certid, &cert);
@@ -463,7 +481,104 @@
return 1;
}
+ rcar_read_certificate((uint64_t) cert, len, dest);
+
+ return 0;
+}
+
+int bl2_plat_handle_pre_image_load(unsigned int image_id)
+{
+ u_register_t *boot_kind = (void *) BOOT_KIND_BASE;
+ bl_mem_params_node_t *bl_mem_params;
+ uintptr_t dev_handle;
+ uintptr_t image_spec;
+ uintptr_t dest;
+ uint32_t len;
+ uint64_t ui64_ret;
+ int iret;
+
+ bl_mem_params = get_bl_mem_params_node(image_id);
+ if (bl_mem_params == NULL) {
+ ERROR("BL2: Failed to get loading parameter.\n");
+ return 1;
+ }
+
+ switch (image_id) {
+ case BL31_IMAGE_ID:
+ if (is_ddr_backup_mode() == RCAR_COLD_BOOT) {
+ iret = plat_get_image_source(image_id, &dev_handle,
+ &image_spec);
+ if (iret != 0) {
+ return 1;
+ }
+
+ ui64_ret = rcar_get_dest_addr_from_cert(
+ SOC_FW_CONTENT_CERT_ID, &dest, &len);
+ if (ui64_ret != 0U) {
+ return 1;
+ }
+
- rcar_read_certificate((uint64_t) cert, &len, dest);
+ ui64_ret = check_secure_load_area(
+ BL31_BASE, BL31_LIMIT - BL31_BASE,
+ dest, len);
+ if (ui64_ret != 0U) {
+ return 1;
+ }
+
+ *boot_kind = RCAR_COLD_BOOT;
+ flush_dcache_range(BOOT_KIND_BASE, sizeof(*boot_kind));
+
+ bl_mem_params->image_info.image_base = dest;
+ bl_mem_params->image_info.image_size = len;
+ } else {
+ *boot_kind = RCAR_WARM_BOOT;
+ flush_dcache_range(BOOT_KIND_BASE, sizeof(*boot_kind));
+
+ console_flush();
+ bl2_plat_flush_bl31_params();
+
+ /* will not return */
+ bl2_enter_bl31(&bl_mem_params->ep_info);
+ }
+
+ return 0;
+#ifndef SPD_NONE
+ case BL32_IMAGE_ID:
+ ui64_ret = rcar_get_dest_addr_from_cert(
+ TRUSTED_OS_FW_CONTENT_CERT_ID, &dest, &len);
+ if (ui64_ret != 0U) {
+ return 1;
+ }
+
+ ui64_ret = check_secure_load_area(
+ BL32_BASE, BL32_LIMIT - BL32_BASE, dest, len);
+ if (ui64_ret != 0U) {
+ return 1;
+ }
+
+ bl_mem_params->image_info.image_base = dest;
+ bl_mem_params->image_info.image_size = len;
+
+ return 0;
+#endif
+ case BL33_IMAGE_ID:
+ /* case of image_id == BL33_IMAGE_ID */
+ ui64_ret = rcar_get_dest_addr_from_cert(
+ NON_TRUSTED_FW_CONTENT_CERT_ID,
+ &dest, &len);
+
+ if (ui64_ret != 0U) {
+ return 1;
+ }
+
+#if RCAR_GEN3_BL33_GZIP == 1
+ image_decompress_prepare(&bl_mem_params->image_info);
+#endif
+
+ return 0;
+ default:
+ return 1;
+ }
return 0;
}
@@ -472,8 +587,6 @@
{
static bl2_to_bl31_params_mem_t *params;
bl_mem_params_node_t *bl_mem_params;
- uintptr_t dest;
- int ret;
if (!params) {
params = (bl2_to_bl31_params_mem_t *) PARAMS_BASE;
@@ -481,25 +594,23 @@
}
bl_mem_params = get_bl_mem_params_node(image_id);
+ if (!bl_mem_params) {
+ ERROR("BL2: Failed to get loading parameter.\n");
+ return 1;
+ }
switch (image_id) {
case BL31_IMAGE_ID:
- ret = rcar_get_dest_addr_from_cert(SOC_FW_CONTENT_CERT_ID,
- &dest);
- if (!ret)
- bl_mem_params->image_info.image_base = dest;
- break;
+ bl_mem_params->ep_info.pc = bl_mem_params->image_info.image_base;
+ return 0;
case BL32_IMAGE_ID:
- ret = rcar_get_dest_addr_from_cert(TRUSTED_OS_FW_CONTENT_CERT_ID,
- &dest);
- if (!ret)
- bl_mem_params->image_info.image_base = dest;
-
+ bl_mem_params->ep_info.pc = bl_mem_params->image_info.image_base;
memcpy(¶ms->bl32_ep_info, &bl_mem_params->ep_info,
sizeof(entry_point_info_t));
- break;
+ return 0;
case BL33_IMAGE_ID:
#if RCAR_GEN3_BL33_GZIP == 1
+ int ret;
if ((mmio_read_32(BL33_COMP_BASE) & 0xffff) == 0x8b1f) {
/* decompress gzip-compressed image */
ret = image_decompress(&bl_mem_params->image_info);
@@ -514,7 +625,9 @@
#endif
memcpy(¶ms->bl33_ep_info, &bl_mem_params->ep_info,
sizeof(entry_point_info_t));
- break;
+ return 0;
+ default:
+ return 1;
}
return 0;
@@ -1173,6 +1286,11 @@
#endif
}
+void bl2_el3_plat_prepare_exit(void)
+{
+ bl2_ram_security_setting_finish();
+}
+
void bl2_platform_setup(void)
{
diff --git a/services/std_svc/errata_abi/errata_abi_main.c b/services/std_svc/errata_abi/errata_abi_main.c
index 13d8361..724d363 100644
--- a/services/std_svc/errata_abi/errata_abi_main.c
+++ b/services/std_svc/errata_abi/errata_abi_main.c
@@ -332,7 +332,8 @@
ERRATA_NON_ARM_INTERCONNECT},
[15] = {2742423, 0x00, 0x21, ERRATA_A710_2742423},
[16] = {2768515, 0x00, 0x21, ERRATA_A710_2768515},
- [17 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [17] = {2778471, 0x00, 0x21, ERRATA_A710_2778471},
+ [18 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_A710_H_INC */
@@ -384,7 +385,8 @@
ERRATA_NON_ARM_INTERCONNECT},
[10] = {2742423, 0x00, 0x21, ERRATA_X2_2742423},
[11] = {2768515, 0x00, 0x21, ERRATA_X2_2768515},
- [12 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [12] = {2778471, 0x00, 0x21, ERRATA_X2_2778471},
+ [13 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_X2_H_INC */
@@ -452,6 +454,17 @@
}
},
#endif /* CORTEX_X3_H_INC */
+
+#if CORTEX_A520_H_INC
+{
+ .cpu_partnumber = CORTEX_A520_MIDR,
+ .cpu_errata_list = {
+ [0] = {2630792, 0x00, 0x01, ERRATA_A520_2630792},
+ [1 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ }
+},
+#endif /* CORTEX_A520_H_INC */
+
};
/*
diff --git a/tools/renesas/rcar_layout_create/sa6.c b/tools/renesas/rcar_layout_create/sa6.c
index 8fafdad..58881f9 100644
--- a/tools/renesas/rcar_layout_create/sa6.c
+++ b/tools/renesas/rcar_layout_create/sa6.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2021, Renesas Electronics Corporation. All rights reserved.
+ * Copyright (c) 2015-2023, Renesas Electronics Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -91,7 +91,7 @@
#define RCAR_BL31DST_ADDRESS (0x44000000U)
#define RCAR_BL31DST_ADDRESSH (0x00000000U)
/* Destination size for BL31 */
-#define RCAR_BL31DST_SIZE (0x00004000U)
+#define RCAR_BL31DST_SIZE (0x0000F800U)
/* Destination address for BL32 */
#define RCAR_BL32DST_ADDRESS (0x44100000U)
#define RCAR_BL32DST_ADDRESSH (0x00000000U)